Attached files
file | filename |
---|---|
10-K/A - FORM 10-K/A - Everi Holdings Inc. | c15393e10vkza.htm |
EX-31.2 - EXHIBIT 31.2 - Everi Holdings Inc. | c15393exv31w2.htm |
EX-31.1 - EXHIBIT 31.1 - Everi Holdings Inc. | c15393exv31w1.htm |
EX-10.52 - EXHIBIT 10.52 - Everi Holdings Inc. | c15393exv10w52.htm |
Exhibit 10.50
Execution Version
[***]
Indicates confidential information. Confidential treatment
requested.
Portion omitted filed separately with the Securities and Exchange Commission.
Portion omitted filed separately with the Securities and Exchange Commission.
AMENDED AND RESTATED SPONSORSHIP AGREEMENT
This Amended and Restated Sponsorship Agreement (Agreement), is entered into this
October 1st, 2010, by and between Bank of America, N.A. (BofA) and Global Cash
Access, Inc., a Delaware corporation and the successor-in-interest to Global Cash Access, L.L.C.
(Company). Company and BofA are sometimes referred to herein each as a Party
and collectively as the Parties.
AGREEMENT
WHEREAS, B.A. Merchant Services, Inc. (BAMS) and Company entered into a Sponsorship
Agreement in or about November 1999, as amended (the Prior Agreement), and BofA is the
successor-in-interest to BAMS with respect to the Prior Agreement;
WHEREAS, Company and its Affiliates provide Payment Services to their respective Customers in
connection with Network Card Transactions predominantly at gaming establishments;
WHEREAS, in order for Company and its Affiliates to provide such Payment Services and to
authorize the Terminals that are used in connection with such Payment Services to be connected to
Networks, Company and/or the relevant Terminals must be sponsored by a Network Member;
WHEREAS, pursuant to the terms of the Prior Agreement, BofA or its Affiliate provided Network
sponsorship to Company and/or the relevant Terminals;
WHEREAS, the Prior Agreement is scheduled to terminate on September 30, 2010 and the Parties
desire to transition the sponsorship services currently provided by BofA or its Affiliate to a new
provider that is not affiliated with BofA;
WHEREAS, BofA is willing to provide a limited transition period during which BofA or its
Affiliate will continue to provide sponsorship services to Company, its Affiliates and/or the
relevant Terminals on the express conditions that include, among other things, that (i) the BINs
and ICAs currently used by Company and the related services provided by BofA and its Affiliate are
transferred to a new provider during such transition period, and (ii) the Parties agree to amend
and restate the Prior Agreement on the terms and conditions set forth herein;
NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which
Company and BofA acknowledge, the Parties agree as follows:
1. | Definitions. |
Affiliate means, with respect to either Party, a Person which directly or indirectly
Owns or Controls, is Owned or Controlled by, or is under common Ownership or common Control with
the Party.
Agreement has the meaning set forth in the preamble to this Agreement.
Applicable Law means all laws (including common law), codes, statutes, ordinances,
rules, regulations, regulatory bulletins or guidance, regulatory examinations or orders, decrees
and orders of any Governmental Authority, as may be amended and in effect from time to time.
ATM means automated teller machine, an automated cash machine or redemption device
that has the functionality to dispense cash in the same manner as an ATM.
BAMS has the meaning set forth in the recitals to this Agreement.
BofA has the meaning set forth in the preamble to this Agreement.
BofA Indemnitees means BofA, each Affiliate of BofA, and each Network Party, and
their respective legal representatives, successors, assigns, agents, employees, officers,
directors, and shareholders.
Business Day means any day on which a national bank located in the state of New York
is authorized or required to be open for business.
Card means an ATM, debit, prepaid, stored value or similar card, or a credit or
charge card, with magnetically encoded stripes, issued by a Network Member that may be used by the
holder to perform cash withdrawal, purchase or other financial transactions.
Card Transaction means a transaction that is initiated by a Cardholder through the
use of a Card at a Terminal, or other transaction types approved by the Parties in writing,
including but not limited to cash withdrawals or disbursements, balance inquiries, chargebacks, or
transactions involving the sale of a Negotiable Instrument by a Customer in accordance with written
procedures approved by BofA in accordance with this Agreement.
Cardholder means the Person to whom a Card has been issued and the authorized users
of such Card.
Cardholder Data means information provided by or about a Cardholder or Card in the
course of a Card Transaction or obtained through the use of a Card, including name, address, PIN,
CVV number, magnetic stripe data and any other similar information that identifies the Cardholder
or any account of the Cardholder.
Certified Processor means a Network participant that is authorized by a Network to
directly acquire and process payment transactions using a Networks system.
Claims means any losses, claims, suits, damages, liabilities, demands, rights
(whether contingent, accrued, inchoate or otherwise), disbursements, including reasonable legal
fees and expenses, of whatsoever kind and nature.
Company has the meaning set forth in the preamble to this Agreement.
Control means the power to direct the management or affairs of a Person.
Confidential Information has the meaning set forth in Section 15(a).
CSI has the meaning set forth in Section 3(a).
Customer means a Person to which Company provides Payment Services and that may have
one or more Terminals located on its premises which participate in the Networks and with respect to
which BofA provides Sponsorship Services to Company.
Customer Agreement means an agreement entered into between a Customer and Company
under which Company provides certain Payment Services.
Disclosing Party means the Party whose Confidential Information is obtained by the
Receiving Party.
Effective Date means September 30, 2010.
GCA means Company.
GCAH has the meaning set forth in Section 7(a).
- 2 -
Governmental Authority means any government, any state or any political subdivision
thereof, and any entity exercising executive, legislative, judicial, regulatory or administrative
functions of, or pertaining to, government, whether federal, state or local, including without
limitation, the Federal Deposit Insurance Corporation, Office of the Comptroller of Currency, the
Board of Governors of the Federal Reserve System, and the Office of Thrift Supervision.
Indemnified Party has the meaning set forth in Section 13(a)(2).
Independent Sales Organization or ISO means a non-member agent who is
registered with any Network by BofA or an Affiliate to deploy Terminals as provided in an agreement
between the ISO and BofA or its Affiliate.
Indirect Processor means an entity that provides processing services to Customers
and who provides an interface, directly or indirectly, between Company and such Customer for the
provision of Payment Services.
License means any license, permit, or approval of any nature from a Governmental
Authority.
Material Adverse Event means any event, including but not limited to any change in
the financial condition of Company, which is reasonably likely to have a material adverse impact on
the ability of Company to comply with its obligations under this Agreement, the Operating Rules or
Applicable Law.
MCCs has the meaning set forth in Section 5(i)(1).
Network means an ATM, electronic funds transfer, electronic benefits transfer, or
debit card or credit card network, on Exhibit A hereto, as amended from time to time by the
Parties.
Network Marks means the trademarks, service marks, names logos or other indicia of
origin that have been licensed to BofA by the Networks.
Network Forms has the meaning set forth in Section 3(g).
Network Member means a member of a Network.
Network Parties means Networks, Network Members, and any other Person to which BofA
or its Affiliates have any obligation or liability under a Networks Operating Rules with respect
to the Sponsorship Services provided by BofA and its Affiliates or the Card Transactions involving
the Company or its Customers.
Negotiable Instrument means a document or instrument (whether in written or
electronic form) that meets all of the requirements of a negotiable instrument under the Uniform
Commercial Code as enacted in each jurisdiction where BofA provides services to Company pursuant to
this Agreement, which is used for purposes of completing a quasi-cash transaction under the
applicable Operating Rules and MCCs that govern such quasi-cash transactions.
Non-Terminating Party has the meaning set forth in Section 14(b).
Operating Rule means any rule, regulation, procedure or bylaw of a Network, or any
other document, manual or writing setting forth any standard, requirement or operating guideline
relating to a Network or its Network Members.
Own and Ownership mean beneficial ownership of more than ten percent (10%)
of the equity of a Person.
Payment Services means (i) deployment, operation and/or ownership of Terminals,
and/or (ii) acquiring, processing, and/or authorizing Card Transactions, and/or (iii) providing
similar or related electronic payment services that requires sponsorship into one or more Networks.
- 3 -
PCI has the meaning set forth in Section 6(a).
Person means any individual, sole proprietorship, partnership, joint venture,
limited liability company, trust, association, corporation, institution, entity, unincorporated
organization or Governmental Authority.
POS means point-of-sale.
Prior Agreement has the meaning set forth in the recitals to this Agreement.
Processor means an Indirect Processor or Certified Processor.
Processor Agreement means an agreement between a Network and a Processor under which
a Processor is authorized to provide processing services in connection with Card Transactions in
the Network.
Provider Agreement means any agreement pursuant to which a Service Provider renders
services on behalf of Company.
Receiving Party means the Party that receives Confidential Information of the
Disclosing Party.
Reserve Account means a bank account established by BofA to hold the Reserve Amount
pursuant to Section 8.
Reserve Amount means the amount established by BofA from time-to-time pursuant to
Section 8(a) which Company must retain in a letter of credit or Reserve Account as provided in
Section 8.
Service Provider means a Person that provides, on behalf of Company, any obligations
that Company is required to perform under this Agreement.
Sponsorship Services means the sponsorship of Company and Terminals in the Networks
identified in Exhibit A to this Agreement.
Term has the meaning set forth in Section 14(a).
Terminal means an ATM or other machine with capability to accept Cards for the
purpose of dispensing cash, or engaging in other types of transactions agreed to in writing by the
Parties and in compliance with the all applicable Operating Rules.
Terminating Party has the meaning set forth in Section 14(b).
2. | Amended and Restated Agreement; Transition Services. |
(a) | Effective as of the Effective Date, this Agreement shall amend and restate the
Prior Agreement in its entirety, and such amended and restated agreement shall
thereafter govern the rights and obligations of the Parties with respect to the matters
subject to the Prior Agreement and this Agreement. Without limiting the foregoing, and
for avoidance of doubt, the Parties acknowledge and agree that the provisions of
Sections 3(b), 4(b), 4(d), 5(c), 8, 12(e), 12(f), 13 and 15 shall apply with respect to
acts, omissions or circumstances existing or occurring during the Prior Agreement or
this Agreement. |
- 4 -
(b) | The Parties acknowledge their mutual intent and agreement to end the on-going
relationship between the Parties, and that the Sponsorship Services provided by BofA
after the Effective Date are intended as an accommodation to Company for a limited
transition period. Company agrees that during the Term of this Agreement, Company will
attempt to enter into a relationship with a new provider for the Sponsorship Services
previously provided by BofA and to be provided under this Agreement by BofA. Company
shall require that any new provider assume the transfer of all
BINs / ICAs currently used by Company on terms and conditions reasonably acceptable
to BofA, and Company shall cooperate (and cause such new provider to cooperate) with
BofA with respect to the transfer of such BINS / ICAs to such new provider. The
Parties recognize the importance of Companys ability to transition to a new provider
of sponsorship services by the end of the Term, and shall cooperate in good faith to
achieve such transition by the end of the Term. If Company enters into an agreement
with a new provider of sponsorship services, the Parties will cooperate in good faith
with each other and with the new provider with respect to the transfer of the
BINS/ICAs currently used by Company to such new provider, and BofA will provide
Company and such new provider with other commercially reasonable transition
assistance services that are requested to allow Company to fully transition to such
new provider by the end of the Term. |
(c) | Company acknowledges and agrees that as of the expiration or termination of
this Agreement, BofA and its Affiliates shall have absolutely no obligation to provide
any Sponsorship Services to Company or with respect to any Customer businesses, whether
or not Company has entered into an agreement with a new provider to obtain new
sponsorship services, and that Company bears the entire risk of loss and business
disruption of Company is unable to obtain such sponsorship services from another
provider. |
3. | Sponsorship by BofA. |
(a) | General. BofA agrees to provide the Sponsorship Services with respect
to Company and the operations of its Customers in the United States or any United
States territory (as defined by each applicable Network), including Terminals located
in the United States, on the terms and conditions set forth in this Agreement;
provided, however, that (1) BofA may perform such Sponsorship Services, in whole or in
part, by causing an Affiliate to perform such Sponsorship Services, (2) BofA shall
remain liable to Company for performance of Sponsorship Services by an Affiliate of
BofA, and (3) references to performance by BofA of Sponsorship Services in this
Agreement shall be deemed to include BofAs option to cause an Affiliate to provide
such Sponsorship Services. BofA acknowledges that Company in some instances provides
certain of its Payment Services through its Affiliate Cash Systems, Inc.
(CSI), and that the Sponsorship Services shall extend to CSI; provided that
Company shall remain liable for CSIs compliance with the terms and conditions of this
Agreement. |
(b) | Performance by Customers. Company hereby unconditionally guarantees
performance of, and agrees that it is jointly and severally liable with each Customer,
for each Customers obligations and liabilities under each Customer Agreement,
including, without limitation, for any Claims which in any way directly or indirectly
relate to, result from or arise out of, any Customers violation of, or failure to
comply with, the Operating Rules or Applicable Law. For the avoidance of doubt, the
Sponsorship Services shall not include providing vault cash to Company or any Customer,
and the Parties acknowledge that the provision of vault cash by BofA or its Affiliate
to Company and Customers is subject to a separate agreement between BofA or its
Affiliate and Company, and that this Agreement shall in no way affect the obligations
or the parties to that agreement, including the termination date thereof, unless and to
the extent expressly provided herein. |
(c) | Existing Sponsorships. Subject to the terms and conditions of this
Agreement, BofA agrees to continue to provide the Sponsorship Services with respect to
each Customer with respect to which BofA was providing such Sponsorship Services on the
Effective Date, provided that (1) Company provides BofA with information mutually
agreed between the Parties from time to time to evaluate such Customer, and (2) each
such Customer has entered into a written Customer Agreement in form and substance
acceptable to BofA. Notwithstanding the foregoing, BofA may cease providing
Sponsorship Services with respect to an existing Customer to the extent that BofA
determines in its reasonable judgment, that (A) such action is required by a Network,
the Operating
Rules or Applicable Law, or (B) continuing to provide such Sponsorship Services would
present a significant financial or reputational risk to BofA. |
- 5 -
(d) | Requests for New Sponsorships. As a condition of BofA providing
Sponsorship Services with respect to any new Customer on or after the Effective Date,
except as otherwise agreed between the Parties, Company will (1) provide BofA with
information mutually agreed between the Parties from time to time to evaluate such
Customer, and (2) ensure that each such Customer enters into a written Customer
Agreement in form and substance acceptable to BofA. Notwithstanding the foregoing,
BofA has sole and absolute discretion to determine whether to provide or cause its
Affiliate to provide Sponsorship Services with respect to any new Customer; provided
that, to the extent reasonably practicable, BofA will attempt to (A) discuss with
Company its decision not to provide Sponsorship Services to a specific Customer in
advance and (B) work in good faith with Company to determine if there are any remedial
measures that can be implemented to address the underlying basis for BofAs intent to
deny Sponsorship Services. |
(e) | Underwriting Standards. BofA reserves the right, at all times, to
establish the underwriting standards and eligibility criteria for Customers with
respect to which it will provide Sponsorship Services. BofA may refuse to provide
Sponsorship Services with respect to the operations of any Customer or at any Customer
location that BofA determines in its sole and absolute discretion does not meet BofAs
underwriting standards or eligibility criteria; provided that, to the extent reasonably
practicable, BofA will attempt to (1) discuss with Company its decision not to provide
Sponsorship Services to a specific Customer and (2) work in good faith with Company to
determine if there are any remedial measures that can be implemented to address the
underlying basis for BofAs intent to deny Sponsorship Services. If BofA makes such a
determination with respect to an existing Customer, BofA and its Affiliates shall have
no liability with respect to any failure by Company to perform its obligations under
any Customer Agreement with such Customer, and Company expressly assumes all such risk. |
(f) | Customer Agreements. All Customer Agreements shall be in form and
substance reasonably acceptable to BofA, and shall meet any requirements set forth in
the applicable Operating Rules and Applicable Law, including any substantive provisions
required by the applicable Operating Rules, and shall obligate the Customer to abide by
the Operating Rules and Applicable Law. Customer Agreements may contain such other
terms and conditions as may be mutually agreed between any Customer and Company,
provided that such additional terms and conditions do not conflict with any provisions
of this Agreement, the Operating Rules or Applicable Law. Notwithstanding the
foregoing, BofA may require modifications to the Customer Agreement of an existing
Customer as of the Effective Date to the extent that BofA determines, in its reasonable
judgment, that (1) such modifications are required by a Network, the Operating Rules or
Applicable Law, or (2) such modifications are required to avoid a significant financial
or reputational risk to BofA. |
(g) | Network Registration and Requirements. BofA will complete and maintain
records with respect to all registration forms, applications and/or other documents
(Network Forms) that are required by the Networks from time to time in
connection with this Agreement and/or the Sponsorship Services provided by BofA to
Company and/or with respect to Customers. Company will be solely responsible for all
Network fees and charges associated with such registration or application. Company
will be solely responsible for timely preparing and providing to BofA any reports or
certifications required under any Operating Rules for filing with the Networks in
connection with the Sponsorship Services (including, without limitation, the
sponsorship of Customers and/or their Terminals) and the provision of Payment Services
for which Sponsorship Services are provided, including, without limitation, reports
relating to transaction activity, fee billing, adjustments and enhanced network
management reports, and such other reports as are specified in Exhibit B, which
reports will be distributed by Company in the formats and using communications circuits
and files designated by the Networks. BofA shall review and file such reports or
certifications with the
Network promptly after receipt from Company. Company shall promptly provide such
other reports, in hard copy or in view access, as BofA may require from
time-to-time. Without limiting the foregoing, Company acknowledges and agrees that,
for purposes of this Agreement, it is responsible for any and all obligations related
to the Payment Services arising under the Operating Rules (including connection to
each of the Networks) and for Customers compliance with the Operating Rules. |
- 6 -
(h) | Terminal Ownership. |
(1) | No later than the Effective Date, Company shall provide BofA with
a list of all current Terminals that are owned, established, operated or
maintained by a Person other than Company. Company shall comply with, and shall
cause each Customer to comply with, all applicable Operating Rules and any
Applicable Law that requires Company or Customer to obtain a License or
otherwise regulates or restricts the ability of Company or a Customer to own,
establish, operate or maintain a Terminal. If any applicable Operating Rules or
Applicable Law requires that a Customer or any Person which owns or operates a
Terminal at a Customer location enter into an agreement with BofA or its
Affiliate, Company shall ensure that, prior to BofAs provision of any
Sponsorship Services with respect to such Terminal, such Person enters into such
an agreement that is in compliance with such Operating Rules or Applicable Law
and acceptable in form and substance to BofA in BofAs reasonable discretion.
Notwithstanding the foregoing, BofA may cease providing Sponsorship Services
with respect to a Terminal, or require modifications to any agreement of an
owner or operator of a Terminal, to the extent that BofA determines in its
reasonable judgment that such action (A) is required by a Network, the Operating
Rules or Applicable Law, or (B) is required to avoid a significant financial or
reputational risk to BofA. |
(2) | With respect to new Terminals that become owned, established,
operated or maintained by a Person other than Company after the Effective Date,
Company shall obtain BofAs prior consent to obtain Sponsorship Services, which
consent shall not be unreasonably withheld or delayed; provided, however, that
such Terminals otherwise meet all of the requirements of Section 3(h)(1). |
4. | Certain Other Obligations of BofA. |
(a) | Network Membership. Subject to the terms and conditions of this
Agreement, BofA will use commercially reasonable efforts to obtain and maintain the
categories of membership or licenses in the Networks required to provide Sponsorship
Services pursuant to this Agreement and shall use reasonable efforts to notify Company
as soon as practicable if it is no longer able to maintain such memberships or
licenses. |
(b) | Regulatory Compliance. Notwithstanding anything in this Agreement, BofA
shall have no obligation to undertake to perform or continue to perform any function or
service relating to the Sponsorship Services or this Agreement with respect to any
Customer or Terminal in the event that: (1) such performance would contravene any
Applicable Law or Operating Rule, or any directive from a Governmental Authority or a
Network; or (2) BofA reasonably suspects fraud or suspicious activity in connection
with such Customer or Terminal. |
(c) | Dissemination of Operating Rules and Updates. To the extent permitted
by the applicable Network, Operating Rules or Applicable Law, BofA shall undertake good
faith efforts to provide Company with copies of applicable Operating Rules and/or
amendments thereto that BofA reasonably determines may be of interest or relevance to
Company. |
- 7 -
(d) | Other Limitations. Notwithstanding anything in this Agreement, BofA
will be responsible only for performing the services expressly provided for in this
Agreement and BofA undertakes no duties
other than those expressly provided herein. Without limiting the generality of the
foregoing, BofA will not be responsible for: (1) the acts or omissions of Company,
any Processor or any Customer or any of their respective representatives, employees
or agents or any other Person, including, without limitation, any Network Party, and
no such person or entity will be deemed BofAs agent for any purpose whatsoever; or
(2) breach of its duties hereunder, to the extent such breach was caused by legal
constraint, interruption in transmission or communication facilities, equipment
failure, war, terrorist act, riot, fire, flood, earthquake or other natural disaster,
strike, emergency or other circumstance beyond BofAs control. |
5. | Certain Obligations of Company. |
(a) | Terminal Operation. As between BofA and Company, Company will be
solely responsible for (1) the cost, installation, operation, maintenance and repair of
each Terminal including, but not limited to, electrical and communications connections
in compliance with the equipment manufacturer specifications and the applicable graphic
standards and technical specifications established by Networks from time to time; (2)
the cost and provision of all signage to comply with requirements of any Network or
Regulatory Authority, including disclosures approved by BofA agreed between the Parties
from time to time, which includes the resigning of all Terminals for a change in
Sponsorship Services. Company shall ensure that all Terminals meet all lighting,
security and accessibility requirements. |
(b) | Terminal Reports. Company shall: (1) complete a Customer Agreement and
associated due diligence prior to activating any Terminal as required by the Network(s)
and agreed between the Parties from time to time; (2) provide quarterly reports to BofA
which for each Customer with respect to which BofA provides Sponsorship Services
includes a listing of all Networks that Company is acquiring Transactions for such
Customer; and (3) providing all processing services and settlement for each Terminal
sponsored under or in connection with this Agreement; and (4) provide written notice to
BofA of each new Terminal location on a daily basis and will properly register and
continue to register each Terminal as may be required by each of the Networks and/or
Applicable Law. BofA may identify additional data files or reports to be generated by
Company and delivered to BofA on an ad hoc or periodic basis. Nothing in this
Agreement shall limit BofAs ability to communicate with any Customer to the extent
that BofA reasonably determines that such communication is necessary to comply with a
Network, Operating Rules or Applicable Law, or to avoid significant financial or
reputational risk to BofA. |
(c) | Compliance. Company will comply, and will ensure that each Customer
complies, with the Operating Rules and all Applicable Laws related to the Terminals,
the performance of Companys obligations hereunder and the obligations of each Customer
under a Customer Agreement. Company acknowledges and agrees that (1) only a Network
has authority to interpret its Operating Rules, and (2) BofA shall not make any
representation or warranty, and Company shall not rely on BofA or its Affiliates in any
way, including any oral or written statement, regarding the requirements imposed by the
Operating Rules or Applicable Law on Company or Companys Customers or operations.
BofA. BofA and Company shall negotiate in good faith to amend this Agreement to the
extent an amendment is necessary to comply with any Operating Rules or Applicable Law. |
(d) | Use of BofAs Name and GCAs Name. Company agrees that it will not,
and will ensure that each Processor does not, use the name, marks or logos of BofA or
any of its Affiliates (the Bank Marks) for any reason, or use or refer to
BofA or its Affiliate (orally or in writing) in any advertisements, sales,
presentations or marketing materials without the express prior written consent of BofA,
which consent shall not be unreasonably withheld. Company may accurately describe its
relationship with BofA in response to questions and in its dealings with Customers.
BofA agrees that it will not, and will ensure that it and its Affiliates do not, use
the name, marks or logos of GCA or any of its Affiliates (the GCA Marks) for
any reason, or use or refer to GCA or
its Affiliate (orally or in writing) in any advertisements, sales, presentations or
marketing materials without the express prior written consent of GCA, which consent
shall not be unreasonably withheld. |
- 8 -
(e) | Processor Agreement. Prior to the sponsorship into any Network by BofA
or an Affiliate with respect to a Customer or a Terminal or the provision by Company of
any Payment Services for which the BofA provides Sponsorship Services under this
Agreement (1)Company will have become a Certified Processor or have obtained a
Certified Processor for such Network acceptable to BofA; and (2)such Certified
Processor shall have entered into a Processor Agreement with such Network as required
by the applicable Networks Operating Rules. Company shall ensure that such Certified
Processor shall comply with the terms thereof and otherwise maintain itself in good
standing with the Network. The Parties acknowledge and agree that TSYS Acquiring
Solutions, L.L.C. is acting as a Certified Processor of Company. |
(f) | Indirect Processors. Company shall obtain BofAs prior written
consent, which BofA may grant or deny in its sole discretion, before using any Indirect
Processor to provide processing services on Companys behalf. Notwithstanding that
BofA consents to Companys use of an Indirect Processor, Company will cause such
Indirect Processor to comply with the applicable Networks Operating Rules (including,
but not limited to, any requirement to enter into an agreement with the applicable
Network(s)) and all Applicable Law, and otherwise maintain itself in good standing with
the Network. |
(g) | Access to Processor Systems. To the extent that Company uses any
Processor in connection with Card Transactions, Company shall use commercially
reasonable efforts to cause such Processor to provide BofA with view access to such
Processors systems to enable BofA to access and view information concerning
transactions processed by such Processor on behalf of Company. |
(h) | Service Providers. Company agrees that it shall cause any Service
Provider or provider of vault cash services to promptly furnish BofA with any relevant
information requested by BofA relating to BofAs Sponsorship Services, the Networks, or
the Terminals or Customers with respect to which BofA provides Sponsorship Services
hereunder and to otherwise use commercially reasonable efforts to cooperate with BofA
in connection therewith. Company will timely pay all obligations that have not been
otherwise disputed in good faith by Company to any Person as they become due, whether
arising under the Operating Rules or otherwise, in connection with the Payment Services
or the Sponsorship Services. |
(i) | Card Transactions. |
(1) | Company shall ensure that Card Transactions are limited to (A)
cash withdrawals or disbursements or balance inquiries at Terminals, (B) the
issuance of Negotiable Instruments in a manner that conforms to the Operating
Rules and Applicable Law, and (C) transactions involving the merchant category
codes (MCCs) specified in Exhibit C. |
(2) | Except to the extent approved by BofA in writing, in no event
shall Company (A) allow, or permit any Customer to allow, a Cardholder to use a
Card for any Internet transaction or electronic commerce transaction, other than
a transaction in which a Cardholder uses a Card at a Terminal located at a
Customer location open to the public, (B) allow, or permit any Customer to
allow, a Cardholder to use a Card for any type of Card Transaction that BofA or
its Affiliates have not expressly approved in writing as of the Effective Date,
or (C) develop, introduce or announce any new product or service that involves
the use of Cards without the prior written approval of BofA or its Affiliates. |
- 9 -
(j) | Negotiable Instruments. Company shall ensure that each Negotiable
Instrument that is issued in a Card Transaction complies with all Applicable Law and
all applicable Operating Rules, including
Network requirements relating to proper transaction identifiers to enable Company and
the Network(s) to properly charge interchange fees due from each location. Any
attempt on the part of a Customer or Company to receive improper or inappropriate
fees may result in (1) full repayment of all fees collected with respect to such
Negotiable Instrument, and (2) immediate termination of this Agreement or the
provision of Sponsorship Services with respect to such Customer. |
(k) | Implementation of First Annapolis Recommendations. Company
acknowledges that the consulting firm First Annapolis performed a review of Companys
practices and procedures and made certain recommendations, which are summarized in
Exhibit D. Company shall implement the remediation steps set forth in the
column entitled GCA Comments in the table set forth in Exhibit D. Company
hereby (1)represents and warrants to BofA that it has fully and independently evaluated
the merits of each such recommendation and determined that taking the remediation steps
set forth in the column entitled GCA Comments in the table set forth in Exhibit
D is in the Companys best interests, and (2)acknowledges and agrees that BofA
makes no representation or warranty with respect to the merits of such recommendations,
and shall have no liability to Company or any other Person as a result of Company
following such recommendations. |
6. | Security; Disaster Recovery. |
(a) | Security Procedures. Company agrees to establish and maintain, and to
ensure that each Customer establishes and maintains, operations, policies and
procedures in place for the protection of Cardholder Data and comply with the Payment
Card Industry (PCI) Data Security Standard, and meet the objectives of the
Interagency Guidelines Establishing Standards for Safeguarding Customer Information;
provided, however, that Company shall be required to cause a Customer to comply with
the foregoing only to the extent that such Customer is subject to such requirements
under the Operating Rules or Applicable Law. Company further agrees to monitor and
ensure that it and its Customers: (1) have, maintain, and use at all times, proper
controls as specified in the Operating Rules for secure storage and transmission of,
and limited access to, and shall render unreadable prior to discarding, all records
containing Cardholder Data, Card imprints and Cardholder signatures; (2) do not retain
or store magnetic stripe or PIN data after a transaction has been authorized; and (3)
if Company or a Customer stores any electronically captured Cardholder signature, that
Company or a Customer can reproduce such signature upon the request of BofA. |
(b) | Network PIN Security. Key management and PIN security systems will at
all times be in compliance with each Network of which BofA or its Affiliate is a
member. Company will, at its sole expense complete within the required time frame or
upon BofAs demand, but at least annually, a PIN security review required by each
Network (including, but not limited to, the Visa PIN review and the ANSI//X9 TR-39-2009
TG-3 review) and provide BofA a copy of each such review upon completion. |
(c) | Background Checks; Employee Responsibility. Company shall establish,
implement and maintain reasonable policies and procedures with respect to the conduct
of background checks on (1) each of its officers and directors, and (2) each of its
employees and sales representatives engaged in providing the Payment Services. Company
understands and acknowledges that Company is solely responsible for the actions and
representations of all of its sales representatives and other employees. |
(d) | Security Breach. Company agrees that if it becomes aware or suspects
that there has been a breach of security that may result in unauthorized disclosure of
Cardholder Data or any other proprietary information relating to Card Transactions or
Cards, including with respect to any information obtained from a Terminal or in
connection with processing Card Transactions, Company shall notify BofA in writing of
such situation promptly, but in no event later than twenty four (24) hours after such
a situation occurs. Company agrees to use commercially reasonable efforts to
cooperate with BofA and take corrective action to respond to the situation. |
- 10 -
(e) | Disaster Recovery. Company agrees to maintain reasonable disaster
recovery plans designed to allow Company to recover and perform the basic obligations
under this Agreement in the event of a disaster or other failure of Companys
operations and systems. Company agrees to perform reasonable tests of such disaster
recovery plans on a regular basis. At the request of BofA, Company shall provide BofA
with a summary of the results of any such test performed by Company. |
7. | Financial Statements and Audits. |
(a) | Financial Statements. Company agrees to provide BofA with the
consolidated financial statements of Global Cash Access Holdings, Inc.
(GCAH), which may include quarterly or audited annual financial statements,
within thirty (30) days of request by BofA. Such financial statements shall be
certified in writing by a duly authorized officer or principal owner of GCAH as to the
accuracy of the data contained therein and the preparation of such statements in
accordance with generally accepted accounting principles, and Company shall provide an
unqualified opinion of an independent certified accountant retained by Company or GCAH
with respect to such financial statements. Company also shall provide such other
information concerning Companys business and compliance with this Agreement as BofA
may reasonably request, including, but not limited to, information describing the
differences between the financial condition of Company and GCAH. Company and the
undersigned official of Company authorize BofA to obtain financial and credit
information relating to Company and the undersigned official of Company from credit
bureaus and other Persons. |
(b) | BofA Audits. During the Term, and for a period of two (2) years
thereafter, BofA and its Affiliates (or their respective contractors) may conduct
procedural audits of Company as reasonably necessary to confirm compliance with this
Agreement, the Operating Rules and Applicable Law, including a review of Companys
facilities, books and records related to this Agreement upon reasonable advance
written notice by BofA. Company will promptly supply auditors with reasonable access
to Companys facilities and requested information. Company will provide BofA with a
copy of any audits performed by a Network, Governmental Authority or other Person, to
the extent (1) such Network, Governmental Authority or other Person does not prohibit
the provision of such audits to BofA and (2) that such audit relates to this Agreement,
the Sponsorship Services, or any Operating Rules or Applicable Law relating to this
Agreement or the Sponsorship Services. If Company is examined by a Governmental
Authority pursuant to the federal Bank Service Corporation Act, Company will notify
BofA when any report of examination is available, and will provide such report to BofA
unless prohibited by Applicable Law or the applicable Governmental Authority from doing
so. Company agrees to request permission from each Governmental Authority to provide
such reports to BofA. |
(c) | Regulatory Audits. Company acknowledges that it will be subject to
regulation or examination by Governmental Authorities (including the Office of the
Comptroller of the Currency) and the Networks by virtue of this Agreement and the
arrangements contemplated hereby. Company shall, promptly upon request, submit and
furnish to BofA any reports (including transaction reports) or other data requested by
BofA (1)in order to comply with applicable regulatory or supervisory requirements;
(2)to respond to requests by regulatory or supervisory authorities; or (3)as otherwise
requested by BofA to demonstrate that Company is in compliance with its obligations
hereunder. |
- 11 -
(d) | Notice to BofA. Company will provide BofA with written notice,
together with all supporting documentation, within two (2) days whenever: (1) Company
or, to Companys knowledge, a Customer, receives notice from a Network or a
Governmental Authority relating to this Agreement, the Sponsorship Services, any
Terminal, ATM or Card with respect to which BofA provides Sponsorship Services, the
modification or revocation of any License, or the compliance of Company or any Customer
with the Operating Rules or Applicable Law; (2) any suit, litigation or other
proceeding is brought against Company or, to Companys knowledge, its Customers, which
alleges any violation of any Operating Rules or Applicable Law; (3) Company
reasonably believes that any event of default has occurred or that any other
representations or warranty made by Company in this Agreement has ceased to be true
and complete in all material respects; (4) any Material Adverse Event occurs; (5)
Companys relationship with any Customer has been discontinued, whether at Companys
request or at such Customers request, provided that any such notice shall identify
the portion of Companys revenues represented by such Customer; or (6) Company learns
of any criminal investigation of Company or its Customers, or of their respective
officers or directors. |
8. | Letter of Credit; Reserve Account. |
(a) | Reserve Amount. (1) Beginning no later than five (5) Business Days
after the date of this Agreement, and until BofA releases Company from the obligation
pursuant to Section 8(d), Company shall maintain a letter of credit and/or a balance in
a Reserve Account in an amount equal to the Reserve Amount, as established by BofA in
accordance with this Agreement. The initial Reserve Amount shall be two million,
five-hundred thousand dollars ($2,500,000). In the event that Company experiences any
security breach of the type described in Section 6(d), BofA may increase the Reserve
Amount in its reasonable discretion by providing written notice to Company. |
(b) | Letter of Credit. The letter of credit required from Company under
this Section 8 shall be irrevocable, and issued by a depository institution acceptable
to BofA and in a form and content satisfactory to BofA, both in BofAs sole and
absolute discretion. BofA shall be entitled to make multiple draws on such letter to
obtain funds in satisfaction of Companys obligations to BofA under this Agreement
(including, but not limited to, paying any fees or penalties imposed by Networks on
BofA or its Affiliates with respect to Card Transactions involving Companys Customers)
without prior demand or notice. The letter of credit shall have a term that extends no
more than nine (9) months beyond the end of the Term of this Agreement. |
(c) | Reserve Account. The Reserve Account in which all or a portion of the
Reserve Amount shall be maintained will be a deposit account with an Affiliate of BofA
or other depository institution acceptable to BofA in its sole discretion. Companys
funds held in the Reserve Account may be commingled with other BofA customer funds
without involvement of an independent escrow agent. To secure Companys obligations
under this Agreement (including, but not limited to, paying any fees or penalties
imposed by Networks on BofA or its Affiliates with respect to Card Transactions
involving Companys Customers), Company irrevocably grants BofA and its Affiliates a
first priority lien and security interest in any funds in the Reserve Account and all
proceeds of such funds. Company agrees to execute and deliver to BofA, upon request,
any instruments and documents necessary to perfect its first priority lien and security
interest in and to such funds. If Company fails to perform such obligations under this
Agreement, BofA shall have the right, in its sole discretion, to exercise its lien and
security interests in the monies in the Reserve Account, without prior demand or notice
to Company. |
(d) | Release of Credit Support. After expiration or termination of this
Agreement for any reason, BofA shall promptly, but in no event later than nine (9)
months following such expiration or termination, return to Company any funds held in
the Reserve Account or surrender the letter of credit to Company upon BofAs
determination in its sole and absolute discretion that Company has performed all of its
obligations under this Agreement and there is no material risk of liability of Company
under this Agreement, including for any indemnity, chargebacks or Network fines or
assessments or other contingent obligation. |
- 12 -
9. | Use of Network Marks. |
Company shall use Network Marks, and shall ensure that each Customer uses Network Marks, only
to the extent permitted by each applicable Network and in accordance with all applicable Operating
Rules.
10. | Fees and Expenses. |
(a) | Network Fees and Charges. Company will pay (or immediately upon
demand, reimburse BofA and its Affiliates) for any and all applicable fees and charges
which may be imposed from time to time by Networks on BofA or its Affiliates, Company,
any Customer, or any Processor used by Company, which in any way relate to this
Agreement, the Customers, the Sponsorship Services or relevant payment transactions,
including, without limitation, (1) all applicable Network fees relating to registration
and licensing of independent sales organizations and merchant service providers, (2)
all fees associated with the sponsorship by BofA and its Affiliates of Company or
Terminals or the provision Sponsorship Services with respect to any Customer and (3)
all fees associated with the provision of Payment Services by Company. For the
avoidance of doubt, as of the Effective Date neither BofA nor its Affiliates shall be
obligated to provide any assessment credit to Company. |
(b) | Network Settlement. All settlement, funding and adjustments for all
payment transactions generated by Company or its Customers for a particular Network
will be handled by a Certified Processor in accordance with the applicable Operating
Rules. BofA or its Affiliate will instruct Networks to settle all payment transactions
in a manner consistent with the provisions of this Agreement; provided, however, that
Company will use best efforts change or alter its method of settlement in a manner
designated by BofA if BofA and its Affiliates reasonably determine that such changes or
alterations are necessary or appropriate to reduce or manage risk of settlement
failure. |
(c) | Expenses. Company will reimburse BofA and its Affiliates upon demand
for (1) all reasonable costs and expenses, including all out-of-pocket costs (including
attorneys fees) paid or incurred by BofA or its Affiliates in connection with the
preparation, negotiation, execution, delivery and review of this Agreement and any
enforcement, amendment or modification thereof; and (2) all reasonable costs and
expenses incurred as a result of changes in Companys business and operations,
including without limitation Companys use of a new Processors or Service Providers or
the transfer of the Sponsorship Services and/or BINs and ICAs to a new service provider
upon termination of this Agreement. |
11. | Representations and Warranties by Company. Company represents and warrants to
BofA as of the date of this Agreement, and on each day on which a Card Transaction occurs, that: |
(a) | Good Standing. Company is a corporation organized, validly existing
and in good standing under the laws of the State of Delaware, and has its principal
office in Las Vegas, Nevada. Company is duly licensed or qualified to do business and
is in good standing in all jurisdictions in which the nature of the activities
conducted or proposed to be conducted by it, or the character of the assets owned or
leased by it, makes such licensing or qualification necessary to perform its
obligations required hereunder, except where the failure to be so licensed or qualified
would not have a material adverse effect on its ability to fulfill its obligations
under this Agreement. Company shall provide BofA with copies of all such licenses,
from time to time, promptly upon demand. |
(b) | Capacity; Authority; Validity. Company has all necessary corporate
power and authority to enter into this Agreement and to perform all of the obligations
to be performed by it under this Agreement. This Agreement has been duly authorized by
all necessary corporate action and has been duly executed and delivered by Company, and
upon execution by the Parties, shall constitute the valid and binding obligation of
Company, enforceable against Company in accordance with its terms, subject to
applicable bankruptcy laws and general principles of equity. |
- 13 -
(c) | Conflicts; Defaults. Neither the execution and delivery of this
Agreement by Company, nor the consummation of the transactions contemplated herein by
Company, shall (1) conflict with, result in the breach of, constitute a default under
or accelerate, terminate, modify or cancel or require any
notice or consent under any agreement, contract, lease, license, instrument or other
arrangement to which Company is a party or by which it is bound or to which any of
its assets is subject, except for such violations, conflicts, breaches, defaults,
accelerations, terminations or modifications that would not have a material adverse
effect on its ability to fulfill its obligations under this Agreement; (2) violate
the certificate of incorporation, bylaws, or any other equivalent organizational
document of Company; or (3) require any consent or approval under any judgment,
order, writ, decree, permit or license to which Company is a party or by which it is
bound. Except as disclosed in writing to BofA, Company is not subject to any
agreement (A) requiring fundamental changes in the operation of the Program; or (B)
with any Governmental Authority that would prevent the consummation of the
transactions contemplated by, or its ongoing performance of, the Agreement. |
(d) | No Consents, Etc. No consent of any Person (including any stockholder
or creditor of Company) and no consent, license, permit, approval, authorization or
exemption by notice of, report to or registration, filing or declaration with, any
Governmental Authority is required in connection with the execution or delivery of this
Agreement by Company, the validity of this Agreement with respect to Company, the
enforceability of this Agreement against Company, the consummation by Company of the
transactions contemplated hereby or the performance by Company of its obligations
hereunder. |
(e) | No Defaults. Company is not in default with respect to any material
contract, agreement, lease or other instrument, including with respect to debt or
securitization arrangements, except for defaults which would not result in a material
adverse affect on its ability to perform its obligations hereunder. |
(f) | Card Information. Company will not (1) disclose, sell, purchase,
provide or exchange Card account number information, Card Transaction Data or any other
Confidential Information of BofA or any Affiliate of BofA to any Affiliate of Company
or other Person, or (2) use any such information or data, for any purpose other than
performance of its obligations under this Agreement, including for marketing purposes,
in violation of any Operating Rules or Applicable Law. |
(g) | Performance. Companys performance of this Agreement will not violate
any Applicable Law or any material agreement to which Company may now or hereafter be
bound. |
(h) | Compliance with Law. Company will comply with the terms of this
Agreement, the Operating Rules, and with Applicable Law as related to the performance
by Company of its obligations hereunder. |
(i) | Insurance. Company has and agrees to maintain policies of workers
compensation, employees liability, and general liability insurance with such limits as
required by law. Promptly upon the written request of BofA, Company will furnish BofA
with the written certificate(s) from its insurers or their agents, addressed to Company
as certificate holder, indicating the existence of Companys insurance coverage, the
amount and nature of such coverage, the expiration date or dates of each policy, and a
thirty (30) day written notice of cancellation. In the alternative, Company may be a
self-insurer upon meeting those requirements of the applicable regulatory authorities
for any or all of the areas set forth above for which Company customarily self-insures.
Company will provide proof of such self-insurance upon BofAs request. |
(j) | Pending Litigation and Claims. Except as disclosed in writing to BofA,
neither Company nor any of its officers or directors are a party to any pending
litigation brought by a Customer, Network or Network Member alleging a violation of any
Operating Rules, or have ever been fined or penalized by any Network or Network Member. |
- 14 -
(k) | Accuracy of Information. All information provided to BofA and its
Affiliates with respect to existing Customers and prospective Customers shall be true
and correct in all material respects. |
(l) | No Reliance. Company acknowledges and agrees that BofA and its
Affiliates have not made, and Company is not relying on, any representation or
warranty, express or implied, with respect to the subject matter hereof, except as
expressly set forth in this Agreement. |
12. | Representations and Warranties of BofA. BofA represents and warrants to Company
that: |
(a) | Good Standing. BofA is a national banking association organized,
validly existing and in good standing under the laws of the United States, and has its
principal office in Charlotte, N.C. BofA is duly licensed or qualified to do business
and is in good standing in all jurisdictions in which the nature of the activities
conducted or proposed to be conducted by it, or the character of the assets owned or
leased by it, makes such licensing or qualification necessary to perform its
obligations required hereunder, except where the failure to be so licensed or qualified
would not have a material adverse effect on its ability to fulfill its obligations
under this Agreement. |
(b) | Capacity; Authority; Validity. BofA has all necessary corporate power
and authority to enter into this Agreement and to perform all of the obligations to be
performed by it under this Agreement. This Agreement has been duly authorized by all
necessary corporate action and has been duly executed and delivered by BofA, and upon
execution by the Parties, shall constitute the valid and binding obligation of BofA,
enforceable against Company in accordance with its terms, subject to applicable
bankruptcy laws and general principles of equity. |
(c) | Conflicts; Defaults. Neither the execution and delivery of this
Agreement by BofA, nor the consummation of the transactions contemplated herein by
BofA, shall (1) conflict with, result in the breach of, constitute a default under or
accelerate, terminate, modify or cancel or require any notice or consent under any
agreement, contract, lease, license, instrument or other arrangement to which BofA is a
party or by which it is bound or to which any of its assets is subject, except for such
violations, conflicts, breaches, defaults, accelerations, terminations or modifications
that would not have a material adverse effect on its ability to fulfill its obligations
under this Agreement; (2) violate the certificate of incorporation, bylaws, or any
other equivalent organizational document of BofA; or (3) require any consent or
approval under any judgment, order, writ, decree, permit or license to which BofA is a
party or by which it is bound. |
(d) | Standard of Performance. BofA shall perform all services hereunder
consistent with the standards of performance utilized by BofA in performing such
services for its other similarly situated customers. However, BofA does not represent
or warrant that its services will be uninterrupted or error free nor will it be liable
for damages resulting therefrom. BofA will not be liable for loss of data in transit
between BofA or its Affiliates and Company, or a Customer, or between BofA or its
Affiliates or Company and the authorizing or settling institutions. |
(e) | No Reliance. BofA acknowledges and agrees that Company has not made,
and BofA is not relying on, any representation or warranty, express or implied, with
respect to the subject matter hereof, except as expressly set forth in this Agreement. |
(f) | THE WARRANTIES SET FORTH IN THIS SECTION 12 CONSTITUTE THE ONLY WARRANTIES BY
BOFA OR ITS AFFILIATES TO COMPANY AND ARE IN LIEU OF ANY OTHER WARRANTIES WRITTEN OR
ORAL, STATUTORY, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
- 15 -
13. | Indemnification and Liability Limitation. |
(a) | Indemnification. |
(1) | Company agrees to indemnify, defend and hold harmless each BofA
Indemnitee from and against any and all Claims, imposed on, incurred by or
asserted against any BofA Indemnitee which in any way directly or indirectly
relate to, result from or arise out of: (A) any breach of any representation,
warranty or covenant of Company contained in this Agreement; (B) any act or
omission of Company, any Customer, any Processor, any Indirect Processor, any
Service Provider or any other Person arising out of or relating to the
Sponsorship Services, the Payment Services, the Customer Agreements, and/or the
Provider Agreements; (C) violation of, or failure to comply with, Applicable
Law, the Operating Rules, the Customer Agreements, the Provider Agreements or
any agreement in connection with which Payment Services are provided or received
by (i) Company, (ii) any Customer, (iii) any Processor or any Service Provider
or (D) any Claim of any Person directly or indirectly relating to, resulting
from or arising out of this Agreement, BofAs sponsorship of any Customer or
Terminal, the provision of Payment Services by Company, any Processor or any
Service Provider or BofAs termination of this Agreement or refusal to extend
the Term hereof (including, without limitation, any Claim for indemnification by
any Network Party), except to the extent that any such Claim arises from the
gross negligence or willful misconduct of BofA or its Affiliates. |
(2) | If any Claim is asserted against any BofA Indemnitee (an
Indemnified Party) by any person who is not a Party to this Agreement
in respect of which the Indemnified Party may be entitled to indemnification
under the provisions of this Section 13, the Indemnifying Party shall have the
right, by notifying the Indemnified Party within ten (10) calendar days of its
receipt of the notice of the Claim, to assume the entire control of the defense,
including, at the Indemnifying Partys expense, employment of counsel. The
Indemnified Party may participate in such defense at the Indemnified Partys
expense and with counsel of the Indemnified Partys choice. In any third party
claim, suit or proceeding the defense of which the Indemnifying Party shall have
assumed, the Indemnified Party will not consent to the entry of any judgment or
enter into any settlement with respect to the matter without the consent of the
Indemnifying Party and the Indemnifying Party will not consent to the entry of
any judgment or enter into any settlement affecting the Indemnified Party to the
extent that the judgment or settlement involves more than the payment of money
without the written consent of the Indemnified Party. |
(b) | Limitation of Liability. EXCEPT WITH RESPECT TO CLAIMS RELATING TO
BOFAS GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, BOFAS CUMULATIVE AGGREGATE LIABILITY
FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THE PRIOR AGREEMENT OR THIS AGREEMENT WILL
BE LIMITED TO TEN THOUSAND DOLLARS ($10,000) DURING THE TERM. |
(c) | Exclusion Of Damages. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES
BE LIABLE UNDER ANY THEORY OF TORT, CONTRACT (WHETHER RELATING TO THE PRIOR AGREEMENT
OR THIS AGREEMENT), STRICT LIABILITY, OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOST
PROFITS, EXEMPLARY, PUNITIVE, SPECIAL INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES,
EACH OF WHICH IS HEREBY EXCLUDED BY AGREEMENT OF THE PARTIES REGARDLESS OF WHETHER OR
NOT EITHER PARTY OR ITS AFFILIATE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. |
- 16 -
14. | Term and Termination |
(a) | Term. |
(1) | This Agreement shall become effective on the Effective Date and
shall continue in full force and effect until November 12, 2010 (the
Term). This Agreement shall automatically terminate upon the end the
Term, without notice or other action by a Party, and shall not be renewed or
otherwise extended beyond the end of the Term except pursuant to a writing
signed by both Parties in their sole and absolute discretion. |
(2) | If, prior to the end of the Term, Company has entered into an
agreement with a new provider of sponsorship services as required under Section
2(b) and such new provider has agreed to assume liability with respect to the
BINs / ICAs on terms acceptable to BofA, but despite the Parties and such new
providers good faith efforts, the transfer of the BINs / ICAs to such new
Provider cannot reasonably be completed before the end of the Term, BofA will
engage in good faith negotiations with Company regarding the terms and
conditions under which BofA might agree to an extension of the term of this
Agreement for a limited period in order to complete such transfer, provided that
(A) the terms of any such extension may include revisions to any of the
provisions of this Agreement, including, but not limited to, an increase in the
Reserve Amount, and (B) any extension must be in writing and signed by both
Parties. |
(b) | Termination Rights. |
(1) | Either Party (the Terminating Party) may terminate this
Agreement immediately if the other Party (the Non-Terminating Party)
materially breaches this Agreement and fails to remedy such breach within ten
(10) days (or 5 business days in the event of a payment default) after receipt
of written notice from the Terminating Party thereof specifying the nature of
such failure. |
(2) | Notwithstanding the provisions of Section 14(b)(1), BofA may
terminate or suspend this Agreement, or cease providing Sponsorship Services
with respect to a Customer, by providing written notice to Company in the event
that: (A) a Network or Governmental Authority directs BofA or an Affiliate to
terminate this Agreement in whole or with respect to a Customer; (B) BofA
reasonably determines that such termination or suspension is required to prevent
significant financial or reputational risk to BofA; or (C) a Material Adverse
Event occurs. |
(3) | Company may terminate this Agreement without cause and without
penalty by providing BofA with ten (10) days advance notice of termination,
provided that (A) Company has entered into a relationship with a new provider
for the Sponsorship Services previously provided by BofA and its Affiliates; (B)
such new provider agrees to assume the transfer of all BINs / ICAs currently
used by Company on terms and conditions acceptable to BofA; and (C) Company
cooperates (and causes such new provider to cooperate) with BofA and its
Affiliates with respect to the transfer of such BINS / ICAs to such provider.
In the event the transfer of such BINS / ICAs to the new provider is completed
prior to the end of such ten (10) day period, this Agreement shall terminate on
the date that the BINS / ICAs are transferred to such new provider. |
- 17 -
15. | Confidentiality. |
(a) | Confidential Information. Except as required by law or as expressly
permitted under this Agreement, the Parties shall keep confidential and shall not
disclose, and shall cause their employers, independent contractors and agents to keep
confidential and not to disclose, to any third
party any Confidential Information obtained from a Party to this Agreement. For
purposes of this Agreement, Confidential Information shall mean any of the
following: |
(1) | Information that is provided by or on behalf of any Party to
another Party or its agents in connection with this Agreement; |
(2) | Information not of a public nature concerning the business or
properties of any Party, including the terms and conditions of this Agreement
(as well as proposed terms and conditions of any amendments, renewals, or
extensions of this Agreement), sales volumes, test results, trade secrets,
business and financial information, source codes, business methods, procedures,
know-how and other information (including intellectual property) of every kind
that relates to the business of any Party; and |
(3) | Information about a Party or its affiliates, or its respective
businesses or employees, that is otherwise obtained by a Party in connection
with this Agreement, in each case including: (A) information concerning
marketing plans, marketing philosophies, objectives and financial results; (B)
information regarding business systems, methods, processes, financing data,
programs and products; (C) information unrelated to the Agreement obtained by a
Party in connection with this Agreement, including by accessing or being present
at the business location of a Party; (D) proprietary technical information,
including source codes; and (E) competitive advantages and disadvantages,
customer names and addresses, technological development, sales volume(s),
business relationships and methods of transacting business, customers and
dealers, operational and data processing capabilities, systems software and
hardware and the documentation thereof or other information of the business or
affairs of each of the Parties and their respective affiliates which a Party
reasonably considers confidential or proprietary and any other information
relating to the transactions contemplated by this Agreement, including any
copies, excerpts, summaries, analyses or notes of the foregoing. |
(b) | Exclusions. Confidential Information shall not include information (1)
obtained from information already in the possession of the Receiving Party (other than
in connection with the structuring, negotiation and execution of this Agreement and the
other related documents and the transactions contemplated herein) and is not otherwise
subject to an agreement as to confidentiality; (2) that becomes generally available in
the public domain other than as a result of an unauthorized disclosure by a Party; (3)
that is lawfully received on a non-confidential basis from a third party authorized to
disclose such information without restriction and without breach of this Agreement;
(4) that is contained in, or is capable of being discovered through examination of
publicly available records or products; and (5) that is developed by a Party without
the use of any proprietary, non-public information provide by a Party under this
Agreement. |
(c) | Maintenance of Confidentiality. If a Receiving Party receives
Confidential Information of the Disclosing Party, the Receiving Party shall do the
following with respect to such Confidential Information: (1) keep Confidential
Information of the Disclosing Party secure and confidential; (2) treat all Confidential
Information of the Disclosing Party with the same degree of care as it accords it own
Confidential Information, but in no event less than a reasonable degree of card: and
(3) implement and maintain commercially reasonable physical, electronic, administrative
and procedural security measures, including commercially reasonable authentication,
access controls, virus protection and intrusion detection practices and procedures. |
(d) | Permitted Uses. Except as specifically set forth herein, each
Receiving Party shall not use or disclose Confidential Information of the Disclosing
Party except: (1) to perform its obligations or enforce its rights with respect to this
Agreement; (2) as expressly permitted by this Agreement; (3) with the prior written
consent of the Disclosing Party; or (4) pursuant to a summons, order or other judicial
or governmental process issued by a Governmental Authority, or in connection with any
regulatory report, audit, inquiry or other request for information from such a
Governmental Authority, or as required by Applicable Law. Notwithstanding the
foregoing, BofA and its Affiliates may provide Confidential Information to the
Networks as necessary to provide the Sponsorship Services or comply with the
Operating Rules. |
- 18 -
(e) | Limited Access. Each Receiving Party shall: (1) limit access to the
Disclosing Partys Confidential Information to those employees, authorized agents,
vendors, consultants, service providers and contractors who have a reasonable need to
access such Confidential Information in connection with this Agreement; and (2) be
bound by obligations with respect to each such Person substantially similar to those
set forth in this Section 15. |
(f) | Requests for Disclosure. In the event that a Receiving Party receives
a request of the type described in Section 15(d) to disclose any Confidential
Information, such Receiving Party shall: (1) notify the Disclosing Party thereof
promptly after receipt of such request; (2) consult with the Disclosing Party on the
advisability of taking steps to resist or vary such request; and (3) if disclosure is
required or deemed advisable, cooperate with the Disclosing Party in any attempt that
it may make to obtain a protective order or other reliable assurance that confidential
treatment will be accorded to the Confidential Information. |
(g) | Public Filings. Each Party shall obtain the other Partys consent, not
to be unreasonably withheld or delayed, if such Party believes that it is required to
file this Agreement as an exhibit to one or more of its SEC filings. |
(h) | Compliance with Applicable Law. Notwithstanding anything else
contained in this Agreement, no Party shall be obligated to take any action that such
Party believes in good faith would violate, or is reasonably likely to cause it to
violate, any Applicable Law. |
16. | Miscellaneous. |
(a) | Governing Law. This Agreement will be governed by, interpreted and
construed in accordance with, the laws of the State of New York, regardless of the laws
that might otherwise govern under applicable principles of conflicts of laws thereof. |
(b) | Jurisdiction; Venue. The Parties irrevocably consent to the exclusive
personal jurisdiction and exclusive venue of the federal and state courts in New York,
New York for any court action or proceeding relating to the Prior Agreement, this
Agreement, or the relationships contemplated thereby. THE PARTIES HEREBY EXPRESSLY
WAIVE ANY RIGHT TO TRIAL BY JURY OF ANY CLAIM, DEMAND, ACTION OR CAUSE OF ACTION
RELATING TO THE PRIOR AGREEMENT, THIS AGREEMENT OR THE RELATIONSHIPS CONTEMPLATED
THEREBY. |
(c) | Amendments; Waivers. This Agreement may be amended only by a writing
signed by all of the Parties. Course of dealing, implication or failure or a delay in
exercising any Partys rights and remedies hereunder will not effect any amendment or
modification of this Agreement or the waiver of any such rights. |
(d) | Counterparts. This Agreement may be executed in multiple counterparts,
each of which will constitute an original hereof, and all of which taken together will
constitute one and the same agreement. |
(e) | Entire Agreement. This Agreement contains the entire agreement of the
Parties and supersede any prior or contemporaneous written or oral agreements between
the Parties with respect to the subject matter hereof. In the event that this
Agreement, or any portion hereof, conflicts with a Networks Operating Rules, the
applicable Operating Rules or relevant provision thereof will govern. There
are no representations, warranties, agreements, arrangements, or understandings, oral
or written between the Parties relating to the subject matter of this Agreement which
are not fully expressed herein, or in the Operating Rules. |
- 19 -
(f) | Notices. All notices permitted or required by this Agreement shall be
in writing and shall be deemed to have been duly given (1) upon personal delivery
(whether by messenger, overnight delivery, telegram, or otherwise), (2) upon facsimile
transmission (receipt of which is orally confirmed by the recipient) or upon
transmission by tested telex, or (3) three (3) business days after deposit, postage
prepaid, in the United States mail, if sent by certified or registered mail, return
receipt requested, and addressed: |
in the case of notice to BofA, to:
|
Bank of America, N.A. | |
Attention: Paul Mooney | ||
MA5-100-08-12 | ||
100 Federal Street | ||
Boston, Massachusetts | ||
(617) 434-4289 (Fax) | ||
and in the case of notice to Company, to:
|
Global Cash Access, Inc. | |
Attention: General Counsel | ||
3525 E. Post Road, Suite 125 | ||
Las Vegas, Nevada 89120 | ||
(702) 262-5039 (Fax) |
or in accordance with such other address information as the Party to receive notice
may provide in writing to the other Party in accordance with the above notice
provisions. Any notice given by any other method will be deemed to have been duly
given upon receipt thereof.
(g) | Assignment. A Party shall not assign this Agreement or any of its
rights hereunder without the prior written consent of the other Party; provided,
however, that BofA may, without the prior written consent of Company, assign this
Agreement or otherwise transfer any of its rights and obligations hereunder to any of
its Affiliates, any successor-in-interest of BofA, or any entity which acquires a
majority of BofAs assets or operations. For avoidance of doubt, a change of control
or ownership of a Party shall constitute an assignment of this Agreement. Subject to
the foregoing, this Agreement shall be binding on the parties hereto and their
respective successors and permitted assigns. |
(h) | No Third-Party Beneficiaries. This Agreement will be binding upon and
inure to the benefit of the Parties and their respective legal representatives,
successors and assigns. This Agreement is not for the benefit of any other person,
and no other person will have any rights against Company or BofA hereunder. |
(i) | Construction. Section headings in this Agreement are included for
convenience only and shall not affect the meaning or interpretation of any provision of
this Agreement. References in this Agreement to any Section are to such Section of
this Agreement. Unless the context of this Agreement clearly requires otherwise,
references to the plural include the singular, references to the singular include the
plural, and the term including or includes is not limiting. The schedules,
exhibits and attachments referred to herein shall be construed with and as an integral
part of this Agreement to the same effect as if it were set forth verbatim herein. |
(j) | Waiver. None of the provisions of this Agreement will be deemed to
have been waived by any act or acquiescence on the part of either Party, their agents,
or employees and may be waived only by instruments in writing signed by the authorized
officer of the respective Party. No waiver of any provision or of the same provision
on any occasion will operate as a waiver on another occasion. |
- 20 -
(k) | Severability. If any clause, sentence or other provision or portion of
this Agreement will for any reason become illegal, null or void, or be held by any
court of competent jurisdiction to be illegal, null or void, the remaining portions of
this Agreement will remain in full force and effect. |
(l) | Further Assurances. The Parties from time to time after execution of
this Agreement, without further consideration, will execute and deliver, as
appropriate, such documents and take such actions as may be reasonably necessary or
proper to carry out and consummate the transactions contemplated by this Agreement. |
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed as of the date first
above written by their duly authorized officers.
BANK OF AMERICA, N.A. | GLOBAL CASH ACCESS, INC. | |||||||||||||
By: | /s/ Paul Mooney | By: | /s/ Scott Betts | |||||||||||
Name: | Paul Mooney | Name: | Scott Betts | |||||||||||
Title: | SVP | Title: | President and CEO |
- 21 -
Exhibit A
Networks With Respect to Sponsorship
Visa
MasterCard
STAR
Pulse, provided that Company has entered into a new agreement with Pulse to maintain its
registration
Any other Networks mutually agreed upon by the Parties in writing.
- 1 -
Exhibit B
Reports
New Accounts Required Information for All New Merchants-requires bank consent prior to boarding
| Copy of executed agreement |
| Doing Business As (DBA) name |
| Merchant legal name |
| Merchant outlet location, including street address, city, state and nine-digit ZIP code |
| Federal Taxpayer Identification Number, and identification of the number as either a
Federal Employer Identification Number (FEIN) or Social Security Number (SSN) |
| Incorporation status (e.g., corporation, partnership, sole proprietor, non-profit, or
other) |
| Gaming Licensing |
| Telebet (non face to face) requires legal opinion merchant, legal opinion GCA,
Effective controls by 3rd party |
| Full first and last name, including middle initial, if merchant is a sole proprietor |
| MCC and, if applicable, any secondary MCCs |
| PCI DSS compliance |
| MATCH-clear |
| Physical site inspection |
Transaction Monitoring
1. | Add location for ATM and/or POS location |
2. | Ability to view the following data on a daily basis by client: |
| Gross sales volume |
|
| Average transaction amount |
|
| Number of transaction receipts |
|
| Number of chargebacks |
|
| Number of credits |
Exception Reporting and Controls-daily
Exception activity reporting that includes daily reports to detect high-risk activity:
| Authorizations indicate controls established at the individual merchant
and/or MCC level and subsequent reporting of exceptions |
| Key entered High rates of key entered transactions |
| Deposits Large out-of-pattern deposits and large individual transactions
suspended and reviewed |
| Same card # Multiple sales with the same card number is reviewed |
| Average transaction size Large changes in the average transaction size. |
| New/inactive merchants Deposit activity for new/inactive merchants. |
| Reduction in sales volume. |
| Increasing or excessive draft retrieval request rates. |
| Increasing or excessive chargeback rates by merchant location. |
| Address changes |
| DDA changes |
- 1 -
Monthly Reporting
| Key Management Reports 2009
include at minimum # and $ transactions by card type,
losses, chargeback, fraud, data compromise, chargeback by merchant location ID |
| Exception reports fraud/suspicious activity, settlement failure, interchange
monitoring/rejects, ATM outage, chargeback programs, significant fraud event or theft of a
device |
| Organization charts indicating material organization changes Executive Level |
| Location reporting/datafile provide monthly list of all current open and closed MIDS
(last 12 months) provide MID # and Corp name, DBA name, address, MCC, transaction $
and # by location, returns/credits $ & # by location, CB $&# by location, fraud by
location $ and # (CB reason code for fraud), date open, date closed, DBA name, SIC
MCC(s), Visa POS Condition code, Visa Processing code, MasterCard TCC |
| Merchants placed on MATCH |
| TC 50 |
| MasterCard Data Integrity |
| Changes to surcharging validation in compliance with network rules and state rules |
| Customer PCI compliance monthly report PCI compliance status of customers |
| Any material changes to responsible gaming policy procedures and controls |
Quarterly
1. | PCI Quarterly Scan Annual ROC, Visa PIN & ANSI TR-39/TG3 |
||
2. | Visa volume reporting |
||
3. | Visa PLUS reporting |
||
4. | MasterCard [***] & [***] location reporting |
||
5. | List of all third party vendors that have possession of CH data or perform ATM related
services, encrypted or non encrypted include full description of function performed by
third party |
||
6. | List by ATM location, who owns device, who loads cash, performs maintenance receipt
paper etc, performs hardware software maintenance and PIN encryption |
- 2 -
Exhibit C
Permissible Merchant Category Codes
MCC
[***], [***], [***], [***], [***]
and [***] will require prior approval by BofA and registration with
the applicable Network(s) before boarding of a Customer
- 1 -
Exhibit D
First Annapolis Review and Recommendations
- 1 -
Exhibit 10.50
Exhibit D
First Annapolis Review and Recommendations
First Annapolis Review and Recommendations
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
1
|
Issue: GCA does not have formal, written policies and/or procedures that
address credit and fraud risk, settlement, or reconciliation.
Documented policies and procedures aid significantly in consistency,
training, and continuity in the event of employee turnover GCA has a
unique business model that focuses exclusively on enabling casinos to
provide their customers access to cash via credit and debit cards. GCAs
small portfolio of 1,100 customers consists exclusively of casinos that
are heavily regulated by various gaming authorities. Therefore, it is
GCAs position that a credit risk policy and independent underwriting,
when the customer is new and on an ongoing basis, is unnecessary due to
the very stringent investigation and ongoing monitoring processes that
gaming authorities have in place to oversee casinos. GCA does not have
insight into the investigations performed by gaming authorities on its
customers, the results of those investigations, or a copy of the gaming
licenses. Further, card network regulations (Visa) state An Acquirer
must determine that a prospective Merchant is financially responsible and
that there is no significant derogatory background information about any
of its principals", and An Acquirer must implement an underwriting,
monitoring, and control policy for its Merchants, VisaNet Processors, and
Third Parties. GCA does not calculate the dollar amount of credit or
total exposure at the individual casino or portfolio level. GCA currently takes the position that its risk of loss is minimal because it
is always holding the funds", and as such does not require casinos to
maintain reserves against losses. However, because of the time lag in
the chargeback cycle and lack of sub-merchant fraud monitoring, GCA
actually has risk exposure. Regarding settlement and reconciliation, GCA relies heavily on the institutional knowledge of long-time employees. A recent conversion to the TSYS processing platform has impacted the manner in which these functions are performed. New policies and/or procedures are needed to reflect the current processes. As a publicly held company, GCA performs SOX compliance activities which identify, document, and test key controls across the |
Low | Agree / In progress | GCA will develop a credit risk and reserve account requirement policy as part
of its standard practices by 7/31 which will be commensurate with GCA business risk and
regulatory oversight. The policy and steps required to establish the policy will be
documented and reviewed with Sponsor Bank. GCA will further develop control procedures in conjunction with the policies
to be managed via our TranSending development project. These procedures and system are
targeted for completion by Q1, 2011 Using the exception management Business Requirements document as a framework
GCA will develop interim procedures will be completed by 7/31 BofA response: OK with GCA response. GCA will follow up with BofA after detailed project plan from TSYS for TranSending is delivered to firm up the Q! deliverable date. |
Recommendations: GCA should develop a credit risk policy and make
it a standard practice to conduct actual underwriting and
business validation. The credit policy, which should be reviewed
and approved by Bank of America, should address both initial
underwriting of new applicants and ongoing credit monitoring of
existing customers. Both the credit policy and the level of
underwriting should fully take into consideration all of the
investigation and diligence performed by the gaming authorities
while striking a balance of meeting the card network
requirements. At a minimum, GCA should perform a MATCH query,
OFAC screening, a credit review (e.g., D&B report or a review of
financial statements), and validation of PCI compliance.
As a best practice, GCA should develop more robust
policies
and/or procedures, as appropriate, including settlement
& reconciliation; chargeback management; and fraud
monitoring. Resources: Business managers, finance, risk,
legal, underwriting, relationship managers, and
compliance. Timeframe: May vary by process (and in many cases
is simply a matter of documenting existing practices); estimated
timeframe for completion is approximately three months. Initial
timeframe to develop underwriting policy and functional process
and to validate the current financial standing and PCI compliance
of each customer is approximately three to six months, depending on staffing capacity. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
2
|
Issue: GCAs internal audit function is focused on compliance with Sarbanes Oxley. Its audit plan is comprehensive in nature and appears to adequately identify, document, and test key controls. However, the audit process does not include auditing of the customer application approval process (e.g., credit risk standards, underwriting procedures), compliance with network regulations, or other non-financial functions specific to network regulations. | Low | Agree | Internal Audit bases it audits on both Sarbanes Oxley compliance and Enterprise Risk.
Sarbanes Oxley compliance includes all key financial controls and includes the settlement
process and reconciliation. These are regularly audited at least once per year. The other
areas recommended for audit such as chargeback, underwriting were considered low risk
compared to the Enterprise and as such were not audited. However, Internal Audit would be
willing to audit these areas initially and determine if value was obtained from the audit.
Further audits would be considered based on the risk and value obtained from the initial
audit. The compliance to network regulations would be difficult to audit since the
requirements are not openly published or available. If the network regulations were
provided by the sponsor Internal Audit would include in the Audit Plan on a periodic basis.
BofA response: BofA recommends annual ongoing audits conducted by GCAs internal audit group. BofA will provide GCA with guidance on specific association audit requirements to include a summarized network audit requirements document by 8/07/2010 All agreed the First Annapolis review satisfies the immediate term and GCA will plan future internal audits to begin early 2011. BofA proposes to visit GCA semi-annually with the next visit targeted for February 2011. |
Recommendation: GCA should expand its internal
audit function to encompass specific practices and requirements
related to ATM operations and card acceptance for compliance to
network regulations, including (but not limited to): new account
underwriting; fraud monitoring; settlement; ongoing credit
monitoring; network regulations compliance; chargeback
processing; etc. Resources: Compliance (may require the addition
of a compliance resource with significant experience in card
network regulations and/or payments industry experience, which we
recommend). Timeframe: Timeframe to expand the scope of the
internal audit is estimated to be six to twelve months.
|
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
3
|
Issue: An external audit conducted by Michael McDonald & Associates in 2008 found GCA to be in compliance with the Bank Secrecy Act and AML requirements. There were, however, recommendations for improvement, particularly related to AML compliance technology that do not appear to have been addressed to date. Specific recommendations included the need to submit SARs/CTRs electronically (GCA is currently in the process of certifying to e-file its reports) and to introduce enhanced technology/automation for transaction analysis (which appears to continue to be a manual process). | Nominal | Agree In Progress |
Implementation of the Automated AML feature of Transending is scheduled for
Q4 2010. GCA currently has an established manual process in place with respect to
Title 31 compliance. BofA response: OK |
Recommendation: GCA should continue its migration
to an electronic environment for AML monitoring and compliance,
as highlighted in the McDonald report. Resources: Compliance, IT. Timeframe: Given that it is already underway, the estimated time to implement e-file appears to be minimal; timeframe for implementing automated transaction analysis solutions will vary depending on the type of solution, and may take three to twelve months |
|||||
4
|
Issue: As stated in the 2008 McDonald report, GCA relies on U.S. issuers of credit cards, debit cards, and checking account products to screen their customers for OFAC compliance. For U.S.-based transactions, this is likely sufficient. However, it does not ensure sufficient OFAC screening for transactions involving cards issued internationally. | Low | Agree | GCA will analyze what is required to conduct OFAC reviews. The analysis will
result in the development of technical and procedural changes to current practices. This
analysis will be completed by Q4, 2010 and the process changes will be in effect by Q2,
2011. BofA response: BofA expressed some concern with GCAs proposed timing but will consider it and get back to us if they require something different. |
Recommendation: GCA should continue to conduct an
annual run of patrons against the OFAC list as a back-up
compliance procedure; in addition, GCA, should address OFAC
filtering of international transactions, as recommended in the
McDonald report. Resources: Compliance, IT. Timeframe: Developing a manual process to check
OFAC listings in the short-term could take a few weeks;
implementing an automated screening solution could take three to
six months. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
5
|
Issue: GCA does not appear to have a formal function or process in place to understand and monitor changes in financial industry regulations (e.g., PATRIOT Act, Gramm-Leach Bliley, Electronic Fund Transfer Act). It does, however, closely monitor and track gaming industry regulations. | Low | Agree In Progress |
The legal department has completed the implementation of a formalized method
of tracking legal and regulatory developments through a subscription-based tracking service
offered by WestLaw. GCA will formalize and document its compliance management including
roles/responsibilities with accountability as well as notifications and internal/external
communications against all legal/regulatory governing bodies for all services provided by
Q1, 2011 BofA response: OK |
Recommendation: GCA should expand its regulatory monitoring to
include financial industry regulations, and may want to consider
the addition of a resource with expertise in financial industry
regulations. Recommendation: GCA should expand its regulatory
monitoring to include financial industry regulations, and may
want to consider the addition of a resource with expertise in
financial industry regulations. Resources: Compliance, legal, HR, additional
FTE. Timeframe: Timeframe to identify and hire the
appropriate resource and develop monitoring processes may take
three to twelve months.
|
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
6
|
Issue: GCA does not have a formal process in place to monitor changes in network rules and their corresponding impact. On an ad hoc basis, notifications of rules changes are received via weekly meetings and correspondence from Bank of America and from its processor, TSYS, which are circulated to the management team via email. Required technology changes / enhancements are identified and manually added to a change order list. | Med | Agree In Process |
GCA has a defined process to track regulations. The process is continually
being refined, roles and responsibilities clarified and specified. GCA has a central location where appropriate notifications are stored and
tracked. There is also a regulatory calendar that tracks significant compliance
dates. GCA is implementing a system to automated document flow and electronic
retention to further ensure that compliance requirements are tracked, completed and stored
for future review. This system will is targeted for implementation Q4, 2010 GCA accepts the recommendation to work closely with its sponsor to monitor
its ongoing compliance with network rules and asks that BofA assist us in addressing these
concerns by setting up a formal notification process to keep GCA abreast of association
compliance changes and assists GCA in interpreting the changes and their impacts on our
business. Roles and Responsibilities need to be clarified with BofA as to how. Network
changes are interpreted and communicated. GCA does not have direct access to network
publications and is reliant upon BofA to notify us of these changes. To date, we feel the
notification process has been spotty and inconsistent; we have been situations where the
notification was received well after implementation dates BofA response: BofA will install a GCA relationship manger to help with compliance. This new position will be co-terminus with the completion of the BofA sponsorship agreement. |
Issue: GCA does not have a formal process in place to monitor
changes in network rules and their corresponding impact. On an
ad hoc basis, notifications of rules changes are received via
weekly meetings and correspondence from Bank of America and from
its processor, TSYS, which are circulated to the management team
via email. Required technology changes / enhancements are
identified and manually added to a change order list. Recommendation: GCA should work closely with its
sponsor to monitor its ongoing compliance with network rules and
assess the impact of rules changes. As an industry best
practice, GCA should consider the addition of a resource that is
highly knowledgeable of the network rules and regulations.
Resources: IT, compliance, legal, HR, additional
FTE. Timeframe: Timeframe to identify and hire the
appropriate resource and develop monitoring processes may take
three to twelve months. |
|||||
7
|
Issue: GCA does not have a formal process in place to frequently monitor network interchange. Because Visa rules state that the network is not responsible for any penalties or reimbursements of interchange, the liability resides on GCA to ensure that its interchange qualifications are accurate. Based on interviews with GCA, the finance department does a high-level review of interchange on a monthly basis, but those reviews are not tracked or documented. A detailed audit of interchange qualifications is done annually based on one months worth of POS transaction data. The concern is that this annual review would not identify issues in a timely enough manner to be effective, and the monthly review should be documented. | Low | Agree In Progress |
As a standard practice, interchange is reviewed by both Finance and the
Settlement departments, who review interchange on an ongoing basis. In addition, this is a
key control for SOX compliance testing. As part of the Transcending initiative, GCA has specified requirements for
robust Interchange reporting to facilitate the manual monitoring already performed by both
the Settlement and Finance Departments. Delivery is expected in Q4 2010. BofA Response: OK |
Recommendation: GCA should make it a standard, documented practice to review its interchange qualifications on an ongoing basis. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
8
|
Issue: GCAs processing contract is directly with TSYS, which limits Bank of Americas ability to access systems to perform sponsor bank oversight of transaction activity. | Low | Agree | GCA will request access for BofA to the TSYS system. GCA will also provide any requested
reports and documentation to assist BofAs ability to perform its general oversight duties.
BofAs response: OK |
Recommendation: Bank of America should formally request, and GCA should provide Bank of America with read-only access to the TSYS system to perform general oversight as dictated by the card networks. | |||||
9
|
Issue: GCA currently has no formal termination policy with respect to its sub-merchants. There are standard for cause termination provisions within most of its customer contracts (e.g., violation of transaction completion procedures, excessive chargebacks), as well as provisions which would protect GCA if one of its customers were to jeopardize a particular gaming license. However, it does not appear that GCA monitors its customers specifically for compliance with the termination provisions. | Nominal | Disagree | As discussed previously, there is very little financial risk to GCA due to
the unique nature of the cash and quasi-cash based business. In addition, GCA is
contractually protected if a customer does not pay or if a customer poses a reputational
risk to GCA in that it can terminate its contract with a customer without liability in any
instance. GCA opts to accept the very minimal business risk associated with this
concern. BofAs response: OK subject to review and confirmation of GCAs current contract language allowing for sub merchant contract termination if sub merchant is found to be in violation of network regulations. Steve Fishbach to do. |
Recommendation: GCA should develop a formal termination policy supported by oversight mechanisms to ensure that sub-merchants adhere to the terms of the contract. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
10
|
GCA processes and monitors chargebacks daily to identify cardholder fraud, but does not monitor individual sub-merchants (casinos) or property for chargeback trends as part of its ongoing risk management processes to identify casino or employee fraud. Although GCA typically retains the right to penalize sub-merchants for excessive chargebacks in its contracts, it is not something that GCA tracks or enforces. It is noted that GCAs does not have an excessive chargeback rate. | Nominal | Agree In Progress |
There are a number of additional reports and controls that will be included in TranSending,
including reports that will be used to monitor chargeback trends, cardholder fraud and
employee fraud for both GCA booth and non-booth locations. scheduled for Q4, 2010 BofAs response: OK |
Recommendation: As a best practice, GCA should enhance its chargeback reporting and monitoring of the chargebacks of individual sub-merchants and properties to ensure that chargeback ratios and dollar amounts are reasonable. For example, reporting or filters that identify customers that exceed a chargeback rate of X% during a month and customers that experience an increase in chargebacks on a specific day, rolling seven day, and rolling 30 day time periods compared to that customers chargeback history. | |||||
11
|
Issue: GCA relies on its ability to deduct chargebacks from merchants commission payments and does not currently require sub-merchants to maintain reserves against chargeback activity. This review did not evaluate the creditworthiness of individual customers, and we are not stating that reserves are necessary in general or for any specific customers. However, GCA does not monitor the creditworthiness of casinos and does not have supporting documentation that analysis is performed to determine whether or not reserves are warranted for any individual customer. While GCAs standard contract permits a reserve, there is no process in place to identify when a reserve is necessary to mitigate risk. It is acknowledged that GCA recognizes the higher risk associated with its small subset of customers that process card not present transactions | Nominal | Agree In Progress |
Same as 10 and 1. BofA response: OK |
Recommendation: GCA should require its casino sub-merchants to maintain reserves against potential chargeback losses where financial performance of the casino warrants. Financial condition of each casino should be review annually or as frequently as monthly, depending on the casinos financial condition. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
12
|
Issue: Network rules stipulate that the reserve funds must be held and controlled by the sponsoring financial institution. In its contracts, GCA retains the right to require sub-merchants to maintain a reserve if the sub-merchant exceeds a particular chargeback threshold, but it stipulates that the reserve account can be located at a mutually agreed-to financial institution. | Low | Agree In Progress |
This requirement will be included, vetted and documented during as part of the policy and
process definition detailed in Issue 1. BofA Response: OK |
Recommendation: GCA should amend its contracts to specify that reserve funds will be held and controlled by the sponsoring bank | |||||
13
|
Issue: GCA appears to have a robust screening process in place to identify cardholder fraud, but it does not monitor for sub-merchant or employee fraud. | Low | Agree | Same as 10. BofA response: OK |
Recommendation: As a best practice, GCA should incorporate fraud screens designed to monitor patterns of activity at each sub-merchant to identify potential fraud. For example, velocity checks, spikes in volume, percentage of keyed transactions, forced transactions, credit refunds without original matching transactions, large credits, excessive retrieval requests or chargebacks by location, changes in average ticket size, etc. Most entities build this infrastructure to operate in an automated fashion such that human intervention is only needed when an issue is identified at a specific customer location. | |||||
14
|
Issue: GCAs ATMs do not support PINs up to twelve digits as required by Visas Plus Regulation Section 2.3.D. (Note, GCA is in compliance with MasterCards Cirrus regulations, which require support for PINs up to six digits). | Minimal | Agree | GCA feels that there is minimal business risk to this issue and opts to
continue its current practice. Should a project opportunity present itself, GCA in the
future, GCA will expand the PIN field at that time. GCA also considers this to be a common
practice in the industry. BofA response: BofA agrees the industry is not ready to adopt the requirement but warns it could become a future association mandate |
Recommendation: GCA should evaluate the business case for increasing its PIN acceptance length to achieve compliance with network rules. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
15
|
Issue: Network regulations require that all members submit updated lists of white label ATM locations (as well as ATM hardware/software information) to the networks on a quarterly basis. Historically, GCA has been responsible for updating the networks directly and sending confirmation to Bank of America. However, it appears that GCA has not been updating the networks. | Low | Agree In Progress |
GCA has supplied BofA continued quarterly reports. GCA agrees with the recommendation that we work with BofA to develop a
process to ensure the card networks receive updated lists on quarterly basis. To that end
we have asked BofA for guidance to develop this process. GCA has not submitted to the
networks, does not know the guidelines and process on how to submit to the networks. This
is another example of the reliance we have on BofA as our sponsor to be a partner with GCA.
This is underway and will be completed by Q3, 2010 BofA response: OK |
Recommendation: Bank of America and GCA should work together to develop a process to ensure that the card networks receive updated lists on a quarterly basis. | |||||
16
|
Issue: GCA does not have a process in place to provide updates to the networks regarding ATM access fee implementations and/or ATM access fee locations as required by Plus Regulations 2.14.A and 2.14.D. | Low | Agree In Progress |
Same as above. BofA response: OK |
Recommendation: GCA and Bank of America should work together to develop a process for notifying the networks of fee introductions and/or changes prior to their implementation to ensure compliance, as well as quarterly reporting of access fees by ATM location. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
17
|
Issue: Posted disclosures of ATM access fees do not meet network visibility standards at all ATMs. Specifically, the fee notice is required to be 14 point font and as high a contrast as other graphics on the terminal. Fee notices appeared to be smaller than 14 point font and the clear sticker on a beige background does not appear to be as high a contrast as other graphics. | Minimal | Agree In Progress |
GCA posts a static sign that indicates a fee will be charged. GCA continues to work with BofA on all signage and will swap out requires
signage as part of its ongoing business practice NOTE: we have received tentative approval on signage from BofA. BofA response: OK |
Recommendation: Signage that meets network standards should be created and posted. |
|||||
18
|
Issue: GCA has written contracts with its ATM merchant locations.
However, it does not have ATM Operator Agreements that include all of the
information required by network rules with sub-merchants (casinos) that
own their own ATMs. (See Appendix B for examples of ATM Operator
Agreements). ATM Operator Agreements are required to include: The acquirers name, location, and contact information in letter size consistent with the rest of the ATM Operator agreement printing and in a manner that makes the Acquirers name readily discernible by the ATM operator; A statement that the ATM operator may potentially be terminated for failure to comply with the ATM operator agreement; Federal Taxpayer Identification Number, Federal Employer Identification Number, or Social Security Number of all principals; and Full first and last name, including middle initial of principals. Additional information required by member bank. Copies of these agreements should be on file with Bank of America and must be able to be made available to the networks upon request. Further, Bank of America as sponsor bank should be a party to the agreements. |
Low | Agree In Progress |
The legal department is reviewing its standard operator agreements and will
include all applicable required information. Complete by Q4,2010 BofA response: OK |
Recommendation: GCA should work with the operators of its merchant-owned terminals and Bank of America to ensure that appropriate ATM Operator Agreements are executed. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
19
|
Issue: A tax ID is required for each sub-merchant profile (MID); however, the tax ID fields for GCAs MIDs are currently set to all zeros within the TSYS system. | COMPLETE | BofA response: OK |
Recommendation: GCA indicates that this issue has been corrected. | ||||||
20
|
Issue: TSYS currently has limitations regarding its ability to handle multiple MCCs (i.e., one for Visa and one for MasterCard). Some transactions should be processed as 4829 for Visa and 6051 for MasterCard, but currently all of them are being processed as 6051. TSYS had requested an exception for the fact they can only support one MCC, but that request has reportedly been declined. Visa has indicated it will be sending Bank of America a notification of non-compliance, and Bank of America / GCA / TSYS will have 30 days to provide Visa with a remediation plan. | High | Agree In Progress |
TSYS is on track to deliver this capability August 2010 and GCA will provide
updates as noted below. Other Information: BOFA received notification from Visa that it has completed a review of Bank of Americas request for extension with regard to GCA violation of Operating regulations (that submission of merchant transactions under 6051 should be 4829). Visa has accepted the compliance plan and is extending the compliance deadline to 8/28/2010 on the condition that Bank of America provides monthly updates, beginning in May. To further note, the extension does not absolve Bank of America or GCA from any and all claims by other members and are responsible for all disputes arising from non-compliance. BofA response: OK |
Recommendation: GCA and Bank of America should work with TSYS to implement separate MCC codes to ensure that the transactions are being processed correctly. GCA indicates that TSYS is working on a solution and has submitted a corrective action plan. The final plan to resolve the issue needs to be in place by the end of August, 2010. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
21
|
Issue: Cardholder receipts for money order purchases are not in strict compliance with network guidelines (e.g., they do not include positive identification of the cardholder [including a description of the ID and any serial number or expiration date] nor the four digits printed above/below the embossed or printed account number). This information is captured on the money order itself, but not on the cardholder receipt. | Low | Agree | BofA response: BofA Acknowledges our response, understands it, advocates it, and will continue to perform research with associations. No further action is required by GCA at this time. |
Recommendation: Receipts could to be corrected to be in compliance. However, GCA chooses not to comply due to privacy concerns to mask cardholder information. | |||||
22
|
Issue: Customers of GCAs off-track betting clients call into a call center to fund their betting accounts, which is a card-not-present transaction. However, GCA is currently processing its Visa transactions as card-present (using the POS condition code 00 instead of 08); for MasterCard, its TCC is R for retail instead of U for Unique Transaction Quasi Cash Disbursement. | Low | Agree In Progress |
GCA has a project underway to register all off track betting locations. All transactions are being presented correctly Information has been supplied to BofA for review. BofA response: OK |
Recommendation: GCA should work with TSYS and Bank of America to review its transaction coding to ensure that all card-not present transactions are processed accurately. GCA indicates that corrective action is in process. | |||||
23
|
Issue: Currently, customers of GCAs off-track betting sub-merchants who call to fund their betting accounts do not appear to receive a receipt for the transaction as required by network regulations. | Minimal | Agree In Progress |
GCA is investigating the issue for all registered OTB locations and will report findings and
remediation plan if required by 7/30/10. BofA response: OK |
Recommendation: GCA should implement a process whereby all customers who fund their accounts through telephone be mailed a paper receipt. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
24
|
Issue: GCA does not have a formal process in place to monitor its sub-merchants compliance with PCI standards on an ongoing basis. Additionally, approximately 25% of GCAs ATMs are routed through a fire-walled, client-run network. GCA does not have insight into these networks with regards to PCI compliance or data security in general | Low | Agree In Progress |
GCA feels this is minimal risk in that we do not transmit unencrypted
information as well as conduct routine penetration tests. GCA is proactively reducing this
risk even further by: GCA is currently in the process of installing WinCores Proview fleet
management software which offers security consistent with PCI requirements. The software
includes security features for Encryption, Window Lockdown, Malware Protection and Access
Control. Working with our QSA to ensure that we meet all requirements for PCI
including shared network related risks. This will be reviewed as part of our yearly PCI
compliance audit. BofA response: BofA will continue to investigate with Mary and Ray and will clarify specific concern if any. No further action required by GCA at this time. |
Recommendation: GCA is reducing its exposure by implementing a new ATM software that will provide end-to-end encryption of data. While we agree with this strategy, GCA should also verify its sub-merchants compliance with PCI as part of its initial and ongoing due diligence processes, especially those through which ATM transactions are routed. | |||||
25
|
Issue: GCA stated during the review that a subset of casinos are still printing receipts for negotiable instruments that contain complete card numbers. | COMPLETE | BofA response: OK |
Recommendation: GCA states this issue was corrected as of April 30, 2010. |
# | Issue | Risk | Agreement | GCA Comments. | Recommendation from F.A | |||||
26
|
Issue: Network regulations prohibit the sharing of cardholder data
(including the cardholder account number, personal information and other
transaction information) with unaffiliated third parties. Although GCA
does not share cardholder data as defined by PCI, it is unclear whether
GCA may be sharing cardholder information (as defined more broadly in the
network regulations) with third parties (e.g., casinos via its PowerCash
product and/or with DiamondStream). Receipts for GCA-issued money orders state that GCA collects non-public personal information from the money order application and other forms, as well as information about the consumers transactions with GCA, its affiliates, and others, and that they may disclose this information to the casino and/or other non-affiliated third parties (including marketing service companies and other financial institutions). Consumers must call to opt-out if they do not want their information shared. GCA personnel indicated that only aggregate data is shared with DiamondStream. However, DiamondStream markets its service as the only GCA (Global Cash Access) partner that allows your casino to understand what your most valuable patrons are doing when theyre not at your property. We combine GCA data with your own to augment and enrich your customer data, in order to evaluate potential patron value, predict wallet share, and understand likely responses again, at the individual patron level. So youll know more about how much they spend, what games they enjoy, how they spend when theyre not gaming, and more. This marketing implies that DiamondStream is receiving data that is more granular than aggregate. It is noted that data sharing was not audited as part of the scope of this review, and there is no evidence to suggest that GCA is doing anything wrong. Since data sharing is a very sensitive subject with the card networks, Bank of America should work with GCA to mutually validate compliance with all card network data sharing regulations. |
Low | Disagree | GCA continues to vet all marketing programs with outside counsel and our outside counsel has
discussed our position with internal legal counsel at BofA. BofA response BofA will vet internally with legal department and come back to GCA with any specific concern. No further action required by GCA at this time. |