Exhibit 99.1
ELEVENTH ADDENDUM TO APPENDIX A OF
FOURTH AMENDED AND RESTATED SERVICE AGREEMENT
This Eleventh Addendum to Appendix A of that certain Fourth Amended and Restated Service Agreement (the "Addendum") is entered into as of this 30th day of June, 2023, by and between Comenity Bank (“Bank”), a Delaware state bank, with its principal place of business at One Righter Parkway, Suite 100, Wilmington, Delaware 19803 and Comenity Servicing LLC (“Servicer”), a Texas limited liability company with its principal place of business at 3095 Loyalty Circle, Columbus Ohio 43219.
RECITALS
WHEREAS, Bank and Servicer entered into that certain Fourth Amended and Restated Service Agreement as of June 1, 2022, (the “Agreement”) to outsource certain services to Servicer; and
WHEREAS, Bank and Servicer desire to modify certain Performance Standards set forth in Exhibit A to the Agreement.
NOW, THEREFORE, in consideration of the mutual agreements hereinafter set forth, and for other good and valuable consideration, the receipt and adequacy of which is hereby acknowledged, Bank and Servicer agree as follows:
1. Performance Standards. Bank and Servicer agree to amend the Performance Standards set forth in Appendix A to the Agreement, such that certain Performance Standards are hereby amended and added as set forth in further detail in Exhibit A hereto.
2. Effective Date: The amendments and additions to the Performance Standards, as set forth in Exhibit A hereto, shall be effective as of the first day of the month following the month in which this Addendum is executed.
3. Miscellaneous. Capitalized terms not otherwise defined in this Addendum shall have the meanings assigned to them in the Agreement. Other than as set forth above and in Exhibit A hereto, the parties agree that the Agreement, as amended by this Addendum, shall continue in full force and effect. The parties may execute this Addendum in one or more counterparts, each of which shall be deemed an original, but all of which shall constitute but one and the same instrument.
IN WITNESS WHEREOF, the parties have caused this Addendum to be executed by their authorized officers effective as of the date first written above.
| | Comenity Bank | |
| | | | |
| | By: | /s/ Baron Schlachter | |
| | Name: | Baron Schlachter | |
| | Title: | Comenity Bank President | |
| | | | |
| | Comenity Servicing LLC | |
| | | | |
| | By: | /s/ Tammy McConnaughey | |
| | Name: | Tammy McConnaughey | |
| | Title: | EVP, Chief Credit Risk and | |
| | | Operations Officer | |
EXHIBIT A
SECTION I: SERVICES AND PERFORMANCE STANDARDS APPLICABLE TO ALL COMENITY BANK PRODUCTS
| 1. | Amendments and Additions. Set forth below are additional Performance Standards or revisions to existing Performance Standards, all of which shall be incorporated into Appendix A to the Agreement. |
Service
| Performance Standard
| Measuring Period | Amended/ Added |
Business Continuity and Disaster Recovery Services • Assist management in planning for a shut down or disruption in business. • Respond to emergencies and safeguard the interests of key stakeholders, reputation, brand and value-creating activities. • Oversee each area that is responsible for planning, developing, updating and testing the procedures that will provide the organization the ability to respond and recover during an unplanned event. • Provide business continuity and disaster recovery services as follows: • Provide alternate site for Bank headquarters personnel in the event that the Bank’s location is rendered inaccessible or inoperable, until the Bank’s facility has been restored or other permanent location is secured. • Provide workstations for the duration of need, including access to all systems, availability, hardware, Bank data, and telephones with unlimited call access within the United States. • Upon arrival at the Servicer’s facility, Bank personnel will be issued such building access devices (electronic cards, keys, etc.) as needed to facilitate access to the building. • Provide security policies and procedures then in effect for this the facility. • Provide data security, data recovery, data backup, secured connectivity, and confidentiality functions. • Provide access to copy machines, fax machines and customary office supplies needed. | Conduct Business Impact Analysis (BIA) assessment within 12 months of the last assessment for 95% of business processes and provide results to Operational Risk Management Committee. | A | Amended |
| Conduct risk assessment within 12 months of the last assessment for 95% of facilities and provide results to Operational Risk Management Committee. | A | Amended |
| Establish and approve 97% of Business Continuity plans within 12 months of the last approval consistent with BCDR standards and report quarterly results to Operational Risk Management Committee. | Q | Amended |
| Establish and approve 97% of Disaster Recovery plans within 12 months of the last approval consistent with BCDR standards and report quarterly results to Operational Risk Management Committee. | Q | Added |
Conduct 95% of Business Continuity plan testing consistent with BCDR standards and report quarterly results to Operational Risk Management Committee. | Q | Amended |
Conduct 95% of Disaster Recovery plan testing consistent with BCDR standards and report quarterly results to Operational Risk Management Committee. | Q | Added |
Service
| Performance Standard
| Measuring Period | Amended/ Added |
Information Security Support • Provide technologies and manage network and application access to protect client/customer data while assuring privacy and regulatory compliance. | Perform semi-annual user access reviews on non-privileged applications and non-critical IT infrastructure. | S-A | Amended |
| Perform quarterly privileged user access reviews on ancillary systems, high/moderate risk applications, and critical IT infrastructure | Q | Added |
Information Technology Services/Outsourcing • Provide Information Technology services, platform, network, including telecommunications through a secure environment, which can be outsourced to third and fourth parties, including but not limited to: • Timely Incident Restoration • Unix/Linux Server Availability • Windows Server Availability • Mainframe Availability • Critical Application Availability • Data/Voice Connectivity Availability • Implementation of Critical Security Updates/Patches • Completion of Critical Batches • Authorizations • Other IT services as needed • Provide IT Quality services as listed below: • Provide management of production defects • Maintain tracking of Critical and High defects • Maintain listing of critical applications supporting the Bank(s) • Maintain oversight of critical application performance • Provide monitoring of IT fixes implemented • Other IT Quality Services, as requested | Complete 99% of critical batches within 24 hours of required completion time. | M | Amended |
