Guidelines on Application for Merchant Acquisition License (MAL)

BANGKO STNTRAL NG PILIPINAS OFFICE OF THE DEPUTY COVERNOR I PAYMENTS AND CURRENCY MANACEMENT SECTOR MEMORANDUM NO. M-2O25-OO2 ALL OPERATORS OF PAYMENT SYSTEM (OPS) ENGAGED IN OR INTENDING TO ENGAGE IN MERCHANTACQUISITION (MA) GUTDELINES ON APPLTCATTON FOR MERCHANT ACQUISITION LTGENSE (MAL) Pursuant to Republic Act (R.A.) No. 11127 or the National Payment Systems Act and Circuf ar No. ll98 dated 19 July 2o24 on the Flegulatory Framework for Merchant Payment Acceptance Activities (MPAA), all covered OPS engaged in or intending to engage in merchant acquisition (MA) shall observe the following guidelines in the electronic submission of documentary requirements for Merchant Acquisition License (MAL) under the said circular. Submission of Application l. Effective 08 August 2024,1 an authority from the Bangko Sentral must be obtained prior to engaging in MA in the Philippines. All MAL applications and communications in relation thereto shall be transmitted electronically to the BSP Payments Supervision and Licensing Department (PSLD) at the email address below: PSLD-Appl ications@bsp.gov.ph. 2. In their submissions, applicants shall use the prescribed format for the subject line as follows: For Su bm iss ion of App I ication: OPS- MAL-APPLI CATI O N-<AP P LI CAN T NAM E>-< N EWR EC I ST E R E D OPS>-<APPLICATION DATE(DD M M YYYY)> Exa m p I e: O PS- MA L_APP LICATION_ABC, I nc.N EW_31 Dec 2C24 OPS-MAL APPLICATION XYZ.Inc. RECISTEREDOPS 3l Dec2024 For Other lnquiries/Clarifications Related to a Filed Application: OPS.MAL-INQUIRY<APPLICANT NAME> <SHORT DESCRIPTION OF I NQUt RY/CLARt FtCAT|ON> BSP Circular No. ll98 or the Regulatory Framework for Merchant Payment Acceptance Activities was pubf ished on 24 July 2024in a newspaper of general circulation. lt took effect fifteen (15) days from said publication date, i.e., 08 August 2024. To Subject

Example: OPS-MAL_INQUIRY_ABC, Inc._Clarification on the Additional Document Requested All applications shall be accompanied by the required documents and information listed under Section ll of this Guidelines preferably in portable document file (pdf) format, unless specified otherwise. The submission of files which is accessible through shared drive/private file storage shall not be accepted. lf templates are provided for certain documents and information, the same shall be used. Applications that are incomplete and/or do not conform to/with prescribed format/procedure, shall be returned without prejudice to resubmission of a new application that is complete and/or correct. The applicant shall have an authorized representative at all times in charge of information requests and shall provide an adequate response on a timely basis. Should there be a change of authorized representative, the applicant is expected to inform Bangko Sentral within five (5) business days from the date of occurrence. Otherwise, the BSP shall assume that there is no change in the authorized contact person. In case of denied/withdrawn applications, an applicant may file a new application after the lapse of six (6) months from the date of deniaUwithdrawal. Provided, that any non-compliance with laws, rules, regulations and/or directives that caused the denial/withdrawal is satisfactorily addressed. Application Phases and Documentary Requirements l. Each application for MAL shall undergo a three-phased evaluation process: Phase I - Determination of applicant's eligibility for MAL Phase 2 - Evaluation of application for MAL Phase 3 - lssuance of MAL 2. The minimum requirements for each phase are as follows: 4. 5. il. Minimum Requirements Phase I Determination of applicanfs eligibility for MAL I Application for Registration as Operator of Payment System (OPS) and/or Merchant Acquisition License (MAL) signed by the president, chief executive officer, or a senior officer holdinq an equivalent position (Annex A). 2. Notarized Special Power of Attorney (SPA)/Board Resolution, authorizing a person/firm other than the apolicant to applv for MAL 3. Notarized Secretary's Certificate (or equivalent document for foreign applicant) attesting that the Board of Directors (or equivalent management committee in the case of foreion aoolicant) has aooroved the aoplication for MAL 4. For single proprietorship: . Copy of Certificate of Business Name Registration For new partnershi p/corporation/cooperative: . Proposed Articles of Partnership (AOP)/Rrticles of Incorporation (AOl)/ Articles of Cooperation (AOC) . Proposed By-laws . Proof of approval/reservation of entity name from the Securities and Excha nqe Commission (SEC )Kooperative Development Authority (cDA) Page 2 of 6

Minimum Requirements . Certification signed by on their approval of the proposed AOP/AOI/AOC and By-laws For existing partnership/corporation/cooperative: . Proposed amended AoP/Aol/Aoc o Current AoP/Aol/AoC certified by the sEc/cDA . Proposed amended By-laws o Notarized and signed Secretary's Certificate on the approval of the amendments to the AoP/Aol/AoC and By-laws . Ceneral Information Sheet as of the date of meeting when the amendment/s to Aol and/or By-laws was/were approved . Notarized Secretary's Certificate on no pending case of intra-corporate d Business plan, which includes the following minimum information: a. Company overview, business model and operational network b. Profile of target market/s/clientele/s c. Proposed products or services with complete description of its features and transactions/processes, including the security controls and measures. The applicant may also provide a copy of its user manual, terms, and conditions in using its system. d. Information whether the proposed products or services are incidental to, or bundled with, any other products or services e. Diagram of the configuration of the system/s supporting the proposed products and services, showing the linkages of host systems, network infrastructure, security tools, and disaster recovery set-up f. Detailed narrative of funds flow/channels, including transaction/process flowcharts for each product/service offered. The illustrations/diagrams should clearly provide the following information: . Merchant onboarding/Know-Your-Customer (KYC) and the corresponding due diligence processes . Description from the start to end of a typical transaction, including the acceptable sources of fund that the applicant will accept until the obligation to its end user/customer is fully discharged . lllustration of the interactions between the end user/customer and the applicant and the flow of funds . Timelines for the payment and settlement cycles, including service level agreements with third parties, as applicable and . Information on the involvement of third parties (e.9., payment service providers, banks, intermediaries, other agents) and their roles in the process g. Pricing mechanism and schedule of fees (i.e., merchants, end￾users/customers) h. lmplementation plans, target milestones for business/product launch, including systems, processes, and third parties which will perform key roles in its operations i. For applicants that are part of a global payment services group or affiliates of foreig n entities u nd e r d ifferent j u risd iction/s: . Corporate background . Conglomerate structure/map where the applicant belongs, and financial and commercial relationship with the Philippine government, local banks, business entities and residents, past and present . List of domestic and foreign branches, agencies, other offices, subsidiaries, and affiliates and their locations and lines of business, including range of financial and non-financial products offered to and services performed for clients . Jurisdictionsserviced . Role of the applicant within the group . Functions or services it will provide to related ties wi Page 3 of 6

Minimum Fleouirements the group/jurisdiction/s served, if any . Resources shared by the group to support its operations in the Philippines . Copy of applicable license/registration and status as issued by its foreign regulator/s and . Enforcement action/investigation including status thereof which the applicant or any of its related entities are parties to j. Other activities regulated by the Bangko Sentral which the applicant conducts or intends to conduct (e.9., electronic money, money service businesses, etc.) The salient points of its business plan shall be included in the deck to be used in the conduct of business model presentation, 6. Copy of the valid business license/permit indicating the line of business of the applicant from the city or municipality that has territorial jurisdiction over the place of establishment and operation of the applicant for the current period 7. Proof of financial capacity i. For New Entity: Treasurer's Affidavit supported by proof of payment of contributed/subscribed capital or Bank Certification (for sole proprietorship) ii. For Existing Entity: Latest Audited Financial Statement and Latest Interim Balance Sheet signed by the Owner/Managing Partner/President The MAL categories and minimum required capital are as follows: Average Monthly Value of Collected Funds Transferred to Merchants in the Aoolicable oeriod Category Minimum Required Capital Less than Floo million A F5 million FIOO million and above B P'lO million 8. Proof of payment of non-refundable filing fee, whichever is applicable. Category Amount A Plo.ooo.oo B P20,OOO.OO PHASE 2 Evaluation of applicatlon for MAL A rcgistered OPS-MPAA necd not submit item 2 below lf the informatlon from prevlously submltted document durinq reolstration remaln the same. Compliance with fitness and propriety requirements by the proprietor, partners, directors, president or officer of equivalent rank and function, and over-all head of the entity and the head of the compliance unit, as the case may be a. Personal Data and Authorization Form (Annex B) b. National Bureau of Investigation (NBl) Clearance, or its equivalent, if issued in foreign jurisdiction (with validity of at least six (6) months from the date of application) Accomplished Certification and Self-Assessment on the Compliance with the Applicable Provisions of Circular No. ll27 on the Governance Policy for OPS2 (Annex C.l and Annex C.2) 2. Risk management policies and procedures covering but not limited to the following critical areas: Information Technology, Information Security, Business Continuity and Operational Risk Management Please refer to the matrix in Annex D on the minimum required information based on applicable issuances/requlations. The applicant is likewise advised to reqularlv 3. 2 https:/Aryww.bsp.9ov.ph/Regulations/lssu ances/2oz\l11z7.pdf Page 4 of 5

ilt. Minimum Flequirements monitor the BSP website (Regulations)3 on additional applicable issuances that mav be issued. 4. Merchant management policies and procedures, including due diligence and aooroval criteria. onboardino. and monitorinq 5. Merchant protection policies and procedures, particularly redress mechanism 5. Templates of agreements/contracts with merchants, settlement banks, third party providers and other entities that are necessary in the provision of merchant acquisition service. as aoolicablea PHASE 5lssuance of MAL lf application is approved, proof of payment of licensing fees Category Amount A P25.OOO.OO B F60.OOO.OO For registered OPS-MPAA, the amount paid as registration fee, as applicable, shall be deducted from the OPS-MAL license fee upon issuance of COA to operate as MAL. Application Review Process 3. The application shall be accompanied by a checklist indicating submission of required documents and information. The checklist is found in Annex E. lt shall be evaluated only upon receipt of complete documents and information for each phase. The PSLD shall inform an applicant if it has successfully passed an application phase and shall then request submission of the required documents for the next phase. 4. To arrive at an informed decision, the PSLD may have several requests for information and/or documents/clarifications aside from the abovementioned requirements depending on the completeness and clarity of the responses submitted by the applicant. lt may also conduct onsite verification of the documents and/or representations submitted. 5. The applicant is expected to respond to requests for information/clarification within the prescribed period. lf the applicant fails to submit within the prescribed period, the application shall be returned. 6. The applicant shall report to PSLD if there are material changes on the information provided during the application process (e.9., organizational restructuring, substantial changes in key management personnel, material variations in the business model/activities). Banks and Electronic Money lssuers-Non-Bank Financial Institutions (EMl-NBFls) that Intend to Engage in MA Banks and EMI-NBF|s that intend to engage in MA as part of their normal or allowed business operations need not apply for a separate license from the Bangko Sentral. 3 https://www.bsp.gov.ph/SitePages/Regulations/Requ lationsList.aspx?Tabld=l 4 As indicated under Cir. ll98: The settlement period shall be agreed upon by the OPS-MAL and the merchant but shall not be longer than two (2) business days from the day the funds are received by the OPS￾MAL for transfer to a merchant." s License Fee - shall be paid by the applicant upon issuance of MAL. For registered OPS already engaged in merchant acquisition, the amount paid as registration fee shall be deducted from the license fee upon license approval. Page 5 of 6

tv. Pursuant to Appendix 5O3-5 of Circular No. 1198, prior notification to the PSLD at the email address below with a copy furnished to its corresponding Financial Supervision Department, shall suffi ce. BSPContact lnfurmation For any inquiries or clarifications, emails can be sent to the PSLD at psldtdbsp.gov.ph. For guidance and strict compliance. MAMERTO Depu llf January 2o25 Page 6 of6

APPLICATION FOR NSGFTNATPN AS OPERATOR OF PAYMENT SYSTEM (OPS} AND/OR MERCHANT ACQUIS]TION LICENSE (MAL) Jplease do not leeve eny item blanlL lndictae "N/A" ifen item is not applicable.) TytsotApplic.tion, 1l RerlstEtlon!toPs al M.tch$tAcquiiition Ltcanta lf wth existinq BsP rcgistaaion, kituly frI out the bilowing inbrmation )ate ofCOR lssuanc€ I tull C6p.ny L.m fu H.ntfik tlon ttuhb.r (Tlxl ooo-ooo-ooo-ooo 5 ao ofEmployo o t.th.rtd twlm../trrd. l'.mdtt bm of 8r.lM Or9.nlr.tlotr Nh.E lPl.... lsityl: 7 y R.tl*r.tl6 No a lah lae.d ,.lld untll 9 to Bualnd Cdtact Into (Hod o{lto} ll t{dMr P.haV l!D. ctBrrlM.: tudn.s turml M. Nureoa@@Ma V.rldW dd/mm/yyyy t2 rvF Nare of@wmrcntotua whkh artDd tu Authotltunic@ V.lH Unttl dd/mm/yyyy dd/mmltyry dd/mm/yyyy dd/mm/yyyy AddBt cklbnshlp NN 96 ofown Fhlp Emrll AdCnts Addns CltE nthlp NN B@td 94 of oweBhlp otfic.r Eh.llAddret. l5 llt ot Kry otlks Pn.ld.nt I Addnss CN..nshlp NN Potltlon Em.ll Addn'' l6 lAudlu 17 .t tt^FsD.t udhoplnlon tdltrh{.il to? Qu.lllH q dY.e d )l.kdffi otoplhlon Flndlnt.: tL.s pdld. th. d.t lb/n.oM lf {d$ pdld. dr Uhquallfi€d classilication GENERAL Pege I of3

Annex A APPLICATION FOR REGISTRATION AS OPERATOR OF PAYMENT SYSTEM (OPS)AND/OR MERCI{ANTACQUISITION LICENSE (MAL} (Please donot leave any hem bledk. lndicate "N/A" ifan item is notappliceble.) Sour of FhDrhl lnfoanadcar colrPAl{Y F:NANctAts 0n P|{P/PHP :qrlv.Lntl ll. Agtrnb by vlrtw ot pmrrhlp wlth oth.r OPS

50 tFdunD.6tt|!o 5l lmrC6..d|'lcdnlba Ln a|ilah s3 Prdud /scrvlfr/P.yrnnt Sy*.t , fypo ,LtuoftMud/Swk / PryrnotSytm lttdud lBcrlptl@ tuwe tuetlh, A.'Hvltles f.rtQt H.*d 54 ,lumbrof p.tMt lnffiMb/ a@nE AwngE Mthlyvolure of hMdiffi Awg. MahDrv.lu.of E re.cdat (tn PHP) 55 'htaf dd/mm/yyw 55.2 Erdtub dd/mmlyyw

Annex A APPLICATION FOR REGISTRATION AS OPERATOR OF PAYMENT SYSTEM (OPs) AND/OR MERCHANTACQUISITION LICENSE (MAL} (Pleasc do not lcave any item bldnk tDdicate "N/A" if an item is not applicable.l corPualcE wttH THE lfixrruil nEQuttgo capltal f h. of lLrchant Aaqcldtlon Op.dlofi. More thah 12 Months t ld-lh C.rtbl$od( 0n PHPI t.ooo.ooo oo s7 laf.@ D.t.rP.dod ($rn Datrl rddhlod! P.ld-lh e.phrl (ln PHP' 2.OOO.OOO O0 57 h!.bE htrrtstr|od (€nd Oil.l: 64 bp6lt tor $ck $brlptlon (ln PXPI LOOO OOO OO 58 50.ooo ooo.oo r.h.d E.nlnfE 0n PHPI 500.ooo.oo o tLFh.hb 0n pHp' (ddrln6/l'yyy)- (ddliln/yyly, 59 .k.nr ot ioRl JndMd.d Mt! (h PHPI soo.ooo oo 60 alnimsh n qulndaph.l 5 000.ooo oo 67 r* Inblrtlbh Adr {ln PHP} lo.ooo oo 6l of omdhna 5a hprd C.ph.l0n PH9, 4 990 000 00 TIIiI}IC AIID }IAilIER OF TRATJFEN TO THE TEffiM OF FUXDS @TTECIED W d Htut lM M r@b d ffihna Wry d dtu ffia Ftut ,6Than 2a Hdn 70 I D.y v Dry. 72 {ohfi.n 2 DS 7t lchba,otsafrLmht B.nb o 74 .ld of tatlaMt grhkr R.nk Aao.dlng to Tr.ndbn Slz.) 75 ,.rch.nt Oldnt R.t. o oo% o oo% kh.m. h. (ln PHPI o.oo ooo 77 l.nt.l .nd ll.lntu@ Ch.o.r ior Tormlnll. (ln PH pl ooo o.oo 78 ooo o.oo o.oo ooo PDICIf,G ilECH XISM EE CUSOMENS 79 ooo o.oo too LOO 2.OO 200 PI{PI 300 300 400 400 500 500 5.OO 600 ao ooo o.oo loo l.oo 200 200 3.OO 300 al .!n of thlrd h.ty Provld.E l, Iihs€d n.m€1, [insei d€sign.tion] herebv cefrity to the following: 1 I ah.uthorlzedtosubniithisAppliGtion (checktyp€otapplication below) forand on behaffolllnr.d.ohp.nyn.h.l ! RerLtration as oPs n..,-..-. 2 The completion ofthrs Applicatio. wa3 made after condud ols€ll:ssastment wherebv il w.s determined thal linr.ilcomDrnv n.m.l is: ! an OPS p!Buantto R A No 11127 (The Natonel Payment SFtemsAd) a.d 85P CircularNo.1049, by engaging in adivity/ies in ltem I ofOPS_MALAttachn.nt [ ] an OpS engaged in merchant acq!isilion and/or other merchant acceptance payme.t adivities, as described i. ltem ll of OPS-MAL Atlachment *orethekpeBonelinlorm.tionandsherewithandmal.th.mavailabletointerestedparti€stoflawfu purposeserdle8itimateinterestsandtocomplywithleg.lmandate. 4 The inlormatlo. provlded herei. are true, acc!rate, tihelv and compleie D.t. Accomplish.d: ddlmm/B Classirication GENERAL

(Please do not leave any item blank. lndicate "N/A" if an item is not applicable.) Owns or operates a computer application system that enables payments or fund transfers sets rules by which payments may be made or funds may be transferred customers to fund their accounts by submitting to the operator cash or its equivalent in exchange for the value to be stored in their accounts of system users to be linked to their accounts with other financial institutions (Fls) (e.9., deposit account, e-money account, Provides a system or network infrastructure that enables payments and financial services of Fls Sets rules, functions, procedures, arrangements, or devices that enable an account holder or holder of the payment instrument to transact with a third party Transfers payment information (e.9., card transaction details) to and from participating institutions. Provides network participants with a listing of the amounts due tofrom other participants. Offers service/s to more than one (l)Fl and enables them to perform payments or fund transfers among each other Enables the acceptance of specific payment instrument/s by institutions such as government, commercial establishments, and other merchant/billers. Fleceives payment for or on behalf of the sellers of goods, providers of services, or creditors/billers in accordance with a written agreement Sets rules, provides arrangements or facilities to collect funds from the public and transmits the same to sellers of goods, providers of services, or creditors/billers in accordance with the written agreement Allows payments to be made to more than one commercial establishment or creditor/biller Please Prcvide details below: Merchant Payment Activities Provided (Please indicate all that apply) Annex A APPLICATION FOR REGISTRATION AS OPERATOR OF PAYMENT SYSTEM (OPS) AND/OR MERCHANT ACQUISITION TICENSE (MAL) th. plrtform th.t en.blcr p.ymsnts or fund trrnsfarc, regardless of whether the source and destlnatlon accounts rrio maintalncd with same or diffierent lnstltutlons Opsrates the system or network that enebles p.ymcnts or fund transfers to be made through the uje of . payment inrtrument a system that processes paymcnts on behslfofsny p€rson, ot the government Merchant Payment Acceptancc Actlvltles (MPAA) - Provides services to a menchant to recelve payment for sale of goods and/or sen ices. Classification: GENERAL

Annex B BANGKO SENTRAL NG PILIPINAS lD picture taken within the last 6 months 3.5 cm. x 4.5 cm. (passport size) Computer generated or photocopy of picture is not acceptable l,lNamel, after being sworn in accordance with law, do hereby: a. Certifu that the information contained in this document and its supporting schedule of my own knowledge is true and correct. b. Authorize the following, pursuant to the provisions of Section 5O3 of the Manual of Regulations of Payment Systems (MORPS): l. lName of Institutionl to conduct a background investigation on myself as ]positiontin@whichinc|ude,amongothers,inquirin9fromthe Watchlist Files of the Bangko Sentral ng Pilipinas; and 2. The Bangko Sentral ng Pilipinas to disclose its findings pertinent to the aforementioned inquiry on the said Watchlist Files and other sources to [Name of lnstitutionl. With the above authorization, I hereby waive my right to the confidentiality of the information that will be obtained as a result of the said inquiry, provided that disclosure of said information will be limited for the purpose of ascertaining my qualification or non-qualification for the said position. Signature over Printed Name SIGNED IN THE PRESENCE OF: (Witness) (Witness) PERSONAL DATA and AUTHORIZATION FORM AND SWORN to before me this _ day of issued at SUBSCRIBED exhibiting to me 20__ , affiant on COMPANY NAME BUSINESS ADDRESS NAME POStTtON Classifi cation: GEN ERAL his/her Notary Public Page 1 of 3

BANGKO SENTRAL NG PILIPINAS BIOGRAPHICAT DATA PERSONAL INFORMATION: SURNAME I. NAME : TIN : OTHER NAMES USED. IF ANY : MANAGEMENT LEVEL : DATE ELECTED / RE-EIECTED /APPOINTED / POSITION CHANGED : GIVEN n Director 3.UPDATEDASOF: MIDDLE SUFFIX (e.9. Jr., 2. 4. 5. 6. 7. 8. n officer RESIDENCE ADDRESS : TELEPHONE NO. : 9. E-MAIL ADD : .IO. BUSINESS ADDRESS : .II. TELEPHONE NO. : 13. CIVILSTATUS : 14. SEX : 16. DATE OF BIRTH : FAMILY RELATIONS (Legitimate or Common-Law): SURNAME 18. NAME OF SPOUSE : SURNAME 19. NAME OF COMMON￾LAW SPOUSE : 17. PLACE OF BIRTH : GIVEN GIVEN 12. E-MAILADD : n Divorced/Separated n wioow .I5. CITIZENSHIP : MIDDLE SUFFIX (e.9. Jr., MIDDLE SUFFIX (e.9. Jr., n single n vate n Married ! Female Classifi cation: GENERAL (Please indicate 'N/A" for fields that are not epplicable) Page 2 of3

NAME TIN UPDATED AS OF TRAINING/S: 20. Seminarsfiraining on Money Service Business, AMVCFT and other related fields (continue in separate sheet if necessary) WORK EXPERIENCE/S: 21. Present Position - Other Private Institution (lncluding Corporate Directorships) NAME OF OFFICE POSTTTON DATE ASSUMED INDICATE IF OWNER/ PARTNER/ STOCKHOLDER (continue in separate sheet if necessary) 22, Present Position/s - Government (lncluding Directorships in Government Corporate Institutions) NAME OF OFFICE POStTTON DATE ASSUMED INDICATE IF ELECTIVE OR APPOINTIVE AND PART/FULL-TIME (continue in separate sheet if necessary) 23. Past Position/s - Other Private Institutions (lncluding Corporate Directorships) NAME OF OFFICE POSITION DURATION (YEAR) FROM TO (continue in separate sheet if necessary) 24. Past Position/s - Government (lncluding Directorships to Government Financial Institution) NAME OF OFFICE DURATION (YEAR) FROM TO Classifi cation: GENERAL POStTION (continue in separate sheet if necessary)

AnnexC.I <Name of Entity> CERTIFICATION ON COMPLIANCE WITH THE APPTICABLE PROVISIONS OF CIRCULAR NO.II27 ON THE GOVERNANCE POLICY FOR oPERATORS OF PAYMENT SYSTEMS (OPS) l, <Name of Officer>. President (or Officer of Equivalent Flank), on behalf of the <Name of Enti9r>, with head/principal office address at <complete address of Head/?rincipal Ofifice>, after having been duly sworn to in accordance with law, hereby certifo to the best of our knowledge that <Name of Enti0r> complies with the applicable provisions of the Bangko Sentral ng Pilipinas (BSP)Circular No.ll27 dated 17 September 2021, as enumerated in Annex C.2, except for: <enumerate provisions that have not yet baen complied with and attach document/s supponing/e-plaining inadvenent delay/non-compliance>. Aforementioned provision/s shaf l be complied by <target date forcompliancez We also certiff that all relevant documents in support of the foregoing statements are kept on file and are readily available for verification by examiners of the BSP during onsite verification/examination and/or upon written request by the BSP. This certification executed on <date of e-ecution> is being submitted in compliance with the requirements of the Bangko Sentral. Signed: Name of President President (of Officer of Equivalent Rank) SUBSCRIBED AND SWORN to before me, this day of with affiant exhibiting their valid identifications indicated below: Name Notary Public Not. Reg. No. Doc. No. Page No. Series of Covernment I D/Passport No. Date/Place lssue at Classification: GENERAL

CompanyABC - Merchant PaymentAcceptanceActivities (OPS-MPAA) Annex C.2 Self-Assessment on Compliance with Circular No. ll27 Provisions/Requirements of Circular No. Il27 Extent of compliance Indicate reason for Not Applicable items. For Partial and Non-Compliance items, indicate reasons and target date of compliance. Section 2O4 - GOVERNANCE ARRANGEMENT OPS has adopted an effective and documented governance structure that provides clear and direct lines of responsibility and accountability of the board of directors and senior management. Section 2O5 - BOARD OF DIRECTORS Composition of the Board of Dircctors (BOD) i. BOD is composed of not less than five (5) nor more than fifteen (15) members. b. BOD, as governing body, has integrity and possesses the appropriate collective skills, work experiences, and technical knowledge of payment systems and financial markets, including the risks involved in the operation of these systems. c. f ndependent directorA represent at least twenty percent (zocyol of the members of the BOD. Any fractional result from applying the minimum proportion (i.e., 2O%) is rounded up to the nearest whole number. J. Non-Filipino citizens who are members of the BOD are elected to the 3xtent of the foreign participation in the equity of the OPS, and in rccordance with existing laws, regulations. Qu a I i fi catio ns of Di recto rs a. Alldirectors possess the following minimum qualificationsl 1 ) All directors are fit and proper for the position of a director; and Directors possess all the minimum qualifications and none of the cases mentioned under Section 2O9 (Persons disqualified to become directors/officers ). 2) All directors have attended a seminar on corporate governance for BOD. b. In selecting an independent director and a non-executive direction, OPS has considered the number and types of entities where the candidate is likewise elected as such. c. Members of the BOD are not appointed as Corporate or Board Secretary or Chief Compliance Officer. d. CEO or President is a director/member of the BOD. e, For Cooperative OPS: Members of the board of directors do not hold any other position directly involved in the day-to-day operations and management of the OPS. Classification: GENERAL

Annex C.2 Qualification of the Chairpercon of the BOD Chairperson of the BOD is a non-executive director or an independent director. Chairperson and CEO positions are not held by one person. Provided that if there is no CEO, then the President shall not hold the position of the Chairperson. Eoard of Dircctors Meetings OPS'By-Laws include a provision that physical orvirtual meetings of the BOD shall be held or hosted either in the Philippines or abroad. Section 2O7 - BOARD LEVEL COMMITTEES AuditCommittee OPS has formed an Audit Committee and members thereof have expertise in payment system operations, internal control frameworks, accounting, auditing, or related financial management expertise or relevant experiences commensurate with the size, systemic importance, operational complexity, and risk profile of the OPS. Audit Committee is composed of at least three (5) members of the BOD who are all non-executive directors. Chairperson of the Audit Committee is an independent director. For branch or locally incorporated subsidiary of foreign incorporated oPs. OPS has decided not to form own local board and board-level committee/s and instead adopted the global or regional board-level committee/s formed by Head Office or Parent Company. Section 2O8-OFFICERS Qu a I ifi cations of offi cerc Officers are fit and proper for the position they are being appointed to. Appointed officers possess all the minimum qualifications and none of the cases mentioned under Section 2O9 (Persons disqualified to become directors/officers). Section 2IO - COVERNANCE POLICY FOR OTHER OPS (Sole Proprietorship or Partnership) Qualifications as to litness and propilev of ownerc and officerc Individuals that own and/or manage the OPS possess and display the fol lowing characteristics: a. Probity, honesty, integrity and good reputation; Owners and officers neither possess nor are charged with any of the grounds for disqualifications for directors and officers of an OPS under Section 209 (Persons disqualified to become directors/officers). b. Competence and professional capability; and c. Financial soundness and capacity Classification: GENERAT

Annex C.2 Xhlnpn Pru&ntbl Eequlnnraf' OPS organized as a sole proprietorship or a partnership has instituted sound governance, risk management, intemal controls, and compliance functions in conducting its business affairs. OTHERNEQUNEHENT OPS has furnished its directors and officers with a copy of thc specilic duties and responsibalitics of board of dircctors, and as an individual director/officer upon election/appoantment to ensure that they are aware, undentand and accept their duties and responsibilities as provided in Circular No. 1127. Classification: GENERAT

Annex D Risk management policies and procedures covering but not limited to the following critical areas: Information Technology (lT), Information Security (lS), Business Continuity (BC) and Operational Risk Management (OFIM): Sec903.2 of BSPCircularNo. ll98 a. Organizational structure that has well￾defined roles and responsibilities for information, business processes, applications, lT infrastructure, and fraud prevention; b. Policies and procedures on the Particulars . lT organization structure indicating the fu nctions, roles and a I responsibilities for information, business processes, applications, lT i nfrastructu re, a nd fra u d p reve ntion obj ectives. Oversight/Governance committees for lT, Information Security and Business Continuity including details of its membership, functions, and responsibilities. lT and lS Strategic Plan Policies and procedures and standards covering lT Governance/Management, Development and Acquisition, lT operations, Communication networks, lnformation Security, Project Management, lT Outsourcing, Vendor Management and Risk ldentification, Assessment, Fleporting and Monitoring. lT infrastructure set-up including the description of application/systems, system interfaces, network diagram for both Wide Area Network (WAN)/Local Area Network (LAN ), Information security and fraud prevention/detection tools and Disaster recovery arrangement/s. Incident management process covering incident identification/detection, containment, eradication, recovery, lessons learned and ongoing improvement. Incident response plan and procedures providing a roadmap for implementing an incident response process; describing the structure and organization that supports the incident response process; classiffing incidents, defining reportable and escalation protocols; defining metrics for assessing the incident response process; and defining resources and management support needed to effectively maintain and continuously improve the incident response process Business Continuity Plan - a documented plan detailing the orderly and expeditious process of recovery, resumption, and restoration of business functions in the event of disruptions. It should be able to cover and establish linkages among its multiple components, such as communication plan, crisis management plan, contingency funding plan, and technology recovery plan. Disaster Flecovery Plan - a documented plan detailing the technology strategy and requirements during recovery for business and support functions. Framework for assessing and managing lT, lS, Operational risks. Operational guidelines/measures to protect customer data, transactions, and systems that are commensurate with the level of risk and complexity of the payment services offered and the technologies identification. measurement. monitoring and controlling of data security and lT risks on a periodic basis; c. Appropriate lT and security infrastructure and systems for prevention and detection of cybersecurity and fraud, including processes and procedures on prevention, detection and monitoring to mitigate cybersecurity and fraud risk; d. Mechanism for monitoring, handling, and reporting incidents and breaches related to data security, lT, and fraud; a o supporting said services. . Flesults/reports of recent lT, lS and Operational risk assessment/s conducted g. Sufficient resources to hire and train Details of the organization's business and support units and information on employees to ensure that the have the the number of personnel complement necessary capacity and expertise to meet the requirements for lT and the business lines it supports e. Effective business continuity plan and disaster recovery plan for, at minimum, all critical business fu nctions: f. lndependent assessment of risk . management process and controls . Classification: GENERAL

Annex D Risk management policies and procedures coverinj Uut not limiied to the following critical areas: lnformation Clrculer Ho.n98 Prillculers Control security requirements to recommendations, latest encryption op€rating system. system{application software, databases, application standards, transport channel security, programming interface, among others. among others, based on international standards and recognized principles of international practice for ITRM : i. Measures to ensure compliance with i Policies and procedures on data loss prevention, privacy, storage, applicable data storage and privacy j transmission, and retention requirements, such as not storing the i customer card credentials within their ' database or the setver accessed by the merchant. Te'qhnologv (lT)' lqlormation s€curity (lS}-Eg{nqc,9q!inulU (BC) and operational Risk Managgnent (oRM},, Classification: GENERAL

Annex E cHECKL|ST OF REQUTREMENTS FOR OPS-MAL AppLtCATtON Minimum Requirements submitted Indicate document name and reference to specific page/section/number lf not submitted, indicate reason for non-submission Yes No Phase I Detemination of .pplicant': alleibilitv fur MAL I Application for Registration as Operator of Payment System (OPS) and/or Merchant Acquisition License (MAL) signed by the president, chief executive officer, or a senior officer holding an equivalent position (Annex A). Notarized Special Power of Attorney (SPA)/Board Flesolution, authorizing a person/firm other than the Applicant to apply for MAL 2. Notarized Secretary's Certificate (or equivalent document for foreign applicant) attesting that the Board of Directors (or equivalent management committee in the case of foreign applicant) has approved the application for MAL 3. 4. For single proprietorship: . Copy of Certificate of Business Name Flegistration For new partners hip/corpo ration/cooperative: . Proposed Articles of Partnership (AOP)/Articles of Incorporation (AOl)/ Articles of Cooperation (AOC) . Proposed By-laws . Proof of approvaUreservation of entity name from the Securities and Exchange Commission (SEC)/Cooperative Development Authority (CDA) . Certification signed by Partners/lncorporators on their approval of the proposed AOP/AOI/AOC and By-laws For existi ng partners h i p/corporation/cooperative: . Proposed amended AoP/Aol/Aoc . Current AOP/AOI/AOC certified by the SEC/CDA . Proposed amended By-laws . Notarized and signed Secretary's Certificate on the approval of the amendments to the AOP/AOI/AOC and By-laws . General Information Sheet as of the date of meeting when the amendment/s to AOI and/or By-laws wasfwere approved r Notarized Secretary's Certificate on no pending case of intra￾corporate dispute 5. Business plan, which includes the following minimum information: a. Company overview, business model and operational network b. Profile of target market/s/clientele/s c. Proposed products or services with complete description of its features and transactions/processes, including the security controls and measures. The applicant may also provide a copy of its user manual, terms, and conditions in using its system. d. Information whether the proposed products or services are incidental to, or bundled with, any other products or services e. Diagram of the configuration of the system/s supporting the proposed products and services, showing the linkages of host systems, network infrastructure, security tools, and disaster recovery set-up f. Detailed narrative of funds flow/channels, including transaction/process fl owcharts fo r eac h prod uct/service offered. The i | | ustrations/d iag rams should clearly provide the following information: . Merchant onboarding/Know-Your-Customer (KYC) and the corresponding due diligence processes . Description from the start to end of a typical transaction, including the acceptable sources of fund that the applicant will accept until the obligation to its end user/customer is fully discharged . lllustration of the interactions between the end user/customer and the applicant and the flow of funds . Timelines for the payment and settlement cycles, including service level agreements with third parties, as applicable and . Information on the involvement of third parties (e.9., payment seruice oroviders. banks. intermediaries. other aoents) and their Classification : GEN ERAL

Annex E CHECKLTST OF REQUTREMENTS FOR OPS-MAL AppLtCATtON Minimum Requirements Submitted Indicate document name and refetence to specific page/section/number lf not submitted, indicate reason for non-submission Yes No roles in the process g. Pricing mechanism and schedule of fees (i.e., merchants, end￾users/customers ) h. lmplementation plans, target milestones for business/product launch, including systems. processes, and third parties which will perform key roles in its operations i. For applicants that are part of a global payment services group or affiliates of foreign entities under different jurisdiction/s: . Corporate background . Conglomerate structure/map where the applicant belongs, and financial and commercial relationship with the Philippine government, local banks, business entities and residents, past and present . List of domestic and foreign branches, agencies, other offices, subsidiaries, and affiliates and their location and line of business, including range of financial and non-financial products offered to and services performed for clients . Jurisdictionsserviced . Role of the applicant within the group . Functions or services it will provide to related corporations/entities within the group/jurisdiction/s served, if any . Flesources shared by the group to support its operations in the Philippines . Copy of applicable license/registration and status as issued by its foreign regulator/s and . Enforcement action/investigation including status thereof which the applicant or any of its related entities are parties to j. Other activities regulated by the Bangko Sentral which the applicant conducts or intends to conduct (e.9., electronic money, money service businesses, etc.) The salient points of its business plan shall be included in the deck to be used in the conduct of business model presentation. Copy of the valid business license/permit indicating the line of business of the applicant from the city or municipality that has territorial jurisdiction over the place of establishment and operation of the applicant for the current oeriod 6. 7. Proof of financial capacity i. For New Entity: Treasurer's Affidavit supported by proof of payment of contributed/subscribed capital or Bank Certification (for sole proprietorship) ii. For Existing Entity: Latest Audited Financial Statement and Latest Interim Balance Sheet signed by the Owner/Managing Pa rtner/President The MAL categories and minimum required capital are as follows: Avefage Monthly Value of Collected Funds Transferred to Merchants in the Applicable period Category Minimum Flequired Capital lLessthanPloomillion I 5 Classification : GEN ERAL

Annex E CHECKLIST OF REQUIREMENTS FOR OPS-MAL APPLICATION Minimum Requirements submitted Indicate document name and reference to specific page/section/number lf not submitted, indicate reason for non-submission Yes No L Proof of payment of non-refundable filing fee, whichever is applicable Category Amount A Flo,ooo.oo B F20.ooo.oo Additional Documents Submitted. if applicable: I <lnsert Document Name> 2. <lnsert additional row below, as applicable> PHASE 2 Evaluation of application for MAL A registered OPS-MPAA need not submit item 2 below if the information hom previously submitted document during registration remain thesame. Compliance with fitness and propriety requirements by the proprietor, partners, directors, president or officer of equivalent rank and function, and over-all head of the entity and the head of the compliance unit, as the case may be a. b. Personal Data and Authorization Form (Annex B) National Bureau of Investigation (NBl) Clearance, or its equivalent, if issued in foreign jurisdiction (with validity of at least six (6) months from the date of aoplication) 2. Accomplished Certifi cation and Self-Assessment on the Compliance with the Applicable Provisions of Circular No. ll27 on the Governance Policy for OPS {Annex C) Flisk management policies and procedures covering but not limited to the following critical areas: Information Technology, Information Security, Business Continuity and Operational Risk Management (Annex D) Please refer to the matrix in Annex D on the minimum required information based on applicable issuances/regulations. The applicant is likewise advised to regularly monitor the BSP website (Regulations)on additional applicable issuances that mav be issued. 4. Merchant management policies and procedures, including due diligence and aoproval criteria. onboardi nq. and monitorinq 5. Merchant protection policies and procedures, particularly redress mechanism 6. Templates of agreements/contracts with merchants, settlement banks, third party providers and other entities that are necessary in the provision of merchant acquisition service. as applicable Additional Documents submitted. if aoolicable: l. <lnsert Document Name> 2. <lnsert additional row below, as applicable> PIIASE 3lsru.rrc. of MAL lf applicatior fee Amount F25.OOO.OO Classification : GEN ERAL