MONEYCORP US INC. Canada Anti-Spam Legislation (CASL

Moneycorp US Inc.

Canada Anti-Spam Legislation Compliance Policy______________________________________________.

1 | P a g e

NOT TO BE COPIED OR REMOVED FROM COMPANY PREMISES

MONEYCORP US INC.

Canada Anti-Spam Legislation (CASL)

Compliance Policy

September 2020

Version 1.0

Moneycorp US Inc.

Canada Anti-Spam Legislation Compliance Policy______________________________________________.

2 | P a g e

NOT TO BE COPIED OR REMOVED FROM COMPANY PREMISES

REVISION HISTORY

Date

Version

Revision Notations

9/10/20

1.0

First Draft

POLICY OWNER

Name

Title

Christopher Baum

Chief Compliance Officer

STAKEHOLDERS

Name

Title

Christopher Baum

Chief Compliance Officer

Starlin Shi

Regulatory Compliance Counsel

Executive Committee

Board of Directors

APPROVERS

Name

Version

Approved via

Date of Approval

Board of Directors

Moneycorp US Inc.

Canada Anti-Spam Legislation Compliance Policy______________________________________________.

3 | P a g e

NOT TO BE COPIED OR REMOVED FROM COMPANY PREMISES

Contents

I. Introduction ....................................................................................................................... 4

Legal Background ................................................................................................................ 4

II. Consent ................................................................................................................................. 4

Exemptions ............................................................................................................................ 5

Consent Requests ................................................................................................................ 6

III. CEM Content .................................................................................................................. 6

IV. Recordkeeping .............................................................................................................. 7

V. Compliance Monitoring and Management Reporting ...................................... 7

Moneycorp US Inc.

Canada Anti-Spam Legislation Compliance Policy______________________________________________.

4 | P a g e

NOT TO BE COPIED OR REMOVED FROM COMPANY PREMISES

I. Introduction

Canada’s Anti-Spam Legislation (“CASL”) is an opt-in regime that applies to all electronic

messages (e.g. email, text messages, instant messages, etc.) sent by organizations in connection

with a commercial activity. Organizations that send these commercial electronic messages

(CEMs) within, from, or to Canada must receive consent from recipients before sending messages.

CEMs are defined as any electronic message that encourages participation in a commercial

activity, such as an email that contains a coupon for a service or tells customers about a promotion

or sale. CASL mandates the inclusion of specific information in every CEM, and places the onus of

proving consent on the sender organization. Violations of CASL can result in severe fines up to $1

million per violation for an individual and $10 million per violation for an organization; the law

also imposes personal liability on directors and officers of corporations that breach the law and

allow anyone to commence a civil action for violations of the CASL.

It is the purpose of the policies and procedures set out in this document to ensure that (1) there

is a consistent process for disseminating CEMs to Moneycorp customers and prospective

customers in Canada, and (2) CEMs sent by Moneycorp or its employees are in compliance with

CASL requirements. Specifically, this Policy shall ensure that Moneycorp:

 Obtains consent, whether implied or express, from recipients prior to sending CEMs.

 Ensures that all CEMs sent by Moneycorp comply with all form and content requirements

under CASL.

 Maintains a detailed record of consent obtained, which will be reviewed and refreshed on

a regular basis.

Legal Background

This Policy has been developed to ensure that Moneycorp's handling of communications complies

with Canada’s Anti-Spam Legislation.

II. Consent

In general, CASL requires express consent to be obtained from an individual before that individual

can be sent CEMs. Express consent does not expire, though the individual may withdraw their

consent at any time. There are also three exceptions wherein implied consent will satisfy the CASL

consent requirement:

 An active business relationship exists between the business and the recipient of the CEM.

(e.g. the recipient has purchased a product, service or made another business deal,

contract, or membership with the organization in the last 24 months)

 The email address or phone number where the CEM will be sent is conspicuously

published in a public directory, is voluntarily disclosed, or is otherwise made available to

the public by the individual without indicating they do not wish to receive

communications. For example, if someone puts a contact email on a personal blog or

website and does not include language like "no solicitations, please" or "no spam

messages are to be sent to this phone number" then consent to contact the individual with

a CEM can be implied.

 An individual who has business activities that are relevant to the message of the CEM has

given their contact information and has not indicated that they do not want to receive

marketing messages. For example, if someone has signed up to receive messages from

Moneycorp US Inc.

Canada Anti-Spam Legislation Compliance Policy______________________________________________.

5 | P a g e

NOT TO BE COPIED OR REMOVED FROM COMPANY PREMISES

your business in the past, it can be implied that the individual consents to receive

messages from your business.

Exemptions

The following types of business communications are fully exempt from CASL requirements

(e.g. don’t have to identify the sender or include an unsubscribe mechanism):

 CEMs sent to family, friends, or a person with an established personal relationship

(related through marriage, common law or any legal parent-child relationship, or if there

is a voluntary two-way communication between the individuals)

 CEMs sent within or between organizations with an existing relationship (B2B)

 CEMs solicited or sent in response to complaints, inquiries (within 6 months), requests

 CEMs sent due to a legal obligation or to enforce a right

 CEMs to an employee, consultant, or person associated with the business.

 CEMs sent from instant messaging platforms (e.g. BBM messenger, LinkedIn InMail)

where the required identification and unsubscribe mechanisms are clearly published on

the user interface

 Limited-access, secure, confidential accounts (e.g. banking portals)

 CEMs sent to listed foreign countries, such as the US, China, and most of Europe, where it

is reasonable to believe that the message will be opened in a listed foreign country that

has similar rules as CASL

 CEMs sent by registered charities or political organizations for the purposes of raising

funds or seeking contributions.

 CEMs that provide warranty, recall, safety, or security information about a product or

service purchased by the recipient.

 CEMs Messages that provide information about a purchase, subscription, membership,

account, loan, or other ongoing relationship, including delivery of product updates or

upgrades.

 Partial exemption for third-party referral messages: businesses can send one single

message to obtain consent for future messages. That is, a CEM sent for the first time

following a referral doesn’t require consent, as long as an existing business, personal or

family relationship exists and the full name of the individual(s) who made the referral, the

identity of the sender and an unsubscribe mechanism are included. Any CEM sent

following the first referral must comply with the form and content requirements of CASL

(e.g. identify the sender and include an unsubscribe mechanism).

Unless a verifiable basis for implied consent or an exception to consent exists, Moneycorp

shall obtain express, opt-in consent before sending a CEM to anyone who has not had an

existing business relationship with Moneycorp within two years before the date on which

the CEM is sent. Unless a valid documented basis for implied consent or an exception to

consent exists, Moneycorp shall also obtain express, opt-in consent for the sending of CEMs

to Moneycorp prospects.

Moneycorp US Inc.

Canada Anti-Spam Legislation Compliance Policy______________________________________________.

6 | P a g e

NOT TO BE COPIED OR REMOVED FROM COMPANY PREMISES

Consent Requests

To obtain written explicit consent (paper or electronic), the following items must be included in

the consent request:

 A clear and concise description of the purpose for requesting consent with a description

of the messages that will be sent (e.g. "We want to send you information about new

products and promotions.")

 The name and contact information of the person or organization seeking consent: a

mailing address and either a phone number, voice message system, email address or

website where recipients can access an agent for more information.

 Information on revoking consent, including a statement that recipients may opt-out at any

time.

 A free, clear, and prominent unsubscribe mechanism in all communications that may be

“readily performed”; unsubscribe requests must be processed within 10 days.

 Manual opt-in method—pre-checked boxes and other passive methods of obtaining

consent are not permitted (i.e. an individual must actively check a box associated with

giving consent or do something active such as typing their email address into a form and

clicking a submit button.)

Consent may also be obtained orally, and the following forms are considered as sufficient to

discharge the onus of demonstrating oral consent: (1) where oral consent can be verified by an

independent third party; or (2) where a complete and unedited audio recording of the consent is

retained by the person seeking consent or a client of the person seeking consent.

III. CEM Content

The three main requirements for sending CEMs to a recipient are: (1) consent, (2) identification

information and (3) an unsubscribe mechanism.

In order to comply with CASL requirements, every CEM must comply with form and content

requirements. Each CEMs must contain the following components:

 Clear and prominent identification of the sender of the message. The identity of the

sender should be immediately apparent to the recipient. (e.g. "This is a message from

Moneycorp")

 Business contact information, including mailing address.

 A functioning, conspicuous unsubscribe mechanism that allows recipients to

electronically opt-out of communications. Any unsubscribe requests must be honored

within 10 days of being submitted.

Moneycorp US Inc.

Canada Anti-Spam Legislation Compliance Policy______________________________________________.

7 | P a g e

NOT TO BE COPIED OR REMOVED FROM COMPANY PREMISES

IV. Recordkeeping

Moneycorp is required to create and maintain records of relationships with customers and

prospective customers that include documentation of the relationships giving rise to implied

consent and verifiable records of obtained express, opt-in consents. Records of express, opt-in

consent and records documenting the relationships giving rise to implied consent shall be

retained for a minimum of three years after the cessation of the sending of CEMs to the

customer or prospective customer.

Customer relationship information sufficient to ensure compliance with this Policy is captured

and maintained on for Moneycorp US Inc. by the marketing service provider Marketo, Inc.

V. Compliance Monitoring and Management Reporting

This Policy is maintained by the Compliance department and will be reviewed, updated where

necessary, and approved on an annual basis. Any changes to, or exceptions from this Policy

require the approval of the Board and should be logged.