MBSA Schedule E – ACH Terms

ORIGINATION SERVICES

These ACH Terms are provided in connection with the Master Bank Services Agreement which references these ACH Terms between Program Manager and Evolve Bank & Trust (the “Agreement”). Capitalized terms used but not defined herein have the applicable meanings set forth in the Agreement. If approved by Bank in connection with a Program, Bank will provide Origination Services in accordance with the terms set forth in these ACH Terms and the ACH Guide, and Program Manager shall comply with the terms set forth herein and as set forth in the ACH Guide and the Agreement. Program Manager shall ensure all terms herein related or applicable to or otherwise referencing Program Manager (or its Subcontractor) that may be applicable to an End User are included in the Bank Services Agreement. Notwithstanding anything set forth herein or to the contrary, Program Manager shall only originate (or allow an End User to originate) or submit to Bank transactions that are accepted by Bank as set forth in the ACH Guide. 

(a) General. Bank offers to and Program Manager agrees to use the Origination Services pursuant to the terms herein and in compliance with Applicable Law. In the event of inconsistency between a provision of Article 4A of the Uniform Commercial Code (the “UCC“) and the Agreement, the provisions of the Agreement shall prevail. Program Manager agrees that its ability to originate Entries under the Agreement is subject to: (i) Bank’s approval, (ii) receipt by the Bank of all required and properly executed forms, authorizations, and such other information as Bank may reasonably request from time to time in connection with the Agreement and (iii) Program Manager’s compliance with the terms of the Agreement and all Applicable Laws. Program Manager shall be responsible for all transactions and Entries submitted to Bank under the Agreement, whether in its capacity as an Originator or as a Third-Party Service Provider. Program Manager is prohibited from entering into an ACH origination agreement with any other Originator under the Agreement without Bank’s prior approval.

Bank shall make available to Program Manager, from time to time, its policies, procedures and guidelines governing the use of the Origination Services by Program Manager, as may be amended or supplemented from time to time by Bank (the “ACH Guide”). Notwithstanding any terms set forth herein, Program Manager shall comply and perform all of its obligations under the Agreement in compliance with the ACH Guide. If there is a conflict between the ACH Guide and the Agreement, the ACH Guide shall control. Bank may amend the ACH Guide by providing Program Manager with prior notice of such amendment.

(b) Provision of Origination Services. Bank shall process and settle, in accordance with the provisions of the Agreement, Entries authorized by End Users and provided to Bank by Program Manager. Entries must be submitted to Bank by Program Manager for processing and Settlement in accordance with the Agreement and Bank Policies and procedures governing Originators and Third-Party Service Providers (as defined by the NACHA Rules), as well as any Settlement and cut-off times as set forth in the ACH User Guide. In conveying Entries, payment instructions, and other communications from End Users to Bank, Program Manager is acting as a Third-Party Service Provider. Entries may be submitted by Program Manager pursuant to the Agreement only to the extent they arise as a result of instructions submitted by an End User to Bank through Program Manager Services; provided, however, Bank is under no obligation to process an Entry if it believes such Entry is not authorized pursuant to the Agreement, Applicable Laws, Bank Policies, is prohibited by Regulatory Authority or, in Bank’s reasonable sole determination, such Entry creates safety and soundness concerns and/or any other risk concerns of Bank or ACH network. Program Manager may not initiate IAT Entries (as defined by the NACHA Rules) without Bank’s prior written consent and without entering into an addendum supplementing these ACH Terms relating to IAT Entries. Program Manager may only submit Entries that are within the Bank’s accepted Standard Entry Class Codes (as defined by the NACHA Rules) which are identified in the ACH Guide.

(c) Transmittal of Entries by Program Manager. Program Manager and any Authorized User shall initiate debit or credit Entries hereunder on behalf of the Originator and Program Manager shall ensure such Entries meet the requirements of the Agreement, Bank’s instructions and comply with the formatting and other requirements set forth in the NACHA Rules, the Agreement, and any other documentation provided to Program Manager by Bank. Only Authorized Users may initiate debit or credit Entries hereunder on behalf of Program Manager. Bank shall be entitled to deem any person having knowledge of any Security Procedure, as set forth in the Security Procedures, to be an Authorized User. Program Manager or Authorized User(s) shall transmit or deliver Entries to Bank in computer readable form to the locations(s) specified by Bank.  Entries shall be transmitted to Bank’s designated location not later than the time and the number of days prior to the Effective Entry Date (as defined by the NACHA Rules) specified by Bank or as set forth in the ACH Guide (it being understood that, absent any written instructions from Bank, Program Manager shall transmit such Entries in timely manner to allow Bank a reasonable period to process such Entries prior to the Effective Entry Date).  Program Manager acknowledges it has a copy or has access to a copy of the federal holidays schedule; a copy can be obtained from the Federal Reserve. Entries received after the cut off time shall be deemed to have been received on the next Business Day. The total dollar amount of Entries transmitted by Program Manager to Bank on any day shall not exceed the limit set forth in ACH Exposure Limit, unless otherwise approved by Bank in writing. Program Manager must provide Bank secure access to Program Manager’s system to view the total credit and debit count and dollar amount of each ACH file transmitted to Bank. Program Manager may not reinitiate Entries except as prescribed by the NACHA Rules. Program Manager shall ensure Entries submitted to Bank comply with Applicable Law. Prior to such Entry submission, Program Manager shall ensure all debit or credit authorizations have been obtained as required by Applicable Laws. Subject to and in accordance with Bank Policies, Program Manager agrees to repeatedly and regularly (throughout the day) review and reconcile all Entries, transactions or other communications submitted and received by Bank and confirm the accuracy of such review and reconciliation for each Entry, transaction or communication submitted and received by Bank. Subject to Bank’s prior approval, Program Manager may contract with third parties for services, but shall nevertheless retain all liabilities of an Originator or Receiver (as defined in the NACHA Rules) as set forth in the NACHA Rules.

(d) Credit Approval and Limits. In utilizing the ACH Network in performance of the Agreement, Bank must make certain warranties on behalf of Program Manager. Specifically, Bank is charged with assuring the financial soundness of Program Manager to make the intended Entries. Program Manager agrees that: (i) the Origination Services and the Agreement are subject to the Bank’s assessment and approval of its settlement risk, (ii) that in order to evaluate such risk and for underwriting purposes certain documentation is required from the Program Manager from time to time, and (iii) the Bank shall have the right to reject the application of Program Manager for the Origination Services or continuation of such Origination Services if, in the Bank’s judgment, the information provided by Program Manager is not deemed satisfactory including, without limitation, for purposes of the Bank’s evaluation of its settlement risk. For purposes of the Agreement, “settlement risk” is the risk that a settlement in a transfer system does not take place as expected. Program Manager must submit, upon Bank’s request, audited and unaudited financial statements in the form and manner required by Bank. Bank shall also be authorized to obtain a credit report(s) on Program Manager as may be necessary from time to time. Program Manager agrees that if requested by Bank not more often than as specified in the Bank Policies, Program Manager will complete a self-assessment of Program Manager operations, management, staff, systems, internal controls, training, and risk management practices that would otherwise be reviewed by Bank in an audit of Program Manager. Program Manager. Program Manager will provide Bank a copy of either their SSAE 18 or another independent audit annually, if requested by Bank. If Program Manager refuses to provide the requested financial information, or if Bank concludes, in its sole discretion, that the risk of Program Manager is unacceptable or if Program Manager violates the Agreement or Applicable Law, Bank may suspend or terminate the Origination Services and the Agreement, at its election.

Bank may also assign Program Manager a limit representing the maximum aggregate dollar amount of Entries (including a maximum amount for each SEC Code), as well as In-Process Entries, which may be initiated by Program Manager each day, month and/or year (this and any other transaction or Entry limits contemplated by the Agreement, an “ACH Exposure Limit”). Program Manager acknowledges that the ACH Exposure Limit is solely for the protection of Bank and its assets. Program Manager shall not submit to Bank any Overlimit Entry; provided, however, if Bank receives any Entry from Program Manager that would be considered an Overlimit Entry or that would otherwise cause Program Manager to exceed the ACH Exposure Limit, Bank may, at its sole discretion, honor such Entry. “Overlimit Entry” means an Entry in the amount of which would cause the aggregate amount of In-Process Entries to exceed any applicable ACH Exposure Limit. In addition to the limitations set forth herein, Bank may place additional limits on the amount or the type of Credit Entries or Debit Entries that Program Manager may originate or submit in a file, batch or any single Entry, and may otherwise impose limits as set forth in the ACH Guide. Bank will communicate any limit to Program Manager from time to time and Program Manager hereby agrees to ensure that all Entries originated by Program Manager comply with such limit. Bank will monitor Entries initiated by Program Manager relative to the ACH Exposure Limit across multiple settlement dates. Bank may, in its sole discretion, determine to reject any Entry or file that exceeds the ACH Exposure Limit, that Bank reasonably suspects is fraudulent or unauthorized or for any other reason provided for under the terms of the Agreement. Bank reserves the right to modify each ACH Exposure Limit from time to time at its sole discretion.

(e) Designation of Representative. In order to originate or submit Entries, Program Manager must designate at least one authorized user (each such designated person, an “Authorized User”). Authorized User(s) shall be responsible for designating other users who Program Manager authorizes to issue Entries on its behalf (each to be considered an Authorized User). Bank shall be entitled to rely on the designations made by the Program Manager’s Authorized User(s) and shall not be responsible for matching the names of the Authorized User to names or titles listed in Program Manager’s banking resolutions. Program Manager agrees that any Entries transmitted shall comply with the Security Procedures, which are subject to change without notice to Program Manager.

(f) Processing, Transmittal and Settlement by Bank. Except as provided in Section (g) (“On-Us Entries”) and Section (j) (“Rejection of Entries”), Bank shall (i) process Entries received from Program Manager to conform with the file specifications set forth in the NACHA Rules, (ii) transmit such Entries as an ODFI to the ACH Operator by the deposit deadline of the ACH Operator, provided: (x) such Entries are completely received by Bank prior to the Bank’s cut-off time at the location specified by Bank to Program Manager from time to time; (y) the Effective Entry Date satisfies the criteria provided by Bank to Program Manager; and (z) the ACH Operator is open for business on such day and such day is a Business Day and (iii) settle for such Entries as provided in the NACHA Rules. For purposes of the Agreement, Entries shall be deemed received by Bank, in the case of transmittal by tape, when received by Bank, and in the case of electronic transmission, when the transmission (and compliance with any related security procedures provided for herein) is completed to the Bank’s systems and network. If such requirements are not met, Bank shall use reasonable efforts to transmit such Entries to the ACH Operator by the next deadline of the ACH Operator. Program Manager will hold Bank harmless from all fees and expense that may be incurred by Bank as a result of delivery of any late Entry.

(g) On-Us Entries. Except as provided in Section (j) (“Rejection of Entries”), in the case of an Entry received for credit to an account maintained with Bank (“On-Us Entry”), Bank shall credit the Receiver’s account in the amount of such Entry on the Effective Entry Date contained in such Entry or the deadline specified in the ACH Guide, whichever is later, provided the requirements set forth the Agreement are met. If the requirements are not met, Bank will use reasonable efforts to credit or debit the Receiver’s account in the amount of such Entry no later than the next Business Day following the Effective Entry Date.

(h) Consumer Related Entries. Entries that are initiated, submitted or transmitted by Program Manager that involve a consumer, Program Manager agrees to comply with all Applicable Laws, including, but not limited to, NACHA Rules, Regulation E and EFTA with regards to all authorizations, disclosures and other requirements.

In addition to and subject to the terms of the Agreement, Program Manager acknowledges and agrees that in the event of an unauthorized debit Entry, a consumer Receiver has the right to obtain a refund of the funds debited from the consumer Receiver’s account upon the consumer Receiver sending a written notice to its financial institution  within fifteen (15) days after the consumer Receiver’s financial institution provides information to the consumer Receiver about the debit Entry. Program Manager hereby indemnifies Bank against any claim arising out of or in connection with any refund by any consumer Receiver.

(i) Non-Consumer Related Entries and Refunds for Unauthorized Debit Entries. In the case of credit entries subject to UCC Article 4A (generally, non-consumer entries (entries not covered by Regulation E)), Program Manager agrees and understands that:

(i) entries may be transmitted through ACH;

(ii) the rights and obligations of Originator is governed by the laws of the state of Tennessee;

(iii) credit given by the RDFI to the Receiver is provisional until the RDFI has received final settlement through a Federal Reserve Bank or otherwise has received payment; and

(iv) a payment made by an RDFI to a Receiver is provisional until receipt by the RDFI of final settlement for such Entry and if the RDFI does not receive payment for entry, the RDFI is entitled to a refund from the Receiver in the amount credited to Receiver’s account, and the Originator will not be considered to have paid the amount of the entry to the Receiver.

In the event of an unauthorized debit Entry involving a corporate Receiver, Program Manager acknowledges and agrees that a corporate Receiver has the right to obtain a refund of the funds debited from the corporate Receiver’s account upon the corporate Receiver sending a written notice to its RDFI within two (2) business days following the Settlement Date of the original Entry. Program Manager hereby indemnifies Bank against any claim arising out of or in connection with any refund by any corporate Receiver.

(j) Rejection of Entries. Bank may reject any Entry (i) if the Program Manager and/or Entry does not adhere to or comply the Agreement, ACH Guide, Applicable Law or the Security Procedures set forth in the Security Procedures; (ii) that contains an Effective Entry Date more than two (2) Business Days after the Business Day such Entry is received by Bank (or any other applicable period determined by Bank and communicated to Program Manager); (iii) for any reason for which an Entry may be returned under the NACHA Rules; or (iv) if Program Manager failed to comply with any account balance or prefunding obligations under the Agreement. Bank may (but is not obligated to) notify Program Manager by email or electronic transmission of such rejection no later than the Business Day such Entry would otherwise have been transmitted by Bank to the ACH Operator or, in the case of an On-Us entry, its Effective Entry Date. Any notice of a rejected Entry will be effective when given; provided, however, Bank shall have no liability to Program Manager by reason of the rejection of any such Entry or the fact that such notices are not given. In the event that any Entries are rejected by the ACH Operator for any reason, it shall be the responsibility of Program Manager to remake such Entries. Should the File be rejected due to an error caused by Bank, Bank shall be responsible for remaking the File. In such a case, Program Manager will supply sufficient information to allow Bank to recreate the Entries for up to five (5) Business Days after midnight of the Settlement Date. Any Same Day Entry that does not meet the same day deadline for processing or exceeds the Same Day per item amount, Bank may delay the processing of such Same Day Entry.

(k) Cancellation or Amendment by Program Manager. Program Manager shall have no right to cancel or amend any Entry after its receipt by Bank. However, if a Program Manager request for cancellation or amendment complies with the procedures for canceling or amending Entry data, Bank shall use reasonable efforts to act upon such a request by Program Manager prior to transmitting the Entry to the ACH Operator or, in the case of an On-Us Entry, prior to crediting or debiting a Receiver’s account, but shall have no liability if such cancellation or amendment is not affected. Program Manager shall reimburse Bank for any expenses, losses or damages that Bank may incur in effecting or attempting to affect Program Manager’s request for the cancellation or amendment of an Entry.

(l) Error Detection. Bank may provide Program Manager with a periodic statement reflecting the total of each File transmitted by Bank or credited to a Receiver’s account maintained with Bank. Program Manager shall promptly and regularly review and examine all Entries and other communication received from Bank, including the periodic statement, and notify Bank of any unauthorized or erroneous Entries within a responsible time, not exceeding thirty (30) days from the date that the periodic statement is made available to Program Manager. If the Program Manager fails to deliver such notice, the Program Manager may not assert against the Bank any claim for interest on the amount of the Entries for the period prior to the date that such notice is delivered. If the Program Manager fails to deliver notice to the Bank of any unauthorized or erroneous Entries within nine (9) months from Bank’s issuance of any advice or statement reflecting such Entries, Program Manager is precluded from asserting that the Bank is not entitled to retain the principal amount of the unauthorized or erroneous debit of Program Manager’s account(s).

Program Manager acknowledges and agrees that Bank has no obligation to discover and shall not be liable to Program Manager for errors made by Program Manager or any other Person, including errors made in identifying the Receiver, or an Intermediary or RDFI, or for errors in the amount of an Entry or for errors in Settlement Dates. Bank shall likewise have no duty to discover and shall not be liable for duplicate Entries issued by Program Manager. In the event that Program Manager makes an error or issues a duplicate Entry, Program Manager shall reimburse Bank for any loss, damages, or expenses, incurred by Bank as result of the error or issuance of duplicate Entries.

(m) Prohibited Transactions. Program Manager shall not use or attempt to use the Origination Services (i) to engage in any illegal purpose or activity or to violate any Applicable Law; (ii) to breach any contract or agreement by which Program Manager is bound; (iii) to engage in any internet or online gambling transaction, whether or not gambling is legal in any applicable jurisdiction, unless approved by Bank in writing and subject to any instructions provided to Program Manager by Bank; (iv) to engage in any transaction or activity that is specifically prohibited by the Agreement or ACH Guide or by Bank in writing; or (v) to engage in any activity or business that would result in Program Manager being or becoming a “money service business” as defined in the Bank Secrecy Act and its implementing regulations. Program Manager acknowledges and agrees that Bank has no obligation to monitor Program Manager’s use of the Origination Services for transactions and activity that is impermissible or prohibited under the terms of the Agreement. Notwithstanding, Bank may decline to execute any transaction or activity that Bank believes violates the terms of the Agreement. Program Manager shall not initiate any IAT Entries without first receiving Bank’s prior written approval. If approved by Bank in writing, the Program Manager must sign an IAT addendum in a form approved by Bank.

(n) Notice of Returned Entries. Bank shall notify Program Manager by email or online notification in the form and format as specified in the ACH Guide of the receipt of a returned entry from the ACH Operator no later than one (1) day after the Business Day of such receipt. Except for an Entry retransmitted by Program Manager in accordance with the requirements of Section (c) (“Transmittal of Entries by Program Manager”), Bank shall have no obligation to retransmit a returned Entry to the ACH Operator if Bank complied with the terms of the Agreement with respect to the original Entry. Upon receipt of a return of Debit Entry as unauthorized, disputed or revoked transaction (or any other similar terms), Program Manager will cease transmission of said transactions until a new authorization has been signed by the consumer or until corrections have been made or an authorization has been obtained. Bank has no obligation to originate an Entry where authorization has been revoked.

Insufficient or uncollected funds may be retransmitted no more than two (2) times following the original Entry. All returned Entries must be remedied prior to retransmitting such Entry. Entries must be retransmitted within one hundred and eighty (180) days of the Settlement Date of the original Entry. Entries returned as Stop Payment may not be retransmitted without the consent of the Receiver.

(o) Notifications of Change. Bank shall notify Program Manager of all Notification of Change (“NOC”) Entries or Corrected Notification of Change (“Corrected NOC”) Entry received by Bank relating to Entries transmitted by Program Manager in accordance with the ACH Guide. Bank will provide such information to Program Manager of the Settlement Date of each NOC or Corrected NOC Entry in accordance with the ACH Guide and NACHA Rules. It is the responsibility of Program Manager to make the requested changes within the time period provided for in the ACH Guide or prior to the initiation of the next live Entry, whichever is later with the following exceptions: (i) the Originator may choose, at its discretion, to make the changes specified in any NOC or Corrected NOC relating to ARC, BOC, POP, RCK, XCK and single entry TEL or WEB, (ii) in the case of CIE and credit WEB entries, the Program Manager is responsible for making the changes and (iii) for an NOC in response to a Prenotification Entry, the Originator must make the changes prior to originating a subsequent entry if the ODFI receives the NOC by opening of business on the second Business Day following the settlement date of the Prenotification Entry.  If the NOC is incorrect, Program Manager will generate a refused NOC and deliver it to Bank. If Program Manager does not comply with the requirements to make changes requested by the NOC, Bank may charge Program Manager for any and all NACHA Rule violations fines resulting from such rule infraction or cease processing Entries until the changes are made.

(p) Prenotification. Program Manager, at its option, may send prenotification that it intends to initiate an Entry or Entries to a particular account within the time limits prescribed for such notice in the NACHA Rules. Such notice shall be provided to Bank in the format and on the medium approved by Bank and in compliance with the NACHA Rules. If Program Manager receives notice that such prenotification has been rejected by an RDFI within the prescribed period, or that an RDFI will not receive Entries without having first received a copy of an authorization signed by its customer, Program Manager will not initiate any corresponding Entries to such accounts until the cause for rejection has been corrected or until providing the RDFI with such authorization within the time limits provided by the NACHA Rules.

(q) Return Rates in Excess of Thresholds. In the event the rate of unauthorized returns of Entries, administrative returns of Entries or overall rates of returns submitted by Program Manager exceeds the threshold rates identified in the ACH Guide or NACHA Rules, based on the calculations or measurements provided for in the ACH Guide or the NACHA Rules, Bank will share the data with Program Manager and Program Manager will take immediate steps to revisit its authorization procedures to reduce the unauthorized return rates, administrative return rates or overall return rates below the threshold rate and shall further and in accordance with Bank Policies prepare and submit a written plan and timeline to Bank noting Program Manager’s intended plan to reduce unauthorized returns, administrative returns or its overall return rate. Bank will provide reporting information to NACHA regarding Program Manager if Program Manager’s return rate for unauthorized Entries exceeds the Unauthorized Entry Return Rate Threshold, the Administrative Return Rate Level or Overall Return Rate Level as required by the NACHA Rules.

(r) Reversals of Entries or Files. Program Manager will be responsible for creating Reversing Entries within a NACHA formatted file in compliance with the NACHA Rules. In addition, if Program Manager transmits a Reversing Entry or Reversing File, it shall concurrently deposit into an account designated by Bank an amount equal to that Entry or File. Program Manager must make a reasonable attempt to notify the Receiver of any Reversing Entry initiated to correct any Entry it has initiated in error. The notification to the Receiver must include the reason for the reversal and be made no later than the Settlement Date of the reversing Entry. Except for the reasons explicitly permitted under the NACHA Rules, the initiation of reversing Entries or files because an Originator failed to provide funding for the original Entry or file and/or the initiation of reversing an Entry or file is beyond the time period permitted by the NACHA Rules are explicitly prohibited by NACHA Rules.

(s) Electronic Debit Entries. Provisions may be made for holding accounts to be maintained for posting of any return Debit Items received, as stated elsewhere within the Agreement and the NACHA Rules. In accordance with Bank Policies, Program Manager will provide immediately available funds to indemnify Bank if any Debit Items are rejected after Bank has permitted Program Manager to withdraw immediately available funds, should funds not be available in the applicable Program Account or the Reserve Account to cover the amount of the rejected or returned Entries.

(t) Payment for Credit Entries and Returned Debit Entries. Notwithstanding anything to the contrary, Program Manager agrees to pay Bank for all credit Entries submitted, processed or issued by Program Manager (or any of its Subcontractors or Authorized Users), or credit Entries otherwise made effective against Program Manager or End Users. Program Manager shall make payment at such time on the date of transmittal by Bank of such credit Entries as Bank, in its discretion, may determine (“Payment Date”), and the amount of each On-Us Entry at such time on the Effective Entry Date of such credit Entry as Bank, in its discretion, may determine. Program Manager shall pay Bank for the amount of each debit Entry returned by an RDFI or debit Entry dishonored by Bank. Program Manager shall make payment to Bank in any manner specified by Bank. Notwithstanding the foregoing, Bank is hereby authorized to charge the account(s) held by Bank for Program Manager or any other Program Manager designated account as payment for credit Entries issued by Program Manager or returned or dishonored debit Entries. In the event such accounts do not have sufficient available funds on the Payment Date, Bank is hereby authorized to charge any account maintained by Program Manager with Bank or any other Program Manager-designated account as payment for credit Entries issued by Program Manager or returned or dishonored debit Entries. Program Manager shall maintain sufficient collected funds in Program Manager’s account(s) to settle for the credit Entries on the Payment Date. In the event that no Program Manager account has collected funds sufficient on the Payment Date to cover the total amount of all Entries to be paid on such Payment Date, Bank may take any of the following actions: (i) refuse to process all Entries, or (ii) process all credit Entries. In the event Bank elects to process credit Entries initiated by Program Manager, the total amount of the insufficiency advanced by Bank on behalf of Program Manager shall be immediately due and payable by Program Manager to Bank without any further demand from Bank. If Bank elects to pay Program Manager’s account in the overdraft on any one or more occasions, it shall not be considered a waiver of Bank’s rights to refuse to do so at any other time nor shall it be an agreement by Bank to pay other items in the overdraft. Bank may also charge the Reserve Account for any payments for credit Entries or returned debit Entries.

(u) Prefunding. Bank reserves the right to require Program Manager to pre-fund an account maintained at Bank prior to the Settlement Date of the ACH file. Bank shall determine whether pre-funding is required based on criteria established from time to time by Bank. Bank will communicate directly to Program Manager if pre-funding is required and, if requested by Program Manager, will provide Program Manager with an explanation of its pre-funding criteria. If it is determined that pre-funding is required, Program Manager will provide immediately available and collected funds sufficient to pay all Entries initiated by Program Manager (a) not later than the time instructed by Bank or set forth in the ACH Guide, whichever is earlier, and (b) prior to initiating any Entries for which pre-funding is required.

a. Payroll-only Entries and Payroll Entry Prefunding. Notwithstanding any other requirements set forth in the Agreement, Bank may require, as a condition of initiating any payroll-only Entry (the “Payroll Entry” or “Payroll Entries”), that Program Manager pre-fund an account maintained at Bank for the total amount of all Payroll Entries submitted to Bank for processing at least two (2) business days prior to the effective date of the transactions. (“Payroll Entry Prefunding”). Bank may place a hold on funds in the account(s) held by Bank for Program Manager or any other Program Manager-designated account Program Manager holds with Bank equal to the total amount of the Payroll Entries on the business day that Bank begins processing a Payroll Entry file and Program Manager’s account will be debited on the Settlement Date for such Payroll Entries, simultaneously with removal of the hold on the funds in Program Manager’s account.

Bank reserves the right, in its sole and exclusive discretion, and at any time, to require prefunding under the terms of this Section (u) (“Prefunding”).

(v) Inconsistency of Name and Account Number. The Program Manager acknowledges and agrees that, if an Entry describes the Receiver inconsistently by name and account number, payment of the Entry transmitted by Bank to the RDFI may be made by the RDFI (or by Bank in the case of an On-Us Entry) on the basis of the account number supplied by the Program Manager, even if it identifies a person different from the named Receiver, and that the Program Manager’s obligation to pay the amount of the Entry to Bank is not excused in such circumstances. Similarly, if an Entry describes an RDFI inconsistently by name and routing number, payment of such Entry may be made based on the routing number, and Program Manager shall be liable to pay the amount of that Entry to Bank. Program Manager is liable for and must settle with Bank for any Entry initiated by Program Manager that identifies the Receiver by account or identifying number or by name and account or identifying number.

(w) Data Retention and Reporting. Program Manager shall retain data on file adequate to permit remaking of Entries for the time period specified in the Bank Policies following the date of their transmittal by Bank as provided herein, or as required by NACHA rules, whichever is longer, and shall provide such data to Bank upon its request. Without limiting the generality of the foregoing provisions, Program Manager specifically agrees to be bound by and comply with all applicable provisions of the NACHA Rules regarding the retention of documents or any record, including, without limitation, Program Manager’s responsibilities to retain all items, source documents, and records of consents and authorizations in accordance with the NACHA Rules. Program Manager agrees that all telephone conversations or data transmissions between Program Manager (or any Authorized User) and Bank made in connection with the Agreement may be electronically recorded and retained by Bank by use of any reasonable means. Program Manager must provide Bank with reports on each Originator’s ACH processing activity on at least a weekly basis in a format agreed upon by both Parties. The reports must include, at a minimum, (i) the count and amount of credit and debit Entries, (ii) the Unauthorized Return Entry Rate in total and by SEC Code calculated in compliance with the NACHA Rules, (iii) the Administrative Return Rate and Overall Return Rate in total and by SEC Code calculated in compliance with the NACHA Rules, and (iv) any additional reporting that may be required by Bank.

(x) Evidence of Authorization. Program Manager will obtain all consents and authorizations for all Entries. Such authorizations and any related disclosures shall comply with (i) all requirements of the NACHA Rules and (ii) all Applicable Law, including, without limitation, any applicable requirements of Regulation E, the Federal Electronic Funds Transfer Act, and sanctions enforced by OFAC. Program Manager shall obtain and maintain current information regarding OFAC enforced sanctions. (This information may be obtained directly from the OFAC Compliance Hotline at (800) 540-OFAC or by visiting the OFAC website at ustreas.gov/ofac.) Program Manager shall ensure each Entry is and will be made according to such authorization and shall comply with the NACHA Rules. Program Manager will not initiate any Entry after such authorization has been revoked or the arrangement between a customer and Receiver or other party has terminated. Program Manager shall retain all consents and authorizations for the period required by the NACHA Rules. Program Manager will, within one (1) Business Day of Bank’s or Furnisher’s request, furnish to Receiver, or to Bank an original or a copy of any transaction authorization requested by Receiver or Bank. No investigation or verification procedure undertaken by Bank shall be deemed to limit or waive Program Manager’s obligations under the Agreement.

(y) ACH Audits; Risk Management and Risk Assessments.

a. ACH Audits. At least once per year and prior to the date specified in the NACHA Rules, Program Manager shall provide Bank with an ACH audit performed by a qualified third party approved by Bank in accordance with NACHA Rules. The audit must assess Program Manager’s compliance with the NACHA Rules and must be maintained for review by Bank for not less than six (6) years. Program Manager agrees to provide documentation supporting such audit within the time period specified in the Bank Policies from a request from Bank. Any exceptions noted on the audit reports will be addressed with the development and implementation of a corrective action plan by Program Manager’s management in accordance with the Agreement and with the timeframes specified in the Bank Policies. The Program Manager shall retain data on file adequate to permit remaking of Entries for the timeframe specified in the Bank Policies following the date of their transmittal by Bank as provided herein and shall provide such data to Bank upon its request.

b. Risk Management System and Risk Assessments. Program Manager shall implement a risk management system on or prior to the Effective Date and shall maintain a risk management system throughout the Term of the Agreement (the “Risk Management System”). In accordance with Bank Policies, at least once per year, Program Manager shall provide Bank with a risk assessment performed by a qualified third party in accordance with NACHA Rules (“Risk Assessment”) periodically, but, in no event, shall Program Manager provide such Risk Assessment less than at least one per year and by the date specified in the ACH User Guide or NACHA Rules. The Risk Assessment must consist of a comprehensive evaluation of Program Manager’s ACH policies, procedures, processes, operations and activities against potential risk vulnerabilities (including, but not limited to, potential threats to its operations, controls, access points and other potential risk vulnerabilities) and shall take into consideration IT security, continuity plans, implementation of Program Manager’s Risk Management System, compliance with NACHA Rules, Applicable Law, regulatory guidelines, industry standards and oversight of any Program Manager Subcontractor.   The Risk Assessment must be maintained for review by Bank for not less than the period specified in Bank Policies. Program Manager agrees to provide documentation supporting such Risk Assessment within the timeframe specified in the Bank Policies.

(z) Additional Limits. Program Manager agrees that Bank will not process an Overlimit Entry. Bank will suspend any Overlimit Entry submitted by Program Manager and may, following its receipt of an Overlimit Entry, suspend all In-Process Entries. Program Manager acknowledges that any Overlimit Entry or other In-Process Entries suspended by Bank will not settle on their scheduled Settlement Date. If Program Manager wishes to initiate an Entry that would cause the amount of In-Process Entries to exceed the ACH Exposure Limit, Program Manager may submit to Bank its request to initiate an Entry that otherwise would be an Overlimit Entry. Program Manager must submit its request at least two (2) banking days prior to the date on which Program Manager wishes to initiate the Entry that otherwise would be an Overlimit Entry. Bank may require from Program Manager financial or other information in connection with Bank’s consideration of the request. Bank may grant or deny Program Manager’s request at its sole discretion. In addition to the foregoing, Bank generally reserves the right to limit the nature and amount of the preauthorized debit/credit Entries processed under the Agreement or to refuse to process any debit/credit Entries under the Agreement if, in Bank’s sole judgment (i) there is reasonable cause to believe that any Entry will be returned or will not settle in the ordinary course of the transaction for any reason, (ii) to do otherwise would violate any limit set by the applicable clearing house association or any governmental authority or agency to control payment system risk, or (iii) a preauthorized credit Entry or the return of a preauthorized debit Entry would create an overdraft of Program Manager’s account(s). Bank may limit the transactions initiated by Program Manager to specific SEC Codes. Program Manager may not reinitiate entries except as prescribed by the NACHA Rules. PROGRAM MANAGER HEREBY INDEMNIFIES AND HOLDS HARMLESS THE BANK FOR ANY LOSSES, DAMAGES, FINES, ASSESSMENTS, COSTS AND EXPENSES INCURRED BY BANK ARISING FROM ANY SUSPENDED OR UNPROCESSED OVERLIMIT ENTRIES OR ANY IN-PROCESS ENTRIES THAT MAY BE SUSPENDED PURSUANT TO THIS SECTION (z) (“Additional Limits”).

(aa) NACHA Rules. Compliance with NACHA Rules. Program Manager acknowledges it has a copy or has access to a copy of the current NACHA Rules, which may also be purchased online at www.nacha.org. At all times, Program Manager, in performing its duties and obligations under the Agreement, whether or not an Entry is sent through the ACH Network, shall comply with and be bound by Applicable Law, including, but not limited to, NACHA Rules and shall ensure that each Entry originated or submitted complies with Applicable Law, including but not limited to sanctions enforced by OFAC. (including obtaining information regarding such OFAC enforced sanctions) and the ACH Guide. Program Manager agrees that the performance of any action by Bank hereunder, including debiting or crediting an account or transfer funds otherwise, is excused from the performance of such action to the extent that the performance is inconsistent with Applicable Law. Program Manager agrees and warrants to Bank that all actions by Program Manager, Authorized Users and Program Manager’s Subcontractors, including the preparation, transmittal, and settlement of Entries and payment orders, shall comply in all respects with Applicable Law and the Agreement. Bank will charge Program Manager with any fines or penalties imposed by any Regulatory Authority or any organization which are incurred as a result of the actions or omissions of the Program Manager, an Authorized User, Program Manager’s Subcontractor, Receiver or Originator and Program Manager agrees to fully reimburse and/or indemnify Bank for such charges or fines assessed against or incurred by the Bank. The specific duties of Program Manager provided in the Agreement in no way limits the foregoing undertaking. The Bank reserves the right to suspend Program Manager and any Originator for breach of the NACHA Rules or to terminate the Agreement pursuant to Section 31 (“Term and Termination”) of the Agreement. The Bank reserves the right to audit Program Manager’s (or any Originator’s or Subcontractor’s) compliance with the Agreement and with the NACHA Rules.

NACHA, in its role of ensuring the safety, security, and viability of the ACH network has determined that certain single-use or limited-use consumer authorizations have the potential to increase risk in the ACH system and compromise system effectiveness by increasing the incidence of returned Entries. Therefore, Program Manager hereby warrants to Bank that for each such ACH Entry submitted for processing, Program Manager has obtained all authorizations from the Receiver as required by the NACHA Rules, by Regulation E or other applicable law, and the Agreement. Program Manager also makes the additional warranties to Bank that Bank makes to each RDFI and ACH Operator under the NACHA Rules for the respective SEC codes for Entries originated by Program Manager. PROGRAM MANAGER INDEMNIFIES AND HOLDS BANK HARMLESS FROM ANY LIABILITY ARISING OUT BREACH OF THESE WARRANTIES.

(bb) Third-Party Senders and Nested Third-Party Senders. Program Manager is prohibited from operating as a Third-Party Sender or entering into an ACH origination agreement with any Third-Party Sender or a “nested” Third-Party Sender in connection with the Agreement. The NACHA Rules contain special requirements and impose additional obligations on Bank when it acts as an ODFI with respect to Entries a program manager sends as a Third-Party Sender. Subject to Bank’s prior approval and in its sole discretion, Program Manager may elect to use the services provided hereunder as a “Third-Party Sender” (as defined under the NACHA Rules) to submit Entries to Bank on behalf of End Users, who may or may not be Bank customers (defined as a “Nested Third-Party Sender” under NACHA Rules). Program Manager shall execute any such other agreement(s) or documents as Bank deems necessary or appropriate prior to the initiation or continuation by Program Manager of any ACH services in the capacity of a Third-Party Sender or in connection with any Nested Third-Party Sender. Program Manager agrees that Bank retains the right to reject any request by Program Manager to engage in Third-Party Sender and/or Nested Third-Party Sender activities as well as any Entries initiated by Program Manager in such a Third-Party Sender capacity or in connection with any Nested Third-Party Sender, in Bank’s sole discretion. Program Manager understands that Bank must register Program Manager as a Third-Party Sender with NACHA and agrees to fully cooperate in that process.

(cc) Program Manager as Receiver. If Program Manager is the Receiver of an Entry or other funds transfer, and Bank does not receive final settlement for any payment made to Program Manager by the Receiving Depository Financial Institution, Program Manager acknowledges and agrees that Program Manager is obligated to Bank for the amount of the payment order and Bank is authorized to charge Program Manager’s account(s) held at Bank or otherwise designated by Program Manager for any amount paid to Program Manager.  If Bank credits Program Manager’s account for an Entry or other funds transfer naming Program Manager as the Receiver, such credit Entry to Program Manager’s account is not acceptance of the funds transfer by Bank until at least after the opening of business on the banking day after the credit Entry is made to the account. Notwithstanding the foregoing, Bank may make funds available to the Program Manager at an earlier time at Bank’s option. Bank has no obligation to notify Program Manager of receipt of a funds transfer naming Program Manager as the Receiver even if payment for the funds transfer to Program Manager is made by credit to Program Manager’s account or the payment order directs payment to an account.

(dd) Standard Entry Class Code Entries. Notwithstanding anything set forth herein or to the contrary, Program Manager shall only process or submit to Bank Entries that qualify as an SEC Code set forth under these ACH Terms and subject to the terms and conditions applicable to such SEC Code set forth in these ACH Terms, the ACH Guide and the Agreement. Program Manager is not authorized to process or submit Entries with an SEC Code not provided for under these ACH Terms, unless approved by Bank in writing and subject to any supplemental terms applicable to such SEC Code. If Bank authorizes Program Manager to submit to Bank, or if Program Manager processes using the Origination Services, or otherwise originates any SEC Code Entry, Program Manager (i) will comply with all rules, Applicable Law, the terms of the Agreement and terms and conditions applicable to such SEC Code set forth in these ACH Terms; (ii) hereby makes all representations and warranties, set forth in the NACHA Rules for each SEC Code; and, (iii) will take all such actions and obtain all consents and authorizations required under the NACHA Rules that would allow Bank to meet its obligations as ODFI of such Entries. Bank reserves the right to reject any Entry or group of Entries that are not authorized by Bank. If Bank requires a test file be created prior to origination of Entries hereunder, Program Manager agrees to create such test file in accordance with Bank’s standard processes and procedures.

(i) Eligible Source Documents for SEC Codes ARC, BOC, POP. Unless where otherwise provided for in the Agreement, Program Manager will use eligible source documents in connection with any transaction initiated using a SEC Code of ARC, BOC, POP, RCK that contain the following: (i) pre-printed serial number, (ii) contain an amount of $25,000 or less (or in the case of RCK, contain an amount less than $2,500); and, in the case of an ARC or BOC Entry, such source document must (iii) be completed and signed by the Receiver.

(ii) Prohibited Source Documents for SEC Code Entries. In addition to any other prohibition provided for in the Agreement, the ACH Guide, the NACHA Rules or otherwise communicated to Program Manager by Bank from time to time, the following source documents are not permitted to be used for SEC Code Entries hereunder and CANNOT be converted:

(a) Checks, sharedrafts or other items that contain an auxiliary on-us field in the magnetic ink character recognition (“MICR”) line;

(b) Amounts greater than $25,000 (with exception of an RCK Entry, which such entry shall not be greater than $2,500);

(c) Third-Party checks or sharedrafts;

(d) Remotely created checks, as defined in Regulation CC, and third-party sharedrafts that do not contain the signature of the Receiver;

(e) Checks provided by a credit card issuer to access a credit card account or checks drawn on a home equity line of credit;

(f) Checks drawn on an investment company (as defined in the Investment Company Act of 1940);

(g) Travelers checks, cashier’s checks, official checks, money orders or other similar obligations of a financial institution;

(h) Checks or drafts drawn on the U.S. Treasury, a Federal Reserve Bank, or a Federal Home Loan Bank;

(i) Checks or drafts drawn on a state or local government that are not payable through or at a participating depository financial institution or DFI; or

(j) Checks, sharedrafts or items payable in a medium other than United States Currency.

(iii) Collection Fees for ARC, BOC and RCK Entries. Program Manager shall not collect fees by adding to the amount of the source document for any transaction using SEC Codes ARC, BOC and RCK to initiate an Entry. A separate Entry using the appropriate SEC Code must be used to collect a service fee from the Receiver if Receiver’s authorization has been obtained in accordance with NACHA Rules.

(ee) SEC Code Notice Requirements. For any SEC Code permitted hereunder, prior to the initiation of any SEC Code Entry, Program Manager shall provide the Receiver with notice that includes the following, or substantially similar language: “When you provide a check as payment, you authorize us either to use information from your check to make a one-time electronic fund transfer from your account or to process the payment as a check transaction” (the “SEC Code Notice”).

In addition, for any BOC Entry, the SEC Code Notice shall also include language substantially similar to the following:

“For inquiries, please call [retailer insert phone number].”

Program Manager shall display on the SEC Code Notice an established, maintained, working telephone number for the Receiver to make an inquiry regarding the BOC Entry and that is answered during normal business hours.

Any SEC Code Notice required hereunder shall be prominently and conspicuously posted at the point-of purchase or Manned bill payment location and Program Manager shall provide a copy of the notice to the Receiver at the time of the transaction.

(ff) Supported SEC Code Entries

i. ARC Entries. With respect to any origination of transactions identified with the SEC code of ARC, which is a single-Entry debit originated based on receipt of an eligible source document (e.g., check) that is received through the U.S. mail or delivery service, at a drop box location or in person for a bill at a manned location (“ARC”), Program Manager agrees to comply with NACHA Rules in converting eligible checks and collecting such checks using the Program Manager’s accounts receivable journal entry or record. Program Manager acknowledges and agrees that for any transaction originated hereunder using the SEC Code of ARC, the source documents will only be used to initiate an ARC Entry if it has been sent through the U.S. Mail or delivered to a drop box and that any check used as a source document will not enter into a check collection process. During the initial processing of an ARC Entry, Program Manager shall capture information for the (i) amount of the ARC Entry, (ii) routing number, (iii) account number and (iv) the check serial number. In addition to any Program Manager representation and warranty provided under the Agreement, with each ARC Entry that Program Manager originates or transmits under this  Agreement, Program Manager represents and warrants that (a) the amount of the Entry, the routing number, and the check serial number are in accordance with the source document; (b) Program Manager will retain a reproducible, legible image, microfilm, or copy of the front of the Receiver’s source document for he period of time set forth in the Bank Policies from the Settlement Date of the ARC Entry; (c) Program Manager has employed commercially reasonable procedures to securely store all source documents until destruction and securely store all information relating to the ARC Entries; (d) Program Manager has established reasonable procedures for the Receiver to notify Bank that the receipt of the Receiver’s checks does not constitute authorization for ARC Entries to the Receiver’s account and that allows the Receiver to opt-out of check conversion activity.  Program Manager may capture the information required under this Section (ff)(i) (“ARC Entries”) by using a device used to capture the MICR line of the source of document.

ii. BOC Entries. With respect to any origination of transactions identified with the SEC code of BOC, which is a single-Entry debit based on receipt of a check at the point-of-purchase or manned bill location for subsequent conversion during back-office processing (“BOC”), Program Manager agrees to comply with NACHA Rules in utilizing the ACH network to convert eligible checks presented by the Receiver for payments made at either the point-of-purchase or a manned payment location as follows:

a. Identity Verification. Prior to originating any BOC Entry, Program Manager shall employ commercially reasonable procedures to verify the identity of the Receiver.

b. BOC Entry Representations and Warranties. In addition to any other Program Manager representation or warranty provided under the terms of the Agreement, with each BOC Entry that Program Manager originates or transmits under the Agreement, Program Manager represents and warrants that it (i) has employed commercially reasonable procedures to verify the identity of the Receiver, (ii) has established and maintains a working telephone number for Receiver inquiries regarding the transaction that is answered during normal business hours and that such number is displayed on the BOC entry notice, (iii) that the amount of the Entry, routing and account numbers, and the check serial number are in accordance with the source document, (iv) Program Manager will retain a reproducible, legible image, microfilm or copy of the front of the Receiver’s source document for each BOC Entry for the period of time set forth in Bank Policies from the Settlement Date of the BOC Entry, and (v) Program Manager has employed commercially reasonable procedures to securely store all source documents until destruction and securely store all information relating to the BOC Entries.

c. Additional Prohibited Source Documents for BOC Entries. In addition to those source documents listed in section (dd)(ii) (“Prohibited Source Documents for SEC Code Entries”), for any BOC Entry, any checks or sharedrafts that have not been encoded in magnetic ink CANNOT be converted.

d. Accuracy of Information. Program Manager certifies that capture of information for the amount of the entry, routing number, the account number, and the check serial number are in accordance with the source document as required by the use of a reading device to capture the MICR line of the source document. (Subsequent correction of errors related to MICR misreads, mis-encoding or processing rejects is permitted by key entry).

iv. POP Entries. With respect to any origination of transactions identified with the SEC code of POP, which is a single-Entry debit based on receipt of a check at the point-of-purchase or manned bill location (“POP”), Program Manager agrees to comply with NACHA rules in utilizing the ACH network to convert such eligible checks to a single-entry ACH debit entry to a Receiver’s account for in-person purchases made at the point-of-purchase or manned bill payment location as follows:

a. POP Representations and Warranties. In addition to any other representation or warranty provided by Program Manager under the terms of the Agreement, with each origination or transmission of a POP Entry, Program Manager represents and warrants that (i) the POP Entry has not been returned voided to the Receiver after Program Manager’s use and (ii) Program Manager has not provided the POP Entry to the Receiver for use in any prior POP Entry.

b. Requirements for MICR Capture. Program Manager will capture information for the amount of the entry, the routing number, the account number, and the check serial number by the use of a reading device to capture the MICR line of the source document during initial processing. (Subsequent correction of errors related to MICR misreads, mis-encoding, or processing rejects permits key entry).

c. Source Document Authorization; Receipt Requirements; Return of Source Documents to the Receiver. Program Manager will obtain the written authorization of the Receiver and shall provide a copy of the authorization to the Receiver. Notice is also required to be made part of the authorization. In addition, Program Manager will provide the Receiver a receipt containing specific information relating to the purchase, including the following: (i) originator name (merchant); (ii) third-party service provider telephone number; (iii) date of the transaction; (iv) transaction amount; (v) source document check serial number; (vi) merchant number (or other unique number that identifies the location of the transaction); and (vii) the state and city of the location of the point of sale equipment or terminal used to make the transaction. Program Manager will return the source document to the Receiver marked “VOIDED.”

v. RCK Entries. With respect to any origination of transactions identified with the SEC code of RCK, which is an Entry to re-present a paper check after the paper check has been returned for insufficient or uncollected funds by converting to a single-entry ACH debit transaction (“RCK”), Program Manager agrees to comply with NACHA rules in utilizing the ACH network to convert such eligible re-presented checks to a single-entry ACH debit Entry as follows:

a. Presentment Requirements. Program Manager will not present an RCK Entry unless the related Entry has been returned by the RDFI.

b. Restrictive Endorsements. Program Manager agrees that any restrictive endorsement placed on the source document is void or ineffective when the source document is presented as a re-presented check Entry.

c. Formatting Requirements. Program Manager shall comply with all technical specifications and formatting requirements in accordance with the NACHA Rules to include: (i) the description “REDEPCHECK” in the Program Manager Entry description field of the Program Manager/Batch Header Record; (ii) the original payee on the face of the check as it appears within the Program Manager name field of the Program Manager/Batch Header Record; and (iii) the check serial number of the check to which the re-presented check Entry relates is placed within the check serial number field of the RCK Entry detail record.

d. Request for Copy of Check. Program Manager will provide Bank with a copy of the front and back of the check within the time period specified in the Bank Policies from the Bank’s request for a copy, provided that the request for a copy of the item was received within seven (7) years of the Settlement Date of the RCK Entry. If the check has been finally paid, this must be indicated on the copy of the check.

e. Additional Permitted Source Documents for RCK Entries. In addition to the source documents permitted under subsection (dd)(i) (“Eligible Source Documents for SEC Codes ARC, BOC, POP”), for an RCK Entry, Program Manager may convert the following eligible source documents: (i) An item within the mean of the Revised Article 4 of the Uniform Commercial Code (1990 Official Text), (ii) be in an amount less than $2,500; (iii) on the face of the document it indicates that it was returned for insufficient or uncollected funds; (iv) is dated less than one-hundred-and-eighty (180) days from the date the Entry is transmitted to the RDFI; (v) is drawn on a consumer account and (vi) has been previously presented no more than two (2) times through the check collection system (as a physical item, substitute check or image) or no more than one (1) time through the check collection system and no more than one (1) time as an RCK Entry, if the Entry is reinitiated as an RCK Entry.

f. Additional Prohibited Source Documents for RCK Entries. In addition to those source documents listed in Section (dd)(ii) (“Prohibited Source Documents for SEC Code Entries”), for any RCK Entry, Program Manager may not convert ineligible items using an RCK Entry, which includes, but is not limited to: (i) non-cash items (as defined by Regulation CC); (ii) United States Postal Service money orders; (iii) items that are third-party items (e.g. the payee endorses a check over to a third party who also endorses the check) and (iv) remotely created checks, as defined by Regulation CC, and third-party drafts that do not contain the signature of the Receiver (e.g. the drawer does not sign a check but authorizes another party to debit the drawer’s account via a draft).

g. Number of Presentations. An RCK entry may not be submitted by Program Manager or an Originator more than twice after the first return of a paper item, and no more than once after the second return of a paper item.

h. RCK Entry Representation and Warranties. In addition to any other representation or warranty provided by Program Manager under the terms of the Agreement, with each origination or transmission of a RCK Entry, Program Manager represents and warrants that (i) all signatures on the item are authentic and authorized, (ii) the RCK Entry accurately reflects the item, (iii) the item will not be presented unless the related RCK Entry has been returned by the RDFI, (iv) the information encoded after issue in magnetic ink on the item is correct and (v) any restrictive endorsement placed on the item is void or ineffective.

vi. TEL Entries. With respect to any origination of transactions identified with the SEC code of TEL, which is single-Entry or recurring debit originated based on an oral authorization provided to the Originator by the Receiver (“TEL”), Program Manager agrees to comply with the requirements of the NACHA Rules, the Electronic Funds Transfer Act and Regulation E in collecting consumer debit transactions authorized orally via the telephone and understands that a separate oral authorization is required for each entry to the consumer’s account using telephone-initiated entries and in accordance with the following terms:

a. Verification of Identity of Receiver and Routing Number Verification. Program Manager warrants and represents that it has used commercially reasonable procedures to verify the identity of the Receiver and that the routing numbers are valid.

b. Single-Entry vs. Recurring. Program Manager understands that a single-entry payment means a one-time transfer of funds initiated by an Originator in accordance with the Receiver’s authorization for a single ACH debit to the Receiver’s account. Program Manager’s obligation for recurring payments authorization means: (i) multiple entries based on an authorization provided by the consumer establishing a relationship with the Program Manager for a specific type of activity, that are originated each time upon the specific instructions of the consumer or (ii) an entry that has been set up to occur based on the Receiver’s authorization obtained via the Telephone, at regular intervals without any additional intervention of the consumer.

c. Relationship Requirement Options. Program Manager may NOT initiate the telephone call related to a TEL Entry if the Program Manager has no existing relationship with the consumer (e.g., an existing written agreement with the consumer for provision of goods or services or the consumer purchased goods or services from Originator) in the past two (2) years); however, Originator may engage in a telephone call with the consumer where the consumer has initiated the telephone call to the Originator.

d. Oral Authorization Over the Telephone. For any oral authorization provided to Originator over the phone the (i) consumer must state clearly during the telephone call that the consumer is authorizing an ACH debit entry to the consumer’s account, (ii) Originator must clearly express the terms of the authorization and (iii) the Receiver must unambiguously express consent (silence is not expressed consent).

e. Single-Entry TEL Authorizations. For single-entry TEL authorizations, the Originator must create a recording of the oral authorization that includes (i) date on which or after which the ACH debit will occur; (ii) amount of the transaction; (iii) the Receiver’s name; (iv) account number to be debited; (v) telephone number for the Receiver to call with inquiries; (vi) date of oral authorization; and (vii) statement by the Originator that the authorization obtained from the Receiver will be used to originate an ACH debit entry to the consumer’s account or the Originator must send a written copy of the authorization to the Receiver prior to the Settlement date of the Entry.

 

Recurring TEL Authorizations. For the authorization to originate recurring TEL Entries, the Originator must create a recording of the oral authorization prior to the Settlement Date of the first Entry that must include in the recording the following:

be readily identifiable as an authorization of a recurring transfer from the Receiver’s account;

state the terms of the recurring transfer clearly and in readily understandable terms;

name or identify of the Receiver or other evidence identifying the Receiver;

the telephone number for Receiver inquiries to be answered during normal business hours;

date of the Receiver’s oral authorization;

evidence of the Receiver’s assent to the authorization;

the specific authorization language

account to be debited;

timing, number and/or frequency of the debits;

amount of the debit or a reference to the method used to determine the amount for the recurring transfers.

Program Manager must send a written copy of the recorded authorization to the Receiver prior to the Settlement Date of the first entry originated with the authorization.

Invalid Authorization Methods. Program Manager understands and agrees that VRU Capture of consumer’s authorization with key-entry responses by the authorization to input data and to respond to questions does not qualify as an oral authorization. A VRU may be used by the consumer to key enter data and to respond to questions, provided that the actual authorization by the consumer is provided orally.

Improper use of SEC Code of TEL. Program Manager’s use of any standard entry class code other than TEL in order to avoid the increased scrutiny required for such transactions shall constitute a violation of Applicable Law and may result in Program Manager’s immediate loss of ACH Origination rights regardless of any termination notification period otherwise specified in this Agreement.

Invalid Name Requirement. Program Manager shall provide the Receiver’s name in the Individual Name Field within each TEL Entry.

Returns/NOC. Bank will notify Program Manager by electronic transmission of returns Bank received within two (2) Business Days from Bank’s receipt.

Web Entries. With respect to any origination of transactions identified with the SEC code of WEB for internet-initiated/mobile entries (“WEB”), Program Manager agrees to comply with NACHA Rules, Electronic Funds Transfer Act and Regulation E in originating WEB Entries (either recurring or by single-entry) to a consumer’s account pursuant to the consumer’s authorization that is obtained from the Receiver via the internet or wireless network as follows: 

Risk Management Requirements for WEB Entries.

Program Manager agrees it has performed or will perform an annual audit that satisfies the NACHA Rules before initiating a WEB Entry;

Pursuant to NACHA Rules, Program Manager will establish and implement commercially reasonable: (A) fraudulent transaction detection systems to screen debit WEB Entries that, at a minimum, can verify the account number to be debited on the first use and that can detect any subsequent changes to such account thereafter; (B) methods of authentication to verify the identity of Receivers of debit WEB Entries; (C) procedures to verify that the routing number used in the debit WEB Entry is valid; and (D) security technology for communications between Program Manager as the Originator and Receivers over the internet or wireless networks; and each time Program Manager submits to Bank or processes using the Origination Services a Web Entry, in addition to its other representations and warranties under this Agreement, Program Manager warrants that the Web Entry was screened by its  fraudulent transaction detection system and that Program Manager has used commercially reasonable methods to authenticate and verify the Receiver’s identity and to verify that the account number used in the Web Entry is valid. 

In accordance with Applicable Law, Program Manager must maintain records such as logs from an internet ordering system as proof of each Receiver’s authorization. Bank from time to time may (without any obligation or duty to do so) require Program Manager to make such records available for Bank’s review.

Bank will periodically review the ACH Exposure Limits for WEB Entries and will monitor WEB Entries initiated by Program Manager or any Originator relative the ACH Exposure Limit across multiple Settlement Dates. Bank will monitor Program Manager’s creditworthiness on an on-going basis.

Single Entry vs. Recurring WEB Entries. Program Manager understands a Single-Entry payment means a one- time transfer of funds initiated by Program Manager in accordance with the Receiver’s authorization for a single ACH debit to the Receiver’s account. Recurring payments authorization means: (i) multiple entries based on an authorization provided by the consumer establishing a relationship with the Program Manager for a specific type of activity, that are originated each time upon the specific instructions of the consumer or (ii) an entry that has been set up to occur based on the Receiver’s authorization obtained via the Internet or a wireless network at regular intervals without any additional intervention of the consumer.

WEB Entry Authorization Requirements. Program Manager is obligated to obtain a consumer’s authorization prior to initiating a WEB debit Entry which shall meet the following requirements:

The consumer must be able to read the authorization language displayed on a computer screen or other visual display and it is suggested the Receiver be prompted to print and retain a copy and should be instructed to accept the terms of the authorization. Program Manager must be able to provide a hard copy of the authorization, if requested.

Program Manager must prompt the Receiver to print the authorization and retain a copy.

Program Manager must be able to provide the Receiver with a hard copy of the authorization if requested to do so.

Only the Receiver may authorize the WEB Entry, and not Program Manager or any third-party service provider on behalf of the Receiver.

The authentication method chosen must not only identify the Receiver but must demonstrate the consumer’s assent to the authorization.

WEB Representations and Warranties. In addition to any other representation or warranty provided by Program Manager under the terms of this Agreement, with each origination or transmission of a WEB Entry, Program Manager represents and warrants that (i) Program Manager employs commercially reasonable detection systems to minimize the risk of fraud related to payment Entries initiated over the internet and to verify the validity of routing numbers, (ii) uses commercially reasonable methods of authentication to verify the identity of the Receiver, (iii) uses commercially reasonable security technology that at a minimum is equivalent to 128-bit encryption technology, and (iv) where required by Applicable Law, conducts annual audits s to its security practices and procedures that include at a minimum, verification of adequate levels of (a) physical security to protect against theft, tampering or damage, (b) personnel and access controls to protect against theft, tampering or damage, (b) personnel and access controls to protect against unauthorized access and use and (c) network security to ensure secure capture, storage and distribution.    

Improper use of SEC Code WEB. Program Manager’s use of any standard entry class codes other than WEB in order to avoid the increased scrutiny required for such transactions shall constitute a violation of applicable law and may result in Program Manager’s immediate loss of ACH Origination rights regardless of any termination notification period otherwise specified in this Agreement.

Annual Audit Requirements. Program Manager shall conduct an annual audit to ensure that the financial information it obtains from Receivers is protected by security practices and procedures that include, at a minimum, adequate levels of:

Physical security to protect against theft, tampering, or damage.

Personnel and access controls to protect against unauthorized access and use.

Network security to ensure secure capture, storage, and distribution.

Record Retention. Program Manager shall (i) retain a reproducible copy of the Receiver’s authorization for each WEB Entry for two (2) years from the (a) Settlement Date of the Single WEB entry and (b) from the revocation of the authorization of a recurring WEB Entry and (ii) shall provide copies of Receiver’s authorization upon the Bank’s request within seven (7) Business Days of receipt of the request.

Data Security Obligations. For all ACH transactions that involve the exchange or transmission of banking information via an Unsecured Electronic Network, Bank and Program Manager shall either:

Encrypt such transaction using a commercially reasonable standard of encryption technology that complies with Applicable Law, or

Transmit such transactions using a secure session that uses a commercially reasonable standard of security technology that complies with Applicable Law.

Verification of Program Manager’s Identity; Program Manager’s Compliance. Prior to originating any WEB Entry on behalf of Program Manager, Bank will employ commercially reasonable procedures to verify Program Manager’s identity. Program Manager shall comply with all Applicable Laws with regard to WEB Entries and Bank will provide Program Manager training and education concerning WEB Entries

Security Procedures. Security Procedures. The Parties agree that the Origination Services are subject to the commercially reasonable security procedures governing the origination, processing and/or submission of payment orders, as defined by UCC § 4A-103, and Entries, which are set forth in Schedule K (Security Procedures).