EX-10.15 16 d338035dex1015.htm EX-10.15 EX-10.15

Exhibit 10.15

[***] = CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY BRACKETS, HAS BEEN OMITTED AND FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION PURSUANT TO RULE 406 OF THE SECURITIES ACT OF 1933, AS AMENDED.

 

LOGO   General Services Agreement

 

 

Agreement Number:    CW251208
Effective Date:    11/5/10
Expiration Date:    11/4/15
Company Name:    Cardlytics, Inc.
Company Address:    621 North Avenue NE
   Suite C-30
   Atlanta, GA 30308
Company Telephone:   

888.798.5802

 

 

This GENERAL SERVICES AGREEMENT (“Agreement”) is entered into as of the Effective Date by and between Bank of America, N.A, (“Bank of America”), a national banking association, and the above-named Supplier, a corporation, and consists of this signature page and attached Terms and Conditions, Schedules, and all other documents attached hereto, which are incorporated in full by this reference.

 

Cardlytics, Inc.      Bank of America, N.A.
By:   

/s/ Scott Grimes

     By:  

/s/ Chandra Torrence

Name:    Scott Grimes      Name:   Chandra Torrence
Title:    Chief Executive Officer      Title:   V.P., Sourcing Manager
Date:   

11/8/10

     Date:  

11/5/10

 

Address for Notices:      Address for Notices: [Supply Chain Management Contact]
Cardlytics, Inc.      Mailcode NC1-023-09-01
621 North Ave NE      Bank of America
Suite C-30      525 N Tryon St
Atlanta, Ga 30030      Charlotte, NC 28255
ATTN: Scott Grimes      ATTN: Chandra Torrence
Telephone: 888.798.5802      Telephone: [***]
Email:      Email: [***]
     With a copy to:
        Bank of America Legal Department Contact
        101 S. Tryon Street
        Charlotte, NC 28255

 

 

Proprietary to Bank of America   Page 1 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Table of Contents

 

Table of Contents

 

1.0

 

DEFINITIONS

     3  

2.0

 

SCOPE OF THE AGREEMENT

     4  

3.0

 

RELATIONSHIP MANAGER

     5  

4.0

 

TERM OF AGREEMENT

     5  

5.0

 

TERMINATION

     5  

6.0

 

PRICING/FEES

     6  

7.0

 

INVOICES/TAXES/PAYMENT

     6  

8.0

 

MUTUAL REPRESENTATIONS AND WARRANTIES

     8  

9.0

 

REPRESENTATIONS AND WARRANTIES OF SUPPLIER

     8  

10.0

 

FINANCIAL RESPONSIBILITY

     9  

11.0

 

BUSINESS CONTINUITY

     9  

12.0

 

RELATIONSHIP OF THE PARTIES

     10  

13.0

 

SUPPLIER PERSONNEL

     10  

14.0

 

INSURANCE

     11  

15.0

 

CONFIDENTIALITY AND INFORMATION PROTECTION

     13  

16.0

 

INDEMNITY

     16  

17.0

 

LIMITATION OF LIABILITY

     16  

18.0

 

SUPPLIER DIVERSITY

     16  

19.0

 

ENVIRONMENTAL INITIATIVE

     17  

20.0

 

AUDIT

     17  

21.0

 

NON-ASSIGNMENT

     19  

22.0

 

GOVERNING LAW

     19  

23.0

 

DISPUTE RESOLUTION

     19  

24.0

 

MEDIATION/ARBITRATION

     19  

25.0

 

NON-EXCLUSIVE NATURE OF AGREEMENT

     20  

26.0

 

OWNERSHIP OF WORK PRODUCT

     20  

27.0

 

MISCELLANEOUS

     21  

28.0

 

ENTIRE AGREEMENT

     22  
SCHEDULE A   SERVICES   
SCHEDULE B   SERVICE PAYMENTS   
SCHEDULE C   PERFORMANCE MEASUREMENTS   
SCHEDULE D   INFORMATION SECURITY   
SCHEDULE E   BACKGROUND CHECKS   
SCHEDULE F   RECOVERY   

 

 

Proprietary to Bank of America   Page 2 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

1.0 DEFINITIONS

 

 

1.1 All capitalized terms in this Agreement not defined in this Section shall have the meanings set forth in the Sections or Schedules of this Agreement in which they are defined.

 

1.2 Affiliate - a business entity now or hereafter controlled by, controlling or under common control with a Party. Control exists when an entity owns or controls directly or indirectly 50% or more of the outstanding equity representing the right to vote for the election of directors or other managing authority of another entity.

 

1.3 Associate Information – any non-public information about a Bank of America Representative, whether in paper, electronic, or other form that is maintained by or on behalf of Bank of America for a business purpose.

 

1.4 Bank Security Requirements - all bank security requirements as described in SCHEDULE D and the Bank of America Service Provider Security Requirements document provided separately.

 

1.5 Business Continuity Plan - the policies and procedures that describe contingency plans, recovery plans, and proper risk controls to ensure Supplier’s continued performance under this Agreement.

 

1.6 Business Day - Monday through Friday, excluding days on which Bank of America is not open for business in the United States of America.

 

1.7 Consumer Information - any record about an individual, whether in paper, electronic, or other form, that is a consumer report as such term is defined in the Fair Credit Reporting Act (15 USC 1681 et seq.) or is derived from a consumer report and that is maintained or otherwise possessed by or on behalf of Bank of America for a business purpose. Consumer information also means a compilation of such records. The term does not include any record that does not identify an individual.

 

1.8 Customer Information - any record containing information about a customer, its usage of Bank of America’s services, or about a customer’s accounts, whether in paper, electronic, or other form that is maintained by or on behalf of Bank of America for a business purpose.

 

1.9 Effective Date – the date set forth on the signature page on which this Agreement takes effect.

 

1.10 Expiration Date – the date set forth on the signature page on which this Agreement expires, unless terminated earlier or extended under the terms hereof.

 

1.11 Information Security Program - the documents that describe how Supplier will provide Services to Bank of America in a manner that complies with the confidentiality and information security requirements of this Agreement and all pertinent Schedules and Exhibits hereto. Such information security program must be approved by Supplier’s board of directors or equivalent executive management prior to the Effective Date thereof and annually thereafter. It must describe Supplier’s network infrastructure and security procedures and controls that protect Confidential Information on a basis that meets or exceeds the Bank Security Requirements.

 

1.12 Intellectual Property Rights - all intellectual property rights throughout the world, including copyrights, patents, mask works, trademarks, service marks, trade secrets, inventions (whether or not patentable), know how, authors’ rights, rights of attribution, and other proprietary rights and all applications and rights to apply for registration or protection of such rights.

 

1.13 Order - Statement of Work, purchase order, work order or other written instrument executed, or electronic transmissions originated by, an authorized officer of Bank of America Supply Chain Management directing Supplier in the provision of Services substantially conforming to a form provided to Supplier by Bank of America. Unless otherwise provided in writing, the business terms in each Order relating to description of Services, pricing, and performance standards shall apply only to such Order.

 

1.14 Party - Bank of America or Supplier.

 

 

Proprietary to Bank of America   Page 3 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

 

1.15 Records - documentation of facts that include normal and customary documentation of facts or events for an industry, specific deliverables as designated, emails determined to be “records” because of the business or litigation purpose, any records documenting legal, regulatory, fiscal, or administrative requirements.

 

1.16 Relationship Manager - the employee designated by a Party to act on its behalf with regard to matters arising under this Agreement who shall be the person the other Party shall contact in writing regarding matters concerning this Agreement.

 

1.17 Representative - an employee, officer, director, or agent of a Party.

 

1.18 Services - the services as generally described in SCHEDULE A to this Agreement and as more specifically described in each Order, including without limitation all professional, management, labor and general services, together with any materials, supplies, products, tangible items or other goods Supplier furnishes in connection with such services.

 

1.19 Statement of Work (“SOW”) - documents which document and constitute the description of Services Supplier will render to Bank of America and the fees for such Services.

 

1.20 Subcontractor - a third party to whom Supplier has delegated or subcontracted any portion of its obligations set forth herein.

 

1.21 Supplier Security Controls - those controls implemented by Supplier as part of its Information Security Program that address each of the Bank Security Requirements, as modified from time to time.

 

1.22 Term - the initial term of the Agreement or any renewal or extension.

 

1.23 Work Product - all information, data, materials, discoveries, inventions, works of authorship, documents, documentation, models, computer programs, software (including source code and object code), firmware, designs, drawings, specifications, processes, procedures, techniques, algorithms, diagrams, methods, and all tangible embodiments of each of the foregoing (in whatever form and media) conceived, created, reduced to practice or prepared by or for Supplier at the request of Bank of America pursuant to this Agreement or within the scope of Services provided under this Agreement, whether or not prepared on Bank of America’s premises and all Intellectual Property Rights therein.

 

2.0 SCOPE OF THE AGREEMENT

 

 

2.1 Supplier shall perform the Services described in each applicable Order in accordance with this Agreement and the service levels, specifications and timeframes set forth in such Order, and in accordance with performance measurements set forth in SCHEDULE C, or an applicable Order.

 

2.2 Unless the Parties otherwise agree in writing, all Services provided hereunder shall be processed and/or provided, whether in part or in whole, by Supplier, its employees, Representatives and/or Subcontractors on and from a location or locations in one (1) or more of the fifty (50) states of the United States of America only, all subject to applicable laws and regulations.

 

2.3 To the extent available, all documentation will be provided in printed and electronic formats. Except as otherwise provided in Section 26.1 “Ownership of Work Product”, Bank of America may use and reproduce for internal purposes all documentation furnished by Supplier, including displaying the documentation on Bank of America’s intranet or other internal electronic distribution system, in part or in whole.

 

2.4 All instruments, such as Orders, acknowledgments, invoices, schedules and the like used in conjunction with this Agreement (“Instruments”) shall be for the sole purpose of defining quantities, prices and describing the Services to be provided hereunder, and to this extent only are incorporated as a part of this Agreement. Any preprinted terms and conditions included in Instruments shall not be incorporated and such instrument shall be construed to modify, amend, or alter the terms of this Agreement solely for the purpose stated in the preceding sentence. Preprinted, standard, or posted terms and conditions in any media (including terms where acquiescence requires only a mouse click) shall not be incorporated into nor construed to amend the terms of this Agreement. Any Instrument submitted to Bank of America by Supplier in connection with this Agreement shall reference, as applicable, Order number and Agreement number.

 

 

Proprietary to Bank of America   Page 4 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

2.5 Supplier shall deliver to Bank of America and keep current a list of persons and telephone numbers (“Calling List”) for Bank of America to contact in order to obtain answers to questions related to the Services set out in the Order. The Calling List shall include (1) the first person to contact if a question arises or problem occurs and (2) the persons in successively more responsible or qualified positions to provide the answer or assistance desired. If Supplier does not respond promptly to any request by Bank of America for telephone consultative service, then Bank of America may attempt to contact the next more responsible or qualified person on the Calling List until contact is made and a designated person responds to the call.

 

2.6 Supplier expressly acknowledges and agrees that the rights of Bank of America set forth in this Agreement shall inure to all Bank of America Affiliates and such Affiliates may execute Orders and purchase Services hereunder.

 

3.0 RELATIONSHIP MANAGER

 

 

3.1 Each Party shall designate an employee Relationship Manager(s) to act on its behalf with regard to matters arising under this Agreement and shall notify the other Party in writing of the name of its Relationship Manager; however, the Relationship Manager shall have no authority to alter or amend any term, condition, or provision of this Agreement. Either Party may change its Relationship Manager(s) by providing the other Party prior written notice. The Relationship Manager must be identified in a writing delivered to the other Party at least one (1) week prior to the commencement of any work under this Agreement.

 

3.2 The Relationship Manager(s) shall meet via conference call with such frequency as Bank of America’s Relationship Manager(s) shall reasonably request. Bank of America may require meetings in person at a site designated by Bank of America.

 

4.0 TERM OF AGREEMENT

 

 

4.1 This Agreement shall be in effect from the Effective Date through the Expiration Date indicated on the signature page (“Initial Term”) unless terminated earlier or extended under the terms of this Agreement. Bank of America shall have the right to extend this Agreement for an additional twelve (12) months (‘Renewal Term”) by giving Supplier written notice of its intent at least thirty (30) calendar days prior to the end of the Initial Term or any Renewal Term. If Bank of America does not notify Supplier of its intent to renew or terminate this Agreement, the Agreement shall continue in effect on a month-to-month basis, at the prices in effect in each applicable Order, for the Term just expired, until terminated by either Party upon at least thirty (30) calendar days prior written notice to the other.

 

5.0 TERMINATION

 

 

5.1 Bank of America may terminate this Agreement or any Order under this Agreement for its convenience, without cause, at any time without further charge or expense upon at least forty-five (45) calendar days prior written notice to Supplier. Termination of one Order shall not cause a termination of this Agreement or any other Order, unless otherwise specified by Bank of America.

 

5.2

In addition to any other remedies available to either Party, upon the occurrence of a Termination Event (as defined below) with respect to either Party, the other Party may immediately terminate this Agreement or the Order that is subject of the Termination Event by providing written notice of termination. A Termination Event shall have occurred if: (a) a Party materially breaches its obligations under this Agreement or an Order under this Agreement, and the breach is not cured within thirty (30) calendar days after written notice of the breach and intent to terminate is provided by the other Party; (b) a Party becomes insolvent (generally unable to pay its debts as they become due) or the subject of a bankruptcy, conservatorship, receivership or similar proceeding, or makes a general assignment for the benefit of its creditors; (c) Supplier either: (i) merges with another entity, (ii) suffers a transfer involving fifty percent (50%) or more of

 

 

Proprietary to Bank of America   Page 5 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

  any class of its voting securities or (iii) transfers all, or substantially all, of its assets; (d) in providing Services hereunder, Supplier violates any law or regulation governing the financial services industry, or causes Bank of America to be in material violation of any law or regulation governing the financial services industry; (e) Bank of America has the right to terminate under the Section entitled “Pricing/Fees” or (f) a Party attempts to assign this Agreement in breach of the Section entitled “Non-Assignment.” Breach of one Order shall not cause a breach of any other Order, unless otherwise specified in writing by the non- breaching Party in the applicable Order.

 

5.3 In addition to the Termination Events above, if (he Product License Schedule A of the Software License, Customization and Maintenance Agreement of even date between the parties to this Agreement expires, does not renew or terminates for any reason then Schedule A of this General Services Agreement shall terminate at the same time.

 

5.4 In the event of expiration or termination of this Agreement or an Order under this Agreement, Supplier agrees that upon the request of Bank of America, Supplier will, at no additional cost to Bank of America, continue uninterrupted operations, conclude and cooperate with Bank of America in the transition of the business at Bank of America’s direction and in a manner that causes no material disruption to Bank of America business and operations. The fees associated with such transition shall be in accordance with the fees in effect at the expiration or termination of this Agreement. In no event shall the transition be more than three hundred sixty five (365) calendar days from the date of termination unless the Parties otherwise agree in writing. For the avoidance of doubt, Bank of America agrees to pay Supplier all undisputed fees for Services rendered up to the date of termination or expiration pursuant to the related terms hereunder. Reimbursement of all extraordinary costs and expenses incurred outside of the Agreement terms and conditions will be agreed upon by Supplier and Bank of America in writing prior to their incurrence.

 

5.5 The rights and obligations of the Parties which by their nature must survive termination or expiration of this Agreement in order to achieve its fundamental purposes including, without limitation, the provisions of the following Sections entitled “AUDIT,” “CONFIDENTIALITY AND INFORMATION PROTECTION,’’ “INDEMNITY,” “LIMITATION OF LIABILITY” “MEDIATION/ARBITRATION,” “OWNERSHIP OF WORK PRODUCT” and “MISCELLANEOUS,” shall survive in perpetuity any termination of this Agreement.

 

6.0 PRICING/FEES

 

 

6.1 Bank of America and Supplier shall pay to each other for Services provided under this Agreement as set forth in Schedule B or an applicable Order.

 

6.2 Bank of America shall not be required to pay for Services that are; (a) not requested by Bank of America and documented in an Order, or (b) not meeting the requirements of this Agreement. Fees for additional Services not listed in SCHEDULE B or an applicable Order shall be as mutually agreed in writing between Bank of America and Supplier prior to performance. No fees for additional Services shall be due unless such Services and fees are agreed to in writing by Bank of America prior to Supplier’s performance thereof.

 

7.0 INVOICES/TAXES/PAYMENT

 

 

7.1 Supplier shall submit monthly invoices to the address set forth on the signature page. Bank of America requires Supplier to bill for Services and tangible personal property separately. Bank of America also requires Supplier to include, on the face of the invoice, the “ship to” address for any purchase of tangible personal property and the location where the Services are performed. Bank of America requires Supplier to accept payment through electronic media in one of the following agreed upon methods; credit card using the Bank of America ePayables process, ACH or electronic check. In the event that the agreed upon method of payment is through the Bank of America ePayables process using purchase cards, the Supplier shall, at no additional cost to Bank of America, ensure Supplier has the capability to process purchasing cards, prior to submitting invoices to Bank of America. Supplier shall electronically invoice Bank of America using the Bank of America designated e-Procurement tool. Invoices shall contain such detail as Bank of America may reasonably require from time to time. Amounts shall be invoiced promptly after the Services performed or Work Product delivered. Amounts not invoiced by Supplier to Bank of America within three (3) months after such amounts could first be invoiced under this Agreement may not thereafter be invoiced, and Bank of America shall not be required to pay such amounts.

 

 

Proprietary to Bank of America   Page 6 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

7.2 The items listed on Supplier’s invoice must appear in the same sequence as listed on the Order.

 

7.3 Invoices omitting this Agreement reference number and Order number if applicable, or that are incorrect, incomplete or list Services that were not requested in writing by Bank of America will not be paid. The Relationship Manager for Bank of America will contact the Supplier Relationship Manager to address the situation informally prior to initiating the dispute resolution process under this Agreement.

 

7.4 Bank of America shall pay Supplier for all Services and applicable taxes invoiced in arrears in accordance with the terms of this Agreement, within sixty (60) calendar days of the date of receipt of a valid invoice by Bank of America, Bank of America reserves the right to pay prior to the expiration of the sixty (60) day period. If Bank of America pays within thirty (30) calendar days of receipt of a valid invoice by Bank of America, a discount of two percent (2%) will be subtracted from the total invoice amount for Services.

 

7.5 Invoices shall include and list all applicable sales, use, or excise taxes that are a statutory obligation of Bank of America as separate line items identifying each separate tax category and taxing authority. Bank of America will reimburse Supplier for all sales, use or excise taxes levied in accordance with the general statutes or other authoritative directives of the taxing authority on amounts payable by Bank of America to Supplier pursuant to this Agreement; however, Bank of America shall not be responsible for remittance of such taxes to applicable tax authorities.

 

7.6 Bank of America shall not be responsible for any ad valorem, income, gross receipts, franchise, privilege, value added or occupational taxes of Supplier. Bank of America and Supplier shall each bear sole responsibility for all taxes, assessments and other real or personal property-related levies on its owned or leased real or personal property. The Supplier must ensure that the business personal property tax exemption granted to financial institutions by California, Missouri, Virginia, Maryland, South Carolina, or other states is properly applied.

 

7.7 Supplier shall be responsible for the payment of all taxes, interest and penalties related to any assessment by a taxing authority as contemplated by Section 7.5 to the extent that Supplier fails to accurately and timely invoice Bank of America for such taxes and remit such taxes directly to the applicable taxing authority. In the event that a taxing authority performs a sample and projection audit of Bank of America, then Supplier shall be responsible for the payment of all projected tax amounts including all interest and penalties on any projected taxes assessed resulting from taxing errors identified by such taxing authority on Supplier’s invoices, provided however, that Supplier shall receive timely notice that such invoice is included in a tax authority’s audit and Supplier has the right to produce documentation to support that the tax was satisfied. In the event Supplier voluntarily registers to collect sales tax at some future date, and wishes to remit historical taxes Supplier deems due, Bank of America will only be responsible for the taxes due for the time period that Bank of America is statutorily obligated to the tax authorities in each state.

 

7.8 Supplier shall fully cooperate with Bank of America’s efforts to identify taxable and nontaxable portions of amounts payable pursuant to this Agreement (including segregation of such portions on invoices) and to obtain refunds of taxes paid, where appropriate. Bank of America may furnish Supplier with certificates or other evidence supporting applicable exemptions from sales, use or excise taxation. If Bank of America pays or reimburses Supplier under this Section, Supplier hereby assigns and transfers to Bank of America all of its right, title and interest in and to any refund for taxes paid. Any claim for refund of taxes against the assessing authority may be made in the name of Bank of America or Supplier, or both, at Bank of America’s option. Bank of America may initiate and manage litigation brought in the name of Bank of America or Supplier, or both, to obtain refunds of amounts paid under this Section. Supplier shall cooperate fully with Bank of America in pursuing any refund claims, including any related litigation or administrative procedures.

 

7.9 Supplier shall keep and maintain complete and accurate accounting Records in accordance with generally accepted accounting principles consistently applied to support and document all amounts becoming payable to Supplier hereunder. Upon request from Bank of America and within a reasonably prompt time

 

 

Proprietary to Bank of America   Page 7 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

  after such request, Supplier shall provide to Bank of America (or a Representative designated by Bank of America) access to such Records for the purpose of auditing such Records during normal business hours. Supplier shall retain all Records required under this Section in accordance with the Section entitled “Audit” of this Agreement, after the amounts documented in such Records become due. Supplier shall cooperate fully with Bank of America and any taxing authority involving any audit of sales, use or excise taxes. Upon request from Bank of America, Supplier will provide copies of invoices in electronic form that have been selected for review by any taxing authority, together with documents supporting the identification of taxable and nontaxable portions of amounts reflected on such invoices as contemplated by Section 7.8.

 

8.0 MUTUAL REPRESENTATIONS AND WARRANTIES

 

 

8.1 Each Party represents and warrants the following: (a) the Party’s execution, delivery and performance of this Agreement: (i) have been authorized by all necessary corporate action, (ii) do not violate the terms of any law, regulation, or court order to which such Party is subject or the terms of any material agreement to which the Party or any of its assets may be subject and (iii) are not subject to the consent or approval of any third party; (b) this Agreement is the valid and binding obligation of the representing Party, enforceable against such Party in accordance with its terms; and (c) such Party is not subject to any pending or threatened litigation or governmental action which could interfere with such Party’s performance of its obligations hereunder.

 

9.0 REPRESENTATIONS AND WARRANTIES OF SUPPLIER

 

 

9.1 In rendering its obligations under this Agreement, without limiting other applicable performance warranties, Supplier represents and warrants to Bank of America as follows: (a) Supplier is in good standing in the state of its incorporation and is qualified to do business as a foreign corporation in each of the other states in which it is providing Services hereunder; and (b) Supplier shall secure or has secured all permits, licenses, regulatory approvals and registrations required to render Services set forth herein, including without limitation, registration with the appropriate taxing authorities for remittance of taxes.

 

9.2 Supplier represents and warrants that it shall perform the Services in a timely and professional manner using competent personnel having expertise suitable to their assignments. Supplier represents and warrants that the Services shall conform to or exceed, in all material respects, the specifications described herein, as well as the standards generally observed in the industry for similar services. Supplier represents and warrants that neither performance nor functionality of the Services or systems is or will be affected by dates prior to, during and after the year 2000. Supplier represents and warrants that Services supplied hereunder shall be free of defects in workmanship, design and material. Supplier represents and warrants that the Work Product and Services furnished under this Agreement do not and shall not infringe, misappropriate or otherwise violate any Intellectual Property Rights or any other rights of any third party.

 

9.3 As of the Effective Date, there are no actions, suits or proceedings pending, or to the knowledge of Supplier threatened, against Supplier, Supplier’s Representatives and Subcontractors alleging infringement, misappropriation or other violation of any Intellectual Property Rights related to any Work Product or Service contemplated by this Agreement.

 

9.4 Supplier shall, and shall be responsible for ensuring that Supplier’s Representatives and Subcontractors shall, perform all obligations of Supplier under this Agreement in compliance with all laws, rules, regulations and other legal requirements.

 

9.5 Supplier represents and warrants that it is familiar with all applicable domestic and foreign antibribery or anticorruption laws, including those prohibiting Supplier, and, if applicable, its officers, employees, agents and others working on its behalf, from taking corrupt actions in furtherance of an offer, payment, promise to pay or authorization of the payment of anything of value, including but not limited to cash, checks, wire transfers, tangible and intangible gifts, favors, services, and those entertainment and travel expenses that go beyond what is reasonable and customary and of modest value, to: (i) an executive, official, employee or agent of a governmental department, agency or instrumentality, (ii) a director, officer, employee or agent of a wholly or partially government-owned or -controlled company or business, (iii) a political party or official

 

 

Proprietary to Bank of America   Page 8 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

  thereof, or candidate for political office, or (iv) an executive, official, employee or agent of a public international organization (e.g., the International Monetary Fund or the World Bank) (“Government Official”); while knowing or having a reasonable belief that all or some portion will be used for the purpose of: (a) influencing any act, decision or failure to act by a Government Official in his or her official capacity, (b) inducing a Government Official to use his or her influence with a government or instrumentality to affect any act or decision of such government or entity, or (c) securing an improper advantage; in order to obtain, retain, or direct business.

 

9.6 Supplier represents and warrants that it would now be in compliance with all applicable domestic or foreign antibribery or anticorruption laws, including those prohibiting the bribery of Government Officials, and will remain in compliance with all applicable laws; that it will not authorize, offer or make payments directly or indirectly to any Government Official; and that no part of the payments received by it from Bank of America will be used for any purpose that could constitute a violation of any applicable laws.

 

9.7 THE WARRANTIES CONTAINED IN THIS AGREEMENT ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THOSE OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

 

10.0 FINANCIAL RESPONSIBILITY

 

 

10.1 Upon Bank of America’s request, Supplier shall promptly furnish its financial statements as prepared by or for Supplier in the ordinary course of its business, if Supplier is subject to laws and regulations of the U.S. Securities & Exchange Commission (SEC), the financial reporting and notification requirements contained herein shall be limited to all information that can be provided and in accordance with timelines which are legally permitted. Financial information provided hereunder shall be used by Bank of America solely for the purpose of determining Supplier’s ability to perform its obligations under this Agreement. To the extent any such financial information is not otherwise publicly available, it shall be deemed Confidential Information (as defined in Section 15.1) of Supplier. If Bank of America’s review of financial statements causes Bank of America to question Supplier’s ability to perform its duties hereunder, Bank of America may request, and Supplier shall provide to Bank of America, reasonable assurances of Supplier’s ability to perform its duties hereunder. Failure by Supplier to provide such reasonable assurances to Bank of America shall be deemed a material breach of this Agreement. Furthermore, Supplier shall notify Bank of America immediately in the event there is a change of control or material adverse change in Supplier’s business or financial condition.

 

11.0 BUSINESS CONTINUITY

 

 

11.1 Supplier agrees to establish, maintain and implement per the terms thereof a Business Continuity Plan. The Business Continuity Plan must be in place and delivered to Bank of America within forty-five (45) calendar days after the Effective Date of this Agreement. The Business Continuity Plan shall be delivered annually thereafter and shall include, but not be limited to, the items called for in SCHEDULE F entitled “Recovery,” as applicable. If Bank of America objects in writing to any provision of such plans and controls, Supplier shall respond in writing within thirty (30) calendar days, explaining, among other matters Supplier wishes to include in its response, the actions Supplier intends to take to cure Bank of America’s objection.

 

11.2 Supplier agrees to establish, maintain and implement per the terms thereof a Business Continuity Plan. The Business Continuity Plan must be in place within forty-five (45) calendar days after the Effective Date of this Agreement, and shall include, but not be limited to, the items called for in SCHEDULE F entitled “Recovery,” as applicable. Supplier shall provide the Business Continuity Plan to Bank of America upon Bank of America’s request. If Bank of America objects in writing to any provision of such plans and controls, Supplier shall respond in writing within thirty (30) calendar days, explaining, among other matters Supplier wishes to include in its response, the actions Supplier intends to take to cure Bank of America’s objection.

 

 

Proprietary to Bank of America   Page 9 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

12.0 RELATIONSHIP OF THE PARTIES

 

 

12.1 The Parties are independent contractors. Nothing in this Agreement or in the activities contemplated by the Parties hereunder shall be deemed to create an agency, partnership, employment or joint venture relationship between the Parties or any of their Subcontractors or Representatives.

 

13.0 SUPPLIER PERSONNEL

 

 

13.1 Bank of America shall provide Supplier, if necessary and at a mutually agreed upon time, reasonable access to Bank of America to provide its Services, subject to the existing security regulations at Bank of America.

 

13.2 Supplier’s personnel are not eligible to participate in any of the employee benefit or similar programs of Bank of America. Supplier shall inform all of its personnel providing Services pursuant to this Agreement that they will not be considered employees of Bank of America for any purpose, and that Bank of America shall not be liable to any of them as an employer for any claims or causes of action arising out of or relating to their assignment.

 

13.3 Upon the request of Bank of America, Supplier shall Immediately remove any of Supplier’s Representatives or Subcontractors performing Services under this Agreement and replace such Representative or Subcontractor as soon as practicable. Upon the request of Bank of America, Supplier shall promptly, and after consultation with Bank of America, address any concerns or issues raised by Bank of America regarding any of Supplier’s Representatives or Subcontractors performing Services under this Agreement, which may include, as appropriate, replacing such Representative or Subcontractor from the Bank of America account.

 

13.4 The engagement of a Subcontractor by Supplier shall be subject to Bank of America’s prior written consent, which shall not be unreasonably withheld, and shall not relieve Supplier of any of its obligations under this Agreement. Supplier shall be responsible for the performance or nonperformance of its Subcontractors as if such performance or nonperformance were that of Supplier. Supplier shall require all Subcontractors, as a condition to their engagement, to agree to be bound by provisions substantially the same as those included in this Agreement particularly the Sections entitled “Supplier Personnel,” “Insurance,” “Confidentiality and Information Protection,” “Audit” and “Business Continuity.”

 

13.5 Supplier shall comply and shall cause its Representatives and Subcontractors to comply with all personnel, facility, safety and security policies, rules and regulations and other instructions of Bank of America, when performing work at a Bank of America facility or accessing any Bank of America systems or data, and shall conduct its work at Bank of America facilities or on Bank of America systems in such a manner as to avoid endangering the safety, or interfering with the convenience of, Bank of America Representatives or customers. Supplier understands that Bank of America operates under various laws and regulations that are unique to the security-sensitive banking industry. As such, persons engaged by Supplier to provide Services under this Agreement are held to a higher standard of conduct and scrutiny than in other industries or business enterprises. Supplier agrees that its Representatives and Subcontractors providing Services hereunder shall possess appropriate character, disposition and honesty. Supplier shall, to the extent permitted by law, exercise reasonable and prudent efforts to comply with the security provisions of this Agreement.

 

13.6 Supplier shall not knowingly permit a Representative or Subcontractor to have access to the Confidential Information, premises, records or data of Bank of America when such Representative or Subcontractor: (a) has been convicted of a crime or has agreed to or entered into a pretrial diversion or similar program in connection with: (i) a dishonest act or a breach of trust, as set forth in Section 19 of the Federal Deposit Insurance Act, 12 U.S.C. 1829(a); or (ii) a felony; or (b) uses illegal drugs. Notwithstanding anything in this Agreement to the contrary, Supplier shall conduct at its expense background checks on its employees and those of its Subcontractors who will have access (whether physical, remote, or otherwise and whether on or off Bank of America premises) to Bank of America facilities, equipment, systems or data and such background checks shall comply with Bank of America procedures and requirements as set forth in SCHEDULE E to this Agreement and updated in writing delivered to Supplier from time to time. Supplier shall report to Bank of America on background checks done, in accordance with the requirements of SCHEDULE E and prior to such employee being granted such access.

 

 

Proprietary to Bank of America   Page 10 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

13.7 Supplier represents that it maintains comprehensive hiring policies and procedures which include, among other things, a background check for criminal convictions, and if requested by Bank of America, drug testing, all to the extent permitted by law. Supplier further represents that through its hiring policies and procedures including background checks, it endeavors to hire the best candidates with appropriate character, disposition, and honesty. In the event that Supplier employs non-U.S. citizens to provide Services hereunder, Supplier shall ensure that all such persons have and maintain appropriate visas to enable them to provide the Services.

 

13.8 Bank of America shall notify Supplier of any act of dishonesty or breach of trust committed against Bank of America, which may involve a Supplier Representative, or Subcontractor of which Bank of America becomes aware, and Supplier shall notify Bank of America if it becomes aware of any such offense. Following such notice, at the request of Bank of America and to the extent permitted by law, Supplier shall cooperate with investigations conducted by or on behalf of Bank of America.

 

13.9 To the extent Executive Order 13496 applies to this Agreement or the work performed hereunder, the text of 29 CFR Part 471, Appendix A to Subpart A (as amended, modified, restated or supplemented from time to time) is hereby incorporated by reference into this Agreement as if set forth fully herein. Supplier shall comply with all requirements set forth in 29 CFR Part 471, Appendix A to Subpart A, and all promulgated regulations applicable thereto (collectively, “EO 13496 Requirements”). At least annually, and on a more frequent basis as determined by Bank of America, Supplier shall certify in writing, in a form acceptable to Bank of America, that Supplier has fully complied with all E0 13496 Requirements. Failure to comply with the EO 13496 Requirements or the written certification requirements shall be deemed a material breach of this Agreement.

Supplier shall indemnify, defend, and hold harmless Bank of America and its Representatives, successors and permitted assigns from and against any and all claims or legal actions of whatever kind or nature that are made or threatened by any third party or government agency and all related losses, expenses, damages, costs and liabilities, including reasonable attorneys’ fees and expenses incurred in investigation, defense or settlement, which arise out of, are alleged to arise out of, or relate to Supplier’s failure to comply with the EO 13496 Requirements. Supplier’s liability pursuant to this Subsection 13.9 shall not be subject to or limited in any way by the limitations set forth in Section 17.0, Limitation of Liability.

 

14.0 INSURANCE

 

 

14.1 Supplier shall at its own expense secure and continuously maintain, and shall require its Subcontractors to secure and continuously maintain, throughout the Term, the following insurance with companies qualified to do business in the jurisdiction in which the Services will be performed and rating A-Vll or better in the current Best’s Insurance Reports published by A. M. Best Company and shall, within thirty (30) calendar days of the Effective Date and prior to commencing work, furnish to Bank of America certificates and required endorsements evidencing such insurance. Bank of America shall be named as an “Additional Insured” to the coverages described in Sections 14.1.3, 14.1.4 and 14.1.5 below for the purpose of protecting Bank of America from any expense and/or liability arising out of, alleged to arise out of, related to, or connected with the Services provided by Supplier and/or its Subcontractors. The certificates shall state the amount of all deductibles and self-insured retentions and shall contain evidence that the policy or policies shall not be canceled or materially altered without at least thirty (30) calendar days prior written notice to Bank of America. Supplier and its Subcontractors shall pay any and all costs which are incurred by Bank of America as a result of any such deductibles or self-insured retentions to the extent that Bank of America is named as an “Additional Insured,” and to the same extent as if the policies contained no deductibles or self-insured retention. The insurance coverages and limits required to be maintained by Supplier and its Subcontractors shall be primary and non-contributory to insurance coverage, if any, maintained by Bank of America. Supplier and its Subcontractors and their underwriters shall waive subrogation against Bank of America and shall cause their insurer(s) to waive subrogation against Bank of America.

 

 

Proprietary to Bank of America   Page 11 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

14.2 Supplier shall at its own expense secure and continuously maintain, and shall require its Subcontractors to secure and continuously maintain, throughout the Term, the following insurance with companies qualified to do business in the jurisdiction in which the Services will be performed and rating A-VII or better in the current Best’s Insurance Reports published by A. M. Best Company and shall, upon Bank of America’s request, be furnished to Bank of America certificates and required endorsements evidencing such insurance. Bank of America shall be named as an “Additional Insured” to the coverages described in Sections 14.1.3, 14.1.4 and 14.1.5 below for the purpose of protecting Bank of America from any expense and/or liability arising out of, alleged to arise out of, related to, or connected with the Services provided by Supplier and/or its Subcontractors. The certificates shall state the amount of all deductibles and self-insured retentions and shall contain evidence that the policy or policies shall not be canceled or materially altered without at least thirty (30) calendar days prior written notice to Bank of America. Supplier and its Subcontractors shall pay any and all costs which are incurred by Bank of America as a result of any such deductibles or self-insured retentions to the extent that Bank of America is named as an “Additional Insured,” and to the same extent as if the policies contained no deductibles or self-insured retention. The insurance coverages and limits required to be maintained by Supplier and its Subcontractors shall be primary and non-contributory to insurance coverage, if any, maintained by Bank of America. Supplier and its Subcontractors and their underwriters shall waive subrogation against Bank of America and shall cause their insurer(s) to waive subrogation against Bank of America.

 

  14.1 Insurance Coverages

 

  14.1.1 Worker’s Compensation Insurance which shall fully comply with the statutory requirements of all applicable state and federal laws.

 

  14.1.2 Employers Liability Insurance which limit shall be $1,000,000 per accident for Bodily Injury and $1,000,000 per employee/aggregate for disease.

 

  14.1.3 Commercial General Liability Insurance with a minimum combined single limit of liability of $1,000,000 per occurrence and $2,000,000 aggregate for bodily injury, death, property damage and personal injury. This policy shall include products/completed operations coverage and shall also include contractual liability coverage.

 

  14.1.4 Business Automobile Liability Insurance covering all owned, hired and non-owned vehicles and equipment used by Supplier with a minimum combined single limit of liability of $1,000,000 for injury and/or death and/or property damage.

 

  14.1.5 Excess coverage with respect to Sections 14.1.2, 14.1.3 and 14.1.4 above with a per occurrence limit of $5,000,000. The limits of liability required in subsections14.1.2, 14.1.3 and 14.1.4 may be satisfied by a combination of those policies with an Umbrella/Excess Liability policy.

 

  14.1.6 Errors and Omissions coverage with a minimum limit of $5,000,000.

 

  14.1.7 Supplier shall be responsible for loss to bank property and customer property, directly or indirectly, and shall maintain Fidelity Bond or Crime coverage for the dishonest acts of its employees in a minimum amount of $5,000,000. Supplier shall endorse such policy to include a “Client Coverage” or “Joint Payee Coverage” endorsement. Bank of America shall be named as “Loss Payee, As Their Interest May Appear” in such Fidelity Bond.

 

14.2 The failure of Bank of America to obtain certificates, endorsements, or other forms of insurance evidence from Supplier and its Subcontractors is not a waiver by Bank of America of any requirements for the Supplier and its Subcontractors to secure and continuously maintain the specified coverages. Supplier shall notify and shall advise its Subcontractors to notify insurers of the coverages required hereunder. Bank of America’s acceptance of certificates and/or endorsements that in any respect do not comply with the requirements of this Section does not release the Supplier and its Subcontractors from compliance herewith. Should Supplier and/or its Subcontractors fail to secure and continuously maintain the insurance

 

 

Proprietary to Bank of America   Page 12 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

  coverage required under this Agreement, Supplier shall itself be responsible to Bank of America for all the benefits and protections that would have been provided by such coverage, including without limitation, the defense and indemnification protections.

 

15.0 CONFIDENTIALITY AND INFORMATION PROTECTION

 

 

15.1 The term “Confidential Information” shall mean this Agreement and all data, trade secrets, business information and other information of any kind whatsoever that a Party (“Discloser”) discloses, in writing, orally, visually or in any other medium, to the other Party (“Recipient”) or to which Recipient obtains access and that relates to Discloser or, in the case of Supplier, to Bank of America or its Representatives, customers, third-party vendors or licensors. Confidential Information includes Associate Information, Customer Information and Consumer Information, as defined in the Section entitled “Definitions.” A “writing” shall include an electronic transfer of information by e-mail, over the internet or otherwise.

 

15.2 Supplier acknowledges that Bank of America has a responsibility to its customers and other consumers using its services to keep Associate Information, Customer Information and Consumer Information strictly confidential. Each of the Parties, as Recipient, hereby agrees that it will not, and will cause its Representatives, consultants, Affiliates and independent contractors not to disclose Confidential Information of the other Party, including Associate Information, Customer Information and Consumer Information, during or after the Term of this Agreement, other than on a “need to know” basis and then only to: (a) Affiliates of Bank of America; (b) Recipient’s employees or officers; (c) Affiliates of Recipient, its independent contractors at any level, agents and consultants, provided that all such persons are subject to a written confidentiality agreement that shall be no less restrictive than the provisions of this Section; (d) pursuant to the exceptions set forth in 15 U.S.C 6802(e) and accompanying regulations, which disclosures are made in the ordinary course of business and (e) as required by law or as otherwise expressly permitted by this Agreement. Recipient shall not use or disclose Confidential Information of the other Party for any purpose other than to carry out this Agreement Recipient shall treat Confidential Information of the other Party with no less care than it employs for its own Confidential Information of a similar nature that it does not wish to disclose, publish or disseminate, but not less than a reasonable level of care. Upon expiration or termination of this Agreement for any reason or at the written request of Bank of America during the Term of this Agreement, Supplier shall promptly return to Bank of America or destroy according to the Information Destruction Requirements described within SCHEDULE D, “Information Security”, at Bank of America’s election, all Bank of America Confidential Information in the possession of Supplier or Supplier’s Subcontractors, subject to and in accordance with the terms and provisions of this Agreement.

 

15.3 To the extent legally permitted, Recipient shall notify Discloser of any actual or threatened requirement of law to disclose Confidential Information promptly upon receiving actual knowledge thereof and shall cooperate with Discloser’s reasonable, lawful efforts to resist, limit or delay disclosure. Nothing in this Section shall require any notice or other action by Bank of America in connection with requests or demands for Confidential Information by bank examiners.

 

15.4 Supplier shall not remove or download from Bank of America’s premises or systems, the original or any reproduction of any notes, memoranda, files, records, or other documents, whether in tangible or electronic form, containing Bank of America’s Confidential Information or any document prepared by or on behalf of Supplier that contains or is based on Bank of America’s Confidential Information, without the prior written consent of an authorized Representative of Bank of America. Any document or media provided by an authorized Bank of America Representative or notes taken to document discussions with Bank of America Representatives pertaining to the Services performed hereunder will be deemed to fall outside this consent requirement unless otherwise stated by the Bank of America Representative.

 

15.5

With the exception of Associate Information, Customer Information and Consumer Information, the obligations of confidentiality in this Section shall not apply to any information that (i) Recipient rightfully has in its possession when disclosed to it, free of obligation to Discloser to maintain its confidentiality; (ii) Recipient independently develops without access to Discloser’s Confidential Information; (iii) is or becomes known to the public other than by breach of this Section or (iv) is rightfully received by Recipient from a third party without the obligation of confidentiality. Any combination of Confidential Information disclosed

 

 

Proprietary to Bank of America   Page 13 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

  with information not so classified shall not be deemed to be within one of the foregoing exclusions merely because individual portions of such combination are free of any confidentiality obligation or are separately known in the public domain.

 

15.6 Bank of America may disclose Confidential Information of Supplier to independent contractors for the purpose of further handling, processing, modifying and adapting the Services for use by or for Bank of America, provided that such independent contractors have agreed to observe in substance the obligations of Bank of America set forth in this Section.

 

15.7 All Confidential Information disclosed by Bank of America and any results of processing such Confidential Information or derived in any way therefrom shall at all times remain the property of Bank of America. Supplier shall have responsibility for and bear all risk of loss or damage to Confidential Information and damages resulting from improper or inaccurate processing of such data arising from the negligence or willful misconduct of Supplier, its Representatives or Subcontractors.

 

15.8 Supplier acknowledges that Bank of America is required to comply with the information security standards required by the Gramm-Leach-Bliley Act (15 U.S.C. 6801, 6805(b)(1)) and the regulations issued thereunder (12 C.F.R. Part 40), the Fair and Accurate Credit Transactions Act (15 U.S.C. 1681, 1681w) and the regulations issued thereunder (12 C.F.R. Parts 30 and 41) and with other statutory, legal and regulatory requirements (collectively, “Privacy Laws”). If applicable. Supplier shall make commercial best efforts to assist Bank of America to so comply and shall comply and conform with applicable Privacy Laws, as amended from time to time, and with the Bank of America policies for information protection as modified by Bank of America from time to time.

 

15.9 Bank of America may, in its sole discretion and at any time during the Term of this Agreement, suspend, revoke or terminate Supplier’s right to access Confidential Information upon written notice to Supplier. Upon receipt of that notice, Supplier shall (i) immediately stop accessing and/or accepting Confidential Information and (ii) promptly return to Bank of America or destroy according to the Information Destruction Requirements described within SCHEDULE D, “Information Security”, at Bank of America’s election, all Bank of America Confidential Information in the possession of Supplier or Supplier’s Subcontractors, subject to and in accordance with the terms and provisions of this Agreement.

 

15.10 It is the understanding of the Parties, and a condition of this Agreement, that Supplier will not require access to any Customer or Consumer Information in order to perform under this Agreement in the event that access to such information is required for Supplier to perform its obligations, Bank of America reserves the right to amend the Agreement, in language mutually agreeable to the Parties, by including language that allows the Bank to discharge its regulatory obligations to evaluate the manner in which Supplier protects such Customer and Consumer Information. Supplier hereby acknowledges and agrees that Supplier has no legal right to access, receive, accept, transmit, store or otherwise impact Confidential Information under any circumstance whatsoever unless and until Bank of America has granted such rights to Supplier after the opportunity to determine the level of Supplier’s compliance with the Bank Security Requirements and such other terms or conditions as Bank of America may require. After granting such rights to Supplier, Bank of America may suspend, revoke or terminate such rights in its sole discretion upon written notice to Supplier. Upon receipt of that notice, Supplier shall (i) immediately stop accessing and/or accepting Confidential Information and (ii) promptly return to Bank of America or destroy according to the Information Destruction Requirements described within SCHEDULE D, “Information Security”, at Bank of America’s election, all Bank of America Confidential Information in the possession of Supplier or Supplier’s Subcontractors, subject to and in accordance with the terms and provisions of this Agreement.

 

15.11 As a condition of access to the Confidential Information of Bank of America, Supplier shall make available to Bank of America a copy of its written Information Security Program for evaluation. The program shall be designed to:

A. Ensure the security, integrity and confidentiality of Confidential Information;

B. Protect against any anticipated threats or hazards to the security or integrity of such Confidential Information;

C. Protect against unauthorized access to or use of such Confidential Information that could result in substantial harm or inconvenience to the person or entity that is the subject of such Confidential Information; and

 

 

Proprietary to Bank of America   Page 14 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

D. Ensure the proper disposal of such Confidential Information.

 

15.12 At the request of Bank of America, Supplier shall make commercially reasonable modifications to its Information Security Program or to the procedures and practices thereunder to conform at least to the Bank Security Requirements, Supplier shall require any Subcontractors and other persons or entities who provide services to Supplier for delivery to Bank of America directly or indirectly or who hold Confidential Information to implement and administer an information protection program and plan that complies with Bank Security Requirements. Supplier shall include or shall cause to be included in written agreements with such Subcontractors or other persons or entities substantially the terms of this Section and the provisions of SCHEDULE D.

 

15.13 One aspect of the determination of Supplier compliance with Bank Security Requirements is a review of Supplier Security Controls. As a condition precedent to performance under this Agreement, Supplier agrees to satisfy the following validation requirements:

A. Participation in Bank of America’s Supplier testing and assessment process including the completion of online and/or on-site assessment(s), as appropriate, and remediation of any findings;

B. Periodic discussions between Bank of America personnel and Supplier Information Technology. security personnel to review Supplier Security Controls; and

C. Delivery to Bank of America of network diagrams depicting Supplier perimeter controls and security policies and processes relevant to the protection of Confidential Information. Examples of these policies include, but are not limited to, access control, physical security, patch management, password standards, encryption standards, and change control.

 

15.14 During the course of performance under this Agreement, Supplier shall ensure the following:

A. Adequate governance and risk assessment processes are in place to maintain controls over Confidential Information. A security awareness program must be in place or implemented that communicates security policies to all Supplier (and Supplier Subcontractor(s)) personnel having access to Confidential Information.

B. Notification to Bank of America of changes that may impact the security of Confidential Information. Such changes requiring notification include, by way of example and not limitation, outsourcing of computer networking, data storage, management and processing or other information technology functions or facilities and the implementation of external web-enabled (Internet) access to Confidential Information.

C. Use of strong, industry-standard encryption of Confidential Information transmitted over public networks (e.g. Internet, non-dedicated leased lines) and backup tapes residing at off-site storage facilities.

 

15.15 Bank of America reserves the right to monitor Supplier-maintained platforms that reside on the Bank of America network. The Supplier may be required, at the expense of Bank of America, to assist with installation, support and problem resolution of Bank of America owned equipment or processes, or to provide an information feed from the Supplier platform to the Bank of America monitoring processes.

 

15.16 Supplier shall deliver an updated Information Security Program or confirm that no changes have been made to the Information Security Program annually.

 

15.17 To the extent Supplier will store, process, transmit or otherwise access or possess cardholder data in connection with the Services provided under this Agreement, Supplier understands and acknowledges its obligation to secure cardholder data and to adhere to the Payment Card Industry Data Security Standard (PCI DSS) for the protection of cardholder data throughout the Term of this Agreement and any Renewal Terms. The PCI DSS may be found at www.pcisecuritystandards.org. Supplier further understands it is responsible for the security of cardholder data in the possession or control of any Subcontractors it engages to perform under this Agreement. Such Subcontractors must be identified to and approved by Bank of America in writing prior to sharing cardholder data with the Subcontractor. In support of this obligation, Supplier shall provide appropriate documentation to demonstrate compliance with applicable PCI DSS requirements by Supplier and all identified Subcontractors. Failure to discharge this obligation may be considered by Bank of America to be a Termination Event under subsection (a) of the Section entitled “Termination”.

 

 

Proprietary to Bank of America   Page 15 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

16.0 INDEMNITY

 

 

16.1 Supplier shall indemnify, defend, and hold harmless Bank of America and its Representatives, successors and permitted assigns from and against any and all claims or legal actions of whatever kind or nature that are made or threatened by any third party and all related losses, expenses, damages, costs and liabilities, including reasonable attorneys’ fees and expenses incurred in investigation, defense or settlement (“Damages”), which arise out of, are alleged to arise out of, or relate to the following: (a) any negligent act or omission or willful misconduct by Supplier, its Representatives or any Subcontractor engaged by Supplier in the performance of Supplier’s obligations under this Agreement; or (b) any breach in a representation, covenant or obligation of Supplier contained in this Agreement.

 

16.2 Supplier shall defend or settle at its expense any threat, claim, suit or proceeding arising from or alleging infringement, misappropriation or other violation of any Intellectual Property Rights or any other rights of any third party by Work Product or Services furnished under this Agreement. Supplier shall indemnify and hold Bank of America, its Affiliates and each of their Representatives and customers harmless from and against and pay any Damages, including royalties and license fees attributable to such threat, claim, suit or proceeding.

A. If any Work Product or Services furnished under this Agreement, including, without limitation, software, system design, equipment or documentation, becomes, or in Bank of America’s or Supplier’s reasonable opinion is likely to become, the subject of any claim, suit, or proceeding arising from or alleging facts that if true would constitute infringement, misappropriation or other violation of, or in the event of any adjudication that such Work Product or Service infringes, misappropriates or otherwise violates, any Intellectual Property Rights or any other rights of a third party, Supplier, at its own expense, shall take the following actions in the listed order of preference: (a) secure for Bank of America the right to continue using the Work Product or Service; or if commercially reasonable efforts are unavailing, (b) replace or modify the Work Product or Service to make it non-infringing; provided, however, that such modification or replacement shall not degrade the operation or performance of the Work Product or Service.

B. The indemnity in the preceding provision shall not extend to any claim of infringement resulting solely from Bank of America’s unauthorized modification or use of the Work Product or Service.

 

16.3 Bank of America shall give Supplier notice of, and the Parties shall cooperate in, the defense of any such claim, suit or proceeding, including appeals, negotiations and any settlement or compromise thereof, provided that Bank of America must approve the terms of any settlement or compromise that may impose any unindemnified or nonmonetary liability on Bank of America.

 

17.0 LIMITATION OF LIABILITY

 

 

17.1 Neither Party shall be liable to the other for any special, indirect, incidental, consequential, punitive or exemplary damages, including, but not limited to, lost profits, even if such Party alleged to be liable has knowledge of the possibility of such damages, provided, however, that the limitations set forth in this Section shall not apply to or in any way limit the obligations of the Section entitled “Indemnity,” the Section entitled “Confidentiality and Information Protection,” or Supplier’s gross negligence or willful misconduct.

 

18.0 SUPPLIER DIVERSITY

 

 

18.1 Supplier acknowledges and supports the Bank of America Supplier Diversity efforts supporting minority, woman and disabled-owned business enterprises and its commitment to the participation of minority, woman and disabled-owned business enterprises in its procurement of goods and services.

 

18.2 Definitions: For purposes of this Agreement, the following are the definitions of “Minority-Owned Business Enterprise,” “Minority Group,” “Woman-Owned Business Enterprise,” “Disabled Veteran-Owned Business Enterprise” and ‘ Disabled-Owned Business Enterprise:”

A. “Minority-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, physically located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated and controlled, by one or more member(s) of a Minority Group who maintain United States citizenship.

 

 

Proprietary to Bank of America   Page 16 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

B. “Minority Group” means African Americans, Hispanic Americans, Native Americans (American Indians, Eskimos, Aleuts, and native Hawaiians), Asian-Pacific Americans, and other minority group as recognized by the United States Small Business Administration Office of Minority Small Business and Capital Ownership Development.

C. “Woman-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated and controlled by a female of United States citizenship.

D. “Disabled Veteran-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated, and controlled by a disabled veteran. The disabled veteran’s ownership and control shall be real and continuing and not created solely to take advantage of special or set aside programs aimed at supplier diversity. The Association of Service Disabled Veterans, www.asdv.org provides certification for this category of business owners throughout the United States.

E. “Disabled-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated and controlled, by an individual of United States citizenship with a permanent mental or physical impairment that substantially limits one or more of the major life activities and which has a significant negative impact upon the company’s ability to successfully compete. The ownership and control shall be real and continuing and not created solely to take advantage of special or set aside programs aimed at supplier diversity. Due to the absence of a certifying agency for this category of business owners, the Disabled-Owned Business Enterprise must complete an affidavit and provide supporting documentation to be eligible for consideration towards diverse supplier participation.

 

18.3 In addition to the above criteria to qualify as a Minority, Woman or Disabled-Owned Business Enterprise under this Agreement, the diverse supplier must be certified by an agency acceptable to Bank of America.

 

18.4 Participation Representation: Supplier represents it is not a Minority, Woman, Disabled or Disabled-Veteran Owned Business Enterprise.

 

19.0 ENVIRONMENTAL INITIATIVE

 

 

19.1 Supplier acknowledges that Bank of America encourages each supplier with which it enters into an agreement for the provision of goods or services to use, consistent with the efficient performance of such agreements, recycled paper goods and other environmentally preferable products, and to implement and adhere to other environmentally beneficial policies and practices. Supplier warrants that Supplier uses environmentally beneficial practices specific to its industry that meet at least the minimum standard recommended for its industry. Upon Bank of America’s request, Supplier will provide written information on its environmental policies and procedures.

 

20.0 AUDIT

 

 

20.1 Supplier shall maintain at no additional cost to Bank of America, in a reasonably accessible location, all Records pertaining to its Services provided to Bank of America under this Agreement for a period of seven (7) years or as required by law, if longer. Such Supplier Records referenced above may be inspected, audited and copied by Bank of America, its Representatives or by federal or state agencies having jurisdiction over Bank of America, during normal business hours and at such reasonable times as Bank of America and Supplier may determine. Records available for review shall exclude any records pertaining to Supplier’s other customers deemed proprietary and confidential and Supplier confidential and proprietary records not associated with the Services provided under the Agreement, however Bank of America will be provided any Records necessary to confirm Supplier’s adherence to the Favorable Terms section in Schedule A of this Agreement.. Supplier will give prior notice to Bank of America of requests by federal or state authorities to examine Supplier’s Bank of America Records. At Bank of America’s written request, Supplier shall reasonably cooperate with Bank of America in seeking a protective order with respect to such Records.

 

 

Proprietary to Bank of America   Page 17 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

20.2 Supplier shall provide at its expense on an annual basis, a copy of the latest SAS70 (Statement on Auditing Standards No. 70, Service Organizations) Type II independent audit firm report for facilities not managed by Bank of America that are used to provide Services under this Agreement. If not available, Supplier, at its sole cost and expense, will engage a nationally recognized certified public accounting firm to conduct the audit and prepare applicable reports. Each report will cover a minimum six (6) calendar month period each calendar year during the Term. Bank of America reserves the right to expand the scope of the controls to be covered in any SAS70-Type II audit report prepared during the Term. Supplier shall provide Bank of America with the scope of the audit and a complete copy of each report prepared in connection with each such audit within thirty (30) calendar days after it receives such report.

 

20.3 Supplier shall provide a copy of the latest operational audit for facilities not managed by Bank of America that are used to provide Services under this Agreement. If necessary, Supplier, at its sole cost and expense, will engage a nationally recognized certified public accounting firm to conduct the audit and prepare applicable reports. Each report will cover a minimum six (6) calendar month period each calendar year during the Term. Such audits may be on a rotating site basis where operations and procedures of Supplier Services provided to Bank of America are in multiple locations in order to confirm that Supplier is in compliance in all aspects of the Agreement. Supplier shall provide Bank of America with a copy of each report prepared in connection with each such audit within thirty (30) calendar days after it receives such report.

 

20.4 During regular business hours but no more frequently than once a year, Bank of America may, at its sole expense, perform a confidential audit of Supplier’s operations as they pertain to the Services provided under this Agreement. Such audits shall be conducted on a mutually agreed upon date [which shall be no more than ten (10) Business Days after Bank of America’s written notice of time, location and duration], subject to reasonable postponement by Supplier upon Supplier’s reasonable request, provided, however, that no such postponement shall exceed twenty (20) Business Days. Bank of America will provide Supplier a summary of the findings from each report prepared in connection with any such audit and discuss results, including any remediation plans. If audit results find Supplier is not in substantial compliance with the requirements of this Agreement, then Bank of America shall be entitled, at Supplier’s expense, to perform up to two (2) additional such audits in that year in accordance with the procedure set forth in this Section. Supplier agrees to promptly take action at its expense to correct those matters or items identified in any such audit that require correction. Failure to correct such matters shall be considered a material breach of this Agreement.

 

20.5 Supplier will provide reasonable access to Bank of America’s federal and state governmental regulators (at a minimum, to the extent required by law), at Bank of America’s expense, to Bank of America’s Records held by Supplier and to the procedures and facilities of Supplier relating to the Services provided under this Agreement. Pursuant to 12 U.S.C. 1867(c), the performance of such Services will be subject to regulation and examination by the appropriate federal banking agency to the same extent as if the Services were being performed by Bank of America itself. Supplier acknowledges and agrees that regulatory agencies may audit Supplier’s performance at any time during normal business hours and that such audits may include both methods and results under this Agreement.

 

20.6 Upon prior written notice and at a mutually acceptable time, Bank of America personnel or its Representatives (e.g., external audit consultants) may audit, test or inspect Supplier’s Information Security Program and its facilities to assure Bank of America’s data and Confidential Information are adequately protected. This right to audit is in addition to the other audit rights or assessments granted herein. Bank of America will determine the scope of such audits, tests or inspections, which may extend to Supplier’s Subcontractors and other Supplier resources (other systems, environmental support, recovery processes, etc.) used to support the systems and handling of Confidential Information. Supplier will inform Bank of America of any internal auditing capability it possesses and permit Bank of America’s personnel to consult on a confidential basis with such auditors at all reasonable times. Bank of America may provide Supplier a summary of the findings from each report prepared in connection with any such audit and discuss results,

 

 

Proprietary to Bank of America   Page 18 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

  including any remediation plans. Without limiting any other rights of Bank of America herein, if Supplier is in breach or otherwise not compliant with any of the provisions set forth in the Section of this Agreement entitled “Confidentiality and Information Protection” and/or SCHEDULE D, then Bank of America may conduct additional audits.

 

20.7 In addition to the requirements under this Section 20.0 and upon Bank of America’s request, Supplier shall deliver to Bank of America, within thirty (30) calendar days after its receipt by its board of directors or senior management, a copy of any preliminary or final report of audit of Supplier by any third-party auditors retained by Supplier, including any management letter such auditors submit, and on any other audit or inspection upon which Bank of America and Supplier may mutually agree.

 

21.0 NON-ASSIGNMENT

 

 

21.1 Neither Party may assign this Agreement or any of the rights hereunder or delegate any of its obligations hereunder, without the prior written consent of the other Party, and any such attempted assignment shall be void, except that Bank of America or any permitted Bank of America assignee may assign any of its rights and obligations under this Agreement (including, without limitation, any individual Order) to any Bank of America Affiliate, the surviving corporation with or into which Bank of America or such assignee may merge or consolidate or an entity to which Bank of America or such assignee transfers all, or substantially all, of its business and assets. Bank of America may not unreasonably withhold its consent of assignment in the event the supplier merges or consolidates with another entity.

 

22.0 GOVERNING LAW

 

 

22.1 This Agreement shall be governed by the internal laws, and not by the laws regarding conflicts of laws, of the State of North Carolina. Each Party hereby submits to the exclusive jurisdiction of the courts of such state, and waives any objection to venue with respect to actions brought in such courts. This provision shall not be construed to conflict with the provisions of the Section entitled “Mediation/Arbitration.”

 

23.0 DISPUTE RESOLUTION

 

 

23.1 The following procedure will be adhered to in all disputes arising under this Agreement which the Parties cannot resolve informally through their Relationship Managers. The aggrieved Party shall notify the other Party in writing of the nature of the dispute with as much detail as possible about the deficient performance of the other Party. The Relationship Managers shall meet (in person or by telephone) within seven (7) calendar days (or other mutually agreed upon date) after the date of the written notification to reach an agreement about the nature of the deficiency and the corrective action to be taken by the respective Parties. If the Relationship Managers do not meet or are unable to agree on corrective action, senior managers of the Parties having authority to resolve the dispute without the further consent of any other person (“Management”) shall meet or otherwise act to facilitate an agreement within fourteen (14) calendar days (or other mutually agreed upon date) of the date of the written notification. If Management do not meet or cannot resolve the dispute or agree upon a written plan of corrective action to do so within seven (7) calendar days (or other mutually agreed upon date) after their initial meeting or other action, or if the agreed-upon completion dates in the written plan of corrective action are exceeded, either Party may request mediation and/or arbitration as provided for in this Agreement. Except as otherwise specifically provided, neither Party shall initiate arbitration, mediation or litigation unless and until this dispute resolution procedure has been substantially complied with or waived. Failure of a Party to fulfill its obligations in this Section, including failure to meet timely upon the other Party’s notice, shall be deemed such a waiver.

 

24.0 MEDIATION/ARBITRATION

 

 

24.1 If the Parties are unable to resolve a dispute arising out of or relating to this Agreement in accordance with the Section entitled “Dispute Resolution,” the Parties will in good faith attempt to resolve such dispute through non-binding mediation. The mediation shall be conducted before a mediator acceptable to both sides, who shall be an attorney or retired judge practicing in the areas of banking and/or information technology law. The mediation shall be held in Charlotte, N.C., provided, however, a dispute relating to infringement of Intellectual Property Rights or the Section entitled “Confidentiality and Information Protection” shall not be subject to this Section entitled “Mediation/Arbitration”.

 

 

Proprietary to Bank of America   Page 19 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

24.2 Any controversy or claim, other than those specifically excluded, between or among the Parties not resolved through mediation under the preceding provision, shall at the request of a Party be determined by arbitration. The arbitration shall be conducted by one independent arbitrator who shall be an attorney or retired judge practicing in the areas of banking and/or information technology law. The arbitration shall be held in Charlotte, N.C. in accordance with the United States Arbitration Act (9 U.S.C. 1 et seq.), notwithstanding any choice of law provision in this Agreement, and under the auspices and the Commercial Arbitration Rules of the American Arbitration Association.

 

24.3 Consistent with the expedited nature of arbitration, each Party will, upon the written request of the other Party, promptly provide the other with copies of documents relevant to the issues raised by any claim or counterclaim on which the producing Party may rely in support of or in opposition to any claim or defense. At the request of a Party, the arbitrator shall have the discretion to order examination by deposition of witnesses to the extent the arbitrator deems such additional discovery relevant and appropriate. Depositions shall be limited to a maximum of three (3) per Party and shall be held within thirty (30) calendar days of the making of a request. Additional depositions may be scheduled only with the permission of the arbitrator, and for good cause shown. Each deposition shall be limited to a maximum of three (3) hours duration. All objections are reserved for the arbitration hearing except for objections based on privilege and proprietary or confidential information. Any dispute regarding discovery, or the relevance or scope thereof, shall be determined by the arbitrator, which determination shall be conclusive. All discovery shall be completed within sixty (60) calendar days following the appointment of the arbitrator.

 

24.4 The arbitrator shall give effect to statutes of limitation in determining any claim, and any controversy concerning whether an issue is arbitrable shall be determined by the arbitrator. The arbitrator shall follow the law in reaching a reasoned decision and shall deliver a written opinion setting forth findings of fact, conclusions of law and the rationale for the decision. The arbitrator shall reconsider the decision once upon the motion and at the expense of a Party. The Section of this Agreement entitled “Confidentiality and Information Protection” shall apply to the arbitration proceeding, all evidence taken, and the arbitrator’s opinion, which shall be Confidential Information of both Parties. Judgment upon the decision rendered by the arbitrator may be entered in any court having jurisdiction.

 

24.5 No provision of this Section shall limit the right of a Party to obtain provisional or ancillary remedies from a court of competent jurisdiction before, after, or during the pendency of any arbitration. The exercise of a remedy does not waive the right of either Party to resort to arbitration. The institution and maintenance of an action for judicial relief or pursuit of a provisional or ancillary remedy shall not constitute a waiver of the right of either Party to submit the controversy or claim to arbitration if the other Party contests such action for judicial relief.

 

25.0 NON-EXCLUSIVE NATURE OF AGREEMENT

 

 

25.1 Supplier agrees that it shall not be considered Bank of America’s exclusive provider of any goods or Services provided hereunder. Bank of America retains the unconditional right to utilize other suppliers in the provision of similar services.

 

26.0 OWNERSHIP OF WORK PRODUCT

 

 

26.1

Bank of America will own exclusively all Work Product and Supplier hereby assigns to Bank of America all right, title and interest (including all Intellectual Property Rights) in the Work Product. Work Product, to the extent permitted by law, shall be deemed “works made for hire” (as that term is defined in the United States Copyright Act). Supplier shall provide Bank of America upon request with all assistance reasonably required to register, perfect or enforce such right, title and interest, including providing pertinent information and, executing all applications, specifications, oaths, assignments and all other instruments that Bank of America shall deem necessary. Supplier shall enter into agreements with all of its Representatives and Subcontractors necessary to establish Bank of America’s sole ownership in the Work Product. Bank of

 

 

Proprietary to Bank of America   Page 20 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

  America acknowledges Supplier’s and its licensors’ claims of proprietary rights in preexisting works of authorship and other intellectual property (“Pre-existing IP”) Supplier uses in its work pursuant to this Agreement. Bank of America does not claim any right not expressly granted by this Agreement in such Pre-existing IP, which shall not be deemed Work Product, even if incorporated with Work Product in the Services Supplier delivers to Bank of America. Unless otherwise agreed in an Order, Supplier grants Bank of America a perpetual, worldwide, irrevocable, nonexclusive, royalty free license to any Pre-existing IP embedded in the Work Product, which shall permit Bank of America and any transferee or sublicensee of Bank of America, subject to the restrictions in this Agreement, to make, use, import, reproduce, display, distribute, make derivative works and modify such Pre-existing IP as necessary or desirable for the use of the Work Product.

 

26.2 Supplier shall promptly notify Bank of America in writing, of any threat, or the filing of any action, suit or proceeding, against Supplier, its Affiliates, Subcontractors or Representatives, (i) alleging infringement, misappropriation or other violation of any Intellectual Property Right related to any Work Product or Service furnished under this Agreement, or (ii) in which an adverse decision would reasonably be expected to have a material adverse effect on the Supplier or the use by Bank of America of the Work Product or Services furnished under this Agreement.

 

27.0 MISCELLANEOUS

 

 

27.1 Bank of America and Supplier represent that they are equal opportunity employers and do not discriminate in employment of persons or awarding of subcontracts because of a person’s race, sex, age, religion, national origin, veteran or handicap status. Supplier is aware of and fully informed of Supplier’s responsibilities and agrees to the provisions under the following: (a) Executive Order 11246, as amended or superseded in whole or in part, and as contained in Section 202 of the Executive Order as found at 41 C.F.R. § 60-1.4(a)(1-7); (b) Section 503 of the Rehabilitation Act of 1973 as contained in 41 C.F.R. § 60-741.4; and (c) The Vietnam Era Veterans’ Readjustment Assistance Act of 1974 as contained in 41 C.F.R. § 60-250.4.

 

27.2 Section headings are included for convenience or reference only and are not intended to define or limit the scope of any provision of this Agreement and should not be used to construe or interpret this Agreement.

 

27.3 No delay, failure or waiver of either Party’s exercise or partial exercise of any right or remedy under this Agreement shall operate to limit, impair, preclude, cancel, waive or otherwise affect such right or remedy. Any waiver by either Party of any provision of this Agreement shall not imply a subsequent waiver of that or any other provision of this Agreement.

 

27.4 If any provision of this Agreement is held invalid, illegal or unenforceable, the validity, legality or enforceability of the remaining provisions shall in no way be affected or impaired thereby.

 

27.5 No amendments of any provision of this Agreement shall be valid unless made by an instrument in writing signed by both Parties specifically referencing this Agreement. Notwithstanding anything therein to the contrary, the terms of any Order to this Agreement shall supplement and not replace or amend the terms or provisions of this Agreement and the terms and provisions of this Agreement shall control in the event of any conflict between such terms thereof and the terms and provisions of this Agreement and such conflict shall be resolved in favor of the express terms and provisions of this Agreement. The terms and provisions of this Agreement shall be incorporated by reference into any Order to this Agreement.

 

27.6 Anything in this Agreement to the contrary notwithstanding, the Parties hereby agree that thirty (30) calendar days after written notice by Bank of America of any amendment to this Agreement for compliance with a change in federal law, rule or regulation affecting financial services companies or the suppliers of financial services companies, this Agreement shall be amended by such notice and the amendment contained therein and without need for further action of the Parties, and the Agreement, as amended thereby, shall be enforceable against the Parties, their successors and assigns. The notice provided hereunder shall set forth such change and provide the relevant amendment to the Agreement. Bank of America shall have the right to terminate immediately the Agreement, without further liability to Supplier, in the event of Supplier’s failure to comply with the terms and conditions of any such amendment to the Agreement.

 

 

Proprietary to Bank of America   Page 21 of 22   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

27.7 This Agreement may be executed by the Parties in one or more counterparts, and each of which when so executed shall be an original but all such counterparts shall constitute one and the same instrument.

 

27.8 The remedies under this Agreement shall be cumulative and are not exclusive. Election of one remedy shall not preclude pursuit of other remedies available under this Agreement or at law or in equity. In arbitration a Party may seek any remedy generally available under the governing law.

 

27.9 Notwithstanding the general rules of construction, both Bank of America and Supplier acknowledge that both Parties were given an equal opportunity to negotiate the terms and conditions contained in this Agreement, and agree that the identity of the drafter of this Agreement is not relevant to any interpretation of the terms and conditions of this Agreement.

 

27.10 All notices or other communications required under this Agreement shall be given to the Parties in writing to the applicable addresses set forth on the signature page, or to such other addresses as the Parties may substitute by written notice given in the manner prescribed in this Section as follows: (a) by first class, registered or certified United States mail, return receipt requested and postage prepaid, (b) over-night express courier or (c) by hand delivery to such addresses. Such notices shall be deemed to have been duly given (i) five (5) Business Days after the date of mailing as described above, (ii) one (1) Business Day after being received by an express courier during business hours, or (iii) the same day if by hand delivery.

 

27.11 Wherever this Agreement requires either Party’s approval or consent such approval or consent shall not be unreasonably withheld or delayed.

 

27.12 This Agreement shall be binding upon, and inure to the benefit of, the Parties and their respective permitted successors and assigns. Except as expressly set forth in this Agreement and with the exception of the Affiliates of Bank of America, the Parties do not intend the benefits of this Agreement to inure to any third party, and nothing contained herein shall be construed as creating any right, claim or cause of action in favor of any such other third party, against either of the Parties hereto.

 

27.13 Any transaction undertaken pursuant to this Agreement in which Supplier furnishes services shall be governed by Article 2 of the Uniform Commercial Code as if the services were goods, unless the applicable law of the state of the governing law expressly otherwise provides.

 

27.14 Neither Party shall issue any media releases, public announcements and public disclosures, relating to this Agreement or use the name or logo of the other Party, including, without limitation, in promotional or marketing material or on a list of customers, provided that nothing in this paragraph shall restrict any disclosure required by legal, accounting or regulatory requirements beyond the reasonable control of the releasing Party.

 

28.0 ENTIRE AGREEMENT

 

 

28.1 This Agreement, the Schedules, and other documents incorporated herein by reference, is the final, full and exclusive expression of the agreement of the Parties and supersedes all prior agreements, understandings, writings, proposals, representations and communications, oral or written, of either Party with respect to the subject matter hereof and the transactions contemplated hereby. The Parties agree to accept a digital image of this Agreement, as executed, as a true and correct original and admissible as best evidence to the extent permitted by a court with proper jurisdiction.

 

 

Proprietary to Bank of America   Page 22 of 22   vTIP2010


[Schedules A and B to the General Services Agreement, dated as of November 5, 2010, have been superseded in their entirety by Schedules A and B to the Amendment to General Services Agreement, dated August 16, 2017. Schedule C to the General Services Agreement, dated as of November 5, 2010, has been superseded in its entirety by Schedule C to the Amendment to General Services Agreement, dated January 14, 2016.]


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

SCHEDULE D

Information Security

 

INFORMATION SECURITY PROGRAM

Bank of America shall have the opportunity to evaluate the Supplier’s Information Security Program and Supplier Security Controls to ensure Supplier’s compliance with the Section entitled “Confidentiality and Information Protection.” The Supplier’s Information Security Program (the “Program”) shall address the Bank Security Requirements described below. This Program shall, at a minimum, prescribe the architecture of Supplier’s system, Confidential Information placement within the system, the security controls in place (e.g. firewalls, web page security, intrusion detection, incident response process, etc.) and contain the information called for in the Subsection entitled “Security Program Features” below. The Program shall also describe physical security measures in place to protect Confidential Information received or processed by Supplier, including those that will protect Confidential Information that has been printed or otherwise displayed in forms perceptible with or without the aid of equipment. Bank of America shall provide Supplier with the Service Provider Security Requirements document outlining such Bank Security Requirements and Supplier Security Controls which shall be deemed a part of Bank of America’s Confidential Information under this Agreement. Supplier acknowledges that upon request in order to be allowed continued access to Confidential Information, it will make modifications to its Information Security Program to add additional measures necessary to retain Information security standards consistent with the Bank Security Requirements.

PRIVACY POLICY

With respect to Confidential Information and the Services provided to or on behalf of Bank of America, Supplier promptly shall conform its publicly available privacy and security policies, in Bank of America’s reasonable judgment, to those of Bank of America, as they may exist from time to time.

PROTECTION

Supplier shall install and use a reasonable change control process to ensure that access to its systems and to Confidential Information is controlled and recorded. Supplier shall notify Bank of America of any planned system configuration changes or other changes affecting the Program applicable to Confidential Information, setting forth how such change will impact the security and protection of Confidential Information. No such change, which could reasonably be expected by Bank of America to have a material adverse impact on the security and protection of Confidential Information, may be implemented without the prior written consent of a Bank of America security representative. Bank of America may approve these types of changes prior to their becoming effective, such approval not to be unreasonably withheld or delayed.

Supplier shall permit Bank of America, at the election of Bank of America, to conduct security vulnerability (penetration) testing on those portions of the Supplier network, and any application servers that Supplier hosts on behalf of Bank of America, on which Confidential Information is stored or processed. Such vulnerability testing shall be conducted in a non-production environment with production equivalent security controls and with prior notice to Supplier. Supplier also agrees to make available to Bank of America the results of any vulnerability testing conducted by Supplier or a qualified third party provider of this service.

Supplier shall permit Bank of America to inspect the physical system equipment, operational environment, and Confidential Information handling procedures. Supplier’s agreement with any independent contractor to provide services to Bank of America in support of this Agreement shall likewise permit Bank of America to conduct the same inspections.

Subject to the terms of this Agreement and the Schedules attached hereto, Supplier will take commercial best measures to prevent the unintended or malicious loss, destruction or alteration of Bank of America’s files, Confidential Information, software and other property received and held by Supplier. Supplier shall maintain backup files (including off-site back-up copies) thereof and of resultant output to facilitate their reconstruction in the case of such loss, destruction or alteration, in order to ensure uninterrupted Services in accordance with the terms of this Agreement, its Schedules, Bank of America’s written policies and Supplier’s disaster recovery plans.

 

 

Proprietary to Bank of America   D-1   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

DETECTION AND RESPONSE

Supplier shall notify Bank of America immediately (within 24 hours or as soon thereafter as practicable) following discovery of any suspected breach or compromise of the security, confidentiality, or integrity of nonpublic personal information of any current or former Bank of America employee or customer (“Affected Persons”) or otherwise provided to Supplier by Bank of America under this agreement through the defined security escalation channel of Bank of America, the Bank of America Incident Response Team (“lnfoSafe”) by calling (800) 207-2322, option 1. Callers will be asked to identify themselves as Supplier. Such notification to Bank of America shall precede notifications to any other party. Supplier shall cooperate fully with all Bank of America security investigation activities consistent with the lnfoSafe guidelines for escalation and control of significant security incidents.

Bank of America reserves the right in its sole discretion to make appropriate privacy breach notifications to Affected Persons and regulators pursuant to federal or state guidelines, including but not limited to the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. To assist Bank of America in such notifications, Supplier shall include a brief summary of the available facts, the status of any investigation, and, if known, the potential number of Affected Persons. Supplier agrees to provide at no charge, to Affected Persons appropriate credit monitoring services for two years. All costs associated with any security breach, including but not limited to, the costs of the notices to, and credit monitoring for, Affected Persons shall be the sole responsibility of Supplier. Supplier agrees that it shall not communicate with any third party, including, but not limited to the media, vendors, consumers, and Affected Persons regarding any security breach without the express written consent of Bank of America. Supplier shall maintain for a mutually agreed-upon length of time, and afford Bank of America reasonable access to, all records and logs of that portion of Supplier’s network that stores or processes Confidential Information. Bank of America may review and inspect any record of system activity or Confidential Information handling upon reasonable prior notice. Supplier acknowledges and agrees that records of system activity and of Confidential Information handling may be evidence (subject to appropriate chain of custody procedures) in the event of a Security Breach or other inappropriate activity. Upon the request of Bank of America, Supplier shall deliver the original copies of such records to Bank of America for use in any legal, investigatory or regulatory proceeding.

Supplier shall monitor industry-standard information channels (bugtraq, CERT, OEMs, etc.) for newly identified system vulnerabilities regarding the technologies and Services provided to Bank of America and fix or patch any identified security problem in an adequate and timely manner. Unless otherwise expressly agreed in writing, “timely” shall mean that Supplier shall introduce such fix or patch as soon as commercially reasonable after Supplier becomes aware of the security problem. This obligation extends to all devices that comprise Supplier’s system, e.g., application software, databases, servers, firewalls, routers and switches, hubs, etc., and to all of Supplier’s other Confidential Information handling practices.

Bank of America may perform vulnerability testing of Supplier’s system to test the remediation measures implemented after a security incident or event to protect Confidential Information.

SECURITY PROGRAM FEATURES

At the request of Bank of America, Supplier shall meet with the Bank of America information security team to discuss information security issues in much greater detail at mutually agreeable times and locations.

Bank of America acknowledges and agrees that the Information Supplier so provides is Supplier’s Confidential Information, as defined in this Agreement, and is valuable proprietary information of Supplier. Supplier shall provide detailed information including, but not limited to, the following topics, which also shall be addressed in Supplier’s Program.

 

  1. Diagrams. The diagrams shall show the detail of the system architecture including, without limitation, the logical topology of routers, switches, Internet firewalls, management or monitoring firewalls, servers (web, application and database), intrusion detection systems, network and platform redundancy. The diagrams shall include all hosting environments, including those provided by Supplier’s Subcontractors.

 

  2. Firewalls. State the specifications of the firewalls in use and who manages them. Specify the services, tools and connectivity required to manage the firewalls.

 

 

Proprietary to Bank of America   D-2   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

 

  3. Intrusion Detection Systems. Describe the Intrusion detection system (“IDS”) environment and the Security Breach and event escalation process. Indicate who manages the IDS environment Specify the services, tools and connectivity required to manage the IDS environment, and if the IDS network is host based.

 

  4. Change Management Describe the change management process for automated systems used to provide Services. Describe the process for information handling policies and practices.

 

  5. Business Continuity. Describe the business and technical disaster recovery management process.

 

  6. System Administration Access Control. Describe the positions that perform administration functions on servers, firewalls or other devices within the application and network infrastructure. Detail level of access needed to perform functions. Explain the access control mechanisms. Describe the process by which recurring access review of the system(s) is conducted to ensure permissions are granted on a “need to know’’ basis. Detail access reports generated and when reports are reviewed periodically. Describe methods used to track/log the usage of each account.

 

  7. Customer Access Control. Describe each logon process to be followed by Bank of America Customers (including Bank of America employees) to obtain access to Services Supplier provides to Bank of America. Describe the initial enrollment process for such Customers. Describe the password policies and procedures Supplier’s system enforces, including, without limitation, password expiration, length of password, password revocation, invalid logon attempt threshold, etc. Describe methods used to track/log the usage of each account. Supplier shall demonstrate how a customer or end user authenticates to each application.

 

  8. Access to Confidential Information in Human-Perceptible Forms. Describe policies, procedures and controls used to protect Confidential Information when it is printed or in other perceptible forms; how and how often these policies and procedures are reviewed and tested; and what methods are used to ensure destruction of Confidential Information on hard copy.

 

  9. Operating System Baselines. Describe Supplier’s operating system security controls and configurations. Examples: Operating system services that have been removed because not required by Supplier’s Services to Bank of America. Identify and provide current operating system fixes that have not been applied, if any.

 

  10. Encryption. Describe in detail the technology and usage of encryption for protecting Confidential Information, including passwords and authentication information, during transit and in all forms and locations where it may be stored.

 

  11. Application and Network Management. Specify the services, tools and connectivity required to manage the application and network environments; who carries out the management functions; and what level of physical security applies to managed devices.

 

  12. Physical Security. For each location where Confidential Information will be processed or stored or Services for Bank of America produced by Supplier, describe in detail the arrangements in place for physical security.

 

  13. Privacy: Describe Supplier’s privacy and security policies; indicate if they are in writing; and whether they are compatible with Bank of America’s policies.

 

  14. Location of Servers. Are web servers on a separate segment of the network from the application and database servers? If not, explain the reason this has not been done. At Bank of America’s request, Supplier shall make reasonable efforts to create this separation.

 

  15. Portable Media and Devices. Bank of America’s Confidential Information shall not be stored on any portable media or devices to include notebook/laptop computers, USB storage devices, personal digital assistants (e.g. Blackberry) or similar equipment. Use of such devices shall be approved by Bank of America and security precautions such as encryption of data and remote network connectivity will be addressed in the Supplier’s Information Security Program.

 

 

Proprietary to Bank of America   D-3   vTIP2010


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

INFORMATION DESTRUCTION REQUIREMENTS

Overall Requirements

At Bank of America’s direction, Supplier shall destroy all Confidential Information at all locations where it is stored after it is no longer needed for performance under this Agreement or to satisfy regulatory requirements. Supplier must have in place or develop information destruction schedules and processes that meet Bank of America standards and that must be used in all cases when Confidential Information is no longer needed. These information destruction requirements are to be applied to paper, microfiche, disks, disk drives, tape and other destroyable electronic or digital media containing Confidential Information.

Paper and Other Shreddable Media

Paper and other shreddable media includes paper, microfiche, microfilm, compact disks (CDs) and any other media that can be shredded. This media must be shredded using shredding techniques or machines such that Confidential Information in this media is completely destroyed as set forth herein when Supplier is finished with the Confidential Information contained thereon and it is no longer needed. This media may be shredded immediately or temporarily stored in a highly secured, locked container. The media may be shredded at a location other than Supplier’s facilities; however it must be transferred in a highly secured, locked container. Supplier is responsible for supervising the shredding regardless of where the shredding activity occurs and by whom the shredding is performed. Confidential Information in this media must be completely destroyed by shredding such that the results are not readable or useable for any purpose.

Electronic Media

Electronic media includes, but is not limited to, disk drives, diskettes, tapes, universal serial bus (USB) and other media that is used for electronic recording and storage. This media is to be wiped or degaussed using a Bank of America approved wipe or degaussing tool. Wiping uses a program that repeatedly writes data to the media and thereby destroys the original content. Degaussing produces an electronic field that electronically eliminates the original data and clears the media. These techniques must meet Bank of America standards and baselines. The resulting media must be free from any machine or computer content readable for any purpose.

Certification

These processes must be documented as a procedure by Supplier and should outline the techniques and methods to be used. The procedure must also indicate when and where Confidential Information is to be destroyed. Supplier shall keep records of all Confidential Information destruction completed and provide such records to Bank of America upon demand.

 

 

Proprietary to Bank of America   D-4   vTIP2010


[Schedule E to the General Services Agreement, dated as of November 5, 2010, has been superseded in its entirety by Schedule E to the Amendment to General Services Agreement, dated January 14, 2016.]


LOGO  

General Services Agreement

 

 

Terms and Conditions

 

SCHEDULE F

Recovery

 

  1. Supplier shall establish, maintain and implement per the terms thereof, a Business Continuity Plan. The Business Continuity Plan must be in place within forty-five (45) calendar days after the assumption of Service and shall include, but not be limited to, recovery strategy, loss of critical personnel, documented recovery plans covering all areas of operations necessary to delivering Supplier’s Services pursuant to this Agreement, vital records protection and testing plans. The plans shall provide, without limitation, for off-site backup of critical data files, Confidential Information, software, documentation, forms and supplies as well as alternative means of transmitting and processing Confidential Information.

 

  2. The recovery strategy shall provide for recovery after both short and long term disruptions in facilities, environmental support, workforce availability, and data processing equipment. Although short term outages can be protected with redundant resources and network diversity, the long term strategy must allow for total destruction of Supplier’s business operations for a period of six (6) months or longer and set forth a recovery strategy.

 

  3. Supplier’s recovery objectives shall not exceed the following during any recovery period:

 

  A. Time to Full Restoration from time of disruption event:                 4 hours                                                     

 

  B. Maximum Data Loss (stated in hours) from time of disruption event:             24 hours                                

 

  C. Percentage Reduction of Service Levels:         50% during the 24 hour recovery period                               

In the event of a change, Bank of America agrees to work with Supplier to determine a mutually agreeable date for Supplier to match the new objectives if necessary.

 

  4. Supplier shall continue to provide service to Bank of America if Bank of America activates its contingency plan or moves to an interim site to conduct its business, including during tests of Bank of America’s contingency operations plans.

 

  5. Supplier shall furnish contingency recovery plans, contingency exercise and testing schedules annually or upon request. Supplier shall provide to Bank of America, annually, or upon request, copies of all contingency exercise final reports, and shall include, but not be limited to, disaster scenario description, exercise scope and objectives, detailed tasks, exercise issues list and remediation, and exercise results. If requested, Supplier shall allow Bank of America, at its own expense, to observe a contingency test.

 

  6. If Supplier provides electronic interchange of data with Bank of America, Supplier shall participate, if requested, in the recovery exercises of Bank of America to validate recovery capability.

 

  7. Supplier must provide evidence of capability to meet any applicable regulatory requirements concerning business continuity.

 

  8. Supplier shall be required to participate, if requested by Bank of America, in recovery testing of a mutually agreed upon scope and frequency.

 

 

Proprietary to Bank of America   F-1   vTIP2010


Amendment to General

Services Agreement

 

Company Name:   Cardlytics, Inc.    Master Agreement Number:    CW251208
Company Address:  

675 Ponce de Leon NE

Suite 6000

Atlanta, GA 30308

  

Amendment Number:               CW641256

 

Effective Date: 1/14/2016

Company Telephone:   888.798.5802   

This Amendment is attached to the General Services Agreement executed by and between Bank of America, N.A. (“Bank of America”) and Cardlytics, Inc. (“Supplier”) dated November 5, 2010 (the “Agreement”). The Services attached hereto shall be subject to the terms and conditions of the Agreement.

WHEREAS, Bank of America and Supplier entered into the Agreement in order to set forth the terms and conditions pursuant to which Supplier provides certain Services to Bank of America.

WHEREAS, the Parties desire to amend the Agreement with certain terms and conditions and make updates to Schedules A (Services) and B (Service Payments).

NOW THEREFORE, in consideration of the promises and accords made herein, and the exchange of such good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, Bank of America and Supplier agree as follows:

 

1. The Expiration Date on page 1 of the Agreement is amended to November 4, 2020.

 

2. The following Sections 9.8-9.11 are hereby added to the Agreement.

“9.8 Supplier shall, and shall be responsible for ensuring that Supplier’s Representatives and Subcontractors shall, perform all obligations of Supplier under this Agreement in compliance with all laws, rules, regulations and other legal requirements applicable to Supplier as well as applicable to Bank of America as and to the extent such laws, rules, regulatory guidance, regulations and legal requirements relate to the Services (all such laws, rules, regulatory guidance, regulations and legal requirements being, hereinafter, “Applicable Laws.” Additionally, Supplier shall, and shall be responsible for ensuring that Supplier’s Representatives and Subcontractors shall, perform all obligations of Supplier under this Agreement in compliance with all policies, procedures and other instructions of Bank of America, as may be amended from time to time in Bank of America’s sole discretion. Applicable policies, procedures and other instructions will be provided to Supplier by Bank of America.

Supplier shall implement policies, procedures, training and guidelines to ensure compliance with Applicable Laws. In addition, Supplier shall ensure that all Supplier’s Representatives and Subcontractors providing Services for Bank of America successfully complete and implement, on an annual basis, such mandatory training as Bank of America may require and shall provide in connection with compliance with Applicable Laws, which mandatory training may be revised, replaced or terminated at any time at Bank of America’s sole discretion. Supplier and its Representatives and Subcontractors shall follow all procedures, processes, and guidelines outlined in the mandatory training. Bank of America shall be responsible for ensuring that Supplier receives all updated


mandatory training. Upon Bank of America’s request and pursuant to Section 22 (Supplier Personnel) of this Agreement, any Supplier Representative or Subcontractor who fails to successfully complete Bank of America’s mandatory training on an annual basis shall be immediately removed from working on the Bank of America account. The foregoing is not intended to be applicable to process servers in the course of serving process nor upon licensed attorneys during the course of their appearance with a Bank of America customer before a court of law.

Upon prior written notice during normal business hours and at such reasonable time as Bank of America may determine, Bank of America may, upon delivery of written notice to Supplier, audit, test or inspect Supplier and its Representatives and Subcontractors with respect to Supplier’s policies, procedures and controls in connection with, and compliance with, Applicable Laws. Bank of America will determine the scope of such audits, tests or inspections. The Parties shall agree on the date, time, location and duration of the audit, tests or inspection, provided that it or they shall take place not later than twenty (20) Business Days of the written notice. Unless otherwise agreed between the Parties and in addition to the Audit rights set forth in Section 31, such audits, tests, or inspections will be performed no more than every twelve months, unless there are operational or compliance risks or significant regulatory change that warrants additional audits, tests or inspections. Supplier shall promptly remediate any deficiencies found with respect to compliance with Applicable Laws as a result of such audits, tests or inspections. Supplier’s failure or refusal to remediate any high deficiencies within thirty (30) days, medium deficiencies within sixty (60) days, and low deficiencies within ninety (90) days of written notice to Supplier, or to commence remediation within such stated period and diligently pursue it to completion (if remediation cannot be completed in the stated period), shall be deemed a “Termination Event” entitling Bank of America to terminate this Agreement pursuant to Section 6.3 of this Agreement (Termination).

9.9 Supplier represents and warrants that it is familiar with all applicable domestic and foreign antibribery or anticorruption laws, including, without limitation, those prohibiting Supplier, and, if applicable, its officers, employees, agents and others working on its behalf, from taking actions in furtherance of an offer, payment, promise to pay or authorization of the payment of anything of value, including but not limited to cash, checks, wire transfers, tangible and intangible gifts, favors, services, and those entertainment and travel expenses that go beyond what is reasonable and customary and of modest value, to: (i) an executive, official, employee or agent of a governmental department, agency or instrumentality, (ii) a director, officer, employee or agent of a wholly or partially government-owned or -controlled company or business, (iii) a political party or official thereof, or candidate for political office, or (iv) an executive, official, employee or agent of a public international organization (e.g., the International Monetary Fund or the World Bank) (“Government Official”) or any other person; while knowing or having a reasonable belief that all or some portion will be used for the purpose of rewarding or: (a) influencing any act, decision or failure to act by a Government Official in his or her official capacity, (b) inducing a Government Official to use his or her influence with a government or instrumentality to affect any act or decision of such government or entity, (c) inducing any person to use his or her influence to improperly affect any act or decision of such their employer, or (d) securing an improper advantage; in order to obtain, retain, or direct business.

9.10 Supplier represents and warrants that it currently complies with all applicable domestic or foreign antibribery or anticorruption laws, including those prohibiting the bribery of Government Officials, and will remain in compliance with all applicable laws; that it will not authorize, offer or make payments directly or indirectly to any Government Official; and that no part of the payments received by it (whether compensation or otherwise) from Bank of America will be used for any purpose that could constitute a violation of any applicable laws.

9.11 Supplier represents and warrants that neither it nor its Representatives and/or Subcontractors is the subject of any sanctions administered or enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the United Nations Security Council (“UNSC”), the European Union (“EU”), Her Majesty’s Treasury (“HMT”), or other relevant sanctions authority (collectively, “Sanctions”), nor is the Supplier, or its Representatives or Subcontractors located, organized or resident in a country or territory that is the subject of Sanctions. Supplier


represents and warrants that neither it nor its Representatives and/or Subcontractors has or during the Term of this Agreement will violate any Sanctions. Supplier represents and warrants that neither it nor its Representatives and/or Subcontractors will use this Agreement to fund or engage in any activities with any individual or entity (“Person”) or in any country or territory, that, at the time of such funding or activity, is the subject of Sanctions, or in any other manner that will result in a violation by any Person of Sanctions.”

 

3. Section 20.2 is hereby replaced with the following Section 20.2:

“20.2 Supplier shall provide at its expense on an annual basis a copy of an independent audit firm attestation, assurance and/or audit report covering Supplier’s operations as a services organization providing Services under this Agreement. Such reports shall include, but not be limited to, a current SOC 1, Type II Audit Report, if applicable (or any successor or replacement reports hereafter provided for by the American Institute of CPAs (AICPA) or any successor organization). IN NO EVENT SHALL BANK OF AMERICA BE REQUIRED TO AGREE TO ADDITIONAL TERMS AND CONDITIONS IN ORDER TO ACCESS ANY SUCH REPORTS SUBMITTED BY SUPPLIER OR ITS REPRESENTATIVES. If current reports are not available, Supplier will engage a reputable U.S. or internationally recognized certified public accounting firm to conduct the audit and prepare the applicable reports. Each report will cover a minimum six (6) calendar month period, prior to date of report, of each calendar year during the Term. Bank of America reserves the right to expand the scope of controls to be covered in any such attestation, assurance and/or audit report prepared during the Term. Supplier shall provide Bank of America with the scope of the audit and a complete copy of each report prepared in connection with such audit within thirty (30) calendar days after it receives such report.”

 

4. Schedules A-C are hereby replaced with the attached Schedules A-C.

 

5. The current Schedule E – BACKGROUND CHECKS shall be deleted in its entirety and replaced with the attached Schedule E.

 

Supplier, Inc.

(“Supplier”)

   

Bank of America N.A., Inc.

(“BANA”)

By:

 

/s/ John Brown

    By:  

/s/ Chandra Torrence

Name:   

John Brown

        Name:   

Chandra Torrence

Title:  

President, U.S. Operations

    Title:  

SVP; Sourcing Manager

Date:  

1/14/2016

    Date:  

1/14/2016


[Schedules A and B to the Amendment to General Services Agreement, dated January 14, 2016, have been superseded in their entirety by Schedules A and B to the Amendment to General Services Agreement, dated August 16, 2017.]

 

4


SCHEDULE C

Performance Measurements

SERVICE LEVELS

 

1. UPTIME/AVAILABILITY; SCHEDULED MAINTENANCE; PERFORMANCE

Uptime: Cardlytics will ensure that the TMS Service will be available to Bank of America and their Users at 99.999% of the time in any given calendar month, exclusive of Scheduled Downtime, database; maintenance, upgrades, or migrations; or hardware maintenance or faults; or connectivity issues. This assumes that Bank of America is maintaining the OPS installed in their environment per this agreement.

In the event of scheduled downtime, Cardlytics agrees to:

 

  a) Provide Bank of America with at least:

 

  a. Ten (10) days prior written notice for Priority 3-4 Changes

 

  b. Two (2) days prior written notice for Priority 2 Changes

 

  c. Four (4) hour notice for Priority 1 Changes

 

  b) Schedule for off-peak hours

 

  c) Ensure that such downtime does not exceed four (4) hours at any one time; and does not exceed eight (8) hours in aggregate in any given month related to core OPS software. This will not include database maintenance, upgrades, or migrations, hardware maintenance or faults or connectivity provided by Bank of America.

The Service availability calculation will exclude “scheduled downtime” which meets the foregoing criteria. The Bank of America is responsible for calculating Uptime.

 

2. PROCESS FOR ESCALATING PRODUCTION SUPPORT ISSUES

All Bank of America and Reseller will submit Production Support Issues through email to productionsupport@cardlytics.com. This email distribution group will be monitored 24 hours a day, 7 days a week, 365 days a year.

It will be the responsibility of the Active – On Call Member to acknowledge the Reseller’s request within the first 15 minutes.

The first responder will escalate the issue to the relative On Call Technician to begin troubleshooting the issue. The On Call Technician will assign a Severity Level, as approved by Bank of America, to the Issue, and follow the below Service Level Agreement (SLA”). If the below SLA elapses, the On Call Technician will escalate to the next level following the below escalation chart.

The On Call Technician will communicate to the party (or parties) on the original issue email following the below communication Service Level Agreement. On Call technician will use all available resources in an attempt to resolve the issues.

Upon successful resolution of a Severity 1 or Severity 2 issue as confirmed by Bank of America. the On Call Technician will provide a follow-up email to the party (or parties) and any relative business units within Supplier, with a detailed description of the issue, what the identified root cause was, as outlined below.


Root Cause Analysis:

A written analysis of the problem provided within 5 business days with the required information listed below.

 

    Issue: Brief description of the issue/event

 

    Total Outage if applicable: Include total outage (hours/minutes)

 

    Start Date/Time: Start time of the incident & date

 

    End Date/Time: End time of the incident & date

 

    User Experience: What was experienced as a result of this issue? What did the User/Bank of America Associate see?

 

    Customer Impact: How many Users were affected?

 

    Technical Impacts:

 

    Applications Impact:

 

    Root Cause: If the information is not available, state that it is still being investigated or that the information will be provided by a specific date. Otherwise, describe the root cause

 

    Short-Term Actions Taken: Describe the steps that were taken to restore Service.

 

    Next Steps: Describe what steps will need to be taken and include any target dates that the action will be taken

Liquidated Damages

If Supplier fails to meet the Issue Resolution SLA as outlined below, Supplier will pay to Bank of America the corresponding payments, as liquidated damages and not as a penalty. All incidents ended in any given month will be counted separately and, as such, the payments will be additive.

 

    Supplier restores a Sev 1 issue between eight (8) hours and twenty-four (24) hours – One percent (1%) of Supplier Revenue Share for the month in which the issue began.

 

    Supplier restores a Sev1 issue in greater than twenty-four (24) hours – Two percent (2%) of Supplier Revenue Share for the month in which the issue began.

 

    Supplier restores a Sev 2 issue in greater than twenty-four (24) hours – One percent (1%) of Supplier Revenue Share for the month in which the issue began.


Table 1: Service Level Agreement

 

Sev Level

  

Definition

  

Status Update
Frequency

  

Target Service
Restoration

  

Resolution

1          

An event causing severe impact to Cardlytics ability to interact with Bank of America.

 

No workaround is available.

 

Services down or unusable: An error stops the Services from running, or so severely impacts production use of the Services that customer’s business operations are critically affected and Bank of America cannot reasonably continue work

   Provide a bridgeline and a status every 30 minutes to Bank of America    Within 2 Hours    up to 7 calendar days or longer if approved by Bank of America
2          

An event causing major impact to Cardlytics support of Bank of America. This could involve severe impact to one or more function. No workaround is available.

 

Functionality disabled: An error causes important features of the Service to be unavailable with no reasonable workaround and there is a serious impact on Bank of America’s productivity, but production use of the Service is continuing and Bank of America can reasonably continue work using the Service.

   Hourly to Bank of America    Within 4 Hours    up to 7 calendar days or longer if approved in writing by Bank of America
3           An event causing moderate impact to Cardlytics ability to support Bank of America. This could involve major impact to one or more business function. A workaround may be available.    Status update is communicated daily to Bank of America    Workaround as soon as reasonable and practical in all the circumstances; but not to exceed 7 calendar days;    Fix for the error within the next maintenance release or as approved by Bank of America
   Degraded operations: An error which causes important features of the application to be unavailable or to function other than as specified in the applicable documentation but a workaround exists, or an error causes less significant features of the application to be unavailable or to function other than as specified in the applicable documentation, with no reasonable workaround.         
4          

An event causing minor impact to Cardlytics ability to support Bank of America, but potentially moderate impact on one or more individuals. A workaround may or may not exist.

 

Minor error: An error which does not affect essential use of the application, but which represents a deviation from the applicable documentation.

   Status update is communicated daily to Bank of America    Workaround as soon as reasonable and practical in all the circumstances; but not to exceed 7 calendar days;    Fix for the error within the next maintenance release or as approved by Bank of America

 

3. CUSTOMER CARE

Supplier will resolve customer care cases in a (Tier 2/Tier 3) environment. Bank of America will be responsible for entering dispute data into Cardlytics CSR tool per CSA user guide. Cardlytics will confirm resolution of ninety-five percent (95%) of cases (ninety-eight (98%) of cases beginning September 1, 2013) within two (2) business days from initial case generation by Bank of America. For the avoidance of doubt, claims related to Merchant Cleaning issues as outlined below will not be included in this SLA.

Liquidated Damages: If Supplier fails to resolve more than ninety-five percent (95%) of cases within two (2) days in any month, Supplier will pay to Bank of America, as liquidated damages, and not as a penalty, a total of 1% of the Supplier Revenue Share for that month.


For customer care cases requiring Merchant cleaning (where the cleaned Merchant name is required to generate the appropriate redemption), Supplier will attempt to clean ninety percent (90%) of the merchant names within an average of five (5) business days of initial Bank of America contact case generation (CSA Ticket)

 

4. Offer Quality SLA

Supplier shall endeavor to provide error-free Merchant Offers for the Services herein and will make continued and proactive efforts to prevent the following errors and any subsequently identified errors identified by the Parties (“Merchant Offer Errors”). The Supplier SLA standard for Merchant Offer Errors will be less than one % (<1%) of all Merchant Offers provided to Bank of America as measured monthly by Supplier:

 

    Duplicate Merchant Offers

 

    Incorrect customer cash back Incentive percentage amount

 

    Offer Frequency

 

    Inaccurate or missing expiration date

 

    Inaccurate or missing call to action (i.e. Shop, Dine)

 

    Merchant Offers with undisputed grammatical errors

 

    Merchant Offers with inaccurate or missing location information if location detail is necessary for appropriate redemption.

 

    Merchant Offers with inaccurate or missing channel information if channel detail is necessary for appropriate redemption.

Liquidated Damages:

Beginning December 1, 2013, if Supplier loads greater than three percent (>3%) and less than five percent (<5%) of Merchant Offers with Merchant Offer Errors, Supplier shall pay to Bank of America, as liquidated damages, and not as a penalty 1% of the monthly Supplier Revenue Share

Beginning December 1, 2014, if Supplier loads greater than two percent (>2%) and less than five percent (<5%) of Merchant Offers with Merchant Offer Errors, Supplier shall pay to Bank of America, as liquidated damages, and not as a penalty 1% of the monthly Supplier Revenue Share

If Supplier loads greater than five percent (>5%) of Merchant Offers with Merchant Offer Errors, Supplier shall pay to Bank of America, as liquidated damages, and not as a penalty 2% of the monthly Supplier Revenue Share.

 

5. Reports:

Supplier shall provide Bank of America reports in a manner approved by Bank of America on the Bank of America/Cardlytics Program that include but are not limited to the list below and the information set forth in Appendix 1 to Schedule C.. The reports provided by Supplier to Bank of America will be at no additional cost to Bank of America. Further, Supplier will deliver the raw data to Bank of America. Bank of America is authorized to use that raw data to produce any other reports for internal use it may want to produce at its expense. Any changes to the reporting content, schedule, or format must be pre-approved by Bank of America in writing.


Supplier will attempt to deliver report Tuesday by 4:00p ET and no later than Thursdays by 4:00p ET. Delays resulting from technical or data processing issues caused by Bank of America will not be included in this SLA measurement.

BAC Inquiries Report

Report 100 BAC Current Month

Report 100 BAC Wave1 Launch

Report_100_BAC_Daily

Supplier will attempt to deliver report Tuesday by 4:00p ET and no later than Thursday4:00p ET. Delays resulting from technical or data processing issues caused by Bank of America will not be included in this SLA measurement.

Weekly Merchant Reporting

Compliance_MCC_Black_White_List_BAC

Affinity_Merchant_Exclusions_metrics


Appendix 1 to Schedule C

Cardlytics Report Fields

Report_100_BAC_Daily_Thru_(Date) with the following field information

ActualStartDate

ActualEndDate

TimePeriodDescription

NumEligibleAccounts

NumAccounts_EnrollmentValidation

NumAccountsOptOut

NumUniqueAccountsServedAnyOffer

NumUniqueAccountsServedAnyOffer_Core

NumUniqueAccountsServedAnyOffer_Transaction

NumUniqueAccountsServedAnyOffer_SummaryPage

NumUniqueAccountsServedAnyOffer_Alternate

NumNewOffersSeen

NumNewOffersSeen_Core

NumImpressions

NumImpressions_Core

NumImpressions_Transaction

NumImpressions_SummaryPage

NumImpressions_Alternate

NumUniqueAccountsActivatedOffer

NumUniqueAccountsActivatedOffer_Core

NumUniqueAccountsActivatedOffer_Transaction

NumUniqueAccountsActivatedOffer_SummaryPage

NumUniqueAccountsActivatedOffer_Alternate

NumOffersActivated

NumOffersActivated_Core


NumOffersActivated_Transaction

NumOffersActivated_SummaryPage

NumOffersActivated_Alternate

NumTimesRewardsSummaryPageOpened

NumUniqueAccountsOpeningRewardsSummaryPage

NumUniqueAccountsRedeemed

NumUniqueAccountOffersRedeemed

NumRedemptions

SpendAmount

RewardAmount

OptOutRate

OfferActivationRate_UniqueAccountsServed

OfferRedemptionRate_UniqueAccountsServed

AvgRewardAmt_PerAccount

ConversionRate

ResponseRate

AvgRewardAmt_PerRedemption


Channels Activation Report (providing by Launch, Rolling Month, End of Month and Daily view.

Report Description

Actual Start Date

Actual End Date

Time Period Description

Channel Description

Location Description

Display Description

Distinct Customers Activating

First Activations

Current Month Through Report Date

Actual Start Date

Actual End Date

Time Period Description

Number of Eligible Accounts

Number of Accounts Enrollment Validation

Number of Accounts Opt Out

Number of Unique Accounts Served Any Offer

Number of Unique Accounts Served Any Offer Core

Number of Unique Accounts Served Any Offer Transaction

Number of Unique Accounts Served Any Offer Summary Page

Number of Unique Accounts Served Any Offer Alternate

Number of New Offers Seen

Number of New Offers Seen Core

Number of Impressions

Num ber of Impressions Core

Number of Impressions Transaction

Number of Impressions Summary Page


Number of Impressions Alternate

Number of Unique Accounts Activated Offer

Number of Unique Accounts Activated Offer Core

Number of Unique Accounts Activated Offer Transaction

Number of Unique Accounts Activated Offer Summary Page

Number of Unique Accounts Activated Offer Alternate

Number of Offers Activated

Number of Offers Activated Core

Number of Offers Activated Transaction

Number of Offers Activated Summary Page

Number of Offers Activated Alternate

Number of Times Rewards Summary Page Opened

Number of Unique Accounts Opening Rewards Summary Page

Number of Unique Accounts Redeemed

Number of Unique Account Offers Redeemed

Number of Redemptions

Spend Amount

Reward Amount

Opt Out Rate

Offer Activation Rate Unique Accounts Served

Offer Redemption Rate Unique Accounts Served

Avg Reward Amt Per Account

Conversion Rate

Response Rate

Avg Reward Amt Per Redemption


SCHEDULE E

Background Checks

BACKGROUND SCREENING GUIDELINES

 

1. As provided in Sections 13.6 and 13.7, prior to assignment of a Supplier or Subcontractor employee or contract laborer to the Services, Supplier shall administer and comply with, and shall ensure that Supplier’s Subcontractors administer and comply with, the background screening requirements as set forth below.

 

  (a) Validate United States citizenship or certification to work in the United States. The Supplier or Subcontractor employee or contract laborer shall not be assigned to Bank of America’s account if Supplier or Subcontractor is unable to confirm United States citizenship or obtain proper evidence of certification to work in the United States.

 

  (b) Search the Supplier Representative’s social security number to verify the accuracy of the individual’s identity. The Supplier or Subcontractor employee or contract laborer shall not be assigned to Bank of America’s account if Supplier or Subcontractor is unable to verify the accuracy of the employee or contract laborer’s identity.

 

  (c) Conduct or obtain a comprehensive criminal background check of all criminal court records (misdemeanor and felony in federal courts and state courts) in each venue of the Supplier Representative’s current and previous home addresses for the past ten (10) years prior to the date of being assigned to provide any of the Services, unless local or state laws or regulations mandate a lesser period. Subject to Section 13.6, the Supplier or Subcontractor employee or contract laborer shall not be assigned to Bank of America’s account if Supplier or Subcontractor’s criminal background check discloses matters set forth in Section 13.5 (a)-(b), inclusive.

 

2. If a Supplier or Subcontractor employee or contract laborer had a break in continuous service with the Supplier or Subcontractor of longer than ninety (90) consecutive days, then a new background check will be performed according to the requirements in #1 above, prior to re-assignment of the employee or contractor to the Services.

 

3. If required for the role or Service and requested by the applicable Bank of America business unit for which the Services are being provided, verify completion of any post high school education or degrees (i.e., B.A., B.S., Associate, or professional certifications).

 

4. Any other additional checks that Bank of America may require will be submitted to Supplier for review, and Supplier will be allowed a reasonable and mutually agreed upon timeframe to implement such additional checks. In the event Bank of America determines in its sole discretion that additional checks need to be conducted on currently engaged Supplier or Subcontractor employees or contract laborers, such checks shall be at Bank of America’s expense based upon a mutually agreed process and timeline as evidenced in writing.

 

  (a) Employees or contract laborers of Supplier or Subcontractors who are placed within the Consumer Real Estate/Mortgage business and any other lines of business that may have similar requirements may have additional databases checked upon Bank of America’s request and at Bank of America’s discretion as part of the Financial Sanctions Search, such check to be administered by a Bank of America’s preferred service provider.

 

  (b) In the event Bank of America requests, in its sole discretion, Financial Industry Regulatory Authority (FINRA) fingerprint screening and/or FBI fingerprint screening, such fingerprint screening will be managed and paid for by Bank of America, provided, however, that Supplier shall be obligated to obtain from each affected Supplier person a completed Vendor Personnel Background Check/Fingerprint Authorization Form in the form attached to this Schedule.


LOGO

  

Vendor Personnel

Background Check/Fingerprinting

Authorization Form

 

            PLEASE PRINT LEGIBLY    TRY NOT TO TOUCH THE SIDES OF THE BOXES        

Name (First, MI, Last)

 

 

Social Security Number

 

 

Date of Birth

 

 

Today’s Date

 

Current Address – Street City State Zip Code

 

 

Telephone

 

Please read the following statements carefully before signing and completing this document. If you have any questions regarding the content of this document, please ask them of your Vendor representative before signing and completing.

 

  I acknowledge and agree that I am an employee or subcontractor of                              (“Vendor”).

 

     
   

 

  Print Name of Vendor / Employer

 

  I further acknowledge that I am not an employee of Bank of America Corporation, or one of its predecessors, subsidiaries or affiliates, including but not limited to among others, Countrywide Home Loans, Inc., Countrywide Bank FSB, CWB Mortgage Ventures LLC, Countrywide KB Home Loans LLC, Fleet National Bank, LaSalle Bank, N.A. (collectively, the “Company”).

 

  I further acknowledge that the Vendor employs me to, among other things, perform certain work and has placed me on assignment at the Company (the “Services”).

 

  I understand that in addition to the specific requirements for employment eligibility required by the Vendor, federal and state laws may require the Company to perform additional fingerprinting and / or background checks from time to time.

 

  I hereby give Bank of America permission to conduct additional fingerprinting and / or additional background checks as required by federal and state laws.

 

  I hereby release Bank of America, its officers, directors, employees or agents and any such individuals, corporations, or organizations who provide such information or who conduct such inquiries from any liability for claims for damages in relation to such contacts or inquiries.

 

  I understand that nothing contained in this document is intended to imply that I am an employee of the Company. I authorize the Company and / or its agents to conduct a thorough inquiry into all areas deemed necessary to validate my eligibility for continued placement on assignment to provide Services. I certify that all information provided on this Vendor Personnel Background Check Authorization Form is true and complete. I understand that any omission or misinformation on this form may prohibit my continued or future assignment to the Company or be grounds for an immediate removal from any ongoing assignment / placement with the Company whenever such omission or misinformation is discovered.

 

  I understand that refusal to permit the described background investigation will result in the Company requesting that Vendor immediately remove me from any ongoing assignment / placement with the Company.

 

         Signature  

 

   Date  

 


LOGO

  

 

Amendment to General

Services Agreement

 

Supplier Name:    Cardlytics, Inc.       Master Agreement Number:    CW251208
Supplier Address:   

675 Ponce de Leon NE

Suite 6000

      Amendment Number:    CW967765
   Atlanta, GA 30308       Effective Date:    Upon Execution

Supplier

Telephone:

   888.798.5802         

This Amendment is attached to the General Services Agreement executed by and between Bank of America, N.A. (“Bank of America”) and Cardlytics, Inc. (“Supplier” ”) dated November 5, 2010, as amended (the “Agreement”). The Services attached hereto shall be subject to the terms and conditions of the Agreement.

WHEREAS, Bank of America and Supplier entered into the Agreement in order to set forth the terms and conditions pursuant to which Supplier provides certain Services to Bank of America.

WHEREAS, the Parties desire to amend the Agreement with certain terms and conditions and make updates to Schedules A (Services) and B (Service Payments).

NOW THEREFORE, in consideration of the promises and accords made herein, and the exchange of such good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, Bank of America and Supplier agree as follows:

 

1. The Expiration Date on page 1 of the Agreement is amended to November 4, 2021.

 

2. Supplier’s address for Notices is updated to:

675 Ponce de Leon Ave NE, Suite 6000, Atlanta, GA 30308. Attn: General Counsel

 

3. Schedules A and B are hereby replaced with the attached Schedules A and B.

 

Supplier, Inc.     Bank of America N.A., Inc.  
(“Supplier”)     (“Bank of America”)  
By:  

  /s/ Lynne Laube

    By:  

  /s/ Chandra Torrence

 
Name:  

  Lynne Laube

    Name:  

Chandra Torrence

 
Title:  

COO & President

    Title:  

SVP; Sourcing

 
Date:  

  8/16/17

    Date:  

8/16/17

 

 

Proprietary to Bank of America       vTIP2010


SCHEDULE A

Services

 

  1. DEFINITIONS - When used in this Schedule the following terms will have the meanings ascribed to them below.

 

  1. “Aggregated Data” has the meaning assigned in Section 5d.

 

  2. “Allowable Expenses” means, for any Measurement Period, the aggregate amount of expenses incurred for the following as approved by Bank of America:

 

  (i) Commissions due to any external sales representative or organization directly attributable to or calculated based upon Total Revenues.

 

  (ii) Any revenue share, royalty, or commission due to any third party directly attributable to or calculated based upon Total Revenues.

 

  (iii) Sales, use, franchise or any other taxes levied by a governmental or regulatory authority directly attributable to or calculated based upon Total Revenues.

 

  (iv) third party services directly related to (i) targeting (ii) media placement, and (iii) validation of billings and related connectivity with Privacy Partners or (ii) processing, management or collection of Total Revenues.

 

  3. “Bank of America Managed Merchant” means a Bank of America Secured Merchant that Supplier has confirmed as such and where Bank of America is responsible for the pre-sales, account management, reporting, billing and collection with the advertiser.

 

  4. “Bank of America Operated Merchant” means a Bank of America Secured Merchant that Supplier has confirmed as such and where (i) Bank of America is responsible for the pre-sales, account management, reporting, billing and collection with the advertiser; (ii) Bank of America is responsible for building and executing the advertising campaigns; and iii) Bank of America has purchased the TMS software source code; and (iv) Bank of America is operating and maintaining the TMS without support by the Supplier.

 

  5. “Bank of America Referred Merchant” means a Bank of America Secured Merchant that Supplier has confirmed as such and who launches a Supplier campaign within 6 months after Bank of America secures the merchant.

 

  6. “Bank of America Secured Merchant” means a Bank of America Managed Merchant or a Bank of America Referred Merchant.

 

  7. “Eligible Bank of America customers” means Bank of America customers who log into Bank of America digital banking channels at least once in the last ninety (90) days and are otherwise eligible to receive the Services herein.

 

  8. “Measurement Period” means a calendar month.

 

  9. “National Launch Date” means November 30, 2012

 

  10. “Negative Service Change” means a change implemented by Bank of America that quantifiably, negatively impacts the performance of the Services as reasonably determined by Bank of America.

 

Proprietary to Bank of America       vTIP2010


  11. “Participating Merchants” means any merchant that presents Merchant Offers to Users and otherwise utilize the Services or that has done either of the foregoing in the past 12 months.

 

  12. “Privacy Partner” means a trusted third-party such as Equifax, Experian, and Acxiom/Live Ramp that anonymously connects Cardlytics IDs to IDs provided by other entities

 

  13. “Receivables” means the aggregate amount of Total Revenue billed to Participating Merchants, net of any Revenue Adjustments, which remains uncollected as of any measurement date.

 

  14. “Receivables Adjustment” means, for purposes of adjusting Total Revenue for the portion not collected from Participating Merchants, an adjustment calculated by subtracting (x) Receivables on the last day of the current Measurement Period from (y) Receivables on the last day of the preceding Measurement Period. If the Receivables Adjustment is positive, it shall be added to Total Revenue. If the Receivables Adjustment is negative, it will be subtracted from Total Revenue.

 

  15. “Redemption Rate” means the number of offers redeemed divided by the total number of transaction offers presented.

 

  16. “Revenue Adjustments” includes invoice credits granted to Participating Merchants for any of the following, and shall be subtracted from Total Revenue: Fee discounts, rebates, adjustments, disputed fee invoices.

 

  17. “Revenue Share Amount” means the amount as calculated below in Schedule B, subsection (c).

 

  18. “Revenue Share Percentage” means the applicable percentage as set forth in Schedule B:

 

  19. “Reward Summary Offers” means Merchant Offers Served in a summary format of all offers available to the individual customer.

 

  20. “Rewards” means the economic value of rewards earned by Users.

 

  21. “Served” means that a Merchant Offer has been made available on a Rewards Summary Offers Page and that the User has viewed the Rewards Summary Offers.

 

  22. “Standard Merchant Offer” means a Merchant Offer that is 100% funded by the Merchant and where the fees paid by the Merchant to Cardlytics are substantially similar to the then current standard fees for such service.”

 

  23. “Supplier Secured Local Merchant” means a Supplier Secured Merchant who is not a retailer that is predominately online and has 100 or fewer physical locations and is utilizing the Supplier’s Targeted Marketing Service in 3 or fewer states.

 

  24. “Total Redemptions” means total number of redemptions in a calendar month.

 

  25. “Total Revenue” means the aggregate amount of fees billed by Supplier or Bank of America as applicable to Participating Merchants and actually collected during the Measurement Period for advertising, offer placement, and any other activities directly related to the Service and directly identified with, or allocable to Bank of America customers however the following are not included in Total Revenue and are not to be any part of Revenue Share: (i) User Incentives, and (ii) any mark-up amounts or other sums charged or received by other third parties that are not collected by Supplier.

 

  26. “User” means a Bank of America account holder that is Served a Merchant Offer in a calendar month regardless of delivery channel.

 

Proprietary to Bank of America       vTIP2010


  27. “User Incentive” means the stated or calculated cash value earned by a User upon redemption of a Merchant Offer, based upon the value currency of the Merchant Offer, including cash, points, miles, or any other rewards currency offered by Bank of America.

 

  28. “User Incentive Adjustments” means, for any Measurement Period, the aggregate amount of the following:

 

  (i) Reductions of User Incentives awarded during a Measurement Period for returns by Users of goods or services purchased from Participating Merchants that occur within 30 days after the date of initial purchase by the User.

 

  (ii) Adjustments to User Incentives awarded in the current or any previous Measurement Period resulting from any of the following:

 

  i. Correction of errors by Supplier in the calculation of any User Incentives.

 

  ii. Resolution of User disputes regarding determination of User Incentives.

 

  iii. Other adjustments to User Incentives mutually agreed to by Bank of America and Supplier.

 

  29. “User Incentive Amount” means (x) the aggregate amount of User Incentives for a Measurement Period (y) plus or minus, as the case may be, the User Incentive Adjustments.

 

  30. “2016 User Interface Updates” means the following as further explained below:

 

Improvement

  

Target
Launch
Date

  

Improvement

  

Target
Launch
Date

Increased data sources to include Bill Pay and ACH    Mar-16    Geolocation    Nov-16
Rewards Summary – OLB    Jun-16    Reward Summary – Mobile    Nov-16
Self-select life stage filter – OLB    Jun-16    Enhanced Alerts Functionality    Nov-16
AD widget – OLB    Jun-16    Mobile AD – widget link to Offers    Nov-16
Rewards Hub    Aug-16    Activatable Marketing
Email Activatable Alert Emails
   Aug 16 Nov 16
Portfolio Designation    Jan 16    Bank of America to send monthly
Marketing emails
   Mar 16

 

Improvement

  

Description

Increased data sources to include Bill Pay and ACH    Allow for an increased volume of ACH, Bill Pay and eCheck transactions to be send to the OPS
Rewards Summary – OLB    The online banking Reward Summary page will be changed to reflect a ‘tiled’ format. This format will allow for a greater number of offers to appear “above the fold” than in its current state
Self-select life stage filter – OLB    A self-select life stage filter will be developed to drive enhanced offer and cross-sell relevance
AD widget – OLB    A multi-logo widget will be added to the account details page
Rewards Hub    BankAmeriDeals will be integrated into the upcoming Rewards Hub project. BankAmeriDeals content will be displayed via widget or multi-logo tile format
Geolocation    Geo mapping functionality based off location will be built within the mobile app

 

Proprietary to Bank of America       vTIP2010


Improvement

  

Description

Reward Summary – Mobile    The mobile banking Reward Summary will be changed to reflect a ‘tiled’ format. This format will allow for a greater number of offers to appear “above the fold” than in its current state
Enhanced Alerts Functionality    Updated messaging and reminder functionality within the mobile app that uses the authorization stream to deliver timely BankAmeriDeals messages.
Mobile AD – widget link to Offers    The multi-logo widget will be available in the account details page and link directly to the rewards summary.
Activatable Email    A monthly email that is sent to all Bank of America Eligible customers, less standard suppressions, that includes all customer offers, which can be activated and counted as a served offer from within the email
Portfolio Designation    Updated Portfolio designation via file and OPS field are required to facilitate customer segmentation goals.
Bank of America to send monthly marketing emails    Bank of America contemplates continuing monthly email triggers and restarting a monthly missed opportunity email.

 

  31. “2017 User Interface Updates” means the technical enhancements detailed in Exhibit 2.

2. PERFORMANCE WARRANTS.

Concurrently with the execution of the Agreement, Supplier issued to Bank of America a warrant to purchase shares of Common Stock of Supplier and Supplier and Bank of America entered into a letter agreement relating to such warrant.

3. FAVORABLE TERMS. During the Term the net economic value, where net economic value is calculated as Supplier Revenue Share plus any other dollars received by Supplier minus any other dollars spent by Supplier, of the Services as defined by Bank of America that Supplier provides to Bank of America under this Agreement will be as favorable as (or better than) that provided by Supplier to any other customer obtaining similar services from Cardlytics.

4. SERVICE DESCRIPTION:

4.1 Service Overview:

For purposes of this agreement, Supplier will offer the following services to Bank of America (each a “Service” or the “Services”) and will pay Bank of America Revenue Share Amount on such Services as outlined in Schedule B:

(i) On-Platform – Merchant Offers

Market products, services, coupons, discount offers, and other marketing communications, including without limitation the new advertising campaigns from time to time developed by Supplier (“Merchant Offers”) via distribution channels including Bank of America online banking and mobile applications offered via Bank of America channels with Bank of America branding; and

(ii) On-Platform Analytics

Analytics, assessments, consumer groupings, insights, market information reports or marketing services to Participating Merchants incorporating the Bank of America Aggregated Data (“On-Platform Analytics”). Merchant Offers and/or On-Platform Analytics Services is known as the “On-Platform Services”

Business Development Process. Prior to selling On-Platform Analytics to a Participating Merchant, Supplier will obtain Bank of America’s written approval (email is sufficient) and such approval will not be unreasonably withheld. On-Platform Analytics are intended to enhance the value of the On-Platform – Merchant Offers Services and, as such, will only be made available to Participating Merchants who have provided Merchant Offers in the previous twelve (12) months.

 

Proprietary to Bank of America       vTIP2010


Following the provisions of On-Platform Analytics, Supplier will provide periodic reports updating Bank of America on the progress in enlarging the Participating Merchant’s participation in On-Platform Merchant Offers.

4.2 Additional Service Terms

Termination: For clarity, Bank of America may exercise its rights under Section 5.1 of the Agreement for either of the Services outlined in Section 4.1 above. Such termination shall not impact the other Services in this Schedule A.

Supplier has developed Services that enable Bank of America to target end-users of Bank of America’s debit and credit cards. Activities of Supplier and Bank of America pertaining to the promotion and operation of the Services shall include, but is not limited to, the standard offering of Supplier as it is from time to time revised and enhanced by Supplier, including without limitation those features and services detailed in this Agreement and are executed by both parties hereafter.

Supplier shall provide the Services with respect to merchants secured by Supplier or its agents (“Supplier Secured Merchants”) and with respect to merchants secured by Bank of America or its agents (“Bank of America Secured Merchants”), including the development of advertising campaigns for Supplier Secured Merchants and Bank of America Secured Merchants. Bank of America shall be solely responsible for billing and collecting customer incentives and advertising fees from Bank of America Secured Merchants. Supplier shall be solely responsible for billing and collecting customer incentives and advertising fees from Supplier Secured Merchants. Customer incentives and revenue share with respect to Supplier Secured Merchants and Bank of America Secure Merchants shall be paid as described below in Schedule B. For the avoidance of doubt, the merchants in Exhibit 1 to this Schedule A are considered Bank of America Secured Merchants.

During the Term, Supplier shall provide a dedicated team to Bank of America consisting of a sufficient number of resources with the appropriate skill set to complete the work necessary to provide the Service. This team will be solely dedicated to Bank of America and will not work on any other Supplier customer.

The Merchant Offers, shall be a Bank of America-branded version of the Cardlytics TMS and will be hosted by Bank of America

Bank of America will have sole discretion over which Merchant Offers to display for Merchant Offers Services. Notwithstanding the foregoing, the Parties agree that Bank of America will not have any right to change the specific content or copy within a Merchant Offer. Supplier shall facilitate the exclusion of certain Merchant Offers for segments of the Bank of America customer portfolio.

For Bank of America Secured Merchant Offers that have limited availability or redemption quantity and with the merchant’s permission, Bank of America shall have optional exclusivity and first refusal over other Supplier customers. Supplier will work with Bank of America to provide an exclusive set of offers as requested. During the first two years after the National Launch Date, Supplier may not assist any Supplier customer, with the exception of Intuit, in soliciting exclusive Merchant Offers without Bank of America’s prior written consent but may facilitate the processing of offers if the Supplier customer sources the offer directly. Supplier may not provide a Supplier customer with a superior offer unless the incremental offer value is funded directly by the Supplier customer.

6. SERVICE PARTNERSHIP:

 

  a) Development of On-Platform Services for Cardlytics Targeted Marketing System. Supplier will develop the systems, technologies, relationships, and training to enable Bank of America to electronically accept and process Merchant Offers through the Cardlytics Targeted Marketing System, which manages the matching, serving and redemption of Merchant Offers (“Cardlytics TMS”). This process will involve linking the Cardlytics TMS to Bank of America and installing Cardlytics Offer Placement System (“Cardlytics OPS”) on Bank of America’s servers in Bank of America’s data center.

 

Proprietary to Bank of America       vTIP2010


  b) Cardlytics TMS Service Processes. Supplier will operate and manage the On-Platform Service to and for Bank of America and Participating Merchants, which Services will take the following form and also as may be further described in this and other schedules:

 

  i. Supplier is responsible for the design, development, maintenance and on-going enhancement of the Cardlytics TMS.

 

  ii. Supplier will form relationships with its Participating Merchants and obtain and publish to customers Merchant Offers using the Service and other methods of communicating with Supplier customers.

 

  1. Supplier will develop at least two (2) seasonal concepts throughout the year such as spring home improvement, back-to-school, and summer vacation planning

 

  2. Supplier will provide real time messaging capabilities and enhance such capabilities to allow Bank of America to deliver ‘missed reward’ notifications.

 

  3. Subject to Bank of America providing the relevant customer identification information, Supplier will ensure a minimum amount of content is aspirational in nature for the relevant Bank of America customer segment as outlined below. Aspirational content means content from advertisers that is reasonably considered to be desirable to the relevant customer segment (e.g. Brooks Brothers for Preferred or OfficeDepot for Small Business).

 

Customer Segment

(as defined and updated by Bank of America)

   Minimum
Aspirational
Content

Preferred

   10% January – June 2016 and
20% July 2016
and after

GWIM

   30%

Small Business

   10%

 

  iii. Supplier will be solely responsible for setting ad pricing with its Cardlytics Secured Merchants pursuant to separate agreements between Supplier and its Participating Merchants that shall not be considered beneficiaries of this Agreement.

 

  iv. Supplier will operate the Cardlytics TMS so that it enables its Participating Merchants to manage market campaigns. Participating Merchants will build advertising campaigns that target users with particular spend behaviors based on, but not limited to, the following variables: user zip code, merchant name, purchase amount or merchant category. Any combination of these variables may be used to develop a merchant campaign.

 

  v. Supplier will operate the Cardlytics TMS to build and manage campaigns for merchants sourced by Bank of America. Bank of America Secured Merchants will build advertising campaigns that target users with particular spend behaviors based on, but not limited to, the following variables: user zip code, merchant name, purchase amount or merchant category. Any combination of these variables may be used to develop a merchant campaign.

 

  vi. Supplier will screen advertisers and individual ads to ensure that they meet both Supplier and Participating Merchant, media and message standards. Bank of America will have the ability to control merchant advertising campaigns in the following manner:

1. Bank of America can eliminate any merchant or category of merchants from placing offers to Bank of America. These exclusions will be identified by Bank of America before launching the Supplier Service and will be excluded forever unless Bank of America requests changes, additions or deletions from the merchant exclusions.

2. Bank of America will have access to a review queue where they can preview all Merchant Offers that are scheduled to be published to Bank of America. Merchant Offers will be in the review queue until Bank of America has approved such offers. Bank of America will make reasonable efforts to approve or disapprove offers within three (3) Business Days unless mutually agreed between Bank of America and Supplier. Bank of America has the right to veto any merchant or Merchant Offer for any reason. Publishing of Merchant Offers without Bank of America approval shall be considered a breach of this Agreement.

 

Proprietary to Bank of America       vTIP2010


  vii. Supplier will install and assist Bank of America in operating the Cardlytics OPS that will be hosted with Bank of America’s data center.

 

  viii. Supplier will provide technology support to Bank of America for problems arising solely out of the Cardlytics TMS as set forth on Schedule C.

 

  ix. Supplier will provide dedicated client management support to Bank of America.

 

  x. Supplier will provide training to enable Bank of America to address inquiries from customers.

 

  xi. Supplier will provide integration work and training on the Cardlytics TMS as necessary for activities under this Agreement.

 

  xii. Supplier will continue to enhance the Cardlytics TMS to extend value to Bank of America and create additional earnings for Bank of America.

 

  c) Bank of America’s Responsibilities. Bank of America shall perform the following:

The project plan, including format and connectivity, was jointly defined and agreed upon by Supplier and Bank of America.    Bank of America will:

 

    Obtain any necessary information required for initial testing and integration.

 

    Install Cardlytics OPS in the Bank of America’s data center including physical installation, networking, web server configuration and security.

 

    On a daily basis, send to the Cardlytics OPS a list of transactions and account information for accounts receiving the Supplier Service.

 

    On a monthly basis, enable Supplier to provide Bank of America with the amount of rewards earned by each customer of Bank of America receiving the Supplier Service. Bank of America will credit the rewards to each account.

 

    On a monthly basis, enable Supplier to reimburse Bank of America for the rewards earned by each user receiving the Supplier Service.

 

    Perform the tasks required to display offers to users on electronic statements.

 

    Ensure cardholder terms and conditions allow Bank of America to offer the Supplier Service.

 

    Provide Level 1 Customer support

 

    Provide assistance and cooperation in the design and preparation of the product display and provide resources to enable the product design and look and feel in the website and computer system of Bank of America operating the Service.

 

    Provide the computers and other hardware that is determined to be appropriate for the operation of the Cardlytics TMS in the data centers of Bank of America in accordance with the scope and specifications in the plan created and agreed to by Supplier and Bank of America.

 

    Provide the personnel, hardware and software resources required to support the operation of the Cardlytics OPS and Services, including without limitation technology and operations support, database management and customer support.

 

Proprietary to Bank of America       vTIP2010


  d) Use of Service Data. Subject to Section 15 of the Agreement and pursuant to Section 15.2, Supplier may do the following with Bank of America Confidential Information: use, reproduce, and retain all non-personally identifiable customer aggregated data including browsing data (“Aggregated Data”) solely for the purposes of delivering the Services outlined in this Agreement including (i) activities that pertain to the marketing, operation, utility, functionality, or performance of the Service, the marketing and offering of Merchant Offers, or the distribution of reports to Bank of America and Participating Merchants or (ii) is necessary or useful in assisting Supplier in (a) the diagnosis or correction of an irregularity, error, problem, or defect in the Service, (b) the measurement of Service usage, (c) the protection or security of the Service, (d) the evaluation and operation of the Service, (e) the introduction, implementation, or testing of any improvements, upgrades, or enhancements thereto, and (f) performing Supplier’ obligations under this Agreement. In addition, Supplier may also use Aggregated Data for the purpose of obtaining and marketing to merchants and Merchant Offers for the Service by i) providing media releases and though pieces to the marketplace and/or ii) by providing report data to prospective merchants that are a) approved by Bank of America in advance, b) not customer, or merchant-specific, and c) is marked as Bank of America proprietary when Bank of America Aggregated Data is not aggregated with data from Supplier’s other customers. Supplier will ensure that merchants understand the confidential nature of the Aggregated Data and will ensure that merchants do not use the Aggregated Data for any other purpose than to support or consider the Services outlined in this Agreement. For clarity, Supplier derives summary analytics from the combination of Bank of America Aggregated Data combined with aggregated data from other Supplier customers (e.g. percentage of debit versus credit transactions by geographical region). The use of such summary analytics is not considered Bank of America Confidential Information under the Agreement. Except for the limited rights granted herein for purposes of this Agreement and the use of Aggregated Data, Supplier shall not otherwise use or retain any Customer Information or Consumer Information. Notwithstanding anything to the contrary to the Agreement, Supplier may not under any circumstances monetize or sell Bank of America Aggregated Data.

 

  e) Participation Marketing. Supplier may use Bank of America’s name and logo, exactly as provided by Bank of America, solely with merchants and solely in connection with the procuring of offers necessary for the provision of the Services pursuant to this Agreement. Supplier will market the Supplier Service to obtain regional and national advertisements from merchants and manage and encourage merchant participation in the Supplier Service (“Participation Marketing”). Subject to section d above, Supplier is entitled to use the name of Bank of America and Aggregated Data in Participation Marketing.

 

  f) Redemption Control. Supplier shall protect against inaccurate redemptions by approving those with certain criteria. Supplier shall hold and review redemptions that meet any of the following:

 

  1. Duplicates

 

  a) REASON: To guard against technical issues. This flag is in place in case a FI loads a transaction file twice.

 

  2. Statistical Deviation

 

  a) REASON: Operations control to ensure campaigns are configured correctly.

 

  3. High Priority

 

  a) REASON: Operations control to ensure all redemptions are reviewed and investigated following the initial launch of a high priority/important campaign. This is an additional safeguard to guarantee we deliver correct results from the campaigns.

 

  i. Set at the discretion of the merchant services team based on priority of merchant relationship.

 

Proprietary to Bank of America       vTIP2010


Exhibit 1 – Bank of America Secured Merchants

 

Lowes

  

Wal mart

  

Gap, Inc.

  

McDonalds

  

Best Buy

  

Starbucks

  

Staples

  

Home Depot

  

Subway

  

Target

  


Exhibit 2

2017 User Interface Updates

 

Proprietary to Bank of America   2   August 25, 2015


Improvement

  

Description

  

Target Production
Date (customer
launch)

Account Overview Tile-OLB

   Add a single logo “always on”, activateable offer to the Account Overview page in the Activity Center that produces viewable serves.    August 2017

Marketing Integration-OLB

   Add the ability to serve and activate content from Marketing containers within the online banking space. The following placements are expected: Targeted Online Add (“TOLA”), Special Offers Page and in the Special Offers and DealsDrop Down Menu. These placements should generate viewable served offers.    February - 2017

Account Details Widget-OLB

   Change from a 4 logo display to 6 logo display.    February - 2017

Small Business Credit Card AD Widget

   Change from a 4 logo display to 6 or more logo display.    February - 2017

Account Details Widget-Mobile

   Only log offers as served that have been confirmed as visible to the user.    August 2017

Account Overview Widget-Mobile

   Add a 4 logo, ‘always on’ widget that will only log offers as served that have been confirmed as visible to the user.    August - 2017

Gamification Test Plan

   Supplier will run three separate campaign tests on behalf of Bank of America during the first half of 2017. These tests will be structured to provide feedback on different prize types and customer engagement. Bank of America will fund the prizes for this test out of the Bank of America Revenue Share Amount. The Parties expect the prizes will be approximately $500,000.    Beginning February 2017

Gamification

  

Depending on test results, create a system that provides prizes to customers for engaging with BankAmeriDeals. Prizes should reflect activity, limited to making redemptions.

 

Any additional prize functionality that requires Supplier development is currently out of scope. Funding of prizes associated with gamification will be determined at a later date.

   Employee Pilot Beginning December 2017. Full customer launch by February 2018

ATM

   Allow for Merchant Offers to be displayed within the ATM channel. Offers will be viewable and not marked as served until visible on the screen.    November - 17

Marketing Emails

   Bank of America will continue to send activateable marketing emails to customers on a monthly basis utilizing mutually agreed upon logic.    Throughout 2017

Increased Settlement

   Allow for settlement runs to take place at least two times per month. Capture all redemptions up until that settlement run. Supplier current funding cycle of once per month for previous month’s redemptions will not change.    February - 2017

Marketing Emails

   Furthermore, Bank of America will expand the size of the email population to additional customers and expand the number of offers in the email from a maximum of 4 to 8.    Sept 2017

 

Proprietary to Bank of America   3   August 25, 2015


Improvement

  

Description

  

Target Production
Date (customer
launch)

Posted Transaction Enhancements

   Bank of America will update their posted strings to contain agreed upon data fields and make recommended modifications to clean up the Bank of America transaction string    Feb - 2018

 

Proprietary to Bank of America   4   August 25, 2015


[***] = CONFIDENTIAL TREATMENT REQUESTED

 

SCHEDULE B

Service Payments

Supplier shall pay to Bank of America a revenue share for Supplier Secured Merchants and Bank of America shall pay to Supplier for Bank of America Secured Merchants during the Term of this Agreement as provided below. Supplier agrees to enforce the obligations of Supplier Secured Merchants to pay any sums owed by Supplier Secured Merchants. Bank of America agrees to enforce the obligations of Bank of America Secured Merchants to pay any sums owed by Bank of America Secured Merchants.

 

Merchant Source

  

Bank of America Revenue Share

Percentage

  

Supplier Revenue Share

Percentage

From Supplier Secured

Merchants as of National Launch

Date

  

[***]%.

  

[***]%

From Supplier Secured Local

Merchants from one year after

National Launch Date

   [***]%    [***]%

From Bank of America Referred

Merchants

   [***].    [***]%

From Bank of America Managed

Merchants

   [***].    [***]%

Bank of America Operated

Merchants

   [***]%    [***]%

 

  a) Payment of Customer Incentive Amount.

Supplier shall be solely responsible for paying the User Incentives, subject to the User Incentive Adjustments, of Cardlytics Secured Merchants to Bank of America for payment to Users. Supplier bears full collection risk for such billing and any Cardlytics Secured Merchant’s failure to pay will have no effect on Supplier’s obligation to pay User Incentives for those Cardlytics Secured Merchants under this Agreement. The User Incentive will be paid to Bank of America on the fifth to last business day of the calendar month following the User’s earning of the incentive. Supplier agrees to enforce the obligations of Cardlytics Secured Merchants to pay any User Incentives promised in Merchant Offers of Cardlytics Secured Merchants and the other fees and charges owed by that Merchant.

For all Bank of America Managed Merchants and Operated Merchants, Bank of America shall be solely responsible for paying the User Incentives, subject to the Adjustments, of Bank of America Secured Merchants to Users unless Bank of America and Supplier have agreed that Supplier will collect and settle

 

Proprietary to Bank of America   2   August 25, 2015


[***] = CONFIDENTIAL TREATMENT REQUESTED

 

the User Incentives from Bank of America Secured Merchants. In either case Bank of America bears full collection risk for such billing, and any Bank of America Secured Merchant’s failure to pay will have no effect on Bank of America’s obligation to pay User Incentives under this Agreement. Bank of America agrees to enforce the obligations of Bank of America Secured Merchants to pay any User Incentives promised in Merchant Offers of Bank of America Secured Merchants and the other fees and charges owed by that Merchant.

The User Incentive Amount from Supplier Secured Merchants shall be payable by Supplier by wire transfer on the fifth to last business day of each calendar month for the Measurement Period ending on the most recent date prior to the first day of the calendar month of payment. Each payment shall be accompanied by a data file, in a format acceptable to Bank of America, reconciled to the User Incentive Amount, reflecting the amount of User Incentives and User Incentive Adjustments to be applied to each User account.

For Bank of America Secured Merchants, Supplier will provide Bank of America a weekly report that provides the information required to invoice those Bank of America Secured Merchants.

 

  b) Revenue Share Schedule

Supplier and Bank of America shall make commercially reasonable efforts to collect in a timely fashion all receivables for which that party is obligated to collect. Regardless of when receivables are collected they will be shared with the other party per the terms of this Agreement. Supplier and Bank of America are not obligated to pay any Revenue Share Amount with respect to a sum that party has not collected and received. In the unlikely event that receivables are never collected, those sums will not be owed. For all Supplier Secured Offers, uncollected receivables will be capped at 10% of Total Revenues for any given Measurement Period.

 

  c) Calculation of Revenue Share

1.        For each Measurement Period, the Revenue Share Amount due to Bank of America and the Revenue Share Amount due to Supplier shall be calculated as follows:

 

  i. An amount equal to:

 

  a. Total Revenues from the Services in Schedule A Section 4,

 

  b. minus total Revenue Adjustments

 

  c. plus/minus the Receivables Adjustment

 

  d. minus Allowable Expenses

 

  ii. Multiplied by the applicable Revenue Share Percentage

 

  2. Notwithstanding anything else in this Agreement, Supplier’s Revenue Share under this Agreement for any Measurement Period, will not fall below [***] percent ([***]%).

 

  3. For the avoidance of doubt, all monetary amounts in the Agreement and this Amendment, are calculated on a cash basis, consistent with how the Parties have operated under the Agreement to date.

d.) Performance Requirements: The Parties acknowledge that Supplier’s ability to meet its performance obligations under the Agreement is dependent on Bank of America operational performance. The Parties agree to document such performance goals and meet regularly to discuss, update and resolve any concerns.

 

Proprietary to Bank of America   3   August 25, 2015


[***] = CONFIDENTIAL TREATMENT REQUESTED

 

e.) Portfolio Development Expenses

2016 - Supplier will provide $[***] (“2016 Development Prepayment”) for the 2016 User Interface Updates. $[***] will be provided in January of 2016 and nothing further will be due at that time, provided a proportionate amount of the remaining $[***] will be paid on a schedule agreed upon by the Parties. Bank of America will reimburse [***]% of the 2016 development costs paid by Supplier in monthly installments deducted from the Bank of America Revenue Share Amount in calendar year 2017. Such timing and amounts will be agreed upon by the Parties. If any of the 2016 User Interface Updates are not made available to Eligible Bank of America customers by January 1, 2017, then Cardlytics may withhold [***]% of Bank of America’s revenue share until [***]% of the 2016 Development Prepayment is recouped. In addition to the 2016 development expenses, Supplier agrees to invest [***] dollars ($[***]) in testing mobile adoption programs between January and May of 2016.

Explanatory table of Development Prepayment and Revenue Share Amount

 

     Dev Payments     Reimbursement     Total Paid by Supplier  

2016

   $ [ ***]      $ [ ***] 

2017

   $ [ ***]    $ [ ***]    $ [ ***] 

2018

     [ ***]    $ [ ***]      [ ***] 

2019

     [ ***]    $ [ ***]      [ ***] 

2017 - Supplier will provide $[***] (“2017 Development Prepayment”) for the 2017 User Interface Updates. Bank of America will reimburse [***] in monthly installments deducted from the Bank of America Revenue Share Amount in calendar year 2018.

If any of the 2017 User Interface Updates are not made available to Eligible Bank of America customers within two (2) months of the Target Production Date, then Cardlytics may withhold [***]% of Bank of America’s revenue share until [***]% of the 2017 Development Prepayment is recouped.

2018 and later – The Parties contemplate continuing User Interface Updates and annual projects related to the development of system and product improvements throughout the Term of this Agreement. As such, the Parties agree to reasonably cooperate and agree on finalizing such improvements and projects along with the corresponding Supplier funded development expenses from 2018 forward in a manner similar to those outlined herein for 2016 and 2017. The 2018 Development Payments will be made according to the following calendar quarterly schedule: $[***], $[***], $[***], and $[***].

f.) Financial Reporting

Supplier shall supply financial reporting to Bank of America with all details necessary to validate the metrics herein, by the end of the following month. Supplier shall make all changes to the reporting reasonably requested by Bank of America in a timely manner. Supplier will provide back-up documentation and other support as necessary to validate any such reporting.

 

Proprietary to Bank of America   4   August 25, 2015