Common use of Mandatory Audits Clause in Contracts

Mandatory Audits. The Permitted Entity agrees that it will be subject to mandatory audits conducted by SSA as follows: Initial Audit Every Permitted Entity enrolled in eCBSV will be subject to an initial audit once in the first year after executing this user agreement; Every Financial Institution serviced by the Permitted Entity, if any, will be subject to an initial audit once within the first three (3) years after the Permitted Entity executes this user agreement. Subsequent Audit If the Permitted Entity is subject to regulatory enforcement and oversight actions under section 505(a)(1)-(7) of GLBA and has no Type I or Type II noncompliance violations as defined in section IX A, below, in the most recent audit, will be subject to an audit once every 5 years after the first audit; If the Permitted Entity is not subject to regulatory enforcement or oversight actions under section 505(a)(1)-(7) of GLBA, or has any Type I or Type II noncompliance violations, will be subject to an audit every year; The Permitted Entity and the Financial Institutions it services, if any, are subject to audits at SSA’s discretion at any time. Initiating the Audit An SSA-appointed CPA firm will perform an annual audit in accordance with paragraph A above to ensure that all SSN Verification requests are in compliance with this user agreement and the Banking Bill. The CPA firm will perform the audit in accordance with the standards established by the American Institute of Certified Public Accountants and contained in the Generally Accepted Government Audit Standards (GAGAS). SSA will send a notice to the Permitted Entity identifying the name of the retained CPA firm and its designated contact. Permitted Entity’s Cooperation with Audit The Permitted Entity will: Provide to the reviewing CPA all requested Supporting Documentation in their entirety; In the case where the Permitted Entity is servicing a Financial Institution(s), inform all Financial Institutions of the requirement to produce Supporting Documentation upon the CPA’s request for purposes of the audit. The Permitted Entity will receive a copy of the CPA firm’s report 30 calendar days after the report is provided to SSA.

Mandatory Audits. The Permitted Entity agrees that it will be subject to mandatory audits conducted by SSA as follows: Initial Audit Every Permitted Entity enrolled in eCBSV will be subject to an initial audit once in the first year after executing this user agreement; Every Financial Institution serviced by the Permitted Entity, if any, will be subject to an initial audit once within the first three (3) years after the Permitted Entity executes this user agreement. Subsequent Audit If the Permitted Entity is subject to regulatory enforcement and oversight actions under section 505(a)(1)-(7) of GLBA and has no Type I or Type II noncompliance violations as defined in section IX A, below, in the most recent audit, will be subject to an audit once every 5 years after the first audit; If the Permitted Entity is not subject to regulatory enforcement or oversight actions under section 505(a)(1)-(7) of GLBA, or has any Type I or Type II noncompliance violations, will be subject to an audit every year; The Permitted Entity and the Financial Institutions it services, if any, are subject to audits at SSA’s discretion at any time. Initiating the Audit An SSA-appointed CPA firm will perform an annual audit in accordance with paragraph A above to ensure that all SSN Verification requests are in compliance with this user agreement and the Banking BillXxxx. The CPA firm will perform the audit in accordance with the standards established by the American Institute of Certified Public Accountants and contained in the Generally Accepted Government Audit Standards (GAGAS). SSA will send a notice to the Permitted Entity identifying the name of the retained CPA firm and its designated contact. Permitted Entity’s Cooperation with Audit The Permitted Entity will: Provide to the reviewing CPA all requested Supporting Documentation in their entirety; In the case where the Permitted Entity is servicing a Financial Institution(s), inform all Financial Institutions of the requirement to produce Supporting Documentation upon the CPA’s request for purposes of the audit. The Permitted Entity will receive a copy of the CPA firm’s report 30 calendar days after the report is provided to SSA.