ADMINISTRATIVE SERVICES AND FACILITIES AGREEMENT
Exhibit 10.20
ADMINISTRATIVE SERVICES AND FACILITIES AGREEMENT
THIS AGREEMENT is made as of the 22nd day of November, 2006 , by and between GMAC MORTGAGE, LLC, Delaware limited liability company with offices at 000 Xxxxxx Xxxx, Xxxxxxx, Xxxxxxxxxxxx 00000 (hereinafter referred to as “GMACM”) and GMAC BANK f/k/a GMAC Automotive Bank, an industrial bank with its principal office at 0000 Xxxxx Xxxx Xxxxxx, Xxxxx 000, Xxxxxxx, Xxxx 00000, on behalf of itself and its subsidiaries, GMACB Asset Management Corp. and GMAC Wholesale Mortgage Corp. (collectively referred to as the “Bank”).
Explanatory Statement
A. | GMAC Bank is a Utah industrial bank in the business of originating and funding consumer and commercial mortgages and providing other consumer banking related services. |
B. | GMACM is a financial services company in the business of originating, servicing, and securitizing residential mortgages, among other related financial services. |
C. | Under Federal Reserve System Regulation W (12 CFR §223.1 et. seq.), the Bank and GMACM are affiliates of each other. The Bank and GMACM intend that this Agreement comply with requirements of Sections 23A and 23B of the Federal Reserve Act (12 USC §221 et. seq.) and with implementing federal regulations. |
D. | The Bank wants GMACM to provide certain administrative and other services and facilities to the Bank related to certain of the Bank’s business activities. |
E. | GMACM is willing to provide such services and facilities to the Bank under the terms of this Agreement. |
NOW, THEREFORE, in consideration of the mutual covenants and promises expressed herein, the parties hereto, intending to be legally bound, hereby agree as follows.
1. Definitions.
1.1 Applicable Requirements. Applicable Requirements means (a) all federal, state and local legal and regulatory requirements (including statutes, rules, regulations and ordinances) applicable to the Bank, (b) all other requirements and guidelines of FDIC, the Utah Department of Financial Institutions, and any other governmental body or officer having jurisdiction over the Bank, (c) all judicial and administrative judgments, orders, stipulations, awards, writs, and injunctions applicable to the Bank and (d) the Bank’s Policy/Procedure with respect to the conduct of affiliate transactions, a copy of which is attached as Exhibit B hereto.
1.2 Confidential Information. Confidential Information means any information obtained by a party from, or disclosed to a party by, the other party, its parent company, its or their parents, subsidiaries, or affiliates, which relates to the past, present, or future business or financial activities of any of such persons or entities, including any information or data developed from any such
information; provided that such information is Confidential Information only if it was solely available to such other party as a result of the performance of its obligations under this Agreement. Without limiting the generality of the foregoing, Confidential Information shall include any such information relating to customers, pricing, methods, operations, processes, loan programs, financial data, business relationships, technical data, statistics, technical specifications, documentation, research, development or related information, computer systems, employees, and any results or compilations of the foregoing. Confidential Information does not include information that is (a) made public by the disclosing party, (b) generally available to the public other than by a breach of this Agreement by recipient, its employees, agents or contractors, and/or (c) rightfully received from a third person having the legal right to disclose the Confidential Information free of any obligation of confidence.
1.3 Effective Date. Effective Date means November 22, 2006.
1.4 Equipment. Equipment means, collectively, all office equipment, furniture and fixtures, telephones and other telecommunications devices, photocopiers and office mail services, files, records and data storage devices (whether manual or electronic media), computer hardware and software and systems support, operations and instructional manuals, and all other books and records with respect thereto which, as the context requires, are now or hereafter owned or acquired by GMACM and subleased by it to the Bank, and which are to be furnished to the Bank under this Agreement in fulfillment of the purposes hereof.
1.5 Facilities. Facilities means, collectively, those facilities now leased and maintained by GMACM and particularly described in Workplace Services section of Exhibit A attached hereto, and which are to be utilized in part by GMAC Bank; and any other locations hereafter established for such purposes in accordance with the terms of this Agreement.
1.6 FDIC. FDIC means the Federal Deposit Insurance Corporation.
1.7 Services. Services means, collectively, and as the context requires, the administrative and other services to be provided by GMACM for the benefit of the Bank, more particularly described in Exhibit A hereto.
2. Engagement.
2.1 The Bank hereby engages GMACM, on a sole and exclusive basis, to provide the corporate services and facilities described in Exhibit A to this Agreement. GMACM hereby agrees to provide the corporate services and facilities to or for the benefit of the Bank as described in this Agreement.
2.2 Subject to the provisions of this Agreement, the Bank hereby grants GMACM the exclusive power and authority for GMACM to carry out all of its duties and obligations under this Agreement, as the agent and representative of the Bank. Any person dealing with GMACM shall be entitled to rely upon any action taken by GMACM, as an agent and representative of the Bank in accordance with this Agreement and the Bank shall be bound thereby.
2.3 In the performance of its services hereunder, GMACM shall utilize such of its own employees, consultants, contractors, equipment, supplies, and office facilities as GMACM, in its sole discretion, shall determine necessary or advisable for the proper performance of such services.
3. Rights and Powers of the Bank. During the term of this Agreement or any renewal thereof, the Bank shall have the right and power to:
3.1 Establish rules, practices and procedures for the conduct of its business, solicitation and service of its clients and the types and amounts of services to be rendered by it; and
1
3.2 Require GMACM to take appropriate measures to select, supervise and monitor the personnel performing the services
4. Representations and Warranties of GMACM. GMACM represents and warrants to the Bank, as of the Effective Date that:
4.1 Organization. GMACM is a limited liability company duly organized, validly existing, and in good standing under the laws of the State of Delaware.
4.2 Corporate Power. GMACM has all requisite corporate power, authority, and capacity to enter into this Agreement and to perform the obligations required of it hereunder.
4.3 Authorization; No Conflicts. The execution and performance of this Agreement by GMACM, its compliance with the terms hereof, and the consummation of the transactions contemplated have been authorized by all requisite corporate action, consented to by all appropriate parties, will not violate any provision of law applicable to it and will not conflict with the terms or provisions of its Articles of Incorporation or By-Laws, or any other instrument relating to the conduct of its business or the ownership of its property, or any other agreement to which it is a party or by which it is bound.
4.4 No Litigation, etc. There is no litigation, proceeding, or governmental investigation pending or, to its knowledge, threatened, or any order, injunction, or decree outstanding, against or relating to it, which could have a material adverse effect upon ability of GMACM to perform its obligations under this Agreement, nor does it know of any basis for any such litigation, proceeding, or governmental investigation.
4.5 No Misrepresentation. No representation, warranty or statement made by it in this Agreement or in any document referred to herein or in any exhibit, schedule, statement or certificate hereafter furnished pursuant to this Agreement or in connection with the transactions between the Bank and GMACM provided for in this Agreement, contains or will contain any untrue statement of a material fact or omits or will omit to state a material fact necessary to make the statements contained herein or therein not misleading.
4.6 Arms Length Terms. The terms of this Agreement are no less favorable to Bank than those that would be offered by GMACM to, or would apply to, a third party that is not affiliated with GMACM.
5. Representations and Warranties of the Bank. The Bank represents and warrants to GMACM, as of the Effective Date that:
5.1 Organization. The Bank is an industrial bank duly organized, validly existing and in good standing under the laws of the State of Utah.
5.2 FDIC Insurance. The FDIC insures the Bank’s deposits.
2
5.3 Receivership, etc. The Bank is not in receivership, conservatorship or liquidation.
5.4 Corporate Power. The Bank has all requisite power, authority and capacity to enter into this Agreement and to perform the obligations required of it hereunder.
5.5 Authorization; No Conflict. The execution and performance of this Agreement by the Bank, its compliance with the terms hereof and the consummation of the transactions contemplated have been authorized by all requisite corporate action, consented to by all appropriate parties, will not violate any provision of law applicable to it and will not conflict with the terms or provisions of its Articles of Incorporation or By-Laws, or any other instrument relating to the conduct of its business or the ownership of its property, or any other agreement to which it is a party or by which it is bound.
5.6 No Litigation, etc. There is no litigation, proceeding or governmental investigation pending or, to its knowledge, threatened, or any order, injunction or decree outstanding, against or relating to the Bank, which could have a material adverse effect upon the performance of the Bank’s obligations under this Agreement, nor does it know of any basis for any such litigation, proceeding, or governmental investigation.
5.7 No Misrepresentation. No representation, warranty or statement made by the Bank in this Agreement, or in any document referred to herein or in any exhibit, schedule, statement or certificate hereafter furnished pursuant to this Agreement, or in connection with the transactions between the Bank and GMACM provided for in this Agreement, contains or will contain any untrue statement of a material fact or omits or will omit to state a material fact necessary to make the statements contained herein or therein not misleading.
6. Continuing Obligations of GMACM. During the term of this Agreement GMACM shall have the following continuing obligations in addition to those described elsewhere in this Agreement.
6.1 Representations and Warranties. During the term of this Agreement, GMACM shall promptly notify Bank of any state of facts which causes, or which may reasonably cause any of the representations and warranties contained in Section 4 of this Agreement to cease to remain true, complete, and correct in any material respect.
6.2 Delivery of Facilities and Services. GMACM shall provide and maintain, at its sole cost and expense (except as otherwise specifically provided herein), to and for the benefit of the Bank, the Facilities and Services as hereinafter provided. To that end, and by way of elaboration, and not by way of limitation, GMACM shall provide the following:
6.2.1 Facilities. GMACM shall deliver and maintain Facilities for the Bank, for the term of this Agreement, generally upon the terms and conditions contained in the Workplace Services section of Schedule of Services to be performed by GMACM document attached hereto and incorporated herein by reference as Exhibit A.
6.2.2 Services. GMACM shall provide the Services to the Bank in a timely and professional manner, so as to permit the Bank to fully comply with all Applicable Requirements. GMACM has all rights necessary to provide the Services. If the Bank shall request GMACM to perform Services of a type not provided for in Exhibit A hereto or at a level or in a quantity which materially exceeds the level or quantity of services provided as of the Effective Date, then the parties shall negotiate in good faith to reach agreement on the terms of the provision of and pricing for such services.
3
6.3 Information and Reports; Cooperation in Audits, Reviews and Inspections. GMACM shall prepare and deliver to the Bank, regularly and on a timely basis, such information and reports as the Bank shall reasonably request or require from time to time regarding any and all aspects of the Services. GMACM shall cooperate with the Bank and its accountants, auditors, fidelity and deposit insurance underwriters, and federal and state regulators and other similar parties in conducting such audits, reviews and inspections of the Services as the Bank and such parties shall reasonably require from time to time.
6.4 No Assignment or Delegation. The obligations of GMACM under this Agreement, for the provision of the Facilities and Services, are neither assignable nor delegable except (a) by operation of law or (b) with the written consent of the parties. Any action by GMACM in derogation of this provision shall be void and ineffective and, at the election of the Bank, shall constitute an event of default by GMACM hereunder.
7. Continuing Obligations of the Bank. During the term of this Agreement the Bank shall have the following continuing obligations in addition to those described elsewhere in this Agreement.
7.1 Representations and Warranties. The Bank shall promptly notify GMACM of any state of facts which causes, or which may reasonably cause any of the representations and warranties contained in Section 5 of this Agreement to cease to remain true, complete, and correct in any material respect.
8. Insurance.
8.1 Insurance. At GMACM’s election, and in its sole, absolute discretion, in accordance with GMAC Risk Management guidelines GMACM will either (a) obtain from an independent insurance company, and maintain in full force and effect, financial institution bond or equivalent insurance covering loss resulting from employee dishonesty; errors and omissions insurance covering claims resulting from breach of this Agreement by GMACM or wrongful acts committed in performing its obligations under this Agreement (collectively, “Loss Events”); or (b) self-insure losses resulting from any Loss Event.
8.2 Insurance Company and Policy Requirements. With respect to insurance provided through one or more independent insurance companies, Loss Events coverage must satisfy Applicable Requirements, as disclosed or reported to GMACM by the Bank, with respect to limitations on liability, deductibles, and insurance company qualifications. Insurance must be in accordance with GMAC Risk Management guidelines. Upon the Bank’s request, GMACM will provide the Bank with copies of the insurance policy or certificate of insuran
9. Indemnification.
9.1 By GMACM. To the maximum extent permitted by law, GMACM shall and does hereby indemnify the Bank, and agrees to save it harmless and defend it from and against any and all claims, actions, damages, liabilities, and reasonable expenses (including reasonable attorneys’ and other professional fees) judgments, settlement payments, and fines paid, incurred or suffered by the Bank:
9.1.1 in connection with loss of life or personal injury, or damage to property or to the environment, suffered by third parties, and arising from or out of the occupancy or use by the Bank of the Facilities or any part thereof, and occasioned wholly or in part by any act or omission of GMACM, its officers, agents, contractors, employees or invitees;
4
9.2.2 in connection with loss of life or personal injury, or damage to property or to the environment, suffered by third parties, or in connection with any accident, injury or damages whatever in, at or upon the Facilities, and arising from or out of any condition created in or about the Facilities during the term of this Agreement;
9.1.3 in connection with any material breach or default by GMACM with respect to any of the representations and warranties of GMACM to the Bank under this Agreement
9.2 By Bank. To the maximum extent permitted by law, Bank shall and does hereby indemnify GMACM, and agrees to save it harmless and defend it from and against any and all claims, actions, damages, liabilities, and reasonable expenses (including reasonable attorneys’ and other professional fees) judgments, settlement payments, and fines paid, incurred or suffered by the GMACM:
9.2.1 in connection with any material breach or default by Bank with respect to any of the representations and warranties of Bank to the GMACM under this Agreement
9.3 Survival of Indemnities. The Bank’s and GMACM’s obligations pursuant to Subsection 9.1 and 9.2 shall survive any termination of this Agreement with respect to any act, omission or occurrence which took place prior to such termination.
9.4 The indemnifying party (“Indemnitor”) will defend the indemnified party (“Indemnitee”) against such claims at Indemnitor’s sole expense and pay all court awarded damages relating to such claims. The Indemnitee agrees to notify the Indemnitor in a timely manner in writing of the claim, and grant Indemnitor the right to control the defense and disposition of such claims provided that no settlement requiring any financial payment from Indemnitee or admission of liability by Indemnitee shall be made without Indemnitee’s prior written approval.
10. Compensation for Services and Facilities; Reimbursement.
10.1 The compensation to be paid by the Bank to GMACM for the Services provided by GMACM hereunder and the Bank’s use of the Facilities shall be as set forth in Exhibit A hereto.
10.2 Remuneration for services provided by GMACM will be billed monthly, and should be satisfied by the Bank no later than the 15th day of the month following for services rendered during such period.
10.3 The parties acknowledge and agree that except as otherwise specifically provided in this Agreement (including, without limitation, Exhibit A hereto), all costs, fees and expenses directly and actually incurred by either party in the performance of its obligations under this Agreement shall be borne by such party and the other party shall have no responsibility therefor.
10.4 If an invoice for services rendered to or on behalf of the Bank by a non-affiliated third party is received by the Bank, the Bank shall approve such invoice and forward it to GMACM for payment as part of its Accounts Payable processing. If an invoice for services rendered to the Bank or on behalf of the Bank by a non-affiliated third party is received by GMACM, GMACM shall forward such invoice to the Bank for approval and payment as part of its accounts payable processing.
10.5 Designated officers of the Bank and GMACM will agree on the timing and methods of reporting, reconciliation and appropriate journal entries to enable accurate and timely financial reporting for both Bank regulatory and GMACM reporting activities.
5
11. Term and Termination.
11.1 Initial Term. The initial term of this Agreement (the “Initial Term”) shall commence on the Effective Date and shall end on the last day of the 12th full calendar month thereafter. The schedule of Services to be performed by GMACM, (Exhibit A) attached and respective pricing shall be reviewed at the end of each calendar year within the term of the agreement by the officers of the Bank and GMACM to ensure compliance with the requirements of Sections 23B of the Federal Reserve Act. Exhibit A will be modified as necessary and incorporated by reference to the agreement.
11.2 Annual Renewal. Following the conclusion of the Initial Term, this Agreement shall be renewed automatically for successive periods of twelve full calendar months each, subject to the right of either party to terminate this Agreement, as provided in Section 11.3.
11.3 Termination.
11.3.1 Either party may terminate this Agreement, without cause, by tendering notice to the other not later than six (6) calendar months prior to the date proposed for termination, which termination date shall be no earlier than the conclusion of the Initial Term.
11.3.2 In the event of any default by either GMACM or the Bank in its obligations under this Agreement which default is not cured in all material respects within thirty (30) days after written notice thereof, specifying the precise nature of the alleged default, is given to the defaulting party, then the non-defaulting party may terminate this Agreement effective 90 days after written notice to the defaulting party; provided, however, that if such default could not reasonably have been cured within such thirty (30) day period, the defaulting party shall not be deemed in default hereunder if, within such notice period, it commences to cure and diligently proceeds to accomplish the same within a reasonable period of time thereafter.
11.3.3 If FDIC or the Utah Department of Financial Institutions requires the Bank to terminate its obligations under this Agreement, then this Agreement shall terminate as of the effective date of such termination.
12. Review of this Agreement.
If, at any time during the term of this Agreement, GMACM or Bank believes that the compensation terms provided in this Agreement are less favorable to GMACM or Bank than it could obtain from an independent third party or parties, GMACM or Bank may give written notice thereof (a “Compensation Notice”) to the other party, and GMACM and Bank shall promptly enter into good faith negotiations for the purpose of establishing a mutually agreeable adjustment to the compensation to be paid by Bank to GMACM for the Services provided by GMACM hereunder. Any such Compensation Notice by GMACM or Bank shall be accompanied by information which supports it’s belief that the then-current compensation terms are less favorable to it than could be obtained from a third party or parties. In the event that Bank and GMACM are unable to mutually agree upon the adjustment, if any, which should be made to the compensation provided for in this Agreement on or prior to the date (the “Adjustment Cut-Off Date”) which is ninety (90) days after GMACM or Bank gives the Compensation Notice, then GMACM or Bank may thereafter terminate this Agreement, without penalty, by giving written notice thereof to the other party within ten (10) days after the Adjustment Cut-Off Date, which termination becomes effective sixty (60) days after the Adjustment Cut-Off Date.
6
13. Compliance with FRA Sections 23A and 23B. The parties understand and acknowledge that certain transactions between Bank and its non-bank affiliates are subject to Federal Reserve Act Section 23A, and intend for this Agreement to comply therewith. The parties understand and expressly acknowledge that this Agreement is subject to the market terms requirement of Federal Reserve Act Section 23B. Accordingly, if, at any time, the Bank should determine, in good faith, that any of the terms or conditions of this Agreement cease to be terms or conditions that the Bank would offer to an unaffiliated third party in good faith, then the parties will modify this Agreement as necessary to comply with such standard.
14. Miscellaneous.
14.1 Unenforceability. If any provision herein in any way contravenes the law of any state or other political entity where this Agreement is to be performed or is determined to be void, illegal, or unenforceable under applicable law, all other provisions of this Agreement continue in full force and effect. Bank and GMACM are, in this event, obligated to replace the void, illegal or unenforceable provision with a valid, legal, and enforceable provision that corresponds as far as possible to the spirit and purpose of the void, illegal or unenforceable provision.
14.2 Entire Agreement. This Agreement embodies the entire agreement between the parties as to the subject matter of the Agreement, and supersedes all prior agreements and understandings relating to the subject matter of the Agreement.
14.3 Amendments. Any change, modification or waiver of in the terms of this Agreement shall be binding only if in writing and signed by duly authorized representatives of both parties.
14.4 No Assignment. This Agreement is not assignable except (a) by operation of law or (b) with the written consent of the parties. Upon any assignment by GMACM or the Bank permitted under this Agreement, all rights of GMACM and the Bank, respectively, hereunder shall inure to the benefit of the assignee.
14.5 Confidentiality. Except as permitted by this Agreement or by other written agreements between the parties, no party shall disclose Confidential Information to a third party or use any Confidential Information for the benefit of itself, its parent company, its or their parents, subsidiaries, agents, affiliates, or any other person or entity whatsoever. Except as required in the performance by a party of its obligations under this Agreement, such party shall not reproduce or disclose to any person, firm or entity, excluding affiliates of such party, any Confidential Information. The parties acknowledge that any disclosure of Confidential Information to bank examiners, state or federal regulators or the Agencies, to such party auditors and/or to other parties in the course of compelled disclosure during litigation, shall not be a violation of this Section. If and to the extent Confidential Information consists of information related to discloser’s customers, including without limitation any “nonpublic personal information” as defined under the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (Public Law 106-102, 113 Stat. 1138), as amended from time to time (the “GLB Act”) and regulations promulgated thereunder in any form, whether or not owned or developed by the discloser (collectively “Nonpublic Personal Information”), the requirements set forth in Exhibit B to this Agreement, attached hereto and incorporated herewith, shall apply to such Nonpublic Personal Information. In the event of a conflict between the provisions set forth in Exhibit B and those set forth herein, the provisions set forth in Exhibit B shall control for such Nonpublic Personal Information. The provisions of this section shall survive termination or expiration of the Agreement.
7
14.6 Cooperation. To the extent possible, the parties hereto shall cooperate and assist each other, as requested, in carrying out the other’s covenants, agreements, duties, and responsibilities under this Agreement and in connection therewith shall execute and deliver all such documents and instruments as shall be necessary and appropriate in the furtherance thereof.
14.7 Notices. All notices and other communications required or permitted under this Agreement shall be in writing and given to a party at its address or facsimile number set forth below or such other address or facsimile number as the party may hereafter specify for that purpose by notice to the other party. Each notice shall, for all purposes, be deemed to be given and received (a) if given by facsimile, when the facsimile is transmitted to compatible equipment in the possession of the recipient and confirmation of complete receipt is received by the sending party during normal business hours or on the next business day if not confirmed during normal business hours, (b) if hand delivered to a party against a receipted copy, when the copy is receipted, (c) if given by a nationally recognized and reputable overnight delivery service, the day on which the notice is actually received by the party, or (d) if given by certified mail, return receipt requested, postage prepaid, two (2) business days after it is posted with the United States Postal Service:
If to GMACM: then to the attention of President, GMAC Mortgage, LLC , 000 Xxxxxx Xxxx, Xxxxxxx, Xxxxxxxxxxxx 00000-0000, facsimile no.: (000) 000-0000; with a courtesy copy to GMACM’s General Counsel, at the same address; and.
If to the Bank, then to the attention of President, GMAC Bank, 0000 Xxxxx Xxxx Xxxxxx, Xxxxx 000, Xxxxxxx, Xxxx 00000, facsimile no. (000)-000-0000, with a courtesy copy to the Bank’s General Counsel at the same address and facsimile number.
If a notice is tendered pursuant to the provisions of this Agreement and is refused by the intended recipient thereof, the notice shall nonetheless be considered to have been given and shall be effective as of the date herein provided. The contrary notwithstanding, any notice given to a party in a manner other than that provided in this Agreement which is actually received by the party, shall be effective with respect to the party on receipt of the notice.
14.8 Counterparts. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original but all of which together shall constitute one and the same instrument.
14.9 Applicable Laws. The construction of this Agreement and the rights, remedies, and obligations arising by, under, through, or on account of it shall be governed by the laws of the United States of America and, where applicable, the State of Utah.
14.10 No Waiver. Any forbearance, delay, or failure by either party in enforcing its rights under this Agreement does not constitute a waiver of such rights.
14.11 Third Party Beneficiaries. This Agreement is intended for the benefit of the parties hereto only. There shall be no third party beneficiaries hereof.
14.12 Relationship of Parties. GMACM and the Bank understand and agree that this Agreement is intended to establish and set forth the terms of an arms-length business relationship between the parties which is at least as favorable to the Bank as would be likely to exist between unaffiliated parties. Nothing contained in the Agreement shall be construed as creating a joint venture, association, partnership, franchise or other form of business or relationship; and nothing contained in this Agreement shall be construed as making a party hereto liable for the debts or obligations of the other party, except only as expressly provided herein.
8
14.13 Survival. The provisions hereof, to the extent expressly so stated, but only to such extent, shall survive any termination or expiration of this Agreement.
14.14 Exhibits. All exhibits and schedules attached hereto or referred to in this Agreement are incorporated herein as though set forth herein in full.
14.15 Waiver of Trial by Jury. After consultation with their respective legal counsel, the Bank and GMAC each knowingly and voluntarily waive trial by jury in any action or proceeding to which the Bank or GMACM may be parties, arising out of or in any way pertaining to this Agreement.
IN WITNESS WHEREOF, the parties have executed this Agreement in two counterparts by their duly authorized representatives the day first above written.
WITNESS/ATTEST: | GMACM: | |||||
GMAC MORTGAGE, LLC, | ||||||
|
By: | /s/ Xxxxxxx X. Xxxxxxxxx | ||||
Title: | SVP – Finance/Admin. | |||||
WITNESS/ATTEST: | THE BANK: | |||||
GMAC BANK | ||||||
|
By: | /s/ Xxxxxx X. Xxxxxx (seal) | ||||
Title: | Asst. Secretary |
9
Exhibit A
SCHEDULE OF SERVICES AND FACILITIES TO BE PROVIDED BY GMACM
Table of Contents
(1) | Human Resources/Payroll | 1 | ||
(2) | Information Technology | 2 | ||
(3) | Finance/General | 5 | ||
(4) | Treasury | 7 | ||
(5) | Capital Markets | 8 | ||
(6) | Quality Control- Credit | 9 | ||
(7) | Quality Control – Compliance | 11 | ||
(8) | Strategic Sourcing & Workplace Services | 13 | ||
(9) | Legal | 15 | ||
(10) | Risk Assessment & Assurance | 16 | ||
(11) | Credit Policy | 18 |
10
Exhibit A
SCHEDULE OF SERVICES AND FACILITIES TO BE PROVIDED BY GMACM
GMACM shall be responsible for providing the following Services to GMAC Bank:
(1) | Human Resources/Payroll |
(A) Provide and/or facilitate payroll services for GMAC Bank, including maintenance of human resources and payroll systems, payroll processing, transmission of payroll interface file to accounting, payroll tax withholding and remittance, W-2 processing and filing;
(B) In connection with the employees referred to in clause (A) above, prepare and file, or cause to be prepared and filed, all federal, state and local payroll and wage tax returns and such reports and documents, make such payments and perform all other acts, as may be necessary or proper to comply with the terms and conditions of the Social Security, unemployment, workers’ compensation and all other applicable laws, ordinances and regulations of each jurisdiction in which they may be employed, except that the Bank will be responsible for filing all appropriate EEO-1 reports regarding the employees of GMAC Bank, and GMACM agrees to provide any necessary information from its payroll system to assist with said reports;
(C) Administer all benefits provided to employees and provide other human resources services, including, without limitation, administering and approving any compensation or benefit payments, establishing and administering personnel policies, providing employee relations services, providing training services; and
(D) Provide staffing resources to attract, interview and hire new employees of GMAC Bank, including, without limitation, approving new employees’ compensation.
• | PRICING TERMS: |
1. | Services are priced on a pro rata full time equivalent (“FTE”) basis. The Bank FTE count is divided by the enterprise FTE count then multiplied by the applicable direct and certain indirect expenses of the HR department. The resulting amount is then marked-up by 10% to obtain the final administrative services charge to the Bank. |
2. | All third party costs of authorized goods and services are passed through directly to the Bank without xxxx-up. |
11
(2) | Information Technology. |
A. Provide internal information technology services to GMAC Bank necessary for the operation of its business and, in connection therewith, purchase and maintain computer hardware, software, databases and all computer networks necessary to permit GMAC Bank to conduct its activities in a professional manner and service its clients and others with whom it may deal. GMACM represents and warrants to GMAC Bank that all of the data and other information obtained by GMAC Bank from its clients or others with whom it deals shall be held in strict trust and confidence and shall only be accessible by persons engaged in the operation of GMAC Bank’s business, unless otherwise specifically consented to in writing by GMAC Bank. GMACM acknowledges that a high level of confidentiality is necessary in order for GMAC Bank to compete effectively for clients and to have its reports acceptable to financial institutions and others for whom they are intended. GMACM will, therefore, secure such information and data within GMAC Bank’s information system so that it will not be accessible by unauthorized persons.
B. GMAC BANK INFORMATION TECHNOLOGY INFRASTRUCTURE OPERATIONS SERVICE AGREEMENT
GMAC Bank IT infrastructure operations are governed by a specific service agreement.
See attachment II for detailed terms and conditions.
12
C. Provide services of a qualified Chief Information Officer (“CIO”) and necessary support staffing to the Bank to serve as part of senior management, reporting directly to the President with matrix reporting roles within the GMACM/GMAC Residential IT organization. The CIO is responsible for bridging business needs and information technology, including working with the business to define their needs and provide cost-effective solutions. The CIO’s responsibilities include but are not limited to the following :
1) Providing strategic information technology direction and solutions to business partners in support of revenue generation, diversification, retention, and key bank programs and goals.
2) Working closely with the business leadership to define long term information technology vision.
3) Developing a comprehensive strategy for management information needs, including new systems solutions or major improvements to existing application systems, and related hardware acquisition and integration.
4) Directing all IT related strategic and tactical planning and systems implementation activities associated with the business.
5) Establishing, monitoring and enforcing policies and procedure direction, technical standards, methodologies, and priorities.
6) Working with GMACR finance and senior GMACR managers to develop appropriate cost allocations models, IT software development budgets, and cost reductions.
7) Managing IT vendor relationships.
8) Managing, planning and implementing applications development efforts including new and legacy systems, enhancements and maintenance.
9) Overseeing business requirement analysis and implementation, managing priorities, and ensuring standards of excellence and user satisfaction.
10) Providing cutting edge and relevant technology expertise for business development purposes to ensure a competitive edge.
11) Providing strategic and tactical planning, development, evaluation, and coordination of the information technology applications
13
D. Information Security Program and Policy.
See Attachments III for complete Information Security Program and Policy
• | IT PRICING TERMS : |
IT Administrative Services invoice will be prepared on a monthly basis reflecting services delivered to the Bank from IT detailed in the above service level agreement elements in addition to specific depreciation related to pertinent hardware, software licenses and software development as illustrated below.
Area |
Service |
Cost Basis | ||
Operations
Architecture & Design
Business Office
Project Management |
System Admin, Data Cr Ops, Call Center / Telephony Engineering, Security Engineering, Client Server / CTI Engineering, Application helpdesk, PC helpdesk, Data Security, PC desk side support, Telephone desk side support. |
Actual cost center expenses derived from monthly services delivered.
| ||
Application Support & Enhancements - Smartstream | One dedicated Resource for Support and Enhancement of Smartstream. | Actual cost center expenses derived from monthly services delivered. | ||
GMACR IT Administration ** |
Client Relationship/Project Mgmt, Project Office Admin, IT Security, Architecture & Design, Infrastructure Operations. | Based upon actual expenses – derived from % of total personnel time allocated. | ||
Depreciation | Wholesale Technology HW/SW/SW Dev Depreciation | Actual monthly P & L amortization expenses as derived from fixed asset ledger for identified assets. |
14
(3) | Finance/General. |
Maintain appropriate records of all GMAC Bank activities hereunder and make such records available for inspection by the Bank, by counsel, regulators, auditors and authorized agents of GMAC Bank, upon prior written notice at any time during normal business hours. Consult with GMAC Bank and furnish advice and recommendations with respect to Generally Accepted Accounting Principles/Financial Reporting issues.
(A) Accounting Information Systems (AIS). Daily monitoring of transaction feeds to General Ledger system. General Ledger system use, maintenance and user support. Ad hoc report preparation and testing as requested by GMAC Bank.
(B) Accounts Payable. Pay all authorized bills and charges incurred by GMAC Bank in the operation of its business, Invoice imaging and retrieval, 1099 processing, positive pay file procedures, vendor file maintenance and customer service related to all.
(C) Default. Preparation of OTS Schedules VA and PD quarterly, classification of assets, delinquency reporting, adequacy of loan loss reserves, other analysis and reporting as requested. Provide support for regulatory examinations and Audits. Provide support to GMAC Bank officers and staff for financial forecasting of credit loss and delinquency trends.
(D) Enterprise Reporting Accounting. Preparation of reconciliation for the following products in accordance with generally accepted accounting principles: Home equity Loans, Home Equity Lines, Home Equity Purchase Premium general accounts and Accrued Interest Receivable. Research and clearing of reconciliation items via journal entry.
(E) Fixed Assets. Load Fixed Assets to the system, perform Fixed Asset Reporting and monthly file maintenance and processing of journal entries.
(F) Lending Accounting. In accordance with generally accepted accounting principles, provide daily processing of loans purchased and sold by GMAC Bank as well as preparation of all necessary journal entries to record these transactions. Identification of loans on Bank’s balance sheet for elimination entries. Preparation of journal entries to record loan activity not related to sales or purchases.
(G) Tax. Prepare for execution, cause to be filed and pay such income, franchise, personal property or other tax returns and filings of GMAC Bank as shall be required to be filed by applicable law and/or as governed by agreements with affiliates. Provide tax planning advice where applicable and prepare tax accrual information as necessary to satisfy quarterly and annual estimated payments.
PRICING TERMS :
(A) | Accounting AIS. Daily monitoring of transaction feeds, Smartstream system use, maintenance and user support will be based on a monthly charge of $3,850.00. Ad hoc reporting preparation and testing and other consulting services as required will be billed at an hourly rate of $50. This rate includes salaries of varying staff levels providing services, plus benefits @ 30% divided by 2,080. The rate will be multiplied by the hours per month worked on behalf of GMAC Bank. |
15
(B) | Accounts Payable. Services are priced on a per invoice charge of $3.25/invoice. This amount is marked up by 10% to obtain the final cost of $3.58 per invoice. |
(C) | Default. Charges will be assessed for services provided based on an hourly charge of $50. This rate includes salaries of varying staff levels providing services, plus benefits @ 30% divided by 2,080. The rate will be multiplied by the hours per month worked on behalf of GMAC Bank. |
(D) | Enterprise Reporting Accounting. Charges will be assessed for services provided based on an hourly charge of $50. This rate includes salaries of varying staff levels providing services, plus benefits @ 30% divided by 2,080. The rate will be multiplied by the hours per month worked on behalf of GMAC Bank. |
(E) | Fixed Assets. Charges will be assessed for services provided based on an hourly charge of $50. This rate includes salaries of varying staff levels providing services, plus benefits @ 30% divided by 2,080. The rate will be multiplied by the hours per month worked on behalf of GMAC Bank. |
(F) | Lending Accounting. Charges will be assessed for services provided based on an hourly charge of $50. This rate includes salaries of varying staff levels providing services, plus benefits @ 30% divided by 2,080. The rate will be multiplied by the hours per month worked on behalf of GMAC Bank. |
(G) | Tax. Charges will be assessed for services provided based on an hourly charge of $50. This rate includes salaries of varying staff levels providing services, plus benefits @ 30% divided by 2,080. The rate will be multiplied by the hours per month worked on behalf of GMAC Bank. PWC or other applicable professional fees will be passed through to the Bank without xxxx-up. |
16
(4) Treasury.
Provide daily cash and treasury management services as directed by GMAC Bank Treasurer, including daily reserve calculations, loan funding and wire activity as required by GMAC Bank in the operation of its business; Accurately record and report the cash position and results of GMAC Bank to Bank management. Provide short, medium and long term cash forecasting for three-year business model, as required by GMAC Bank ALCO. Provide necessary information required to complete quarterly thrift financial report. Assist/advise in interest rate risk analysis as required by OTS TB 13A; assist in analyzing results with Bank Treasury to ensure compliance with GMAC Bank’s Asset/Liability Committee guidelines.
• | PRICING TERMS : |
1) | Third-party direct expenses related to GMACB Treasury activities, including but not limited to, funding and cash management activities, will be passed directly to GMAC Bank cost centers without xxxx-up. |
2) | Refer to Attachment I, Treasury catalog of services for pricing terms. |
17
(5) Capital Markets.
(A) | Where requested by GMAC Bank, assist in the development and introduction of new loan products/programs; |
(B) | At the direction of GMAC Bank, execute trades into the secondary market, maintain relations with brokerage firms, investment bankers, government agencies and all other customer relationships as required; |
(C) | At the direction of GMAC Bank (which direction shall be given within a reasonable timeframe), negotiate terms for sale/purchase of mortgage loans on behalf of GMAC Bank with investors, correspondents and/or brokers, as applicable; |
(D) | Pursuant to GMAC Bank’s risk management policies, advise GMAC Bank as to the execution of hedging agreements; monitor and manage the market risk exposure associated with decline in interest rates and “fallout” risk associated with GMAC Bank’s mortgage loan programs mutually agreed upon between GMAC Bank and GMAC Mortgage; |
(E) | At GMAC’s Bank’s direction (which direction shall be given within a reasonable timeframe to meet bond Market Association (BMA) deadlines), create Agency pools using best execution model and deliver pools and settle pools according to BMA calendar; |
(F) | Develop and distribute pool/transaction funding detail, sales reports and wire advises to Finance to record transactions. |
(G) | GMAC Mortgage to sell and deliver non-conforming loans on behalf of GMAC Bank (e.g. CRA, home equity) to third-party custodian or whole loan investor. |
(H) | Obtain market price quotation for Home Equity securitizations from investment bankers/dealers to support compliance with 23B within thirty (30) days of trade execution. |
PRICING TERMS:
1. | Fees for services performed by Capital Markets staffs, at the direction of GMAC Bank officers will vary from period to period. Cost will be based on the salaries of the varying staff levels providing the service, benefits at 30%, occupancy and other direct expenses. The total of these expenses will be marked up by 10% and divided by 2080 in order to arrive at an hourly rate. |
2. | Third-party direct expenses related to GMACB securitization activities, including but not limited to, Investment Banking and legal activities, will be passed directly to GMAC Bank cost centers without xxxx-up |
(6) Quality Control- Credit
On a monthly basis Quality Control selects a sample of loans to audit from the total population of funded loans from the previous month for each origination channel. Agency guidelines require a formal post-closing Quality Control process and are satisfied with either a random 10% or a statistical sampling methodology. GMAC Mortgage Quality Control employs a statistical sampling model that provides a 95% confidence level that findings inferred to the overall population are accurate to a 2% margin of error over a 12-month period. In addition to the statistical sample, Quality Control makes additional targeted discretionary loan selections to address identified trends or other high risk areas. Quality Control will include a targeted discretionary sample of loans sold to GMAC bank within the overall sample of loans for each origination channel.
18
Technology - Quality Control employs an audit software application to sample loans, record and track findings, and report audit results. Cogent Economics Audit Software, marketed by Cogent Economics. meets the requirements for statistical sampling.
Audit Procedures - Closed loan post-funding review- performed by Quality Control tests each audited file for compliance with investor and company loan programs, underwriting guidelines and policies and procedures as well as fraud detection. Pre-funded review- performed by Quality Control tests the above.on a targeted selection of loans prior to funding. Cogent software records, tracks, and reports audit results.
Audit Exception Follow Up - On a weekly basis, Quality Control reports significant audit findings to the appropriate origination channels for feedback and follow up. All business units typically have 30 days to respond (or until end of audit period which is generally 20 business days) to the findings. Once responses are received, they are evaluated with any resolved items being noted. Audit findings with no response after 30 days are considered as concurrence with the findings.
Reporting - Quality Control issues monthly management reports to report overall audit results for each origination channel within 60 days of the end of a production month. Quality Control will prepare a special report for GMAC Bank to report findings from all origination channel audits of loans sold to GMAC Bank.
Record Retention - Quality Control maintains audit work papers for two years following the completion of an audit. Management reports are maintained indefinitely.
19
Timing - Pre-funded audits reports will be provided by the 15th of the following month; Quality Control typically conducts post-funded new loan production audits on the following time frame:
Segment |
Audit Procedure |
Timing |
Time Line | |||
1 | Capture funded loan data, analyze funded loan data and select audit samples. | 3 working days following close of month | 3rd day | |||
2 | Order and receive selected loan files from Records Management. | 4 to 40 working days to receive requested files | 4th day to start, 45thth day to complete | |||
3 | Prepare and audit selected loans | File audits completed within 45 days of the close of the month. Audit period consists of 20 working days | 15th day -45th day | |||
4 | Compile, review and finalize findings including any feedback or response from channel. | 16th day-55th day | 55th day | |||
5 | Prepare final report and distribute to channels and Bank management | 5 days | 60th day | |||
6 | Management response due back to Quality Control | 30 days | 90th day |
• PRICING TERMS:
Quality Control is prepared to deliver the described services at the following fees:
Description of Service |
Cost per File | |
Loan file audits and reporting | $95 per file reviewed* | |
Appraisal Review on 10% of loans audited with appraisals | Actual cost (averages $165 per appraisal review) | |
Credit reports as needed at the auditor discretion | Actual cost (averages $3 per single in-file report) | |
Early Payment Defaults1 | $95 per file reviewed * | |
Repurchase Requests | $95 per file reviewed * | |
Special Investigations | Negotiated as required | |
Special Projects and Reported | Negotiated as required | |
|
* | The cost per file is determined using a blend of in-house and outsourced audits as well as administration costs. |
1 | Early Payment Default Reviews are similar to New Loan Production Reviews except that the Regulatory Compliance segment of the review is replaced with a review of Servicing Transcripts. |
20
(7) Quality Control—Compliance
On a monthly basis Compliance Audit & Testing (CAT) selects a sample of loans to audit from the total population of funded loans from the previous month for each origination channel. CAT employs a statistical sampling model that provides a 95% confidence level that findings inferred to the overall population are accurate to a 2% margin of error over a 12-month period. In addition to the statistical sample, CAT makes additional targeted discretionary loan selections to address identified trends or other high risk areas. CAT will include a targeted discretionary sample of loans sold to GMAC bank within the overall sample of loans for each origination channel.
Technology - CAT employs an audit software application to sample loans, record and track findings, and report audit results. Cogent Economics Audit Software, marketed by Cogent Economics, meets the requirements for statistical sampling, result tracking and reporting for loans tested by the US Residential Finance Group located in Horsham, PA. Loans tested, tracked and reported by the audit team in Minneapolis, MN utilize an MS Access database.
Audit Procedures - Closed loan post-funding review, performed by CAT, includes testing for completeness, accuracy, and validity of the compliance documentation and data and accuracy of information relied upon throughout the transaction of the loan. Processes and controls are tested during audit period with any identified gaps noted for management response and action plan identification. The Compliance testing processes used to confirm first and second mortgages are in compliance with all federal and state laws and regulations, including any applicable agency or investor requirements, policies and procedures as well as fraud detection.
Audit Exception Follow Up - On a weekly basis, CAT reports significant audit findings to the appropriate origination channels for feedback and follow up. All business units typically have 30 days to respond (or until end of audit period which is generally 20 business days) to the findings. Once responses are received, they are evaluated with any resolved items being noted. Audit findings with no response after 30 days are considered as concurrence with the findings.
Reporting - CAT issues monthly management reports to report overall audit results for each origination channel within 60 days of the end of a production month. CAT will prepare a special report for GMAC Bank to report findings from all origination channel audits of loans sold to GMAC Bank.
Record Retention - Quality Control maintains audit work papers for a minimum of two years following the completion of an audit. Management reports are maintained indefinitely.
Timing - CAT typically conducts post-funded new loan production audits on the following time frame:
Segment |
Audit Procedure |
Timing |
Time Line (respective to loan | |||
1 | Capture funded loan data, analyze funded loan data and select audit samples. | 3 working days following close of month | 3rd day | |||
2 | Order and receive selected loan files from Records Management. | 4 to 20 business days (following loan close) to receive requested files | 4th - 45th day | |||
3 | Prepare and audit selected loans | Audits completed within 45 days of the close. Audit period consists of approximately 20 business days | 15th day - 45th day |
21
4 |
Compile, review and finalize findings including any feedback or response from channel. | 16th day - 55th day | 55th day | |||
5 |
Perform root cause analysis. Discuss root cause and preliminary result findings with BURMs. | Root cause starts approximately the 16th day – 55th day Allowing a maximum of one week after all final feedback received from the origination channels | 55th day | |||
7 |
Prepare final report and distribute to channels and Bank management | 60th day; allowing 5 days for report preparation | 65th day | |||
8 |
Management response due back | 30 days following final report disbursement | 90th day |
• | PRICING TERMS: |
CAT is prepared to deliver the described services at the following fees:
Description of Service |
Cost per File | |
Loan file audits and reporting | $95 per file reviewed* | |
High cost test calculator | Incorporated into overall cost | |
Special Investigations | Negotiated as required | |
Special Projects and Reported | Negotiated as required |
* | The cost per file is determined using a blend of in-house and outsourced audits as well as administration costs. |
22
(8) | Strategic Sourcing & Procurement; Corporate Real Estate; and Corporate Security Services. |
Strategic Sourcing & Procurement:
Services can be broken out into two distinct process types, Transaction Processing and Competitive Events. Where requested by GMAC Bank, purchase of goods and services, negotiate contracts or licenses, interact with vendors and others as may be necessary or required by GMAC Bank from time to time, subject, however, to the specific instructions or controls imposed by GMAC Bank.
(A) Transaction Processing is the requisitioning, ordering and fulfilling needs for goods and
services of a recurring nature, including items such as PC’s and office supplies.
(B) Competitive Events are requests for goods and/or services, which require extensive effort to prepare business requirements and negotiate contract provisions, including pricing and compliance. Where requested by the Bank, Strategic Sourcing and/or Corporate Real Estate shall negotiatecontracts, leases and other facility management requirements, deal with vendors, landlords and others as may be necessary or required by the Bank from time to time, or desirable for the conduct of its business, subject, however, to the specific instructions or controls imposed from time to time by the Bank.
Corporate Real Estate:
(A) Provide all necessary services for the management of the Bank’s facilities in compliance with the tenant’s obligations under any leases to which the Bank is a party.
(B) Provide oversight to the Bank’s business continuity program, including, but not limited to: planning, documenting, testing and implementing contingency plans
(C) Provide tenant services that relate to maintaining the office buildings occupied by Bank associates at locations including, but not limited to below. Tenant services include space planning and design, construction management, guard service 24x7, as required by the Bank, building repair and maintenance, janitorial services, equipment repair and maintenance, and equipment and furniture expense.
Facility Locations : |
0 Xxxxxx Xxxxx Xxxxx, Xxxxxxx XX | |
000 Xxxxxx Xxxxx, Xxxxxxx XX |
(D) Provide on and off-site storage, record retention, record retrieval and imaging capabilities for GMAC Bank records. Ensure that record retention is in accordance with OTS guidelines.
Corporate Security:
A. Provide services of a qualified Security Officer (“SO”) and necessary support staffing to the Bank to support senior management in a matrix reporting role within the GMAC organization. The SO’s responsibilities include but are not limited to the following :
• Investigation services for Suspicious Activity Reporting (“SAR’s”)
• Coordination with applicable Federal , State and local law enforcement officials as necessary.
• Direction Definition, maintaining, monitoring, supporting, and measuring the overall effectiveness of the security program and activities.
• Ensure that adequate physical and access control security measures exist to protect the Bank’s associates and assets.
• PRICING TERMS:
Strategic Sourcing & Procurement:
1. | Transaction Processing services costs are actual salaries, benefits @30%, a per-head occupancy and telephone allocation and any other direct cost of providing this service. The aggregation of which will be marked up by 10%. These costs will be charged to the Bank on a pro-rata FTE basis, with the number of Bank FTE’s as the numerator and the number of total enterprise FTE’s as the denominator. |
2. | Competitive Events costs are actual salaries, benefits @30%, a per-head occupancy and telephone allocation and any other direct costs associated with providing this service. The aggregation of which will be marked up by 10%. The total costs associated with this service will be divided by the product of the number of all resources involved in Competitive Events and 2,080 hours. The result will be a per-hour charge that will be applied to the number of hours tracked by Strategic Sourcing & Procurement on Bank-only Competitive Events. |
Corporate Real Estate:
1. | Allocation for occupancy services for Horsham PA sites will be charged to GMAC Bank monthly on a per square foot basis at prevailing rates, plus utilities and maintenance services. This rate will be reviewed for accuracy and reasonableness annually. |
2. | All third party costs of authorized goods and services supporting GMAC Bank space requirements are passed through directly to the Bank without xxxx-up |
Corporate Security:
3. | For security services, a one-half FTE is assumed to be dedicated to the Bank’s security needs. Annualized annual salary, benefits, and allocations for occupancy and telephone are added, divided by 12 to arrive at a monthly amount and multiplied by one-half to obtain the final administrative services charge to the Bank. |
4. | All third party costs of authorized goods and services are passed through directly to the Bank without xxxx-up |
(9) | Legal. |
(A) Where requested by GMAC Bank, provide legal analysis and support as may be necessary or required by GMAC Bank from time to time
(B) Inform and instruct Bank management regarding changes in laws and regulations affecting GMAC Bank;
(C) Assist GMAC Bank in its corporate governance process; and
(D) Retain and manage outside counsel as appropriate to conduct litigation and/or provide assistance in other specialized matters.
• PRICING TERMS:
Services will be billed on a per incident/case basis, tracked by the number of hours worked by the staff attorneys multiplied by an hourly charge of $150. This rate includes salaries of varying staff levels providing services, plus benefits @ 30% divided by 2,080.
All direct third party fees/charges related to GMAC Bank activities will be passed through directly to Bank cost centers without markup.
(10) | Risk Assessment & Assurance (RA&A). |
GMAC Residential and its subsidiaries utilize a risk management process named Risk Assessment & Assurance {“RA&A”}. The objectives of the RA&A function are to document, evaluate and rate operational and compliance risks and develop action plans to close any identified control gaps. RA&A is also responsible for monitoring and reporting the SOX requirements .
The RA&A process reports to the Bank’s Risk Committee for corporate governance support for it’s process. The Risk Committee is comprised of a cross-functional group of senior and mid-level managers from various business units empowered to evaluate the adequacy of the departmental risk reviews and risk ratings to insure safety, soundness and compliance of each department under review.
Services to be performed by RA&A
(A) | The RA&A Department, with approval by the Bank’s Risk Committee, will identify the assessable unit universe based on a risk model that addresses various factors affecting the bank’s individual business units, such as complexity, regulatory oversight, date and rating of last assessment, etc. This assessable unit universe is then used as the basis for the allocation of RA&A resources based on overall risk ratings. |
(B) | Work with the Risk Liaison to complete a departments individual Risk Assessment |
(C) | Identify and document the key risks, controls, gaps and actions plans revealed through the Risk Assessment or Assurance in the Detailed Matrix |
(D) | Develop control testing and documentation standards to meet SOX requirements. |
(E) | Conduct follow-up reviews on semi-annual or annual basis as determined by risk ratings. |
(F) | Provide a quarterly Operations Risk Management Scorecard evaluating the level of operational and compliance risk for the Bank. |
(G) | Assist in development and tracking of key risk metrics. |
(H) | Create action plans, if appropriate to establish or improve controls. |
(I) | Track and provide monthly report of all RA&A action plans, Internal and External audit findings and other risk related pending matters. Action plans associated with self-testing will be reported if risks are significant or are dependant on IT or another department. |
(J) | Thereafter, RA&A will provide and update to the Bank Risk Committee regarding the status of the completion of any outstanding action plans. (The report is also presented to GMAC Residential’s Executive Committee. The Director of RA&A also reports to the Executive Committee on a quarterly basis to discuss progress and material risk related matters.) |
(K) | Prepare an Executive Summary of the results of the Risk Assessment to be presented to the Risk Committee by the Risk Liaison. |
(L) | RA&A will develop a schedule of Assessment or Assurances to be used by Risk Committee to set up scheduled meetings. |
PRICING TERMS:
RA&A charges to GMAC Bank will be for specific Bank legal entity risk assessments and projects based on the approved business plan and other ad hoc project statements of work. These charges will include the costs associated with one bank designated Risk Manager, including salaries
26
of additional staff as deemed necessary from time to time and overhead and general and administrative expense directly attributable to bank assessments. All costs incurred will be charged quarterly.
27
(11) | Credit Policy |
(A) | Create/update product summary matrices; |
(B) | With the Bank’s consensus, author memos relating to all guideline and/or Agency changes and updates. |
(C) | Manage relationships with Agencies (Fannie, Freddie, VA, FHA) on credit related issues |
(D) | Submit bank underwriters for FHA/VA underwriting designations; |
(E) | Provide updates to policy and procedures for all credit related issues; |
(F) | Maintain underwriting manuals for all product types; |
(G) | Provide support on loan level underwriting questions; and |
(H) | Other miscellaneous functions necessary to support and complete the lending process. |
PRICING TERMS:
1. | Charges will be assessed for services based on an hourly rate of $50. This rate is based on the typical salary and benefits of an experienced, mid-level Credit Analyst on an hourly basis, with 10% added for overhead. (Salary data provided by GMACM’s Human Resources Department). |
2. | Third-party direct expenses related to Bank activities will be passed directly to the Bank without xxxx-up. |
28
Exhibit C
GMAC Bank Policy and Procedure – Affiliate Transactions
29
Exhibit B
To Administrative Services Agreement
Confidentiality, Non-Disclosure and Security Requirements
The Xxxxx-Xxxxx-Xxxxxx Act of 1999 (Public Law 106-102, 113 Stat. 1138), as amended from time to time (the “GLB Act”) and the regulations promulgated thereunder impose certain obligations on financial institutions with respect to the confidentiality and security of the customer data of such financial institutions. This Exhibit B to the Administrative Services Agreement sets forth the Confidentiality, Non-Disclosure and Security requirements for confidential information related to customers, including without limitation any “nonpublic personal information” as defined under the GLB Act and regulations promulgated thereunder.
1. | Confidential Information. |
(a) | For the purpose of this Agreement, the “Discloser” is the party disclosing its Confidential Information and the “Recipient” is the party receiving and/or accessing Confidential Information. |
(b) | For the purposes of this Agreement, “Confidential Information” shall mean all information related to customers, including without limitation any “nonpublic personal information” as defined under the GLB Act and regulations promulgated thereunder in oral, demonstrative, written, graphic or machine-readable form, whether or not owned or developed by the Discloser. |
2. | Disclosure and Protection of Confidential Information. |
(a) | Discloser warrants that their disclosure of Confidential Information to Recipient is in accordance with applicable state and federal laws and the Discloser’s own privacy policy. |
(b) | Recipient agrees not to use Confidential Information for any purpose other than the fulfillment of Recipient’s obligations to the Discloser. Recipient shall not disclose, publish, release, transfer or otherwise make available Confidential Information in any form to, or for the use or benefit of, any third party without Discloser’s prior written consent. Recipient shall, however, be permitted to disclose relevant aspects of the Confidential Information to its employees, agents and subcontractors to the extent that such disclosure is reasonably necessary for the performance of its functions and/or contractual duties and provided that such disclosure is not prohibited by the GLB Act, and the regulations promulgated thereunder or other applicable law. Recipient agrees that it will not use non-public personal information about Client’s customers in any manner prohibited by the GLB Act. Recipient agrees that it shall remain fully responsible for any disclosure as set forth in the preceding sentence. Recipient further agrees to advise Discloser promptly in writing of any misappropriation, or unauthorized disclosure or use of Confidential Information which may come to the attention of Recipient, and to take all steps reasonably requested by Discloser to limit, stop or otherwise remedy such misappropriation, or unauthorized disclosure or use. If the GLB Act or other applicable law now or hereafter in effect imposes a higher standard of confidentiality and/or protection to the Confidential Information, then such standard shall take precedence over the provisions of this Section. |
(c) | Recipient will make no more copies of the Confidential Information than is necessary for Recipient’s use. All copies made, in any medium whatsoever, shall be covered by the terms and conditions of this Agreement. |
30
(d) | Each party shall develop, implement and maintain a comprehensive information security program (the “Security Program”) to protect Confidential Information that includes administrative, technical and/or physical safeguards appropriate to such party’s size and complexity and the nature and scope of its activities in compliance with the GLB Act and regulations promulgated thereunder. The objective of each such Security Program shall be to (i) insure the security and confidentiality of Confidential Information, (ii) protect against any anticipated threats or hazards to the security or integrity of Confidential Information that could result in substantial harm or inconvenience to any customer, and (iii) have a program to respond to a security breach and to notify its customers affected by the breach where required by law or regulation. |
(e) | Recipient will ensure that any third party to whom it transfers Confidential Information enters into an agreement to protect the confidentiality and security of Confidential Information in a manner no less stringent than required by this Agreement. |
(f) | Upon request, a party shall provide to the other party information such as audits or summaries of test results demonstrating the effectiveness of its Security Program. |
3. | Return of Materials. |
(a) | All Confidential Information, including copies thereof, shall be promptly returned to Discloser upon request, except that copies may be retained, if required, for legal or financial compliance purposes. |
(b) | Upon termination or expiration of the business relationship and/or Contract, all Confidential Information, including copies thereof, shall be promptly returned to such party or destroyed, except that copies may be retained, if required, for legal or financial compliance purposes and the terms and conditions of this Exhibit shall continue to apply for the period such information is retained, notwithstanding any termination or expiration of the Agreement. |
(c) | Recipient shall implement and monitor procedures to comply with Fair and Accurate Credit Transactions Act of 2003 (Public Law 108-159, 111 Stat. 1952), as amended from time to time (the “FACTA”) and implementing regulations concerning the safeguarding and disposal of Confidential Information. Such policies and procedures shall include, but are not limited to, destroying records and files containing Confidential Information. All such paper records will be shredded and all electronic or digital records and files will be erased or otherwise rendered unreadable in a way that prevents records and files from being practically read or reconstructed. Recipient will provide Discloser with all information that Discloser reasonably requests regarding the disposal of records and files containing Confidential Information including, but not limited to, relevant portions of Discloser’-s information security policies and procedures. |
31
GMAC Bank
Information Technology Infrastructure Operations
Service Agreement
Version 1.0
February 21, 2003
GMAC Bank IT Service Agreement
Table of Contents
1 |
INTRODUCTION | 3 | |||||
1.1 | PURPOSE AND SCOPE |
|
3 | ||||
2 |
IT OPERATIONS SERVICES STRATEGY |
4 | |||||
2.1 | IT OPERATIONS SERVICES OBJECTIVES |
|
4 | ||||
2.2 | SERVICE CATEGORY SUMMARY |
|
5 | ||||
2.2.1 | Essential Services Category |
|
6 | ||||
2.2.2 | Production Services Category |
|
6 | ||||
2.2.3 | Mission Critical service category |
|
6 | ||||
3 |
DESCRIPTIONS OF IT OPERATIONS SERVICES |
7 | |||||
3.1 | CLIENT SERVICE MANAGEMENT |
|
7 | ||||
3.1.1 | Customer Support Services |
(IT Service Desk) |
7 | ||||
3.1.2 | Service Management | 7 | |||||
3.1.3 | Request Management |
(IMAC) Services |
8 | ||||
3.1.4 | Desk-side Support Services |
|
8 | ||||
3.2 | COMPUTING SYSTEMS MANAGEMENT |
|
9 | ||||
3.2.1 | System Status Monitoring |
|
9 | ||||
3.2.2 | Application Monitoring |
|
10 | ||||
3.2.3 | Capacity Management | 10 | |||||
3.2.4 | System DBMS Monitoring |
|
11 | ||||
3.2.5 | Performance Management |
|
11 | ||||
3.2.6 | Printer Definition and Queue Management |
|
12 | ||||
3.2.7 | Workload Management |
|
12 | ||||
3.3 | HARDWARE CONFIGURATION MANAGEMENT |
|
12 | ||||
3.3.1 | Hardware Support and Maintenance |
|
13 | ||||
3.3.2 | Hardware Upgrade & Refresh Services |
|
13 | ||||
3.3.3 | Local High- Availability Support |
|
13 | ||||
3.4 | IMPLEMENTATION, INTEGRATION & TESTING |
|
13 | ||||
3.5 | SECURITY MANAGEMENT |
|
14 | ||||
3.5.1 | Data Protection Services |
|
14 | ||||
3.5.2 | User ID Maintenance and Password Issuance |
|
14 | ||||
3.5.3 | Internal/External Threat Protection |
|
14 | ||||
3.5.4 | Application File Resource Controls |
|
15 | ||||
3.5.5 | Audit Compliance Services |
|
15 | ||||
3.5.6 | Incident and Compliance Management |
|
15 | ||||
3.5.7 | Security Awareness | 15 | |||||
3.5.8 | Physical Security Services |
|
16 | ||||
3.6 | SOFTWARE CONFIGURATION MANAGEMENT |
|
16 | ||||
3.6.1 | System Product Installation and Problem Resolution |
|
16 | ||||
3.6.2 | Web Support | 16 | |||||
3.6.3 | System Software Maintenance |
|
17 | ||||
3.6.4 | Software Refresh | 17 | |||||
3.6.5 | Custom Product Support |
|
17 | ||||
3.6.6 | Local High- Availability Support |
|
18 | ||||
4 |
DESCRIPTIONS OF IT NETWORK SERVICES |
19 | |||||
4.1 | NETWORK SERVICES |
|
19 | ||||
4.1.1 | Dial-up Networking | 19 | |||||
4.1.2 | Firewall | 19 | |||||
4.1.3 | FTP – File Transfer Protocol |
|
19 | ||||
4.1.4 | IDS – Intrusion Detection System |
|
19 |
4.1.5 | IP Address Management | 19 | ||||
4.1.6 | RADIUS - Remote Authentication Dial In User Service |
19 | ||||
4.1.7 | Routers | 20 | ||||
4.1.8 | SONET | 20 | ||||
4.1.9 | Switches | 20 | ||||
4.2 | WEB SERVICES | 20 | ||||
4.2.1 | Websense | 20 | ||||
4.2.2 | CacheFlow | 21 | ||||
4.2.3 | VPN – Virtual Private Network |
21 | ||||
4.2.4 | Foundry ServerIron Switches |
21 | ||||
5 |
DESCRIPTIONS OF IT TELECOMMUNICATION SERVICES | 22 | ||||
5.1 | TELECOMMUNICATIONS | 22 | ||||
5.2 | ADDITIONAL TELECOMMUNICATION SERVICES |
22 | ||||
5.2.1 | Videoconferencing | 22 |
GMAC Bank IT Service Agreement
1 Introduction
1.1 Purpose and Scope
The purpose of this document is to provide descriptions of the IT services that GMAC Residential IT Operations, or its approved vendor(s), will provide to assist GMAC Bank in supporting their application and computing platforms.
Services are described, but are not intended to assign or commit IT Operations to specific, service metrics, or service levels.
In the context of this document, “mid-range” applies to all Windows NT/2000, HP-Unix, and Sun (Unix) server platforms.
Where requested by GMAC Bank, provide internal information technology services necessary for the operation of GMAC Bank’s business and, in connection therewith, purchase and maintain computer hardware, software, databases and all computer networks necessary to permit GMAC Bank to conduct its activities in a professional manner and service its clients and others with whom it may deal. GMACR represents and warrants to GMAC Bank that all of the data and other information obtained by GMAC Bank from its clients or others with whom it deals shall be held in strict trust and confidence and shall only be accessible by persons engaged in the operation of GMAC Bank’s business, unless otherwise specifically consented to in writing by GMAC Bank. GMACM acknowledges that a high level of confidentiality is necessary in order for GMAC Bank to compete effectively for clients and to have its reports acceptable to financial institutions and others for whom they are intended. GMACM will, therefore, secure such information and data within GMAC Bank’s information system so that it will not be accessible by unauthorized persons.
GMAC Bank IT Service Agreement 05/08/09 | Page 3 of 23 |
GMAC Bank IT Service Agreement
2 IT Operations Services Strategy
GMAC IT Operations services are designed to address most corporate needs for Information Technology to support the GMAC Bank. The three service categories are designed with different business profiles in mind, as described in the following table. GMAC Bank has applications and business platforms that fall into each of the three categories described below.
2.1 IT Operations Services Objectives
Essential |
Production |
Mission Critical | ||||
Category Profile |
Systems for development and basic services. | Vital, departmental and corporate support systems | Production systems critical to support business-to-customer applications. | |||
Application Profile |
Stable, predictable growth |
Corporate and departmental applications for Accounting, Payroll, ERP, reporting, mail, and document management. | Core systems for Mortgage, Home Services, Banking, and financial services. Customer facing systems for web access, communications, and customer support. | |||
Service Support Coverage |
Business Hours, Monday-Friday |
Monday-Friday, 8 AM to 8 PM ET |
Onsite during Business Hours, Monday-Friday. On-call support 24x7. | |||
System Availability |
Availability scheduled by application development teams
Backup system is not required. Test and development systems may be used for recovery. |
98% availability of planned uptime
Fail-over systems available in warm standby configuration. Model or Test systems may provide hardware backup. |
99.5% availability of hours of service monthly
Local high-availability configurations required. Identical configured system provides automatic fail-over or hot standby. | |||
Operations Support |
Business Hours, Monday-Friday |
Onsite Operator and Systems Administration Monday-Friday 0000-0000 On-call support 24x7 |
Onsite Operator and Systems Administration Monday-Friday, 0000-0000 On-call support 24x7 | |||
Typical Recovery Objective |
Less than 48 hours, if failure during business hours | Less than 8 hours | Less than 4 hours |
GMAC Bank IT Service Agreement 05/08/09 | Page 4 of 23 |
GMAC Bank IT Service Agreement
2.2 | Service Category Summary |
The various available IT Operations services are summarized in the table below. The first column lists service objectives for the Essential services category. The second column, Production support services, includes all services provided in the Essential list, as well as the additional services listed in this column. Services in the Production category may be customized by the creation of specific service level agreements between IT Operations and GMAC Bank. The third column lists Mission Critical services, which include all services provided in the Essential and Production, as well as additional services defined by specific service level agreements between IT Operations and GMAC Bank.
IT SERVICE OFFERINGS FOR SERVICE CATEGORIES | ||||||
Essential |
Production |
Mission Critical Production | ||||
Systems Support Services | • Implementation, Integration & Test • Systems Management • - System status monitoring • - Compute operations automation • - System backup and recovery • • Software Configuration Management • - System product installation • - System problem resolution • - System software maintenance • - Upgrade services • • Hardware Configuration Management • - Hardware support and maintenance • - Upgrade services • • Security Management • - Data protection software services • - User ID & Password issuance • - Physical security services • - Internal/external threat protection • - Application resource controls • - Audit compliance services • - Compliance reporting • - Incident reporting |
• • All Essential Systems Services • PLUS + • • Systems Management • - System DBMS monitoring • - Capacity management • - Performance management • - Printer and queue management • • Software Configuration Management • - Upgrade services • - System database (DBMS) support • • Hardware Configuration Mgmt • - Upgrade services • - Supplier service level mgmt |
• • All Production Systems Services • PLUS + • • Systems Management • - Application monitoring • • Software Configuration Management • - Refresh services (early adoption) • - Custom product support • - Local high-availability support • • Hardware Configuration Management • - Local high-availability support • • Disaster Recovery | |||
Professional Services | • • Client Service management • - Request management • - Business hours operational support • - Change management • - Problem management • - Service level management • • Business continuity • - Off-site tape storage |
• • All Essential Professional Services • PLUS + • • Client Service Management • - Multi-site request coordination • - Continuous operational support • - Standard service reviews & reporting • • Business continuity • - Documented recovery action plan • - Disaster recovery testing |
• • All Production Professional Services • PLUS + • • Client Service Management • - Global request coordination • - Custom service reviews and reporting • - Annual system/application audit |
GMAC Bank IT Service Agreement 05/08/09 | Page 38 of 23 |
2.2.1 | Essential Services Category |
This category is designed for stable business applications with minimal requirements for change, and slow/predictable growth and emerging test and development applications. As such, the underlying technology infrastructure is stable hardware and software configurations with minimal infrastructure redundancy and controlled, managed costs.
Systems supported in the Essential Services Category receive the minimal level of services that IT Operations can provide to ensure operational reliability and stability for the business units and their application platforms.
2.2.2 | Production Services Category |
The services provided in the Production Services Category are designed for vital, departmental and corporate support systems and applications that are critical to a business enterprise.
This section provides a description of the IT support included in the Production Services Category. The IT support services described are the required services.
2.2.3 | Mission Critical Service Category |
The Mission Critical service category was designed for the GMAC Residential enterprise’s most mission-critical systems, which require a customized infrastructure design, implementation, and operation environment due to business requirements for application reliability, availability, and scalability. In addition to the services provided in the Production category, the Mission Critical Service Category provides support for complex software and hardware configurations. This is to provide high availability for business-critical processing requirements.
GMAC Bank IT Service Agreement
3 Descriptions of IT Operations Services
The following is a description of the services that GMAC Residential IT Operations, or its approved vendor(s), will provide to assist GMAC Bank in supporting their application and computing platforms.
3.1 Client Service Management
Client Service Management consists of customer support services (IT Service Desk), Service Management, IMAC Request Management, and Desk-side Support. In addition, operational support coverage, problem management, and change management processes are included.
3.1.1 | Customer Support Services (IT Service Desk) |
Customer Support Services provides a single point of contact for reporting and resolving all IT application and desktop support issues. An established problem management process is used to identify and track all problems and the details of actions taken in response to support issues. This process ensures timely communication of the status and corrective actions. Each support problem is assigned a priority based on the severity of the problem.
IT Service Desk support is obtained through toll-free and local voice and/or e-mail. The IT Service Desk provides routine customer and end-user support between 8:00 AM and 8:00 PM ET. Emergency service failure coverage is provided 24 hours, 7 days.
IT Customer Satisfaction is measured through quarterly surveys distributed to the organization. Initiatives are sponsored as a direct result of customer feedback to improve service and delivery.
3.1.2 | Service Management |
Service Management provides for the facilitation and general support of GMAC Bank enterprise-wide IT Service Failure Management, Crisis Management, and Change Management. Service Management processes provide numerous interfaces for IT interaction with the Business Units at every level, from end-user to the executive management.
3.1.2.1 | Change Management |
Change management utilizes a formal change management process to control changes to the computing platform, network, and infrastructure environments. The IT change management process ensures the proper planning, analysis, communication, and scheduling of hardware, system software, and environmental changes.
Services include:
a) Processes to ensure standard procedures and methods for all changes.
b) Documentation of scheduled changes and status.
c) Assessing the aggregate impact of all changes in a given time period that have a specified risk level.
d) Manage lead-time requirements for all change scheduling.
e) Risk assessment of proposed changes including review of change complexity, dependencies, duration of the change, ease of recovery, potential impact and feasibility of the proposed implementation date.
f) Managing approval or rejection of proposed changes according to established process.
g) Confirmation of all required testing to enable successful implementation of changes
GMAC Bank IT Service Agreement 05/08/09 | Page 7 of 23 |
3.1.2.2 | Service Failure Management |
GMACR-IT recognizes the importance of quickly detecting, communicating, and resolving operational service issues. As part of the IT problem management process, service failure management tracks all service disruptions impacting GMAC Bank IT operations and service delivery. IT uses a process that details the actions to be taken in response to operational issues. This process ensures timely communication of the service failure events, severity level determination, resolution status, and corrective actions taken to restore service.
Service Failure Management includes:
a) Problem management tools and processes for the management of all problems and preventive actions from problem identification through closure, to include problems with systems, processes, and procedures.
b) Preparation and communication of impact statements documenting the cause of the problem, efforts to temporarily correct the problem, root cause analysis and the follow up steps.
c) Escalation of any problems exceeding response threshold based on severity of the problem.
d) Facilitation of a formal crisis management process focused on expediting the resolution and restoration of significant/high impact service disruptions to the business.
Functions of the Service Failure Management processes include:
a) Escalation and monitoring of service failures
b) Evaluating troubleshooting efforts and redirecting as necessary
c) Daily and weekly enterprise-wide meetings to address Service Management issues
d) Daily and weekly Service Failure reports
e) Maintaining the IT Escalation Document
f) Maintenance of Service Management Documentation
g) After-hours coverage by on-call staff
3.1.3 | Request Management (IMAC) Services |
Request management services include the coordination of receiving and processing IMAC (Installation, Move, Add, or Changes) requests for voice and data equipment and associated peripherals. Examples include requests for PC hardware installations, adding/deleting telephone extensions, and completing workstation moves.
Services include:
a) Facilitating the receipt and execution of requests
b) Understanding of request requirements to ensure deliverables and timeframes are being met.
c) Communicating issues, concerns, and request schedules
d) Tracking purchase requests
e) Coordinating new loan officer information
3.1.4 | Desk-side Support Services |
Desk-side services encompass support of all GMAC Bank workstation equipment that includes PC’s, telephones, and associated peripherals. Services include response and resolution to desktop incidents reported through the IT Service Desk and support of IMAC requests through Request Management.
Services include:
a) Installations, moves, additions, and changes of telephony equipment such as: changing telephones and features, installing new telephone sets and lines, moving telephones, removing and disconnecting telephone sets and lines, adding voice mail boxes, and changing voice mail features.
b) Installations, moves, additions, and changes of desktop hardware and peripherals.
c) Workstation investigation, analysis, and resolution of desktop problems
d) Management and coordination of mail-in/on-site hardware repair and restoration of faulty or malfunctioning components to restore to operational status
e) Installation and testing of workstation equipment
3.2 | Computing Systems Management |
Systems management is the processes and procedures for monitoring, evaluating, and reviewing the compute operations to ensure operational requirements are met. These services include Server Administration, Server Operations, system monitoring, workload automation, management of application and infrastructure systems, and business continuity.
3.2.1 | System Status Monitoring |
The system status monitoring service provides the operational support processes and procedures required for monitoring midrange compute environments for the delivery of a stable, reliable functional environment that meets client business and operational requirements.
Services include:
a) Performing systems operation functions such as power on/off, start/stop/reset device intervention.
b) Performing system consoles monitoring and associated actions.
c) Monitoring environmental controls, where possible and taking actions based on detected problems or issues.
d) Co-ordination with suppliers, where possible, to resolve compute environment problems.
Business Continuity
Business continuity services include planning, testing and support processes for the recovery of the operating environment due to a site disaster. Business continuity, also referred to as contingency planning, recovery planning, business resumption planning, or disaster recovery planning, includes documented recovery plans, off-site storage of backup and recovery media, annual disaster recovery drills, and electronic data recovery services. These services are provided in concert with the GMAC Residential Corporate Business Continuity Department and with Business Units and data owners.
3.2.1.1 | System Backup and Recovery |
System backup and recovery services provide operational support and management processes to meet operating system and related system software requirements for data availability, accessibility and retention.
Services include:
a) Monitoring, verification and escalation of issues as necessary for operating systems and related system software backups and authorized restores
b) Operational support processes for performing operating system and related system software recoveries as required to resolve software and hardware problems
c) Operational support processes for managing manual and automated tape mounts.
d) Adjustment of data backup and restore plans as new components are added to the system or availability requirements change.
e) Maintenance of the tape library to ensure the integrity of the media and storage location to include scratch and foreign tapes
f) Media maintenance including media reliability evaluation and aging and replacement processes.
g) Co-ordination of the procurement of expendable supplies (tapes, cleaning supplies, etc)
h) Off-site media storage for retention and recovery.
3.2.1.2 | Off-site Tape Storage |
Off-site tape storage service includes the support processes necessary to store data in a secure offsite location for recovery purposes. Retention of backup tape volumes will be in accordance with GMAC Policies and Procedures and as directed by GMAC Residential Tape and File Retention Policies.
Services include:
a) Tape handling to prepare tapes for shipment to the off-site tape vault
b) Providing offsite vault storage for backup and recovery media
c) Transporting of backup and recovery media to and from the vault
d) Providing a mechanism for specifying which tapes are to be sent or returned from the vault.
e) Annual audit of off-site storage location and tape storage.
3.2.1.3 | Recovery Plan Documentation |
The production business continuity service maintains a plan for recovering the midrange operating system and related system software. IT will work with the business units to define the appropriate software recovery plans. The plans can be tailored to the solution, defining the backup schemas, critical components, and test plans based on the specific workload.
Services include:
a) Maintaining documented recovery procedures for restoring the operating system and related system in the event of a disaster.
b) Annual review of midrange environment to ensure that the operating system data backup and off-site storage rotation schedules meet recoverability objectives.
3.2.1.4 | Disaster Recovery Testing Service |
This service provides full testing of the documented recovery action plans. Testing verifies that the Business Continuity/Disaster Recovery Plan meets business requirements. It can also be used to evaluate how well the recovery plan integrates with the various other service providers to provide timely recovery from a disaster. When requested, network connectivity, the application team, and a sub-set of the end-user base may be involved to test the ‘recovered’ environment. After each test is complete, IT Operations and Corporate Business Continuity representatives identify any deficiencies encountered. Lessons-learned evaluations are used to recommend enhancements and additions to the recovery plans, if required to meet business application recovery objectives.
Services include:
a) Annual recovery testing for all Mission Critical applications.
b) Restoring the operating environment from the data backups.
c) Verifying and testing operating environment functionality.
d) Escalation to application team and end user base for testing time as required.
e) Disengagement of the operating environment software from the recovery site.
f) Providing annual drill report to include recommendations on procedural changes that can make data restoration time frames more cost effective while meeting realistic recovery requirements.
3.2.2 | Application Monitoring |
The Application Monitoring services provided by IT Operations supplements the application monitoring functions of the IT Application Support and Business Unit support organizations. Application Monitoring service provides automated monitoring and failure detection for pro-active service level management.
Application Monitoring Services include:
a) Configure, install and test systems monitoring agents for use in application platform performance and capacity management.
b) Configure, install, and test, system management automation agents.
c) Monitoring and managing the application operating environment and support infrastructure.
3.2.3 | Capacity Management |
Capacity management services include: the planning for and monitoring of system usage and capacity, both short-term and long-term, forecasting resource requirements, and analyzing and reporting resource trends. The IT capacity management processes use metrics and reports that will enable a clear understanding of overall performance and trends. IT uses this information during decision-making reviews and on-going trend analysis to make recommendations to the IT Architecture and Design organization. These services enable greater efficiency and reduce consumed computer resources.
Services include:
a) Resource usage analysis including tracking, trending and graphically illustrating resource usage by CPU, memory, I/O, storage, and tape consumption.
b) Providing standard utilization and trending reports plus analysis to understand changing resource usage and apply to anticipate future needs.
c) Capacity modeling to project the effects of new business and workload changes. IT performs capacity modeling on an “as needed” basis such as, when new client business or application growth is anticipated, when substantial changes to existing business are anticipated or when substantial configuration (hardware/software) changes are performed within the systems.
3.2.4 | System DBMS Monitoring |
The DBMS monitoring services provided by IT Operations supplement the DBMS monitoring functions of the IT Application Support/database administrators.
IT Operations DBMS Monitoring Services include:
a) Providing monitoring to ensure DBMS availability following established start and stop times
b) Manipulating operating system resources to meet defined schedules and or requests from the IT Applications Support/DBA organization and Business Units.
c) Monitoring DBMS platforms and infrastructure to detect potential problems and ensure that service and performance level objectives are achieved.
3.2.5 | Performance Management |
The Performance Management processes include defining reasonable and measurable performance metrics, documenting performance-monitoring methods, and implementing the monitoring activities and reporting results.
Performance management services include the support processes that collect, monitor, and analyze system performance information, including CPU utilization, I/O activity, disk usage, and memory utilization. As needed, performance changes are implemented according to the change management process to modify the configuration and tune the system to optimize the effectiveness and efficiency of the midrange environment.
Services include:
a) Maintaining operating system parameters to manage performance and workload throughput.
b) Managing exception thresholds for the operating system and major components to assist in establishing monitoring alerts.
c) Monitoring real time performance using system management tools to resolving system resource and performance problems.
d) Collection of performance data dynamically to assist in problem determination.
e) Analyzing historical performance data to isolate or identify potential performance issues.
f) Recommending workload allocation changes to resolve performance problems.
3.2.6 | Printer Definition and Queue Management |
Printer Definition and Queue management services provides the support and processes as required to define printers to the systems and to manage print queues to resolve problems in the queues through purging and resetting print jobs and queues. Problems are reviewed and actions taken as required in accordance with the problem management procedure. Manual manipulation of print jobs within the queue is not included.
Services includes:
a) Printer definition processes
b) Management of throughput of print queues
c) Problem resolution to include resetting or purging jobs and/or switching to backup processes, as needed.
3.2.7 | Workload Management |
This function provides workload management services to include support for batch scheduling and batch monitoring to ensure production batch cycles complete in required time frames.
3.2.7.1 | Batch Scheduling |
Batch scheduling involves the activities associated with defining and maintaining the execution requirements of an application’s batch processing. The objective of production batch scheduling is that all pre-defined application cycles execute in the proper sequence with cycle completion realistically scheduled within the defined processing windows.
Services include:
a) Maintaining a list of all batch-processing schedules.
b) Performing day-to-day maintenance and operational support of batch processing.
c) Performing additions, changes, or deletions to the scheduled batch workload as requested by application support, database administrators, and server administrator personnel
d) Assisting the application team in performing batch scheduling or cycle flow problem determination.
3.2.7.2 | Batch Monitoring |
Batch Monitoring provides the support processes necessary to monitor application batch cycle and in the event of abnormal termination restart the execution of the scheduled batch processing based on pre-defined instructions or escalate to the application team as necessary. The batch monitoring services does not include monitoring the execution of end user submitted jobs.
Services include:
a) Monitoring resource availability, abnormal termination, and cycle start and end times for scheduled batch processing.
b) Performing or assisting the application team in performing production batch restarts and reruns
c) Assisting the application team in resolution of abnormal termination due to system abnormalities.
3.3 | Hardware Configuration Management |
Hardware Configuration Management provides services for installing and maintaining the compute configurations to meet changing requirements for compute resources and maintains the configuration plan to meet business requirements.
3.3.1 | Hardware Support and Maintenance |
Hardware support provides the support services necessary to enable compute equipment to be installed, maintained, and operational based on a stable compute platform. Hardware maintenance provides the support services necessary to enable compute maintenance based on a stable compute platform.
Services include:
a) Maintaining installed hardware base
b) Providing hardware problem resolution, including interfacing with hardware suppliers for problem isolation and resolution.
c) Monitoring midrange compute hardware, including processors, storage, and peripherals for malfunction. Escalating hardware-related malfunctions to the supplier for resolution.
d) Supporting change management and hardware support processes, including coordinating supplier requirements, to allow suppliers to execute midrange compute hardware maintenance processes.
e) Managing midrange hardware maintenance requirements based on the manufacturer’s recommended schedule.
f) Coordinating and providing installation support hardware corrective maintenance requirements with suppliers.
g) Maintaining documentation of hardware configurations, including equipment placement, cabling, fiber, and connectivity details.
3.3.2 | Hardware Upgrade & Refresh Services |
The Essential service includes hardware upgrade services for replacing existing hardware components.
Services include:
a) Planning and installation coordination, including hardware shipping and receiving of midrange compute hardware and environmental equipment.
b) Updating documentation of hardware configurations, including equipment placement, cabling, fiber, and connectivity details as hardware configurations are upgraded and/or replaced.
3.3.3 | Local High-Availability Support |
Local high-availability services provide the processes and support staff to support redundant server and storage configurations that are clustered together in the same physical site to support continuous availability requirements.
Services include:
a) Managing the platform solution configuration requirements to meet availability requirements and remove single points of failure from the compute configuration.
b) Subject matter expertise to manage and monitor the operational environment.
c) Coordinating supplier non-disruptive maintenance processes to ensure the integrity of the hardware components of the compute configuration
3.4 | Implementation, Integration & Testing |
Implementation, Integration and Test services include the start-up activities necessary to support a new compute environment, or a complete replacement of an existing compute environment. These services include obtaining, assembling, deploying, installing, customizing and tuning products; performing integration and acceptance testing; and preparing for ongoing production support services.
Services include:
a) Review of implementation requests and compute platform solution designs to verify understanding of the requirements.
b) Interaction with network providers to ensure proper integration of server platform configurations and the network requirements.
c) Validation of hardware and system-level software product selections (such as the operating system, and non-application software) is obtained.
d) Resolution of support issues or implementation concerns through the change management process.
e) Installation and configuration of system-level software according to the requirements defined in the platform solution design.
f) Final reviews of the implementation to ensure the requirements have been met. Based on the final review, a production implementation go-live date is determined. Full support of IT Operations services begin at implementation.
3.5 | Security Management |
Security Management services includes the support processes necessary to provide information security for the corporation’s customer and associate data. Security processes, policies, and practice will be in accordance with the GM Information Security Policy and Practices (ISP&P). The range of security management services includes the support processes necessary to provide security for the client and associate data.
Security Management Services include:
a) Data protection services
b) User ID maintenance and Password issuance
c) User problem resolution
d) Internal/external threat protection
e) Incident and compliance management services
f) Application file resource controls
g) Security Awareness
h) Physical security support
3.5.1 | Data Protection Services |
Data Integrity protection services utilize processes to ensure controlled user access on each system.
Data Protection Services include:
a) Processes and procedures to maintain base operating system data integrity protection software product options.
b) Identification and implementation of software parameters to meet the security policy requirements as available on the specific operating system environment.
c) Security event monitoring and reporting.
d) Intrusion detection.
3.5.2 | User ID Maintenance and Password Issuance |
This service provides associates and vendors with processes and procedures to maintain unique user identification (IDs) and password control access into the GMACR environment. The security administrator will process requests submitted by an authorized user for access to the system and applications. The user is responsible for maintaining and changing their password in accordance with the IT security policy.
User ID and Password Services include:
a) Processing authorized requests to create, delete or change a user ID from an authorized submitter.
b) Provides the avenue to receive and respond to user problems in the areas of sign-on difficulties, password resets, and Logon/Login/Sign-on assistance.
3.5.3 | Internal/External Threat Protection |
This service for all platforms, including NT and UNIX, entails the proactive monitoring of resources as well as the assessment of government and vendor bulletins, hot fixes, and patches (e.g., CERT, CIAC, FDIC, FFIEC, OTS,
OCC) to identify any system vulnerabilities that may lead to a security threat. IT determines the severity of vulnerability based on requirements and determines whether to implement the level of control required to mitigate risk or to accept the risk. If extensive implementation requirements must be met in order to mitigate risk associated with a new vulnerability this will be communicated to the client.
Internal/External Threat Protections Services include:
a) Providing processes and resources to review government, operating system vendor and security product vendor bulletins, hot fixes and patches
b) Scan computing environments connected to the GMAC Bank and Residential networks on a regular basis to ensure platform access controls meet security policy standards. This includes all GMAC Bank and GMACR voice and data networks.
c) Investigate the source and extent of incident and assist customer in their investigation efforts.
d) Co-ordinate incident control, investigation and response, and communication to internal and external parties.
e) Co-ordinate virus control, investigation and response, and communication.
3.5.4 | Application File Resource Controls |
The service includes the installation of any required software tools, setting up access parameters and on-going support required to create and maintain application resource controls for the computing environment in accordance with any corporate or application team requirements.
Services include:
a) Providing processes to secure application files according to authorized data profiles submitter specifications submitted with appropriate management approvals.
b) Receiving and responding to user problems in the areas of file access difficulties and security violations.
3.5.5 | Audit Compliance Services |
Audit compliance services provide the support processes and procedures to routinely review, measure, and maintain computing system compliance to GMAC audit compliance standards. The centralized auditing staff applies subject matter expertise to ensure objective assessment of site-supported processes and procedures.
Audit Compliance Services include:
a) An annual assessment of system installation controls to maintain secured operating processes and procedures.
b) Compliance reports to provide observations, recommendations and required actions to maintain conformance to GMAC standards.
c) Provide coordination for scheduled computing systems audits.
3.5.6 | Incident and Compliance Management |
Incident and compliance management provides the ability to detect, contain, investigate, and respond to unauthorized and damaging events as well as monitor and assess conformance to policy and standards. It is the responsibility of the data owner to review incident and compliance management reports.
Services include:
a) Monitor exception reporting of systems events to identify incident occurrences.
b) Monitor and report logged or audited access to a resource.
c) Monitor and report attempted access to a protected resource.
d) Monitor and reporting password violation attempts.
e) Policy enforcement and counseling.
f) Assist in client audits with items related to incident and compliance management services.
3.5.7 | Security Awareness |
Security awareness provides the ability to educate associates in protection of company resources.
Services include:
a) Development and implementation of information security awareness program.
b) Policy enforcement and counseling.
c) Security alerts and communications to end-users (web, e-mail, etc.).
d) Provide monthly security reports to management.
3.5.8 | Physical Security Services |
GMAC Residential IT physical security services include controlling access to the GMAC Residential GMAC Bank locations. Authorized employees are assigned electronically encoded fobs that allow access to the employees general work area. Areas requiring additional security, such as equipment control rooms and raised floor areas have more restricted access controls.
Services include:
a) Maintaining secure database of access authorizations by user
b) Review and follow-up of any physical security violations
c) Security personnel available 24 X 7. Onsite support is provided during normal business hours. Security staff is available on-call during non-business hours.
3.6 | Software Configuration Management |
IT provides software support and installation to midrange compute environments. Software configuration management service provides and maintains software for the operating environment including operating system software and related system software.
3.6.1 | System Product Installation and Problem Resolution |
System product installation and problem resolution provides the operational processes necessary to maintain a stable operation environment in order to meet client operational requirements.
Services include:
a) Planning, installation and upgrade of system-level software (such as the operating system, and other non-application software)
b) Problem resolution including problem determination, interface and escalation with third-party suppliers as required correcting system component problems.
c) Participation in the identification of system problems including connectivity and associated network problems.
d) Inventory and tracking of system-level software components and changes.
e) Performing basic operating system software tuning as required to maintain day-to-day operations.
3.6.2 | Web Support |
Provide web page design support, maintaining links to other GMACM related web sites, including but not limited to XXXXXxxxxxxxx.xxx, xxxxxx.xxx, and XXXxxxxxXxxxx.xxx. Ensure that appropriate security measures are taken when information is exchanged between web sites and that applicable policies and procedures are adhered to.
3.6.3 | System Software Maintenance |
The system software maintenance services provide ongoing maintenance and support for industry current operating platforms, and provide preventative software maintenance services on a periodic basis.
Services include:
a) Reviewing supplier product status and maintenance information to identify current version information and potential problems reported by other users.
b) Installation of preventative maintenance to supported system software products to prevent known problems from impacting the operating environment.
c) Provide communication to application providers for planned changes in product functionality that may impact application support when system software maintenance is applied.
d) Implementing a permanent corrective action with appropriate monitoring procedures to ensure software faults are eliminated from the operating environment.
3.6.4 | Software Refresh |
The Essential Services includes operating system and related system product installation and upgrades necessary to support application and product development.
Services include:
a) Planning, installation and support of operating system and related system software.
b) Research and resolution of software compatibility issues allow migration from the current suite of products to the upgraded products and releases.
c) Identifying software changes that may impact applications and providing information for the application providers to create a test plan if necessary to ensure changes in software functionality do not adversely impact an application.
d) Designing the necessary back-off processes to restore to the former operating environment in the event of unforeseen problems.
3.6.5 | Custom Product Support |
IT integrates and supports a completely customized set of products as defined by the business unit and technology planners. This set of products is fully integrated into operating platform category for installation.
Services include:
a) Support of custom designed solution of system related vendor products (custom product set) as selected by business units (i.e. GMAC Bank) and technology planners.
b) Planning, installation, integration and upgrade of the custom product set
c) Problem resolution including problem determination, interface and escalation with third-party suppliers for the custom product set.
d) Installation of corrective and preventative maintenance to product set.
e) Inventory and tracking of custom product set components and changes.
f) Software refreshes as required to allow early adoption or maintain currency to current software versions.
3.6.6 | Local High-Availability Support |
Local high-availability services provide the processes and support staff to support system software required that provide redundant server and storage configurations clustered together in the same physical site.
Services include:
a) Installing and maintaining the system software and related tools required, providing a midrange compute environment to meet availability requirements and remove single points of failure from the compute configuration.
b) High availability software expertise to manage and monitor the operational environment.
c) Performing non-disruptive software maintenance to ensure the integrity of the software components of the compute configuration.
4 Descriptions of IT Network Services
The following is a description of the services that GMAC Residential IT Network Services, or its approved vendor(s), will provide to assist GMAC Bank in supporting their application and computing platforms.
4.1 | Network Services |
4.1.1 | Dial-up Networking |
• Dial-up networking provides users remote access to corporate network resources via a dial-up connection.
4.1.2 | Firewall |
• Firewalls protect networks from unauthorized access.
• GMACR employs firewalls and configures firewall rules to regulate access between GMACR trusted internal networks, the public Internet, third party networks, and acquisition networks.
4.1.3 | FTP – File Transfer Protocol |
• GMACR uses a secure system of FTP servers to facilitate the transfer of files with third parties.
4.1.4 | IDS – Intrusion Detection System |
• Intrusion Detection Systems work both at the network and server level to detect attacks by unauthorized sources. An IDS can operate using known attack signatures or anomaly detection.
4.1.5 | IP Address Management |
• IP address management encompasses assigning TCP/IP addresses for all devices that reside on the corporate network, ensuring that enterprise standards are followed.
• Data Network Engineering administers TCP/IP addressing, including Dynamic Host Configuration Protocol (DHCP) for the enterprise.
• DHCP facilitates IP address management using defined scopes of addresses for individual LAN segments and scope and global variables that can be automatically assigned to participating network nodes.
4.1.6 | RADIUS—Remote Authentication Dial In User Service |
GMAC Residential will shortly be moving to a new dial-up service, which will employ Radius as the authentication service. GMACR’s current dial-up service uses 3Com Edge servers for authentication.
• RADIUS exchanges user information between a device that provides network access to users and a device that validates user authentication information. RADIUS servers provide user authentication and access services that aids Data Network Engineering in ensuring that unauthorized users do not exploit services providing external network access.
• RADIUS servers will provide user authentication for the following services at GMACR:
- Wireless access points
- Virtual Private Network (VPN) concentrators
- Cisco dial-up
- Third party dial-up
- Firewall
- CacheFlow
4.1.7 | Routers |
• Routers connect local area networks (LANs) at remote GMACR and third party sites to the GMACR network hub site. Routers also connect the corporate network to the public Internet.
4.1.8 | SONET |
• SONET rings provide synchronous transmission of data across fiber optic networks. The speed of data transmission across a SONET network is many times faster than many traditional wide area network (WAN) connections using dedicated T1 or frame relay technology.
• GMACR has implemented a SONET network between large sites, providing increased reliability and availability as well as a means for system and network redundancy.
4.1.9 | Switches |
• A switch is a network device made up of network ports to which individual LAN network nodes such as workstations, servers and printers connect.
• Switching technology provides dedicated bandwidth to each port on a network segment in contrast to the old hub networks in which each node on a segment shared bandwidth with all other nodes on the segment.
4.2 | Web Services |
4.2.1 | Websense |
• GMACR has implemented Websense to provide URL blocking functionality, providing a mechanism to manage employee Internet access. Websense helps to enforce GMACR’s Technology Usage policy by preventing access to certain sites based on configurable criteria.
4.2.2 | CacheFlow |
• GMACR now employs CacheFlow primarily to redirect HTTP requests to Websense, which is described above in 4.2.1.
• CacheFlow caching appliances provide performance enhancements for Internet and third party HTTP requests.
• CacheFlow stores HTTP request results in cache for subsequent requests. Serving HTTP content from cache saves time because the request is returned to the user faster. CacheFlow also conserves network bandwidth because the content is retrieved from cache instead of from the Internet.
• When the requested content is not in cache, Pipeline Bursting allows CacheFlow to retrieve content from the Internet faster.
4.2.3 | VPN – Virtual Private Network |
• A VPN allows a user to securely access corporate network resources over the public Internet using encryption technology.
4.2.4 | Foundry ServerIron Switches |
• The Foundry ServerIron switches provide load balancing services for several GMACR systems, including web hosting and eSafe.
5Descriptions of IT Telecommunication Services
The following is a description of the services that GMAC Residential IT Telecommunication Services, or its approved vendor(s), will provide to assist GMAC Bank in supporting their application and computing platforms.
5.1 | Telecommunications |
GMACR will provide for GMAC Bank’s use of the telecommunication infrastructure (cables, wiring, telephone numbers) as appropriate at GMAC Bank’s facilities. GMACR will provide support services for installation, maintenance and removal of telephone and facsimile equipment, obtain/reserve additional telephone numbers (including toll-free) as needed.
5.2 | Additional Telecommunication Services |
5.2.1 | Videoconferencing |
Videoconferencing provides the means for meeting participants to view remote participants while the meeting is taking place. Videoconferencing also allows meeting participants to connect their computers to the videoconferencing system and show presentations.