Common use of Underwriting and Risk Management Clause in Contracts

Underwriting and Risk Management. (a) Subject to Section 2.1 with respect to Prepaid Employee Accounts, Bank shall accept or reject any Credit Card Application based solely upon application of the then-current Risk Management Policies. Upon satisfaction of the applicable credit criteria set forth in the Risk Management Policies, Bank shall promptly establish a Private Label Credit Account and/or a General Purpose Account, as applicable. The Credit Card types to be associated with such Accounts shall be established in accordance with the terms of the Loyalty Programs and the Risk Management Policies. Bank shall have the right, power and privilege to review periodically the creditworthiness of Cardholders to determine the range of credit limits to be made available to individual Cardholders and whether or not to suspend or terminate credit privileges of such Cardholders; provided, however, that Bank shall only decrease credit limits or suspend or terminate credit privileges on an individual Account basis consistent with the then current Risk Management Policies and in a manner consistent with Article III and this Section 4.6. (b) The initial Risk Management Policies to be in effect as of the Effective Date are attached hereto as Schedule 4.6(b). Each Party may propose modifications of any aspect of the Risk Management Policies, which modifications shall be made only in accordance with Article III. (c) The Program shall be operated throughout the Term to achieve the targets set forth in Schedule 4.6(c)(ii). In the case of any inconsistency between the terms of Schedule 4.6(c)(i) and (ii), the terms of Schedule 4.6(c)(ii) shall control. If the targets set forth in Schedule 4.6(c)(ii) are not achieved with respect to any measurement period set forth on Schedule 4.6(c)(ii) with respect to the applicable target, the actions set forth on Schedule 4.6(c)(iii) shall apply. (d) In the event of a change in (i) the applicable through-the-door population or individual segment performance (as measured by validated scores or generally accepted, data driven credit risk metrics), (ii) industry wide performance expectations or (iii) Applicable Law, the Operating Committee shall consider and approve any changes to Schedules 4.6(c)(i) and 4.6(c)(ii) and shall preserve the targets or alternative targets, as appropriately and mutually agreed, and remedies set forth in such schedules, but after taking into account the relevant change referred to in clause (i), (ii) or (iii). (e) Within fifteen (15) days after the end of each Fiscal Month, Bank shall report to FDS Bank, in a mutually agreed upon format, the applicable metrics with respect to each of the targets set forth on Schedule 4.6(c)(ii) during such Fiscal Month (it being understood that the measurement period to determine any penalties associated with such targets under Schedule 4.6(c)(ii) may exceed one Fiscal Month). During the period in which Interim Services are being provided, reporting will be prepared by FDS Bank and the Parties agree to use FDS Bank generated reporting for review of the applicable metrics with respect to each of the targets set forth on Schedule 4.6(c)(ii) until such time as Bank has the necessary access to such data. (f) To the extent that the changes implemented as referenced in Schedule 11.1(g) result in substandard performance, such changes, with Operating Committee approval, will be reversed upon demonstration of such substandard performance. Additionally, upon such reversal, the applicable targets in Schedule 4.6(c)(ii) shall be revised as appropriate. (g) Bank shall use commercially reasonable efforts to perform all necessary security functions to minimize fraud in the Program due to lost, stolen or counterfeit cards and fraudulent applications. Each of the FDS Companies agrees to use commercially reasonable efforts to cooperate with Bank in such functions.

Underwriting and Risk Management. (a) Subject to Section 2.1 with respect to Prepaid Employee Accounts, Bank shall accept or reject any Credit Card Application based solely upon application of the then-current Risk Management PoliciesPolicies applicable to the relevant channel. Upon satisfaction of the applicable credit criteria set forth in the Risk Management Policies, Bank shall promptly establish a Private Label Credit Account, a Non-Store Account and/or a General Purpose AccountNon-Card Payment Plan, as applicable. The procedures for determining what type(s) of NMG Credit Card types to be associated with such Cards and Accounts shall be established issued upon receipt of each Application are set forth in accordance with the terms of the Loyalty Programs and the Risk Management Policies. Bank shall have the right, power and privilege to review periodically the creditworthiness of Cardholders to determine the range of credit limits to be made available to an individual Cardholders Cardholder and whether or not to suspend or terminate credit privileges of such CardholdersCardholder; provided, however, that Bank shall only decrease credit limits or suspend or terminate credit privileges on an individual Account individual, case-by-case basis consistent with the then then-current Risk Management Policies and Operating Procedures and in no event in a manner consistent less favorable, in the aggregate, than its exercise of similar rights in connection with Article III and this Section 4.6the Comparable Partner Programs. (b) The initial Risk Management Policies to be in effect as of the Effective Date are attached hereto as Schedule 4.6(b)contained in the initial Operating Procedures. Each Party may propose modifications of any aspect of the Risk Management Policies, which modifications shall be made only upon approval in accordance with Article III. (c) The Program shall be operated throughout If the Term approval rate targets and other metrics referred to achieve the targets set forth in Schedule 4.6(c)(ii). In the case of any inconsistency between the terms of Schedule 4.6(c)(i) and (ii), the terms of Schedule 4.6(c)(ii) shall control. If the targets set forth in Schedule 4.6(c)(ii4.6(c) are not achieved with respect met and the credit profile of Account applicants has not adversely changed from that specified in Schedule 4.6(c), then Bank shall have thirty (30) days to modify the Risk Management Policies or otherwise adjust its practices to achieve such targets. If Bank does not make any measurement period set forth on Schedule 4.6(c)(ii) with respect such adjustments, or if such adjustments fail to result in all approval rate targets and other metrics once again being met by the applicable target90th day after the implementation of such adjustments, the actions set forth on Schedule 4.6(c)(iii) NMG Companies shall applyhave the right to terminate this Agreement pursuant to Section 15.2(h). (d) In the event of a change in (i) the applicable through-the-door population or individual segment performance (as measured by validated scores or generally accepted, data driven credit risk metrics), (ii) industry wide performance expectations or (iii) Applicable Law, the Operating Committee The Parties shall consider and approve any changes to Schedules 4.6(c)(i) and 4.6(c)(ii) and shall preserve the targets or alternative targets, as appropriately and mutually agreed, and remedies set forth in such schedules, but after taking into account the relevant change referred to in clause (i), (ii) or (iii). (e) Within fifteen (15) days after the end of each Fiscal Month, Bank shall report to FDS Bank, in a mutually agreed upon format, the applicable metrics with respect to each of the targets set forth on Schedule 4.6(c)(ii) during such Fiscal Month (it being understood that the measurement period to determine any penalties associated with such targets under Schedule 4.6(c)(ii) may exceed one Fiscal Month). During the period in which Interim Services are being provided, reporting will be prepared by FDS Bank and the Parties agree to use FDS Bank generated reporting for review of the applicable metrics with respect to each of the targets set forth on Schedule 4.6(c)(ii) until such time as Bank has the necessary access to such data. (f) To the extent that the changes implemented as referenced in Schedule 11.1(g) result in substandard performance, such changes, with Operating Committee approval, will be reversed upon demonstration of such substandard performance. Additionally, upon such reversal, the applicable targets in Schedule 4.6(c)(ii) shall be revised as appropriate. (g) Bank shall use perform all commercially reasonable efforts to perform all necessary security functions in accordance with the Risk Management Policies to minimize fraud in the Program due to lost, stolen or counterfeit cards and fraudulent applications. Each of the FDS Companies agrees The Parties each agree to use commercially reasonable efforts to cooperate with Bank each other in such functions.

Underwriting and Risk Management. (a) Subject to Section 2.1 with respect to Prepaid Employee Accounts, Bank shall accept or reject any Credit Card Application based solely upon application of and in accordance with the then-current Risk Management Policies. Upon satisfaction of the applicable credit criteria set forth in the Risk Management Policies, Bank shall promptly establish a Private Label Credit Account and/or a General Purpose Account, as applicableapplicable (or, after the Co-Branded New Issuance Conversion Date, a Private Label Account or Co-Branded Account). With respect to an applicant for a Private Label Credit Card who provides a foreign residence address (a “Non-Resident Applicant”) when completing a Credit Card Application (a “Non-Resident Application”) at a Macy’s retail establishment, Bank shall accept and process the Non-Resident Application and establish an Account upon satisfaction by the Non-Resident Applicant of the applicable credit criteria set forth in the Risk Management Policies to the extent that (i) Bank can, in the same manner as is done for Credit Card Applications and Accounts of applicants reflecting a U.S. residence address: (A) obtain and verify information necessary to underwrite the Non-Resident Application (including credit reports and identifying information for purposes of complying with 41 the PATRIOT ACT); and (B) decision the Non-Resident Application and establish, operate and maintain any resulting Account in accordance with the terms of this Agreement and in compliance with Applicable Law; and (ii) all Cardholders of Accounts originated via Non‑Resident Applications will be treated by Bank and Macy’s in all respects in the same manner as Cardholders with a U.S. residence address. Each Party shall continue to take all measures being taken by such Party immediately prior to the Effective Date to continue to satisfy all conditions set forth above with respect to the approval of Non-Resident Applications to the extent such conditions are within such Party’s control and are being satisfied immediately prior to the Effective Date. The Credit Card types to be associated with such Accounts shall be established in accordance with the terms of the Loyalty Programs and the Risk Management Policies. Bank shall have the right, power and privilege to review periodically the creditworthiness of Cardholders to determine the range of credit limits to be made available to individual Cardholders and whether or not to suspend or terminate credit privileges of such Cardholders; provided, however, that Bank shall only decrease credit limits or suspend or terminate credit privileges on an individual Account basis consistent with the then current Risk Management Policies and in a manner consistent with Article III and this Section 4.6. (b) The Schedule 4.6(b) attached hereto sets forth (i) certain aspects of the initial Risk Management Policies to be in effect as of the Effective Date are attached hereto and (ii) changes to certain aspects of the Risk Management Policies (as Schedule 4.6(b)indicated therein) to be implemented and effective as of the Systems Conversion Date. Each Party may propose additional modifications of any aspect of the Risk Management PoliciesPolicies in furtherance of the Program Objectives, which modifications shall be made only in accordance with Article III. With respect to changes to Risk Management Policies to be implemented as a Bank Matter, Bank shall act reasonably and in good faith. In addition, unless otherwise agreed to by the Parties, Bank shall not implement any significant change to the Risk Management Policies as a Bank Matter between October 15 of any year and January 15 of the following year; provided, however, that, notwithstanding the foregoing time period restriction and the thirty (30) day advance notice requirement set forth in the following sentence (to the extent such thirty (30) day notice requirement cannot reasonably be fulfilled in light of the timing of announcement of any change in Applicable Law), (i) Bank may in any event implement a change required by Applicable Law at any time such Applicable Law becomes effective (or in the case of any Applicable Law already in effect, at any time such Applicable Law is determined to be required to be applied to Bank or the Program) and (ii) Bank may make such changes as are reasonably necessary to address a material fraud event at such time and on such timeframe as is determined by Bank to be reasonably necessary to mitigate such fraud event. If Bank proposes to make a modification to the Risk Management Policies, then, unless otherwise agreed by Macy’s, not less than thirty (30) days prior to presentation of such proposed change to the Operating Committee for approval, Bank shall provide a forecast covering a period of twenty‑four (24) months following proposed implementation, reflecting (i) the estimated impact of the proposed modification on key performance indicators listed in Schedule 4.6(b), and (ii) the projected impact of the proposed change on the profitability of the Program and Macy’s revenues under the Program for a period of twenty-four (24) months following the proposed implementation. (c) Bank shall consider and propose from time to time changes to the Risk Management Policies which are developed using management information reporting, analytical tools, and a similar framework to the risk management policy development process applied to the other Retail Services Credit Card Programs, taking into consideration the unique aspects (e.g., merchandise, customer segments, products, Account terms and conditions) of the Macy’s Companies and the Program. Bank shall provide risk metric information to the Macy’s Companies as set forth in Schedule 4.6(c). (d) The Program shall be operated throughout the Term to achieve the targets set forth in Schedule 4.6(c)(ii4.6(d)(ii). In the case of any inconsistency between the terms of Schedule 4.6(c)(i4.6(d)(i) and (iiSchedule 4.6(d)(ii), the terms of Schedule 4.6(c)(ii4.6(d)(ii) shall control. If the targets set forth in Schedule 4.6(c)(ii4.6(d)(ii) are not achieved with respect to any measurement period set forth on Schedule 4.6(c)(ii4.6(d)(ii) with respect related to the applicable target, the actions set forth on Schedule 4.6(c)(iii4.6(d)(iii) shall apply. (de) In the event of a change in (i) the applicable through-the-door population including, but not limited to, applicant score distribution, or individual segment performance (as measured by validated scores or generally accepted, data driven credit risk metrics), (ii) industry industry-wide performance expectations or (iii) Applicable Law, the Operating Committee shall consider and approve any changes to Schedules 4.6(c)(i4.6(d)(i) and 4.6(c)(ii4.6(d)(ii) and shall preserve the targets or alternative targets, as appropriately and mutually agreed, and remedies set forth in such schedules, but after taking into account the relevant change referred to in clause (i), (ii) or (iii). (e) Within fifteen (15) days after the end of each Fiscal Month, Bank shall report to FDS Bank, in a mutually agreed upon format, the applicable metrics with respect to each of the targets set forth on Schedule 4.6(c)(ii) during such Fiscal Month (it being understood that the measurement period to determine any penalties associated with such targets under Schedule 4.6(c)(ii) may exceed one Fiscal Month). During the period in which Interim Services are being provided, reporting will be prepared by FDS Bank and the Parties agree to use FDS Bank generated reporting for review of the applicable metrics with respect to each of the targets set forth on Schedule 4.6(c)(ii) until such time as Bank has the necessary access to such data. (f) To the extent that the changes implemented as referenced in Schedule 11.1(g) result in substandard performance, such changes, with Operating Committee approval, will be reversed upon demonstration of such substandard performance. Additionally, upon such reversal, the applicable targets in Schedule 4.6(c)(ii) shall be revised as appropriate. (g) Bank shall use commercially reasonable efforts to perform all necessary security functions to minimize fraud in the Program due to lost, stolen or counterfeit cards and fraudulent applications. Each of the FDS Macy’s Companies agrees to use commercially reasonable efforts to cooperate with Bank in such functions.