Common use of SECURITY GUIDELINES Clause in Contracts

SECURITY GUIDELINES. 1. To provide restricted and protected access to the BDB Portal and to ensure secure communications within the BDB Portal Services, THE CUSTOMER will be responsible for following the procedures of authentication and security pre- established by THE BANK for the creation of the password and access to its web page. The password will act as a digital signature for every transaction made by THE CUSTOMER on the BDB Portal. 2. The creation and use of the password must be kept confidential and secure. It is THE CUSTOMER´S responsibility to secure, protect and maintain it in strict confidence. It should never be disclosed to unauthorized person(s) and should not be written down. 3. THE CUSTOMER should never leave the account information displayed in an area accessible by others and should never leave a logged on terminal unattended while using the BDB Portal Service. To prevent unauthorized access, THE CUSTOMER must sign-off the system as soon as the task is finished. 4. The BDB Portal Services has a feature that automatically disables the User ID and/or Password after three (3) consecutive unsuccessful log-on attempts have been made using an incorrect User ID and/or Password. THE CUSTOMER must contact our Operations Department at our toll free line 018000 116061 (dialing in Colombia) or ▇▇▇ ▇▇▇ ▇▇▇▇ (Contact Center Panama) to restore access. THE CUSTOMER will be solely responsible for actions resulting from the use or misuse of his User ID and PASSWORD. 5. THE BANK reserves the right to block access to the BDB Portal Services to maintain or restore security to its site and systems if we reasonably believe THE CUSTOMER´S access codes have been or may have been obtained or are being used or may have been used by unauthorized person(s). It is expressly agreed that if any person makes use of the service with the Password of THE CUSTOMER or his authorized person(s), THE CUSTOMER shall assume the consequences of such transaction(s). 6. The use of the service imposes on THE CUSTOMER and his authorized person(s) the obligation to identify themselves in full in accordance with the THE BANK´S requirements, follow the steps and procedures in force as established by the THE BANK and maintain in strict confidence the reports, codes and procedures which may come to their knowledge through the use of the BDB PORTAL and the PASSWORD. 7. THE CUSTOMER accepts immediately, without reservations, as full proof of the transactions carried out through the BDB PORTAL, each and every one of the magnetic and electronic records containing such data, as well as the amounts recorded, and accepts them as made by him or by his authorized person(s).

SECURITY GUIDELINES. 1. To provide restricted and protected access to the BDB Portal BPMA Internet Services and to ensure secure communications within the BDB Portal ServicesInternet Banking Service, THE CUSTOMER You create a unique User ID and Password to access the BPMA Internet Services during the enrollment process along with personal identifying information that will be responsible for following validated by the procedures of authentication BPMA before activating your service. Your are also required to establish challenge questions to be used as authenticating factors by the Internet Banking Service. For your protection, we encourage you to periodically change your Password. Your User ID, Password and security pre- established by THE BANK for the creation of the password and access to its web page. The password will act as a digital signature for every transaction made by THE CUSTOMER on the BDB Portal. 2. The creation and use of the password challenge questions must be kept confidential and securesecure since these are your Electronic Signatures which provide access to your Eligible Accounts via the BPMA Internet Services. By using the service or by signing the application you are authorizing the Bank to rely on your User ID and Password to identify you when providing banking services to you. It is THE CUSTOMER´S your responsibility to secure, protect and maintain it in strict confidenceconfidence your User ID and Password. It Your User ID and Password should never be disclosed to unauthorized person(s) persons and should not be written down. 3. THE CUSTOMER You should never leave the your account information displayed in an area accessible by others and should never leave a logged on terminal unattended while using the BDB Portal ServiceBPMA Internet Services. To prevent unauthorized access, THE CUSTOMER users must sign-sign off the system as soon as the their task is finished. 4. BPMA retains the right after a period of no activity to automatically log you off the system, but BPMA shall not be liable to you for failure to do so. The BDB Portal BPMA Internet Services has a feature that automatically disables the a User ID and/or Password after three (3) consecutive unsuccessful log-log on attempts have been made using an incorrect User ID and/or Password. THE CUSTOMER The BPMA Internet Services utilizes a security feature that will prompt the user to answer one of their security challenge questions, and you must contact our Operations Department at our toll free line 018000 116061 (dialing provide the correct response to such challenge question(s) in Colombia) or ▇▇▇ ▇▇▇ ▇▇▇▇ (Contact Center Panama) order to restore accessbe restored in the system. THE CUSTOMER will be solely responsible for actions resulting from the use or misuse of his User ID and PASSWORD. 5. THE BANK reserves We reserve the right to block access to the BDB Portal Services Internet Banking Service to maintain or restore security to its our site and systems systems, if we reasonably believe THE CUSTOMER´S your access codes have been or may have been be obtained or are being used or may have been be used by unauthorized person(s). It Notwithstanding our efforts to insure that the Internet Banking Service is expressly agreed secure, you acknowledge that if any person makes use of the service with Internet is inherently insecure and that all data transfers, including electronic mail, occur openly on the Password of THE CUSTOMER Internet and potentially can be monitored and read by others. We cannot and do not warrant that all data transfers utilizing the BPMA Internet Services, the BPMA website, or his authorized person(s)e-mail transmitted to and from us, THE CUSTOMER shall assume the consequences of such transaction(s)will not be monitored or read by others. 6. The use of the service imposes on THE CUSTOMER and his authorized person(s) the obligation to identify themselves in full in accordance with the THE BANK´S requirements, follow the steps and procedures in force as established by the THE BANK and maintain in strict confidence the reports, codes and procedures which may come to their knowledge through the use of the BDB PORTAL and the PASSWORD. 7. THE CUSTOMER accepts immediately, without reservations, as full proof of the transactions carried out through the BDB PORTAL, each and every one of the magnetic and electronic records containing such data, as well as the amounts recorded, and accepts them as made by him or by his authorized person(s).