Agreement by and between Commerce Bank/Harrisburg National Association, Harrisburg, Pennsylvania and the Comptroller of the Currency

EX-10.1 2 ex10-1.htm EXHIBIT 10.1 Exhibit 10.1
AGREEMENT BY AND BETWEEN
Commerce Bank/Harrisburg National Association
Harrisburg, Pennsylvania
and
The Comptroller of the Currency

Commerce Bank/Harrisburg National Association, Harrisburg, Pennsylvania (“Bank”) and the Comptroller of the Currency of the United States of America (“Comptroller”) wish to protect the interests of the depositors, other customers, and shareholders of the Bank, and, toward that end, wish the Bank to operate safely and soundly and in accordance with all applicable laws, rules and regulations.
 
In consideration of the above premises, it is agreed, between the Bank, by and through its duly elected and acting Board of Directors (“Board”), and the Comptroller, through his authorized representative, that the Bank shall operate at all times in compliance with the articles of this Agreement.

ARTICLE I
 
JURISDICTION
 
(1)  This Agreement shall be construed to be a “written agreement entered into with the agency” within the meaning of 12 U.S.C. § 1818(b)(1).
 
(2)  This Agreement shall be construed to be a “written agreement between such depository institution and such agency” within the meaning of 12 U.S.C. § 1818(e)(1) and 12 U.S.C. § 1818(i)(2).
 
(3)  This Agreement shall be construed to be a “formal written agreement” within the meaning of 12 C.F.R. § 5.51(c)(6)(ii). See 12 U.S.C. § 1831i.
 
(4)  This Agreement shall be construed to be a “written agreement” within the meaning of 12 U.S.C. § 1818(u)(1)(A).
 
 
1

 
 
(5)  Pursuant to 12 CFR 5.51c(6)(ii), the Bank shall be subject to the requirements of 12 CFR 5.51 unless otherwise informed in writing by the OCC. In addition, this Agreement shall cause the Bank not to be designated as an “eligible bank” for purposes of 12 C.F.R. § 5.3(g), unless otherwise informed in writing by the Comptroller. For purposes of 12 C.F.R. Part 24, the Bank may be treated as an “eligible bank,” unless otherwise informed in writing by the Comptroller.
 
(6)  All reports or plans which the Bank or Board has agreed to submit to the Assistant Deputy Comptroller pursuant to this Agreement shall be forwarded to:
 
William D. Haas
Assistant Deputy Comptroller
Midsize Bank Supervision
One Financial Place, Suite 2700
440 South LaSalle Street
Chicago, IL 60605-1073

With copies to:

Guillermo Torres
OCC Examiner-in-Charge
Commerce Bank
2059 Springdale Road
Cherry Hill, N. J. 08003

ARTICLE II
 
COMPLIANCE COMMITTEE
 
(1)  Within five (5) days, the Board shall appoint a Compliance Committee of at least three (3) directors, of which no more than one (1) shall be an employee or controlling shareholder of the Bank or any of its affiliates (as the term “affiliate” is defined in 12 U.S.C. § 371c(b)(1)), or a family member of any such person. Upon appointment, the names of the members of the Compliance Committee and, in the event of a change of the membership, the name of any new member shall be submitted in writing to the Assistant Deputy Comptroller. The Compliance Committee shall be responsible for monitoring and coordinating the Bank's adherence to the provisions of this Agreement.
 
 
2

 
(2)  The Compliance Committee shall meet at least monthly and maintain detailed minutes of all meetings.
 
(3)  Within forty-five (45) days, and at the end of each calendar quarter thereafter, the Compliance Committee shall submit a written progress report to the Board setting forth in detail:
 
 
(a)  
a description of the actions needed to achieve full compliance with each Article of this Agreement, including the names of the parties responsible for completing those actions and the specific timeframe for completion of each action;
 
 
(b)  
actions taken to comply with each Article of this Agreement; and
 
 
(c)  
the results and status of those actions.
 
(4)  The Board shall forward a copy of the Compliance Committee's first report, with any additional comments by the Board, to the Assistant Deputy Comptroller within ten (10) days of receiving such report, and shall forward all subsequent Compliance Committee reports, with any additional comments by the Board, to the Assistant Deputy Comptroller within twenty (20) days of each quarter end.
 
 
3


 
ARTICLE III
 
MANAGEMENT AND BOARD SUPERVISION STUDY
 
(1)  The Board has previously engaged an independent management consultant (“Consultant”) to which the Assistant Deputy Comptroller has no supervisory objection. The Board shall contract with and require the Consultant to complete and provide to it, within ninety (90) days, a written report of the Board and current management supervision presently being provided to the Bank, the Bank’s management structure, and its staffing requirements in light of the Bank’s present condition, with particular emphasis in the areas of risk management, internal audit, consumer compliance and Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance. The findings and recommendations of the Consultant shall be set forth in the written Report to the Board and the Report, at a minimum, shall contain:
 
 
(a)  
an analysis of the Board’s composition and committee structure, including committee composition and responsibility, and whether current members possess the knowledge and skills to oversee management of the Bank in a sound manner, with specific recommendations to address any identified weaknesses;
 
 
(b)  
an assessment of whether Board members are receiving adequate information on the operation of the Bank to enable them to fulfill their fiduciary responsibilities and other responsibilities under law, and specific recommendations to expand the scope, frequency and sufficiency of information provided to the Board by management to address any identified weaknesses;
 
 
(c)  
an assessment of whether the content of the Board and committee minutes adequately reflect discussions and decisions, specifically in the areas of the Bank’s internal and external audit activities, compliance management program, BSA/AML program and vendor management practices.
 
 
4

 
 
(d)  
the identification of present and future management and staffing requirements of each area of the Bank, with particular emphasis given to the Executive Management Group, and the Risk Management, Internal Audit, Compliance, and BSA/AML areas;

(e)  
an assessment of the adequacy of written job descriptions for all executive officers and for the direct department heads of Internal Audit, Compliance and the BSA/AML area, including whether accountabilities are appropriately defined;
 
(f)  
an evaluation of the qualifications and abilities of each individual identified in (e) above and a determination of whether each individual possesses the experience and other qualifications required to perform present and anticipated duties of his/her position;
 
(g)  
recommendations as to whether management or staffing changes should be made, including the need for additions to or deletions from the current management team;
 
(h)  
assessment of the objectives by which management's effectiveness is measured and the standards by which employees are held accountable through the Bank’s performance management and compensation programs, with recommendations for any enhancements; and
 
(i)  
an evaluation of current lines of authority, reporting responsibilities and delegation of duties for all officers, including identification of any overlapping duties or responsibilities.
 
(2)  Within sixty (60) days of its receipt of the Consultant’s Report, the Board shall develop, implement, and thereafter ensure Bank adherence to a written plan, with specific time frames, that will correct any deficiencies noted in the Report, including a specific plan to address any staffing issues, qualitative and quantitative, identified in the Report.
 
(3)  The Board shall ensure that the Bank has processes, personnel, and control systems to ensure implementation of and adherence to the plan developed pursuant to this Article.
 
 
5

 
(4)  Copies of the Consultant’s Report and the Board's written plan(s) shall be forwarded to the Assistant Deputy Comptroller. The Assistant Deputy Comptroller shall retain the right to determine the adequacy of the Report and its compliance with the terms of this Agreement. In the event the written plan, or any portion thereof, is not implemented, the Board shall immediately advise the Assistant Deputy Comptroller, in writing, of specific reasons for deviating from the plan.
 
ARTICLE IV
 
INTERNAL AUDIT
 
(1)  Within thirty (30) days, the Board shall review and revise the Bank’s internal audit program and ensure implementation of and Bank adherence to an independent, internal audit program that adequately identifies the Bank’s audit universe and includes a risk-based evaluation of all financial and non-financial areas of the Bank for inclusion in the Bank’s audit plan. The program’s scope, testing, and documentation shall be sufficient to:
 
 
(a)  
ensure the development and maintenance of a risk-based audit plan, covering both financial and non-financial areas of the Bank, that includes risk assessments to support the frequency and scope of reviews for all areas covered by the plan;
 
 
(b)  
ensure that the risk-based audit plan is annually approved by the Board or its designated committee;
 
 
(c)  
ensure that any deviation of sixty (60) days or more from the Board approved audit plan requires, and only occurs with, the prior written approval of the Board or its designated committee;
 
 
(d)  
ensure that the Board or its designated committee maintains a process to track adherence to the approved audit plan;
 
 
6

 
 
(e)  
detect irregularities and weak practices in the Bank's operations;
 
 
(f)  
determine the Bank's level of compliance with all applicable laws, rules and regulations, including consumer compliance and BSA/AML related laws and regulations;
 
 
(g)  
assess and report the effectiveness of policies, procedures, controls, and management oversight relating to each area covered by the audit plan;
 
 
(h)  
evaluate the Bank’s adherence to established policies, procedures and programs, including the Bank’s adherence to the consumer compliance, BSA/AML and third party management programs required to be developed under the terms of this Agreement; and
 
 
(i)  
ensure an appropriate level of testing to support the audit findings in all areas, including in the BSA/AML area, testing that covers the adequacy of the Bank’s:
 
 
(i)  
customer risk identification practices;
 
 
(ii)  
systems for monitoring transactions and accounts for suspicious activity; and
 
 
(iii)  
identification of suspicious activity and compliance with suspicious activity reporting requirements.
 
(2)  As part of this audit program, the Board shall evaluate the audit reports and shall assess the impact on the Bank of any audit deficiencies cited in such reports. If the Board’s designated committee is charged with responsibility for reviewing the audit reports, the committee shall report its findings to the full Board.
 
 
7

 
 
(3)  The Board shall ensure that the Bank has processes, personnel (with respect to both the experience level and number of individuals employed), and control systems to ensure implementation of and adherence to the audit program developed pursuant to this Article.
 
(4)  The Board shall ensure that immediate actions are taken to remedy deficiencies cited in audit reports, and that auditors maintain a written record describing such actions.
 
(5)  Upon adoption, a copy of the internal audit program shall be promptly submitted to the Assistant Deputy Comptroller.

ARTICLE V
 
CONSUMER COMPLIANCE PROGRAM
 
(1)  Within sixty (60) days, the Board shall review and revise the Bank’s consumer compliance program and implement the revised program, and thereafter ensure adherence to the written program which shall be designed to ensure the Bank is operating in compliance with all applicable consumer protection laws, rules and regulations. The program shall include:
 
 
(a)  
written descriptions of the duties and responsibilities of the Compliance Officer and other key positions in the Compliance area, that clearly define authority and accountability;
 
 
(b)  
adequate internal controls to ensure compliance with consumer protection laws, rules, and regulations, including quality assurance reviews to periodically evaluate compliance;
 
 
(c)  
a policies and procedures manual covering all applicable consumer protection laws, rules and regulations for use by appropriate Bank personnel in the performance of their duties and responsibilities, which identifies employee accountability for required procedures;
 
 
8

 
 
(d)  
updates of the written policies and procedures at least semi-annually, or as required by more frequent changes in laws or regulations, to ensure the program remains current;
 
 
(e)  
a formal compliance review process for new or changed products and services;
 
 
(f)  
procedures to ensure that exceptions noted in the audit reports are corrected and responded to by appropriate Bank personnel; and
 
 
(g)  
an education and training program for all appropriate Bank personnel in the requirements of all applicable federal and state consumer protection laws, rules and regulations, with training tailored to each individual’s responsibilities and duties.
 
(2)  Upon adoption, a copy of the program shall be forwarded to the Assistant Deputy Comptroller for review.
 
(3)  The Board shall ensure that the Bank has processes, personnel, and control systems to ensure implementation of and adherence to the program developed pursuant to this Article.

ARTICLE VI
 
BANK SECRECY ACT/ANTI-MONEY LAUNDERING
 
(1)  Within sixty (60) days, the Board shall review and enhance the Bank’s BSA/AML program and ensure implementation and Bank adherence to a written program of policies and procedures to provide for compliance with the Bank Secrecy Act (“BSA”), as amended (31 U.S.C. §§ 5311 et seq.), the regulations promulgated there under at 31 C.F.R. Part 103, as amended, and 12 C.F.R. Part 21, Subparts B and C, and the rules and regulations of the Office of Foreign Assets Control (“OFAC”) (collectively referred to as the “Bank Secrecy Act” or “BSA”) and for the appropriate identification and monitoring of transactions that pose greater than normal risk for compliance with the BSA. This program shall include the following:
 
 
9

 
(a)  
Enhanced policies and procedures, including written criteria, for identification of transactions that pose greater than normal risk for compliance with the Bank Secrecy Act and for the enhanced monitoring of such transactions;
 
 
(b)  
formal evaluation of the knowledge of the Bank’s operational and supervisory personnel of the Bank’s policies and procedures for identifying transactions that pose greater than normal risk for compliance with the Bank Secrecy Act;
 
 
(c)  
enhanced training for bank personnel appropriately tailored to the roles and responsibilities of each job function, and to address any weaknesses identified as a result of the evaluation required in (b);
 
 
(d)  
periodic evaluation of the Bank’s BSA training program to ensure on-going effectiveness of training provided;
 
 
(e)  
enhanced policies and procedures for recording, maintaining, and recalling information about transactions that pose greater than normal risk for compliance with the Bank Secrecy Act;
 
 
(f)  
enhanced policies and procedures for risk rating the bank’s customer base;
 
 
(g)  
on-going risk focused assessment of the Bank’s customer base, products, services, and geographic locations;
 
 
(h)  
well-defined policies and procedures for investigating and resolving the Bank’s response to transactions that have been identified as posing greater than normal risk for compliance with the Bank Secrecy Act;
 
 
 
10

 
 
 
(i)  
adequate controls and procedures to ensure that all suspicious and large currency transactions are identified and reported;
 
 
(j)  
adequate controls and procedures to ensure Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs) are filed accurately and timely, including procedures to ensure that errors noted in internal or external reports are addressed and remedied within specified timeframes;
 
 
(k)  
a method for introducing new products and services that ensures that the policies and procedures governing new products and services are consistent with the Bank’s program for compliance with the Bank Secrecy Act.
 
 
(l)  
a policy that addresses the circumstances under which customer transactions are permitted to be conducted through Bank related accounts with specific documentation requirements to ensure sufficient customer information is obtained and maintained.
 
(2)  Within sixty (60) days, the Board shall review and enhance the Bank’s policies and procedures and ensure implementation and Bank adherence to a written program for the Bank’s monitoring of suspicious cash, monetary instrument and wire transactions, and for other activities involving accounts, customers, products, services, and geographic areas that pose greater than normal risk for compliance with the Bank Secrecy Act. At a minimum, this written program shall include:
 
 
(a)  
reviews of cash purchases of monetary instruments on a periodic basis commensurate with risk;
 
 
(b)  
reviews of wire and cash transactions on a periodic basis commensurate with risk;
 
 
11

 
 
(c)  
analysis of aggregate cash, monetary instrument, and wire activity on a periodic basis commensurate with risk;
 
 
(d)  
analysis of Currency Transaction Report filings on a periodic basis commensurate with risk;
 
 
(e)  
enhanced review of accounts, customers, products, services, and geographic areas that pose greater than normal risk for compliance with the Bank Secrecy Act; and
 
 
(f)  
submission of SARs based on these reviews and analyses, as required.
 
(3)  Within sixty (60) days, the Board shall develop, implement, and thereafter ensure Bank adherence to a written program of policies and procedures to provide for the application of appropriate thresholds for monitoring all types of transactions, accounts, customers, products, services, and geographic areas that pose greater than normal risk for compliance with the Bank Secrecy Act. At a minimum, this written program shall establish:
 
 
(a)  
meaningful thresholds for filtering accounts and customers for further monitoring, review, and analyses;
 
 
(b)  
an analysis of the filtering thresholds established by the Bank; and
 
 
(c)  
periodic testing and monitoring of thresholds for their appropriateness to the Bank’s customer base, products, services, and geographic area.
 
(4)  Within sixty (60) days, the Board shall develop, implement, and thereafter ensure Bank adherence to expanded account-opening procedures for all accounts that pose greater than normal risk for compliance with the Bank Secrecy Act by requiring:
 
 
(a)  
identification of all account owners and beneficial owners in compliance with 31 C.F.R. § 103.121;
 
 
12

 
 
(b)  
identification of the officers, directors, major shareholders or partners, as applicable;
 
 
(c)  
documentation of the following information:
 
 
(i)  
any relevant financial information concerning the customer;
 
 
(ii)  
the type of business conducted by the customer;
 
 
(iii)  
the customer’s source of income or wealth; and
 
 
(iv)  
any other due diligence required by this Agreement, the BSA Officer or the Bank.
 
(5)  The Bank shall obtain the information required in the preceding paragraph (4) of this Article before renewing or modifying an existing customer’s account within the scope of the preceding paragraph (4). 
 
(6)  Within sixty (60) days, the Board shall develop, implement, and thereafter ensure Bank maintenance of an integrated, accurate system for all Bank areas to produce periodic reports designed to identify unusual or suspicious activity, including patterns of activity, to monitor and evaluate unusual or suspicious activity, and to maintain accurate information needed to produce these reports.
 
 
(a)  
the Bank’s system shall be able to link related accounts to evaluate patterns of activity and generate a list of all accounts associated with a relationship;
 
 
(b)  
The Bank’s system shall include information on all high risk customers or accounts (newly established, renewed or modified), which shall be maintained and kept current, including the following information:
 
 
(i)  
the name of the customer;
 
 
(ii)  
the officers, directors and major shareholder of any corporate customer and the partners of any partnership customer;
 
 
13

 
 
(iii)  
any other accounts maintained by the customer and, as applicable, its officers, directors, major shareholders or partners;
 
(iv)  
a detailed analysis of the due diligence performed on the customer and, as applicable, its officers, directors, major shareholders or partners;
 
 
(v)  
any related accounts of the customer at the Bank;
 
 
(vi)  
any action the Bank has taken on the account;
 
 
(vii)  
the purpose and balance of the account; and
 
 
(viii)  
any unusual activity for each account;
 
 
(c)  
The periodic reports shall cover one day, a number of days, and include monthly reports and shall segregate transactions that pose a greater than normal risk for compliance with the Bank Secrecy Act;

(d)  
The periodic reports shall include reports on any type of subpoena received by the Bank and on any law enforcement inquiry directed to the Bank and any action taken by the Bank on the affected account; and
 
 
(e)  
The periodic reports shall include reports deemed necessary or appropriate by the BSA Officer or the Bank.
 
(7)  The BSA Officer or his/her designee shall periodically review, not less than each calendar year, account documentation for all high risk accounts and the related accounts of those customers at the Bank to determine whether the account activity is consistent with the customer’s business and the stated purpose of the account.
 
(8)  The Board shall ensure that the Bank has processes, personnel, and control systems to implement and adhere to the program developed pursuant to this Article.
 
(9)  Upon adoption, a copy of the program shall be forwarded to the Assistant Deputy Comptroller for review.
 
 
 
14

 
ARTICLE VII
 
ACCOUNT/TRANSACTION ACTIVITY REVIEW
 
(1)  Within sixty (60) days, the Bank shall submit to the Assistant Deputy Comptroller for a written determination of no objection, a written plan to review monetary instrument, wire and cash transactions (including structuring) occurring at the Bank since January 1, 2006, and customer accounts that pose greater than normal risk for compliance with the BSA in order to ascertain whether any unusual or suspicious activity may have occurred since January 1, 2006. In the event the Assistant Deputy Comptroller objects in writing to the plan or provides written comments, the Board shall immediately make the necessary revisions to the plan.
 
(2)  Within one hundred and twenty (120) days of receiving a written determination of no objection from the Assistant Deputy Comptroller, the Bank shall complete the account and transaction activity review in accordance with the plan submitted pursuant to paragraph (1) of this Article. Upon completion of this review, the written findings shall be reported to the Board, with a copy to the Assistant Deputy Comptroller. Within thirty (30) days of receiving the written report, the Bank shall file SARs for any previously unreported suspicious activity identified during the review. At the Comptroller’s sole discretion, the Bank may be required to extend the suspicious activity review period to capture transactions and activity occurring at the Bank prior to January 1, 2006, after the written findings are provided to the Assistant Deputy Comptroller.

ARTICLE VIII
 
OUTSOURCING SERVICES TO THIRD PARTIES

(1)  Within ninety (90) days, the Board shall develop, implement, and thereafter adhere to a written program to oversee and manage risks associated with outsourcing services to third parties, including consultants and technology service providers and vendors. The third party management program shall be consistent with OCC Bulletin 2001-47, “Third Party Relationships,” and any applicable guidance listed in the attachment thereto, and the “Outsourcing Technology Services” Booklet of the FFIEC Information Technology Examination Handbook, to the extent applicable. The program shall, at a minimum, include:
 
 
15

 
 
(a)  
an analysis of how the relationship fits into the Bank’s overall business strategy and objectives;
 
 
(b)  
identification of the strategic purposes, benefits, legal aspects, costs and risks associated with the third party relationship;
 
 
(c)  
assessment of internal Bank expertise to evaluate and manage the activity and the third-party relationship;
 
 
(d)  
an initial and on-going due diligence process that identifies qualitative and quantitative aspects, both financial and operational, of the third party to assess whether the third party can help the bank achieve its strategic goals;
 
 
(e)  
the execution of enforceable contracts that clearly define the expectations and obligations of the each party and include, as appropriate, the following:
 
 
(i)  
scope of the arrangement, including the frequency, content and format of the services to be provided, training of bank employees, customer service, and whether or not the service provider may subcontract any of its obligations;
 
 
(ii)  
performance measures that clearly specify the expectations and responsibilities for both parties;
 
 
16

 
 
(iii)  
identification of the frequency and content of specific reports the third party is required to provide to the Bank to assess performance, service levels, and risks;
 
 
(iv)  
thresholds and procedures for notifying the Bank when service disruptions, security breaches or other events that pose a material risk to the Bank occur;
 
 
(v)  
the right to audit the third party (and any of its subcontractors) as needed to monitor contract performance and identification of the types and frequency of audit information the Bank is entitled to receive from the third party;
 
 
(vi)  
a full description of the compensation, fees, calculations for base services or any special charges that may be imposed, including conditions under which the cost structure may be changed, and to the extent applicable, standards and documentation required for reimbursement of any expenses chargeable to the Bank;
 
 
(vii)  
whether and how the third party has the right to use the Bank’s data and whether any records generated by the third party are the property of the Bank;
 
 
(viii)  
standards for maintaining the confidentiality and security of the Bank’s information;
 
 
(ix)  
provision and standards for business resumption and contingency plans;
 
 
(x)  
stipulation of events constituting default, available remedies and opportunities to cure defaults, and identification of termination rights, including a provision that enables the Bank to terminate the contract, upon reasonable notice and without penalty, in the event the OCC formally objects to the particular third-party arrangement; and
 
 
17

 
 
(xi)  
to the extent terms limiting third party liability are included, only limits on liability that are proper in proportion to the amount of loss the Bank might experience as a result of the third party’s failure to perform.
 
 
(f)  
on-going oversight of the third party’s activities and performance, including the designation of a bank officer responsible for the administration and oversight of third party relationships, and assignment of sufficient staff with the necessary expertise to:
 
 
(i)  
monitor the third party’s financial condition;
 
 
(ii)  
monitor the third party’s controls, including review of audit information; policies relating to internal controls and security; business resumption contingency planning and testing; and compliance with applicable laws and regulations, including the BSA and consumer laws and regulations;
 
 
(iii)  
monitor key third party personnel changes and assess how such changes may impact the Bank;
 
 
(iv)  
review information documenting the third party’s performance relative to service level agreements and determine whether contractual terms and conditions are being met, or whether any revisions to service-level agreements or other terms are needed;
 
 
 
18

 
 
(v)  
document and follow-up on performance problems in a timely manner;
 
 
(vi)  
determine the adequacy of training provided to bank employees;
 
 
(vii)  
periodically meet with contract parties to discuss performance and operational issues;
 
 
(g)  
documentation of the Bank’s oversight of third party activities and performance including:
 
 
(i)  
a list of third parties deemed critical to the operation of the Bank or for which the Bank spends substantial amounts of money;
 
 
(ii)  
valid, current and complete contracts;
 
 
(iii)  
business plans for new lines of business or products that identify management’s planning process, decision making and due diligence in selecting a third party;
 
 
(iv)  
regular risk management and performance information received from the third party (e.g., audit information, security reviews, reports or information indicating compliance with service-level agreements); and
 
 
(v)  
regular reports to the Board, or its delegated committee, of the results of the Bank’s ongoing oversight activities.
 
(2)  Within one hundred and twenty (120) days, the Board shall review each of the Bank’s current arrangements with any third party consultant or servicer and prepare a written analysis detailing whether and how each arrangement complies with the third party management program required to be developed under paragraph (1) of this Article. The Board’s analysis shall include an evaluation of the extent to which the third party is meeting the Bank’s expectations in providing the services for which it was contracted. For each consultant or servicer arrangement that does not meet the requirements of the program required under paragraph (1), or in the event any consultant or servicer is not meeting its
 
 
19

 
 
obligations under the terms of an existing contract, the Board shall prepare, within 60 days of completing its review, a written plan of the steps it will take to address any identified deficiencies, including how the Bank will terminate the arrangement in the event the Board is unable to address an identified deficiency. In the event the written plan, or any portion thereof, is not implemented, the Board shall immediately advise the Assistant Deputy Comptroller, in writing, of specific reasons for deviating from the plan.
 
(3)  For each review it must undertake pursuant to paragraph (2) above, the Board shall indicate whether:
 
(a)  
legal counsel was involved in the negotiation of any contracts executed with the third party;
 
(b)  
prior to entering into any contract executed within one year from the effective date of this Agreement, the Board or Bank counsel reviewed any existing contract with the third party to determine whether the third party was already obligated to provide any of the services covered under the terms of the new contract, and the Board or Bank counsel’s determination in that regard; and
 
(c)  
the contract is on market terms and fair and equitable to the Bank.
 
(4)  The Bank shall not enter into any new or renegotiate any existing third party outsourcing arrangement which does not meet the requirements of the third party management program required to be developed under paragraph (1) of this Article.
 
(5)  The Board shall submit copies of the program, analyses and plans required under the terms of this Article to the Assistant Deputy Comptroller for review.
 
 
20

 
(6)  The Board shall ensure the Bank has processes, personnel, and control systems to ensure implementation of and adherence to the programs and plans developed pursuant to this Article.

ARTICLE IX
 
VIOLATIONS OF LAW
 
(1)  The Board shall immediately take all necessary steps to ensure that Bank management corrects each violation of law, rule or regulation cited in the ROE. The quarterly progress reports required by Article II of this Agreement shall include the date and manner in which each correction has been effected during that reporting period.

ARTICLE X
 
CLOSING
 
(1)  Although the Board has agreed to submit certain programs and reports to the Assistant Deputy Comptroller for review or prior written determination of no supervisory objection, the Board has the ultimate responsibility for proper and sound management of the Bank.
 
(2)  It is expressly and clearly understood that if, at any time, the Comptroller deems it appropriate in fulfilling the responsibilities placed upon him by the several laws of the United States of America to undertake any action affecting the Bank, nothing in this Agreement shall in any way inhibit, estop, bar, or otherwise prevent the Comptroller from so doing.
 
(3)  Any time limitations imposed by this Agreement shall begin to run from the effective date of this Agreement. Such time requirements may be extended in writing by the Assistant Deputy Comptroller for good cause upon written application by the Board.
 
 
21

 
(4)  The provisions of this Agreement shall be effective upon execution by the parties hereto and its provisions shall continue in full force and effect unless or until such provisions are amended in writing by mutual consent of the parties to the Agreement or excepted, waived, or terminated in writing by the Comptroller.
 
(5)  This Agreement is intended to be, and shall be construed to be, a supervisory “written agreement entered into with the agency” as contemplated by 12 U.S.C. § 1818(b)(1), and expressly does not form, and may not be construed to form, a contract binding on the Comptroller or the United States. Notwithstanding the absence of mutuality of obligation, or of consideration, or of a contract, the Comptroller may enforce any of the commitments or obligations herein undertaken by the Bank under his supervisory powers, including 12 U.S.C. § 1818(b)(1), and not as a matter of contract law. The Bank expressly acknowledges that neither the Bank nor the Comptroller has any intention to enter into a contract. The Bank also expressly acknowledges that no officer or employee of the Office of the Comptroller of the Currency has statutory or other authority to bind the United States, the U.S. Treasury Department, the Comptroller, or any other federal bank regulatory agency or entity, or any officer or employee of any of those entities to a contract affecting the Comptroller’s exercise of his supervisory responsibilities. The terms of this Agreement, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements or prior arrangements between the parties, whether oral or written.
 
IN TESTIMONY WHEREOF, the undersigned, authorized by the Comptroller, has hereunto set her hand on behalf of the Comptroller.

 
/s/ Jennifer Kelly   January 29, 2007
Jennifer Kelly
Deputy Comptroller
Midsize and Credit Card Bank Supervision
 
Date
 
 
 
22


 
IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of Directors of the Bank, have hereunto set their hands on behalf of the Bank.

     
/s/ Gary L. Nalbandian   January 26, 2007
 
 
/s/ James R. Adair
 
Date
 
January 26, 2007
 
/s/ John J. Cardello
 
Date
 
January 26, 2007
/s/ Douglas S. Gelder
 
Date
 
January 26, 2007
/s/ Alan R. Hassman
 
Date
 
January 26, 2007
/s/ Howell C. Mette
 
Date
 
January 26, 2007
/s/ Michael A. Serluco
 
Date
 
January 26, 2007
 
 
/s/ Samir J. Srouji, MD
 
Date
 
January 26, 2007
   
Date
 
 
 
23