Common use of RISK AND COMPLIANCE PROGRAMS Clause in Contracts

RISK AND COMPLIANCE PROGRAMS. 1. The Board shall enhance, implement and maintain an Enterprise Risk Management Program (“ERMP”) to identify, measure, monitor and control risk. The ERMP shall include the requisite policies and procedures to effectively address the company’s activities with specific attention to applicable State and Federal laws and regulations. The ERMP shall also include customary strategic planning as undertaken by management and overseen by the Board and a Compliance Management System (CMS) which complies with all the requirements set forth by the Consumer Financial Protection Bureau. 2. Policies and Procedures required as part of the ERMP shall, at a minimum, include: a. Record Retention Policies, including express language ensuring that records generated or possessed by Nationstar in the course of business are preserved and retained in a manner as prescribed by applicable State and Federal laws; and the section shall also include, at a minimum: i. the name of documents to be maintained; ii. the location of those documents; iii. the source of the documents; iv. the required time period for retention, and; v. the format for retention (paper/electronic). b. Policies on each of the following topics: i. The assessment and collection of any and all fees; ii. The content and delivery of any and all required disclosures; and iii. Collection of any and all payments, fees, and/or expenses by credit card. 3. The ERMP shall include a comprehensive and continuous training program to assure that mortgage loan originators and related staff are aware of the company’s policies and procedures, and changes to those policies and procedures, which are relevant to each employee’s job function. Within thirty (30) calendar days of the Effective Date, Nationstar shall submit to the State Mortgage Regulators on the Executive Committee a training plan, with calendar, which addresses all required areas of training. Within three hundred ninety- five (395) days of the Effective Date, and annually thereafter for two (2) years, Nationstar shall also submit to the State Mortgage Regulators on the Executive Committee an annual report, accompanied by an Affidavit signed by a member of senior management (such as the Chief Compliance Officer), that will confirm the training that has been provided and the recipients of said training by job function. 4. The Board shall maintain an internal audit program through a dedicated Internal Audit Department (“IAD”). The IAD shall report directly to the Board or the Board’s Audit Committee, with additional reporting to management employees, so as to provide the Board with independent and objective information as to whether major business risks are being managed appropriately and whether the company’s risk management and internal control framework is operating effectively. 5. In order to monitor the ERMP and the specific enhancements thereto as discussed herein, Nationstar will provide to the State Mortgage Regulators on the Executive Committee the following documentation and/or information according to the following terms: (1) The ERMP within thirty (30) calendar days of the Effective Date of this Agreement, (2) any written updates or changes to the ERMP, within thirty (30) calendar days of the conclusion of calendar years 2020, and 2021, and (3) for a period of two (2) years from the Effective Date of this Agreement, any finding within thirty (30) calendar days of the final determination of that finding that is designated as “high-risk”, “critical”, or any similar designation by any of Nationstar’s (i) business line risk assessment or quality control functions, (ii) the centralized risk and compliance functions, (iii) the IAD, and/or

RISK AND COMPLIANCE PROGRAMS. 1. The Board shall enhance, implement and maintain an Enterprise Risk Management Program (“ERMP”) to identify, measure, monitor and control rol risk. The ERMP shall include the requisite policies and procedures to effectively address the company’s activities with specific attention to applicable State and Federal laws and regulations. The ERMP shall also include customary strategic planning as undertaken by management and overseen by the Board and a Compliance Management System (CMS) which complies with all the requirements set forth by the Consumer Financial Protection Bureau. 2. Policies and Procedures required as part of the ERMP shall, at a minimum, include: a. Record Retention Policies, including express language ensuring that records generated or possessed by Nationstar in the course of business are preserved and retained in a manner as prescribed by applicable State and Federal laws; and the section shall also include, at a minimum: i. the name of documents to be maintained; ii. the location of those documents; iii. the source of the documents; iv. the required time period for retention, and; v. the format for retention (paper/electronic). b. Policies on each of the following topics: i. The assessment and collection of any and all fees; ii. The content and delivery of any and all required disclosures; and iii. Collection of any and all payments, fees, and/or expenses by credit card. 3. The ERMP shall include a comprehensive and continuous training program to assure that mortgage loan originators and related staff are aware of the company’s policies and s procedures, and changes to those policies and procedures, which are relevant to each employee’s job function. Within thirty (30) calendar days of the Effective Date, Nationstar shall submit to the State Mortgage Regulators on the Executive Committee a training plan, with calendar, which addresses all required areas of training. Within three hundred ninety- five (395) days of the Effective Date, and annually thereafter for two (2) years, Nationstar shall also submit to the State Mortgage Regulators on the Executive Committee an annual report, accompanied by an Affidavit signed by a member of senior management (such as the Chief Compliance Officer), that will confirm the training that has been provided and the recipients of said training by job function. 4. The Board shall maintain an internal audit program through a dedicated Internal Audit Department (“IAD”). The IAD shall report directly to the Board or the Board’s Audit Committee, with additional reporting to management employees, so as to provide the Board with independent and objective information as to whether major business risks are being managed appropriately and whether the company’s risk management and internal control framework is operating effectively.. - 5. In order to monitor the ERMP and the specific enhancements thereto as discussed herein, Nationstar will provide to the State Mortgage Regulators on the Executive Committee the following documentation and/or information according to the following terms: (1) The ERMP within thirty (30) calendar days of the Effective Date of this Agreement, (2) any written updates or changes to the ERMP, within thirty (30) calendar days of the conclusion of calendar years 2020, and 2021, and (3) for a period of two (2) years from the Effective Date of this Agreement, any finding within thirty (30) calendar days of the final determination of that finding that is designated as “high-risk”, “critical”, or any similar designation by any of Nationstar’s o (i) business line risk assessment or quality control functions, (ii) the centralized risk and compliance functions, (iii) the IAD, and/or

RISK AND COMPLIANCE PROGRAMS. 1. The Board shall enhance, implement and maintain an Enterprise Risk Management Program (“ERMP”) to identify, measure, monitor and control risk. The ERMP shall include the requisite policies and procedures to effectively address the company’s activities with specific attention to applicable State and Federal laws and regulations. The ERMP shall also include customary strategic planning as undertaken by management and overseen by the Board and a Compliance Management System (CMS) which complies with all the requirements set forth by the Consumer Financial Protection Bureau. 2. Policies and Procedures required as part of the ERMP shall, at a minimum, include: a. Record Retention Policies, including express language ensuring that records generated or possessed by Nationstar in the course of business are preserved and retained in a manner as prescribed by applicable State and Federal laws; and the section shall also include, at a minimum: i. the name of documents to be maintained; ii. the location of those documents; iii. the source of the documents; iv. the required time period for retention, and; v. the format for retention (paper/electronic). b. Policies on each of the following topics: i. The assessment and collection of any and all fees; ii. The content and delivery of any and all required disclosures; and iii. Collection of any and all payments, fees, and/or expenses by credit card. 3. The ERMP shall include a comprehensive and continuous training program to assure that mortgage loan originators and related staff are aware of the company’s policies and procedures, and changes to those policies and procedures, which are relevant to each employee’s job function. Within thirty (30) calendar days of the Effective Date, Nationstar shall submit to the State Mortgage Regulators on the Executive Committee a training plan, with calendar, which addresses all required areas of training. Within three hundred ninety- five (395) days of the Effective Date, and annually thereafter for two (2) years, Nationstar shall also submit to the State Mortgage Regulators on the Executive Committee an annual report, accompanied by an Affidavit signed by a member of senior management (such as the Chief Compliance Officer), that will confirm the training that has been provided and the recipients of said training by job function. 4. The Board shall maintain an internal audit program through a dedicated Internal Audit Department (“IAD”). The IAD shall report directly to the Board or the Board’s Audit Committee, with additional reporting to management employees, so as to provide the Board with independent and objective information as to whether major business risks are being managed appropriately and whether the company’s risk management and internal control framework is operating effectively. 5. In order to monitor the ERMP and the specific enhancements thereto as discussed herein, Nationstar will provide to the State Mortgage Regulators on the Executive Committee the following documentation and/or information according to the following terms: (1) The ERMP within thirty (30) calendar days of the Effective Date of this Agreement, (2) any written updates or changes to the ERMP, within thirty (30) calendar days of the conclusion of calendar years 2020, and 2021, and (3) for a period of two (2) years from the Effective Date of this Agreement, any finding within thirty (30) calendar days of the final determination of that finding that is designated as “high-risk”, “critical”, or any similar designation by any of Nationstar’s (i) business line risk assessment or quality control functions, (ii) the centralized risk and compliance functions, (iii) the IAD, and/orand/or (iv) other similar functions contemplated under the ERMP.