EX-10.3 4 dave-ex10_3.htm EX-10.3 EX-10.3 Exhibit 10.3
CERTAIN INFORMATION IN THIS DOCUMENT, MARKED BY [**], HAS BEEN EXCLUDED PURSUANT TO REGULATION S-K, ITEM 601(B)(10)(iv). SUCH EXCLUDED INFORMATION IS NOT MATERIAL AND IS THE TYPE THAT THE REGISTRANT TREATS AS PRIVATE OR CONFIDENTIAL.
DEBIT CARD ISSUING AGREEMENT
Cover Page
This Debit Card Issuing Agreement (“Agreement”) is entered into as of the 13th day of July, 2020 (“Effective Date”) by and between Evolve Bank & Trust, an Arkansas state bank, (“Bank”) and Dave Inc., a Delaware corporation (“Program Manager”). For purposes of this Agreement, Bank and Program Manager each will be referred to individually as a “Party” and together as the “Parties.”
Notices:
If to Bank: If to Program Manager:
Evolve Bank & Trust Dave Inc.
6070 Poplar Avenue, Suite 100 1265 S. Cochran Avenue
Memphis, Tennessee 38119 Los Angeles, California 90019
Attention: Legal Department Attention: Legal
IN WITNESS WHEREOF, this Agreement is executed by the Parties’ authorized officers or representatives and shall be effective as of the date below.
Bank: Evolve Bank & Trust Program Manager: Dave Inc.
By: /s/ Scot Lenoir By: /s/ Jason Wilk
Name: Scot Lenoir Name: __Jason Wilk_________________
Title: Chairman Title: __CEO_______________________
Date: 7/14/2020 / 10:05:19 CDT Date: ___7/13/2020_/ 5:49:41 CDT____
DEBIT CARD ISSUING AGREEMENT
WHEREAS, Bank is a depository institution, member FDIC;
WHEREAS, Bank is a member of certain Card Associations and is in the business of issuing Cards and establishing Settlement Accounts for the Settlement of Card transactions;
WHEREAS, Bank and Program Manager have entered into that certain Bank Services Agreement, dated as of the Effective Date hereof, in order for Program Manager to service deposit accounts established by Bank (the “Bank Services Agreement”);
WHEREAS, Bank desires that Program Manager provide services in support of the Program as further described in this Agreement; and
WHEREAS, Program Manager desires to provide such services in support of the Program on the terms and conditions set forth in this Agreement.
AGREEMENT
NOW, THEREFORE, in consideration of the foregoing and the terms, conditions and mutual covenants and agreements herein contained, and for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Bank and Program Manager mutually agree as follows:
1.Definitions. All capitalized terms used in this Agreement and not otherwise defined shall have the meanings set forth below.
“Account” has the same meaning as “Deposit Account,” as defined in the Bank Services Agreement.
“ACH” means the Automated Clearing House.
“Account Policies” means the Program Manager’s compliance policies and procedures, as submitted to and approved by Bank.
“Affiliate” means, with respect to a Party, a Person, whether a legal entity or an individual, who directly or indirectly controls, is controlled by or is under common control with the Party. For the purpose of this definition, the term “control” (including with correlative meanings, the terms controlling, controlled by and under common control with) means the power to direct the management or policies of such Person, directly or indirectly, through the ownership of twenty-five percent (25%) or more of a class of voting securities of such Person.
“Agent” means any third party service provider, processor, subcontractor or agent used by Program Manager in connection with the Program.
“Aggregated De-identified Data” has the meaning set forth in Section 16.
“Agreement” has the meaning set forth in the preamble hereto.
“Applicable Law” means applicable federal, state and local statutes, regulations, regulatory guidelines and judicial or administrative interpretations, as well as PCI-DSS and any rules or requirements established by the FDIC, the CFPB or the applicable Card Association, including, without limitation, the Truth in Lending Act and Regulation Z, the Equal Credit Opportunity Act and Regulation B, fair lending laws, the Servicemembers Civil Relief Act, the Fair Credit Reporting Act and laws on bank branching.
“Applicant” means a consumer who submits an Application or other request for an Account.
“Application” means the action or document by which a consumer requests and applies for an Account from Bank.
“Application Processing” means those services which are necessary to establish an Account in accordance with Applicable Law. Such services shall include but are not be limited to: application of the Account Policies to incoming Applications, Office of Foreign Assets Control screening, customer service described in Program Manager Card Services, collections, transaction authorization, statement preparation and issuance, regulatory compliance, security and fraud control, and activity reporting.
“Bank” has the meaning set forth in the preamble hereto.
“Bank Card Services” means any service other than Program Manager Card Services that Bank shall perform as set forth in Exhibit C.
“Bank Indemnified Parties” has the meaning set forth in Section 17(b).
“Bank Marks” has the meaning set forth in Section 21(a).
“BSA/AML/OFAC Procedures” has the meaning set forth in Section 11(a).
“Business Day” means any day, other than (a) a Saturday or Sunday, or (b) a day on which banking institutions in the State of Tennessee are authorized or obligated by law or executive order to be closed.
“Card” means any debit card or account access device or number issued by Bank under authority from one or more Card Associations that may be used to access funds in a Cardholder’s Account. For purposes of this Agreement, a Card does not include any credit card or product that accesses credit.
“Card Association” means Mastercard, VISA, Accel, Cirrus, Plus and/or any other electronic payment network association enabled on Cards issued pursuant to the Program that is capable of transmitting items and Settlement thereof.
“Card Program Materials” has the meaning set forth in Section 5.
“Cardholder Funds” means all Cardholder funds received by Bank for loading or reloading to a Card, including, without limitation, all funds held in the Account for the Cardholder.
“Cardholder” means an individual, residing in the U.S., at or over the age of 18, who applies for, receives and activates an Account with Bank under the Program, and/or any Person who is liable, jointly or severally, for amounts owing with respect to an Account.
“Cardholder Agreement” means the agreement between Bank and a Cardholder with terms and conditions that apply to the Cardholder’s Account and Card, including all disclosures required by Applicable Law.
“Cardholder Information” means all information, whether personally identifiable or in aggregate, that is submitted and/or obtained by Bank about an Account or an Application (whether or not completed), including, without limitation, financial standing and demographic data, Cardholder Data (as defined by PCI-DSS) and transaction data. Cardholder Information includes “Non Public Personal Information” and “Personally Identifiable Financial Information” (as defined in Sections 1016.3(p) and (q) respectively of the CFPB regulations on Privacy of Consumer Information published at 12 CFR Chapter X).
“CFPB” means the Consumer Financial Protection Bureau.
“Change in Control” means any of (a) the sale or transfer of all or substantially all the assets of a Party to a Person who is not an Affiliate of such Party; (b) as to Program Manager, (i) the acquisition by a Person or group of Persons of more than fifty percent (50%) of the voting securities or voting interests in Program Manager; (ii) the acquisition or accumulation by any Person or group of Persons of the power, direct or indirect, to elect a majority of a Program Manager’s board of directors or similar governing body or to direct or cause the direction of the management and policies of Program Manager, whether by contract or otherwise; or (iii) the merger or consolidation of Program Manager with or into another Person who is not an Affiliate of Program Manager, or the merger or consolidation of another Person who is not an Affiliate of Program Manager with or into Program Manager, in either case with the effect that, following such merger or consolidation, more than fifty percent (50%) of the voting power of all securities or interests of the surviving entity are not owned, directly or indirectly, by Persons who directly or indirectly owned fifty percent (50%) or more of the voting power of all securities or interests of Program Manager immediately prior to such transaction; and (c) as to Bank, any transfer of ownership or control, including the transfer or issuance of any voting securities of any type (whether debt or equity), that would constitute a change of control under the Change in Bank Control Act.
“Change of Ownership” means any transfer or other change in the equity ownership or voting control of a Party that does not constitute a Change in Control, including without limitation the issuance of debt or equity securities in a non-controlling amount and type to new investors.
“Chargeback” means a transaction using the Account that is subsequently reversed pursuant to Card Association rules.
“Claim Notice” has the meaning set forth in Section 17(d).
“Compliance Audit” has the meaning set forth in Section 26(b).
“Confidential Information” means the Program Documents, any information that is disclosed by the Disclosing Party to the Restricted Party or any information of the Disclosing Party to which the Restricted Party obtains access in connection with the Program and that relates to the Disclosing Party’s business or the Parties’ business relationships, including proprietary information or non-public information of the Disclosing Party, such as the Disclosing Party’s proprietary marketing plans and objectives, that the Disclosing Party discloses to the Restricted Party or to which the Restricted Party obtains access in connection with the negotiation or performance of this Agreement.
“Cure Period” has the meaning set forth in Section 19(b)(i).
“Disclosing Party” has the meaning set forth in Section 21(a).
“Dispute” has the meaning set forth in Section 35(c)(i).
“Effective Date” has the meaning set forth in the preamble hereto.
“FDIC” means the Federal Deposit Insurance Corporation.
“Force Majeure Event” has the meaning set forth in Section 44.
“Indemnifiable Claim” has the meaning set forth in Section 17(c).
“Indemnified Parties” has the meaning set forth in Section 17(c).
“Indemnifying Party” has the meaning set forth in Section 17(c).
“Initial Term” has the meaning set forth in Section 19(a).
“Insolvent” means the failure to pay debts in the ordinary course of business, the inability to pay its debts as they come due or the condition whereby the sum of an entity’s debts is greater than the sum of its assets.
“Intellectual Property” means (a) inventions, improvements, patents (including all reissues, continuations, continuations-in-part, revisions, extensions, and reexaminations thereof) and patent applications, (b) trademarks, service marks, trade names and trade dress, together with the goodwill associated therewith, (c) works of authorship and copyrights, including copyrights in computer software, databases and television programming and all rights related thereto, (d) confidential and proprietary information, including trade secrets and know how, (e) process, methods, procedures and materials, (f) data, databases and information, (g) software, tools and machine-readable texts and files, (h) literary work or other work of authorship,
including documentation, reports, drawings, charts, graphics and other written documentation, together with all copyrights and moral rights, (i) all other proprietary rights, and (j) all registrations and applications for registration and other intellectual property rights in or appurtenant to the foregoing items described in clauses (a) through (i) above.
“Losses” has the meaning set forth in Section 17(a).
“Marketing Activities” means all advertising media of any kind or nature, in whole or in part, including without limitation, catalogs, email solicitation messages, published advertising (such as newspaper and magazine advertisements), SMS text messaging, Internet media, blogs, tweet posts, banner ads, RSS feeds, telemarketing scripts, television or radio advertisements, frequently asked questions, promoting, advertising and/or marketing the Program.
“Marketing Materials” means categories of marketing messages intended to generate Applications for the origination of Accounts from a targeted population delivered through various Marketing Activities. Marketing Materials include, but are not limited to, pre-approved marketing, “take one” marketing, and introductory rate marketing.
“ODFI” has the meaning set forth in Section 8(e).
“Offer Period” has the meaning set forth in Section 32.
“Offeror” has the meaning set forth in Section 32.
“Party” and “Parties” has the meaning set forth in the preamble hereto.
“PCI Compliant” means compliant with PCI-DSS to ensure the proper handling and protection of payment accounts and transaction information which is stored, processed or transmitted. For this purpose, the term “PCI Compliant” includes but is not limited to Program Manager’s obligation to have an annual on-site PCI Data Security Assessment completed by a Qualified Security Assessor (QSA) and a Report on Compliance that must be signed by the QSA and sent securely to a Card Association.
“PCI-DSS” means the Payment Card Industry Data Security Standards administered by the PCI Standards Council that are in effect as of the Effective Date of this Agreement and as they may be amended from time to time.
“PCI Requirements” has the meaning set forth in Section 15(c).
“Person” means any legal person, including any individual, corporation, limited liability company, partnership, joint venture, association, joint-stock company, trust, unincorporated organization, governmental entity, or other entity of similar nature.
“Principal” means any Person directly or indirectly owning ten percent (10%) or more of Program Manager, and any executive officer or director of Program Manager.
“Processing Services” means the processing of a transaction in accordance with Applicable Law and the rules of Card Associations and any Regulatory Authority.
“Program” means a system of services approved by Bank, including the consumer debit or prepaid card program to be offered by Bank to Cardholders pursuant to the terms of this Agreement, initially as described in Exhibit A of the Bank Services Agreement, which is incorporated herein and may be amended from time to time by written agreement. This Agreement contemplates that Program Manager may be permitted by Bank to offer multiple Programs hereunder, each subject to the terms hereof and the prior written approval of Bank.
“Program Documents” means this Agreement, all Exhibits and addenda attached hereto and any other documents related to the Program and referenced herein and agreed to between Program Manager and Bank in accordance with the terms hereof, as may be amended from time to time.
“Program Manager” has the meaning set forth in the preamble hereto.
“Program Manager Card Services” means all services to be performed by the Program Manager as set forth in Exhibit D.
“Program Manager Financial Requirement” has the meaning set forth in Section 13(b)(viii).
“Program Manager Indemnified Parties” has the meaning set forth in Section 17(a).
“Program Manager Marks” has the meaning set forth in Section 21(b).
“Program Manager Reserve Account” has the meaning set forth in Section 29.
“Program Manager Revenue Account” has the meaning set forth in Section 30.
“Qualifying Change” has the meaning set forth in Section 3(c).
“RDFI” has the meaning set forth in Section 8(e).
“Records” means any Cardholder Agreements, Applications, change-of-terms notices, Account files, credit bureau reports, copies of adverse action notices, transaction data, records, or other documentation (including computer tapes, magnetic or electronic files, and information in any other format) related to the Accounts and the Program.
“Regulatory Authority” means any federal, state or local regulatory agency or other governmental agency or authority having jurisdiction over a Party and, in the case of Bank, shall include, but not be limited to, the CFPB and FDIC.
“Regulatory Communication” has the meaning set forth in Section 12(b).
“Renewal Term” has the meaning set forth in Section 19(a).
“Reserve Balance” has the meaning set forth in Section 29(a).
“Restricted Party” has the meaning set forth in Section 20(c).
“SAR” has the meaning set forth in Section 10.
“Settlement” means the movement of funds between Bank, other financial institutions and the Card Associations to settle all transactions initiated by use of any Card or Account by or on behalf of a Cardholder, including purchases, merchant charges, withdrawals, and any other transactions.
“Settlement Amount” means the amount of funds identified by the Card Association for Settlement of transaction initiated by use or in connection with the Account for the related calendar day.
“Settlement Account” means the account maintained and controlled by Bank that is used for Settlement of the Settlement Amount.
“Substantive Change” means a change to the Marketing Activities, the categories of the Marketing Materials, or any items required by (a) Applicable Law, or (b) requirements previously identified by Bank in good faith as necessary due to safety and soundness or reputational concerns.
“Successor Bank” has the meaning set forth in Section 19(d)(v).
“Term” has the meaning set forth in Section 19(a).
“Termination Fee” has the meaning set forth in Section 19(d)(iii).
“TPA” has the meaning set forth in Section 7(a).
“Wind Down Period” has the meaning set forth in Section 19(d)(v).
2.The Program. Beginning on the Effective Date of this Agreement, the Parties agree to launch the Program on the terms and conditions otherwise provided for in this Agreement and as further described in Exhibit A.
3. Marketing Materials; Card Production. Program Manager shall promote and market the Program, the Accounts and the Cards using any form of Marketing Materials and Marketing Activities determined to be appropriate by Program Manager, subject to Bank’s prior approval as set forth herein. Bank agrees that Program Manager may refer to Bank and the Program in Marketing Materials upon the condition that the form of any references to Bank and/or the Program in any such Marketing Material is approved by Bank. All Marketing Materials must receive the prior written approval of Bank, in accordance with the procedures set forth in this Section 3. Bank shall conduct its initial review and shall accept or reject such forms of Marketing Materials and/or Marketing Activities provided by Program Manager within five (5) business days of Program Manager submitting such Marketing Materials and/or Marketing Activities to Bank at [**] for review; any such forms of Marketing Materials and/or Marketing Activities not rejected, conditionally accepted with Bank’s comments, or accepted within five (5) business days shall be deemed approved. (“Initial Review Process”). Should Bank conditionally accept with comments or otherwise request revisions to any forms of Marketing Materials and/or Marketing Activities during Bank’s Initial Review Process and Program Manager resubmits revised Marketing Materials and/or Marketing Activities to Bank at [**], Bank shall accept or reject with specific comments such revised Marketing Materials and/or Marketing Activities within five (5) business days of such resubmission; any such forms of Marketing Materials and/or Marketing Activities not specifically rejected or accepted within five (5) business days shall be deemed approved (“Resubmit Review Process”). Should Bank conditionally accept with comments or otherwise request further revisions after the Resubmit Review Process and Program Manager resubmits revised Marketing Materials and/or Marketing Activities to Bank at [**], Bank shall accept or reject with specific comments such revised Marketing Materials and/or Marketing Activities within two (2) business days of such resubmission; any such forms of Marketing Materials and/or Marketing Activities not specifically rejected or accepted within two (2) business days shall be deemed approved (“Final Review Process”).
(a)
Prior to Program Manager’s use of any Marketing Materials or conducting any Marketing Activities, Bank shall have completed an initial review of the forms of Marketing Materials and Marketing Activities proposed by Program Manager and approve or reject any such forms of Marketing Materials and Marketing Activities that have been provided to Bank. Marketing Materials and Marketing Activities will be considered approved and authorized by Bank once such approval and authorization are clearly communicated by Bank in writing, provided that Bank does not subsequently revoke its approval pursuant to the terms of Section 6(b) (Changes to Marketing Materials or Card Program Materials).
(b)
Thereafter, Program Manager shall make available for Bank’s prior review and approval all new forms of Marketing Materials and Marketing Activities proposed by Program Manager. Bank shall review and approve or reject any such forms of Marketing Materials and Marketing Activities within: (i) for direct mail Marketing Materials, three (3) Business Days after Bank’s receipt of such Marketing Materials; and (ii) for all other Marketing Materials or Marketing Activities, five (5) Business Days after Bank’s receipt of such Marketing Materials or Marketing Activities. Notwithstanding any timeframes set forth in this Section 3(b), Bank may require additional time for review and approval if Bank determines, in its sole discretion, that Card Association review or approval is required. Bank shall notify Program Manager of the need for Card Association review or approval and shall periodically inform Program Manager of the status of the Card Association review or approval. Marketing Materials and Marketing Activities will be approved and authorized by Bank once such approval and authorization are clearly communicated by Bank in writing to Program Manager, provided that Bank does not subsequently revoke its approval pursuant to the terms of Section 6(b) (Changes to Marketing Materials or Card Program Materials).
(c)
After approval of the form of Marketing Materials or Marketing Activities pursuant to Section 3(a) or 3(b), and subject to Section 6(b) (Changes to Marketing Materials or Card Program Materials), Program Manager may use such forms of Marketing Materials and Marketing Activities, and need not seek further approval for use of such forms unless there is: (i) a Substantive Change in the Marketing Materials or Marketing Activities, or (ii) a new offering to be included in the Marketing Materials (each of the events in clauses (i) and (ii), a “Qualifying Change”). In the event of a Qualifying Change, Program Manager shall submit such forms of Marketing Materials and Marketing Activities to Bank for review and approval in accordance with Section 3(b).
(d)
Bank may request up to four (4) periodic reviews of the Marketing Materials and Marketing Activities then being used by Program Manager in each calendar year, provided, however, that Bank may request additional reviews of the Marketing Materials and Marketing Activities if required by a Regulatory Authority or if Bank determines, in its sole discretion, that Program Manager is in, or is likely in, breach of any provision of this Agreement or Applicable Law. Bank and Program Manager shall cooperate to determine the form, format, frequency, and timing of such reviews to minimize expense and disruption.
(e)
Program Manager shall be liable for all claims arising from the use by Program Manager or Agents acting on Program Manager’s behalf of any Marketing Materials or Marketing Activities. Program Manager shall ensure that all Marketing Materials and Marketing Activities shall comply with Applicable Law, shall be accurate in all material respects and not be misleading; provided that Program Manager may rely on the accuracy of information included in the Marketing Materials and/or Marketing Activities which is provided and approved by Bank. Nothing herein shall serve to undermine Program Manager’s indemnification obligations under this Agreement.
(f)
Within thirty (30) days of the date of execution of this Agreement, or as otherwise mutually agreed in conjunction with the development of the Marketing Materials, the Parties will create mutually acceptable designs for the front and back of the Card. Such designs will be subject to compliance with Applicable Law and Card Association rules. In accordance with this Section 3(f), Bank will produce, store, maintain, and emboss plastic stock for Cards from time to time and in quantities adequate for the Program in a manner that is PCI Compliant or otherwise consistent with the data security standards set forth in Section 15 (Data Security) of this Agreement.
4. Issuance of Accounts and Cards.
(a)
Subject to the terms of this Agreement and Applicable Law, including those on bank branching, Bank agrees to issue Cards and make Accounts available to qualifying Applicants residing in any state in the United States, its territories and the District of Columbia.
(b)
Program Manager acknowledges that Bank is under no obligation to establish an Account for any Applicant. Notwithstanding anything to the contrary, Bank may, in its sole discretion, reject or decline to establish an Account if Bank determines to establish an Account would constitute an unsafe or unsound banking practice, pose undue reputational or financial risk to Bank or violate Applicable Law.
5. Program Materials and Account Policies. Program Manager shall be responsible for the development, production and distribution of all documents, terms and procedures necessary and proper to administer the Program (the “Card Program Materials”). Card Program Materials shall comply in all material respects with applicable Card Association rules and all Applicable Law. Prior to the formal launch of the Program, Bank shall provide Program Manager with an Account Policies, which Program Manager shall comply with in marketing, servicing, approving and managing Accounts. The Account Policies is considered a Card Program material. For the avoidance of doubt, Program Manager shall be responsible for all liability associated with Cardholder Accounts, including fraud and Chargeback liability, even if such Cardholder Account was approved in compliance with the Account Policies. Within ten (10) Business Days of the Effective Date, Program Manager shall provide a form Cardholder Agreement, form Application, and its Privacy Policy, all of which are considered Card Program Materials to be used in connection with the Program, to Bank for its approval. The Parties acknowledge that each Cardholder Agreement and all other documents referring to the issuer of Cards for the Program shall identify Bank as the issuer. The Cardholder Agreement shall further provide, as appropriate, that it is governed by Tennessee1 and federal law. Program Manager may not offer any collections products or accept fees for collections services using credit cards. Any changes to the Card Program Materials described above must be approved in advance by Bank.
6. Changes to Marketing Materials or Card Program Materials.
(a)
Changes to Card Program Materials, including a determination that any Card Program Materials are no longer authorized, may be made upon the request of either Party subject to the prior written consent of the other Party, which consent shall not be unreasonably withheld or delayed; provided, however, that Bank may change the Card Program Materials or determine that any Card Program Materials are no longer authorized upon written notice to Program Manager to the extent that such change or determination is required by Applicable Law or Regulatory Authority or necessitated in Bank’s reasonable determination by safety and soundness or reputational concerns. Unless such changes are required sooner by Applicable Law or a Regulatory Authority, upon Program Manager’s receipt of written notice from Bank of any changes to the Card Program Materials or a determination that any Card Program Materials are no longer authorized, Program Manager shall implement such change or determination as soon as commercially practicable but in no event later than thirty (30) days (or earlier if required by Applicable Law or Regulatory Authority) from Program Manager’s receipt of notice of such change or determination.
(b)
Bank may change the Marketing Materials or Marketing Activities previously approved by Bank or determine that any Marketing Materials or Marketing Activities previously approved by Bank are no longer authorized upon written notice provided to Program Manager only to the extent that such change is required by Applicable Law or a Regulatory Authority or necessitated in Bank’s reasonable determination by safety and soundness concerns. Unless such changes are required sooner by Applicable Law or a Regulatory Authority, upon Program Manager’s receipt of written notice from Bank of any changes to the Marketing Materials or Marketing Activities or a determination that any Marketing Materials or Marketing
Activities are no longer authorized, Program Manager shall implement such change or determination as soon as commercially practicable but in no event later than thirty (30) days (or earlier if required by Applicable Law or Regulatory Authority) from Program Manager’s receipt of notice of such change or determination.
7. Account Origination, Application Processing, Servicing.
(a)
As a third-party agent (also known as third party service provider) (“TPA”) for Bank under applicable Card Association rules, Program Manager shall solicit Applications from Applicants and shall perform Application Processing on behalf of Bank (including retrieving credit reports, if applicable) to determine whether the Applicant meets the eligibility criteria set forth in the Account Policies. As TPA for Bank, Program Manager shall respond to all inquiries from Applicants and from Bank regarding the Application Processing. Program Manager shall conduct Application Processing for each Applicant who requests an Account and shall approve on behalf of Bank only the requests of Applicants who meet the eligibility criteria set forth in the Account Policies. Without limiting any other provision of this Agreement, in performing its obligations under this Section 7 and its other obligations under this Agreement, Program Manager shall comply with Applicable Law.
(b)
Subject to the terms of this Agreement and limits set forth in Section 4 (Issuance of Accounts and Cards), Bank shall issue Cards to and establish Accounts with Applicants who meet the eligibility criteria set forth in the Account Policies and who accept the Account offer.
(c)
Pursuant to procedures mutually agreed by the Parties, Program Manager shall deliver all notices required by Applicable Law to Applicants who do not meet the Account Policies criteria or are otherwise denied an Account under the Program. All notices shall be delivered in form, content and timing in accordance with Applicable Law.
(d)
Program Manager shall deliver to Applicants the Cardholder Agreements, Cards, Bank’s and Program Manager’s privacy notices and any other Card Program Materials required to be delivered to Applicants and shall obtain appropriate signatures or other authorization from Applicants and any third party required by Bank to open on an Account and issue a Card, and take all other actions necessary for Bank to open an Account and issue a Card, all in accordance with Applicable Law, Card Association rules, and PCI-DSS (or the data security standards set forth in Section 15 (Data Security) of this Agreement).
(e)
Program Manager shall be responsible for providing all Program Manager Card Services in accordance with Applicable Law, and service-level standards agreed to between Bank and Program Manager, and in a manner that is PCI Compliant or otherwise consistent with the data security standards set forth in Section 15 (Data Security) of this Agreement and shall maintain all Records related to Accounts in accordance with Applicable Law. Program Manager will be responsible for costs associated with administering the Account in accordance with this Agreement. The Parties shall mutually agree upon procedures for resolving Cardholder payments incorrectly received by a Party. Bank and Program Manager will cooperate to develop procedures regarding the referral of Cardholders who contact a party concerning a claim, complaint, dispute or request for information regarding the other Party. Bank will promptly, but in no event later than one (1) business day, refer to Program Manager, or its Agent designated by Program Manager, any Cardholder or Applicant who contacts Bank concerning complaints, disputes or Chargebacks related to any Program Manager Card Service.
(f)
Program Manager will administer the Accounts, including collecting and applying payments on Accounts. Payments will be made by Cardholders on Accounts by methods made available to Cardholders, as set forth in the Cardholder Agreement. If payment is not timely made on an Account, Bank shall have the right to exercise any security interest set forth in this Agreement.
(g)
Program Manager shall perform its obligations described in this Section 7 and Program Manager Card Services, and deliver any other customer communications to Applicants as necessary to carry on the Program, in accordance with Applicable Law, all at Program Manager’s own cost. Subject to Section 23 (Expenses), Program Manager shall pay all third-party costs associated with account processing and origination, including but not limited to expenses related to Card Associations and credit bureaus.
(h)
In performing its obligations under this Section 7, Program Manager will act as Bank’s TPA pursuant to applicable Card Association rules. As soon as practicable after the Effective Date, Program Manager will provide materials to Bank and Bank will apply for Card Association’s approval of Program Manager to act as Bank’s TPA. Program Manager will not commence any activities relating to the marketing or soliciting of consumers for Cards until it has received the Card Association’s approval to act as a TPA of Bank, and until Bank provides written approval to Program Manager to begin any Card-related marketing or processing activities. Thereafter, Program Manager agrees to maintain its status as TPA of Bank consistent with and to otherwise comply with Card Association rules and in a manner that is consistent with the data security standards set forth in Section 15 (Data Security) of this Agreement. Upon receiving any notice from the Card Association or Bank that it is not in full compliance with Card Association rules, Program Manager shall cure any such non-compliance within thirty (30) days (or earlier if required by Applicable Law); provided, however, Bank in its sole discretion may allow this time period to be extended if Program Manager has commenced such cure and is continuing to pursue such cure in good faith using commercially reasonable efforts.
8. Card Services, Transaction Processing, Settlement.
(a) Program Manager will be responsible and liable for all Program Manager Card Services for the Program, and Bank will be responsible for all Bank Card Services for the Program. Each Program Manager and Bank shall be responsible for ensuring that all of its respective activities are consistent with Applicable Law. Bank shall be responsible for providing actual Settlement with the Card Association in accordance with Card Association rules.
(b)
Program Manager, at its sole expense, shall provide for Processing Services. Any processor retained by Program Manager to provide Processing Services must be approved in advance by Bank, and must have executed a Processing Services Agreement, such approval not to be unreasonably withheld, conditioned or delayed. Bank agrees that currently approved processors, are those listed on Exhibit A, as updated from time to
time by Bank in writing. Program Manager shall be responsible for all costs (if any), including reasonable attorneys’ fees, associated with the approval of and integration of processor.
(c)
Bank shall be responsible for Settlement with the Card Associations each Business Day for all transactions posted to the Account, including Cardholder purchases, automated teller machine withdrawals and other transactions in accordance with applicable Card Association requirements. Prior to the close of business each Business Day, Bank will debit or credit the Settlement Account for the Settlement Amount. Prior to any transfer contemplated by the prior sentence, Program Manager shall cause funds equal to the Settlement Amount to be transferred from the Account(s) to the Settlement Account; provided, any deficiency in funds in the Account(s) shall be the responsibility of Program Manager. Bank may, prior to the close of each Business Day, debit or set-off from any Program Manager account, including the Program Manager Reserve Account, for any amounts owed to the Card Associations or any Settlement Amount.
(d)
On each Business Day during the term of this Agreement, the Account(s) shall be credited for the following: (i) funds received by approved Program load formats; (ii) deposits to the Account(s); and (iii) any other credits due to Cardholders. Program Manager will be responsible for overseeing and managing all such credits. Program Manager will be responsible for ensuring that each Account will be at all times appropriately funded by deposits or funds in transit in an amount that is no less than 100% of the total amount of currency represented as active and available to Cardholders of the current day’s balances of Cardholder Funds. Program Manager will be responsible for overseeing and managing such funding. Program Manager shall be responsible and liable for any failure of an Account to be fully funded in accordance with this provision; provided such failure is not caused by Bank’s negligent actions or omissions, or its agents, assigns, or third party contractors (excluding Program Manager and its Agents). In the event of any such failure, Bank may offset any deficient funds from the Program Manager Reserve Account or, upon Bank’s request, Program Manager shall, within one (1) Business Day after receiving notice of such failure, fully fund any shortfall in the Account(s).
(e) Any ACH “origination” services provided to by Bank are governed by and limited to the services set forth in the Bank Services Agreement. Bank will act as Receiving Depository Financial Institution (“RDFI”) for receipt of all Cardholder Funds. Bank’s duties and obligations related to ACH services under this Agreement are limited solely to the duties and obligations set forth operating rules and guidelines of the National Automated Clearing House Association. Program Manager agrees to perform all services relative to Bank’s RDFI functions in accordance with all Applicable Law. Program Manager shall be financially responsible for all Cardholder Funds transmitted with or by approved third-party agents or service providers, and Program Manager’s contracts with any load networks shall reflect appropriate controls and indemnification regarding such activity, except to the extent of any loss of Cardholder Funds results from Bank’s gross negligence, willful misconduct, or acts or omissions other than in accordance with this Agreement. Notwithstanding anything to the contrary in this Agreement, Bank shall not be responsible under any circumstance other than its negligent or intentional acts or omissions for misdirected Cardholder Funds through any load network of the Program or for any misdirected Cardholder Funds in connection with services offered by a third-party service provider of Program Manager. Examples of Bank-approved entities for the purpose of transmitting Cardholder Funds under this Agreement are approved correspondent banks, the Federal Reserve or approved Program Manager load networks (examples include, but are not limited to, Western Union and Money Gram).
9.Fees. In consideration of performing their respective obligations in connection with the Program, the Parties will receive the amounts provided in Exhibit B. Additionally, Program Manager agrees that at a minimum it shall pay to Bank on a monthly basis fees equal to the Monthly Program Minimums described in Exhibit B. Bank shall remit to Program Manager’s Program Manager Revenue Account any fees it may owe to Program Manager pursuant to Exhibit B.
10.Fraud and Risk Management. Program Manager agrees that it is financially and operationally responsible for all compromised Cards and/or Accounts. Bank shall adopt and implement such fraud monitoring practices as required by Applicable Law and the Card Association rules, and Program Manager will bear the risk of all fraud losses other than fraud losses due to Bank’s gross negligence or willful misconduct hereunder. Subject to the prior sentence, Program Manager shall reimburse Bank for any losses it incurs in connection with an Account due to fraud or any other losses associated with the Account. Program Manager shall promptly report to Bank any information necessary for bank to investigate, make a determination and be able to file a suspicious activity report (“SAR”) with the Financial Crimes Enforcement Network. The Parties acknowledge that the contents of a SAR and the fact that Bank has filed a SAR are strictly confidential under Applicable Law. Program Manager further agrees to promptly provide to Bank any information it may deem necessary to resolve any complaints of fraudulent Account activity.
(a) Each Party will comply with all Applicable Law, including all rules, orders and decrees of any Regulatory Authority with jurisdiction over Bank (even if such Regulatory Authority does not have or would not have authority over Program Manager), and Card Association rules that relate to the Parties’ performance of their respective duties and obligations pursuant to this Agreement. Without limiting the foregoing, Program Manager shall develop, implement and maintain an anti-money laundering and OFAC compliance program compliant with Applicable law and approved by Bank (the “BSA/AML/OFAC Procedures”) and shall be liable for any failure of its BSA/AML/OFAC Procedures in connection with the Program. Program Manager shall ensure that each of its and its Critical Service Providers’ employees shall receive at least annual compliance training on all Applicable Law, including anti-money laundering compliance training, and Card Association and Program requirements and procedures, to be acknowledged by each, beginning within one hundred eighty (180) days of the Effective Date.
(b)
Program Manager shall be responsible for preparing and providing all reporting necessary for all state, local and federal tax filings relating to the Program. To the extent filings are required to be made by Bank, Program Manager shall provide Bank with the data and reporting relating to the Program and Bank shall make the required filings.
(c)
Bank shall be responsible for managing and complying with any escheatment or unclaimed property requirements applicable to the Program, and Program Manager shall maintain all necessary information and Records, including Account records and Account activity. Program Manager shall promptly provide any information requested by Bank to fulfill its obligations under Applicable Law.
12. Notice of Actions; Regulatory Communications.
(a)
Each Party shall, to the extent not prohibited by Applicable Law, notify the other, promptly, but in no event later than five (5) Business Days after becoming aware, of any actual or threatened litigation, investigation, proceeding, or judicial, tax or administrative action by any Regulatory Authority, state attorney general or any other Person which, if resolved adversely to it, would reasonably be expected to materially adversely affect such Party’s continuing operations, its indemnity obligations under this Agreement, or its ability to perform its obligations under this Agreement or the Program, and each Party shall provide the other Party with all related documentation thereof, unless such Party is prohibited from sharing any such notice or documentation. Each Party shall cooperate in good faith and provide such assistance, at the other Party’s request, to permit the other Party to promptly resolve or address any such actions.
(b)
Each Party shall, to the extent not prohibited by Applicable Law and the actions or requirements of a Regulatory Authority, provide the other Party with notice and copies of any material communications from any Regulatory Authority regarding any matter which, if resolved adversely to it, would reasonably be expected to materially adversely affect the Program (each, a “Regulatory Communication”) received by such Party within five (5) Business Days of receipt of such Regulatory Communication. For any Regulatory Communication to any Regulatory Authority with examination authority over Bank and for which a response from either Party is required or in either Party’s reasonable judgment is prudent, the Parties shall coordinate and cooperate on the response, provided, however, Bank shall have the final authority to approve the actual response to a Regulatory Authority with direct supervision over the Bank. Bank agrees to provide such actual response to Program Manager promptly after providing such response to the applicable Regulatory Authority, if allowable under such Regulatory Authority or Applicable Law.
13. Representations, Warranties and Covenants.
(a) Bank hereby represents, warrants and covenants to Program Manager that:
(i)
Bank is a state bank, duly organized, validly existing under the laws of the State of Arkansas and Bank has full corporate power and authority to execute, deliver, and perform its obligations under this Agreement; the execution, delivery and performance of this Agreement has been duly authorized, and is not in conflict with and does not violate the terms of the charter or bylaws of Bank and will not result in a breach of or constitute a default under, or require any consent under, any indenture, loan or agreement to which Bank is a party;
(ii)
All approvals, authorizations, licenses, registrations, consents, and other actions, notices, and filings that may be required in connection with the execution, delivery, and performance of this Agreement by Bank, have been obtained (other than those required to be made to or received from Cardholders and Applicants);
(iii)
This Agreement constitutes a legal, valid, and binding obligation of Bank, enforceable against Bank in accordance with its terms, except: (1) as such enforceability may be limited by applicable bankruptcy, insolvency, reorganization, moratorium, receivership, conservatorship or other similar laws now or hereafter in effect, including the rights and obligations of receivers and conservators under 12 U.S.C. §§ 1821 (d) and (e), which may affect the enforcement of creditors’ rights in general, and (2) as such enforceability may be limited by general principles of equity (whether considered in a suit at law or in equity);
(iv)
There are no proceedings or investigations pending or, to the best knowledge of Bank, threatened against Bank (1) asserting the invalidity of this Agreement, (2) seeking to prevent the consummation of any of the transactions contemplated by Bank pursuant to this Agreement, (3) seeking any determination or ruling that, in the reasonable judgment of Bank, would materially and adversely affect the performance by Bank of its obligations under this Agreement, (4) seeking any determination or ruling that would materially and adversely affect the validity or enforceability of this Agreement, or (5) that would have a materially adverse financial effect on Bank or its operations if resolved adversely to it;
(v)
Bank is not Insolvent;
(vi)
The execution, delivery and performance of this Agreement by Bank complies with all Applicable Laws specifically applicable to Bank or its operations; and
(vii)
Bank is a member of the applicable Cardholder Association.
(b) Program Manager hereby represents, warrants and covenants to Bank that:
(i)
Program Manager is duly organized and validly existing in good standing under the laws of the state in which it is formed and operates, and has full power and authority to execute, deliver, and perform its obligations under this Agreement; the execution, delivery, and performance of this Agreement has been duly authorized, and is not in conflict with and does not violate the terms of the certificate of incorporation or bylaws of Program Manager, and will not result in a breach of or constitute a default under or require any consent under any indenture, loan, or agreement to which Program Manager is a party except such consents as Program Manager shall have received on or prior to the date hereof;
(ii)
All approvals, authorizations, consents, and other actions by, notices to, and filings required to be obtained for the execution, delivery, and performance of this Agreement by Program Manager have been obtained;
(iii)
All licenses and registrations required by Program Manager to execute, deliver, and perform its obligations under this Agreement have been obtained;
(iv)
Program Manager has provided to Bank in writing a list of its Agents used in support of the Program. Program Manager will inform Bank in writing prior to any use of another Agent so that Bank can comply with the Card Association registration requirements for third
party agents if that Agent needs to be registered. Program Manager will not make use of such an Agent that may be a Critical Service Provider until Bank has notified Program Manager in writing that Bank has approved such Agent or that such approval is not necessary;
(v)
This Agreement constitutes a legal, valid, and binding obligation of Program Manager, enforceable against Program Manager in accordance with its terms, except: (1) as such enforceability may be limited by applicable bankruptcy, insolvency, reorganization, moratorium, or other similar laws now or hereafter in effect, which may affect the enforcement of creditors’ rights in general, and (2) as such enforceability may be limited by general principles of equity (whether considered in a suit at law or in equity);
(vi)
There are no proceedings or investigations pending or, to the best knowledge of Program Manager, threatened against Program Manager: (1) asserting the invalidity of this Agreement, (2) seeking to prevent the consummation of any of the transactions contemplated by Program Manager pursuant to this Agreement, (3) seeking any determination or ruling that, in the reasonable judgment of Program Manager, would materially and adversely affect the performance by Program Manager of its obligations under this Agreement, (4) seeking any determination or ruling that would materially and adversely affect the validity or enforceability of this Agreement, or (5) that would have a materially adverse financial effect on Program Manager or its operations if resolved adversely to it;
(vii)
Program Manager is not Insolvent;
(viii)
Program Manager has at all times during the Term of this Agreement or any extension cash on hand in excess of what is needed in order for Program Manager to meet all debt-related covenants to any third party (a “Program Manager Financial Requirement”);
(ix)
The execution, delivery and performance of this Agreement by Program Manager complies with Applicable Law;
(x)
Except as otherwise disclosed to Bank, neither Program Manager nor, to the actual knowledge of Program Manager’s executive officers, any Principal of Program Manager, has been subject to the following as of the date of this Agreement: (1) any criminal conviction (except minor traffic offenses and other petty offenses), (2) Federal or state tax lien, (3) administrative or enforcement proceedings commenced by the Securities and Exchange Commission, any state securities authority, Federal Trade Commission, or any Regulatory Authority, or (4) restraining order, decree, injunction, or judgment entered in any proceeding or lawsuit alleging fraud or deceptive practice on the part of Program Manager or any Principal thereof. Program Manager agrees to notify Bank within two (2) Business Days upon the occurrence of any event contemplated by this Section 13(b)(x);
(xi)
Prior to the Effective Date of this Agreement, Program Manager has delivered to Bank copies of Program Manager’s: (1) balance sheets, (2) income statements, (3) cash flow records, or (4) any off balance sheet loans that Program Manager has guaranteed, and any loss history of the same;
(xii)
Program Manager shall remain in compliance at all times (subject to any applicable cure periods) with all financial requirements and covenants to which it is subject in all agreements under which it borrows funds from third party creditors; and
(xiii)
Program Manager may not receive, store, process or otherwise obtain Cardholder Data (as defined by PCI-DSS) until it becomes PCI Compliant. Program Manager shall remain in compliance at all times with Applicable Laws, including any and all regulations or laws applicable to Program Manager as agent of the Bank, the Program, the Card or Deposit Account (as defined in the Bank Services Agreement) and orders by Bank’s Regulatory Authority to the extent Program Manager is acting as Bank’s TPA. Prior to receiving, storing, processing or otherwise obtaining Cardholder Data (as defined by PCI-DSS), Program Manager shall give prior notice to the Bank and shall become and remain PCI Compliant.
(c) The representations and warranties of the Parties contained in Sections 13(a) and 13(b), except those representations and warranties contained in Sections 13(a)(iv), 13(b)(vi), are made continuously throughout the Term of this Agreement. In the event that any investigation or proceeding of the nature described in Section 13(a)(iv) or 13(b)(vi) is instituted or threatened against Program Manager or Bank, Program Manager or Bank shall promptly notify the other Party of the pending or threatened investigation or proceeding, unless otherwise prohibited by Applicable Law or a Regulatory Authority.
14. Other Relationships with Cardholders.
(a)
Subject to Applicable Law, Bank’s privacy policy and consistent with the Cardholder Agreement, Program Manager, at its own expense, shall have the right to solicit Applicants and/or Cardholders with optional offerings of general merchandise, products, and services from Program Manager, including Bank-approved ancillary prepaid or debit card products and services, and to use Applicant and/or Cardholder Information for purposes permitted by Applicable Law, Bank’s privacy policy and the Cardholder Agreement. Program Manager shall notify Bank of its intent to make any offers specifically mentioning, involving, or referencing Bank or any financial products supported by Bank and shall obtain the prior written approval of Bank with respect to such offers, which approval shall not be unreasonably withheld.
(b)
Subject to the rights and restrictions in the California Consumer Privacy Act of 2018 (CCPA), Bank may at all times make solicitations for goods and services to the general public, which may include one or more Applicants or Cardholders; provided that Bank does not (i) target such solicitations to specific Applicants and/or Cardholders, or (ii) use or permit a third party to use any list of Applicants and/or Cardholders in connection with such solicitations; and Bank shall not be obligated to redact the names of Applicants and/or Cardholders from marketing lists acquired from third parties (e.g., magazine subscription lists) that Bank uses for solicitations. Subject to the restrictions on solicitations made to Applicants and/or Cardholders, as set forth in this Section 14(b), Bank and its Affiliates may at all times and without restriction: offer credit, debit, prepaid and other electronic payment services or sponsor other program managers who are offering credit, debit, prepaid or other electronic payment services. Bank and Program Manager agree that this Agreement is not intended to create an exclusive relationship of any type between Bank and Program Manager. Bank and Program Manager may each enter into similar arrangements with one or more third parties.
15. Data Security.
(a)
Program Manager shall implement and maintain policies and procedures necessary to ensure the Program complies, and remains in compliance, with Gramm-Leach-Bliley Act, Interagency Guidelines Establishing Information Security Standards, PCI-DSS security standards and all other Applicable Law and Card Association rules pertaining to data security and retention or non-retention of personal or financial information, including ensuring that Program Manager and any service providers maintain a comprehensive written information security program which contains appropriate administrative, technical and physical safeguards to protect and ensure the security and confidentiality of Card transaction data and other Records and information relating to Cardholders and other individuals, protect against any anticipated threats or hazards to the security or integrity of such Records; and protect against unauthorized access to, or use of, such Records or information that could result in substantial harm or inconvenience to any such individuals; and properly dispose of consumer information to which Program Manager or any service provider may obtain access, applicable to the Program. In order to ensure the effectiveness of its information security program, each Program Manager shall have conducted at least annually an independent IT audit on those parts of its systems that process Cardholder Data (as defined by PCI-DSS) to the extent required by PCI DSS, which shall include at a minimum an internal vulnerability scan and an external penetration test and will provide a copy of the report to Bank.
(b)
Program Manager will maintain data security, business continuity and contingency plans that meet or exceed Applicable Law, including the Card Association rules, and Bank standards. Program Manager will deliver a copy of its Data Security/Business Continuity and Contingency Plan to Bank and any proposed changes to such Data Security/Business Continuity and Contingency Plan whenever Program Manager proposes to make a material change thereto. If the Data Security/Business Continuity and Contingency Plan does not meet such requirements or if a Regulatory Authority requires changes to such plans, Program Manager agrees to promptly make such changes or meet such requirements upon written notice to Program Manager of such changes or requirements by Bank. Bank shall have the right to require changes to the Data Security/Business Continuity and Contingency Plan necessary to comply with this Section 15 (Data Security), including third-party certification or testing. If necessary, these shall be performed at the expense of Program Manager.
(c)
To the extent that Program Manager is not PCI Compliant, and without limiting the generality of Section 15(a) above, Program Manager agrees to the following: Program Manager agrees to comply with privacy and security requirements under PCI-DSS (which are collectively referred to as the “PCI Requirements”) and Applicable Law with regards to Program Manager’s use, access, and storage of Cardholder Information.
(i)
Program Manager shall protect the privacy of all Cardholder Information to at least the same extent that Bank must maintain that confidentiality under the PCI Requirements or Applicable Law. Without limiting the generality of the foregoing sentence, Program Manager shall not disclose any Cardholder Information to any third party except as required for Program Manager’s performance under this Agreement, and Program Manager shall not use Cardholder Information except as required for Program Manager’s performance under this Agreement.
(ii)
Program Manager agrees to implement the safeguards as required by Applicable Law to prevent unauthorized use or disclosure of the Cardholder Information, and to maintain the integrity and confidentiality of any Cardholder Information in the possession of Program Manager as required in Applicable Law or this Agreement.
(iii)
Program Manager agrees to report to Bank any unauthorized access to, use or disclosure of any Cardholder Information not provided for by this Agreement. Such report shall be made as soon as possible, but in no event later than forty-eight (48) hours following the date that Program Manager becomes aware of such unauthorized access, use or disclosure. Program Manager shall provide to Bank, each Card Association and their respective representatives Program Manager’s assessment of the impact of such breach and the corrective measures proposed by Program Manager to remedy such breach. Program Manager shall disclose to Bank, as promptly as possible, any breach of the security of an individual’s personal, unencrypted information, as set forth under Applicable Law. Program Manager shall take action(s) requested by Bank or a Card Association, if any, to mitigate such unauthorized disclosure.
(iv)
Program Manager agrees to ensure that any Agent, including a subcontractor, to whom it provides Cardholder Information received from, or created or received by Program Manager on behalf of Bank, agrees to the same restrictions and conditions that apply through this Section 15 (Data Security) to Program Manager with respect to such information.
(v)
Program Manager agrees to make its internal practices, books, and records, including policies, procedures and Cardholder Information, relating to the use and disclosure of Cardholder Information available during normal business hours to Bank, or at the request of Bank to the Card Association or their respective designees, in a time and manner designated by Bank or the Card Association for purposes of determining Bank’s or Program Manager’s compliance with the PCI Requirements. Bank may, at its discretion and upon reasonable notice, conduct an on-site security audit and review of Program Manager’s security procedures and systems.
(vi)
Without limiting any other provision of this Agreement, the Parties agree that this Section 15 (Data Security) may be amended from time to time upon notice to Program Manager as is necessary for the Parties to comply with the PCI Requirements, and Applicable Law as they relate to Program Manager’s performance hereunder.
(vii)
In the event of an inconsistency or conflict between any terms of this Agreement other than Section 15 and the terms of this Section 15 (Data Security), this Section 15 (Data Security) shall control any issues surrounding the PCI Requirements. Any such inconsistency or conflict shall be resolved in favor of a meaning that permits Bank to comply with the PCI Requirements, Card Association rules and Applicable Law.
(viii)
Without limiting any other provision of this Agreement, if Program Manager is required to disclose Cardholder Information in response to legal process or a governmental authority, Program Manager shall notify Bank within two (2) Business Days and, upon request, cooperate with Bank in connection with obtaining a protective order, unless otherwise prohibited. Program Manager shall furnish only that
portion of the Cardholder Information, which it is legally required to disclose, and shall use commercially reasonable efforts to ensure that confidential treatment will be accorded such Cardholder Information.
(ix)
Without limiting any other provision of this Agreement, Program Manager shall comply with its obligations under this Agreement and under any Applicable Law regarding the confidentiality, use, and disclosure of Cardholder Information.
(x)
Without limiting any other provision of this Agreement, Program Manager will comply with the Gramm-Leach-Bliley Act, including providing, as may be required: (1) any required notifications to Cardholders in the event of unauthorized access to their non-public personal information; and (2) an annual third-party certification of system intrusion testing, and SOC 1 and SOC 2 reports.
16. Cardholder Information. Program Manager acknowledges and agrees that “Non Public Personal Information” and “Personally Identifiable Financial Information” (as defined in Sections 1016.3(p) and (q) respectively of the Consumer Financial Protection Bureau rules on Privacy of Consumer Information published at 12 CFR Chapter X) about Bank’s customers and Cardholders (but excluding transaction data to the extent such information is not Non Public Personal Information and Personally Identifiable Financial Information) shall be considered as confidential and proprietary information of Bank, and shall not be disclosed to or shared with any third party without prior written consent of Bank or the Cardholder, except as necessary or useful for Program Manager to exercise its rights or perform its obligations hereunder and in compliance with Section 20 (Confidentiality). Bank hereby grants Program Manager a non-exclusive, transferrable, worldwide right and license to use Cardholder Information to exercise its rights and perform its obligations under this Agreement. Except as provided in, and subject to the limitations stated herein, Program Manager will not compile, use, sell or otherwise distribute any lists of Bank’s customers/Cardholders nor use the names, account numbers or any other Non Public Personal Information and Personally Identifiable Financial Information about customers or Cardholders to compile, use, sell or distribute lists or data for use by Program Manager, its Agents, subsidiaries or affiliates, or by any third parties without the prior written consent of Bank, which may not unreasonably withheld or delayed. Each Party will instruct its relevant employees, agents and contractors as to the confidentiality of the Non Public Personal Information and Personally Identifiable Financial Information and will not disclose any such Non Public Personal Information or Personally Identifiable Financial Information to any third party or entity, except as necessary or useful to exercise its rights or perform its obligations hereunder and in compliance with Section 20 (Confidentiality). Each Party also agrees that any dissemination of the aforementioned confidential Non Public Information or Personally Identifiable Financial Information within its own business entity and to agents and contractors shall be restricted to “a need to know basis” for the purpose of performance hereunder. Subject to Section 19(d)(v)-(vi), all obligations under this Section 16 and undertakings relating to Non Public Personal Information and Personally Identifiable Financial Information shall survive the expiration or termination of this Agreement for whatever reason.
All Aggregated De-identified Data will be owned by Program Manager, and Bank acknowledges that Program Manager may use, store, analyze and disclose the Aggregated De-identified Data (i) for its own internal, statistical and trend analysis, (ii) to develop and improve its products and services, and (iii) to create and distribute data, reports and other materials regarding access and use of the Program. For clarity, nothing in this Section 16 gives Program Manager the right to publicly identify Bank as the source of any Aggregated De-identified Data without Bank's prior written approval. “Aggregated De-identified Data” means Cardholder Information aggregated by Program Manager with other data such that the resulting data does not contain any information identifiable or attributable to Bank or any natural person.
Bank acknowledges that Program Manager owns all Card-related transaction data that does not constitute Cardholder Data (as defined by PCI-DSS), including both information that is: (i) provided or made available by Program Manager under this Agreement, or (ii) generated through the Program which is derived from such data. For clarity, nothing will affect either Party’s rights with respect to information or data already in such Party’s possession or control or developed or collected by such Party outside the scope of this Agreement.
17. Indemnification.
(a)
Bank agrees to indemnify and hold harmless Program Manager and its Affiliates, and the officers, directors, members, employees, representatives, shareholders, agents and attorneys of such entities (the “Program Manager Indemnified Parties”) from and against any and all third party claims, actions, liability, judgments, damages, costs and expenses, including reasonable attorneys’ fees (“Losses”), that may arise from: (i) the gross negligence or willful misconduct of Bank or its agents or representatives (other than Program Manager or its Agents or assigns) in connection with Bank’s performance of its obligations under this Agreement, (ii) material breaches of any of Bank’s obligations or undertakings or representations or warranties under the Program Documents (other than any breach resulting from Program Manager’s performance of Program Manager’s obligations under the Program Documents) by Bank or its agents or representatives (other than Program Manager or its Agents or assigns), or (iii) violation by Bank or its agents or representatives (other than Program Manager or its Agents or assigns) of any Applicable Law.
(b)
Program Manager agrees to indemnify, defend and hold harmless Bank and its Affiliates, and the officers, directors, members, employees, representatives, shareholders, agents and attorneys of such entities (the “Bank Indemnified Parties”) from and against any and all Losses that may arise from: (i) the negligence or willful misconduct of Program Manager, or its Affiliates, Agents or representatives (other than Bank or its agents or assigns (excluding Program Manager)), in connection with Program Manager’s performance of its obligations under this Agreement, (ii) breach of any of Program Manager’s obligations or undertakings or representations or warranties under the Program Documents by Program Manager or its Affiliates, Agents or representatives (other than Bank or its agents or assigns (excluding Program Manager)), including any failure to perform any obligations of Bank which Program Manager has undertaken on behalf of Bank pursuant to the Program Documents, (iii) violation by Program Manager, its Affiliates or its Agents or representatives (other than Bank or its agents or assigns (excluding Program Manager)) of any Applicable Law; (iv) any fraudulent activity related to an Account, including unauthorized use of the Account or Card; (iv) any inquiry specifically relating to Program Manager or its Agents or the Program by any law enforcement, regulatory, or administrative agency, whether local, state, or federal, or self-regulatory, including but not limited to a civil investigative demand, subpoena, or any other formal or informal request for information or documents; or (v) any fines or assessments by a Regulatory Authority or Card Association based on the actions or omissions of Program Manager.
(c)
Program Manager Indemnified Parties and Bank Indemnified Parties are sometimes referred to herein as the “Indemnified Parties”, and Program Manager or Bank, as indemnitor hereunder, is sometimes referred to herein as the “Indemnifying Party”. Any Indemnified Party seeking indemnification hereunder shall promptly notify the Indemnifying Party, in writing, of any notice of the assertion by any third party of any claim or of the commencement by any third party of any legal or regulatory proceeding, arbitration or action, or if the Indemnified Party determines the existence of any such claim or the commencement by any third party of any such legal or regulatory proceeding, arbitration or action, whether or not the same shall have been asserted or initiated, in any case with respect to which the Indemnifying Party is or may be obligated to provide indemnification (an “Indemnifiable Claim”), specifying in reasonable detail the nature of the Loss, and, if known, the amount, or an estimate of the amount, of the Loss, provided that failure to promptly give such notice shall only limit the liability of the Indemnifying Party to the extent of the actual prejudice, if any, suffered by such Indemnifying Party as a result of such failure. The Indemnified Party shall provide to the Indemnifying Party as promptly as practicable thereafter information and documentation reasonably requested by such Indemnifying Party to defend against the claim asserted.
(d)
The Indemnifying Party shall have thirty (30) days after receipt of any notification of an Indemnifiable Claim (a “Claim Notice”) to undertake, conduct and control, through counsel of its own choosing, and at its own expense, the settlement or defense thereof and the Indemnified Party shall cooperate with the Indemnifying Party in connection therewith if such cooperation is so requested and the request is reasonable; provided that the Indemnifying Party shall hold the Indemnified Party harmless from all its out-of-pocket expenses, including reasonable attorneys’ fees incurred in connection with the Indemnified Party’s cooperation. If the Indemnifying Party assumes responsibility for the settlement or defense of any such claim, (i) the Indemnifying Party shall permit the Indemnified Party to participate in such settlement or defense through counsel chosen by the Indemnified Party (subject to the consent of the Indemnifying Party, which consent shall not be unreasonably withheld); provided that, other than in the event of a conflict of interest requiring the retention of separate counsel, the fees and expenses of such counsel shall not be borne by the Indemnifying Party; and (ii) the Indemnifying Party shall not settle any Indemnifiable Claim without the Indemnified Party’s consent, which involves anything other than the payment of money, including any admission by the Indemnified Party. So long as the Indemnifying Party is vigorously contesting any such Indemnifiable Claim in good faith, the Indemnified Party shall not pay or settle such claim without the Indemnifying Party’s consent.
(e)
If the Indemnifying Party does not notify the Indemnified Party within thirty (30) days after receipt of the Claim Notice that it elects to undertake the defense of the Indemnifiable Claim described therein, or if the Indemnifying Party fails to contest vigorously any such Indemnifiable Claim, the Indemnified Party shall have the right, upon notice to the Indemnifying Party, to contest, settle or compromise the Indemnifiable Claim in the exercise of its reasonable discretion; provided that the Indemnified Party shall notify the Indemnifying Party of any compromise or settlement of any such Indemnifiable Claim. No action taken by the Indemnified Party pursuant to this Section 17(e) shall deprive the Indemnified Party of its rights to indemnification pursuant to this Section 17 (Indemnification).
18. Limitation of Liability.
(a)
No Special Damages. No Party shall be liable to any other Party for any special, indirect, incidental, consequential, punitive or exemplary damages, including, but not limited to, lost profits, even if such Party has knowledge of the possibility of such damages; provided, however, that the limitations set forth in this Section 18 shall not apply to or in any way limit a claim that arises out of a Party’s gross negligence, willful misconduct or fraud and shall not apply to or in any way limit the obligations of a Party to indemnify another Party for third party claims which are otherwise covered by the indemnity obligations under this Agreement.
(b)
Subject to Section 18(a), the maximum aggregate liability of Bank to Program Manager for all claims arising out of or relating to this Agreement, regardless of the form of any such claim, shall not exceed [**]; provided, however, Bank shall have no liability under this Agreement for any claim or causes of action that may arise from a set of facts or circumstances that gives rise to liability to Bank under the Bank Services Agreement. For the avoidance of doubt, Program Manager may not recover costs or liability against Bank based on a common set of facts or circumstances under both this Agreement and the Bank Services Agreement. Notwithstanding anything to the contrary, Bank’s maximum aggregate liability for all claims arising out of or relating to this Agreement and the Bank Services Agreement shall not exceed [**].
(c)
Disclaimers of Warranties. Except for the express warranties contained in this Agreement, the Parties specifically disclaim all warranties of any kind, express or implied, arising out of or related to this Agreement, including without limitation, any warranty of marketability, fitness for a particular purpose or non-infringement, each of which is hereby excluded by agreement of the Parties.
19. Term and Termination.
(a)
This Agreement shall take effect on the Effective Date and continue until the second (2nd) anniversary of the Effective Date (the “Initial Term”) and shall renew automatically for successive additional terms of one (1) year each (each, a “Renewal Term”), unless Program Manager notifies Bank of non-renewal at least one hundred and eighty (180) days prior to the end of the Initial Term or any Renewal Term or Bank notifies Program Manager of non-renewal at least one hundred and eighty (180) days prior to the end of the Initial Term or any Renewal Term (together, the “Term”).
(b) Termination For Cause.
(i) Except as otherwise provided in this Agreement, if either Party materially breaches a material term of this Agreement, the non-breaching Party may terminate this Agreement by giving notice, as provided in Section 38 (Notice), to the breaching Party. This notice will: (1) describe the material breach; and (2) state the Party’s intention to terminate this Agreement. If the breaching Party does not cure or substantially cure its material breach within fifteen (15) Business Days (or a shorter period if required by Applicable Law) after receipt of notice as described in this Section 19 (the “Cure Period”), then the non-breaching Party may immediately terminate this Agreement by giving notice at any time following the end of such Cure Period; provided, however, that if such breach by Program Manager is not capable of being cured or substantially cured within such fifteen (15) Business Day period, then the time period for curing or substantially curing such breach may be extended by Bank in its sole discretion so long as Program Manager continues to diligently pursue such cure using commercially reasonable
efforts. Neither Party will be held in breach for failure to perform under this Agreement if such failure is due to compliance with Applicable Law.
(ii) Either Party may terminate this Agreement on the effective date of any change in the legal or regulatory requirements applicable to the Program, or in the Card Association rules applicable to the Program, that: (1) has a substantial negative impact on the financial burdens or rewards of the terminating Party with respect to the Program, which the non-terminating Party is unwilling or unable to accommodate; or (2) would render performance of a material obligation of the terminating Party hereunder a violation of the Card Association rules, or illegal or otherwise subject to legal challenge, unless performance of such material obligation is waived by the non-terminating Party. The terminating Party will notify the other Party of such change within ten (10) Business Days of becoming aware of such change.
(iii) Either Party may terminate this Agreement upon written notice to the other Party if the other Party becomes Insolvent or bankrupt or becomes subject to a receivership proceeding.
(iv) Either Party may terminate this Agreement upon fifteen (15) Business Days’ advance written notice to the other Party of such intent to terminate if, at any time during the Term of this Agreement, the other party is conducting activities that the terminating Party reasonably determines are materially harmful to relationships with its federal or state supervisory or law enforcement agencies; provided that the terminating Party promptly notifies the other Party of such activity, provides evidence of such activity, and the other Party does not cure such activity to the terminating Party’s sole and reasonable satisfaction within fifteen (15) Business Days of notification to the terminating Party.
(v) Either Party may terminate this Agreement as permitted by Sections 27 (Agreement Subject to Applicable Laws) or 43 (Force Majeure).
(vi) Either Party may terminate this Agreement in the event of an act of fraud or willful misconduct of the other Party.
(vii) Bank may immediately suspend any services under this Agreement in the event of: (1) any failure by Program Manager to remain PCI Compliant as provided in this Agreement, to the extent applicable; or (2) any failure by Program Manager to remit to Bank the Settlement Amount or maintain account balances in accordance with Sections 29 (Program Manager Reserve Account) or 30 (Program Manager Revenue Account) of this Agreement, subject to applicable cure periods.
(viii) Bank may terminate this Agreement without liability if Program Manager materially breaches this Agreement on three (3) or more separate occasions within twelve (12) consecutive months.
(ix) Either Party may terminate this Agreement: (1) if the other Party materially violates Applicable Law in connection with its performance of its obligations under this Agreement; (2) upon direction from any Regulatory Authority or Card Association to cease or materially limit performance of the rights or obligations under this Agreement or the inability to obtain any required regulatory approvals; or (3) in the event any financial statement, representation, warranty, statement or certificate furnished to it by the other Party in connection with or arising out of this Agreement is adverse to the terminating Party and is untrue, misleading or omits material information, as of the date made or delivered.
(c) Reserved.
(d) This Agreement will terminate upon the termination of the Bank Services Agreement.
(e) Effect of Termination.
(i) The termination of this Agreement shall not terminate, affect, or impair any rights, obligations or liabilities of any Party that accrue prior to termination or with respect to the Program occurring or arising prior to termination, or which, under this Agreement, continue after termination.
(ii) Subject to Section 20(c), following termination or expiration of this Agreement, each Party will: (1) return all property belonging to the other Party which is in its possession or control at the time of termination or expiration; and (2) discontinue using the other Party’s trademarks.
(iii) If Program Manager terminates this Agreement for any reason other than insolvency, it will be responsible for maintaining cash funding at Bank equivalent to thirty (30) days of expected payments to Bank and the Card Association, including Chargebacks and losses.
(iv) In the event of termination pursuant to Section 19 (Term and Termination), Bank may cease issuing Cards to and establishing Accounts for Cardholders or Applicants under this Agreement, subject to the terms set forth in this Section 19(e)(iv). Upon the expiration or termination of this Agreement pursuant to this Section 19 (Term and Termination) and provided Program Manager is not in default of any provision of this Agreement, Program Manager shall have the right to cause Bank to transfer all of its right, title and interest in and to all of the Accounts held by Bank under the Program to a successor sponsor bank (“Successor Bank”) to assume all of Bank’s obligations under this Agreement, subject to satisfactory and good faith negotiation of the terms of an assumption agreement by and between Successor Bank and Bank. Upon agreement on the terms of such assumption agreement Bank will allow such assumption and will execute any documents necessary to effect the assumption. If this Agreement is terminated pursuant to Section 19(a) or if Program Manager terminates this Agreement pursuant to Section 19(b), for a period of up to one hundred eighty (180) days from the date of the end of the Initial Term or such Renewal Term (“Wind Down Period”), Bank shall continue to sponsor the Program on the terms set forth in this Agreement and will cooperate with and provide necessary services to Program Manager to facilitate the orderly transfer of the Accounts to such Successor Bank. Each Party acknowledges that the main goals of the Wind Down Period are (in order or priority) (i) to benefit the Cardholders by minimizing any possible
burdens or confusion and (ii) to protect and enhance the names and reputations of the Parties, both of whom have invested their names and reputations in the Programs, the Programs and Cards issued hereunder. Subject to the terms herein and provided Program Manager is not in default of any provision of this Agreement (or has otherwise cured any default of this Agreement), upon the expiration or termination of this Agreement for any reason, the Parties agree to cooperate in good faith to wind down or transition each Program in a commercially reasonable way as soon as reasonably possible to provide for a smooth and orderly transition or wind-down, unless otherwise prohibited by Applicable Law or any Regulatory Authority. Such cooperation will include continued acceptance of Cards presented for payment until the conclusion of the Wind Down Period or successful transfer of Accounts to Successor Bank. Notwithstanding anything to the contrary, Bank is excused from providing transition services contemplated herein if it determines after reasonable investigation that the continuing operation of the Program or the provisioning of transition services or any services incidental thereof would violate Applicable Law, Card Association rules or any guidance provided by its Regulatory Authority. Program Manager shall be responsible for all costs, including reasonable attorneys’ fees, associated with any transition contemplated herein, unless the Agreement is terminated by Program Manager for cause pursuant to Section 19(b)(i), (vi).
(v) As soon as reasonably practicable after expiration of this Agreement or receipt of delivery of a termination notice with respect to this Agreement or one or more Programs and subject to Section 19(e)(iv), Program Manager shall provide to Bank in writing a proposed transition or wind-down plan, detailing (i) whether the affected Program(s) are to be wound down or transferred to a Successor Bank; and (ii) a proposed timeline, which shall designate a date as of which the affected Programs shall be wound down or transferred from Bank to a Successor Bank. Bank and Program Manager shall meet promptly thereafter to review such proposed plan and to determine a mutually acceptable transition or wind-down plan. The wind-down or transition of any affected Program(s) shall occur as soon as reasonably possible and in no event later than one hundred eighty (180) days after expiration or termination of this Agreement; provided, however, that such time period may extended by mutual written agreement of the Parties.
(vi) Provisions of this Agreement that, by their nature, should survive termination of this Agreement shall survive termination (including, but not limited to, Sections 1 (Definitions), 10 (Fraud and Risk Management), 11 (Applicable Law), 13 (Representations, Warranties and Covenants), 14 (Other Relationships with Cardholders), 16 (Cardholder Information), 17 (Indemnification), 18 (Limitation of Liability), 19 (Term and Termination) , 20 (Confidentiality), 21 (Proprietary Materials), 33 (Relationship of Parties), 34 (Governing Law; Waiver of Jury Trial; Dispute Resolution and Arbitration), 35 (Severability), 36 (Assignment), 37 (Third Party Beneficiaries), 38 (Notices), 39 (Amendment and Waiver), 40 (Entire Agreement), 41 (Conflicts), 42 (Counterparts), 43 (Interpretation) and 45 (Headings)).
20. Confidentiality.
(a)
Each Party agrees that Confidential Information of the other Party shall be used by such Party solely in the performance of its obligations and exercise of its rights pursuant to the Program Documents. Except as required by Applicable Law, a Regulatory Authority or legal process, neither Party (the “Restricted Party”) shall disclose Confidential Information of the other Party (the “Disclosing Party”) to third parties; provided, however, that the Restricted Party may disclose Confidential Information of the Disclosing Party (i) to the Restricted Party’s Affiliates, agents, representatives or subcontractors for the sole purpose of fulfilling the Restricted Party’s obligations under this Agreement (as long as the Restricted Party exercises best efforts to prohibit any further disclosure by its Affiliates, agents, representatives or subcontractors), (ii) to the Restricted Party’s auditors, accountants and other professional advisors, and (iii) to any other third party as mutually agreed by the Parties.
(b)
A Party’s Confidential Information shall not include information that: (i) is or becomes generally available to the public, (ii) has become publicly known, without fault on the part of the Restricted Party, (iii) is independently developed or arrived at by the Restricted Party without use of or reference to Confidential Information, (iv) was otherwise known by, or available to, the Restricted Party prior to entering into this Agreement, or (v) becomes available to the Restricted Party on a non-confidential basis from a third-party , who is not in breach of any obligation of confidentiality with the non-Disclosing Party or otherwise prohibited from transmitting the information to the Restricted Party.
(c) Upon written request or upon the termination or expiration of this Agreement, each Party shall return to the other Party or destroy all Confidential Information of the other Party in its possession or control that is in written form, including by way of example, but not limited to, reports, plans, and manuals, and delete any digitally or optically stored versions of Confidential Information of the other Party; provided, however, that each Party may maintain in its possession all such Confidential Information required to be maintained under Applicable Law or internal archival or document retention policies relating to the retention of records for the period of time required thereunder, subject to the confidentiality obligations set forth in this Agreement.
(d)
Each Party shall require its subcontractors having access to Confidential Information to agree in writing to be bound by the provisions of this Section 20 prior to disclosure of any Confidential Information to such subcontractors. Such Party shall keep and maintain such protective agreements and shall promptly provide the other Party with copies thereof upon request. Such permissible disclosure shall not relieve the Disclosing Party of liability for such disclosure.
(e)
In the event that a Restricted Party is requested or required, by oral questions, interrogatories, requests for information or documents, subpoena, civil investigative demand or similar process, to disclose any Confidential Information of the other Party, the Restricted Party will provide the other Party with prompt notice of such request(s) so that the other Party may seek an appropriate protective order or other appropriate remedy. In the event that the other Party does not seek such a protective order or other remedy, or such protective order or other remedy is not obtained, the Restricted Party may furnish that portion (and only that portion) of the Confidential Information of the other Party which the Restricted Party is legally compelled to disclose and will exercise such efforts to obtain reasonable assurance that confidential treatment will be accorded any Confidential Information of the other Party so furnished as the Restricted Party would exercise in assuring the confidentiality of any of its own Confidential Information.
(f)
Nothing in this Section 20 shall restrict or prohibit Program Manager from using Cardholder Information in any manner permitted by Section 14 (Other Relationships with Cardholders).
21. Proprietary Materials.
(a)
Bank Marks. Bank hereby grants to Program Manager a non-exclusive, non-transferable, revocable limited license to use and reproduce the name, logo and specified trademarks of Bank (“Bank Marks”), which Bank has made available to Program Manager, solely in connection with the Card Program Materials or as required under the Card Association rules, provided that any such use shall require the prior written approval of Bank, such approval not to be unreasonably withheld or delayed and consistent with any Bank usage guidelines. If such approval is granted, Program Manager may utilize such Bank Marks subject to Bank’s prior approval of such materials. This use terminates upon termination of this Agreement and any agreed upon Wind Down Period (if applicable).
(b)
Program Manager Marks. Program Manager grants to Bank a non-exclusive, non-transferable, revocable limited license to use and reproduce the name, logo and specified trademarks of Program Manager (“Program Manager Marks”), which Program Manager has made available to Bank, solely in connection with the Program as required under the Card Association rules provided that any such use shall require the prior written approval of Program Manager, such approval not to be unreasonably withheld or delayed and consistent with any Program Manager usage guidelines. If such approval is granted, Bank may utilize such Program Manager Marks subject to Program Manager’s prior approval of such materials. This use terminates upon termination of this Agreement and any agreed upon Wind Down Period (if applicable).
(c)
Program Manager Intellectual Property. Bank acknowledges and agrees that Program Manager shall retain all right, title, and interest in and to all Intellectual Property of Program Manager that is developed, established or otherwise created by Program Manager in connection with the Program. Nothing in this Agreement shall be construed as granting Bank a license to use in any way the Intellectual Property of Program Manager, except as provided in Section 21(b) or to the extent Program Manager may make use of its Intellectual Property in connection with the services to be provided hereunder. Bank shall not take any action that interferes with the Intellectual Property of Program Manager or attempt to copyright or patent any part of the Intellectual Property of Program Manager or attempt to register any trademark, service mark, trade name, or company name which is identical or confusingly similar to Program Manager Marks.
22. Expenses.
(a)
General. Except as otherwise provided in the Program Documents or this Agreement, the Parties shall pay their own expenses (including, without limitation, the fees and expenses of their own agents, representatives, counsel, and accountants) incidental to the preparation and performance of this Agreement. Each Party shall further be responsible for payment of any federal, state, or local taxes or assessments associated with the performance of its obligations under this Agreement and for compliance with all filing, registration and other requirements with regard thereto. Program Manager shall be responsible for any cost incurred from the Card Association related to the Program including any cost of registration of any subcontractors of Program Manager as third-party agents. Except as otherwise provided in this Agreement, Program Manager shall be responsible for any cost, fee, fine or audit charged directly to Bank by any Regulatory Authority or Card Association due to the Program (other than any cost, fee, fine or audit charged directly to Bank due to Bank’s gross negligence, willful misconduct or breach of this Agreement or due to any act or omission of Bank or any acts or omission of any contractor, agent or representative retained by Bank (other than Program Manager and its Agents)).
(b)
Allocation of Costs for Program. Except as otherwise provided in this Agreement, as between the Parties, any and all costs and expenses related to Program Manager Card Services, any other legal expenses, fees or fines related to Program Manager’s activities under the Program and any fees specified in Exhibit B shall be paid by Program Manager.
(c)
Costs and Expenses Paid by Bank. Except as otherwise provided in this Agreement, Bank shall be solely responsible for all fines, penalties and other amounts assessed by any Regulatory Authority or Card Association due to any act or omission of Bank or any acts or omission of any contractor, agent or representative retained by Bank (other than Program Manager and its Agents); provided, it is understood that approval, acquiescence or failure by Bank or its agents to reject any proposal, action, or activity by Program Manager shall not relieve Program Manager of any obligation under this Agreement.
(d)
Costs and Expenses Paid by Program Manager. In addition to any expenses specifically set forth elsewhere in this Agreement, Program Manager shall be solely responsible for the following: (i) all expenses associated with Cardholder or third party fraud (other than third parties retained by Bank, excluding Program Manager and its Agents), (ii) all fines, penalties, reimbursements, and other amounts assessed by any Regulatory Authority or Card Association due to Program Manager’s actions or omissions or the actions or omissions of any third party retained by Program Manager, (iii) all third-party expenses associated with completing required due diligence and annual reviews on Program Manager or its service providers from third party outsourced vendor relationships contemplated in this Agreement, and (iv) any and all losses incurred by Bank in connection with Chargebacks, Cardholder Fund deficiencies or other Cardholder refunds.
(e)
Any costs resulting from Program Manager’s actions or omissions that cause an error or omission by Bank.
23. Subcontractors.
(a)
Program Manager may from time to time retain the services of one or more Agents to perform some of the services and obligations Program Manager has agreed to perform pursuant to this Agreement; provided, however, it must first obtain Bank’s written approval in the event such subcontractor is performing a Critical Service (“Critical Service Provider”). “Critical Services” shall mean services that (i) grants, permits or require a third party to access, store, transmit or process Cardholder Information or Bank’s Confidential Information in connection with a Program, (ii) involve significant bank functions or other activities that could cause Bank to face significant risk if the third party fails to meet expectations, (iii) could have significant applicant, consumer or Cardholder impacts, (iv) require significant Bank investment in resources to implement the third-party relationship and manage
the risk, (v) could have a material impact on Bank operations if the Bank has to find an alternate third party or if the outsourced activity has to be brought in-house; or (vi) any other service determined by Bank to be critical in its reasonable discretion.
(b)
Program Manager shall be responsible for obtaining a written agreement with all Agents for the rendering of such services and shall be responsible for all obligations with each Agent. Such written agreements shall be available to Bank for review upon its request. Bank may, in its sole discretion, require any written agreement with a Critical Service Provider to be amended or modified to comply with Bank’s policies and procedures, Applicable Law, Card Association rules, payment network rules or any instruction of Regulatory Authority. Bank may require Program Manager to terminate or replace any Agent in the event Bank or a Regulatory Authority determines that such Agent’s performance violates Applicable Law or the terms of this Agreement. Program Manager understands that it must inform Bank in writing regarding the use of any Critical Service Provider so that Bank may complete a due diligence review of such Critical Service Provider in compliance with Bank’s policies and procedures and Applicable Law, including, but not limited to, compliance with FFIEC guidance on Vendor and Third Party Management. Program Manager shall be responsible for all costs and expenses, including reasonable attorneys’ fees, incurred by Bank in connection with diligence of and approval of any Critical Service Provider.
(c)
Program Manager shall remain liable for any services performed by any and all Agents. Program Manager shall include provisions in any agreement with a Critical Service Provider requiring the Critical Service Provider to allow Bank and any Regulatory Authority having jurisdiction over Bank to audit, inspect and review their facilities, personnel, files and records insofar as they relate to Cards or the Program. Any audit, inspection or review as provided hereunder shall be on terms reasonably similar to the audit terms set forth in Section 26. Program Manager shall also use commercially reasonable efforts to include provisions in any new or existing agreement with any other Critical Service Provider requiring the Critical Service Provider to allow Bank and any Regulatory Authority having jurisdiction over Bank to audit, inspect and review their facilities, personnel, files and records insofar as they relate to the Cards or the Program.
24.Relationship Managers. The Parties shall each appoint, no later than the Effective Date, a relationship manager with responsibilities for the day-to-day management and administration of this Agreement and to work closely with the relationship manager of the other Party regarding Agreement-related issues. Each Party shall be entitled to remove its relationship manager and appoint a substitute relationship manager at any time during the Term of this Agreement upon written notice to the other Party.
25.Examination. Each Party agrees to submit to any examination that may be required by a Regulatory Authority having jurisdiction over Bank and to otherwise provide reasonable cooperation to the other Party in responding to such Regulatory Authorities’ inquiries and requests relating to the Program.
(a) Each Party shall allow the other to audit and/or inspect its books and records relating to the Program during regular business hours and upon reasonable prior notice. Each Party, upon reasonable prior notice from the other Party, agrees to submit to an audit and/or inspection of its books, records, accounts, personnel, and facilities relevant to the Program, from time to time, during regular business hours upon reasonable prior notice. Except as otherwise set forth in this Agreement, all expenses of the audit or inspection shall be borne by the Party conducting the audit or inspection. Program Manager shall store all Records related to the Accounts, and the Program and shall make such Records available during any audit or inspection by Bank or its designee for such period as required by Applicable Law. Without limiting any other provision of this Agreement, reasonable audit expenses specifically related to the Card Association in connection with the Program or Program Manager’s compliance with Applicable Law shall be borne by Program Manager.
(b) Notwithstanding anything to the contrary, within one hundred eighty (180) days of the Effective Date, Program Manager will submit to and complete a compliance audit of its operations to ensure compliance with consumer, privacy, cybersecurity and financial requirements and shall submit to and complete a financial reporting audit (collectively, “Compliance Audit”). The Compliance Audit shall be conducted by third party auditor mutually agreed to by Program Manager and Bank, and shall be conducted in compliance with all Applicable Laws, including, any laws applicable to the Program, the Program Manager Services or this Agreement, including, but not limited to, Sarbanes-Oxley Act. Program Manager shall furnish within a reasonable time copies of SSAE-16 reports upon request from third party auditor in connection with the Compliance Audit. Program Manager shall be responsible for all expenses related to Compliance Audit.
(c) During the Term of this Agreement, Program Manager will provide Bank with unaudited quarterly financial statements within forty-five (45) days following the end of each calendar quarter, which shall include, at a minimum, a balance sheet, income statement and cash flow statement, debt covenant calculations (if applicable), amount of any guaranteed loans and current loss rates on guaranteed loans (if applicable) in such detail reasonably acceptable to Bank and certified by Program Manager’s Treasurer or Chief Financial Officer, and audited annual financial statements within one hundred eighty (180) days after the end of Program Manager’s fiscal year, which shall include, at a minimum, a balance sheet, income statement, and cash flow statement, debt covenant calculations (if applicable), amount of any guaranteed loans and current loss rates on guaranteed loans (if applicable) and notes to financial statements in such detail customary for such financial statements and prepared by an independent certified public accountant in accordance with generally accepted accounting principles consistently applied.
(d) At least annually, Program Manager will have a certified independent public accounting firm or another independent third party reasonably acceptable to Bank: (i)(a) conduct a review or assessment and provide a full attestation, review or report under SSAE 16 (Statement on Standards for Attestation Engagements No. 16) SOC (Service Organization Control) 1 Type II or SOC 2 Type II; (b) a replacement for one of the foregoing approved by Bank; or (c) other third party reviews and reports reasonably acceptable to Bank, in each case, of all key systems and operational controls used in connection with any Confidential Information or Depositor Information; and (ii) conduct and provide a full report of an independent network and application penetration test. Each of these attestations, reviews, reports and tests will be for a scope approved by Bank in its reasonable discretion. Program Manager will provide all findings from these attestations, reviews and tests to Bank upon receipt from the third party. Program Manager will (x) implement all material recommendations set forth in such attestations, reviews, reports and any other reasonable recommendations made by Bank
arising out of Bank’s analysis of such reviews and (y) upon Bank’s request, provide Bank with the status of the implementation. If Program Manager fails to conduct the required reviews and assessments and provide the required reports set forth in clauses (i) and (ii) above, as determined by Bank, Bank may perform its own reviews and assessments, and Program Manager will promptly reimburse Program Manager for all reasonable costs associated with its efforts.
27.Agreement Subject to Applicable Laws. Subject to Section 19 (Term and Termination), if (a) either Party has been advised by legal counsel of a change in Applicable Laws or any judicial decision of a court having jurisdiction over such Party or any interpretation of a Regulatory Authority that, in the view of such legal counsel, would have a materially adverse effect on the Program, the rights or obligations of such Party under this Agreement or the financial condition of such Party; (b) either Party shall receive a lawful written request of any Regulatory Authority having jurisdiction over such Party, including any letter or directive of any kind from any such Regulatory Authority, that prohibits or restricts such Party from carrying out its obligations under this Agreement; (c) either Party has been advised by legal counsel that there is a material risk that such Party’s or the other Party’s continued performance under this Agreement would violate Applicable Laws; (d) any Regulatory Authority shall have determined and notified either Party that the arrangement between the Parties contemplated by the Program Documents constitutes an unsafe or unsound banking practice or is in violation of Applicable Law; or (e) a Regulatory Authority has commenced an investigation or action against a Party which the other Party, in its reasonable judgment, determines that it threatens such Party’s ability to perform its obligations under the Program Documents, then, in each case, the Parties shall meet and consider in good faith any modifications, changes or additions to the Program or the Program Documents that may be necessary to eliminate such result. Notwithstanding any other provision of the Program Documents, if the Parties are unable to reach agreement regarding modifications, changes or additions to the Program or the Program Documents within fifteen (15) Business Days after the Parties initially meet, either Party may terminate this Agreement upon thirty (30) days prior written notice to the other Party and without payment of a termination fee or other penalty. A Party shall be able to suspend performance of its obligations under this Agreement, or require the other Party to suspend its performance of its obligations under this Agreement, if (i) any event described in clause (b) above occurs and (ii) such Party reasonably determines that continued performance hereunder may result in a fine, penalty or other sanction being imposed by the applicable Regulatory Authority, or in material civil liability, unless with regards to civil liability, the other Party agrees to indemnify the Party. For the avoidance of doubt, nothing in this Section 27 shall obligate a Party to disclose, share, or discuss any information to the extent prohibited by Applicable Law or a Regulatory Authority.
29.Program Manager Reserve Account. Prior to the Effective Date of this Agreement, Program Manager shall establish a non-interest bearing deposit account (the “Program Manager Reserve Account”) at Bank which fund transfers may be initiated by Bank. Program Manager Reserve Account shall be a segregated deposit account that shall hold only the funds to be provided by Program Manager to Bank, whether as collateral or as funds owed in connection with this Agreement. At all times, it is Program Manager’s responsibility to maintain funds in Program Manager Reserve Account at least equal to the amount set forth in Schedule B of the Bank Issuing Agreement, incorporated herein by reference (the “Reserve Balance”). For the avoidance of doubt the Reserve Balance is synonymous to the Reserve Amount in the Bank Services Agreement.
(a)
Security Interest. To secure Program Manager’s obligations under the Program Documents, Program Manager hereby grants Bank a first priority security interest in Program Manager Reserve Account and the funds therein or proceeds thereof, and agrees that Bank has control of Program Manager Reserve Account for purposes of the Uniform Commercial Code, Article 9-314. Program Manager further agrees to take such steps as Bank may reasonably require to perfect or protect such first priority security interest. Bank shall have all of the rights and remedies of a secured party under Applicable Laws with respect to Program Manager Reserve Account and the funds therein or proceeds thereof; and shall be entitled to exercise those rights and remedies in its discretion. Program Manager agrees that it will maintain the lien against Program Manager Reserve Account in favor of Bank and agrees that it will not grant any other party an interest in Program Manager Reserve Account.
(b)
Program Manager Reserve Account can be applied by Bank to cover any requirements under this Agreement.
(c)
Termination of Program Manager Reserve Account. Bank shall release any funds remaining in Program Manager Reserve Account within one hundred and twenty (120) days after the latest to occur of: (i) expiration or termination of this Agreement; and (ii) the date when obligations of Program Manager under the Program Documents have been satisfied in full by Program Manager; however, Bank shall release funds from Program Manager Reserve Account no sooner than the expiration or termination of all Chargeback rights.
30.Program Manager Revenue Account. Prior to the Effective Date of this Agreement, Program Manager shall establish a deposit account (the “Program Manager Revenue Account”) with a financial institution which fund transfers may be initiated by Bank. Bank shall transfer all amounts as required by Section 9 (Fees) to Program Manager Revenue Account from time to time. Program Manager shall provide Bank with thirty (30) days’ notice prior to changing or transferring to another financial institution Program Manager Revenue Account.
31.Insurance. Program Manager shall procure, pay for and maintain the minimum insurance coverage set forth below for the entire term of the Agreement. All insurance coverage is subject to the approval of Bank and shall be issued by a fiscally sound insurance carrier which maintains an A.M. Best Rating of A- VII or better. The General Liability policy shall name Bank as additional insured on the General Liability policy:
(a)Workers’ Compensation insurance providing coverage pursuant to statutory requirements.
(b)Commercial General Liability insurance with Completed Product and Operations covering bodily injury, property damage, and including contractual liability coverage with a combined limit of [**] per occurrence and [**] general aggregate. The Commercial General Liability insurance policy shall name Bank as additional insured but solely as it relates to insurable losses and expenses that result from Program Manager’s activities in the servicing of the Program. Such policy shall contain a waiver of subrogation in favor of Bank.
(c)Commercial Umbrella Liability insurance with per occurrence and aggregate limits of [**] with the liability insurance required under clauses (a) and (b) above scheduled as underlying.
(d)Commercial Crime insurance covering Employee Theft and Computer Fraud with limits of [**] per loss for loss or damage arising out of fraudulent or dishonest acts committed by the employees of Program Manager, acting alone or in collusion with others, including the property and funds of others in their possession, care, custody, or control.
(e)Technology Errors and Omissions Liability insurance in the amount of [**] per claim and aggregate.
Program Manager must furnish Bank with certificates of insurance as evidence of the above insurance requirements prior to commencement of operations under the Agreement. Such certificates shall verify that Bank is named as additional insured and the waiver of subrogation in favor of Bank under the Commercial General Liability policy as required herein, and that in the event of a cancellation or material change in coverage, Bank would be given thirty (30) days prior written notice. In the event Program Manager receives notice of cancellation for any of the required policies, Program Manager shall use commercially reasonable efforts to provide at least thirty (30) days prior notice of such event to Bank, unless the required coverage is immediately replaced by similar coverage in scope and limits. Failure of Program Manager to provide or of Bank to request a certificate of insurance shall not waive Program Manager’s obligation under this Agreement to maintain the insurance required herein. In the event Program Manager fails to maintain the insurance set forth herein Bank shall have the right to terminate this Agreement immediately upon written notice.
32.Cooperation. Each Party hereto agrees to cooperate fully with the other Party hereto in furnishing any information or performing any action reasonably requested by such Party that is needed by the requesting Party to perform its obligations under this Agreement or to comply with Applicable Law or any request from a Regulatory Authority.
33.Relationship of Parties. Unless otherwise provided in this Agreement, the Parties agree that in performing their responsibilities pursuant to this Agreement, they are in the position of independent contractors. This Agreement is not intended to create, nor does it create and shall not be construed to create, a relationship of partner or joint venturer or any association for profit between Bank and Program Manager.
34.Governing Law; Waiver of Jury Trial; Dispute Resolution and Arbitration.
(a)This Agreement shall be interpreted and construed in accordance with the laws of the State of Tennessee, without giving effect to the rules, policies, or principles thereof with respect to conflicts of laws. Each Party hereby submits to the jurisdiction of the courts of Tennessee, and (subject to Bank’s reservation of preemption rights herein).
(b)TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PARTIES HEREBY EXPRESSLY WAIVE ANY RIGHT TO TRIAL BY JURY OF ANY CLAIM, DEMAND, ACTION OR CAUSE OF ACTION ARISING HEREUNDER.
(c)Dispute Resolution and Arbitration.
(i)Cooperation to Resolve Disputes. The Parties shall cooperate and attempt in good faith to resolve any dispute, controversy, or claim arising out of or relating to this Agreement or the construction, interpretation, performance, breach, termination, enforceability or validity thereof (a “Dispute”) promptly by negotiating between persons who have authority to settle the Dispute and who are at a higher level of management than the persons with direct responsibility for administration and performance of the provisions or obligations of this Agreement that are the subject of the Dispute.
(ii)Arbitration. Any Dispute which cannot otherwise be resolved as provided in subsection (i) above shall be resolved by arbitration conducted in accordance with the commercial arbitration rules of the American Arbitration Association, and judgment upon the award rendered by the arbitral tribunal may be entered in any court having jurisdiction thereof. The arbitration tribunal shall consist of a single arbitrator mutually agreed upon by the Parties, or in the absence of such agreement within 30 days from the first referral of the Dispute to the American Arbitration Association, designated by the American Arbitration Association. The place of arbitration shall be Memphis, Tennessee, unless the Parties shall have agreed to another location within 15 days from the first referral of the Dispute to the American Arbitration Association. The arbitral award shall be final and binding. The Parties waive any right to appeal the arbitral award, to the extent a right to appeal may be lawfully waived. Each Party retains the right to seek judicial assistance: (1) to compel arbitration, (2) to obtain interim measures of protection prior to or pending arbitration, (3) to seek injunctive relief in the courts of any jurisdiction as may be necessary and appropriate to protect the unauthorized disclosure of its proprietary or confidential information, and (4) to enforce any decision of the arbitrator, including the final award. In no event shall either Party be entitled to punitive, exemplary or similar damages.
(iii)Confidentiality of Proceedings. The arbitration proceedings contemplated by this subsection shall be as confidential and private as permitted by Applicable Law. To that end, the Parties shall not disclose the existence, content or results of any proceedings conducted in accordance with this subsection, and materials submitted in connection with such proceedings shall not be admissible in any other proceeding, provided, however, that this confidentiality provision shall not prevent a petition to vacate or enforce an arbitral award, and shall not bar disclosures required by any laws or regulations.
35.Severability. Any provision of this Agreement which is deemed invalid, illegal or unenforceable in any jurisdiction, shall, as to that jurisdiction, be ineffective to the extent of such invalidity, illegality or unenforceability, without affecting in any way the remaining portions hereof in such jurisdiction or rendering such provision or any other provision of this Agreement invalid, illegal, or unenforceable in any other jurisdiction.
36.Assignment. This Agreement and the rights and obligations created under it shall be binding upon and inure solely to the benefit of the Parties and their respective successors and permitted assigns. Neither Party shall be entitled to assign or transfer any interest under this Agreement (including a transfer by a Change in Control) without the prior written consent of the other Party, such consent not to be unreasonably withheld, delayed, conditioned except as follows: (i) Bank may assign this Agreement or any of its rights or obligations arising hereunder in connection with a Change of Ownership that does not rise to the level of a Change in Control; and (ii) Program Manager may assign this Agreement or any of its rights or obligations
arising hereunder in connection with a Change of Ownership that does not rise to the level of a Change in Control. No assignment under this Section 37 shall relieve a Party of its obligations under this Agreement.
37.Third Party Beneficiaries. Nothing contained herein shall be construed as creating a third-party beneficiary relationship between either Party and any other Person.
38.Notices. All notices and other communications that are required or may be given in connection with this Agreement shall be in writing and shall be deemed received (a) on the day delivered, if delivered by hand; (b) on the day transmitted, if transmitted by facsimile or e-mail with receipt confirmed; or (c) three (3) Business Days after the date of mailing to the other Party, if mailed first-class postage prepaid, at the address found on the first page, or such other address as either Party shall specify in a notice to the other.
39.Amendment and Waiver. This Agreement may be amended only by a written instrument signed by each of the Parties. The failure of a Party to require the performance of any Term of this Agreement or the waiver by a Party of any default under this Agreement shall not prevent a subsequent invalidity, illegality or unenforceability, without affecting in any way the remaining portions hereof in such jurisdiction or rendering such provision or any other provision of this Agreement invalid, illegal, or unenforceable in any other jurisdiction.
40.Entire Agreement. The Program Documents, including the Exhibits and Addenda attached hereto, constitute the entire agreement between the Parties with respect to the subject matter thereof, and supersede any prior or contemporaneous negotiations or oral or written agreements with regard to the same subject matter.
41.Conflicts. Reference is made to Bank Services Agreement. In the event of conflict between this Agreement and the Bank Services Agreement, the terms of this Agreement will prevail with respect to the Program, Bank Card Services, Program Manager Services, Processing Services and any Card issuance services provided by Bank or Program Manager under this Agreement.
42.Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. This Agreement may be executed and accepted by facsimile or portable data file (PDF) signature and any such signature shall be of the same force and effect as an original signature.
43.Interpretation. The Parties acknowledge that each Party and its counsel have reviewed and revised this Agreement and that the normal rule of construction to the effect that any ambiguities are to be resolved against the drafting Party shall not be employed in the interpretation of this Agreement or any amendments thereto, and the same shall be construed neither for nor against either Party, but shall be given a reasonable interpretation in accordance with the plain meaning of its terms and the intent of the Parties. The words “include,” “includes” or “including” mean without limitation by reason of enumeration. Words in singular number include the plural, and in the plural include the singular, unless the context otherwise requires.
44.Force Majeure. If any Party shall be unable to carry out the whole or any part of its obligations under this Agreement by reason of a Force Majeure Event, then the performance of the obligations under this Agreement of such Party as they are affected by such cause shall be excused during the continuance of the inability so caused, except that should such inability not be remedied within thirty (30) days after the date of such cause, the Party not so affected may at any time after the expiration of such thirty (30) day period, during the continuance of such inability, terminate this Agreement on giving written notice to the other Party. A “Force Majeure Event” as used in this Agreement means an unanticipated event that is not reasonably within the control of the affected Party or its subcontractors (including, but not limited to, acts of God, acts of governmental authorities, strikes, war, terrorist attacks, riot and any other causes of such nature), and which by exercise of reasonable due diligence, such affected Party or its subcontractors could not reasonably have been expected to avoid, overcome or obtain, or cause to be obtained, a commercially reasonable substitute therefore. No Party shall be relieved of its obligations hereunder if its failure of performance is due to removable or remediable causes which such Party fails to remove or remedy using commercially reasonable efforts within a reasonable time period. Either Party rendered unable to fulfill any of its obligations under this Agreement by reason of a Force Majeure Event shall give prompt notice of such fact to the other Party, followed by written confirmation of notice, and shall exercise due diligence to remove such inability with all reasonable dispatch.
45.Headings. Captions and headings in this Agreement are for convenience only and are not to be deemed part of this Agreement.
46.Referrals. Neither Party has agreed to pay any fee or commission to any agent, broker, finder, or other Person for or on account of such Person’s services rendered in connection with this Agreement that would give rise to any valid claim against the other Party for any commission, finder’s fee or like payment.
EXHIBIT A
PROGRAM DESCRIPTION
[**]
EXHIBIT B
PROGRAM FEES
[**]
EXHIBIT C
BANK CARD SERVICES
[**]
EXHIBIT D
PROGRAM MANAGER CARD SERVICES
[**]
