Exhibit 10.16

NOTARIAL CERTIFICATE

TO ALL TO WHOM THESE PRESENTS SHALL COME, I, TAN SEOK KETT, NOTARY PUBLIC officiating at Lot 333, 3rd Floor, Wisma MPL, Jalan Raja Chulan, 50200 Kuala Lumpur, Wilayah Persekutuan, Malaysia, do hereby certify that 1 have sighted the original copy of the PROCESSING SERVICES AGREEMENT made between MOBILITYONE SDN BHD (“Customer”) of the one part and MASTERCARD ASIA/PACIFIC PTE. LIMITED (“Mastercard”) of the other part which is annexed hereto as the original.

(IN TESTIMONY WHEREOF

(I have hereunto subscribed my

(name and affixed my Seal of

(Office at Kuala Lumpur,

(Wilayah Persekutuan this 24th

(day of September, 2021.

Quod Veritatem attestor

TAN SEOK KETT

Notary Public

Kuala Lumpur

Wilayah Persekutuan

Malaysia.

(THE NOTARY PUBLIC ASSUMES NO RESPONSIBILITY FOR THE CONTENTS OF THE DOCUMENT(S) HEREIN)

 

PROCESSING SERVICES AGREEMENT

This PROCESSING SERVICES AGREEMENT (“Agreement”) is made as of the date on which the party signing later in time executes this Agreement (“Effective Date”) by and between MobilityOne Sdn Bhd (Company No. 200201033972 (601637-T), a Malaysia private limited company with its principal offices at Wisma LMS, No. 6, Jalan Abdul Rahman Idris, Kg. Baru, 50300, Kuala Lumpur, Malaysia, for itself and its Affiliates (collectively, “Customer”), and Mastercard Asia/Pacific Pte. Limited, a Singapore corporation having its office at 3 Fraser Street, DUO Tower, Level 17 Singapore 189352 (“Mastercard”). “Mastercard” shall mean and include its subsidiaries and Affiliates. Unless repugnant to the context, each of ‘Customer’ and ‘Mastercard’ are individually referred to as ‘party’ and collectively as ‘parties’.

1. Definitions. As used in this Agreement, the following terms shall have the meanings ascribed to those terms as hereinafter set forth:

1.1. “Affiliate” shall mean any third party directly or indirectly controlling or controlled by or under direct or indirect common control thereof. For purposes of this definition, the term “control” (including the correlative meanings of the term “controlled by” and “under common control with”) means the possession, directly or indirectly, of the power to direct or cause the direction of the management policies of such third party, whether through the ownership of voting securities or by contract or otherwise.

1.2. “Business Day” shall mean a day (other than a public holiday) on which financial institutions are open in Kuala Lumpur and Singapore;

1.3. “Card’’ shall mean any access device issued by Customer to its Cardholders for purposes of point of sale, ecommerce or ATM Transactions.

1.4. ‘‘Cardholder” shall mean any person who has. or is authorized to use, a Card with Customer and to whom a Card and/or PIN is issued for use in originating transactions.

1.5. “Documentation” means the documentation for Processing Services that is provided to Customer by Mastercard, as may be updated by Mastercard from time to time.

1.6. “Processing Platform” means the hardware, software, process, work flow, and the ideas related to the implementation of the Processing Services, including without limitation, any updates, improvements, modifications, translations, derivative works, and/or related Documentation, along with all intellectual property rights therein.

1.7. “Live Transaction” means a collection of related electronic messages designed to complete a Transaction, for other than test or certification purposes, at an automated teller machine (“ATM”), point of sale (“POS”) device, or other device that accepts Cards for payment or other funds transfer purposes, and that is concluded by a credit or a debit to a Cardholder’s account.

1.8. “Network” means an electronic funds transfer network supported by Mastercard, as specified in the Documentation.

1.9. “Processing Services” means all services provided under this Agreement, as further set forth on Schedule A, attached hereto and hereby incorporated herein.

1.10. “Transaction” means an authorization request, cash withdrawal, payment transaction, refund, account inquiries, reversal, or other financial or non-financial request initiated by a Customer or a Cardholder at an ATM, POS device, or other device that accepts Prepaid, Debit, Credit Cards, physical or virtual, for payment purposes and that is transmitted to Mastercard for processing under this Agreement. For Prepaid Card Transactions, the definition shall be referred to as agreed in Schedule A.

2. Processing Services.

2.1. Processing Services. Subject to the terms and conditions of this Agreement, Mastercard agrees to perform and Customer agrees to accept the Processing Services.

2.2. Intentionally left blank.

Confidential

2.3 Project Plan. Mastercard and Customer agree to develop in good faith, and without commercially unreasonable delay, a detailed conversion and implementation project plan, including specific tasks for each Party and estimated schedule (the “Project Plan”). The parties shall work in good faith to finalize the Project Plan no later than ninety (90) days after the Effective Date of the Agreement. Mastercard shall not be obligated to begin providing Processing Services to Customer until successful completion of the Project Plan which shall be dependent upon timely completion of each responsibility and obligation to be performed by Mastercard or Customer as set forth in the Project Plan or related specification documents. Each party agrees to provide appropriate personnel to support, coordinate and successfully complete the Project Plan in a timely and efficient manner, including without limitation each Party’s assignment of a dedicated project manager. The Project Plan shall be incorporated by reference as Schedule D. The initial implementation, as set forth in the Project Plan, shall be provided for the fees set out in Schedule B hereto. Any additional services, including scope changes, shall be billable on a time and materials basis or other mutually agreed upon basis.

2.4. Future Processing Services. Mastercard may, from time to time during the Term of this Agreement, make additional processing services available to Customer by way of product announcements, technical bulletins, or other written communication. Customer may hereafter commission Mastercard, and Mastercard may accept such commission, to provide such additional processing services as the parties hereinafter agree subject to the terms and conditions of this Agreement. Such commission for additional processing services shall not be effective until the parties have executed a written agreement signed by Customer and Mastercard that contains, at a minimum: (i) a description of the additional processing services to be performed; (ii) the time period in which such additional processing services are to be performed; (iii) the price for such additional processing services; and (iv) any other terms or fees associated with such commission. The parties acknowledge and agree that this Agreement shall apply in respect of any such future processing services unless otherwise mutually agreed by the parties.

2.5. Mandated Modifications to the Processing Services.

2.5.1 Mastercard will not charge Customer for any modifications to the Processing Platform as a result of a Network standard release process (e.g., Mastercard standard releases). If Customer does not implement a Network standard release by the applicable compliance date. Mastercard shall be entitled to charge Customer for any additional services resulting therefrom (e.g., suppression of mandated fields) either on a time and materials basis or by increasing the Processing Services fees. Except as provided above, if any Network, third party service provider, governmental entity or regulator, industry standards setting body, or other third party mandates (or any changes made by such third party require) industry wide modifications that substantially impact the Processing Services, Mastercard may pass on-any related costs or charges upon Fourteen (14) days prior written notification to the Customer; and provided, however, that Mastercard will use reasonable efforts to prorate such charges among its customers using the affected Network, service provider, or technology.

2.5.2 If any Customer-specific modifications to the Processing Services are required by a Network, third party service provider, governmental entity or regulator, industry standards setting body, or other third party, Mastercard may, at Customer’s request and pursuant to a mutually agreed upon timeline and project plan, modify the Processing Services pursuant to Customer’s requirements to be in compliance with such laws or regulations provided that Customer shall pay Mastercard for such services on a time and materials basis.

2.6. Mastercard Mandated Modifications. Mastercard may modify the Processing Services and provided such modifications are made available, without additional charge from Mastercard, and upon reasonable notice, Customer will be required to implement such modifications within the specified time period and upon request from Customer the technical guidance may be provided by Mastercard. If Customer does not implement such mandated modifications, Mastercard may increase the fees associated with the Processing Services.

2.7. Downstream Impacts. Customer shall be solely responsible for all of its internal or third party systems, including those that exchange information from the Processing Services or provide related services. Customer shall be responsible for any retrofitting, customization, and/or testing that is required for such systems to successfully interface with or enable modifications to the Processing Services or Processing Platform.

3. Responsibilities of Customer.

3.1. Instructions and Information. Customer assumes responsibility for the consequence of any instructions or other information given to its customers or to Mastercard by Customer. Customer also assumes responsibility for auditing and balancing the data contained in any reports and for reconciling any out-of-balance condition. Customer will notify Mastercard of any out-of-balance condition that Customer believes to be, or reasonably should have believed to have been, caused by a failure of the Processing Services, by midnight of the third (3rd) Calendar day immediately following the day of receipt of such data by Customer. Mastercard will be notified of any reconcilement issues related to Networks based on Processing Platform activity, within one (1) Business Day of problem identification. Any failure of Customer to notify Mastercard of any out-of-balance condition within such time period waives Customer’s right to an available adjustment.

Confidential

Page 2 of 22

3.2. Cooperation. Customer shall use its best efforts and agrees to cooperate with Mastercard and to provide timely performance of its obligations, including, but not limited to: i) compliance with any requirements contained in any Documentation; ii) providing Mastercard with any reasonably requested information, assistance, access to equipment, and appropriately trained resources in a timely manner; and iii) timely performing such other tasks specified herein. Customer agrees to indemnify and hold harmless Mastercard from and against any and all claims, demands, losses, costs, liabilities and expenses, including reasonable attorneys’ fees related thereto, arising from or attributable to any failure or delay of proper performance of this Agreement arising from any third party engaged by Customer’s for the performance of Customer’s obligations set forth herein.

3.3. Reporting Responsibilities. Customer shall be responsible for any Customer specified reporting that is mandated by a Network or third party service providers. Any fees assessed with respect to such reporting shall be the responsibility of Customer.

3.4. Financial Obligations. Customer will maintain account(s) with such financial institutions as may be required for Network sponsorship and will maintain such balances as may be required for the settlement of Transaction activity, authorized adjustments, and any other financial obligations arising under the Processing Services. Customer is solely responsible for all settlement activity.

3.5. Cardholder Interaction. Mastercard does not undertake any direct relationship or privity with any Cardholders or other third parties. In the event that Customer requests that Mastercard interact directly with any such third parties or Cardholders, Customer shall compensate Mastercard for such interaction on a time-and-materials or other mutually agreed upon basis.

3.6. Commitment. Once Customer has ordered Processing Services from Mastercard (as defined in Schedule A), Customer agrees to obtain that Processing Service exclusively from Mastercard through the Term unless otherwise terminated pursuant to the terms of this Agreement.

3.7. Compliance with Laws. Customer shall be solely responsible for monitoring and complying with any applicable federal laws or regulations (including, without limitation, all applicable anti-money laundering, anti-corruption and anti-bribery laws), as well as any state, local or foreign laws, regulator}’ requirements, or other governing regulations applicable to Customer’s business, its customers or use of the Processing Services (“Vocal Regulations”). Customer shall promptly notify Mastercard of any changes in the applicable Local Regulations that would impact the Processing Services.

3.8. Third Party Products. With regard to any third party products made available through the Processing Services, any third party products shall be used solely in connection with the Processing Services. Customer agrees to indemnify and hold harmless Mastercard and such third party from and against any and all claims, demands, losses, costs, liabilities and expenses, including reasonable attorneys’ fees related thereto, arising from or attributable to any failure or delay of proper performance of this Agreement by Customer or any third party engaged by. Customer for the performance of Customer’s obligations set forth herein.

3.9. Network Access. Customer will provide access for its security administrators and appropriate roles and entitlements for the user profiles. Customer security administrators will provide only Customer authorized users with required system access. Each user will authenticate using: i) software token plus user id and password; or ii) single sign-on. Two factor authentication is required if the Customer chooses to access Portfolio Viewer using single sign -on. Customer will be responsible for providing Internet access, which is required for workstations accessing Portfolio Viewer.

4. Responsibilities of Mastercard.

4.1. Business Continuity and Disaster Recovery. Mastercard will maintain a formal Business Continuity Program (“BCP”) that will include plans for emergency response and management, business recovery, and disaster recovery. These plans will be made available for review to Customer upon request at a mutually agreeable time and location. BCP documentation will not be available for distribution as it contains Mastercard Confidential Information. Mastercard agrees to annually test its BCP and provide confirmation of exercises, upon request. Mastercard will also provide information to Customer required for Customer’s development of BCP plans that work in concert with the Mastercard BCP if requested. Mastercard represents and warrants that disaster recovery plans shall, at a minimum, address (i) the backup and recover}’ of operating systems and applications supporting processing at an alternate facility, (ii) the backup and recovery of critical data received from Customer, and (iii) the operational recovery of Processing Services within the defined recovery time objective, unless otherwise communicated. In the event Mastercard facilities supporting the services are inoperable, Mastercard shall treat Customer no less favorably than Mastercard treats its other customers.

Confidential

Page 3 of 22

4.2. Compliance with Laws. Subject to the provisions of Sections 2.5 and 3.8, Mastercard shall in all material respects comply with all applicable federal laws and regulations to the extent they are applicable to Mastercard as a provider of the Processing Services, including, without limitation, all applicable anti-money laundering, anti-corruption and anti-bribery laws (collectively, the “Applicable Processing Laws”) provided that nothing in the Agreement shall be construed as imposing on Mastercard any compliance obligations applicable to Customer’s business. Notwithstanding the foregoing, in order for Customer to satisfy its obligations and to comply with the relevant requirements under applicable laws, Mastercard shall, upon reasonable request by Customer, share information as mutually agreed and falling in Schedule A- Processing Services- Scope of Activities under this agreement (including available transactional information) with Customer as and when requested. Mastercard authorizes Customer to present the relevant information to regulatory authorities for verification as necessary. Customer may, for the purpose of complying with relevant suspicious transactions reporting and tipping-off requirements under the applicable laws, report, suspicious transactions to the relevant authorities. Customer shall be responsible for all such notification and reporting with relevant authorities and shall immediately notify Mastercard in such case.

4.3. Cooperation. Mastercard agrees to cooperate with Customer and to provide timely performance of its obligations, including, but not limited to compliance with any requirements contained in any Documentation. Mastercard shall provide Customer with any reasonably requested information, assistance, access to equipment, and appropriately trained resources in a timely manner.

4.4. Subcontracting. Mastercard shall have the right to delegate or subcontract the services to be performed under this Agreement to its Affiliates. Mastercard shall have the right to subcontract portions of the services to be performed under this Agreement to any third parties. Mastercard shall remain solely responsible for fulfilling the obligations of this agreement and for the actions or inactions of its subcontractors.

5. Fees, Payment and Taxes.

5.1. Fees. Customer shall pay Mastercard the fees for Processing Services as set forth in Schedule B attached hereto and hereby incorporated herein, as may be amended from time to time. All amounts are specified in U.S. Dollars. The Implementation fees as agreed and set forth in Schedule B will be billable and payable upon contract signing. The Processing Services fees shall begin when Customer processes the first Live Transaction. Mastercard reserves the right to pass through to Customer the amount of any third party Pass-Through Fees. In the event that Mastercard exercise its right to pass through to Customer the amount of the third party Pass-Through Fees, Mastercard shall provide prior written notification to Customer in such manner and in such detail as to enable Customer to have detailed description on matters concerned. For purposes of this section, “Pass Through Fees” shall mean those costs incurred by Mastercard in connection with third part}’ products or services incidental to and necessary for Mastercard’s provision of the Processing Services (including charges imposed by a third party based on Customer’s action or inaction) which shall be itemized and supported by relevant documentation. For example, Pass- Through Fees may relate to telecommunication charges, service charges, postage, network pass-through fees, or other third- party fees. Mastercard may adjust the professional service fees identified on Schedule B annually, provided however that, no such increase shall exceed Fifteen percent (15%) per annum.

5.2. Payment. Each calendar month, Mastercard will provide an electronic invoice to Customer by the fifteenth day of the following calendar month, which sets forth detailed billing for the Processing Services that occurred and the corresponding Fees that are due and payable to Mastercard. Mastercard shall automatically process Customer’s payment of such invoice through the Mastercard Consolidated Billing System (“MCBS”). Al) MCBS policies and guidelines will apply.

5.3. Taxes.

5.3.1 Income Tax. Each party will be solely responsible for its own income taxes in respect of the performance of its obligations under this Agreement.

5.3.2 Indirect Tax. All fees billed under this Agreement are exclusive of any goods and services tax, value added tax, service tax or similar taxes (“Indirect Tax”). If the fees are subject to Indirect Tax, Customer shall pay the amount of Indirect Tax to Mastercard, or shall account for the amount of Indirect Tax to the relevant tax authority, in accordance with applicable laws. Where Indirect Tax is applicable, Mastercard shall provide a valid tax invoice to Customer for the amount, of Indirect Tax, in accordance with applicable laws.

5.3.3. Withholding Tax. To the extent. Customer is required by applicable law to deduct an amount, on account of any withholding tax imposed or levied by the federal, state or local government or any other applicable taxing authority, Customer will withhold and pay such withholding taxes to the appropriate tax authority and pay Mastercard the net amount after deduction of the applicable withholding tax. If deductions for withholding tax have been made, Customer shall, upon request from Mastercard, provide within 10 days, copies of all valid receipts or other documentation required by law or issued by the relevant, tax authority, evidencing that such deduction or withholding was properly remitted to the relevant tax authority.

Confidential

Page 4 of 22

The parties agree that as at the day the last party executes this Agreement, no withholding tax is applicable on the amounts payable to Mastercard under this Agreement. If this situation changes and the withholding tax becomes a cost to Mastercard, both parties agree to discuss in good faith and agree how to consider the charges.

To the extent that an applicable double tax treaty reduces or exempts payments under this Agreement from withholding Lax, the appropriate documents and forms to prove eligibility of benefits under such double tax treaty shall be requested by Customer and provided by Mastercard in a timely manner. Each party agrees to provide, to the extent applicable and in a timely manner, such information or documentation as is reasonably required to substantiate a claim of an applicable tax exemption or applicable benefit pursuant to an applicable tax treaty’. Customer will reasonably cooperate with Mastercard to minimize withholding taxes. However, until all appropriate documentation or treaty procedures are complied with, Customer may make payments without regard to such applicable double tax treaty.

The Customer shall furnish Mastercard with certificates or other evidence supporting applicable exemptions from sales, use or excise taxes. Each Party shall be responsible for its own income taxes, personal property taxes, payroll taxes, and similar taxes.

6. Warranties.

6.1. Mastercard Warranties.

6.1.1. Mastercard warrants that, during the Term, (i) the Processing Services will comply, in all material respects, with all applicable laws and regulations as agreed in section 4.2 of this Agreement , (i) the specifications described in applicable Documentation incorporated herein with reasonable skill, care and diligence; (ii) that all Processing Services will be performed in a workmanlike manner; (iii) that its employees shall have the proper skill, training, and background so as to be able to perform Processing Services in a workmanlike manner; (iv) it has the power to execute, deliver and perform this Agreement; (v) this Agreement is duly authorized and will not violate any provisions of law or conflict with any other agreement to which Mastercard is subject or by which the assets of Mastercard are bound; and (vi) it has all government, licenses, if any, required to conduct its business, and is legally qualified to conduct business in every jurisdiction where it does so.

6.1.2. Mastercard shall not be responsible for the accuracy or adequacy of input material, data, or the resultant output from any inadequate or inaccurate input material or data. The accuracy and adequacy of input shall be judged as received at the Mastercard data processing center. The accuracy and adequacy of output shall be judged as sent from Mastercard.

THE SOLE LIABILITY TO CUSTOMER FOR BREACH OF THE WARRANTIES AND OBLIGATIONS CONTEMPLATED UNDER THIS SECTION 6.1 SHALL BE, WITHOUT ADDITIONAL CHARGE TO CUSTOMER, TO MAKE SUCH CORRECTIONS AS MAY BE NECESSARY TO KEEP THE PROCESSING SERVICES IN OPERATING ORDER IN ACCORDANCE WITH THE SPECIFICATIONS DESCRIBED IN THE DOCUMENTATION, OR IN THE ALTERNATIVE, TO REPROCESS THE INPUT MATERIAL TO PROVIDE ACCURATE AND ADEQUATE OUTPUT.

6.2. Customer Warranties. Customer represents and warrants that, as of the Effective Date, and at all times during the Term: (i) all information provided to Mastercard by Customer in connection with this Agreement, is true and complete in all material respects; (ii) it has the power to execute, deliver and perform this Agreement; (iii) this Agreement is duly authorized and will not violate any provisions of law or conflict with any other agreement to which Customer is subject or by which Customer’s assets are bound; (iv) it has all government licenses, if any, required to conduct its business, and is legally qualified to conduct business in every jurisdiction where it does so; (v) that Customer’s obligations will be performed in a workmanlike manner; and (vi) Customer’s employees shall have the proper skill, training, and background so as to be able to perform Customer’s obligations in a workmanlike manner.

6.3. LIMITED WARRANTIES. CUSTOMER ACKNOWLEDGES THAT IT HAS INDEPENDENTLY EVALUATED THE PRODUCTS AND SERVICES AND THE APPLICATION OF THE PRODUCTS TO ITS NEEDS. EXCEPT AS SPECIFICALLY STATED IN THIS SECTION 6 AND SCHEDULE C, ALL PROCESSING SERVICES PROVIDED BY MASTERCARD ARE “AS IS”, AND TO THE FULLEST EXTENT PERMITTED BY LAW, MASTERCARD MAKES NO WARRANTY, WHETHER STATUTORY, EXPRESS OR IMPLIED, WITH RESPECT TO THE PROCESSING SERVICES, OR THE USE OR ABILITY USE ANY OF THE FOREGOING, INCLUDING, WITHOUT’ LIMITATION, (I) ANY IMPLIED WARRANTIES OF FITNESS FOR PARTICULAR PURPOSE, MERCHANTABILITY, NONINFRINGEMENT, OR TITLE OR IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE; OR (II) THAT ANY OF THE PROCESSING SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE, FREE OF BUGS OR VIRUSES OR OTHER DEFECTS, OPERATE WITHOUT ERROR OR WILL CONTAIN ANY PARTICULAR FEATURES OR FUNCTIONALITY.

Confidential

Page 5 of 22

6.4. Indemnity for Breach of Warranty Claims. Each party agrees to indemnify and hold harmless the other party from and against any and all claims, demands, losses, costs, liabilities and expenses, including reasonable attorneys’ fees related thereto, arising from or attributable to a breach of this Clause 14.

7. Performance. Mastercard agrees that the Processing Services shall be measured against the performance objectives set forth in Schedule C (the “Service Level Objectives” or “SLOs”), which is attached hereto and incorporated herein. The Service Level Objectives shall be measured beginning on the first of the calendar month immediately following the Production Date. For example, if the Production Date is May 21^st, the Service Level Objectives shall be measured and reported for June. The parties acknowledge that in the event that Mastercard should fail to provide the Processing Services in substantial accordance with Schedule C, the damages resulting to Customer, if any, would be difficult to ascertain with any particularity, that the amounts specified therein shall be a fair and reasonable means of approximating the same, and that therefore such amounts are in the nature of liquidated damages and not a penalty. THE LIQUIDATED DAMAGES SET FORTH THEREIN SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY IN THE EVENT MASTERCARD DOES NOT ACHIEVE THE APPLICABLE SERVICE LEVELS.

8. Third Party Products and Processing Services. If, as a part of the Processing Services, Customer requests access to Networks or to other third party service providers, Customer agrees to enter into the appropriate agreements with such Networks or third party service providers, including but not limited to sponsoring financial institutions. Customer agrees to comply with the terms of any such Network or third party service provider agreement, all applicable Network operating rules and regulations, and to pay any fees imposed by Network(s) or third party service providers with respect to Customer. Customer shall indemnify, defend and hold Mastercard harmless from any fees, costs, liability or obligation to the Network or third party service provider arising out of any such agreement or otherwise, unless Mastercard has specifically assumed such fees, costs, liabilities or obligations under this Agreement, and notwithstanding any provision of any such processor” or other agreement signed by Mastercard.

9. Reliance on Customer’s Instructions. Mastercard shall generally receive all necessary instructions, information, and data from Customer. In the event that instructions, information, and data is transmitted directly to Mastercard by third parties authorized by Customer in writing to provide such information on behalf of Customer, Mastercard shall be entitled to rely reasonably upon any instructions, information, and data so provided.

10. Ownership.

10.1. Data Files. Data files include all data (such as transaction data and/or PII, as applicable) provided by Customer (or a third party acting on Customer’s behalf) to Mastercard associated with Transactions processed under this Agreement, including On Us, Mastercard branded or other non-Mastercard branded Transactions (collectively, “Data Files”). Mastercard acknowledges that all Data Files provided by Customer are the property of Customer and that use of and access to such files does not create in Mastercard any right, title, or interest in such files, except as expressly provided in this Agreement. Mastercard shall be able to use Data Files for: (i) the provision of fraud services to Customer and/or other third parties, including protecting against or preventing actual and potential fraud, unauthorized transactions, claims, or other liability; (ii) the processing and/or resolving of chargebacks or other disputes; (ii) analyzing or improving its services, including the security of processing transactions; (iii) preparing and furnishing analyses and other internal and external reports of aggregated, anonymized information provided such information does not identify PII (any such aggregation and anonymization shall be conducted in accordance with commercially reasonable industry standards); (iv) for providing other products or services including those involving data analytics to Customer and other customers or third parties, except that any PII utilized in such products or services will only be provided in aggregated, anonymized form; (v) for the purpose of complying with applicable legal requirements, including, as may be required or requested by any judicial process or governmental agency having or claiming jurisdiction over Mastercard and/or any of its Affiliates and (vi) for other purposes for which consent has been provided by the individual (e.g. cardholder or Customer’s end customer) to whom the Data Files relate.

10.2. Processing Services and Processing Platform. Customer acknowledges that all Processing Services and the Processing Platform are and shall remain the sole property of Mastercard and/or its third party suppliers and that Customer’s use of them does not create in Customer any right, title, or interest in them, except as expressly provided in this Agreement. Customer will implement reasonable security precautions and take appropriate action so as to enable Customer to satisfy its obligations under this Agreement and to prevent the loss or alteration of, or unauthorized access to, the Processing Services and the Processing Platform.

Confidential

Page 6 of 22

11. Use of Information and Security.

11.1. Protection of PII. Personally identifiable information (‘‘PII”) shall be defined as information that identifies a Customer’s Cardholders, which is disclosed to Mastercard pursuant to this Agreement. Customer agrees that Mastercard may store, disclose, and use PII to the extent and in such manner that such storage, disclosure, and use shall be for purposes of performing the obligations of Mastercard under this Agreement or for purposes otherwise permitted under this Agreement, law or regulation applicable to Mastercard. Customer further acknowledges and agrees that Mastercard, in the course of providing Processing Services, may process PII in, store PII in or transfer PII to a country other than the country of issuance; and Customer shall ensure that it provides the appropriate notice to and obtains any necessary consents from Cardholders, including without limitation, for such processing, storage and transfer of PII, including any transfer of PII to another country outside of the country of issuance, as required by applicable law, including without limitation, telecommunication or privacy and data protection laws.

11.2. Safeguards. Each party shall maintain a comprehensive written information security program that includes technical, physical, and administrative/organizational safeguards designed to (i) ensure the security and confidentiality of PII, (ii) protect against any anticipated threats or hazards to the security and integrity of PII, (iii) protect against any actual or suspected unauthorized processing, loss, or acquisition of any PII, and (iv) ensure the proper disposal of PII. In addition, such program shall include regularly testing or otherwise monitoring the effectiveness of the safeguards. Customer acknowledges that Mastercard is regularly audited and tested by third parties, including an annual SSAE 16 examination (or its then current equivalent) and a U.S. federal government intra-agency group led by the FFIEC. Mastercard will provide to Customer information, including reports related to compliance with SSAE 16 that Mastercard makes generally available to its customers to demonstrate Mastercard’s compliance with this section, upon written request from Customer, once per year. The SSAE 16 report shall be a “Type II” report (as specified in SSAE 16).

12. Export Restriction. Regardless of any disclosure made by Customer to Mastercard of an ultimate destination of any Processing Services, Customer shall comply with all applicable export, re-export, and import control laws and regulations of all applicable jurisdictions, and Customer shall not export or re-export, either directly or indirectly, any Processing Services, or other technology received from Mastercard without first notifying Master Card, and obtaining, at Customer’s expense, any- required export or re-export license from the United States Government. Customer confirms that neither Customer nor any of its subsidiaries, nor any entity in which the Customer or any of its subsidiaries possesses, directly or indirectly, the power to direct or cause the direction of the management and policies (a “Controlled Entity”), is (i) a Person, as that term is defined by OFAC, whose name appears on the List of Specially designated Nationals and Blocked persons (an “SDN”) issued by the Office of Foreign Assets Control, U.S. Department of Treasury, (“OFAC”), or (2) is controlled by an SDN. Customer will not. and will not permit any Controlled Entity to, (a) become an SDN; or (b) engage in any activities related to this Agreement with a Person who is identified on the list maintained by the U.S. Treasury Department’s Office of Foreign Assets Control of specially designated nationals and blocked persons subject to financial sanctions. Such list is currently accessible at: www.treas.gov/ofac.

13. Remedy, Damages and Limitation of Liability.

13.1. Consequential Damages. NOTWITHSTANDING ANYTHING HEREIN (INCLUDING IN ANY SCHEDULES HERETO) TO THE CONTRARY. IN NO EVENT SHALL EITHER PARTY BE LIABLE UNDER ANY LEGAL THEORY, INCLUDING TORT, CONTRACT, STRICT LIABILITY OR OTHERWISE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY, DAMAGES, INCLUDING FOR LOSS OF PROFITS, DATA OR GOODWILL, REGARDLESS OF WHETHER SUCH PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES.

13.2. Intentionally left blank.

13.3. Limitation of Action.

NOTWITHSTANDING ANYTHING HEREIN (INCLUDING IN ANY SCHEDULES HERETO) TO THE CONTRARY (EXCLUDING SECTION 13.4). EITHER PARTY SHALL NOT BE LIABLE FOR ANY LOSSES, CLAIMS, DEMANDS, PENALTIES, ACTIONS, CAUSES OF ACTION, SUITS, OBLIGATIONS, LIABILITIES, DAMAGES, DELAYS, COSTS OR EXPENSES, INCLUDING ATTORNEY’S FEES, (FOR PURPOSES OF THIS PROVISION, “LIABILITIES”) OF ANY KIND (WHETHER SUCH LIABILITIES ARE BASED IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE), STRICT LIABILITY, INDEMNIFICATION OR OTHER THEORY AT LAW OR IN EQUITY) UNLESS EACH PARTY PROVIDES THE OTHER PARTY WITH WRITTEN NOTICE OF THE EVENT THAT GAVE RISE TO SUCH ALLEGED LIABILITIES WITHIN SIX (06) YEARS OF EVENT OF OCCURRENCE AND SUBJECT TO PRIOR WRITTEN NOTICE BY EACH PARTY TO THE OTHER PARTY UPON ACTUAL KNOWLEDGE OF THE EVENT’. IN ADDITION TO THE PRECEDING LIMITATIONS, NO ACTION ARISING OUT OF THIS AGREEMENT MAY BE BROUGHT BY CUSTOMER OR MASTERCARD AGAINST THE OTHER MORE THAN SIX (06) YEARS FOLLOWING THE EVENT THAT GAVE RISE TO THE ACTION.

Confidential

Page 7 of 22

13.4. Limitation of Liability. NOTWITHSTANDING ANYTHING HEREIN (INCLUDING IN ANY SCHEDULES HERETO) TO THE CONTRARY, AND EXCLUDING LIABILITY FOR NON-PAYMENT, NON-COMPLIANCE. BY THE CUSTOMER OF FEES DUE UNDER THIS AGREEMENT AND EXCLUDING SECTION 3.2, 3.8, 6.4,9,14.1 OF THIS AGREEMENT THE MAXIMUM AGGREGATE LIABILITY OF EITHER PARTY, IN ALL EVENTS, TO OTHER PARTY OR ANY THIRD PARTY FOR CLAIMS ARISING OUR OF OR RELATING TO THIS AGREEMENT OR THE PROCESSING SERVICES (INCLUDING, WITHOUT LIMITATION, INDEMNIFICATION OBLIGATIONS HEREUNDER) SHALL BE LIMITED TO THE FEES (EXCLUDING PASS-THROUGH FEES) ACTUALLY PAID OR PAYABLE BY CUSTOMER TO MASTERCARD FOR THE PROCESSING SERVICE GIVING RISE TO SUCH LIABILITY HEREUNDER DURING THE SIX (06) MONTH PERIOD IMMEDIATELY PRECEDING THE. EVENT GIVING RISE TO LIABILITY.

13.5. Intentionally left blank.

13.6. Mastercard Damages. Customer acknowledges that it is difficult to determine the exact damages that Mastercard will suffer as a result of any improper termination of this Agreement by Customer. As a result, if Customer improperly terminates this Agreement or if Mastercard terminates this Agreement for Customer’s material breach (including without limitation, failure to complete the full conversion within a year of the milestones set forth in the Project Plan unless mutually agreed upon by both parties), Mastercard shall be entitled to the immediate payment by Customer of: (i) all fees earned but not paid prior to the date of termination; (ii) Mastercard’s then-applicable termination, deconversion and/or change-over fees; and (iii) full payment of all amounts that Mastercard would otherwise be entitled to receive had this Agreement not been terminated (such amounts shall include all fixed, monthly, or annual fees during the remaining unperformed Term, as well as any minimums or similar fees applicable to the remaining unperformed Term of the Agreement). If payment of all amounts that Mastercard would otherwise be entitled to receive had this Agreement not been terminated in subsection (iii) above is not readily ascertainable, then the amount to be paid by Customer, pursuant to subsection (iii) above, shall be the average monthly Transaction, unit, or similar fees charged to Customer for the Processing Services(s) during the six (6) months preceding the date of termination (or if in production less than six (6) months, the monthly fees shall be deemed as agreed in Fees Schedule of this Agreement for purposes of this provision) multiplied by each full or partial month remaining and unperformed. The amounts payable under this provision will be paid as liquidated damages and not as a penalty. This Section shall apply notwithstanding any other provision of this Agreement to the contrary. In the event of a conflict between this section and any other section of this Agreement, the terms of this section shall govern.

13.7. Risk Allocation. The parties acknowledge that circumstances could arise entitling a party to damages or rescission arising from a failure by the other party to perform its obligations under this Agreement and have agreed, in all such circumstances, that the remedies of the non-defaulting party and the liabilities of the defaulting party shall be limited as set forth in this Agreement. ‘The parties further acknowledge and agree that the provisions of this Agreement, including specifically this Section 13 and Section 6, represent a reasonable allocation of the risks under this Agreement. The willingness of Mastercard to provide the Processing Services for the fees herein reflects this allocation of risk and the limitations of liability specified herein.

14. Indemnification.

14.1. Customer Indemnification. Except as provided by Section 14.2 below and damages resulting from the. gross negligence or willful misconduct of Mastercard, Customer shall indemnify, defend, and hold Mastercard harmless from any and all claims, demands, and causes of action of any kind made against Mastercard by a third party for any damages (including lost profits and any direct, incidental, consequential, special, indirect, or punitive damages) arising out of or related to: i) Customer’s use of the Processing Services provided under this Agreement, ii) misuse or unauthorized access or compromise of the Processing Platform or any data therein from any security breach, intrusion or failure of Customer’s information security systems.

Confidential

Page 8 of 22

14.2. Mastercard Indemnification.

14.2.1. Mastercard shall, to the extent responsible for the performance of obligations under this Agreement, indemnify, defend,, and hold Customer harmless from any and all claims, demands, and causes of action of any kind made against Customer by a third party for any damages (including lost profits and any direct, incidental, consequential, special, indirect, or punitive damages) clairning that any Processing Service provided to Customer under this Agreement infringes a United States patent or United States copyright provided, that Customer (i) promptly notifies Mastercard of any third party claim subject to indemnification hereunder, (ii) gives Mastercard the right to control and direct the preparation, defense and settlement, of any such claim, and (iii) gives reasonable assistance to Mastercard for the defense of same (at no cost to Customer). The foregoing provisions shall not apply to any infringement arising out of: (i) use of the Processing Services other than in accordance with the Documentation or instructions supplied by Mastercard; (ii) any alteration, modification or revision of the Processing Services made by Customer or any third party; (iii) information or materials Page 8 of 23 provided by Customer or any third party on Customer’s behalf; (iv) the combination of the Processing Services with materials not supplied by Mastercard; or (v) value added products or services that are provided by Mastercard through an independent agreement (which agreement shall govern with regard to any relevant indemnification obligations). In the event any of the Processing Services, or any portion thereof, is held, or in Mastercard’ reasonable opinion is likely to be held to constitute infringement, Mastercard will, if commercially reasonable, within a reasonable time, at its option and sole expense, either: (i) secure for Customer the right to continue the use of such infringing item; (ii) replace such item or (iii) modify such item so that it becomes non-infringing. In the event Mastercard is, using reasonable discretion, unable on commercially reasonable terms to procure the right to continued use of the allegedly infringing item or replace or modify the allegedly infringing item as provided in clauses (i), (ii) and (iii) of the immediately preceding sentence, either party may terminate this Agreement to the extent of such infringing aspect of the Processing Service, and in the event of such termination, Customer shall be released from its exclusivity obligations set forth in Section 3.7 to the extent of such infringing aspect. This Section 14.2.1 contains the entire liability of Mastercard for any such alleged infringement. Mastercard’s total liability under this provision shall not exceed fees charged to Customer for the Processing Services(s) during the Eight (08) months preceding the date of claim.

14.2.2. Mastercard shall also, to the extent responsible for the performance of obligations under a this Agreement, indemnify, defend, and hold Customer harmless from any and all claims, demands, and causes of action of any kind made against Customer by a third party for any damages (including lost profits and any direct, incidental, consequential, special, indirect, or punitive damages) claiming that Mastercard is in breach of the privacy requirements of the Fair Credit Reporting Act, the Financial Services Modernization Act of 1999 and Title V of the Gramm-Leach-Bliley Act and their implementing regulations, but only to the extent those statutes and regulations govern Mastercard operations. THIS SECTION 14.2.2 CONTAINS THE ENTIRE LIABILITY OF MASTERCARD FOR ANY SUCH ALLEGED BREACH OF PRIVACY REQUIREMENTS.

14.3. Indemnification Process. If a party entitled to indemnification hereunder (the “Indemnified Party”) becomes aware of any claim it believes is subject to indemnification hereunder, the Indemnified Party will give the other party (the “Indemnifying Party”) prompt notice thereof. Such notice (the “Claim Notice”) shall (i) provide the basis on which indemnification is being asserted, and (ii) be accompanied by copies of all relevant pleadings and other papers related to the claim and in the possession of the Indemnified Party. The Indemnifying Party may assume, at its sole option, control of the defense of the claim by sending notice of such assumption to the Indemnified Party on or before thirty (30) days after receipt, of the Claim Notice to acknowledge responsibility for the defense of such claim and undertake, conduct and control, through reputable independent counsel of its own choosing and at the Indemnifying Party’s sole cost and expense, the settlement or defense thereof. The Indemnified Paity shall cooperate, at the expense of the Indemnifying Party, with the Indemnifying Party and its counsel in the defense, and the Indemnified Party shall have the right to participate, at its own expense, in the defense of such claim. The Indemnifying Party shall obtain the Indemnified Party’s consent to any compromise or settlement of a claim to the extent such compromise or settlement affects the rights of such Indemnified Party, which consent shall not be unreasonably withheld or delay ed.

15. Confidentiality.

15.1. Confidential Information. “Confidential Information” means all information disclosed by one party (“Discloser”) to the other Party (“Recipient”) (in writing, orally or in any other form) that is identified at time of disclosure as confidential or should have reasonably been known by Recipient to be confidential (including, without limitation, trade secrets and unpublished patent applications, and, for Mastercard, the Mastercard Processing Platform and all components thereof or any data and information contained therein), together with any documents prepared by Recipient that contain, otherwise reflect, or, in whole or in part, are generated from such disclosed information. Confidential Information does not include information or material that (i) is now, or hereafter becomes, through no act or failure to act on the part of Recipient, publicly known or available, (ii) is or was known by Recipient al or before the time such information or material was received from Discloser, as evidenced by Recipient’s tangible (including written or electronic) records, (iii) is furnished to Recipient by a third party that is not under an obligation of confidentiality to Discloser with respect to such information or material, or (iv) is independently developed by Recipient or on behalf of Recipient without any use of Discloser’s Confidential Information.

15.2. Protection and Use. During the Term and for a period of three (3) years thereafter, each party shall take ail reasonable measures to protect the confidentiality of the other party’s Confidential Information in a manner that is at least as protective as the measures it uses to maintain the confidentiality of its own Confidential Information, but not. less than a reasonable standard. Each Recipient shall hold the other party’s Confidential Information in strict confidence and shall not disclose, copy, reproduce, sell, assign, license, market, transfer or otherwise dispose of such information, or give or disclose such information to third parties, or use such information for any purpose other than as necessary to fulfill its obligations or exercise its rights under this Agreement. Notwithstanding the foregoing. Recipient may disclose Discloser’s Confidential Information (i) to employees, consultants and subcontractors that have a need to know such information, provided that Recipient shall advise each such employee and consultant of their obligations to keep such information confidential, and (ii) to the extent that Recipient is legally compelled to disclose such Confidential Information pursuant to subpoena or the order of any governmental authority; provided that, where possible and permitted by applicable law, Recipient shall give advance notice of such compelled disclosure to Discloser, and shall cooperate with Discloser in connection with efforts to prevent or limit the scope of such disclosure and/or use of the Confidential Information.

Confidential

Page 9 of 22

15.3. Return of Confidential Information. Except as otherwise stated in the Documentation, upon termination of this Agreement and the concomitant completion of a party’s obligations under this Agreement, Recipient shall return to Discloser, or, at Discloser’s request, securely destroy all Confidential Information in Recipient’s possession. Notwithstanding the foregoing, Recipient is not obligated to destroy Confidential Information (i) commingled with other information of the Recipient if it would be a substantial administrative burden to excise such Confidential Information, (ii) contained in an archived computer system backup made in accordance with Recipient’s security or disaster recovery procedures, or (iii) required to be retained pursuant to applicable law, regulatory requirements or post-termination obligations as stated in the Documentation, provided in each case that such Confidential Information remains subject to the obligations of confidentiality in this Section 15 until the eventual destruction.

15.4. Notification. In the event of any material disclosure or loss of, or inability to account for, any Confidential Information of the furnishing party, the receiving party will notify the furnishing party promptly upon the occurrence of any such event.

16. Term and Termination.

16.1. Term. The term of this Agreement (“Term”) shall commence on the Effective Date and expire on the last day of the month which is 60 months from the date in which Customer processes the first Live Transaction in full production (which shall not include any limited pilot or testing phase) with a majority of Customer’s Cardholder accounts enabled on the Processing Platform (“Production Date”), subject however, to (i) renewal or (ii) earlier termination in each instance as provided herein. The Term shall automatically be renewed for additional periods of twenty-four (24) months unless one party provides the other party at least one hundred and twenty (120 days’ notice of its intention not to renew prior to the then-current expiration date.

16.2. Termination.

16.2.1. Termination by either Party. Either Party may terminate the Agreement in its entirety, effective ninety (90) days after receipt of written notice of a material breach to the other party that, remains uncured prior to the effective date of termination; except that, if the material breach is Customer’s failure to pay any monies as required by the Agreement, Mastercard may terminate the Agreement in its entirety, effective ten (TO) days after written notice of such default is received by Customer if the non-payment is not cured prior to the effective date of termination.

16.2.2. Either party may also terminate this Agreement in its entirety, effective immediately upon written notice, if the other party (i) becomes insolvent, (ii) is declared bankrupt, (iii) is placed under receivership, (iv) makes an assignment for the benefit of creditors; (v) commences any proceedings for the winding up of its business, dissolution or liquidation, or (vi) ceases to pay its debts as they come due.

16.2.3. Termination by Mastercard. At any time, Mastercard may terminate any Service provided hereunder and the associated Documentation upon (180) days’ notice, if (i) Mastercard discontinues the Service in one or more of the countries in the Territory, or (ii) if Mastercard has received a claim or notice alleging that such Service infringes or violates a third party’s Intellectual Property Right, or (iii) for any other reasonable cause which is beyond the control of Mastercard. However, in the event that Mastercard is prevented from performing its obligations under this Agreement due to a change in applicable law or regulations, Mastercard may provide Sixty (60) days’ notice of termination. Upon expiry of the said notice period the Agreement shall terminate automatically and Mastercard shall incur no liability with respect to such termination.

16.2.4. Termination of this Agreement shall not relieve either party from any obligation accrued through the date of termination or from any terms and conditions in this Agreement, that continue beyond termination.

16.3. Parties hereby agree that this agreement, may also be Terminated through mutually agreed Termination agreement.

16.4. No Early Termination. No early termination of this Agreement is permitted under any circumstances except for those set forth in this Agreement. Save and except for the termination by Mastercard pursuant to Clause 16.2.3 which Customer shall not be liable to pay the Early Termination fees to Mastercard, Customer agrees to pay Early Termination fees for early termination in case of any event leading to early termination as set forth on Schedule B.

Confidential

Page 10 of 22

16.5. Transition Assistance. Upon termination or expiration of this Agreement, Mastercard shall provide reasonable transition assistance to Customer in exchange for (1) the advance payment to Mastercard of an amount, equal to three (3) months of its then-current charges for such services (“Transition Deposit”) and (2) Customer’s continuous payment of all applicable fees as set forth in Schedule B. This duty to provide reasonable transition assistance shall continue for up to ninety (90) days following the termination or expiration of this Agreement. In the event of improper early termination by Customer or termination of this Agreement by Mastercard based on Customer’s material breach: i) Mastercard shall promptly provide to Customer al) raw customer data (in the standard form that is exported by the applicable system); ii) Mastercard will prepare, following Customer’s request, a transition plan that the parties will mutually agree upon prior to Mastercard performing any transition assistance; and iii) Mastercard shall have no obligation to provide transition assistance to Customer. Upon Mastercard’s completion of the provision of transition assistance to Customer, Mastercard shall refund the Transition Deposit to Customer, less any amounts owed to Mastercard in connection with this Agreement. In the month that is four (4) months prior to the completion of the transition, the parties shall in good faith adjust the amount of the Transition Deposit so that it is sufficient to compensate Mastercard through the end of the transition. Mastercard’s charges for the last three (3) months of the transition period shall be deducted from the Transition Deposit; any amount remaining in the Transition Deposit shall promptly be paid by Mastercard to Customer and any shortfall shall promptly be paid by Customer to Mastercard. Notwithstanding the foregoing, in the event the termination of this Agreement is due to the fault of Mastercard, Customer shall not be liable to pay to Mastercard the Transition Deposit and the associated cost and charges relating to transition assistance.

16.6. Equipment Return. Any equipment provided by Mastercard (and not otherwise purchased by Customer pursuant to this Agreement) and placed at Customer’s site during the Term of this Agreement must be returned at expiration or termination of this Agreement. Customer will pay to Mastercard an amount equal to the replacement cost of any equipment not returned to Mastercard within thirty (30) days after expiration or termination. The equipment may include, but is not limited to ATM modems, workstations, and other telecommunications equipment. If Customer chooses to reconfigure its telecommunications system during the Term of this Agreement, and such reconfiguration calls for the early return of equipment or lines provided by or through Mastercard, Customer shall be responsible for and invoiced for any charges or fees assessed due to early termination of the telecommunications services.

17. Miscellaneous.

17.1. Records. Each party agrees to maintain its books and records relating to the fees and other costs and expenses under this Agreement for not less than seven (7) years (or if applicable, such longer period mandated by local auditing or regulatory requirements) after the Processing Services have been performed and/or all fees for the Processing Services have been paid.

17.2. Audit.

17.2.1. Mastercard shall have the right, during the Term of this Agreement and for three (3) years thereafter, upon prior notice and a mutually agreeable time to conduct a review of the books and records of Customer to determine or to verify the compliance of Customer with its obligations under this Agreement, including the payment of fees.

17.2.2. In accordance with the terms of this provision, Mastercard shall, upon prior notice and a mutually agreeable time, and no more than once annually, permit representatives of Customer or its designee (with the approval of Mastercard) to examine and verify Mastercard’s compliance with its obligations under this Agreement with respect to (i) the Processing Services, (ii) the safeguarding and use of Customer’s Confidential Information, and (iii) the detection, prevention, and mitigation of an actual or attempted theft or misappropriation of Personal Data. Such examination and verification activities may include only the conducting of information security assessments (“ISA”) of Mastercard and of Mastercard’s practices and procedures, which ISAs may consist of (i) verbal responses from Mastercard or its personnel to verbal questions posed by Customer, (ii) visits to locations where (or from where) Customer’s Confidential Information may be stored, processed, administered or otherwise accessed, and (iii) review of records and files in Mastercard’s possession relating to the system for the purposes specified above, after determining that such a review will not be in violation of applicable law or regulation or Mastercard policies and standards. Customer will schedule and conduct such ISAs in a manner that does not unreasonably interfere with Mastercard’s business operations. No auditing or testing of controls will be permitted during any ISA. Mastercard reserves the right at its sole discretion to determine what information may be released in order to avoid disclosure of any sensitive or proprietary information. Should the findings of an ISA disclose or indicate security problems or concerns, Customer will detail such findings in a notice to Mastercard. Mastercard will consider the recommendations from Customer and, as determined in Mastercard’s sole discretion, implement such recommendations and provide to Customer a date for implementation. Customer acknowledges that the findings of any ISA shall be deemed to be Mastercard’s Confidential Information; provided however, the Customer shall be entitled to distribute and use the findings of any ISA in order to show to any auditor or regulatory compliance with its applicable laws or regulations or data security policies. In the event that a regulatory agency audit or review of Customer identifies security problems or concerns with the system or any Application, the Parties will work together to resolve and if possible, to take the appropriate corrective action for these security problems or concerns as they relate to the system or any Application.

17.3. Cumulative Remedies. Except where otherwise specified, the rights and remedies granted to a party under the Agreement are cumulative and in addition to, and not in lieu of, any other rights or remedies which a party may possess at law or in equity.

Confidential

Page 11 of 22

17.4 Notices. All notices delivered under this Agreement shall be in writing and deemed to be given (i) when actually received if delivered personally, (ii) two (2) days after the date deposited with the US Postal Service if sent by certified or registered mail, and (iii) one (1) day after the date delivered to a reputable next-day courier service. Notices will be sent to the address set forth in the preamble of the Agreement to the attention of: (x) in the case of Mastercard, the signatory, with a copy to General Counsel/Legal Department; and (y) in the case of Customer, the signatory. Notice will be deemed given upon the date of receipt or, if receipt is refused, upon tender of delivery by the courier. Either party may change such address by giving notice in accordance with this Section. Any notice required by this Agreement, regardless of whether the applicable subsection of this Agreement may be sent via email to authorized person.

17.5 Good Faith Dispute Resolution. Before either Party initiates a lawsuit or other legal proceeding against the other Party relating to this Agreement, the Parties agree to work in good faith to resolve all disputes and claims arising out of or relating to this Agreement, the Parties’ performance under it or a breach of this Agreement. Either Party may request, after informal discussions have failed to resolve a dispute or claim, that, each Party shall designate an officer (or other management employee with authority to bind the Party) to meet in good faith and attempt to resolve the dispute or claim. During their discussions, each Party will honor the other’s reasonable requests for information relating to the dispute or claim. This paragraph will not apply if (i) the expiration of the statute of limitations for a cause of action is imminent, or (ii) injunctive or other equitable relief is necessary to mitigate damages.

17.6 Miscellaneous.

17.6.1. The failure of either party to insist upon or enforce strict performance by the party any provision of this Agreement, or to exercise any right under this Agreement, shall not be construed to be a waiver or relinquishment to any extent of such party’s right to assert or rely upon any such provision or right in that or any other instance; rather the same will be and remain in full force and effect. No waiver by a party shall be effective unless expressly made in writing.

17.6.2. In the event that any provision of this Agreement conflicts with the law under which the Agreement is to be construed or is held invalid by a court with jurisdiction over the parties to the Agreement, (i) such provision will be deemed to be restated to reflect as nearly as possible the original intentions of the parties in accordance with applicable law, and (ii) the remaining provisions of this Agreement will remain in full force and effect. The captions in this Agreement are included for convenience only and shall not affect the meaning or interpretation of this Agreement..

17.6.3 .Neither party may assign or transfer its rights or obligations granted under this Agreement (including without limitation, by way of sale of any Cards subject to this Agreement), by operation of law, contract or otherwise, without, the other party’s prior written consent, such consent not to be unreasonably withheld; provided, however, that Mastercard may, without the consent of Customer, delegate any obligations under this Agreement or assign this Agreement in whole or in part to an Affiliate capable of performing Mastercard’s obligations hereunder. This Agreement shall be binding upon and inure to the benefit, of the successors and permitted assigns of each party.

17.6.4. This Agreement constitutes the entire agreement between Mastercard and Customer with respect, to the subject matter set forth in this Agreement, and supersedes any prior written or oral agreement or understanding relating to this subject matter.

17.6.5. This Agreement is independent of any other Agreement executed between the parties, including without limitation, any agreements related to the Mastercard Network or any other Mastercard products or services. Any such Network or other products and services shall be provided solely pursuant to the terms and conditions of such independent agreement and shall not otherwise be subject to the scope of this Agreement. This Agreement may not be modified except by written agreement dated after the date of this Agreement and signed by an authorized representative of each of the parties.

17.6.6 Governing Laws and Jurisdiction

(i) This Agreement will be governed under the laws of Singapore. The courts of Singapore shall have the non-exclusive jurisdiction to hear any disputes relating to this Agreement.

(ii) Contracts (Rights of Third Parties) Act

The Contracts (Rights of Third Parties) Act, Cap. 53B shall not under any circumstances apply to this Agreement and any person who is not a party to this Agreement (whether or not such person shall be named, referred to, or otherwise identified, or shall form part of a class of persons so named, referred to, or identified, in this Agreement) shall have no right whatsoever under the Contracts (Rights of Third Parties) Act, Cap. 53 B to enforce this Agreement, or any of its terms.”

Confidential

Page 12 of 22

17.6.7, This Agreement may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same document. The parties expressly acknowledge that the terms and conditions of this Agreement have been the subject of review, discussion, and participation by both parties. If there is any conflict or inconsistency between the Agreement and a Schedule to this Agreement., then priority shall be given to the Schedule

17.7. Equitable Relief. Recognizing that money damages may not be an adequate remedy in the event of a breach of the provisions of this Agreement regarding confidentiality, privacy and data protection and intellectual property and that such a breach may cause immediate and irreparable harm, the parties shall have the right to seek equitable relief, including injunctive relief and specific performance, without the necessity of posting any bond in connection therewith.

17.8. Trademark. Except as set forth in this Agreement, neither party is granted any rights under this Agreement to use any trademark, trade name or service mark, which belongs or is licensed to the other party. However, either party shall be entitled to use the other party’s trademark, trade name or service mark in connection with a factual client or vendor list. To the extent, a party prevails in a suit at law or in equity for the purpose of enforcing trademark rights, the other party understands and agrees that such prevailing party shall be entitled to recover its reasonable attorneys’ fees plus court costs and expenses.

17.9. Publicity. The parties shall cooperate to create an initial press release upon execution of this Agreement, as well as subsequent public communications, and neither party shall issue any news release, public announcement, or any other form of publicity in connection with this Agreement and/or referring to the other party without first, obtaining the written approval of the other party.

17.10. Independent Contractor Relationship. Mastercard and Customer are independent contractors and nothing contained in this Agreement will be deemed to create an employment, association, partnership, joint venture, agency or other relationship between or among the parties or any of their respective personnel.

17.11. Force Majeure. Neither party shall be liable for loss or damage or for any delay or failure to perform its obligations (other than payment of fees) under this Agreement, to the extent such loss, damage, delay or failure is caused by an act of God, natural disaster, fire, strike, embargo, war, threat of terrorism, insurrection, riot, denial of service attack or other cause or circumstance beyond the reasonable control of the party; provided however that the foregoing shall not be deemed to excuse any failure by such party to take reasonable action to minimize the scope) extent, duration and adverse effect of any such event.

17.12. Survival of Terms. The termination, for any reason, of this Agreement will not affect (i) the rights of either party against, the other that have accrued on or prior to the termination, or (ii) any provision that, by its nature, survives the termination of this Agreement, including the following Sections entitled “EXPORT RESTRICTION,” “CONFIDENTIALITY,” “INDEMNIFICATION,” “REMEDY, DAMAGES AND LIMITATION OF LIABILITY,” “TRANSITION ASSISTANCE,” “EQUIPMENT RETURN,” and “MISCELLANEOUS,” which shall survive any termination of this Agreement.

IN WITNESS WHEREAS, each party has caused its duly authorized representatives to execute this Agreement as of the Effective Date.

Mastercard		Customer
Mastercard Asia/Pacific Pte. Ltd.		MobilityOne Sdn Bhd
Signature:	/s/ Benjamin Gilbey	Signature:	/s/ Dato’ Hussian A Rahman
Name:	Benjamin Gilbey	Name:	Dato’ Hussian A Rahman
Title:	Senior Vice President,	Title:	Chief Executive Officer
	Digital Consumer Solutions, Asia Pacific
Date: 29 April 2021		Date: 26th April 2021

Confidential

Page 13 of 22

Schedule A

Processing Services

1. Scope: Prepaid Card Processing Services

1.1 Mastercard Prepaid card processing Services

a) Mastercard prepaid card processing under a hosted model as Mastercard member

b) Certification of the BIN as per norms specified by Mastercard

c) Program set up and configurations as specified by Mastercard and Bank

d) Authorization, clearing and settlement file generation and processing

e) API’s for Prepaid card lifecycle management

f) Chargeback processing

g) ACS- Access Control Services also known as Authentication Control Server (ACS) Services

2) With Respect to Prepaid Card, “Transaction” means an authorization request, payment transaction, refund, account inquiries, reversal, or other financial or non-financial request initiated by a Customer or a Cardholder at POS device, or e- commerce transaction that accepts Prepaid Cards for payment purposes and that is transmitted to Mastercard for processing under this Agreement.

3) A detailed listing of Interface Development, Service Offerings, Deliverables, Project Plan, Timelines, and Message specifications will be listed in the ‘Charter of Project Deliverables’ (CPD) which will be agreed between Mastercard and Customer and shall be subject to change from time to time.

4) The processing Services will be applicable for Mastercard Branded Network cards

Confidential

Page 14 of 22

5) Parties hereby agree for below Scope Of Activities (roles and responsibilities) –

#	Scope Of Activities	Customer	Mastercard
1	Program Initiation
1.1	Bin Ownership	√
1.2	Card & Packaging Designs	√
1.3	Program Definition - Bin range, card type, fees, charges, limits, etc.	√
1.4	Program Configuration		√
2	Application Onboarding (KYC, data entry, collateral repository, etc)	√
2.1	Pre-checks of regulator requirements (KYC / AML) before card provisioning via API or bulk file	√
3	Non-Personalized and Personalized (personal details with photo) Prepaid Card Issuance
3.1	Bulk card production - number of quantity required	√
3.2	Bulk card production - batch process in Mastercard Processing card system		√
3.3	API enablement and usage (cardholder events like: load, registration/sale): list of API’s provided in the detailed Charter of Project Deliverables		√
3.4	Personalized (photo): sharing of normal device registration request with Card Number Alias	√
3.5	Generation of embossing file (personalized, non-personalized and personalized with photo) and sharing to card perso vendor		√
4	Card Personalization & Pin Printing
4.1	Card personalization relationship owner	√
4.2	Embossing file generation & transmission to card personalization		√
4.3	Sharing of Cardholder photo appending Card Number Alias in the file name to card perso vendor	√
5	Transaction Management, Clearing and Settlement
5.1	Online Authorisation and Debiting		√
5.2	Transaction Incoming Clearing file & Processing		√
5.3	Conversion Rate - Mastercard Network rate update		√
5.4	Currency Conversion - Auth, Clearing, Limits validation		√
5.6	Load of wallets via Payment Gateway or APIs	√
5.5	Transaction matching & ageing		√
5.7	Maintaining Adequate Funds in the Settlement Nostro Accounts	√
5.8	Daily Reports Generation		√
5.9	Customer Alerts - Email Alert		√
5.10	Regulatory and Compliance Reporting to Regulators	√
5.11	Regulatory and Compliance of TPP infrastructure to all relevant (Mastercard, PCI, BNM, etc) regulators, (Mastercard shall support with reports requested by Customers) and Customer shall support with required documentation requested by Mastercard.	√	√
6	Cardholder Communications
6.1	Call Center	√
7	Dispute Management and Risk Monitoring
7.1	Dispute Management: tracking of cases and decisioning		√
7.2	Dispute Management: cardholder communication	√
7.3	Chargeback file staging		√
7.4	Risk Report - Configuration	√
7.5	Risk Report - Generation		√
7.6	Risk Report Monitoring	√
8	User Administration
8.1	Customer Portal (Back office) User & Role Creations		√
9	Reports & Dumps
9.1	Generating Reports from Customer Portal (Back office)	√
9.2	Generating data dumps		√

Confidential

Page 15 of 22

SCHEDULE B - Fees

A. Implementation Fees

1.1 Implementation Fees
Service Name	Service Description (Prepaid Processing Services)	Unit of Measure	Base Price
1. Implementation Fee	a)    Implementation fee to deliver the agreed core functionality will be billable and payable upon contract signing. b)    This fee shall be adjusted with the Customer Business Agreement and Customer shall not be required to pay this fee to Mastercard under this agreement separately unless mutually agreed by the Parties. c)    For Mastercard Processing this fee contributes toward the cost of the delivery of the agreed scope which covers the implementation effort and is limited to the timeline agreed to between the parties reflected in the approved and signed off Project Plan. d)    Any additional development required or delays will be charged in addition to the Implementation Fee per hour of additional effort, at the Professional Services rate captured below.	One-time fee	USD 75,000/- Waived as part of Mastercard incentives

B. Fees

B. Card Processing
Service Name	Service Description	Unit of Measure	Base Price (USD)	Details
Platform Fee	Platform fee is a fixed fee charged to issuer for using the platform, independently from volumes of cards issued or transactions processed in the billing period.	Per Month	USD 5,000/- per month	Monthly Billing
Per Transaction	This fee is calculated on per month transaction al the end of every month. This fee is assessed based on the number of transactions , which are initiated by cardholders by using the card. Per transaction shall include following but shall not be limited to: - Purchase / Unique / Purchase with Cashback / Recurring (QR / POS/ Ecomm / PreAuth / Mail / Tele order) with reversal - Cash Withdrawal with reversal - Refund with reversal - Send / Visa Money Transfer receive & originate with reversal - Cash Advance / Cash at Point of Sale with reversal.	Per Transaction	USD 0.025	Monthly Billing
	For the avoidance of doubt, the fee should exclude non- financial messages, API calls from Customer’s system, or transactions affected via API calls.
Card Residency Fee	The card residency fee is charged for each such card registered on the system, the assessed fee will be calculated and charged monthly basis the number of cards al the end of each month	Per card per month	USD 0.1 per month	Monthly Billing

Page 16 of 22

C. Value Added Services

C.1.3 DS Authentication (ACS)
Service Name	Service Description	Unit, of Measure	Base Price	Expected on First invoice? / Billing period
Implementation Fee	Implementation to Set up for 3D Secure This fee contributes towards the cost of Implementation and delivery of scope which will cover implementation efforts.	One-time fee	USD 30,000/-	As agreed in Base price
ACS / 3D Secure Transactions	This fee is charged monthly based upon the number of transactions assessed by 3DS service.	Per Transaction	USD 0.03	Monthly Billing
OTP SMS	Will integrate to and utilize MobilityOne’s SMS gateway	N/A	N/A	N/A

C.2. On-behalf chargebacks
Service Name	Service Description	Unit of Measure	Base Price	Expected on First, invoice? / Billing period
Implementation Fee	Setup on-behalf chargebacks for Customer’s Cardholders	One-time fee	USD 8,000	Yes
Chargeback	This fee is charged monthly based upon the number of chargeback rounds	Per round of chargeback	USD 18 with minimum monthly fee of USD 700	Monthly Billing

D. Other Charges

2.4 - Configuration & Association Charges
Service Name	Service Description	Unit of Measure	Base Price	Expected on First invoice?
Professional Services	In the event that the standard system offering does not meet all functionality required by the Customer custom programming may be considered. These fees are assessed on an hourly basis where professional services (including training, project management & Testing) are required to implement the change. Travel & other related expenses will be billed through at cost.	Per Hour	To be agreed between the parties	No

E. Fees for Earlier Termination by Customer without cause or fault of Mastercard

(i) The contract duration is 5 years subject to extension or renewal read with section 16.1 of this Agreement. Mastercard may agree an earlier termination of MobilityOne “Customer”, in case “Customer” decides to insource the Processing activities and perform them in-house. Early termination may be allowed only in the presence of an in-house solution, not in the case of a hosted solution by Customer.

(ii) Customer agrees to pay an early termination fee to Mastercard, as follows in case of any event leading to early termination provided that, such early termination is not due to any cause or default of Mastercard:

● End of Year 1 from the Effective Date: USD 350,000

● End of Year 2 from the Effective Date: USD 300,000

● End of Year 3 from the Effective Date: USD 250.000

● End of Year 4 from the Effective Date: USD 150,000

(iii) For the avoidance of doubt, Customer shall not be liable to pay Mastercard for any earlier termination by Customer due to the cause or fault of Mastercard.

Page 17 of 22

SCHEDULE C

Service Level Agreement

Definitions

SLA	Service Level Agreement
Customer	Financial Institutions issuing financial products or offering Acquiring services.
Cardholder	End customers who purchase financial products offered by financial institutions.
Agent	Institutions who will facilitate prepaid card sales and support Prepaid program on behalf of customers.
Performance Credit	the amounts specified below as liquidated damages payable by Mastercard to Customer in respect of Mastercard’s failure to meet the Service Level defined in this Agreement
End of Day	Cut off time for various activities. Specific time for End of Day needs to be defined for each customer

References to Mastercard shall mean and include Mastercard.

SERVICE LEVELS

Authorization System Availability - 99.50% availability (“Uptime”) - Mastercard Processing applications and hardware components necessary to translate and interpret transaction information, determine the appropriate destination, and prepare the appropriate message to forward. Other platforms or systems, both internal and/or external to Mastercard Processing, may impact the ability to receive into the authorization system or forward on from the authorization system and contribute to the overall ability to successfully complete transactions. Those factors are considerations within other service level calculations and will not be included within the calculation of Authorization Availability. The platform operates the Authorization System in a co-processing mode and redundant processing set-up in the same site. Mastercard Processing may at any time choose to move all traffic to a single site for maintenance purposes. In situations where the platform is processing at a single site and successfully processing all volume, for purposes of this SLA the Authorization System will be considered available. Downtime associated with scheduled business continuity/disaster recovery tests will not be used in the calculation of availability provided that, the downtime associated with such tests does not exceed 600 minutes per calendar year.

Non-compliance with the Service Level	Performance Credits as percentage of Platform Fee paid by Customer in the calendar month in which the commitment was breached
Average Uptime less than 99.5% but not less than 99	USD500
Average Uptime less than 99%	USD 1000

System Performance Response - 99.50% of all transactions will be processed in 3 seconds or less (“Maximum response time commitment”) - Mastercard Processing measures the internal processing times for each transaction that is processes on the authorization system The time is measure from the time that it enters the authorization system to the time that it leaves the authorization system, so we measure the time it takes to get the transaction authorized, scored (if applicable) and then back out to the link that sent in the request.

Page 18 of 22

Mastercard ‘Mastercard processing’ will, on a back-to-back basis, cover penalties imposed by Mastercard (issuing unit) caused due to failure to comply with Mastercard’s SLA benchmarks as agreed herewith, subject to clause 14.2.1 and Parties agree that Mastercard’s total liability under this provision shall not exceed fees charged to Customer for the Processing Services(s) during the Eight (08) months preceding the date of claim.

Service	Type of SLA	Description of SLA	Performance Measurement Period	Customer SLA
Authorization and Routing	Platform Availability	Available to process transactions	Quarterly (Rolling 3 month) Average	99.50%
Authorization and Routing	System Performance Response Time	Elapsed time between platform receiving and delivering a transaction	Quarterly (Rolling 3 month) Average	No more than 0.50% of Customer issued or acquired messages shall exceed three (3) seconds

Customer Facing Access to System - 99.0% - Customer-facing Access to the platform is interpreted to be access to the below.

Portal Info:

Service	Applicable for Products	Portal Users
Customer Portal User Interface	Prepaid	Customer service and Back office support personnel

The Portal is considered up and available when end users can execute a successful login into that particular portal.

All Portal applications operate in a clustered environment with automatic load balancing and failover detection.

When there are situations in which the Portal is processing on a subset of its available nodes, and is still successfully processing the volume while in a reduced capacity state, for the purposes of this SLA, the Portal will be considered available. Downtime associated with scheduled business continuity/disaster recovery tests will not be used in the calculation of availability provided that the downtime associated with such tests does not exceed 600 minutes per calendar year for each Portal.

Service	Type of SLA	Description of SLA	Performance Measurement Period	Customer SLA
Customer Portal User Interface	Platform Availability	System available for logon	Quarterly (Rolling 3 month) Average	99.0%

Web Services - 99.0% Average Availability and 99.0% 5 second (or less) Response Time - Web Services are interpreted to mean those platform Web Services that are exposed to Client systems. Web Services are considered available when it is available for access.

Page 19 of 22

The platform Web Services operates in a clustered environment with automatic load balancing and failover detection. In those situations in which the services are processing on a subset of their available nodes, and are still successfully processing the volume while in a reduced capacity state, for purposes of this SLA the services will be considered available. SLA calculation will exclude calls that typically return of significantly varying size (e,g, Transaction History, Statements) or calls that accept inputs of significantly vary ing size (e.g. Creation of claim with multiple transactions selected). Downtime associated with scheduled business continuity/disaster recovery tests will not be used in the calculation of availability provided that the downtime associated with such tests does not exceed 600 minutes per calendar year.

Service	Type of SLA	Description of SLA	Performance Measurement Period	Customer SLA
Web Services / API Calls	System Availability	Availability of Web Services environment.	Quarterly (Rolling 3 month) Average	99.0%
Web Services / API Calls	Response Time	Calls to Internet based applications using Mastercard Processing defined standard API suite	Quarterly (Rolling 3 month) Average	99.0%

Report and File Processing - Clearing Files means the Cardholder Posting File and the Daily Transaction Data Files and, if applicable, the Soft Post File that represents all the transactions between Mastercard Processing and the Customer with respect to the applicable business day. For any report and/or file for which an SLA applies, in the event that there is no data to report, a NIL report will be provided. Daily Critical Reports means the DA157010-BB Cardholder Posting Report and the DA720010-BB Posted and Settled Summary Report.

Service	Type of SLA	Description of SLA	Performance Measurement Period	Customer SLA
Clearing Files	File Transmission Deliveiy**	Hard Post, Daily Transaction Data, and (if applicable) Soft Post	Daily Monday - Sunday	Available for retrieval by customer before end of the next business day
Operations and Customer Support	Report Delivery	Daily Critical Reports	Daily Monday - Sunday	Available for retrieval by customer before end of day
Operations and Customer Support	Report Delivery	Monthly reports Need to list reports that are covered by this SLA	Monthly	Available for retrieval by customer within 6 calendar days
Operations and Customer Support	Report Delivery	Quarterly Report	Quarterly	Available for retrieval by customer within 6 calendar days of the end of quarter

** Means the Mastercard Global File Transfer (GFT) system has received the file and/or the file is available to begin transmission at Customer’s request or has begun to transmit per predefined configuration. NOTE: If customer uses a system other than GFT for file transmission, the SLAs as written, will not apply. An SLA for anything other than GFT transmission will need to be reviewed prior to being approved and implemented.

System Support, 24X7 Response time, resolution time for reported problems, Escalation Matrix shall be mentioned in Documentation.

Page 20 of 22

SCHEDULE D

PROJECT PLAN

A. The Project Plan shall be mutually agreed upon by the parties and incorporated herein by reference.

B. Change Control Procedures

The Project Plan will be the roadmap for Mastercard to deliver the Processing Services. The Project Plan will be based on the high-level requirements document agreed to by the parties and published by Mastercard. Changes to the Project Plan will be accomplished in accordance with the change control procedures as described below.

Mastercard will keep the Project Plan current based on agreed upon changes. Customer or Mastercard may submit updates and changes to the Project Plan per the change control process.

Each party will identify its requirement needs from the other party in the Project Plan, and will otherwise provide the other party with commercially reasonable notice(s) of its need for data, information, and input. Each party will use commercially reasonable efforts to promptly provide data, information, resources, and input to the other party as reasonably requested by the other party and as reflected in the Project Plan and specification documents.

As described in the Project Plan and specification documents, each party shall obtain for the other party all necessary file layouts, associated confidentiality protections, and other information reasonably necessary for the Processing Services. The foregoing file layouts, associated confidentiality protections, and all other information reasonably necessary must be provided per the date(s) required in the Project Plan in order for Mastercard and Customer to achieve the Project Plan milestones.

Change Control Procedures

In order to deliver the Processing Services in accordance with the dates in the Project Plan, Customer and Mastercard will jointly develop and mutually agree on a Project Plan. The Project Plan will be a living document, and will likely change throughout its operational period, as mutually agreed by the parties. The Project Plan will be changed through the use of a change control procedure (the “CCP”). The goals of the CCP are;

Minor changes can be quickly assessed and presented for decision at the lowest appropriate level

Previously unknown or not included requirements can be captured and actioned

Major (i.e., material) changes can be quickly identified and routed for formal approval

Customer and Mastercard will comply with the CCP, as described, to help ensure that changes identified during the conversion period are properly and completely identified, categorized, and managed through its ultimate disposition;

1) The parties will initiate a change control form (the “Form’’) should there be a need to deviate from the requirements of the Project Plan.

2) The Form may be completed by personnel of either Party. The requirements for submitting the Form will be mutually agreed to by the Parties. Each Party shall appoint one individual to be the single point of coordination (the “POC”) and control point for change control who will be their person responsible for managing the CCP and coordinating with the other’s POC.

3) All forms (both approved and rejected) exchanged between the parties will be retained and further logged by Mastercard.

4) The parties will determine the procedures, estimated timing (including, potential impact to Project Plan dates), pricing (if applicable), and process to be used to implement approved changes as part of their review and approval process.

a. If the requested change is reviewed and determined to be a major (i.e., material) change, the request will be elevated to appropriate senior management of each party for approval. For purposes of this section, a change to the Project Plan milestones is deemed to be a major (i.e., material). If the request is approved, the change will be recorded as such and will be added to the requirements, and the Project Plan will be changed as agreed by the parties.

b. If the requested change is reviewed and determined to be a minor change, the Project Plan will be changed as agreed by the parties.

c. If a change request is not approved by a party, and the party requesting the change still wishes for the change to be accepted, the parties agree to work to find an acceptable alternative and to use a management escalation approach to ultimately resolve the issue,

d. The parties’ approval of a change shall be signified by each party’s signature on the applicable Form. Email approval is deemed acceptable. No change shall be effective unless such Form is approved by both parties.

Page 21 of 22

Sample Change Control Form

Change Request number: ________________________

Name of Requestor: Name of Party to Whom Submitted: Date Submitted:

Change Request (attach additional pages referencing this section as required).

Description of Change: (Requirements)

Desired Date:

Impact Analysis (required from both parties; Attach additional pages referencing this section as required including determination of change as major or minor).

Resource Impact:

Cost Impact:

Timing Impact:

Date Response Delivered:

APPROVED:
Customer Approved:	Date:
Mastercard Approved:	Date:

REJECTED:
Customer Rejected:	Date:
Mastercard Rejected:	Date:

Page 22 of 22