RISK AND COMPLIANCE PROGRAMS. 1. ACI Corp., under the supervision of its board of directors (the “Board of Directors”), shall maintain at all times an Enterprise Risk Management Program (“ERMP”) to identify, measure, monitor and control risk. The ERMP shall include the requisite policies and procedures to effectively address ACI’s activities with specific attention to applicable State and Federal laws and regulations. The ERMP includes the privacy strategy and framework (the “Information Security Program”) and cybersecurity strategy and framework (the “Cybersecurity Program”) and shall at all times be tailored to the nature, size, complexity, and risk profile of ACI. The ERMP shall also include customary strategic planning as undertaken by management and overseen by the Board of Directors and a Compliance Management System (“CMS”) which complies with all the relevant requirements set forth by the Consumer Financial Protection Bureau.
Appears in 4 contracts
Samples: Settlement Agreement and Consent Order, Settlement Agreement and Consent, Settlement Agreement and Consent
