Common use of Aspiration Policies and Procedures Clause in Contracts

Aspiration Policies and Procedures. (a) The Parties acknowledge and agree that the Aspiration Account Program is under the principal oversight and control of Aspiration. Aspiration shall develop and implement policies and procedures necessary to comply with all KYC, AML, and IDV rules and regulations applicable to the Aspiration Customer Account under Applicable Law and shall be responsible for compliance with all Applicable Law pertaining to KYC, AML and IDV in connection with the Aspiration Account Program and for maintaining appropriate record-keeping relating to the foregoing. Such policies and procedures, which shall be in effect prior to enrolling any Customers in an Aspiration Customer Account, are subject to prior review and approval by Coastal as set forth in Section 2.1. Any material changes to such policies or procedures must be approved in writing in advance by Coastal. If Coastal in its reasonable discretion determines that changes to such policies or procedures are necessary or advisable (including because such policies do not comply with any Applicable Law or the Risk Management Considerations), the Parties shall promptly modify such policies or procedures; provided, that Aspiration shall always retain sole authority regarding the supervision of Aspiration and its activities as a broker-dealer registered with the U.S. Securities and Exchange Commission and a member of FINRA as required by Applicable Law. (b) Prior to enrolling any Customers in an Aspiration Customer Account, Aspiration shall develop and implement an Identity Theft Prevention Program (“IDTP”) designed to detect, prevent, and mitigate identity theft in connection with the Aspiration Account Program. The IDTP shall be designed to comply with the provisions of 12 CFR 41.90-41.91 and the Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation set forth at Appendix J to 12 CFR Part 41. Aspiration shall submit the proposed IDTP to Coastal for its prior review and approval, which approval shall not be unreasonably delayed, conditioned or withheld. If Coastal in its reasonable discretion determines that changes to the IDTP are reasonably required to comply with any Applicable Law or the Risk Management Considerations, the Parties shall promptly modify the IDTP; provided, Aspiration shall always retain sole authority regarding the supervision of Aspiration and its activities as a broker-dealer registered with the U.S. Securities and Exchange Commission and a member of FINRA as required by Applicable Law. (c) Aspiration shall develop, implement and maintain a comprehensive information security program designed to meet the objectives of the security and confidentiality guidelines of the federal banking agencies’ Interagency Guidelines Establishing Standards for Safeguarding Consumer Information and the Interagency Guidelines Establishing Information Security Standards, including the implementation of appropriate policies, procedures and other measures designed to protect against unauthorized access to or use of Aspiration Customer Account Data associated with the Coastal Services maintained or used by Aspiration that could result in substantial harm or inconvenience to any Customer and the proper disposal of Customer Information. Aspiration shall conduct regular testing of its security systems and safeguards, including penetration testing and vulnerability scans. Aspiration shall further develop and maintain a response program in accordance with the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice and, in accordance with such program, shall take appropriate actions to address incidents of unauthorized access to Customer Information or other information, including notification to Coastal and the Customers as soon as reasonably possible following any such incident related to or affecting a Customer. If there is any conflict between any of the federal banking agencies’ Interagency Guidelines Establishing Standards for Safeguarding Consumer Information and the Interagency Guidelines Establishing Information Security Standards, and the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice and Applicable Law governing broker-dealers, the Parties agree that they will work together to resolve any such conflict, including, as required, consulting with the relevant Governmental Body and/or FINRA. Aspiration shall further use commercially reasonable efforts to ensure that any third party Service Provider having access to Customer Information as part of the provision of the Coastal Services shall maintain similar security measures and response programs.