BUSINESS BANKING ONLINE AND MOBILETERMS AND CONDITIONS AGREEMENTThis is the Agreement between your company (“You”, the “Company”) and Affinity Federal Credit Union (“Affinity”, “us”, “we” and“our”) containing the terms and conditions for the following Online and Mobile Business Banking services (“the Services”). By signingthe Online and Mobile Business Banking Application, you agree to the terms and conditions, set forth below, which automaticallybecomes part of the Agreement between you and Affinity. Your use of any of the Services will be additional evidence of youragreement to these terms.Your use of the Services may also be affected by your Deposit Agreement and Disclosures, including the applicable schedule offees (“Deposit Agreement”), or other agreement with us for your linked Affinity accounts. When an account is linked to theServices, it does not change the agreements you already have with us for that account and you are still subject to the terms andconditions we gave you in the agreement and disclosure for the linked account. The terms and conditions for those accountagreements, including any applicable fees, transaction limitations, liability rules and other restrictions that might impact your use ofan account with the Services, are incorporated into this Agreement. In the event of a conflict between the terms of those accountagreements and this Agreement, the terms of the applicable account agreement will prevail unless this Agreement specificallystates otherwise.1. Services. We will notify you when the Services you request will become available to you. If you request additional Services inthe future or we add new services, they will also be governed by this Agreement, unless we advise you otherwise. The following isa list of the Services which are subject to these Terms and Conditions:Basic Services:Online Banking AccessMobile Banking App AdministrationOnline & Mobile Check DepositStop PaymentsCheck Orders & ImagesScheduled & Recurring TransfersBill Payment Statements & NoticesAlerts and NotificationsSecured Request FormsEntitlementsMy Affinity Toolkit – Secure Document UploadAdd-on Services:ACH (Automated Clearing House) and Tax PaymentsPositive PayWire Transfers – DomesticWire Transfers - InternationalOnline & Mobile Check Deposit2. Equipment. You are responsible for providing and maintaining any equipment that is necessary for the Services, such astelephones, scanners, terminals, modems and computers. You agree to use equipment that is compatible with our programs,systems and equipment, which we may change from time to time and may be available upon request from us. We assume noresponsibility for the defects or incompatibility of any computers or software that you use in connection with the Services, even if wehave previously approved their use. WE MAKE NO WARRANTY, EXPRESS OR IMPLIED, IN LAW OR IN FACT, INCLUDING BUTNOT LIMITED TO ANY IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE OR OF MERCHANTABILITY, WITHRESPECT TO THE SERVICES, OR ANY COMPUTER PROGRAMS, EQUIPMENT OR SOFTWARE MADE AVAILABLE TO YOU.Unless otherwise agreed by us in writing, the computer programs, Service guides, Security Procedures and systems provided toyou in connection with the Services represent our proprietary property and must be returned to us upon request.3. Security Procedures. You agree that the Security Procedures listed below are commercially reasonable. You agree that we willuse such procedures to detect an unauthorized request prior to accepting your request. You agree that any request acted upon byus in compliance with the Security Procedures, whether or not authorized by you, shall be treated as your authorized request andwe will not be liable to you for having acted upon the request. You acknowledge that we reserve the right to change our SecurityProcedures from time to time.A. Protection of Security Procedures. You are strictly and solely responsible to establish and maintain proceduresto safeguard against unauthorized transmissions of requests. You warrant that no individual will be allowed to initiaterequests in the absence of proper supervision and safeguards, and agree to take reasonable steps to maintain theconfidentiality of the Security Procedures and of any passwords, codes, security devices and related instructionsprovided by us in connection with the Security Procedures. If you believe or suspect that any such information orinstructions are known or have been accessed by unauthorized persons, you shall notify us immediately.B. Security Access. We will assign a unique User ID and User Password (referred to as “Security Codes”) to thedesignated Company Administrator(s). The User ID and Password will be provided via separate emails. Upon initiallogin you will receive a onetime passcode sent to the phone you designated on your application as your primaryPage 1V 2020 10 01

BUSINESS BANKING ONLINE AND MOBILETERMS AND CONDITIONS AGREEMENTcontact. You will be prompted to change your password. After login you can change your User ID under Settings.You will be responsible for any liability, loss, or damage resulting from actions in accordance with instructions to usfrom any person you have authorized as a Company user. You shall promptly notify us of any suspectedcompromise of security involving the passwords and ID’s assigned.C. Touch ID. You may use your fingerprint to login into the Mobile Banking instead of entering your user ID andpassword. Fingerprints are only stored on your Mobile Device; the Credit Union does not see or store yourfingerprint information. Touch ID is associated to one user ID at a time. If you have multiple logins with the CreditUnion, Touch ID can only be used with a single login per Mobile Device. User IDs and passwords are not storedon the Mobile Device in order to support Touch ID. Instead, a token is stored securely in the Mobile Device'skeychain that cannot be transferred to another device. If you try to log in using Touch ID, but cannot provide avalid fingerprint after five (5) tries, you must enter your password to re-enable Touch ID.D. Enhanced Login Security. Enhanced Login Security adds an additional level of security by identifying you as thetrue “owner” of your accounts through the use of cookies placed on your computer/browser, identifying it as oneyou use to access the Services. This feature strengthens the security measures we already employ and helpsprevent unauthorized access to the online system. If the system does not recognize your computer, you will bechallenged for additional authentication information known only by you. A security code will be sent to the phonenumber we have on file. You must enter that security code to gain access to the online system. If you do notsuccessfully complete this process, you will not be granted access to the online system. Enhanced Login Securityfor mobile requires you to enable the “Remember this device” feature under Settings on the mobile app.E. Security Code –Security Code adds an additional multi factor authentication feature that requires the use of a onetime passcode or a security token when funds are being moved in and out of business accounts. This featureprovides an additional level of security by requiring that a security code obtained from either a one-time passcodeor from a security token be entered by the user that is designated to approve transfer of funds via Wire, ACH or TaxPayments. A Wire, ACH or Tax Payments will not be completed without the security code. The one time passcodewill be provided via text or phone call to your phone on file. A security token is a device or a software applicationthat generates a one-time digital code to use each time you process a funds transfer pursuant to this Agreement.F. Dual Control for ACH and Wire Approvals - In the context of Online and Mobile Business Banking, dual controlis a security function that reduces the likelihood of fraudulent activity against your business account by requiringAutomated Clearing House (ACH) originations and Wire Transfers to be submitted to the credit union for processingby two separate users. Dual control is accomplished when one individual initiates the ACH or Wire Transfer, andthe second individual verifies and approves. Dual control makes it harder for criminals to use key stroke trackingprograms to intercept your user name and password and gain access to your account. We STRONGLYRECOMMEND the use of dual control when initiating ACH and Wire Transfers.We may provide you with Security Codes, which are part of the Security Procedures, to access the Services. You agree to: (a)comply with the Security Procedures that we provide to you; (b) take reasonable steps to safeguard the confidentiality and securityof the Security Codes, and any other proprietary property or information we provide to you in connection with the Services; (c)closely and regularly monitor the activities of employees who access the Services; and (d) notify us immediately if you have anyreason to believe the security or confidentiality required by this provision has been or may be breached. Our Security Proceduresare not designed for the detection of errors (e.g., duplicate payments or errors in your fund transfer instructions). We will not beobligated to detect errors by you or others, even if we take certain actions from time to time to do so.You agree to change the passwords you assign to your employees on a regular basis, but no less frequently than every 90 days.You agree to change your temporary User ID and temporary password promptly after you are given access to the Services for thefirst time and whenever anyone who has had access to your Security Code is no longer employed or authorized by you to use theServices. We may require you to change your Security Code at any time. The User ID and Password can be changed in the Settings.We may deny access to the Services without prior notice if we are unable to confirm (to our satisfaction) any person's authority toaccess the Services or if we believe such action is necessary for security reasons.Each time you make a transfer or payment with the Services, you warrant that our Security Procedures are commercially reasonable(based on the normal size, type, and frequency of your transactions). Some of our Services allow you or your Administrator to settransaction limitations and establish internal controls. Your failure to set such limitations and implement such controls increasesyour exposure to, and responsibility for, unauthorized transactions. You agree to be bound by any transfer or payment order wereceive through the Services, even if the order is not authorized by you, if it includes your Security Codes or is otherwise processedby us in accordance with our Security Procedures.Page 2V 2020 10 01

BUSINESS BANKING ONLINE AND MOBILETERMS AND CONDITIONS AGREEMENTEach procedure described above shall be deemed and agreed to be by you, a commercially reasonable Security Procedure asdescribed in the New Jersey Uniform Commercial Code.4. Accounts. Your application may list multiple companies that you wish to access with the Services. If it includes multiplecompanies of your parent company, subsidiaries or affiliates, you warrant that they have authorized you to access their accountsthrough the Services in the same manner as your own accounts. You agree to provide us with their written authorization, in formand substance acceptable to us, evidencing that authority, and to notify us immediately in writing of any change to that authorization.All owners must sign this Agreement and Application.You may appoint an individual(s) referred to as the “Administrator(s)” with the authority to determine who will be authorized to usethe Services on your behalf. Administrator(s) will have access to all accounts and online services. Administrator(s) will havemaintenance authority over the Company daily and monthly limits and will serve as the Primary Contact(s) for Affinity. TheCompany Administrator(s) will have all of the authority to determine authorized users and to ensure access codes and securitytokens as set forth in this Online Business Banking Terms and Conditions Agreement. The Company Owners, Co-Owners andAuthorized Signers of this agreement accepts full responsibility and liability for all actions of both the Administrator(s) and anyusers or sub-users authorized by the Administrator(s).If you add another related company (referred to as Multi-TIN), the administrator(s) will have access to all accounts for each of thecompany and can perform transactions for each of the companies. You warrant that you own or co-own all companies listed underSection 1 of the application and that you authorize all the Administrators under Section 2 on the application to have access to multiTIN transfers and accounts for all the listed companies.You understand that if you do not have a Secondary Administrator, end user creation by a Sole Administrator will never requireapproval. Your Administrator(s) can establish separate security codes for you and each user, as well as limits on each user’sauthority to access information and conduct transactions. You assume sole responsibility for the actions of your Administrator(s),the authority he or she gives others to act on your behalf, and the actions of the persons designated by the Administrator(s) to usethe Services.You or your Administrator(s) will need to designate which accounts the users will utilize for Online Banking and Mobile bankingServices, payments and transfers. If your Administrator(s) designates an account that requires more than one signature for thewithdrawal or transfer of funds, you agree that we may act upon any of the Services instruction that is accompanied by the securitycode(s) designated by you or your Administrator(s) for that account and the Services in question. Note: This may mean that we willact upon the instruction of only ONE person (e.g., to wire funds), even though the signature card for the account in question requirestwo or more signatures on checks. As long as an instruction is accompanied by the designated security codes, the transaction willbe deemed authorized by you.5. Fees. You agree to pay us the fees we establish for each of the Services. See our fee schedule for details. We may send a billto you for the fees (which must be paid within 10 days of the invoice or statement date) or charge them directly to your accountswith us. We may amend the Services fees from time to time. Certain fees are subject to change without prior notice. Special oradditional Services performed at your request will be subject to such additional terms and fees as you and we may agree.In addition to the Services fees, you agree to pay for all taxes, tariffs and assessments levied or imposed by any government agencyin connection with the Services, this Agreement, and/or the software or equipment made available to you (excluding any income taxpayable by us). You also are responsible for the costs of any communication lines and any data processing charges payable to thirdparties.6. Access to Account Data. Some of the Services provide you with balance and other account information. Since certaininformation and transactions are not processed by us until after the close of our business day, some transactions may not bereflected in the system until the next business day. Posted items may be reversed due to insufficient funds, stop payment orders,legal process, and other reasons. Certain balances also may not be subject to immediate withdrawal. We assume no responsibilityfor any loss arising from incomplete information or for any temporary interruption in our information system. If you are unable toaccess our system for any reason, you can contact your branch of account for loan and deposit information.7. Information Processing and Reporting. We offer a number of Services that require us to receive, process and report informationinvolving your accounts and transactions. We will not be responsible for determining the accuracy, timeliness or completeness ofany information that you or others provide to us. We will not have a duty to interpret the content of any data transmitted to us, exceptto the limited extent set forth in this Agreement. Unless otherwise agreed in writing, we will not be required (by means of any securityprocedure or otherwise) to detect errors in the transmission or content of any information we receive from you or third parties.Page 3V 2020 10 01

BUSINESS BANKING ONLINE AND MOBILETERMS AND CONDITIONS AGREEMENTA. Information You Provide to Us. You assume the sole responsibility for providing us with complete and accurate informationin the form and format that we require (e.g., in connection with wire and ACH transfers). We are not responsible forconfirming such information, or for monitoring or refusing to process duplicate instructions by you or your agents. Forexample, if you give us a wire transfer instruction that is incorrect in any way, you agree that we may charge your accountfor the payment whether or not the error could have been detected by us. We are not obligated to detect errors in yourtransfer or payment instructions.B. Your Instructions. You must accurately describe transaction beneficiaries, intermediary financial institutions, and thebeneficiary’s financial institution in transfer and payment instructions. If you describe any beneficiary or institutioninconsistently by name and number, other institutions and we may process the transaction solely on the basis of the number,even if the number identifies a person or entity different from the named beneficiary or institution.C. Your Review. You acknowledge that it is not possible for the Services to be totally free from operator, programming orequipment error, and that errors in processing and compiling data may occasionally occur (e.g., due to the failure of othersto provide accurate information, telecommunication failures, or a breakdown in an electronic data interchange). As such,you agree to immediately review and verify all results and to maintain adequate controls for insuring both the accuracy ofdata transmissions and the detection of errors. Unless otherwise required by law, our sole responsibility for any reportingerrors caused by us will be to reprocess the information for the period in question and to provide corrected reports at ourown expense. You agree to maintain adequate backup files of the data you submit for a reasonable period of time in orderto facilitate any needed reconstruction of your transactions (e.g., in the event of a telecommunication failure). If we areunable to provide the Services for any reason, we will promptly inform you of the problem and will take reasonable steps toresume processing.8. Reliance on Third Parties. Our ability to provide certain Services (e.g., in connection with electronic data interchange) isdependent upon our ability to obtain or provide access to third party networks. We cannot always anticipate technical difficulties.These difficulties may result in loss of data, loss of customized settings or other service interruptions. In the event any third partynetwork is unavailable or we determine, in our discretion, that we cannot continue providing any third party network access, we maydiscontinue the related Services or may provide the Services through an alternate third party network. In such situations, we willhave no liability for the unavailability of access. We will not be responsible for any services you receive from third party vendors.9. Wire Transfer. The terms set forth here are in addition to the Online and Mobile Business Banking Application that must becompleted by you prior to approval for this Service. All funds transfers permitted pursuant to this section are subject to UniformCommercial Code and in particular Article 4A, as enacted by the State of New Jersey. If you are approved for Wire Transfer, youcan provide us with electronic instruc