Exhibit 10.39
Confidential Materials omitted and filed separately with the
Securities and Exchange Commission. Asterisks denote omissions.
LOAN PROGRAM AGREEMENT
This Loan Program Agreement (the “Agreement”) is entered into this 20th day of April, 2010 (the “Execution Date”), by and among First Marblehead Education Resources, Inc., a Delaware corporation having its principal offices at One Cabot Road, Medford, Massachusetts 02155 (“FMER”), The First Marblehead Corporation, a Delaware corporation having its principal offices at 800 Boylston Street, 34th Floor, Boston, Massachusetts 02199 (“FMC”), and SunTrust Bank, a Georgia state-chartered banking corporation having an office located at 1001 Semmes Avenue, Richmond, Virginia 23224 (“SunTrust”). FMER, FMC and SunTrust are hereinafter collectively referred to as the “Parties” and each individually as a “Party”.
WHEREAS, FMER and/or FMC are in the business of providing private student loan outsourcing solutions, such as program design, marketing, processing, underwriting, origination and/or portfolio administration services, to banks and other financial institutions;
WHEREAS, FMC desires to provide certain credit enhancement with respect to Loans (as defined below) originated under this Agreement;
WHEREAS, SunTrust desires to retain FMER to provide the student loan outsourcing solutions as set forth in this Agreement; and
WHEREAS, the Parties will enter into a Servicing Agreement executed and effective in 2010, with the Pennsylvania Higher Education Assistance Agency (the “Servicing Agreement”).
NOW THEREFORE, in consideration of the promises and the mutual covenants and agreements contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:
ARTICLE 1. DEFINITIONS; RULES OF CONSTRUCTION
1.1 Definitions. Capitalized terms used in this Agreement have the meanings set forth below.
“Additional Institution” means a post-secondary educational institution located in a SunTrust Sales State that has a cumulative cohort default rate of over [**]% in the past two cohort years, as reported by the U.S. Department of Education, but which shall nevertheless be treated as an Eligible Institution under this Agreement, under the terms set forth in Section 2.8.1. The list of Additional Institutions as of the Execution Date is set forth in the Program Guidelines.
“Advertising Firms” has the meaning set forth in Section 2.7.1 herein.
“Affiliate” means, with respect to an entity, another entity that at the time in question, directly or indirectly, owns or controls, is owned or controlled by, or is under common ownership or common control with the first entity. For purposes of this Agreement, “control” shall mean the power to direct the management or affairs of an entity, the terms “common control” and “controlled by” shall have meanings correlative to the foregoing, and “ownership” shall mean the beneficial ownership of more than fifty per cent (50%) of the equity securities of the entity.
“Applicant” means all co-applicants for a Loan under the Program Guidelines, including any proposed Borrower and any proposed Cosigner who begins an Application, regardless of whether the Application is complete.
“Applicant Information” has the meaning set forth in Section 3.8.5.2 herein.
“Application” means a consumer’s application, whether in whole or in part, for a Loan under this Program and originated via FMC’s or FMER’s URI/URL or the SunTrust URI/URL.
“Application and Solicitation Disclosure” means the disclosure required by 12 C.F.R. § 226.47(a) and Section 128(e)(1) of the federal Truth-in-Lending Act.
“Approval Disclosure” means the disclosure required by 12 C.F.R. § 226.47(b) and Section 128(e)(2) of the federal Truth-in-Lending Act.
“Approved Collectors” means a subcontracted collection agency used by FMER and identified on Schedule 2 to Exhibit D.
“Article 9” has the meaning set forth in Section 7.1.10 herein.
“Average Daily Balance” means the average daily principal (including financed fees) and accrued interest balance of all Loans in a Pool during a given calendar month, as reported by the Servicer as of the last day of such month.
“Books and Records” means all books and records necessary to service and collect the Loans and specifically relating to the Loans, including: Applications, statements, credit and collection files, file maintenance data, Credit Agreements, disclosure statements, credit information files, correspondence, whether in documentary form or on magnetic tape, computer disk or other form, and any other records that evidence ownership or relate to servicing, administering or enforcing the Loans. “Books and Records” shall not include general corporate financial and other records, income tax returns, specific files of individual employees or other corporate records not specifically relating to the Loans or which relate to the Loans with respect to which information relating to the Loans cannot reasonably be extracted.
“Borrower” means the individual person, or all individual persons collectively, including all Student Borrowers and Cosigners, who execute a Credit Agreement individually or, in the case of multiple Borrowers, severally and jointly, for the purpose of obtaining a Loan from SunTrust under the Program, and who have proceeds disbursed under the Credit Agreement.
“Business Day” means any day other than (a) a Saturday or a Sunday, or (b) a day on which banking institutions in the State of Georgia are authorized or obligated by law or executive order to be closed.
“CDAs” has the meaning set forth in Section 3.6.3.3 herein.
“Change in Control” means any of the following with respect to any of the Parties: (1) the acquisition or a series of acquisitions within six (6) months of each other by any other entity, individual or group (within the meaning of Sections 13(d)(3) or 14(d)(2) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) of beneficial ownership (as defined in Rule 13d-3 promulgated under the Exchange Act) of more than fifty percent (50%) of the common stock and/or other securities which have more than fifty percent (50%) of the combined voting power of the securities entitled to vote in the election of directors of such Party; or (2) the sale of all or substantially all of the assets of such Party to any other entity, individual or group; or (3) the reorganization, merger or consolidation of such Party in which the shareholders of such Party immediately before such event will not immediately thereafter own more than fifty percent (50%) of the combined voting power entitled to vote in the election of directors of the reorganized, merged or consolidated Party’s voting securities. A “Change in Control” shall not include any transactions with an entity that is an Affiliate of such Party immediately prior to such transaction.
“Charged Off Loan” means a Loan that is at least [**] days delinquent in principal and interest or interest only or partial interest payments or that has experienced an event of default, as set forth in the Program Guidelines.
“Collegiate Custom Choice” means the product sourced through the FMC URI/URL.
“Combination Program” means a private student loan program that offers [**] to Applicant(s) simultaneously when the Applicant(s) is/are configuring a loan by selecting specific loan terms and parameters.
“Commodity Vendors” has the meaning set forth in Section 2.7.3 herein.
“Compensation Schedule” means the schedule attached hereto as Exhibit B, showing FMC’s compensation for each Pricing Segment.
“Confidential Business Information” has the meaning set forth in Section 14.2.3 herein.
“Consumer Information” means (a) “nonpublic personal information” as such term is defined by the Privacy Requirements; and (b) any personally identifiable information or records in any form (oral, written, graphic, electronic, machine-readable, or otherwise) relating to a consumer, including a consumer’s name, address, telephone number, Social Security number, e-mail address, account number, loan payment or transactional account history, account status; and the fact that the consumer has a relationship with SunTrust.
“Cosigner” means a person other than the Student Borrower who executes a Credit Agreement with a Student Borrower and thereby assumes joint and several liability for the Loan.
“Costs and Fees” has the meaning set forth in Section 17.3 herein.
“Credit Agreement” means the loan request and credit agreement, or other form of consumer debt instrument, evidencing a Borrower’s obligation to repay the Loan, in the form attached to the Program Guidelines.
“Damages” has the meaning set forth in Section 16.1 herein.
“Default Prevention Services” means the services described in Section 4.6 herein.
“Delinquent Loan” means any Loan other than a Charged Off Loan with respect to which any payment is [**] days or more past due.
“Disbursed Loan Amount” means the total principal balance (including financed fees) of Loans actually disbursed to the Borrower’s Eligible Institution, by means of electronic transfer or paper check, net of post-disbursement cancellations whether in whole or part, and subject to the Program Guidelines.
“Disbursement Date” means the date or dates on which Loan funds are transmitted to the Student Borrower’s Eligible Institution or to the CDA, which date shall be no earlier than the end of the cancellation period set forth in the Final Disclosure in accordance with the Requirements of Law.
“Disclosing Party” has the meaning set forth in Section 14.2.5 herein.
“Early Awareness Services” means the services described in Section 4.5 herein.
“Effective Date” means the date established in the Effective Date Communication pursuant to Section 18.1.1 of this Agreement.
“Effective Date Communication” has the meaning set forth in Section 18.1.1 herein.
“Effectiveness Conditions” has the meaning set forth in Section 18.1.1 herein.
“Eligible Institution” means a post secondary educational institution approved by SunTrust for receipt of Loan funds in conformity with Program Guidelines and included in the list of Eligible Institutions adopted as of the Execution Date in Section 2.8 and set forth in the Program Guidelines.
“Execution Date” has the meaning set forth in the first paragraph of this Agreement.
“Expected Charged Off Loan Volume” means, as established by the Parties from time to time, (a) initially, the Expected Loan Volume that is expected to become a Charged Off Loan, and (b) for each calendar quarter after Loan origination begins, the total principal (including financed fees) and accrued interest on the Disbursed Loan Amount that is expected to default (within the meaning set forth in the Program Guidelines). The Expected Charged Off Loan Volume shall change each quarter during the Term to reflect the distribution of the Disbursed Loan Amount in Loan pricing tiers.
“Expected Loan Volume” means the total principal amount (including financed fees) of Loans expected to be funded by SunTrust for the related Pool during each 12-month period subsequent to the Effective Date of this Agreement.
“Final Disclosure” means the disclosure required by 12 C.F.R. § 226.47(c) and Section 128(e)(4) of the federal Truth-in-Lending Act.
“Final Services Termination Period” has the meaning set forth in Section 18.1.2.
“Fixed Rate Loan” means any Loan with respect to which the interest rate for such Loan is determined in relation to a specific fixed rate for the term of the Loan.
“FM Indemnified Party” means FMC, FMER, each Affiliate of FMC, each Affiliate of FMER, and each of the respective current, former and future officers, directors and employees of any of the foregoing.
“FMC Custom Model Property” means, for the purposes of this Agreement, FMC’s custom and proprietary score model and all deliverables, materials, software, flowcharts, ideas, concepts, designs, and reports or other analyses which relate to FMC’s custom and proprietary score model including any modifications, enhancements or derivative works thereof.
“FMC Intellectual Property”, as used in Section 16.2 and Section 16.3 only, has the meaning set forth in Section 16.2 herein.
“FMC Materials” means all promotional material prepared by FMC in providing Production Support Services, including responses to Eligible Institutions’ requests for proposals, printed materials, brochures, email content, television and radio content, telemarketing scripts, fliers, inserts and any web sites or web pages promoting Program Loans.
“FMC Production Support Services Activities” has the meaning set forth in Section 2.3.
“FMC Production Support Services Work Product” has the meaning set forth in Section 2.3.
“FMC Sales States” has the meaning set forth in Section 2.2.1 and listed in Schedule 1 to Exhibit E hereto.
“FMC Share of Portfolio Yield” means, for any given month, the aggregate total for all Pricing Segments of the amount to be earned by FMC for the Loans in each Pricing Segment, calculated as (a) the amount of the margin earned by FMC for the Loans in each Pricing Segment as shown on the Compensation Schedule, divided by the Borrower margin in each such Pricing Segment, multiplied by (b) the Monthly Accrued Interest less, with respect to Variable Rate Loans, interest accrued attributable to the LIBOR index.
“FMC URI/URL” means a dedicated web link obtained and maintained by FMC which tracks consumer traffic and loan application requests resulting from FMC’s marketing efforts in connection with the Program.
“FMC Website” means the FMC-created and managed website separate and apart from the SunTrust Website used to direct potential Borrowers to the Program online application.
“FMER Funding Account” means an account in FMER’s name maintained at a FDIC-insured depository institution, into which FMER will deposit Loan funds for disbursement after receiving them from the SunTrust Disbursement Account via automated clearinghouse debit.
“Force Majeure Event” has the meaning given such term in Section 19.11 herein.
“Forward Looking Materials” has the meaning set forth in Section 4.1.3.
“Fraud Database Data” has the meaning set forth in Section 3.10.2.
“Governmental Authority” means the federal government of the United States, any state government, or any political subdivision of either, or any agency, court or body of the federal government of the United States, of any state, or of any other political subdivision of either, exercising executive, legislative, judicial, regulatory or administrative functions.
“Indemnified Party” means a SunTrust Indemnified Party or a FM Indemnified Party, as applicable.
“Indemnifying Party” means a Party that is obligated to indemnify an Indemnified Party pursuant to the provisions of Section 16 herein.
“Information Security Program” means the written policies and procedures adopted and maintained to (a) ensure the security and confidentiality of Consumer Information; (b) protect against any anticipated threats or hazards to the security or integrity of Consumer Information; and (c) protect against unauthorized access to or use of Consumer Information that could result in substantial harm or inconvenience to SunTrust or any consumer.
“Initial Participation Account Deposit” means [**] percent ([**]%) of the product of the Expected Loan Volume for the Pool, multiplied by the Participation Percentage.
“Initial Vendors” means the vendors shown on Schedule 4 to Exhibit D.
“Insurance Requirements” has the meaning set forth in Section 10.1 herein.
“Intellectual Property” has the meaning set forth in Section 11.1 herein.
“Interagency Guidelines” means the applicable Interagency Guidelines Establishing Information Security Standards and codified at 12 C.F.R. Parts 30, 208, 211, 225, 263, 308, 364, 568, and 570.
“Loan” means a loan of funds, including all disbursements thereof and financed fees, made by SunTrust to a Borrower under the Program.
“Loan Origination Fee” means a fee that is: (i) charged by SunTrust to the Borrower of a Loan; (ii) equal to the amount set forth in the Pricing Schedule; and (iii) financed as a part of the Loan amount.
“Loan Processing Fees” means that fee set forth in Section 6.3.1 herein.
“Loan Processing Services” means those services set forth in Article 3 herein.
“Marketers” has the meaning set forth in Section 2.7.1 herein.
“MG Private Student Loan Trust 2010-1” means the trust to be established by FMC to purchase and hold Charged Off Loans.
“Monthly Accrued Interest” means, for each calendar month, the amount of interest that accrues on all outstanding Loans in a given Pricing Segment during such month.
“Notice” has the meaning set forth in Section 17.1 herein.
“NPPI” has the meaning set forth in Section 14.2.4 herein.
“OFAC” has the meaning set forth in Section 3.8.1 herein.
“Online Application System” means the internet-based system used by FMER for the (a) intake of Application information from Applicants, (b) rendering and reporting of credit decisions on Applications, (c) delivery of Credit Agreements and disclosures required by Requirements of Law, including Truth-in-Lending Disclosures, and (d) loan status information and details.
“Outstanding Loan Volume” means, with respect to any Pool, the amount of Loan volume that remains outstanding to SunTrust, and is not a Charged Off Loan for which a payment from the Participation Account has previously been made, as reflected on the Servicer’s servicing system and reported by the Servicer to SunTrust and FMC on a monthly basis.
“Participation Account” means an interest-bearing account held by SunTrust for the benefit of FMC and SunTrust at SunTrust, which account shall hold Participation Account Deposits made by FMC and shall be subject to the terms of this Agreement.
“Participation Account Administrative Fee” for each month during the Term, means [**]% multiplied by the Average Daily Balance, divided by [**]. During the Term, the Participation Account Administrative Fee shall be modified quarterly as set forth in Section 7.1.5 of the Agreement to reflect the extent to which the distribution of the Disbursed Loan Amount among pricing tiers changes the Projected Default Rate for the Pool.
“Participation Account Deposits” has the meaning set forth in Section 7.1.1 herein.
“Participation Account Excess Percentage” has the meaning set forth in Section 7.1.6 herein.
“Participation Account Payment” means the payments which are made by SunTrust to FMC from the Participation Account pursuant to Section 7.1.6.
“Participation Cap” shall mean [**] dollars ($[**]), inclusive of the amount of the Initial Participation Account Deposit for each Pool, plus any amount over [**] dollars ($[**]) associated with the credit enhancement of Loans funded pursuant to Sections 7.1.11 and 18.4.
“Participation Interest” means the Participation Percentage multiplied by Expected Loan Volume. During the Term, the Participation Interest shall be modified quarterly as set forth in Sections 7.1.1 and 7.1.3 of the Agreement to reflect the extent to which the distribution of the Disbursed Loan Amount among Borrower pricing tiers changes the Projected Default Rate for the Pool.
“Participation Percentage” means an amount equal to [**] times the Projected Default Rate.
“Person” means a natural person, a partnership, a corporation, a limited liability company, a joint stock company, a business trust or other entity or association.
“Personnel” means the employees, contractors, subcontractors, and agents of a Party.
“Pool” means Loans funded during a 12-month period commencing on the Effective Date of this Agreement or any anniversary thereof.
“Portfolio Management Services” means Default Prevention Services and Early Awareness Services and all other services to be provided pursuant to Sections 4.4 through and including 4.8 herein.
“Portfolio Yield” means the sum of Monthly Accrued Interest for all Loans for which are not Charged Off Loans.
“Pricing Schedule” means the loan pricing for each Pricing Segment set forth in the Program Guidelines, including the Borrower loan pricing portion which SunTrust may modify from time to time, subject to the provisions of Section 3.7.
“Pricing Segment” means each of the [**] discrete interest rate and fee combinations shown in the Pricing Schedule, with, as of the Execution Date, [**] discrete interest rate and fee combinations for Fixed Rate Loans and [**] discrete interest rate and fee combinations for Variable Rate Loans, along with each discrete interest rate and fee combination shown in the Pricing Schedules adopted after the Execution Date.
“Privacy Notice” means SunTrust’s privacy policy adopted pursuant to Regulation P.
“Privacy Requirements” means (a) Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq.; (b) federal regulations implementing such act and codified at 12 C.F.R. Parts 40, 216, 332, and 573; (c) Interagency Guidelines; and (d) other applicable federal and state laws, rules, regulations, and orders relating to the privacy and security of Consumer Information.
“Production Support Plan” means the FMC plan for selling the Program to Eligible Institutions in the FMC Sales States, as set forth in Schedule 2 to Exhibit E attached hereto, as modified by written agreement of SunTrust and FMC from time to time.
“Production Support Reports” has the meaning set forth in Section 2.5 herein.
“Production Support Services” means the support services to be provided pursuant to Article 2 herein.
“Program” means SunTrust’s loan program as described in the Program Guidelines.
“Program Administration Services” means Program analytics and development, administration of post-disbursement loan servicing, and Participation Account administration services to be provided pursuant to Sections 4.1, 4.2, and Article 7 of the Agreement.
“Program Administration Services Fee” means the fee paid to FMC pursuant to Section 6.5 hereof calculated as the FMC Share of Portfolio Yield, less the Program Support Services Fee, less the Participation Account Administration Fee.
“Program Guidelines” means the Program Guidelines attached to the Agreement as Exhibit F, which include loan origination guidelines, underwriting guidelines, product terms and features, Borrower fees, Borrower Credit Agreements, Servicing Guidelines, Applicant disclosures and forms of Truth-in-Lending Disclosure Statements and other disclosures required by Requirements of Law.
“Program Support Services” means those services set forth in Article 4 herein.
“Program Support Services Fee” means the fee paid to FMC pursuant to Section 6.4.1 hereof.
“Projected Default Rate” means a percentage, the numerator of which shall be the Expected Charged Off Loan Volume and the denominator of which shall initially be the Expected Loan Volume. Each calendar quarter during the Term, the Projected Default Rate shall be modified by using as the denominator Disbursed Loan Amount as of quarter-end.
“Proprietary Information” has the meaning set forth in Section 14.2.1 herein.
“Purchase Price” has the meaning set forth in Section 5.2 herein.
“Purchased Loan” has the meaning set forth in Section 5.1 herein.
“Receiving Party” has the meaning set forth in Section 14.2.6 herein.
“Recoveries” shall mean amounts received by FMC, FMER, or any of their Affiliates from or on behalf of Borrowers in payment of principal of, interest on, and late fees with respect to, Charged Off Loans with respect to which SunTrust has received funds from the Participation Account, net of collection fees and attorneys’ fees.
“Regulation P” means such regulation as is set forth at 12 C.F.R Part 216.
“Requirements of Law” means, with respect to any Party, any certificate of incorporation, articles of association and, as applicable, by-laws or other organizational or governing documents of such Party, and each of the following, in each case to the extent applicable to and binding on such Party, its property or, in connection with this Agreement, its agents: (a) any federal, state, county or local law, ordinance, statute, rule, regulation, judgment, order, decree, injunction, permit, issuance or other determination or finding of any Governmental Authority or self-regulatory organization or final and binding determination of any arbitrator applicable to or binding upon such Party or to which such Party is subject, and (b) any treaty, rule or regulation, regulatory guidance or determination of (or agreement with) an arbitrator or Governmental Authority (including usury laws, the Federal Truth in Lending Act; Regulation B and Regulation Z of the Board of Governors of the Federal Reserve System; the Equal Credit Opportunity Act; the Privacy Requirements; the Fair Credit Reporting Act; the Fair and Accurate Credit Transactions Act; the federal Fair Debt Collections Practices Act; the USA PATRIOT Act; the Bank Secrecy Act and other state and federal laws or regulations relating to anti-money laundering compliance; federal and state and local tax laws, rules and regulations; and rules and regulations relating to consumer protection, installment sales, telemarketing, unfair and deceptive trade practices and collections, as each is amended from time to time).
“Roster Date” means, for any particular Loan, the date that is at least one Business Day prior to a scheduled Disbursement Date for such Loan, and shall be the date on which FMER provides to SunTrust a disbursement roster listing the Disbursement Date and disbursement amount for such Loan.
“Sanctions” has the meaning set forth in Section 3.8.1 herein.
“Security Systems” has the meaning set forth in Section 15.3.1 herein.
“Servicer” means Pennsylvania Higher Education Assistance Agency, (d/b/a American Education Services), a public corporation and governmental instrumentality organized under the laws of the Commonwealth of Pennsylvania, 1200 North Seventh Street, Harrisburg, Pennsylvania 17102, or another loan servicer mutually acceptable to SunTrust and FMC.
“Services” means Production Support Services, Loan Processing Services and Program Support Services, as well as any additional services agreed to by the Parties in writing to be performed under the Agreement.
“Servicing Agreement” refers to the Servicing Agreement that will be entered into or to be entered into by and among Servicer, SunTrust and FMC with respect to servicing of Loans, as amended from time to time.
“Servicing Guidelines” means the document by that name included as part of the Servicing Agreement among the Parties and the Servicer.
“Student Borrower” means the individual person who is enrolled at an Eligible Institution at the time of Application, executes a Credit Agreement for the purpose of obtaining a Loan from SunTrust under the Program, and who has proceeds disbursed under the Credit Agreement.
“Subcontractor” means any third party retained by FMC and/or FMER, as applicable, and approved by SunTrust in conformity with the requirements of this Agreement to perform part of the Services.
“SunTrust Disbursement Account” means an account maintained at SunTrust into which SunTrust deposits Loan funds for disbursement.
“SunTrust Indemnified Party” means SunTrust and its Affiliates, and each of their respective current, former and future officers, directors and employees.
“SunTrust Marks” means the trade names, trademarks, logos or service marks of SunTrust and its Affiliates set forth in Exhibit G, any trade names, trademarks, logos or service marks used by SunTrust or any of its Affiliates in connection with its full-service retail banking business, and any other trade names, trademarks, logos or service marks that are used by SunTrust or any of its Affiliates to identify itself to the public in connection with educational loans, including the “Custom Choice” mark.
“SunTrust Materials” means all promotional materials that include SunTrust Marks and subject to SunTrust written approval, including responses to Eligible Institutions’ requests for proposals, printed materials, brochures, email content, television and radio content, telemarketing scripts, fliers, inserts and any web sites or web pages promoting Loans.
“SunTrust Portfolio Income” means the portion of the Portfolio Yield due to SunTrust, which shall be equal to the Portfolio Yield, less the FMC Share of Portfolio Yield.
“SunTrust Sales States” has the meaning set forth in Section 2.2.1 herein and listed in Schedule 1 of Exhibit E hereto.
“SunTrust URI/URL” means a SunTrust dedicated web link obtained and maintained by SunTrust which tracks consumer traffic and loan application requests resulting from SunTrust’s marketing efforts in connection with the Program.
“SunTrust Website” means the SunTrust-created and managed website used to direct potential Borrowers to the Program online application.
“Term” has the meaning set forth in Section 18.1.2 herein.
“Third-Party Offers” has the meaning set forth in Section 4.3.1 herein.
“Title X” means Title X of the Higher Education Opportunity Act of 2008, P.L. 110-315, 122 Stat. 3478, and its implementing regulations duly adopted by federal regulatory agencies, including but not limited to the Federal Reserve Board’s Regulation Z.
“Trade Secrets” has the meaning set forth in Section 14.2.2 herein.
“Transition Period” has the meaning set forth in Section 18.3.2 herein.
“Truth-in-Lending Disclosure Statements” shall mean the forms of private student loan application and solicitation disclosures, approval disclosures, and final disclosures required by Title X, as approved by SunTrust.
“USA Patriot Act” has the meaning set forth in Section 3.8.4 herein.
“Variable Rate Loan” means any Loan with respect to which the interest rate for such Loan is determined in relation to a published rate index and changes on a monthly basis in accordance with the terms of the Program Guidelines and the Credit Agreements.
“Volume Threshold” has the meaning set forth in Section 2.8.1.
1.2 Certain Rules of Construction. Except as otherwise explicitly specified to the contrary,
1.2.1 References to a Section, Exhibit or Schedule means a Section of, or Schedule or Exhibit to, this Agreement,
1.2.2 The words “including,” “include” and “includes” will be construed as “including without limitation,” “include without limitation” or “includes without limitation,” as applicable,
1.2.3 References to a particular statute or regulation include all rules and regulations promulgated thereunder and any applicable predecessor or successor statute or regulation, in each case as amended or otherwise modified from time to time,
1.2.4 Words in the singular or plural form include the plural and singular form, respectively,
1.2.5 Where specific language is used to clarify or illustrate by example a general statement contained herein, such specific language shall not be deemed to modify, limit or restrict the construction of the general statement which is being clarified or illustrated,
1.2.6 Any article, section, subsection, paragraph or subparagraph headings contained in this Agreement and the recitals at the beginning of this Agreement are for reference purposes only and shall not affect in any way the meaning or interpretation of this Agreement (other than with respect to any defined terms contained in the recitals),
1.2.7 The word “or” whenever used in this Agreement is used in the inclusive sense of “and/or” and not the exclusive sense of “either/or,”
1.2.8 All references to “the Agreement” or “this Agreement” in this Agreement shall mean “this Agreement as amended,”
1.2.9 Whenever the words “herein,” “hereto,” “hereof” or “hereunder” or “this Agreement” are used in this Agreement, they shall be deemed to refer to this Agreement as a whole including Exhibits and Schedules hereto, and not to any specific section nor to exclude any Exhibits or Schedules hereto, and
1.2.10 Any reference made in this Agreement to a statute or statutory provision shall mean such statute or statutory provision as it has been amended through the date as of which the particular portion of the Agreement is to take effect, or to any successor statute or statutory provision relating to the same subject as the statutory provision so referred to in this Agreement, and to any then-applicable rules or regulations promulgated thereunder, unless otherwise provided.
ARTICLE 2. PRODUCTION SUPPORT SERVICES.
2.1 Use of SunTrust Marks. SunTrust hereby grants to each of FMC and FMER a limited, royalty-free, nonexclusive license to use the SunTrust Marks during the Term as necessary to solicit Loans until the termination date of this Agreement and pursuant to the provisions of this Agreement, to use the SunTrust Marks on and in connection with SunTrust Materials and in connection with the ongoing origination services. Each of FMC and FMER acknowledges and agrees that (i) it is not acquiring any right, title or interest in the SunTrust Marks and that the SunTrust Marks, all rights therein, and the goodwill associated therewith, are, and shall remain, the exclusive property of SunTrust; (ii) it shall take no action that would reasonably be expected to adversely affect SunTrust’s exclusive ownership of the SunTrust Marks or the goodwill associated with the SunTrust Marks; and (iii) any and all goodwill arising from use of the SunTrust Marks by FMC and/or FMER shall inure to the benefit of SunTrust. Nothing herein shall give FMC or FMER any right, title, or interest of any kind in or to the SunTrust
Marks, except the right to use the SunTrust Marks in accordance with this Agreement, and neither FMC nor FMER shall contest the validity of, or SunTrust’s title in and to, the SunTrust Marks. In the event of any changes to the SunTrust Marks, FMC and/or FMER shall promptly make necessary changes to the SunTrust Materials. Except as expressly permitted by this Agreement, neither FMC nor FMER shall have the right to, and nothing in this Agreement or any other signed and written agreement among the Parties shall be construed to give FMC or FMER the right to, and FMC and FMER shall not, other than the use of the SunTrust Marks in the specific manner as approved pursuant to the terms of this Agreement, use any marks, symbols, copyrights, logos, designs, representations, ideas or other proprietary designations or properties owned, developed, created by or licensed to SunTrust or any Affiliates of SunTrust, including the use of SunTrust Marks on or in conjunction with any goods or products of FMC or FMER not related to the Program or this Agreement. FMC shall bear the costs of all FMC Materials, whether or not such FMC Materials use SunTrust Marks. Neither of FMC nor FMER shall authorize use of, transfer, assign, lease or sub-license in whole or in part any SunTrust Marks without SunTrust’s prior written consent.
2.2 Sales Support and Restrictions on Marketing of the Program.
2.2.1 FMC shall develop and implement a strategy and plan to generate interest among Eligible Institutions in the FMC Sales States (as defined below) to participate in the Program. FMC and SunTrust agree that, except as otherwise approved by the other Party, such Party shall solicit interest from Eligible Institutions with respect to the Program only in the respective states set forth with respect to such Party on Schedule 1 to Exhibit E attached hereto (“FMC Sales States” and “SunTrust Sales States,” respectively). Each Party may solicit potential Applicants via direct mail, telephone solicitation, and the internet, but shall do so with respect to the Program only in the FMC Sales States and SunTrust Sales States, respectively, provided, however, that (a) with respect to solicitation through the internet, FMC and SunTrust may each satisfy its respective obligations pursuant to this subsection by using its commercially reasonable efforts to geoblock potential Applicants with Internet Protocol (IP) addresses associated with a location outside of their respective sales states, in each case to the extent that geoblocking is available with respect to IP addresses associated with such locations through the exercise of the commercially reasonable efforts of such Party, and (b) unsolicited Applicants may apply for Loans through either the FMC URI/URL or the SunTrust URI/URL. Notwithstanding the foregoing, each of the Parties may solicit potential Applicants with respect to the Program through the use of direct mail, telephone solicitation or internet to existing customers as of the Execution Date of such Party or an Affiliate thereof regardless of where such customers of such Party or its Affiliates may be located. Nothing in this Agreement shall be construed to restrict in any way any Party’s marketing and sales of other financial or educational loan products other than the Program.
In FMC Sales States, FMC shall interact directly with Eligible Institutions as set forth in Production Support Plan. FMC shall also:
(i) Where the “SunTrust” name is to be used in FMC Materials promoting the Program, consult with SunTrust on the preparation of such materials (including brochures, advertisements, mailings, announcements, and web site content) and comply with the provisions of Section 2.6 applicable to the approval of such materials by SunTrust and the preparation and use of such materials by FMC;
(ii) Submit a monthly status report that details FMC’s progress at Eligible Institutions;
(iii) Submit standardized request for proposals template language (and any changes to previously approved template language) to SunTrust for approval; and
(iv) Provide daily processing support for SunTrust staff and Eligible Institution support staff via a toll-free telephone number generally from 9:00 am to 8:00 pm EST or EDT, as applicable.
2.2.2. With respect to sales and promotional activities in SunTrust Sales States, FMC shall:
(i) Participate in meetings with Eligible Institutions as requested by SunTrust;
(ii) Contact Eligible Institutions to capture processing preferences upon request from SunTrust;
(iii) Handle Eligible Institution contacts with respect to product set-up, product detail, and time frames, as requested by SunTrust;
(iv) Attend internal SunTrust meetings as requested to conduct product training for SunTrust staff; and
(v) Where the “SunTrust” name is to be used in SunTrust Materials promoting the Program, if requested by SunTrust, consult with SunTrust on the preparation of such materials (including brochures, advertisements, mailings, announcements, and web site content).
2.2.3 With respect to national conferences (e.g., NASFAA) during the Term, FMC shall exhibit under its own name, and offer Collegiate Custom Choice materials at its booth at such conferences. In the event that a financial aid officer from an Eligible Institution located in a SunTrust Sales State requests information from a representative of FMC at FMC’s booth at such a conference, FMC will direct such request to SunTrust. If a financial aid officer from an Eligible Institution located in a FMC Sales State requests information from SunTrust, SunTrust will direct such request to FMC.
2.2.4 If during the Term FMC exhibits at a state specific conference in a SunTrust School Sales State or the regional SASFAA conference, FMC will not offer Collegiate Custom Choice materials at its booth, provided, however, that at EASFAA conferences, FMC shall offer Collegiate Custom Choice materials regardless of the state in which such EASFAA conferences are held.
2.2.5 With respect to the Program, FMC and SunTrust shall each respond to requests for proposals only from Eligible Institutions in the FMC Sales States and the SunTrust Sales States, respectively; provided, however, that with respect to requests for proposals received by any Party from any and all Eligible Institutions outside the FMC Sales States and the SunTrust Sales States, FMC or SunTrust may respond to such requests for proposals as mutually agreed by the Parties on a case-by-case basis. If the Parties cannot reach agreement about which Party will respond to such a request for proposal, then no Party shall respond to that request for proposal.
2.3 FMC Production Support Services Research; Ownership.
FMC may use the data collected in activities conducted pursuant to Section 2.2.1 (“FMC Production Support Services Activities”) to prepare deliverables, materials, ad copy, software, flowcharts, ideas, concepts, designs, and reports or other analyses with respect to the results of those FMC Production Support Services Activities (“FMC Production Support Services Work Product”), including reports or studies regarding marketing trends, the effectiveness of content and media and of techniques for utilizing each of these, provided, however, that such FMC Production Support Services Work Product does not include Consumer Information, which may be used to perform analysis but shall not be included in reports or studies except on an aggregated and de-identified basis. Such reports or studies may include comparative analyses of the capacity of experimental marketing techniques to reach customers not found through customary means (e.g., compare online responders to purchased target marketing direct mail lists). FMC may use FMC Production Support Services Work Product for any lawful purpose, including in support of other loan programs, during the Term and following termination of the Agreement. FMC may disclose FMC Production Support Services Work Product to SunTrust and SunTrust may use any FMC Production Support Services Work Product disclosed to it for any lawful purpose during the Term and following termination of the Agreement.
2.4 Ownership. All Applications and related Credit Agreements created under the Program and this Agreement for Applicants and Borrowers through the SunTrust URI/URL shall be owned by SunTrust and shall not constitute property of FMC. SunTrust hereby authorizes FMC as its agent, to the extent permitted by Requirements of Law, to use data collected from Applications and Loan inquiries to conduct activities under this Article 2, including, with respect to Applications and Loan inquiries received through
the FMC URI/URL, retaining sources of customer lists and comparing such lists with data obtained from partial or completed Applications, subject in all cases to the confidentiality and information security provisions of this Agreement and Requirements of Law; provided, however, FMC shall not use information obtained or derived from Applications through the FMC URI/URL to solicit individuals for financial services other than Loans under the Program Guidelines. It shall not be deemed to be a breach of the foregoing prohibition for FMC to undertake marketing and solicitation activities for any product or service directed to the general public or based on marketing lists derived from generally available data (such as credit bureau reporting data) or from any source other than SunTrust; provided, however, that during the Term and for three (3) years following the termination of this Agreement FMC shall not: (a) use such marketing lists obtained by FMC in performance of its obligations pursuant to this Agreement that are based on or derived from Applications sourced through the SunTrust URI/URL or (b) undertake marketing activities specifically or primarily targeted to Applicants in SunTrust Sales States.
2.5 Production Support Reports. In connection with the activities of SunTrust under this Agreement, SunTrust may provide to FMC quarterly, a report and analysis of the nature and effectiveness of its marketing activities under the Production Support Plan (the “Production Support Reports”). SunTrust may also develop from time to time various reports which may contain detailed metrics, including, those set forth in the Production Support Plan, analyses, studies and summaries of marketing results relating to its activities under the Production Support Plan.
2.6 FMC Materials. FMC covenants that it will cause all FMC Materials to comply with Requirements of Law and to fairly and accurately present Loans and the Program. FMC shall submit all FMC Materials to SunTrust for written approval prior to FMC’s use of the FMC Materials. SunTrust shall provide comments or approval on FMC Materials submitted to it within ten (10) Business Days of submission. To the extent that content templates are prepared, FMC may submit templates of FMC Materials to SunTrust for written approval, provided, however, FMC shall not use any final FMC Materials based on SunTrust-approved templates without SunTrust’s prior written consent. SunTrust shall be responsible for the compliance of FMC Materials with Requirements of Law to the extent, and only to the extent, of changes to such FMC Materials required by SunTrust. SunTrust may use FMC Materials upon FMC’s prior written consent.
2.7 Retention of Vendors by FMC and FMER.
2.7.1 In furtherance of its efforts to locate effective marketing channels for Loans, SunTrust may, by its prior written approval, authorize and direct FMC and/or FMER to select and retain one or more marketing firms to: (i) prepare content and strategies for mass marketing (such as television and radio) and direct marketing (such as telemarketing and web-based marketing) with respect to the Program (such vendors collectively “Advertising Firms”) and (ii) implement and administer all consumer contact in accordance with such content and strategies and applicable Requirements of Law (such vendors collectively, “Marketers”). Neither FMC nor FMER shall engage such Advertising Firms or Marketers as remarketers or as marketers of the Program under any product or brand name. FMC and/or FMER may enter into appropriate contracts with all Advertising Firms and Marketers; provided, however, FMC and/or FMER provide copies of such contracts to SunTrust within three (3) Business Days of receiving SunTrust’s written request. All marketing contracts shall comply with the Production Support Plan.
2.7.2 FMC and/or FMER shall not retain any Advertising Firm or Marketer, other than any Initial Vendors, without first providing to SunTrust at least ten (10) Business Days advance written notice of the identity, qualifications, and general proposed activities of such Advertising Firm or Marketer. SunTrust may reasonably object to the selection or continued use of any Advertising Firm or Marketer by providing written notice of SunTrust’s reasonable objection, in which case FMC and/or FMER shall be prohibited from using the proposed Advertising Firm or Marketer; provided, however, that if SunTrust objects to the continued use of any Advertising Firm or Marketer, FMC and/or FMER shall use
commercially reasonable efforts to use a different, previously approved Advertising Firm or Marketer to perform the work. If FMC and/or FMER is not able to use of a different, previously approved Advertising Firm or Marketer to perform the work, despite commercially reasonable efforts, FMC and/or FMER shall be required to terminate the use of any such Advertising Firm or Marketer only when permitted by the contract between such Advertising Firm or Marketer and FMC and/or FMER and only after the Parties have identified and mutually agreed upon a successor Advertising Firm or Marketer. If SunTrust does not respond to the notice from FMC or FMER with respect to such proposed Advertising Firm or Marketer within ten (10) Business Days, then contracting with such firm by FMC and/or FMER, directly or through subcontract, shall be deemed to have been approved by SunTrust.
2.7.3 In addition, subject to the next sentence of this Section 2.7.3, SunTrust authorizes FMC and/or FMER to retain from time to time one or more firms, directly or through subcontract, to provide ministerial services and production commodities in connection with services received from Advertising Firms and Marketers under this Agreement (“Commodity Vendors”), including the provision of media commodities, electronic provision of a web-hosting environment, printing, letter shop, data processing, broadcast production and editing services. Neither FMC nor FMER will retain, either directly or through subcontract, any Commodity Vendor to perform any of the Services hereunder who will receive Consumer Information without obtaining SunTrust’s approval pursuant to the requirements of this Section 2.7 above.
2.8 Eligible Institutions; Promotion of Program.
2.8.1 SunTrust and FMC shall on the Effective Date adopt the lists of post-secondary educational institutions in the Program Guidelines as Eligible Institutions. Additions to and removals from such lists shall be performed as set forth in the Program Guidelines. Loans made to Student Borrowers attending Additional Institutions shall not exceed [**] dollars ($[**]) in Disbursed Loan Amount (the “Volume Threshold”) unless, after the Volume Threshold is exceeded, Loans made to Student Borrowers attending Additional Institutions remain less than [**] percent ([**]%) of the Disbursed Loan Amount for the Program. On a monthly basis, FMC and Program Lender shall monitor the Disbursed Loan Amount to Student Borrowers attending Additional Institutions and if the Disbursed Loan Amount for Student Borrowers attending the Additional Institutions reaches [**] dollars ($[**]), the Parties shall confer in good faith regarding an adjustment to the Compensation Schedule with respect to Loans to be made in excess of the Volume Threshold to students enrolled at the Additional Institutions. If the Disbursed Loan Amount to Student Borrowers attending Additional Institutions exceeds the Volume Threshold and is greater than [**] percent ([**]%) of the Disbursed Loan Amount for the Program, and no agreement pursuant to the preceding sentence has been reached, then after such date such Applications will not be covered by the credit enhancement the provisions of Article 7. All Applications submitted for a credit inquiry by such date shall be processed in accordance with Section 18.4 of this Agreement notwithstanding the Volume Threshold.
2.8.2 FMC agrees that it shall not encourage consumers to apply for a Loan before exhausting other available forms of aid, including grants, scholarships and federally insured education loans recommended by the Eligible Institution, as applicable. FMC also shall use commercially reasonable efforts to ensure that Eligible Institutions do not encourage consumers to apply for a Loan before exhausting other available forms of aid, including grants, scholarships and federally insured education loans recommended by the Eligible Institution. FMC agrees and understands SunTrust will also promote all other available private student loan products and options offered by SunTrust in the SunTrust Sales States; provided, however, that SunTrust shall not present the Program as a loan program for borrowers with poor credit or those with no other loan options. Without limiting the foregoing, FMC acknowledges and understands that (i) SunTrust does not control which, if any, private student loan product offered by SunTrust is chosen by any Eligible Institution for inclusion on a preferred lender list, and (ii) Eligible Institutions may decide to choose only one SunTrust private student loan product for inclusion on a
preferred lender list in order to create a preferred lender list with at least the number of unaffiliated programs required by the Higher Education Opportunity Act of 2008 and its implementing regulations and other Requirements of Law.
2.9 Exclusivity. FMC agrees that, for the Term of this Agreement, it shall not design, facilitate or otherwise provide services for, or offer to design, facilitate or otherwise provide services for a Combination Program, except for the Program offered through this Agreement.
ARTICLE 3. LOAN PROCESSING SERVICES
3.1 Web Application; Credit Agreement.
3.1.1 FMER will use the forms of Credit Agreements approved by SunTrust and included in the Program Guidelines. SunTrust and FMER shall notify each other from time to time of recommended changes to the Credit Agreements, and each shall respond promptly to such notifications, noting the feasibility and desirability of such changes, as well as the implementation time needed to make such changes. After SunTrust and FMER have reviewed and negotiated the proposed changes to the Credit Agreements, the Parties shall agree on the written version of such negotiated changes, and FMER shall revise the Credit Agreement in accordance therewith. SunTrust represents and warrants that the forms of Credit Agreement comply, and as they may be modified from time to time with SunTrust’s approval for inclusion in the Program Guidelines, will comply, with the Program Guidelines and Requirements of Law. FMER represents that its use of such forms shall comply with this Agreement, the Program Guidelines and Requirements of Law.
3.1.2 FMER will use the Online Application System approved in writing by SunTrust. FMER represents, warrants and covenants that the content and operation of its Online Application System complies with this Agreement, the Program Guidelines and Requirements of Law; provided, however, that SunTrust represents, warrants and covenants that the content of the Online Application System complies with the Program Guidelines and Requirements of Law to the extent, and only to the extent, of content in such Online Application System that is specifically required by SunTrust. FMER shall accept Applications via both the SunTrust Website and the FMC Website. The FMC Website is the responsibility of FMC subject to the conditions set forth in this Agreement. The FMC Website shall comply with any requirements specified in this Section 3, the Program Guidelines, and Requirements of Law, and shall be subject to SunTrust’s approval. SunTrust represents, warrants and covenants that the content of the FMC Website complies with the Program Guidelines and Requirements of Law to the extent, and only to the extent, of content in such FMC Website that is specifically required by SunTrust.
3.2 Disclosures. The forms of state and federal disclosures, including application and solicitation disclosures, approval disclosures, final disclosures, and adverse action notices, must be approved in writing by SunTrust as set forth in the Program Guidelines. FMER represents, warrants and covenants that its use of such forms and disclosures, including mathematic calculations contained therein, shall comply with the Agreement, the Program Guidelines and all Requirements of Law. Notwithstanding anything in this Agreement or the Program Guidelines, FMC shall make the Application and Solicitation Disclosure available to potential Borrowers at the beginning of and during the entire Application process as directed by SunTrust. It is understood and agreed that the Application and Solicitation Disclosure must be viewed and acknowledged by potential Borrowers prior to the time such Borrower provides application information.
3.3 Privacy Notice. SunTrust will provide FMER and FMC with a web link to its online Privacy Notice which FMC will make available on both the FMC Website and each page of the Online Application System accessed via the FMC URI/URL; provided, however, that neither FMC nor FMER is responsible for the content of SunTrust’s Privacy Notice or its compliance with the requirements of any Requirements of Law, including the Gramm-Leach-Bliley Act or Regulation P. FMER shall include its
privacy statement in the Online Application System, and shall mail SunTrust’s initial privacy policy to each Borrower on the first Disbursement Date for such Borrower.
3.4 Additional Forms, Documents and Disclosures; Changes. Any documentation not set forth in this Section 3 or the Program Guidelines that SunTrust requires for the origination and processing of Applications will be identified and provided by SunTrust to FMC for FMER and/or FMC’s use. SunTrust represents, warrants and covenants that any such form provided to FMC and/or FMER and any instructions with respect thereto shall comply with the Agreement, the Program Guidelines and Requirements of Law. In the event FMER and/or FMC determines changes should be made to the Program Guidelines or any documentation contained therein, FMER and/or FMC, as applicable, shall not implement such changes without SunTrust’s prior written consent. If SunTrust agrees with FMC’s recommendations, they shall be acknowledged by each of the Parties in writing approving such recommendations, and they shall be implemented as soon as reasonably practicable. Within twenty (20) Business Days of receiving a request from SunTrust to make changes to either the Program Guidelines or the documentation contained therein (other than changes to the Pricing Schedule, which shall instead be subject to Section 3.7 of this Agreement), FMER and/or FMC will provide in writing a response with a statement of FMER’s and/or FMC’s ability to implement the change to deliver the requested services and the terms and conditions on which FMER and/or FMC would be willing to do so. In the event SunTrust elects to authorize such services on the terms and conditions set forth in FMER’s and/or FMC’s response, SunTrust will, within twenty (20) Business Days of its receipt of FMER’s and/or FMC’s response, respond to FMC and/or FMER by executing and returning a change order to FMER and/or FMC reflecting the agreed upon terms and conditions relating to such Services. Such change in Services as agreed to by the Parties shall be incorporated into a new or restated Exhibit to this Agreement or as an addendum to the Program Guidelines, which shall be signed by duly authorized representatives of the applicable Parties.
3.5 Credit Bureau Requests. Simultaneously with the execution of and as a condition of FMC’s and FMER’s obligations under this Agreement, SunTrust shall execute a TransUnion Addendum in the form substantially similar to the attached Exhibit C hereto authorizing FMER to make credit inquiries on SunTrust’s behalf solely for purposes of this Program as permitted by Requirements of Law and the Program Guidelines.
3.6 Application Receipt and Review.
3.6.1 Upon receipt of an Application for review from an Applicant, FMER will review the data for completeness according to the eligibility standards in the Program Guidelines. If any necessary data are outstanding, FMER will use commercially reasonable efforts to secure such data from the Applicant on behalf of SunTrust as required by the Program Guidelines. After receipt of complete data relating to a particular Applicant, FMER will review such data and, on a preliminary basis, apply the standards in the Program Guidelines with respect to loan underwriting and determine whether the Applicant is credit approved for a Loan in accordance with the Program Guidelines. FMER shall adhere to minimum custom credit and FICO scores and credit tiers as set forth in the Program Guidelines.
Application review shall initially be conducted using FMER’s automated Online Application System. If any part of the Application process cannot be conducted on an automated basis by the Online Application System, but instead must be performed manually, such manual performance shall not cause unnecessary delay and the performance of any such manual process shall be completed in accordance with the service standards set forth in the Program Guidelines.
3.6.1.1 Applicant Liaison. FMER will respond promptly to all inquiries that it or SunTrust may receive from any Applicant concerning the status of an Application. SunTrust will promptly forward to FMER Application status inquiries from Applicants that SunTrust receives.
3.6.1.2 Rejection of an Application. If an Application is rejected or denied by FMER on behalf of SunTrust, FMER will so notify the Applicant in accordance with Requirements of Law and the Program Guidelines.
3.6.1.3 Credit Approval of an Application; Preliminary Approval; Approval Disclosure. If an Application is credit approved by FMER on behalf of SunTrust, FMER will provide the Applicant one or more repayment schedules, interest rates, or other Loan options dependent on the Applicant’s eligibility. After the Applicant has selected a Loan option, FMER will generate and provide a Credit Agreement to the Applicant, along with a notice that the Applicant has passed the credit check, and (b) appropriate instructions for completion of the Application process. Credit Agreements and instructions will be provided to the Applicant by access to a secure internet site or by U.S. mail. To the extent authorized by the Program Guidelines, FMER will provide the Applicant the ability to electronically review, sign and return the Credit Agreement to FMER. To the extent required by the Program Guidelines, FMER will communicate with the applicable Eligible Institution in order to obtain the Eligible Institution’s certification of enrollment and financial need.
3.6.2 Final Approval of an Application. Upon receipt of the Credit Agreement and other requested information from an Applicant who has received credit approval under Section 3.6.1, FMER will perform the following functions and SunTrust will assist as indicated:
3.6.2.1 Document Review. FMER will review the Credit Agreement and any supporting documentation required by the Program Guidelines and ensure that the Credit Agreement has been executed in the name of all Applicants. If any necessary data, signature(s), forms or other information are outstanding, FMER will use commercially reasonable efforts to secure such missing data, signatures, forms or other information on behalf of SunTrust from the Applicant or the applicable Eligible Institution as required. FMER will use commercially reasonable efforts to inquire of the Applicant as to all missing data promptly after receipt of the incomplete Application. In processing Applications, FMER’s policies will comply with SunTrust’s Customer Identification Program, Red Flags Program, OFAC Program, and Address Mismatch Program and any other regulatory programs as required under this Agreement and the Requirements of Law. Upon receipt of complete Application data, including certification of enrollment and need by the Eligible Institution, FMER will continue processing the Application hereunder.
3.6.2.2 Final Review. When FMER has possession of all necessary data and documentation relating to particular Applicant(s), FMER will conduct a final review to confirm that the Applicant(s) is approved for a Loan in accordance with the standards and processes contained in the Program Guidelines.
3.6.2.3 Approval; Denial. After completion of the final review, FMER will, on behalf of SunTrust, approve or deny the Application. Such decision will be made solely in accordance with the Program Guidelines and any other SunTrust instructions that are not inconsistent therewith and comply with Requirements of Law. SunTrust covenants, represents, and warrants that such instructions comply with this Agreement, the Program Guidelines, and Requirements of Law. For approved Applications, FMER shall prepare and provide an Approval Disclosure to the Applicant(s). After delivery of the Approval Disclosure, FMER shall not make any changes to the Application or proposed Loan terms, except as permitted by Requirements of Law or the Program Guidelines, and shall allow the Applicant to accept the Loan within the time period prescribed under Requirements of Law and the Program Guidelines. After the Applicant(s) have accepted the Approval Disclosure using one of the methods set forth therein, FMER, on behalf of SunTrust, will notify and send to the Applicant the Final Disclosure in accordance with all Requirements of Law. FMER shall not disburse funds until the expiration of the right to cancel,
as required under Requirements of Law. Cancellation shall be effective as set forth in the Program Guidelines. In the case of denial of an Application, FMER will so notify the Applicant in accordance with Requirements of Law (which, for the avoidance of doubt, shall include the Equal Credit Opportunity Act and the Fair Credit Reporting Act).
3.6.3 Fulfillment and Disbursement of Approved Loans.
3.6.3.1 FMER shall populate and distribute the Truth-in-Lending Disclosure Statements in accordance with Requirements of Law and the Program Guidelines.
3.6.3.2 By 12:00 p.m. eastern standard or daylight time, as applicable, on the Roster Date for each Loan, FMER will provide SunTrust with a disbursement roster detailing all Loans scheduled for disbursement. SunTrust will fund each Loan on the disbursement roster by depositing in the SunTrust Disbursement Account by no later than 11:59 p.m. eastern standard or daylight time, as applicable, on the Roster Date, an amount equal to the sum to be disbursed for the Loans on the disbursement roster. SunTrust hereby authorizes FMER to access such account by automated clearinghouse (“ACH”) debit to transfer the disbursement funds to the FMER Funding Account and complete the disbursement of the Loan on the Disbursement Date. SunTrust understands that FMER intends to disburse Loan proceeds from the FMER Funding Account as frequently as necessary to accommodate the funding needs of Borrowers and Eligible Institutions, including as frequently as daily. SunTrust agrees to fund the SunTrust Disbursement Account as often as necessary to facilitate such frequent disbursements. Provided that adequate funds are transferred by SunTrust to the SunTrust Disbursement Account, FMER will complete disbursement of the Loans on the Disbursement Date by electronic funds transfer to the applicable Eligible Institution or by check written in accordance with the Program Guidelines. If the Borrower cancels or withdraws his or her Application or cancels the Loan within the time permitted for cancellation under the Program Guidelines, Requirements of Law or the Credit Agreement, FMER, as SunTrust’s agent, will immediately process the cancellation by (a) requesting repayment of any funds disbursed on the canceled Loan from the Borrower and the applicable Eligible Institution, and (b) remitting such collected amounts to the Servicer for the benefit of SunTrust. In the event the Borrower or Eligible Institution returns the funds to FMER, FMER shall remit the funds to Servicer to process the cancellation for the benefit of SunTrust. Subsequent disbursements with respect to any Loan may be canceled as set forth in the Program Guidelines.
3.6.3.3 FMER shall provide online and facsimile methods of certification for Eligible Institutions. SunTrust hereby authorizes FMER, on SunTrust’s behalf and as SunTrust’s agent, to disburse funds under this Agreement utilizing the systems operated by the ELM National Disbursement Network, Great Lakes Central Disbursing System, disbursement services offered by Texas Guaranteed Student Loan Corporation, Pennsylvania Higher Education Assistance Authority / American Education Services or any other funds disbursement agent as the Parties may agree to from time to time (collectively, the “CDAs”). As SunTrust’s agent, FMER shall operate pursuant to future agreements and/or amendments to existing agreements between SunTrust and the CDAs, copies of which shall be provided to FMER no more than ten (10) Business Days after execution. FMER is authorized to follow all rules and procedures required by the CDA systems. Any action undertaken by FMER in conformity with the CDA systems will be deemed to be in accordance with the Program Guidelines and the Agreement to the extent set forth therein. The Parties agree to share equally and pay equal amounts required to pay the disbursement charges and any other charges associated with the CDAs as the CDAs set those fees on a monthly basis based on SunTrust’s membership status.
3.7 Pricing Schedule. SunTrust may revise the Pricing Schedule set forth in the Program Guidelines from time to time upon [**] Business Days prior written notice to FMC; provided, however, that
SunTrust agrees that any such change made by it shall be commercially reasonable, in accordance with the representation and warranty made in Section 8.2.3 of this Agreement, and with respect to Fixed Rate Loans, based on market conditions or fluctuations in the cost of certain financial instruments. Unless otherwise agreed by SunTrust and FMC in writing, changes in the Pricing Schedule shall be effective for and applied only to Applications submitted for a credit check after the effective date of such changes, and not to Applications for which a credit check has already been completed.
3.8 Performance of Regulatory Programs.
3.8.1 OFAC Check. FMER agrees that, in regards to all Services provided to SunTrust, it will perform all necessary actions to ensure that FMER and SunTrust are both in, and remain in, compliance with all applicable Executive Orders, laws, rules, regulations and sanctions administered, enforced or implemented by the United States Treasury Department’s Office of Foreign Assets Control (“OFAC”) or any other Governmental Authority’s rules, regulations and sanctions related to foreign asset control (collectively, the “Sanctions”). As part of its obligations, FMER will perform, prior to originating any Loan, all necessary reviewing and scanning of an Applicant against the List of Specially Designated Nationals and Blocked Persons administered by OFAC. If originating a Loan would violate any of the Sanctions, FMER agrees to not originate any such Loan. If FMER becomes aware that the name of an Applicant is potentially or actually the subject of one or more Sanctions, FMER will promptly notify SunTrust of such a fact by following the notification provisions provided in Section 19.1 below, the Program Guidelines, and the Servicing Guidelines, and FMER will provide SunTrust with any requested information and documentation related to any such violation or potential violation. At the request of SunTrust, FMER shall provide SunTrust with a data file or report with information regarding all or a selected group of Loans that have been applied for or established, as well as any other data and information reasonably requested by SunTrust. Such a data file or report will contain the requested information in a form, format and at intervals reasonably requested by SunTrust.
3.8.2 Employee Check. All FMER employees performing services or supporting FMER activities under this Agreement, regardless of their location, shall be validated by FMER to not be on any list published and maintained by the United States government of Persons with whom any U.S. Person is prohibited from conducting business. Currently, the lists of such Persons can be found on the following web sites:
(i) Denied Persons List on the Bureau of Industry and Security at http://www.bis.doc.gov/dpl/Default.shtm.
(ii) The Specially Designated Nationals and Blocked Persons List of the Office of Foreign Assets Control — Department of Treasury at http://www.treas.gov/offices/enforcement/ofac/sdn/.
(iii) Office of Foreign Assets Control — Recent OFAC Actions http://www.treas.gov/offices/enforcement/ofac/actions/.
(iv) Palestinian Legislative Council (PLC) List http://www.treas.gov/offices/enforcement/ofac/programs/terror/ns/index.shtml.
FMER shall conduct periodic reviews, no less frequently than quarterly, of the lists mentioned above. FMER shall report to SunTrust immediately if the name of any FMER employee performing the services matches with the name of any Person listed on any list published by the United States government of Persons with whom any U.S. Person is prohibited from doing business. FMER shall mandate that each Subcontractor shall validate that its own employees are not on the lists referred to above.
3.8.3 FACT Act. Subject to Sections 3.6.2.1 and 3.8.5 of this Agreement, FMER shall perform its obligations under this Agreement in conformity with the requirements imposed on SunTrust as a user and furnisher of consumer report information under the Fair and Accurate Credit Transactions Act of
2003 and all regulations issued pursuant thereto, including proper responses to fraud alerts, active duty alerts, red flags, and address mismatch notices that are included in any consumer report obtained in connection with the origination of a Loan and timely and lawful forwarding to SunTrust of any identity theft report received from any Applicant.
3.8.4 Suspicious Activity Reporting. FMER agrees that on behalf of SunTrust, it will monitor for any potential or actual suspicious activity detected regarding any Services that FMER performs on behalf of SunTrust, including any potential or actual suspicious activity which is committed by Applicants or Borrowers. Such suspicious activity includes any potential or actual activity or transaction that would require SunTrust to file a Suspicious Activity Report as described in the USA PATRIOT Act or 12 C.F.R. § 208.62 (“USA PATRIOT Act”) or other activity which involves fraud, violations of federal, state or local law or which appears to have no legitimate purpose. If FMER becomes aware of any potential or actual suspicious activity, FMER will promptly, and in all cases within seventy-two (72) hours, notify SunTrust’s Consumer Lending Operations Department of the precise nature of any such activity and provide SunTrust with any information and documents concerning the matter. Further, FMER agrees to reasonably cooperate with SunTrust and to provide SunTrust with any additional information and documentation requested regarding any investigation of potential or actual suspicious activity. The contact in the SunTrust’s Consumer Lending Operations Department is Ms. Debra Hendricks, whose contact information is: Telephone: (804) 319-1533, Fax: (877) 862-8494, E-Mail: debra.hendricks@suntrust.com. SunTrust may change its contact in its Consumer Lending Operations Department at any time by written notice to FMC and FMER that meets the requirements of Section 19.1.
3.8.5 Customer Identification Program. FMER agrees that prior to establishing any Loan in the name of SunTrust, it will perform all aspects of SunTrust’s Customer Identification Program, as indicated below, and which may be amended from time to time by SunTrust on thirty (30) days written notice to FMER.
3.8.5.1 Applicant Notice. FMER agrees that Applicants will be provided notice that FMER is requesting information about them on behalf of SunTrust to verify their identities as required by Federal law. FMER may use any verbal or written means of such notification which is reasonably designed to provide such notice to Applicants before the issuance of a Loan, including, but not limited to, one or more of the following:
· Verbal notification to the Applicant
· Notice on Application form or other documents being provided to an Applicant
· Notice on a website or other promotional items or SunTrust Materials
Upon request by SunTrust, FMER will provide SunTrust with a copy and description of any methods of notice used.
3.8.5.2 Collection of Applicant Information. FMER will collect and record the following information from each Applicant prior to the initial disbursement of any Loan (the “Applicant Information”):
· Name
· Date of Birth
· Physical Address (which includes a residential or business street address or if the individual does not have such an address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, the residential or business street address of next of kin or of another contact individual, or a description of the customer’s physical location)
· For a United States person, a Taxpayer Identification Number (or evidence of application for one) and for a non-United States person, one or more of the following: a Taxpayer Identification Number, a passport number and country of issuance, an alien identification card number, or a number and country of issuance of any other unexpired government-issued document evidencing nationality or residence which bears a photograph or similar safeguard
3.8.5.3 Applicant Identity Verification and Recordation. FMER will verify the accuracy of the Applicant Information through either a documentary method or a non-documentary method. Under either method, FMER will record how such verification was done and the results of such verification.
· Documentary methods of verifying the Applicant Information include reviewing and recording one or more of the following types of unexpired identification: driver’s license; passport; state identification card; armed forced identification card; alien identification card; marticula consular card; instituto federal electoral identification; cedula de identidad identification; diplomatic identification; or diplomatic driver’s license. The recording of such verification will include recording the type of identification reviewed, the number of such identification, the place of issuance, the date of issuance and the date of expiration (if any) of such identification.
· Non-documentary methods of verifying the Applicant Information include comparing the information with information obtained in advance from a consumer or credit reporting agency, Lexis/Nexis, TrustedID, or if verification cannot be obtained through those methods, verification may be obtained from the certification of the Loan by the Eligible Institution.
3.8.5.4 Addressing Inconsistencies. After collecting and attempting to verify the Applicant Information, FMER will attempt to resolve any inconsistencies in information. If any such inconsistencies cannot be resolved with a reasonable explanation and verification, FMER will not further process or close any Loan for the Applicant. Further, FMER will notify SunTrust of the inconsistency for possible further investigation. FMER agrees to fully cooperate with SunTrust in any such investigation.
3.8.5.5 Comparison with Government Lists. As required by the USA PATRIOT Act and its implementing regulations, FMER will verify that an Applicant is not included on any lists of known or suspected terrorists or terrorist organizations issued by the United States government. If an Applicant is included on any such lists, FMER will not establish a Loan for the Applicant and will immediately notify SunTrust of such a fact.
3.8.5.6 Access to and Maintaining of Records. FMER agrees to allow SunTrust access to any records maintained regarding the Applicant Information and its verification. Such access will include allowing access at SunTrust’s request and direction to any individual or entity that is performing tests, audits or exams of, for or on behalf of SunTrust. FMER agrees to maintain all records of Applicant Information along with any Loan documentation it retains (or any copies thereof) for at least seven (7) years from either the time the Loan is repaid and closed or the Loan is sold by SunTrust to a third party and to keep records of the verification of the Applicant Information for at least seven (7) years from the date of such verification.
3.9 Transfer to Servicing System. Within [**] Business Days following the first disbursement of each Loan, FMER will forward to the Servicer a copy of the original Credit Agreement, along with a complete copy of the Truth in Lending Disclosure Statements (other than the Application and Solicitation Disclosure), Student Borrower self-certification, income verification, enrollment verification/certification
by the Eligible Institution, missing information notices, and correspondence and information received from the Applicant(s) except for verification documentation received pursuant to Section 3.8.5. FMER will cooperate with SunTrust or Servicer in transferring all additional information necessary to service such Loan. FMER will be responsible for the safe maintenance of Loan documentation as set forth in Section 12.2 of this Agreement.
3.10 Loan Origination Data.
3.10.1 Notwithstanding any other provision of the Agreement, SunTrust hereby authorizes FMER to retain and use records of applicable data and information relating to Borrowers received under this Agreement, in identified form, for the limited purpose of calculating cumulative education debt, annual loan limits and Program limits with respect to the Borrower, and to provide Program Support Services set forth in this Agreement.
3.10.2 Notwithstanding the foregoing or any other provision of this Agreement to the contrary, FMER may retain and use records of data and information relating to Applicants and Borrowers received under this Agreement, in identified form, for the limited purpose of identifying red flags or indications of identity theft or other fraud (“Fraud Database Data”). If SunTrust’s education loan applications have previously been processed by FMER prior to the date of this Agreement (in FMER’s capacity as either agent for SunTrust or subcontractor of SunTrust’s agent), SunTrust hereby authorizes the use of historic records of application data and information relating to applicants and borrowers received under such agreement, in identified form, by FMER for the limited purposes set forth in the preceding sentence. SunTrust hereby authorizes FMER to disclose the Fraud Database Data to its Affiliates, and to use records of application data and information in FMER’s possession relating to any of SunTrust’s historic education loan applications, for the limited purposes set forth above.
3.11 Reports. FMER will provide to SunTrust the “Datamart” report as set forth in Exhibit A on each Business Day. All such reports, transmittals, records or data files required, maintained or provided by FMER hereunder shall be accurate in all material respects, and SunTrust shall have the right to rely thereon. Additional reports, including reports for SunTrust’s use in connection with regulatory matters, may be prepared by FMER as may be mutually agreed by the Parties.
3.12 Subcontractors. FMER or FMC may retain Subcontractors to provide customer service and ministerial services in connection with its performance of Loan Processing Services, provided, however, that any such Subcontractors other than the Initial Vendors must be approved by SunTrust in accordance with the procedure set forth for Advertising Firms and Marketers in Section 2.7.2.
ARTICLE 4. PROGRAM SUPPORT SERVICES
4.1 Program Analytics and Development.
4.1.1 No later than fifteen (15) days after the end of each calendar month, FMC shall review the Pools on an aggregate basis and present such findings to SunTrust regarding product reconfigurations including, but not limited to, the following categories: pricing, tier construction, repayment options, repayment terms, and the list of Eligible Institutions in the Program Guidelines. The Parties may recommend changes to the Program based on such review. If the Parties agree with the other Party’s recommendations and proposed changes to the Program, each Party shall approve such recommendations by executing revised Program Guidelines or another revised Exhibit hereto, as appropriate, which revised Exhibit shall be deemed to be a part of this Agreement upon execution, and any changes pursuant to such revised Exhibit shall be implemented as soon as reasonably practicable, or upon the effective date provided in the applicable revised Exhibit. If the Parties do not agree on the recommended changes within ten (10) Business Days of the applicable request, the Parties shall confer in good faith about the proposed changes. If the Parties cannot agree on such changes within thirty (30) days after the date a Party first delivered recommendations to the other Parties, then any Party may, by notice to the other
Parties delivered no later than thirty (30) days after the expiration of such thirty (30) day period during which changes could not be agreed, terminate this Agreement on fifteen (15) days’ written notice to the other Parties, subject to Section 18.1 and Section 18.3 hereof. Notwithstanding the foregoing, changes to the Pricing Schedule shall be subject to Section 3.7 and not to this Section 4.1.1.
4.1.2 FMC shall assist SunTrust with the initial and ongoing administration of the Program by providing Program analytics and portfolio performance reporting on the Pools. FMC shall provide a key metrics report monthly, containing the information set forth in Schedule 1 to Exhibit D or as otherwise agreed to in writing by the Parties; provided however, that FMC shall not be required to deliver such report more frequently than weekly. To support this service, SunTrust will provide or cause to be provided to FMC accurate and complete origination and servicing information periodically as reasonably requested by FMC, including the amount of paid and unpaid principal and accrued interest with respect to each Loan, and payment status, together with the information contained in the data requirements set forth in this Agreement. FMC may create, use and disclose, in any manner reasonably necessary, any data, or statistical abstracts of data, from Borrowers as long as all information which identifies, or which reasonably could be used to identify Borrowers has been removed. FMC and SunTrust shall participate in monthly conference calls to review portfolio performance, and the Parties shall discuss whether to implement changes to the Program Guidelines. As a result of its analysis of Loan data and performance metrics, FMC may also provide SunTrust additional services such as Borrower retention strategies and prepayment mitigation strategies, as agreed to in writing from time to time.
4.1.3 FMC shall provide Services under this Section 4.1 in good faith and in accordance with the same standard of care, judgment and conduct as would be used by a reasonable and prudent professional providing such Services. FMC EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING OR RELATING TO FORWARD-LOOKING PORTFOLIO METRICS AND OTHER PREDICTIVE MEASURES, DOCUMENTS, MATERIALS, ANALYSES, AND STATEMENTS IT PROVIDES TO SUNTRUST (COLLECTIVELY, “FORWARD-LOOKING MATERIALS”). WITH RESPECT TO THE FORWARD-LOOKING MATERIALS, FMC (A) SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTY ARISING UNDER STATUTE OR OTHERWISE IN LAW OR FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OR TRADE PRACTICE; AND (B) DOES NOT WARRANT, GUARANTEE, OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THE FORWARD-LOOKING MATERIALS IN TERMS OF CORRECTNESS, QUALITY, ACCURACY OR RELIABILITY.
4.2 Post-Disbursement Loan Servicing. FMC shall perform its obligations to SunTrust as Portfolio Administrator, as defined and more fully set forth in the Servicing Agreement.
4.3 Loan Sale; Right of First Refusal.
4.3.1 SunTrust agrees, in consideration of FMC’s undertakings pursuant to this Agreement, that if SunTrust seeks or offers to sell, transfer, or assign one or more Loans to any Person other than one of its Affiliates, SunTrust shall notify FMC of any such proposed sale, transfer, or assignment, and invite FMC and its Affiliates to participate as a potential purchaser in any bid process in connection therewith. If SunTrust receives any bona fide third-party written offer to purchase such Loan(s) outside of a bid process initiated by SunTrust (“Third-Party Offers”), SunTrust shall, prior to accepting any Third-Party Offer, provide a copy of same to FMC, and FMC (or an entity affiliated with or sponsored by FMC) shall have the sole and exclusive right to notify SunTrust within [**] Business Days that it will purchase such Loan(s) on the terms of the Third-Party Offer. If, within [**] Business Days after receipt of the Third-Party Offer from SunTrust, FMC (or an entity affiliated with or sponsored by FMC) notifies SunTrust that it declines to purchase, or fails to notify SunTrust that it (or an entity affiliated with or sponsored by it) will purchase such Loan(s) on the terms of the Third-Party Offer, SunTrust shall within its sole discretion
be entitled to sell such Loan(s) to that third party, in whole or in part, for its own account on the terms of the Third-Party Offer free and clear of any claim under this Agreement.
4.3.2 SunTrust shall not, without the express written consent of FMC, transfer, sell, or assign any Loan to an entity that has no function other than to hold the Loans, or a “variable interest entity”, within the meaning of Accounting Standards Codification, 810-10, Consolidation (ASC 810-10).
4.3.3 The funds in the Participation Account (including ongoing rights and obligations related to Recoveries) shall accompany any transfer, sale or securitization of Loans and be available for the transferee under the terms of this Agreement if the rights of FMC and FMER to perform Services related to such Loans and receive compensation for such Services under the terms of this Agreement are also transferred.
4.4 Portfolio Management Services Generally.
4.4.1 SunTrust hereby retains FMER to perform Portfolio Management Services. FMER shall develop default prevention and collection strategies and customized Borrower treatment streams to minimize credit losses. Upon SunTrust’s written request and approval, activities may include:
(a) education of Borrower and Cosigner about Loan responsibilities both in writing and through calls in preparation for repayment;
(b) multi-channel (mail and outbound calling) contact strategies; or
(c) development and optimization of tools (payment plans, forbearance, payment vehicles, etc.) tailored to SunTrust needs.
In carrying out its duties with respect to the Portfolio Management Services and subject to Section 4.6 and FMER’s indemnification obligations set forth herein, FMER may retain and employ Subcontractors as provided herein.
4.4.2 Nothing in this Agreement shall be construed to require or permit FMER to undertake direct or indirect collection activities with respect to Borrowers or other consumer obligors, it being the intent of the Parties that consumer-facing collection activities be conducted by Subcontractors primarily engaged in the business of collecting consumer debts for third parties.
4.4.3 SunTrust shall cause Servicer to provide to FMER (a) consumer file data in the manner and form described in Section 4.9.1, and (b) view-only access to Borrower Loan accounts on Servicer’s system.
4.5 Early Awareness Services. FMER shall perform the early awareness services as described in this Section (“Early Awareness Services”).
4.5.1 Early Awareness Services consist of activities intended to alert Borrowers who are approaching the end of their Eligible Institution enrollment, or are no longer enrolled but not yet in repayment, to their repayment obligations, available borrower benefits (such as ACH automatic payments) and contact information for Servicer. An additional objective of the Early Awareness Services shall be to educate Borrowers of upcoming payment requirements and advise Borrowers, if appropriate under the circumstances, of the existence of deferment, forbearance and modified graduated repayments (MGRS) alternatives under Program Guidelines then in effect, to reduce the number and percentage of Borrowers becoming subsequently delinquent in the repayment process. Early Awareness Services include both telephonic and mail contacts, as well as address verification and skip tracing; provided, however, Early Awareness Services shall not include any activity that is prohibited by Requirements of Law, as determined by SunTrust in its sole discretion.
4.5.2 Subject to Section 4.6 and FMER’s indemnification obligations set forth herein, FMER may retain the Servicer and licensed, third party Subcontractors to perform Early Awareness Services as
described in this Section. Subcontractors shall perform Early Awareness Services in compliance with all Requirements of Law and this Agreement.
4.5.3 FMER shall oversee the results of operations of Subcontractors and shall be responsible for all activities performed by Subcontractors.
4.6 Default Prevention Services. FMER shall provide Default Prevention Services as described in this Section 4.6 (“Default Prevention Services”).
4.6.1 FMER shall retain and be responsible for licensed, third party Subcontractors who are Approved Collectors to perform Default Prevention Services. FMER shall ensure Subcontractors perform Default Prevention Services in compliance with all Requirements of Law and this Agreement. FMER shall manage Subcontractors in order to minimize losses from those categories of Delinquent Loans for which SunTrust and FMER agree from time to time that Default Prevention Services will be performed (i.e., Loans at or beyond a specified stage of delinquency). Such tactics shall be undertaken in order to incent Borrowers who are past due but with respect to whom Servicer has not yet submitted a “Default Notification” (as defined in the Servicing Guidelines) to SunTrust to become current. FMER shall require Subcontractors to provide dedicated staff to make outbound calls related to past due accounts referred by FMER and receive inbound calls resulting from Subcontractor’s efforts. FMER also shall require Subcontractors to draft and mail letters and conduct other activities reasonably calculated to minimize losses from Delinquent Loans. Default Prevention Services include both telephonic and mail contacts, as well as address verification and skip tracing; provided, however, Default Prevention Services shall not include any activity that is prohibited by Requirements of Law, as determined by SunTrust in its sole discretion.
4.6.2 FMER shall use commercially reasonable efforts to maximize collections in connection with the operations of Subcontractors.
4.6.3 Notwithstanding anything to the contrary herein or in the Program Guidelines or Servicing Agreement, and regardless of the length of the delinquency of any Loan, in no event shall FMER and the applicable Subcontractors continue the Default Prevention Services with respect to each applicable Loan past the date a default notification is submitted with respect to such Loan in accordance with the Servicing Guidelines.
4.6.4 Loan Payments. Except as set forth in this Section 4.6.4, neither FMER nor any Subcontractor shall solicit payments directly to FMER or the Subcontractor from any Borrower or any other Person with respect to a Delinquent Loan, or accept payments from any Borrower or any other Person with respect to a Delinquent Loan. Subcontractors shall direct Borrowers and any other Persons making payments on behalf of a Borrower with respect to a Loan to make such payments directly to Servicer or may (i) receive payments by electronic check or other electronic means and post such payments directly to Servicer’s payment system of record, such that the Subcontractor shall have processed the payment on behalf of SunTrust but will not itself have received the payment funds, or (ii) process payments as an ACH transmission whereby entries are initiated by the Subcontractor to the Automated Clearinghouse through the rules and guidelines established by the National Automated Clearinghouse Association as in effect from time to time. The Parties also acknowledge and agree that a Subcontractor may facilitate payments to Servicer by taking information from a Borrower or other Person necessary to effectuate such payments, and forwarding such information to Servicer. This Section 4.6.4 shall not affect the ability of Approved Collectors to forward Borrower payments.
4.7 Subcontractors. FMC and/or FMER may utilize the services of the Subcontractors listed in Schedule 2 to Exhibit D in the performance of FMC’s and/or FMER’s Services, provided that: (a) FMC and/or FMER take commercially reasonable due diligence measures before engaging such Subcontractor, and on at least an annual basis thereafter, (b) FMC and FMER will remain liable for all responsibilities and obligations of FMC and/or FMER under the terms and conditions of this Agreement, even if some of
such responsibilities and obligations are performed by FMC’s or FMER’s Subcontractors; and (c) FMC and/or FMER enters into a written Agreement with any such Subcontractor that requires the Subcontractor to abide by the terms and conditions of this Agreement, including Requirements of Law, that are applicable to FMC and/or FMER, as applicable. FMC and FMER will pay, and hereby accept full and exclusive liability for the payment of, any and all contributions and taxes for unemployment compensation, disability insurance, old age pension, or annuities, and all similar provisions now or hereafter imposed by any Governmental Authority, which are imposed with respect to or measured by wages, salaries, or other compensation paid by FMC and/or FMER to its Personnel; provided, however, that with respect to Subcontractors, the foregoing obligates FMC and/or FMER to compensate Subcontractor Personnel only as between SunTrust, on the one hand, and FMC and/or FMER, on the other hand. Nothing in this Agreement shall obligate SunTrust to compensate Personnel, including Personnel of Subcontractors.
4.8 Special Accounts.
4.8.1 Bankruptcy. In the event any Borrower becomes a debtor under the U.S. Bankruptcy Code, FMER shall accept from Servicer the documentation specified under “Bankruptcy Notification” set forth in the Servicing Guidelines and file necessary proofs of claim and other documents required to preserve the SunTrust’s interests in the subject Loan. FMER shall promptly forward to SunTrust any notice of an adversary proceeding received by it with respect to any Loan other than a Charged Off Loan, and SunTrust shall be responsible for the management and defense of such proceeding.
4.8.2 Deceased. With respect to any Loan other than a Charged Off Loan, in the event any Borrower subject to the Portfolio Management Services is deceased, FMER shall be obligated to perform the applicable activities required under this Agreement, the Program Guidelines and the Servicing Agreement related to such deceased person.
4.8.3 Fraud. With respect to any Application or Loan for which fraud or identity theft is alleged, FMER shall assist SunTrust by promptly performing its obligations and services required under the terms of this Agreement, the Program Guidelines and the Servicing Agreement.
4.8.4 Complaints and Requests for Information. In addition to any requirements set forth in the Program Guidelines and the Servicing Agreement, FMER will immediately notify SunTrust regarding any written consumer complaint that it receives relating to the Services performed under this Agreement, and shall forward a copy of the complaint to SunTrust. FMER shall not respond to any complaint or request for information on SunTrust’s behalf without prior written approval of such response and attachments, if any.
4.8.5 Court Orders and Litigation. In addition to the requirements in the Program Guidelines and the Servicing Agreement, FMC and/or FMER shall promptly notify SunTrust upon receipt of any subpoenas to forward documents, testify in court proceedings or otherwise provide evidence with respect to its performance of any Services hereunder, and respond to such subpoenas. FMC and/or FMER shall provide a copy of such responses, if applicable and if permitted by Requirements of Law, to SunTrust. FMC and/or FMER shall promptly notify SunTrust upon receipt of any subpoenas to forward documents, testify in court proceedings or otherwise provide evidence where SunTrust is the addressee or named recipient.
4.9 Servicer Data to be Delivered for Program Support Services
4.9.1 Data Requirements:
4.9.1.1 On a daily basis, SunTrust shall, through the Servicer, provide the following data to FMC, along with other data reasonably requested from time to time and necessary for the performance of the Services:
· Default prevention data regarding Loans thirty-one (31) or more days past due
· Default claims data for Charged Off Loans
· Loan level Borrower communication details and call disposition data reflecting dates and times of attempts and contacts, current principal balance, amounts outstanding and past due, promise-to-pay dates and other results of calls
4.9.1.2 On a weekly basis, SunTrust shall, through the Servicer, provide the following data to FMC, along with other data reasonably requested from time to time and necessary for the performance of the Services:
· Loan level detail, including information on the following subjects:
· Identifying information, such as account ID, name, address, birth date, Social Security number, and telephone number
· Disbursement dates and amounts
· Loan type
· Current principal balance
· Interest rate, accrued interest, and capitalization
· Current loan status
· Enrollment status
· Deferment and forbearance
4.9.1.3 On a monthly basis, SunTrust shall, through the Servicer, provide the following data to FMC no later than the third (3rd) Business Day of each month, along with other data reasonably requested from time to time and necessary for the performance of the Services:
· Loan level detail, including information on the following subjects:
· Commonline data
· Identifying information, such as account ID, name, address, birth date, Social Security number, and telephone number
· Disbursement dates and amounts
· Loan type
· Current principal balance
· Interest rate, accrued interest, and capitalization
· Current loan status
· Enrollment status
· Deferment and forbearance
· Pricing tier
· Loan payments
· Repayment period
· School identity and type
· Transaction details for the month reflecting Borrower account activity
· Data reflecting eligibility for and usage of Borrower benefits
4.9.2 Data Format: File layouts must provide for “fixed-width” fields using the ASCII character set. Delimited data is also acceptable, provided that FMC’s consent to the delimiter must be obtained. If comma-delimited fields are being submitted, then all text fields must be enclosed in double quotes.
4.9.3 Data Transmission: Files will need to be encrypted (PGP preferred) and delivered to FMC via FTP. The filenames must include unique identifiers for servicer name, snapshot or transaction file category, and contain a date-time-stamp.
Example filename for raw data file: xxxxSD00.csv_ccyymmddhhmmss.sfx
XXXX = Client Abbreviation,
SD = Transaction Detail (Monthly Loan Transaction),
00 = Tiebreaker
sfx=current file suffix as .pgp
Example filename for PGP-encrypted data file: xxxxTD00.csv_ccyymmddhhmmss.sfx
XXXX = Client Abbreviation,
TD = Transaction Detail (Monthly Loan Transaction),
00 = Tiebreaker
sfx=current file suffix as .pgp
4.10 Portfolio Management Transfer. SunTrust reserves the right to perform all Services set forth in Sections 4.4 through 4.8 upon [**] Business Days prior written notice to FMC if, after the full funding of the Participation Account at the end of the Term and at the time SunTrust delivers such notice, the amount of the balance in the Participation Account is below [**] per cent ([**]%) of the Participation Percentage multiplied by Outstanding Loan Volume. For example, if Outstanding Loan Volume is $[**], and the Participation Percentage is [**]%, then SunTrust may deliver to FMC its notice of its election to perform all Services set forth in Sections 4.4 to 4.8 if the balance in the Participation Account is less than $[**]. In the event SunTrust provides such notice to FMC, and the Services provided in this Section 4 are terminated, (a) the transition rules set forth in Section 18.3.2 shall apply, and (b) after the end of the Transition Period, SunTrust shall no longer be obligated to pay to FMC the fee set forth in Section 6.4.1.
ARTICLE 5. PURCHASE
5.1 FMC’s Purchase Obligations. SunTrust shall be entitled to cause FMC (or its Affiliate designee) to purchase, subject to the terms and conditions set forth in this Section 5, any Loan (each such Loan purchased pursuant to this Section 5, a “Purchased Loan”). Such right shall apply to any Loan that is reasonably determined by SunTrust to be a Loan which should not have been approved due to FMER’s or FMC’s failure to comply in any material respect with the terms of this Agreement, the Program Guidelines or Requirements of Law, and not due to any action or omission of SunTrust. In order to exercise such purchase right, SunTrust, pursuant to the terms of and within the time limitation set forth in the Program Guidelines and Servicing Agreement, shall make demand of FMC in writing that FMC purchase such Loans as have been so determined for an amount equal to the Purchase Price, calculated in the manner set forth below. If FMC objects to SunTrust’s characterization of any Loan as a Loan which should not have been approved, the dispute resolution procedure set forth in this Agreement shall apply; if FMC provides no such objection to SunTrust within ten (10) Business Days of SunTrust’s written purchase demand, then FMC shall pay SunTrust the Purchase Price in immediately available funds (outside of funds in the Participation Account) within fifteen (15) Business Days after receipt of SunTrust’s purchase notice.
5.2 Purchase Price. The “Purchase Price” for each Purchased Loan shall be an amount equal to the outstanding balance of the Loan, including accrued and unpaid interest through the date the Loan is removed from the Servicer’s system.
5.3 Conveyance. Upon payment of the Purchase Price with respect to such Loans which should not have been approved, SunTrust shall convey to MG Private Student Loan Trust 2010-1, at FMC’s cost and expense, any such Purchased Loan. No later than the time that is contemporaneous with the payment of the Purchase Price, SunTrust shall deliver, or cause to be delivered, to MG Private Student Loan Trust 2010-1 (or its designee) the Credit Agreement, all related Loan documentation and complete Loan file relating to such Purchased Loan and shall execute and deliver such instruments of transfer or assignment, in each case without recourse absent any violation by FMC or SunTrust of Requirements of Law or the Credit Agreement, as shall be necessary to vest in FMC (or its Affiliate designee) title to such Purchased Loan.
ARTICLE 6. FEES
6.1 Invoices. All fees will be invoiced to SunTrust by FMC on behalf of itself and FMER at the following address:
SunTrust Bank
SunTrust Education Loans
1001 Semmes Avenue
Richmond, VA 23224
Attn: Marnie Crane
SunTrust may change its designated address for invoices at any time by written notice to FMC which meets the requirements of Section 19.1.
6.2 General. All fees shall be paid by SunTrust within sixty (60) days after SunTrust’s receipt of the invoice therefor, except fees subject to good faith dispute between the Parties. In the event any fees have been made for a cancelled Disbursement, as defined by the cancellation window described in the Servicing Guidelines, SunTrust shall offset future fees with any and all prior fees paid for such cancelled Disbursement. Except as set forth in this Article 6, Section 18.1.2, Section 18.3.1, or as otherwise set forth in this Agreement, no fees will be paid after the termination of this Agreement, except for Applications which have already been submitted and credit approved prior to the termination of this Agreement. Except pursuant to an indemnity obligation or as otherwise expressly stated in this Agreement, no other amounts shall be due or payable by SunTrust.
6.3 Loan Processing Services Fees.
6.3.1 For the Loan Processing Services rendered during the Term of this Agreement, FMC shall invoice to SunTrust on a monthly basis, and SunTrust shall pay to FMER fees (the “Loan Processing Fees”)” equal to [**]% of the principal amount of the Disbursed Loan Amount for the prior month.
6.3.2 Loan Processing Fees shall be invoiced monthly as agreed by the Parties from time to time. FMC’s invoice for FMER’s Loan Processing Services will state the number and amount of Loans disbursed during the month covered by the invoice.
6.4 Program Support Services Fees.
6.4.1 For Program Support Services rendered during the Term of this Agreement, other than Production Support Services and Program Administration Services, SunTrust shall pay FMC an ongoing monthly fee equal to [**]% multiplied by the Average Daily Balance, divided by [**]. SunTrust shall be invoiced on a monthly basis by the Servicer and shall remit payment to the Servicer for all Program Support Services fees incurred hereunder.
6.4.2 For Production Support Services rendered during the Term of this Agreement, FMC shall invoice SunTrust for, and SunTrust shall pay FMC, a fee equal to [**]% of the Disbursed Loan Amount
in the previous month for Loans sourced through the FMC URI/URL, payable monthly in accordance with this Article 6.
6.5 Participation Account Administrative Fee; Program Administration Services Fees.
6.5.1 For administration of the Participation Account, SunTrust shall pay the monthly Participation Account Administrative Fee as set forth in this Agreement. For Program Administration Services, SunTrust shall pay FMC the monthly Program Administration Services Fee.
6.5.2 SunTrust shall be invoiced for this fee monthly by FMC.
6.5.3 Notwithstanding Section 6.5.1, in the event the Program Administration Services Fee is less than $[**], SunTrust shall offset the Participation Account Administrative Fee by an amount equal to the amount the Program Administration Services Fee falls below $[**].
6.6 After termination of this Agreement, SunTrust shall continue to pay FMC the Program Administration Services Fee on a monthly basis.
6.7 For example purposes only, with respect to the fees for Program Support Services, Participation Account Administration, and Program Administration Services:
Average Daily Balance |
| $[**] |
|
|
Monthly Accrued Interest |
| $[**] |
|
|
Sum of accrued interest due to FMC in each pricing segment |
| $[**] |
|
|
Program Support Services Fee |
| $[**] |
| ([**]% * Average Daily Balance)/ [**] |
Participation Account Administrative Fee (monthly) |
| $[**] |
| ([**]% * Average Daily Balance)/ [**] |
Program Administration Services Fee (monthly) |
| $[**] |
| (FMC Share of Portfolio Yield, less the Program Support Services Fee, less the Participation Account Administrative Fee) |
ARTICLE 7. FMC CREDIT ENHANCEMENT
7.1 Participation by FMC. In connection with Loans originated and funded under the terms of this Agreement, FMC agrees to fund the Participation Account for charge off coverage and credit enhancement purposes. The Participation Account shall be governed by this Article VII and an agreement between FMC and SunTrust regarding deposits, withdrawals, and procedures relating to the Participation Account (the “Participation Account Deposit Agreement”). SunTrust agrees to compensate FMC, by paying to FMC an undivided fractional interest in the Portfolio Yield from its portfolio of such Loans, on the following terms and conditions:
7.1.1 Initial Participation Account Deposit; Quarterly Participation Account Deposits. Prior to the commencement of the Loan Processing Services, FMC shall deposit the Initial Participation Account Deposit in a Participation Account for the initial Pool, which amount shall be counted toward the Participation Cap. Not later than fifteen (15) days following the end of each calendar quarter, FMC shall calculate the average of (i) the Participation Interest on the initial Pool as of the end of such quarter and (ii) the Participation Percentage multiplied by the Disbursed Loan Amount as of the end of such quarter, in each case after giving effect to changes to the Projected Default Rate as of quarter-end. Not later than fifteen (15) days following the end of the calendar quarter, and subject to the Participation Cap, FMC shall deposit in the Participation Account the amount, if any, by which the foregoing average exceeds the cumulative previous deposits made by FMC to the Participation Account as of the end of such quarter (each, a “Participation Account Deposit”). The Parties intend that additional Participation Account Deposits shall be made by FMC quarterly through the expiration or termination of this Agreement,
subject to the Participation Cap, to the extent the distribution of the Disbursed Loan Amount among pricing tiers changes the Projected Default Rate, and therefore, the Participation Interest, for the Pools, taken together.
7.1.2 Initial Participation Account Deposit Reconciliation. On the last day of the month in which the first anniversary of the Initial Participation Account Deposit by FMC occurs, FMC shall be entitled to a payment from the Participation Account of any amount by which the sum of Participation Account Deposits exceeds the Participation Percentage multiplied by the Disbursed Loan Amount, including remaining scheduled Loan disbursements, through the last day of such month (e.g., if Loan volume is substantially below projections, the amount, if any, by which the Initial Participation Account Deposit exceeded the required deposit for Disbursed Loan Amount during the first year of the Agreement). SunTrust agrees to withdraw and pay such amounts to FMC within fifteen (15) days after the end of such month.
7.1.3 Participation Account Deposits for Subsequent Pool; Reconciliation. With respect to the second Pool during the Term, subject to the Participation Cap, FMC shall deposit an Initial Participation Account Deposit in the Participation Account prior to the disbursement of the first Loan in such Pool. Not later than fifteen (15) days following the end of each calendar quarter during the second year of the Term, FMC shall calculate the average of (i) the Participation Interest on the Pools as of the end of such quarter and (ii) the Participation Percentage multiplied by the Disbursed Loan Amount as of the end of such quarter, in each case after giving effect to changes to the Projected Default Rate as of quarter-end. Not later than fifteen (15) days following the end of the calendar quarter, FMC shall deposit in the Participation Account the amount, if any, by which the foregoing average exceeds the cumulative previous deposits in the Participation Account as of the end of such quarter, minus amounts paid from the Participation Account pursuant to Section 7.1.2. Not later than 270 days following the end of the then-current Term (to allow for all final disbursements and any cancellations thereof to be made), and subject to the Participation Cap, (a) if the sum of previous deposits in the Participation Account as of the end of the then-current Term is less than the Participation Percentage for all Pools multiplied by the Disbursed Loan Amount plus the amount of all remaining scheduled Loan disbursements, for all Pools as of the end of the then-current Term, after giving effect to changes to the Projected Default Rate as of the end of the Term, then FMC shall deposit a final Participation Account Deposit into the Participation Account equal to the amount of such difference, or (b) if the sum of all Participation Account Deposits is greater than the Participation Percentage for all Pools multiplied by the Disbursed Loan Amount plus the amount of all remaining scheduled Loan disbursements for all Pools, then FMC shall be entitled to payments from the Participation Account of any amount by which the sum of Participation Account Deposits exceeds the Participation Percentage for all Pools as of the end of the Term multiplied by the Disbursed Loan Amount plus the amount of all remaining scheduled Loan disbursements for all Pools as of the end of the Term. SunTrust agrees to withdraw and pay to FMC such amounts subject to subsection (b) above, if any, no later than two hundred eighty-five (285) days after the end of the Term.
7.1.4 Charged Off Loan Payments. Not later than thirty (30) days following the end of each month, SunTrust shall withdraw on a monthly basis from the Participation Account, to the extent of available funds, the outstanding principal and accrued interest balance as of the date each Charged Off Loan is moved from the Servicer’s system. Upon SunTrust’s withdrawal under this Section 7.1.4, SunTrust shall assign the Charged Off Loan to FMC (or its Affiliate designee) by delivering, or causing to be delivered, the Credit Agreement, all related Loan documentation and complete Loan file relating to such Charged Off Loan and shall execute and deliver such instruments of transfer or assignment, in each case without recourse absent any violation by FMC or SunTrust of Requirements of Law or the Credit Agreement, as shall be necessary to vest in FMC (or its Affiliate designee) title to such Purchased Loan. On the date of any payment under this Section, SunTrust shall only be entitled to withdraw a payment in an amount equal to the outstanding principal and accrued interest balance as of the date each Charged Off Loan is moved from the Servicer’s system. Notwithstanding any other provision in this Agreement to the
contrary, if the funds in the Participation Account are not sufficient to cover the payment to SunTrust for any Charged Off Loan, the payment to SunTrust for such Charged Off Loan will be made when funds become available through the deposit of Recoveries in the Participation Account. Funds deposited in the Participation Account under Section 7.1.5 hereof shall not be available for withdrawal by SunTrust under this Section 7.1.4.
7.1.5 Participation Account Administrative Fee. Not later than thirty (30) days following the end of each month, SunTrust shall deposit the Participation Account Administrative Fee in the Participation Account. Regardless of whether funds in the Participation Account are sufficient to cover the payment to SunTrust for any Charged Off Loan, the Participation Account Administrative Fee deposited by SunTrust shall be released to FMC within two (2) Business Days of deposit into the Participation Account. During the Term, the Participation Account Administrative Fee shall be modified quarterly to reflect the extent to which the distribution of the Disbursed Loan Amount among pricing tiers changes the Projected Default Rate for the Pool. FMC shall invoice SunTrust for the amount of such fee as set forth in Section 6.2.
7.1.6 Participation Account Payments. In addition to any payments set forth in Section 7.1.2, payments shall be made to FMC monthly, after the date that is forty-eight (48) months after the Effective Date, to the extent that funds in the Participation Account as of the end of any month, as a percentage of Outstanding Loan Volume as of the end of such month, exceed the ratio, expressed as a percentage, of the Participation Percentage, after giving effect to changes to the Projected Default Rate as of the end of the Term to Disbursed Loan Amount (such excess, the “Participation Account Excess Percentage”). Such monthly payment to FMC at the end of any such month (the “Participation Account Payment”) in which the Participation Account Excess Percentage is positive shall equal the Participation Account Excess Percentage multiplied by the Outstanding Loan Volume at the end of such month.
7.1.7 Recoveries. After the payment to SunTrust with respect to any Charged Off Loans under Section 7.1.4, and after SunTrust has assigned the Charged Off Loan to FMC, Recoveries shall be deposited in the Participation Account by MG Student Loan Trust 2010-1 and its agents.
7.1.8 Review of Participation Reporting. FMC and SunTrust shall review the quarterly Participation Account report during the first ten (10) days after receiving it and shall notify the other Party in writing (which may be in the form of an email communication) if it in good faith disputes any items in such report during such 10-day period. If either FMC or SunTrust disputes items in the report, the payments required in Section 7.1.4 relating to such disputed item shall be withheld until such dispute is resolved to the satisfaction of FMER, SunTrust and FMC. If, within thirty (30) days of receiving a notice of dispute, the Parties are unable to resolve the dispute, any Party may invoke the dispute resolution procedures of this Agreement.
7.1.9 Account Access. SunTrust agrees that it shall provide view-only online access to the Participation Account to FMC and/or FMER employees designated by FMC and/or FMER from time to time.
7.1.10 Security Interest in Participation Account. FMC hereby grants SunTrust a security interest in the Participation Account pursuant to Article 9 of the Georgia Uniform Commercial Code (“Article 9”). SunTrust is responsible for perfecting this security interest in accordance with Article 9. FMC shall cooperate in good faith to enable SunTrust to perfect its security interest in the Participation Account, including, but not limited to, by entering into a mutually acceptable Participation Account Deposit Agreement with SunTrust. Any such Participation Account Deposit Agreement or similar agreement, or other means of perfecting SunTrust’s security interest, shall be consistent with the purpose and terms of this Agreement. SunTrust shall be entitled to enforce its security interest in the Participation Account in accordance with Article 9, subject to the terms of this Agreement, only upon the occurrence of
one or more events giving SunTrust the right to terminate this Agreement pursuant to Section 18.2.1 hereof.
7.1.11 Participation Cap and Transition. At such time as FMC has deposited, in the aggregate and inclusive of Initial Participation Account Deposits, [**] dollars ($[**]) in the Participation Account, FMC shall monitor the number and amount of pending Applications and amount of potential Loan disbursements, and FMC and SunTrust shall confer and mutually establish a date to cease accepting new Applications. Such date shall reasonably approximate the date on which cumulative deposits in the Participation Account, whether previously made by FMC or which FMC will be obligated to make once Loan disbursements are complete, are expected to equal or exceed [**] dollars ($[**]), after giving effect to estimated future Loan disbursements that will be made for all Applications submitted for a credit inquiry on or before such date. All Applications submitted for a credit inquiry by such date shall be processed in accordance with Section 18.4 of this Agreement, and FMC shall make Participation Account Deposits in connection with any Loans made for such applications, regardless of whether the total deposits ultimately made by FMC in the Participation Account are less than or greater than [**] dollars ($[**]).
ARTICLE 8. REPRESENTATIONS AND WARRANTIES
8.1 Representations and Warranties of the Parties. Each Party hereby represents and warrants to the other Parties as of the Execution Date and throughout the Term of this Agreement as follows:
8.1.1 Organization. It is duly organized, validly existing and in good standing under the laws of its state of organization and/or the United States, and has full power and authority to conduct its business as it is presently being conducted.
8.1.2 Authorization. It has all necessary authority and has taken all necessary action to enter into this Agreement, and subject to the satisfaction or waiver of the Effectiveness Conditions, on the Effective Date, to consummate the transactions contemplated hereby and to perform its obligations hereunder. This Agreement has been duly executed and delivered by each Party and is a legal, valid and binding obligation of each Party, enforceable against it in accordance with its terms, except as the enforcement thereof may be limited by applicable bankruptcy, insolvency, rearrangement, reorganization or similar debtor relief legislation affecting the rights of creditors generally from time to time in effect and by general principles of equity (regardless of whether such enforcement is sought in a proceeding at law or in equity) and the discretion of the court before which any such proceeding may be brought.
8.1.3 Absence of Conflicts. Neither the execution and delivery of this Agreement by any Party nor the performance by any Party of its obligations hereunder will result in (i) a violation of the articles of incorporation or charter documents of such Party, (ii) a breach of, or a default under any contract, agreement, instrument, lease, commitment, franchise, license, permit or authorization to which such Party is a party or by which it or its assets are bound, which breach or default would have a material adverse effect on its business or financial condition or its ability to consummate the transactions contemplated hereby, or (iii) a violation by such Party of any Requirements of Law, which violation would have a material adverse effect on such Party’s business or financial condition, its ability to consummate the transactions contemplated hereby or perform its obligations hereunder, or which could materially impair the enforceability of the Loans.
8.1.4 Consents and Approvals. Each Party has obtained any and all consents, approvals or authorizations of, and made any and all declarations, filings or registrations with, any Governmental Authority, or any other Person, required to be obtained or made by such Party in order to execute, deliver and perform its obligations under this Agreement or consummate the transactions contemplated hereby, except where the failure to do so would not have a material adverse effect on its business or financial condition, its ability to consummate the transactions contemplated hereby or perform its obligations hereunder, or which would not materially impair the enforceability of the Loans.
8.1.5 Litigation. There is no action, order, writ, injunction, judgment or decree outstanding or claim, suit, litigation, proceeding, labor dispute, arbitral action or investigation pending, or to the actual knowledge of any Party threatened, against or relating to such Party that would likely have a material adverse effect on this Agreement or on its business or financial condition, its ability to consummate the transactions contemplated hereby or perform its obligations hereunder, or which could materially impair the enforceability of the Loans.
8.1.6 Compliance with Law. It does and will at all times comply with all applicable Requirements of Law, in all material respects including the provisions of Title X and the marketing and conduct requirements of Section 1011 thereof, 15 U.S.C. § 1650.
8.1.7 Intellectual Property. It owns, or has the right to use under valid and enforceable agreements, all intellectual property rights reasonably necessary for and related to its performance under this Agreement and such performance will not infringe or violate any intellectual property rights of any other Person.
Each Party is bound by the representations and warranties specifically designated to it within this Agreement and any exhibit attached hereto.
8.2 Representations and Warranties of SunTrust. With respect to Loan Processing Services and subject to FMER’s and FMC’s representations, warranties and covenants regarding compliance with Requirements of Law as expressly set forth in the Agreement, SunTrust represents, warrants and covenants to FMC and FMER that it will at all times comply with all Requirements of Law. Without limiting the generality of the foregoing, SunTrust represents, warrants and covenants that:
8.2.1 all documents and forms provided by SunTrust to FMC or FMER and all instructions with respect thereto, including the forms of loan applications and Credit Agreements, comply with all Requirements of Law;
8.2.2 SunTrust is a federally-insured financial institution and has obtained any and all consents, approvals or authorizations of, and made any and all declarations, filings or registrations with, any Governmental Authority, or any other Person, required to be obtained or made by it in order to advertise, make, fund, hold or collect Loans; and
8.2.3 the Program Guidelines, including but not limited to the Pricing Schedule, all marketing activities and SunTrust Materials with respect to the Program conform to all Requirements of Law, including the Truth-in-Lending Act and Regulation Z, the Federal Trade Commission Act and any interpretations issued by the Federal Trade Commission and federal banking regulators, the Equal Credit Opportunity Act, Higher Education Opportunity Act Title X, the Student Lending Accountability, Transparency and Enforcement Act, all implementing regulations and all similar state and/or federal laws that may be now in effect or hereinafter enacted.
8.3 Representations and Warranties of FMER. With respect to Loan Processing Services, FMER hereby represents and warrants to SunTrust at the time of each Loan disbursement, subject to the exceptions noted in subsection 8.3.12 below, as follows:
8.3.1 With respect to each Loan originated hereunder, a Credit Agreement has been duly and properly executed by the Borrower thereunder and is enforceable against such Borrower in accordance with its terms except as enforceability may be affected by bankruptcy, insolvency, moratorium or other similar laws affecting the rights of creditors generally and by equitable principles.
8.3.2 Without limiting the generality of the foregoing subsection 8.3.1, each Loan has been made to a Borrower who, at the time of origination of the Loan:
(i) had the legal capacity to execute and deliver a Credit Agreement under Requirements of Law, including attaining the age of majority;
(ii) was not deceased; and,
(iii) was a United States citizen/national or a permanent resident alien of the United States.
8.3.3 Except as expressly otherwise approved in writing by SunTrust, each Loan has been originated in the United States of America, its territories, its possessions or other areas subject to its jurisdiction, by FMER in the ordinary course of its business.
8.3.4 Each Loan has been originated in conformity in all material respects with the Program Guidelines and all Requirements of Law with respect to the origination thereof, including the Equal Credit Opportunity Act and any applicable usury laws. No Application for a Loan shall be, or has been, rejected, approved or discouraged by FMER on behalf of SunTrust on the basis of race, sex, color, religion, national origin, age (other than laws limiting the capacity to enter a binding contract) or marital status, the fact that all or a part of any Applicant’s income derives from any public assistance program, or the fact that any Applicant has, in good faith, exercised any right under the Consumer Credit Protection Act.
8.3.5 Each Loan has been documented on forms set forth in the Program Guidelines, which forms, except to the extent otherwise modified from time to time pursuant to Section 3.1.1, (a) require interest accrual (whether or not such interest is being paid currently or is being capitalized) and yield interest at the applicable rate thereto, (b) provide or, when the payment schedule with respect thereto is determined, will provide for payments on a periodic basis that fully amortize the principal amount of the Loan by its maturity, as such maturity may be modified in accordance with any applicable deferral or forbearance periods granted in accordance with Requirements of Law and the Program Guidelines; and (c) contain consumer loan terms in strict conformity with the Program Guidelines;
8.3.6 With respect to each Loan (subject to SunTrust’s obligations above), FMER has provided or caused to be provided, all notices, statements and disclosures required under the Program Guidelines, Requirements of Law, and rules and regulations with respect to the origination thereof, including but not limited to the Truth-in-Lending Disclosure Statements, and each such notice, statement and disclosure was true, correct and complete in all material respects when provided;
8.3.7 Neither FMER nor any of its Affiliates has received any notice or communication alleging noncompliance with the Program Guidelines, or any applicable Requirement of Law with regard to the origination of any Loan.
8.3.8 FMER has not impaired, waived, altered or modified the terms of any Credit Agreement.
8.3.9 All data and records provided by or on behalf of FMER to SunTrust (and the Servicer) with respect to each Loan shall be true, correct and complete when provided in all material respects.
8.3.10 At the time of application, according to the credit bureau report or self-reported application information, no Borrower was a debtor in a bankruptcy proceeding.
8.3.11 All agreements with Subcontractors shall require the Subcontractors to perform in accordance with the relevant portions of this Agreement, the Program Guidelines, the Servicing Agreement, and Requirements of Law.
8.3.12 All of FMC’s and FMER’s representations, warranties and covenants hereunder are subject to the following:
(i) FMC’s and FMER’s representations, warranties and covenants hereunder shall not be breached by any occurrence or condition to the extent such occurrence or condition is caused by a breach of one or more of SunTrust’s representations, warranties or covenants regarding compliance with Requirements of Law or the failure of SunTrust to perform any of its other agreements hereunder related to FMER’s or FMC’s performance as expressly set forth in this Agreement.
(ii) Execution of Credit Agreements shall be deemed lawful and complete if: (A) an original document received by U.S. mail contains original signatures purporting to be the signatures of all Borrowers, (B) a copy received by fax contains copies of signatures purporting to be signatures of all Borrowers, or (C) if execution is by electronic signature, the Borrower who is electronically signing has satisfied the authentication criteria set forth in the Program Guidelines.
(iii) In performing its obligations under this Agreement, FMC and FMER shall be entitled to rely on the accuracy and completeness of all information provided to it by SunTrust, any Borrower or any Eligible Institution.
(iv) To the extent that FMER has followed the policies and procedures set forth in its Customer Identification Program, Red Flags Program and Address Mismatch Program, neither FMC nor FMER shall not be liable with respect to any Borrower fraud, identity theft or defective execution with respect to any Applicant or Borrower (or purported Applicant or Borrower).
8.4 Custom Scoring Model. FMC represents and warrants that its custom and proprietary score model complies with Requirements of Law, including that the model does not use (i) any of the following elements as inputs or model variables: gender, age, race, color, religion, national origin, childbearing or familial status, marital status, ethnic group, veteran status, disability, receipt of income from any public assistance program, or good faith exercise of any right under the federal Consumer Credit Protection Act, or any other factor prohibited by Requirements of Law, or (ii) geographic information in a way that would result in restricting credit from geographic areas on any basis prohibited by Requirements of Law.
8.5 Performance of FMER and FMC. Each of FMER and FMC acknowledge and agree with SunTrust that each of them shall be jointly and severally liable to SunTrust for any failure of either of them to perform as required by the terms of this Agreement.
8.6 Licensing. Each Party warrants that it will maintain during the effectiveness of this Agreement the legal authority to conduct all of the activities required to be conducted by it pursuant to the terms of this Agreement. As of the Execution Date, FMER has applied for the licenses set forth on Exhibit J (the “FMER License Applications”). If the FMER License Application in Massachusetts has not been approved prior to the Effective Date, FMER shall not charge SunTrust the fee set forth Section 6.3.1 for any Loan for which any Borrower is a resident of Massachusetts until FMER obtains its Massachusetts license. If the FMER License Application in New Jersey has not been approved prior to the Effective Date, FMER shall not accept any Applications for which any Applicant is a resident of New Jersey, until FMER obtains its New Jersey license.
ARTICLE 9. COMPLIANCE WITH REQUIREMENTS OF LAW. Each Party shall comply with all applicable Requirements of Law in all material respects in performing its respective obligations under this Agreement. Notwithstanding the foregoing, the Parties acknowledge and agree that unless expressly
set forth in the Agreement, neither FMER nor FMC makes any representation or warranties regarding conformity of any loan servicing processes or loan product terms or any forms, documents or disclosures with Requirements of Law. With respect to all aspects of the Program for which FMER and FMC make no express representations, including the Program Guidelines, SunTrust shall be responsible for compliance of such aspect of the Program with Requirements of Law.
ARTICLE 10. INSURANCE.
10.1 FMC shall (on behalf of itself and its Affiliates) at all times and at its sole cost and expense, keep in full force and effect until one (1) year after termination of this Agreement, the insurance coverage in amounts no less than what is specified on Exhibit H, attached hereto and incorporated herein (“Insurance Requirements”). All insurance policies or bonds required by this Agreement will be issued by insurance companies with an A.M. Best Rating of not less than “A1”, a Standard & Poor’s rating of not less than “A-”, or a Moody’s rating of not less than “A3”. Except as otherwise approved in writing by SunTrust, FMC must also ensure that its Subcontractors comply with the Insurance Requirements. FMC shall also maintain workers compensation insurance in compliance with all applicable Requirements of Law.
10.2 No insurance policy shall be cancelled, amended or modified by FMC in any manner that materially limits, restricts, or conditions the coverage provided, decreases the amount of coverage or increases the deductible, or in any other way reduces the coverage provided with the result that the Insurance Requirements are no longer met, without the prior written consent of SunTrust, which shall not be unreasonably withheld. Cancellation, amendment or modification of any insurance policy shall not relieve either FMC of its continuing obligation to maintain insurance coverage in accordance with the Insurance Requirements.
10.3 FMC agrees to waive, and will require its insurers to waive, all rights of subrogation against SunTrust, its directors, officers, and Personnel as it relates to the General Liability and Umbrella Liability policies required on Exhibit H. On or prior to the Effective Date, FMC will provide SunTrust with a certificate of insurance evidencing such required coverage; provided that SunTrust reserves the right to require FMC to deliver complete copies of FMC’s insurance policies from time to time thereafter. In addition, SunTrust will be notified of any material change or cancellation of such policies with at least thirty (30) days prior written notice. Notwithstanding any other provision in this Agreement, if FMC, at any time, neglects or refuses to maintain or deliver evidence of the insurance required herein within a reasonable time after SunTrust’s request, or should such insurance be canceled or materially changed with the result that the Insurance Requirements are no longer met without SunTrust’s consent, SunTrust will have the right to immediately terminate this Agreement without penalty, subject to Section 18 hereof.
ARTICLE 11. INTELLECTUAL PROPERTY.
11.1 Except as otherwise agreed to in writing by the Parties, in connection with the provision of Services as specified in this Agreement, each Party shall retain all right, title and interest in and to its intellectual property, Proprietary Information, systems, software, programs, processes, technology, services, methodologies, models, products, trademarks, service marks and any other materials or rights, tangible or intangible (collectively, “Intellectual Property”) and nothing shall or shall be construed to restrict, impair, transfer, license, convey or otherwise alter or deprive either Party of any of its rights or proprietary interests in its Intellectual Property, including any modifications, enhancements or derivative works thereof.
11.2 No Party may use any other Party’s Intellectual Property for any purpose other than as specified in this Agreement. Upon expiration or termination of this Agreement, all licenses granted by any Party to the other shall immediately terminate without notice required, and each Party shall return the other Party’s Intellectual Property and all copies or derivative works made thereof, as specifically permitted hereunder.
Each Party shall have no further rights or licenses to use the other Party’s Intellectual Property or any such copies or derivative works, except as specifically agreed between the Parties in writing.
11.3 Nothing contained in this Agreement shall be construed as granting to any Party any right or license under any of the other Parties’ present or future patent rights or copyrights, or as granting to any Party any right or license to use for any purpose other than those purposes expressly stated herein any of the other Parties’ information or any other information, materials or results received, discovered, or produced by any Party in connection with the Services performed for SunTrust.
ARTICLE 12. BOOKS AND RECORDS; AUDIT RIGHTS
12.1 Maintenance of Books and Records. Each Party will keep proper books and records reflecting all of its activities and transactions under this Agreement so that its financial statements can be maintained in accordance with generally acceptable accounting practices. Each Party shall maintain its books and records relating to activities under this Agreement throughout the term hereof and thereafter for such periods as are required under applicable Requirements of Law or such Party’s policy, whichever is longer.
12.2 Recordkeeping Requirements. FMER shall retain the original Credit Agreement for each Loan (or a copy thereof in the case of execution by fax or electronic signature as permitted in the Program Guidelines), along with a complete copy of the Truth in Lending Disclosure Statements (other than the Application and Solicitation Disclosure), income verification, enrollment verification/certification of the Loan by the Eligible Institution, credit bureau report, missing information notices, correspondence from the Applicant(s), and all other documents and data related to the Loan, whether originally sent to SunTrust (and forwarded to FMER) or to FMER. FMER shall also retain records of the time and date each Applicant acknowledges the Application and Solicitation Disclosure and records of the content of the Application and Solicitation Disclosure that each Applicant viewed at such date and time. FMER will be responsible for the safe maintenance of such Loan documentation and all records of Applicant Information for at least seven (7) years from either the time the Loan is fully repaid or the Loan is sold by SunTrust to a third party.
12.3 Audit Rights.
12.3.1 General Audits. SunTrust shall have the right to review, inspect and audit, at SunTrust’s expense, at such reasonable times as mutually agreed by the Parties, and upon at least ten (10) Business Days’ advance notice, the books, records, documents, other writings, information, whether in hard copies, electronic form or otherwise, of FMC or any Affiliate thereto performing Services to the extent related to: (i) such Party’s activities hereunder or (ii) conformance with such Party’s obligations hereunder. Upon at least ten (10) Business Days’ advance written notice to FMC, and subject to FMC’s reasonable security requirements, FMC shall provide to SunTrust (and SunTrust’s internal and external auditors, inspectors, regulators and other representatives that SunTrust may designate from time to time) access at reasonable hours to FMC’s Personnel, to the facilities at or from which Services are then being provided, and to FMC’s records and other pertinent information, all to the extent relevant to FMC’s obligations under this Agreement. Such access shall be provided for the purpose of performing audits and inspections of FMC and its businesses and to examine FMC’s performance under this Agreement, including: (a) verifying the integrity of data related to or concerning systems in FMC’s possession and control; (b) examining the systems that process, store, support and transmit such data; (c) examining the controls (e.g., organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls) and the security, disaster recovery and back-up practices and procedures; (d) examining FMC’s measurement, monitoring and management tools; and (e) enabling SunTrust to meet applicable legal, regulatory and contractual requirements. FMC shall provide any assistance reasonably requested by SunTrust or its designee, and at SunTrust’s expense, in conducting any such audit. Such audit and any information obtained therefrom shall be subject to the confidentiality
restrictions contained in this Agreement and SunTrust shall be responsible for enforcing such restrictions with respect to its internal and external auditors, inspectors, regulators (to the extent permitted by Requirements of Law) and other representatives. SunTrust shall also have the right to perform a monthly audit of Application and Loan files at a time and using procedures mutually acceptable to FMER and SunTrust.
12.3.2 Within five (5) Business Days of receipt of any audit notice, FMC shall notify SunTrust, in writing, of any objections to the scope of the review, inspection or audit or the supporting documentation requested, it being understood that any objections must be based upon a reasonable and documented belief that such review, inspection, audit or documentation is not reasonably related to the obligations of FMC or FMER under this Agreement or would require the disclosure of Proprietary Information (other than information that is proprietary solely as a result of this Agreement). The Parties shall cooperate in good faith to resolve objections with respect to any review, inspection or audit proposed by SunTrust and such review, inspection or audit shall not commence until such objections are resolved, unless sooner required for compliance with a court order, civil investigation demand or other Governmental Authority inquiry. In the event the Parties are not able to resolve such objections, the matter shall be resolved in accordance with the procedures set forth in Article 17.
12.3.3 Any review, inspection or audit to be performed by SunTrust pursuant to this Section 12.3 shall be conducted only during normal business hours, using reasonable care not to cause damage and not to interrupt the normal business operations of the Party to be inspected.
12.4 Regulatory Agency Requirements. FMC and FMER understand and acknowledge that SunTrust is subject to examination by a Governmental Authority with authority over SunTrust and its Affiliates. FMC and FMER agree to cooperate fully with any examination or inquiry by any such Governmental Authority at SunTrust’s expense. FMC and FMER further acknowledge that SunTrust, as a regulated financial institution, is required to engage in ongoing oversight of its relationship with FMC and FMER, including reviewing such Parties’ compliance with Privacy Requirements, insurance coverage, and performance under this Agreement. FMC and FMER agree to notify SunTrust promptly in writing in the event it experiences any material adverse change, including material financial difficulty, other catastrophic event, material change in strategic goals, or significant staffing changes relative to its obligations under this Agreement. With respect to audits and examinations related to the Program to be performed on FMC and/or FMER by a Governmental Authority with authority over SunTrust and its Affiliates, SunTrust shall provide FMC with as much prior written notice as reasonably practicable; provided, however, that the notice requirement of Section 12.3.1 shall not apply to any such audit or examination.
12.5 Regulatory Audits. Within ten (10) Business Days of its receipt, FMC shall provide SunTrust with a copy of the final written results of any audit performed by a Governmental Authority, unless such results are confidential under Requirements of Law; it being understood that FMC shall not be required to disclose the results of any examinations conducted by, or correspondence with, the U.S. Office of Thrift Supervision (“OTS”) that are deemed confidential by the OTS. If any audit results in FMC being notified that it is not in compliance with any Requirements of Law, or relevant and generally accepted accounting principle or other material audit requirement related to the Services, FMC shall immediately notify SunTrust and confer with SunTrust to determine the merits of the alleged violation and the appropriate response. In the event the Parties conclude that the auditor’s or regulator’s notice of violation is accurate, in whole or in part, FMC shall promptly use commercially reasonable efforts to comply with such audit to the extent that the alleged violations are deemed accurate by the Parties at no cost to SunTrust.
ARTICLE 13. PRIVACY AND SECURITY POLICIES
13.1 Privacy and Security. FMC’s privacy and security policies, as of the Execution Date, are attached hereto and incorporated herein as Exhibit I. FMC reserves the right to modify its privacy and
security policies in its reasonable discretion from time to time by notice, in writing, to SunTrust; provided, however, that any modifications that materially adversely affect SunTrust’s rights or interests must be approved in advance and in writing by SunTrust before FMC implements such modifications. Within ten (10) Business Days after receipt of a modification notice from FMC, SunTrust shall notify FMC as to whether it believes the proposed modifications will materially adversely affect SunTrust’s rights or interests. If SunTrust notifies FMC that the proposed modifications will materially adversely affect SunTrust’s rights or interests, SunTrust and FMC shall confer regarding how such proposed modifications may be altered so that they would not materially adversely affect SunTrust’s rights or interests. In the event SunTrust and FMC are unable to reach agreement on proposed modifications within sixty (60) days after the date of FMC’s original notice, the dispute shall be resolved using the procedures set forth in Article 17.
ARTICLE 14. CONFIDENTIALITY OF PROPRIETARY INFORMATION.
14.1 Proprietary Information Access or Exchange. In the performance of this Agreement, each Party may disclose to the other Party certain Proprietary Information.
14.2 Definitions. For the purposes of this Agreement, the following terms will have the definitions set forth below.
14.2.1 “Proprietary Information” means Trade Secrets, Confidential Business Information, and NPPI.
14.2.2 “Trade Secrets” means trade secrets as defined under Georgia law, as amended from time to time, and will include without limitation and without regard to form, technical or non-technical data, formulae, patterns, compilations, programs, software programs, devices, methods, techniques, drawings, processes, financial data, financial plans, product plans, non-public forecasts, studies, projections, analyses, all customer data of any kind, lists of actual or potential customers, business and contractual relationships, or any other information similar to the foregoing that: (a) derives economic value, actual or potential, from not being generally known and not being readily ascertainable by proper means to other persons who can obtain economic value from its disclosure or use; and (b) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. For the sake of clarity, “Trade Secrets” will include information provided to any Party by any third parties, which such Party is obligated to hold in confidence.
14.2.3 “Confidential Business Information” means (a) any valuable, secret business information, other than Trade Secrets, that is designated or identified as confidential at the time of the disclosure or is by its nature clearly recognizable as confidential information to a reasonably prudent person with knowledge of the Disclosing Party’s business and industry, and (b) for purposes of this Agreement, FMC Custom Model Property.
14.2.4 “NPPI” means non-public, personally identifiable information of SunTrust’s customers, SunTrust Personnel or other individuals, which has been provided to SunTrust by such persons or their representatives.
14.2.5 “Disclosing Party” means the Party disclosing any Proprietary Information hereunder, whether such disclosure is directly from or through the Disclosing Party’s Personnel.
14.2.6 “Receiving Party” means the Party receiving any Proprietary Information hereunder, whether such disclosure is received directly from or through the Receiving Party’s Personnel.
14.3 Exclusions. Notwithstanding the definition of Proprietary Information above, Proprietary Information does not include any information that: (a) was in the Receiving Party’s possession before being disclosed to it by the Disclosing Party without a duty of confidentiality on the Receiving Party; (b)
is or becomes a matter of public knowledge through no fault of the Receiving Party; (c) is rightfully received by the Receiving Party from a third party without a duty of confidentiality; (d) is disclosed by the Disclosing Party to a third party without a duty of confidentiality on the third party; (e) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Proprietary Information; or (f) is disclosed by the Receiving Party with the Disclosing Party’s prior written approval without a duty of confidentiality on the Party making such disclosure or the third party to which disclosure is authorized. In addition, notwithstanding anything else contained in this Article 14 or this Agreement, nothing in this Article 14 will be construed to prohibit disclosure of any information to regulatory agencies, rating agencies, attorneys, accountants, servicers and/or consultants of a Party, and/or the employees and agents of any of the foregoing, who are obliged to respect the confidentiality thereof.
14.4 Ownership and Restrictions on Use. The Receiving Party acknowledges and agrees that except to the extent otherwise expressly provided herein, the Proprietary Information of the Disclosing Party will remain the sole and exclusive property of the Disclosing Party or a third party providing such information to the Disclosing Party, and the disclosure of such information to the Receiving Party does not confer upon it any license, interest, or right of any kind in or to the Proprietary Information, except as provided under this Agreement. At all times and notwithstanding any termination or expiration of this Agreement, the Receiving Party agrees that it will: (a) hold in strict confidence and not disclose to any third party the Proprietary Information of the Disclosing Party, except as approved in writing by the Disclosing Party; (b) only permit access to the Proprietary Information of the Disclosing Party to those of its Personnel who have a need to know and have signed confidentiality agreements or are otherwise bound by confidentiality obligations substantially similar to those contained in this Agreement; (c) be responsible to the Disclosing Party for any third party’s use and disclosure of the Proprietary Information provided to such third party by the Receiving Party; (d) only use Proprietary Information that it receives to carry out the purposes of the Agreement and for no other purpose whatsoever; and (e) use at least the same degree of care it would use to protect its own Proprietary Information of like importance, but in no event less than a reasonable degree of care, including maintaining information security standards for such Proprietary Information as are commercially reasonable and customary for the type of information. Specifically, with regard to NPPI, FMC and FMER will comply with the information security standards specific to such information set forth in this Agreement. No Party will communicate any information to the other Party in violation of the proprietary rights of any third party.
To the extent FMC or FMER delivers or is required to deliver to SunTrust any FMC Custom Model Property, FMC shall own all right, title and interest (including all trademarks, trade secrets, copyrights, patents and any other intellectual property rights) in such FMC Custom Model Property. In addition, FMC may use the data collected in activities conducted pursuant to this Agreement to prepare, develop, or modify FMC Custom Model Property, provided, however, that such FMC Custom Model Property does not include Consumer Information, which may be used to perform analysis but shall not be included in reports, studies or other FMC Custom Model Property except on an aggregated and de-identified basis. In consideration of its obligations under this Agreement, FMC shall own all right, title and interest in and to all FMC Custom Model Property. FMC Custom Model Property shall not constitute a “work made for hire” as that term is defined in the federal Copyright Act. FMC may use FMC Custom Model Property for any lawful purpose, including in support of other loan programs, during the term of the Agreement and following termination of the Agreement.
14.5 Required Disclosures. If the Receiving Party is required by a Governmental Authority or law to disclose any of the Proprietary Information of the Disclosing Party, the Receiving Party must, if legally permissible: (a) first give written notice of such required disclosure to the Disclosing Party; (b) make a reasonable effort to obtain a protective order requiring that the Proprietary Information so disclosed be used only for the purposes for which disclosure is required; (c) take reasonable steps to allow the Disclosing Party to seek to protect the confidentiality of the Proprietary Information required to be disclosed; and (d) disclose only that part of the Proprietary Information which, in the opinion of its legal
counsel, it is required to disclose. The foregoing requirements will not apply and are not intended to limit any Party’s ability to fully comply with requests for information from regulators or the Internal Revenue Service, as permitted by the last sentence of Section 14.3.
14.6 Notice of Unauthorized Disclosures. Each Party to this Agreement will immediately notify the other Parties in writing upon discovery of any loss or unauthorized disclosure of the Proprietary Information of the other Parties.
14.7 Limit on Reproductions. The Receiving Party will not reproduce the Disclosing Party’s Proprietary Information in any form except as reasonably necessary to fulfill such Party’s duties and obligations and otherwise comply with the agreements of such Party under this Agreement. Any reproduction of any Proprietary Information by the Receiving Party will remain the property of the Disclosing Party and will contain any and all confidential or proprietary notices or legends that appear on the original, unless otherwise authorized in writing by the Disclosing Party.
14.8 Document Destruction — Information Erasure. Except as otherwise set forth in this Agreement, upon the earlier of: termination of this Agreement, the written request of the Disclosing Party, or when no longer needed by any Party for fulfillment of its obligations under this Agreement, each Receiving Party will either: (a) promptly return to the Disclosing Party all documents and other tangible (including electronic) materials containing the Disclosing Party’s Proprietary Information, including all copies thereof in its possession or control; or (b) erase or destroy all such materials by the following methods. If return, erasure, or destruction is not feasible, then the Receiving Party may maintain the Disclosing Party’s Proprietary Information in compliance with the requirements of the confidentiality and information security provisions of this Agreement; provided, however, that when the return, destruction, or erasure of any such materials becomes feasible for the Receiving Party, the Receiving Party must comply with the requirements of (a) or (b) above within sixty (60) calendar days. Notwithstanding the foregoing, SunTrust understands and agrees that FMC or FMER shall maintain encrypted, archived back-up tapes stored at a secure, offsite location that include transaction history received in connection with the Services and this Agreement and related documents and records for purposes of internal and external auditing of controls and recordkeeping requirements.
TYPE OF PROPRIETARY INFORMATION |
| DESTRUCTION METHOD |
Hard Copy |
| Shredding, pulverizing, burning, or other suitable destruction method so that any Proprietary Information is not readable at all and cannot be reassembled or reconstructed in any way so that it is practicably readable. |
Electronic Tangible Media, such as CDs, Disks, Tapes |
| Destruction or erasure of such media so that any Proprietary Information is not readable at all and cannot be reassembled or reconstructed in any way so that it is practicably readable. |
Hard Drive Storage or similar Computer or Device Storage |
| Erasure or elimination of Proprietary Information from such device so that any Proprietary Information is not readable at all and cannot be reassembled or reconstructed in any way so that it is practicably readable. |
14.9 Equitable Relief. If any Party should breach or threaten to breach any provision of this Article 14 of the Agreement, the non-breaching Party, in addition to any other remedy it may have at law or in equity, will be entitled to seek a restraining order, injunction, or other similar remedy in order to
specifically enforce the provisions of this Agreement. Each Party specifically acknowledges that money damages alone would be an inadequate remedy for the injuries and damages that would be suffered and incurred by the non-breaching Party as a result of a breach of any provision of this Agreement. In the event that any Party should seek an injunction hereunder, the other Parties hereby waive any requirement for the submission of proof of the economic value of any Proprietary Information or the posting of a bond or any other security.
14.10 Survival. Notwithstanding any termination of this Agreement, all of the Receiving Party’s nondisclosure and use obligations pursuant to this Article 14 will survive: (a) for three (3) years after termination with respect to any Confidential Business Information received prior to such termination, other than the FMC Custom Model Property, for which the Receiving Party’s nondisclosure and non-use obligations pursuant to this Article 14 will survive indefinitely; (b) with respect to Trade Secrets, for so long as such information continues to constitute a trade secret under Requirements of Law; and (c) with respect to NPPI, for so long as required by applicable state and federal laws.
14.11 Prior Agreements. The provisions set forth in this Agreement supersede any previous agreement between the Parties relating to the protection of any Proprietary Information.
14.12 Information related to Tax Structure and Treatment. It is the Parties’ mutual intent that the tax structure and tax treatment of the transactions contemplated by this Agreement will not be confidential and, that notwithstanding anything herein to the contrary, each Party and its Personnel may disclose to any and all Persons of any kind, the tax structure and tax treatment of the transactions contemplated herein such that the transactions will be treated as not having been offered under conditions of confidentiality for purposes of Section 1.6011-4(b)(3) (or any successor provision) of the Treasury Regulations promulgated under Section 6011 of the Internal Revenue Code of 1986, as amended, and any comparable provision in the law of any other jurisdiction.
ARTICLE 15. INFORMATION SECURITY.
15.1 General Requirements. FMC will provide information, data back-up procedures, and information security so as to reasonably ensure that any Proprietary Information provided by or for SunTrust is not lost, stolen, modified, disclosed to or accessed by any other party (other than those permitted parties under Article 14 of this Agreement) without SunTrust’s prior written approval. Such security measures will equal or exceed standard industry practices for similar entities dealing with Proprietary Information. FMC warrants to SunTrust that FMC will reasonably monitor, evaluate and adjust its information security systems and procedures, its data security systems, and its processes in response to relevant changes in technology, changes in the sensitivity of any SunTrust Proprietary Information, as reasonably determined by SunTrust, and internal and external threats to information security. FMC will promptly notify SunTrust of: (a) any unauthorized possession, use, or knowledge or attempt thereof, of the data-processing files, transmission messages, or other SunTrust Proprietary Information by any person or entity that may become known; (b) the effect of such; and (c) the corrective action FMC has taken in response thereto.
15.2 FMC Encryption. FMC represents and warrants that, to the extent FMC will be placing, and retaining SunTrust Proprietary Information on the following types of devices, FMC will encrypt with whole disk encryption all laptop computers maintaining SunTrust Proprietary Information on such devices. To the extent personal digital assistants (PDAs) do not contain or provide access to Consumer Information, PDAs may be password-protected. Other portable devices (including, but not limited to, thumb drives) must be encrypted and files on portable media (including, but not limited to, tapes and CDs) must be encrypted. All encryption must meet a minimum standard of Advanced Encryption Standard (AES) algorithm with a minimum key strength of 256-bit.
15.3 Information Security Audits. During the term of this Agreement, and for one (1) year following termination:
15.3.1 Audit Scope. Solely with respect to SunTrust Proprietary Information, to assess the effective protection of such information, SunTrust will have the right to conduct remote or on-site audits of FMC, at SunTrust’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) at any time during FMC’s regular business hours, upon no less than ten (10) Business Days prior written notice to FMC. Testing conducted will be performed only on ports of application hosts, operating systems, and web server software utilized in the course of performing Services for SunTrust. Testing will emulate tactics used by outside attackers with and without knowledge of specific applications, and with malicious intent, however, no such tactic shall interrupt services (e.g., denial of service attacks). Testing will not include the following actions or methods: changes to assigned user passwords; telephone modem probes and scans (active and passive); intentional viewing of email content, internet caches, and/or cookie files; or DoS attacks (smurf, land, SYN flood, etc.). Such audits and reviews may be performed by SunTrust, its agent, or an independent third party bound by a nondisclosure provision substantially similar to that set forth above in this Agreement, and may include reasonable testing of the Security Systems, including periodic vulnerability scans. Upon request, SunTrust shall provide to FMC the results of, and any data obtained from, such vulnerability assessment. Any such information security tests will be scheduled by mutual agreement of the Parties. FMC will provide SunTrust with such reasonable assistance and information as may be necessary for the performance of such testing. SunTrust will use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC or any third parties. FMC agrees to promptly grant reasonable access to logs, policies, records, other materials, and FMC Personnel reasonably required for SunTrust to perform the audit. SunTrust will reasonably determine the extent and methodology of the testing subject to the approval of FMC, such approval not to be unreasonably withheld. Further, FMC agrees to make available to SunTrust the results of any third party’s or its own testing, monitoring and auditing of such Security Systems; provided, however, that FMC will not be required to make available any such results which would breach confidentiality obligations between FMC and any third party. To the extent that any system data or information is obtained by SunTrust in the course of such assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust shall treat it in accordance with Article 14. In no event shall SunTrust retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etc.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.
15.3.2 Audit Finding / Remediation. Should such an audit, test or review reveal that the Security Systems or the contemplated Services do not effectively protect any SunTrust Proprietary Information, then FMC will prepare and present to SunTrust within thirty (30) days of receipt of the relevant audit, test, or review finding a remediation plan, including proposed modifications of the Security Systems, the cost, proposed allocation of such costs among the Parties, and deadlines to meet the information security requirements of SunTrust, its regulators, and the provisions of Requirements of Law. Should the Parties be unable to agree to a remediation plan within thirty (30) days of FMC’s preparation and presentation of such plan to SunTrust pursuant to the previous sentence, or shall FMC or FMER, as applicable, be unable to complete and install adequate modifications (as set forth in the plan of remediation) within the deadline set forth in any such plan of remediation, then any Party shall be entitled to immediately terminate this Agreement for cause as provided in Section 18.2.7.
15.3.3 Audit Costs. Prior to the initiation of any audit or review as permitted under this Agreement, the Parties will discuss and mutually agree upon a reasonable estimate of the total costs of the audit, which Party will bear these costs, and the payment schedule for such costs. SunTrust will reimburse FMC’s reasonable incremental direct expenses associated with the audit (e.g., reasonable copy charges or other reasonable standard expenses), but not any other expenses, such as a charge for access to FMC Personnel or other sources of information. It is the intent of the Parties that SunTrust bear the agreed upon cost of any such audit as described in this Article 15, unless a substantial and previously unknown security breach is identified as a result of such audit.
15.4 Procedures for Security Breaches. In the event FMC and/or FMER, as applicable, knows or reasonably believes that there has been any unauthorized access or attempted unauthorized access to Proprietary Information of SunTrust or Consumer Information in the possession or control of FMC or FMER, as applicable, that compromises the security, confidentiality or integrity of such Proprietary Information or Consumer Information, FMC or FMER, as applicable, shall take the following actions:
(a) immediately notify SunTrust of such unauthorized access or attempted unauthorized access;
(b) take reasonable steps to remedy the circumstances that permitted any such unauthorized access to occur;
(c) take reasonable steps to prohibit further disclosure of Proprietary Information or Consumer Information;
(d) upon request, cooperate with SunTrust or its agents to investigate the scope and content of the unauthorized access; and
(e) take corrective action as required by SunTrust in its sole discretion as related to SunTrust Consumer Information.
ARTICLE 16. INDEMNIFICATION; EXCLUSIONS FROM LIABILITY
16.1 Mutual General Indemnity.
Subject to the conditions set forth in Section 16.4 and the limitations in Section 16.6, each Party will indemnify, defend, and hold the applicable Indemnified Parties harmless from and against any and all damages (including any and all third party claims against such Indemnified Party and damages resulting therefrom, whether ordinary, direct, indirect, incidental, special, consequential, or exemplary), judgments, liabilities, fines, penalties, losses, claims, actions, demands, lawsuits, costs, and expenses including reasonable attorneys’ fees (collectively, “Damages”) incurred by such Indemnified Parties that arise out of or relate to any:
(a) gross negligence, willful misconduct or fraud of the Indemnifying Party;
(b) breach of the Indemnifying Party’s confidentiality or information security obligations under this Agreement;
(c) breach of the Indemnifying Party’s representations or warranty obligations or covenants under this Agreement; and
(d) failure by the Indemnifying Party to comply with Requirements of Law applicable to it or with the Program Guidelines,
provided, however, that in the case of any Damages resulting from a breach or failure described in Section 16.1(b), Section 16.1(c) or Section 16.1(d), no Indemnified Party shall be entitled to indemnification under this Article 16 to the extent that such breach or failure occurred as a result of or in
connection with the willful misconduct or fraud of an Indemnified Party, any failure of any representation or warranty made by an Indemnified Party in or pursuant to this Agreement to be true and correct, the non-fulfillment or non-performance of any covenant or obligation of an Indemnified Party contained in this Agreement, or the failure by an Indemnified Party to comply with Requirements of Law applicable to it or with the Program Guidelines.
For purposes of this Article 16, the acts or omissions of a Party’s Personnel will be deemed the acts or omissions of such Party.
16.2 FMC Infringement Indemnity.
FMC, at its expense, will defend, indemnify, and hold each SunTrust Indemnified Party harmless from and against any and all Damages that arise out of or relate to third party claims against a SunTrust Indemnified Party associated with SunTrust’s use of any FMC Intellectual Property and the infringement by such FMC Intellectual Property of such third party’s patent, trade secret, copyright, or trademark or other intellectual property right. For purposes of this Section 16.2 and Section 16.3 only, “FMC Intellectual Property” will include the following: FMC’s custom and proprietary credit scoring model and the Online Application System.
16.3 Specific Conditions and Additional Remedies Associated with FMC’s Infringement Indemnity.
16.3.1 Additional Remedies. In the event a court of competent jurisdiction makes a determination that any FMC Intellectual Property infringes or otherwise violates any third party intellectual property right, or if FMC determines that any FMC Intellectual Property likely infringes or otherwise violates such third party’s intellectual property right, FMC, at its option and sole expense, in addition to the indemnification obligation set forth above, will:
16.3.1.1 modify the infringing portion of any FMC Intellectual Property so as to make it non-infringing and non-violating, while maintaining equivalent functionality that is reasonably satisfactory to SunTrust;
16.3.1.2 replace the infringing portion of any FMC Intellectual Property with a non-infringing and non-violating solution having equivalent functionality that is reasonably satisfactory to SunTrust; or
16.3.1.3 obtain the right for SunTrust to continue using the infringing or violating portion of FMC Intellectual Property.
16.3.2 Conditions. FMC’s intellectual property infringement indemnity obligations will not apply to the extent of any applicable third party claim resulting solely from:
16.3.2.1 modifications to any FMC Intellectual Property by any party other than FMC or its authorized Personnel that are made without FMC’s written approval and only to the extent such modifications caused the infringement or violation;
16.3.2.2 the combination of any FMC Intellectual Property with other products, processes, or materials prohibited by FMC in the applicable specifications if, but for such other products, processes, or materials, the infringement would not have occurred; or
16.3.2.3 SunTrust’s use of any FMC Intellectual Property other than in accordance with the terms and conditions of this Agreement or the applicable specifications relating to such FMC Intellectual Property.
16.4 General Conditions on Indemnity Obligations. Each potential Indemnifying Party’s obligations under this Agreement will be subject to the Indemnified Party: (a) promptly, after receipt of any written claim, notice of any action giving rise to a claim for indemnification or the discovery by such Indemnified Party of any Damages that may give rise to a claim for indemnification, providing the Indemnifying Party
notice of the claim, action or Damages (provided that failure to so notify the potential Indemnifying Party will not relieve the potential Indemnifying Party of its indemnification obligations, except to the extent that the potential Indemnifying Party’s ability to defend against the claim or event with respect to which indemnification is sought is adversely affected by the failure of the potential Indemnified Party to give prompt notice as required by this Section); (b) providing reasonable cooperation and assistance in the defense or settlement of any claim; and (c) granting the Indemnifying Party control over the defense and settlement of the same (provided that any Indemnified Party shall be entitled to participate in the defense and settlement of the claim and to employ counsel at its own expense to assist in the handling of the claim; and provided further that the Indemnified Party does not invoke its retained right to defend as stated below).
The Indemnifying Party will not agree to any settlement which results in an admission of liability by the Indemnified Party without the Indemnified Party’s prior written consent.
16.5 Reservation of Right to Defend. If either SunTrust, on the one hand, or FMC or FMER, on the other hand, as an Indemnified Party, reasonably determines that the Indemnifying Party has failed to diligently assume and maintain a prompt and vigorous defense of any claim to which Indemnified Party is entitled to indemnification hereunder and with respect to which the conditions set forth in Section 16.4 have been satisfied, either SunTrust, on the one hand, or FMC or FMER, on the other hand, as an Indemnified Party, may, at its own expense, option and discretion, assume sole control of the defense of any claim and all related settlement negotiations with counsel of its own choosing and without waiving any other rights to indemnification. If SunTrust or FMC and/or FMER, as applicable, provides sufficient evidence to support its right to defend pursuant to this Section, the Indemnifying Party will pay all costs and expenses (including reasonable attorneys’ fees) incurred by such Indemnified Party in such defense. Notwithstanding anything to the contrary in the foregoing, SunTrust or FMC and/or FMER, as applicable, will not accept any settlement on behalf of the Indemnifying Party that results in an admission of liability by the Indemnifying Party without the Indemnifying Party’s express written consent.
16.6 Exclusions from Liability.
16.6.1 Except for each Party’s respective indemnification obligations in respect of third party claims against an Indemnified Party, in no event shall any Party be liable for indirect, incidental, special, consequential, or exemplary or punitive damages (or any comparable category or form of such damages, howsoever characterized in any jurisdiction), regardless of the form of action, whether in contract, tort, strict liability or otherwise, and even if foreseeable or if such Party has been advised of the possibility of such damages.
16.6.2 The limitation of liability provisions of Section 16.6.1 do not apply to liability that is the result of the Party seeking to limit its liability hereunder in connection with (i) a breach of its confidentiality, privacy or security obligations contained in this Agreement (including with respect to any Consumer Information or NPPI, or any Intellectual Property or other Proprietary Information of another Party to this Agreement), (ii) such Party’s violation of Requirements of Law or (iii) such Party’s fraud or willful misconduct.
16.6.3 SunTrust acknowledges and agrees that any liability of FMC and/or FMER hereunder to SunTrust or any of its Affiliates for Damages in any way related to a Loan that is purchased by FMC pursuant to Section 5 shall be reduced in proportion to the Purchase Price of any such Loan that is purchased by FMC or any of its Affiliates pursuant to Section 5.
16.7 Exclusive Remedies. EXCEPT IN CONNECTION WITH (I) THE OTHER PARTY’S FRAUD, WILLFUL MISCONDUCT OR GROSS NEGLIGENCE, (II) A PARTY’S EXERCISE OF EQUITABLE REMEDIES AVAILABLE TO IT, (III) THE RIGHTS OF SUNTRUST PURSUANT TO SECTION 5 OR (IV) A PARTY’S RIGHT TO SET OFF AMOUNTS PAYABLE TO THE OTHER PARTY AGAINST AMOUNTS OWED TO IT BY SUCH OTHER PARTY, IT IS UNDERSTOOD
AND AGREED THAT THE INDEMNIFICATION OBLIGATIONS OF A PARTY SET FORTH IN THIS ARTICLE 16 CONSTITUTE THE SOLE AND EXCLUSIVE REMEDIES OF A PARTY AGAINST ANY OTHER PARTY HERETO IN RESPECT OF THIS AGREEMENT OR THE SUBJECT MATTER HEREOF.
ARTICLE 17. DISPUTE RESOLUTION
17.1 Except as otherwise expressly set forth in this Agreement, the Parties agree that any dispute arising in connection with the interpretation of this Agreement or the performance of either Party under this Agreement or otherwise relating to this Agreement will be treated in accordance with the procedures set forth in this Article 17, prior to the resort by either Party to arbitration or litigation in connection with such dispute. The dispute will be referred for resolution first to a Senior Vice President for SunTrust, and the General Counsel or Chief Financial Officer for FMC. Such procedure will be invoked by either Party presenting to the other Party a Notice of Request for Resolution of Dispute (a “Notice”) identifying the issues in dispute sought to be addressed hereunder. A telephone or personal conference of those executives will be held within ten (10) Business Days after the delivery of the Notice. In the event that the telephone or personal conference between these executives does not take place or does not resolve the dispute, either Party may refer the dispute to binding arbitration pursuant to the arbitration provisions set forth below.
17.2 Except as otherwise expressly set forth in this Agreement and except for actions for equitable relief, all claims or disputes between the Parties arising out of or relating to this Agreement will be decided by arbitration pursuant to the Commercial Arbitration Rules of the American Arbitration Association in effect at the time of the claim or dispute and in accordance with Title 9 of the United States Code. Notice of the demand for arbitration must be provided in writing to the other Party and must be made within a reasonable time after the dispute has arisen. If the amount claimed to be in dispute is equal to or greater than Two Hundred Fifty Thousand Dollars ($250,000), then the arbitration will be decided by a panel of three (3) arbitrators selected under the Commercial Arbitration Rules of the American Arbitration Association. If the amount claimed to be in dispute is less than that amount, then the arbitration will be decided by one (1) arbitrator selected pursuant to the same rules. Said arbitration will occur within sixty (60) calendar days after the Party demanding arbitration delivers the written demand on the other Party, unless the Parties mutually agree otherwise in writing. The award rendered by the arbitrators will be final and specifically enforceable under Requirements of Law, and judgment may be entered upon it in any court having jurisdiction thereof. No arbitration arising out of or relating to this Agreement may include, by consolidation, joinder or in any other manner, any Person not a Party to this Agreement. Neither Party will appeal such award nor seek review, modification, or vacation of such award in any court or regulatory agency.
17.3 The arbitrators will award to the prevailing Party, if any, as determined by the arbitrators, all of its Costs and Fees. “Costs and Fees” mean all reasonable pre-award expenses of the arbitration, including the arbitrators’ fees, administrative fees, travel expenses, and out-of-pocket expenses, such as copying, telephone, court costs, witness fees and attorneys’ fees.
17.4 No provision of this Article 17 shall limit the right of any Party to this Agreement to seek to exercise any equitable remedies available to it (whether available in a court of law or a court of equity), exercise self-help remedies such as setoff, or obtain provisional or ancillary remedies from a court of competent jurisdiction before, after, or during the pendency of any arbitration or other proceeding. The exercise of a remedy does not waive the right of either party to resort to arbitration.
17.5 Permissible Legal Proceedings. Notwithstanding anything contained in this Article 17, (a) a Party may institute legal proceedings to seek a temporary restraining order or other temporary or preliminary injunctive relief to prevent immediate and irreparable harm to such Party, and for which monetary damages would be inadequate, pending final resolution of the dispute, controversy or claim
pursuant to arbitration, and (b) a Party may institute legal proceedings if necessary to preserve a superior position with respect to other creditors. Such conduct shall not constitute a waiver of the right of either party to resort to arbitration to obtain relief other than that specified in this Section 17.5.
ARTICLE 18. TERM AND TERMINATION
18.1.1 Effective Date. This Agreement shall be effective following the satisfaction or waiver of each of the conditions set forth in this Section 18.1.1(a) through (g) (the “Effectiveness Conditions”). Each of the Parties covenants and agrees with each other Party to act in good faith and use its best efforts to work diligently to satisfy of all of the Effectiveness Conditions and thereafter execute and deliver the Effective Date Communication at the earliest practicable date. Upon the satisfaction or waiver of each and every Effectiveness Condition, the Parties shall establish the Effective Date of this Agreement in a writing signed by all Parties (the “Effective Date Communication”). Until the execution of the Effective Date Communication by each of the Parties, no Party shall have any of the rights set forth in this Agreement or any obligation to perform any of the duties, covenants or other agreements set forth in this Agreement, or otherwise be subject to any of the restrictions contained herein, other than (i) the obligations to act in good faith and use its best efforts to work diligently to satisfy of all of the Effectiveness Conditions at the earliest practicable date, and any other provisions of this Section 18.1.1, (ii) all applicable obligations with respect to any Confidential Business Information or Proprietary Information of the other Party or any Consumer Information hereunder, including obligations and restrictions pursuant to Articles 11, 13, 14, 15 and 19 with respect to any such information or other materials that a Party is provided or to which it otherwise has access prior to the Effective Date, (iii) the representations and warranties of the Parties set forth in Section 8.1, and (iv) Article 16, in connection with any Party’s breach of any of its respective representations or warranties set forth in Section 8.1, or its failure to perform any covenant or obligation, set forth in any of the Articles or Sections referenced in Section 18.1.1(ii) above.
The Effectiveness Conditions are:
(a) Each of SunTrust, FMC, and the Servicer shall have executed the Servicing Agreement, including Servicing Guidelines satisfactory to SunTrust, FMC, and the Servicer;
(b) Each of SunTrust and FMC shall have executed the Participation Account Deposit Agreement;
(c) The Parties’ written approval of the Program Guidelines, including the forms of Credit Agreements and Truth-in-Lending Disclosures;
(d) The execution of documents establishing and governing the purchase of Charged Off Loans by MG Student Loan Trust 2010-1;
(e) SunTrust’s written approval of the Online Application System, including processes for complying with Title X;
(f) SunTrust’s written approval of the FMC Website and FMC Materials; and
(g) Complete execution of the TransUnion Addendum in a form substantially similar to attached Exhibit C.
If the Effectiveness Conditions are not satisfied or waived prior to September 1, 2010 as evidenced by the Parties’ execution of the Effective Date Communication prior to such date, then this Agreement may be automatically terminated by any Party on such date pursuant to this Section 18.1.1 and no Party shall have any further obligation under this Agreement except for any such obligation hereunder that is intended to survive the termination of this Agreement. The provisions of Section 18.1.1(ii), (iii) and (iv), to the extent applicable, and any other provisions hereof referenced therein or otherwise necessary to the interpretation of any such provisions, shall survive any termination of this Agreement as a result of the failure of the Effectiveness Conditions to be satisfied or waived prior to September 1, 2010.
18.1.2 Term of Agreement. Subject to Section 18.1.1 and this Section 18.1.2, this Agreement and the Services contemplated hereby shall commence on the Effective Date and shall continue through the earlier of two (2) years after the Effective Date or the date on which the Participation Cap is reached, unless earlier terminated pursuant to the provisions of this Section (the “Term”); provided, however, that notwithstanding the expiration of the Term or termination of Loan Processing Services, the Program Administration Services and Program Support Services set forth in Article 4 shall continue to be provided, and the associated fees and compensation to FMC and/or FMER therefor shall continue to accrue and become payable for such Services, for all periods through the month following the month during which the principal and interest of each Loan have been fully paid and remitted to SunTrust (the “Final Services Termination Period”). Notwithstanding the foregoing, if the Agreement is terminated prior to the Final Services Termination Period pursuant to Section 18.1.2, Program Support Services shall no longer be performed by FMC and FMER and the Program Support Services Fee due in Section 6.4.1 shall no longer by paid by SunTrust to FMC. In addition, in connection with a breach that is not cured as permitted by Section 18.2.2, a Force Majeure Event pursuant to Section 18.2.3, or a failure of audit remediation of the scope and for the applicable period described in Section 15.3.2, the Program Support Services may be terminated prior to the end of the Final Services Termination Period to the extent that such uncured breach, Force Majeure Event, or audit remediation failure, as applicable, is directly related to the Services that a Party seeks to terminate, and the Party seeking to terminate under such provisions timely gives the other Parties the notice of termination specified in Section 18.2.2, 18.2.3 or 18.2.6, as applicable. In the event of termination of Program Support Services under the preceding sentence, the Program Support Services Fee shall no longer be payable to FMC. This Agreement may be extended for an additional Term or Terms upon the terms and conditions set forth in a mutual written agreement among the Parties.
If FMC or SunTrust undergoes a Change in Control, the other Party may elect to terminate Loan Processing Services upon sixty (60) Business Days prior written notice; provided, however, that prior to delivering such notice, the Party considering such termination shall meet with representatives of the successor entity and engage in good faith negotiations for the continuation of this Agreement upon mutually acceptable terms and conditions.
18.2 Termination for Cause. From and after the Effective Date, FMC and SunTrust may each terminate the Agreement, subject to Section 18.1.2 and Section 18.3, immediately (after giving effect to notice and cure periods set forth in Sections 18.2.1 to 18.2.6, as applicable) by delivery of a written notice of termination to the affected Party or Parties, if:
18.2.1 Insolvency or Reorganization. The other Party shall file a petition to take advantage of any applicable insolvency or reorganization statute; or shall file a petition or answer seeking or shall consent to the appointment of a conservator or receiver or liquidator in any insolvency, readjustment of debt, marshaling of assets and liabilities or similar proceedings of or relating to such Party or Parties or relating to all or substantially all of its or their property; or a decree or order of a court or agency or supervisory authority having jurisdiction in the premises for the appointment of a conservator or receiver or liquidator in any insolvency, readjustment of debt, marshaling of assets and liabilities or similar proceedings, or the winding-up or liquidation of its affairs, shall have been entered against such Party or Parties, which decree or order entered against such Party or Parties shall have remained in force undischarged or unstayed for a period of fifteen (15) days; or such Party or Parties shall be insolvent, admit in writing its inability to pay its or their debts generally as they become due, make an assignment for the benefit of its creditors or voluntarily suspend payment of its obligations; or
18.2.2 Breach. The other Party fails to perform any of its obligations (including the failure to pay fees for Services when due and not the subject of a good faith dispute) in any material respect, or shall breach any of its or their representations, warranties or covenants in this Agreement, in any material respect and such failure or breach continues unremedied after the expiration of thirty (30) days following
written notice to such Party or Parties specifying the nature of such failure or breach and stating the intention of the terminating Party to terminate this Agreement absent a cure of such failure or breach in all material respects within such thirty (30) day period; or
18.2.3 Force Majeure Event. In the event that a Force Majeure Event occurs, if any Party is prevented from performing or its performance is rendered impracticable for a period of at least five (5) days after notice of such event and inability to perform was provided to the other Party or Parties, provided, however, that if the Party previously unable to perform regains its ability to perform hereunder within five (5) days after notice of the event and inability to perform, the notice of termination must be delivered to the other Parties no later than thirty (30) days after the Party regains such ability to perform and notifies the other Parties thereof; or
18.2.4 Failure to Agree on Program Changes. If SunTrust and FMC cannot agree on Program changes (other than changes to the Pricing Schedule) following full compliance with the procedures set forth in Section 4.1.1, then any Party may terminate this Agreement on fifteen (15) days’ written notice to the other Parties, provided, however, that such notice of termination is delivered to the other Parties no later than thirty (30) days after the expiration of the thirty (30) day period described in Section 4.1.1 during which changes could not be agreed; or
18.2.5 Governmental Authority. To the extent required by Requirements of Law, a Governmental Authority with oversight of SunTrust requires, in writing, termination of this Agreement because, among other things, SunTrust is considered a “troubled” institution, which termination shall be without penalty to SunTrust; provided, however, that such termination shall be effective only to the extent of the Services required by such Governmental Authority to be terminated; or
18.2.6 Audit Remediation Failure. As set forth in Section 15.3.2, if the Parties are unable to agree to a remediation plan within thirty (30) days of FMC’s preparation and presentation of such plan to SunTrust pursuant to the first sentence of Section 15.3.2, or if FMC or FMER, as applicable, shall be unable to complete and install adequate modifications (as set forth in the plan of remediation) within the deadline set forth in any such plan of remediation; provided, however, that if (i) subsequent to such thirty (30) day period a remediation plan shall be agreed, or if subsequent to such other deadline set forth in any such plan of remediation, FMC or FMER, as applicable, is able to complete and install adequate modifications in accordance therewith, as applicable, and (ii) the Agreement has not been effectively terminated prior to such agreement or completion of modifications, then no Party may deliver a notice of termination under this Section 18.2.6 thereafter in connection with such subsequently remedied failure described in this subsection or Section 15.3.2.
18.3 Rights and Obligations Upon Notice of Termination.
18.3.1 Requirements Upon Termination. As of the effective date of termination of this Agreement, FMER shall (i) cease accepting new applications for Loans and (ii) unless otherwise agreed by the Parties in writing, process all Applications received prior to the effective date of termination through disbursement or denial. In addition, upon the termination of this Agreement for any reason:
(A) FMC shall make a final Participation Account Deposit in the Participation Account pursuant to Section 7.1.3 and shall thereafter not be required to make further Participation Account Deposits;
(B) payments pursuant to Section 6.5.1, Section 7.1.4, Section 7.1.5, and Section 7.1.7 shall continue notwithstanding such termination;
(C) releases from the Participation Account pursuant to Section 7.1.6 shall continue notwithstanding such termination.
18.3.2 Transition Services. Upon notice of termination of this Agreement or any Services provided hereunder, the Parties shall meet to develop a plan to wind down the affected Services and transition for the terminated Services, to extend for a period not to exceed ninety (90) days past the effective date of termination (the “Transition Period”), unless mutually agreed by the Parties in writing to be longer than ninety (90) days. The fees paid for Services provided during the Transition Period shall be in accordance with the fees in effect at the expiration or termination of this Agreement. Except as otherwise set forth in this Agreement, upon the conclusion of the Transition Period for any specific Services, each Party shall cease the affected Services and return to the other Party or Parties, as applicable, or destroy all Proprietary Information and/or Consumer Information in accordance with Section 14.8 of this Agreement, except as necessary pursuant to any Requirements of Law.
18.4 Requirements Upon Termination. In addition to the requirements contained in Section 18.3.2 of the Agreement, (i) in the event that less than all disbursements of a multi-disbursement Loan have been made prior to the date of termination, the remaining disbursement(s) will also be made pursuant to the terms of this Agreement, (ii) Loan Applications will no longer be accepted by FMER as of the termination date, (iii) any legal commitments already made to Borrowers shall be fulfilled and all Applications received for a credit inquiry prior to termination shall be processed through denial or final disbursement.
18.5 Rights Upon Termination. With respect to the termination of Portfolio Management Services, FMER shall provide to SunTrust a final reconciliation of all amounts collected by Subcontractors, collect all original files from Subcontractors, and transmit all such files to SunTrust.
ARTICLE 19. MISCELLANEOUS
19.1 Notice Procedure; Addresses. All notices, demands and other communications hereunder shall be in writing and shall be deemed to have been duly given and received at the time delivered by hand, if personally delivered; when receipt is acknowledged, if mailed by certified mail, postage prepaid, return receipt requested; the next Business Day after timely delivery to the courier, if sent by overnight air courier guaranteeing next-day delivery; and when received, if delivered by hand, as follows:
If to SunTrust: SunTrust Bank Attn: W. Mark Smith Executive Vice President 1001 Semmes Avenue Mail Code CS-RVW-7900 Richmond, VA 23224
|
| If to FMC: The First Marblehead Corporation Attn: Chief Executive Officer 800 Boylston Street, 34th Floor Boston, MA 02199-8157
If to FMER: First Marblehead Education Resources, Inc. Attn: Managing Director One Cabot Road Medford, MA 02155 |
|
|
|
With a copy to: SunTrust Bank Legal Department 303 Peachtree Street, N.E., 36th Floor Atlanta, GA 30308 |
| For either FMC, FMER, as applicable, with a copy to: The First Marblehead Corporation Legal Department 800 Boylston Street, 34th Floor Boston, MA 02199-8157 |
The Persons or addresses to which mailings or deliveries shall be made may be changed from time to time by notice given pursuant to the provisions of this Section.
19.2 Press Releases; Regulatory Reports. No Party shall issue any press release or other announcement regarding the subject matter of this Agreement without the written consent of the other affected Parties with respect to mutually acceptable language (which consent shall not be unreasonably withheld), unless a Party refuses to consent and the Party desiring to issue the release or other announcement is advised by its legal counsel that the press release or other announcement is required in order to comply with applicable Requirements of Law. Notwithstanding the foregoing, SunTrust acknowledges that FMC expects to be required pursuant to Requirements of Law to file this Agreement and a report regarding this Agreement with the Securities and Exchange Commission which FMC shall provide to SunTrust at least three (3) Business Days prior to FMC releasing such report to provide SunTrust a reasonable opportunity to review, comment, and consent, which consent shall not be unreasonably withheld.
19.3 Relationship of the Parties. The Parties agree that in carrying out their responsibilities pursuant to this Agreement they are in the position of independent contractors. This Agreement is not intended to create, nor does it create and shall not be construed to create, a relationship of partners or joint venturers, fiduciaries or any association for profit between and among the Parties or any of their respective Affiliates.
19.4 Expenses. Except as is otherwise specifically provided in this Agreement, each Party shall pay its own costs and expenses in connection with this Agreement and the transactions contemplated hereby, including all regulatory fees, attorneys’ fees, accounting fees and other expenses.
19.5 Successors and Assigns. All terms and provisions of this Agreement shall be binding upon and shall inure to the benefit of the Parties, and each of their respective permitted transferees, successors and assigns. Neither Party may assign or transfer any right or obligation under this Agreement without the prior written consent of the other Party; provided, however, that (i) no prior written consent of the other Party is required in the event that FMC or FMER assigns or delegates any Services set forth in this Agreement to the other or to any other Affiliate of FMC, including but not limited to First Marblehead Data Services, Inc., and such assignee or delegatee would be able to make the representations and warranties of FMC or FMER, as applicable, herein, and comply with each of the covenants and other agreements of FMC or FMER, as applicable, herein. Notwithstanding the foregoing, neither SunTrust, on the one hand, nor FMC and/or FMER, on the other hand, shall be permitted to assign or otherwise transfer the rights and obligations of this Agreement (including any transfer by operation of law) to any Person completing a Change in Control of the assigning Party, without the written consent of the other Party and the assumption by the Person completing such Change in Control of all of the assigning or transferring Party’s obligations under this Agreement.
19.6 Multiple Counterparts. This Agreement may be executed in multiple counterparts, each of which shall be deemed an original for all purposes and all of which shall be deemed, collectively, one agreement.
19.7 Drafting; Captions. Each Party acknowledges that its legal counsel participated in the drafting of this Agreement. The Parties hereby agree that the rule of construction that ambiguities are to be resolved against the drafting Party shall not be employed in the interpretation of this Agreement to favor one Party over any other. Further, the captions, headings and arrangements used in this Agreement are for convenience only and do not in any way affect, limit or amplify the terms and provisions hereof.
19.8 Entire Agreement; Amendments. The making, execution and delivery of this Agreement by the Parties have been induced by no representations, warranties, statements or agreements other than those herein expressed. This Agreement, including the Schedules and Exhibits attached hereto, embodies the entire understanding of the Parties, and there are no further or other agreements or understandings, written or oral, in effect among the Parties relating to the subject matter hereof. This Agreement may be amended or modified only by a written instrument signed by each of the Parties.
19.9 Waiver. None of the Parties shall be deemed to have waived any of its rights, powers or remedies under this Agreement unless such waiver is approved in writing by an authorized representative of the waiving Party. No delay or failure by any Party to exercise any right, power or remedy hereunder shall constitute a waiver thereof by such Party, and no single or partial exercise by any Party of any right, power or remedy shall preclude other or further exercise thereof or any exercise of any other rights, powers or remedies.
19.10 Severability. Whenever possible, each provision of this Agreement will be interpreted in such manner as to be effective and valid under Requirements of Law, but if any provision of this Agreement is held to be prohibited by or invalid under Requirements of Law, such provision will be ineffective only to the extent of such prohibition or invalidity, without invalidating the remainder of such provision or the remaining provisions of this Agreement.
19.11 Disaster Recovery and Force Majeure. Each of the Parties will timely implement, if it has not already, and maintain a reasonable disaster recovery plan. Upon request by SunTrust, FMC shall promptly provide to SunTrust a description of and summary test results for FMC’s disaster recovery plan, including such information as may reasonably be requested by SunTrust to comply with Requirements of Law. Upon the occurrence of any disaster requiring use of FMC’s disaster recovery plan, FMC shall promptly notify SunTrust of same, and FMC shall provide to SunTrust access to services equal to services provided to other clients. Subject to the foregoing, no Party hereto shall be responsible for, or in breach of, this Agreement if it is unable to perform or its performance is rendered impracticable as a result of delays or failures due to any cause beyond its control, howsoever arising, and not due to its own act or negligence and that cannot be overcome by the exercise of due diligence. Such causes shall include, but not be limited to, labor disturbances, riots, fires, earthquakes, floods, storms, lightning, epidemics, terrorist attacks, wars, civil disorder, hostilities, expropriation or confiscation of property, failure or delay by carriers, interference by civil and military authorities whether by legal proceeding or in fact and whether purporting to act under some constitution, decree, law or otherwise, or acts of God (each such event, a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the Party declaring such event shall provide written notice thereof to the other Party as soon as practicable. Notwithstanding any other provision in this Agreement, either SunTrust or FMC may immediately terminate this Agreement if the other Party cannot perform the Services (in the case of FMC) or otherwise perform their obligations hereunder for more than five (5) days, subject to the provisions of Section 18.1 and Section 18.3, and provided, however, that if the Party previously unable to perform regains its ability to perform hereunder, the notice of termination must be delivered to the other Parties no later than thirty (30) days after the Party regains such ability to perform and notifies the other Parties thereof.
19.12 GOVERNING LAW. THIS AGREEMENT SHALL BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE INTERNAL LAWS OF THE STATE OF GEORGIA, WITHOUT GIVING EFFECT TO ANY CHOICE OR CONFLICT OF LAW PROVISION OR RULE THAT WOULD CAUSE THE APPLICATION OF LAWS OF ANY JURISDICTION OTHER THAN TO THOSE OF THE STATE OF GEORGIA. EACH PARTY WAIVES ITS RIGHT TO A JURY TRIAL WITH RESPECT TO ANY ACTION OR CLAIM ARISING OUT OF ANY DISPUTE IN CONNECTION WITH THIS AGREEMENT, ANY RIGHTS OR OBLIGATIONS HEREUNDER OR THE PERFORMANCE OF ANY SUCH RIGHTS OR OBLIGATIONS.
19.13 No Third Parties Benefitted. This Agreement is made and entered into for the protection and legal benefit of the Parties, and their permitted successors and assigns, and each and every Indemnified Party (all of which shall be entitled to enforce the indemnity contained herein), and no other Person shall be a direct or indirect legal beneficiary of, or have any direct or indirect cause of action or claim in connection with, this Agreement.
19.14 Permitted Filing. Each Party may file this Agreement (with redactions as permitted by Requirements of Law) with the appropriate state or federal regulators, including the Securities and Exchange Commission, as required by such regulators.
19.15 Survival. Any and all provisions, promises, and warranties contained herein, which by their nature or effect are required or intended to be observed, kept or performed after expiration or termination of this Agreement (including representations and warranties, confidentiality, information security, audit rights, indemnification, limitation of liability, dispute resolution and miscellaneous provisions), will survive the expiration or termination of this Agreement and remain binding upon and for the benefit of the Parties hereto.
[Signatures appear on next page]
IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be executed by their respective officers, being first duly authorized, as of the day and year first above written.
SUNTRUST BANK |
| |
|
|
|
By: | /s/ W. Mark Smith |
|
Name: | W. Mark Smith |
|
Title: | Executive Vice President |
|
|
|
|
|
|
|
THE FIRST MARBLEHEAD CORPORATION |
| |
|
|
|
By: | /s/ Daniel Maxwell Meyers |
|
Name: | Daniel Maxwell Meyers |
|
Title: | President and CEO |
|
|
|
|
|
|
|
FIRST MARBLEHEAD EDUCATION RESOURCES, INC. |
| |
|
|
|
By: | /s/ Michael Plunkett |
|
Name: | Michael Plunkett |
|
Title: | President |
|
EXHIBIT A
Datamart Report
In addition to the data set forth in the Program Guidelines and Servicing Agreement, the report shall consist of loan level data and provide at least the following information with respect to each Loan application:
· Identifying information and demographic information
· Repayment option
· Enrollment status
· Grade level
· Applicable borrower benefits for which the borrower may become eligible
· Missing information reasons, if any
· Decline reasons, if applicable
· Current application status
· Acquisition channel
· Residency status (own, rent, live with parents)
· Credit score (including FMC custom credit score)
EXHIBIT B
Compensation Schedule
Margin to be Earned by FMC by Pricing Segment
FMC Variable Rate Compensation
Repayment |
| Repayment |
| 1 |
| 2 |
| 3 |
| 4 |
| 5 |
| 6 |
|
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
Margin to be Earned by FMC by Pricing Segment
FMC Fixed Rate Compensation
Pricing Tiers
Repayment |
| Repayment |
| 1 |
| 2 |
| 3 |
| 4 |
| 5 |
| 6 |
|
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
[**] |
| [**] |
| [**] | % | [**] | % | [**] | % | [**] | % | [**] | % | [**] | % |
EXHIBIT C
TransUnion Addendum
AGENT ADDENDUM TO THE TRANSUNION MASTER SERVICES
AGREEMENT FOR CONSUMER REPORTING AND ANCILLARY SERVICES
This Agent Addendum (“Addendum”), effective the day of , 2010 (the “Effective Date”), by and between Trans Union LLC, with its principal place of business located at 555 West Adams, Chicago, Illinois 60661 (“TransUnion”), SunTrust Bank, with its principal place of business located at 303 Peachtree Street, Atlanta, GA 30308 (“SUBSCRIBER”), and First Marblehead Education Resources, with its principal place of business located at (“Agent”), is meant to modify the terms of the Master Agreement for Consumer Reporting and Ancillary Services entered between TransUnion and Subscriber on or about August 26, 2003 (the “MSA”).
RECITALS
WHEREAS, SUBSCRIBER has entered into an agreement with Agent for the purpose of conducing the project indicated on the attached Schedule A (the “Project”);
WHEREAS, the Project requires TransUnion to disclose Services and Services Information directly to Agent on behalf of SUBSCRIBER;
WHEREAS, SUBSCRIBER desires TransUnion disclose such Services and Services Information directly to Agent, and TransUnion has agreed to such disclosure, subject to the terms contained in both the MSA and this Addendum; and,
WHEREAS, SUBSCRIBER desires that TransUnion invoice Agent for the Services and Services Information disclosed to Agent as more fully explained herein.
NOW, THEREFORE, in exchange for the mutual promises and covenants contained herein, and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties hereto agree as follows:
1. The forgoing Recitals are hereby incorporated by reference as a material part of this Agreement.
2. Capitalized terms not defined herein shall have the definition ascribed in the MSA.
3. SUBSCRIBER hereby appoints Agent its agent with all necessary authority to disclose to, and, request and receive from, TransUnion, Services or Services Information. Moreover, SUBSCRIBER hereby authorizes TransUnion to disclose Services and Services information to Agent.
4. SUBSCRIBER shall at all times be responsible and ensure Agent’s compliance with the terms and conditions of the MSA. Additionally SUBSCRIBER hereby represents to TransUnion that it has entered into a written agreement with Agent containing obligations and restrictions consistent with its obligations and restrictions under the MSA. SUBSCRIBER further agrees to enforce such obligations and restrictions against Agent to the satisfaction of TransUnion, and to immediately notify TransUnion upon the discovery of any violation of such obligations and restrictions by Agent. In the event SUBSCRIBER fails to enforce said obligations and restrictions to TransUnion’s satisfaction, SUBSCRIBER hereby agrees to assign to TransUnion
all such enforcement rights against Agent.
5. TransUnion, subject to the terms of the MSA and this Addendum, agrees to: 1) disclose Services and Services Information to Agent on behalf of SUBSCRIBER; and, 2) allow Agent to access Services and Services Information on behalf of Subscriber.
6. Agent certifies that it will request and use any information provided as part of the TransUnion services pursuant to this Addendum in compliance with the terms and conditions of the MSA and only on behalf of SUBSCRIBER one-time and only for the specific permissible purpose certified by SUBSCRIBER at the time of its request. Agent further certifies that it will limit the disclosure of Services and Services Information to those individuals inside its organization with a “need to know”, and that it will not disclose such information to any third party other than the SUBSCRIBER.
7. SUBSCRIBER and Agent shall at all times be responsible for compliance with, and any violation of, the terms, certifications, obligations and restrictions as set forth in the MSA with respect to Services and/or Services Information disclosed to Agent, including, but not limited to, those terms related to compliance with laws and security. Moreover, and without regard to any cap on liability set forth in the MSA, SUBSCRIBER and Agent shall jointly and severally defend, indemnify and hold TransUnion harmless from and against any and all claims, expenses, costs, damages, settlements, judgments or awards, including attorney’s fees, directly or indirectly resulting from, or alleged to have directly or indirectly resulted from, disclosure hereunder.
8. SUBSCRIBER authorizes, and TransUnion agrees, that for any Services and/or Services Information accessed by its Agent, TransUnion will invoice SUBSCRIBER care-of Agent, at a rate previously agreed upon by TransUnion and Agent, at the following address , which may be changed upon written notice to TransUnion in accordance with Paragraph 11. Agent shall remit to TransUnion payment to TransUnion Invoice within thirty (30) days of the invoice date, regardless whether or not it has collected such payment from SUBSCRIBER. Without limiting any of TransUnion’s remedies for non payment or late payment of invoices, invoices which are not paid by Agent within sixty (60) days of the invoice date shall be subject to a late charge of one and one-half percent (1.5%) per month (18% per year) or the maximum allowed by law, whichever is less. If collection efforts are required, Agent shall pay all costs of collection, including reasonable attorneys’ fees.
9. Notwithstanding the forgoing, SUBSCRIBER, in accordance with the terms of the MSA, shall remain responsible for payment of any unpaid or untimely paid invoices, as well as any fees associated therewith, submitted to SUBSCRIBER care-of Agent.
10. Agent recognizes the confidential nature of the information contained in the TransUnion invoice(s). Agent shall keep all information in any way related to the TransUnion invoice(s), whether received from either TransUnion or SUBSCRIBER, in confidence and shall not use such information except for purposes of this Addendum, nor disclose such information to any person or persons outside of its organization. Moreover, Agent shall limit the disclosure of such information inside its organization to employees having a need to know who are subject to written obligations of confidentiality substantially similar to those contained herein. Furthermore, no information related to the TransUnion invoice(s), whether received from TransUnion or SUBSCRIBER, shall be copied or duplicated in any form or manner except as necessary to carry out the purpose of this Addendum.
11. All notices and correspondence required under the Addendum shall be sent to the Parties at the following addresses. Either party may change such name and address by notice to the other in accordance herewith. Any such change shall take effect immediately upon receipt of such notice.
TransUnion LLC |
| SunTrust Bank |
555 West Adams |
|
|
Chicago, IL 60661 |
|
|
Attn: General Counsel |
| Attn: |
|
|
|
First Marblehead Education Resources |
|
|
|
|
|
|
|
|
Attn: |
|
|
12. All terms of the MSA are incorporated into this Addendum and are expressly applicable to all orders and payments hereunder. In the event of a conflict between any of the terms of this Addendum and those of the MSA, the terms of this Addendum shall govern. The remaining terms of the MSA shall at all times remain in full force and effect.
13. This Addendum shall be coterminous with the MSA unless earlier terminated by SUBSCRIBER in accordance with the termination provisions contained in the MSA or by TransUnion upon written notice to SUBSCRIBER.
[Signatures appear on next page]
IN WITNESS WHEREOF, the parties, intending to be legally bound, have caused this Addendum to be executed by their duly authorized representatives as of the Effective Date.
TransUnion LLC |
| SunTrust Bank | ||
|
|
|
|
|
By: |
|
| By: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Name and Title of Signer |
|
| Name and Title of Signer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Date Signed |
|
| Date Signed |
|
|
|
|
|
|
|
|
|
|
First Marblehead Education Resources |
|
|
| |
|
|
|
|
|
By: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Name and Title of Signer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Date Signed |
|
|
|
Schedule A
Project Description: Student Loan Originations
All SUBSCRIBER orders placed hereunder shall be made under the following TransUnion Subscriber Code(s): .
Exhibit D
Schedule 1 Key Metrics Report
Schedule 2 Approved Collectors
Schedule 3 Default Collection Reports
Schedule 4 Approved Initial Vendors
Schedule 5 Settlement Authority
Schedule 1 to Exhibit D
Key Metrics Report
The report shall consist of aggregate program data and metrics and provide information in at least the following categories:
· Application metrics
· Configuration and submission rate
· Application status—pending configuration; submitted, unbooked; missing information; in review; awaiting certification; Approval Disclosure sent; Approval Disclosure accepted; closing; Final Disclosure sent
· Cosign rate
· Booking rate
· Cancellation rate
· Grade-level and degree-level breakout, if available
· Initial credit decisions
· Conditional approvals
· Declines and top decline reasons
· Applications Pending Review
· Counteroffers—Accept/Decline/Pending
· Approvals by acquisition channel and disbursement method
· Repayment option and repayment term distribution
Schedule 2 to Exhibit D
Approved Collectors
NCO Financials Systems, Inc.
Diversified Collection Services, Inc.
Collection Company of America
Simm Associates, Inc.
American Education Services
Estate Information Services, Inc.
Schedule 3 to Exhibit D
Default Collection Reports
On a monthly basis, FMC shall provide reports containing at least the following information:
· defaulted Loans
· balances and borrowers in each delinquency stage, including forbearance
· balances and borrowers entering repayment next month
· # of cures by type (re-enter deferment, forbearance, payment, etc.)
· # on loans on automatic payment
· flow rates by delinquency stage, compared to historical measures
· liquidation rate
· # of right party contacts made
Schedule 4 to Exhibit D
Approved Initial Vendors
1. Google
Cambridge, MA
Services: Online advertising tracking, optimization and analysis.
2. Interwoven
Sunnyvale, CA
Services: Content Management system provider
3. Center Partners
Fort Collins, CO
Services: Call center operations, including inbound customer service calls, outbound customer service calls, outbound telemarketing
4. JLS Mailing Services, Inc.
Brockton, MA
Services: Mail pick-up; folding and stuffing envelopes, mail processing, storage and management of fulfillment materials and supplies
5. National Student Clearinghouse
Herndon, VA
Services: student enrollment verification
6. Trans Union LLC
Chicago, IL
Services: Consumer reports, Total ID, fraud readiness
7. Nicholas Barone
Buffalo, NY
Graphic Designer: Brand, website, advertising and collateral design.
8. Patricia Lenz Bovie
Boston, MA
Copywriter: Copy for website, advertising and collateral materials
9. Matthew Mombrea
Buffalo, NY
Programmer: Programming work to build and update FMC Website
Schedule 5 to Exhibit D
Settlement Authority
FMER and Approved Collectors may offer a settlement of the Loan obligation in full for a payment of a percentage of the outstanding Loan balance, as follows:
Days Delinquent |
| Customer Contact Method |
| Cash Settlement Offer |
[**] |
|
| As low as [**]% | |
[**] |
| Settlement Letter |
| As low as [**]% |
[**] |
| Call Campaign |
| As low as [**]% |
[**] |
|
| As low as [**]% | |
[**] |
| Settlement Letter |
| As low as [**]% |
[**] |
| Call Campaign |
| As low as [**]% |
Communication of the settlement offer shall be to both the Borrower and Cosigner (where applicable).
Exhibit E
Schedule 1
School Sales Activity States
Each of FMC and SunTrust shall restrict in-person Eligible Institution sales activities for the Program as listed below:
SunTrust Sales States |
| FMC Sales States |
Florida |
| Arizona |
Georgia |
| Arkansas |
Maryland |
| California |
North Carolina |
| Connecticut |
Pennsylvania |
| Indiana |
South Carolina |
| Kansas |
Tennessee |
| Louisiana |
Virginia |
| Maine |
District of Columbia |
| Massachusetts |
|
| Michigan |
|
| Minnesota |
|
| Mississippi |
|
| Missouri |
|
| Nebraska |
|
| New Hampshire |
|
| New Jersey |
|
| Ohio |
|
| Oklahoma |
|
| Rhode Island |
|
| Vermont |
|
| West Virginia |
Schedule 2
Production Support Plan
The Program will be marketed by the FMC sales team directly to Eligible Institutions within the FMC Sales States. Within the FMC Sales States and in accordance with the terms of the Agreement, the FMC sales team will leverage various presentation materials to build awareness of the Program among financial aid officers, present the Program to Eligible Institutions, respond to requests for proposals and provide Eligible Institutions with regular updates about the Program, and will conduct the following activities to support the promotion of the student loan product:
· Onsite visits to targeted Eligible Institutions in the FMC Sales States
· Webinars to key Eligible Institutions who require application demonstrations or additional product training
· Attend and/or exhibit at state, regional and national conferences to support FMC Sales States product sales, including NASFAA
· Monthly email communications to Eligible Institutions in FMC Sales States to highlight product features, interest rate changes or pertinent information in the industry
· Provide training onsite or via webinar as requested by Eligible Institutions on subjects including but not limited to: the product, product processing, servicing, default management
· Conduct mailings to Eligible Institutions and potential Applicants in accordance with Sections 2.2.1 and 2.2.5 of the Agreement
In addition, FMC will provide students in FMC Sales States with collateral materials and a link to the FMC Website so they have easy access to get more information about the Program.
FMC will also market the program using open channel activities, including: geo-targeted online advertising, and possibly email and/or direct mail prior to future peak periods for customer retention purposes.
EXHIBIT F
Program Guidelines
TO BE ADOPTED PRIOR TO THE EFFECTIVE DATE
EXHIBIT G
SunTrust Service Marks
SunTrust
Custom Choice
EXHIBIT H
INSURANCE REQUIREMENTS
WORKERS’ COMPENSATION:
(A) | Workers’ Compensation: Statutorily Required | ||
(B) | Employer’s Liability: | ||
| (1) | Bodily Injury by Accident, for Each Accident: | $ [**] |
| (2) | Bodily Injury for Each Employee by Disease: | $ [**] |
| (3) | Policy Limit for Bodily Injury by Disease: | $ [**] |
COMMERCIAL GENERAL LIABILITY:
Written on a per occurrence basis to include coverage for: Broad Form Property Damage; Bodily Injury; Personal Injury; Blanket Contractual Liability; Products/Completed Operations. | ||
(A) | Combined Single Limit Per Occurrence: | $[**] |
(B) | General Aggregate: | $[**] |
(C) | Fire Legal Liability Per Occurrence: | $[**] |
(D) | Medical Expense Per Person per Occurrence: | $[**] |
SunTrust Banks, Inc., its subsidiaries, affiliate companies, its officers, directors and employees will be listed as additional insureds. FMC’s insurance will be primary and non-contributory. |
AUTOMOTIVE LIABILITY:
Such policy will include coverage for all vehicles owned, hired, non-hired, non-owned and borrowed by FMC in the performance of the Services covered by this Agreement. | |
Combined Single Limit: | $[**] |
UMBRELLA LIABILITY:
Combined Single Limit: | $[**] |
SunTrust Banks, Inc., its subsidiaries, affiliate companies, its officers, directors and employees will be listed as additional insureds. |
ERRORS & OMISSIONS LIABILITY (PROFESSIONAL LIABILITY):
Such policy will include coverage for actual or alleged breach of duty, act, error, and omission, misstatement, misleading statement or neglect in the rendering of or failure to render the Services under this Agreement. | |
Combined Single Limit: | $[**] |
FIDELITY BOND (CRIME INSURANCE):
Including blanket employee dishonesty: | $[**] |
CYBER / PRIVACY LIABILITY:
Such policy will include coverage for first and third party legal liability as a result of a physical privacy breach or breach of privacy regulations, as well as damages and claims for expenses arising out of computer attacks caused by security failures. $[**]
EXHIBIT I
FMC Privacy and Security Policies
First Marblehead Corporation
Information Security Policy
The reputation, business stability, and future growth of The First Marblehead Corporation, hereafter referred to as “First Marblehead” or “the Company”, are critically dependent on the way the Company manages and protects information and information systems that store and process borrower and business partner data. The Company has implemented this Policy to ensure that appropriate safeguards and controls to protect such data are established and maintained.
The Information Security Policy, hereafter referred to as “ISP” or “the Policy”, is a set of Information Security Standards designed to provide direction and to define an overarching data protection framework of fundamental objectives, values, and principles, which provides a basis for all other information protection directives.
Scope
This Policy applies to all First Marblehead employees, contractors, consultants, temporary workers, and business partners, hereafter referred to as “Workforce Members”, systems, applications, and Company assets. Compliance with this Policy and all other First Marblehead information protection directives is mandatory.
Exception Handling
Requests for an exception to this Policy must include a documented business justification that is approved by the Managing Director of the business unit and submitted to the Chief Risk Officer for review. The Chief Risk Officer will inform the approving department head of a decision within two business days of receiving the request.
Approvals
Policy Owners: | Bill Baumer, Managing Director and Chief Risk Officer |
| Mike Plunkett, Managing Director of Operations and Information Technology |
|
|
Effective Date: | June 21, 2010 |
Table of Contents
Acronyms & Definitions |
| 3 |
|
|
|
Acceptable Use of Electronic Resources and the Internet Standard |
| 5 |
|
|
|
Electronic Mail (E-Mail) Services Standard |
| 6 |
|
|
|
Physical Security Standard |
| 7 |
|
|
|
Proprietary Information Standard |
| 9 |
|
|
|
Personally Identifiable Information Protection Standard |
| 10 |
|
|
|
Servers, Laptops, Desktops Standard |
| 12 |
|
|
|
Encryption Standard |
| 14 |
|
|
|
Data Destruction Standard |
| 15 |
|
|
|
Authentication and Verification Standard |
| 21 |
|
|
|
Remote Access Standard |
| 23 |
|
|
|
Access Rights Standard |
| 25 |
|
|
|
Monitoring and Notification Standard |
| 26 |
|
|
|
Online Student Loan Application Access Standard |
| 28 |
|
|
|
Roles and Responsibilities Standard |
| 29 |
Acronyms & Definitions
Access Administrator - an authorized Workforce Member responsible for creating and managing system access accounts.
Application Owner - the application’s largest stakeholder, usually the owner of the primary business functions served by the application.
Auto- forward rule - setting up parameters in Microsoft Outlook to facilitate automated forwarding or redirection of any message, which matches specific characteristics, to another e-mail account.
Chain email or letter - email sent to successive people. Typically the body of the note has direction to send out multiple copies of the note and promises good luck or money if the direction is followed.
Data owner - person who can authorize or deny access to certain data and is responsible for its accuracy, integrity, and timeliness.
Email - the electronic transmission of information through a mail protocol such as SMTP or IMAP.
Encryption - process of making data unreadable except to those who have a way to decrypt it using a special process, usually referred to as a key.
Intellectual Property - includes, but is not limited to, inventions, improvements, discoveries, methods, developments, software, and works of authorship, whether patentable, trademarkable, copyrightable or not, which are created, made, conceived or reduced to practice by an employee during employment with First Marblehead, whether or not during normal working hours or on the premises of First Marblehead. For the purposes of this Standard, “Intellectual Property” does not include anything which does not relate to the business or research and development conducted or planned to be conducted by First Marblehead at the time it is created, made, conceived or reduced to practice and which is created, made, conceived or reduced to practice by the employee not during normal working hours, not on First Marblehead’s premises and not using First Marblehead’s tools, devices, equipment or Proprietary Information.
Malware - software of malicious intent/impact such as viruses, worms, and spyware.
Personally Identifiable Information (PII) - information that can be used to uniquely identify, contact, or locate, a person or can be used with other sources to uniquely identify a single individual.
Proprietary Information - includes, but is not limited to, Intellectual Property, client lists, client account and financial information, First Marblehead financial information, marketing and sales information, systems, software, databases, processes, research data and PII owned or maintained by First Marblehead.
Sensitive Information, includes:
· Confidential information - data for which unauthorized disclosure, access, modification, or destruction, whether the result of inadvertent or deliberate actions, could have a significant financial impact to a large number of First Marblehead employees, business partners, or the corporation as a whole. Confidential assets are distinguishable from internal assets in both the size (e.g., total cost) and scope (e.g., number of business units affected) of the potential impact.
· Restricted information - assets for which unauthorized disclosure, access, modification, or destruction, whether the result of inadvertent or deliberate actions, could have legal, statutory, or regulatory repercussions.
1. Personal Identifiable Information (see PII standard for further definition)
2. Corporate earnings information prior to public release, stock or transaction information covered by Securities and Exchange Commission regulations
Spam - unauthorized and/or unsolicited electronic mass mailings.
Supporting Infrastructure - a set of hardware and software designated for process and data management.
Unauthorized Disclosure - the intentional or unintentional revealing of Sensitive Information to people, both inside and outside the Company, who do not have a need to know that information.
Acceptable Use of Electronic Resources and the Internet Standard
Scope and Objective
The purpose of this standard is to outline the acceptable use of electronic resources and the Internet in order to protect First Marblehead Workforce Members and the Company against virus attacks, compromise of information systems and services, and legal issues.
Requirements
1. Workforce Members should have no expectation of privacy when using First Marblehead information systems.
a. All user system activity is subject to logging, monitoring, and subsequent analysis.
b. At any time and without prior notice, First Marblehead management reserves the right to examine electronic messages and files as well as the Internet, phone or other activity logged on Company systems.
2. First Marblehead reserves the right to block access to any websites that management considers to be objectionable or clearly non-business related in nature.
3. Workforce Members are legally responsible for their Internet, blog and social network postings and may be subject to liability if contents are found to be defamatory, harassing, or in violation of any applicable law.
4. Downloading of large files and use of video and audio streaming are resource intensive, and should be limited to business related purposes.
5. Workforce Members shall not engage in illegal, malicious, or inappropriate activities utilizing Company resources.
6. Workforce Members shall be responsible for all activity performed under assigned system accounts and shall take all reasonable steps to protect them.
7. Passwords shall never be shared or left in a place where unauthorized persons might discover them.
8. Workforce Members shall not scan, test, or probe for vulnerabilities, attempt to exploit known vulnerabilities, or circumvent security controls applied on First Marblehead computer systems or networks, unless authorized by the Chief Risk Officer and the Managing Director of Operations and Information Technology.
Electronic Mail (E-mail) Services Standard
Scope and Objective
The purpose of this standard is to outline the appropriate use of e-mail.
Requirements
1. Electronic mail (e-mail) services are available to First Marblehead Workforce Members to facilitate business communication consistent with First Marblehead’s business goals, Code of Conduct and Employee Handbook guidelines.
2. First Marblehead e-mail services shall be provided only during active employment or contract with First Marblehead and shall be removed upon termination of the employment or the contract with the Company.
3. E-mail encryption shall be used when sending messages containing Sensitive Information to external parties.
4. All in-bound e-mail shall be checked for viruses.
5. Group e-mail accounts and distribution lists available in the Global Address List (GAL) shall be created per formal approval from a Director or above.
a. An owner shall be assigned to every group mailbox or distribution list. The owner shall be responsible for:
i. Performing periodic access reviews
ii. Managing and archiving messages as needed.
iii. Notifying email service administrators when the account or the distribution list is no longer needed.
6. Examples of prohibited uses of e-mail services, include, but are not limited to:
a. Sending any Company owned data to personal e-mail addresses or any other unauthorized recipient(s).
b. Setting up auto-forward rules to non-First Marblehead e-mail addresses.
c. Downloading or storing personal storage table (.pst) files on local or external hard drives.
d. Intentional and unauthorized access to other users’ e-mail.
e. Creating or using a false or alias e-mail address in order to impersonate another user or send fraudulent communications.
f. Use of First Marblehead’s electronic address book for solicitation of business, donations, commercial activities or personal gain.
g. Use of e-mail for political or lobbying activities.
h. Sending “spam”, chain letters, or any other type of widespread distribution of unsolicited mail, including offensive or abusive messages.
i. Use of e-mail to transmit materials in a manner which violates copyright laws.
j. Sending messages that constitute violations of First Marblehead’s Code of Conduct.
Physical Security Standard
Scope and Objective
The purpose of this standard is to protect First Marblehead’s electronic information systems, as well as related buildings and equipment from an unauthorized intrusion.
Requirements
1. While on First Marblehead’s premises, all First Marblehead Workforce Members shall wear an identification badge with a clearly visible picture, Company name, Workforce Member’s first and last name:
a. A one-day temporary badge shall be issued to those who forgot their identification badge upon positive verification of a valid picture identification document and a confirmation of employment.
2. Workforce Members shall not permit unknown or unauthorized persons to follow them through doors, gates, or other entrances to restricted areas.
3. Workforce Members shall not attempt to enter restricted areas for which they have not received access authorization.
4. Access to Company facilities, including offices, computer rooms, and work areas containing Sensitive Information, shall be restricted to Workforce Members and appropriately escorted visitors.
5. Handling and processing of Sensitive Information shall take place in work areas that are physically secured and protected against unauthorized access, interference, and damage.
Building Security
1. A Security ID badge is required for access to First Marblehead buildings.
2. All physical security access rights and access codes shall be promptly terminated or changed at the time that a Workforce Member ceases to provide services to First Marblehead.
3. After hours building access shall be approved by the hiring manager.
4. Access to departments processing Sensitive Information shall be restricted based on job role.
5. Access to each facility shall be reviewed quarterly by the Director of Facilities Management.
Visitors
1. Visitors shall be issued a one-day pass, and are required to sign-in and be escorted by a First Marblehead employee during their visit on Company premises.
2. Visitors shall be required to sign out upon completion of their visit and shall be escorted off of Company premises by a First Marblehead employee.
3. Outside vendors (such as janitorial or maintenance personnel) shall have limited access to First Marblehead premises and shall always be supervised while in work areas containing Sensitive Information.
Secure and Clean Workspace
1. Papers or data storage media that may contain Sensitive Information shall be locked in cabinets when left unattended.
2. Laptops shall be locked into docking stations with the key stored in a safe place when left unattended.
3. All printers, copiers, and fax machines shall be located in physically secured areas.
4. Sensitive Information shall not be left on fax machines or printers.
5. Documents containing Sensitive Information shall be discarded in provided shred bins and shall not be thrown away in the regular trash cans or blue recycle bins.
6. Department managers shall periodically inspect their work area(s) to ensure that Sensitive Information is not left unattended. Violations shall be documented and addressed.
Proprietary Information Standard
Scope and Objective
The purpose of this standard is to define guidelines for protecting First Marblehead’s Proprietary Information from unauthorized release or disclosure.
Proprietary Information includes, but is not limited to, Intellectual Property, or any work product that is relevant to the business or research and development conducted or planned to be conducted by First Marblehead, which is created, made, conceived or reduced to practice by a Workforce Member during employment with First Marblehead, whether or not during normal working hours or on the premises of First Marblehead, to be the exclusive property of First Marblehead. The Company considers any Proprietary Information to be the exclusive property of First Marblehead.
Requirements
1. All Workforce Members shall sign a First Marblehead non-disclosure agreement and receive Information Security training before starting work at First Marblehead.
2. The use of First Marblehead Proprietary Information for anything other than its designated business purposes is strictly prohibited and may result in disciplinary action consistent with the severity of the violation.
3. First Marblehead’s Proprietary Information shall not be sold or otherwise transferred to any non-First Marblehead party for any purposes other than the business purposes expressly authorized by First Marblehead management as set forth in an agreement drafted by Corporate Law.
4. Proprietary Information shall not be downloaded from First Marblehead data storing and processing systems to a personal computer or a workstation unless a clear business need exists and advance permission has been obtained from the Data Owner in consultation with Corporate Law and/or the Chief Risk Officer, where appropriate.
5. Security controls shall be consistent with the sensitivity and value of each Proprietary Information material or data element.
6. Workforce Members shall consult with Corporate Law before:
a. Discussing First Marblehead’s Proprietary Information with, or disclosing such information to, third parties, including consultants, customers and vendors.
b. Permitting third parties to use First Marblehead’s Proprietary Information.
c. Contacting anyone suspected of infringing any First Marblehead Proprietary Information rights.
Personally Identifiable Information Protection Standard
Scope and Objective
The purpose of this standard is to protect Personally Identifiable Information (PII) stored on First Marblehead systems and applications from unauthorized release or disclosure and to define standards for ensuring the security and confidentiality of such data.
Requirements
1. An individual’s name (Last Name with First Name or First Name initial) in combination with one of the following data elements shall be considered Personally Identifiable Information and must be stored and protected in a manner consistent with this standard:
a. Social Security Number (SSN) or Tax ID
b. Date of Birth or Death
c. Drivers License Number(s) or State ID
d. Passport Number
e. Bank and Financial Account Number(s)
f. Credit Card Number(s)
g. Income or Other Financial Information
h. Loan Number(s)
i. Account Passwords or PIN codes
j. Credit History
k. Digitized Signatures
l. Full Face Photographic Images
2. PII shall only be collected where necessary and as required to meet a business need.
3. All Workforce Members authorized to access PII data must only use the data for the intended purposes for which it was collected and/or stored.
4. PII shall not be transferred outside of First Marblehead, unless has been approved by the Data Owner and the Chief Risk Officer and the receiving entity has confirmed that adequate safeguarding controls are in place.
5. All requests (verbal or written) for PII of an employee or a borrower shall indicate the intended use and shall be for legitimate purposes only.
6. Provisions for use of Social Security Numbers (SSN):
a. Account numbers shall not be based on the borrower’s SSN, including truncated versions of the social security number.
b. Loan identification numbers shall be used whenever possible and in lieu of an SSN.
c. SSN shall be blanked out / redacted from any requested document or file, when the SSN is not relevant to the request.
7. Electronic communication and transfer of PII shall be conducted in a secure manner.
8. PII must be safeguarded at all times and in all formats/media both at rest and in transit.
9. Data owners shall ensure effectiveness of security controls put in place to safeguard PII under their control.
10. PII shall be kept no longer than is required by a business need or applicable state and federal law.
11. PII shall not be stored on local hard drives or portable storage devices (CDs, external hard drives, thumb drives, etc), unless approved by the Chief Risk Officer and encrypted.
12. PII shall not be transferred to a country or territory outside the United States of America, unless approved by the Chief Risk Officer.
13. Use of PII is strictly prohibited in testing, training, and presentation reports or marketing materials, unless that data is de-identified by: removing, masking, or transforming key data elements that could be used to reconstruct a record.
a. In the event that an exception is granted by the Chief Risk Officer to allow PII to be used for testing purposes in a non-production environment, the following data safeguarding controls must be met:
i. Both logical and physical access to PII data shall be restricted.
ii. Electronic access shall be limited to authorized individuals only and shall be consistent with job role and responsibility.
iii. Back up tapes shall be appropriately secured.
iv. Data safeguarding controls shall be periodically tested for operating effectiveness; deficiencies must be reported and remedied.
14. Any Workforce Member, who has substantially breached the confidentiality of PII, may be subject to disciplinary action, up to employment termination.
Servers, Laptops, Desktops Standard
Scope and Objective
The purpose of this standard is to minimize the risk of loss or exposure of Sensitive Information stored and maintained by First Marblehead and to reduce the risk of corrupted computers being used by the Company.
Requirements
1. Workforce Members shall not connect non-First Marblehead owned PCs, PC peripherals (e.g., including, but not limited to, external hard drives, phones, and cameras), or PC software to the First Marblehead network without the formal approval of the Chief Risk Officer.
2. Workforce Members who are provided with a Company owned laptop and/or personal digital assistant (PDA) are responsible for taking reasonable steps to safeguard these assets.
3. Workforce Members shall never disable any security software including virus scanning software, change operating system configurations, upgrade existing or install new operating systems, or modify security controls on any First Marblehead owned PC or network server.
4. Workforce Members shall not test, circumvent, or attempt to compromise any information security mechanisms unless specifically authorized in writing by the Chief Risk Officer and the Managing Director of Operations and Information Technology.
5. Workforce Members shall either log off or use the Windows “Lock Computer” function prior to leaving their workstation or a server that they are logged in to.
6. No new software shall to be installed on any First Marblehead owned computer equipment without the formal approvals of the Chief Risk Officer and the Managing Director of Information Technology.
7. Making unauthorized copies of First Marblehead licensed and copyrighted software, including for “evaluation” purposes, is forbidden.
Securing Computing Devices
1. All computer equipment shall be marked with identification information that clearly indicates that it is property of First Marblehead.
2. An up-to-date inventory list of computer equipment shall be maintained and approved by Information Technology Management.
3. All laptops and desktops shall be physically secured.
4. All Company owned servers shall be controlled, configured and centrally administered by IT.
5. All PCs and servers shall be password protected.
6. Systems shall be configured to lock after [**] ([**]) minutes of inactivity.
7. All PCs and servers shall have anti-virus software installed and enabled. Virus definition files shall be current and updated centrally.
8. Access rights to install, configure or disable software and hardware settings on any First Marblehead owned machine shall be limited to authorized personnel only.
9. CD/DVD RW drives, USB and FireWire ports, Bluetooth, Wi-Fi and IrDA shall be disabled.
10. Servers shall be configured in accordance with the Information Technology Server Build Standard.
11. Trusted host features shall be disabled on publicly accessible servers.
12. Publicly accessible servers shall be placed on a separate, isolated sub-network. A firewall shall be used to manage connectivity to subnets.
13. Use of wireless network devices to access First Marblehead’s network is strictly prohibited.
14. Publicly accessible servers shall be configured to suppress system identifiable information, for example, operating system, patch level, etc. This shall include deploying [**] for web applications.
Computer Viruses and Malware
1. All externally supplied removable storage media, computer-readable files, software programs, databases, word processing documents, and spreadsheets shall be subjected to a virus checking process.
2. Workforce Members shall not intentionally write, compile, copy, propagate, execute, or attempt to introduce any computer code designed to self-replicate, damage, or otherwise hinder the performance of First Marblehead’s computer systems.
3. Workforce Members are required to physically disconnect their machine from the network and report the issue to the Help Desk immediately, if there is a suspicion of a virus.
4. Workforce Members shall not attempt to eradicate a virus without expert assistance.
Visitors:
1. Laptops owned by third party service providers or visitors shall be inspected to confirm that anti-virus software is in place and up to date prior to connecting to the First Marblehead network.
Encryption Standard
Scope and Objective
The purpose of this standard is to define encryption guidelines for protection of sensitive Company, client, and borrower data.
Requirements
1. The Company strictly prohibits encryption of First Marblehead data, except for the following:
a. Electronic transfer of Sensitive Information between First Marblehead and an external party shall always be encrypted.
i. E-mails containing Sensitive Information, either in the body or in the attachments, must be encrypted prior to being sent to an external recipient.
1. If data must be sent routinely to an external party, a job shall be scheduled through Job Scheduling to encrypt and automate the data transfer.
b. Removable media including all First Marblehead owned laptops, back-up tapes, and portable storage devices shall be encrypted using a Company approved encryption solution.
i. If encryption is not feasible, compensating controls shall be applied to ensure integrity and confidentiality of such data. Examples include:
1. Use of only Company approved removable media devices.
2. Password protection.
3. Encryption of the file using Company provided file encryption software.
2. Electronic communication and transfer of Sensitive Information over public networks shall be encrypted.
3. Encryption key management servers shall be centrally managed by Information Technology. The encryption mechanism shall require the following:
a. Encryption keys shall be backed-up and stored with security measures comparable to or more stringent than measures applied to the involved data.
b. Cryptosystem key length shall be at least [**] bits.
c. Keys in storage and transit shall be encrypted.
d. Keys for encrypting key management servers shall be stored separately from keys used for encrypting/decrypting data.
Data Destruction Standard
Scope and Objective
The purpose of this standard is to provide guidelines for the secure and appropriate destruction of data.
Requirements
1. All information technology hardware assets used to process or store Sensitive Information, such as employee or customer personal data, strategic business plans, sensitive legal issues, and other information that could, if released to unauthorized persons, cause serious harm to First Marblehead, that are no longer needed for business purposes must be disposed of using a process that meets or exceeds the Department of Defense (DoD) Standard 5220.22-M for data sanitization and must be performed by an assigned and authorized First Marblehead employee or an approved third party provider specializing in this service.
2. Information on First Marblehead owned information technology hardware assets, including but not limited to computers, hard drives, PDAs, fax machines, network communications equipment, CDs, external storage devices, diskettes, and magnetic tapes used to process or store data, shall meet all data retention requirements before disposal may occur.
3. Whenever licensed software is resident on any computer media being sold, transferred, or otherwise disposed of, the terms of the license agreement shall be followed.
4. Each sanitization process shall be certified and a record maintained as specified by First Marblehead’s records retention schedule:
a. A verifiable chain of custody, which can trace the assets from the time they left First Marblehead control through the time it is certified that all data has been rendered irretrievable through any recovery process, shall be retained as specified by First Marblehead records retention schedule.
Sanitization Types
Method |
| Description |
|
|
|
Disposal |
| Disposal is the act of discarding media with no other sanitization considerations. This is most often done by paper recycling containing non-confidential information but may also include other media. |
|
|
|
Clearing |
| Clearing information is a level of media sanitization that would protect the confidentiality of information against a robust keyboard attack. Simple deletion of items would not suffice for clearing. Clearing must not allow information to be retrieved by data, disk, or file recovery utilities. It must be resistant to keystroke recovery attempts executed from standard input devices and from data scavenging tools. For example, overwriting is an acceptable method for clearing media. The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for media that are damaged or not writeable. The media type and size may also influence whether overwriting is a suitable sanitization method. |
|
|
|
Purging |
| Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack. For some media, clearing media would not suffice for purging. However, for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged. |
Destroying |
| Destruction of media is the ultimate form of sanitization. After media are destroyed, they cannot be reused as originally intended. Physical destruction can be accomplished using a variety of methods, including disintegration, incineration, pulverizing, shredding, and melting. · Disintegration, Incineration, Pulverization, and Melting. These sanitization methods are designed to completely destroy the media. · Shredding. Paper shredders can be used to destroy flexible media such as diskettes once the media are physically removed from their outer containers. The shred size of the refuse should be small enough that there is reasonable assurance in proportion to the data confidentiality level that the information cannot be reconstructed. Optical mass storage media, including compact disks (CD, CD-RW, CD-R, CD-ROM), optical disks (DVD), and magneto-optic (MO) disks must be destroyed by pulverizing, crosscut shredding or burning.
Destruction of media should be conducted only by trained and authorized personnel. Safety, hazmat, and special disposition needs should be identified and addressed prior to conducting any media destruction. |
Media Sanitization Decision Matrix
Media Type |
| Clear |
| Purge |
| Physical Destruction |
Hard Copy Storages |
|
|
|
|
|
|
Paper and microforms |
| [**] |
| [**] |
| · [**] |
Hand-Held Devices |
|
|
|
|
|
|
Cell Phones |
| [**] |
| [**] |
| · [**] |
Personal Digital Assistant (PDA) |
| [**] |
| [**] |
| · [**] |
Networking Devices |
|
|
|
|
|
|
Routers |
| [**] |
| [**] |
| · [**] |
Equipment |
|
|
|
|
|
|
Copy Machines |
| [**] |
| [**] |
| · [**] |
Fax Machines |
| [**] |
| [**] |
| · [**] |
Magnetic Disks |
|
|
|
|
|
|
Reel and Cassette Format Magnetic Tapes |
| [**] |
| [**] |
| · [**] |
Optical Disks |
|
|
|
|
|
|
CDs |
| [**] |
| [**] |
| [**] |
DVDs |
| [**] |
| [**] |
| [**] |
Memory |
|
|
|
|
|
|
Compact Flash Drives, SD |
| [**] |
| [**] |
| [**] |
Dynamic Random Access Memory (DRAM) |
| [**] |
| [**] |
| · [**] |
Electronically Alterable PROM (EAPROM) |
| [**] |
| [**] |
| · [**] |
Electronically Erasable PROM (EEPROM) |
| [**] |
| [**] |
| [**] |
Erasable Programmable ROM (EPROM) |
| [**] |
| [**] |
| · [**] |
Field Programmable Gate Array (FPGA) Devices (Non-Volatile) |
| [**] |
| [**] |
| [**] |
Media Sanitization Decision Matrix
Media Type |
| Clear |
| Purge |
| Physical Destruction |
Field Programmable Gate Array (FPGA) Devices (Volatile) |
| [**] |
| [**] |
| [**] |
Flash Cards |
| [**] |
| [**] |
| [**] |
Flash Cards (FEPROM) |
| [**] |
| [**] |
| · [**] |
Magnetic Bubble Memory |
| [**] |
| [**] |
| [**] |
Magnetic Core Memory |
| [**] |
| · [**] |
| [**] |
Non Volatile RAM (NOVRAM) |
| [**] |
| [**] |
| [**] |
PC Cards or Personal Computer Memory Card International Association (PCMCIA) Cards |
| [**] |
| [**] |
| [**] |
Programmable ROM (PROM) |
| [**] |
| [**] |
| [**] |
RAM |
| [**] |
| [**] |
| [**] |
ROM |
| [**] |
| [**] |
| [**] |
USB Removable Media (Pen Drives, Thumb Drives, Flash Drives, Memory Sticks) without Hard Drives |
| [**] |
| [**] |
| [**] |
Smart Cards |
| [**] |
| [**] |
| [**] |
Magnetic Cards |
|
|
|
|
|
|
Magnetic Cards |
| [**] |
| [**] |
| · [**] |
Authentication and Verification Standard
Scope and Objective
The purpose of this standard is to establish authentication requirements for verification of user identity and associated access privileges.
Requirements
1. Workforce Members shall be responsible for all activity performed with their personal access account, also known as User ID, and shall take all reasonable steps to protect it.
2. Account passwords shall never be written down and left in a place where unauthorized persons might discover them.
3. Workforce Members shall never reveal or share their account password(s):
a. Technical support personnel shall never ask for account passwords, unless there is a system limitation requiring such personnel to simulate user experience while troubleshooting an issue.
4. Account passwords must be immediately changed if suspected or known to have been compromised.
System Authentication
1. All Workforce Members authorized to access Company systems and applications shall verify themselves via an assigned account and self- selected password.
2. A multi-factor authentication methodology shall be employed for remote access to the network.
3. First Marblehead systems shall be configured to:
a. Display a network login banner.
b. Not indicate the specific cause of failed login.
Accounts
1. Each access account, including resource or service accounts, shall uniquely identify only one user and have an assigned owner.
2. Vendor supplied default accounts shall be removed, disabled, or renamed prior to using the software in production environment.
3. Service or resource accounts required to run a system process shall be configured to prevent interactive logon where technically feasible.
4. All access accounts created for non-First Marblehead employees shall have a specified expiration date, with a default expiration of [**] days where the actual expiration date is unknown.
a. Managers are required to promptly notify the Help Desk when access to First Marblehead resources is no longer needed.
5. Access accounts, defined in systems and applications, containing Sensitive Information including access provision systems, shall be:
a. Disabled if inactive over [**] days.
b. Deleted if remained disabled for over [**] days.
Passwords
1. First Marblehead systems shall be configured to require the following strong password requirements:
a. Minimum password length shall be [**] characters.
b. Passwords shall contain at least [**] of the following complexity requirements:
i. Alpha character.
ii. Numeric character.
iii. One special character.
iv. Upper case character.
c. Passwords shall expire after [**] days.
d. Password history shall be retained for past [**] passwords.
e. [**] consecutive incorrect passwords shall result in disabling the account.
f. Passwords shall not be displayed in clear text.
2. Default passwords shall expire upon first login, requiring Workforce Members to select their own password.
3. All vendor supplied default passwords shall be reset prior to using the software in production environment.
4. Passwords must always be encrypted when held in storage or when transmitted over public network.
5. Passwords shall never be hard-coded into software code or macros, batch files, or automatic logon scripts.
6. All passwords on critical systems must be immediately changed if a privileged resource or user account has been compromised.
Remote Access Standard
Scope and Objective
The purpose of this standard is to define guidelines for requesting authorization for remote access to First Marblehead network or e-mail and for establishing remote access sessions.
Requirements
1. A Security Authorization Form shall be submitted for approval to Corporate Information Security for access to the Virtual Private Network, hereafter referred to as “remote network access” or “VPN”, or Outlook Web access, hereafter referred to as “web e-mail” or “OWA.”
2. VPN or OWA access to shall be restricted based on job role and least required access principles.
3. The remote access user bears the responsibility for the consequences should the access be misused to violate any First Marblehead policies, perform illegal activity or be used for outside of business interests.
a. At no time shall remote access users share their login name, password, remote access token or token code; remote access users shall always protect this information.
4. Workforce Members with VPN access privileges shall not use non-First Marblehead e-mail accounts, equipment or other external resources to conduct First Marblehead business.
5. Non-employees approved for VPN remote access shall be restricted via the VPN device to only specific resources required to perform tasks identified in an approved Statement of Work.
6. While remotely accessing First Marblehead’s network, all Workforce Members must understand that their machines are a de facto extension of First Marblehead’s network, and as such are subject to the same rules and regulations that apply to First Marblehead-owned equipment and acceptable use standards, i.e., their machines and expected conduct must adhere to the Information Security Policy and the Code of Conduct requirements.
7. A VPN session shall be automatically terminated after [**] minutes of inactivity. The user must re-authenticate again to reconnect to the network. Pings or other artificial network processes are not to be used to keep the connection open.
8. Exceptions to the aforementioned full remote network access requirements must be approved jointly by the Chief Risk Officer and the Managing Director of Operations and Information Technology.
System Requirements
1. VPN access shall require the use of a First Marblehead owned laptop.
2. All in-bound access shall employ [**]-factor user authentication with at least [**] of the factors not subject to replay.
3. Resource computer system IDs shall not be used in remote access to First Marblehead systems.
4. Secure communication over networks shall always be enforced.
5. Split-tunneling or dual homing is not permitted at any time.
6. The VPN concentrator shall be limited to an absolute connection time of [**] hours.
7. All computers remotely connected to the First Marblehead network, must have up-to-date anti-virus signatures and security patches, and configured personal firewall when remotely connected to First Marblehead network.
8. Remote access to First Marblehead systems shall adhere to the following access and authentication standards:
a. Authentication and Verification Standard
b. Access Rights Standard
c. Encryption Standard
9. VPN device shall provide an audit log.
Access Rights Standard
Scope and Objective
The purpose of this standard is to define guidelines for access request, authorization, and validation.
Requirements
1. Access to systems, applications and data shall be restricted based on job role, and adhere to the principle of least privileged access — access granted is the minimum level required for a user to perform assigned job responsibilities.
2. Access shall be granted by designated Access Administrator(s) upon receiving a complete and approved Security Authorization Form from the application owner.
3. Access to First Marblehead information systems shall be promptly disabled at the time that a Workforce Member ceases to provide services to First Marblehead.
4. Access privileges enabling a Workforce Member to access the files, computers, or applications of other users, shall be restricted only to those who are directly responsible for system administration and support or are required to work on internal investigations per approval from the Chief Risk Officer:
a. Violations and misuse of system administrative access privileges will result in disciplinary actions commensurate with the severity of the incident, up to and including termination of employment or contracts, in some case without benefit of a warning, as well as possible criminal or civil penalties.
5. First Marblehead’s system, application, or file access control permissions must be set to a default that blocks access for unauthorized users.
6. All Application Owners shall validate effectiveness of application/data security controls at least [**], or in accordance with the Business Unit Risk Matrix guidelines:
a. Application authentication requirements are consistent with the “Authentication and Verification Standard” of the Information Security Policy.
b. Administrative access to the application(s) is restricted to authorized personnel only.
c. All accounts of terminated employees have been removed.
d. Active accounts shall be consistent with users’ role and responsibility:
i. Maintain a table for access rights/profiles for each job level.
ii. Segregate duties to prevent conflict of interest:
a. Requestors shall not approve requests.
b. Approvers shall not administer access.
c. Administrators shall only process but not approve requests for access.
iii. Confirm that all accounts of terminated employees have been disabled.
iv. Validate formal approval for each system/application user.
v. Access to Supporting Infrastructure has been restricted to authorized personnel only.
vi. Validate appropriateness of access to system/application/shared drives/mailboxes.
e. Review event logs for inappropriate activity.
Monitoring and Notification Standard
Scope and Objective
The purpose of this standard is to define system monitoring and notification requirements.
Requirements
1. First Marblehead reserves the right to monitor system and user activities at any time and without prior notice.
2. Workforce Members have a duty to report all information security violations (e.g. unauthorized activity, including but not limited to loss of or changes to computerized production data and questionable usage of files, databases, communications networks or compromised passwords), and suspected or confirmed information security problems and vulnerabilities to Corporate Information Security by either contacting the Director of Information Security or emailing informationsecurity@fmd.com immediately so that appropriate action is taken in a timely manner.
3. Workforce Members shall never attempt to interfere with, prevent, obstruct, or dissuade a staff member in his/her efforts to report a suspected information security problem or violation, or retaliate against an individual reporting or investigating information security problems or violations.
4. Decisions involving any contact with law enforcement or other external parties regarding information security incidents or problems shall be made by Chief Risk Officer.
5. All production systems and applications must log all pertinent system and account events in real-time, including, but not limited to:
a. Access to systems and applications.
b. Failed authentication attempts.
c. Failed attempts to access system and application resources.
d. Privileged account activity:
i. System or application administrator activity.
ii. Change of system or application records.
iii. Changes to standard business transactions.
iv. Changes to systems, applications, and files.
v. Data import and export events.
vi. Increase or decrease of various security events.
e. Logs must include at a minimum:
i. Event type.
ii. Account name.
iii. System time stamp.
iv. Event success or failure.
v. Source and Destination identification attributes.
f. Logs of computer security-relevant events must provide sufficient data to support comprehensive audits on the effectiveness of and compliance with security measures.
g. Log files shall be protected from any changes and shall be viewed only by authorized personnel on a need to know basis.
h. Log files shall not be overwritten or deleted until they have been backed up to off-line media.
i. Log files shall be retained in accordance with the Corporate Records Retention Schedule.
6. Existing applications or systems that cannot comply with data object access logging requirements, due to technical limitations or prohibitive costs related to making the application or system compliant, shall be exempt from this standard. Applications or systems that cannot comply with this standard are required to document the reasons for non-compliance. In addition, to reduce the risk associated with non-compliance, adequate compensating controls must be documented and implemented.
Online Student Loan Application Access Standard
Scope and Objective
The purpose of this standard is to define authentication requirements for online loan application access.
Requirements
1. Applicant User IDs must be set to expire [**] months from the time they are established and be renewable in [**] months intervals.
2. A multifactor authentication shall be employed on loan application processing websites, and consist of the following: :
a. [**].
b. [**].
And
i. [**].
Or,
ii. [**].
3. All fixed password resets or changes shall be promptly confirmed by [**] to a [**] so that the authorized user can readily detect and report any fraudulent or abusive behavior:
a. A loan applicant shall not be able to retrieve his/her password. The system shall prompt the loan applicant to submit his/her User ID and answer [**] previously defined questions. A one time personal identification number (PIN) shall be sent via [**] to a [**] for a one time use.
Roles and Responsibilities Standard
Scope and Objective
The purpose of this standard is to define the roles and responsibilities of Workforce Members with regard to the protection of First Marblehead information and information systems.
Requirements
1. All First Marblehead Workforce Members shall:
a. Complete Information Security Policy training and acknowledgement.
b. Adhere to the Information Security Policy.
c. Respect and protect Company provided electronic resources and data.
2. Human Resources is responsible for supporting Company compliance with the Information Security Policy, including completion of the following:
a. All First Marblehead Workforce Members shall personally sign a First Marblehead non-disclosure agreement before starting work with First Marblehead.
b. All Workforce Members must pass a background check that includes examination of criminal conviction records, lawsuit records, credit bureau records, driver’s license records, and verification of previous employment:
i. Background Investigations may include, but are not limited to, the following:
1. Review of Credit Report
2. Review of civil litigation
3. Review of criminal history (SORI- Sex Offender Registry Information)
4. Verification of previous employment
5. Verification of education
3. Business Unit Leaders are responsible for working with Corporate Information Security to ensure adequate controls are in place to safeguard data relied upon in order to perform a specific business function. This includes, but is not limited to:
a. Appointing a qualified Workforce Member(s) to the role of an Application Owner.
b. Maintaining an access entitlement matrix based upon defined job roles.
c. Establishing adequate system security controls and performing periodic testing of design and effectiveness.
d. Inventorying data assets under their management.
e. Ensuring Workforce Members under their management complete required Information Security Policy training and (re)certification of acknowledgement.
f. Collaborating with Information Technology to ensure data is securely stored, backed up, transmitted and received using adequate security controls.
g. Enforcing compliance with the Information Security Policy for all resources under their management.
h. Reporting Information Security Policy violations to Corporate Information Security.
i. Enforcing the Secure and Clean workspace provision of the Physical Security Standard within the supervised work area.
4. Application Owner is the individual who has been assigned the ultimate responsibility for a system because he/she is responsible for the primary business functions served by the system. The responsibilities of this role include, but are not limited to:
a. Defining the scope and strategic objectives of the system.
b. Understanding the overall purpose and sufficient details of the system.
c. Approving access requests to the system.
d. Ensuring appropriate support, maintenance, and problem resolution as it pertains to the security, availability, and integrity of the data stored in that system.
e. Coordinating system enhancements, and providing final approval for the implementation of all changes to the system.
f. Ensuring adequate level of documentation exists on how the system supports business processes and controls.
g. Responding to Internal Audit requests and mitigating audit findings or self-discovered system weaknesses.
h. Collaborating with Information Technology and GRC on creating business resumption and disaster recovery plans.
i. Validating effectiveness of system security controls.
5. Corporate Information Security (CIS) is responsible for creating and maintaining the Information Security Program to ensure that adequate controls exist to safeguard Company systems and data against unauthorized access, disclosure, modification and/or destruction. This includes, but is not limited to:
a. Documenting and maintaining Information Security Policy (ISP).
b. Revising the ISP based on new or amended regulations and Company needs.
c. Communicating and providing ISP awareness training to Workforce Members.
d. Monitoring compliance with the ISP using security appliances and systems.
e. Approving exceptions to the ISP and maintaining policy exception tracking and reporting.
f. Maintaining a catalog of authorized monitoring practices and ad hoc monitoring reports.
g. Performing risk assessments.
h. Designing, implementing, and testing security controls.
i. Defining and documenting security needs for the Company.
j. Updating management on Company’s compliance with the ISP.
k. Providing guidance on current government regulations and articulating them into actionable requirements.
l. Collaborating with Information Technology (IT) to identify gaps between security needs and current technologies.
m. Working with Information Technology to prioritize security projects.
n. Monitoring and responding to ISP related exception reporting (e.g. functional alerts and quarantines).
o. Researching exceptions within the environment.
p. Assisting in the functional testing of appliances and systems at the time of new implementations, upgrades or policy/configuration changes.
q. Functioning as the primary point of contact with the business units for matters related to the functional operation of appliances and systems.
r. Functioning as the primary point of contact and manager for incident response.
s. Reviewing third party service provider security controls.
6. Information Technology (IT) is responsible for supporting and maintaining the information technology infrastructure and business applications to support First Marblehead’s goals and objectives. This includes, but is not limited to:
a. Maintaining security architecture.
b. Collaborating with CIS to identify security deficiencies and prioritize remediation.
c. Working with CIS to identify technology solutions to meet regulatory/business/security requirements.
d. Implementing technology improvements in support of the ISP.
e. Promoting industry best practices.
f. Administering access to key systems.
g. Documenting and maintaining procedures for performing system access administration for systems under IT’s control.
h. Managing access to security appliances, consistent with ISP and internal procedures.
i. Converting security requirements into technical specifications.
j. Performing technical implementations based on review and approval from CIS.
k. Implementing policy or filter changes as directed or agreed to by CIS that would modify how a security system captures, reviews, quarantines, or releases information.
l. Maintaining an ongoing log of production and ad-hoc monitoring activities and implementations.
m. Monitoring and responding to technology support exception reporting (e.g. functional alerts, ad-hoc trouble shooting reports, etc.).
n. Providing CIS non-administrative access to systems where needed for CIS to monitor effectiveness of systems and manage quarantines.
o. Managing Information Technology vendor relationship(s) and serving as the sole point of technical support escalation.
p. Budgeting for the funding required for acquisition, support and maintenance of appliances and systems.
q. Maintaining regular communication with CIS regarding the status of security systems, technical and data security events and trends, and process improvement recommendations.
7. Third Party Service Providers:
a. Understand and adhere to the ISP.
b. Sign the ISP acknowledgement letter prior to accessing any First Marblehead systems, applications, files or data.
The First Marblehead Corporation
Employee Code of Conduct
On June 21, 2010, our board of directors approved our revised Code of Conduct.
Letter from the Chairman & Chief Executive Officer
Dear Fellow Employees,
At First Marblehead, integrity is a fundamental corporate value. We are strongly committed to it, and to the ethical conduct, honesty and compliance with law that underlie it. Integrity is vital to our long-term relationships with clients, colleagues and investors, particularly at this time in the history of our Company and industry.
Our Code of Conduct outlines standards for employee conduct. It is intended to raise your awareness about what is expected of each of us, to provide you with guidance if you have questions about what is proper conduct for you or anyone else, and to encourage you to report any ethical, accounting or legal problems that you may confront. Given the variety of situations to which our standards apply, the Code is not intended to provide you with a roadmap for every question that you have or specific concern that may arise. Each of us is expected to use our judgment and common sense in order to comply not only with the letter of the Code but also with its spirit.
Please read the Code carefully and thoroughly, as it has been updated to clarify some requirements as well as to reflect our growing and evolving businesses. You are required to formally acknowledge that you have read the Code, understand it, and agree to abide by it.
The principles of the Code apply to everyone at First Marblehead regardless of job function or seniority. Each of us must do our part to prevent or correct violations and maintain a culture where absolutely nothing compromises our commitment to integrity. I encourage you to discuss any questions or concerns you may have about the Code or any activity at our Company with any member of the Code of Conduct Committee.
Our Code provides a foundation, but the value we get from it depends on your level of dedication to upholding its principles. Please join me in renewing our commitment to protecting and strengthening First Marblehead’s reputation for integrity and the trust that our clients, colleagues and investors have placed in each of us.
Daniel Meyers
Chairman & Chief Executive Officer
Introduction
We are all equal under the Code
At The First Marblehead Corporation (Company), we are committed to upholding the highest standards of honest, ethical conduct. Always. Without compromise. That commitment also reflects our goals to meet and exceed the expectations of our stakeholders — those groups of people with a vested interest in the success of our Company.
Our Code of Conduct (Code) summarizes the shared values and behaviors we must exhibit in all of our business transactions and interactions with our key stakeholders, including customers, fellow employees, business partners, suppliers, shareholders, government regulators and communities.
Our Code applies equally to all employees and officers. In addition, our vendors, consultants and other business partners are expected to uphold our ethical standards and values. Compliance with our Code, Company policies and procedures, and applicable laws and regulations is a responsibility that we take seriously, and we will hold each other accountable in meeting that responsibility.
Our leaders and managers are expected to serve as ethical role models.
They are expected to be familiar with our Code and effectively communicate its importance and guidelines and answer the questions of those who report to them.
Leaders and managers also have an obligation to create a positive work environment in which Company personnel feel comfortable asking questions or reporting concerns.
Leaders and managers who fail to meet this responsibility or who do not act promptly to report suspected misconduct will be subject to disciplinary action that may include termination.
Raising and Reporting Ethical Issues
What to do when you think something is wrong
If you believe that any employee, officer, director or anyone working on our behalf may have engaged in ethical or legal misconduct, it is your responsibility to promptly report the matter to your manager or any member of the Code of Conduct Committee (see the list and contact information at the end of this document or on our HR intranet). Doing so helps us to address issues and prevent future misconduct. Suspected Code violations can be reported to anyone on our Code of Conduct Committee, or call our toll-free HOTLINE, 866-709-9950, or e-mail CodeOfConduct@fmd.com, where you can leave a message about any suspected violation. While we prefer that you identify yourself when reporting suspected violations so that we may follow up with you, you may leave messages anonymously.
We will promptly and thoroughly investigate complaints to determine whether violations have occurred and if so, how to effectively address them. Disciplinary measures for violations may include, but are not limited to:
· reprimands
· warnings
· probation or suspension without pay
· demotions
· reductions in salary
· restitution
· termination of employment
Certain violations may require external reporting
Certain violations of our Code may require us to refer the matter to the appropriate governmental or regulatory authorities for investigation or prosecution.
We may also be required to report particular violations to clients, and the clients may report the violation to appropriate regulators. Employees, officers and directors are expected to cooperate fully with any inquiry or investigation by the Company regarding an alleged violation of our Code. Failure to cooperate with any such inquiry or investigation may result in disciplinary action up to and including discharge.
If the alleged violation involves an executive officer, then the Board of Directors and the Chief Executive Officer (but only to the extent that the CEO is not involved in the alleged violation) will determine whether a violation of our Code has occurred and, if so, will determine the disciplinary measures to be taken.
While we prefer to coordinate matters internally, nothing in our Code should discourage you from reporting any illegal activity, including any violation of securities laws or any other federal state or foreign law, rule or regulation, to the appropriate regulatory authority.
You are protected
Employees, officers and directors will not fire, demote, suspend, threaten, harass or in any other manner discriminate or retaliate against a person because he or she reports a violation, unless it is determined that the report
was made with knowledge that it was false. Our Code does not prevent you from testifying, participating or otherwise assisting in any state or federal administrative, judicial or legislative proceeding or investigation.
Reporting Process
You have three options for reporting a violation:
If the alleged violation involves a member of the Code of Conduct Committee, that member will not participate in the investigative process. In addition, suspected violations involving a member of the Audit Committee may be reported to WilmerHale LLP, our outside counsel. All contact information is included at the end of this Code.
Concerns about Accounting or Auditing Matters
Reporting your concerns
If you become aware of an actual or potential problem with our accounting, internal accountings controls or auditing matters, please raise your concerns immediately, by using the reporting process on page 6, by contacting the
Chairman of the Audit Committee directly or by contacting Susan Murley at WilmerHale LLP, our outside counsel, (617) 526-6000.
All concerns of merit will be forwarded to the Audit Committee, and a record of all complaints and concerns received by us will be provided to the Audit Committee each quarter. Again, you may report any concerns regarding accounting or auditing matters confidentially and anonymously.
Working with independent auditors or regulators
We are expected to cooperate completely and provide all information requested in any internal or external investigation, audit or regulatory inquiry. This requires us to provide accurate and complete information to these parties when requested.
· No one may directly or indirectly make or cause to be made a false or misleading statement.
· No one may omit to state, or cause another person to omit to state, any material fact in connection with any audit review, examination or investigation.
· No one may directly, or indirectly, take any action to coerce, manipulate, mislead or fraudulently influence any independent public or certified public accountant engaged in the performance of an audit or review of our financial statement.
Reporting Company Information
Compliance with all laws, rules and regulations is vital
We report corporate and business data to a number of regulatory agencies, including the Securities and Exchange Commission, the Internal Revenue Service and the New York Stock Exchange, in addition to the financial and educational institutions and other enterprises with which we do business. The accuracy and integrity of this information is critical to maintain our marketplace reputation and business model.
It is the responsibility of each one of us to comply with all laws, rules and regulations applicable to our business, as well as our Code and Company policies.
You are responsible for the accuracy of books, records and public reports
Because our regulators, shareholders and other business partners rely on the detailed information contained in our business records, we must make sure that the information we provide is accurate, timely and complete. You are responsible for the accuracy of the records and reports you create and/or review. Accurate information is essential to our ability to meet our legal and regulatory obligations.
All of our books, records and accounts must be maintained in accordance with all applicable regulations and standards and accurately reflect the true nature of the transactions they record.
Financial statements
Our financial statements must conform to generally accepted accounting principles, as well as our accounting policies and internal control procedures.
· No undisclosed or unrecorded account or fund can be established for any purpose.
· No false or misleading entries can be made in our books or records for any reason.
· No disbursement of corporate funds or other corporate property can be made without adequate supporting documentation.
It is our policy to provide full, fair, timely and understandable disclosure in reports and documents filed with, or submitted to, our regulators and in other public communications.
Protecting Company Assets
Protection of our company assets
We are all trusted to respect and safeguard Company property, which includes both physical and intangible assets. We must be diligent and work together to prevent identity theft, destruction or misappropriation of Company property, including our physical property, consumer information, proprietary client information, confidential and proprietary internal information and intellectual property.
Protecting physical assets
At all times we must protect and respect Company facilities, equipment and supplies from theft, loss, damage or misuse. Company issued portable devices, such as a BlackBerry or laptop, intended to promote work efficiency, should always be used for acceptable work-related purposes.
Protecting intellectual property
We also have an obligation to protect our intangible assets. Intellectual property refers to those intangible assets of the Company which include business methods, inventions, publications, patents, copyrights and trademarks. We were all asked to sign a non-disclosure agreement when we were hired. These signed agreements are kept in Human Resources and represent each of our individual commitments to protect our intellectual property. In addition, it is our policy to respect the intellectual property of others and to adhere strictly to all relevant laws and regulations regarding the patents, trademarks or copyrights owned by others.
Example:
Q. John & Joe are on the T after work discussing their day. John brings up comments made by management at a Town Hall meeting held earlier in the week. He is interested in knowing Joe’s thoughts on certain statements about stock options and pending clients, which John names, that were confidentially made to employees at the meeting. How should Joe respond?
A. Without drawing further attention to John’s specific statements, Joe should make clear to John that the timing and setting are inappropriate for the conversation. John’s public statements are in breach of his confidentiality obligations under our Code and are especially inappropriate if he is wearing anything identifying him with First Marblehead (fleece, name badge, computer bag or other item).
Protecting Information
Consumer information
We are all required to comply with the privacy policy applicable to the applications and loans we facilitate. In addition, federal and state law and contract requirements impose strict rules protecting information about loan applicants and borrowers.
All consumer data is confidential. Individual department policies define personnel who are authorized to access consumer data, and only authorized personnel with a need to know are permitted access.
Unauthorized access to consumer data is prohibited. Consumer data may only be used and disclosed to third parties in accordance with applicable law and applicable contractual requirements and restrictions.
All consumer data, such as personal data provided to us by or about loan applicants and borrowers, must be safeguarded against unauthorized access in accordance with our Information Security Policy. If you have any questions concerning access to, use of, or safeguarding of consumer data, contact our Chief Risk Officer.
Company information
Proprietary and confidential information is generally not available to the public and includes internal business information, such as contract documentation, business processes, and corporate strategies and plans.
We must maintain the confidentiality of proprietary and confidential information entrusted to us by the Company or other companies, including our suppliers and clients, except when disclosure is authorized by a manager or is legally mandated.
Unauthorized disclosure of any proprietary or confidential information is prohibited. In addition, you should take appropriate precautions to ensure that confidential or sensitive business information, whether it is proprietary to us or another company, is not communicated within the Company except to authorized personnel or outside parties who need this information for legitimate business purposes.
You may find yourself in a position where a third party asks you for information concerning the Company. You must not discuss internal Company matters with anyone outside the Company, except as required in the performance of your duties and after a confidentiality agreement is in place. You must use the Company’s assets only for legitimate business purposes and not use them for any personal benefit or for the benefit of any third party.
If you are unsure whether or not you should share information with a third party, contact your manager or the General Counsel for guidance.
Client information
We are all responsible for protecting the confidentiality and security of our clients’ proprietary and confidential information. Unauthorized disclosure of client information to third parties, or internal parties not having a need to know the information, is prohibited. We must take care to safeguard client information and to ensure that client information is communicated within the Company only to the extent that employees, officers or directors with a need to know are able to perform their duties. This obligation continues even after our employment with the Company ends.
Protecting Information
Send requests for company information to Investor Relations
To further protect the Company’s information and make certain that it is released to the public in a manner that is both accurate and consistent, only designated spokespersons may communicate with the public on behalf of the Company. This applies particularly to requests from the media, market professionals (including securities analysts, institutional investors, investment advisors, brokers and dealers) and security holders.
If you receive any requests, you must decline to comment and refer the inquirer to Investor Relations: 800-895-4283 or info@fmd.com
Our employees’ personal information deserves protection too
Just as we are committed to maintaining the privacy and confidentiality of our Company and client information, we are also committed to maintaining the privacy and confidentiality of our employees’ personal information.
Employment information or medical records must not be shared or discussed inside or outside of the Company except as authorized by the employee or officer or as is required by law. Within the Company access must be limited only to those who have a substantial and legitimate need to know the information or who require information due to legal process.
Gifts and Entertainment
Before accepting a gift, check the guidelines
In the course of our work with clients and to build or strengthen good working relationships, it may be acceptable to give gifts or entertainment to, or accept gifts or entertainment from suppliers, vendors or business partners. However, good judgment, discretion and moderation should always be guides in these situations. We may never solicit, accept or give gifts or entertainment that may influence or be perceived to influence business decisions.
You must not accept, or permit any member of your immediate family to accept any gifts or gratuities from any client, supplier, vendor or other person doing or seeking to do business with the Company, other than items of insignificant value (<$50 in total from anyone in any calendar year).
Any gifts you receive that are of significant value (>$50) should be returned immediately and reported to your manager and the General Counsel. If immediate return is not practical, the gift should be given promptly to the Company for charitable donation or such other disposition as the Company believes appropriate.
If you are unsure about whether a gift or specific event is in compliance, please ask your manager or a member of the Code of Conduct Committee for guidance.
Example:
Q. A vendor has offered Tim two tickets to a Celtics playoff game. The vendor cannot make the game but told Tim to take a friend and enjoy himself. Can Tim accept the tickets?
A. No. Since the vendor is not accompanying Tim to the game, the tickets are really a gift and not business entertainment. The Company limit for accepting gifts without approval is less than $50. Tim cannot accept the tickets.
Before you give to others, consider how it may be perceived
Gifts, gratuities or other favors from you to clients, suppliers, vendors or other persons doing or seeking to do business with us that are of insignificant value (<$50 in total to anyone in any calendar year) are permitted if made in compliance with the terms of this paragraph.
All gifts, gratuities or other favors of significant value (>$50 in total to any party in any calendar year) from you to clients, suppliers, vendors or other persons doing or seeking to do business with us are prohibited unless approved in advance by the General Counsel.
Bribes and kickbacks are criminal acts, prohibited by law. You must not offer, give, solicit or receive any form of bribe or kickback anywhere in the world where we conduct business.
All gifts, gratuities or other favors, regardless of value, are prohibited if:
· not made in compliance with applicable law and our Code or policies to which the recipient may be subject, or
· given in consideration or expectation of any action by the recipient, or
· given to government officials. Requests for exceptions should be submitted to the General Counsel.
What’s reasonable (<$50)
· A bottle of wine of reasonable value from a client or vendor
· Tickets to a local sporting or cultural event with a value of less than $50
· An unsolicited gift of modest value given by a vendor
· Modest gifts of gratitude or to acknowledge personal events such as weddings, births or anniversaries
What’s excessive (>$50)
· A case of fine wine
· Front row tickets to a professional sports team playoff game
· A golf outing which includes tee time, hotel and other accommodations
· Cash, gift cards or other stored value products that are similar to cash
· A lavish gift, such as a leather briefcase, fine jewelry or art
Fair Dealing and Conflicts of Interest
We are committed to dealing fairly with other businesses
Our actions in the student loan marketplace define who we are as a company. We support vigorous yet fair competition. We not only have a responsibility to the regulatory, client and shareholder communities, but we also have an obligation to deal fairly and responsibly with our suppliers and competitors.
Fair dealing requires that we recognize and strive for the highest standards of honesty and integrity in the business community. We concentrate on anticipating and satisfying the needs of our clients and customers. While we will vigorously compete in our marketplace each and every day, we will not seek to restrict the competitive opportunities of our rivals in any way that may be considered deceitful or unethical.
Avoid conflicts of interest
A “conflict of interest” is defined as engaging in an activity in which you have a personal interest that intersects with or interferes with the interests of the Company. A conflict of interest can arise whenever you take action or have an interest that prevents you from performing your duties and responsibilities honestly and objectively.
You must act in the best interests of the Company and may not engage in any activity or have a personal interest, like a substantial financial investment, that presents a conflict of interest. For these reasons you may not perform services as a consultant, employee, officer, advisor or in any other capacity for, or have a financial interest in, a competitor of the Company, other than services performed at our request, a financial interest representing less than one percent (1%) of the outstanding shares of a publicly-held company or as may otherwise be approved by our Board of Directors.
In addition, no one may use his or her position with our Company to influence a transaction with a supplier or client in which such a person, or an immediate family member, has any personal interest, other than a financial interest representing less than one percent (1%) of the outstanding shares of a publicly-held company.
You are responsible for immediately disclosing any material transaction, or personal or financial relationship that might reasonably be expected to create a conflict of interest to the General Counsel. If you are a senior manager, you are also responsible for reporting such a transaction or relationship to the Board of Directors, which will be responsible for determining whether the transaction or relationship constitutes a conflict of interest.
Example:
Q. Mike runs a small home business selling magazine subscriptions. He does most of his work on weekends and it in no way conflicts with his performance at work. Recently, Mike has been eating lunch at his desk and using his First Marblehead computer to process pending orders. The Code says limited personal use of Company equipment is OK. Is this limited activity acceptable?
A. No. Under our Code, engaging in any activity which potentially interferes with the interests of the Company presents a conflict of interest. Our Company’s digital resources are used for business purposes, and personal use, especially in today’s resource and content rich website environment, does strain the system. Mike must run his “home” business from home.
Compliance with the Law
In addition to the regulatory requirements regarding the disclosure of Company financial information, we are also subject to federal, state and local laws that govern the way we do business. You are expected to use good judgment and common sense in complying with all applicable laws, rules and regulations. If you are in doubt, ask for advice and guidance from your manager, General Counsel or the Chief Risk Officer. Inside information and insider trading In the course of your employment with us, you may come into possession of inside information. “Inside information” is non-public information about the Company or other companies with which we have a relationship that, if publicly disclosed, might be of use to our competitors, or otherwise harmful to us or our clients. Material inside information about a company is inside information that would be considered important by a reasonable investor in determining whether to buy, sell or hold securities of that company. Information concerning any of the following subjects, or our plans with respect to any of these subjects could be considered to be material inside information:
· our revenues or earnings
· our capital markets activities
· a new loan program or a significant development with regard to an existing one
· the establishment, modification or termination of agreements with business partners or strategic partners
· the loss of, delay or gain of a significant contract regarding our clients
· a merger or acquisition involving us
· a change in our control or a significant change in our management
· a change in or dispute with our auditors
This list is illustrative only. There are many other circumstances that could give rise to material inside information.
Ask before you trade
If you have material inside information about us or other companies, including our suppliers and clients, as a result of their relationship with us, you are prohibited by law and Company policy from trading in our securities or those of other such companies, as well as communicating such information to others who might trade on the basis of that information. Buying, selling or tipping (disclosing inside information to someone who trades a security based on the information you provided) violates not only our policy but the laws of many countries. Violations may carry both civil and criminal penalties for those involved. If you are in doubt, ask for guidance from your manager, the General Counsel or the Chief Risk Officer.
Example:
Q. Stephen knows about a potential business development that will likely make our Company’s stock price rise. He knows that he cannot trade on this information but wants to tell his friend this information and encourage him to buy shares of the Company’s securities. Can Stephen do this?
A. No. The potential business development is considered material nonpublic information. If Stephen shares this information with his friend, he would be engaging in tipping, which violates our Code and the Company’s Insider Trading Policy. Stephen and his friend might also be subject to criminal penalties for violating insider trading laws.
Respect for the Individual
We should respect and value one another
We strive to maintain a workplace that allows everyone to contribute at the highest level in an atmosphere that fosters growth and innovation. In our daily decisions and actions, we should all be responsible for maintaining a workplace that is free of harassment and discrimination and that promotes respect for individuals.
We make employment, pay and promotion decisions without regard to race, color, religion, gender, age, national origin or ancestry, sexual orientation or other protected class status. The Company is committed to full compliance with all anti-discrimination laws, including state and federal laws against discrimination and harassment in employment, the Americans with Disabilities Act and the guidelines under the Massachusetts Commission Against Discrimination and the Equal Employment Opportunity Commission. (Please refer to the First Marblehead Employee Handbook for additional information on your rights under these laws.)
Harassment and discrimination are not tolerated
We are committed to maintaining a workplace that is free of harassment and discrimination. “Harassment” includes offensive behavior that interferes with another individual’s work environment or that has the purpose or effect of creating an intimidating or hostile work environment. Harassment may include conduct done physically or verbally, or done in person or by other means. It may also include conduct that is sexual in nature or otherwise inappropriate. To that end, we are committed to upholding the existing laws regarding sexual harassment and equality of employment opportunities. We will not tolerate retaliation against an individual who reports sexual or other forms of harassment or discrimination. Retaliation is unlawful.
“Sexual harassment” is defined by Massachusetts law as requests for sexual favors, and other verbal or physical conduct of a sexual nature when submission to or rejection of such advances, requests or conduct is made either explicitly or implicitly a term or condition of employment or as a basis for employment decisions; or when such advances, requests or conduct have the purpose or effect of unreasonably interfering with an individual’s work
performance by creating an intimidating, hostile, humiliating, or sexually offensive work environment. Discrimination on the basis of sex includes, but is not limited to, sexual harassment.
We will investigate all complaints of sexual or other harassment and take appropriate disciplinary or corrective action when necessary. For further information on how to initiate a complaint or investigation, please see the First Marblehead Employee Handbook, or call the HOTLINE.
Example:
Q. Linda feels harassed by her manager, Justin. He frequently makes improper comments about her appearance when alone, making her uncomfortable. Linda has told Justin his comments bother her on more than one occasion, but he has not changed or stopped the behavior. What should she do?
A. Linda should report Justin’s conduct to Human Resources or a member of the Code of Conduct Committee immediately. Justin’s actions are unwanted and violate the Code and our Company’s policy against harassment. The harassing behavior will not be tolerated.
Workplace Policies
Employee safety and health
Our greatest asset is you, so we are committed to the highest standards of your safety and protection. In addition to maintaining a harassment-free environment, we are also committed to a drug- and violence-free workplace.
Workplace violence includes intimidation, threats, physical attack or property damage directed at a fellow employee, officer or director. Anyone who engages in these behaviors may be subject to disciplinary action up to and including termination.
No illegal drugs or alcohol on the job. In addition, the Company is committed to fostering the health and well-being of all of us. That commitment is jeopardized when someone uses illegal drugs or alcohol on the job, comes to work with these substances present in his or her body or possesses, sells or distributes drugs in the workplace.
It is a violation of our policy and our Code for anyone to possess, sell or trade or offer for sale illegal drugs or otherwise engage in the illegal use of drugs, intoxicants or alcohol on the job. Anyone who engages in the behaviors outlined may be considered in violation and may be subject to disciplinary action, up to and including termination.
Report violence promptly:
If you know of actual or potential workplace violence, call or e-mail the HOTLINE. If you believe someone is in immediate danger dial 911 and contact building security:
Medford Security: (781) 396-2559
Prudential Security: (617) 236-3114
Political activities and contributions
You are encouraged to exercise your rights as voters and citizens. However, political activity must take place on your own time and you may not use Company resources or assets directly or indirectly for any political activities, except as otherwise approved by the Board of Directors or in connection with your job responsibility. You may not allow your status as an employee or officer to be used in support of a particular political candidate or issue, except if approved by the Board of Directors or in connection with your job responsibilities.
In addition, you may not pressure, either directly, or indirectly, employees, officers or directors to make political contributions or to participate in support of a political party, issue or candidate. Finally, corporate funds or assets
may not be used to support a political party, an elected official or the campaign of any candidate for local, state or federal elected office.
Workplace Policies
Responsible use of e-mail and the internet at work
Systems facilitating access to e-mail and the internet are Company resources that are provided primarily for business use, so you need to exercise good judgment in using these assets. All e-mails and documents residing on Company systems are the property of the Company and employees, officers and directors should have no expectation of privacy.
Any use of e-mail or internet access for inappropriate purposes, including gaining access to pornographic or other unsuitable websites, is strictly prohibited. In addition, employees, officers and directors are legally responsible for their blog and social network postings and may be subject to liability if contents are found to be defamatory, harassing or in violation of any applicable law. It is expected that e-mail and internet usage is business appropriate.
Example:
Q. Samantha notices that several individuals who sit near her regularly play games and watch movies on their Company computers. She finds out that some of the websites these individuals are accessing are restricted and should be blocked by the Company’s internet filtering tools. When testing access to these websites from her work computer, Samantha was redirected and received a message saying the websites were blocked. What should Samantha do?
A. Samantha should report her concerns to her manager or any member of the Code of Conduct Committee and she can choose to do so confidentially. The situation will be investigated. If it is determined that individuals intentionally bypassed security controls allowing them access, they will be disciplined. Further, any retaliation against Samantha for reporting this information will not be tolerated.
Working together to protect the environment
We are firmly committed to protecting the environment. We comply with all applicable environmental laws and regulations, as well as any guidelines set forth by the Company. Our commitment means that we must operate with respect for the environment by working to minimize environmental hazards, conserve and protect natural resources, and manage our energy usage.
We encourage individuals to do their part too. We should recycle, turn off lights and computers when they are not in use, and take public transportation whenever possible. If you have ideas, please share them with your manager or e-mail: facilitiesdept@fmd.com.
Supporting Our Code of Conduct
We have to work together to uphold the Code
Our Code not only outlines our operating responsibilities and guidelines, it is an agreement that we share about the ethics and values which guide our business actions and decisions. We are all responsible for upholding and enforcing it.
If you develop any questions or concerns about ethical behavior in our workplace we encourage you to raise them or report them.
Waivers of the Code
While most of the policies contained in our Code must be strictly adhered to, in some cases exceptions may be possible. If you believe that an exception to any of these policies may be appropriate, you should first contact your
manager. If your manager agrees that an exception is appropriate, the written approval of the General Counsel must then be obtained. The General Counsel is responsible for maintaining a record of all requests for exceptions to any of these policies and the disposition of the requests.
Any executive officer who seeks an exception to any of these policies should contact the General Counsel. Any waiver of our Code for executive officers must be made only by the Board of Directors of the Company and will be disclosed as required by the law or regulation.
As First Marblehead employees, we agree:
· To prepare and maintain accurate business and financial reports
· Not to mislead or inappropriately influence auditors or regulators
· To protect the confidential information and intellectual property of our company, clients and partners and to keep private consumer information secure
· Not to give or accept inappropriate gifts (generally gifts of >$50 per year)
· To use company resources—especially e-mail and internet—only for appropriate purposes
· To deal fairly with business partners, vendors and competitors
· Not to engage in insider trading or any other illegal activities
· To maintain a safe workplace
The Code of Conduct is available online via the Human Resources Intranet page. Hard copies of the Code are available in the mail room or by request from HR.
Contact Information
Code of Conduct Committee Member = (M)
Bill Baumer (M)
Managing Director & Chief Risk Officer
The First Marblehead Corporation
800 Boylston Street, 34th Floor
Boston, MA 02199-8157
(617) 638-2093
bbaumer@fmd.com
Greg Woods (M)
Managing Director & General Counsel
The First Marblehead Corporation
800 Boylston Street, 34th Floor
Boston, MA 02199-8157
(617) 638-2176
gwoods@fmd.com
Jo-Ann Burnham (M)
Managing Director, Human Resources
The First Marblehead Corporation
800 Boylston Street, 34th Floor
Boston, MA 02199-8157
(617) 638-2005
jburnham@fmd.com
Ken Klipper (M)
Managing Director & Chief Financial Officer
The First Marblehead Corporation
800 Boylston Street, 29th Floor
Boston, MA 02199-8157
(617) 638-2163
kklipper@fmd.com
Daniel Meyers
Chairman & Chief Executive Officer
The First Marblehead Corporation
800 Boylston Street, 34th Floor
Boston, MA 02199-8157
(617) 638-2001
dmeyers@fmd.com
Peter Drotch
Chairman – Audit Committee
The First Marblehead Corporation Board of Directors
800 Boylston Street, 34th Floor
Boston, MA 02199-8157
(508) 872-6647
Outside Counsel
Wilmer Cutler Pickering Hale and Dorr LLP
60 State Street
Boston, MA 02105
(617) 526-6000
Attention: Susan Murley, Esquire
Code of Conduct HOTLINE: CodeOfConduct@fmd.com or 866.709.9950
EXHIBIT J
FMER License Applications
Massachusetts – Small Loan Company license
New Jersey – Consumer Lender license