Common use of Program Policies and Procedures Clause in Contracts

Program Policies and Procedures. (a) The Parties acknowledge and agree that Coastal will oversee and control the Program and ▇▇▇▇ will administer the Program pursuant to policies and procedures as reasonably prescribed by Coastal from time to time and approved by ▇▇▇▇ (such approval not to be unreasonably withheld, conditioned, or delayed), including as more specifically provided in this Section 4.4. (b) ▇▇▇▇ and Coastal shall develop and ▇▇▇▇ shall implement, policies and procedures to comply with all KYC, AML, and IDV rules and regulations applicable to the Customer Accounts under Applicable Law. ▇▇▇▇ shall comply with all Applicable Law pertaining to KYC, AML and IDV in connection with the Program and maintain appropriate record-keeping relating to the foregoing. Such policies and procedures, which shall be in effect prior to enrolling any Customers in a Customer Account, are subject to prior review and approval by Coastal as set forth in Section 2.1. Any material changes to such policies or procedures must be approved in writing in advance by Coastal. If Coastal in its reasonable discretion determines that changes to such policies or procedures are necessary or advisable (including because such policies do not comply with Applicable Law or to comport with the Risk Management Considerations ([**]), Coastal may propose modifications of such policies or procedures upon notice to ▇▇▇▇. Coastal shall deliver written notice to ▇▇▇▇ with the amended policy or procedure attached thereto, together with the reason(s) why such amendment is required. The Parties shall discuss in good faith any additional revisions to such amendment, as applicable. [**] At all times during the Term and as may be required following termination in accordance with this Agreement and Applicable Law, Coastal shall have, and ▇▇▇▇ shall ensure that Coastal has the ability to have, direct access to all CIP/KYC data and information that is implemented, monitored, used, handled, managed, or stored by ▇▇▇▇ or any agreed upon Service Provider of ▇▇▇▇. (c) Prior to enrolling any Customers in a Customer Account, ▇▇▇▇ shall develop, on Coastal’s behalf, and implement an identity theft prevention program (“IDTP”) designed to detect, prevent, and mitigate identity theft in connection with the Program. The IDTP shall be designed to comply with the provisions of 12 CFR 41.90-41.91 and the Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation set forth at Appendix J to 12 CFR Part 41. ▇▇▇▇ shall submit the proposed IDTP to Coastal for its prior review and approval, which approval shall not be unreasonably delayed, conditioned or withheld. If Coastal in its reasonable discretion determines that changes to the IDTP are reasonably required to comply with any Applicable Law or the Risk Management Considerations, Coastal may modify the IDTP subject to ▇▇▇▇’s approval, which shall not be unreasonably withheld, conditioned, or delayed. (d) ▇▇▇▇ shall develop, implement and maintain a comprehensive information security program designed to meet the objectives of the security and confidentiality guidelines of the federal banking agencies’ Interagency Guidelines Establishing

Program Policies and Procedures. (a) The Parties acknowledge and agree that Coastal will oversee the Program, and control the Program and ▇▇▇▇▇▇▇ will administer the Program pursuant to policies and procedures as reasonably prescribed by Coastal from time implemented pursuant to time and approved by ▇▇▇▇ (such approval not to be unreasonably withheld, conditioned, or delayedSchedule 2.1(d), including as more specifically provided in this Section 4.4. (b) ▇▇▇▇ Prosper and Coastal shall develop and ▇▇▇▇ shall implement, policies and procedures to comply with all KYC, AML, and IDV rules and regulations applicable to the Customer Accounts under Applicable Law. ▇▇▇▇ Prosper shall develop, implement, and monitor the policies, procedures, agreements, notices and disclosures set forth on Schedule 2.1(d) as described therein (including, but not limited to, BSA/AML Requirements, KYC and IDV policies and procedures), which shall comply with Applicable Law and which shall be subject to the prior written approval of Coastal. Prosper shall conduct the Program in accordance with Applicable Law (including ensuring compliance with all Applicable Law pertaining to KYCBSA/AML Requirements, AML KYC and IDV in connection with the Program and maintain maintaining appropriate record-keeping relating to the foregoing) and the approved policies implemented pursuant to Schedule 2.1(d). Such policies and proceduresNotwithstanding anything to the contrary in this Agreement, which (i) Prosper shall be in effect prior to enrolling not enroll any Customers in a Customer Account, are subject to prior review and approval by Coastal as the Program until each of the items set forth in Section 2.1. Any material changes to such policies or procedures must be approved in writing in advance Schedule 2.1(d) is agreed upon by Coastal. If Coastal in its reasonable discretion determines that changes to such policies or procedures are necessary or advisable the Parties; (including because such policies do not comply with Applicable Law or to comport with the Risk Management Considerations ([**]), Coastal may propose modifications of such policies or procedures upon notice to ▇▇▇▇. ii) Coastal shall deliver written notice to ▇▇▇▇ with the amended policy or procedure attached thereto, together with the reason(s) why such amendment is required. The Parties shall discuss in good faith any additional revisions to such amendment, be responsible for filing SARs as applicable. [**] At all times during the Term and as may be required following termination in accordance with this Agreement and by Applicable Law; and (iii) to the extent any of the policies, Coastal shall have, and ▇▇▇▇ shall ensure that Coastal has the ability to have, direct access to all CIP/KYC data and information that is implemented, monitored, used, handled, managed, or stored by ▇▇▇▇ procedures or any agreed upon Service Provider of ▇▇▇▇other documentation set forth in Schedule 2.1(d) provide for either Party to implement certain items or take certain actions, said Party shall be responsible for such implementation or action. (c) Prior to enrolling any Customers in a Customer Account, ▇▇▇▇ Prosper shall develop, on Coastal’s behalf, develop and implement an identity theft prevention program (“IDTP”) designed to detect, prevent, prevent and mitigate identity theft in connection with the Program. The IDTP shall be designed to comply with the provisions of 12 CFR 41.90-41.91 and the Interagency Guidelines on Identity Theft Detection, Prevention, Prevention and Mitigation set forth at Appendix J to 12 CFR Part 41. ▇▇▇▇ Prosper shall submit the proposed IDTP to Coastal for its prior review and approval, which approval shall not be unreasonably delayed, conditioned or withheld. If Coastal Coastal, in its reasonable discretion discretion, determines that changes to the IDTP are reasonably required necessary to comply with any Applicable Law or the Risk Management ConsiderationsLaw, Coastal may modify the IDTP subject as necessary for such compliance upon [***] notice to ▇▇▇▇’s approval, which shall not be unreasonably withheld, conditioned, or delayedProsper. (d) ▇▇▇▇ shall develop, implement and maintain a comprehensive information security program designed to meet the objectives of the security and confidentiality guidelines of the federal banking agencies’ Interagency Guidelines Establishing