AGREEMENT BY AND BETWEEN Commerce Bank/Harrisburg National Association Harrisburg, Pennsylvania and The Comptroller of the Currency
AGREEMENT
BY AND BETWEEN
Commerce
Bank/Harrisburg National Association
Harrisburg,
Pennsylvania
and
The
Comptroller of the Currency
Commerce
Bank/Harrisburg National Association, Harrisburg, Pennsylvania (“Bank”) and the
Comptroller of the Currency of the United States of America (“Comptroller”) wish
to protect the interests of the depositors, other customers, and shareholders
of
the Bank, and, toward that end, wish the Bank to operate safely and soundly
and
in accordance with all applicable laws, rules and regulations.
In
consideration of the above premises, it is agreed, between the Bank, by and
through its duly elected and acting Board of Directors (“Board”), and the
Comptroller, through his authorized representative, that the Bank shall operate
at all times in compliance with the articles of this Agreement.
ARTICLE
I
JURISDICTION
(1) This
Agreement shall be construed to be a “written agreement entered into with the
agency” within the meaning of 12 U.S.C. § 1818(b)(1).
(2) This
Agreement shall be construed to be a “written agreement between such depository
institution and such agency” within the meaning of 12 U.S.C.
§ 1818(e)(1) and 12 U.S.C. § 1818(i)(2).
(3) This
Agreement shall be construed to be a “formal written agreement” within the
meaning of 12 C.F.R. § 5.51(c)(6)(ii). See
12 U.S.C. § 1831i.
(4) This
Agreement shall be construed to be a “written agreement” within the meaning of
12 U.S.C. § 1818(u)(1)(A).
1
(5) Pursuant
to 12 CFR 5.51c(6)(ii), the Bank shall be subject to the requirements of 12
CFR
5.51 unless otherwise informed in writing by the OCC.
In
addition, this Agreement shall cause the Bank not to be designated as an
“eligible bank” for purposes of 12 C.F.R. § 5.3(g),
unless otherwise informed in writing by the Comptroller. For purposes of 12
C.F.R. Part 24, the Bank may be treated as an “eligible bank,” unless otherwise
informed in writing by the Comptroller.
(6) All
reports or plans which the Bank or Board has agreed to submit to the Assistant
Deputy Comptroller pursuant to this Agreement shall be forwarded
to:
Xxxxxxx
X. Xxxx
Assistant
Deputy Comptroller
Midsize
Bank Supervision
One
Financial Place, Suite 2700
000
Xxxxx
XxXxxxx Xxxxxx
Xxxxxxx,
XX 00000-0000
With
copies to:
Xxxxxxxxx
Xxxxxx
OCC
Examiner-in-Charge
Commerce
Bank
0000
Xxxxxxxxxx Xxxx
Xxxxxx
Xxxx, X. J. 08003
ARTICLE
II
COMPLIANCE
COMMITTEE
(1) Within
five (5) days, the Board shall appoint a Compliance Committee of at least three
(3) directors, of which no more than one (1) shall be an employee or controlling
shareholder of the Bank or any of its affiliates (as the term “affiliate” is
defined in 12 U.S.C. § 371c(b)(1)), or a family member of any such
person. Upon appointment, the names of the members of the Compliance Committee
and, in the event of a change of the membership, the name of any new member
shall be submitted in writing to the Assistant Deputy Comptroller. The
Compliance Committee shall be responsible for monitoring and coordinating the
Bank's adherence to the provisions of this Agreement.
2
(2) The
Compliance Committee shall meet at least monthly and maintain detailed minutes
of all meetings.
(3) Within
forty-five (45) days, and at the end of each calendar quarter thereafter, the
Compliance Committee shall submit a written progress report to the Board setting
forth in detail:
| (a) |
a
description of the actions needed to achieve full compliance with
each
Article of this Agreement, including the names of the parties responsible
for completing those actions and the specific timeframe for completion
of
each action;
|
| (b) |
actions
taken to comply with each Article of this Agreement;
and
|
| (c) |
the
results and status of those
actions.
|
(4) The
Board
shall forward a copy of the Compliance Committee's first report, with any
additional comments by the Board, to the Assistant Deputy Comptroller within
ten
(10) days of receiving such report, and shall forward all subsequent Compliance
Committee reports, with any additional comments by the Board, to the Assistant
Deputy Comptroller within twenty (20) days of each quarter end.
3
ARTICLE
III
MANAGEMENT
AND BOARD SUPERVISION STUDY
(1) The
Board
has previously engaged an independent management consultant (“Consultant”) to
which the Assistant Deputy Comptroller has no supervisory objection. The Board
shall contract with and require the Consultant to complete and provide to it,
within ninety (90) days, a written report of the Board and current management
supervision presently being provided to the Bank, the Bank’s management
structure, and its staffing requirements in light of the Bank’s present
condition, with particular emphasis in the areas of risk management, internal
audit, consumer compliance and Bank Secrecy Act/Anti-Money Laundering (BSA/AML)
compliance. The findings and recommendations of the Consultant shall be set
forth in the written Report to the Board and the Report, at a minimum, shall
contain:
| (a) |
an
analysis of the Board’s composition and committee structure, including
committee composition and responsibility, and whether current members
possess the knowledge and skills to oversee management of the Bank
in a
sound manner, with specific recommendations to address any identified
weaknesses;
|
| (b) |
an
assessment of whether Board members are receiving adequate information
on
the operation of the Bank to enable them to fulfill their fiduciary
responsibilities and other responsibilities under law, and specific
recommendations to expand the scope, frequency and sufficiency of
information provided to the Board by management to address any identified
weaknesses;
|
| (c) |
an
assessment of whether the content of the Board and committee minutes
adequately reflect discussions and decisions, specifically in the
areas of
the Bank’s internal and external audit activities, compliance management
program, BSA/AML program and vendor management
practices.
|
4
| (d) |
the
identification of present and future management and staffing requirements
of each area of the Bank, with particular emphasis given to the Executive
Management Group, and the Risk Management, Internal Audit, Compliance, and
BSA/AML areas;
|
| (e) |
an
assessment of the adequacy of written job descriptions for all executive
officers and for the direct department heads of Internal Audit, Compliance
and the BSA/AML area, including whether accountabilities are appropriately
defined;
|
| (f) |
an
evaluation of the qualifications and abilities of each individual
identified in (e) above and a determination of whether each individual
possesses the experience and other qualifications required to perform
present and anticipated duties of his/her
position;
|
| (g) |
recommendations
as to whether management or staffing changes should be made, including
the
need for additions to or deletions from the current management
team;
|
| (h) |
assessment
of the objectives by which management's effectiveness is measured
and the
standards by which employees are held accountable through the Bank’s
performance management and compensation programs, with recommendations
for
any enhancements; and
|
| (i) |
an
evaluation of current lines of authority, reporting responsibilities
and
delegation of duties for all officers, including identification of
any
overlapping duties or
responsibilities.
|
(2) Within
sixty (60) days of its receipt of the Consultant’s Report, the Board shall
develop, implement, and thereafter ensure Bank adherence to a written plan,
with
specific time frames, that will correct any deficiencies noted in the Report,
including a specific plan to address any staffing issues, qualitative and
quantitative, identified in the Report.
(3) The
Board
shall ensure that the Bank has processes, personnel, and control systems to
ensure implementation of and adherence to the plan developed pursuant to this
Article.
5
(4) Copies
of
the Consultant’s Report and the Board's written plan(s) shall be forwarded to
the Assistant Deputy Comptroller. The Assistant Deputy Comptroller shall retain
the right to determine the adequacy of the Report and its compliance with the
terms of this Agreement. In the event the written plan, or any portion thereof,
is not implemented, the Board shall immediately advise the Assistant Deputy
Comptroller, in writing, of specific reasons for deviating from the
plan.
ARTICLE
IV
INTERNAL
AUDIT
(1) Within
thirty (30) days, the Board shall review and revise the Bank’s internal audit
program and ensure implementation of and Bank adherence to an independent,
internal audit program that adequately identifies the Bank’s audit universe and
includes a risk-based evaluation of all financial and non-financial areas of
the
Bank for inclusion in the Bank’s audit plan. The program’s scope, testing, and
documentation shall be sufficient to:
| (a) |
ensure
the development and maintenance of a risk-based audit plan, covering
both
financial and non-financial areas of the Bank, that includes risk
assessments to support the frequency and scope of reviews for all
areas
covered by the plan;
|
| (b) |
ensure
that the risk-based audit plan is annually approved by the Board
or its
designated committee;
|
| (c) |
ensure
that any deviation of sixty (60) days or more from the Board approved
audit plan requires, and only occurs with, the prior written approval
of
the Board or its designated
committee;
|
| (d) |
ensure
that the Board or its designated committee maintains a process to
track
adherence to the approved audit
plan;
|
6
| (e) |
detect
irregularities and weak practices in the Bank's
operations;
|
| (f) |
determine
the Bank's level of compliance with all applicable laws, rules and
regulations, including consumer compliance and BSA/AML related laws
and
regulations;
|
| (g) |
assess
and report the effectiveness of policies, procedures, controls, and
management oversight relating to each area covered by the audit
plan;
|
| (h) |
evaluate
the Bank’s adherence to established policies, procedures and programs,
including the Bank’s adherence to the consumer compliance, BSA/AML and
third party management programs required to be developed under the
terms
of this Agreement; and
|
| (i) |
ensure
an appropriate level of testing to support the audit findings in
all
areas, including in the BSA/AML area, testing that covers the adequacy
of
the Bank’s:
|
| (i) |
customer
risk identification practices;
|
| (ii) |
systems
for monitoring transactions and accounts for suspicious activity;
and
|
| (iii) |
identification
of suspicious activity and compliance with suspicious activity reporting
requirements.
|
(2) As
part
of this audit program, the Board shall evaluate the audit reports and shall
assess the impact on the Bank of any audit deficiencies cited in such reports.
If the Board’s designated committee is charged with responsibility for reviewing
the audit reports, the committee shall report its findings to the full
Board.
7
(3) The
Board
shall ensure that the Bank has processes, personnel (with respect to both the
experience level and number of individuals employed), and control systems to
ensure implementation of and adherence to the audit program developed pursuant
to this Article.
(4) The
Board
shall ensure that immediate actions are taken to remedy deficiencies cited
in
audit reports, and that auditors maintain a written record describing such
actions.
(5) Upon
adoption, a copy of the internal audit program shall be promptly submitted
to
the Assistant Deputy Comptroller.
ARTICLE
V
CONSUMER
COMPLIANCE PROGRAM
(1) Within
sixty (60) days, the Board shall review and revise the Bank’s consumer
compliance program and implement the revised program, and thereafter ensure
adherence to the written program which shall be designed to ensure the Bank
is
operating in compliance with all applicable consumer protection laws, rules
and
regulations. The program shall include:
| (a) |
written
descriptions of the duties and responsibilities of the Compliance
Officer
and other key positions in the Compliance area, that clearly define
authority and accountability;
|
| (b) |
adequate
internal controls to ensure compliance with consumer protection laws,
rules, and regulations, including quality assurance reviews to
periodically evaluate compliance;
|
| (c) |
a
policies and procedures manual covering all applicable consumer protection
laws, rules and regulations for use by appropriate Bank personnel
in the
performance of their duties and responsibilities, which identifies
employee accountability for required procedures;
|
8
| (d) |
updates
of the written policies and procedures at least semi-annually, or
as
required by more frequent changes in laws or regulations, to ensure
the
program remains current;
|
| (e) |
a
formal compliance review process for new or changed products and
services;
|
| (f) |
procedures
to ensure that exceptions noted in the audit reports are corrected
and
responded to by appropriate Bank personnel;
and
|
| (g) |
an
education and training program for all appropriate Bank personnel
in the
requirements of all applicable federal and state consumer protection
laws,
rules and regulations, with training tailored to each individual’s
responsibilities and duties.
|
(2) Upon
adoption, a copy of the program shall be forwarded to the Assistant Deputy
Comptroller for review.
(3) The
Board
shall ensure that the Bank has processes, personnel, and control systems to
ensure implementation of and adherence to the program developed pursuant to
this
Article.
ARTICLE
VI
BANK
SECRECY ACT/ANTI-MONEY LAUNDERING
(1) Within
sixty (60) days, the Board shall review and enhance the Bank’s BSA/AML program
and ensure implementation and Bank adherence to a written program of policies
and procedures to provide for compliance with the Bank Secrecy Act (“BSA”), as
amended (31 U.S.C. §§ 5311 et seq.), the regulations promulgated there
under at 31 C.F.R. Part 103, as amended, and 12 C.F.R. Part 21,
Subparts B and C, and the rules and regulations of the Office of Foreign Assets
Control (“OFAC”) (collectively referred to as the “Bank Secrecy Act” or “BSA”)
and for the appropriate identification and monitoring of transactions that
pose
greater than normal risk for compliance with the BSA. This program shall include
the following:
9
| (a) |
Enhanced
policies and procedures, including written criteria, for identification
of
transactions that pose greater than normal risk for compliance with
the
Bank Secrecy Act and for the enhanced monitoring of such transactions;
|
| (b) |
formal
evaluation of the knowledge of the Bank’s operational and supervisory
personnel of the Bank’s policies and procedures for identifying
transactions that pose greater than normal risk for compliance with
the
Bank Secrecy Act;
|
| (c) |
enhanced
training for bank personnel appropriately tailored to the roles and
responsibilities of each job function, and to address any weaknesses
identified as a result of the evaluation required in (b);
|
| (d) |
periodic
evaluation of the Bank’s BSA training program to ensure on-going
effectiveness of training provided;
|
| (e) |
enhanced
policies and procedures for recording, maintaining, and recalling
information about transactions that pose greater than normal risk
for
compliance with the Bank Secrecy
Act;
|
| (f) |
enhanced
policies and procedures for risk rating the bank’s customer
base;
|
| (g) |
on-going
risk focused assessment of the Bank’s customer base, products, services,
and geographic locations;
|
| (h) |
well-defined
policies and procedures for investigating and resolving the Bank’s
response to transactions that have been identified as posing greater
than
normal risk for compliance with the Bank Secrecy Act;
|
10
| (i) |
adequate
controls and procedures to ensure that all suspicious and large currency
transactions are identified and
reported;
|
| (j) |
adequate
controls and procedures to ensure Currency Transaction Reports (CTRs)
and
Suspicious Activity Reports (SARs) are filed accurately and timely,
including procedures to ensure that errors noted in internal or external
reports are addressed and remedied within specified timeframes;
|
| (k) |
a
method for introducing new products and services that ensures that
the
policies and procedures governing new products and services are consistent
with the Bank’s program for compliance with the Bank Secrecy
Act.
|
| (l) |
a
policy that addresses the circumstances under which customer transactions
are permitted to be conducted through Bank related accounts with
specific
documentation requirements to ensure sufficient customer information
is
obtained and maintained.
|
(2) Within
sixty (60) days, the Board shall review and enhance the Bank’s policies and
procedures and ensure implementation and Bank adherence to a written program
for
the Bank’s monitoring of suspicious cash, monetary instrument and wire
transactions, and for other activities involving accounts, customers, products,
services, and geographic areas that pose greater than normal risk for compliance
with the Bank Secrecy Act. At a minimum, this written program shall
include:
| (a) |
reviews
of cash purchases of monetary instruments on a periodic basis commensurate
with risk;
|
| (b) |
reviews
of wire and cash transactions on a periodic basis commensurate with
risk;
|
11
| (c) |
analysis
of aggregate cash, monetary instrument, and wire activity on a periodic
basis commensurate with risk;
|
| (d) |
analysis
of Currency Transaction Report filings on a periodic basis commensurate
with risk;
|
| (e) |
enhanced
review of accounts, customers, products, services, and geographic
areas
that pose greater than normal risk for compliance with the Bank Secrecy
Act; and
|
| (f) |
submission
of SARs based on these reviews and analyses, as
required.
|
(3) Within
sixty (60) days, the Board shall develop, implement, and thereafter ensure
Bank
adherence to a written program of policies and procedures to provide for the
application of appropriate thresholds for monitoring all types of transactions,
accounts, customers, products, services, and geographic areas that pose greater
than normal risk for compliance with the Bank Secrecy Act. At a minimum, this
written program shall establish:
| (a) |
meaningful
thresholds for filtering accounts and customers for further monitoring,
review, and analyses;
|
| (b) |
an
analysis of the filtering thresholds established by the Bank;
and
|
| (c) |
periodic
testing and monitoring of thresholds for their appropriateness to
the
Bank’s customer base, products, services, and geographic
area.
|
(4) Within
sixty (60) days, the Board shall develop, implement, and thereafter ensure
Bank
adherence to expanded account-opening procedures for all accounts that pose
greater than normal risk for compliance with the Bank Secrecy Act by
requiring:
| (a) |
identification
of all account owners and beneficial owners in compliance with
31 C.F.R. § 103.121;
|
12
| (b) |
identification
of the officers, directors, major shareholders or partners, as applicable;
|
| (c) |
documentation
of the following information:
|
| (i) |
any
relevant financial information concerning the
customer;
|
| (ii) |
the
type of business conducted by the
customer;
|
| (iii) |
the
customer’s source of income or wealth;
and
|
| (iv) |
any
other due diligence required by this Agreement, the BSA Officer or
the
Bank.
|
(5) The
Bank
shall obtain the information required in the preceding paragraph (4)
of this
Article before renewing or modifying an existing customer’s account within the
scope of the preceding paragraph (4).
(6) Within
sixty (60) days, the Board shall develop, implement, and thereafter ensure
Bank
maintenance of an integrated, accurate system for all Bank areas to produce
periodic reports designed to identify unusual or suspicious activity, including
patterns of activity, to monitor and evaluate unusual or suspicious activity,
and to maintain accurate information needed to produce these reports.
| (a) |
the
Bank’s system shall be able to link related accounts to evaluate patterns
of activity and generate a list of all accounts associated with a
relationship;
|
| (b) |
The
Bank’s system shall include information on all high risk customers or
accounts (newly established, renewed or modified), which shall be
maintained and kept current, including the following
information:
|
| (i) |
the
name of the customer;
|
| (ii) |
the
officers, directors and major shareholder of any corporate customer
and
the partners of any partnership
customer;
|
13
| (iii) |
any
other accounts maintained by the customer and, as applicable, its
officers, directors, major shareholders or
partners;
|
| (iv) |
a
detailed analysis of the due diligence performed on the customer
and, as
applicable, its officers, directors, major shareholders or
partners;
|
| (v) |
any
related accounts of the customer at the Bank;
|
| (vi) |
any
action the Bank has taken on the account;
|
| (vii) |
the
purpose and balance of the account; and
|
| (viii) |
any
unusual activity for each account;
|
| (c) |
The
periodic reports shall cover one day, a number of days, and include
monthly reports and shall segregate transactions that pose a greater
than
normal risk for compliance with the Bank Secrecy
Act;
|
| (d) |
The
periodic reports shall include reports on any type of subpoena received
by
the Bank and on any law enforcement inquiry directed to the Bank
and any
action taken by the Bank on the affected account;
and
|
| (e) |
The
periodic reports shall include reports deemed necessary or appropriate
by
the BSA Officer or the Bank.
|
(7) The
BSA
Officer or his/her designee shall periodically review, not less than each
calendar year, account documentation for all high risk accounts and the related
accounts of those customers at the Bank to determine whether the account
activity is consistent with the customer’s business and the stated purpose of
the account.
(8) The
Board
shall ensure that the Bank has processes, personnel, and control systems to
implement and adhere to the program developed pursuant to this
Article.
(9) Upon
adoption, a copy of the program shall be forwarded to the Assistant Deputy
Comptroller for review.
14
ARTICLE
VII
ACCOUNT/TRANSACTION
ACTIVITY REVIEW
(1) Within
sixty (60) days, the Bank shall submit to the Assistant Deputy Comptroller
for a
written determination of no objection, a written plan to review monetary
instrument, wire and cash transactions (including structuring) occurring at
the
Bank since January 1, 2006, and customer accounts that pose greater than normal
risk for compliance with the BSA in order to ascertain whether any unusual
or
suspicious activity may have occurred since January 1, 2006. In the event the
Assistant Deputy Comptroller objects in writing to the plan or provides written
comments, the Board shall immediately make the necessary revisions to the plan.
(2) Within
one hundred and twenty (120) days of receiving a written determination of no
objection from the Assistant Deputy Comptroller, the Bank shall complete the
account and transaction activity review in accordance with the plan submitted
pursuant to paragraph (1) of this Article. Upon
completion of this review, the written findings shall be reported to the Board,
with a copy to the Assistant Deputy Comptroller. Within thirty (30) days of
receiving the written report, the Bank shall file SARs for any previously
unreported suspicious activity identified during the review. At the
Comptroller’s sole discretion, the Bank may be required to extend the suspicious
activity review period to capture transactions and activity occurring at the
Bank prior to January 1, 2006, after the written findings are provided to the
Assistant Deputy Comptroller.
ARTICLE
VIII
OUTSOURCING
SERVICES TO THIRD PARTIES
(1) Within
ninety (90) days, the Board shall develop, implement, and thereafter adhere
to a
written program to oversee and manage risks associated with outsourcing services
to third parties, including consultants and technology service providers and
vendors. The third party management program shall be consistent with OCC
Bulletin 2001-47, “Third Party Relationships,” and any applicable guidance
listed in the attachment thereto, and the “Outsourcing Technology Services”
Booklet of the FFIEC
Information Technology Examination Handbook,
to the
extent applicable. The program shall, at a minimum, include:
15
| (a) |
an
analysis of how the relationship fits into the Bank’s overall business
strategy and objectives;
|
| (b) |
identification
of the strategic purposes, benefits, legal aspects, costs and risks
associated with the third party
relationship;
|
| (c) |
assessment
of internal Bank expertise to evaluate and manage the activity and
the
third-party relationship;
|
| (d) |
an
initial and on-going due diligence process that identifies qualitative
and
quantitative aspects, both financial and operational, of the third
party
to assess whether the third party can help the bank achieve its strategic
goals;
|
| (e) |
the
execution of enforceable contracts that clearly define the expectations
and obligations of the each party and include, as appropriate, the
following:
|
| (i) |
scope
of the arrangement, including the frequency, content and format of the
services to be provided, training of bank employees, customer service,
and
whether or not the service provider may subcontract any of its
obligations;
|
| (ii) |
performance
measures that clearly specify the expectations and responsibilities
for
both parties;
|
16
| (iii) |
identification
of the frequency and content of specific reports the third party
is
required to provide to the Bank to assess performance, service levels,
and
risks;
|
| (iv) |
thresholds
and procedures for notifying the Bank when service disruptions, security
breaches or other events that pose a material risk to the Bank
occur;
|
| (v) |
the
right to audit the third party (and any of its subcontractors) as
needed
to monitor contract performance and identification of the types and
frequency of audit information the Bank is entitled to receive from
the
third party;
|
| (vi) |
a
full description of the compensation, fees, calculations for base
services
or any special charges that may be imposed, including conditions
under
which the cost structure may be changed, and to the extent applicable,
standards and documentation required for reimbursement of any expenses
chargeable to the Bank;
|
| (vii) |
whether
and how the third party has the right to use the Bank’s data and whether
any records generated by the third party are the property of the
Bank;
|
| (viii) |
standards
for maintaining the confidentiality and security of the Bank’s
information;
|
| (ix) |
provision
and standards for business resumption and contingency
plans;
|
| (x) |
stipulation
of events constituting default, available remedies and opportunities
to
cure defaults, and identification of termination rights, including
a
provision that enables the Bank to terminate the contract, upon reasonable
notice and without penalty, in the event the OCC formally objects
to the
particular third-party arrangement;
and
|
17
| (xi) |
to
the extent terms limiting third party liability are included, only
limits
on liability that are proper in proportion to the amount of loss
the Bank
might experience as a result of the third party’s failure to
perform.
|
| (f) |
on-going
oversight of the third party’s activities and performance, including the
designation of a bank officer responsible for the administration
and
oversight of third party relationships, and assignment of sufficient
staff
with the necessary expertise to:
|
| (i) |
monitor
the third party’s financial
condition;
|
| (ii) |
monitor
the third party’s controls, including review of audit information;
policies relating to internal controls and security; business resumption
contingency planning and testing; and compliance with applicable
laws and
regulations, including the BSA and consumer laws and regulations;
|
| (iii) |
monitor
key third party personnel changes and assess how such changes may
impact
the Bank;
|
| (iv) |
review
information documenting the third party’s performance relative to service
level agreements and determine whether contractual terms and conditions
are being met, or whether any revisions to service-level agreements
or
other terms are needed;
|
18
| (v) |
document
and follow-up on performance problems in a timely
manner;
|
| (vi) |
determine
the adequacy of training provided to bank
employees;
|
| (vii) |
periodically
meet with contract parties to discuss performance and operational
issues;
|
| (g) |
documentation
of the Bank’s oversight of third party activities and performance
including:
|
| (i) |
a
list of third parties deemed critical to the operation of the Bank
or for
which the Bank spends substantial amounts of
money;
|
| (ii) |
valid,
current and complete contracts;
|
| (iii) |
business
plans for new lines of business or products that identify management’s
planning process, decision making and due diligence in selecting
a third
party;
|
| (iv) |
regular
risk management and performance information received from the third
party
(e.g., audit information, security reviews, reports or information
indicating compliance with service-level agreements); and
|
| (v) |
regular
reports to the Board, or its delegated committee, of the results
of the
Bank’s ongoing oversight activities.
|
(2) Within
one hundred and twenty (120) days, the Board shall review each of the Bank’s
current arrangements with any third party consultant or servicer and prepare
a
written analysis detailing whether and how each arrangement complies with the
third party management program required to be developed under paragraph (1)
of
this Article. The Board’s analysis shall include an evaluation of the extent to
which the third party is meeting the Bank’s expectations in providing the
services for which it was contracted. For each consultant or servicer
arrangement that does not meet the requirements of the program required under
paragraph (1), or in the event any consultant or servicer is not meeting its
19
obligations
under the terms of an existing contract, the Board shall prepare, within 60
days
of completing its review, a written plan of the steps it will take to address
any identified deficiencies, including how the Bank will terminate the
arrangement in the event the Board is unable to address an identified
deficiency. In the event the written plan, or any portion thereof, is not
implemented, the Board shall immediately advise the Assistant Deputy
Comptroller, in writing, of specific reasons for deviating from the plan.
(3) For
each
review it must undertake pursuant to paragraph (2) above, the Board shall
indicate whether:
| (a) |
legal
counsel was involved in the negotiation of any contracts executed
with the
third party;
|
| (b) |
prior
to entering into any contract executed within one year from the effective
date of this Agreement, the Board or Bank counsel reviewed any existing
contract with the third party to determine whether the third party
was
already obligated to provide any of the services covered under the
terms
of the new contract, and the Board or Bank counsel’s determination in that
regard; and
|
| (c) |
the
contract is on market terms and fair and equitable to the Bank.
|
(4) The
Bank
shall not enter into any new or renegotiate any existing third party outsourcing
arrangement which does not meet the requirements of the third party management
program required to be developed under paragraph (1) of this Article.
(5) The
Board
shall submit copies of the program, analyses and plans required under the terms
of this Article to the Assistant Deputy Comptroller for review.
20
(6) The
Board
shall ensure the Bank has processes, personnel, and control systems to ensure
implementation of and adherence to the programs and plans developed pursuant
to
this Article.
ARTICLE
IX
VIOLATIONS
OF LAW
(1) The
Board
shall immediately take all necessary steps to ensure that Bank management
corrects each violation of law, rule or regulation cited in the XXX. The
quarterly progress reports required by Article II of this Agreement shall
include the date and manner in which each correction has been effected during
that reporting period.
ARTICLE
X
CLOSING
(1) Although
the Board has agreed to submit certain programs and reports to the Assistant
Deputy Comptroller for review or prior written determination of no supervisory
objection, the Board has the ultimate responsibility for proper and sound
management of the Bank.
(2) It
is
expressly and clearly understood that if, at any time, the Comptroller deems
it
appropriate in fulfilling the responsibilities placed upon him by the several
laws of the United States of America to undertake any action affecting the
Bank,
nothing in this Agreement shall in any way inhibit, estop, bar, or otherwise
prevent the Comptroller from so doing.
(3) Any
time
limitations imposed by this Agreement shall begin to run from the effective
date
of this Agreement. Such time requirements may be extended in writing by the
Assistant Deputy Comptroller for good cause upon written application by the
Board.
21
(4) The
provisions of this Agreement shall be effective upon execution by the parties
hereto and its provisions shall continue in full force and effect unless or
until such provisions are amended in writing by mutual consent of the parties
to
the Agreement or excepted, waived, or terminated in writing by the
Comptroller.
(5) This
Agreement is intended to be, and shall be construed to be, a supervisory
“written agreement entered into with the agency” as contemplated by 12 U.S.C. §
1818(b)(1), and expressly does not form, and may not be construed to form,
a
contract binding on the Comptroller or the United States. Notwithstanding the
absence of mutuality of obligation, or of consideration, or of a contract,
the
Comptroller may enforce any of the commitments or obligations herein undertaken
by the Bank under his supervisory powers, including 12 U.S.C. § 1818(b)(1),
and not as a matter of contract law. The Bank expressly acknowledges that
neither the Bank nor the Comptroller has any intention to enter into a contract.
The Bank also expressly acknowledges that no officer or employee of the Office
of the Comptroller of the Currency has statutory or other authority to bind
the
United States, the U.S. Treasury Department, the Comptroller, or any other
federal bank regulatory agency or entity, or any officer or employee of any
of
those entities to a contract affecting the Comptroller’s exercise of his
supervisory responsibilities. The terms of this Agreement, including this
paragraph, are not subject to amendment or modification by any extraneous
expression, prior agreements or prior arrangements between the parties, whether
oral or written.
IN
TESTIMONY WHEREOF, the undersigned, authorized by the Comptroller, has hereunto
set her hand on behalf of the Comptroller.
| /s/ Xxxxxxxx Xxxxx | January 29, 2007 | |
|
Xxxxxxxx
Xxxxx
Deputy
Comptroller
Midsize
and Credit Card Bank Supervision
|
Date
|
22
IN
TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of
Directors of the Bank, have hereunto set their hands on behalf of the
Bank.
| /s/ Xxxx X. Xxxxxxxxxx | January 26, 2007 | |
|
/s/
Xxxxx X. Xxxxx
|
Date
January
26, 2007
|
|
|
/s/
Xxxx X. Xxxxxxxx
|
Date
January
26, 2007
|
|
|
/s/
Xxxxxxx X. Xxxxxx
|
Date
January
26, 2007
|
|
|
/s/
Xxxx X. Xxxxxxx
|
Date
January
26, 2007
|
|
|
/s/
Xxxxxx X. Xxxxx
|
Date
January
26, 2007
|
|
|
/s/
Xxxxxxx X. Xxxxxxx
|
Date
January
26, 2007
|
|
|
/s/
Xxxxx X. Xxxxxx, MD
|
Date
January
26, 2007
|
|
|
Date
|
23
