UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 8-K
CURRENT REPORT
PURSUANT TO SECTION 13 OR 15(d) OF THE
SECURITIES EXCHANGE ACT OF 1934
Date of Report (Date of earliest event reported): November 4, 2021 (October 29, 2021)
Cuentas Inc.
(Exact name of registrant as specified in its charter)
Florida | 001-39973 | 20-3537265 | ||
(State or other jurisdiction of
incorporation or organization) |
(Commission file number) |
(IRS Employer s
Identification No.) |
235 Lincoln Rd., Suite 210, Miami Beach, Florida 33139
(Address of principal executive offices) (Zip Code)
Registrant’s telephone number, including area code: (800) 611-3622
N/A
(Former Name or Former Address, if Changed Since Last Report)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligations of the registrant under any of the following provisions:
☐ | Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) |
☐ | Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) |
☐ | Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) |
☐ | Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) |
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Securities registered pursuant to Section 12(b) of the Act:
Title of each class | Trading Symbol(s) | Name of each exchange on which registered | ||
Common Stock, par value $0.001 per share | CUEN | The Nasdaq Stock Market LLC | ||
Warrants, each exercisable for one share of Common Stock | CUENW | The Nasdaq Stock Market LLC |
Item 1.01 | Entry into a Material Definitive Agreement. |
On October 29, 2021, Cuentas Inc. (“Cuentas”) entered into an amended and restated Prepaid Card Program Management Agreement (the “Agreement”) with Sutton Bank, an Ohio chartered bank corporation (“Sutton Bank”).. The Agreement replaces in its entirety the Prepaid Card Program Management Agreement between Cuentas and Sutton Bank dated June 27, 2019. Sutton Bank operates a prepaid card service and is an approved issuer of prepaid cards on the Discover, Mastercard, and Visa Networks. Sutton Bank agrees to the prepaid card services listed in the Agreement and other documents governing Sutton Bank’s prepaid card program in connection with transactions processed on one or more credit card networks Pursuant to the Agreement, Cuentas and Sutton Bank will operate card programs in exchange for revenue share and expense sharing between them.
The Agreement further provides that Cuentas is responsible for and liable to Sutton Bank for fraud, unless such expenses and losses were proximately caused by the negligence or wilful misconduct of Sutton Bank.
The foregoing description of the Agreement does not purport to be complete and is qualified in its entirety by reference to the full text of the Agreement, which is filed as Exhibit 10.1 hereto and incorporated herein by reference. In accordance with Item 601(b)(10) of Regulation S-K, certain private or confidential items have been redacted from the filed copy of the Agreement.
Item 9.01. | Financial Statements and Exhibits |
10.1 | Prepaid Card Program Management Agreement, dated October 29, 2021* | |
104 | Cover Page Interactive Data File (embedded within the Inline XBRL document) |
* | Certain portions of this exhibit have been redacted pursuant to Item 601(b)(10)(iv) of Regulation S-K. The Company agrees to furnish supplementally an unredacted copy of the exhibit to the Securities and Exchange Commission upon its request. |
1
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
CUENTAS INC. | ||
Dated: November 4, 2021 | By: | /s/ Jeff Johnson |
Jeff Johnson | ||
Chief Executive Officer |
2
Exhibit 10.1
CONFIDENTIAL AND PROPRIETARY
PREPAID CARD PROGRAM MANAGEMENT AGREEMENT
October 29, 2021
TABLE OF CONTENTS
ARTICLE I. – RULES OF INTERPRETATION; DEFINITIONS | 1 | |
1.1. | Certain Interpretive Matters | 1 |
1.2. | Definitions | 2 |
ARTICLE II. – PURPOSE; MANAGER’S ROLE; INCORPORATION OF AND COMPLIANCE WITH PROGRAM DOCUMENTS | 10 | |
2.1. | Purpose | 10 |
2.2. | Manager’s Role | 10 |
2.3. | Operating Regulations | 10 |
2.4. | General | 10 |
2.5. | Bank Determination of Applicable Law | 10 |
2.6. | Manager’s Right to Offer Programs; Statutory Authority of Regulatory Authority | 11 |
2.7. | Bank Discretion Regarding Clients. | 11 |
2.8. | Use of Distributors by Manager | 11 |
ARTICLE III. – PARTIES’ RESPONSIBILITIES | 12 | |
3.1. | Manager’s Responsibilities | 12 |
3.2. | Processing Services | 18 |
3.3. | Processor System Access | 20 |
3.4. | Sutton Bank Responsibilities | 20 |
3.5. | Intellectual Property | 21 |
ARTICLE IV. – REPRESENTATIONS AND WARRANTIES | 22 | |
4.1. | Manager Representations and Warranties | 22 |
4.2. | Sutton Bank Representations and Warranties | 24 |
ARTICLE V. – PROGRAM COMPLIANCE | 25 | |
5.1. | Compliance with Applicable Law | 25 |
5.2. | Compliance Counsel | 25 |
5.3. | Operating Policies and Procedures | 26 |
5.4. | BSA/AML/OFAC Compliance | 26 |
5.5. | Disclosure of Key Card Terms | 27 |
5.6. | Privacy Notices | 27 |
5.7. | Escheat | 28 |
5.8. | Identity Theft Prevention Program (“IDTP”) | 28 |
5.9. | Unlawful Gambling | 28 |
5.10. | Regulation E Compliance (12 C.F.R. 1005) | 28 |
5.11. | Criticisms, Complaints and Legal Actions | 29 |
5.12. | Manager State and Federal Licensing and Registration Requirements | 30 |
5.13. | Network Membership/Registration | 30 |
5.14. | Network Obligations | 31 |
5.15. | FDIC Pass-Through Coverage | 31 |
- i -
ARTICLE VI. – DISTRIBUTOR, MARKETER AND THIRD PARTY SERVICE PROVIDER AGREEMENTS | 31 | |
6.1. | Development of Distributor and Marketer Group | 31 |
6.2. | Third Party Service Provider Agreement and Critical Services | 32 |
6.3. | Changes to Agreements | 34 |
6.4. | Compliance by Distributors, Marketers and Third Party Service Providers | 34 |
6.5. | Denial or Termination of Distributor, Marketer or Third Party Service Provider | 34 |
6.6. | Distributor and Third Party Service Provider Due Diligence, Training and Monitoring | 35 |
6.7. | Existing Distributors, Marketers and Third Party Service Providers | 36 |
6.8. | Access to Third Party Service Providers | 37 |
6.9. | Expenses and Liability | 37 |
ARTICLE VII. – CARDHOLDER INFORMATION | 37 | |
7.1. | Ownership of Accounts, Cardholder Data and Program Materials | 37 |
7.2. | Sharing of Cardholder Data and Program Materials | 37 |
7.3. | Data Obtained Independently by Manager | 38 |
ARTICLE VIII. – INFORMATION SECURITY AND CONFIDENTIALITY | 38 | |
8.1. | Cardholder Data Security | 38 |
8.2. | Confidential Information | 41 |
8.3. | Required Disclosures | 42 |
ARTICLE IX. – SECURITY BREACHES; DISASTER RECOVERY | 42 | |
9.1. | Security Program | 42 |
9.2. | SSAE Report | 43 |
9.3. | Testing | 43 |
9.4. | Security Contact | 43 |
9.5. | Storage of Information | 44 |
9.6. | Notification | 44 |
9.7. | Expense Reimbursement | 44 |
9.8. | Disaster Recovery Plan | 45 |
ARTICLE X. – TERM AND TERMINATION | 45 | |
10.1. | Term | 45 |
10.2. | Termination for Cause | 46 |
10.3. | Effect of Termination or Expiration | 49 |
10.4. | Cessation of Card Sale and Distribution after Termination or Expiration | 49 |
10.5. | Wind Down Period; Orderly Transition | 49 |
ARTICLE XI. – INDEMNIFICATION AND LIABILITY | 51 | |
11.1. | Indemnification Obligation By Manager | 51 |
11.2. | Limited Exception and Conditions | 52 |
11.3. | By Sutton Bank | 53 |
11.4. | Limited Exception and Conditions | 53 |
11.5. | Defense of Claims | 53 |
11.6. | No Special Damages | 54 |
11.7. | Disclaimers of Warranties | 55 |
- ii -
ARTICLE XII. – RISK MANAGEMENT | 55 | |
12.1. | Insurance | 55 |
12.2. | Reserve Account | 56 |
ARTICLE XIII. – GENERAL | 57 | |
13.1. | Assignment | 57 |
13.2. | Dispute Resolution; Governing Law | 57 |
13.3. | Entire Agreement; Amendments | 57 |
13.4. | Counterparts | 58 |
13.5. | Third Party Beneficiaries | 58 |
13.6. | Survival | 58 |
13.7. | Force Majeure | 58 |
13.8. | Specific Performance | 58 |
13.9. | Representation | 58 |
EXHIBIT A PROGRAM APPLICATION FORM | A-1 | |
EXHIBIT B SUTTON BANK PREPAID CARD SERVICES | B-1 | |
EXHIBIT C [********] | C-1 | |
EXHIBIT D MANAGER SERVICES | D-1 | |
EXHIBIT E APPROVED THIRD PARTY SERVICE PROVIDERS | E-1 | |
SCHEDULE 1.1 APPROVED PROGRAMS |
- iii -
PREPAID CARD PROGRAM MANAGER AGREEMENT
This Prepaid Card Program Management Agreement, including all schedules, exhibits, attachments, appendices and addenda attached hereto (collectively, the "Agreement") is entered into as of {EffectiveDate} (the "Effective Date"), by and between Cuentas, Inc., a Florida corporation, whose address is 235 Lincoln Rd., Suite 210, Miami Beach, FL 33139 ("Manager"), and Sutton Bank, an Ohio chartered bank corporation, its subsidiaries and affiliates, whose main address is 1 South Main St. Attica, OH 44807 ("Sutton Bank").
WHEREAS, Sutton Bank operates a prepaid card service and is an approved issuer of prepaid cards on the Discover, Mastercard, and Visa Networks;
WHEREAS, Sutton Bank provides services set forth in Exhibit B (the "Sutton Bank Prepaid Card Services") and the other Program Documents in connection with Card Transactions processed on one or more Networks;
WHEREAS, Manager desires to manage one or more Cards pursuant to one or more Programs, subject to the terms and conditions of the Program Documents;
WHEREAS, Sutton Bank desires to designate Manager as the program manager for such Cards and Programs;
NOW THEREFORE, in consideration of the foregoing promises and the mutual agreements, provisions, covenants and conditions contained in this Agreement, Sutton Bank and Manager agree as follows:
ARTICLE I.– RULES OF INTERPRETATION; DEFINITIONS
1.1. Certain Interpretive Matters
As used herein, (i) the terms “include” and “including” are meant to be inclusive and shall be deemed to mean “include without limitation” or “including without limitation”; (ii) the word “or” is disjunctive, but not necessarily exclusive; (iii) references to “dollars” or “$” shall be to United States dollars; (iv) the term “his” applies to both genders; (v) any Article, Section, Subsection, Paragraph or Subparagraph headings contained in this Agreement and the Preamble at the beginning of this Agreement are for reference purposes only and shall not affect in any way the meaning or interpretation of this Agreement (other than with respect to any defined terms contained in the Preamble); (vi) any reference made in this Agreement to a statute or statutory provision shall mean such statute or statutory provision as it has been amended through the date as of which the particular portion of the Agreement is to take effect, or to any successor statute or statutory provision relating to the same subject as the statutory provision so referred to in this Agreement, and to any then applicable rules or regulations promulgated thereunder, unless otherwise provided; (vii) the words “herein,” “hereof,” “hereunder” and words of like import shall refer to this Agreement as a whole (including its Schedules and Exhibits), unless the context clearly indicates to the contrary (for example, that a particular Section, Schedule or Exhibit is the intended reference); (viii) words used herein in the singular, where the context so permits, shall be deemed to include the plural and vice versa; (ix) a reference in this Agreement contemplating certain action by Sutton Bank “after consultation with” or “in consultation with” or “in cooperation with” Manager does not mean that the consent or approval of Manager is required or contemplated in connection with such action; and (x) unless the context otherwise requires or unless otherwise provided herein, the terms defined in this Agreement that refer to a particular agreement, instrument or document also refer to and include all renewals, extensions, modifications, amendments and restatements of such agreement, instrument, or document.
- 1 -
1.2. Definitions
Terms not defined in this Agreement shall have the meanings given to them in the applicable Network Rules. Except as otherwise specifically indicated, the following terms shall have the following meanings in this Agreement (such meanings to be equally applicable to both the singular and plural forms of the terms defined):
“Activate”, “Activated” or “Activation” means, with respect to a Card, the process separate from funding of the Card by which the Cardholder causes the Card to be usable for Transactions as provided by and subject to the applicable Cardholder Agreement. The Parties acknowledge that two types of Activation may occur with respect to Cards: some Cards may be Activated by Distributors when they are first sold so that the Card may be used for Transactions immediately upon its purchase or distribution, and other Cards may be distributed to Cardholders in an un-activated state and need to be Activated by the Cardholder, usually via telephone or online, each as provided in the Program Due Diligence Application.
“Additional Products” includes any other products and services of Sutton Bank that may be offered to a Cardholder in connection with the Program(s), as mutually agreed upon by the Parties.
“Affiliate” means, with respect to any Person, any other Person that directly or indirectly controls, is controlled by or is under common control with such Person. For the purposes of this definition, “control” means the power to direct the management and policies of a Person, directly or indirectly, whether through the ownership of voting securities, by contract or otherwise; and the terms “common control” and “controlled” have meanings correlative to the foregoing.
“Agreement” has the meaning set forth in the Preamble.
“AML” means anti-money laundering.
“Applicable Law” means the (i) Network Rules, (ii) the laws, court opinions, attorney general opinions, rules and regulations of the United States or of any State or the various agencies, departments or administrative or governmental bodies thereof, and any regulatory guidance, determinations of (or agreements with) any arbitrator or Regulatory Authority and directions or instructions from (or agreements with) any arbitrator or Regulatory Authority, as the same may be amended and in effect from time to time during the Term, including, without limitation, (1) the EFTA; (2) the GLBA; (3) the Bank Secrecy Act; (4) federal and state MSB laws; (5) the prohibition against unfair and deceptive trade practices in the Federal Trade Commission Act; (6) state data security laws; (7) the Telephone Consumer Protection Act; (8) any and all sanctions or regulations enforced by OFAC; and (9) statutes or regulations of any State relating to banks, banking, prepaid cards, money transmission or unclaimed property, to the extent applicable to the issuance, sale, authorization or usage of the products and services offered under the Programs or as otherwise applicable to any of the Parties, as all the same may be amended and in effect from time to time during the Term, and (iii) the published policies and procedures of Sutton Bank, as promulgated from time to time by Sutton Bank’s Board of Directors in good faith to ensure the continued safety and soundness of Sutton Bank.
“Applicant” means any Person who submits a completed application for a Card.
“Approved Programs” has the meaning given in Section 2.2.
“Audit Corrective Action Plan” has the meaning given in Section 3.1(N)(v)(a).
“Audit Findings” has the meaning given in Section 3.1(N)(v).
“Auditing Party” has the meaning given in Section 3.1(N)(ii).
“Authorized Users” has the meaning given in Section 3.4(D)(i).
“Bank BSA/AML/OFAC Requirements” has the meaning given in Section 5.4(C).
“Bank Indemnified Parties” has the meaning given in Section 11.1.
“Bank Secrecy Act” or “BSA” means the federal Bank Secrecy Act (12 U.S.C. §§ 1951 etseq.), as amended by the USA Patriot Act or otherwise from time to time, and all regulations thereunder and any successor regulations.
“BIN” means collectively the Bank Identification Number assigned to Bank by Visa, the Interbank Card Association number assigned to Sutton Bank by Mastercard, or similar identifier assigned to Sutton Bank by other Networks for the purposes of identifying and routing electronic payment transactions.
- 2 -
“BSA/AML/OFAC Procedures” has the meaning set forth in Section 5.4(A).
“Business Day” means any day other than a Saturday, Sunday or legal holiday, on which Sutton Bank is open to the public for carrying on substantially all of its banking functions.
“Breakage” means, with respect to Cardholder-Funded Cards, any Cardholder Funds remaining on the Card upon the earlier to occur of (a) the Card’s expiration date (provided the Cardholder Funds expire on such date per the Cardholder Agreement), or (b) the date the Cardholder Funds are presumed to be abandoned under applicable state unclaimed property laws, to the extent such amounts are not otherwise required to be escheated under state unclaimed property laws pursuant to Section 5.7. With respect to Corporate-Funded Cards, “Breakage” means any Corporate Funds remaining on the Card upon the Card expiration date or the disclosed redemption period for such Corporate Funds, provided the Cardholder Agreement discloses that such funds will revert to the owner of such Corporate Funds following such data, to the extent such amounts are not otherwise required to be escheated under state unclaimed property laws pursuant to Section 5.7.
“Card” means a reloadable or non-reloadable prepaid card or other prepaid access device or number issued by Sutton Bank as a product of Sutton Bank in connection with any Program implemented pursuant to this Agreement and under authority from a Network.
“Card Program” means a system of services and features, as mutually agreed by Manager and Sutton Bank, relating to a particular type of Card provided by Manager and Sutton Bank pursuant to this Agreement.This Agreement contemplates that multiple Card Programs may be offered hereunder.
“Cardholder” means an individual who (i) applies for a Card and is issued a Card or is otherwise provided a Card by Sutton Bank, (ii) uses a Card to effect a Transaction, or (iii) purchases or uses any Additional Products offered under the Programs.
“Cardholder Account” means (i) the prepaid account which is associated with a Card, and includes the record of debits and credits with respect to Transactions originated by a Cardholder as detailed on the Processor’s Network, and (ii) such other accounts for Additional Products.
“Cardholder Agreement” means the agreement between Sutton Bank and a Cardholder governing the terms and use of a Card.
“Cardholder Complaint” has the meaning given in Section 5.11(B)(i).
“Cardholder Data” means information that is provided to or obtained by either Party in the performance of its obligations under this Agreement or otherwise regarding Applicants and current or former Cardholders, including without limitation (i) name, postal address, e-mail address, telephone number, date of birth, taxpayer identification numbers, Cardholder Account numbers, security codes, service codes (i.e., the three or four digit number on the magnetic stripe that specifies acceptance requirements and limitations for a magnetic stripe read transaction), valid to and from dates, as well as information and data related to payment instruments and Transactions, or Transactions data using payment instruments and methodologies (e.g., charge, credit, debit, prepaid) and regardless of whether or not a physical card is used in connection with such transactions, demographic data, data generated or created in connection with Cardholder Account processing and maintenance activities, Cardholder Account statementing and Cardholder service, telephone logs and records and other documents and information necessary for the processing and maintenance of Cardholder Accounts, (ii) business name, business address, business tax identification number, and certain information on owner or officer, if the Cardholder is a business, (iii) all “Nonpublic Personal Information” and “Personally Identifiable Financial Information” (as defined in 12 C.F.R. §§ 573.3(n) and (o), respectively), and, (iv) with respect to the disposal of such information, any record containing “Consumer Information,” as that term is defined in the regulations implementing 15 U.S.C.§ 1681.
“Cardholder Funds” means the funds provided by or on behalf of the Cardholder in connection with a requested Load to the Cardholder’s Card and that are legally owed to or owned by the cardholder.
“Cardholder-Funded Card” means a card funded solely with Cardholder Funds.
- 3 -
“Claim” means any and all threats, actions, demands, investigations, proceedings, claims, counterclaims, defenses, or allegations (whether formal or informal, individual or in a representative capacity) made by or on behalf of any Person, including the other Party, any consumer, Cardholder, Regulatory Authority, Network and any attorney general, district attorney or other law enforcement authority, that would not have arisen but for the Program. The term includes disputes based upon contract, tort, consumer rights, fraud and other intentional torts, constitution, statute, regulation, ordinance, common law and equity (including any claim for injunctive or declaratory relief) and includes disputes based on alleged violations of any Applicable Law.
“Client” means a business customer of Manager’s that retains Manager to issue Cards for use by Client’s employees, customers, enrollees, subscribers and/or members (collectively, the “Client Customers”), and that sells or distributes such Cards to the Client Customers as Manager’s agent.
“Client Agreement” means all agreements entered into with Clients by Manager.
“Client Materials” shall mean all material documents, and any material amendments or updates thereto, in written format, generated in connection with the administration and servicing of the Program pursuant to the Agreement or which promote the Program or Program services, that are provided to Clients, including the forms of Client Agreement (including forms of Application and associated Addenda, which comprise part of the Client Agreement), change in terms announcements, adverse action letters, Client service form letters and any information or disclosures relating to Client Agreements or Clients, direct mail solicitations, promotional materials, television advertising, telemarketing scripts, internet advertising, websites, links and social media sites (whether or not operated by Manager) which make any reference to the Program, solicitations and any other materials used to induce applications for Client Agreements or Program Services or used to induce the use of the Program Services.
“Complaint Summary” has the meaning given in Section 5.11(D).
“Complaints” has the meaning set forth in Section 5.11(D).
“Compliance Counsel” has the meaning set forth in Section 5.2.
“Confidential Information” has the meaning set forth in Section 8.2(A).
“Corrective Action Plan Deadline” has the meaning set forth in Section 3.1(N)(v)(a).
“Critical Services” shall mean services that (i) are Processor Services, (ii) require a third party to access, store, transmit or process Cardholder Data in connection with the Program, (iii) involve significant bank functions or other activities that could cause Sutton Bank to face significant riskif the third party fails to meet expectations, (iv) could have significant customer impacts, or (v) could have a major impact on Sutton Bank operations if Sutton Bank has to find an alternate third party or if the outsourced activity has to be brought in-house.
“Criticism” has the meaning set forth in Section 5.11(A).
“Customer Identifying Information” means, collectively, the name, address(es), email address(es), telephone number(s), cell phone number(s), date of birth, and Social Security Number or Tax Identification Number of each Applicant or Cardholder.
- 4 -
“Disaster Recovery Plan” has the meaning set forth in Section 9.8.
“Discover” means DFS Services LLC and its successors and assigns.
“Dispute” has the meaning set forth in Section 13.2(A).
“Distribution and Service Agreement” means the written agreement between Manager and a Distributor (and, if applicable, Sutton Bank) pursuant to the provisions of this Agreement.
“Distributor” means any marketer, seller of goods and/or services, or other business that has executed a Distribution and Service Agreement to distribute Cards under a Program.For avoidance of doubt, a “Distributor” does not include a Marketer who solely markets but does not distribute or service Cards under a Program.
“Effective Date” has the meaning set forth in the Preamble.
“EFTA” means the Electronic Fund Transfer Act (15 U.S.C. §§ 1693, et seq.) and Regulation E thereunder (12 C.F.R. Part 1005), each as may be amended from time to time.
“Executive Complaints” means (i) any complaints received by a Party from any Network relating to the Programs and (ii) any material written complaints received by or elevated to senior management of any Party relating to the Programs other than a Regulatory Communication.
“FDIC” means the Federal Deposit Insurance Corporation.
“FFIEC” means the Federal Financial Institutions Examination Council.
“FFIEC Handbook” has the meaning set forth in Section 6.6(A).
“Financial Information” has the meaning set forth in Section 4.1(D).
“FinCEN” means the Financial Crimes Enforcement Network.
“Force Majeure Event” has the meaning set forth in Section 12.7.
“Funding Account” has the meaning set forth in Section 3.1(J).
“GLBA” means, collectively, the Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801, et. seq., the Privacy Regulations, and the standards for safeguarding customer information set forth in 12 C.F.R. Part 1016 and 16 C.F.R. Part 314 or such corresponding regulations as are applicable to the Programs and the Parties.
“IDTP” has the meaning given in Section 5.8.
“Independent Sales Organization” means a third party service provider sponsored by Sutton Bank pursuant to the Network Rules.
“Information Security Requirements” has the meaning set forth in Section 8.1(F).
“Initial Term” has the meaning set forth in Section 10.1(A).
- 5 -
“Intellectual Property” means any and all (a) patents, patent disclosures, ideas and inventions (whether patentable or not), (b) Marks, trade dress, trade names, logos, corporate names and domain names, and other designations of source, sponsorship, affiliation or origin, together with all related goodwill, (c) copyrights, copyrightable works and other works of authorship (including computer programs), mask works, data, data collections and databases, (d) trade secrets, know-how and other confidential or proprietary information, (e) moral rights, and (f) any and all other intellectual property rights arising in the United States or any other jurisdiction throughout the world, in each case whether registered or unregistered and including all related rights of priority under international conventions, all pending and future applications and registrations and continuations, divisions, continuations-in-part, reissues, extensions, substitutions, re-examinations and renewals thereof, and all similar or equivalent rights or forms of protection in any part of the world as may be further set forth and addressed in Section 3.5.
“Interchange” means the revenue paid to Sutton Bank by acquiring financial institutions for Transactions, as established by a Network.
“Joint Cardholder Data” has the meaning set forth in Section 7.1.
“Legal Documents” has the meaning given in Section 5.11(C).
“Losses” means any and all actual losses, assessments, damages, indemnities, liabilities, obligations, deficiencies, adjustments, judgments, settlements, dispositions, awards, offsets, penalties, fines and interest, and reasonable attorneys’, accountants’ and experts’ fees and expenses, including any such fees and expenses incurred in any investigations, proceedings, counterclaims, defenses or appeals that could reasonably result in incurring or avoiding any Losses.
“Manager” has the meaning set forth in the Preamble.
“Manager Contractors” has the meaning set forth in Section 11.1(C).
“Manager Indemnified Parties” has the meaning set forth in Section 11.3.
“Manager’s System” has the meaning set forth in Section 3.4(D).
“Mark” means the service marks, trademarks and copyrights of Manager, the Networks, or Sutton Bank, including the names and other distinctive marks or logos, which identify Manager, the Networks, or Sutton Bank, respectively.
“Marketer” means any marketer, seller of goods and/or services, or other business that has executed a Marketing Agreement with Manager solely to assist in the development of Marketing Materials and Marketing Campaigns in connection with a Program or to enable its branding to be marketed in connection with a Program and to not distribute or service Cards under a Program.For avoidance of doubt, a “Marketer” does not include a Person who, at the direction of a Marketer, merely posts advertising or provides Marketing Materials developed by Marketer to potential Cardholders, provided such Person is affiliated with the Marketer through common ownership or control, a franchising relationship with the Marketer, or such other arrangement described in the approved Program Due Diligence Application for a Program.
- 6 -
“Marketing Agreement” means the written agreement between Manager and a Marketer pursuant to the provisions of this Agreement.
“Marketing Campaigns” means all marketing methods intended to generate requests for the Cards by targeting a population using specific advertising mediums, such as Internet marketing, blogging, tweeting, e-mailing, texting, direct mail marketing, telemarketing, radio or television commercial airtime, print advertising, billboard advertising, or other recognized methods of selling goods or services or acquiring sales leads.
“Marketing Materials” shall mean all media of any kind or nature, including without limitation, email solicitation messages, published advertising (such as newspaper and magazine advertisements), Internet media, Card art, Card carriers, Card displays, Facebook/MySpace posts, blogs, tweets, texts, banner ads, RSS feeds, telemarketing scripts, television or radio advertisements, brochures, postcards, posters, direct mailings, signage, frequently asked questions, interview or public speaking scripts and talking points, sales materials, and press releases intended for public dissemination or to promote, advertise and/or market a Program.
“Mastercard” means Mastercard International Incorporated and its successors and assigns.
“Merchant” has the meaning set forth in Section 3.1(K).
“Merchant Rewards Account” has the meaning set forth in Section 3.1(K).
[********] .
“MSB” means the Money Services Business.
“NACHA” means the National Automated Clearing House Association and its successors and assigns.
“Network” means any Discover, NACHA, Visa, Mastercard, or any other card association or payment network selected by Bank and agreed to by Manager for the Settlement of Transactions contemplated by this Agreement.
“Network Rules” means the bylaws, operating rules and regulations of any applicable Network, including the PCI-DSS.
“OFAC” means the United States Department of Treasury’s Office of Foreign Assets Control.
“Party” or “Parties” means, as applicable, Manager and/or Sutton Bank.
“PCI-DSS” means the Payment Card Industry Data Security Standards established and implemented by the various payment card associations.
“Person” means any legal person, including any individual, corporation, limited liability company, partnership, joint venture, association, joint-stock company, trust, unincorporated organization, governmental entity or other entity of any nature.
“Prepaid Access Rule” has the meaning given in Section 5.4(B).
- 7 -
“Privacy Notices” means all privacy policy disclosure statements required by Applicable Law, including without limit GLBA, in connection with the use of any Cardholder Data by Sutton Bank or Manager, any of Sutton Bank’s or Manager’s Affiliates or any third party engaged by Manager or Sutton Bank.
“Privacy Regulations” means those regulations or related interagency guidelines promulgated by federal Regulatory Authorities implementing Title V of GLBA.
“Processing Services Agreement” means the contract between Manager and Processor governing the Processing Services to be performed pursuant to this Agreement.
“Processor”means Manager in its capacity as the Processor of record for a Program, or such otherThird Party Service Provider retained by Manager and approved by Sutton Bank to provide Processing Services.
“Processor Services” means the services described in Section 3.2 and/or Exhibit D performed by the Processorand set forth in the Processing Services Agreement. For avoidance of doubt, Processor Services constitute Critical Services under this Agreement.
“Processor System” shall mean the system owned and operated by a Processor that integrates with Sutton Bank to facilitate the issuance of Cards.
“Program” means a system of services approved by Sutton Bank under which a Cardholder may utilize a Card to conduct Transactions pursuant to the Cardholder Agreement.The Parties acknowledge that multiple Programs may exist under this Agreement based on meaningful differences, including but not limited to, Card terms and functionality, distribution locations, and Cardholder characteristics.All Programs shall be subject to the terms hereof and the prior written approval of Sutton Bank.
“Program Accounts” means thevarious deposit accounts established by Sutton Bank for purposes of facilitating the flow of funds, receiving Program reserve amounts, Cardholder Funds and Corporate Funds and the payment of Settlement Transactions to the Network.
“Program Documents” means all agreements and documents between Sutton Bank orManager and any Network relating to each Program, including without limitation this Agreement, any issuer agreements or issuer processor agreements, as applicable, license agreements, Network Rules, operating regulations, trademark guidelines, dispute rules, technical specifications, issuer fee schedules, and all product guides, documents, rules and procedures incorporated herein or therein, together with all documents, rules and procedures of any Network that are applicable to a Program.
“Program Due Diligence Application” means a description and explanation of the parameters and features of a Program using the application provided by Sutton Bank, together with any accompanying exhibits or schedules.
“Program Fraud” has the meaning given in Section 3.1(M)(ii).
“Program Materials” means all written and electronic materials relating to each Program utilized by Manager, including, but not limited to, Marketing Materials, training materials, policies and procedures, including without limitation, Cardholder Agreements, Cardholder service letters, any website established by Manager in connection with the Programs, customer service scripts, interactive voice response messaging, any information, notices or disclosures relating to Cards provided to Cardholders, including, but not limited to, Privacy Notices, error-resolution notices, change-in-terms notices, and disclosures required by the EFTA, and documents and any material amendments or updates thereto.
“Program Records” has the meaning given in Section 3.1(O)(i).
“Program Schedule” means a written addendum to this Agreement, substantially in the form attached hereto as Schedule 1.1 and executed by each Party, which sets forth the Parties’ respective duties and obligations with respect to a particular Card Program.
- 8 -
“Regulatory Authority” means any federal, state or local governmental, regulatory or self-regulatory authority, agency, court, tribunal, commission or other entity having jurisdiction over Sutton Bank, Manager or the Programs, including, but not limited to, the Office of the Comptroller of the Currency, FDIC, Federal Reserve, Federal Trade Commission, and Consumer Financial Protection Bureau. It may also include, as the circumstances dictate, any non-U.S. authority having or exercising jurisdiction related to the issuance, sale, authorization or usage of the Cards, Programs or services provided under this Agreement.
“Regulatory Communication” means all communications from any Regulatory Authority concerning the Programs.
“Renewal Term” has the meaning set forth in Section 10.1(A).
“Response to Audit Letter” has the meaning given in Section 3.1(N)(v).
“SEC” means the U.S. Securities and Exchange Commission.
“Security Contact” has the meaning set forth in Section 9.4.
“Security Guidelines” means the Interagency Guidelines Establishing Standards for Safeguarding Customer Information, the FFIEC Information Technology Examination Handbook, PCI-DSS, Section 501 of GLBA and any other guidance or directives issued by a Regulatory Authority or Networks pertaining to the security of Cardholder Data.
“Security Program” has the meaning set forth in Section 9.1.
“Sensitive Customer Information” has the meaning set forth in Section 8.1(E).
“Service Communications” mean communications that are uniformly used to respond to Customers’ reports of Card transaction disputes, complaints, or inquiries. Service Communications shall include, but are not limited to, standardized text messages, email messages, form letters, interactive voice response (IVR) scripting, prerecorded phone messages, or phone scripts or call guides utilized by customer service agents, to the full extent that any or all of the foregoing forms of communication are deployed by Company in providing customer service support to any Program.
“Services” means those services specifically described in Exhibit D and otherwise described in this Agreement.
“Settle” and “Settlement” mean the movement of funds tendered for or Loaded to Cards among Sutton Bank, other financial institutions and the Networks in accordance with Applicable Law to settle Transactions on such Cards.
“SSAE” has the meaning given in Section 9.2.
“Standard Terms” has the meaning set forth in Section 6.1(D).
“Successor Bank” has the meaning set forth in Section 10.5(A).
“Sutton Bank” has the meaning set forth in the Preamble.
“Sutton Bank Prepaid Card Services” has the meaning set forth in the Recitals.
“Switchover Date” has the meaning set forth in Section 10.5(D).
“Term” has the meaning set forth in Section 10.1.
“Third Party Service Provider” means a service provider which Manager utilizes to provide Critical Services in connection with the Program(s).
“Transaction” means using a Card to do any of the following: (i) make a purchase or otherwise make a payment to or for the benefit of a third party; (ii) obtain a credit for a previous purchase; (iii) make a cash withdrawal at an automated teller machine, bank teller or via other means; (iv) transfer value to another Card or account; (v) initial loading of funds on a Card; (vi) adding additional funds to “reload” a Card; or (vii) without duplication of any of the foregoing, any other transaction involving use of a Card.
“Visa” means Visa U.S.A. Inc. and its successors and assigns.
“Wind Down Period” means the period from the date of termination or expiration of the Agreement through the date that the Parties have completed the Wind-Down Plan for the Programs entirely pursuant to Section 10.5.
“Wind-Down Plan” has the meaning set forth in Section 10.5(D).
- 9 -
ARTICLE II.– PURPOSE; MANAGER’S ROLE; INCORPORATION OF AND COMPLIANCE WITH PROGRAM DOCUMENTS
2.1. Purpose
The purpose of this Agreement is to describe the terms and conditions under which the Parties will operate Card Programs and to define the distribution of Card Program [********] in respect of such Programs.
2.2. Manager’s Role
Manager and Sutton Bank acknowledge that Manager is providing services with respect to the Card Programs developed by Manager that have been reviewed and approved by Sutton Bank and for which Sutton Bank has approved Manager to provide the services described in this Agreement (each as specifically identified by Program description on Schedule 1.1 hereto, as the same may be amended from time to time) (the "Approved Programs") as an agent and representative of Sutton Bank, who has primary responsibility for each Program's compliance with Applicable Law and the Program Documents. Notwithstanding the foregoing, Manager acknowledges that (i) it will comply with the Program Documents as such are provided to Manager by Sutton Bank; (ii) it has received and thoroughly examined the Program Documents as provided by Sutton Bank, and (iii) each Card Transaction that Manager or Sutton Bank sends to or receives from any Network constitutes Manager's ratification of the Program Documents, as then in effect and provided to Manager by Sutton Bank.
2.3. Operating Regulations
Manager acknowledges that as a "permitted Agent" of Sutton Bank, the terms of the Network Rules governing an issuer's relationship with the applicable Network also govern Manager's relationship with the applicable Network, to the extent applicable, including, for: cardholder obligations, responsibility for fraud, collections and other risks,data security, indemnity and liability, and confidentiality. Manager represents that it has read, agreed and will comply with all terms of the applicable Network Rules, including the foregoing specifically identified provisions as such are provided to Manager by Sutton Bank.
2.4. General
Sutton Bank and Manager hereby each acknowledge and agree that (a) Sutton Bank has established the Programs; (b) Sutton Bank shall have full control and continued principal oversight over the Programs, including without limitation all policies, activities and decisions with respect to each Program; (c) the products and services offered under the Programs pursuant to this Agreement are products of Sutton Bank; and (d) Manager shall serve as Sutton Bank’s administrator and servicer for the Programs, to which Sutton Bank has delegated specific responsibilities relating to the marketing and servicing of the Programs, including the marketing and sale of the Cards.
2.5. Bank Determination of Applicable Law
As between Sutton Bank and Manager with respect to each of their respective rights and obligations under this Agreement, to the extent there is a dispute between Sutton Bank and Manager with respect to the applicability of certain provisions of the Network Rules or Applicable Laws to one or more Program(s), Sutton Bank shall have the sole and exclusive right to determine (i) which of the Network Rules, Federal, State and local laws, court opinions, attorney general opinions, rules and regulations, and regulatory guidance, regulatory determinations of (or agreements with) or written directions of any arbitrator or Regulatory Authority, and modifications thereto, apply to each Program or the Parties hereto and thus are Applicable Laws; (ii) how such Applicable Laws apply to each Program; and (iii) how and to what extent pending, settled or decided lawsuits or enforcement actions affecting Sutton Bank or any other company, and legal and regulatory developments and trends, should be addressed in each Program; provided, however, that in making such determinations, Sutton Bank shall consult with Manager, shall exercise reasonable and professional judgment, and shall consult with legal counsel as appropriate. Notwithstanding the forgoing, Manager is expected and required to comply with all Applicable Laws that apply to Manager and the performance of its obligations under this Agreement.
- 10 -
2.6. Manager’s Right to Offer Programs; Statutory Authority of Regulatory Authority
Sutton Bank grants Manager the right to offer the Programs on behalf of Sutton Bank, and hereby appoints Manager as Sutton Bank’s agent for the sole and limited purpose of providing the services described herein with respect to the Programs.As an authorized delegate and representative of Sutton Bank, Manager acknowledges and agrees to the following:
(A) any Regulatory Authority has and shall have the statutory authority to regulate, examine and initiate an enforcement action against Manager with respect to the activities performed by Manager as agent or representative of Sutton Bank;
(B) Sutton Bank and Manager, in its capacity as Sutton Bank’s authorized delegate and representative, are both subject to control and supervision by the appropriate Regulatory Authority;
(C) the Regulatory Authority may require both Sutton Bank and Manager, in its capacity as Sutton Bank’s authorized delegate and representative, to (and, if required, the Parties shall) submit periodic reports to the Regulatory Authority;
(D) the Regulatory Authority may require the Parties to (and, if required, the Parties shall) modify the terms of this Agreement or terminate Sutton Bank’s relationship with Manager at any time; and
(E) the Regulatory Authority may institute any other requirements or conditions that the Regulatory Authority deems appropriate for a particular purpose in connection with this Agreement and the rights and responsibilities set forth herein, in which case the Parties agree to comply with such requirements or conditions.
2.7. Bank Discretion Regarding Clients.
At any time, if Sutton Bank, in its reasonable judgment, deems it necessary to avoid loss, damage or adverse exposure to Sutton Bank, Sutton Bank shall provide to Managerto the extent possible not less than [********]’ advance written notice of its desire to terminate a Client Agreement and shall work in good faith with Manager to identify approaches to mitigate risk factors prior to terminating such Client; provided, however, if Sutton Bank determines in good faith that such prior notice or mitigation efforts will increase risk to Sutton Bank or violate Network Rules or Applicable Law, Sutton Bank may terminate the Client immediately.
2.8. Use of Distributors by Manager
Manager may market Cards through qualified and Sutton Bank-approved Distributors and may engage the services of other qualified and Sutton Bank-approved Third Party Service Providers in accordance with the terms of this Agreement. Sutton Bank acknowledges that the Third Party Service Providerslisted in Exhibit E attached hereto have been reviewed and approved by Sutton Bank as of the Effective Date of this Agreement.
- 11 -
ARTICLE III.–PARTIES’ RESPONSIBILITIES
3.1. Manager’s Responsibilities
As Sutton Bank's agent and representative, Manager will develop, promote, market and sell, and operate Approved Programs on Sutton Bank's behalf in accordance with this Agreement and the Program Documents. In addition, Manager further agrees to do the following:
(A) Execution of Agreements. It is Manager's responsibility to execute any and all necessary agreements with (i) Clients that will be distributing or selling the Cards or distributing any of the Sutton Bank Prepaid Card Services;and (ii) any of Sutton Bank's Networks.
(B) Due Diligence.
(i) Program Due Diligence Application.Manager will complete a Program Due Diligence Application for each Program proposed to be offered under this Agreement and will submit such Program Due Diligence Application in advance to Sutton Bank for Sutton Bank’s prior written approval.Manager shall ensure that each Program is offered in accordance with the Program Due Diligence Application approved by Sutton Bank. Sutton Bank shall have the right to conduct a risk assessment for each Program, which may include an assessment of any features of any Program product.
(ii) Client Due Diligence.Manager acknowledges that prior to signing or authorizing any Client to distribute Cards hereunder, each Client must be subject to Manager's and Sutton Bank's reasonable due diligence, and be approved by Sutton Bank in its sole discretion.
(C) Marketing. Manager, at its own expense, shall solicit prospective Clients for participation in the Program using Client Materials. Manager and Sutton Bank have jointly developed Client criteria to be used for selection of Clients to participate in the Program, and such Client criteria shall only be amended in the manner provided in Section 3.1(G). Manager shall review the prospective Client’s application package to determine whether the prospective Client meets the Client criteria and if the prospective Client meets the Client criteria, is approved by Manager and executes the Client Agreement, such Client may participate in the Program. Upon request of Sutton Bank, Company shall promptly provide to Bank a copy of a Client's Application Package and a copy of an executed Client Agreement.Manager will also ensure that (1) the design of each Card meets the applicable Network’sdesign specifications, (2) Card terms and conditions, the Cardholder Agreement, packaging, and any other associated materials comply with all requirements of the Program Documents and, where required, are approved by Sutton Bank in its reasonable discretion, (3) all communications which display a Network’s name, logo, bug or marks are pre-approved by that Network, and (4) all Card shipping and storage practices comply with applicable Network Rules, including but not limited to card inventory management controls. Manager further agrees that the services it provides hereunder shall be of professional quality and in accordance with industry standards and practices.Manager shall be responsible for the conduct and active monitoring and training of its employees, sales representatives, sales offices and agents with respect to all aspects of Manager’s performance under this Agreement and the Programs, including without limitation their respective compliance with this Agreement and Applicable Law.
(D) Background Checks and Employee Responsibility.Without limiting the Manager’s obligations in Section 3.1(C), Manager shall (a) conduct background checks on each of its employees engaged in providing the Services on Manager’s behalf, (b) provide to Sutton Bank, upon Sutton Bank’s request, the name, signature, and, if available under Applicable Law, Social Security Number or similar government-issued identifying number, of each Manager employee and sales representative, and maintain such information for a period of three (3) years after the end of any such employee’s employment for any reason, and (c) comply with the provisions of Section 19 of the Federal Deposit Insurance Act, as amended by the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (12 U.S.C. § 1829). Manager shall be liable for all actions or failure to act by such employees. Manager shall exercise commercially reasonable efforts to promptly rectify any non-compliant activity or other activity that, in Sutton Bank’s commercially reasonable discretion, could cause harm to Sutton Bank’s reputation or business. In the event an employee or potential employee’s background check does not meet the standards of the Act cited in this Section 3.1(D), Manager may consult with Sutton Bank to determine if an exception is allowable under Sutton Bank’s “Employment Guidelines” or similar policies or procedures.
- 12 -
(E) Manager Training.Manager shall provide appropriate training for its officers, employees, agents and representatives with respect to their duties, if any, related to the Program, and shall appropriately supervise all such Persons. Sutton Bank shall have the right to (a) periodically review and audit Manager’s training program to ensure Manager’s compliance with Sutton Bank’s training program and (b) at the request of Sutton Bank, monitor and participate in any such training program.
(F) New Approved Programs. Manager must obtain Sutton Bank's prior approval to serve as program manager for each Program. Manager will submit a Program Due Diligence Application Form, attached hereto as Exhibit A, for each proposed Program for which Manager and Sutton Bank wish Manager to serve as the program manager. If the Program Due Diligence Application Form is approved and accepted by Sutton Bank, Schedule 1.1 to this Agreement will be amended to include such Program as an Approved Program. Upon Sutton Bank and Manager's agreement to offer a Program to prospective Cardholders, Manager shall develop a marketing program to promote Cards to prospective Cardholders and Sutton Bank shall issue Cards within a designated BIN range assigned by the applicable Network for the Program.
(G) Program Modifications.Manager may suggest changes to a Program or the Cardholder Agreements, Program Materials, Marketing Campaigns, or Program Due Diligence Application at any time, subject to the prior written consent of Sutton Bank.Manager shall be responsible for all costs associated with any such changes suggested by Manager and approved by Sutton Bank.Changes to a Program or the Cardholder Agreements, Program Materials, Marketing Campaigns, or Program Due Diligence Application, including a determination that certain Program Materials or Marketing Campaigns are no longer authorized, may be made by Sutton Bank upon [********]notice to Manager, provided, however, that such notice shall not be required if such change (i) is appropriate to respond to any concern from a Regulatory Authority, (ii) is necessary in order to cause the Program to remain in compliance with Applicable Law, or (iii) is necessary to alleviate safety and soundness concerns or manage risk for Sutton Bank in connection with the Program and providing [********] prior notice is not feasible, in which case Sutton Bank shall provide notice as soon as commercially practicable.Sutton Bank shall take reasonable steps to prevent undue expense for Manager when changing any Cardholder Agreements, Program Materials and Marketing Campaigns that are already in production.Unless otherwise mutually agreed upon by the Parties, upon Manager’s receipt of written notice from Sutton Bank of any such changes to a Program or Program Documents or the Cardholder Agreements, Program Materials, Marketing Campaigns, or Program Due Diligence Applications or receipt of new Program Documents, Manager shall implement such changes as soon as commercially practicable but in no event later than [********] from Manager’s receipt of notice of such change, determination or new Program Document.Alternatively, if the modification would result in a materially adverse change to one or more Programs or if the modification would require Manager to devote significant resources, significantly amend material agreements or incur significant cost and expense, Manager shall provide Sutton Bank with written notice and reasonable detail of Manager’s concerns.Promptly following Sutton Bank’s receipt of such notice, the Parties shall meet in good faith to resolve Manager’s concerns in a mutually agreeable manner.If the Parties are unable to so resolve Manager’s concerns within [********] of Sutton Bank’s receipt of such written notice, Manager may elect to terminate the affected Program or Programs or transition such Program or Programs to a Successor Bank, upon prior written notice to Sutton Bank and subject to the provisions for such termination or transition as provided in Section 10.5. Manager shall take all actions deemed necessary by Sutton Bank, in Sutton Bank’s reasonable discretion, taking into account any legally-binding effective date with respect to any change in Applicable Law and the legal, compliance and reputation risks to the Parties, to implement the modification of and/or terminate the affected Program(s) in the manner and time period specified by Sutton Bank. Sutton Bank may seek specific performance under this Section.Manager shall bear all reasonable costs related to any changes requested by Sutton Bank pursuant to the circumstances set forth in clauses (i), (ii) or (iii) of this Section 3.1(G).
- 13 -
(H) Approval of Customer Communications. For purposes of this Section 3.2(D) and as used elsewhere in this Agreement term “Customer Communications” includes both Marketing Materials and Service Communications. Company shall submit all proposed Customer Communications, which Company hereby represents and warrants will comply with each of the above-stated requirements at the time of such submission, to Sutton Bank for Sutton Bank’s prior written approval, which approval will not be unreasonably withheld and Company agrees may be communicated electronically. Without limitation to the Company’s duty to ensure that all Customer Communications submitted to Sutton Bank for approval comply with Applicable Law, Sutton Bank may provide to Company, and Company agrees to incorporate into certain Customer Communications, regulatory disclosures to be provided to Company by Sutton Bank that Applicable Law mandates be communicated to prospective Customers. For the avoidance of doubt, no Customer Communications may be deployed by Company unless the materials have been approved for the particular use contemplated. Sutton Bank shall complete its review of proposed Customer Communications within [********]of its receipt thereof; provided, however, that if Sutton Bank reasonably determines that the subject Customer Communications present novel or complex compliance issues, Sutton Bank shall promptly advise Company of the additional time needed to complete its review. Company may request expedited review of Customer Communications at Sutton Bank’s sole discretion for an additional expense. Once Customer Communications have been approved by Sutton Bank, Company may continue to use those Customer Communications for the same purpose and manner for which approval received, but must obtain new prior approval for any material departures from such use.
(i). Withdrawal or Modification of Approval. Sutton Bank may, upon the provision of written notice to Company, withdraw or modify its prior approval of Customer Communications if it reasonably determines that such withdrawal or modification is necessary to comply with Applicable Law or the request of a Regulatory Authority. Company shall promptly cease using any Customer Communications for which Company has received notice of withdrawal or modification, and shall incur no liability for having used those materials before such notice was received.
(ii). Retention of Customer Communications. Company shall retain copies of all Marketing Materials for a minimum of three (3) years and all other Customer Communications for a minimum of two (2) years after their use.
(I) Obligation of Manager to Provide Information. Manager must provide reports of Program activity to Sutton Bank in a mutually agreed electronic format.
(J) Sales and Settlement. All funds received from customers in connection with the loading and reloading of value on Cards shall be handled in accordance with the terms of the Program Documents and this Agreement (Manager acknowledges and agrees that the requirements under the Program Documents shall supersede any conflicting obligations or restrictions in this Agreement); provided that Manager agrees that all such funds shall be held on behalf of Cardholders and as provided in the Program Documents and the Cardholder Agreement and Manager shall ensure (and cause all Clients to ensure) that no claims, liens nor any actions of ownership or possession of such funds will be permitted by any party other than the Manager, Cardholder, the Networks or Sutton Bank.
(K) Maintenance of Funding Accounts at Sutton Bank. A “Funding Account” is defined as a Program Account consisting of a demand deposit account to hold adequate funds to cover the amounts owing to Cardholders as determined by Manager and in accordance with Program Documents. Sutton Bank shall, at all times during the duration of this Agreement, establish and maintain a separate Funding Account for each Program. Manager will assist Sutton Bank in establishing the Funding Accounts.Sutton Bank will notify the Manager of the account numbers and any other information necessary for the Manager to transfer funds to such accounts.
(L) Merchant Payments to Sutton Bank. A “Merchant” is defined as a customer of Manager that provides funds to Cardholder accounts for rewards, promotional, incentive, loyalty and other similar purposes, in accordance with the applicable Approved Program. From time to time Manager shall cause its Merchants, by timely, irrevocable wire transfer, to deposit into the appropriate Merchant Rewards Account held at Sutton Bank adequate funds to cover the amounts owing to Cardholders as determined by the Manager and its Merchants (the “Merchant Rewards Account”). The total liability to Cardholder for a given program is equal to the sum of the Funding Account and the Merchant Rewards Account. Manager agrees that any funds deposited in the Funding Accounts and Merchant Rewards Accounts shall be for the sole purpose of satisfying claims on the Funding Accounts as provided in this Agreement and the applicable Approved Program.
- 14 -
(M) [********]
(N) Fraud Monitoring, Recovery and Liability.
(i) Fraud Monitoring. Manager shall monitor usage of Program products and services by Cardholders, and the provision of Program products and services by Distributors, to track, review and report on fraudulent use of Program products and services, and the Parties shall cooperate to reduce fraud. Manager also shall adopt such fraud monitoring practices in accordance with Sutton Bank’s internal procedures (as provided to Manager by Sutton Bank from time to time), standard industry practices and any Applicable Laws, as such industry practices or Applicable Laws may change over time. Manager shall provide to Sutton Bank a summary report of findings from Manager’s fraud monitoring upon request.
(ii) Fraud Reporting. Each Party shall immediately notify the other Party if a Party (or, in the case of Manager, any of its Distributors or Third Party Service Providers) becomes aware of any attempt by any Person to obtain or use a Card by fraud, including, but not limited to, value Load fraud, provisional credit fraud, unauthorized Card use, under floor limit processing, merchant fraud, or fraud committed by an employee of Manager or any of its Distributors or Third Party Service Providers which is material (“Program Fraud”).
(iii) Fraud Investigation and Recovery. Manager shall cooperate fully with Sutton Bank and engage in any commercially reasonable efforts to locate and prosecute the perpetrator of any Program Fraud, and each Party shall bear the costs of its efforts in prosecuting same to the extent it deems commercially reasonable.In the event Sutton Bank has reasonable suspicion to believe that Program Fraud is taking place, Sutton Bank may in its sole discretion: (a) require Manager to halt the sale of Cards and/or Loads of Cards within a particular Card distribution channel or channels, (b) block the BIN associated with a specific Program offering or offerings, (c) freeze or suspend the suspicious Card Transactions, and (d) freeze or suspend any additional use of the remaining Cardholder Funds on such Cards, to the extent the actions described in clauses (a) through (d) above are in compliance with Applicable Law.
(iv) Liability for Fraud. Manager agrees that it shall be responsible for and liable to Sutton Bank for all commercially reasonable expenses associated with and any losses attributable to Program Fraud, unless such expenses and losses were proximately caused by the negligence or willful misconduct of Sutton Bank. Manager shall reimburse Sutton Bank for any such losses and expenses associated with Program Fraud within 24 hours of receivingwritten notice by Sutton Bank of such Program Fraud Following Manager’s exhaustion of operational and legal recourse in recovering such amounts attributable to the Program Fraud (e.g. chargeback process, etc.) any expenses and losses which were determined in a commercially reasonable manner to be proximately caused by the negligence or willful misconduct of Sutton Bank shall be reiumbursed to Manager within a reasonable time frame after receipt of written notice of same
(O) Program Audits and Examination Cooperation.
(i) Manager Audit Plans. Manager shall establish and maintain an internal audit plan for the Programs and its obligations under this Agreement as approved by the audit committee of Manager’s Board of Managers. Manager shall also establish and maintain an audit plan applicable to each Distributor’s, Marketer’s and Third Party Service Provider’s compliance with Applicable Laws in the performance of their obligations related to the Programs, and the Distribution and Service Agreements, the Marketing Agreements and Third Party Service Provider agreements, as applicable. Manager shall provide a copy of its audit plans to Sutton Bank, and shall respond in good faith to address any concerns raised by Sutton Bank, including with respect to the frequency, content and scope of the audits. Without limiting the foregoing, Sutton Bank may require that Manager perform an audit of any specified Distributor or Third Party Service Provider, pursuant to an audit plan and scope acceptable to Sutton Bank in its commercially reasonable discretion. Manager shall submit a written audit report to Sutton Bank in connection with each audit, and provide Sutton Bank with any additional information requested with respect to any material issues of concern identified in the audit or by Sutton Bank. Manager warrants that, as of the date of the submission of each such audit report to Sutton Bank that, to the best of Manager’s knowledge, such report is true, correct, complete, and not misleading. Upon Manager’s determination that any information contained in any such audit report is materially incorrect, incomplete or misleading in any way, Manager shall promptly notify Sutton Bank of the same.
- 15 -
(ii) Program Audits. Manager agrees that Sutton Bank, its authorized representatives and agents, and any Regulatory Authority or Network (“Auditing Party”) shall have the right, at any time during normal business hours and upon reasonable prior written notice, or at any other time required by Applicable Law or by a Regulatory Authority, to inspect, audit, and examine all of Manager’s facilities, records, personnel, books, accounts, data, reports, papers and computer records relating to the activities contemplated by this Agreement including, but not limited to, financial records and reports, the Security Program, associated audit reports, summaries of test results or equivalent measures taken by Manager and/or any Third Party Service Provider to ensure that the Security Programs meet the objectives of the Security Guidelines in accordance with Applicable Law and this Agreement and that Manager is otherwise in compliance with the terms of this Agreement and Applicable Law. Only one such audit a year will be at Manager's expense, unless a material breach of the Agreement by Manager has occurred and is continuing. Manager shall, and shall contractually require its Distributors and Third Party Service Providers to, make all such facilities, records, personnel, books, accounts, data, reports, papers, and computer records available to the Auditing Party for the purpose of conducting such inspections and audits, and the Auditing Party shall have the right to make copies and abstracts from Manager’s or a Distributor’s or Third Party Service Provider’s books, accounts, data, reports, papers, and computer records directly pertaining to the subject matter of this Agreement, provided such Auditing Party shall be bound by terms of confidentiality in accordance with and no less strict then those contained in this Agreement as respects the treatment of any Confidential Information.Sutton Bank shall pay for its authorized representatives and agents own expenses during any such audit.
(iii) BSA/AML/OFAC Audits. Manager shall engage a qualified, external, independent third party auditor to conduct a complete annual audit of Manager’s compliance with Manager’s approved BSA/AML/OFAC Procedures, which shall include, without limitation, a review of Manager’s compliance with Sutton Bank’s policies and procedures in place with respect to identifying the number of sales of Cards at any one Distributor location in one day, limiting the number of registered Cards activated by any one individual with the same social security number, limiting the number of registered Cards activated by individuals at any one physical address, and limiting the Loads to each Card.Manager will be responsible for all of the cost of these BSA/AML/OFAC audits.
(iv) Manager Cooperation. Manager agrees to cooperate, and shall contractually require all Distributors, Marketers, and Third Party Service Providers to cooperate, with any examination, inquiry, audit, information request, site visit or the like, which may be required by any Regulatory Authority or Network with audit examination or supervisory authority over Sutton Bank, to the fullest extent requested by such Regulatory Authority, Network or Sutton Bank. Manager shall also provide to Sutton Bank any information which may be required by any Regulatory Authority or Network in connection with their audit or review of Sutton Bank or any Program and shall reasonably cooperate with such Regulatory Authority or Network in connection with any audit or review of Sutton Bank or any Program.Manager shall also provide, at its sole cost and expense, such other information as Sutton Bank, Regulatory Authorities or Network may from time to time reasonably request with respect to the financial condition of Manager and such other information as Sutton Bank may from time to time reasonably request with respect to third parties who have contracted with Manager relating to or in connection with this Agreement.
- 16 -
(v) Corrective Action Plans. Manager shall prepare a written response to Sutton Bank (a “Response to Audit Letter”) to all criticisms, recommendations, deficiencies, and violations of Applicable Law identified in reviews conducted by Sutton Bank, any Regulatory Authority or Network (“Audit Findings”). The Response to Audit Letter shall be delivered to Sutton Bank within [********] of Manager’s receipt of such Audit Findings, unless directed otherwise by a Regulatory Authority or a Network.The Response to Audit Letter shall include, at a minimum, a detailed discussion of the following:
(a) | the planned corrective action to address the Audit Findings (“Audit Corrective Action Plan”); |
(b) | employee(s) of Manager tasked to remedy the Audit Findings; |
(c) | remedial actions proposed to be directed to current or past Cardholders negatively impacted by the Audit Findings (provided no such action shall be taken without express written approval from Sutton Bank); |
(d) | steps to be taken to prevent any recurrence of the Audit Findings; |
(e) | a specific timeframe, not to exceed [********], unless otherwise approved by Sutton Bank in advance, to implement the Audit Corrective Action Plan (“Corrective Action Plan Deadline”); |
(f) | documentation evidencing that the Audit Corrective Action Plan has been implemented; |
(g) | if additional time is needed to implement the Audit Corrective Action Plan or deviations from the Audit Corrective Action Plan are necessary, a written request shall be submitted to Sutton Bank detailing the extenuating circumstances that necessitate an extension of the Corrective Action Plan Deadline and such extension request shall be subject to the reasonable approval of Sutton Bank; and |
(h) | identification of any Audit Findings disputed by Manager or where corrective action is not possible or necessary, supported by a detailed explanation of Manager’s position. |
(P) Recordkeeping and Reporting.
(i) Recordkeeping. Unless otherwise agreed, Manager will keep, or cause to be kept, current and accurate records relating to each Program, including, but not limited to: (a) the identity of each Cardholder and the steps taken to verify such identity, if applicable to the Program; (b) all information received by Processor in each daily Settlement file; and (c) other information as may be required by Applicable Law (“Program Records”). With respect to each Card, Manager shall retain all Program Records for the time period required by Applicable Law, and in any event, for no less than five (5) years after the termination of any Cardholder Agreement or Program, whichever is later.
(ii) Reports and Access to Program Records. Sutton Bank shall be provided with access to any Program Records and any other information and documents it reasonably requests from time to time from Manager or any Distributor, Marketer or Third Party Service Provider retained by Manager with regard to any activity contemplated by or relating to this Agreement, and such information shall be provided in accordance with Sutton Bank’s specifications and requirements, including, but not limited to, the timeframe and format in which such information and documents must be provided.Manager shall ensure that it has ready access to all Program Records, including those maintained by its Distributors and Third Party Service Providers, in order to comply with any request from Sutton Bank pursuant to this Section.
(iii) All Program Records generated by Manager and its Third Party Service Providers in connection with the Program(s) shall be the property of Sutton Bank, subject to each Party’s (or a Marketer’s or Distributor’s) ownership interest in Joint Cardholder Data as defined in Section 7.1.
- 17 -
(Q) Customer Service
(i) Manager shall (i) establish and maintain an internet website that performs customer service functions as directed by Sutton Bank; and (ii) administer and maintain a dedicated toll-free phone number, which number shall be printed on the Cards, for providing live and interactive voice response telephonic customer service. Manager shall perform monthly quality monitoring of the customer service functions in accordance with Sutton Bank requirements.
(ii) To ensure the integrity of the Program, Sutton Bank may periodically elect in its sole discretion to conduct random call sampling and/or mystery calls (“Call Monitoring”). Call Monitoring is intended to assess the abilities of live agents on a quality scorecard, including their range of knowledge and their skills (including “soft skills”) used to govern the approach to delivering accurate information and reliable services with effective communication. If Sutton Bank conducts Call Monitoring, Sutton Bank may request from Manager a minimum of ten (10) randomly selected recordings of calls from Cardholders to live agents, which minimum may be increased in Sutton Bank’s sole discretion.
3.2. Processing Services
(A) Manager shall, at its sole expense, enter into a Processing Services Agreement with a Sutton Bank-approved Processor, in form and substance acceptable to Sutton Bank in its sole discretion, and the contents of which shall bind Processor to ensure all provisions of this Section are met in addition to other provisions of this Agreement that are specifically required to be in the Processing Services Agreement. The Processing Services Agreement shall provide the following Processing Services for the Program(s):
(i) Transaction authorization, processing, clearing and settlement and all accounting relating to Cards;
(ii) helpdesk and technical support;
(iii) data capture and reporting and information management services;
(iv) Cardholder account and Transaction dispute processing and resolution, and any other informal disputes or resolutions as needed from the Cardholder, as promptly as commercially reasonable, and not later than full resolution within applicable legal, regulatory, and Network required timeframes;
(v) fraud prevention and security; and
(vi) any other services necessary or desirable to effectuate the Program or as requested by Sutton Bank or a Network from time to time.
(B) Manager, at its sole expense, shall also provide the following additional services to support each Program (the “Ancillary Services”), either directly or through a Third Party Service Provider. Ancillary Services shall include, but not be limited toprocessing all applications and establishing all accounts in the Program on behalf of Sutton Bank, including, but not limited to:
(i) providing Cardholder Agreements;
(ii) submitting to Bank applications for approval;
(iii) providing information to Processor to establish the accounts;
(iv) collecting and maintaining Cardholder identification;
(v) screening Clients or Cardholder applicants for compliance purposes;
- 18 -
(vi) conducting initial review of all Client and Cardholder accounts to ensure compliance with OFAC directives, as applicable; and
(vii) authorizing Card activation;
(viii) Card creation, production and shipment, including:
(ix) Card design;
(x) purchase and safekeeping of plastic stock;
(xi) embossing and encoding of Cards;
(xii) printing of Card carriers;
(xiii) mailing or other delivery of Cards; and
(xiv) preparation and mailing of PIN mailers, as applicable;
(xv) preparation and mailing of all other documents required or otherwise to be sent to Cardholders, as applicable;
(xvi) providing monthly and other periodic account statementsor electronic transaction records, as required by Applicable Law;
(xvii) customer service in accordance with the terms of this Agreement;
(xviii) all other Program-related mailings to Cardholders including shipping costs and postage; and
(xix) any other services necessary or desirable to effectuate the Program or as agreed upon by Bank and Manager from time to time.
(C) Manager shall be responsible for the reporting and handling of any Cardholder Funds that constitute unclaimed, abandoned or similar property under Applicable Law based upon the Cardholder records maintained and provided by Manager. Manager either directly or through a contracted third party shall be responsible for any obligations under Applicable Law to contact the owner of funds under escheatment or unclaimed property laws.
(D) Manager shall ensure that any Processor or other Third Party Service Provider complies with all Applicable Law and Sutton Bank Policies in providing Processing Services or Ancillary Services.
(E) Manager shall at no time fail to fulfill any of its obligations under this Agreement, including the provision of Processing Services, Ancillary Services, or customer service to Cardholders for any Program, due to a dispute between Manager and a Processor or subcontractor.
(F) Notwithstanding anything to the contrary contained in this Agreement, Sutton Bank shall have the right (but not the obligation), at any time as determined in its reasonable discretion (including during any wind-down period contemplated by Section 10.5), to assume responsibility for the Processing Services and to perform, either directly or through the Processor or another third party designated by Sutton Bank, all services in connection therewith, in the event that Sutton Bank determines, in its reasonable discretion, that a Processor’s actions or failure to act has resulted or could result in (i) a breach of the obligations of Processor to Manager or Sutton Bank; (ii) material reputational harm to Sutton Bank or a material threat to the safety and soundness of Sutton Bank; (iii) a material adverse impact to Cardholders; or (iv) a material risk of a data security breach. In the event of any such action or failure to act by Processor, Sutton Bank shall provide written notice to Manager, and Manager and Processor shall have [********] from the date of such notice to cure the actions or failure to act on behalf of Processor that resulted in the notice, unless immediate action is required due to direction from a Regulatory Authority or such other extenuating circumstances that prevent the giving of advance notice and such a cure period. Any fees and expenses reasonably incurred by Sutton Bank in connection with the exercise of its rights set forth in this Section 3.2(e) shall be paid by the Manager and Sutton Bank shall [********].
- 19 -
3.3. Processor System Access
(A) Manager shall ensure through the Processing Services Agreement that Sutton Bank at all times has access to data files delivered to a location and in a format acceptable to both parties.
(B) Manager shall ensure through the Processing Services Agreement that Sutton Bank’s access to the Processor Systems, at all times during the Term and any wind down period, permits Sutton Bank to:
(i) Adjust Cardholder or account information, including but not limited to, the closing or suspension of a Card at any time for any reason in Bank’s sole discretion, and the adjustment of account balances;
(ii) File suspicious activity reports (“SAR”) with FinCEN as required by Applicable Law.
(C) Sutton Bank shall provide notice of any adjustment or modification made within the Processor System as soon as practicable after making such adjustment or modification. Any adjustments or modifications made by Sutton Bank within the Processor Systems in accordance with this Section 3.3 may not thereafter be altered or reversed without Sutton Bank’s prior written approval.
3.4. Sutton Bank Responsibilities
In addition to any other obligations of Sutton Bank set forth in this Agreement:
(A) Sutton Bank Prepaid Card Services. Sutton Bank shall be responsible for providing the Sutton Bank Prepaid Card Services.
(B) Sutton Bank System Security.Sutton Bank shall implement and will comply with its security procedures designed to (i) prevent unauthorized access to Sutton Bank’s systems through computer hardware and software systems which are owned or controlled by Sutton Bank, and (ii) prevent unauthorized access to or use of Sutton Bank’s systems by Sutton Bank’s current and former personnel.When on site at Manager’s premises, Sutton Bank personnel shall observe and adhere to Manager’s policies and procedures generally applicable to visitors of Manager’s premises as provided to Sutton Bank by Manager.
(C) Sutton Bank Personnel.Sutton Bank shall be responsible for any acts or omissions of Sutton Bank employees, subcontractors and authorized agents acting with Sutton Bank’s authorization on Sutton Bank’s behalf, which, if performed by Sutton Bank, would constitute a breach of this Agreement.For the avoidance of doubt, Sutton Bank shall in no way be responsible for the acts or omissions of Manager or its employees, subcontractors, authorized agents, Distributors, Marketers or Third Party Service Providers.
(D) System Access.Sutton Bank acknowledges that it may receive access to Manager’s system, network components, or electronic databases (“Manager’s System”) in order to monitor Program activity. In such event, Sutton Bank will be responsible for the administration of Sutton Bank’s access to Manager’s System as follows:
(i) Sutton Bank will provide Manager with the names and contact information of the Sutton Bank employees who are authorized to access Manager’s System in order to monitor Program activity (“Authorized Users”);
- 20 -
(ii) Sutton Bank will instruct Manager to disable access to Manager’s System for terminated Authorized Users or Authorized Users who no longer have a need to access Manager’s System; and
Sutton Bank will comply with Manager’s reasonable and industry standard security procedures provided to Sutton Bank with respect to maintaining secure access to Manager’s System.Notices of Changes.Except as such is limited by Applicable Law or the actions or requirements of a Regulatory Authority, Sutton Bank shall notify Manager as far as reasonably possible in advance of any:(a) change in the name or form of business organization of Sutton Bank or change in the location of its chief executive office; or (b) any material adverse change in Sutton Bank’s financial condition or operations that might materially and adversely affect Sutton Bank’s ability to perform its obligations under this Agreement.(F) Notice of Proceedings.Except as such is limited by Applicable Law or the actions or requirements of a Regulatory Authority, Sutton Bank shall promptly notify Manager of any action, suit, litigation, proceeding, consent order, directive, sanction, facts and circumstances, and of all tax deficiencies and other proceedings before governmental bodies or officials, including any Regulatory Authority, affecting Sutton Bank, and the threat of reasonable prospect of same, which (i) relate to a Program or this Agreement, (ii) might give rise to any indemnification obligation pursuant to Article XI or (iii) might materially and adversely affect Sutton Bank’s ability to perform its obligations under this Agreement.
(G) Sutton Bank’s Capitalization.Sutton Bank shall use reasonable efforts to (i) maintain sufficient capital to support its deposits and assets and (ii) remain a well-capitalized institution, as defined under the prompt corrective actions provisions of the Federal Deposit Insurance Act, 12 U.S.C. § 1831o and 12 C.F.R. Part 6.
(H) True and Correct Information.Sutton Bank covenants that all information furnished by Sutton Bank to Manager for purposes of or in connection with this Agreement shall be, to the best of Sutton Bank’s knowledge, as of the date provided, true and correct in all material respects and does not omit any material fact necessary to make the information so furnished not misleading. Except as disclosed to Manager, there is no fact known to Sutton Bank (including threatened or pending litigation) that is reasonably likely to materially and adversely affect the financial condition, business, property, or prospects of Sutton Bank.
(I) Cooperation.Sutton Bank covenants that it shall use commercially reasonable efforts to cooperate with Manager in the operation of the Programs and its obligations under the Agreement, including in respect of the settlement of disputes with Cardholders.
(J) Sutton Bank shall promptly notify Manager in writing in the event that Sutton Bank, together with its Affiliates, accumulates in excess of [********]in assets at any given date.
3.5. Intellectual Property
(A) Limited Grant. Each Party ("Grantor") grants no rights in its Intellectual Property to the other Party, and such other Party's Third Party Service Providers, other than a limited, royalty-free, non-exclusive, non-transferable, and restricted license to use any Marks and other Intellectual Property of the other Party as mutually agreed to in writing by the Parties from time to time and only for such use as specifically approved in each instance of use on websites, Cards, Card applications, and other communications and documents relating to any Program.
(B) Standards of Use. Each Party’s use of the Marks and other similar Intellectual Property of Grantor shall conform to the specific permissions and standards established by Grantor in its applicable graphic standards as provided to the licensed Party.
(C) No Title or Ownership. Each Party acknowledges that it will not acquire any right, title or interest in or to the other Party’s Marks, website names, or any other Intellectual Property owned by the other Party, except as specifically granted in Section 3.5(A). All goodwill generated in use of a Grantor's Marks shall inure solely to the benefit of Grantor. Each Party further acknowledges that any license granted under Section 3.5(A) will terminate upon termination of this Agreement, and that, following such termination, that Party will discontinue all use of Marks licensed to such Party pursuant to this Agreement except as otherwise described in the wind-down or transition plan for the Programs pursuant to Section 10.5.
- 21 -
(D) Program Marks. All rights in any name, mark, symbol, logo, slogan, dress, or like identifier that is (i) not a Mark of Sutton Bank, Network, Processor, or any Third Party Service Provider as of the date hereof and (ii) created by Manager during the Term for use in connection with the Programs (each a "Program Mark") shall belong exclusively to Manager.
(E) In the event Manager provides any software or hardware to Sutton Bank, Manager represents and warrants that it has the legal right to such software or hardware and the right to permit Sutton Bank to use such software or hardware, and such use shall not violate any intellectual property rights of any third party. Manager will obtain and at all times maintain appropriate licenses with respect to any intellectual property owned by a third party and utilized in connection with this Agreement. Manager shall ensure that the Cards and any Program Documents or other aspects of the Program(s) will not violate any intellectual property rights of any third party and shall be liable for all fees associated with licensing any such intellectual property rights.
(F) Indemnification. Each Party ("Indemnitor") shall indemnify and hold the other Party harmless from and against any claim made against the other Party based on any infringement of any intellectual property rights of any Person with respect to Indemnitor’s Intellectual Property, names, marks, logos, or any other materials supplied to the other Party pursuant to this Agreement. This indemnity shall not be limited by any provisions to the contrary in this Agreement.
(G) No Waiver of Rights. By entering into this Agreement, neither Party in any way implies that it is waiving any property rights it has in its Marks or any other Intellectual Property belonging to it or its Affiliates, including but not limited to rights accruing by virtue of applicable federal, state, or common law protections for copyright, patent, trade secret, trademark and/or service mark rights. In the event either Party discovers a violation of such proprietary rights, that Party, for itself and on behalf of its Affiliates, expressly reserves the right to seek in an appropriate state or federal court all available remedies for the infringement of such rights.
(H) Third Party Marks. In the event that the Cards or any Marketing Materials are to contain any Marks of a third party, Manager shall include in its written agreement with such Person, a license granted to Manager and to Sutton Bank from such person to use such Person's Marks (the "Third Party Marks"), with the same limitations and obligations set forth in Section 3.5 of this Agreement. The license to use such Third Party Marks shall terminate no less than [********] after the expiration of such Person's agreement with Manager or at the end of any wind-down or transition period, to allow for the orderly transition of the Programs to a Successor Bank, where appropriate. Neither the Cards nor the Marketing Materials will contain any Third Party Mark unless agreed to in writing by Sutton Bank.
ARTICLE IV.– REPRESENTATIONS AND WARRANTIES
4.1. Manager Representations and Warranties
Manager represents and warrants to Sutton Bank, as of the Effective Date, as follows:
(A) Existence. Manager is duly organized, validly existing and in good standing under the laws of the state of Kansas and has its principal office in Kansas City, Missouri.
(B) Authority. Manager has the corporate and legal authority and power to enter into this Agreement and to perform the obligations set forth in the Program Documents.
(C) Ownership; No Infringement. Manager owns, has licensed, or otherwise has the right to use any trademarks, service marks, patents and other intellectual property necessary for it to use in the operation of each Approved Program referenced herein, and to the best of Manager's knowledge any such use will not infringe upon the rights of any third party.
- 22 -
(D) Accuracy of Financial Information. Manager has delivered to Sutton Bank complete and accurate copies of its balance sheets and related statements of income and cash flows. All financial statements and information that have been furnished to Sutton Bank are accurate in all material respects and fairly represent, in all material respects, (i) the financial condition of Manager, including contingent liabilities of every type, which financial condition has not changed materially or adversely as of the date of this Agreement, and (ii) the terms, conditions and other information related to Manager's Programs, which terms, conditions and other information havenot changed materially or adversely as of the date of this Agreement. Additionally, Manager agrees to provide Sutton Bank, within [********] of Sutton Bank's request therefore, with copies of Manager's then-most current unaudited financial statements and/or Manager’s parent company’s then-most current annual audited financial statements, prepared in accordance with the requirements of the immediately preceding sentence, and such information concerning Manager's Programs as Sutton Bank may request. The financial statements, terms, conditions and other information referred to in this Section 4.1(D) are referred to collectively as the “Financial Information.”
(E) Claims and Litigation. Neither Manager nor any of its Affiliates is the subject of any litigation, infringement, or enforcement action, and to the knowledge of Manager, neither manager nor any of its Affiliates is the subject of any investigation by any Person or governmental body which, if determined adversely to Manager or the Affiliate, would have a material adverse effect on (i) the business, financial condition or operations of Manager, (ii) the ability of Manager to operate each Approved Program referenced herein, or (iii) the ability of Manager to perform its obligations under the Program Documents. Neither Manager nor any Affiliate or principal of Manager has been or is subject to (i) any criminal conviction (other than for minor traffic offenses and other petty offenses), (ii) any unpaid federal or state tax lien, (iii) administrative or enforcement proceedings commenced by the Securities and Exchange Commission, any state securities regulatory authority, the Federal Trade Commission, any federal or state banking regulator or any other federal or state regulatory agency, or (iv) any restraining order, decree, injunction or judgment in any proceeding or lawsuit alleging fraud or deceptive practice on the part of Manager or any principal or Affiliate of Manager. For the purposes of this Section 4.1(E), the term "principal" includes (i) any Person who directly or indirectly owns ten percent (10%) or more of Manager, (ii) any officer or director of Manager, and (iii) any Person actively participating in the control of Manager's business.
(F) Consents. Manager has obtained all material licenses, consents or permissions needed from any applicable governing authority or other Person to perform its duties set forth in the Program Documents and this Agreement.
(G) Compliance. Manager adheres to all applicable Applicable Law, and has completed and implemented an anti-money laundering compliance program, a copy of which has been provided to Sutton Bank.
(H) Resources. Manager has and will maintain all staffing, operational, and financial resources that are necessary or appropriate to perform its obligations under this Agreement and its agreements with Client(s).
(I) Each time that Manager submits a report of information regarding a Program or a particular Card to Sutton Bank, Manager represents and warrants that such report is true, accurate and complete in all material respects as of the date of such report.
(J) All due diligence materials furnished to Suton Bank relating to Manager or completed by Manager with respect to a Third Party Service Provider were accurate and complete in all material respects and complete insofar as completeness may be necessary to give Sutton Bank a true and accurate knowledge of the subject matter.
- 23 -
(K) Each location of Manager material to the performance of its obligations has been disclosed in writing to Sutton Bank prior to the date of this Agreement and Manager will promptly notify Sutton Bank in writing of any changes in such locations or opening of new locations that are material to the performance of Manager's obligations.
(L) Manager's Marks do not infringe upon any intellectual property rights of any third party, and Manager has the requisite authority to license the use of its Marks as contemplated under this Agreement.
4.2. Sutton Bank Representations and Warranties
Sutton Bank represents and warrants to Manager, as of the Effective Date, as follows:
(A) Organization and Qualification.Sutton Bank is a state chartered bank duly organized, validly existing and in good standing under the laws of the state of Ohio. Sutton Bank is duly qualified and in good standing to do business in all jurisdictions where such qualification is necessary for it to carry out its obligations under this Agreement, except where the failure to so qualify would not have a material adverse effect on Sutton Bank’s business, or where the failure to so qualify would not have a material adverse effect on Manager’s or Sutton Bank’s ability to continue operation of the Programs. Sutton Bank is (i) a member in good standing with each Network necessary to the operation of the Programs, and (ii) in good standing with each Regulatory Authority with jurisdiction over it, including the Federal Deposit Insurance Corporation.
(B) Corporate Authority.
(i) Corporate Power.Sutton Bank has all necessary corporate power and authority to enter into this Agreement and to perform all of the obligations to be performed by it under this Agreement.
(ii) Authorization.This Agreement has been duly authorized by all necessary proceedings, has been duly executed and delivered by Sutton Bank and is a valid and legally binding agreement of Sutton Bank duly enforceable in accordance with its terms (except as such enforcement may be limited by bankruptcy, insolvency, reorganization, moratorium and other laws relating to or affecting creditors’ rights generally and by general equity principles).
(iii) Approvals.No consent, approval, authorization, order, registration or qualification of or with any court or Regulatory Authority or other governmental body having jurisdiction over Sutton Bank is required for, and the absence of which would materially adversely affect, the legal and valid execution and delivery of this Agreement, and the performance of the transactions contemplated by this Agreement.
(iv) No Conflicts.The execution and delivery of this Agreement by Sutton Bank hereunder and the compliance by Sutton Bank with all provisions of this Agreement shall not:(i) conflict with, result in the breach of, constitute a default under or accelerate, terminate, modify or cancel or require any notice or consent under any agreement, contract, lease, license, instrument or other arrangement to which Sutton Bank is a party or by which it is bound or to which any of its assets is subject, except for such violations, conflicts, breaches, defaults, accelerations, terminations or modifications that would not have a material adverse effect on its ability to fulfill its obligations under this Agreement; or (ii) violate the charter, bylaws, or any other equivalent organizational document of Sutton Bank.
(C) Litigation.There is no pending, nor to the knowledge of Sutton Bank, threatened, suit, action, arbitration or other proceedings of a legal, administrative or regulatory nature, or any governmental investigation, against Sutton Bank or any of its Affiliates or any officer, director or employee which has not been previously disclosed to Manager in writing and which would materially and adversely affect Sutton Bank’s financial condition or Sutton Bank’s ability to perform its obligations under this Agreement.
(D) Sutton Bank Marks.Sutton Bank has the legal right to use and to permit Manager to use, to the extent set forth herein, the Sutton Bank Marks.
- 24 -
(E) Intellectual Property Rights.In the event Sutton Bank provides any software or hardware to Manager, Sutton Bank has the legal right to such software or hardware and the right to permit Manager to use such software or hardware, and such use shall not violate any intellectual property rights of any third party.
(F) FDIC Insurance. Sutton Bank’s deposits are insured by the Federal Deposit Insurance Corporation to the full extent permitted by and available under Applicable Law, and no proceeding has been instituted to revoke such insurance.
ARTICLE V.– PROGRAM COMPLIANCE
5.1. Compliance with Applicable Law
Each Party acknowledges and agrees that it shall comply with Applicable Law in the performance of its obligations under this Agreement. Manager agrees that it shall contractually obligate its Distributors, Marketers, and Third Party Service Providers to comply with Applicable Law in the performance any services provided in connection with the Program. Sutton Bank may, if directed by a Regulatory Authority or for continued non compliance terminate this Agreement by giving written notice of termination to Manager, in which case the date of termination shall be as set forth in such notice.
5.2. Compliance Counsel
Sutton Bank may exercise its discretion to obtain legal counsel (“Compliance Counsel”) with expertise in the field of payment instruments to assist Sutton Bank in reviewing, and to advise Sutton Bank with regard to, the compliance with all Applicable Law, and all Program Materials, policies, procedures and guidelines pertaining to the Program.Such Compliance Counsel shall be employed solely by Sutton Bank and retained in that capacity so long as Sutton Bank deems advisable.Manager shall promptly reimburse Sutton Bank for such Compliance Counsel’s actual fees and disbursements for the review and advice beginning after such Compliance Counsel has provided [********] of billable time so advising Sutton Bank, as provided in this Section 5.2, upon presentation by Sutton Bank of statements therefore setting forth such fees and disbursements in reasonable detail; provided, however, that Sutton Bank will notify Manager prior to beginning any individual project or matter after the Effective Date if Sutton Bank believes that the fees and disbursements for such individual project or matter will exceed [********].
- 25 -
5.3. Operating Policies and Procedures
Each Party shall develop written policies and procedures associated with fulfilling its responsibilities and obligations contained herein and required by Applicable Law.
5.4. BSA/AML/OFAC Compliance
(A) Manager’s BSA/AML/OFAC Procedures. Manager shall comply with the applicable provisions of the Bank Secrecy Act (“BSA”) and shall implement the comprehensive Bank Secrecy Act, customer identification, AML, OFAC program (the “BSA/AML/OFAC Procedures”) approved by Sutton Bank from time to time, designed specifically to address the BSA/AML/OFAC risks associated with each Program. Manager shall maintain the BSA/AML/OFAC Procedures, and such other compliance measures, including a system of internal controls, to ensure ongoing compliance with the Bank Secrecy Act, independent annual testing of the BSA/AML/OFAC Procedures, the designation of an individual or individuals responsible for coordinating and monitoring the BSA/AML/OFAC Procedures and periodic training of appropriate personnel. Manager and Sutton Bank shall coordinate complete reviews of the BSA/AML/OFAC Procedures and any other BSA/AML/OFAC guidelines of Manager as it relates to the Programs at least annually, and more frequently when new enforcement trends, regulatory guidance, or changes to Applicable Law suggest that such reviews are advisable in Sutton Bank’s reasonable determination.
(B) Provider of Prepaid Access. Manager shall ensure that each Distributor,and Third Party Service Provider shall register as a MSB as and to the extent required by Applicable Law, including, but not limited to, 31 CFR Parts 1010 and 1022 (“Prepaid Access Rule”). Regardless of whether Manager is required to register as a provider of prepaid access, Manager shall further ensure that Manager and any Distributors deemed to be “sellers” of prepaid access (as defined by the Prepaid Access Rule) comply with the Prepaid Access Rule, the BSA and any other applicable regulations promulgated by FinCEN, including, but not limited to, ensuring that Manager and all sellers of prepaid access comply with suspicious activity reporting, currency transaction reporting, anti-money laundering, and sales monitoring requirements, and maintain all records required under the Prepaid Access Rule and other Applicable Laws.Manager shall promptly accomplish all acts necessary to comply with FinCEN obligations under the Prepaid Access Rule, and shall indemnify and hold Sutton Bank harmless from any fines, penalties or sanctions of any nature resulting from Manager’s not complying with the rule.
- 26 -
(C) Bank BSA/AML/OFAC Requirements. Manager shall further comply with any requirements established by Sutton Bank and provided to Manager to ensure BSA/AML/OFAC compliance by Sutton Bank (“Bank BSA/AML/OFAC Requirements”), as the same may be amended from time to time by Sutton Bank.At a minimum, the Bank BSA/AML/OFAC Requirements include the following:
(i) prior to Activation, with respect to Programs that allow for reloadsby the cardholder or a third party other than the Client, Manager shall obtain, record and verify customer identification information regarding each such Cardholder in accordance with Applicable Law, and shall be responsible for ensuring that each such Cardholder meets Sutton Bank’s Customer Identification Program as required by Applicable Law and the Bank BSA/AML/OFAC Requirements;
(ii) Manager shall comply with all OFAC regulations, including, but not limited to: (1) ensuring that all registered Cardholders are screened at time of registrationin accordance with Applicable Law and the Bank BSA/AML/OFAC Requirements and periodically thereafter as required by Applicable Law through a screening system implemented to comply with OFAC regulations and the Bank BSA/AML/OFAC Requirements, and (2) complying with all OFAC and Sutton Bank directives regarding the prohibition or rejection of unlicensed trade and financial transactions with OFAC specified countries, entities and individuals; and
(iii) Manager shall monitor the usage of products and services offered under each Program to track, review and report any suspicious activity in accordance with Applicable Law and the Bank BSA/AML/OFAC Requirements, including, but not limited to, all obligations to report such suspicious activity to Sutton Bank in accordance with applicable timeframes contained within the Bank BSA/AML/OFAC Requirements, or take such other actions as shall be requested from time to time by Sutton Bank.
(D) To the extent any of Manager’s obligations under this Section are performed by a third party, such third party shall be considered a Third Party Service Provider.
5.5. Disclosure of Key Card Terms
The Parties understand that the fees and substantive terms associated with a Card should be readily available for review by any Person inquiring about a Card.Each Party shall take commercially reasonable steps to ensure that prospective Cardholders have an opportunity to review the Cardholder Agreement if they desire to do so prior to submitting an application for a Card.Manager shall also ensure that customer service representatives and Manager staff and its Distributors are knowledgeable of the fees and substantive terms of each Program.The Parties shall each ensure that the Cardholder Agreement is available on any website administered by the respective Party to support a Program.Manager shall also clearly and conspicuously disclose to the Cardholder and any Applicant for a Card any dormancy fee that may be assessed against each Card, how often such fees may be assessed, the conditions under which a fee may be assessed and that such fee may be assessed for inactivity.
5.6. Privacy Notices
Sutton Bank will prepare and approve a Privacy Notice to be provided to Cardholders on behalf of Sutton Bank that meets Sutton Bank’s privacy policy and otherwise reflects the terms of this Agreement related to ownership and use of Cardholder Data, including Customer Identifying Information, and Manager shall be responsible for providing this Privacy Notice to each Cardholder at Manager’s expense in accordance with Applicable Law, including providing the Privacy Notice in any foreign language through which Cardholders are being solicited via Sutton Bank approved Marketing Materials. In addition, Manager is responsible for preparing and delivering, at its expense, any Privacy Notice that Manager is separately required to provide to Persons under Applicable Law. Manager may choose to support the technological and disclosure requirements necessary to permit the electronic delivery of disclosures upon Cardholder consent consistent with Applicable Law, subject to Sutton Bank’s prior written approval.
- 27 -
5.7. Escheat
Manager shall provide escheat recordkeeping services on Sutton Bank’s behalf for the Programs in compliance with all state unclaimed property laws. Sutton Bank shall remit such unclaimed funds to the appropriate jurisdiction as required under Applicable Law. Manager shall be solely liable for any costs and fines related to any challenge by any Regulatory Authority with respect to escheat or unclaimed property laws, regardless of whether such cost is incurred by or such fines are assessed to Sutton Bank or Manager unless such challenge is related to Sutton Bank’s failure to remit to the appropriate jurisdiction any unclaimed funds following the receipt of accurate records from Manager.Manager shall be liable to Sutton Bank for any amounts claimed by states under unclaimed property laws that represent Breakage that has been previously paid to Manager by Sutton Bank.
5.8. Identity Theft Prevention Program (“IDTP”)
Manager shall develop and implement an IDTP designed to detect, prevent, and mitigate identity theft in connection with the Programs. The IDTP shall be designed to comply with the provisions of 12 CFR 334.90-334.91 and 571.90-571.91 as well as the Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation set forth at Appendix J to 12 CFR Part 334. Manager shall submit the proposed IDTP to Sutton Bank for its prior review and approval.
5.9. Unlawful Gambling
Manager shall adopt policies and procedures to reasonably identify and block transactions related to participation of a Cardholder in illegal internet gambling as provided by the Unlawful Gambling Enforcement Act of 2006 and Regulation GG.
5.10. Regulation E Compliance (12 C.F.R. 1005)
Manager shall adopt policies and procedures to ensure that neither Manager nor any Distributor, Marketer, or Third Party Service Provider participating in the Program markets, labels, displays or otherwise makes, represents or suggests to the public that a Card is or may be used as a “gift card” or “gift certificate” as such terms are defined by 12 C.F.R. 1005.20 if such Cards were not intended for gifting purposes pursuant to the Program Due Diligence Application approved by Sutton Bank.Manager shall further ensure that all Cards that may be are extended the protections under Regulation E to the extent applicable.
- 28 -
5.11. Criticisms, Complaints and Legal Actions
(A) Receipt of Criticism. In the event that a Party receives criticism or complaint in a Regulatory Communication or report of examination or in a related document or specific oral communication from, or is subject to formal or informal supervisory action by, or enters into an agreement with any Regulatory Authority or any Network with respect to any matter whatsoever relating to (including omissions therefrom) the Programs (any such event a “Criticism”), such Party, as applicable, shall advise the other Party in writing of the Criticism received within [********] of receipt and share with the other Party relevant portions of any written documentation, or for oral communications, provide a detailed summary in writing, received from the relevant Regulatory Authority or Network, as applicable, to the extent not specifically prohibited by Applicable Law or the Regulatory Authority or Network. Following receipt of such Criticism, the Parties shall in good faith consult as to the appropriate action to be taken to address such Criticism. Manager shall take all actions deemed necessary by Sutton Bank, in its commercially reasonable discretion, to address the Criticism in the manner and time period specified by Sutton Bank. In the event the Criticism relates to the Programs and any such Criticism requires a written response to any Regulatory Authority with jurisdiction over Sutton Bank, Sutton Bank shall have final approval over the form and content of such response. Sutton Bank may seek specific performance under this Section. In the event the Criticism is directed only to Manager or is from a Regulatory Authority with jurisdiction over Manager, Manager shall have final approval over the form and content of any response required to any Regulatory Authority after consulting in good faith with Sutton Bank.
(B) Complaints and Resolution.
(i) All complaints received by a Party from a Cardholder relating to a Card or its use (“Cardholder Complaint”) that are materialshall be promptly (i)reported to the other Party, and (ii)promptly addressed and resolved by Manager in accordance with Applicable Law and Manager’s complaint procedures, which procedures must be approved in advance by Sutton Bank.
(ii) Upon request, Manager agrees to promptly advise Sutton Bank of the results of any investigation relating to a Cardholder Complaint and provide an audit trail of information pertinent to the matter, all within any timeframes required by Applicable Law, but in no event later than [********]after notice of the Cardholder Complaint.The audit trail of information shall be sufficiently detailed to allow Sutton Bank to fully respond to a Regulatory Authority if such Regulatory Authority inquires about a Cardholder Complaint.
(iii) Each shall provide the other Party with notice and copies of any Executive Complaint within [********] of receipt of such Executive Complaint.Manager shall promptly investigate each Executive Complaint and any similar complaints received by Sutton Bank that are forwarded to Manager and propose an appropriate response.Manager and Sutton Bank shall jointly approve the final responses for all Executive Complaints.
- 29 -
(C) Legal Actions and Requests. Each Party shall promptly notify the other Party of any legal action brought by a third party that may have a material effect on the Program(s).Each Party shall further provide the other Party with prompt notice and copies of all subpoenas, levies, garnishments or other legal requests received by the Party which require the assistance of the other Party in order to provide an accurate response, or which otherwise have a material effect on the Program(s), whether from a governmental authority, Regulatory Authority, private attorney, court or otherwise, relating to a Cardholder, a Card, a Program or this Agreement (“Legal Documents”).Either Party shall provide any assistance reasonably requested by the other Party in order to timely meet the response deadline of any Legal Document.
(D) Records of Program Complaints and Responses. Manager shall catalog and maintain copies of all Criticisms, Regulatory Communications, Legal Documents, Executive Complaints and Cardholder Complaints received by Manager (collectively, “Complaints”), and responses thereto for the period required by Applicable Law or such longer period as specified by Sutton Bank in a written notice to Manager.Manager shall provide Sutton Bank with a quarterly summary of all Complaints in the form and manner determined by or acceptable to Sutton Bank (each, a “Complaint Summary”).Sutton Bank (i) shall have access at all times to pending and closed Complaints and responses, and (ii) in Sutton Bank’s sole discretion, may audit a reasonable number of such Complaints.
5.12. Manager State and Federal Licensing and Registration Requirements
Manager shall obtain and maintain, and shall ensure that each Distributor ,and Third Party Service Provider obtains and maintains, all licenses, registrations, permits and approvals necessary to perform their respective obligations in connection with the Programs in compliance with Applicable Law, including without limitation any state money transmitter licenses. In addition, Manager shall ensure that each Distributor and Third Party Service Provider shall register as a MSB as and to the extent required by federal law. For purposes of compliance with state money transmitter licensing laws, Manager shall ensure that each Distributor is either (i) sponsored by Manager as an authorized delegate pursuant to appropriate agency agreements with Manager, or (ii) appropriately licensed as a money transmitter or check seller or registered as a MSB, as applicable, to the extent required by federal or state MSB, money transmitter or sale of checks laws or the Bank Secrecy Act.
5.13. Network Membership/Registration
Sutton Bank shall (i) remain a member in good standing in the Networks associated with the Programs marketed by Manager on behalf of Sutton Bank, (ii) provide such BINs and similar identifiers necessary in conjunction with such products and services, (iii) register Manager with the Network(s) as a third-party provider (e.g., an Independent Sales Organization with Visa or as a Member Service Provider with Mastercard);(iv) timely pay all normal fees, dues and assessments associated with its membership, and (v) abide in all material respects with the Network Rules.Manager shall fully comply with the terms of any documents and agreements executed with any Network. Manager and Sutton Bank shall deliver to each other, within [********] of receipt, a copy of all notices or correspondence (other than Confidential Information) received from the Networks relating to the Programs marketed by Manager on behalf of Sutton Bank unless such communication is time-sensitive, in which case, such communication shall be delivered as soon as reasonably practicable.
- 30 -
5.14. Network Obligations
Each Party shall take all actions as may be reasonably required from time to time by any Network in connection with maintaining the Programs’ compliance with the Network Rules. Additionally, (i) Manager shall be responsible for all fees, charges, fines, penalties or other costs assessed from time to time by any Network in connection with any Program related to Manager’s acts or omissions, and, if such fees, charges, fines, penalties or other costs are paid by Sutton Bank, then Manager shall reimburse Sutton Bank for all such amounts, and (ii) Sutton Bank shall be responsible for all fees, charges, fines, penalties or other costs assessed from time to time by any Network in connection with any Program related to Sutton Bank’s acts or omissions, and, if such fees, charges, fines, penalties or other costs are paid by Manager, then Sutton Bank shall reimburse Manager for all such amounts.
5.15. FDIC Pass-Through Coverage
With respect to all Cards eligible for pass-through federal deposit insurance coverage, Sutton Bank shall structure the Program Accounts in which Cardholder Funds and Corporate funds are deposited in a manner sufficient to afford Cardholder Funds and Corporate Funds the benefits of pass-through federal deposit insurance coverage under Federal Deposit Insurance Corporation regulations, including taking steps to maintain the Sutton Bank’s books and records in a manner that reflects that such Program Accounts and the Cardholder Funds contained therein are held in a fiduciary capacity on behalf of the relevant Cardholders. Manager shall maintain books and records of Cardholders and Cardholder Funds balances so as to permit the Cardholder Funds on deposit in the applicable Program Accounts to qualify for pass-through federal deposit insurance coverage.In the event the Cardholder Funds in the applicable Program Accounts are no longer eligible for pass-through federal deposit insurance coverage due to a change in Applicable Law or a directive from a Regulatory Authority, Sutton Bank will promptly notify Manager of same.
ARTICLE VI.– DISTRIBUTOR, MARKETER AND THIRD PARTY SERVICE PROVIDER AGREEMENTS
6.1. Development of Distributor and Marketer Group
(A) New Distributor and Marketer Selection. Subject to this Article VI, Manager may from time to time select new Distributors and Marketers to participate in the Programs, following which Manager shall enter into Distribution and Service Agreements with such Distributors and a Marketing Agreement with such Marketers. Manager is hereby authorized to enter into agreements with each Distributor and Marketer which set forth the terms by which such Distributors and Marketers shall be compensated for its marketing and sale of Cards, as applicable.Manager shall be responsible for administering the business relationships with its Distributors and Marketers.
(B) Distributor Approval. No Distributor may participate in the Programs as a Distributor unless:(i) Sutton Bank approves the Distributor’s application; and (ii) Manager and the Distributor (and if applicable, Sutton Bank) execute a Distribution and Service Agreement with Standard Terms that have been approved by Sutton Bank pursuant to Section 6.1(D).
- 31 -
(C) Marketer Approval. Manager shall be entitled to retain Marketers to market the Programs provided that:(i) each such Marketer meets the underwriting guidelines mutually agreed upon by the Parties, as may be amended from time to time; and (ii) Manager and the Marketer execute a Marketing Agreement with Standard Terms that have been approved by Sutton Bank pursuant to Section 6.1(D).
(D) Distributor and Marketing Agreements. Manager will provide to Sutton Bank the following standard terms to be incorporated into its Distribution and Service Agreements and Marketing Agreements for Sutton Bank’s review and approval prior to use: confidentiality and data security obligations, settlement obligations, compliance obligations, Card security obligations, and obligations to obtain Sutton Bank approval for Programs and marketing materials and cooperate in Sutton Bank audits, as and to the extent applicable to Distributors or Marketers (the “Standard Terms”). Any material deviations from the Standard Terms shall require the prior written consent of Sutton Bank, and any such modifications to any Standard Terms after it has been executed by the Distributor or Marketer must be approved by Sutton Bank;such approval shall not be unreasonably withheld or conditioned, and Manager and Sutton Bank agree that it shall not be unreasonable for Sutton Bank to refuse a deviation from the Standard Terms or modification to the Standard Terms of an existing Distribution and Service Agreement or Marketing Agreement if Sutton Bank determines in its commercially reasonable judgment that such deviation or modification could expose Sutton Bank to legal or reputational risk, risk of lawsuit or regulatory action, or otherwise would be inconsistent with Sutton Bank’s risk policies. Manager shall provide to Sutton Bank copies of all executed Distribution and Service Agreements and Marketing Agreements, including all amendments, supplements and modifications thereof, promptly upon Sutton Bank’s written or e-mail request.
6.2. Third Party Service Provider Agreement and Critical Services
A Third Party Service Provider shall not provide services for the Programs unless such Third Party Service Provider is approved by Sutton Bank, nor shall Manager permit or direct a Third Party Service Provider to integrate or communicate with any other third party to provide Critical Services in connection with the Program(s) (with the exception of the Third Party Service Provider’s customary subcontracting relationships maintained in the ordinary course of business) without Sutton Bank’s prior written approval. Manager shall notify Sutton Bank in writing of any changes in Third Party Service Providers at least [********] prior to entering into a contractual relationship with a new Third Party Service Provider and at least sixty [********] prior to terminating any contractual relationship with any existing Third Party Service Provider.No material change in the scope of responsibilities of an approved Third Party Service Provider agreement may be made without Sutton Bank’s prior written approval.For avoidance of doubt, except for Distributers, Marketers and Third Party Service Providers providing Critical Services in connection with this Agreement, Manager may engage a third partyto assist Manager in performing its obligations hereunder without obtaining Sutton Bank’s approval, provided Manager enters into a written agreement with such third party and provides Sutton Bank with the names and services performed by such third parties, as and to the extent reasonably requested by Sutton Bank from time to time.
- 32 -
If Manager engages any Third Party Service Provider, Manager represents, warrants and covenants to Sutton Bank as follows with respect to each such Third Party Service Provider:
(A) It has entered into or will enter into a written agreement with the Third Party Service Provider setting forth the terms of the services to be provided. Such written agreements shall also include the following:
(i) The Third Party Service Provider shall secure and maintain the confidentiality of any Confidential Information such third party obtains from Manager or Sutton Bank consistent with the provisions of this Agreement, and the Third Party Service Provider shall provide Sutton Bank the right to audit compliance with, and indemnify Sutton Bank for, any breach of such provisions.
(ii) The Third Party Service Provider shall submit to any examination which may be required by any Network or Regulatory Authority, to the fullest extent of such Network or Regulatory Authority's authority. The Third Party Service Provider shall also provide to Sutton Bank and/or Manager, as applicable, any information that may be required by any Network or Regulatory Authority in connection with their audit or review of Sutton Bank, Manager, or a Program and shall reasonably cooperate with such Regulatory Authority or Network in connection with any audit or review of Sutton Bank, Manager or such Program. The Third Party Service Provider shall also provide such other information as Sutton Bank, Manager, a Regulatory Authority, or a Network may from time to time reasonably request in connection with its services provided for the Programs. The Third Party Service Provider shall specifically acknowledge that any Regulatory Authority with supervisory authority over Sutton Bank and/or Manager has authority to examine the Third Party Service Provider pursuant to Applicable Law, including the FDIC and such other state and federal Regulatory Authority pursuant to the Bank Service Company Act, and to assess the Third Party Service Provider's ability to perform its contractual obligations. All such information provided by the Third Party Service Provider pursuant to this Agreement shall be treated by Sutton Bank and Manager as Confidential Information pursuant to this Agreement.
(B) Such other provisions as are necessary and appropriate to require the Third Party Service Provider to comply with any provisions of this Agreement that are applicable to the services provided by the Third Party Service Provider.
(C) Any additional provisions required by any Sutton BankProgram Document.
(D) As more fully set forth in Section 3.5 of this Agreement, Manager shall not have the right or permit any Third Party Service Provider to use Sutton Bank's Marks, except to the extent approved in writing in advance by Sutton Bank and then only to provide the services with respect to the Cards in accordance with Sutton Bank's graphic standards.
(E) Notwithstanding Manager's use of a Third Party Service Provider, Manager will remain primarily liable to Sutton Bank for the actions or inactions of any Distributor, Marketer, or Third Party Service Provider in connection with this Agreement. Manager will exercise and document oversight over its Distributor, Marketers, and Third Party Service Provider and shall be responsible for all expenses and compensation amounts owing to such Distributors, Marketers, and Third Party Service Providers. A dispute between Manager and a Distributor, Marketer, or Third Party Service Provider shall not relieve Manager from performing any of its obligations hereunder.
- 33 -
6.3. Changes to Agreements
Sutton Bank may in its commercially reasonable discretion require that Manager modify the Standard Terms in any Distribution and Service Agreement, or Third Party Service Provider agreement, to reflect changes in Applicable Law or in response to a Criticism. In the event such a change occurs, Manager will notify affected counterparties of such change and any related changes in procedures.If such changes will have a material adverse impact on Manager or otherwise require Manager to devote significant resources or incur significant costs or expenses, Manager shall promptly notify Sutton Bank in writing or via e-mail and Manager and Sutton Bank shall meet in good faith to mutually agree upon a resolution.If Manager and Sutton Bank cannot so agree on a resolution, then Manager or Sutton Bank may terminate the applicable Program by providing the other Party with written notice no later than [********] following such the date of such meeting or other date as mutually agreed upon by the Parties. In such case, Manager shall still be obligated to pay [********] unless Manager elects to terminate the entire Agreement pursuant to Sections 10.1 or 10.2.
6.4. Compliance by Distributors, Marketers and Third Party Service Providers
(A) Manager shall assist Sutton Bank by monitoring the conduct of Distributors, Marketers, and Third Party Service Providers and their proper compliance with respect to all aspects of their performance under the Programs, including without limitation their respective compliance with this Agreement, Applicable Laws and their respective Distributor, Marketer, and Third Party Service Provider agreements.
(B) Manager shall reimburse Sutton Bank for Losses incurred by Sutton Bank arising out of Manager’s, a Distributor’s, a Marketer’s, or a Third Party Service Provider’s actions, failures to act or failure to comply with Applicable Law, the Network Rules, this Agreement or the applicable Distributor, Marketer or Third Party Service Provider agreement, to the extent such actions, failures to act or failure to comply relate to the Programs, unless such action or failure results from acting in accordance any policy, procedure or instruction of Sutton Bank.
6.5. Denial or Termination of Distributor, Marketer or Third Party Service Provider
(A) Manager acknowledges and agrees that Sutton Bank’s decision whether to approve or reject any entity that is under consideration to become a Distributor or Third Party Service Provider, and whether to continue permitting any Distributor, Marketer or Third Party Service Provider to participate in the Program, shall be final and that Sutton Bank may direct Manager to terminate any Distributor, Marketer or Third Party Service Provider with respect to the Programs in the event that, in Sutton Bank’s commercially reasonable judgment, such Distributor, Marketer or Third Party Service Provider could expose Sutton Bank to legal, financial, or reputational risk, risk of lawsuit or Criticism, otherwise engages in types of businesses or conduct that is inconsistent with Sutton Bank’s corporate philosophies or risk tolerance, or, in the case of a Third Party Service Provider, fails to perform to reasonable industry standards.
- 34 -
(B) Sutton Bank agrees to notify Manager in writing prior to the effective date of termination of any Distributor or Marketer hereunder which notice will include an explanation of the grounds for the termination. To the extent Manager disagrees with Sutton Bank’s termination decision under this Section, Manager shall have the opportunity to present countervailing facts or positions for reconsideration by Sutton Bank. Sutton Bank shall have sole final discretion on this issue, however. The notice period for termination of any Distributor or Marketer will be, in most instances, [********] prior notice; however, Sutton Bank may require a shorter notice period of [********] when in Sutton Bank’s reasonable judgment additional time beyond [********] would materially increase Sutton Bank’s exposure. In instances involving criminal or illegal activity or fraud, the Distributor or Marketer may be immediately suspended pending the effective termination date.
(C) In the event Sutton Bank determines pursuant to the terms hereof to terminate an existing Distributor, Marketer or Third Party Service Provider, Sutton Bank shall, subject to Applicable Law, cooperate with Manager to (i) transition the applicable service(s) to another Distributor or Third Party Service Provider, approved by Sutton Bank, or Program(s) undertaken with such Distributor or Third Party Service Provider to another issuing bank,or (ii) implement such other action or plan as mutually agreed upon by Sutton Bank and Manager.
6.6. Distributor and Third Party Service Provider Due Diligence, Training and Monitoring
(A) Due Diligence. Prior to referring any entity to Sutton Bank to become, as applicable, a Distributor or Third Party Service Provider, Manager shall perform a due diligence review and document such review of the entity and, as applicable, its principal owners and management, in accordance with any requirements provided by Sutton Bank and, with respect to Third Party Service Providers, as otherwise is consistent with the FFIEC’s IT Examination Handbook (including the booklets therein entitled “Supervision of Technology Service Providers” and “Outsourcing Technology Services”), as such handbook is amended from time to time (collectively, the “FFIEC Handbook”).
(B) Financial and Other Monitoring. Manager shall perform periodic financial monitoring of all Distributors and Third Party Service Providers, such monitoring to be consistent with Applicable Law and the pre-funding risk inherent in the relationship with such Distributor or Third Party Service Provider, including, but not limited to, the Network Rules and, in the case of any Third Party Service Provider, the FFIEC Handbook. Manager shall request Distributors and Third Party Service Providers to furnish Sutton Bank with such financial and other information as Sutton Bank may from time to time reasonably request. Manager shall promptly notify Sutton Bank of any information Manager receives that is reasonably likely to have a material adverse effect on the creditworthiness of any Distributor or Third Party Service Provider or that could affect a Distributor’s, Marketer’s or Third Party Service Provider’s ability to meet its obligations under the Programs. Manager also shall promptly notify Sutton Bank in the event Manager determines that a Distributor, Marketer or Third Party Service Provider is engaged in any activities that Manager believes may be reasonably likely to result in Criticism or material legal, financial or reputational risk to Sutton Bank or Manager or risk of lawsuit against Sutton Bank or Manager.
- 35 -
(C) Security Measures and Controls. Manager shall periodically monitor each Distributor’s and Third Party Service Provider’s operations, policies and procedures, such monitoring to be consistent with the requirements and guidance reflected in the FFIEC Handbook, and shall contractually obligate each Distributor and Third Party Service Provider (to the extent it may have access to Cardholder Data) to have proper security measures in place for the protection of Cardholder Data that are in compliance with Applicable Law, including, if applicable, the PCI-DSS as implemented by the applicable Network.
(D) Training. Manager shall provide to each Distributor and Third Party Service Provider that provides Cardholder-facing services (e.g., call center providers) all necessary and appropriate training and support required to implement the Programs, all in a form and substance reasonably satisfactory to Sutton Bank and in accordance with Applicable Law and standard industry practices as such industry practices may evolve during the term of this Agreement.
(E) Third Party Service Provider Site Certifications. If requested by Sutton Bank consistent with this Section or if required by Sutton Bank or Applicable Law, Manager shall perform periodic site certifications reasonably satisfactory to Sutton Bank of each Third Party Service Provider in order to determine that such entity has proper facilities, equipment, licenses and permits to perform its services related to the Program, in each case in accordance with the criteria established by Sutton Bank and communicated to Manager. Manager shall submit a written inspection report to Sutton Bank in connection with each such site certification in such form as Sutton Bank shall reasonably designate, and Manager warrants that, as of the date of the submission of such inspection report to Sutton Bank, to the best of Manager’s knowledge, the report is true, correct, complete and not misleading. Upon Manager’s determination that any information contained in any such inspection report is materially incorrect, incomplete, or misleading in any way, Manager shall promptly notify Sutton Bank of same.
(F) Secret Shopping. Sutton Bank may from time to time reasonably require Manager to conduct a secret shopper program to monitor sales or distribution of Cards by one or more Distributors in the manner mutually agreed upon by the Parties. Such secret shopping program will be designed to review the Distributor’s Card sales or distribution practices and merchandising.
6.7. Existing Distributors, Marketers and Third Party Service Providers
Manager shall provide Sutton Bank such information as reasonably requested with respect to all Distributors, Marketers and Third Party Service Providers. To the extent Manager has existing relationships with “resellers” that offer Manager’s Cards services to third parties on Manager’s behalf, Sutton Bank agrees to review such “resellers” solely for purposes of determining whether such “resellers” may become approved by Sutton Bank as Distributors hereunder.
- 36 -
6.8. Access to Third Party Service Providers
Manager hereby authorizes Sutton Bank, in connection with Sutton Bank’s routine oversight for the Programs, to (i) communicate directly with any Third Party Service Provider, and (ii) obtain from such Third Party Service Provider any reports and information relating to any Program that Sutton Bank deems necessary or appropriate, and Manager hereby authorizes Third Party Service Providers to communicate directly with Sutton Bank and provide such reports and information to Sutton Bank.
6.9. Expenses and Liability
Unless agreed upon otherwise by the Parties, Manager shall be responsible for all fees and expenses payable to each Distributor, Marketer and Third Party Service Provider, and shall remain liable for any services performed by any Distributor, Marketer and Third Party Service Provider.A dispute between Manager and a Distributor, Marketer or Third Party Service Provider shall not relieve Manager from performing any of its obligations hereunder.
ARTICLE VII.– CARDHOLDER INFORMATION
7.1. Ownership of Accounts, Cardholder Data and Program Materials
Except as otherwise provided in this Agreement, as between the Parties, Sutton Bank shall own all Cardholder Data and Cardholder Accounts, Cardholder Agreements and Program Materials and shall have all rights, powers and privileges with respect thereto subject to Sutton Bank’s agreement hereunder to transfer such records to a new sponsor bank upon termination or expiration of this Agreement. During the Term, Manager may use Cardholder Data as expressly provided in this Agreement and in accordance with the Privacy Notices. Notwithstanding the foregoing, the Parties agree that certain aspects of Cardholder Data shall be deemed to be the joint property and Confidential Information of both Parties (or a Marketer or Distributor, as applicable), to the extent Manager (or the applicable Marketer or Distributor) collects such information from Cardholders in the ordinary course of business and not solely in connection with the Program(s)(“Joint Cardholder Data”). Sutton Bank shall not, directly or indirectly, use, or sell or otherwise transfer any right in or to, the Joint Cardholder Data other than as provided herein or as mutually agreed by the Parties.
7.2. Sharing of Cardholder Data and Program Materials
Notwithstanding anything to the contrary in this Agreement, sharing of any information between Manager and Sutton Bank and the use thereof shall be subject to their respective privacy policies, Security Guidelines and Applicable Law.Subject to the limitations in this Section, upon Manager’s reasonable request, Sutton Bank shall provide Cardholder Data or segments for use by Manager in connection with the discharge of Manager’s obligations or exercise of Manager’s rights under this Agreement or in accordance with the Privacy Policy. Except as provided in Section 7.1, neither Manager nor its Affiliates, Distributors, Marketers, or Third Party Service Providers may without the prior written consent of Sutton Bank disclose Cardholder Data or any segment thereof to any third party or Affiliate, except to the extent permitted by this Agreement or required under Applicable Law. To the extent that Manager discloses Cardholder Data to one or more of its Affiliates, Third Party Service Providers, or Distributors or permits such Affiliate(s), Third Party Service Provider(s), or Distributor(s) to use Cardholder Data in accordance with this Section, Manager agrees to cause such parties to comply with the provisions of this Article VII.
- 37 -
7.3. Data Obtained Independently by Manager
Nothing contained in this Article VII or elsewhere in this Agreement shall apply to, limit or prohibit the use in any manner of, any information or data owned or held by Manager or its Affiliates, or any Third Party Service Provider, Marketer or Distributor, or any of their respectiveAffiliates to the extent such information or data has been independently obtained by Manager or its Affiliates from a source other than Sutton Bank, even if such information or data is duplicative of Cardholder Data.
ARTICLE VIII.– INFORMATION SECURITY AND CONFIDENTIALITY
8.1. Cardholder Data Security
(A) Each Party acknowledges and agrees that this Agreement constitutes an agreement for Manager to perform services for Sutton Bank as contemplated in Title V of GLBA and the Privacy Regulations. Without limiting the generality of the terms of this Agreement, Manager and Processor each agree that they shall protect the privacy of Cardholder Data to at least the same extent that Sutton Bank must maintain that confidentiality under GLBA and the Privacy Regulations.Without limiting the generality of the foregoing sentence, except as otherwise provided in any Program Schedule, neither Manager nor Processor shall:
(i) use any Cardholder Data except to perform its obligations under this Agreement (unless such Cardholder Data is used for Manager’s internal business purposes), or
(ii) disclose any Cardholder Data other than to:
(a) | any Network or any other entity to which disclosure is necessary in connection with the processing a Transaction; |
(b) | a Third Party Service Provider in connection with a permitted use of such Cardholder Data under this Section 8.1, provided that each such Third Party Service Provider agrees in writing to maintain all such Cardholder Data as strictly confidential in perpetuity and not to use or disclose such information to any person other than Sutton Bank, Manager or Processor, except as required by Applicable Law or any Regulatory Authority (after giving Sutton Bank, Manager or Processor, as applicable, prior notice and an opportunity to defend against such disclosure) or as permitted under Sutton Bank’s Privacy Policy; provided, further, that each such Third Party Service Provider maintains, and agrees in writing to maintain, an information security program that is designed to protect Cardholder Data and information related to Transactions, and which complies with the requirements under the Network Rules, including but not limited to the requirement for such Third Party Service Provider, upon termination of any of its associated Card Programs, to securely destroy all Cardholder Data in its possession associated with such Card Program as quickly as circumstances permit in accordance with best industry practices and provide a written notice to Sutton Bank that the destruction of the Cardholder Data has been completed; |
- 38 -
(c) | its employees, consultants, attorneys and accountants with a need to know such Cardholder Data in connection with a permitted use of such Cardholder Data under this Section 8.1; provided that (1) any such person is bound by terms substantially similar to this Section 8.1 as a condition of employment or of access to Cardholder Data or by professional obligations imposing comparable terms; and (2) such Party shall be responsible for the compliance by each such person with the terms of this Section 8.1; or |
(d) | any Regulatory Authority (1) in connection with an examination of any Party; or (2) pursuant to a specific requirement to provide such Cardholder Data by such Regulatory Authority or pursuant to compulsory legal process; provided that such Party seeks the full protection of confidential treatment for any disclosed Cardholder Data to the extent available under Applicable Law governing such disclosure, and with respect to clause (2), to the extent permitted by Applicable Law, such Party (x) provides at least [********] prior notice of such proposed disclosure to the other Parties if reasonably possible under the circumstances, and (y) seeks to redact the Cardholder Data to the fullest extent possible under Applicable Law governing such disclosure. |
(B) During the Term of this Agreement, the Cardholder Data shall be owned by Sutton Bank and shall be subject to Sutton Bank’s privacy policy set forth in each Privacy Notice, and the manner in which such Cardholder Data may be used, shared and disclosed by the Parties during the Term shall be as set forth herein or as addressed in the Program Schedule for each particular Card Program, all in accordance with the Privacy Regulations and Applicable Law.Sutton Bank shall not, directly or indirectly, use, or sell or otherwise transfer any right in or to, the Cardholder Data other than as provided herein or as mutually agreed by the Parties in a Program Schedule.Sutton Bank shall ensure that its privacy policy and each Privacy Notice permits, subject to Applicable Law, (i) Sutton Bank to share Cardholder Data with Manager, Processor, and their respective Third Party Service Providers, and (ii) Manager and Processor to use Cardholder Data in the manner described herein or as permitted by Applicable Law.
- 39 -
(C) With respect to the sharing, use and disclosure of Cardholder Data following the expiration or termination of this Agreement in its entirety or any Program Schedule, Manager shall securely destroy all Cardholder Data in its possession associated with such terminated Program Schedule(s) as quickly as circumstances permit in accordance with best industry practices and provide a written notice to Sutton Bank that the destruction of the Cardholder Data has been completed.
(D) Manager shall establish commercially reasonable administrative, technical and physical safeguards for Cardholder Data in its control or possession from time to time. Such safeguards shall be designed for the purpose of: (i) insuring the security of such records and information, (ii) protecting against any known threats or hazards to the security or integrity of such records and information; and (iii) protecting against unauthorized access to or use of such records and information that would result in substantial harm or inconvenience to any Cardholder; (iv) ensuring the proper disposal of Cardholder Data.Such safeguards shall be established in accordance with Applicable Law, including, without limitation, Section 501 of GLBA and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information adopted pursuant to Section 501 of GLBA.
(E) Subject to any obligations placed upon Manager or Processor by a law enforcement agency, such Party agrees to fully disclose to Sutton Bank any actual or suspected breach in security which results in unauthorized intrusions into such Party's computer and other information systems that may materially affect Sutton Bank and the Cardholders or otherwise may involve the potential unauthorized disclosure, access to, acquisition of, or other loss or use of Cardholder Data, including “sensitive customer information.”As soon as such Party has reason to believe that it has a security breach, and in no event later than [********] after the discovery of any such breach, it shall notify Sutton Bank in writing and provide (to the extent Manager or Processor has the following information):(i) a description of the breach or loss, including the data it occurred, (ii) the number of individuals or accounts affected and their states of residence, (iii) the information accessed, acquired, lost, or misused; (iv) whether the breach or loss was computerized in nature or a paper loss, (v) whether such information was encrypted or unencrypted, (vi) whether encryption keys or passwords may have been compromised,and (vii) a description of the steps taken to investigate the incident, secure systems or recover lost information, and prevent the recurrence of further security breaches or losses of the same type.For purposes of this subsection (E), “Sensitive Customer Information” includes a consumer’s name, address, or telephone number in conjunction with the consumer’s social security number, driver’s license number, account number, credit or debit card number, or a personal identification number or password that would permit access to the customer’s account, or any combination of components of customer information that would allow someone to log onto or access a customer’s account, such as a username and password, or password and account number.In addition, in the event of an actual or suspected breach in security of Manager’s or Processor’s computer or other information systems, such Party agrees to permit an independent qualified third party auditor to perform an investigation (including the installation of monitoring or diagnostic software or equipment) to locate the source and scope of the breach and provide Sutton Bank with any material Sutton Bank–related information that such independent auditor discovers with respect to the breach, all at the expense of Manager or Processor respectively.
- 40 -
(F) Each Party has designed and implemented an information security program that is designed to protect Cardholder Data and information related to Transactions that complies with the requirements under the Network Rules.At all times during the term of the Agreement, each Party shall be in compliance with all information and data security requirements promulgated by the Network and applicable to card issuers (as set forth in the Network Rules) and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (collectively the “Information Security Requirements”), as the same may be revised from time to time.Each Party shall provide the other Parties with copies of all reports on compliance, quarterly and annual status forms and other reports filed by such Party with the Network in accordance with the Network Rules.
8.2. Confidential Information
(A) Each Party acknowledges that it may receive Confidential Information of the other Parties.For purposes of this Agreement, “Confidential Information” includes the terms of this Agreement, any customer information (other than Cardholder Data), financial data and budgetary or proprietary business information, income or sales data or projections, customer lists, business operations, policies, procedures and techniques, advertising summary or tracking reports or other reports generated in accordance with this Agreement, schematics, ideas, techniques, know how, concepts, development tools and processes, procedures, computer printouts, computer programs, design drawings and manuals, and improvements, patents, copyrights, technology, source codes, business methods, trade secrets (including all intellectual property contained in the forgoing, or other intellectual property of any kind or nature, plans for future development and new product concepts, contemplated products, research, development, and strategies. Cardholder Data shall not be Confidential Information, but rather shall be subject to the provisions of Section 8.1 above.The term “Confidential Information” shall not include information which, prior to delivery, (i) wasalready in the recipient Party’s possession; (ii) is or becomes generally available to the public through lawful means, other than as the result of a disclosure by the recipient Party or its representatives; (iii) becomes available to a recipient Party without confidential or proprietary restriction by a third party who rightfully possesses the information without confidential or proprietary restrictions; or (iv) the recipient Party can demonstrate that it was independently developed by such recipientParty.Except as otherwise specifically provided in this Agreement, each Party agrees that it will not, publish, communicate, divulge, or disclose to any person, firm, or corporation any Confidential Information of any other Party, except in the performance of the terms of this Agreement. No Party shall distribute any material labeled as “Visa Confidential” to outside parties without written authorization from Visa. Each Party shall comply with all Applicable Law, including the PCI-DSS, in regards to all Confidential Information and Cardholder Data.
(B) Each Party agrees that it will not use any Confidential Information of any other Party except (i) for the benefit of any other Party, and (ii) as necessary to fulfill its obligations or exercise its rights under this Agreement, and only for such purposes and only for the time that it is necessary to do so, except to the extent it is otherwise permitted under this Agreement.Each Party will take commercially reasonable security precautions, at least as great as the precautions it takes to protect its own Confidential Information and as may be required by Applicable Law, with respect to the Confidential Information of any other Party which it receives and will disclose such Confidential Information only on a need to know basis and only to its subsidiary, agent or subcontractor who is obligated to treat such Confidential Information in a manner consistent with all the obligations of this Agreement.Liability for damages due to disclosure of the Confidential Information by any such third party shall be with the Party that disclosed the Confidential Information to the third party.Each Party shall promptly notify the other Parties upon discovery of any loss or unauthorized disclosure of the Confidential Information of any Party.This Section 8.2 supplements any separate written confidentiality agreement or non–disclosure agreement between any of the Parties, and in the event any such agreement conflicts with the terms hereof, this Agreement shall control.
- 41 -
8.3. Required Disclosures
In the event that the recipient of Confidential Information is requested or becomes legally compelled to disclose any Confidential Information of any other Party) pursuant to a subpoena or court order; a summons, order, demand or other judicial or governmental process issued by a Regulatory Authority; or in connection with any regulatory report, audit, inquiry or other request for information from such a Regulatory Authority; or as required by Applicable Law, it is agreed that such recipient Party will provide the disclosing Party with prompt written notice of such request(s) to enable the disclosing Party to seek a protective order to protect and preserve the confidential nature of the Confidential Information.In such event, each Party agrees that it will furnish only that portion of the Confidential Information which is legally required and will exercise reasonable efforts to obtain reliable assurance that confidential treatment will be accorded to that portion of the Confidential Information and other information which is being disclosed.To the extent the recipient Party is prohibited from notifying the disclosing Party of a subpoena, order, summons or demand, by the terms of same, the recipient Party shall exercise its reasonable efforts to narrow the scope of disclosure as provided in the forgoing sentence. Each Party shall immediately notify the other upon discovery of any loss or unauthorized disclosure of the Confidential Information of any other Party.
ARTICLE IX.– SECURITY BREACHES; DISASTER RECOVERY
9.1. Security Program
In the event that Manager or any Third Party Service Provider accesses, stores, transmits or processes Cardholder Data, Manager shall, and shall require any Third Party Service Providers to, as applicable, establish and maintain appropriate administrative, technical and physical safeguards designed to (i) protect the security, confidentiality and integrity of the Cardholder Data, (ii) ensure against any anticipated threats or hazards to its security and integrity, (iii) protect against unauthorized access to or use of such information or associated records which could result in substantial harm or inconvenience to any Cardholder or applicant, and (iv) ensure the proper disposal of Cardholder Data (collectively, the “Security Program”).At all times during the Term, (i) Manager shall use the same degree of care in protecting the Cardholder Data against unauthorized disclosure as it accords to its other confidential customer information, but in no event less than a reasonable standard of care, and (ii) the Security Program shall be in compliance with Applicable Law, the Security Guidelines and all information and data security requirements promulgated by the Networks and applicable to card issuers (as set forth in the Network Rules), as the same may be revised from time to time.Any material change to the Security Program by Manager shall be approved in advance by Sutton Bank.
- 42 -
9.2. SSAE Report
Manager shall provide to Sutton Bank, and shall cause Processor to provide to Sutton Bank, on an annual basis the Statement on Standards for Attestation Engagements (“SSAE”) No. 18, Reporting on Controls at a Service Organization.Manager shall also provide Sutton Bank with copies of all other reports on compliance, quarterly and annual status forms and other reports filed by Manager with any Network in accordance with the Network Rules, if applicable.
9.3. Testing
Manager’sSecurity Program shall be reviewed and tested internally at least annually, at Manager’sexpense, in order to demonstrate compliance with all Applicable Law, including documented policies and procedures and an internal audit and quality assurance program.Manager shall further cause, at its expense, independent testing of Manager’s or Third Party Service Provider's Security Program, which testing shall include, but is not limited to, penetration testing, vulnerability scans, and a PCI-DSS assessment performed by a qualified security assessor approved by the PCI Security Standards Council.The schedule of such testings, audits and quality reviews shall be provided to Sutton Bank at least annually and results from each such tests, audits or reviews shall be promptly provided to Sutton Bank in writing in accordance with the schedule or upon the request of Sutton Bank.Such testing and review shall be performed by a qualified security assessor approved by the PCI Security Standards Council (a “QSA”). Manager and any Third Party Service Provider will submit to Sutton Bank for approval the name of the QSA engaged to perform the PCI-DSS assessment no later than [********] prior to each annual assessment.
9.4. Security Contact
Each of the Parties has provided to the other party the name and contact information of such Party’s designated primary and secondary “Security Contact” appointed for the purpose of being contacted in connection with (i) any security breach or failure requiring immediate notification to a Party with respect to the unauthorized use or disclosure of Cardholder Data or (ii) any use or disclosure of a Party’s Confidential Information except in the manner permitted by Article VIII.A Party may from time to time change its primary and secondary Security Contact by providing written notice of such change in accordance with the notice requirements herein.In the event a named Security Contact is no longer in the employ of the applicable Party, or is otherwise unable or unwilling to perform the duties of a Security Contact as set forth herein, then a replacement Security Contact shall be named by such Party as soon as possible but in no event later than [********] after the Security Contact has ceased employment with such Party or the occurrence of the event giving rise to such Security Contact’s inability or unwillingness to perform such duties.Each Party shall further ensure that either the primary Security Contact or the secondary Security Contact is available at any given time to fulfill the purposes of this Section, unless otherwise approved in advance in writing by the other Party.
- 43 -
9.5. Storage of Information
Manager will only store Cardholder Data and Program Records at its data center locations which have been approved by Sutton Bank (or in the case of approved Distributors or Third Party Service Providers, the third party address approved by Sutton Bank).Any change of the location of a data center must be approved by Sutton Bank at least [********] in advance of Cardholder Data or Confidential Information being stored at such new location.
9.6. Notification
Manager agrees that in the event there is a breach of security of Manager or any Third Party Service Provider resulting in unauthorized disclosure of Cardholder Data or other Confidential Information of Sutton Bank, Manager will promptly, and in no event later than [********] after the discovery of any such breach, notify the primary, or if unreachable, the secondary Security Contact of Sutton Bank (as identified in Section 9.4) of such breach, the nature of such breach, and the corrective action taken to respond to the breach and shall take all steps at its own expense to immediately limit, stop or otherwise remedy such misappropriation, disclosure or use, including, but not limited to, notification and cooperation and compliance with Regulatory Authority. Manager acknowledges and agrees that in the event of a security breach, Sutton Bank shall engage an assessor to determine the extent of the breach.Manager shall give the assessor access to Manager’s facilities, records and personnel, as requested by the assessor, and shall be responsible for all costs, expenses and fees of the assessor.Manager shall provide to Sutton Bank, upon receipt, any and all reports or documents prepared by or received from the assessor.
9.7. Expense Reimbursement
(A) Manager Reimbursement. If Manager or any Third Party Service Provider suffers a data security breach that results, in Sutton Bank’s sole discretion, in the engagement of Sutton Bank resources to investigate and/or correct the breach Manager shall reimburse Sutton Bank for Sutton Bank’s reasonable expenses with respect to the following, except to the extent that such breach was proximately caused by Sutton Bank’s gross negligence, or willful misconduct or fraud, or breach of Sections 3.4(B) or 3.4(D) of this Agreement:
(i) providing notices and information regarding unauthorized access to Cardholder Data which results in the misuse of such information, or the reasonable possibility that misuse of such information shall occur, involving any Cardholder Data which is attributable, in whole or in part, to Manager or any Distributor, Third Party Service Provider or Manager Affiliate to (i) appropriate law enforcement agencies, Regulatory Authorities and Networks, and (ii) affected Applicants and Cardholders to the extent Sutton Bank deems such notices required by Applicable Law or as Sutton Bank otherwise deems necessary or appropriate in the exercise of its commercially reasonable judgment;
(ii) providing fraud monitoring and consumer report (credit report) monitoring services to affected Applicants and Cardholders to the extent Sutton Bank deems such services to be necessary or appropriate in the exercise of its commercially reasonable judgment; and
- 44 -
(iii) replacing Cards or other access devices if Sutton Bank reasonably determines replacement is necessary as a result of such unauthorized access to Cardholder Data which is attributable to Manager, its Affiliates or Distributors or Third Party Service Providers. Manager shall pay any such undisputed amounts within [********] of its receipt of Sutton Bank’s documentation supporting such expense. Without limiting the foregoing, Manager shall reimburse Sutton Bank for any Losses incurred by Sutton Bank as a result of unauthorized access to Cardholder Data or Confidential Information through Manager or a Distributor or Third Party Service Provider.
9.8. Disaster Recovery Plan
At all times during the Term and for so long as this Agreement remains in effect, Manager shall, and shall require all Third Party Service Providers to, prepare and maintain disaster recovery, business resumption, and contingency plans (“Disaster Recovery Plans”) appropriate for the nature and scope of the activities of and the obligations to be performed by Manager or any Third Party Service Providers hereunder.Manager shall ensure that such plans are sufficient to enable Manager or the Third Party Service Provider to promptly resume, without giving effect to the Force Majeure provisions herein, the performance of its obligations hereunder in the event of a natural disaster, destruction of facilities or operations, utility or communication failures or similar interruption in operations and shall ensure that all material records, including, but not limited to, Cardholder Data, are backed up in a manner sufficient to survive any disaster or business interruption.These plans shall ensure that, without giving effect to the Force Majeure provisions herein, such resumption takes place no later than the timelines set forth in the aforementioned plans.Manager shall make available to Sutton Bank copies of all such Disaster Recovery Plans and shall obtain Sutton Bank’s prior written approval before making any material modifications to such plan.Manager and any Third Party Service Provider shall periodically, and no less than annually, test such Disaster Recovery Plans as may be appropriate and prudent in light of the nature and scope of the activities and operations of Manager and its obligations hereunder.Manager shall further facilitate and cooperate with any requests by Sutton Bank to participate in, monitor or audit the annual testing process of Manager or a Third Party Service Provider under this Section.A complete report of the results of such annual testing shall be promptly provided to Sutton Bank upon request.
ARTICLE X.– TERM AND TERMINATION
10.1. Term
(A) Term. The initial term of this Agreement shall commence on the Effective Date and terminate at midnight on the [********]year anniversary of the Effective Date (the “Initial Term”), unless sooner terminated in accordance with the terms hereof.This Agreement shall be automatically renewed on the same terms and conditions for successive [********]terms (each a “Renewal Term”) (the Initial Term, collectively with anyRenewal Term(s), the “Term”) thereafter, unless any Party provides written notice to the other Parties of its intent not to renew at least [********] prior to the expiration of the Initial Term or any Renewal Term then in effect.
(B) Mutual Consent. This Agreement may be terminated at any time during the Term, without cost or penalty, by mutual consent of Sutton Bank and Manager.
- 45 -
(C) Convenience; Early Termination. lf Manager terminates the Agreement or reduces (other than as a result of account attrition or volume fluctuation in the ordinary course of business) the overall volume of the program for any reason other than pursuant to Section 10.2(B) of the Agreement, Manager shall pay a termination fee based on the time remaining in the Term. Such fee shall be determined by multiplying the average of the monthly [********] received by Sutton Bank during the 6-month period preceding the effective date of termination (or if no monthly invoice has been received, the estimated monthly billing for each Service to be received hereunder) by the percentage set forth in the table below times the remaining months of the term, plus any unamortized fees or third party costs existing on Sutton Bank's books on the date of termination. Upon request by Manager, Sutton Bank shall disclose to Client the amount of any such unamortized fees or third party costs.
[********] | [********] |
[********] | [********] |
[********] | [********] |
[********] | [********] |
[********] | [********] |
[********] | [********] |
(D) Liquidated Damages. The parties agree that Sutton Bank damages incurred as a result of early termination would be difficult or impossible to calculate as of the Effective Date. Accordingly, the amounts set forth in Sections 10.1(C) of the Agreement represent a reasonable pre-estimate of damages and are not a penalty.
10.2. Termination for Cause
(A) By Sutton Bank. In addition to the termination rights set forth elsewhere in this Agreement, Sutton Bank shall have the right to terminate this Agreement, in whole or in part with respect to one or more impacted Programs, prior to the expiration of the Initial Term or any Renewal Term by giving written notice to Manager upon occurrence of one or more of the following events:
(i) Immediately upon notice in the event of a breach or series of breaches by Manager of the Program Documents that are material either individually or in the aggregate, if such breach or breaches are not cured within [********] after receipt by Manager of a written notice from Sutton Bank alleging breach and requiring Manager to cure such breach or breaches;
(ii) Immediately upon notice in the event Manager has failed to pay any amounts to Sutton Bank when due as set forth in the Program Documents, and such amount is not paid within [********]after Manager receives notice of such nonpayment;
- 46 -
(iii) Immediately upon notice in the event (1) Manager is placed into conservatorship or receivership or proceedings are commenced and remain unstayed for a period of at least [********] to wind up, dissolve, liquidate or reorganize Manager, (2) proceedings are instituted against Manager by or before any Regulatory Authority to terminate Manager's license or other regulatory approval or to cause any of Manager's officers or directors to cease and desist from any alleged unsafe or unsound practice, (3) Sutton Bank, in its reasonable discretion, determines that there exists an imminent and material threat to the security of the Sutton Bank Prepaid Card Services or any Network accessed or operated by Sutton Bank, if applicable, as a result of any act or omission by Manager or an agent of Manager, including, without limitation, Manager's failure to comply with any Network Rules with respect to the issuer’s responsibilities for data security verification and certification, which could result in a substantial detriment to Sutton Bank, if applicable; or (4) Sutton Bank, in its reasonable discretion, determines that Manager's failure to comply with any provision of Applicable Law or any other requirements, including licensing requirements, imposed upon Manager by any federal or state governmental authority has resulted in or may reasonably be expected to result in an imminent and material threat to Manager's legal capacity to materially comply with Manager's duties and obligations under the Program Documents; or
(iv) Immediately upon notice in the event that Manager creates circumstances giving rise to a substantial risk of loss and/or harm to the goodwill of any Network if such circumstances are not eliminated within [********] after receipt by Manager of a written notice from Sutton Bank alleging such circumstances and requiring Manager eliminate such circumstances.
(v) Immediately upon direction from any Regulatory Authority or Network to cease or materially limit the exercise or performance of Sutton Bank's rights or obligations under this Agreement.
(vi) Immediately if Manager's practices, any event or circumstance arising, in whole or in part, by Manager creates a substantial risk of loss or harm to Sutton Bank, including but not limited to illegal criminal activity.
(vii) If Manager has failed to maintain the required balances in the Reserve Accounts or a Settlement Failure has occurred in accordance with this Agreement and Sutton Bank has brought the failure to Manager's attention but Manager has not rectified the failure within [********] of receiving notice, provided that in the case of a Settlement Failure where Sutton Bank reasonably determines that insufficient amounts exist in the Reserve Accounts, Sutton Bank may terminate this Agreement if Manager has not deposited sufficient amounts to cure the Settlement Failure and replenish the balance required in the Reserve Accounts within (1) Business Day after Manager's receipt of written notice specifying such failure.
- 47 -
(B) By Manager. Manager may terminate this Agreement at any time during the Term immediately upon notice in the event: (1) of a breach or series of breaches by Sutton Bank of the Program Documents that are material either individually or in the aggregate, if such breach or breaches are not cured [********] after receipt by Sutton Bank of a written notice from Manager alleging breach and requiring Sutton Bank to cure such breach or breaches; (2) Sutton Bank is placed into conservatorship or receivership or proceedings are commenced and remain unstayed for a period of at least [********] to wind up, dissolve, liquidate or reorganize Sutton Bank; (3) proceedings are instituted against Sutton Bank by or before any Regulatory Authority to terminate Sutton Bank's ability to issue prepaid cards or other regulatory approval or to cause any of Sutton Bank's officers or directors to cease and desist from any alleged unsafe or unsound practice and such proceedings remain unstayed for a period of at least [********]; (4) Sutton Bank is no longer an approved issuer of prepaid cards on any Network with respect to which a Card Program exists;(5) Sutton Bank has failed to pay any amounts to Manager when due as set forth in this Agreement or the Program Documents, and such amount is not paid within [********] after Sutton Bank receives notice of such nonpayment; (6) Manager, in its reasonable discretion, determines that Sutton Bank's failure to comply with any provision of Applicable Law or any other requirements imposed upon Sutton Bank by any federal or state governmental authority has resulted in or may reasonably be expected to result in an imminent and material threat to Sutton Bank’s capacity to materially comply with Sutton Bank’s duties and obligations under the Program Documents or this Agreement if such failure is not cured [********] after receipt by Sutton Bank of a written notice from Manager describing the failure in commercially reasonable detailand requiring Sutton Bank to cure the failure;(7) Sutton Bank is determined to be in “troubled condition” (as such term is defined in or interpreted in accordance with Applicable Law); (8) Sutton Bank, together with its Affiliates, accumulates assets that, in the aggregate, are equal to, or greater than, [********] ; or (9)Sutton Bank is prohibited from adding volume to the Programs or adding new Programs in order to gain the volume necessary to achieve the [********] due to a directive from a Regulatory Authority rendered against Sutton Bank provided such directive is not attributable to the Program(s) or the actions or omissions of Manager or any Manager Contractor;provided such directive remains unstayed for a period of at least [********]; and provided Sutton Bank has not agreed to suspend the [********] so long as the directive is outstanding.
(C) Change in Law. In the event that any material change in any Applicable Law, or in the interpretation of such Applicable Law, makes continued performance by any party under the then-current terms and conditions of the Program Documents illegal and the Parties, using their reasonable best efforts, are unable to agree upon modifications to the Program Documents to avoid such illegality, then any Party may terminate this Agreement, without penalty, by written notice to the other Party, which notice will be effective upon the earlier to occur of (i) the 90th day following delivery of the notice to the other Party or (ii) the effective date of such change in Applicable Law. To be effective, any written notice terminating this Agreement pursuant to this Section 10.2(C) must include a detailed explanation and evidence of the illegality created as a result of such change in Applicable Law.
(D) Other Remedies. In the event of any occurrence giving rise to a termination right under Section 10.2(A) above, or if Sutton Bank determines, in its reasonable discretion, that such action is necessary to prevent undue harm to Sutton Bank or Cardholders, Sutton Bank may at its election, without exercising, waiving or limiting such termination right in connection with, such occurrence, elect to require that Manager cease selling or distributing new Cards and entering into new Programs and/or cease issuing new Cards for a Program. In addition, in the event that any Client(s) fails to make any Settlement payment or to maintain a required balance in the Settlement account, Sutton Bank may suspend performance of any Sutton Bank obligations under the Program Documents if such Client fails to make the Settlement payment or maintain the required balance in the Settlement account within [********] after Client receives notification of such failure.
- 48 -
10.3. Effect of Termination or Expiration
(A) Actions to Give Effect to Termination. Upon any termination of this Agreement or expiration of the Term, subject to Section 10.4, Sutton Bank and Manager will, as soon as reasonably practicable, execute such documents and do such things as may be reasonably necessary to give effect to the termination provisions of this Agreement.
(B) Survival of Obligations. Each Party will continue to be responsible for any obligations incurred under this Agreement or the other Program Documents prior to any termination of this Agreement or expiration of the Term, including but not limited to the obligation to pay any amounts that accrued prior to termination or expiration of this Agreement that remain owed to the other party(ies) after such termination or expiration.
10.4. Cessation of Card Sale and Distribution after Termination or Expiration
Subject to Section 10.5, upon any expiration or termination of this Agreement or expiration of any Approved Program, Manager will immediately cease selling or distributing (including the cessation of both direct sales and third party sales through Clients) Cards under this Agreement or the Approved Program, as applicable.
10.5. Wind Down Period; Orderly Transition
(A) General Obligations.Upon the expiration or termination of this Agreement, (i) Manager may elect to either transition one or more Programs to an alternative card issuer designated by Manager (any such institution, a “Successor Bank”) in accordance with Applicable Law and pursuant to Section 10.5(B) or (ii) one or more Programs may be wound down in accordance with Applicable Law and pursuant to Section 10.5(C). Written notice of Manager's decision to exercise this option shall be given within [********]of the date of the notice giving rise to termination hereunder. Each Party acknowledges that the main goals of the Wind Down Period are (in order or priority) (i) to benefit the Cardholders by minimizing any possible burdens or confusion and (ii) to protect and enhance the names and reputations of the Parties, both of whom have invested their names and reputations in the Programs, the Programs and Cards issued hereunder. Unless otherwise required by Applicable Law or any Regulatory Authority, upon the expiration or termination of this Agreement for any reason, the Parties agree to cooperate in good faith to wind down or transition each Program in a commercially reasonable way as soon as reasonably possible to provide for a smooth and orderly transition or wind-down. Such cooperation will include continued acceptance of Cards presented for payment until such Cards expire or are cancelled as set forth below, and continued provision of customer service to all outstanding Cardholders in accordance with the terms of this Agreement up until the Cards expire or are terminated.
(B) Manager Transition Election.In the event that Manager elects to transition one or more Programs to a Successor Bank pursuant to Section 10.5(A), Sutton Bank’s obligations shall include:(i) executing and delivering a transfer agreement containing terms and conditions generally consistent with banking industry practice (including customary representations, warranties and obligations) for the transfer of the Programs and related BINs to the Successor Bank; and (ii) taking all other actions necessary to transfer the Programs and BINs to such Successor Bank.Manager shall reimburse Sutton Bank for all documented out-of-pocket commercially reasonable costs incurred by Sutton Bank in connection with the transfer of the Programs, including, but not limited to, any conversion costs or termination fees payable to any Processor with respect to the Programs, Network fees and charges, Sutton Bank's reasonable attorneys’ fees incurred in connection with the transfer (including attorney's fees incurred with respect to the negotiation, execution and deliverance of a transfer agreement satisfactory to Sutton Bank), the cost of printing and postage for any notifications to Cardholders, and all other out-of-pocket costs and expenses incurred by Sutton Bank in connection with the transfer of the Programs.
- 49 -
(C) In the event the Agreement is terminated in whole or in part by Sutton Bank for cause pursuant to Sections 10.2 above,due to Manager's actions or inactions, Sutton Bank reserves the right to decline Manager's request to transition the Programs to a Successor Bank in Sutton Bank's good faith and sole discretion, and in such event such Programs shall be wound-down in accordance with this Article 10.
(D) Wind-Down Plan. As soon as reasonably practicable after expiration of this Agreement, or receipt of delivery of a termination notice with respect to this Agreement or one or more Programs, Manager shall provide to Sutton Bank in writing a proposed transition or wind-down plan, detailing (i) whether the affected Program(s) are to be wound down or transferred to a Successor Bank; and (ii) a proposed timeline, which shall designate a date as of which the affected Programs shall be wound down or transferred from Sutton Bank to a Successor Bank (“Switchover Date”). Sutton Bank and Manager shall meet promptly thereafter to review such proposed plan and to determine a mutually acceptable transition or wind-down plan (a “Wind-Down Plan”); provided, however, that if Sutton Bank and Manager fail to reach mutual agreement on the Wind-Down Plan within [********], Sutton Bank shall establish a Wind-Down Plan that is appropriate for the affected Program(s) and that is, to the extent practicable, substantially similar to other wind-down plans used by Sutton Bank for other programs similar to the affected Program(s) hereunder, in which case such Wind-Down Plan shall be deemed to be approved by Manager.The wind-down or transition of any affected Program(s) shall occur as soon as reasonably possible and in no event later than one (1) year after expiration of this Agreement; provided, however, that such time period may extended by mutual written agreement of the Parties.Except as specifically set forth in this Agreement or the agreed upon plan for wind-down, each Party shall bear its own out-of-pocket costs and expenses associated with the wind-down of the Programs, except that Manager shall bear any costs and expenses charged by the Networks in connection with the termination of the BIN(s). Notwithstanding the foregoing, if Sutton Bank terminates this Agreement for cause pursuant to Section 10.2 prior to expiration and a wind-down of any Program is required, Manager shall pay or Sutton Bank may withhold from any amounts due to Manager all costs associated with notifying impacted Cardholders, issuing refund checks, and any amounts payable to Processor or other Third Party Service Providers to ensure the provision of their services continue through the end of the wind-down period, and all other out of pocket costs and expenses reasonably incurred by Sutton Bank in connection with the wind-down activities described in this Section. Such costs shall be paid by Manager no later than [********] of receipt of Sutton Bank's invoice therefore.
- 50 -
(E) Wind Down Period General Obligations.During the Wind Down Period, the Parties shall continue to be bound by and comply with the terms of this Agreement and perform all of their obligations hereunder and shall remain liable for the representations and warranties, covenants and indemnification obligations under this Agreement.If Sutton Bank determines in its sole discretion that Manager has failed to continue to provide customer service to the affected Cardholders during the wind-down period in accordance with the terms of this Agreement, Manager shall take all necessary steps to either (i) effect the transfer to Sutton Bank of control of the toll free telephone numbers and websites used by Manager with respect to such Program or (ii) re-direct Cardholders using such telephone numbers and websites to such toll-free telephone numbers and websites as designated by Sutton Bank.
(F) Manager shall ensure that all aspects of the transfer are accomplished in compliance with Applicable Law. Manager shall remain in compliance with all provisions of this Agreement, and the timely payment of all other fees and sums called for under this Agreement through the completion of the Transition Plan.
(G) Further Assurances.Each Party shall; (i) give such further assurances to the Successor Bank and shall execute, acknowledge and deliver all such acknowledgments, assignments and other instruments and take such further action as may be reasonably necessary and appropriate to effectively vest in the Successor Bank the full legal and equitable title to Sutton Bank’s rights in any affected Program(s) being transitioned to the Successor Bank and (ii) make commercially reasonable efforts to assist the Successor Bank in the orderly transition of the sponsorship of the Program. The Parties agree to work in good faith to assure a smooth transition of the Program and continuity of operations with respect to the Program.
(H) Media Notices. Except as required by Applicable Law (including applicable securities laws and the rules promulgated thereunder), in no event will any Party make any public statement or customer communication regarding the termination or wind-down of this Agreement or any Cards or Programs without the express prior written approval of both Sutton Bank and Manager, which approval shall not be unreasonably withheld or delayed. Notwithstanding the foregoing, Manager agrees that Sutton Bank may communicate the termination or expiration of this Agreement with any party with which Manager has contracted to provide any Processing Services, marketing or other service with regard to the Program.
ARTICLE XI.– INDEMNIFICATION AND LIABILITY
11.1. Indemnification Obligation ByManager
Manager covenants and agrees to indemnify and hold Sutton Bank, its Affiliates, and their respective officers, directors, employees, agents, successors and permitted assigns (“Bank Indemnified Parties”) harmless against any Losses, arising out of third party Claims in connection with:
(A) any failure on the part of Manager to perform or comply with any covenant or obligation required to be performed or complied with by Manager under or pursuant to this Agreement,
- 51 -
(B) any inaccuracy, breach or untruthfulness of any representation or warranty made by Manager under or pursuant to this Agreement,
(C) any noncompliance with or violation of any Applicable Laws (including without limitation with respect to Program Materials and Marketing Campaigns), the gross negligence or willful misconduct of Manager, or any of Manager’s Affiliates, employees, officers, directors, Distributors, Marketers, Third Party Service Providers or agents, representatives or independent contractors (all such contractors, agents and representatives, including Distributors, Marketers and Third Party Service Providers, the “Manager Contractors”),
(D) any wrongful acts or omissions of Manager or Manager Contractors in connection with the improper use of Cardholder Data or in connection with the transfer of the Program(s) to a Successor Bank,
(E) any failure on the part of Manager or any Manager Contractor to comply with or discharge any of its or their obligations, liabilities or other amounts due or owing by Manager or such Manager Contractor to any third party, including, in the case of Manager, due or owing to any Manager Contractor,
(F) any unauthorized or fraudulent access to or use of Cardholder Data caused by the action or inaction, or intentional misconduct of an employee of Manager or Manager Contractors, or arising from a security breach to computer systems maintained by Manager or maintained by Manager Contractors on behalf of Manager.
(G) any Losses arising solely from Sutton Bank's failure to comply with the Applicable Law or a direction or requirement from a Regulatory Authority or Network where such failure arose out of Manager’s failure to meet its obligations under this Agreement or to obtain and provide all information to Sutton Bank needed for Sutton Bank to comply, unless Sutton Bank failed to inform Manager of the need for such actions or the need to cease taking such actions; or
(H) any misrepresentation or false or misleading statement made by Manager or Manager Contractors to any Person, Regulatory Authority or legislative body regarding Sutton Bank, a Program, this Agreement or the terms or conditions hereof.
11.2. Limited Exception and Conditions
Manager’s indemnification obligations under Section 11.1 shall exclude any Losses, to the extent such Losses arise directly from (A) an act of fraud, embezzlement or criminal activity by a Bank Indemnified Party, (B) the gross negligence, willful misconduct or bad faith by a Bank Indemnified Party, (C) failure of the Sutton Bank to comply with, or to perform its obligations under, this Agreement, or (D) Losses arising from noncompliance with or violation of any Applicable Law by Manager or a Manager Contractor solely to the extent that such Parties acted in good faith in accordance with Sutton Bank’s written instructions and/or requirements regarding Applicable Law.
- 52 -
11.3. By Sutton Bank
Sutton Bank covenants and agrees to indemnify and hold Manager, Manager Contractors, and each of their respective Affiliates, and their respective officers, directors, employees, agents, and permitted assigns (the “Manager Indemnified Parties”) harmless against any Losses, arising out of third party Claims in connection with:
(A) any failure on the part of Sutton Bank to perform or comply with any covenant or obligation required to be performed or complied with by Sutton Bank under or pursuant to this Agreement,
(B) any inaccuracy, breach or untruthfulness of any representation or warranty made by Sutton Bank under or pursuant to this Agreement,
(C) the gross negligence or willful misconduct of Sutton Bank or its employees, officers, directors, vendors, agents, representatives or independent contractors (excluding Manager or Manager Contractors),
(D) any wrongful acts or omissions of Sutton Bank in connection with the improper use of Cardholder Data or in connection with the transfer of Network responsibilities hereunder to a Successor Bank, in each case excluding any Losses to the extent such Losses arise from the acts or omissions of Manager, including any failure to comply with the terms of this Agreement,
(E) any unauthorized or fraudulent access to or use of Cardholder Data caused by the gross negligence or intentional misconduct of an employee of Sutton Bank or of its Affiliates, or arising from a security breach to computer systems maintained by Sutton Bank or maintained by third parties (other than Manager or a Manager Contractor) on behalf of Sutton Bank; or
(F) any misrepresentation or false or misleading statement made by Sutton Bank or its Affiliates to any Person, Regulatory Authority or legislative body regarding Manager, a Program, this Agreement or the terms or conditions hereof.
11.4. Limited Exception and Conditions
Sutton Bank’s indemnification obligations under Section 11.3 shall exclude any Losses to the extent such Losses arise directly from (A) an act of fraud, embezzlement or criminal activity by a Manager Indemnified Party, (B) the gross negligence, willful misconduct or bad faith by a Manager Indemnified Party, or (C) failure of the Manager to comply with, or to perform its obligations under, this Agreement.
11.5. Defense of Claims
(A) Notice.If any Claim is commenced that may give rise to a right of indemnification, or any knowledge is received of a state of facts which, if not corrected, may give rise to a right of indemnification, the indemnified Party shall give prompt written notice to the indemnifying Party. The failure to give such notice shall not, however, relieve the indemnifying Party of its indemnification obligations except to the extent that the indemnifying Party is actually harmed thereby.
- 53 -
(B) Right to Defend Claim.The indemnifying Party shall have the right to defend any such Claim in its name and at its expense, shall select the counsel for the defense of such Claim as approved by the indemnified Party, which approval shall not be unreasonably withheld or delayed, and shall cooperate with the indemnified Party in the conduct of the defense against such Claim; provided, however, that the indemnifying Party shall not have the right to defend any such Claim if (i) it fails to employ appropriate counsel approved by indemnified Party to assume the defense of such Claim or refuses to replace such counsel upon the indemnified Party’s reasonable request; (ii) the indemnified Party advises the indemnifying Party that there are issues which could raise possible conflicts of interest between the indemnifying Party and the indemnified Party or that the indemnified Party has claims or defenses that are separate from or in addition to the claims or defenses of the indemnifying Party; or (iii) such Claim seeks an injunction or cease and desist order; provided further, that Manager may not, as an indemnifying Party or otherwise, defend against a Claim or select the counsel for the defense of a Claim if the Claim was brought by a Regulatory Authority. If the Parties are unable to resolve the issue, then the matter will be resolved in accordance with Section 12.2. In each such case set forth in this Section 11.5, the indemnified Party shall have the right to direct the defense of the Claim and retain its own counsel, and the indemnifying Party shall pay the cost of such defense, including reasonable attorneys’ fees and expenses.
(C) Indemnifying Party Election. If the indemnifying Party elects and is entitled to compromise or defend such Claim it shall within [********] (or sooner, if the nature of the Claim so requires) notify the indemnified Party of its intent to do so, and the indemnified Party shall, at the expense of the indemnifying Party, cooperate in the defense of such Claim. In such case, the indemnified Party shall have the right to participate in the defense of any Claim with counsel selected by it. Except as provided in this Article, the fees and disbursements of such counsel shall be at the expense of the indemnified Party.
(D) Indemnifying Party Obligation. The indemnifying Party shall have no obligation to pay the monetary amount of the settlement of any Claim entered into by the indemnified Party without the prior written consent of the indemnifying Party (which consent shall not be unreasonably withheld or delayed). Notwithstanding the indemnifying Party’s right to direct the defense against any Claim, the indemnifying Party shall not have the right to compromise or enter into an agreement settling any claim, suit, demand or action without the prior written consent of the indemnified Party (which consent shall not be unreasonably withheld or delayed).
11.6. No Special Damages
UNLESS OTHERWISE AGREED, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER WHETHER IN CONTRACT, TORT, EQUITY OR OTHERWISE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, EVEN IF SUCH PARTY HAS KNOWLEDGE OF THE POSSIBILITY OF SUCH DAMAGES ARISING FROM OR RELATED TO THIS AGREEMENT; PROVIDED, HOWEVER, THAT THE LIMITATIONS SET FORTH IN THIS SECTION SHALL NOT APPLY TO OR IN ANY WAY LIMIT THE INDEMNITY OBLIGATIONS UNDER THIS AGREEMENT.
- 54 -
11.7. Disclaimers of Warranties
ALL SERVICES PROVIDED BY THE PARTIES HEREUNDER ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, AND EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT EACH PARTY SPECIFICALLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, ANY WARRANTY OF MARKETABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE, EACH OF WHICH IS HEREBY EXCLUDED BY AGREEMENT OF THE PARTIES.
ARTICLE XII.– RISK MANAGEMENT
12.1. Insurance
(A) Manager shall maintain (and shall require each Third Party Service Provider to maintain), throughout the Term, an appropriate insurance policy in the name of Manager (or any Third Party Service Provider), the limit of which shall be no less than one million dollars ($1,000,000) per occurrence and two million dollars ($2,000,000) aggregate, for each of the following categories:
(i) a comprehensive general liability policy, including, but not limited to, contractual liability, bodily injury, death and/or property damage;
(ii) a comprehensive crime policy, including employee dishonesty/fidelity coverage, with respect to the work or operations done in connection with this Agreement;
(iii) a comprehensive errors and omissions policy; and
(iv) a workers’ compensation policy in at least the minimum amounts required by any applicable statute or regulation.
(B) In the event Manager stores, transmits or processes Cardholder Data, Manager shall maintain (and regardless shall require each Third Party Service Provider to maintain), throughout the term of this Agreement, an appropriate data security insurance policy in the name of Manager (or any Third Party Service Provider) and naming Sutton Bank as an additional insured, the limit of which shall be, in the case of a Processor, no less than [********]per occurrence and [********] aggregate and, in the case of Manager or any Third Party Service Provider other than a Processor, no less than [********] per occurrence and [********] aggregate, providing coverage in the event of loss of confidential data by Manager (or any subcontractor), including:
(i) theft, dissemination and/or unauthorized disclosure or use of Confidential Information and Cardholder Data (including, but not limited to, account information, social security numbers, and confidential corporation information). Such insurance shall also include coverage for credit monitoring, notification expenses and other related costs associated with mitigating a data security or privacy breach; and
- 55 -
(ii) (introduction of a computer virus into, or otherwise causing damage to, a computer, computer system, network or similar computer-related property and the data, software and programs used thereon.
(C) Each policy required by Section 12.1.(A) and 12.1.(B) must:
(i) be written by insurance carriers that have an A.M. Best rating of “A” or better or are otherwise acceptable to Sutton Bank;
(ii) provide that such policy may not be terminated or materially modified without [********] prior written notice to both Sutton Bank and Manager (or subcontractor); and
(iii) not include any exclusions that would adversely affect coverage regarding any of the obligations of Manager hereunder.
(D) A copy of each policy (including such endorsement) and any certificates of insurance evidencing the existence of such policy, or any other documentation related to the requirements of this Section 12.1 reasonably requested by Sutton Bank, shall be provided to Sutton Bank upon request.
(E) Manager shall promptly provide notice to Sutton Bank in the event Manager receives any notice of nonrenewal or cancellation, lapse, termination or reduction in any insurance coverage required to be maintained pursuant to this Section 12.1.
12.2. Reserve Account
Manager agrees to establish and maintain a Sutton Bank owned, Sutton Bank controlled demand deposit account, which account shall be maintained at Sutton Bank (the “Reserve Account”), as security for all obligations of Manager under this Agreement. The minimum balance in such Reserve Account as of the first day of any month shall be as Sutton Bank may in its discretion reasonably require from time to time, but shall at no time be less than the sum of [********]. The balance in the Reserve Account shall be adjusted on the first Business Day of each month unless Sutton Bank requires that the balance be updated on additional dates during the month due to unexpected or excessive growth of Manager expenses. The funds may be used by Sutton Bank to pay for any Manager obligations associated with the Programs. Manager shall replenish the Reserve Account on a monthly basis for any debits pursuant to this Section 12.2 to maintain the minimum balance. If Manager does not replenish the Reserve Account, Sutton Bank will prevent further funds from being credited to net revenues until such time that the Reserve Account has been replenished. All funds in the Reserve Account shall be returned to Manager as soon as commercially practicable after the termination of this Agreement once all Cards have been terminated or have expired, and any outstanding invoices from Sutton Bank and all amounts due to Sutton Bank have been paid.
- 56 -
ARTICLE XIII.– GENERAL
13.1. Assignment
No Party may assign this Agreement without the express written consent of the other Party, which consent will not be unreasonably conditioned, withheld or delayed.
13.2. Dispute Resolution; Governing Law
(A) In the event of any dispute, controversy, or claim arising out of or relating to this Agreement or the construction, interpretation, performance, breach, termination, enforceability or validity thereof (hereinafter, a “Dispute”), the Party raising such Dispute shall notify the other promptly and no later than sixty (60) days from the date of its discovery of the Dispute. In the case of a Dispute relating to account or Transaction statements or similar matter, the failure of a Party to notify the other Party of such Dispute within sixty (60) days from the date of its receipt shall result in such matter being deemed undisputed and accepted by the Party attempting to raise such Dispute.
(B) The Parties shall cooperate and attempt in good faith to resolve any Dispute promptly by negotiating between persons who have authority to settle the Dispute and who are at a higher level of management than the persons with direct responsibility for administration and performance of the provisions or obligations of this Agreement that are the subject of the Dispute.
(C) This Agreement shall be governed by, construed and enforced in accordance with the laws of the State of Ohio, without regard to that state's conflict of laws principles.Jurisdiction and venue for the formal resolution of any disputes relating to this Agreement shall lie exclusively in the Federal and State Courts of Ohio any such claims shall be governed by Ohio law without giving effect to any choice of law rules. Each Party agrees that service of process in any action or proceeding hereunder may be made upon such Party by certified mail, return receipt requested, to the address for notice set forth herein.
(D) EACH PARTY ALSO, KNOWINGLY AND WILLINGLY, AND FOLLOWING CONSULTATION WITH COUNSEL, HEREBY UNCONDITIONALLY AND IRREVOCABLY WAIVES ANY RIGHT TO A TRIAL BY JURY IN CONNECTION WITH ANY DISPUTE ARISING UNDER THIS AGREEMENT.
13.3. Entire Agreement; Amendments
This Agreement and the other Program Documents constitute the entire agreement of the Parties with regard to the specific subject matter thereof and supersede all prior written and/or oral understandings between the Parties. Except as otherwise expressly provided herein, this Agreement may not be amended, modified or changed in any way except by a written instrument executed by an authorized representative of each Party. Notwithstanding any other term or provision of this Section 13.3, in the event Sutton Bank and Manager agree to establish an additional Approved Program under this Agreement, as described in Section 3.1(F), the terms and conditions of the applicable exhibits to this Agreement will be updated to reflect the terms of the new Approved Program (as reflected in the Sutton Bank approved Program Application Form and on Schedule 1.1 hereto) without further execution by any Party, and such additional Approved Program shall be governed by the terns of this Agreement and the other Program Documents.
- 57 -
13.4. Counterparts
This Agreement may be executed in counterparts, each of which will be deemed an original and both of which together will constitute one instrument.
13.5. Third Party Beneficiaries
This Agreement is for the sole and exclusive benefit of the Parties and nothing in this Agreement will be construed to grant to any Person (other than the Parties, and their respective successors and permitted assigns) any right, remedy or claim under or in respect of this Agreement or any provision hereof; provided however that Sutton Bank's subsidiaries and affiliates used by Sutton Bank in connection with any Program are each intended third party beneficiaries of all rights and protections, including limitations of liability and indemnification, to which Sutton Bank is entitled under theProgram Documents.
13.6. Survival
Upon later of any termination of this Agreement, Switchover Date or any Wind Down Period, the Parties will retain any rights or remedies available to such Party under this Agreement or in law or at equity. Subject to any specific limitations on survival set forth herein, the following Articles and Sections of this Agreement will survive the termination or expiration of this Agreement in accordance with their terms: Sections 13.2 and 13.3, Sections 13.5 through 13.8, Article I, Article IV, Article VII, Article VIII, Article X and Article XI.
13.7. Force Majeure
No Party shall be liable for any failure or delay on its part to perform, and shall be excused from performing any of its non-monetary obligations hereunder if such failure, delay or non-performance results in whole or in part from any cause beyond the absolute control of the Party, including any act of God, act of war, riot, actions of terrorists, earthquake, fire, explosion, natural disaster, flooding, embargo, or sabotage (each a “Force Majeure Event”); provided, however, that the Party suffering the Force Majeure Event shall immediately implement its Disaster Recovery Plan. A Party desiring to rely upon any of the foregoing as an excuse for failure, default or delay in performance shall, when the cause arises, give to the other Party prompt notice in writing of the facts which constitute such cause, and, when the cause ceases to exist, give prompt notice thereof to the other Party. This Section 13.7 shall in no way limit the right of a Party to this Agreement to make any claim against third parties for any damages suffered due to said cause.
13.8. Specific Performance
The Parties acknowledge and agree that the remedy at law for any breach by either Party of its confidentiality covenants and obligations under Article VIII of this Agreement is inadequate and that the non-breaching Party, in addition to any other relief available to it, will be entitled to specific performance by the breaching Party to the extent permitted by Applicable Law.
13.9. Representation
Each Party acknowledges that it has been duly represented by counsel of its choice and fully understands all terms of this Agreement. No assumption or inference will be made or granted based on drawer or drafter of this Agreement, theNetwork Rules, and all other Program Documents.
[Signatures on Following Page]
- 58 -
IN WITNESS WHEREOF, with the intention to be bound by the terms of this Agreement, the Parties have executed this Agreement as of the day and year first above written by causing their respective authorized representatives to sign where indicated below.
Sutton Bank | Cuentas, Inc. | |
By: | By: | |
/s/ J. Anthony Gorrell | /s/ Jeff Johnson | |
Name: | Name: | |
J. Anthony Gorrell | Jeff Johnson | |
Title: | Title: | |
EVP & CFO | CEO | |
Address for Notices: | Address for Notices: | |
Sutton Bank | Cuentas, Inc. | |
1 S. Main St., PO Box 505 | 235 Lincoln Rd., Suite 210 | |
Attica, Ohio 44807 | Miami Beach, Fl 33139 | |
Attn: J. Anthony Gorrell, EVP & CFO | Attn: Jeff Johnson – CEO | |
Facsimile: [********] | and | |
AM Law LLP | ||
10743 SW 104th Street | ||
Miami, FL 33176 | ||
Attn: Gary Murphree, Esq. |
EXHIBIT A
PROGRAM APPLICATION FORM
Program Name: Cuentas Program | Program Manager: Cuentas | |
[**********] | Processor: [**********] | Date: 10 / 29 / 2021 |
PROGRAM FACT SHEET
[**********]
- A-1 -
EXHIBIT B
SUTTON BANK PREPAID CARD SERVICES
1. | Sponsor Programs with Networks, including obtaining all required Network approvals |
2. | Comply with all Network Rules pertaining to issuing financial institution |
3. | Oversee and review all aspects of Programs with respect to compliance with all Applicable Law pertaining to issuing prepaid cards |
4. | Manage Program Accounts |
5. | Implement new programs with Networks |
6. | Issuing Cards for Approved Programs in accordance with the applicable Program Scheduleand Cardholder Agreement |
7. | Approving each Program and Additional Products that may be provided under each Program or any non-financial products or services requiring Sutton Bank approval that may be offered to Cardholders in accordance with the terms of this Agreement |
8. | Approving all new Program Due Diligence Application Forms,Program Schedules, Cardholder Agreements, Program Materials and Marketing Campaigns and any changes to such documents in accordance with Sections3.1(B), 3.1(C), 3.1(F) and 3.1(G) of the Agreement |
9. | In accordance with Section 5.4, approving Manager’s BSA/AML/OFAC Procedures |
10. | Providing Manager with any notifications received from a Network (other than PCI Standards) with respect to any Program or any changes in Network Rules |
11. | Working closely with Manager to develop and enhance the Programs to meet Sutton Bank’s strategic objectives and goals, including by reviewing, assessing and approving in its commercially reasonable discretion, any modifications proposed by Manager |
12. | Upon reasonable request by Manager, providing Manager with any reconciliation reports for each Program Account maintained by Manager at Sutton Bank, and, to the extent Program funds flow through a non-Manager Program Account at Sutton Bank, reconciliation reports for each such Account |
- B-1 -
EXHIBIT C
REVENUE SHARE AND EXPENSE
[********]
[********]
- C-1 -
EXHIBIT D
MANAGER SERVICES
The following is a general description of the Services to be provided by ManageronSutton Bank’s behalf, either in-house or through Third-Party Service Providers.Where an inconsistency exists between the general descriptions of Services to be provided to Sutton Bank under this Agreement and the specific descriptions contained in any other documentation, including correspondence, operations manuals, procedures manuals, or implementation manuals (other than an inconsistency consisting solely of a greater degree of detail in such documentation than in this Agreement), the provisions of this Agreement shall control.No such material change to the Services shall be effective without Sutton Bank’s prior written consent.
Processing all applications and establishing all Cardholder Accounts on behalf of Sutton Bank, including, but not limited to:
- | providing Cardholder Agreements, as applicable; |
- | application of Sutton Bank’s rules to incoming Card applications |
- | submitting to Sutton Bank applications for approval |
- | providing information to Processor to establish the Cardholder Accounts |
- | collecting and maintaining Cardholder identification, as applicable |
- | screening Cardholder applicants for compliance purposes, as applicable |
- | conducting initial review of all Cardholder Accounts to ensure compliance with BSA/AML/OFAC laws and directives, as applicable |
- | authorizing Card Activation |
- | setting of PIN, as applicable |
Card creation, production and shipment, including:
- | Card design |
- | purchase and safekeeping of plastic stock |
- | embossing and encoding of Cards |
- | printing of Card carriers |
- | mailing or other delivery of Cards |
- | preparation and mailing of all other documents required or otherwise to be sent to Cardholders |
- | providing monthly and other periodic account statements, as applicable |
- | customer service in accordance with the terms of this Agreement |
- | all other Program-related mailings to Cardholders including shipping costs and postage |
- | any other services necessary or desirable to effectuate the Program or as agreed upon by Sutton Bank and Manager from time to time |
Back office support functions, including:
- | individual Cardholder Account maintenance |
- | Transaction and payment authorization, decline, processing, clearing and settlement and all accounting relating to Cards |
- | statement preparation and issuance, as applicable |
- | clearing and Settlement |
- D-1 -
- | balancing and reconciling |
- | fraud prevention and security control |
- | data capture and reporting and information management services |
- | providing Sutton Bank with reports detailing transactions and servicing with respect to each Program or Additional Product marketed by Manager on behalf of Sutton Bank as may be mutually agreed upon by the Parties from time to time at no additional cost to Sutton Bank within the reasonable capacity of Manager; |
- | exercising commercially reasonable efforts to monitor changes in Applicable Law related to the Programs and notifying Sutton Bank of any such changes of which Manager becomes aware that may impact Sutton Bank and the Programs in a material manner |
- | providing appropriate notices to Sutton Bank as required hereunder |
- | helpdesk and technical support for Sutton Bank |
Customer Service, including:
- | Cardholder account and Transaction dispute processing and resolution, and any other informal disputes or resolutions as needed from the Cardholder, as promptly as commercially reasonable, and not later than full resolution within applicable legal, regulatory, and Network required timeframes |
- | Lost and stolen Card reporting | |
- | Processing and disbursing Cardholder refunds on behalf of Sutton Bank for each Program in accordance with Applicable Law |
- D-2 -
EXHIBIT E
APPROVED THIRD PARTY SERVICE PROVIDERS
- E-1 -
SCHEDULE 1.1
APPROVED PROGRAMS
Program 1
Program Name/Description
Cuentas Mastercard Prepaid Card
|
||
Issuer
SUTTON BANK
|
Client
CUENTAS, INC.
|
Program Expiration Date
[********]
|
Program 2
Program Name/Description
|
||
Issuer
|
Client
|
Program Expiration Date |
IN WITNESS WHEREOF, each of Manager and Sutton Bank hereby acknowledges and agrees that this Schedule 1.1, executed as of this 26th day of October, 2021, is intended to supplement and be incorporated into that certain Agreement entered into by the Parties as of October 26, 2021.
Sutton Bank | Manager | |||
/s/ J. Anthony Gorrell | /s/ Jeff Johnson | |||
By: | Tony Gorrell | By: | Jeff Johnson –10/29/2021 | |
Title: | EVP, CFO | Title: | CEO |