

AGREEMENT BY AND BETWEEN
Commerce Bank/Harrisburg National Association
Harrisburg, Pennsylvania
and
The Comptroller of the Currency


Commerce Bank/Harrisburg National Association, Harrisburg, Pennsylvania (“Bank”)
and the Comptroller of the Currency of the United States of America
(“Comptroller”) wish to protect the interests of the depositors, other
customers, and shareholders of the Bank, and, toward that end, wish the Bank to
operate safely and soundly and in accordance with all applicable laws, rules and
regulations.
 
In consideration of the above premises, it is agreed, between the Bank, by and
through its duly elected and acting Board of Directors (“Board”), and the
Comptroller, through his authorized representative, that the Bank shall operate
at all times in compliance with the articles of this Agreement.


ARTICLE I
 
JURISDICTION
 
(1)  This Agreement shall be construed to be a “written agreement entered into
with the agency” within the meaning of 12 U.S.C. § 1818(b)(1).
 
(2)  This Agreement shall be construed to be a “written agreement between such
depository institution and such agency” within the meaning of 12 U.S.C.
§ 1818(e)(1) and 12 U.S.C. § 1818(i)(2).
 
(3)  This Agreement shall be construed to be a “formal written agreement” within
the meaning of 12 C.F.R. § 5.51(c)(6)(ii). See 12 U.S.C. § 1831i.
 
(4)  This Agreement shall be construed to be a “written agreement” within the
meaning of 12 U.S.C. § 1818(u)(1)(A).
 
 
1

--------------------------------------------------------------------------------


 
 
(5)  Pursuant to 12 CFR 5.51c(6)(ii), the Bank shall be subject to the
requirements of 12 CFR 5.51 unless otherwise informed in writing by the OCC. In
addition, this Agreement shall cause the Bank not to be designated as an
“eligible bank” for purposes of 12 C.F.R. § 5.3(g), unless otherwise informed in
writing by the Comptroller. For purposes of 12 C.F.R. Part 24, the Bank may be
treated as an “eligible bank,” unless otherwise informed in writing by the
Comptroller.
 
(6)  All reports or plans which the Bank or Board has agreed to submit to the
Assistant Deputy Comptroller pursuant to this Agreement shall be forwarded to:
 
William D. Haas
Assistant Deputy Comptroller
Midsize Bank Supervision
One Financial Place, Suite 2700
440 South LaSalle Street
Chicago, IL 60605-1073


With copies to:


Guillermo Torres
OCC Examiner-in-Charge
Commerce Bank
2059 Springdale Road
Cherry Hill, N. J. 08003



ARTICLE II
 
COMPLIANCE COMMITTEE
 
(1)  Within five (5) days, the Board shall appoint a Compliance Committee of at
least three (3) directors, of which no more than one (1) shall be an employee or
controlling shareholder of the Bank or any of its affiliates (as the term
“affiliate” is defined in 12 U.S.C. § 371c(b)(1)), or a family member of any
such person. Upon appointment, the names of the members of the Compliance
Committee and, in the event of a change of the membership, the name of any new
member shall be submitted in writing to the Assistant Deputy Comptroller. The
Compliance Committee shall be responsible for monitoring and coordinating the
Bank's adherence to the provisions of this Agreement.
 
 
2

--------------------------------------------------------------------------------


 
(2)  The Compliance Committee shall meet at least monthly and maintain detailed
minutes of all meetings.
 
(3)  Within forty-five (45) days, and at the end of each calendar quarter
thereafter, the Compliance Committee shall submit a written progress report to
the Board setting forth in detail:
 
 

(a)  
a description of the actions needed to achieve full compliance with each Article
of this Agreement, including the names of the parties responsible for completing
those actions and the specific timeframe for completion of each action;

 
 

(b)  
actions taken to comply with each Article of this Agreement; and

 
 

(c)  
the results and status of those actions.

 
(4)  The Board shall forward a copy of the Compliance Committee's first report,
with any additional comments by the Board, to the Assistant Deputy Comptroller
within ten (10) days of receiving such report, and shall forward all subsequent
Compliance Committee reports, with any additional comments by the Board, to the
Assistant Deputy Comptroller within twenty (20) days of each quarter end.
 
 
3

--------------------------------------------------------------------------------



 
ARTICLE III
 
MANAGEMENT AND BOARD SUPERVISION STUDY
 
(1)  The Board has previously engaged an independent management consultant
(“Consultant”) to which the Assistant Deputy Comptroller has no supervisory
objection. The Board shall contract with and require the Consultant to complete
and provide to it, within ninety (90) days, a written report of the Board and
current management supervision presently being provided to the Bank, the Bank’s
management structure, and its staffing requirements in light of the Bank’s
present condition, with particular emphasis in the areas of risk management,
internal audit, consumer compliance and Bank Secrecy Act/Anti-Money Laundering
(BSA/AML) compliance. The findings and recommendations of the Consultant shall
be set forth in the written Report to the Board and the Report, at a minimum,
shall contain:
 
 

(a)  
an analysis of the Board’s composition and committee structure, including
committee composition and responsibility, and whether current members possess
the knowledge and skills to oversee management of the Bank in a sound manner,
with specific recommendations to address any identified weaknesses;

 
 

(b)  
an assessment of whether Board members are receiving adequate information on the
operation of the Bank to enable them to fulfill their fiduciary responsibilities
and other responsibilities under law, and specific recommendations to expand the
scope, frequency and sufficiency of information provided to the Board by
management to address any identified weaknesses;

 
 

(c)  
an assessment of whether the content of the Board and committee minutes
adequately reflect discussions and decisions, specifically in the areas of the
Bank’s internal and external audit activities, compliance management program,
BSA/AML program and vendor management practices.

 
 
4

--------------------------------------------------------------------------------


 
 

(d)  
the identification of present and future management and staffing requirements of
each area of the Bank, with particular emphasis given to the Executive
Management Group, and the Risk Management, Internal Audit, Compliance, and
BSA/AML areas;




(e)  
an assessment of the adequacy of written job descriptions for all executive
officers and for the direct department heads of Internal Audit, Compliance and
the BSA/AML area, including whether accountabilities are appropriately defined;

 

(f)  
an evaluation of the qualifications and abilities of each individual identified
in (e) above and a determination of whether each individual possesses the
experience and other qualifications required to perform present and anticipated
duties of his/her position;

 

(g)  
recommendations as to whether management or staffing changes should be made,
including the need for additions to or deletions from the current management
team;

 

(h)  
assessment of the objectives by which management's effectiveness is measured and
the standards by which employees are held accountable through the Bank’s
performance management and compensation programs, with recommendations for any
enhancements; and

 

(i)  
an evaluation of current lines of authority, reporting responsibilities and
delegation of duties for all officers, including identification of any
overlapping duties or responsibilities.

 
(2)  Within sixty (60) days of its receipt of the Consultant’s Report, the Board
shall develop, implement, and thereafter ensure Bank adherence to a written
plan, with specific time frames, that will correct any deficiencies noted in the
Report, including a specific plan to address any staffing issues, qualitative
and quantitative, identified in the Report.
 
(3)  The Board shall ensure that the Bank has processes, personnel, and control
systems to ensure implementation of and adherence to the plan developed pursuant
to this Article.
 
 
5

--------------------------------------------------------------------------------


 
(4)  Copies of the Consultant’s Report and the Board's written plan(s) shall be
forwarded to the Assistant Deputy Comptroller. The Assistant Deputy Comptroller
shall retain the right to determine the adequacy of the Report and its
compliance with the terms of this Agreement. In the event the written plan, or
any portion thereof, is not implemented, the Board shall immediately advise the
Assistant Deputy Comptroller, in writing, of specific reasons for deviating from
the plan.
 
ARTICLE IV
 
INTERNAL AUDIT
 
(1)  Within thirty (30) days, the Board shall review and revise the Bank’s
internal audit program and ensure implementation of and Bank adherence to an
independent, internal audit program that adequately identifies the Bank’s audit
universe and includes a risk-based evaluation of all financial and non-financial
areas of the Bank for inclusion in the Bank’s audit plan. The program’s scope,
testing, and documentation shall be sufficient to:
 
 

(a)  
ensure the development and maintenance of a risk-based audit plan, covering both
financial and non-financial areas of the Bank, that includes risk assessments to
support the frequency and scope of reviews for all areas covered by the plan;

 
 

(b)  
ensure that the risk-based audit plan is annually approved by the Board or its
designated committee;

 
 

(c)  
ensure that any deviation of sixty (60) days or more from the Board approved
audit plan requires, and only occurs with, the prior written approval of the
Board or its designated committee;

 
 

(d)  
ensure that the Board or its designated committee maintains a process to track
adherence to the approved audit plan;

 
 
6

--------------------------------------------------------------------------------


 
 

(e)  
detect irregularities and weak practices in the Bank's operations;

 
 

(f)  
determine the Bank's level of compliance with all applicable laws, rules and
regulations, including consumer compliance and BSA/AML related laws and
regulations;

 
 

(g)  
assess and report the effectiveness of policies, procedures, controls, and
management oversight relating to each area covered by the audit plan;

 
 

(h)  
evaluate the Bank’s adherence to established policies, procedures and programs,
including the Bank’s adherence to the consumer compliance, BSA/AML and third
party management programs required to be developed under the terms of this
Agreement; and

 
 

(i)  
ensure an appropriate level of testing to support the audit findings in all
areas, including in the BSA/AML area, testing that covers the adequacy of the
Bank’s:

 
 

(i)  
customer risk identification practices;

 
 

(ii)  
systems for monitoring transactions and accounts for suspicious activity; and

 
 

(iii)  
identification of suspicious activity and compliance with suspicious activity
reporting requirements.

 
(2)  As part of this audit program, the Board shall evaluate the audit reports
and shall assess the impact on the Bank of any audit deficiencies cited in such
reports. If the Board’s designated committee is charged with responsibility for
reviewing the audit reports, the committee shall report its findings to the full
Board.
 
 
7

--------------------------------------------------------------------------------


 
 
(3)  The Board shall ensure that the Bank has processes, personnel (with respect
to both the experience level and number of individuals employed), and control
systems to ensure implementation of and adherence to the audit program developed
pursuant to this Article.
 
(4)  The Board shall ensure that immediate actions are taken to remedy
deficiencies cited in audit reports, and that auditors maintain a written record
describing such actions.
 
(5)  Upon adoption, a copy of the internal audit program shall be promptly
submitted to the Assistant Deputy Comptroller.


ARTICLE V
 
CONSUMER COMPLIANCE PROGRAM
 
(1)  Within sixty (60) days, the Board shall review and revise the Bank’s
consumer compliance program and implement the revised program, and thereafter
ensure adherence to the written program which shall be designed to ensure the
Bank is operating in compliance with all applicable consumer protection laws,
rules and regulations. The program shall include:
 
 

(a)  
written descriptions of the duties and responsibilities of the Compliance
Officer and other key positions in the Compliance area, that clearly define
authority and accountability;

 
 

(b)  
adequate internal controls to ensure compliance with consumer protection laws,
rules, and regulations, including quality assurance reviews to periodically
evaluate compliance;

 
 

(c)  
a policies and procedures manual covering all applicable consumer protection
laws, rules and regulations for use by appropriate Bank personnel in the
performance of their duties and responsibilities, which identifies employee
accountability for required procedures;

 
 
8

--------------------------------------------------------------------------------


 
 

(d)  
updates of the written policies and procedures at least semi-annually, or as
required by more frequent changes in laws or regulations, to ensure the program
remains current;

 
 

(e)  
a formal compliance review process for new or changed products and services;

 
 

(f)  
procedures to ensure that exceptions noted in the audit reports are corrected
and responded to by appropriate Bank personnel; and

 
 

(g)  
an education and training program for all appropriate Bank personnel in the
requirements of all applicable federal and state consumer protection laws, rules
and regulations, with training tailored to each individual’s responsibilities
and duties.

 
(2)  Upon adoption, a copy of the program shall be forwarded to the Assistant
Deputy Comptroller for review.
 
(3)  The Board shall ensure that the Bank has processes, personnel, and control
systems to ensure implementation of and adherence to the program developed
pursuant to this Article.


ARTICLE VI
 
BANK SECRECY ACT/ANTI-MONEY LAUNDERING
 
(1)  Within sixty (60) days, the Board shall review and enhance the Bank’s
BSA/AML program and ensure implementation and Bank adherence to a written
program of policies and procedures to provide for compliance with the Bank
Secrecy Act (“BSA”), as amended (31 U.S.C. §§ 5311 et seq.), the regulations
promulgated there under at 31 C.F.R. Part 103, as amended, and 12 C.F.R. Part
21, Subparts B and C, and the rules and regulations of the Office of Foreign
Assets Control (“OFAC”) (collectively referred to as the “Bank Secrecy Act” or
“BSA”) and for the appropriate identification and monitoring of transactions
that pose greater than normal risk for compliance with the BSA. This program
shall include the following:
 
 
9

--------------------------------------------------------------------------------


 

(a)  
Enhanced policies and procedures, including written criteria, for identification
of transactions that pose greater than normal risk for compliance with the Bank
Secrecy Act and for the enhanced monitoring of such transactions;

 
 

(b)  
formal evaluation of the knowledge of the Bank’s operational and supervisory
personnel of the Bank’s policies and procedures for identifying transactions
that pose greater than normal risk for compliance with the Bank Secrecy Act;

 
 

(c)  
enhanced training for bank personnel appropriately tailored to the roles and
responsibilities of each job function, and to address any weaknesses identified
as a result of the evaluation required in (b);

 
 

(d)  
periodic evaluation of the Bank’s BSA training program to ensure on-going
effectiveness of training provided;

 
 

(e)  
enhanced policies and procedures for recording, maintaining, and recalling
information about transactions that pose greater than normal risk for compliance
with the Bank Secrecy Act;

 
 

(f)  
enhanced policies and procedures for risk rating the bank’s customer base;

 
 

(g)  
on-going risk focused assessment of the Bank’s customer base, products,
services, and geographic locations;

 
 

(h)  
well-defined policies and procedures for investigating and resolving the Bank’s
response to transactions that have been identified as posing greater than normal
risk for compliance with the Bank Secrecy Act;

 
 
 
10

--------------------------------------------------------------------------------


 
 
 

(i)  
adequate controls and procedures to ensure that all suspicious and large
currency transactions are identified and reported;

 
 

(j)  
adequate controls and procedures to ensure Currency Transaction Reports (CTRs)
and Suspicious Activity Reports (SARs) are filed accurately and timely,
including procedures to ensure that errors noted in internal or external reports
are addressed and remedied within specified timeframes;

 
 

(k)  
a method for introducing new products and services that ensures that the
policies and procedures governing new products and services are consistent with
the Bank’s program for compliance with the Bank Secrecy Act.

 
 

(l)  
a policy that addresses the circumstances under which customer transactions are
permitted to be conducted through Bank related accounts with specific
documentation requirements to ensure sufficient customer information is obtained
and maintained.

 
(2)  Within sixty (60) days, the Board shall review and enhance the Bank’s
policies and procedures and ensure implementation and Bank adherence to a
written program for the Bank’s monitoring of suspicious cash, monetary
instrument and wire transactions, and for other activities involving accounts,
customers, products, services, and geographic areas that pose greater than
normal risk for compliance with the Bank Secrecy Act. At a minimum, this written
program shall include:
 
 

(a)  
reviews of cash purchases of monetary instruments on a periodic basis
commensurate with risk;

 
 

(b)  
reviews of wire and cash transactions on a periodic basis commensurate with
risk;

 
 
11

--------------------------------------------------------------------------------


 
 

(c)  
analysis of aggregate cash, monetary instrument, and wire activity on a periodic
basis commensurate with risk;

 
 

(d)  
analysis of Currency Transaction Report filings on a periodic basis commensurate
with risk;

 
 

(e)  
enhanced review of accounts, customers, products, services, and geographic areas
that pose greater than normal risk for compliance with the Bank Secrecy Act; and

 
 

(f)  
submission of SARs based on these reviews and analyses, as required.

 
(3)  Within sixty (60) days, the Board shall develop, implement, and thereafter
ensure Bank adherence to a written program of policies and procedures to provide
for the application of appropriate thresholds for monitoring all types of
transactions, accounts, customers, products, services, and geographic areas that
pose greater than normal risk for compliance with the Bank Secrecy Act. At a
minimum, this written program shall establish:
 
 

(a)  
meaningful thresholds for filtering accounts and customers for further
monitoring, review, and analyses;

 
 

(b)  
an analysis of the filtering thresholds established by the Bank; and

 
 

(c)  
periodic testing and monitoring of thresholds for their appropriateness to the
Bank’s customer base, products, services, and geographic area.

 
(4)  Within sixty (60) days, the Board shall develop, implement, and thereafter
ensure Bank adherence to expanded account-opening procedures for all accounts
that pose greater than normal risk for compliance with the Bank Secrecy Act by
requiring:
 
 

(a)  
identification of all account owners and beneficial owners in compliance with
31 C.F.R. § 103.121;

 
 
12

--------------------------------------------------------------------------------


 
 

(b)  
identification of the officers, directors, major shareholders or partners, as
applicable;

 
 

(c)  
documentation of the following information:

 
 

(i)  
any relevant financial information concerning the customer;

 
 

(ii)  
the type of business conducted by the customer;

 
 

(iii)  
the customer’s source of income or wealth; and

 
 

(iv)  
any other due diligence required by this Agreement, the BSA Officer or the Bank.

 
(5)  The Bank shall obtain the information required in the preceding paragraph
(4) of this Article before renewing or modifying an existing customer’s account
within the scope of the preceding paragraph (4). 
 
(6)  Within sixty (60) days, the Board shall develop, implement, and thereafter
ensure Bank maintenance of an integrated, accurate system for all Bank areas to
produce periodic reports designed to identify unusual or suspicious activity,
including patterns of activity, to monitor and evaluate unusual or suspicious
activity, and to maintain accurate information needed to produce these reports.
 
 

(a)  
the Bank’s system shall be able to link related accounts to evaluate patterns of
activity and generate a list of all accounts associated with a relationship;

 
 

(b)  
The Bank’s system shall include information on all high risk customers or
accounts (newly established, renewed or modified), which shall be maintained and
kept current, including the following information:

 
 

(i)  
the name of the customer;

 
 

(ii)  
the officers, directors and major shareholder of any corporate customer and the
partners of any partnership customer;

 
 
13

--------------------------------------------------------------------------------


 
 

(iii)  
any other accounts maintained by the customer and, as applicable, its officers,
directors, major shareholders or partners;

 

(iv)  
a detailed analysis of the due diligence performed on the customer and, as
applicable, its officers, directors, major shareholders or partners;

 
 

(v)  
any related accounts of the customer at the Bank;

 
 

(vi)  
any action the Bank has taken on the account;

 
 

(vii)  
the purpose and balance of the account; and

 
 

(viii)  
any unusual activity for each account;

 
 

(c)  
The periodic reports shall cover one day, a number of days, and include monthly
reports and shall segregate transactions that pose a greater than normal risk
for compliance with the Bank Secrecy Act;




(d)  
The periodic reports shall include reports on any type of subpoena received by
the Bank and on any law enforcement inquiry directed to the Bank and any action
taken by the Bank on the affected account; and

 
 

(e)  
The periodic reports shall include reports deemed necessary or appropriate by
the BSA Officer or the Bank.

 
(7)  The BSA Officer or his/her designee shall periodically review, not less
than each calendar year, account documentation for all high risk accounts and
the related accounts of those customers at the Bank to determine whether the
account activity is consistent with the customer’s business and the stated
purpose of the account.
 
(8)  The Board shall ensure that the Bank has processes, personnel, and control
systems to implement and adhere to the program developed pursuant to this
Article.
 
(9)  Upon adoption, a copy of the program shall be forwarded to the Assistant
Deputy Comptroller for review.
 
 
 
14

--------------------------------------------------------------------------------


 
ARTICLE VII
 
ACCOUNT/TRANSACTION ACTIVITY REVIEW
 
(1)  Within sixty (60) days, the Bank shall submit to the Assistant Deputy
Comptroller for a written determination of no objection, a written plan to
review monetary instrument, wire and cash transactions (including structuring)
occurring at the Bank since January 1, 2006, and customer accounts that pose
greater than normal risk for compliance with the BSA in order to ascertain
whether any unusual or suspicious activity may have occurred since January 1,
2006. In the event the Assistant Deputy Comptroller objects in writing to the
plan or provides written comments, the Board shall immediately make the
necessary revisions to the plan.
 
(2)  Within one hundred and twenty (120) days of receiving a written
determination of no objection from the Assistant Deputy Comptroller, the Bank
shall complete the account and transaction activity review in accordance with
the plan submitted pursuant to paragraph (1) of this Article. Upon completion of
this review, the written findings shall be reported to the Board, with a copy to
the Assistant Deputy Comptroller. Within thirty (30) days of receiving the
written report, the Bank shall file SARs for any previously unreported
suspicious activity identified during the review. At the Comptroller’s sole
discretion, the Bank may be required to extend the suspicious activity review
period to capture transactions and activity occurring at the Bank prior to
January 1, 2006, after the written findings are provided to the Assistant Deputy
Comptroller.


ARTICLE VIII
 
OUTSOURCING SERVICES TO THIRD PARTIES


(1)  Within ninety (90) days, the Board shall develop, implement, and thereafter
adhere to a written program to oversee and manage risks associated with
outsourcing services to third parties, including consultants and technology
service providers and vendors. The third party management program shall be
consistent with OCC Bulletin 2001-47, “Third Party Relationships,” and any
applicable guidance listed in the attachment thereto, and the “Outsourcing
Technology Services” Booklet of the FFIEC Information Technology Examination
Handbook, to the extent applicable. The program shall, at a minimum, include:
 
 
15

--------------------------------------------------------------------------------


 
 

(a)  
an analysis of how the relationship fits into the Bank’s overall business
strategy and objectives;

 
 

(b)  
identification of the strategic purposes, benefits, legal aspects, costs and
risks associated with the third party relationship;

 
 

(c)  
assessment of internal Bank expertise to evaluate and manage the activity and
the third-party relationship;

 
 

(d)  
an initial and on-going due diligence process that identifies qualitative and
quantitative aspects, both financial and operational, of the third party to
assess whether the third party can help the bank achieve its strategic goals;

 
 

(e)  
the execution of enforceable contracts that clearly define the expectations and
obligations of the each party and include, as appropriate, the following:

 
 

(i)  
scope of the arrangement, including the frequency, content and format of the
services to be provided, training of bank employees, customer service, and
whether or not the service provider may subcontract any of its obligations;

 
 

(ii)  
performance measures that clearly specify the expectations and responsibilities
for both parties;

 
 
16

--------------------------------------------------------------------------------


 
 

(iii)  
identification of the frequency and content of specific reports the third party
is required to provide to the Bank to assess performance, service levels, and
risks;

 
 

(iv)  
thresholds and procedures for notifying the Bank when service disruptions,
security breaches or other events that pose a material risk to the Bank occur;

 
 

(v)  
the right to audit the third party (and any of its subcontractors) as needed to
monitor contract performance and identification of the types and frequency of
audit information the Bank is entitled to receive from the third party;

 
 

(vi)  
a full description of the compensation, fees, calculations for base services or
any special charges that may be imposed, including conditions under which the
cost structure may be changed, and to the extent applicable, standards and
documentation required for reimbursement of any expenses chargeable to the Bank;

 
 

(vii)  
whether and how the third party has the right to use the Bank’s data and whether
any records generated by the third party are the property of the Bank;

 
 

(viii)  
standards for maintaining the confidentiality and security of the Bank’s
information;

 
 

(ix)  
provision and standards for business resumption and contingency plans;

 
 

(x)  
stipulation of events constituting default, available remedies and opportunities
to cure defaults, and identification of termination rights, including a
provision that enables the Bank to terminate the contract, upon reasonable
notice and without penalty, in the event the OCC formally objects to the
particular third-party arrangement; and

 
 
17

--------------------------------------------------------------------------------


 
 

(xi)  
to the extent terms limiting third party liability are included, only limits on
liability that are proper in proportion to the amount of loss the Bank might
experience as a result of the third party’s failure to perform.

 
 

(f)  
on-going oversight of the third party’s activities and performance, including
the designation of a bank officer responsible for the administration and
oversight of third party relationships, and assignment of sufficient staff with
the necessary expertise to:

 
 

(i)  
monitor the third party’s financial condition;

 
 

(ii)  
monitor the third party’s controls, including review of audit information;
policies relating to internal controls and security; business resumption
contingency planning and testing; and compliance with applicable laws and
regulations, including the BSA and consumer laws and regulations;

 
 

(iii)  
monitor key third party personnel changes and assess how such changes may impact
the Bank;

 
 

(iv)  
review information documenting the third party’s performance relative to service
level agreements and determine whether contractual terms and conditions are
being met, or whether any revisions to service-level agreements or other terms
are needed;

 
 
 
18

--------------------------------------------------------------------------------


 
 

(v)  
document and follow-up on performance problems in a timely manner;

 
 

(vi)  
determine the adequacy of training provided to bank employees;

 
 

(vii)  
periodically meet with contract parties to discuss performance and operational
issues;

 
 

(g)  
documentation of the Bank’s oversight of third party activities and performance
including:

 
 

(i)  
a list of third parties deemed critical to the operation of the Bank or for
which the Bank spends substantial amounts of money;

 
 

(ii)  
valid, current and complete contracts;

 
 

(iii)  
business plans for new lines of business or products that identify management’s
planning process, decision making and due diligence in selecting a third party;

 
 

(iv)  
regular risk management and performance information received from the third
party (e.g., audit information, security reviews, reports or information
indicating compliance with service-level agreements); and

 
 

(v)  
regular reports to the Board, or its delegated committee, of the results of the
Bank’s ongoing oversight activities.

 
(2)  Within one hundred and twenty (120) days, the Board shall review each of
the Bank’s current arrangements with any third party consultant or servicer and
prepare a written analysis detailing whether and how each arrangement complies
with the third party management program required to be developed under paragraph
(1) of this Article. The Board’s analysis shall include an evaluation of the
extent to which the third party is meeting the Bank’s expectations in providing
the services for which it was contracted. For each consultant or servicer
arrangement that does not meet the requirements of the program required under
paragraph (1), or in the event any consultant or servicer is not meeting its
 
 
19

--------------------------------------------------------------------------------


 
 
obligations under the terms of an existing contract, the Board shall prepare,
within 60 days of completing its review, a written plan of the steps it will
take to address any identified deficiencies, including how the Bank will
terminate the arrangement in the event the Board is unable to address an
identified deficiency. In the event the written plan, or any portion thereof, is
not implemented, the Board shall immediately advise the Assistant Deputy
Comptroller, in writing, of specific reasons for deviating from the plan.
 
(3)  For each review it must undertake pursuant to paragraph (2) above, the
Board shall indicate whether:
 

(a)  
legal counsel was involved in the negotiation of any contracts executed with the
third party;

 

(b)  
prior to entering into any contract executed within one year from the effective
date of this Agreement, the Board or Bank counsel reviewed any existing contract
with the third party to determine whether the third party was already obligated
to provide any of the services covered under the terms of the new contract, and
the Board or Bank counsel’s determination in that regard; and

 

(c)  
the contract is on market terms and fair and equitable to the Bank.

 
(4)  The Bank shall not enter into any new or renegotiate any existing third
party outsourcing arrangement which does not meet the requirements of the third
party management program required to be developed under paragraph (1) of this
Article.
 
(5)  The Board shall submit copies of the program, analyses and plans required
under the terms of this Article to the Assistant Deputy Comptroller for review.
 
 
20

--------------------------------------------------------------------------------


 
(6)  The Board shall ensure the Bank has processes, personnel, and control
systems to ensure implementation of and adherence to the programs and plans
developed pursuant to this Article.


ARTICLE IX
 
VIOLATIONS OF LAW
 
(1)  The Board shall immediately take all necessary steps to ensure that Bank
management corrects each violation of law, rule or regulation cited in the ROE.
The quarterly progress reports required by Article II of this Agreement shall
include the date and manner in which each correction has been effected during
that reporting period.


ARTICLE X
 
CLOSING
 
(1)  Although the Board has agreed to submit certain programs and reports to the
Assistant Deputy Comptroller for review or prior written determination of no
supervisory objection, the Board has the ultimate responsibility for proper and
sound management of the Bank.
 
(2)  It is expressly and clearly understood that if, at any time, the
Comptroller deems it appropriate in fulfilling the responsibilities placed upon
him by the several laws of the United States of America to undertake any action
affecting the Bank, nothing in this Agreement shall in any way inhibit, estop,
bar, or otherwise prevent the Comptroller from so doing.
 
(3)  Any time limitations imposed by this Agreement shall begin to run from the
effective date of this Agreement. Such time requirements may be extended in
writing by the Assistant Deputy Comptroller for good cause upon written
application by the Board.
 
 
21

--------------------------------------------------------------------------------


 
(4)  The provisions of this Agreement shall be effective upon execution by the
parties hereto and its provisions shall continue in full force and effect unless
or until such provisions are amended in writing by mutual consent of the parties
to the Agreement or excepted, waived, or terminated in writing by the
Comptroller.
 
(5)  This Agreement is intended to be, and shall be construed to be, a
supervisory “written agreement entered into with the agency” as contemplated by
12 U.S.C. § 1818(b)(1), and expressly does not form, and may not be construed to
form, a contract binding on the Comptroller or the United States.
Notwithstanding the absence of mutuality of obligation, or of consideration, or
of a contract, the Comptroller may enforce any of the commitments or obligations
herein undertaken by the Bank under his supervisory powers, including 12 U.S.C.
§ 1818(b)(1), and not as a matter of contract law. The Bank expressly
acknowledges that neither the Bank nor the Comptroller has any intention to
enter into a contract. The Bank also expressly acknowledges that no officer or
employee of the Office of the Comptroller of the Currency has statutory or other
authority to bind the United States, the U.S. Treasury Department, the
Comptroller, or any other federal bank regulatory agency or entity, or any
officer or employee of any of those entities to a contract affecting the
Comptroller’s exercise of his supervisory responsibilities. The terms of this
Agreement, including this paragraph, are not subject to amendment or
modification by any extraneous expression, prior agreements or prior
arrangements between the parties, whether oral or written.
 
IN TESTIMONY WHEREOF, the undersigned, authorized by the Comptroller, has
hereunto set her hand on behalf of the Comptroller.


 

/s/ Jennifer Kelly   January 29, 2007
Jennifer Kelly
Deputy Comptroller
Midsize and Credit Card Bank Supervision
 
Date

 
 
 
22

--------------------------------------------------------------------------------



 
IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of
Directors of the Bank, have hereunto set their hands on behalf of the Bank.



     

/s/ Gary L. Nalbandian   January 26, 2007
 
 
/s/ James R. Adair
 
Date
 
January 26, 2007
 
/s/ John J. Cardello
 
Date
 
January 26, 2007
/s/ Douglas S. Gelder
 
Date
 
January 26, 2007
/s/ Alan R. Hassman
 
Date
 
January 26, 2007
/s/ Howell C. Mette
 
Date
 
January 26, 2007
/s/ Michael A. Serluco
 
Date
 
January 26, 2007
 
 
/s/ Samir J. Srouji, MD
 
Date
 
January 26, 2007
   
Date

 
 
 
23

--------------------------------------------------------------------------------