Attached files
CERTAIN IDENTIFIED INFORMATION HAS BEEN EXCLUDED FROM THIS EXHIBIT BECAUSE IT IS BOTH (I) NOT MATERIAL AND (II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED. SUCH PORTIONS ARE MARKED AS INDICATED WITH BRACKETS (“[***]”) BELOW
TECHNOLOGY AND SUPPORT AGREEMENT
This TECHNOLOGY AND SUPPORT AGREEMENT (this “Agreement”), effective as of October 15, 2018 (“Effective Date”), by and between FinWise Bank, a Utah state chartered bank (“FB”) and Elevate Decision Sciences, LLC, a Delaware limited liability company (“EDS”). FB and EDS are individually referred to as a “Party” and, collectively, the “Parties.”
In consideration of the mutual promises and upon the terms and conditions set forth below, the Parties agree as follows:
1. | Certain Definitions. |
1.1 | “Affiliate” with respect to either Party means any entity including, without limitation, any corporation, partnership or limited liability company, that directly, or indirectly through one or more intermediaries, wholly-owns or is wholly-owned by such Party. |
1.2 | “AML Requirements” means the “ANTI-MONEY LAUNDERING REQUIREMENTS” attached hereto as Exhibit F. |
1.3 | “Application” means an application submitted by a Borrower to obtain a Loan. |
1.4 | “Borrower” means any of FB’s customers who are using the Software for the purposes of applying for, obtaining and/or maintaining a Loan or other such credit product as may be available by the use of the Software. |
1.5 | “Confidential Information” of EDS means all Software, Documentation, Tools, information, data, drawings, tests (including tests performed by FB), specifications, trade secrets, algorithms, data models, object code and machine-readable copies of the Software, source code of the Software, Tools, screen layouts, forms, reports, and any other proprietary information made available to FB including all items defined as “confidential information” in any other agreement between the Parties or any of their Affiliates whether or not executed prior to this Agreement. |
1.6 | “Confidential Information” of FB means any and all proprietary information supplied to EDS or any of its Affiliates in connection with this Agreement and any other agreement between the Parties or any of their respective Affiliates. |
1.7 | “Credit Model Documentation” means all documentation concerning the Credit Model Policy. |
1.8 | “Credit Model Policy” means EDS’ policies and procedures regarding its model risk management, which shall include (a) development processes and procedures, (b) testing/validation processes, (c) validation frequency, (d) monitoring of Third Party Service Providers, but in any event, no less restrictive than provided for in FDIC Financial Institution Letter 22-2017, as such guidance may be updated from time to time. |
1.9 | “Documentation” means any instructions manuals or other materials, and on-line help files, regarding the Use of the Software. Documentation shall also include the algorithms and Tools made available by EDS to FB. |
15651.036 4822-7919-8312.10
1.10 | “FB Personal Data” means Personal Data provided to FB by or on behalf of a natural person including, but not limited to, any Borrower. |
1.11 | “Governmental Authority” shall mean any federal or state government (or any political subdivision of any of the foregoing), any agency, authority, commission, instrumentality, regulatory body, court, central bank or other entity exercising executive, legislative, judicial, taxing, regulatory or administrative powers or functions of or pertaining to government, whether or not any such Governmental Authority has jurisdiction over a Party, and NACHA. |
1.12 | “Law” means all state and federal codes, statutes, laws, permits, rules, regulations, interpretations, regulatory guidance or any similar pronouncement, ordinances, orders, policies, determinations or any officially published regulatory interpretation of the foregoing, judgments, writs, injunctions, decrees and common law and equitable rules, causes of action, remedies and principles as the same may be amended, modified, supplemented or superseded from time to time, and any requirements of any Governmental Authority with appropriate jurisdiction applicable to the acts of FB, EDS or any Third-Party Service Provider as they relate to a Party's performance of their respective obligations under this Agreement. |
1.13 | “Loan” means an unsecured installment loan originated by FB in connection with the rights granted by EDS to FB hereunder. |
1.14 | “Loan Documents” shall mean the Applications, loan agreements, regulatory disclosures and other documentation evidencing and governing the Loans. |
1.15 | “Personal Data” means any information relating to an identified or identifiable natural person including, but not limited to, Borrowers’ names, social security numbers, dates of birth, addresses, number of months at address, phone numbers, financial information as to loans or accounts with FB or other loans or accounts, bankruptcy, employer names and phone numbers, number of months on job and whether a Borrower owns a home. |
1.16 | “Process” or “Processing” of FB Personal Data means and includes any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, accessing, consultation, use, disclosure by transmission, dissemination or otherwise making available. |
1.17 | “Program Guidelines” shall mean those guidelines established by FB for the administration of the Loans including, but not limited to, underwriting standards for the Loans (which shall include, without limitation, specific criteria for evaluating an Applicant’s ability to repay the Loan, the credit, charge-off and collection policies for the Loans, and all other operating procedures for the Loans, as such guidelines may be amended, modified or supplemented from time to time by FB in accordance with the terms of this Agreement. |
1.18 | “Software” means (a) the computer software application specified in Exhibit A, (b) any Update made available by EDS to FB, (c) the Tools (d) the Documentation and (e) any website hosted or operated by EDS in connection with the Program. |
1.19 | “Support” means the services described in Exhibit B. |
15651.036 4822-7919-8312.10 2
1.20 | “Technical Information” means, with respect to the Software, all code, documentation, algorithms, models, developments, inventions, processes, ideas, designs, drawings, hardware configuration, and technical specifications including, but not limited to, computer terminal specifications and the source code developed from such specifications. |
1.21 | “Third Party Service Provider” shall mean any third party providing services that FB or EDS (as the context may require) is required to provide under this Agreement. |
1.22 | “Tools” means the scoring, underwriting and verification tools made available by EDS to FB as well as any interface and specifications thereof used to interconnect the Software with FB's system as well as the direct mail process and model made available to FB. |
1.23 | “Update” means a release or version of the Software containing functional enhancements, extensions, error corrections or fixes that is generally made available to EDS' customers who have contracted for Support. |
1.24 | “Use” of Software means accessing the Software solely for purposes of obtaining and/or maintaining a Loan or other such credit product offered by FB in accordance with the Documentation and in compliance with applicable Law. |
1.25 | “User” means (a) Borrowers, (b) FB's employees, officers, and directors as well as contractors directly managed and controlled by FB and (c) any of FB's Third Party Service Providers. Users specifically exclude all third parties except to the extent expressly included in the foregoing sentence. |
2. | Grant of Rights. |
2.1 | Grant. Subject to the terms and conditions of this Agreement, EDS hereby grants FB the right to Use and permit Users to Use the (a) Software, (b) Documentation solely in connection with FB's Use of the Software, and (c) Tools solely in connection with FB's Use of the Software. |
2.2 | Delivery. |
(a) | EDS shall host, or arrange for the hosting of, the Software and shall arrange for the Software to be accessible to FB and its Borrowers over the internet via one or more application programming interfaces. EDS shall make the Documentation and updates thereto available to FB. FB acknowledges that no source code will be provided to FB. FB acknowledges that the relationship established by this Agreement is non-exclusive and that EDS is in the business of providing technology and services via the Software, Documentation and Tools which are the same or substantially similar as provided to FB pursuant to this Agreement. |
(b) | As of the Effective Date, the Software is hosted by Amazon Web Services (AWS). If EDS changes the entity that is hosting the Software, then EDS shall provide FB with prompt written notice thereof. |
15651.036 4822-7919-8312.10 3
2.3 | Disaster Recovery. EDS shall maintain business continuity plans as required by applicable Law and consistent with industry standards for the Software, hosting and support obligations hereunder and shall test such plans at least annually. |
3. | Ownership. EDS retains all right, title and interest in and to the Software, Documentation, Tools and any enhancements and modifications thereto including, without limitation, all proprietary and intellectual property rights to the Software, Documentation, and Tools. |
4. | Restrictions. FB shall not itself, or through any parent, subsidiary, Affiliate or any other third party: (a) modify, decode, decompile, disassemble, reverse engineer or otherwise translate the Software, Documentation or Tools, in whole or in part; (b) write or develop any derivative software or any other software program based upon the Software or any Confidential Information of EDS; (c) use the Software, Documentation or Tools to provide processing services to third parties or otherwise use the Software, Documentation or Tools on a service bureau or time-sharing basis; (d) license or sublicense the Software, Documentation or Tools; (e) provide, disclose, divulge or make available to, or permit use of the Software, Documentation or Tools by any third party, other than Users and Borrowers; (f) disable or modify any licensing control features of the Software or Tools; or (g) directly or indirectly attempt to do any of the foregoing. |
5. | Fees. |
5.1 | Fees. In consideration of the rights granted pursuant to Section 2.1 and the other obligations of EDS hereunder, FB shall pay EDS the fees specified in Exhibit A. |
5.2 | Payments. FB shall pay the full amount of the fees according to the payment terms specified in Exhibit A. |
6. | Support; Modifications. |
6.1 | Support. Except as set forth on Exhibit B, EDS shall not have any obligation to provide any support with respect to the Software. |
6.2 | Modifications. EDS shall not implement any material modifications to the Software, Tools or Documentation unless FB shall have reviewed, tested and validated such modifications. FB shall have a period of five (5) business days from the date of submission by EDS to reply to EDS regarding any such modification request. FB may also elect to review, test and validate any such modifications within a commercially reasonable period (“Qualification Period”). If any modification does not pass FB's review, testing and validation process within such Qualification Period, then FB shall provide written notice thereof to EDS, which notice shall include a reasonably detailed explanation of why the modification did not pass. If FB does not review, test and validate the modification or provide EDS with written notice that the modification did not pass FB's review, testing and validation process prior to the end of the Qualification Period, then such modification shall be deemed to be unacceptable to FB and EDS may not implement such modification. |
7. | Support. The obligations of Parties with respect to the support of the origination and management of the Loans are set forth in Exhibit D. |
15651.036 4822-7919-8312.10 4
8. | Warranties and Limitation of Liability. |
8.1 | Warranties and Disclaimer. |
(a) | Software and Services. EDS represents and warrants that the Software furnished hereunder shall operate in material conformance with the Documentation; that, in general, the services provided hereunder shall be performed in a timely and professional manner by qualified professional personnel; and that the services provided hereunder and the Software shall conform to the standards generally observed in the industry for similar services and Software. FB agrees that EDS' sole obligation, and FB's sole remedy, for any breach of this Section 8.1(a) shall be for EDS to modify the Software in accordance with Exhibit B and/or re-perform the non-confirming services. |
(b) | Compliance with Applicable Laws. EDS warrants that the performance by EDS of the services hereunder including, without limitation, the services to be performed in accordance with Exhibit D, shall be in compliance with all applicable Laws, the Program Guidelines and AML Requirements. FB agrees that EDS' sole obligation, and FB's sole remedy, for any breach of this Section 8.1(b) shall be for EDS to (i) reimburse FB for the principal amount of any Loan that is not in compliance with all applicable Laws, the Program Guidelines and AML Requirements, (ii) reimburse FB for any penalties or fines paid by FB as a result of such non-compliance and (iii) reimburse FB for any interest that FB refunds to any Borrower as a result of such non-compliance; provided, however, that FB shall credit back to EDS the amount of any principal or interest on any such Loan that FB subsequently collects and is permitted to keep. |
8.2 | WAIVERS. EXCEPT AS SPECIFICALLY PROVIDED FOR HEREIN, EDS MAKES NO WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY REGARDING OR RELATING TO THE SOFTWARE, DOCUMENTATION, TOOLS AND ANY OTHER MATERIALS OR SERVICES FURNISHED OR PROVIDED UNDER THIS AGREEMENT. EDS SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, CONTINUOUS OPERATION, QUALITY, AND ACCURACY. |
8.3 | Limitation of Liability. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY EXEMPLARY, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH OR ARISING OUT OF THIS AGREEMENT OR THE FURNISHING, PERFORMANCE OR USE OF THE SOFTWARE, TOOLS, DOCUMENTATION OR ANY SERVICES PERFORMED HEREUNDER, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY'S LIABILITY TO THE OTHER PARTY UNDER THIS AGREEMENT WILL NOT, IN ANY EVENT, EXCEED $[***]. THE EXCLUSIONS AND LIMITATIONS SET FORTH IN THIS SECTION 8.3 SHALL NOT APPLY TO ANY BREACH OF SECTION 4 OR SECTION 10 BY EITHER PARTY, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OF EITHER PARTY, OR EITHER PARTY’S INDEMNIFICATION |
15651.036 4822-7919-8312.10 5
OBLIGATIONS. THE PROVISIONS OF THIS SECTION 8 ALLOCATE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES. EDS’ PRICING REFLECTS THIS ALLOCATION OF RISKS AND LIMITATION OF LIABILITY. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.
8.4 | Third Party Software. To the extent any third-party software is incorporated in or required by the Software, EDS shall be responsible for obtaining licenses for such software for FB’s benefit and use. |
9. | Indemnification. |
9.1 | Indemnification. Each Party (the “Indemnifying Party”) shall indemnify, hold harmless and defend the other Party, its Affiliates and each of their respective directors, managers, members, shareholders, employees, officers, representatives, agents, attorneys, successors and permitted assigns (collectively, the “Indemnified Parties”) from any claims, demands, losses, liabilities, damages, penalties demands, suits, judgements, settlements costs, expenses and disbursements of any kind or nature whatsoever including, without limitation, reasonable attorneys' fees (collectively, “Losses”), made by any third party due to or arising out of the Indemnifying Party’s breach of this Agreement. |
9.2 | Intellectual Property. |
(a) | Subject to Section 9.2(b), EDS shall, at its expense, defend all claims and actions made against FB by any third party alleging that Use of the Software in accordance with the Documentation infringes or misappropriates any United States patent, copyright or trade secret of such third party and pay all damages finally awarded on account of such claims and actions or the amounts of settlements thereof and all expenses relating thereto. Upon the occurrence of any such claim or action, EDS shall use reasonable efforts to (i) procure for FB the right to continue using such infringing item or (ii) replace or modify such infringing items so that it becomes non-infringing without materially adversely affecting the operation of the Software. If EDS cannot achieve the alternatives specified in (i) or (ii) above on commercially reasonable terms, then either Party may terminate this Agreement upon thirty (30) calendar days’ notice to the other Party. FB expressly agrees that this Section 9.2(a) states EDS' entire liability, and FB's exclusive remedy, for all infringement and any other intellectual property-related claims and actions. |
(b) | EDS shall not have any obligation pursuant to Section 9.2(a) to the extent the alleged infringement or misappropriation arises from (i) the combination of the Software with other products, equipment, software or data not supplied or authorized by EDS, provided that no infringement would have occurred absent such combination, (ii) modification of the Software made by any person other than EDS or its authorized agents or contractors, provided that no infringement would have occurred absent such modification or (iii) any Use of the Software not in accordance with the Documentation, provided that no infringement would have occurred absent such Use. Further, EDS' obligations set forth in Section 9.2(a) are expressly conditioned on FB providing EDS with reasonable notice of any third party claim |
15651.036 4822-7919-8312.10 6
or action, tendering the same to EDS, granting EDS exclusive control over the defense and settlement thereof, and reasonably cooperating with EDS (at EDS’ expense) in the defense of any such claim or action.
10. | Confidential Information; Injunctive Relief. |
10.1 | Non-Use and Non-Disclosure. The Parties acknowledge that the Confidential Information constitutes valuable trade secrets of the other Party and that each Party shall use and protect Confidential Information solely in accordance with the provisions of this Agreement. Neither Party will make any use of the Confidential Information for any other purpose nor will either Party disclose, or permit to be disclosed, the same, directly or indirectly, to any third party without the other Party’s prior written consent. The Parties shall exercise due care in protecting all Confidential Information of the other Party from unauthorized use or disclosure. However, neither Party bears responsibility for safeguarding information that is publicly available, already in its possession and not subject to a confidentiality obligation, obtained by the other Party from third parties without restrictions on disclosure, independently developed by a Party without reference to Confidential Information, or required to be disclosed by order of a court or other governmental entity provided that, unless prevented from doing so, each Party provides written notice and cooperation to the other Party such that the other Party will have an opportunity to seek a protective order in such an event. |
10.2 | Remedy. In the event of actual or threatened breach of the provisions of Sections 4 or 10.1, there will be no adequate remedy at law and the Party claiming the breach will be entitled to immediate and injunctive and other equitable relief, without the requirement of posting a bond or any other security and without the necessity of showing actual money damages. Exercise of the right to obtain injunctive and other equitable relief will not limit any rights to seek additional remedies. |
10.3 | Privacy and Security. Each Party shall comply with its respective obligations under the data privacy and security requirements set forth in Exhibit C and applicable Law. |
11. | Term and Termination. |
11.1 | Term. Unless terminated earlier in accordance with this Agreement, the term of this Agreement shall commence as of the Effective Date and shall continue for a period of four (4) years (the “Initial Term”). If not earlier terminated, this Agreement will automatically renew for subsequent two (2) year periods (each a “Renewal Term”) unless either Party provides written notice of termination at least one hundred twenty (120) calendar days prior to the expiration of the Initial Term or any Renewal Term. |
15651.036 4822-7919-8312.10 7
11.2 | Termination. This Agreement may be terminated upon the occurrence of one or more of the following events, within the time periods set forth below: |
(a) | If either Party breaches this Agreement including, without limitation, any material breach of any representation, warranty or covenant contained herein, the non-breaching Party may immediately terminate this Agreement by providing written notice thereof to the breaching Party if such breaching Party does not cure such breach within sixty (60) calendar days after receipt of the written notice of the breach, provided, however, that no cure period shall be applicable to any breach of Sections 4 or 9 that is intentional or the result of a Party’s gross negligence. |
(b) | Upon the occurrence of an Insolvency Event (as defined below) by either Party, this Agreement shall automatically and immediately terminate. It shall constitute an insolvency event (“Insolvency Event”) by a Party hereunder if such Party shall file for protection under any chapter of the federal Bankruptcy Code, an involuntary petition is filed against such Party under any such chapter and is not dismissed within sixty (60) calendar days of such filing, or a receiver or any regulatory authority takes control of such Party. |
(c) | If (i) act of God or other natural disaster which makes the carrying out of this Agreement impossible, (ii) a Party's performance hereunder is rendered illegal, (iii) FB’s ability to make use of the Software is materially adversely affected by reason of changes in any laws or regulations applicable to the Loans originated under the Marketing Agreement or (iv) FB is advised by any judicial, administrative or regulatory authority having or asserting jurisdiction over FB or the Loans that the performance of its obligations under this Agreement is or may be unlawful, then the Party unable to perform, or whose performance is illegal or who has been so advised by such authority, may terminate this Agreement by giving written notice at least sixty (60) calendar days in advance of termination to the other Party, unless such changes in applicable Law or communication from such authority require earlier termination, in which case termination shall be effective upon such earlier required date. |
(d) | At FB’s option, upon written direction by FB’s regulating state or federal agency to limit or cease the performance by FB of its obligations under this Agreement. |
(e) | Either Party may terminate this Agreement upon the termination of the Joint Marketing Agreement by and between FB and EF Marketing, LLC, dated on or around the Effective Date ("Marketing Agreement"), by sending written notice to the other. |
15651.036 4822-7919-8312.10 8
11.3 | Effect of Termination. If any termination event as described in Section 11.1 or 11.2 occurs, termination will become effective immediately or on the date set forth in the written notice of termination, as applicable. Notwithstanding the foregoing, FB shall the right to continue to access the Software solely for account management purposes until such time that all Loans are either transferred to a third party or paid off ("Phase Out Period"). During the Phase Out Period, FB shall remain in compliance with this Agreement. Effective upon the end of the Phase Out Period, (a) FB shall immediately discontinue all use of all Software, Tools and all Documentation, (b) EDS shall return to FB any copies and reproductions of FB Personal Data (as defined in Exhibit C) and (c) FB shall return the Software, the Tools and any copies, in whole or in part, all Documentation, and any other Confidential Information of EDS in its possession that is in tangible form. Upon the written request of EDS, FB shall furnish EDS with a certificate signed by an executive officer of FB verifying that the same has been done. |
11.4 | Survival. The following provisions shall survive termination of this Agreement: Sections 1, 3, 4, 5, 8, 9, 10, 11.3, 11.4, and 12. |
12. | Miscellaneous. |
12.1 | Assignment. Neither Party shall assign this Agreement or any rights hereunder, in whole or in part, whether voluntary or by operation of law, without the prior written consent of the other Party. Subject to the foregoing, this Agreement will be binding upon and inure to the benefit of each of the Parties, their respective successors and permitted assigns. Any assignment in violation of the foregoing shall be void. |
12.2 | Notices. All notices pursuant hereto shall be in writing and shall be deemed to have been properly given, served and received if (a) delivered by messenger, when delivered, (b) if mailed, on the fifth (5th) business day after deposit in the United States mail certified, postage prepaid, return receipt requested or (c) delivered by reputable overnight express courier, freight prepaid, the next business day after delivery to such courier. Notices shall be addressed to the Parties as set forth below: |
If to FB:
FinWise Bank
820 East 9400 South
Sandy, UT 84094
Attention: David Tilis
Email:
with a copy to:
Wachtel Missry LLP
885 Second Avenue, 47th Floor
New York, New York 10017
Attention: Allan J. Weiss, Esq.
Email: weiss@wmllp.com
15651.036 4822-7919-8312.10 9
If to EDS:
Elevate Decision Sciences, LLC
4150 International Plaza, Suite 300
Fort Worth, Texas 76109
Attention: Chief Executive Officer
Email:
4150 International Plaza, Suite 300
Fort Worth, Texas 76109
Attention: Chief Executive Officer
Email:
With a copy (for informational purposes only) to:
Coblentz Patch Duffy & Bass LLP
One Montgomery Street, Suite 3000
San Francisco, California 94104
Telephone: (415) 772-5756
Attention: Paul J. Tauber, Esq.
Email: pjt@cpdb.com
One Montgomery Street, Suite 3000
San Francisco, California 94104
Telephone: (415) 772-5756
Attention: Paul J. Tauber, Esq.
Email: pjt@cpdb.com
Each Party may change its addresses for notice by serving written notice upon the other Party.
12.3 | Force Majeure. Except with respect to any payment or confidentiality obligations, neither Party will incur any liability to the other Party on account of any loss or damage resulting from any delay or failure to perform all or any part of this Agreement if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control and without negligence of the Parties. Such events, occurrences, or causes will include, without limitation, acts of God, strikes, lockouts, riots, acts of war, earthquake, fire and explosions, but the inability to meet financial obligations is expressly excluded. To the extent a force majeure as described herein lasts or is expected to last for more than fifteen (15) calendar days, the Party not suffering the force majeure may terminate this Agreement with no further obligations hereunder other than those that survive the termination of this Agreement as provided for in Section 11.4. |
12.4 | Waiver. Any waiver of the provisions of this Agreement or of a Party’s rights or remedies under this Agreement must be in writing to be effective. Failure, neglect, or delay by a Party to enforce the provisions of this Agreement or its rights or remedies at any time, will not be construed and will not be deemed to be a waiver of such Party’s rights under this Agreement and will not in any way affect the validity of the whole or any part of this Agreement or prejudice such Party’s right to take subsequent action. |
12.5 | Severability. If any provision in this Agreement is found to be invalid, unlawful or unenforceable to any extent, then the Parties shall endeavor in good faith to agree to such amendments that will preserve, as far as possible, the intentions expressed in this Agreement. If the Parties fail to agree on such an amendment, such invalid term, condition or provision will be severed from the remaining terms, conditions and provisions, which will continue to be valid and enforceable to the fullest extent permitted by law. |
12.6 | Integration. This Agreement including the Exhibits hereto contains the entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all previous |
15651.036 4822-7919-8312.10 10
communications, representations, understandings and agreements, either oral or written, between the Parties with respect to said subject matter. This Agreement may not be amended, except by a writing signed by both Parties and in a form specifically referencing the modified provisions of this Agreement.
12.7 | Superseding Terms. No terms, provisions or conditions of any current or future purchase order, sales order, acknowledgment or other business form that the Parties may use in connection with the current or future orders with respect to the Software will have any effect on the rights, duties or obligations of the Parties under, or otherwise modify, this Agreement, regardless of any failure of either Party to object to such terms, provisions or conditions. |
12.8 | Relationship of Parties. Each Party is an independent contractor and nothing in this Agreement is intended or shall be deemed to constitute a partnership, agency, employer-employee or joint venture relationship between the Parties. No Party shall incur any debts or make any commitments for the other. |
12.9 | Governing Law. This Agreement shall be a contract made under, and governed and enforced in every respect by, the internal laws of the State of Utah, except to the extent preempted by federal law, without giving effect to its conflicts of law principles. Any dispute, controversy, or claim, whether contractual or non-contractual, between the Parties arising directly or indirectly out of or connected with this Agreement, including claims relating to the breach or alleged breach of any representation, warranty, agreement, or covenant under this Agreement, unless mutually settled by the Parties and including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in the County of Salt Lake, Utah; provided, however, that the foregoing shall not include any claims for declaratory relief. The arbitration shall be administered by JAMS pursuant to its (Comprehensive Arbitration Rules and Procedures). Judgment on the award may be entered in any court having jurisdiction. This clause shall not preclude the Parties from seeking provisional remedies in aid of arbitration from a court of appropriate, except that the Parties agree that the arbitration, the arbitrators’ authority and the relief available shall be limited as follows: |
(a) | The arbitrators shall be obligated to apply the rules of evidence and the substantive laws of the State of Utah applicable to actions litigated in the courts of the State of Utah; and |
(b) | The arbitrators shall be deemed to have exceeded their powers, authority or jurisdiction if the award they render is not correct under applicable Law and properly admitted evidence, if the arbitrators grant relief not expressly permitted under this Agreement or if the arbitrators otherwise fail to comply with the terms and limitations of this Section 12.9(b). In the event of any conflict between the rules of JAMS and this Agreement, this Agreement will control. Any arbitration shall be conducted by arbitrators approved by JAMS and mutually acceptable to the Parties. All such disputes, controversies, or claims shall be conducted by a single arbitrator, unless the dispute involves more than $[***] in the aggregate in which case the arbitration shall be conducted by a panel of three arbitrators. If the Parties are unable to agree on the arbitrator(s), then JAMS shall select the arbitrator(s). The resolution |
15651.036 4822-7919-8312.10 11
of the dispute by the arbitrator(s) shall be final, binding, nonappealable, and fully enforceable by a court of competent jurisdiction under the Federal Arbitration Act. The arbitration award shall be in writing and shall include a statement of the reasons for the award. Process in any such action may be served upon any Party in the manner provided for giving of notices to it herein.
12.10 | Waiver of Rights to Trial by Jury. EACH PARTY EXPRESSLY WAIVES ANY RIGHT TO TRIAL BY JURY OF ANY CLAIM, DEMAND, ACTION OR CAUSE OF ACTION ARISING UNDER THIS AGREEMENT OR IN ANY WAY CONNECTED WITH OR RELATED OR INCIDENTAL TO THE DEALINGS OF THE PARTIES WITH RESPECT TO THIS AGREEMENT, OR THE TRANSACTIONS RELATED THERETO, IN EACH CASE WHETHER NOW EXISTING OR HEREAFTER ARISING, AND WHETHER SOUNDING IN CONTRACT OR TORT OR OTHERWISE; AND EACH PARTY HEREBY AGREES AND CONSENTS THAT ANY SUCH CLAIM, DEMAND, ACTION OR CAUSE OF ACTION SHALL BE DECIDED BY COURT TRIAL WITHOUT A JURY, AND THAT ANY PARTY MAY FILE AN ORIGINAL COUNTERPART OR A COPY OF THIS SECTION 12.10 WITH ANY COURT AS WRITTEN EVIDENCE OF THE CONSENT OF THE SIGNATORIES TO THE WAIVER OF THEIR RIGHT TO TRIAL BY JURY. |
12.11 | Jurisdiction, Venue and Service of Process. Subject to the provisions of Section 12.9, the Parties hereby consent to the exercise of jurisdiction over their person and its property by any state or federal court situated in the State of Utah, County of Salt Lake, for the enforcement of this Agreement or in any other controversy, dispute or question arising hereunder, and each Party hereby waives any and all personal or other rights to object to such jurisdiction for such purposes. Each Party, for itself and its successors and assigns, hereby waives any objection which it may have to the laying of venue of any such action or suit at any time, each Party agrees that service of process may be made, and personal jurisdiction over such Party obtained, by service of a copy of the summons, complaint and other pleadings required to commence such litigation by personal delivery or by United States certified or registered mail, return receipt requested, addressed to such Party at its address for notices as provided in this Agreement. Each Party waives all claims of lack of effectiveness or error by reasons of any such service. |
12.12 | Proceedings. If EDS or any of its Affiliates becomes a party to any lawsuit, investigation or any other formal or other proceeding with any Governmental Authority regarding the Loans or the Program and FB is not then a party thereto, then, upon reasonable request, FB cooperate with EDS or any Affiliate thereof, including, if acceptable to FB, filing an amicus curiae, so long as EDS pays all reasonable legal fees and costs incurred in connection therewith. |
12.13 | Signatures. This Agreement may be executed simultaneously in multiple counterparts, each of which will be considered an original, but all of which together will constitute one and the same instrument. Signatures received by facsimile, PDF file or other electronic format shall be deemed to be original signatures. |
15651.036 4822-7919-8312.10 12
12.14 | Audits. |
(a) | Within the first seventy five (75) days after the Effective Date and, thereafter, in the intervals set forth in Exhibit E, FB may perform or cause to be performed such internal audits, reviews and validations as it shall determine in connection with the EDS duties hereunder. Subject to Section 12.14(b), such internal audits, reviews and validations shall be performed by FB or its designee and shall be at FB's sole cost and expense. |
(b) | EDS or an Affiliate of EDS shall reimburse FB for an aggregate of up to $[***] per calendar quarter ("Cap") for all internal audits, reviews and validations regarding the Program, which Cap shall be reduced to up to $[***] per calendar quarter at such time that the application program interface (API) connecting the Software to FB's systems is operational. In no event shall the aggregate liability of EDS and its Affiliates in any calendar quarter for the fees and costs of such internal audits, reviews and validations (including, without limitation, pursuant to the Marketing Agreement) exceed the applicable Cap. |
<signature page follows>
15651.036 4822-7919-8312.10 13
IN WITNESS WHEREOF, duly authorized representatives of each of the Parties has executed this Agreement as of the Effective Date.
EDS: | FB: | |||
Elevate Decision Sciences, LLC | FinWise Bank | |||
By: | /s/ Ken Rees | By: | /s/ David Tilis | |
Name: | Ken Rees | Name: | David Tilis | |
Title: | Chief Executive Officer | Title: | SVP | |
15651.036 4822-7919-8312.10 14
EXHIBIT A
SOFTWARE AND FEES
A. Software Description:
The Software is EDS' automated consumer credit decisioning, processing and account management software application.
▪ | Software description: |
◦ | The Software is an internet-based consumer credit platform that permits the collection, verification, scoring, evaluation, funding, and account management of installment loans. |
◦ | The Software will include an internet website landing page. |
◦ | The Software will include an accounting and loan tracking system to accurately and immediately reflect all Applications, Loans and related information regarding Loans to ensure compliance with all applicable Laws, the Program Guidelines and the AML Requirements. |
◦ | The Software will include internet-based financial wellness materials for Borrowers that, once reviewed and approved by FB, shall be made available on a website hosted by or on behalf of EDS. |
◦ | The Software will include functionality to permit communications between FB, FB's Third Party Service Providers, Borrowers and prospective borrowers. |
◦ | The Software will generate Metro II files suitable for credit bureau reporting. |
▪ | Hardware description: |
◦ | As of the Effective Date, the Software shall be hosted on a hardware platform located in a shared data center under contract with EDS or an Affiliate of EDS. |
B.Fees:
Fees – FB will pay EDS a fee equal to [***] Dollars (US$[***]) per Loan, which fee shall be due and payable upon the approval, acceptance and funding of each Loan by FB. FB shall pay or cause to be paid the aggregate fees to EDS on a monthly basis within ten (10) business days after being presented with an invoice at the end of each month with respect to all Loans is approved and accepted during the prior month, as evidenced in a listing of Loans set forth in an electronic report provided by EDS to FB pursuant to Exhibit D. If FB does not make any payment as and when due then, in addition to paying such amount, FB shall also pay a late charge equal to the lesser of (i) [***] percent ([***]%) of the unpaid amount per month or portion thereof or (ii) the maximum late charge permitted by applicable Law until the unpaid amount is paid in full.
15651.036 4822-7919-8312.10 1
Professional Services - $[***]per hour. This is for work or other services requested by FB, related to the customization of the Software for its requirements, other than standard implementation services. Any travel and accommodation costs incurred will be billed in addition if approved in advance by FB. EDS will obtain FB’s prior approval of any such expenses in excess of $[***] in any month. All professional services shall be performed in a professional manner consistent with industry standards. FB shall be billed monthly in arrears. Payment terms are net thirty (30) calendar days from date of invoice. If any payment is not made as and when due, then FB shall also pay a late charge on the unpaid amount at a rate equal to the lesser of [***]percent ([***]%) per month or the maximum late charge permitted by applicable Law.
C.Expenses:
FB shall pay or reimburse EDS for all data usage or other expenses required to obtain all credit bureau data and information and exporting such credit bureau data into the Software. Unless contracted directly by FB, EDS shall invoice FB for such expenses on a monthly basis. Within ten (10) business days after the receipt of a properly-documented invoice (with copies of supporting invoices, as appropriate) from EDS, FB shall pay or cause to be paid such expenses incurred by EDS during the prior calendar month.
EDS shall be responsible for costs and expenses associated with providing the functionality to process Applications as set forth in Schedule D including, without limitation, the features and functionality for Applicant notifications, auditing, reporting, data entry and storage.
D.Validation:
EDS agrees to provide reasonable cooperation in connection with FB's testing and validation processes with respect to the Software which shall include (i) development processes and procedures, (ii) testing/validation processes, (iii) validation frequency and (iv) monitoring of third party service providers provided that solely with respect to the risk models (not the entirety of the Software or Tools), such monitoring shall be no less restrictive than provided for in FDIC Financial Institution Letter 22-2017, as such guidance may be updated from time to time and provided further that FB shall (a) provide EDS with reasonable prior written notice prior to conducting any testing validation processes with respect to the Software, and (b) use reasonable efforts not to disrupt EDS' regular business operations.
15651.036 4822-7919-8312.10 2
E.Access to Business Models and Technical Information:
EDS shall at all times comply with the Credit Model Policy. Furthermore, EDS shall provide FB with reasonable access to its Technical Information, credit and business models underlying the Credit Model Policy, including all pricing, credit, and underwriting assumptions thereto and the Credit Model Documentation. FB shall have the right to test and validate EDS’s Technical Information and Credit Model Policy, including any underlying data, for consistency with the Credit Model Policy and the Program Guidelines. Subject to the confidential provisions of Section 10.1 of this Agreement, FB may, at its election and at the expense of EDS (but subject to the Cap), require EDS to submit its credit and business model and all Technical Information to FB or a Platform Technical Auditor of FB’s choosing (a) for validation of compliance with the Credit Model Policy and the Program Guidelines including, but not limited to, applicable Laws and (b) to independently test and validate EDS’s models for the Program, including EDS’s loan performance models. In connection with any such testing and validation, EDS shall cooperate with FB and Platform Technical Auditor including delivering any requested information and making available responsible personnel to answer questions. Any information shared with such Platform Technical Auditor shall be considered Confidential Information of EDS hereunder and such Platform Technical Auditor shall be subject to the confidentiality restrictions hereunder and may not share any Technical Information received from EDS in connection with such audit with FB. FB shall be the owner of the results of such review and shall share the results related to the Credit Model Policy, Program Guidelines and applicable Laws with EDS promptly upon the completion of such review or audit. EDS shall promptly provide FB with written notice of any change to its Credit Model Policy or Technical Information, including a full-context summary of the assumptions underlying such changes as well as the anticipated effects thereof. For purposes hereof, “Platform Technical Auditor” shall mean a consultant that is (a) not an Affiliate of FB and (b) qualified to audit the Technical Information related to the Program.
* * *
15651.036 4822-7919-8312.10 3
EXHIBIT B
SUPPORT
At no additional charge, EDS shall provide the following Support to FB:
1.Updates.
EDS shall make available to FB all Updates (as defined in Section 1 of the Agreement) for FB’s reasonable review, testing and validation prior to their release in accordance with Section 6.2 of the Agreement. Due to the nature of internet- and web-based applications, FB acknowledges and agrees that only the current version of the Software will be enabled for Use and supported; all other versions of the Software are archived under a source control system for historical reference purposes only, and are not maintained as functioning Software.
EDS shall be responsible for its costs and expenses developing any Updates required to comply with changes in applicable Law and changes to the Program Guidelines proposed by EDS. However, if any other Updates are requested by FB including as a result of any changes to the Program Guidelines proposed by FB, then the costs and expenses of developing such Updates shall be allocated as mutually agreed by the Parties.
2.Technical Support.
a.FB will designate up to three (3) named persons on its technical support staff who will be authorized to contact EDS to receive support with the Software. FB may change these designated persons from time-to-time by providing written notice to EDS. EDS shall provide support in the Use of the Software from its offices by telephone, email and fax during the hours of 9:00 a.m. to 5:00 p.m. CT, Monday to Friday, excluding holidays.
b.EDS will use reasonable efforts to answer questions and correct problems (or to provide suitable temporary solutions or workarounds for problems) in EDS' initial response or consultation with FB. If further action is necessary, then EDS will use reasonable efforts to answer the question or correct the problem (or to provide suitable temporary solutions or workarounds for problems) within twenty-four (24) hours after FB's Support Contact's initial telephone contact with EDS.
c.EDS will not be responsible for failure to correct a problem to the extent that the problem is caused by (i) a malfunction of computer hardware or software other than the Software or the server software and hardware used by EDS to host the Software, (ii) any modification of the Software by anyone other than EDS which problem would not have occurred but for such modification, (iii) use of the Software with systems other than those contemplated by this Agreement or the Documentation or (iv) FB's failure to implement updates provided by EDS as required herein.
d.FB will provide EDS with reasonable access to FB's authorized technical support staff for the sole purpose of facilitating EDS' performance of its Support obligations.
15651.036 4822-7919-8312.10 4
e.FB will provide information and materials reasonably requested by EDS for use in replicating, diagnosing and correcting an error or other Software problem reported by FB. If there have been modifications or custom coding made to the Software by anyone other than EDS, then upon EDS’ request FB will be required to demonstrate that the issue, error or defect that is the basis of FB’s support request so that it can be reproduced without the presence of any such modifications or custom coding made to the Software. FB acknowledges that all Updates provided by EDS will be cumulative in nature, and therefore FB shall permit the installation of all Updates provided by EDS as soon as the Parties mutually deem practical. FB further acknowledges that EDS’ ability to provide satisfactory Support is dependent on FB (i) accepting the installation of all Updates that have been reviewed, tested and validated by FB as provided for herein, and (ii) providing EDS with all information reasonably necessary to replicate problems.
15651.036 4822-7919-8312.10 5
EXHIBIT C
PERSONAL DATA PRIVACY AND SECURITY
Personal Data Privacy and Security.
a.The Parties acknowledge that FB Personal Data is owned by FB. EDS shall not disclose FB Personal Data to third parties without having first received express written approval from FB. Each Party, including its staff, shall view and Process FB Personal Data only on a need-to-know basis and only to the extent necessary to perform this Agreement.
b.Each Party shall adopt and implement industry standard written information security guidelines, which guidelines include without limitation: (a) physical, administrative and technological controls; (b) security training and oversight; (c) written plans to assess and manage system failures and change controls; (d) regular assessments of security risks and measures to prevent and detect unauthorized access; (e) collection, maintenance, transmittal and disposal of Client Customer PII; and (f) notice and incident response procedures. Such guidelines shall be designed to ensure the security and confidentiality of FB Personal Data in order to prevent, among other things: (i) accidental, unauthorized or unlawful destruction, alteration, modification or loss of FB Personal Data; (ii) accidental, unauthorized or unlawful disclosure of or access to FB Personal Data; and (iii) unlawful forms of Processing. The security measures adopted and implemented shall be in compliance with applicable data protection regulations (specifically 12 C.F.R. Sections 40.1-40.18, and 12 C.F.R. Part 30, Appendix B) and shall be adapted to the risks presented by the Processing and the nature of the FB Personal Data to be Processed, having regard to the state of the art and the cost of implementation. Each Party shall promptly inform the other of any breach of this security and confidentiality undertaking, unless prohibited from doing so by law.
c.Each Party shall notify the other Party of any “Security Breach” involving any FB Personal Data collected by such Party pursuant to this Agreement, where “Security Breach” is defined as any event involving an actual, potential or threatened compromise of the security, confidentiality or integrity of the data including, but not limited to, any unauthorized access or use, or any broader circumstances as defined in any applicable Law. The breached Party shall conduct an investigation into the cause of the breach and provide the other Party with a reasonably detailed description of the Security Breach, the type of data that was the subject of the Security Breach, the identity of each affected person, and any other information the other Party may reasonably request concerning such affected persons and the details of the breach, as soon as such information can be collected or otherwise becomes available. The responsible Party agrees to take action promptly, at its own expense, to investigate the Security Breach and to identify, prevent and mitigate the effects of any such Security Breach, and to carry out any recovery or other action (e.g., mailing statutory notices) necessary to remedy the Security Breach. The content of any filings, communications, notices, press releases, or reports related to any Security Breach (“Notices”) must first be approved by both Parties prior to any publication or communication thereof to any third party. EDS shall pay for or reimburse FB for all costs (including reasonable outside counsel fees), losses and expenses relating to any Security Breach including, without limitation, the cost of Notices unless any such Security Breach is the result of negligence or fraud of the breaching Party, employee or contractor.
d.Each Party shall implement measures necessary to reasonably ensure compliance by its staff with the obligations relating to FB Personal Data.
15651.036 4822-7919-8312.10 6
e.During the term of this Agreement and for a period of one (1) year thereafter, each Party reserves the right to conduct at any time during regular business hours, subject to a prior written notice, an on-site verification of the other Party’s compliance with obligations relating to FB Personal Data. Each Party shall provide access to all concerned facilities, equipment and records in order to conduct such verification.
f.If either Party will Process any FB Personal Data or other information of FB’s Borrowers (“Customer Information”) collected pursuant to this Agreement that is subject to Title V of the Gramm-Leach-Bliley Financial Services Modernization Act of 1999 and regulations promulgated under that Act (collectively “GLB”) or other federal, state, and local laws, rules, regulations, and ordinances governing the privacy and security of customer information (collectively “Customer Information Privacy Laws”), then each Party agrees to comply with GLB and other Customer Information Privacy Laws, and to protect and maintain the privacy of such Customer Information accordingly. Such compliance shall include, but not be limited to, each Party: (i) adopting and maintaining a written information security program as described in paragraph (a) above; (ii) not disclosing any Customer Information to any third party except as expressly provided in this Agreement; (iii) ensuring that its employees and subcontractors who obtain or have access to Customer Information comply at all times with the Customer Information Privacy Laws and the applicable provisions of this Agreement; and (iv) protecting and maintaining the security of all Customer Information in its custody or under its control. Each Party shall immediately report to the other Party any unauthorized disclosure or use of or any unauthorized access to any Customer Information in its custody or under its control.
g.Each Party will maintain a record retention and destruction policy, and agrees that it will retain Personal Data collected hereunder only for so long as is necessary to provide the services contemplated hereby. Upon termination of this Agreement and subject to any transitional period provided for in the Agreement, each Party will promptly return to the other Party any such Confidential Information of the disclosing party that is in tangible form. In the event of such a request, all other documents, memoranda, notes and other writings whatsoever prepared by receiving party or its representatives, based on the Confidential Information (including all copies, extracts and reproductions thereof) shall be destroyed. Confidential Information provided by the disclosing party will be limited to one instance on the receiving Party’s network (only one version) except for instances that may be for disaster recovery purposes. For disaster recovery purposes, access will be limited to the receiving Party’s employees on an as needed only basis, with a defined retention/destruction period. The receiving Party affirms that it will send a disposal notice once its version has been destroyed.
h.Subject to compliance with applicable Law, EDS shall have the right and license to (i) co-mingle Personal Data (including FB Personal Data) with other data owned or used by EDS and share such co-mingled data with other financial institutions working with EDS or any of its Affiliates and (ii) share all account data regarding Borrowers (excludes credit data) for use by EDS and its Affiliates for underwriting purposes when an Affiliate of EDS will be the lender. In addition, subject to compliance with applicable Law, EDS shall have a right and license to use all Personal Data (including FB Personal Data) for its internal business purposes to monitor and improve the Program (including the security thereof) and any of the other programs sponsored or supported by EDS or any of its Affiliates. The foregoing right and licenses shall be non-exclusive, perpetual and royalty-free. FB shall revise and maintain its privacy policy applicable to the Program to permit the foregoing.
* * *
15651.036 4822-7919-8312.10 7
EXHIBIT D
PLATFORM AND WEBSITE SUPPORT AND ACCOUNT MANAGEMENT
1. | EDS Obligations. EDS agrees to provide the following services in accordance with applicable Law and the Program Guidelines: |
a. | Establish and maintain an electronic interface between the Parties. |
b. | Supply FB with any required Loan data |
c. | Propose forms of Loan Documents, which shall be subject to the review and approval of FB. |
d. | Through the Software, provide each Borrower with the Loan Documents and such notices or documents related to such Borrower’s Loan as are required by applicable Law. All Loan Documents shall provide, as appropriate, that they are governed by federal law and, to the extent not preempted by federal law, by the applicable laws of the State of Utah. EDS shall only utilize Loan Documents that have been approved by FB. |
e. | Provide FB with sufficient access to permit FB to monitor EDS' performance of the servicing support. |
f. | Application support. |
g. | Provide the features and functionality in the Software to review Customer Information regarding each such Applicant to ensure each such Loan is compliant with (i) the Program Guidelines (ii) the requirements of FB’s Customer Identification Program (“CIP”), (iii) applicable Law and (iv) the AML Requirements, and with respect to (i), (ii) and (iv) as may be amended from time to time by FB. |
h. | Provide the features and functionality in the Software to screen each applicant for fraud detection purposes as well as screened against the prohibited persons list maintained by the Office of Foreign Assets Control ("OFAC"). |
i. | Provide the features and functionality in the Software to screen each Applicant to ensure compliance with applicable Law, the Program Guidelines, and the AML Requirements and OFAC regulations. |
j. | Provide the features and functionality in the Software to establish and maintain Loan accounts for all Applicants approved by FB in accordance with applicable Law and the Program Guidelines. |
k. | Comply with all OFAC and FB directives regarding the prohibition or rejection of unlicensed trade and financial transactions with OFAC specified countries, entities and individuals. |
l. | Report any suspicious activity that EDS becomes aware to FB and in accordance with applicable Law and the AML Requirements. |
15651.036 4822-7919-8312.10 8
m. | Make all training records available for review by FB or a Governmental Authority. |
n. | To the extent FB denies an Application, provide the features and functionality in the Software to notify the Applicant in accordance with applicable Law. |
o. | Provide the features and functionality in the Software to maintain accurate and complete Loan accounts and records including: |
i. | Borrower's name; |
ii. | Borrower's tax identification number; |
iii. | Borrower's address; |
iv. | Borrower's date of birth; |
v. | Date of service; and |
vi. | Loan balance. |
p. | Provide the features and functionality in the Software to monitor the Loans. |
q. | Provide the features and functionality for authorized call center personnel to access information regarding the Loans. |
r. | Provide each Borrower with initial loan disclosures including, truth-in-lending disclosures, application and privacy notice. |
s. | Provide each Borrower with a periodic billing statement and other legal or regulatory required communications. |
t. | Provide adverse action notices and any other documents or notifications required by regulation, applicable Law or the Program Guidelines. |
u. | Reconcile all Loan accounts on a daily basis (credits and debits). |
v. | Post payments, collections or other credits to the Borrower's account when received. |
w. | Standard reports and exception reports as reasonably requested by FB. |
x. | Report Borrower's repayment history to credit bureaus. |
y. | Provide adequate training for the use of the Software to FB or its Third Party Service Provider. |
z. | Provide such statements and reports as is reasonably requested by FB to monitor the administration and servicing of the Loans in accordance with the Program Guidelines, which shall include, without limitation, any reports FB is required to deliver to any third party in connection therewith. |
15651.036 4822-7919-8312.10 9
2. | FB Obligations. FB, either directly or through a Third Party Service Provider, shall provide all other Loan servicing not specified in paragraph 1 above in accordance with the Program Guidelines. |
3. | Service Levels. EDS shall provide the following services, measured on a monthly basis, excluding any Approved Maintenance, Emergency Maintenance or Scheduled Maintenance: |
a. | Borrower Web Access Availability – 99.0% daily availability (calendar month average). |
b. | Third Party Service Provider (Phone Support) Web Access Availability – 99.0% daily availability (calendar month average). |
c. | Definitions. |
i. | “Approved Maintenance” shall mean Scheduled Maintenance and Emergency Maintenance. |
ii. | “Emergency Maintenance” shall mean maintenance relating to the security of Confidential Information or EDS systems. |
iii. | “Scheduled Maintenance” shall mean routine, scheduled maintenance. EDS may have regularly scheduled planned outages of the Services at reasonable times upon not less than five (5) business days prior written notice to FB. During such planned outages, the affected services shall be exempt from SLA measurements. |
iv. | Excuse from Performance. EDS shall not be responsible for a failure to meet any Service Level to the extent that such failure is directly attributable to, or EDS’ performance is materially hindered by, any of the following: |
a. | FB’s (or a FB Affiliate’s or a third party supplier’s) acts, errors, omissions, or breaches of the Agreement; or |
b. | Any event that would constitute a Force Majeure Event pursuant to the Agreement. |
d. | Penalties. |
i. | Upon the failure to comply with any aspect of the Service Level Agreement set out in this Exhibit D, EDS shall submit to the FB a corrective action plan addressing such failure to comply. This plan shall be submitted within five (5) business days of notice from the FB of a failure to comply. |
ii. | Upon the failure to comply a second time with the same Service Level Agreement obligation, upon notice to EDS, EDS shall make its President or Chief Executive Officer available to meet with the FB to address the failure. |
15651.036 4822-7919-8312.10 10
iii. | Upon the third failure to comply with the same Service Level Agreement obligation within a twelve month period, FB may, at its option, either terminate the specific subject services or terminate this Agreement in its entirety by giving written notice of termination to EDS, in which case the date of termination shall at least one hundred twenty (120) days from the date of the notice. |
* * *
15651.036 4822-7919-8312.10 11
EXHIBIT E
AUDIT SCHEDULE
EXHIBIT F
ANTI-MONEY LAUNDERING REQUIREMENTS
BSA/AML and OFAC Requirements for Third Party FinWise Bank (FB) Programs
I. | Statement of Commitment 28 |
II. | Anti-Money Laundering (AML) Compliance Program 28 |
III. | Board of Directors Responsibilities 28 |
IV. | Associate Responsibilities 29 |
V. | AML Officer Responsibilities 29 |
VI. | AML Risk Assessment 29 |
VII. | System of Internal Controls 29 |
VIII. | Independent Program Testing 29 |
IX. | Training Requirements 29 |
X. | Detecting and Reporting Suspicious Activity 30 |
XI. | Customer Identification Program 30 |
XII. | OFAC compliance 32 |
15651.036 4822-7919-8312.10 12
I. Statement of Commitment.
It is the requirement of FB's and EDS’ Third Party Providers ("Third Party") to comply fully with the USA PATRIOT Act, and all related laws and implementing regulations, such as those established by the Office of Foreign Assets Control (OFAC), the Office of the Comptroller of Currency (OCC) the Consumer Financial Protection Bureau (CFPB) and the Financial Crimes Enforcement Network (FinCEN) and the Federal Deposit Insurance Company (FDIC). Third Party must recognize and be committed to fulfilling its responsibilities in assisting government and law enforcement authorities in combating money laundering, drug trafficking and other criminal activity.
II. Anti-Money Laundering (AML) Compliance Program.
Third Party shall provide for the continued administration of a program reasonably designed to assure and monitor AML compliance requirements as stated in this the “BSA/AML and OFAC Requirements” document (or “Requirements”). The written requirements document includes requirements for Third Party’s Anti-Money Laundering program, Customer Identification Program, reporting and record-keeping requirements, and other applicable responsibilities.
As required by 12 CFR 21.21, the Anti-Money Laundering requirements are also reasonably designed to ensure:
a. A system of internal controls to assure ongoing compliance;
b. Independent testing of compliance;
c. | A designated individual or individuals responsible for coordinating and monitoring day to day compliance; and |
d. Training for appropriate personnel.
As so incorporated into these Requirements, Third Party employees (Associates) are responsible for compliance with applicable procedures and internal controls set forth in the Requirements.
Generally speaking, the programs must provide for activity review and detection of the three stages of money laundering:
a. | Placement – The introduction of illegal proceeds into the financial system |
b. | Layering – moving funds among accounts so as to obfuscate the origin and ownership of the funds |
c. | Integration – transition of funds off of laundering instruments back into economy |
III. Board of Directors Responsibilities.
In the event the entity is managed by a Board of Directors or its equivalent, it is the continuing responsibility of the Board of Directors, or its designee, to monitor and evaluate the effectiveness of Third Party’s Anti-Money Laundering (AML) Program. As such, the Board, or its designee, should review and approve the AML Program annually, as well as review and approve any proposed Requirements amendments. In addition, the Board or its designee should affirm annually that Third Party’s AML Program, including required Customer Identification Program, is designed to provide reasonable assurance of compliance consistent with Third Party’s risk profile.
15651.036 4822-7919-8312.10 13
The Board should receive periodic reports regarding Third Party’s AML Program components, to include risk assessments, suspicious activity reports summary, independent testing scope and results, associate training obligations and participation levels, and any other information considered relevant to Third Party’s AML oversight.
The responsibilities and oversight actions by Third Party’s Board of Directors should be documented in Board Committee minutes in conformity with legally required corporate governance practices.
IV. Associate Responsibilities.
Associates are responsible for complying with these AML requirements. Non-compliance with Third Party’s established AML requirements, processes, and procedures may result in disciplinary action up to and including possible termination. In addition, violating or failure to comply with AML laws and regulations may result in civil and criminal sanctions against an Associate.
V. AML Officer Responsibilities.
Third Party should ensure that a BSA\AML Compliance Officer is designated at all times, with necessary authority and resources to effectively conduct the overall administration of Third Party’s AML Program. The BSA\AML Compliance Officer is responsible for coordinating and monitoring day-to-day compliance of the AML Program.
VI. AML Risk Assessment.
Third Party should conduct, at least annually, a risk assessment designed to identify key risks within its corporate operations (to include products, services, customers, and geographic locations). Information regarding FB Third Party’s risk profile should be reported to the Board of Directors, or its equivalent, if applicable annually.
VII. System of Internal Controls.
It is the requirement of Third Party to provide for a system of internal controls reasonably designed to assure compliance with all AML responsibilities. Procedures and controls should include such key areas as reporting responsibilities, record-keeping, detection and reporting of suspicious activity, and due diligence programs.
VIII. Independent Program Testing.
Third Party should provide for a program of independent testing of the AML Program to be conducted at least bi-annually, by internal staff by designation not associated with BSA\AML Compliance Officer, to ensure impartiality. The independent review should address the overall integrity and effectiveness of the AML Program, reporting and recordkeeping requirements, the AML risk assessment, appropriate transaction testing, training adequacy, integrity and accuracy of management information systems, and other key controls deemed necessary. Results of independent testing should be reported to the Board of Directors, or its equivalent, if applicable in conjunction with corrective action plans as required, with a copy of report and corrective action plans provided to FB.
15651.036 4822-7919-8312.10 14
IX. Training Requirements.
All Associates, as well as the Board of Directors or its equivalent or designee if applicable, are responsible for understanding their roles and responsibilities under Third Party’s AML Program. Third Party should develop and communicate an annual AML Training Plan designed to provide such training of AML laws and regulations, including OFAC and CIP requirements. Third Party shall require that all Associates and if applicable, Board of Directors, or its equivalent or designee, if applicable, must fulfill annual training and continuing education requirements established by the AML Training Plan and that all newly hired associates are trained on AML requirements within thirty (30) days of start date. As part of Third Party’s AML Program requirements, the AML Training Plan should be approved annually and training progress reports provided to ensure adequate oversight. The AML training plan, records of training completion and copies of training materials should be made available to such party upon request.
X. Detecting and Reporting Suspicious Activity.
Associates have a duty to understand their responsibilities for detecting and reporting suspicious activity. It is the requirement of Third Party that Associates follow established “Know Your Customer” (or KYC) procedures; that any customer, Associate, or other suspicious activity (or possible suspicious activity) be promptly reported to designated persons as set forth in the Requirements; that all such reports be timely and diligently investigated by such designated persons; and to timely and comprehensively fulfill all suspicious activity report filing requirements by providing proper notice to Third Party BSA/AML Compliance Officer. Any suspicious activity identified by Third Party should be reported to the FB’s Non-Traditional BSA Manager or designated BSA Staff in a timely manner upon identification via the established agreed upon reporting mechanism. Third Party shall require that all Associates should maintain the strict confidentiality of all such suspicious activity investigations and reports.
In pursuit of its obligations to diligence and oversight, Third Party should develop or acquire tools for use in reviewing account activity. These tools, when deployed in conjunction with a formal risk management training program should represent a broad spectrum approach to detecting and reporting suspicious activity. Per the Requirements, tools and resources should include daily application reviews of:
i. | Loan applications at addresses with prior known fraud history |
ii. | Loan application details, to include social security numbers, dates of birth and phone numbers, that may match prior established account with a history of suspect behavior |
iii. | Loan applications that appear to be associated with identified fraud rings |
iv. | Unusual or suspicious transactional loan activity |
v. | Any other alerts related to fraud or suspicious activity, as applicable |
Training for use and implementation of these resources is an ongoing process with emphasis on associative analysis and metrics base analytics is recommended. Training courses should include overview of AML requirements, OFAC program measures, and detailed review of Customer activity and behavior.
Records of activity reviews, including copies of any correspondence and SAR’s should be retained in a central repository (such as a Client Relationship Manager), which provides record keeping at the account level. Any activity which is reviewed or investigated must be logged in the respective account record on the repository. Records of activity reviews should be held on file for no less than five (5) years within the repository.
15651.036 4822-7919-8312.10 15
XI. Customer Identification Program.
As required by 31 CFR 1020.220, Third Party should maintain a written Customer Identification Program (CIP) designed to be appropriate for the size and type of business or product and intended to enable associates to form a reasonable belief that the true identity of each Customer is known. Third Party’s CIP should include required Customer information, risk-based procedures for verifying the identity of the Customer, recordkeeping requirements and retention, comparison with government lists, and adequate Customer notice. The CIP should be detailed in the Requirements and is subject to compliance by all associates with CIP responsibilities. The CIP should be reviewed and approved annually by the appropriate parties, in conjunction with oversight of Third Party’s AML Program.
With respect to loans that establish an ongoing relationship with a Customer, Third Party shall review Customer information regarding each Customer, and shall be responsible for ensuring that each Customer meets the requirements of the CIP Program. Generally, the CIP program should adhere to the following structure for Customer accounts.
The following Personally Identifiable Information (PII) should be collected and stored at the account level:
i. | Legal Name |
ii. | Date of Birth |
iii. | Physical Street Address (P.O. Box is not acceptable) |
iv. | SSN or ITIN |
CIP information provided at the time of application for an account may be verified by a “non-documentary” method. Non-documentary CIP validation methods require passing provided data to a FB approved third party service provider or bureau for ID verification. In such cases where the ID check process fails, an exception occurs or in a retail environment where third party validation is not possible, documentary evidence supporting account holder identity should be collected in order to continue with the application. The information collected should include:
A. | Copy of Driver’s License or another form of government issued photo ID. The ID type, location of issuance, issuance date (where available), expiration date and ID number should be captured and stored at the account level. |
AND
B. | Copy of additional documentation (such as recent utility bill or other 3rd party verifiable document) with name and address matching applicant FB Third Party may use waterfall logic or strict four factor requirement for its CIP validation based on FB’s approval. Bureau result codes which qualify as passes per that waterfall logic or strict four factor validation may be considered validating result codes for FB Third Party CIP process with FB’s approval. |
All CIP information (Legal Name, Date of Birth, Physical Street Address, and Government Issued ID number) should be held in a secured, encrypted fashion for five (5) years from date of account closure.
All documentary and non-documentary CIP verification information should be held in a secured, encrypted fashion for 5 years from date of application.
15651.036 4822-7919-8312.10 16
CIP requirements must be disclosed to applicants prior to application (ex. via pop-up boxes on registration websites) and the notice content and format must be approved by such party prior to use.
XII. OFAC compliance.
Pursuant to the Requirements, all new accounts where Personally Identifiable Information is present must be verified against the OFAC screening system. OFAC screening will be performed by FB Third Party, or if agreed upon by both parties, FB, prior to the Customer receiving funding. All Customer accounts are subject to OFAC screening prior to Loan approval.
Loan accounts which appear to have Customer data matching OFAC watch list identities will be validated by FB Third Party or if agreed upon by both parties, FB, as follows:
1. | Verifying that the OFAC watch list match is a match against a certified OFAC watch list. |
2. | Verify that the match is of an individual to an individual not an individual to a company. |
3. | Verify at least two parts of the matching individuals name matches the OFAC data, including aliases. |
4. | Verify a third portion of the Customer ID against the OFAC list to provide final confirmation of a true match. |
5. | Record of all above matches, whether resulting in an OFAC match or not, will be maintained for 5 years. |
Upon verification of a valid OFAC watch list match against new loan application, the following steps must be taken either by the Third Party or if agreed upon by both parties, FB:
1. | The loan account which was matched should be blocked from use. No funds should be made available to the Customer. |
2. | If the Third Party is handling the OFAC screening process, the Third Party must contact FB’s Non-Traditional BSA Manager, or designated BSA Staff. |
3. | OFAC should be notified. |
Additionally, any transactions from OFAC sanctioned countries must be prohibited. As that list of sanctioned countries may change from time to time, no list is provided here, however it is understood that any such list published and provided by FB or the Office of Foreign Assets Control will serve as a strict guide for compliance.
Evidence of OFAC must be maintained by the Third Party or if agreed upon by both parties, FB, and held on file for a period of no less than five (5) years.
OFAC compliance requirements may be satisfied by Third Party individually or in conjunction with such party.
* * *
15651.036 4822-7919-8312.10 17