[Template] Payments Compliance Risk Programs

Payments Compliance and Risk Programs In recognition of the complex and ever-evolving CONTENTS legal, regulatory, and operational nature of payroll Anti-Money and payments processing, Rippling maintains Laundering program a variety of programs within the Compliance and Risk and fraud Risk organizations and includes comprehensive operations policies covering: Bank Secrecy Act and Anti- Office of Foreign Asset Money Laundering (BSA/AML), fraud, credit risk, Controls Office of Foreign Asset Controls (OFAC), ACH Audit programs operations and Nacha Compliance, and indepen- dent audit programs. Rippling’s Compliance and Risk programs are based on industry best practices that often exceed the regulatory requirements governing payment processors. Such policies and programs are approved by management and available to Rippling employees. Additionally, access to spe- 1 cific processes related to confidential controls is 2 12 5 0 internally restricted to protect the integrity of the _ ts en m program. y a P _ er p a ep t i h W : E M A N E L I F

Anti-Money Laundering program Our AML program utilizes risk-based policies and controls to monitor the inherent risks with our unique product offerings and customer portfolios. Internal policies All high-level and relevant compliance policies, including the AML Policy and AML Risk Assessment, are reviewed annually and approved by the Board of Directors. Program and procedure documentation providing more detailed information on operational standards is maintained by the Compliance team and internally restricted to protect sensitive information as needed. Compliance officer The Compliance program is overseen by the Board-appointed Compliance Officer, with experience in payments and financial transac- tions compliance. Training Rippling conducts annual AML and risk training for all employees working on payments-related products, including targeted team training focused on specific risks that vary by function. Independent testing Rippling undergoes an annual third-party audit to evaluate the overall adequacy and maturity of our BSA/AML compliance program and adherence to regulatory requirements. Customer due diligence Rippling maintains a robust Know Your Customer (KYC) program (also known as a Customer Due Diligence program), which includes enhanced due diligence procedures designed to understand customer risk profiles and provide a greater level of scrutiny where appropriate. Risk and fraud operations Robust fraud detection and risk mitigation measures are essential to ensuring a safe and healthy payments and payroll platform and overall financial ecosystem. To this end, Rippling has developed and runs a rippling.com | Payments Compliance and Risk Programs 2

prevention, detection, and investigation program to identify and control credit, fraud, and operational risks and protect our customers, their employees, and our partners from bad actors. Customer identity verification Risk mitigation and fraud prevention start with customer onboarding. At Rippling, customers are required to provide critical KYC information at onboarding. Rippling utilizes this information, internal tools, and leading providers of authentication and verification services to manage Automated Clearing House (ACH), credit, and fraud exposure, including through the establishment of limits and other appropriate controls. Transaction monitoring Rippling maintains a robust detection program to systematically monitor daily payroll run activity for anomalous or inconsistent data and outliers for both credit and fraud purposes. Additionally, Rippling leverages custom transaction monitoring rules based on known money laundering typologies targeted at payments processors with a particular emphasis on payroll. Risk teams follow defined investigation procedures and standards for transactions flagged by these controls to facilitate a timely response and report suspicious activity when necessary. Office of Foreign Asset Controls sanctions program Rippling maintains robust policies and procedures to ensure that com- pany services are not utilized by, or on behalf of, sanctioned parties as defined by the United States Office of Foreign Assets Control (OFAC). Rippling’s OFAC policy is reviewed annually and approved by the Board. As part of this program, Rippling maintains a continuous monitoring system to ensure that changes to the Specially Designated Nationals and Blocked Person List (SDN List) are updated on a daily basis, and that customers, employees, and contractors are screened against this list at onboarding and in advance of payments transactions. Rippling also utilizes technical controls and blocks product to prohibit payments to countries that are under a comprehensive sanctions program. rippling.com | Payments Compliance and Risk Programs 3

Audit programs Rippling believes that a robust payments and payroll Compliance and Risk program must include independent assessments of key policies, procedures, and other controls. To this end, Rippling leverages experienced independent auditors specializing in fintech compliance to review and assess our major Compliance and Risk programs on an annual basis. Anti-money laundering audit Rippling’s AML and OFAC programs are independently assessed on an annual basis. These reviews test the overall integrity and effectiveness of the AML and OFAC systems, controls, and technical compliance with the Bank Secrecy Act and other applicable laws and regulations. The reviews also evaluate the effectiveness of company procedures and employee knowledge of and execution against those procedures. Fraud and risk audit Rippling’s Fraud and Risk program is independently reviewed each year to test the maturity and strength of Rippling’s fraud and credit risk controls, including the effectiveness of prevention and detection controls and the efficiency of mitigation procedures. Nacha audit Rippling’s ACH Program is reviewed annually to ensure that all processes are executed in compliance with the Nacha Operating Rules, the governing organization of the ACH Network. This audit includes a review of our compliance policies and framework, information security policies, and other operational procedures relevant to the creation, transmission, and return of ACH files with partner institutions. Rippling helps businesses manage all their employee operations— Rippling helps businesses manage all their employee operations— from HR to IT—in a single place, enabling you to automate payroll, from HR to IT—in a single place, enabling you to automate payroll, benefits, computers, apps, and more. benefits, computers, apps, and more. ©© 2 2002211 R Ripippplinlingg 4