Introducing [name of lender] Serving Americas Creditworthy Consumers [date] General Credentials Presentation for [name of bank] Executive Summary [name of lender] is a fully licensed online provider of short term credit products according to the banking and financial services laws of [state, country, tribe]. [if the account is to be held in the name of the holding company or other operating entity, details should be entered here]. Our products fill a critical need for tens of millions of Americans who use the internet for short term liquidity which is not readily available from traditional sources. Our customers are typically highly educated, middle income individuals. Our lending operations are fully compliant with all 18 federal laws and regulations, from marketing and acquisition, application review and credit approval, servicing and retention to the collection of past due amounts. Our customers overwhelmingly express high rates of satisfaction with our products and service. [name of lender] is a member in good standing of the Online Lenders Alliance which requires adherence to OLA Best Practices and Code of Conduct as a condition of membership. [If applicable, name of lender if accredited] has completed all requirements for Accreditation by Online Lenders Alliance which includes a full independent 3rd party review of our operations, compliance programs, compliance monitoring, employee training and monitoring as well as compliance with all federal law and OLA Best Practices. Please see Appendix 2 for details. [name of lender] is seeking a mutually beneficial, transparent commercial banking relationship with [name of bank] 2 The Consumer Liquidity Crunch • CARD Act – Inability to price and reprice for risk • Consumer advocates, regulatory policy and litigation – More restrictions on overdraft, higher cost of overdraft protection – Criticism of deposit advance products (so-called “bank payday”) • Results: – – – – Credit cards being cancelled Credit limits being cut HELOCs cancelled or cut Pressure on overdraft and deposit advance • FRB G.19 (http://www.federalreserve.gov/releases/g19/Current/) 2008 2012 (Dec.) change Revolving $1,010 billion $850 billion (15.8%) Non-Revolving $1,539 billion $1,928 billion 25.3% 3 Consumers Need Short-Term Credit • Alternatives to short-term credit – Over-the-limit fees – Overdraft – Late payment (e.g., of utilities or telephone) • late payment fee, cost of no service and service-reconnection fee – Bounced check • NSF fee ($20 to $50), termination of deposit account – Non-payment/default • Loss of credit card, repossession, foreclosure • $40 billion market for short-term, small-dollar credit of which • Internet lending is $18 billion • Demographics: college-educated, families, middle income, middle-aged • FDIC Unbanked Study – One in four households are either unbanked or underbanked – One in four households have used “alternative financial service” 4 Access to Short-Term Credit Helps Consumers • Kansas City Federal Reserve Bank Symposium, May 2011 – “[C]onsumers with access to payday lending may be more able to maintain their credit standing than those without access to payday lending.” • Kelly Edmiston, “Could Restrictions on Payday Lending Hurt Consumers?” – http://www.kansascityfed.org/publicat/econrev/pdf/11q1Edmiston.pdf – “[R]estrictions could deny some consumers access to credit, limit their ability to maintain formal credit standing, or force them to seek more costly credit alternatives” – States where payday lending is banned have a higher share of consumers with low credit scores and histories of late bill payments 5 Effective Management of Risk Addressing All Risks The banking regulators have identified Operational Risks, Strategic Risks, Credit Risks, Compliance and Legal Risks, Reputational Risks, Transaction Risk as inherent to processing payments for any Originator. We fully respect the importance of addressing each category of risk associated with opening our new banking relationship, and will actively assist [name of bank] in understanding the business of online lending 7 Addressing All Risks • Operational Risks – Such as, increase in operational complexity or risk of operational failure • Strategic Risks – Such as, engaging in practices that do not maximize return on investment • Credit Risks – Risk that counterparty cannot perform financially, such as, risk that transactions will be returned or charged-back and TPP or merchant are not solvent and ODFI does not have adequate reserves • Compliance and Legal Risks – Risks that ACH activity will cause ODFI to violation laws, rules or internal policies, such as, BSA/AML or engaging in an unfair trade practice • Reputational Risks – Risk of negative public opinion, such as, being publicly associated with fraudulent activity • Transaction Risk – Risk arising out of the transaction, such as, that Originator does not deliver services to customers, or that Originator activity compromises security or integrity of data 8 Addressing All Risks • Operational Risk – we will demonstrate the continuity of the hardware & software on which we operate our business; how we create and control the files we will be sending; the procedures we use to process our daily processing; the business continuity planning we have in place and how we train and monitor our staff • Strategic Risk – we will review our current banking relationships and why we are interested in doing business with [name of bank] • Credit Risk – we will provide you with complete, up-to-date financial statements; an understanding of our financial structure to demonstrate the financial soundness of our business; and adequate information to reserve against risk of loss appropriately 9 Addressing All Risks • Compliance and Legal Risks – we will demonstrate what actions we take to prevent fraud, and the consumer protections we have in place to ensure that consumers understand and fully and clearly authorize payment for our products – Our payment transactions are fully compliant with guidelines and network operating rules of the respective payment networks including NACHA, Visa/Mastercard, and the Federal Reserve as applicable • Reputational Risk – we will provide you with supporting for the value to consumers of the products we offer and our legal basis to offer those products • Transaction Risk – we will demonstrate the security systems and how we provide products and services to our customers 10 Addressing Credit Risk We are open to [name of bank] maintaining appropriate deposit account balances or reserves for each merchant account. The reserve methodology should be fully supported and documented, and know these reserves will require a perfected collateral hold. We recommend the following: Return Reason # of days to return Representative Return Rates Conservative Reserves Conservative time to hold NSF 2 banking days 19.9% 30% 5 banking days Invalid Account 2 banking days 0.4% 2.0% 5 banking days 60-90 days 0.2% 1.0% 180 days 2 banking days 4.0% 10% 5 banking days Unauthorized Other* * stop payment orders, closed account, frozen account, non-transaction account 11 Addressing Reputational Risk [name of lender] provides credit-worthy consumers with convenient access to a product they want, under terms which are fully disclosed, understood and authorized, and about which they express high levels of satisfaction: – The credit products we offer include [short-term single payment, installment, open-end, small business] – Our product[s] fill[s] a critical need for and help[s] more than 12 million Americans • http://www.pewstates.org/research/reports/who-borrows-where-they-borrow-andwhy-85899405043 • http://www.kc.frb.org/publicat/econrev/pdf/11q1Edmiston.pdf – Loan proceeds are typically credited to the consumers deposit or transaction account – Consumers are offered multiple options (ACH, debit card, prepaid card, wire, and more) in accordance with Reg E, however borrowers typically prefer and fully authorize the automatic debiting of a deposit or transaction account for loan servicing and payments – Our customers express high levels of satisfaction [reference?] We will provide clear opinions supporting the legality of our business and the legitimate, compliant loan contracts we have with our customers. 12 Our Business is Highly Regulated CFPB Authority under Dodd-Frank to supervise, examine and enforce short term lenders Issued an examination manual for short-term lending FTC Enforces consumer financial protection laws i.e. TILA, ECOA, FCRA, EFTA and more Enforces prohibitions against unfair, deceptive and abusive conduct Enforcement actions against internet lenders have not questioned the model, but enforcing requirements of federal law. Examples include: • FTC v. AMG Services (filed 2012) in litigation, alleges TILA and EFTA violations • FTC v. Western Sky (filed 2011) in litigation, alleges EFTA violations and improper wage garnishments • FTC v. LoanPointe LLC (judgment entered 2011) alleged improper wage garnishments [if the lender is subject to other state, tribal or country regulations, enter those here] 13 ACH Processing for Online Lenders is Permitted The FDIC has reinforced that “Financial institutions that properly manage [ACH] relationships and risks are neither prohibited nor discouraged from providing payment processing services to customers operating in compliance with applicable federal and state law.” FIL 43-2013 (September 27, 2013) NACHA is not directing “ODFIs to cease processing payments for on-line lenders engaged in legal lending activity.” Letter from Jane Larimer, NACHA General Counsel to Lisa McGreevy, CEO, Online Lenders Alliance (August 26, 2013). 14 Ongoing Risk Mitigation As a part of maintaining the health of our relationship we welcome regular meetings with the Board of [name of bank] regarding the volume of our payment activity, return and charge-back activity and the adequacy of reserves for potential charge backs. We will work with [bank name] personnel whose work involves managing our relationship to understand the nuances of our business and to find ways we can improve our business practices. We are open and willing to submit to all appropriate monitoring and periodic audits of our transaction activity to ensure overall returns, unauthorized returns and administrative return rates are legitimate and well within the tolerances appropriate to our type of business. We openly welcome the close and continual monitoring of our banking transactions for any possible indication of fraud or other concerns. 15 Economic Proposition Our relationship with [name of bank] will include the use of a variety of banking products and services, including [include as appropriate: core depository and clearing accounts, ACH processing, wire transfers, Visa/Mastercard acquiring, treasury services, etc]. For each of these products and services we will work with [bank] staff to estimate the annual transactional volumes for purposes of valuing the estimated annual income to [name of bank]. As a matter of course, we anticipate an average collected balance of [25% of lenders total good principal in circulation] in our core depository and/or clearing account(s). 16 Summary As a fully licensed, legal online provider of short term credit products for millions of Americans in need of short term liquidity, [name of lender] is eager to begin and address any and all due diligence requirements needed to establish our relationship with [name of bank]. Our lending operations are fully compliant with all applicable federal lending laws and regulations and our customers overwhelmingly express high rates of satisfaction with our products and service. Our membership in the Online Lenders Alliance [and CFSA if applicable] demonstrates our commitment to business practices which exhibit the highest standard of industry practice. We seek a mutually beneficial, transparent commercial banking relationship with [name of bank] which effectively manages all aspects of risk to [name of bank] and which is financially rewarding through our legitimate use of a full range of banking services. Please contact: [name of CEO [phone] [email address] 17 Appendix A Banking Agency Guidance on Management of Payment Processing Risk Banking Agency Guidance • FIL-43-2013 (higher-risk merchants) – http://www.fdic.gov/news/news/financial/2013/fil13043.pdf • NACHA Operations Bulletin #2-2013 , March 2013 (High-Risk Originators) • FDIC Compliance Manual, December 2012 (TPPs) – http://www.fdic.gov/regulations/compliance/manual/pdf/VII-5.1.pdf • FIL-3-2012 (TPPs, revised) – http://www.fdic.gov/news/news/financial/2012/fil12003.html • Supervisory Insights, Summer 2011 (TPPs) – http://www.fdic.gov/regulations/examinations/supervisory/insights/sisum11/managing.html • FIL-127-2008 (TPPs) – http://www.fdic.gov/news/news/financial/2008/fil08127.html • FIL-44-2008 (managing third-party risk) – http://www.fdic.gov/news/news/financial/2008/fil08044.html • OCC 2008-12 (TPPs) – http://www.occ.gov/news-issuances/bulletins/2008/bulletin-2008-12.html • OCC 2006-39 (TPPs; ACH) – http://www.occ.gov/news-issuances/bulletins/2006/bulletin-2006-39.html 19 Agency Guidance on Risk Management • Effective due diligence and underwriting – Written procedures – Background check of processor, principals and merchant clients – Validate practices and creditworthiness of processor • Written contract between the financial institution and the Originator – Outlines each party’s duties and responsibilities • Ongoing monitoring of high-risk accounts for an increase in unauthorized returns and suspicious activity • Maintenance of adequate balances or reserves to cover expected levels of returned items 20 Due Diligence and Underwriting • Obtaining information/documentation on the Originator’s principal owners from application materials or from independent reporting services • Visiting the Originator’s business operations center • Requesting copies of consumer complaints and the procedures for handling consumer complaints and redress • Obtaining information pertaining to any litigation and actions brought by federal, state, or local regulatory or enforcement agencies • Obtaining information about the history of returned items and customer refunds 21 Monitoring • All banks are required to maintain a BSA/AML compliance program – Including appropriate policies, procedures, and processes for monitoring, detecting, and reporting suspicious activity. • Should have written procedures for monitoring • Prompt action to minimize consumer harm – File SARs – Freeze account balances to cover anticipated charge-backs – Terminate the relationship with the TPP 22 Monitoring Originators and Transactions • Originators – Transaction volume – Return history • Banks agencies: focus is on unauthorized transactions • NACHA: should monitor not just for unauthorized transactions, but also for unusually high rates of NSF returns or other administrative returns – Charge-back history – Complaints – Legal actions – NACHA: Risk-based review of Originator authorization forms and processes when other factors lead the ODFI to be concerned about those practices. – NACHA: Risk-based review of Originator revocation practices to determine whether consumers are given a reasonable opportunity to revoke consent to ACH debits. • Transactions – NACHA: Monitor for patterns that may indicate attempts to evade the limitations on the re-initiation of returned Entries • such as resubmission under a different name or for slightly modified dollar amounts. 23 Ongoing Risk Mitigation • Regular reports to the Board regarding – The volume of activity – The volume of return and charge-back activity – The adequacy of reserves for potential charge backs from Originators • Provide training to all personnel whose work involves ACH activities: – – – – The risks of ACH activities BSA/AML training Fraud red flags Appropriate customer due diligence maintenance and documentation • Periodic audits of ACH activity, including: – – – – – – Transaction testing Risk assessments of Originators A review of the sufficiency of Board-approved policies and procedures An assessment of management’s compliance with established policies and procedures An analysis of the reserve account; the appropriateness of existing infrastructure and staffing A determination of customer due diligence documentation, analysis, and risk assessment adequacy 24 Appendix B OLA Best Practices OLA Best Practices • Advertising & Marketing – Actually available credit – Trigger terms – Loan terms – Telemarketing – Internet/email – Terms and conditions • Application and Origination – – – – – – Privacy policies Adverse action notices Disclosure of the loan terms Electronic payment authorization Counseling Negative options 26 OLA Best Practices • Payments – Timely posting of payments – Reporting consumer data – Repayment options – Handle returns properly • Collections – Fair collection practices – Dispute/fraud handling – Garnishment of wages • Security of Information • Vendor Selection – Conduct due diligence: review policies; provide a questionnaire; ask for references – Includes reps and warrants in agreement – Ongoing monitoring 27 Implementation of Best Practices • Adoption of the Best Practices is required for OLA Membership • Members must ensure that the Best Practices are: – – – – Reflected in new hire trainings and employee manuals; A prominent part of any training class; Incorporated as part of the Member’s formal policies; Reflected in agreements with third party vendors. • OLA is self-policing – OLA performs due diligence before admitting companies to membership • Many companies have been denied membership – Process for responding to and adjudicating complaints against members • OLA members have been disciplined for Best Practices violations 28 OLA Best Practices for Payment Processing • Ensure all transactions are authorized by the consumer • Post payments as soon as practicable upon receipt • Customer Notification – Notify a customer each time the customer is or has been debited • •Validate Routing Numbers • Handle Return Codes Properly – Negative Return Code Processing: R2, R3, R4, R5, R7, R8, R10, R16, R20, R29. – R10’s & R29’s (not authorized) • •Ensure that no additional transactions are completed on that account • Review % of Returns by Routing Number and Other Dynamics Regularly – If a single ABA number/bank has 30%+ return of transactions then the merchant should block this ABA completely 29 Sample Authorization Form 30 New OLA Best Practices for Payments • Lenders, processors and their agents shall develop and maintain timely postings of returns information • Lenders shall provide consumers an alternative to ACH debiting. These alternatives shall be provided both when the customer is current and in collection stages. Such alternatives may include paper check, debit card, money order, or other means. • All customers must have the right to rescind the loan and the ACH authorization within one (1) business day of the loan approval so long as the customer returns the funds within 24 hours of the rescission • Lenders will follow all NACHA presentment rules – one original presentment plus only two re-presentments. • Lenders will not process multiple ACH debit attempts to an individual loan on the same effective date (No ACH Split Payments) unless expressly authorized by (expressly requested by) the customer 31 New OLA Best Practices for Payments • Lenders shall charge only one NSF fee per original loan payment • All authorizations for recurring debits shall be secured in accordance with NACHA rules, the Electronic Funds Transfer Act and Regulation E. This shall include securing authorization for recurring debits in writing and signed or similarly authenticated by the consumer: – – – Authorization can be electronic Authorization must be retained and a copy provided to borrower Must include the five essential elements defined by NACHA rules • Lenders shall transfer PII data using TPS and TPP security protocols to ensure no inappropriate passing of data. • All parties will comply with the new NACHA Rule 2.3.4 which requires the ODFI to ensure that originators and third-party senders do not share account/routing numbers for the purpose of initiating debit entries that are not covered by the original authorization 32 New OLA Best Practices for Payments • Lenders shall not ACH debit a consumer unless they have a valid authorization with the proper ABA and account information. Lenders shall not use new bank account information that the merchant sourced from the marketplace on the consumer, or in other words, Lenders shall only debit consumers for the account listed on the valid authorization. • Lenders shall not use RCCs and RCPOs in their normal course of business unless formally requested and proper consumer authorization has been secured. • Lenders shall provide their payment processors and the sponsoring ODFI signed payment authorizations for all R10’s and R29’s returns within 24 hours of the request for such documentation. • Lenders shall provide Proof of Authorizations to be delivered to TPP within 24 business hours of the request. • Lenders shall provide all Proof of Authorization for all unauthorized transactions are segregated and held, ready to be delivered to TPP within 4 business hours, upon request. 33 New Returns Testing Requirements • Lenders/Merchants shall at a minimum test their portfolios monthly for the following returns: • Total return count • NSF Returns (R01 & R09) – As a %age of all debits – As a %age of all returns • Administrative returns (R02, R03, R04) – Account closed, unable to locate account, account number not valid • Unauthorized returns (R05, R07, R10, R29, and R51) • Corrections (C Codes) as a %age of total debits processed • ABA numbers that represent greater than 1.5X the merchant’s average return %age (ABA returns vs. ABA debits) • Individual ABA numbers for which more than 15 returns have been processed during the prior calendar month 34 Appendix C OLA Accreditation OLA Accreditation is designed as a compliance audit to test whether a lender’s compliance controls effectively mitigate the risk of violations of federal consumer financial law. Also tests whether a lender’s policies and practices adhere to the standards set forth in the CFPB’s examination manual and to OLA’s Best Practices. 36 OLA Accreditation • Accreditation Program developed by Promontory Financial Group • Led by Founder and CEO, Eugene A. Ludwig, former Comptroller of the Currency • Developed to banking agency risk assessment standards • A company being tested is asked to provide information about the compliance controls and practices associated with the company’s marketing, origination, payment processing, and collections operations. • The assessment also asks the company to provide information about its compliance controls and practices relating to third party relationships, and how those controls may mitigate against compliance risks. • Collectively, these assessments form five compliance modules containing 104 controls, with dozens of additional sub-questions, relating to the requirements set forth in federal consumer financial law 37 OLA Accreditation Once the Inherent Risk is determined, the certification program specifies testing standards in five different areas: Marketing Application & Origination Payments & Renewals Collections & Reporting Third Party Relationships 38 RADAR - Modules RADAR – Sampling Instructions RADAR – Modules Rating RADAR - Modules Reports in RADAR Accreditation Process 1 Understand Scope 2 Calculate Inherent Risk 3 Perform SelfCertification 4 Independent Audit • An independent audit is an important part of the accreditation process, which verifies the results of the self-test. The auditor will: – – – – Verify Inherent Risk Sample materials to test business practices Review policies and procedures Test policies and procedures against the five OLA modules 44 Appendix D Overview of ACH Overview of ACH Network • The ACH Network is a batch processing system for debit and credit entries – A debit transaction enables an originator, with sufficient authorization, to debit a receiver’s account (e.g., bill payments, point of sale purchases) – A credit transaction enables an originator to credit a receiver’s account (e.g., direct deposit, annuities, social security payments) – ACH entries include consumer and corporate transactions, which may represent commercial or government payments • There are two primary ACH Network Operators: – The Federal Reserve Banks (“FedACH”) – The Clearing House (“EPN”) • In 2012, the two ACH Operators processed 16 billion entries, valued at $41 trillion 46 ACH Participants • Originator – A person that initiates an ACH transaction to an account either as a debit or credit. • Originating Depository Financial Institution (“ODFI”) – The DFI that receives the payment instructions from the Originator and forwards an ACH entry to the ACH Operator • ACH Operator (i.e., FedACH or EPN) – A central clearing facility that receives entries from ODFIs, distributes the entries to the appropriate RDFIs, and performs the settlement functions for the DFIs • Receiving Depository Financial Institution (“RDFI”) – The DFI that receives entries (i.e., credits or debits) from the ACH Operator and posts them to the accounts held by Receivers at the DFI • Receiver – A person that authorizes the Originator to initiate an ACH transaction, either as a debit or credit to an account held by the Receiver at a bank (i.e., the RDFI) 47 ACH Participants • NACHA – The association of DFIs that (1) manages the development, administration, and governance of the ACH Network, and (2) establishes the Operating Rules and Guidelines for the ACH system, which guide risk management and create payment certainty for all participants • Third-party Processor (TPP) – An entity other than an Originator, ODFI, or RDFI that performs any functions on behalf of the Originator, the ODFI, or the RDFI with respect to the processing of ACH entries. – A TPP might create ACH files on behalf of the Originator or ODFI, or acting as a sending point of an ODFI (or receiving point on behalf of an RDFI). • Independent Sales Organization (ISO) – Companies contracted by an ODFI or TPP to procure new merchant relationships 48 ACH Processing: Key Terminology • Entry – An ACH credit or debit transaction • Standard Entry Classification (SEC) Code – Standard codes describing each type of ACH transaction – The SEC codes relevant to internet lending are • TEL: Receiver authorizes debit by telephone • WEB: Receiver authorizes debit over the Internet • PPD: Receiver authorizes debit in writing (e.g., by fax) • RCK: an ACH entry that has previously been returned for insufficient funds in the Receiver’s account (“NSF”) • Return Codes – – – – Indicate the reasons why ACH entries (usually debits) are returned to an ODFI NSF: R01, R09 Invalid account information: R03 and R04 Unauthorized: R05, R07, R10, R29 and R51 49 Information Flow ODFI ACH Entry ACH Operator ACH Entry RDFI Posting to Account Payment Instruction Authorization Originator Receiver 50 Cash Flow (ACH Credit) ACH Entry ODFI ACH Entry ACH Operator Credit Entry Credit Entry RDFI Posting to Account Account Credit Payment Instruction Authorization Originator Receiver Examples of ACH Credit transactions include direct deposit and government benefits 51 Cash Flow (ACH Debit) ACH Entry ODFI ACH Entry ACH Operator Debit Entry Advice of Credit Payment Instruction Debit Entry RDFI Posting to Account Account Debit Authorization Originator Receiver Examples of ACH Debit transactions include automatic bill payments and POS purchases 52 Settlement • The ACH Operators provide settlement services – For FedACH, net credit or debit positions are applied directly to each participating DFI’s reserve account (or an otherwise designated reserve account) held with the Federal Reserve Banks – For EPN, net credit or debit positions are settled based on an arrangement with the Federal Reserve • RDFI – Settlement between the RDFI and the Receiver is determined by the NACHA Rules, Federal Reserve availability schedules, and agreements – ACH debits are delivered to the RDFI no earlier than one banking day prior to the Settlement date and cannot post prior to the Settlement Date – ACH credits are delivered to the RDFI no earlier than two banking days prior to Settlement Date and should be posted on settlement date (may be posted earlier) • ODFI – Timing of settlement between ODFIs and Originators is determined by the ODFI and the Originator, based on the agreement between these parties 53 Regulatory Landscape for ODFIs • NACHA Operating Rules – All participating DFIs must have an agreement with an ACH Operator binding the DFI to the NACHA Operating Rules – ODFIs must have agreements with TPPs requiring compliance with NACHA Rules • Regulation E – Implements the Electronic Funds Transfer Act and establishes the rights and responsibilities of consumers and financial institutions with respect to ACH transactions • UCC Article 4A – Governs ACH transactions that are not otherwise subject to Regulation E • Regulation D: reserve requirements for participating DFIs • OFAC and AML/BSA – Prohibition on processing for specially designated nationals (SDNs) – Customer Identification Program: must determine whether a client presents a risk of criminal or improper conduct – Compliance programs to prevent illegal use of banking system • Financial Management Service Regulations (31 C.F.R. Part 210) – US Treasury rules for government ACH entries, such as EBT payments 54 Internet Lending: ACH Credit Entry (5) (4) ODFI RDFI ACH Operator (6) (3) (2) (1) Third-Party Processor Funding of loan Originator/Lender Application for credit Receiver 55 Internet Lending: ACH Debit Entry (5) (8) ODFI (4) (6) ACH Operator (7) (9) RDFI (1) (10) (2) Third-Party Processor authorization (3) Originator/Lender Receiver 56 NSF Return of ACH Debit (5) (4) (8) ODFI (3) ACH Operator (6) RDFI Bounced check fee (9) (7) (11) NSF fee (10) ThirdParty Processor (2) Originator/Lender (1) authorization Receiver 57 Charge-Back of ACH Debit ODFI (5) (4) (3) (9) (10) RDFI ACH Operator (1) Account Statement (8) (2) Dispute (60 days) (7) Third-Party Processor (6) Originator/Lender Receiver 58 ODFI Reporting and Return Thresholds • Returns of Unauthorized Entries for any Originator or Third-Party Sender may not exceed 1.0% – – – – – R05 Unauthorized Debit Entry to Consumer Account Using Corporate SEC Code R07 Authorization Revoked by Customer R10 Customer Advises Not Authorized R29 Corporate Customer Advises Not Authorized R51 Item Related to RCK Entry is Ineligible or RCK Entry is Improper • Where NACHA has reason to believe that any Originator or Third-Party Sender has unauth rate > 1.0%, ODFI must – Refute finding that unauthorized returns > 1.0%, or – Submit plan to reduce unauth below 1.0% within 60 days • ODFI must reduce unauth rate below 1.0% within 30 days, and maintain that rate for 180 days 59 Appendix E Online Lending Demographics Overview • Annual Demographic Study • Over 100 different data points • Comparison over 3 years • Trending & Insights 61 Age (-1) (+5) 83% (-1) (-3) (-1) (+1) 62 Education Graduated College 26% (-2) Attended College 41% (+2) Attended or Graduated College (+2) (-2) 67% 63 Household income (-1) (-3) 53% (+1) (+2) 64 [Lender Contact Information]