WACHOVIA BANK, NATIONAL ASSOCIATION and BARCLAYS BANK DELAWARE SERVICE LEVEL AND FEE AGREEMENT FOR ACH SERVICES
Exhibit
99.6
|
[***] = Pursuant to 15 CFR 230.406, confidential information has been omitted and has been filed separately with the Securities and Exchange Commission pursuant to a Confidential Treatment Application filed with the Commission.
WACHOVIA BANK, NATIONAL ASSOCIATION
and
BARCLAYS BANK DELAWARE
SERVICE LEVEL AND FEE AGREEMENT FOR ACH SERVICES
This Agreement, dated as of February I, 2010 is between Barclays Bank Delaware, of 000 Xxxxx Xxxx Xxxxxx, Xxxxxxxxxx, Xxxxxxxx 00000 (“BARCLAYS”) and Wachovia Bank, National Association of Xxx Xxxxx Xxxxx Xxxxxx, Xxxxxxxxxxxx, Xxxxxxxxxxxx 00000 (“WACHOVIA”).
RECITALS
A. BARCLAYS wishes to initiate Debit and Credit Entries by means of the Automated Clearing House Network pursuant to the terms of this Agreement, the rules of the National Automated Clearing House Association, EPN and the Federal Reserve (the “Rules”) and the Deposit Agreement and Disclosures for Commercial Accounts and related service descriptions that govern any accounts maintained by BARCLAYS at Wachovia (the “CDA”), and WACHOVIA is willing to act as an Originating Depository Financial Institution with respect to such Entries.
B. Unless otherwise defined herein, capitalized terms shall have the meanings provided in the Rules. The term “Entries” shall have the meaning provided in the Rules and shall also mean the data received from BARCLAYS hereunder from which WACHOVIA prepares Entries.
AGREEMENT
1. Services. This Agreement defines the fees and expenses BARCLAYS will pay to Wachovia for the ACH services described herein. Those fees are listed on Exhibit A that is attached hereto and made a part hereof. In the event that BARCLAYS changes its operating instructions to Wachovia, Wachovia may reasonably adjust its fees for services when such change goes into affect; otherwise, Wachovia [***] the [***] to [***] its [***] under this Agreement [***] from the effective date of this Agreement upon [***] to BARCLAYS. Any amendment to this Agreement will become effective as stated in any written amendment executed by the Parties. The fees and expenses set forth on Exhibit A do not include, and BARCLAYS shall be responsible for payment of, any [***] or other similar [***] relating to such services, and any [***] or [***] provided for in the [***]. The services provided hereunder shall conform to the Service Standards set forth in Exhibit B hereto.
2. Transmittal of Entries By BARCLAYS. BARCLAYS shall transmit debit and credit Entries to WACHOVIA to the location(s) and in compliance with the formatting and other requirements, the Rules and the CDA.
3. Security Procedure.
(a) BARCLAYS and WACHOVIA shall comply with the security procedure requirements described in Exhibits D & H attached hereto with respect to Entries transmitted by BARCLAYS to WACHOVIA. BARCLAYS acknowledges that the purpose of such security procedure is for verification of authenticity and not to detect an error in the transmission or content of an Entry.
(b) BARCLAYS is strictly responsible to establish and maintain the procedures to safeguard against unauthorized transmissions. BARCLAYS warrants that no individual will be allowed to initiate transfers in the absence of proper supervision and safeguards, and agrees to maintain the confidentiality of the security procedures and any passwords, codes, security devices and related instructions provided by the WACHOVIA in connection with the security procedures described in Exhibit D. If BARCLAYS believes or suspects that any such information or instructions have been known or accessed by unauthorized persons, BARCLAYS agrees to notify WACHOVIA [***] followed by [***]. The occurrence of [***] affect any transfers made in [***] by WACHOVIA prior to receipt of such notification and within a [***] to prevent unauthorized transfers.
4. Compliance With Security Procedures.
If an Entry (or a request for cancellation or amendment of an Entry) received by WACHOVIA purports to have been transmitted or authorized by BARCLAYS, it will be deemed effective as BARCLAYS Entry (or request), provided WACHOVIA accepted the Entry in good faith and acted in compliance with the security procedure referred to in Exhibit D with respect to such entry. If signature comparison is to be used as part of that security procedure, WACHOVIA shall be deemed to have complied with that part of such procedure if it compares the signature accompanying a file of Entries (or request for cancellation or amendment of an Entry) received with the signature of an authorized representative of BARCLAYS, (an Authorized Representative”) and , on the basis of such comparison, believes the signature accompanying such file to be that of such authorized representative.
5. Recording and Use of Communications. BARCLAYS and WACHOVIA agree that all telephone conversations or data transmissions between them or their agents made in connection with the Agreement may be electronically recorded and retained by either party by use of any reasonable means.
6. Processing, Transmittal and Settlement by WACHOVIA.
(a) Except as provided in Section 8, Rejection of Entries, WACHOVIA shall (i) process Entries received from BARCLAYS to conform with the file specifications set forth in the Rules, (ii) transmit such Entries as an Originating Depository Financial Institution to EPN
and / or the FED (the “ACH”) acting as an Automated Clearing House Operator, and (iii) settle for such Entries as provided in the Rules.
(b) WACHOVIA shall transmit such Entries to the ACH by the deadline of the ACH set forth in Exhibit E attached hereto on the Effective Entry Date shown in such Entries, provided (i) such Entries are received by WACHOVIA’s related cut-off time set forth on Exhibit E on a business day, (ii) the Effective Entry Date is at least one business day after such business day, and (iii) the ACH is open for business on such business day. For purposes of this Agreement a “business day” is a day on which WACHOVIA is open to the public for carrying on substantially all of its business, and Entries shall be deemed received by WACHOVIA, in the case of transmittal by electronic transmission, when the transmission (and compliance with any related security procedure provided for herein) is completed.
(c) If any of the requirements of clause (i), (ii) or (iii) of Section 6(b) is not met, WACHOVIA shall use reasonable efforts to transmit such Entries to the ACH by the next deposit deadline of the ACH following that specified in Exhibit E, which is a business day and a day on which the ACH is open for business. In this case, the effective date of the transaction shall the date received.
7. On-Us Entries. Except as provided in Section 8, Rejection of Entries, in the case of an Entry received for credit to an account maintained with WACHOVIA (an “On-Us Entry”), WACHOVIA shall credit the Receiver’s account in the amount of such Entry on the Effective Entry Date contained in such Entry, provided the requirement set forth in clauses (i) and (ii) of Section 6(b) are met. If either of those requirements is not met, WACHOVIA shall use reasonable efforts to credit the Receiver’s account in the amount of such Entry no later than the next business day following such Effective Entry Date.
8. Rejection of Entries. WACHOVIA may reject any Entry which does not comply with the requirements of Section 2, Transmittal of Entries by BARCLAYS, or Section 3, Security Procedure, or which contains an Effective Entry Date more than 2 days after the business day such Entry is received by WACHOVIA. WACHOVIA may reject an On-Us Entry for any reason for which an Entry may be returned under the Rules. WACHOVIA may reject any Entry if BARCLAYS has failed to comply with its account balance obligations under Section 12, The Account. WACHOVIA may reject any entry if BARCLAYS does not adhere to security procedures as described in Exhibit D. WACHOVIA shall notify BARCLAYS by electronic transmission of such rejection no later than the business day such Entry would otherwise have been transmitted by WACHOVIA to the ACH, or, in the case of an On-Us entry, its Effective Entry Date. Notices of rejection shall be effective when given. WACHOVIA shall [***] no [***] to BARCLAYS by reason of the [***] of any such [***] or the fact that such [***] is [***] at an [***] than that provided for herein.
9. Cancellation of Amendment by BARCLAYS. BARCLAYS shall have no right to cancel or amend any Entry after its receipt by WACHOVIA. However, if such request complies with the security procedures described in Exhibit D for the cancellation of Data, WACHOVIA shall use reasonable efforts to act on a request by BARCLAYS for cancellation of an Entry prior to transmitting it to the ACH or, in the case of an On-Us Entry, prior to crediting a Receiver’s account, [***] shall [***] if such [***] is not [***]. Barclays shall [***] WACHOVIA for
any [***], or [***] WACHOVIA may [***] in [***] or attempting to [***] BARCLAYS request for the [***] of an [***].
10. Notice of Returned Entries. WACHOVIA shall notify BARCLAYS by electronic transmission of the receipt of a returned entry from the ACH no later than one business day after the business day of such receipt. [***] for an [***] by BARCLAYS in accordance with the requirements of Section 2, Transmittal of Entries by BARCLAYS, WACHOVIA shall [***] to [***] a [***] to the [***] if WACHOVIA complied with the terms of this Agreement with respect to the [***].
11. The Account. WACHOVIA may, obtain payment of any amount due and payable to it under this Agreement including prior credits to any account of Barclays by debiting the account(s). (the “Account”), and Wachovia shall credit the Account for any amount received by WACHOVIA by reason of the return of an Entry transmitted by WACHOVIA for which WACHOVIA has previously received payment from BARCLAYS. Such credit shall be made as of the [***] of such receipt by WACHOVIA, if received in time to provide such credit on that day, otherwise, such credit will be made on the next business day. BARCLAYS shall at all times [***] a [***] of [***] in the [***] to [***] its [***] under this Agreement. In the event there are [***] in the [***] to [***] BARCLAYS [***] under this Agreement, BARCLAYS agrees that WACHOVIA will utilize BARCLAYS [***] to [***] the [***]. If the [***] does not [***] the [***] required, WACHOVIA will contact BARCLAYS to request a [***].
12. Account Reconciliation. Entries transmitted by WACHOVIA or credited to a Receiver’s account maintained with WACHOVIA will be reflected on BARCLAYS daily statement issued by WACHOVIA with respect to the Account pursuant to the CDA. BARCLAYS agrees to notify WACHOVIA promptly of any discrepancy between BARCLAYS records and the information shown on any periodic statement. If BARCLAYS [***] to [***] WACHOVIA of any [***] within [***] of receipt of a periodic statement containing such information, BARCLAYS agrees that WACHOVIA shall [***] be [***] for any other [***] resulting from BARCLAYS [***] to [***] such [***] or any [***] of [***] or any [***] with respect to an Entry shown on such periodic statement.
13. Compliance with; Law; Modifications to Achieve Regulatory Approval.
(a) WACHOVIA acknowledges that the performance of the Services under this Agreement is subject to the examination and regulatory authority of the Federal Deposit Insurance Corporation and any other Federal or state banking agency having examination, regulatory or enforcement authority over each of BARCLAYS and WACHOVIA (each, an “Agency”) pursuant to 12 U.S.C. §1867(e). WACHOVIA shall perform the Services in compliance with all applicable federal, state and local laws, government rules and regulations and Agency supervisory issuances (“Applicable Law”). The parties understand and acknowledge that BARCLAYS shall be responsible for complying with the Electronic Funds Transfer Act, including the error and dispute resolution procedures specified thereunder, and the regulations and interpretations promulgated thereto (including, without limitation, Regulation E of the Federal Reserve Board (“Regulation E”)); provided, however, that WACHOVIA shall be responsible, in addition to its other obligations hereunder, for complying with the procedures it has instituted and maintained to log, monitor and investigate authorized user inquiries and to
report results to BARCLAYS within time limits established under Regulation E (the “Billing Error Procedures”), as set forth on Exhibit F. WACHOVIA’s failure to maintain or materially comply with the Billing Error Procedures set forth on Exhibit F shall constitute a material breach of this Agreement for the purposes of Section 28; provided, however, that a failure of WACHOVIA to comply with the Billing Error Procedures set forth on Exhibit F below that does not amount to a failure to materially comply therewith shall nonetheless constitute a material breach of this Agreement for the purposes of Section 28 in the event that WACHOVIA has failed to act in good faith with respect thereto.
(b) If either party reasonably determines that modification to the Services is necessary to achieve compliance with Applicable Law or to satisfy the recommendations of an Agency, or that modification to the Services is necessary to address a change in Applicable Law then the parties shall work cooperatively with each other to bring the Service into compliance with Applicable Law concerns through reasonable modifications, with appropriate reasonable fee increases, if necessary. Provided such fee increase shall be equally borne by similarly situated customers of WACHOVIA. If BARCLAYS reasonable determines that a change in any BARCLAYS Policy necessary to more fully comply with Applicable Law, but not in response to a change in Applicable Law, BARCLAYS may notify WACHOVIA of such determination and request WACHOVIA to make specific modification(s) to the Services that address BARCLAYS regulatory concerns. In which case, WACHOVIA shall, without any obligation to modify the Services, work cooperatively with BARCLAYS to attempt to address BARCLAYS concerns through reasonable modifications, with appropriate reasonable fee increases, if necessary. If WACHOVIA and BARCLAYS disagree over the need for or extent of modifications required, or the charges to be assessed, BARCLAYS [***] to [***] the [***] without [***] upon [***] to WACHOVIA or such [***] so to [***] with applicable [***].
14. BARCLAYS Representations And Agreements, Indemnity. With respect to each and every Entry initiated by BARCLAYS, BARCLAYS represents and warrants to WACHOVIA and agrees that (a) each person shown as the Receiver on an Entry received by WACHOVIA from BARCLAYS has authorized the initiation of such Entry and the crediting of its account in the amount and on the Effective Entry Date shown on such Entry, (b) such authorization is operative at the time of transmittal or crediting by WACHOVIA as provided herein; (c) Entries transmitted to WACHOVIA by BARCLAYS are limited to those types of Entries set forth in Section 2, Transmittal of Entries By BARCLAYS, (d) BARCLAYS shall perform its obligations under this Agreement in accordance with all applicable laws and regulations, including the sanctions laws administered by OFAC, and (e) BARCLAYS shall be bound by and comply with the Rules as in effect from time to time, including, without limitation, the provision making payment of an Entry by the Receiving Depository WACHOVIA to the Receiver provisional until receipt by the Receiving Depository WACHOVIA of final settlement for such Entry. BARCLAYS specifically acknowledges that it has received notice of the Rule regarding provisional payment and of the fact that, if such settlement is not received, the Receiving Depository WACHOVIA shall be entitled to a refund from the Receiver of the amount credited and BARCLAYS shall not be deemed to have paid the Receiver the amount of the Entry. BARCLAYS shall indemnify WACHOVIA against any loss, liability or expense (including attorneys’ fees and expenses resulting from or arising out of any breach of any of the foregoing representations or agreements.
15. WACHOVIA Representations And Agreements, Indemnity. WACHOVIA represents and warrants that (i) it shall furnish the Services to the Client in accordance with the Service parameters set forth in Exhibits A & B, (ii) it has all requisite power and authority to enter into this Agreement and to carry out its provisions, (iii) this Agreement has been duly authorized and validly executed and delivered by WACHOVIA; (iv) there are no actions, suits, proceedings (including arbitration), or regulatory investigations pending that might affect their ability to carry out its obligations; (v) that no person providing service to Barclays hereunder shall have been convicted of or pled nolo contendere or no contest to a crime involving dishonesty or breach of trust or money laundering or has agreed to enter into a pretrial diversion program or similar program in connection with a prosecution of such offense and that WACHOVIA shall immediately reassign each person who is discovered to have been convicted of, plead nolo contendere or no contest to a crime of dishonesty or breach of trust or money laundering or has agreed to enter into a pretrial diversion program or similar program in connection with a prosecution of such offense and in the event a person is reassigned as a result of this Section 5(b) WACHOVIA agrees to immediately, at its own expense, review that person’s work and certify that it is free of defect.; and (vi) it will perform the services in compliance with all applicable regulatory and statutory requirements including but not limited to approvals necessary to perform obligations hereunder.
16. Liability of the Parties.
(a) WACHOVIA’s duties and responsibilities shall be limited to those described in this Agreement and under applicable law as modified where permitted by law by this Agreement or the CDA. WACHOVIA will perform its duties in accordance with general banking practices. WACHOVIA will use due care in performing its obligations under this Agreement, [***], WACHOVIA [***] be [***] for any [***] from any [***] or [***] by it, [***] those [***] which [***] from WACHOVIA’s [***] or [***].
(b) Neither party shall be responsible for delays or failures in performance under this Agreement resulting from acts or events beyond the control of such party. Such acts shall include, but not be limited to, acts of God, riots, acts of terrorism or war, civil disturbances, power failures, telecommunication interruptions, fire or other disasters. In the event of such and event, and Wachovia is unable to recover from said event within ten (10) days of the event, Client may terminate this agreement for convenience immediately upon written.
(c) In [***] shall WACHOVIA be [***] to BARCLAYS or to any [***] for any [***] or [***] or [***] or [***] of [***] including, but not limited to, those [***] from [***] of [***] or [***] or any other [***] regardless of whether Wachovia or Barclays or any other [***] was [***] of the [***] of any such [***].
(d) Nothing in this Agreement shall constitute or be deemed to constitute a partnership between the parties or constitute or be deemed to constitute one party as agent of the other, for any purpose whatsoever, and neither party shall have authority or power to bind the other or contract in the name of or create a liability against the other in any way or for any purpose. WACHOVIA does not make any express or implied warranties to BARCLAYS whatsoever including, but not limited to the implied warranties of merchantability and
fitness for a particular purpose in connection with any of the services provided by WACHOVIA under this Agreement.
17. Inconsistent Name and Account Number. BARCLAYS acknowledges and agrees that, if an Entry describes the Receiver inconsistently by name and account number, payment of the Entry transmitted by WACHOVIA to the [***] may be made by the [***] (or by WACHOVIA in the case of an [***]) on the basis of the [***] by the BARCLAYS, even if it [***] a [***] from the [***], and that BARCLAYS obligation to [***] the [***] of the [***] to WACHOVIA is [***] in such circumstances.
18. Notification of Change. WACHOVIA shall notify BARCLAYS of notifications of change received by WACHOVIA relating to Entries transmitted by BARCLAYS by transmission no later than 1 business days after receipt thereof.
19. Payment for Services. Payment of fees for services rendered by WACHOVIA under this Agreement shall be made by BARCLAYS to WACHOVIA within thirty (30) days after delivery by WACHOVIA to BARCLAYS of WACHOVIA’s monthly analysis statement (payment of such fees may also be made by BARCLAYS to WACHOVIA by WACHOVIA’s debit thereof from BARCLAYS designated demand deposit account at WACHOVIA thirty (30) days from the date of WACHOVIA’s monthly analysis statement). A late payment fee of [***]% of the fee amount due and payable will be assessed for any fee that remains unpaid after [***] from the date of the monthly analysis statement provided that interest shall not accrue on items subject to a good faith dispute. BARCLAYS must report to WACHOVIA in writing any fee invoice error(s) within [***] of the date of the monthly analysis statement; WACHOVIA shall not be responsible for any fee invoice error reported after such period.
20. Confidentiality.
(a) During the term of this Agreement and thereafter, each of WACHOVIA and BARCLAYS, and each of their respective officers, employees, attorneys, accountants, agents and contractors performing services in connection with this Agreement, and their respective affiliates and subsidiaries, shall regard as confidential and will retain in strict confidence, all knowledge of the other party’s business and business activities (past, present and future), trade secrets, proprietary information, financial information and customer information, whether in tangible or intangible form and whether or not marked as confidential, that may be obtained from any source as a result of or in connection with this Agreement, together with all such other information which may be designated by any party hereto as confidential (collectively, the “Confidential Information”).
(b) All Confidential Information (which definition also includes, without limitation, any and all WACHOVIA intellectual property, pricing information and services information, and the terms and conditions of this Agreement) communicated to one party by the other party, whether before or after the effective date of this Agreement, shall be deemed to have been received in confidence, and shall not be disclosed to any third party by the receiving party, its agents, subcontractors or employees, without prior written consent of the disclosing party, except as may be required by WACHOVIA in the performance of its services hereunder or in connection with any audit by any federal, state or other governmental or banking authority
having jurisdiction over BARCLAYS or WACHOVIA, as the case may be, or as may otherwise be required by law.
(c) As between Barclay’s and Wachovia all data supplied by either of them as a disclosing party shall be and remain at all time the sole and exclusive property of the disclosing party. The receiving party agrees that all data provided to it under this Agreement shall be deemed to have been received in confidence as Confidential Information, and shall not be disclosed to any third party without the written consent of the disclosing party, except as required to comply with any validly issued subpoena, order or regulatory request; provided that, if permitted by applicable law or regulation and reasonably feasible, prior to its compliance with any such order, and at the request and expense of the disclosing party, the receiving party will cooperate with the disclosing party in its attempts to obtain a protective order.
(d) WACHOVIA shall have no right to use, copy, modify or prepare any derivative work of any deliverable item developed specifically for Barclays in performance of this Agreement if such deliverable item is derived from or contains information which is proprietary to BARCLAYS or which would be considered Confidential Information under this Agreement; provided, however, WACHOVIA shall be permitted to use any such deliverable item as reasonably required by WACHOVIA in its performance of services as contemplated by this Agreement. Notwithstanding the forgoing and for the avoidance of doubt BARCLAYS and WACHOVIA do not contemplate the development of any deliverables or work made for hire pursuant to this Agreement and, absent further agreement of the Parties, no aspect of delivery or receipt of the services shall be deemed a deliverable or work made for hire. Among other things, WACHOVIA reserves all rights in all hardware, software, systems, forms, websites and other forms of tangible and intellectual property used to provide the services under this Agreement and the CDA.
(e) Each party receiving Confidential Information from the other shall take all reasonable steps and precautions to ensure that only those of its officers, employees and permitted agents with a need to know or a need to have access to such information, solely in connection with the performance of this Agreement, have access to such information, and that each such persons shall keep the information confidential in accordance with the provisions of this Agreement.
(f) In no event will BARCLAYS divulge any WACHOVIA Confidential Information to any competitor of WACHOVIA or use it to compete with WACHOVIA.
(g) In no event will WACHOVIA divulge any BARCLAYS Confidential Information to any competitor of BARCLAYS or use it to compete with BARCLAYS.
(h) WACHOVIA hereby acknowledges that BARCLAYS is subject to the privacy regulations under Title V of the Xxxxx-Xxxxx-Xxxxxx Act, 15 U.S.C. § 6801 et seq., pursuant to which regulations BARCLAYS is required to obtain certain undertakings from WACHOVIA with regard to the privacy, use and protection of nonpublic personal financial information of BARCLAYS customers or prospective customers. Therefore, notwithstanding anything to the contrary contained in this Agreement, WACHOVIA agrees that (1) except and to the extent required by applicable law or regulation, it shall not disclose or use any Customer
Data (as defined below) except to the extent necessary to carry out its obligations under this Agreement and for no other purpose, (2) it shall not disclose Customer Data to any third party, including, without limitation, its third party service providers without an agreement in writing from the third party to use or disclose such Customer Data only to the extent necessary to carry out WACHOVIA’s obligations under this Agreement and for no other purposes, except and to the extent required by applicable law or regulation (3) it shall maintain, and shall require all third parties approved under subsection (2) to maintain, effective information security measures to protect Customer Data from unauthorized disclosure or use, and (4) it shall provide BARCLAYS with information regarding such security measures upon the reasonable request of BARCLAYS and promptly provide BARCLAYS with information regarding any failure of such security measures that involve Customer Data or any security breach that involves Customer Data.
The obligations set forth in this Section shall be perpetual and shall survive termination of the Agreement. For the purposes of this Agreement, Customer Data means the nonpublic personal information (as defined in 15 U.S.C. § 6809(4)) of BARCLAYS customers or prospective customers received by WACHOVIA in connection with the performance of its obligations under the Agreement, including, but not limited to (i) an individual’s name, address, e-mail address, IP address, telephone number and/or social security number, (ii) the fact that an individual has a relationship with BARCLAYS, or (iii) an individual’s account information.
(i) Each party agrees, for itself, its agents and its representatives, that the terms of this Agreement are confidential and shall be deemed Confidential Information. Neither party shall disclose any of the terms hereof to any third party (except for disclosure reasonably made to legal representatives and accountants of BARCLAYS or WACHOVIA and as may be required by applicable law or by those governmental authorities having jurisdiction over BARCLAYS or WACHOVIA) without the prior written consent of the other party.
21. Cooperation, Disaster Recovery.
(a) Disclosures. The parties shall cooperate fully with each other in providing all required notices and disclosures to the appropriate governmental or regulatory authorities concerning the initiation or termination of this Agreement or of the Services, or of any substantial changes in the Services being provided to BARCLAYS.
(b) Cooperation with Examinations. To the extent permitted by law and subject to the confidentiality obligations of this Agreement and, if available, upon [***] prior written notice, WACHOVIA shall provide to the internal and external auditors and audit personnel of BARCLAYS and BARCLAYS authorized Affiliates, and any examiners or agents from any regulatory body having jurisdiction over the business of BARCLAYS or any of BARCLAYS authorized Affiliates, the portions of third party audit reports and reports of independent public accountants of WACHOVIA related directly to or dealing with the Services provided herein and shall grant such auditors, personnel, examiners and agents reasonable access to the portions of WACHOVIA’s business (including, without limitation, to WACHOVIA’s records, systems, controls, processes and procedures) related directly to or dealing with the Services provided herein and to the portions of data center related directly to or dealing with the Services for the purpose of performing audits or examinations of WACHOVIA or WACHOVIA’s Affiliates, including, without limitation, any agency examination under
12 U.S.C. §1867(c). WACHOVIA shall reasonably cooperate and provide to such auditors, personnel, examiners and agents, in a timely manner, all such assistance as they may reasonably require in connection with any such legally required audit or examination. BARCLAYS shall provide WACHOVIA with a reasonable time period to complete the requests of the auditors and examiners.
(c) Disaster Recovery Plan. Throughout the term of this Agreement, WACHOVIA shall maintain a disaster recovery plan (the “Disaster Recovery Plan”) according to provisions outlined in Schedule G and the capacity to execute such plan. WACHOVIA will make appropriate personnel available to discuss the Disaster Recovery Plan with BARCLAYS, upon request. WACHOVIA shall provide to BARCLAYS equal access as WACHOVIA’s other customers would receive in the provision of the products or Services contemplated by this Agreement during any disaster. WACHOVIA will test its disaster recovery capabilities at least [***] and provide BARCLAYS with a summary of test results within a commercially reasonable time.
(d) Throughout the term of this Agreement, Wachovia will comply with the Business Continuity Plan. Wachovia will, at its own expense, maintain, update and test the Business Continuity Plan on a regular basis (no less than once in every [***]) and implement any precautionary actions that Wachovia is required to undertake under the Business Continuity Plan. Wachovia shall provide the Bank with at least [***] prior written notice of any test of the Business Continuity Plan in order that the Bank may, at the Bank’s option and expense attend that test. The Business Continuity Plan requirements are attached as Exhibit G.
(e) In order to verify WACHOVIA’s compliance with this Agreement, BARCLAYS shall have the right to conduct reviews of WACHOVIA’s performance hereunder [***] and to otherwise confer with WACHOVIA periodically to review the progress and status of the Services by conference calls, meetings, written progress reports or other means that BARCLAYS reasonably designates (“Audit”). BARCLAYS shall give WACHOVIA at least [***] advance notice of any Audit, and the parties shall schedule a mutually convenient time for any Audit. Notwithstanding the above, BARCLAYS may request an Audit immediately if BARCLAYS reasonably believes that Confidential Information or Customer Data has been disclosed in an unauthorized manner.
22. Amendments. Except as otherwise provided herein, this Agreement may not be amended except in writing duly signed by each of the parties.
23. Notices, Instructions, Etc.
(a) WACHOVIA shall be entitled to rely on any written notice or other written communication believed by it in good faith to be genuine and to have been signed by an Authorized Representative, and any such communication shall be deemed to have been signed by such person. The names and signatures of Authorized Representatives are set forth in the corporate documents submitted to Wachovia for account opening/account maintenance purposes as may from time to time be revised.
(b) Except as otherwise expressly provided herein, any written notice or other written communication required or permitted to be given under this Agreement shall be delivered, or sent by United States registered or certified mail, postage prepaid, by express carrier or by First Class United States Mail and, if to WACHOVIA, addressed to:
Wachovia Bank, N.A. |
PA 0000 |
Xxx Xxxxx Xxxxx Xx |
Xxxxxxxxxxxx, Xxxxxxxxxxxx 00000 |
Attention: Xx. Xxxx Xxxxxxx, Managing Director |
Fax: (000) 000-0000 |
|
and, if to BARCLAYS, addressed to: |
|
000 X. Xxxx Xx. |
Xxxxxxxxxx, XX 00000 |
Fax No: |
ATTN: ___________________________________ |
With copy to: General Counsel |
Fax No.: 000.000.0000 |
unless another address is substituted by notice delivered or sent as provided herein. Except as otherwise expressly provided herein, any such notice shall be deemed given when received.
24. Data Retention. BARCLAYS shall retain data on file adequate to permit remaking of Entries for 45 days or such longer period as required by the Rules, following the date of their transmittal by WACHOVIA as provided herein, and shall provide such Data to WACHOVIA upon its request.
25. Tapes and Records. All magnetic tapes, Entries, security procedures and related records used by WACHOVIA for transactions contemplated by this Agreement shall be and remain WACHOVIA’s property. WACHOVIA shall make available such information upon BARCLAYS request within three (3) business days.
26. Evidence of Authorization. BARCLAYS shall obtain all consents and authorizations required under the Rules and in the manner and medium required by the Rules and shall retain such consents and authorizations for two years after they expire or such longer period as required by the Rules.
27. Cooperation in Loss Recovery Efforts. In the event of any damages for which WACHOVIA or BARCLAYS may be liable to each other or to a third party pursuant to the services provided under this Agreement, WACHOVIA and BARCLAYS will undertake reasonable efforts to cooperate with each other, as permitted by applicable law, in performing loss recovery efforts and in connection with any actions that the relevant party may be obligated to defend or elects to pursue against a third party.
28. Insurance. Wachovia shall at its sole cost and expense, either self insure or obtain and maintain, the following types of insurance on itself and any subsidiaries, Subcontractors or agents providing services to the Bank or its Affiliates in the following minimum limits. At the Bank’s request, Wachovia shall promptly provide to the Bank certificates from its insurers indicating the amount of insurance coverage, nature of such coverage, and expiration date of each applicable policy. Wachovia shall maintain all such required insurance coverages. In each case Wachovia shall maintain (except for insurance in respect of damage to real property) such coverages for a period of 3 years following the end of the term a policy or policies of insurance covering all the risks that may be incurred by Wachovia arising out of the acts or omissions of Wachovia or Wachovia Personnel in connection with this Agreement. Such policies shall be on terms that are reasonably acceptable to the Banks (with an insurance carrier that is at least “A” rated by A.M. Best’s) and shall include but not be limited to:
Commercial General Liability: |
$[***] |
|
$[***] |
|
$[***] |
|
|
Operations Aggregate: |
$[***] |
|
|
Automobile Liability: |
$[***] |
|
|
Workers Compensation: |
$[***] |
|
|
Employer’s Liability: |
$[***] |
|
$[***] |
|
$[***] |
|
|
Umbrella/Excess Liability: |
$[***] |
|
|
Professional Liability (Errors and Omissions): |
$[***] |
29. Termination.
(a) Unless earlier terminated as hereinafter provided, this Agreement shall be effective as of the effective date stated above and shall remain in full force and effect for two (2) years (the “Initial Term”). This Agreement shall automatically renew for additional one (1) year terms provided, however, that either party may terminate this Agreement by delivering to the other party written notice of termination at least sixty (60) days prior to the end of the then current term. Either party may terminate this Agreement upon the other party’s breach of this Agreement if such breach is not remedied (if remediable) thirty (30) days after written notice of such breach shall have been given to the breaching party. Notwithstanding the foregoing, Wachovia shall be entitled to immediately suspend the provision of all or any portion of the Services to BARCLAYS with notice to BARCLAYS if Wachovia determines, in its reasonable, discretion that: (i) BARCLAYS is using the Services for any illegal purpose or in any illegal manner; (ii) that continuing to provide the Services to BARCLAYS places WACHOVIA at
unreasonable risk of suffering reputational, legal or monetary damages for which WACHOVIA cannot expect to be indemnified by BARCLAYS. Notwithstanding the foregoing, BARCLAYS may terminate this Agreement at any time upon providing thirty (30) days prior written notice to WACHOVIA.
(b) Upon termination, WACHOVIA shall continue to provide services at the levels stated herein through the notice period. The Parties shall jointly develop a commercially reasonable exit plan for an orderly transition of the Services to a new provider, WACHOVIA shall provide commercially reasonable assistance and cooperation in order to avoid any interruption in services during the transition to a new provider. Upon the termination of Services each party will certify to the other that all systems used to provide and monitor the Services are disconnected. In addition WACHOVIA shall certify that it has returned any bank data in its possession other than data it is required or allowed by law to maintain or which would be impractical to return. Any data so retained shall be given confidential treatment hereunder for as long as it is retained by Wachovia.
30. Entire Agreement. This Agreement (including the Schedules attached hereto), together with the CDA, is the complete and exclusive statement of the agreement between WACHOVIA and BARCLAYS with respect to the subject matter hereof and supersedes any prior agreement(s) between WACHOVIA and BARCLAYS with respect to such subject matter. In the event of any inconsistency between the terms of this Agreement and the CDA , the terms of this Agreement shall govern. In the event performance of the services provided herein in accordance with the terms of this Agreement would result in a violation of any present or future statute, regulation or government policy to which WACHOVIA is subject, and which governs or affects the transactions contemplated by this Agreement, then this Agreement shall be deemed amended to the extent necessary to comply with such statute, regulation or policy, and WACHOVIA shall incur no liability to BARCLAYS as a result of such violation or amendment. No course of dealing between WACHOVIA and BARCLAYS will constitute a modification of this Agreement, the Rules, the CDA or the security procedures or constitute an agreement between the WACHOVIA and BARCLAYS regardless of whatever practices and procedures WACHOVIA and BARCLAYS may use.
31. [***]. Neither BARCLAYS nor Wachovia [***] this [***] or any of the [***] or [***] to any [***] without the other [***].
32. Waiver. Either party may waive enforcement of any provision of this Agreement. Any such waiver shall not affect that party’s rights with respect to any other transaction or modify the terms of this Agreement.
33. Binding Agreement Benefit. This Agreement shall be binding upon and inure to the benefit of the parties hereto and their respective legal representatives, permitted successors and permitted assigns. This Agreement is not for the benefit of any other person, and no other person shall have any right against WACHOVIA or BARCLAYS hereunder.
34. Headings. Headings are used for reference purposes only and shall not be deemed a part of this Agreement.
35. Severability. In the event that any provision of this Agreement shall be determined to be invalid, illegal or unenforceable to any extent, the remainder of this Agreement shall not be impaired or otherwise affected and shall continue to be valid and enforceable to the fullest extent permitted by law.
36. Governing Law. This Agreement shall be governed by and construed in accordance with the general banking practice and laws of the [***] (without regard to the conflicts of laws provisions) including, without limitation, Articles 3, 4 and 4A of the Uniform Commercial Code, and the laws and regulations of The United States of America, all as and where allowed by law to be amended by this Agreement and the CDA Accounts and check collection are also governed by Federal Reserve Bank rules including, without limitation, Regulation CC, and Operating Circulars, the rules of clearing houses and similar associations to which Wachovia may belong, and funds transfer system rules.
37. Waiver of Jury Trial. Each party hereto hereby waives trial by jury and the ability to participate as a member of a class in a class action proceeding in any judicial proceeding involving, directly or indirectly, any matter (whether sounding in tort, contract or otherwise) in any way arising out of or related to this Agreement or the relationship established hereunder. This provision is a material inducement for Wachovia to enter into this Agreement.
IN WITNESS WHEREOF the parties hereto have caused this Agreement to be executed by their duly authorized officers.
WACHOVIA BANK, NATIONAL ASSOCIATION |
BARCLAYS BANK DELAWARE |
|
|
By __________________________________ |
By __________________________________ |
|
|
Name ________________________________ |
Name ________________________________ |
|
|
Title _________________________________ |
Title _________________________________ |
|
|
Date _________________________________ |
Date _________________________________ |
EXHIBIT
A
Fee Schedule
|
Restricted
Schedule of Fees |
|
|
Service Code |
TMA Code |
Description |
Price |
|
|
|
|
ACH |
|
|
|
300 |
25 02 00 |
[***] |
$[***] |
508 |
25 05 01 |
[***] |
$[***] |
512 |
25 02 20 |
[***] |
$[***] |
513 |
25 07 01 |
[***] |
$[***] |
525 |
25 01 02 |
[***] |
$[***] |
526 |
25 00 00 |
[***] |
$[***] |
540 |
25 03 02 |
[***] |
$[***] |
725 |
25 01 07 |
[***] |
|
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
726 |
25 01 07 |
[***] |
$[***] |
731 |
25 01 02 |
[***] |
|
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
733 |
25 01 02 |
[***] |
|
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
|
|
[***] |
$[***] |
936 |
25 10 70 |
[***] |
$[***] |
944 |
25 00 00 |
[***] |
$[***] |
EXHIBIT
B
Service levels
1 |
Email control totals to xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxx.xxx and provide same day ACH credit |
Within [***] of receipt of file. |
[***] per [***] |
[***] |
Receive email |
2 |
Provide complete transaction activity including all ACH rejects, returns, and notifications of change to Barclay users via Wach. [***]. |
By [***] |
[***] per [***] |
[***] |
Wachovia [***] |
3 |
Meet processing cut-off times for all Barclay ACH files and ACH return files. |
Make Return files available to Barclay’s [***] by [***] |
per [***] per [***]. [***] per [***] for [***] in [***] between [***] per [***] after that time |
[***] |
See detail [***] in [***] |
4 |
Resolve any misprocessed ACH in compliance with original effective date (e.g. duplicate ACH, missing ACH). Wachovia is [***] for [***] ACH’s that [***] be [***]. |
Correction of any ACH error and root cause analysis within [***]% of the time, [***] as [***] with Barclays Bank. Correction of ACH error with transaction effective date equal to original effective date. |
[***] per [***]. [***] per [***] in correcting error. |
[***] |
Wachovia will need to [***] Barclays |
5 |
Time elapsed between the time Barclay’s contacts Wachovia’s help desk and the time Wachovia’s help desk logs the event i.e. provides a ticket number. |
[***] per ticket |
[***] per [***] |
[***] |
[***] |
6 |
Resolve [***] issues logged including complete root cause analysis. |
Issue resolution and root cause within [***]% of the time, [***] as [***] with Barclays Bank |
[***] per [***] |
[***] |
[***] |
7 |
Comply with Barclay’s change management process to request technology changes or the implementation of new processes or procedures; more specifically, email Barclay’s Change Management Form duly completed to [***] and [***]; any request within [***] of implementation to be handled as [***]. |
Barclay’s Bank will receive [***] from Wachovia pertaining to any circumstance when a change would be required by Barclay’s, whether mandated by Wachovia or [***], within [***] of the requested change. More information may be provided, as requested, to complete Barclay’s [***]. |
[***] per [***] or if not received within [***] of scheduled change. |
[***] |
[***] |
8 |
Time elapsed between the start time of a systems failure and the time when Wachovia notifies the Barclay’s help desk-applies to file processing and Wachovia [***]. |
Notify Barclays [***] of any systems failure impacting Barclays, i.e. delay with credit posting or issue with Wachovia [***]. |
[***] per [***] |
[***] |
[***] |
9 |
Recover [***] in case of a disaster as defined in Wachovia [***]. |
[***] within [***]. |
[***] per [***], provided Barclays is still capable of sending ACH files to Wachovia. |
[***] |
[***], provided Barclays is still capable of sending ACH files to |
EXHIBIT
D
File
Transmission Security requirements
Wachovia
Automated Clearing House (ACH)
Standard Security Procedures
Discussion
Item with Barclays Information Security
To meet the need of providing our customers commercially reasonable and industry accepted security procedures, Wachovia Bank offers our customers a number of layers and options to ensure all transmissions of ACH transactions are secure.
Wachovia offers our customers two Corporate-Wide Data Communications Systems. These systems provide a multiple, secure channels into Wachovia’s ACH file processing area.
Ø Connect Enterprise — Connect Enterprise is Wachovia’s IP/Internet file transfer system. It runs on [***] based hardware and supports [***] with [***] over [***] and [***] over [***]. (Each option in detailed below)
File Authentication
Wachovia receives thousands of files from customers every day. To authenticate every file received, each customer is assigned a unique identifier during the implementation process. The unique identifier or [***] is sent as the first record in any and all transmissions to Wachovia. The [***] contains [***] and [***] to ensure authentication and validation of files received at Wachovia. The [***] contains [***] related to [***] and [***]. Wachovia will provide a [***] to assist each [***] with the set up the [***] format, protocol options and testing procedures.
[***]
Data Transmission Options
Ø Data Express (Dial-up) Options
· Asynchronous (a.k.a. Async)
o Protocols Supported: [***]
o Port Settings: [***]
o Modem Speed: [***]
o Supported Softward: [***] (Wachovia [***]) [***]
· Synchronous (a.k.a. Bisync)
o Protocols Supported: [***]
o Modem Speed: [***]
o Modulations: [***]
· SNA/SDLC
o Protocols Supported: [***]
o Modem Speed: [***]
o Modulations: [***]
Ø Connect Enterprise (IP/Internet)
· HTTPS
o Web browser supported: [***]
o [***]
o Wachovia [***].
· FTP with PGP
o [***] client/server [***]
o Can be either [***] or [***]
o Most versions of [***] supported including [***]
o Any files larger than [***] by Wachovia [***]
o Either Wachovia or client can initiate transfer ([***])
· FTP over VPN
o [***] client/ server [***]
o Can be either [***] or [***]
o Any files larger than [***] by Wachovia [***]
o Either Wachovia or client can initiate transfer ([***])
· SecureFTP (a.k.a. FTPS)
o [***] client/server [***]
o Supported clients include: [***]
o Can be either [***] or [***] (if [***] open to Wachovia)
o Any files larger than [***] by Wachovia [***]
o Either Wachovia or client can initiate transfer ([***])
· SSHFTP (a.k.a. SFTP)
o [***] client/server [***] with [***]
o Any files larger than [***] by Wachovia [***]
o Either Wachovia or client can initiate transfer ([***])
· AS2
o [***]
o Supports either [***] or [***]
o Supports either [***] or [***]
o Any files larger than [***] by Wachovia [***]
· Connect: [***]
o [***] if going across the Internet
o Any files larger than [***] by Wachovia [***]
Data Security
Wachovia performs validations on the data within the transmission [***] the [***] at the [***]. System edits are run on each file to ensure the integrity of the file has been maintained during transmission. [***] include [***], the [***] and [***].
To further ensure [***], Wachovia [***], which include [***] and [***] and [***] to the [***] provided by the [***].
Control Totals
The term “Control Total” is defined as a statement of file information provided by an ACH originator to the Bank.
Wachovia requires all ACH origination customers send control totals with each ACH origination file submitted to the bank for processing. Control totals are delivered by either recorded telephone call, fax, e-mail or other standard mechanism offered by the bank to report the dollar amounts of both debits and credits contained on the file, as well as the number of transactions within the file. The purpose of providing control totals is to aid the Bank in ensuring that ACH files are received correctly and to help provide protection against processing erroneous or fraudulent files.
Control Totals are a commercially reasonable security procedure that Wachovia recommends as an industry standard protocol.
EXHIBIT
E
Time cutoffs
The following schedule will be adhered to for payment processing deadlines:
Wachovia Customer Origination Deadline |
Wachovia Processing Windows |
EPN Delivery Deadline / Wachovia delivers to EON |
Processing Days |
6:00 AM ET |
6:30 AM ET |
2:00 PM ET |
M-F |
8:30 AM ET |
9:00 AM ET |
2:00 PM ET |
M-F |
11:30 AM ET |
12:00 PM ET |
2:00 PM ET |
M-F |
6:00 PM ET |
6:30 PM ET |
3:00 AM ET |
M-F |
10:00 PM ET |
10:30 PM ET |
3:00 AM ET |
M-F |
7:00 PM ET |
10:30 PM ET |
3:00 AM ET |
Sunday |
Wachovia actually delivers files to EPN within an hour after the processing windows are finished. The times shown here are EPN delivery times.
Files processed on Sunday will have an effective date of Monday.
EXHIBIT
F
BARCLAYS Procedures Regarding Billing Error Notices
WACHOVIA will handle inquiries made by an authorized user, or someone who Wachovia [***] to be an authorized user, (“User”) alleging or asserting an “error” (as that term is defined in Regulation E), provided that such inquires meet the timing and content requirements of Regulation E. Such inquiries may include, without limitation, the following:
1) a User states that he/she did not schedule an electronic payment that was debited or credited to his/her account;
2) a User states that an electronic payment was remitted to a payee other than the payee designated by the User;
3) a User states that an electronic payment was debited on a date that was not on or about the date designated by the User;
4) a User states that an electronic payment was debited for an amount that was not the amount authorized by the User;
5) a User states that an electronic payment was debited or credited more times than the User instructed;
6) a User states that an electronic payment was debited or credited after the User successfully canceled the payment in accordance with the applicable terms and conditions;
7) a User states that a fixed recurring payment was electronically debited or credited after the ending date of the payment series instructed by the User; or,
8) a User specifically alleges that the payment has been processed incorrectly, even if everything appears to be correct.
WACHOVIA receives each such research request and logs the item on-line. It is important for BARCLAYS to [***] that WACHOVIA [***] the request and [***] to [***] the [***] is [***] by WACHOVIA, [***] it is [***] BARCLAYS. BARCLAYS shall maintain procedures to refer Users to WACHOVIA if such Users contact BARCLAYS directly in order to ensure that the item will be processed in a manner that will enable BARCLAYS to satisfy Regulation E requirements.
With respect to each User request:
WACHOVIA will attempt to resolve the issue [***]. If WACHOVIA cannot resolve the error within [***] of the original notification date and WACHOVIA has received [***] of the User’s error notice (if requested), BARCLAYS will be notified via [***] by the WACHOVIA [***], of the pending research inquiry and advised that a provisional credit should be made to the User’s account. By notifying BARCLAYS within the [***], WACHOVIA is allowing for sufficient time for BARCLAYS to provisionally credit the account prior to the expiration of [***], as required under Regulation E.
BARCLAYS will be responsible for provisionally crediting the User’s account and notifying the User that a provisional credit has been made to the User’s account in accordance with Regulation E requirements.
WACHOVIA will continue to work the research request to resolve it [***]. When the item has been resolved, whether during the initial [***] or the extended [***], the WACHOVIA research team will notify BARCLAYS of the disposition. Where the alleged billing error is an unauthorized payment, WACHOVIA will report to BARCLAYS its findings, [***] it will be the [***] of BARCLAYS to decide whether or not the [***] was, in fact, [***] on these [***]. WACHOVIA will maintain a log of its notification to BARCLAYS.
BARCLAYS will be responsible for either debiting or crediting the User’s account for errors, and notifying the User in accordance with Regulation E requirements of the final conclusions of the investigation. In the event WACHOVIA’s findings indicate that no error occurred, BARCLAYS will be responsible for notifying the User of the results of the investigation, reversing the provisional credit (if any), and notifying the User of the reversal, all in accordance with Regulation E requirements.
Research requests that do not allege or assert an “error” (as such term is defined in Regulation E) shall be handled in accordance with
Exhibit G
Business Continuity
A. | BUSINESS CONTINUITY PRINCIPLES |
1. | At all times during the Term, Supplier will maintain and adequately support a business continuity program that is designed to minimize an interruption and recover of all material business functions needed to meet Supplier’s obligations under the Agreement, in accordance with Section A of the Schedule (the “Business Continuity Plan”). Supplier will, at its own expense, maintain (update and test the Business Continuity Plan on a regular basis, no less than once in every [***]) and implement any reasonable precautionary actions which Supplier is required to undertake under the Business Continuity Plan. Any material proposed changes to the Business Continuity Plan will be subject to prior approval of Bank, provided that any amendments to the Business Continuity Plan will provide at least the same level of business continuity as the then current Business Continuity Plan (taking into consideration, without limitation, any need for multiple business continuity sites from which the Services are to be provided so as not to increase the likely risk to Bank related to the provision of the Services following any implementation of the Business Continuity Plan). |
2. | Each party will notify the other party as soon as reasonably possible if it believes that there has been, or is likely to be, a material disruption to business continuity that requires the implementation of the Business Continuity Plan. The parties will then immediately implement the Business Continuity Plan and Supplier will perform its obligations as set out in the Business Continuity Plan. |
3. | Upon the occurrence of any disaster requiring use of the Business Continuity Plan, Supplier shall promptly notify Bank of the same, and Supplier shall provide to Bank equal access as Supplier’s other customers in the provision of the products or Services contemplated by this Agreement. |
B. | BUSINESS CONTINUITY PLAN |
1. | Supplier shall develop, implement and maintain a business continuity plan (the “Plan”) as follows: |
1.1 | Delivery of the Plan. RESERVED. |
1.2 | Content. Describe in the Plan, the actions and resources required to provide for the continuous operation, and, in the event of an interruption, the recovery of the Agreement-required functions, including, all systems, hardware, software and data that support these functions, within a the time frames established by Bank. If Bank raises issues or concerns regarding the Plan, use reasonable efforts in good faith to address them. |
1.3 | Electronic Format. RESERVED. |
-25-
1.4 | Updates. Update and review the Plan with Bank whenever there are significant or material changes in Supplier’s Agreement-required systems, recovery strategies, recovery resources, actions described in the Plan or other information affecting the recovery of Agreement-required functions, but at least once in every 12-month period starting with the Effective Date. |
1.5 | Resources. Provide that planned continuity and recovery resources, including the systems, facilities, equipment and personnel as described in the Plan as mutually agreed to perform the Agreement-required Critical Service Levels or functions, remain available in sufficient quantities throughout the Term. |
2. | Recovery Time Objectives. If any of the Agreement-required functions are interrupted, they must be recovered in the following timeframes: |
2.1 | All services related to ACH processing – 8-24 hours |
2.2 | All ACH support services related to Bank access to Supplier
systems – 8 – 24 hours Any interim manual workaround procedures Supplier would require of Bank must be detailed within the Business Continuity Plan. |
3. | Recovery Point Objectives. If any of the Agreement-required functions are interrupted, data loss must be limited to: |
3.1 | Data used to support all ACH services – Less than 24 hours |
3.2 | Supplier must work with Bank regarding reconstruction of any data lost as a result of the incident |
4. | Controls. During the Term, Supplier will maintain commercially reasonable controls it has put in place to minimize interruptions to the Agreement-required functions. |
4.1 | Environment. During the Term, Supplier will maintain commercially reasonable controls it has put in place to minimize interruptions to the Agreement-required functions. |
4.2 | Equipment. Supplier will reasonably protect Agreement-required equipment in its control and/or possession including system hardware, networks and all related equipment. |
4.3 | Data Back-up. Data Backups – System, application and associated data backups must be performed daily; backup solution must support a 72 hour recovery and must go offsite on a frequency to support 72 hour RTO and less than 24 hour RPO. |
4.4 | Data Backup Storage – Temporary on-site storage containers must be secure and fire- and waterproof. Backups must be held in secure fire- and |
-26-
waterproof containers while in transit. If replication takes place, alternate backups (e.g. tape) must be created but do not have to be stored off site. |
4.5 | Other Backups – System/Application software, backup media, non-electronic records, license keys and systems documentation must be stored off-site in secure fire- and waterproof containers. |
4.6 | Recovery Site Backups – Backups must be able to be created at the alternate data center; this capability should be tested as part of technology recovery testing. |
4.7 | Power – It is recommended, but not required, that the vendor’s municipal power supply should have one active and one passive path. |
4.8 | Alternate Power – UPS must be sufficient for short-term emergency power to allow continued operation of critical systems and maintain life and safety equipment. There must be a power generator sufficient for the continued operation of life and safety equipment and continue operation of critical systems. |
4.9 | HVAC – Computer room chillers must be on an alternate power supply. |
4.10 | Fire Suppression – Pre-stage water or an approved clean-agent gaseous system (or a comparable alternative) must exist in all data centers. |
4.11 | Alarms – There must be water sensors in the computer room floor with alarm notification. |
4.12 | Alarms – Remote monitoring of building alarms, including data center environmental systems, with 24/7 notification and escalation procedures must be available. |
4.13 | Recovery Site – Recovery locations must be sufficiently geographically diverse as not to be subject to the same disaster or single point of failure. The primary and alternate site must have > 3.1 mile separation between them and must not share or be supported by the same power and utility supplies. Location and recovery strategy should support recovery requirements for all services provided (RTO of 72 hours). |
4.14 | Incident Notification Methodology – The incident notification plan should be defined and attached to the contract as an amendment; the vendor’s methodology for disaster recovery invocation should follow their normal incident handling methodology. |
-27-
5. | Interruption Management and Disaster Reporting. If any of the Agreement-required functions are interrupted: |
5.1 | Recovery. Complete the notification, recovery, resumption, and/or restoration activities as described in the Plan to minimize disruption of the service levels set forth in this Agreement. |
5.2 | Disaster Reporting. |
a. | Within two (2) hours, unless such Disaster requires a longer period of time: Provide to Bank an initial report that includes the nature of the interruption, an estimate of the time it will take to return to Agreement-required service if known, confirmation that the Business Continuity Plan has been enacted, and a schedule for ongoing updates for the duration of the event. |
b. | Following restoration of services to normal: Provide Bank a summary report within thirty (30) days of the restoration, including a description of each Agreement-required function interrupted, the time required for recovery and return to Agreement-required service levels, Agreement-required products or services that were not provided or only partially provided as a result of the interruption, the specific corrective action taken, and the material effect, if any, on Bank . Include with this, an accounting of issues experienced during the recovery, deviations, if any, from the stated plan, and a list of proposed modifications to the recovery plan based on findings from the interruption. |
6. | Plan Testing. |
6.1 | Frequency; Methods. Test the Plan, not less than once every [***], by using any of several standard testing methods. |
6.2 | Reporting. RESERVED. |
6.3 | Bank’s Participation. Notify Bank, at least [***] in advance of any test of the Business Continuity Plan in order that the Bank may, at the Bank’s option and expense attend that test. that requires Bank’s participation. Bank will have the option to decide upon the nature and extent of its participation, including, the opportunity to participate in the planning and scope of the test. |
-28-
Exhibit H
INFORMATION SECURITY POLICY AND STANDARDS
Security Standards for Service Providers
The Service Provider agrees to [***] and [***] to ensure the security and integrity of Barclays Bank Delaware (“Bank”) confidential information in their control, and that it is maintained in a safe and secure manner. Service provider shall:
1. | Assist Bank in its compliance obligations under Title V of the Xxxxx-Xxxxx-Xxxxxx Act, 15 U.S.C. § 6801 et seq. by [***] Bank’s [***]. |
2. | Assist Bank in its compliance obligations by [***] for [***] of the [***] at least [***] or [***] any [***] of [***]. In general, this [***] of [***] by Bank will consist of an [***] regarding [***] to the [***] and [***] and/or the request to [***] an [***]. The type of [***] will be [***] by the Bank and the Service Provider at least [***] in advance of [***]. Service Provider shall cooperate with Bank in this [***] by [***] completing the [***] process. |
3. | Wachovia will assist Barclays by providing information related to security as it relates to the services Barclays uses and/or Wachovia will cooperate with a relevant regulatory body should it request that Wachovia conduct an investigation related to security and the services provided to Barclays. |
4. | If the [***] includes [***], then Service Provider must demonstrate [***] according to the current [***]. |
5. | Supplier must demonstrate an appropriate Identity Theft Red Flags program as dictated by the Fair and Accurate Credit Transactions Act (FACTA) of 2003 if the supplier is performing fraud work on behalf of Bank. |
6. | Maintain [***] and [***] that meet the standards of all applicable [***] and [***]. |
7. | Ensure that [***] are in [***] to [***] that [***] and [***], [***] and [***] are [***] and [***]. |
8. | Enforce a [***] for [***] the [***]. Controls must be in place to [***] to Bank’s [***] and [***] by [***]. [***] should be in place to maintain this [***] at the [***]. |
9. | Ensure that [***] are in place for [***] to Bank’s [***] and [***]. |
10. | Provide for safe transfer of information between Bank and service provider site or service provider site and other trusted third parties over [***] or [***] using an [***] to Bank’s [***]. Service provider should allow for Bank [***]. |
11. | [***], and [***] and [***] that either [***], or [***] by or in [***] of the [***]. [***] of any [***] associated with Bank [***] must be reported to the Bank [***] in the event that the Bank, as the [***], was directly impacted. |
-29-
12. | [***] for [***]. |
13. | Xxxxx Fargo complies with [***] for [***]. |
14. | Enforce a [***] for its [***] used on behalf of Bank. [***] includes the following: |
• | staying abreast of [***] that may [***] your [***] |
• | [***] to [***] of security sites that detail [***] |
• | periodic [***] ([***] run or [***]) |
• | risk review process to assign [***] to [***] |
• | [***] that assigns [***] to resolve [***] |
• | [***] and based on [***] |
• | [***] at least [***] |
• | [***] resolved in the [***] as described above |
15. | In the event that modifications to the security architecture, connectivity, and user access disrupts or otherwise affects the services provided to the Bank, Service Provider will notify the Bank. |
16. | Maintain an [***] team and [***] in place for [***]. The processes must be tested at least [***]. |
17. | Maintain a documented [***] for any [***] to [***] or [***] used on behalf of Bank. |
18. | [***] will be managed, at a [***], in accordance with the [***] outlined as follows: |
• | Documented policy and procedure for [***] will be in place. |
• | A documented [***] will be in place. |
• | A Documented [***] in the case of a [***] will be in place. |
• | Keys will be [***] in accordance with [***]. The period between key changes will be determined both by the strength of the [***] used and the [***] of the data [***]. |
• | Cryptographic algorithms used to protect Bank data will be generally accepted by the industry as robust. |
• | [***] used to secure Bank [***] will be sufficiently [***] in accordance with [***] practices |
19. | ACH data is retained for [***] and is then [***] from the system. |
20. | All Bank data that is [***] or [***] by the Service Provider shall be [***] and [***] from all [***], including [***] and [***] and all [***]. Service provider [***] Bank [***] as outlined below. |
Media Type |
Disposal Methods |
[***] or [***] covered by support contract |
[***] before [***] takes disk [***] |
[***] or [***] NOT covered by support contract |
[***] by degaussing if possible |
[**] or [***] tapes |
Physical destruction, preceded by [***] if [***] |
[***] and similar |
Physical destruction |
[***] and other [***] |
[***] in [***], or [***] |
[***] that is [***] between [***] and cannot [***] be [***] or [***] as a [***] (e.g., Bank [***] stored on a [***] disk that also holds data from non-Bank [***]) |
1. Each [***] in the [***] be [***] 2. All such files [***] then be [***]. |
[***] that is [***] and [***] be [***] or [***] as a whole
(e.g., Bank [***] stored on [***] that also hold data from non-Bank [***]) |
1. All files in Bank [***] being [***] be [***] as in the [***] above. 2. All of the above Bank [***] and [***] must then be [***]. 3. During the next [***], the [***] area formerly used to [***] the Bank [***] above will be [***] with non-Bank [***]. |
21. Continue its [***] to Bank confidential data beyond the [***] of the [***] until such time that all Bank [***] is [***] from all [***] including [***] or [***] of the Service Provider.