Congressional Bank

Business eBanking Agreement

On completion of the Internet Banking Enrollment Process and any associated Forms, Exhibits or Schedules as may be required from time to time, and the acceptance of same by Bank, Customer will be provided access to Bank’s System. The Bank may use a Service Provider to complete certain of the Bank’s duties under this Addendum. Any Service Provider used by Bank is subject to the same standards of performance, including the safeguarding of Confidential Information, as Bank itself. The Customer acknowledges that Bank may, from time to time, change the terms under which this System is offered by notifying Customer. Continued use of this System after such notification constitutes acceptance by Customer of such changes to the Master Agreement and/or this Addendum and associated Forms, Exhibits or Schedules

General Description

Bank will make available balance information and/or itemized debit and credit information for Accounts on a daily basis via the System and will provide access instructions, including Credentials, to Customer. The System is for Customer’s internal use to enable Customer to obtain balance and other Account information and to direct payments from Account(s) to third-parties (collectively, “Payees”, and each individually, a “Payee” when using the bill payment module; collectively “Beneficiaries”, and each individually a “Beneficiary” when accessing Wire Transfers; and collectively “Receivers”, and each individually a “Receiver” when using the ACH network). The System may be used to:

  • Transfer funds between Customer’s Accounts;
  • Obtain balance and transaction information on Accounts;
  •  View front and back images of checks and deposits posted to Accounts;
  • Order bill payments from Customer’s checking Account to Payees;
  •  Order Bank to stop payment of checks drawn on Customer’s checking account(s);
  • Request eStatements, as described below, for electronic delivery and access of monthly statements for eligible Accounts; and
  • Obtain other online services as may be made available by Bank from time to time

Services

Internal Funds Transfer Service

The internal funds transfer service may be used to transfer funds on a same-day basis between Customer’s Accounts with Bank. With this service, Customer may:

Transfer funds between Customer’s Accounts on a specified date in the future or on a recurring basis (e.g., weekly, bi-weekly, monthly, etc.); and

Transfer funds on a same-day basis from Customer’s Account(s) to make a payment on a loan or line of credit Customer has with Bank.

 Transactions posted to Customer’s account as of a certain Business Day may not be reflected in account balances provided by the System until the next Business Day based on the timing of the transactions and applicable processing schedules.

Bill Payment Service

The bill payment service may be used to schedule the payment of funds from Customer’s checking and money market Accounts to Payees that have been selected to receive payment using the service. The service allows bill payments in several ways:

• An immediate payment is a single transfer of funds to a Payee to be initiated as soon as possible after the transfer request is submitted.

 • A recurring payment is one of a series of transfers of a fixed amount of funds to a Payee on a regular, periodic basis.
• A future-dated payment is a single transfer of funds to a Payee to be made on a date Customer specifies up to 364 days in advance.
• A payment that is made following the receipt of an electronic bill (“e-bill”).

Bill payments made through the System require sufficient time for the Payee to credit Customer’s account properly. To avoid the assessment of late charges by the Payee, Customer should make the payment at least five (5) Business Days before the due date of the payment. Payment requests submitted on a Business Day before 7:30 p.m. (Eastern Time) Monday through Thursday and 10:30 p.m. (Eastern Time) on Friday are initiated on that Business Day, provided a sufficient Available Balance. Transactions conducted after those times on a Business Day or at any time on a non-Business Day are initiated on the next Business Day, subject to a sufficient Available Balance in the Account from which the payment is being made.

 Bank cannot guarantee prompt receipt and processing of payments by Payees and will not be responsible for any charges imposed or other action taken by a Payee because of a late payment, including but not limited to finance charges and late fees. BANK MAY TERMINATE ACCESS TO THE BILL PAY SERVICE AFTER SIX (6) CONSECUTIVE MONTHS OF INACTIVITY.

 eStatements

Bank will provide Customer with the option to utilize the eStatements service, which allows Customer to access Account statements through the System. Upon acceptance of the applicable terms and disclosures, the eStatements feature may be used to receive electronic delivery of Account statements through the System. The ability to sign up for and retrieve eStatements is assigned by the Administrator. Enrollment in eStatements will terminate paper delivery of statements from Bank to Customer or any third-party designations. In order to receive paper statements after electing to utilize the eStatements service, Customer must notify Bank at the applicable address or phone number set forth in Part I, Section 1.19(c)

Other Services

Enrollment in the System is necessary for using the Positive Pay and ACH Positive Pay Services and offers additional options for the Wire Transfer Service and ACH Service, each of which is addressed in separate Master Treasury Services Agreement. The System may also be accessed via a mobile device upon completion and acceptance of the BeB Mobile System Addendum.

Business Mobile Option

Customer may request that certain System capabilities be made available via an approved mobile device such as a tablet or smartphone. To utilize Business Mobile, Customer will need a compatible and supported mobile device with a connection to the Internet. Customer also must have Bank’s mobile banking application (“Mobile Banking App”), which Bank may change from time to time. Customer is responsible for the selection, installation, maintenance, and operation of Customer’s Mobile Device, software, and other equipment required for Mobile Access. Bank is not responsible for advising Customer of the existence or potential effect of malicious code that may exist on Customer’s Mobile Device, and Customer’s use of Mobile Access is at Customer’s own risk. Bank does not guarantee the functionality or availability of the Mobile Banking App on all Mobile Devices. Bank assumes no responsibility for the defects or incompatibility of any devices, computers or software that Customer uses for Mobile Access, even if such devices, computers or software were previously approved for use.

  • Customer is solely responsible for the mobile device and any associated fees and charges related to data.
  • b.  Bank reserves the right to charge an additional fee for Mobile Access, the amount and the basis of which (per device, per user, etc.) may change at Bank’s sole discretion.
  • c.  Not all features of the System will be available via Mobile Access.

Business Banking System Security Procedures. Security

Bank requires the use of various procedures for accessing and using Services available through the System. Bank’s System Security Procedures fall into three categories: (1) those that are mandatory without exception; (2) those that are required by default but may be rejected by Customer following Customer’s signature of an agreement to be bound by any transaction, whether or not authorized, in its name, and accepted by Bank in compliance with the security procedure(s) chosen by Customer and accepted by Bank; and (3) those that are optional. The term “Administrator” refers to the Person Customer designates to establish and control access to the System and Services accessible thereunder by Users, as defined below. Customer understands and acknowledges that the Administrator is an essential component of Company’s security with respect to the System and Services, and as such, is considered a mandatory System Security Procedure. Bank may contact Administrator to verify a User’s use of certain Services, including but not limited to Wire Transfers more than a Verification Floor as described in Bank’s Wire Transfer Service and the resolution of errors and exceptions.

CUSTOMER UNDERSTANDS THAT THE ADMINISTRATOR HAS THE CAPABILITY OF PROVIDING ADMINISTRATIVE PRIVILEGES IDENTICAL TO THAT OF THE ADMINISTRATOR TO ANY USER (REAL OR FICTIONAL), INCLUDING THE ABILITY TO CREATE AND MAINTAIN SUBSEQUENT USER ACCOUNTS AND ASSIGNING AND REVOKING ACCESS PRIVILEGES. CUSTOMER ACKNOWLEDGES THAT ANY ADMINISTRATOR WILL HAVE THE ABILITY TO CONTROL SECURITY LEVELS SUCH AS SERVICE ACCESS AND SERVICE TRANSACTION LIMITS, INCLUDING BUT NOT LIMITED TO, THE ABILITY TO ASSIGN DOLLAR AMOUNT LIMITS TO TRANSFERS OF FUNDS. A USER, IF SO DESIGNATED BY THE ADMINISTRATOR, MAY ALSO CREATE ADDITIONAL USERS.

Customer agrees that the Administrator or any User designated to act as such will also have the authority on behalf of Customer to accept and approve all Forms, Schedules, Exhibits, and any other documents that may be submitted through or are associated with the System. The Administrator and any User assigned to a Service within the System may execute and/or approve any transaction or request that is not otherwise prohibited by Customer’s designated limits of authority for that User.

 To enable Customer to access the System, Bank will issue to the Administrator a Company ID, User ID, and Password (hereafter called “Credentials”) which will be confidential. Once established, the Administrator may assign User IDs and passwords for Users within a Company ID. Bank may, from time to time, utilize additional methods to verify the identity of Administrators and Users, including out-of-band-authentication techniques and security tokens. When used, such additional methods will also be considered Credentials. Customer agrees to disclose the Credentials only to Persons authorized to access the System and further agrees to establish and maintain procedures to safeguard any Credentials furnished by Bank. Customer agrees to notify Bank at once if it believes any Credentials have been learned by an unauthorized Person.  If Bank believes that security has been breached, it may change the Credentials without prior notice. Customer authorizes Bank to consider any access to or use of the Services using the Credentials to be Customer’s authorized access or use.

Bank’s System Security Procedures require Enhanced Authentication on all Administrator accounts. “Enhanced Authentication” includes, but is not limited to, multifactor authentication to determine if the access device being used has been previously associated with that Administrator, out-of-band authentication requiring the Administrator to input information received through another device (typically a mobile phone), and the receipt of alerts via a delivery mechanism when administrative functions have been initiated and/or approved. Bank may deny access to the Services by any Administrator that does not fulfill the requirements of Enhanced Authentication by providing supplemental identity verification.

A User’s Credentials identify that User as an individual who is authorized to utilize Services to conduct transactions with one or more Accounts and validates the directions given. By using the Credentials to gain access to the Services, User is directing Bank on Customer’s behalf, and Customer authorizes Bank to follow those directions. All electronic communications that are authenticated and validated by Bank will be deemed to be valid and given the same effect as written and signed paper communications from Customer. Customer is bound by instructions, whether authorized or unauthorized, which Bank implements in compliance with the System Security Procedures, unless Customer has given Bank prior notice of possible unauthorized use of Customer’s Credentials and Bank has had a reasonable opportunity to act on such notice.

Dual Control is an optional System Security Procedure that reduces the potential for internal fraud and external compromise from malicious software, especially if the individuals performing the administrative function(s) in question use different access devices.

When a security token device is used as part of the Credentials, Customer agrees to establish and implement physical, technical and administrative measures to prevent unauthorized use of such tokens. Losses that arise from unauthorized access to the System because of improper safekeeping of tokens are the responsibility of Customer.

Customer agrees to notify Bank immediately if any tokens should be lost or placed in the custody of an unauthorized Person. Customer agrees to educate its Administrators and Users in appropriate security procedures including, but not limited to, signing off the System when they are not using it; the risks associated with opening email and/or attachments, especially those from unknown sources; and the risks associated with clicking on or opening pop-ups and web links.

Customer agrees to maintain appropriate technological safeguards including, but not limited to, strong web content filtering and scanning, firewalls, and anti-virus, antispam, and anti-spyware systems. Customer acknowledges that it is Customer’s responsibility to keep hardware and software systems up-to-date, including the most current security patches. Customer acknowledges and agrees that Bank’s System Security Procedures and controls are commercially reasonable based on the size and complexity of Customer’s business and are appropriate for Customer’s Accounts. Customer further acknowledges and agrees that System Security Procedures and controls may change from time to time.

How to Contact Bank

Any changes in the designation of Administrator will be in writing by the delivery of a new Online Banking Agreement or Designation of Business eBanking Administrator Form, and Customer will provide reasonable prior notice of such change to Bank.

Any communication regarding the Services, including the reporting of lost/stolen/ compromised Credentials or an unauthorized transaction, should be made to the address and/or phone numbers shown below. Because time is of the essence when responding to lost/ stolen/ compromised Credentials or an unauthorized transaction, Customer must contact Bank via phone immediately to report such an event.

Customer Security Responsibilities

General Security Measures

Customer agrees to implement reasonable security measures to assure that only Customer’s authorized employees have the ability to transmit information and instruction to Bank for the purposes of any Service. Bank strongly recommends that Customer adopts an internal, dual control environment in connection with each Service. If Customer chooses not to do so, Customer agrees to adopt a standard greater than ordinary care with respect to Customer accounts, employee supervision, internal controls, and review of statements and other transaction information.

Protection of Information Sources

Customer will be solely responsible for preventing and safeguarding against unauthorized transmissions and unauthorized access to the following, all of which are referred to collectively as “Information Sources”: (i) Original Checks; (ii) Check Images; and (iii) Customer information, systems, connections and equipment that interface with, connect to or allow access to Bank, its information, systems and equipment, including but not limited to instructions, codes, passwords, procedures, including security-related procedures or any passwords, codes or PINs used in transmitting the Check Images or other sensitive information. Customer will establish, maintain and enforce physical and logical commercially reasonable security practices, techniques and procedures with respect to access, storage and maintenance to safeguard against unauthorized transmissions and unauthorized access to the Information Sources. Such practices, techniques and procedures will be no less than the security-related requirements set forth in any applicable laws, regulations, regulatory guidelines and rules. Customer will take appropriate security measures to ensure that: (a) only authorized Personnel will have access to Information Sources, and (b) that the information obtained from Information Sources is not disclosed to third parties.

Notice

Customer will notify Bank immediately, followed by written confirmation, if Customer has reason to believe or suspects there has been any unauthorized access to the Information Sources or unauthorized transmissions.

Security

Customer is solely responsible for providing for and maintaining the physical electronic, procedural, administrative, and technical security of data and systems in Customer’s possession or under Customer’s control. Bank is not responsible for any computer viruses (including, but not limited to, programs commonly referred to as “malware,” “keystroke loggers,” or “spyware”), problems or malfunctions resulting from any computer viruses, or any related problems that may be associated with the use of an online system. Any material downloaded or otherwise obtained is at Customer’s own discretion and risk, and Bank is not responsible for any damage to Customer’s computer or operating systems or for loss of data that results from the download of any such material, whether due to any computer virus or otherwise. Customer is solely responsible for maintaining and applying anti-virus software, security patches, firewalls, and other security measures with respect to Customer’s operating systems, and for protecting, securing, and backing up any data and information stored in or on Customer’s operating systems. Bank is not responsible for any errors or failures resulting from defects in or malfunctions of any software installed on Customer’s operating systems or accessed through an Internet connection.

Internet and E-mail Security

Customer acknowledges and agrees that it is Customer’s responsibility to protect itself and to be vigilant against e-mail fraud and other internet frauds and schemes (including, but not limited to, frauds commonly referred to as “phishing,” “pharming,” and “business e-mail compromise”). Customer agrees to educate Administrator(s), User(s), Agents, employees, and contractors retained by Customer as to the risks of such fraud and to train such Persons to avoid such risks. Customer acknowledges that Bank will never contact Customer by e-mail to ask for or to verify Account numbers, Credentials, or any sensitive or confidential information unless Bank uses its Secured E-Mail service. In the event Customer receives an e-mail or other electronic communication that Customer believes, or has reason to believe, is fraudulent, Customer agrees that neither Customer nor its User(s), Agents, employees or contractors will respond to the e-mail, provide any information to the e-mail sender, click on any links in the e-mail, or otherwise comply with any instructions in the e-mail. Customer agrees that Bank is not responsible for any losses, injuries, or harm incurred by Customer as a result of any electronic, e-mail, or Internet fraud.

Breaches

In the event that System Security Procedures or general security measures are compromised in a way that results in unauthorized access to Information Sources, the creation or approval of unauthorized transactions, or the creation or approval of unauthorized changes in the System (a “Breach”), Customer agrees to assist Bank in determining the manner and source of the Breach. Such assistance will include, but not limited to providing Bank or Bank agents access to Customer’s hard drive(s), storage media and devices, systems and any other equipment or devices reasonably believed to have been used in the Breach.  Customer further agrees to provide to the Bank any analysis of such equipment, devices, or software or any report of such analysis performed by Customer, Customer agents, law enforcement agencies, or any other third party.  Failure of Customer to assist Bank will be an admission by Customer that the Breach was caused by a Person who obtained access to Customer’s facilities or who obtained information facilitating the breach of the System Security Procedures or general security measures from Customer and not from a source controlled by the Bank.

Hardware and Software

Hardware and Software

The hardware/software required to access the system is posted on the Bank’s Website and may be changed from time to time. Customer is responsible for obtaining/providing all required hardware, software, and Internet connectivity needed to access Services. Token devices are property of the Bank and must be returned upon termination of this Agreement or any token related Service.  Customer will, at its sole cost and expense, use computer hardware and software that meet all technical requirements for the proper delivery of the Service and that fulfill Customer’s obligation to obtain and maintain secure access to the Internet. Customer understands and agrees it may also incur, and will pay, all expenses related to the use of the Services, including, but not limited to, telephone service or Internet service charges. Customer is solely responsible for the payment of all costs and expenses associated with meeting and maintaining all technical requirements and additional items necessary for the proper use of the Services. Customer understands and agrees that it is solely responsible for the operation, maintenance and updating of all equipment, software and services used in connection with the Services and the cost thereof, and Customer hereby agrees that it will perform, or cause to be performed, all vendor recommended maintenance, repairs, upgrades and replacements, and such performance will be rendered by properly trained personnel, whether they are employees of Customer or third party employees. Bank is not responsible for any errors or failures resulting from defects in or malfunctions of Customer’s computer hardware or software. In addition to installing antivirus software, Customer hereby agrees to scan its computer hardware and software on a regular basis (one or more times per month) using a reliable computer virus detection product in order to detect and remove computer viruses. In connection with its use of the Services, Customer will only use the hardware with systems in compliance with the requirements set forth by Bank.  If a Service involves the use of software, hardware, processing, or databases provided by or through us or a Processor to Customer (a “System”), we or the System vendor may require Customer to execute a license or other agreement to use or acquire the System. Customer agrees to treat the System as strictly confidential at all times. Customer is solely responsible for the use or misuse of the System and assumes the risk of all consequences of the use or misuse of the System by Customer, its personnel or third parties (other than us and our personnel).

Service Software

All right, title and interest in and to (i) any and all computer programs, including, but not limited to, the object and source codes therefore, and any and all updates, upgrades, fixes and enhancements thereto, together with any and all documentation, user guides and instructions pertaining thereto (everything in this clause (i), collectively, “Software”), and (ii) any and all users guides, instructions and other documentation provided to, or used by, Customer in connection with the Services (everything in this clause (ii) collectively, the “Documentation”) will be, and remain, the property of Bank or any third party Software provider, as applicable. Unless otherwise expressly authorized, Customer may not (x) copy, reproduce, transmit, retransmit, disseminate, display, publish, sell, broadcast, circulate, distribute, transfer, assign, commercially exploit, reverse engineer, reverse compile or create derivative works of, the Software in any form or (y) copy, reproduce, transmit, retransmit, disseminate, display, publish, sell, broadcast, circulate, distribute, transfer, assign, or commercially exploit the Documentation.

Intellectual Property

Customer agrees not to: (i) put to issue the scope, validity, or ownership of Bank’s (or its licensors’) intellectual property rights in any proprietary data or service, (ii) perform any act which could reasonably be expected to impair the scope, validity, or ownership of such intellectual property rights, (iii) assert any ownership rights to any Software, Documentation or Service, or (iv) remove or alter any copyright, trademark, or other intellectual property or proprietary right notices, legends, symbols, or labels appearing on or in any Software, Documentation, or Service.

Infringement Claims

Customer agrees to: (i) cooperate with Bank and its licensors to protect the Software, Documentation, and Services, including in connection with any lawsuits or disputes involving the Software, Documentation and Services, (ii) promptly notify Bank and provide relevant information and facts upon becoming aware of any actual or potential claim made by a third party regarding infringement, misappropriation, imitation, illegal use or misuse, or reasonable likelihood thereof, by the Software, Documentation, or Service, and (iii) in the event of any actual or potential infringement, misappropriation, imitation, illegal use or misuse, or reasonable likelihood thereof of the Software, Documentation, or Service by others: (x) grant to Bank and its licensors the sole right to determine the course of action with respect to such infringement and to bring any proceeding with respect thereto, and to settle, and collect any settlement amount or judgment for any such proceeding, and (y) agree that such licensors will be solely entitled to any proceeds of any such proceeding, including, but not limited to, any settlement proceeds, insurance proceeds, arbitration award, judgment, or other consideration in any form.

Assignment

Customer hereby assigns to Bank or its licensors, as directed by Bank, any rights, including any patent, copyright, trademarks, and trade secrets, which it may now have or may acquire at any time in the future to any Software, Documentation, or Service.

Internet Disclaimer

For any Service described herein using the Internet, Bank does not and cannot control the flow of data to or from Bank’s network and other portions of the Internet. Such flow depends in large part on the performance of Internet services provided or controlled by third parties. Actions or inactions of such third parties can impair or disrupt Customer’s connections to the Internet (or portions thereof). Bank cannot guarantee that such events will not occur. Accordingly, Bank disclaims all liability resulting from or related to such events and in no event will Bank be liable for any damages (whether in contract or in tort) that are attributable to the public Internet infrastructure, Customer’s ability to connect to the Internet, or Bank’s ability to connect to the Internet on Customer’s behalf.

Service Availability

The ability of Bank to provide access to the System via internet or Mobile Access is conditioned upon the continued operation and availability of the computers which house the System and of the telecommunications network connecting Customer’s Mobile Device to the System. Bank does not and cannot control the flow of data to or from Bank’s network and other portions of the Internet. Accordingly, Bank disclaims any and all liability resulting from or related to delays or interruptions in data delivery and in no event will Bank be liable for any damages (whether in contract, tort, by operation of Law, or otherwise) that are attributable to the public Internet infrastructure, Customer’s ability to connect to the Internet, or Bank’s ability to connect to the Internet. In the event access to the computer or network is suspended or terminated for any reason, Customer agrees that Bank will not be responsible for Customer’s lack of access.