Bank Services Agreement, dated July 13, 2020, by and between Evolve Bank & Trust and Dave Inc

EX-10.1 2 dave-ex10_1.htm EX-10.1 EX-10.1

Exhibit 10.1

CERTAIN INFORMATION IN THIS DOCUMENT, MARKED BY [**], HAS BEEN EXCLUDED PURSUANT TO REGULATION S-K, ITEM 601(B)(10)(iv). SUCH EXCLUDED INFORMATION IS NOT MATERIAL AND IS THE TYPE THAT THE REGISTRANT TREATS AS PRIVATE OR CONFIDENTIAL.

Bank Services Agreement Cover Page

This Bank Services Agreement (“Agreement”) is entered into as of the 13th day of July, 2020 (“Effective Date”) by and between Evolve Bank & Trust, an Arkansas state bank, (“Bank”) and Dave Inc., a Delaware corporation (“Company” or “Program Manager”). For purposes of this Agreement, Bank and Company each will be referred to individually as a “Party” and together as the “Parties.”

Notices: Notices required under this Agreement shall be delivered pursuant to Section 30, and addressed as set forth below

If to Bank: If to Company:

Evolve Bank & Trust Dave Inc.

6070 Poplar Avenue, Suite 100 1265 S. Cochran Avenue

Memphis, Tennessee 38119 Los Angeles, California 90019

Attention: Legal Department Attention: Legal

Program Manager Reserve Account/Amount.

Company shall maintain an interest bearing deposit account at Bank which holds the reserve amounts deposited by Company pursuant to this Section (“Program Manager Reserve Account”). Company shall deposit an amount equal to the Initial Reserve Requirement as found on the Enterprise Fee Schedule on or before the Effective Date and shall maintain such amount in the Program Manager Reserve Account for the first three (3) full months following the Effective Date (the “Initial Reserve Requirement”). Upon the three-month anniversary of the Effective Date, Company shall ensure the Program Manager Reserve Account maintains a balance equal to [**] (the “Reserve Amount”). Subject to the Initial Reserve Requirement and the prior notice as set forth below, the Reserve Account shall be reassessed and adjusted every month based on (i) and (ii) in the immediately preceding sentences; provided, however, if any Regulatory Authority with jurisdiction over Bank notifies Bank that the Reserve Amount is inadequate to cover the risks associated with the Program, Bank shall provide notice to Program Manager of the Regulatory Authority's finding and of the Reserve amount that will be a sufficient reserve to satisfy the Regulatory Authority, and such amount shall be the new Reserve Amount. Negative Outcomes means the amount of ACH Return, provisional credits (net any provisional credits that are returned to Bank), and chargebacks (net any chargebacks that are returned to Bank), in each case that result in a debit to the FBO Account (as referenced as EB&T FBO Dave Inc Users account) or the Program Manager Reserve Account (provided, for clarification, that any individual debit shall only be counted once for purposes of determining the Program Manager Reserve Account balance, even if such debit is evident in more than one such account), plus the amount reasonably determined by Bank to offset risks associated with any material breach of this Agreement or the Debit Card Issuing Agreement by Program Manager. Subject to the terms in the Program Manager Reserve Account Section of the Debit Card Issuing Agreement, Bank may, deviate from this reserve calculation and require a greater Reserve Amount. Bank will provide written notice of the Reserve Amount within 30 days after the end of each month. In the event the actual balance in Program Manager Reserve Account is less than the Reserve Amount and the deficiency is not cured within two (2) Business Days after notice from Bank to Company, then Bank shall have the right to terminate the Program and this Agreement at no liability to Bank.

To secure Company’s obligations under this Agreement, Company hereby grants Bank a first priority security interest in the Program Manager Reserve Account and the funds therein or proceeds thereof, and agrees that Bank has control of the Program Manager Reserve Account for purposes of the Uniform Commercial Code, Article 9-314. Company further agrees to take such steps as Bank may reasonably require to perfect or protect such first priority security interest. Bank shall have all of the rights and remedies of a secured party under Applicable Law with respect to the Program Manager Reserve Account and the funds therein or proceeds thereof, and shall be entitled to exercise those rights and remedies in its discretion upon a default by Company of any provision of this Agreement. Without limiting the forgoing, Bank may, without prior notice, exercise a right of set-off against the Program Manager Reserve Account for amounts due under this Agreement and exercise all other rights and remedies provided in this Agreement or the Uniform Commercial Code. Company agrees that it will maintain the lien against the Program Manager Reserve Account in favor of Bank and agrees that it will not grant any other party an interest in the Program Manager Reserve Account. Company authorizes Bank to withdraw funds from the Program Manager Reserve Account to cover any amounts due to it under this Agreement, including losses incurred by in connection with this Agreement.

IN WITNESS WHEREOF, this Agreement is executed by the Parties’ authorized officers or representatives and shall be effective as of the date below.

Bank: Evolve Bank & Trust Company: Dave Inc.

By: /S/ Scot Lenoir By: /S/ Jason Wilk

Name: Scot Lenoir Name: Jason Wilk

Title: Chairman Title: CEO

Date: 7/14/2020 Date: 7/13/2020

BANK SERVICES AGREEMENT

WHEREAS, Bank is a depository institution and state member bank of the Federal Reserve, with its deposits insured by the Federal Deposit Insurance Corporation (“FDIC”); and

WHEREAS, Bank is a member of the National Automated Clearing House Association (“NACHA”) and is in the business, among other things, of originating and receiving ACH Entries and establishing and maintaining deposit accounts in connection therewith; and

WHEREAS, Bank and Company have entered into that certain Debit Card Issuing Agreement, dated as of the Effective Date hereof, in order for Company to support Bank’s issuance of certain debit cards used to access Deposit Accounts (the “Debit Card Issuing Agreement”); and

WHEREAS, the Parties desire to establish a program under which the Parties will offer Customers access to Deposit Accounts, issued and maintained by Bank, into which such Customers can deposit funds and access such funds using a Card (as defined in the Debit Card Issuing Agreement) issued pursuant to the Debit Card Issuing Agreement, as more fully described in Schedule A (the “Program”); and

WHEREAS, Bank agrees to establish the accounts for the Program pursuant to the terms and conditions set forth herein; and

WHEREAS, the Parties wish to establish the terms and conditions to provide and receive certain services from each other in connection with the Program.

NOW, THEREFORE, in consideration of the mutual covenants and conditions hereinafter set forth, the receipt and sufficiency of which is acknowledged, the Parties hereto, intending to be legally bound, agree as follows:

Definitions. Except as otherwise specifically indicated in this Section 1 or elsewhere in this Agreement, capitalized terms used in this Agreement shall have the meanings set forth in the NACHA Rules (as defined below):

(a)

“ACH Operator” shall have the meaning as defined in the NACHA Rules.

(b)

“Account Policies or Account Policy” means the Program Manager’s compliance policies and procedures, as submitted to and approved by Bank.

(c)

“Agent” means any third party service provider, processor, subcontractor or agent used by Company in connection with the Program.

(d)

“Aggregated De-Identified Data” has the meaning provided in Section 14(c).

(e)

“Agreement” shall have the meaning provided in the Preamble.

(f)

“Applicable Law” means any federal, state and local statutes, rules, regulations, regulatory guidelines and judicial or administrative interpretations related to this Agreement, the Services, Program and/or the Program services, as well as any rules or requirements established by the FDIC, Federal Reserve Board, Arkansas State Bank Department, Tennessee Department of Financial Institutions, the Equal Credit Opportunity Act and Regulation B, FACT Act, any laws and regulations regulating unfair, deceptive and abusive acts or practices, all anti-money laundering laws and regulations, including the Bank Secrecy Act as amended by the USA PATRIOT ACT of 2001 and regulations administered by the U.S. Department of Treasury’s OFAC, the Gramm-Leach-Bliley Act, Uniform Commercial Code as in effect in the State of New York and laws on bank branching.

(g)

“Applicant” means a consumer who submits an Application or other request for a Deposit Account.

(h)

“Application” means the action or document by which a consumer requests and applies for a Deposit Account from Bank.

(i)

“Application Processing” means those services necessary to establish and support a Deposit Account in accordance with Applicable Law. Such services shall include but are not be limited to: application of the Account Policy to incoming Applications, OFAC and anti-money laundering screening, customer service, statement and disclosure preparation and issuance, regulatory compliance, security and fraud control, and activity reporting.

(j)

“Auditing Party” has the meaning provided in Section 8(d)(i).

(k)

“Bank” shall have the meaning provided in the Preamble.

(l)

“Bank Marks” has the meaning provided in Section 15(a).

(m)

“Bank Systems” has the meaning provided in Section 29.

(n)

“Breach Indemnitee” has the meaning provided in Section 11(f).

(o)

“Breached Party” has the meaning provided in Section 11 (c)(i).

(p)

“BSA/AML/OFAC Program” has the meaning provided in Section 8(a).

(q)

“Business Day” means Monday through Friday, excluding federal banking holidays.

(r)

“Calculation Date” has the meaning provided in Section 8(h).

(s)

“CFPB” means Consumer Financial Protection Bureau.

(t)

“Company” or “Program Manager” has the meaning provided in the preamble.

(u)

“Company Marks” has the meaning provided in Section 15(b).

(v)

“Confidential Information” means any and all information that is disclosed by one Party to the other Party and that relates to a Party’s business or the Parties’ business relationship hereunder, including information concerning finances, products, services, customers and suppliers. Confidential Information shall not include information which (i) is in or comes into the public domain without breach of this Agreement by the receiving Party; (ii) was in the possession of the receiving Party prior to receipt from the disclosing Party and was not acquired by the receiving Party from the disclosing Party under an obligation of confidentiality or nonuse; (iii) is acquired by the receiving Party from a third party not under an obligation of confidentiality or nonuse to the disclosing Party; or (iv) is independently developed by the receiving Party without use of any Confidential Information of the disclosing Party.

(w)

“Customer” has the meaning provided in Schedule A.

(x)

“Cure Period” has the meaning provided in Section 16(b).

(y)

“Deposit Account” has the meaning provided in Schedule A.

(z)

“Deposit Account Agreement” means the agreement between Customer and Bank governing the Deposit Account.

(aa)

“Depositor Information” means all information, whether personally identifiable or in aggregate, that is submitted and/or obtained by Bank about a Deposit Account or a Deposit Account application (whether or not completed), including demographic data, and transaction data.

(bb)

“Deposits” means generally an unpaid balance of money received or held by Bank for the benefit of Customers in the Deposit Account, as further defined by 12 U.S.C. 1813(l) as amended and FDIC Rules.

(cc)

“Effective Date” means the date first written above.

(dd)

“Entry” shall have the meaning as defined in the NACHA Rules.

(ee)

“Exposure Settlement Limits” means the maximum daily exposure limit set by the Bank in writing on debit Entries submitted under this Agreement, excluding all transactions relating to credit Entries, Wire Services or deposits held in any Deposit Account, equal to [**] multiplied by the then-current Reserve Amount, or such other amount agreed to by the Parties.

(ff)

“FBO Account” has the meaning provided in Schedule A.

(gg)

“FDIC” means Federal Deposit Insurance Corporation.

(hh)

“FDIC Insurance” means the insurance of Bank’s deposits by the FDIC.

(ii)

“Force Majeure Event” has the meaning provided in Section 17.

(jj)

“Initial Term” has the meaning provided in Section 16(a).

(kk)

“Insolvent” means the failure to pay debts in the ordinary course of business, the inability to pay its debts as they come due or the condition whereby the sum of an entity’s debts is greater than the sum of its assets.

(ll)

“Intellectual Property” means (i) inventions, improvements, patents (including all reissues, continuations, continuations-in-part, revisions, extensions, and reexaminations thereof) and patent applications, (ii) trademarks, service marks, trade names and trade dress, together with the goodwill associated therewith, (iii) works of authorship and copyrights, including copyrights in computer software, databases and television programming and all rights related thereto, (iv) confidential and proprietary information, including trade secrets and know how, (v) processes, methods, procedures and materials, (vi) data, databases and information, (vii) software, tools and machine-readable texts and files, (viii) literary work or other work of authorship, including documentation, reports, drawings, charts, graphics, and other written documentation, together with all copyrights and moral rights, (ix) all other proprietary rights, and (x) all registrations and applications for registration and other intellectual property rights in or appurtenant to the foregoing items described in clauses (i) through (ix) above.

(mm)

“Marketing Activities” means all advertising media of any kind or nature, in whole or in part, including without limitation, catalogs, email solicitation messages, published advertising (such as newspaper and magazine advertisements), SMS text messaging, Internet media, blogs, tweet posts, banner ads, RSS feeds, telemarketing scripts, television or radio advertisements, frequently asked questions, promoting, advertising and/or marketing the Program or Deposit Account.

(nn)

“Marketing Materials” means categories of marketing messages intended to market the Program or Deposit Account or to generate demand for the origination of Deposit Accounts from a targeted population delivered through various Marketing Activities.

(oo)

“Membership” means collectively Network Membership and Bank’s status as a member bank in the FDIC.

(pp)

“NACHA” has the meaning provided in the preamble.

(qq)

“NACHA Rules” means the rules and regulations provided by NACHA.

(rr)

“Network Membership” means the membership of Bank in NACHA and any other applicable Network.

(ss)

“NOC” has the meaning provided in 10(i).

(tt)

“On-Us Entry” has the meaning provided in Section 10(c).

(uu)

“OFAC” means Office of Foreign Asset Controls.

(vv)

“Origination Services” mean Bank’s transmission of any credit Entry, debit Entry or Nonmonetary Entry to a Receiver’s account at an RDFI as more particularly set forth in this Agreement.

(ww)

“Originator” shall have the meaning as defined in the NACHA Rules.

(xx)

“Party” and “Parties” have the meaning provided in the preamble.

(yy)

“Person” means any natural or legal person, including any individual, corporation, partnership, limited liability company, trust or unincorporated association, or other entity.

(zz)

“Principal” means any Person directly or indirectly owning ten percent (10%) or more of Company, and any executive officer or director of Company.

(aaa)

“Program Manager Reserve Account” has the meaning provided in Section 8(h).

(bbb)

“Program Materials” shall have the meaning provided in Section 7(a).

(ccc)

“Program Start Date” means the date the first Deposit Account is established by a Customer following the commercial launch of the Program.

(ddd)

“Qualifying Change” shall have the meaning provided in Section 5(c).

(eee)

“RDFI” shall have the meaning as defined in the NACHA Rules.

(fff)

“Receiver” shall have the meaning as defined in the NACHA Rules.

(ggg)

“Records” means any Deposit Account Agreements, Applications, change-of-terms notices, Deposit Account files, credit bureau reports, copies of notices, transaction data, records or other documentation (including computer tapes, magnetic or electronic files, and information in any other format) related to the Deposit Accounts or the Program.

(hhh)

“Regulatory Authority” means any federal, state or local regulatory agency or other governmental agency or authority having jurisdiction over Bank or Company, including, but not limited to, the CFPB and FDIC.

(iii)

“Regulatory Communication” has the meaning provided in Section 8(f)(ii).

(jjj)

“Renewal Term” has the meaning provided in Section 16(a).

(kkk)

“Reserve Amount” has the meaning set forth on the Cover Page of this Agreement.

(lll)

“Rules” means any and all applicable federal, state, local or organizational rules applicable to each Party in connection with its activities contemplated by this Agreement, including rules promulgated by the Board of Governors of the Federal Reserve or the FDIC, Visa rules, Mastercard rules, network rules and NACHA rules.

(mmm)

“SAR” has the meaning provided in Section 8(g).

(nnn)

“SEC” has the meaning provided in Section 14(d).

(ooo)

“Security Breach” means (i) any act or omission that materially compromises either the security, confidentiality or integrity of data or the physical, technical, administrative or organizational safeguards put in place by a Party or a third-party service provider that relate to the protection of the security, confidentiality or integrity of data relating to the Program, or (ii) receipt of a complaint in relation to the privacy and data security practices of a Party or a third-party service provider or a breach or alleged breach of this Agreement relating to such privacy and data security practices. Without limiting the foregoing, a material compromise shall include any unauthorized access to, unauthorized disclosure of or unauthorized acquisition of nonpublic personal information.

(ppp)

“Security Program” means a comprehensive, written information security program that contains appropriate administrative, technical and physical safeguards designed to (i) protect the security, confidentiality and integrity of nonpublic personal information; (ii) ensure against any anticipated threats or hazards to the security and integrity of nonpublic personal information; (iii) protect against unauthorized access to or use of nonpublic personal information that could result in substantial harm or inconvenience to any Customer, potential Customer or any Applicant; and (iv) ensure the proper disposal of nonpublic personal information.

(qqq)

“Services” has the meaning provided in Schedule A.

(rrr)

“Specifications” has the meaning provided in Section 29.

(sss)

“Substantive Change” means a change to the Marketing Activities; a change to the categories of the Marketing Materials; a material, non-administrative or non-ministerial change to the content of any Marketing Materials; any items required by Applicable Law; or requirements identified by Bank in good faith as necessary due to safety and soundness or reputational concerns.

(ttt)

“Successor Bank” has the meaning provided in Section 16(i).

(uuu)

“Term” means the period commencing on the Effective Date and terminating as set forth in Section 16(a) hereof.

(vvv)

“Third Party Sender” shall have the meaning as defined in the NACHA Rules.

(www)

“Transfer” has the meaning provided in Section 16(i).

(xxx)

“Transition Plan” has the meaning provided in Section 16(i).

(yyy)

“Transition Period” has the meaning provided in Section 16(i).

(zzz)

“Wind Down” has the meaning provided in Section 16(i).

The Program. Beginning on the Effective Date, the Parties agree to launch the Program on the terms and conditions provided for in this Agreement and as further described in Schedule A.

Party Representations and Warranties. Each Party represents and warrants to the other Party as follows:

(a)

Such Party is duly organized, validly existing and in good standing under the laws of the state of jurisdiction of its formation and has full corporate power and authority to execute, deliver, and perform its obligations under this Agreement; the execution, delivery and performance of this Agreement has been duly authorized, and is not in conflict with and does not violate the terms of the charter or bylaws of the Party and will not result in a breach of or constitute a default under, or require any consent under, any indenture, loan or agreement to which the Party is a party;

(b)

Such Party is not Insolvent;

(c)

Except otherwise disclosed in writing prior to the Effective Date, there are no proceedings or investigations pending or, to the best knowledge of such Party, threatened against the Party (1) asserting the invalidity of this Agreement, (2) seeking to prevent the consummation of any of the transactions contemplated by the Party pursuant to this Agreement, (3) seeking any determination or ruling that, in the reasonable judgment of the Party, would materially and adversely affect the performance by the Party of its obligations under this Agreement, (4) seeking any determination or ruling that would materially and adversely affect the validity or enforceability of this Agreement, or (5) that would have a materially adverse on the Party’s operations if resolved adversely to it;

(d)

All approvals, authorizations, licenses, registrations, consents, and other actions, notices, and filings that may be required in connection with the execution, delivery, and performance of this Agreement by such Party, have been obtained;

(e)

The execution, delivery and performance of this Agreement by such Party complies with all Applicable Laws; and

(f)

When executed and delivered, this Agreement constitutes a legal, valid, and binding obligation of such Party, enforceable against such Party in accordance with its terms, except: (1) as such enforceability may be limited by applicable bankruptcy, insolvency, reorganization, moratorium, receivership, conservatorship or other similar laws now or hereafter in effect, including the rights and obligations of receivers and conservators under 12 U.S.C. §§ 1821 (d) and (e), which may affect the enforcement of creditors’ rights in general, and (2) as such enforceability may be limited by general principles of equity (whether considered in a suit at law or in equity).

(g)

Except as otherwise disclosed to the other Party, neither Company nor Bank, to the actual knowledge of Company’s or Bank’s executive officers, any Principal of Company or Bank, has been subject to the following as of the date of this Agreement: (1) any criminal conviction (except minor traffic offenses and other petty offenses), (2) Federal or state tax lien, (3) administrative or enforcement proceedings commenced by the Securities and Exchange Commission, any state securities authority, Federal Trade Commission, or any Regulatory Authority, or (4) restraining order, decree, injunction, or judgment entered in any proceeding or lawsuit alleging fraud or deceptive practice on the part of Company, the Bank or any Principal thereof. Each Party further agrees to notify the other Party within two (2) Business Days upon the occurrence of any event contemplated by this paragraph.

Grant of Right. Subject to the terms and conditions of this Agreement, Bank hereby appoints Company as Bank’s limited agent solely for purposes of marketing the Program, and performing such operational and customer support services hereunder to support the Program in accordance with the terms of this Agreement. Each Party shall execute and deliver or cause to be executed and delivered such further agreements and documents and take such other action as the other Party may reasonably require to carry out the matters contemplated by this Agreement.

Marketing Materials. Company may promote and market the Program using any form of Marketing Materials and Marketing Activities determined to be appropriate by Company, subject to Bank’s prior approval as set forth herein. Bank agrees that

Company may refer to Bank and the Program in Marketing Materials upon the condition that the form of any references to Bank and/or the Program in any such Marketing Material is approved by Bank. All Marketing Materials must receive the prior written approval of Bank, in accordance with the procedures set forth in this Section 5.

(a)

Prior to Company’s use of any Marketing Materials or conducting any Marketing Activities, Bank shall have completed an initial review of the forms of Marketing Materials and Marketing Activities proposed by Company and approved or rejected any such forms of Marketing Materials and Marketing Activities that have been provided to Bank. Marketing Materials and Marketing Activities will be considered approved and authorized by Bank once such approval and authorization are clearly communicated by Bank in writing or as otherwise set forth in this Section 5(a), provided that Bank does not subsequently revoke its approval pursuant to the terms of Section 6. Bank shall conduct its initial review and shall accept or reject such forms of Marketing Materials and/or Marketing Activities provided by Company within five (5) business days of Company having submitted such Marketing Materials and Marketing Activities to Bank at [**] for review; any such forms of Marketing Materials and/or Marketing Activities not rejected, conditionally accepted with Bank’s comments or accepted within five (5) business days shall be deemed approved (“Initial Review Process”). Should Bank conditionally accept with comments or otherwise request revisions to any forms of Marketing Materials and/or Marketing Activities during Bank’s Initial Review Process and Company resubmits revised Marketing Materials and/or Marketing Activities to Bank at [**], Bank shall accept or reject with specific comments such revised Marketing Materials and/or Marketing Activities within five (5) business days of such resubmission; any such forms of Marketing Materials and/or Marketing Activities not specifically rejected or accepted within five (5) business days shall be deemed approved (“Resubmit Review Process”). Should Bank conditionally accept with comments or otherwise request further revisions after the Resubmit Review Process and Company resubmits revised Marketing Materials and/or Marketing Activities to Bank at [**], Bank shall accept or reject with specific comments such revised Marketing Materials and/or Marketing Activities within two (2) business days of such resubmission; any such forms of Marketing Materials and/or Marketing Activities not specifically rejected or accepted within two (2) business days shall be deemed approved (“Final Review Process”).

(b)

Thereafter, Company shall make available for Bank’s prior review and approval all new forms of Marketing Materials and Marketing Activities proposed by Company. Bank shall review and approve or reject any such forms of Marketing Materials and Marketing Activities within: (i) for direct mail Marketing Materials, three (3) Business Days after Bank’s receipt of such Marketing Materials; and (ii) for all other Marketing Materials or Marketing Activities, five (5) Business Days after Bank’s receipt of such Marketing Materials or Marketing Activities. Notwithstanding any timeframes set forth in this Section 5(b), Bank may require additional time for review and approval if Bank determines, in its sole discretion, that additional regulatory review or approval is required. Bank shall notify Company of the need for such review or approval and shall periodically inform Company of the status of such review or approval. Marketing Materials and Marketing Activities will be approved and authorized by Bank once such approval and authorization are clearly communicated by Bank in writing to Company, provided that Bank does not subsequently revoke its approval pursuant to the terms of Section 6.

(c)

After approval of the form of Marketing Materials or Marketing Activities pursuant to Section 5(a) or 5(b), and subject to Section 6, Company may use such forms of Marketing Materials and Marketing Activities, and need not seek further approval for use of such forms unless there is: (i) a Substantive Change in the Marketing Materials or Marketing Activities, or (ii) a new offering to be included in the Marketing Materials (each of the events in clauses (i) and (ii), a “Qualifying Change”). In the event of a Qualifying Change, Company shall submit such forms of Marketing Materials and Marketing Activities to Bank for review and approval in accordance with Section 5(b).

(d)

Bank may request up to four (4) periodic reviews of the Marketing Materials and Marketing Activities then being used by Company in each calendar year, provided, however, that Bank may request additional reviews of the Marketing Materials and Marketing Activities if required by a Regulatory Authority or if Bank determines, in its sole discretion, that Company is in, or is likely in, breach of any provision of this Agreement or Applicable Law. Bank and Company shall cooperate to determine the form, format, frequency and timing of such reviews to minimize expense and disruption.

(e)

Company shall be liable for all claims arising from the use by Company or Agents acting on Company’s behalf of any Marketing Materials or Marketing Activities. Company shall ensure that all Marketing Materials and Marketing Activities shall comply with Applicable Law, shall be accurate in all respects and shall not be misleading; provided that Company may rely on the accuracy of information included in the Marketing Materials and/or Marketing Activities provided by Bank. Nothing herein shall serve to undermine Company’s indemnification obligations under this Agreement.

Changes to Marketing Materials and Marketing Activities.

(a)

Changes to Marketing Materials and Marketing Activities, including a determination that any Marketing Materials or Marketing Activities are no longer authorized, may be made upon the request of either Party subject to the prior written consent of the other Party, which consent shall not be unreasonably withheld or delayed; provided, however, that Bank may change Marketing Materials or Marketing Activities or determine that any Marketing Materials or Marketing Activities are no longer authorized upon written notice to Company to the extent that such change or determination is required by Applicable Law or Regulatory Authority or necessitated in Bank’s reasonable determination by safety and soundness or reputational concerns. Unless such changes are required sooner by Applicable Law or a Regulatory Authority, upon Company’s receipt of written notice from Bank of any changes to the Marketing Materials or Marketing Activities or a determination that any Marketing Materials or Marketing Activities are no longer authorized, Company shall implement such change or determination as soon as commercially practicable but in no event later than thirty (30) days (or earlier if required by Applicable Law or Regulatory Authority) from Company’s receipt of notice of such change or determination.

(b)

Bank may change the Marketing Materials or Marketing Activities previously approved by Bank or determine that any Marketing Materials or Marketing Activities previously approved by Bank are no longer authorized upon written notice provided to Company only to the extent that such change is required by Applicable Law or a Regulatory Authority or necessitated in Bank’s reasonable determination by safety and soundness concerns. Unless such changes are required sooner by Applicable Law or a Regulatory Authority, upon Company’s receipt of written notice from Bank of any changes to the Marketing Materials or Marketing Activities or a determination that any Marketing Materials or Marketing Activities are no longer authorized, Company shall implement such change or determination as soon as commercially practicable but in no event later than thirty (30) days (or earlier if required by Applicable Law or Regulatory Authority) from Company’s receipt of notice of such change or determination.

Deposit Account Materials and Opening.

(a)

Company shall be responsible for the development, production and distribution of all documents, terms and procedures necessary and proper to administer the Program (the “Program Materials”). Program Materials shall comply in all respects with Applicable Law. Prior to the formal launch of the Program, Bank shall provide Company with an Account Policy, which Company shall comply with in marketing, servicing, approving and managing Deposit Accounts. The Account Policy is considered Program Materials. For the avoidance of doubt, except as otherwise expressly set forth in this Agreement, Company shall be responsible for all liability associated with Deposit Accounts, including fraud and error resolution liability, even if such Deposit Account was approved in compliance with the Account Policy. Within ten (10) Business Days of the Effective Date, Company shall provide a form Deposit Account Agreement, form Application and its privacy policy, all of which are considered Program Materials to be used in connection with the Program, to Bank for its approval. The Parties acknowledge that each Deposit Account Agreement and all other documents referring to Deposit Account shall identify Bank as the depository institution. The Deposit Account Agreement shall further provide, as appropriate, that it is governed by Tennessee and federal law. Any changes to the Program Materials must be approved in advance by Bank.

(b)

Company shall solicit Applications from Applicants and shall perform Application Processing on behalf of Bank to determine whether the Applicant meets the eligibility criteria set forth in the Account Policy. Company shall respond to all inquiries from Applicants and from Bank regarding the Application Processing. Company shall conduct Application Processing for each Applicant who requests a Deposit Account and shall approve on behalf of Bank only the requests of Applicants who meet the eligibility criteria set forth in the Account Policy. Without limiting any other provision of this Agreement, in performing its obligations under this Section 7 and its other obligations under this Agreement, Company shall comply with Applicable Law and Bank’s policies and procedures, as provided to Company by Bank from time to time.

(c)

Subject to the terms of this Agreement and Applicable Law, including those on bank branching, Bank may establish Deposit Accounts for Applicants who meet the eligibility criteria set forth in the Account Policy and who accept the Deposit Account offer. Company acknowledges that Bank is under no obligation to establish a Deposit Account for any Applicant. Notwithstanding anything to the contrary, Bank may, in its sole discretion, reject or decline to establish a Deposit Account if Bank determines to establish a Deposit Account would constitute an unsafe or unsound banking practice, pose undue reputational or financial risk to Bank or violate Applicable Law.

(d)

Pursuant to procedures mutually agreed to by the Parties, Company shall deliver all notices required by Applicable Law to Applicants who do not meet the Account Policy criteria or are otherwise denied an Account under the Program. All notices shall be delivered in form, content and timing in accordance with Applicable Law.

(e)

Company shall deliver to Applicants the Deposit Account Agreements, Bank’s and Company’s privacy notices and any other Program Materials required to be delivered to Applicants and shall obtain appropriate signatures or other authorization from Applicants and any third party required by Bank to open on a Deposit Account, and take all other actions necessary for Bank to open a Deposit Account, all in accordance with Applicable Law.

(f)

Company shall be responsible for providing all Application Services and any other services contemplated herein in accordance with Applicable Law, and in a manner that is consistent with the data security standards set forth in Section 11 (Data Security) of this Agreement and shall maintain all Records related to Deposit Accounts in accordance with Applicable Law. Company will be responsible for costs, if any, associated with administering the Deposit Accounts in accordance with this Agreement as set forth on Schedule B hereto. Company shall be responsible for receiving, investigating and responding to any Customer dispute or error allegation concerning any Deposit Account; provided, Bank shall reasonably cooperate with Company in investigating and resolving any dispute. The Parties shall mutually agree upon procedures for resolving any errors alleged by a Customer in connection with a Deposit Account. Bank and Company will cooperate to develop procedures regarding the referral of a Customer claim, complaint, dispute or request for information. Bank will promptly, but in no event later than one (1) business day, refer to Company, or its Critical Service Provider designated by Company, any Customer or Applicant who contacts Bank concerning complaints, disputes or errors related to a Deposit Account.

(g)

Company will administer the Deposit Accounts and will be responsible for supervising and managing all daily funds flow processes, including ensuring all balances in Deposit Accounts are accurate and fully funded by deposits placed with the Bank by Customers in connection with such Deposit Accounts. Company will be responsible for ensuring that the balance in each Deposit Account will be at all times appropriately funded by deposits placed at Bank by the Customer associated with such Deposit Account in an amount that is no less than 100% of the total amount of currency represented as active and available to Customers of the current day’s Deposit Account balance. Company will be responsible for overseeing and managing such funding. Company shall be responsible and liable for any failure of the Deposit Account to be fully funded not caused by Bank’s negligent actions or omissions, or its agents, assigns, or third party contractors (excluding Company or its agents, or third party contractors). In the event of any such failure, Bank may offset any deficient funds from the Program Manager Reserve Account or, upon Bank’s request, Company shall, within one (1) Business Days after receiving notice of such request, fully fund any shortfall in the Deposit Account.

(h)

Company shall perform its obligations described in this Agreement, and deliver any other customer communications to Applicants and Customers as necessary to carry on the Program, in accordance with Applicable Law, all at Company’s own cost. Subject to Schedule B, Company shall pay all third-party costs associated with Deposit Account processing and establishment.

Company’s Obligations. In addition to such other duties and obligations as are set forth in this Agreement, the Company shall:

(a)

BSA/AML. Be responsible for developing, administering and maintaining an anti-money laundering and OFAC compliance program compliant with Applicable Law, including any anti-money laundering requirements applicable to Bank, and approved by Bank (the “BSA/AML/OFAC Program”), and shall be liable for any failure of its BSA/AML/OFAC Program in connection with the Program or Services. The BSA/AML/OFAC Program must, at a minimum, include a system of internal controls to ensure ongoing compliance and annual independent testing of the BSA/AML/OFAC Program, including testing for compliance with Applicable Law, designating an anti-money laundering compliance officer responsible for managing anti-money laundering compliance and the BSA/AML/OFAC Program, and providing appropriate and ongoing training for Company personnel. Company shall have an independent third party approved by Bank perform at least once per year an audit of the BSA/AML/OFAC Program and Company’s compliance with its obligations hereunder. Company shall provide to Bank a copy of the audit report and Bank shall treat such audit report as Company’s Confidential Information under this Agreement. Company shall promptly address any exceptions noted in such audit report with the development and implementation of a corrective action plan by Company’s management, such corrective action plan to be approved by Bank.

(b)

OFAC. Comply with all regulations of OFAC, including: (i) ensuring that all Customers are screened as required by Applicable Law and BSA/AML/OFAC Program, and (ii) complying with all OFAC and Bank directives regarding the prohibition or rejection of unlicensed trade and financial transactions with OFAC specified countries, entities and individuals in connection with the Program.

(c)

Software Services. Maintain software services necessary to (i) maintain Records for transaction authorizations, including Origination Services as required by Applicable Law, any payment network rules, including NACHA Rules,

or Bank; and (ii) provide Bank access to the software services, including an administrative dashboard necessary to view, edit, and manage Customers (including Depositor Information), Deposit Account balances and transactions, reserves, including Company reserves with Bank, and compliance information related to anti-money laundering laws and requirements, and any other information in possession of or readily available to Company or its service providers required by Bank in order for Bank to provide Services under this Agreement. Company may provide the software services contemplated herein and any other data required to be provided to Bank in connection with a Deposit Account or Services using the application programming interface offered by Bank approved vendors and partners. A default of an agreement with such vendor or partner shall constitute a material breach of this Agreement.

(d)

Bank and Regulatory Audits.

(i)

Company agrees that Bank, its authorized representatives and agents, and any Regulatory Authority (collectively the “Auditing Party”) shall have the right, at any time during normal business hours and upon reasonable prior written notice, or at any other time required by a Regulatory Authority, to inspect, audit and examine all of Company’s facilities, Records, books, accounts, data, reports, papers and computer Records relating to the activities contemplated by this Agreement or to Deposit Accounts, including, but not limited to, financial Records and reports, any Security Program employed by Company to protect the Depositor Information to which Company may have access, associated audit reports, and test results or equivalent measures taken by Company to ensure that the security programs meet the requirements imposed with respect to third party vendors by the Regulatory Authorities or to otherwise ensure Company’s compliance with Applicable Law pertaining to the Program and/or the terms of this Agreement. Company shall make all requested documentation and facilities available to the Auditing Party for the purpose of conducting such inspections and audits, and the Auditing Party shall have the right to make copies and abstracts of any Records and documentation pertaining to the subject matter of this Agreement.

(ii)

Company agrees to cooperate with any examination, inquiry, audit, information request, document or record request, site visit or the like, which may be required by any Regulatory Authority with audit examination or supervisory authority over Bank, to the fullest extent requested by such Regulatory Authority or Bank. Company shall also provide such other information as Bank or a Regulatory Authority may request with respect to the financial condition of Company and such other commercially reasonable information as Bank may request from time to time with respect to any third party who has contracted with Company to perform Services in connect with this Agreement.

(iii)

All information provided by Company or the resulting work product under this Section 8(d) to Bank shall be considered Confidential Information of Company.

(e)

Company Compliance With Law and Policies. At all times, Company, in performing its duties and obligations under this Agreement, shall comply with all Applicable Law and Bank’s written policies provided to Company.

(f)

Notice of Actions; Regulatory Communications.

(i)

(a) Each Party shall, to the extent not prohibited by Applicable Law, notify the other, promptly, but in no event later than five (5) Business Days after becoming aware, of any actual or threatened litigation, investigation, proceeding, or judicial, tax or administrative action by any Regulatory Authority, state attorney general or any other Person which, if resolved adversely to it, would reasonably be expected to materially adversely affect such Party’s continuing operations, its indemnity obligations under this Agreement, or its ability to perform its obligations under this Agreement or the Program, and each Party shall provide the other Party with all related documentation thereof, unless such Party is prohibited from sharing any such notice or documentation. Each Party shall cooperate in good faith and provide such assistance, at the other Party’s request, to permit the other Party to promptly resolve or address any such actions.

(ii)

Each Party shall, to the extent not prohibited by Applicable Law and the actions or requirements of a Regulatory Authority, provide the other Party with notice and copies of any material communications from any Regulatory Authority regarding any matter which, if resolved adversely to it, would reasonably be expected to materially adversely affect the Program (each, a “Regulatory Communication”) received by such Party within five (5) Business Days of receipt of such Regulatory Communication. For any Regulatory Communication to any Regulatory Authority with examination authority over Bank and for which a response from either Party is required or in either Party’s reasonable judgment is prudent, the Parties shall

coordinate and cooperate on the response, provided, however, Bank shall have the final authority to approve the actual response to a Regulatory Authority with direct supervision over the Bank. Bank agrees to provide such actual response to Company promptly after providing such response to the applicable Regulatory Authority, if allowable under such Regulatory Authority or Applicable Law.

(g)

Fraud and Risk Management. Company agrees that it is financially and operationally responsible for all compromised Deposit Accounts other than fraud losses due to Bank’s gross negligence or willful misconduct hereunder; it being understood, however, Bank has no duty to monitor any Deposit Account activity, including monitoring for fraudulent transactions. Company shall adopt and implement a fraud monitoring practices and controls, and Company will bear the risk of and is responsible for all fraud losses, unauthorized transactions and errors (as defined by Regulation E) other than fraud losses due to Bank’s gross negligence or willful misconduct hereunder. Company shall reimburse Bank for any losses it incurs in connection with a Deposit Account due to fraud, an unauthorized transaction or an error (as defined by Regulation E) or any other losses associated with the Deposit Account. Company shall promptly report to Bank any information necessary for Bank to investigate, make a determination and be able to file a suspicious activity report (“SAR”) with the Financial Crimes Enforcement Network. The Parties acknowledge that the contents of a SAR and the fact that Bank has filed a SAR are strictly confidential under Applicable Law. Company further agrees to promptly provide to Bank any information it may deem necessary to resolve any complaints of fraudulent Deposit Account activity.

(h)

Program Manager Reserve Account Company shall maintain a deposit account at Bank which holds the Reserve Amount deposited by Company (“Program Manager Reserve Account”) in accordance with the terms set forth on the Cover Page of this Agreement. Company shall ensure the Program Manager Reserve Account shall at all times maintain a balance equal to the Reserve Amount.

(i)

Prohibited Changes and Notice of Change. Company shall (a) not change in the name or form of business organization of Party without approval from Bank, such approval not to be unreasonably held; and (b) provide notice to Bank of any material adverse change in Company’s financial condition or operations that might materially and adversely affect its ability to perform its obligations under this Agreement.

(j)

Annual Statements and Audits.

(i)

During the Term of this Agreement, Company will provide Bank with unaudited quarterly financial statements within forty-five (45) days following the end of each calendar quarter, which shall include, at a minimum, a balance sheet, income statement and cash flow statement, debt covenant calculations (if applicable), amount of any guaranteed loans and current loss rates on guaranteed loans (if applicable) in such detail reasonably acceptable to Bank and certified by Company’s Treasurer or Chief Financial Officer, and audited annual financial statements within one hundred eighty (180) days after the end of Company’s fiscal year, which shall include, at a minimum, a balance sheet, income statement, and cash flow statement, debt covenant calculations (if applicable), amount of any guaranteed loans and current loss rates on guaranteed loans (if applicable) and notes to financial statements in such detail customary for such financial statements and prepared by an independent certified public accountant in accordance with generally accepted accounting principles consistently applied.

(ii)

At least annually, Company will have a certified independent public accounting firm or another independent third party reasonably acceptable to Bank: (i)(a) conduct a review or assessment and provide a full attestation, review or report under SSAE 16 (Statement on Standards for Attestation Engagements No. 16) SOC (Service Organization Control) 1 Type II or SOC 2 Type II; (b) a replacement for one of the foregoing approved by Bank; or (c) other third party reviews and reports reasonably acceptable to Bank, in each case, of all key systems and operational controls used in connection with any Confidential Information or Depositor Information; and (ii) conduct and provide a full report of an independent network and application penetration test. Each of these attestations, reviews, reports and tests will be for a scope approved by Bank in its reasonable discretion. Company will provide all findings from these attestations, reviews and tests to Bank upon receipt from the third party. Company will (x) implement all material recommendations set forth in such attestations, reviews, reports and any other reasonable recommendations made by Bank arising out of Bank’s analysis of such reviews and (y) upon Bank’s request, provide Bank with the status of the implementation. If Company fails to conduct the required reviews and assessments and provide the required reports set forth in clauses (i) and (ii) above, as determined by Bank, Bank may perform its own reviews and assessments, and Company will promptly reimburse Company for all reasonable costs associated with its efforts.

(k)

True and Correct Information. Company covenants that all information furnished by it to Bank for purposes of or in connection with this Agreement shall be, to the best of Company’s knowledge, as of the date provided, true, correct and complete in all material respects and does not omit any material fact necessary to make the information so furnished not misleading. Except as disclosed to Bank, there is no fact known to Company (including threatened or pending litigation) that is reasonably likely to materially and adversely affect the financial condition, business, property, or prospects of Company.

Bank’s Obligations. In addition to such other duties and obligations as are set forth in this Agreement, the Bank shall:

(a)

Membership. At its sole expense, maintain its Membership in good standing and shall timely pay all fees, dues and assessments associated with such Membership.

(b)

Escheatment. Bank shall be responsible for the handling of any Deposits that constitute unclaimed, abandoned or similar property under Applicable based upon the records maintained by Company. Company shall provide such reports and notices that may be reasonably requested by Bank from time to time.

(c)

FBO Account. (i) Establish and maintain the FBO Account in compliance with Applicable Law and in accordance with this Agreement, including Schedule A; and (ii) Bank shall provide Company view-only access to the FBO Account to enable Company to provide the Services to Customers under this Agreement.

(d)

Deposit Account Issuance. Issue and maintain a Deposit Account to each Customer in compliance with Applicable Law and in accordance with the Deposit Account Agreement and this Agreement, including Schedule A.

(e)

FDIC Insurance. Issue and maintain the Deposits in Deposit Accounts in order to ensure the Deposits are insured by the FDIC up to the standard maximum deposit insurance amount per Customer, per FDIC-insured bank and per ownership category.

(f)

Origination Services, Generally. Provide Company with Origination Services for Customer transaction services as more fully described in Section 10 (Origination Services);

(g)

Reserved.

(h)

Bank Oversight. Have, at all times, the right to control, oversee and audit (as set forth in this Agreement) Company’s use of the Services to ensure that Company’s performance of the Services complies with Applicable Law and Bank’s policies.

(i)

Bank Compliance With Law and Policies. Comply, at all times, in performing its duties and obligations under this Agreement, with all Applicable Law and Bank’s policies.

(j)

Notices of Changes. Unless such notice is prohibited by Applicable Law or the actions or requirements of a Regulatory Authority, Bank shall notify Company as far as reasonably possible in advance of: (a) any change in the name or form of business organization of Bank or change in the location of its chief executive office; or (b) any material adverse change in Bank’s financial condition or operations that might materially and adversely affect Bank’s ability to perform its obligations under this Agreement.

(k)

Notice of Proceedings. Unless such notice is prohibited by Applicable Law or the actions or requirements of a Regulatory Authority, Bank shall promptly notify Company of any action, suit, litigation, proceeding, facts and circumstances, and of all tax deficiencies and other proceedings before governmental bodies or officials (i) affecting the Program or this Agreement, (ii) that might give rise to any indemnification obligation pursuant to this Agreement or (iii) that might materially and adversely affect Bank’s ability to perform its obligations under this Agreement.

(l)

Bank’s Business. Bank shall do or cause to be done all things necessary to preserve and keep in full force and effect its corporate existence and to comply with all requirements of this Agreement. Bank shall use reasonable efforts to remain a well-capitalized institution, as defined under the prompt corrective actions provisions of the Federal Deposit Insurance Act, 12 U.S.C. § 1831o and 12 C.F.R. Part 6.

(m)

True and Correct Information. Bank covenants that all information furnished by Bank to Company for purposes of or in connection with this Agreement shall be, to the best of Bank’s knowledge, as of the date provided, true and correct in all material respects and does not omit any material fact necessary to make the information so furnished not misleading. Except as disclosed to Company, there is no fact known to Bank (including threatened or pending

litigation) that is reasonably likely to materially and adversely affect the financial condition, business, property, or prospects of Bank.

10.

Origination Services.

(a)

Transmittal of Entries by Company. Company shall (i) submit Entries to Bank in compliance with the NACHA Rules; (ii) not submit to Bank on any day Entries in a total dollar amount that exceeds the Exposure Settlement Limits (if any); and (iii) prior to such Entry submission, ensure all debit or credit authorizations have been provided as required by the NACHA Rules and Applicable Laws and are otherwise formatted and comply with any other requirements set out in the NACHA Rules. Subject to Bank’s prior approval, Company may contract with third parties for services, but shall nevertheless retain all liabilities of an Originator or Receiver as set forth in the NACHA Rules.

(b)

Processing, Transmittal and Settlement by Bank. Except as provided in Section 10(c) (On-Us Entries) and Section 10(d) (Rejection of Entries), Bank shall (i) process Entries received from Company to conform with the file specifications set forth in the NACHA Rules, (ii) transmit such Entries as an ODFI to the ACH Operator, and (iii) settle for such Entries as provided in the NACHA Rules. For purposes of this Agreement, Entries shall be deemed received by Bank, in the case of transmittal by tape, when received by Bank, and in the case of electronic transmission, when the transmission (and compliance with any related security procedures provided for herein) is completed. If such requirements are not met, Bank shall use reasonable efforts to transmit such Entries to the ACH Operator by the next deadline of the ACH Operator.

(c)

On-Us Entries. Except as provided in Section 10(d) (Rejection of Entries), in the case of an Entry received for credit to an account maintained with Bank (“On-Us Entry”), Bank shall credit the Receiver’s account in the amount of such Entry on the Effective Entry Date contained in such Entry, provided the requirements set forth in clauses (i) and (ii) of Section 10(a) are met. If either of those requirements is not met, Bank shall use reasonable efforts to credit the Receiver’s account in the amount of such Entry no later than the next Business Day following such Effective Entry Date.

(d)

Rejection of Entries. Bank may reject any Entry that does not comply with the requirements of Section 10(a) (Transmittal of Entries by Company) or Section 11(a) (Company Data Security Obligations) or that contains an Effective Entry Date more than two (2) Business Days after the Business Day such Entry is received by Bank. Bank may reject an On-Us Entry for any reason for which an Entry may be returned under the NACHA Rules. Bank may reject any Entry if Company does not adhere to its Security Program. Bank shall notify Company by email or electronic transmission of such rejection no later than the Business Day such Entry would otherwise have been transmitted by Bank to the ACH Operator or, in the case of an On-Us Entry, its Effective Entry Date. Notices of rejection shall be effective when given. Bank shall have no liability to Company by reason of the rejection of any such Entry or the fact that such notices are not given at an earlier time than that provided for herein. In the event that any Entries are rejected by the ACH Operator for any reason, it shall be the responsibility of Company to remake such Entries. Should the File be rejected due to an error caused by Bank, Bank shall be responsible for remaking the File. In such a case, Company will supply sufficient information to allow Bank to recreate the Entries for up to five (5) Business Days after midnight of the Settlement Date.

(e)

Cancellation or Amendment by Company. Company shall have no right to cancel or amend any Entry after its receipt by Bank. However, Company can make amendments or cancel an ACH batch Entry if the Entry is still “pending” in Bank’s internet banking service. If a Company request for cancellation or amendment complies with the procedures for canceling or amending Entry Data, Bank shall use reasonable efforts to act upon such a request by Company prior to transmitting the Entry to the ACH Operator or, in the case of an On-Us Entry, prior to crediting or debiting a Receiver’s account, but shall have no liability if such cancellation or amendment is not affected. Company shall reimburse Bank for any expenses, losses or damages Bank may incur in effecting or attempting to affect Company’s request for the cancellation or amendment of an Entry.

(f)

Error Detection. Bank has no obligation to discover and shall not be liable to Company for errors made by Company, including errors made by Company in identifying the Receiver, or an Intermediary or RDFI, or for errors made by Company in the amount of an Entry or for errors in Settlement Dates. Bank shall likewise have no duty to discover and shall not be liable for duplicate Entries issued by Company. Notwithstanding the foregoing, if Company discovers that any Entry it has initiated was in error, it shall notify Bank of such error. In the event that Company makes an error or issues a duplicate Entry, Company shall reimburse Bank for any loss, damages or expenses, incurred by Bank as result of the error or issuance of duplicate Entries. Bank and Company shall cooperate to resolve, using commercially reasonable efforts, any errors or issues related to Entries within one (1) business day or as soon as reasonably practicable.

(g)

Prohibited Transactions. Company shall not use or attempt to use the Services (i) to engage in any illegal purpose or activity or to violate any Applicable Law, rule or regulation; (ii) to breach any contract or agreement by which Company is bound; (iii) to engage in any internet or online gambling transaction, whether or not gambling is legal in any applicable jurisdiction; or (iv) to engage in any transaction or activity that is not specifically authorized and permitted by this Agreement. Bank may decline to execute any transaction or activity that Bank believes violates the terms of this Agreement.

(h)

Notice of Returned Entries. Bank shall notify Company by email or online notification of the receipt of a returned or changed Entry from the ACH Operator no later than one (1) Business Day after the Business Day of such receipt. Except for an Entry retransmitted by Company in accordance with the requirements of Section 10(a) (Transmittal of Entries by Company), Bank shall have no obligation to retransmit a returned Entry to the ACH Operator if Bank complied with the terms of this Agreement with respect to the original Entry. Upon receipt of a return of Debit Entry with a return reason code of RO7 (authorization revoked) or R10 (customer advises unauthorized), Company will cease transmission of said transactions until a new authorization has been signed by the consumer (RO7-authorization revoked) or until corrections have been made or an authorization has been obtained (R10-customer advises unauthorized).

(i)

Inconsistency of Name and Account Number. The Company acknowledges and agrees that, if an Entry describes the Receiver inconsistently by name and account number, payment of the Entry transmitted by Bank to the RDFI may be made by the RDFI (or by Bank in the case of an On-Us Entry) on the basis of the account number supplied by the Company, even if it identifies a person different from the named Receiver, and that the Company’s obligation to pay the amount of the Entry to Bank is not excused in such circumstances. Company is liable for and must settle with Bank for any Entry initiated by Company that identifies the Receiver by account or identifying number or by name and account or identifying number.

(j)

Payment for Credit Entries and Returned Debit Entries. Notwithstanding anything to the contrary, Company agrees to pay Bank for all credit Entries issued by Company, Customer(s), or credit Entries otherwise made effective against Company. Company shall make payment at such time on the date of transmittal by Bank of such credit Entries as Bank, in its discretion, may determine (“Payment Date”), and the amount of each On-Us Entry at such time on the Effective Entry Date of such credit Entry as Bank, in its discretion, may determine. Company shall pay Bank for the amount of each debit Entry returned by an RDFI or debit Entry dishonored by Bank. Payment shall be made by Company to Bank in any manner specified by Bank. Notwithstanding the foregoing, Bank is hereby authorized to charge the account(s) held by Bank for Company or any other Company designated account as payment for credit Entries issued by Company or returned or dishonored debit Entries. In the event that the such accounts does not have sufficient available funds on the Payment Date, Bank is hereby authorized to charge any account maintained by Company with Bank as payment for credit Entries issued by Company or returned or dishonored debit Entries. Company shall maintain sufficient collected funds in Company’s account(s) to settle for the credit Entries on the Payment Date. In the event that no Company account has collected funds sufficient on the Payment Date to cover the total amount of all Entries to be paid on such Payment Date, Bank may take any of the following actions: (i) refuse to process all Entries, in which event Bank shall inform Company that Bank suspended processing of the Entries, whereupon Bank shall have no liability to Company or any third-party as a result thereof, or (ii) process all credit Entries. In the event Bank elects to process credit Entries initiated by Company, the total amount of the insufficiency advanced by Bank on behalf of Company shall be immediately due and payable by Company to Bank without any further demand from Bank. If Bank elects to pay Company’s account in the overdraft on any one or more occasions, it shall not be considered a waiver of Bank’s rights to refuse to do so at any other time nor shall it be an agreement by Bank to pay other items in the overdraft.

(k)

Notifications of Change. Bank shall notify Company of all Notification of Change (“NOC”) Entries received by Bank relating to Entries transmitted by Company by electronic transmission no later than one (1) Business Day after receipt thereof. It is the responsibility of Company to make the requested changes within six (6) Business Days or prior to the initiation of the next live Entry, whichever is later with the following exceptions: (a) the Originator may choose, at its discretion, to make the changes specified in any NOC or corrected NOC relating to ARC, BOC, POP, RCK, XCK and single Entry TEL or WEB, (b) in the case of CIE and credit WEB Entries, the ODFI or Third-Party Service Provider is responsible for making the changes and (c) for an NOC in response to a Prenotification Entry, the Originator must make the changes prior to originating a subsequent Entry if the ODFI receives the NOC by opening of business on the second Business Day following the settlement date of the Prenotification Entry.

(l)

Electronic Debit Entries. Provisions may be made for holding accounts to be maintained for posting of any return Debit Items received, as stated elsewhere within this Agreement and the NACHA Rules. Company will promptly provide immediately available funds to indemnify Bank if any Debit Items are rejected after Bank has permitted

Company to withdraw immediately available funds, should funds not be available in the Program Manager Reserve Account to cover the amount of the rejected or returned Entries.

(m)

ACH Audits. At least once per year, Company shall provide Bank with an ACH audit performed by a qualified third party in accordance with NACHA Rules. Bank shall treat such audit reports as Company’s Confidential Information under this Agreement. Any exceptions noted on the ACH audit reports will be promptly addressed with the development and implementation of a corrective action plan by Company’s management. The Company shall retain data on file adequate to permit remaking of Entries for 365 days following the date of their transmittal by Bank as provided here and shall provide such data to Bank upon its request.

(n)

Reserves and Exposure Settlement Limits. In the event Exposure Settlement Limit may be exceeded on a Business Day, Company and Bank will work diligently to resolve such deficiency and update the Exposure Settlement Limit and/or Reserve Amount prior to the batch time of the Business Day that the Exposure Settlement Limit otherwise would have been met or exceeded.

(o)

NACHA Rules Company acknowledges receipt of a copy or has access to a copy of the NACHA Rules. A copy of the NACHA Rules is available at www.achrulesonline.org. Company agrees to comply with and be bound by the NACHA Rules. In the event Company violates any of the applicable NACHA Rules and/or NACHA imposes a fine on Bank because of Company’s actions, Bank shall pass on the fine and any associated penalties to Company. The Bank reserves the right to suspend Company, Originators and Third Party Senders for breach of the NACHA Rules or to terminate this Agreement pursuant to Section 16 (Term and Termination) of this Agreement. The Bank reserves the right to audit the Originator and/or Third Party Senders compliance with this Agreement and with the NACHA Rules. Bank will provide reporting information to NACHA regarding Company if Company’s return rate for unauthorized Entries exceeds the Unauthorized Entry Return Rate Threshold, the Administrative Return Rate Level or Overall Return Rate Level as required by the NACHA Rules. NACHA, in its role of ensuring the safety, security, and viability of the ACH network has determined that certain single-use or limited-use consumer authorizations have the potential to increase risk in the ACH system and compromise system effectiveness by increasing the incidence of returned Entries. Therefore, Company hereby warrant to Bank that for each such ACH Entry submitted for processing, Company have obtained all authorizations from the Receiver as required by the Rules, by Regulation E or other Applicable Law, and this Agreement. Company also makes the additional warranties to Bank that Bank makes to each RDFI and ACH Operator under the Rules for the respective SEC codes for Entries originated by Company. In addition to any other duties, responsibilities, warranties, representations and liabilities under this Agreement, for each and every Entry transmitted by Company as a Third Party Sender (as defined by the NACHA Rules) to Bank, Company represents and warrants to Bank and agrees that Company shall: (i) perform all of the duties, including, but not limited to, the duty to identify Originators and, upon request of Bank, provide the identity of the Originators to Bank; (ii) assume all of the responsibilities, including, but not limited to, the responsibilities of ODFIs and Originators; (iii) make all of the warranties, including, but not limited to, the warranties of ODFIs and the warranty that Originators have agreed to assume the responsibilities of Originators under the NACHA Rules; (iv) make all of the representations required under NACHA Rules; (v) use a unique company identifier in the ACH transaction for each Originator; (vi) not transact in a business prohibited by Bank; and (vii) assume all of the liabilities, including, but not limited to, liability for indemnification for failure of an Originator to perform its obligations as an Originator or a Third-Party Sender in accordance with the NACHA Rules.

(p)

Security Procedures.

The Company and Bank shall comply with the Security Procedures with respect to Entries transmitted by the Company to Bank and payment orders submitted to Bank. The Company acknowledges that the purpose of such Security Procedures is to verify authenticity and not to detect an error in the transmission or content of an Entry or payment order. No Security Procedures have been agreed upon between Bank and the Company for the detection of any such error and Company shall be solely responsible for any transmission errors. If Company believes or suspects that any such information or instructions have been known or accessed by unauthorized persons, Company agrees to notify Bank within one (1) Business Days, followed by written confirmation. The occurrence of unauthorized access will not affect any transfers made in compliance with the Security Procedures prior to receipt of such notification and within a reasonable time period to prevent unauthorized transfers.

Additionally, Company warrants that no individual will be allowed to initiate transfers in the absence of proper supervision and safeguards, and agrees to take reasonable steps to maintain the confidentiality of Security Procedures and any passwords, codes, security devices and related instructions provided by Bank in connection with the Security Procedures. If Company believes or suspects that any such

information or instructions are accessed by unauthorized persons, Company will notify Bank immediately followed by written confirmation. The occurrence of unauthorized access will not affect any transfers made in good faith by Bank prior to receipt of notification and within a reasonable time period to prevent unauthorized transfers.

If an Entry (or a request for cancellation or amendment of an Entry) or payment order (or a request for cancellation or amendment of a payment order) received by Bank purports to have been transmitted or authorized by the Company, it will be deemed effective as the Company’s Entry (or request) or payment order and the Company shall be obligated to pay Bank the amount of such Entry (or request) or payment order or request) even though the Entry (or request) or payment order (or request) was not authorized by the Company, provided Bank acted in compliance with the Security Procedures. If signature comparison is to be used as a part of the Security Procedure, Bank shall be deemed to have complied with that part of such procedure if it compares the signature accompanying a file of Entries (or request) or payment order (or request) with the signature of an authorized representative of the Company and, on the basis of such comparison, reasonably believes the signature to be that of such authorized representative.

If an Entry (or request for cancellation or amendment of an Entry) or payment order (or request for cancellation or amendment of a payment order) received by Bank was transmitted or authorized by the Company, the Company shall be obligated to pay the amount of the Entry or payment order as provided herein, whether or not Bank complied with the Security Procedures and whether or not that Entry or payment order was erroneous in any respect or that error would have been detected if Bank had complied with such Security Procedures.

In the event of a breach of the Security Procedure, Company agrees to provide reasonable assistance to Bank in determining the manner and source of the breach. Such assistance shall include, but shall not be limited to, providing Bank or Bank’s agent access to Company’s hard drive, storage media and devices, systems and any other equipment or device that was used in breach of the Security Procedure. Company further agrees to provide to Bank any analysis of such equipment, device, or software or any report of such analysis performed by Company, Company’s Agents, law enforcement agencies, or any other third party. Failure of Company to provide assistance to Bank within fifteen (15) business days after receipt by Company from Bank of a reasonable request for assistance specifying in detail the nature of the assistance required shall be an admission by Company that the breach of the Security Procedure was caused by a person who obtained access to transmitting facilities of Company or who obtained information facilitating the breach of the Security Procedure from Company and not from a source controlled by Bank.

11.

Data Security.

(a)

Company Data Security Obligations.

(i)

Company represents and warrants that its creation, collection, receipt, access, use, storage, disposal and disclosure of Depositor Information does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations and directives. At a minimum, pursuant to NACHA Rules, Company must use 128 bit RC4 encryption technology for the entry and transmission of Entries.

(ii)

Without limiting Company’s obligations under Section 11(a)(i), Company shall implement administrative, physical and technical safeguards to ensure Depositor Information is protected from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which Depositor Information is created, collected, accessed, received, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement.

(iii)

At least once per year, Company shall conduct a site audit of the information technology and information security controls for all facilities used in complying with its obligations under this Agreement, including obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices.

(b)

Security Program. Each Party shall, and shall require its third-party service providers that receive Depositor Information, “Nonpublic Personal Information” or “Personally Identifiable Financial Information” (as defined in Sections 1016.3(p) and (q) respectively of the Consumer Financial Protection Bureau rules on Privacy of Consumer Information published at 12 CFR Chapter X) to establish and maintain a Security Program as long as it stores Depositor Information, Nonpublic Personal Information or Personally Identifiable Financial Information. At all times during and after the Term and any Transition Period, (i) each Party shall use at least the same degree of care in protecting such information against unauthorized disclosure as it accords to its other confidential Customer information, but in no event less than the industry standard of care for financial institutions and (ii) the Security Program shall comply with all information and data security requirements of each Network and Applicable Law. Within 30 days of Bank’s written request, Company shall provide to Bank a summary of Company’s written Security Program, and thereafter upon Bank’s request will provide updates on the status of such Security Program. Each Party’s Security Program shall be Confidential Information of such Party.

(c)

Security Breach Procedures.

(i)

Each Party shall notify the other Party of a Security Breach as soon as practicable, but no later than forty eight (48) hours after the Breached Party becomes aware of any Security Breach. The Party with a Security Breach shall be referred herein as the “Breached Party.”

(ii)

Immediately following notification under Section 11(c)(i) above of a Security Breach, the Parties shall coordinate with each other to investigate the Security Breach. The Breached Party agrees to fully cooperate with the other Party in handling the matter, including: (i) assisting with any investigation; (ii) providing the other Party with physical access to the facilities and operations affected; (iii) facilitating interviews with the Breached Party’s employees and others involved in the matter; and (iv) making available all relevant Records, logs, files, data reporting and other materials required to comply with Applicable Law, regulation, industry standards or as otherwise reasonably required by the other Party.

(iii)

The Breached Party shall at its own expense use best efforts to immediately contain and remedy any Security Breach and prevent any further Security Breach, including taking any and all action necessary to comply with applicable privacy rights, laws, regulations and standards. The Breached Party shall reimburse the other Party for all actual reasonable costs incurred by the other Party in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation pursuant to Section 11(c)(iv).

(iv)

Except as otherwise required by Applicable Law, contract, or at the request of any Regulatory Authority, the Breached Party agrees that it shall not inform any third party of any Security Breach without first obtaining the other Party’s prior consent, other than to inform a complainant that the matter has been forwarded to the other Party’s legal counsel or as may be required by Applicable Law. The Parties will work together promptly and in good faith to determine (i) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in other Party’s discretion; (ii) the contents of such notice, and (iii) whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation.

(v)

The Breached Party agrees to maintain and preserve all documents, records and other data related to any Security Breach for the term of this Agreement and two years thereafter or as otherwise required by Applicable Law.

(vi)

In the event of any Security Breach, Breached Party shall promptly use its best efforts to prevent a recurrence of any such Security Breach.

(d)

Equitable Relief. Breached Party acknowledges that any breach of its covenants or obligations set forth in this Section 11 may cause the other Party irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the other Party is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance, and any other relief that may be available from any court, in addition to any other remedy to which the other Party may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available at law or in equity, subject to any express exclusions or limitations in this Agreement to the contrary.

(e)

Material Breach. The Breached Party’s failure to comply with any of the provisions of this Section 11 is a material breach of this Agreement.

12.

Disaster Recovery, Business Resumption and Contingency Plans. At all times during the Term and any wind-down or transition period, each Party shall prepare and maintain disaster recovery, business resumption and contingency plans appropriate for the nature and scope of the activities of, and the obligations to be performed by, such Party. Each Party shall ensure that its plans are sufficient to enable such Party to promptly resume, without giving effect to the force majeure provisions of Section 17 of this Agreement, the performance of its obligations hereunder in the event of a natural disaster, destruction of facilities or operations, utility or communication failures or similar interruption in operations and shall ensure that all material records, including any personal or business data, are backed up in a manner sufficient to survive any disaster or business interruption. Each Party shall periodically, and no less than annually, test its respective disaster recovery, business resumption and contingency plans as may be appropriate and prudent in light of the nature and scope of its obligations hereunder.

13.

Compensation. In consideration of performing their respective obligations in connection with the Program, the Parties will receive the amounts provided in Schedule B.

14.

Confidentiality.

(a)

Obligations of Nondisclosure and Nonuse. Unless otherwise agreed to in advance, in writing, by the disclosing Party or except as expressly permitted by this Agreement, the receiving Party will not, except as required by law or court order, use Confidential Information of the disclosing Party or disclose it to any third party.

The receiving Party may disclose Confidential Information of the disclosing Party only to those of its employees or contractors who need to know such information. In addition, prior to any disclosure of such Confidential Information to any such employee or contractor, such employee or contractor shall be made aware of the confidential nature of the Confidential Information and shall execute, or shall already be bound by, a nondisclosure agreement containing terms and conditions consistent with the terms and conditions of this Agreement.

In any event, the receiving Party shall be responsible for any breach of the terms and conditions of this Agreement by any of its employees or contractors.

The receiving Party shall use the same degree of care to avoid disclosure of the disclosing Party’s Confidential Information as the receiving Party employs with respect to its own Confidential Information of like importance, but not less than a reasonable degree of care.

(b)

Return of Confidential Information. Upon the termination or expiration of this Agreement for any reason, or upon the disclosing Party’s earlier request, the receiving Party will deliver to the disclosing Party all of the disclosing Party’s property or Confidential Information in tangible form that the receiving Party may have in its possession or control. The receiving Party may retain one copy of the Confidential Information in its legal files.

(c)

Depositor Information. Company acknowledges and agrees that “Non Public Personal Information” and “Personally Identifiable Financial Information” (as each term defined in Sections 1016.3(p) and (q) respectively of the Consumer Financial Protection Bureau rules on Privacy of Consumer Information published at 12 CFR Chapter X) and Depositor Information about Bank’s customers and Customers (but excluding transaction data to the extent such information is not Non Public Personal Information and Personally Identifiable Financial Information) shall be considered as confidential and proprietary information of Bank, and shall not be disclosed to or shared with any third party without prior written consent of Bank or the Customer, except as necessary or useful for Company to exercise its rights or perform its obligations hereunder and in compliance with the terms of this Agreement and Bank’s privacy policy. Bank hereby grants Company a nonexclusive, transferrable, worldwide right and license to use Depositor Information to exercise its rights and perform its obligations under this Agreement. Except as provided in, and subject to the limitations stated herein, Company will not compile, use, sell or otherwise distribute any lists of Bank’s customers/Customers nor use the names, account numbers or any other Nonpublic Personal Information and Personally Identifiable Financial Information about customers, Applicants or Customers to compile, use, sell or distribute lists or data for use by Company, subsidiaries or affiliates, or by any third parties without the prior written consent of Bank, which may not unreasonably withheld or delayed. Each Party will instruct its relevant employees, agents and contractors as to the confidentiality of the Nonpublic Personal Information and Personally Identifiable Financial Information and will not disclose any such Nonpublic Personal Information or Personally Identifiable Financial Information to any third party or entity, except as necessary or useful to exercise its rights or perform its obligations hereunder and in compliance with this Agreement. Each Party also agrees that any dissemination of the

aforementioned confidential Nonpublic Information or Personally Identifiable Financial Information within its own business entity and to agents and contractors shall be restricted to “a need to know basis” for the purpose of performance hereunder. Subject to Section 16(h)(ii), all obligations under this Section 14 and undertakings relating to Nonpublic Personal Information and Personally Identifiable Financial Information shall survive the expiration or termination of this Agreement for whatever reason.

All Aggregated De-Identified Data will be owned by Company, and Bank acknowledges that Company may use, store, analyze and disclose the Aggregated De-Identified Data (i) for its own internal, statistical and trend analysis, (ii) to develop and improve its products and Services, and (iii) to create and distribute data, reports and other materials regarding access and use of the Program. For clarity, nothing in this Section 14 gives Company the right to publicly identify Bank as the source of any Aggregated De-Identified Data without Bank’s prior written approval. “Aggregated De-Identified Data” means Depositor Information and Customer information aggregated by Company with other data such that the resulting data does not contain any information, Non Public Personal Information and Personally Identifiable Financial Information, identifiable or attributable to Bank or any natural Person.

Bank acknowledges that Company owns all Deposit Account-related transaction data that does not constitute Nonpublic Personal Information and Personally Identifiable Financial Information, including both information that is: (i) provided or made available by Company under this Agreement, or (ii) generated through the Program which is derived from such data. For clarity, nothing in this Agreement will affect either Party’s rights with respect to information or data already in such Party’s possession or control or developed or collected by such Party outside the scope of this Agreement.

(d)

Disclosures in Securities Filings. Company shall not file the Agreement (including any addendum, schedule, supplement or attachment), or any future amendment or supplement hereto, with the U.S. Securities and Exchange Commission (the “SEC”) unless such filing is required under Item 601 of Regulation S-K. In the event that Company determines that the Agreement (or amendment or supplement) must be filed with the SEC under Regulation S-K, Company shall take all actions necessary to obtain confidential treatment of all exhibits, addenda, schedules, supplements and attachments (including all pricing attachments) and to the extent possible, the Agreement, in accordance with Rule 406 under the Securities Act of 1933. Specifically, and without limitation, Company shall omit all exhibits, addenda, schedules, supplements and attachments (including all pricing attachments) from the material filed with the SEC and, in lieu thereof, shall indicate in the material filed that the Confidential Information has been so omitted and filed separately with the SEC. Company shall file all exhibits, addenda, schedules, supplements and attachments (including all pricing attachments) so as to maintain the confidentiality of the documents, and shall file an application making an objection to the disclosure of these materials. If the SEC denies the application, Company will seek review of the decision under Rule 431.

(e)

Other Relationships with Depositors. Subject to Applicable Law, Bank’s privacy policy and consistent with the Deposit Account Agreement, Company, at its own expense, shall have the right to solicit Applicants and/or Customers with optional offerings of general merchandise and services from Company and others, including Bank-approved ancillary products and services, and to use Applicant and/or Depositor Information for purposes permitted by Applicable Law, Bank’s privacy policy and the Deposit Account Agreement. Company shall notify Bank of its intent to make any such offers and shall obtain the prior written approval of Bank, which may be withheld for any reason and may be conditioned on the Parties entering into a mutually agreeable revenue sharing program regarding the offers.

Subject to the rights and restrictions in the California Consumer Privacy Act of 2018 (CCPA), Bank may at all times make solicitations for goods and services to the general public, which may include one or more Applicants or Customers; provided that Bank does not (i) target such solicitations to specific Applicants and/or Customers, or (ii) use or permit a third party to use any list of Applicants and/or Customers in connection with such solicitations; and Bank shall not be obligated to redact the names of Applicants and/or Customers from marketing lists acquired from third parties (e.g., magazine subscription lists) that Bank uses for solicitations. Bank may at all times and without restriction: offer credit, debit, prepaid and other electronic payment services or sponsor other program managers or companies who are offering credit, debit, prepaid or other electronic payment services.

15.

Proprietary Materials.

(a)

Bank Marks. Bank hereby grants to Company a nonexclusive, nontransferable, revocable limited license to use and reproduce the name, logo and specified trademarks of Bank (“Bank Marks”), which Bank has made available to Company, solely in connection with the Program or as required under the Rules, provided that any such use shall require the prior written approval of Bank, such approval not to be unreasonably withheld or delayed and consistent

with any Bank usage guidelines. If such approval is granted, Company may utilize such Bank Marks subject to Bank’s prior approval of such materials. This use terminates upon termination of this Agreement and the Transition Period.

(b)

Company Marks. Company grants to Bank a nonexclusive, nontransferable, revocable limited license to use and reproduce the name, logo and specified trademarks of Company (“Company Marks”), which Company has made available to Bank, solely in connection with the Program or as required under the Rules, provided that any such use shall require the prior written approval of Company, such approval not to be unreasonably withheld or delayed and consistent with any Company usage guidelines. If such approval is granted, Bank may utilize such Company Marks subject to Company’s prior approval of such materials. This use terminates upon termination of this Agreement and the Transition Period.

(c)

Reservation of Intellectual Property Rights. Each Party acknowledges and agrees that the other Party shall retain all right, title and interest in and to all Intellectual Property that is developed, established, used or otherwise created by the other Part related to the Program, including mobile applications, underwriting algorithms, form of applications and Deposit Account Agreements. Program materials, marketing materials and the Party’s Confidential Information. Nothing in this Agreement shall be construed as granting either Party a license to use in any way the Intellectual Property of the other Party, except as provided in Section 15(a) and 15(b). Neither Party shall take any action that interferes with the Intellectual Property of the other Party or attempt to copyright or patent any part of the Intellectual Property of the other Party or attempt to register any trademark, service mark, trade name, or company name which is identical or confusingly similar to other Company Marks or Bank Marks respectively.

16.

Term and Termination.

(a)

General. This Agreement will take effect on the Effective Date and continue until the second anniversary of the Effective Date (the “Initial Term”) and will renew automatically for successive additional terms of one (1) year each (each a “Renewal Term”), unless Company notifies Bank of nonrenewal at least one hundred eighty (180) days prior to the end of the Initial Term or any Renewal Term or Bank notifies Company of nonrenewal at least one-hundred-eighty (180) days prior to the end of the Initial Term or any Renewal Term (together, the “Term”).

(b)

Material Breach. Except as otherwise provided in this Agreement, if either Party materially breaches a material term of this Agreement, the nonbreaching Party may terminate this Agreement by giving written notice to the breaching Party. This notice will: (1) describe the material breach; and (2) state the Party’s intention to terminate this Agreement. If the breaching Party does not cure or substantially cure its material breach within fifteen (15) Business Days (or a shorter period if required by Applicable Law) after receipt of notice as described in this Section 16(b) (the “Cure Period”), then the nonbreaching Party may immediately terminate this Agreement by giving notice at any time following the end of such Cure Period; provided, however, that if such breach by Company is not capable of being cured or substantially cured within such fifteen (15) Business Day period, then the time period for curing or substantially curing such breach may be extended by Bank in its sole discretion so long as Company continues to diligently pursue such cure using commercially reasonable efforts. Neither Party will be held in breach for failure to perform under this Agreement if such failure is due to compliance with Applicable Law. In addition to the termination rights set forth herein, Bank may terminate this Agreement without liability if Company materially breaches this Agreement on three (3) or more separate occasions within twelve (12) consecutive months.

(c)

Cross Default. This Agreement will terminate upon the termination of the Debit Card Issuing Agreement.

(d)

Force Majeure; Change in Applicable Law. Either Party may terminate this Agreement as permitted by Sections 17 or 28, or upon written notice to the other Party if the other Party becomes Insolvent or bankrupt or becomes subject to a receivership proceeding.

(e)

Either Party may terminate this Agreement upon fifteen (15) Business Days’ advance written notice to the other Party of such intent to terminate if, at any time during the Term of this Agreement, the other Party is conducting activities that the terminating Party reasonably determines are materially harmful to relationships with its federal or state supervisory or law enforcement agencies; provided that the terminating Party promptly notifies the other Party of such activity, provides evidence of such activity, and the other Party does not cure such activity to the terminating Party’s sole and reasonable satisfaction within fifteen (15) Business Days of notification to the terminating Party.

(f)

Either Party may immediately terminate this Agreement in the event of an act of fraud or willful misconduct of the other Party, and Bank may suspend services under this Agreement if Company fails to maintain Program Manager

Reserve Account balances in accordance with Section 8(h) and the terms set forth on page one of this Agreement, including any applicable cure period.

(g)

Regulatory Requirement. Either Party may terminate at any time if required to do so by any authority with regulatory supervision over the Party or any Program.

(h)

Effect of Termination and Transition.

(i)

The termination of this Agreement shall not terminate, affect or impair any rights, obligations or liabilities of any Party that accrue prior to termination or with respect to the services occurring or arising prior to termination, or which, under this Agreement, continue after termination.

(ii)

Prior to termination or expiration of this Agreement, Company may elect to transfer the Program and the Deposit Accounts and Deposits therein to an alternative depository institution designated by Company (“Successor Bank”) in accordance with Applicable Law (each, a “Transfer”) or wind down the Program (“Wind Down”) by providing written notice of such election. Each Party acknowledges that the main goals of a Transfer or Wind Down are, in order or priority, to: (A) benefit Customers by minimizing any possible burdens or confusion and (B) protect and enhance the names and reputations of the Parties, both of whom have invested their names and reputations in the Program. The Parties agree to cooperate in good faith to effectuate any Transfer or Wind Down in a commercially reasonable way as soon as reasonably possible to provide for a smooth and orderly transition or Wind Down. Such cooperation will include continuing to provide the Services, Deposit Accounts and Customer service until the Transfer or Wind Down is completed. Notwithstanding anything to the contrary, Bank is under no obligation to Transfer Deposit Accounts or Deposits under this Section during the continuance of any event or circumstances that would give rise to Bank’s right to terminate this Agreement or if such assistance would violate any Applicable Law or any order or instruction of a Regulatory authority.

(iii)

In the event that Company elects a Transfer to a Successor Bank, Bank’s obligations will include: (A) executing and delivering a mutually agreed upon transfer agreement; and (B) taking all other reasonable actions necessary to effectuate the Transfer to the Successor Bank, including the transfer of all Depositor Information described in Section 14(c) . Company will ensure that all aspects of the Transfer in its control are accomplished in compliance with Applicable Law, including any required regulatory approvals. The Successor Bank may be required to file a Bank Merger Act application or other applications with respect to any Deposits related to the Deposit Accounts to the applicable regulatory authorities. Bank will reasonably cooperate in any such filings and related approval processes.

(iv)

As soon as reasonably practicable after providing notice of a Transfer or Wind Down as provided in Section 16(h)(ii), Company will provide to Bank in writing a proposed Transition Plan detailing (A) whether the Program or certain Deposit Accounts will be transferred to a Successor Bank or wound down; (B) a proposed work plan; and (C) a proposed time line, which will designate the date of the Transfer or completion of the Wind Down. The Parties will meet promptly thereafter to review such proposed plan and diligently work in good faith to promptly determine a mutually acceptable plan (“Transition Plan”). The Parties will use their best efforts to complete a Transition or Wind Down within one-hundred-eighty (180) days after Bank’s receipt of Company’s election as provided in Section 16(h)(ii); provided, however, that such time period may be extended by mutual written agreement of the Parties. The period of time between such election and completion of a Transfer or Wind Down is referred to in this Section 16(g) as the “Transition Period.”

(v)

Unless the Transition Plan provides otherwise, during the Transition Period, the Parties will continue to be bound by and comply with the terms of this Agreement and perform all of their obligations hereunder and will remain liable for their respective representations and warranties, covenants, agreements and indemnification obligations under this Agreement.

(vi)

In no event will either Party make any public statement or Customer communication regarding any Transfer or Wind Down without the express prior written approval of the other Party, which approval will not be unreasonably withheld, conditioned or delayed. Notwithstanding the foregoing, each Party may communicate confidentially any Transfer or Wind Down to any subcontractor or other third party providing services related to the Program.

(vii)

Subject to Section 14(b), following termination or expiration of this Agreement and expiration of the Transition Period, each Party will (A) return all property belonging to the other Party which is in its possession or control at the time of expiration of the Transition Period and (B) discontinue using the other Party’s trademarks.

(viii)

Company shall be responsible for all costs, including reasonable attorneys’ fees, associated with any transition contemplated herein, unless the Agreement is terminated by Company for cause pursuant to Section 16(b) or (f).

(ix)

Company shall maintain funds in the Program Manager Reserve Account equal to the Reserve Amount for a period of at least one-hundred-eighty (180) days after the Transition Period, and Bank will transfer to Company any amounts remaining in the Program Manager Reserve Account net of all payments due to Bank under this Agreement, including losses associated with Deposit Account fraud, no later than five (5) Business Days after the end of such period.

17.

Force Majeure. If any Party will be unable to carry out the whole or any part of its obligations under this Agreement by reason of a Force Majeure Event, then the performance of the obligations under this Agreement of such Party as they are affected by such cause will be excused during the continuance of the inability so caused, except that should such inability not be remedied within thirty (30) days after the date of such cause, the Party not so affected may at any time after the expiration of such thirty (30) day period, during the continuance of such inability, terminate this Agreement on giving written notice to the other Party. A “Force Majeure Event” as used in this Agreement will mean an unanticipated event that is not reasonably within the control of the affected Party or its subcontractors (including acts of God, acts of governmental authorities, strikes, war, terrorist attacks, riot and any other causes of such nature), and which by exercise of reasonable due diligence, such affected Party or its subcontractors could not reasonably have been expected to avoid, overcome or obtain, or cause to be obtained, a commercially reasonable substitute therefore. No Party will be relieved of its obligations hereunder if its failure of performance is due to removable or remediable causes which such Party fails to remove or remedy using commercially reasonable efforts within a reasonable time period. Either Party rendered unable to fulfill any of its obligations under this Agreement by reason of a Force Majeure Event will give prompt notice of such fact to the other Party, followed by written confirmation of notice, and will exercise due diligence to remove such inability with all reasonable dispatch.

18.

Disclaimers of Warranties.

(a)

EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT, EACH PARTY SPECIFICALLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING ANY WARRANTY OF MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE, EACH OF WHICH IS HEREBY EXCLUDED BY BOTH PARTIES UNDER THIS AGREEMENT.

(b)

EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT, BANK’S SERVICES AND BANK SYSTEMS ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT ANY REPRESENTATION OF WARRANTY, WHETHER EXPRESSED, IMPLIED OR STATUTORY. USE OF BANK SOFTWARE SERVICES OR BANK SYSTEMS IS AT COMPANY’S OWN RISK. BANK DOES NOT WARRANT THE SERVICES OR BANK SYSTEMS WILL MEET COMPANY’S REQUIREMENTS, BE CONTINUOUS, UNINTERRUPTED, SECURE, TIMELY, OR ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED. BANK SHALL NOT BE RESPONSIBLE FOR ANY SOFTWARE SERVICE OR BANK SYSTEM INTERRUPTIONS OR SERVICE FAILURES THAT MAY AFFECT THE SERVICES OR COMPANY.

(c)

THIS DISCLAIMER OF WARRANTY, SECTION 18 (DISCLAIMER OF WARRANTIES), SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION.

19.

Limitation of Liability.

(a)

No Special Damages. No Party shall be liable to any other Party for any special, indirect, incidental, consequential, punitive or exemplary damages, including, but not limited to, lost profits, even if such Party has knowledge of the possibility of such damages; provided, however, that the limitations set forth in this Section 19 shall not apply to or in any way limit a claim that arises out of a Party’s gross negligence, willful misconduct or fraud and shall not apply to or in any way limit the obligations of a Party to indemnify another Party for third party claims which are otherwise covered by the indemnity obligations under this Agreement.

(b)

Subject to Section 19(a), the maximum aggregate liability of Bank to Company for all claims arising out of or relating to this Agreement, regardless of the form of any such claim, shall not exceed [**].

20.

Indemnification.

(a)

Bank agrees to indemnify and hold harmless Company and its affiliates, and the officers, directors, members, employees, representatives, shareholders, Agents and attorneys of such entities (the “Company Indemnified Parties”) from and against any and all third party claims, actions, liability, judgments, damages, costs and expenses, including reasonable attorneys’ fees (“Losses”), that may arise from: (i) the gross negligence or willful misconduct of Bank or its agents or representatives (other than Company or its Agents or assigns) in connection with Bank’s performance of its obligations under this Agreement, (ii) material breaches of any of Bank’s obligations or undertakings or representations or warranties under this Agreement (other than any breach resulting from Company’s performance of Company’s obligations under this Agreement or the Debit Card Issuing Agreement) by Bank or its agents or representatives (other than Company or its Agents or assigns), or (iii) violation by Bank or its agents or representatives (other than Company or its Agents or assigns) of any Applicable Law.

(b)

Company agrees to indemnify, defend and hold harmless Bank and its affiliates, and the officers, directors, members, employees, representatives, shareholders, agents and attorneys of such entities (the “Bank Indemnified Parties”) from and against any and all Losses that may arise from: (i) the negligence or willful misconduct of Company, or its affiliates, Agents or representatives (other than Bank or its agents or assigns (excluding Company)), in connection with Company’s performance of its obligations under this Agreement, (ii) breach of any of Company’s obligations or undertakings or representations or warranties under this Agreement by Company or its affiliates, Agents or representatives (other than Bank or its agents or assigns (excluding Company)), including any failure to perform any obligations of Bank which Company has undertaken on behalf of Bank pursuant to this Agreement, (iii) violation by Company, its affiliates or its Agents or representatives (other than Bank or its agents or assigns (excluding Company)) of any Applicable Law; (iv) any fraudulent activity related to an Deposit Account, including unauthorized use of the Deposit Account or FBO Account; (iv) any inquiry specifically relating to Company or its Agents or the Program by any law enforcement, regulatory, or administrative agency, whether local, state, or federal, or self-regulatory, including but not limited to a civil investigative demand, subpoena, or any other formal or informal request for information or documents; (v) any fines or assessments by a Regulatory Authority or NACHA based on the actions or omissions of Company; (vi) any Security Breach suffered by Company; or (vii) allegation that Bank’s use of Company software or service(s) as contemplated hereunder infringes the Intellectual Property of a third party.

(c)

Company Indemnified Parties and Bank Indemnified Parties are sometimes referred to herein as the “Indemnified Parties”, and Company or Bank, as indemnitor hereunder, is sometimes referred to herein as the “Indemnifying Party”. Any Indemnified Party seeking indemnification hereunder shall promptly notify the Indemnifying Party, in writing, of any notice of the assertion by any third party of any claim or of the commencement by any third party of any legal or regulatory proceeding, arbitration or action, or if the Indemnified Party determines the existence of any such claim or the commencement by any third party of any such legal or regulatory proceeding, arbitration or action, whether or not the same shall have been asserted or initiated, in any case with respect to which the Indemnifying Party is or may be obligated to provide indemnification (an “Indemnifiable Claim”), specifying in reasonable detail the nature of the Loss, and, if known, the amount, or an estimate of the amount, of the Loss, provided that failure to promptly give such notice shall only limit the liability of the Indemnifying Party to the extent of the actual prejudice, if any, suffered by such Indemnifying Party as a result of such failure. The Indemnified Party shall provide to the Indemnifying Party as promptly as practicable thereafter information and documentation reasonably requested by such Indemnifying Party to defend against the claim asserted.

(d)

The Indemnifying Party shall have thirty (30) days after receipt of any notification of an Indemnifiable Claim (a “Claim Notice”) to undertake, conduct and control, through counsel of its own choosing, and at its own expense, the settlement or defense thereof and the Indemnified Party shall cooperate with the Indemnifying Party in connection therewith if such cooperation is so requested and the request is reasonable; provided that the Indemnifying Party shall hold the Indemnified Party harmless from all its out-of-pocket expenses, including reasonable attorneys’ fees incurred in connection with the Indemnified Party’s cooperation. If the Indemnifying Party assumes responsibility for the settlement or defense of any such claim, (i) the Indemnifying Party shall permit the Indemnified Party to participate in such settlement or defense through counsel chosen by the Indemnified Party (subject to the consent of the Indemnifying Party, which consent shall not be unreasonably withheld); provided that, other than in the event of a conflict of interest requiring the retention of separate counsel, the fees and expenses of such counsel shall not be borne by the Indemnifying Party; and (ii) the Indemnifying Party shall not settle any Indemnifiable Claim without the Indemnified Party’s consent, which involves anything other than the payment of money, including any admission by the Indemnified Party. So long as the Indemnifying Party is vigorously contesting any such Indemnifiable Claim in good faith, the Indemnified Party shall not pay or settle such claim without the Indemnifying Party’s consent.

(e)

If the Indemnifying Party does not notify the Indemnified Party within thirty (30) days after receipt of the Claim Notice that it elects to undertake the defense of the Indemnifiable Claim described therein, or if the Indemnifying Party fails to contest vigorously any such Indemnifiable Claim, the Indemnified Party shall have the right, upon notice to the Indemnifying Party, to contest, settle or compromise the Indemnifiable Claim in the exercise of its reasonable discretion; provided that the Indemnified Party shall notify the Indemnifying Party of any compromise or settlement of any such Indemnifiable Claim. No action taken by the Indemnified Party pursuant to this Section 20(e) shall deprive the Indemnified Party of its rights to indemnification pursuant to this Section 20 (Indemnification).

21.

Independent Contractors. It is understood that both Parties hereto are independent contractors and engage in the operation of their own respective businesses. Each Party shall be fully responsible for its own employees, servants and agents, and the employees, servants and agents of one Party shall not be deemed to be employees, servants and agents of the other Party for any purpose whatsoever.

22.

Insurance. Company shall procure, pay for and maintain the minimum insurance coverage set forth below for the entire term of the Agreement. All insurance coverage is subject to the approval of Bank and shall be issued by a fiscally sound insurance carrier which maintains an A.M. Best Rating of A- VII or better. The General Liability policy shall name Bank as additional insured on the General Liability policy:

(a)

Workers’ Compensation insurance providing coverage pursuant to statutory requirements.

(b)

Commercial General Liability insurance with Completed Product and Operations covering bodily injury, property damage, and including contractual liability coverage with a combined limit of [**] per occurrence and [**] general aggregate. The Commercial General Liability insurance policy shall name Bank as additional insured but solely as it relates to insurable losses and expenses that result from Company’s activities in the servicing of the Program. Such policy shall contain a waiver of subrogation in favor of Bank.

(c)

Commercial Umbrella Liability insurance with per occurrence and aggregate limits of [**] with the liability insurance required under clauses (a) and (b) above scheduled as underlying.

(d)

Commercial Crime insurance covering Employee Theft and Computer Fraud with limits of [**] per loss for loss or damage arising out of fraudulent or dishonest acts committed by the employees of Company, acting alone or in collusion with others, including the property and funds of others in their possession, care, custody or control.

(e)

Technology Errors and Omissions Liability insurance in the amount of [**] per claim and aggregate.

Company must furnish Bank with certificates of insurance as evidence of the above insurance requirements prior to commencement of operations under the Agreement. Such certificates shall verify that Bank is named as additional insured and the waiver of subrogation in favor of Bank under the Commercial General Liability policy as required herein, and that in the event of a cancellation or material change in coverage, Bank would be given thirty (30) days prior written notice. In the event Company receives notice of cancellation for any of the required policies, Company shall use commercially reasonable efforts to provide at least thirty (30) days prior notice of such event to Bank, unless the required coverage is immediately replaced by similar coverage in scope and limits. Failure of Company to provide or of Bank to request a certificate of insurance shall not waive Company’s obligation under this Agreement to maintain the insurance required herein. In the event Company fails to maintain the insurance set forth herein Bank shall have the right to terminate this Agreement immediately upon written notice.

23.

Subcontractors.

(a)

Company may from time to time retain the services of one or more Agents to perform some of the services and obligations Company has agreed to perform pursuant to this Agreement; provided, however, it must first obtain Bank’s written approval in the event such subcontractor is performing a Critical Service (“Critical Service Provider”). “Critical Services” shall mean services that (i) grants, permits or require a third party to access, store, transmit or process Depositor Information or Bank’s Confidential Information in connection with a Program, (ii) involve significant bank functions or other activities that could cause Bank to face significant risk if the third party fails to meet expectations, (iii) could have significant Applicant, consumer or Customer impacts, (iv) require significant Bank investment in resources to implement the third-party relationship and manage the risk, (v) could have a material impact on Bank operations if the Bank has to find an alternate third party or if the outsourced activity has to be brought in-house; or (vi) any other service determined by Bank to be critical in its reasonable discretion.

(b)

Company shall be responsible for obtaining a written agreement with all Agents for the rendering of such services and shall be responsible for all obligations with each Agent. Such written agreements shall be available to Bank for review upon its request. Bank may, in its sole discretion, require any written agreement with a Critical Service Provider to be amended or modified to comply with Bank’s policies and procedures, Applicable Law, NACHA Rules, payment network rules or any instruction of Regulatory Authority. Bank may require Company to terminate or replace any Agent in the event Bank or a Regulatory Authority determines that such Agent’s performance violates Applicable Law or the terms of this Agreement. Company understands that it must inform Bank in writing regarding the use of any Critical Service Provider so that Bank may complete a due diligence review of such Critical Service Provider in compliance with Bank’s policies and procedures and Applicable Law, including, but not limited to, compliance with FFIEC guidance on Vendor and Third Party Management. Company shall be responsible for all costs and expenses, including reasonable attorneys’ fees, incurred by Bank in connection with diligence of and approval of any Critical Service Provider.

(c)

Company shall remain liable for any services performed by any and all Agents. Company shall include provisions in any agreement with a Critical Service Provider requiring the Critical Service Provider to allow Bank and any Regulatory Authority having jurisdiction over Bank to audit, inspect and review their facilities, personnel, files and records insofar as they relate to Deposit Accounts or the Program. Any audit, inspection or review as provided hereunder shall be on terms reasonably similar to the audit terms set forth in Section 8. Company shall also use commercially reasonable efforts to include provisions in any new or existing agreement with any other Critical Service Provider requiring the Critical Service Provider to allow Bank and any Regulatory Authority having jurisdiction over Bank to audit, inspect and review their facilities, personnel, files and records insofar as they relate to the Deposit Accounts or the Program.

24.

Nonexclusivity. Bank and Company agree that this Agreement is not intended to create an exclusive relationship of any type between Bank and Company. Bank and Company may each enter into similar arrangements with one or more third parties.

25.

Assignment. Except with respect to a Transition Plan, no Party may, without written approval of the other Party assign this Agreement or transfer its interest or any part thereof under this Agreement to any third party.

26.

Injunctive Relief. Each Party acknowledges that a violation of Section 14 (Confidentiality) would cause immediate and irreparable harm for which money damages would be inadequate. Therefore, the harmed Party will be entitled to injunctive relief for the other Party’s breach of any of its obligations under the said Articles without proof of actual damages and without the posting of bond or other security. Such remedy shall not be deemed to be the exclusive remedy for such violation but shall be in addition to all other remedies available at law or in equity.

27.

Governing Law and Dispute Resolution.

(a)

This Agreement shall be interpreted and construed in accordance with the laws of the State of Tennessee, without giving effect to the rules, policies, or principles thereof with respect to conflicts of laws. Each Party hereby submits to the jurisdiction of the courts of Tennessee, and (subject to Bank’s reservation of preemption rights herein).

(b)

TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PARTIES HEREBY EXPRESSLY WAIVE ANY RIGHT TO TRIAL BY JURY OF ANY CLAIM, DEMAND, ACTION OR CAUSE OF ACTION ARISING HEREUNDER.

(c)

Dispute Resolution and Arbitration.

(i)

Cooperation to Resolve Disputes. The Parties shall cooperate and attempt in good faith to resolve any dispute, controversy, or claim arising out of or relating to this Agreement or the construction, interpretation, performance, breach, termination, enforceability or validity thereof (a “Dispute”) promptly by negotiating between persons who have authority to settle the Dispute and who are at a higher level of management than the persons with direct responsibility for administration and performance of the provisions or obligations of this Agreement that are the subject of the Dispute.

(ii)

Arbitration. Any Dispute which cannot otherwise be resolved as provided in subsection (i) above shall be resolved by arbitration conducted in accordance with the commercial arbitration rules of the American Arbitration Association, and judgment upon the award rendered by the arbitral tribunal may be entered in any court having jurisdiction thereof. The arbitration tribunal shall consist of a single arbitrator mutually agreed upon by the Parties, or in the absence of such agreement within 30 days from the first referral of the Dispute to the American Arbitration Association, designated by the American Arbitration Association. The place of arbitration shall be Memphis, Tennessee, unless the Parties shall have agreed to another

location within 15 days from the first referral of the Dispute to the American Arbitration Association. The arbitral award shall be final and binding. The Parties waive any right to appeal the arbitral award, to the extent a right to appeal may be lawfully waived. Each Party retains the right to seek judicial assistance: (1) to compel arbitration, (2) to obtain interim measures of protection prior to or pending arbitration, (3) to seek injunctive relief in the courts of any jurisdiction as may be necessary and appropriate to protect the unauthorized disclosure of its proprietary or confidential information, and (4) to enforce any decision of the arbitrator, including the final award. In no event shall either Party be entitled to punitive, exemplary or similar damages.

(iii)

Confidentiality of Proceedings. The arbitration proceedings contemplated by this subsection shall be as confidential and private as permitted by Applicable Law. To that end, the Parties shall not disclose the existence, content or results of any proceedings conducted in accordance with this subsection, and materials submitted in connection with such proceedings shall not be admissible in any other proceeding, provided, however, that this confidentiality provision shall not prevent a petition to vacate or enforce an arbitral award, and shall not bar disclosures required by any laws or regulations.

28.

Agreement Subject to Applicable Law. Subject to Section 16 (Term and Termination), if (a) either Party has been advised by legal counsel of a change in Applicable Laws or any judicial decision of a court having jurisdiction over such Party or any interpretation of a Regulatory Authority that, in the view of such legal counsel, would have a materially adverse effect on the Program, the rights or obligations of such Party under this Agreement or the financial condition of such Party; (b) either Party shall receive a lawful written request of any Regulatory Authority having jurisdiction over such Party, including any letter or directive of any kind from any such Regulatory Authority, that prohibits or restricts such Party from carrying out its obligations under this Agreement; (c) either Party has been advised by legal counsel that there is a material risk that such Party’s or the other Party’s continued performance under this Agreement would violate Applicable Laws; (d) any Regulatory Authority shall have determined and notified either Party that the arrangement between the Parties contemplated by this Agreement constitutes an unsafe or unsound banking practice or is in violation of Applicable Law; or (e) a Regulatory Authority has commenced an investigation or action against a Party which the other Party, in its reasonable judgment, determines that it threatens such Party’s ability to perform its obligations under this Agreement, then, in each case, the Parties shall meet and consider in good faith any modifications, changes or additions to the Program or this Agreement that may be necessary to eliminate such result. Notwithstanding any other provision of this Agreement, if the Parties are unable to reach agreement regarding modifications, changes or additions to the Program or this Program Agreement within fifteen (15) Business Days after the Parties initially meet, either Party may terminate this Agreement upon thirty (30) days prior written notice to the other Party and without payment of a termination fee or other penalty. A Party shall be able to suspend performance of its obligations under this Agreement, or require the other Party to suspend its performance of its obligations under this Agreement, if (i) any event described in clause (b) above occurs and (ii) such Party reasonably determines that continued performance hereunder may result in a fine, penalty or other sanction being imposed by the applicable Regulatory Authority, or in material civil liability, unless with regards to civil liability, the other Party agrees to indemnify the Party. For the avoidance of doubt, nothing in this Section 28 shall obligate a Party to disclose, share, or discuss any information to the extent prohibited by Applicable Law or a Regulatory Authority.

29.

Bank Systems. Bank may, in its sole discretion, provide Company access to certain Bank application program interfaces (“Bank Systems”) in order to support Company’s obligations under this Agreement. In such an event, Bank grants Company limited access, that may be terminated at any time by Bank, to Bank Systems to perform activities permitted in writing by Bank or otherwise set forth in written specifications provided by Bank (“Specifications”). Company shall comply with Specifications and shall be responsible for the administration and use of Bank Systems and any access to systems in accordance with Specifications or other written instructions delivered by Bank. Notwithstanding anything to the contrary, Company shall remain liable for performance of its obligations under this Agreement, regardless of its use of Bank Systems, and Bank shall not be liable for any access to Bank Systems Bank may provide to Company. Nothing herein grants Company an ownership interest in Bank Systems, and Bank reserves all intellectual property rights not expressly granted in this Section 29.

30.

General. This Agreement constitutes the entire agreement of the Parties on the subject hereof and supersedes all prior understandings and instruments on such subject. All notices under this Agreement shall be emailed to Bank and Company as indicated on Page 1 of this Agreement unless notified otherwise by either Party. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. All waivers and modifications must be in a writing signed by both Parties and failure to enforce a provision shall not constitute a waiver. The Agreement may be executed in one or more counterparts. The Parties acknowledge that each Party and its counsel have reviewed and revised this Agreement and that the normal rule of construction to the effect that any ambiguities are to be resolved against the drafting Party shall not be employed in the interpretation of this Agreement or any amendments thereto, and the same shall

be construed neither for nor against either Party, but shall be given a reasonable interpretation in accordance with the plain meaning of its terms and the intent of the Parties. The words “include,” “includes” or “including” mean without limitation by reason of enumeration. Words in singular number include the plural, and in the plural include the singular, unless the context otherwise requires.

31.

Conflicts. Reference is made to that certain Debit Card Issuing Agreement. In the event of conflict between the Debit Issuing Agreement and this Agreement, the terms of this Agreement will prevail with respect to the Program, Deposit Account, Services, Origination Services or any other Deposit Account services provided by Bank or Company under this Agreement.

32.

Survival. Provisions of this Agreement that, by their nature, should survive termination of this Agreement shall survive termination (including, but not limited to, Sections 1, 3, 11, 14, 15(c), 16, 18, 19, 20, 26, 27, 30, 31 and 32).

SCHEDULE A
PROGRAM DESCRIPTION

[**]

SCHEDULE B
SCHEDULE OF FEES AND CHARGES

[**]