Documenting and Reporting Breaches 6.1 Business Associate shall report to Covered Entity any Breach of Unsecured PHI, including Breaches reported to it by a Subcontractor, as soon as it (or any of its employees or agents) becomes aware of any such Breach, and in no case later than two (2) business days after it (or any of its employees or agents) becomes aware of the Breach, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security.
6.2 Business Associate shall provide Covered Entity with the names of the individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of the Breach and any other available information that is required to be given to the affected individuals, as set forth in 45 CFR § 164.404(c), and, if requested by Covered Entity, information necessary for Covered Entity to investigate the impermissible use or disclosure. Business Associate shall continue to provide to Covered Entity information concerning the Breach as it becomes available to it. Business Associate shall require its Subcontractor(s) to agree to these same terms and conditions.
6.3 When Business Associate determines that an impermissible acquisition, use or disclosure of PHI by a member of its workforce is not a Breach, as that term is defined in 45 CFR § 164.402, and therefore does not necessitate notice to the impacted individual(s), it shall document its assessment of risk, conducted as set forth in 45 CFR § 402(2). When requested by Covered Entity, Business Associate shall make its risk assessments available to Covered Entity. It shall also provide Covered Entity with 1) the name of the person(s) making the assessment, 2) a brief summary of the facts, and 3) a brief statement of the reasons supporting the determination of low probability that the PHI had been compromised. When a breach is the responsibility of a member of its Subcontractor’s workforce, Business Associate shall either 1) conduct its own risk assessment and draft a summary of the event and assessment or 2) require its Subcontractor to conduct the assessment and draft a summary of the event. In either case, Business Associate shall make these assessments and reports available to Covered Entity.
6.4 Business Associate shall require, by contract, a Subcontractor to report to Business Associate and Covered Entity any Breach of which the Subcontractor becomes aware, no later than two (2) business days after becomes aware of the Breach.
Collateral Reporting and Covenants Each Borrower hereby covenants and agrees, on behalf of itself and its Subsidiaries, as applicable below, as follows:
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Annual Reports on Assessment of Compliance with Servicing Criteria (a) On or before March 1 of each year commencing in March 2018, the Master Servicer, the Special Servicer, the Certificate Administrator, the Custodian, the Operating Advisor and, if it has made (or is required to make) an Advance during the applicable calendar year, the Trustee, each at its own expense, shall furnish (and each of the preceding parties, as applicable, (i) with respect to any Servicing Function Participant of such party that is a Mortgage Loan Seller Sub-Servicer, shall use commercially reasonable efforts to cause such Servicing Function Participant to furnish, and (ii) with respect to any other Servicing Function Participant of such party (other than any party to this Agreement), shall cause such Servicing Function Participant to furnish) (each Master Servicer, the Special Servicer, the Certificate Administrator, the Custodian, the Operating Advisor, any Servicing Function Participant and, if it has made (or is required to make) an Advance during the applicable calendar year, the Trustee, as the case may be, a “Reporting Servicer”) to the Certificate Administrator, the Trustee, the Serviced Companion Loan Holders (or, in the case of a Serviced Companion Loan that is part of an Other Securitization Trust, the applicable Other Depositor and Other Exchange Act Reporting Party), the Operating Advisor (only in the case of a report furnished by the Special Servicer) and the Depositor, a report on an assessment of compliance with the Relevant Servicing Criteria (together with a copy thereof in XXXXX-Compatible Format, or in such other format as otherwise agreed upon by the Depositor, the Certificate Administrator, the applicable Other Depositor, the applicable Other Exchange Act Reporting Party and the applicable Certifying Servicer) that complies in all material respects with the requirements of Item 1122 of Regulation AB and contains (A) a statement by such Reporting Servicer of its responsibility for assessing compliance with the Relevant Servicing Criteria, (B) a statement that such Reporting Servicer used the Servicing Criteria to assess compliance with the Relevant Servicing Criteria, (C) such Reporting Servicer’s assessment of compliance with the Relevant Servicing Criteria as of the end of and for the preceding calendar year, including, if there has been any material instance of noncompliance with the Relevant Servicing Criteria, a discussion of each such failure and the nature and status thereof and (D) a statement that a registered public accounting firm has issued an attestation report on such Reporting Servicer’s assessment of compliance with the Relevant Servicing Criteria as of and for such period. Copies of all compliance reports delivered pursuant to this Section 10.09 shall be provided to any Certificateholder, upon the written request thereof, by the Certificate Administrator. Each such report shall be addressed to the Depositor and each Other Depositor (if addressed) and signed by an authorized officer of the applicable company, and shall address each of the Relevant Servicing Criteria specified on a certification substantially in the form of Exhibit O to this Agreement delivered to the Depositor on the Closing Date. Promptly after receipt of each such report, (i) the Depositor and each Other Depositor may review each such report and, if applicable, consult with the each Reporting Servicer as to the nature of any material instance of noncompliance with the Relevant Servicing Criteria, and (ii) the Certificate Administrator shall confirm that the assessments, taken individually address the Relevant Servicing Criteria for each party as set forth on Exhibit O to this Agreement and notify the Depositor of any exceptions. For the avoidance of doubt, the Trustee shall have no obligation or duty to determine whether any such report (other than any such report furnished by the Trustee or any Servicing Function Participant of the Trustee) is in form and substance in compliance with the requirements of Regulation AB.
(b) On the Closing Date, the Master Servicer, the Special Servicer, the Certificate Administrator, the Custodian, the Trustee and the Operating Advisor each acknowledge and agree that Exhibit O to this Agreement sets forth the Relevant Servicing Criteria for such party.
(c) No later than the end of each fiscal year for the Trust, the Master Servicer, the Special Servicer, the Certificate Administrator, the Custodian, the Operating Advisor and, if it has made (or is required to make) an Advance during such fiscal year, the Trustee shall notify the Certificate Administrator, the Depositor, each Other Exchange Act Reporting Party and each Other Depositor as to the name of each Servicing Function Participant utilized by it, and the Certificate Administrator shall notify the Depositor and each Other Depositor as to the name of each Servicing Function Participant utilized by it, during such fiscal year, and each such notice will specify what specific Servicing Criteria will be addressed in the report on assessment of compliance prepared by such Servicing Function Participant. When the Master Servicer, the Special Servicer, the Certificate Administrator, the Custodian, the Trustee (if applicable), the Operating Advisor and any Servicing Function Participant submit their assessments pursuant to Section 10.09(a) of this Agreement, such parties will also at such time include the assessment (and related attestation pursuant to Section 10.10 of this Agreement) of each Servicing Function Participant engaged by it. The fiscal year for the Trust shall be January 1 through and including December 31 of each calendar year.
(d) In the event the Master Servicer, the Special Servicer, the Certificate Administrator, the Custodian, the Trustee (if it has made, or is required to make, an Advance during the applicable period) or the Operating Advisor is terminated or resigns pursuant to the terms of this Agreement, such party shall provide, and each such party shall cause (or, if the Servicing Function Participant is a Mortgage Loan Seller Sub-Servicer, shall use commercially reasonable efforts to cause) any Servicing Function Participant of such party to provide (and the Master Servicer, the Special Servicer and the Certificate Administrator shall, with respect to any Servicing Function Participant that resigns or is terminated under any applicable servicing agreement, cause such Servicing Function Participant (or, in the case of each Servicing Function Participant that is a Mortgage Loan Seller Sub-Servicer, shall use commercially reasonable efforts to cause such Servicing Function Participant) to provide) an annual assessment of compliance pursuant to this Section 10.09, coupled with an attestation as required in Section 10.10 of this Agreement with respect to the period of time that the Master Servicer, the Special Servicer, the Certificate Administrator, the Custodian, the Trustee (if it has made, or is required to make, an Advance during such period of time) or the Operating Advisor was subject to this Agreement or the period of time that the applicable Servicing Function Participant was subject to such other servicing agreement. With respect to each Outside Serviced Mortgage Loan serviced under the applicable Outside Servicing Agreement, the Certificate Administrator shall use commercially reasonable efforts to obtain, and upon receipt deliver to the Depositor, an annual report on assessment of compliance as described in this Section and an attestation as described in Section 10.10 from the related Outside Servicer, Outside Special Servicer, Outside Custodian, Outside Trustee and Outside Paying Agent or Outside Certificate Administrator and in form and substance similar to the annual report on assessment of compliance described in this Section 10.09 and the attestation described in Section 10.10.
Credit Reporting; Gramm-Leach-Bliley Act (a) With respect to each Mortgage Loan, each Sexxxxxx xxxxxx xx xully furnish, in accordance with the Fair Credit Reporting Act and its implementing regulations, accurate and complete information (e.g., favorable and unfavorable) on its borrower credit files to Equifax, Experian and TransUnion Credit Information Company (three of the credit repositories), on a monthly basis.
(b) Each Servicer shall comply with Title V of the Gramm-Leach-Bliley Act of 1999 and all applicable regulations promulgatxx xxxxxxxxxx, xxxating to the Mortgage Loans required to be serviced by it and the related borrowers and shall provide all required notices thereunder.
Financial Reporting and Rent Rolls Each Mortgage Loan requires the Mortgagor to provide the owner or holder of the Mortgage Loan with (a) quarterly (other than for single-tenant properties) and annual operating statements, (b) quarterly (other than for single-tenant properties) rent rolls (or maintenance schedules in the case of Mortgage Loans secured by residential cooperative properties) for properties that have any individual lease which accounts for more than 5% of the in-place base rent, and (c) annual financial statements.
Reference to and Effect on the Credit Agreement (a) Upon the effectiveness hereof, on and after the date hereof, each reference in the Credit Agreement to “this Agreement,” “hereunder,” “hereof,” “herein,” or words of like import, shall mean and be a reference to the Credit Agreement as amended hereby.
(b) Except as specifically amended by this Amendment, the Credit Agreement shall remain in full force and effect and is hereby ratified and confirmed.
Standard of Care; Reliance on Records and Instructions; Indemnification BISYS shall use its best efforts to ensure the accuracy of all services performed under this Agreement, but shall not be liable to the Trust for any action taken or omitted by BISYS in the absence of bad faith, willful misfeasance, negligence or from reckless disregard by it of its obligations and duties. The Trust agrees to indemnify and hold harmless BISYS, its employees, agents, directors, officers and nominees from and against any and all claims, demands, actions and suits, whether groundless or otherwise, and from and against any and all judgments, liabilities, losses, damages, costs, charges, counsel fees and other expenses of every nature and character arising out of or in any way relating to BISYS' actions taken or nonactions with respect to the performance of services under this Agreement or based, if applicable, upon reasonable reliance on information, records, instructions or requests given or made to BISYS by the Trust, the investment adviser and on any records provided by any fund accountant or custodian thereof; provided that this indemnification shall not apply to actions or omissions of BISYS in cases of its own bad faith, willful misfeasance, negligence or from reckless disregard by it of its obligations and duties; and further provided that prior to confessing any claim against it which may be the subject of this indemnification, BISYS shall give the Trust written notice of and reasonable opportunity to defend against said claim in its own name or in the name of BISYS.
Reference to and Effect on the Loan Agreement Except as expressly provided herein, the Loan Agreement and all other Loan Documents shall remain unmodified and in full force and effect and are hereby ratified and confirmed. The execution, delivery, and effectiveness of this Amendment shall not operate as a waiver or forbearance of (a) any right, power, or remedy of the Lenders under the Loan Agreement or any of the other Loan Documents or (b) any Default or Event of Default. This Amendment shall constitute a Loan Document.
Amendment of Protected Health Information 8.1 To the extent Covered Entity determines that any Protected Health Information is maintained by Business Associate or its agents or Subcontractors in a Designated Record Set, Business Associate shall, within ten (10) business days after receipt of a written request from Covered Entity, make any amendments to such Protected Health Information that are requested by Covered Entity, in order for Covered Entity to meet the requirements of 45 C.F.R. § 164.526.
8.2 If any Individual requests an amendment to Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate shall notify Covered Entity in writing within five (5) days of the receipt of the request. Whether an amendment shall be granted or denied shall be determined by Covered Entity.
