FIRST MARBLEHEAD CORP - FORM 8-K - EX-99.1 - LOAN PROGRAM AGREEMENT

Attached files

file	filename
EX-99.2 - PRESS RELEASE - FIRST MARBLEHEAD CORP	d388379dex992.htm
8-K - FORM 8-K - FIRST MARBLEHEAD CORP	d388379d8k.htm

Exhibit 99.1

Execution Version

Confidential Materials omitted and filed separately with the

Securities and Exchange Commission. Asterisks denote omissions.

LOAN PROGRAM AGREEMENT

This Loan Program Agreement (the “Agreement”) is entered into as of the 2^nd day of August, 2012 (the “Effective Date”), by and among First Marblehead Education Resources, Inc., a Delaware corporation having an office at One Cabot Road, Medford, Massachusetts 02155 (“FMER”), The First Marblehead Corporation, a Delaware corporation having its principal offices at 800 Boylston Street, 34^th Floor, Boston, Massachusetts 02199 (“FMC”), and SunTrust Bank, a Georgia state-chartered banking corporation having an office located at 1001 Semmes Avenue, Richmond, Virginia 23224 (“SunTrust”). FMER, FMC and SunTrust are hereinafter collectively referred to as the “Parties” and each individually as a “Party”.

WHEREAS, FMER and/or FMC are in the business of providing private student loan outsourcing solutions, such as private student loan refinancing services, to banks and other financial institutions;

WHEREAS, FMC desires to provide certain credit enhancement with respect to Loans (as defined below) originated under this Agreement;

WHEREAS, SunTrust desires to retain FMER to provide the private student loan outsourcing solutions as set forth in this Agreement; and

WHEREAS, the Parties will enter into a Servicing Agreement, as defined herein, with the Pennsylvania Higher Education Assistance Agency to be executed on or about August 2, 2012.

NOW THEREFORE, in consideration of the promises and the mutual covenants and agreements contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

ARTICLE 1. DEFINITIONS; RULES OF CONSTRUCTION

1.1 Definitions. Capitalized terms used in this Agreement and the exhibits hereto have the meanings set forth below.

“AD” means the Private Education Loan Approval Disclosure as required by 12 C.F.R. § 226.47(b) and Section 128(e)(2) of the federal Truth in Lending Act.

“Advertising Firms” has the meaning set forth in Section 2.7.1 herein.

“Advertising Media” means any web link, campaign specific URI/URL, or purchased advertising used in conjunction with marketing campaigns or tactics. Advertising Media will lead to a Program branded website, which will drive the consumer to the Program URI/URL.

“Affiliate” means, with respect to an entity, another entity that at the time in question, directly or indirectly, owns or controls, is owned or controlled by, or is under common ownership or common control with the first entity. For purposes of this Agreement, “control” shall mean the power to direct the management or affairs of an entity, the terms “common control” and “controlled by” shall have meanings correlative to the foregoing, and “ownership” shall mean the beneficial ownership of more than fifty per cent (50%) of the equity securities of the entity.

“Applicants” means all applicants for a Loan under the Guidelines, including any Primary Applicant and any Secondary Applicant who begins an Application, regardless of whether the Application is complete.

“Application” means a consumer’s application, whether in whole or in part, for a Loan under this Program and originated via the Program URI/URL.

“ASD” means the Private Education Loan Application and Solicitation Disclosure as required by 12 C.F.R. § 226.47(a) and Section 128(e)(1) of the federal Truth in Lending Act.

“Approved Collectors” means a subcontracted collection agency used by FMER and identified on Schedule 2 to Exhibit C.

“Article 9” has the meaning set forth in Section 7.1.11 herein.

“Average Daily Balance” means the average daily principal (including financed fees) balance of all Loans in a Pool during a given calendar month, calculated using data reported by the Servicer as of the last day of such month.

“Bid Acceptance” has the meaning set forth in Section 4.3.1.

“Books and Records” means all books and records necessary to service and collect the Loans and specifically relating to the Loans, including: Applications, statements, credit and collection files, file maintenance data, Credit Agreements, disclosure statements, payoff statements, credit information files, correspondence, whether in documentary form or on magnetic tape, computer disk or other form, and any other records that evidence ownership or relate to servicing, administering or enforcing the Loans. “Books and Records” shall not include general corporate financial and other records, income tax returns, specific files of individual employees or other corporate records not specifically relating to the Loans or which relate to the Loans with respect to which information relating to the Loans cannot reasonably be extracted.

“Borrower” means the individual person who was the student on the Underlying Loan(s) and obtains a Loan under the Program by having proceeds disbursed under the executed Credit Agreement to pay off Underlying Loan(s).

“Business Day” means any day other than (a) a Saturday or a Sunday, or (b) a day on which banking institutions in the State of Georgia are authorized or obligated by law or executive order to be closed.

“Change in Control” means any of the following with respect to any of the Parties: (1) the acquisition or a series of acquisitions within six (6) months of each other by any other entity, individual or group (within the meaning of Sections 13(d)(3) or 14(d)(2) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”)) of beneficial ownership (as defined in Rule 13d-3 promulgated under the Exchange Act) of more than fifty percent (50%) of the common stock and/or other securities which have more than fifty percent (50%) of the combined voting power of the securities entitled to vote in the election of directors of such Party; or (2) the sale of all or substantially all of the assets of such Party to any other entity, individual or group; or (3) the reorganization, merger or consolidation of such Party in which the shareholders of such Party immediately before such event will not immediately thereafter own more than fifty percent (50%) of the combined voting power entitled to vote in the election of directors of the reorganized, merged or consolidated Party’s voting securities. A “Change in Control” shall not include any transactions with an entity that is an Affiliate of such Party immediately prior to such transaction.

“Charged Off Loan” means, (a) for First Loss Coverage Loans, a Loan that is at least 180 days delinquent in principal and/or interest payments or that has experienced a “Charge Off” event, as set forth in Section L.1 of the Servicing Guidelines, (b) for Second Loss Coverage Loans and Third Loss Coverage Loans, a Loan that is at least [**] days delinquent in principal and/or interest payments or that

has experienced a “Charge Off” event, as set forth in Section L.1 of the Servicing Guidelines, and (c) a Loan that is discharged, partially discharged, or settled in any bankruptcy proceeding, to the extent of the discharge or settlement

“Claim Paid File” is an electronic file identifying the Loans that reached “claim paid” status on the Servicer’s system during the previous month.

“Combination Consolidation Program” means a Private Student Loan consolidation program that offers [**] simultaneously when the Applicant(s) is/are configuring a loan by selecting specific Loan terms and parameters.

“Commodity Vendors” has the meaning set forth in Section 2.7.3 herein.

“Compensation Schedule” means the schedule attached hereto as Exhibit B, showing FMC’s compensation for each Pricing Segment.

“Confidential Business Information” has the meaning set forth in Section 14.2.3 herein.

“Configured Application” means an Application for which initial credit was approved and for which the Applicant(s) has/have selected and submitted an interest rate type and repayment term length in the Online Application System.

“Consumer Information” means (a) “nonpublic personal information” as such term is defined by the Privacy Requirements; and (b) any personally identifiable information or records in any form (oral, written, graphic, electronic, machine-readable, or otherwise) relating to a consumer, including a consumer’s name, address, telephone number, Social Security number, e-mail address, account number, loan payment or transactional account history, account status; and the fact that the consumer has a relationship with SunTrust.

“Cosigner” means a person other than the Borrower who executes a Credit Agreement with a Borrower and thereby assumes joint and several liability for the Loan.

“Costs and Fees” has the meaning set forth in Section 17.3 herein.

“Credit Agreement” means the credit agreement evidencing the obligation of the Borrower and Cosigner, as applicable, to repay the Loan, in the form attached to the Guidelines.

“CSD” means the credit score disclosure exception notice forms that SunTrust has approved for compliance with Regulation V (as described in Regulation V § 222.74(e)) and FMER will provide, which are the H-4 model form (credit score disclosure exception notice which will be used when the applicant’s credit score is greater than zero) and H-5 model form (credit score disclosure exception notice which will be used when the applicant has a zero credit score or no credit score/no hit), as further described in Section 12.IV and Appendix B of the Guidelines.

“Current Servicer/Holder(s)” means the entity/entities currently performing loan servicing activities on the Underlying Loan(s).

“Damages” has the meaning set forth in Section 16.1 herein.

“Default Prevention Services” means the services described in Section 4.5 herein.

“Delinquent Loan” means any Loan other than a Charged Off Loan with respect to which any payment is [**] days or more past due.

“Disbursed Loan Amount” means the aggregate principal balance (including financed fees) of all Loans actually disbursed to the Current Servicer/Holder(s) by means of electronic fund transfer or paper check, and subject to the Guidelines, less any amounts returned or otherwise not accepted by the Current Servicer/Holder.

“Disbursement” means the paying off of Underlying Loan(s) by remitting to the Current Servicer/Holder(s) of such loans by check or electronic funds transfer the amounts necessary to pay off such loans. Disbursement occurs after the expiration of the cancellation period set forth in the FD.

“Disbursement Date” means the date on which Loan funds are transmitted to the Current Servicer/Holder(s), which date shall be no earlier than the end of the cancellation period set forth in the FD in accordance with the Requirements of Law.

“Disclosing Party” has the meaning set forth in Section 14.2.5 herein.

“Effective Date” means the date set forth in the first paragraph of this Agreement.

“Effective Interest Rate” has the meaning set forth in Section 7.1.13 herein.

“Eligible Institution” means an institution of higher education that is eligible for federal student financial aid programs under Title IV of the Higher Education Act of 1965 (as amended).

“Eligible Student Loan” means a Private Student Loan that is eligible to be consolidated into a Program Loan according to the eligibility rules set forth in the Guidelines.

“Expected Charged Off Loan Volume” means, as established by the Parties from time to time, (a) initially, the Expected Loan Volume that is expected to become a Charged Off Loan, and (b) for each calendar quarter after Loan origination begins, the total principal (including financed fees) and accrued interest on the Disbursed Loan Amount that is expected to charge off. The Expected Charged Off Loan Volume shall change each quarter during the Term to reflect the distribution of the Disbursed Loan Amount in Loan pricing tiers.

“Expected Loan Volume” means the total principal amount (including financed fees) of Loans expected to be funded by SunTrust for the related Pool during each 12-month period subsequent to the Effective Date of this Agreement.

“FD” means the Private Education Loan Final Disclosure as required by 12 C.F.R. § 226.47(c) and Section 128(e)(4) of the federal Truth in Lending Act.

“Final Payoff Amount” means, with respect to any individual Loan, the sum of the Payoff Amounts of the Underlying Loan(s) as evidenced either through a 3-way call with the Current Servicer/Holder and the Primary Applicant (or Secondary Applicant if they are party to the Underlying Loan(s)) and/or the Current Servicer/Holder payoff statements or screen shots received by FMER.

“Final Services Termination Period” has the meaning set forth in Section 18.1.

“First Loss Coverage Loans” has the meaning set forth in Section 7.1.4.1.

“First Loss Maximum” shall mean the Expected Charged Off Loan Volume, as computed at the end of the Initial Term.

“Fixed Rate Loan” means any Loan with respect to which the interest rate for such Loan is a specific fixed rate for the term of the Loan.

“FM Indemnified Party” means FMC, FMER, each Affiliate of FMC, each Affiliate of FMER, and each of the respective current, former and future officers, directors and employees of any of the foregoing.

“FMC” means The First Marblehead Corporation, a Delaware corporation having its principal offices at 800 Boylston Street, 34^th Floor, Boston, Massachusetts 02199.

“FMC Custom Model Property” means, for the purposes of this Agreement, the FMC Custom Score model and all deliverables, materials, software, flowcharts, ideas, concepts, designs, and reports or other analyses which relate to FMC’s custom and proprietary score model including any modifications, enhancements or derivative works thereof.

“FMC Custom Score” means FMC’s custom and proprietary credit score “Unicon” developed by FMC for use in assigning risk scores to Program Applications as set forth in the Guidelines.

“FMC Intellectual Property”, as used in Section 16.2 and Section 16.3 only, has the meaning set forth in Section 16.2 herein.

“FMC Share of Portfolio Yield” means, for any given month, the aggregate total for all Pricing Segments of the amount to be earned by FMC for the Loans in each Pricing Segment, calculated as (a) the amount of the margin earned by FMC for the Loans in each Pricing Segment as shown on the Compensation Schedule, divided by the margin in each such Pricing Segment, multiplied by (b) the Monthly Accrued Interest less, with respect to Variable Rate Loans, interest accrued attributable to the LIBOR index.

“FMER” means First Marblehead Education Resources, Inc., a Delaware corporation having an office at One Cabot Road, Medford, Massachusetts 02155.

“FMER Funding Account” means an account in FMER’s name maintained at a FDIC-insured depository institution, into which FMER will deposit Loan funds for disbursement after receiving them from the SunTrust Disbursement Account via automated clearinghouse debit.

“Force Majeure Event” has the meaning given such term in Section 19.11 herein.

“Forward Looking Materials” has the meaning set forth in Section 4.1.3.

“Fraud Database Data” has the meaning set forth in Section 3.10.2.

“Governmental Authority” means the federal government of the United States, any state government, or any political subdivision of either, or any agency, court or body of the federal government of the United States, of any state, or of any other political subdivision of either, exercising executive, legislative, judicial, regulatory or administrative functions.

“Guidelines” means the Program Guidelines attached to the Agreement as Exhibit D, which include Loan origination guidelines, underwriting guidelines, product terms and features, Loan fees, Credit Agreements, forms of Truth in Lending Disclosure Statements and other disclosures required by Requirements of Law.

“Identity Information” has the meaning set forth in Section 3.8.5.2 herein.

“Indemnified Party” means a SunTrust Indemnified Party or a FM Indemnified Party, as applicable.

“Indemnifying Party” means a Party that is obligated to indemnify an Indemnified Party pursuant to the provisions of Section 16 herein.

“Information Security Program” means the written policies and procedures adopted and maintained to (a) ensure the security and confidentiality of Consumer Information; (b) protect against any anticipated threats or hazards to the security or integrity of Consumer Information; and (c) protect against unauthorized access to or use of Consumer Information that could result in substantial harm or inconvenience to SunTrust or any consumer.

“Initial Marketing Period” has the meaning set forth in Section 2.2.

“Initial Participation Account Deposit” means [**] percent ([**]%) of the product of the Expected Loan Volume for the Pool, multiplied by the Participation Percentage.

“Initial Term” has the meaning set forth in Section 18.1 herein.

“Initial Vendors” means the vendors shown on Schedule 3 to Exhibit C.

“Insurance Requirements” has the meaning set forth in Section 10.1 herein.

“Intellectual Property” has the meaning set forth in Section 11.1 herein.

“Interagency Guidelines” means the applicable Interagency Guidelines Establishing Information Security Standards and codified at 12 C.F.R. Parts 30, 208, 211, 225, 263, 308, 364, 568, and 570.

“Leading Bid Terms” has the meaning set forth in Section 4.3.1.

“Loan” means a loan of funds, including Disbursement thereof and financed fees (if applicable), made by SunTrust to a Borrower and Cosigner, if any, under the Program to refinance Eligible Student Loans.

“Loan Processing Fees” means that fee set forth in Section 6.3.1 herein.

“Loan Processing Services” means those services set forth in Article 3 herein.

“Marketers” has the meaning set forth in Section 2.7.1 herein.

“MG Private Student Loan Trust 2012-1” means the trust to be established by FMC to purchase and hold Charged Off Loans.

“Monthly Accrued Interest” means, for each calendar month, the amount of interest that accrues on all outstanding Loans in a given Pricing Segment during such month.

“Monthly Charged Off Loan Data” means the data necessary for SunTrust to complete an assignment and bill of sale with respect to the Charged Off Loans contained in the Claim Paid File.

“Notice” has the meaning set forth in Section 17.1 herein.

“NPPI” has the meaning set forth in Section 14.2.4 herein.

“OFAC” has the meaning set forth in Section 3.8.1 herein.

“Online Application System” means the internet-based system used by FMER for the (a) intake of Application information from Applicants, (b) rendering and reporting of credit decisions on Applications, (c) delivery of Credit Agreements and disclosures required by Requirements of Law, including but not limited to Truth in Lending Disclosure Statements, and (d) Application and Loan status information and details.

“Outstanding Loan Volume” means, with respect to any Pool, the amount of Loan volume that remains outstanding to SunTrust (including principal, financed fees, capitalized interest, and accrued interest), and is not a Charged Off Loan for which a payment from the Participation Account has previously been made, as reflected on the Servicer’s servicing system and reported by the Servicer to SunTrust and FMC on a monthly basis.

“Participation Account” means an interest-bearing account held by SunTrust for the benefit of FMC and SunTrust at SunTrust, which account shall hold Participation Account Deposits for the Program made by FMC and shall be subject to the terms of this Agreement.

“Participation Account Administrative Fee” for each month during the Initial Term, means [**]% multiplied by the Average Daily Balance, divided by [**]. During the Initial Term, the Participation Account Administrative Fee shall be modified quarterly as set forth in Section 7.1.6 of the Agreement to reflect the extent to which the distribution of the Disbursed Loan Amount among pricing tiers changes the Projected Default Rate for the Pool.

“Participation Account Deposits” has the meaning set forth in Section 7.1.1 herein.

“Participation Account Excess Percentage” has the meaning set forth in Section 7.1.7 herein.

“Participation Account Payment” means the payments which are made by SunTrust to FMC from the Participation Account pursuant to Section 7.1.7.

“Participation Cap” shall mean [**] dollars ($[**]) inclusive of the amount of the Initial Participation Account Deposit for each Pool, plus any amount over [**] dollars ($[**]) associated with the credit enhancement of Loans funded pursuant to Sections 7.1.12 and 18.3.1.

“Participation Interest” means the Participation Percentage multiplied by Expected Loan Volume. During the Initial Term, the Participation Interest shall be modified quarterly as set forth in Sections 7.1.1 and 7.1.3 of the Agreement to reflect the extent to which the distribution of the Disbursed Loan Amount among pricing tiers changes the Projected Default Rate for the Pool.

“Participation Percentage” means an amount equal to the Projected Default Rate.

“Payoff Amount(s)” means the sum of the payoff amounts on the Current Servicer/Holder(s) Payoff Statements received from the Primary Applicant by FMER.

“Payoff Date” is defined as the estimated date on which the funds will be received by the Current Servicer/Holder(s).

“Payoff Expiration Date” is defined as the date provided by the Current Servicer/Holder(s) by which funds can be received to pay off the Underlying Loan in full.

“Payoff Statement” means an account statement issued by the Current Servicer/Holder(s) or screen shots for the Current Servicer/Holder(s) online system evidencing the outstanding balance for an Underlying Loan(s).

“Person” means a natural person, a partnership, a corporation, a limited liability company, a joint stock company, a business trust or other entity or association.

“Personnel” means the employees, contractors, subcontractors, and agents of a Party.

“Pool” means Loans funded during a 12-month period commencing on the Effective Date of this Agreement or any anniversary thereof.

“Portfolio Management Services” means Default Prevention Services and all other services to be provided pursuant to Sections 4.4 through and including 4.7 herein.

“Portfolio Yield” means the sum of Monthly Accrued Interest for all Loans that are not Charged Off Loans.

“Pricing Schedule” means the Loan pricing for each Pricing Segment set forth in the Guidelines, including the Loan pricing portion which SunTrust may modify from time to time, subject to the provisions of Section 3.7.

“Pricing Segment” means each of the discrete interest rates (and fee combinations, if applicable) shown in the Pricing Schedule.

“Primary Applicant” means the person who applies to obtain a Loan from SunTrust under the Program and who is the student borrower on the Underlying Loan(s).

“Privacy Notice” means SunTrust’s privacy policy adopted pursuant to Regulation P.

“Privacy Requirements” means (a) Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq.; (b) federal regulations implementing such act and codified at 12 C.F.R. Parts 40, 216, 332, and 573; (c) Interagency Guidelines; and (d) other applicable federal and state laws, rules, regulations, and orders relating to the privacy and security of Consumer Information.

“Private Consolidation Loan” means a loan funded to refinance Private Student Loan(s) that is/are not guaranteed by the United States Department of Education or by any agency of any state.

“Private Student Loan” means a loan funded to finance the costs of post-secondary education that is not guaranteed by the United States Department of Education or by any agency of any state.

“Production Support Services” means the support services to be provided pursuant to Article 2 herein.

“Production Support Services Activities” has the meaning set forth in Section 2.3.

“Production Support Services Work Product” has the meaning set forth in Section 2.3.

“Program” means SunTrust’s Private Student Loan Consolidation Program as described here and in the Guidelines.

“Program Administration Services” means Program analytics and development, administration of post-disbursement loan servicing, and Participation Account administration services to be provided pursuant to Sections 4.1, 4.2, and Article 7 of the Agreement.

“Program Administration Services Fee” means the fee paid to FMC pursuant to Section 6.5 hereof calculated as the FMC Share of Portfolio Yield, less the amount of the Program Support Services Fee set forth in Section 6.4.1, less the Participation Account Administration Fee; provided, however, that in the event that SunTrust is no longer obligated to pay the Program Support Services Fee to FMC, the amount of such fee for the purpose of the foregoing calculation of Program Administration Services Fee shall continue to be the amount of the Program Support Services Fee set forth in Section 6.4.1, and not zero dollars ($0).

“Program Materials” means all Program promotional material prepared by FMC in providing Production Support Services, including printed materials, brochures, email content, television and radio content, telemarketing scripts, fliers, inserts and any web sites or web pages promoting Program Loans.

“Program Support Services” means those services set forth in Article 4 herein.

“Program Support Services Fee” means the amount set forth in Section 6.4.1 hereof.

“Program URI/URL” means a dedicated web address that houses the Program Application.

“Program Website” means the website(s) used to direct potential Applicants to the Program’s Online Application System.

“Projected Default Rate” means a percentage, the numerator of which shall be the Expected Charged Off Loan Volume and the denominator of which shall initially be the Expected Loan Volume. Each calendar quarter during the Initial Term, the Projected Default Rate shall be modified by using as the denominator Disbursed Loan Amount as of quarter-end.

“Proprietary Information” has the meaning set forth in Section 14.2.1 herein.

“Purchase Price” has the meaning set forth in Section 5.2 herein.

“Purchased Loan” has the meaning set forth in Section 5.1 herein.

“Qualified Higher Education Expenses” has the meaning given to it in Section 221 of the Internal Revenue Code (26 U.S.C. § 221), and includes those items included in the definition of “cost of attendance” in section 472 of the Higher Education Act of 1965, 20 U.S.C. § 1087ll, as follows:

tuition and fees normally assessed a student carrying the same academic workload as determined by the institution, and including costs for rental or purchase of any equipment, materials, or supplies required of all students in the same course of study;

an allowance for books, supplies, transportation, and miscellaneous personal expenses, including a reasonable allowance for the documented rental or purchase of a personal computer, for a student attending the institution on at least a half-time basis, as determined by the institution;

an allowance (as determined by the institution) for room and board costs incurred by the student which -

shall be an allowance determined by the institution for a student without dependents residing at home with parents;

for students without dependents residing in institutionally owned or operated housing, shall be a standard allowance determined by the institution based on the amount normally assessed most of its residents for room and board; and

for all other students shall be an allowance based on the expenses reasonably incurred by such students for room and board;

for less than half-time students (as determined by the institution) tuition and fees and an allowance for only -

books, supplies, and transportation (as determined by the institution);

dependent care expenses (determined in accordance with paragraph (8)); and

room and board costs (determined in accordance with paragraph (3)), except that a student may receive an allowance for such costs under this subparagraph for not more than 3 semesters or the equivalent, of which not more than 2 semesters or the equivalent may be consecutive;

for a student engaged in a program of study by correspondence, only tuition and fees and, if required, books and supplies, travel, and room and board costs incurred specifically in fulfilling a required period of residential training;

for incarcerated students only tuition and fees and, if required, books and supplies;

for a student enrolled in an academic program in a program of study abroad approved for credit by the student’s home institution, reasonable costs associated with such study (as determined by the institution at which such student is enrolled);

for a student with one or more dependents, an allowance based on the estimated actual expenses incurred for such dependent care, based on the number and age of such dependents, except that -

such allowance shall not exceed the reasonable cost in the community in which such student resides for the kind of care provided; and

the period for which dependent care is required includes, but is not limited to, class-time, study-time, field work, internships, and commuting time;

for a student with a disability, an allowance (as determined by the institution) for those expenses related to the student’s disability, including special services, personal assistance, transportation, equipment, and supplies that are reasonably incurred and not provided for by other assisting agencies;

10.

for a student receiving all or part of the student’s instruction by means of telecommunications technology, no distinction shall be made with respect to the mode of instruction in determining costs;

11.

for a student engaged in a work experience under a cooperative education program, an allowance for reasonable costs associated with such employment (as determined by the institution);

12.

for a student who receives a loan under this or any other Federal law, or, at the option of the institution, a conventional student loan incurred by the student to cover a student’s cost of attendance at the institution, an allowance for the actual cost of any loan fee, origination

fee, or insurance premium charged to such student or such parent on such loan, or the average cost of any such fee or premium charged by the Secretary, lender, or guaranty agency making or insuring such loan, as the case may be; and at the option of the institution, for a student in a program requiring professional licensure or certification, the one-time cost of obtaining the first professional credentials (as determined by the institution).

“Receiving Party” has the meaning set forth in Section 14.2.6 herein.

“Recoveries” shall mean amounts received by the Parties hereto from or on behalf of Borrowers and Cosigners, as applicable, in payment of principal of, interest on, and late fees with respect to, Charged Off Loans.

“Regulation P” means the regulation set forth at 12 C.F.R Part 216.

“Requirements of Law” means, with respect to any Party, any certificate of incorporation, articles of association and, as applicable, by-laws or other organizational or governing documents of such Party, and each of the following, in each case to the extent applicable to and binding on such Party, its property or, in connection with this Agreement, its agents: (a) any federal, state, county or local law, ordinance, statute, rule, regulation, judgment, order, decree, injunction, permit, issuance or other determination or finding of any Governmental Authority or self-regulatory organization or final and binding determination of any arbitrator applicable to or binding upon such Party or to which such Party is subject, and (b) any treaty, rule or regulation, regulatory guidance or determination of (or agreement with) an arbitrator or Governmental Authority (including usury laws, the Federal Truth in Lending Act; Regulation B and Regulation Z of the Board of Governors of the Federal Reserve System; the Equal Credit Opportunity Act; the Privacy Requirements; the Fair Credit Reporting Act; the Fair and Accurate Credit Transactions Act; the federal Fair Debt Collections Practices Act; the USA PATRIOT Act; the Bank Secrecy Act and other state and federal laws or regulations relating to anti-money laundering compliance; federal and state and local tax laws, rules and regulations; and rules and regulations relating to consumer protection, installment sales, telemarketing, unfair and deceptive trade practices and collections, as each is amended from time to time).

“Roster Date” means, for any particular Loan, the date that is at least one Business Day prior to a scheduled Disbursement Date for the payoff of the Underlying Loans(s), and shall be the date on which FMER provides to SunTrust a disbursement roster listing the Disbursement Date and Disbursement amount for such payoff.

“Sanctions” has the meaning set forth in Section 3.8.1 herein.

“Secondary Applicant” means the individual person who applies with the Primary Applicant for a Loan from SunTrust under the Program and who will assume joint and several liability if a Loan is made (ultimately the Cosigner).

“Second Loss Coverage Loans” has the meaning set forth in Section 7.1.4.2.

“Second Loss Maximum” shall mean the Expected Charged Off Loan Volume, as computed at the end of the Initial Term, multiplied by two.

“Security Systems” has the meaning set forth in Section 15.3.1 herein.

“Servicer” means Pennsylvania Higher Education Assistance Agency, (d/b/a American Education Services), a public corporation and governmental instrumentality organized under the laws of the Commonwealth of Pennsylvania, 1200 North Seventh Street, Harrisburg, Pennsylvania 17102, or another loan servicer mutually acceptable to SunTrust and FMC.

“Services” means Production Support Services, Default Prevention Services, Portfolio Management Services, Loan Processing Services and Program Support Services, as well as any additional services agreed to by the Parties in writing to be performed under the Agreement.

“Servicing Agreement” refers to the Servicing Agreement entered into by and among Servicer, SunTrust and FMC with respect to servicing of Loans in the Program, as amended from time to time.

“Servicing Guidelines” means the document by that name included as part of the Servicing Agreement among FMC, SunTrust, and the Servicer.

“Subcontractor” means any third party retained by FMC and/or FMER, as applicable, and approved by SunTrust in conformity with the requirements of this Agreement to perform part of the Services.

“SunTrust” means SunTrust Bank, the FDIC insured financial institution.

“SunTrust Disbursement Account” means an account maintained at SunTrust into which SunTrust deposits Loan funds for Disbursement.

“SunTrust Footprint States” means the District of Columbia, and the states of Florida, Georgia, Maryland, North Carolina, South Carolina, Tennessee, West Virginia and Virginia.

“SunTrust Indemnified Party” means SunTrust and its Affiliates, and each of their respective current, former and future officers, directors and employees.

“SunTrust Marks” means the trade names, trademarks, logos or service marks of SunTrust and its Affiliates set forth in Exhibit E, any trade names, trademarks, logos or service marks used by SunTrust or any of its Affiliates in connection with its full-service retail banking business, and any other trade names, trademarks, logos or service marks that are used by SunTrust or any of its Affiliates to identify itself to the public in connection with educational loans.

“SunTrust Portfolio Income” means the portion of the Portfolio Yield due to SunTrust, which shall be equal to the Portfolio Yield, less the FMC Share of Portfolio Yield.

“Term” has the meaning set forth in Section 18.1 herein.

“Third Loss Coverage Loans” has the meaning set forth in Section 7.1.4.3.

“Third-Party Offers” has the meaning set forth in Section 4.3.1 herein.

“Title X” means Title X of the Higher Education Opportunity Act of 2008, P.L. 110-315, 122 Stat. 3478, and its implementing regulations duly adopted by federal regulatory agencies, including but not limited to the Federal Reserve Board’s Regulation Z.

“Trade Secrets” has the meaning set forth in Section 14.2.2 herein.

“Transition Period” has the meaning set forth in Section 18.3.2 herein.

“Truth in Lending Disclosure Statements” shall mean the forms of private education loan ASDs, ADs, and FDs required by Title X, as approved by SunTrust.

“TU Addenda” means the following documents attached hereto as Exhibit H:

Amended and Restated Agent Addendum to the TransUnion Master Services Agreement for Consumer Reporting and Ancillary Services;

Amended and Restated Agent Service Addendum to the FICO Score Services Agreement; and

Addendum for Access via TransUnion Direct

“Underlying Loan” means an existing Private Student Loan used for Qualified Higher Education Expenses to be consolidated into a Loan.

“USA Patriot Act” has the meaning set forth in Section 3.8.4 herein.

“Variable Rate Loan” means any Loan with respect to which the interest rate for such Loan is determined in relation to a published rate index and changes on a monthly basis in accordance with the terms of the Guidelines and the Credit Agreements.

1.2 Certain Rules of Construction. Except as otherwise explicitly specified to the contrary,

1.2.1 References to a Section, Exhibit or Schedule means a Section of, or Schedule or Exhibit to, this Agreement,

1.2.2 The words “including,” “include” and “includes” will be construed as “including without limitation,” “include without limitation” or “includes without limitation,” as applicable,

1.2.3 References to a particular statute or regulation include all rules and regulations promulgated thereunder and any applicable predecessor or successor statute or regulation, in each case as amended or otherwise modified from time to time,

1.2.4 Words in the singular or plural form include the plural and singular form, respectively,

1.2.5 Where specific language is used to clarify or illustrate by example a general statement contained herein, such specific language shall not be deemed to modify, limit or restrict the construction of the general statement which is being clarified or illustrated,

1.2.6 Any article, section, subsection, paragraph or subparagraph headings contained in this Agreement and the recitals at the beginning of this Agreement are for reference purposes only and shall not affect in any way the meaning or interpretation of this Agreement (other than with respect to any defined terms contained in the recitals),

1.2.7 The word “or” whenever used in this Agreement is used in the inclusive sense of “and/or” and not the exclusive sense of “either/or,”

1.2.8 All references to “the Agreement” or “this Agreement” in this Agreement shall mean “this Agreement as amended,”

1.2.9 Whenever the words “herein,” “hereto,” “hereof” or “hereunder” or “this Agreement” are used in this Agreement, they shall be deemed to refer to this Agreement as a whole including Exhibits and Schedules hereto, and not to any specific section nor to exclude any Exhibits or Schedules hereto, and

1.2.10 Any reference made in this Agreement to a statute or statutory provision shall mean such statute or statutory provision as it has been amended through the date as of which the particular portion of the Agreement is to take effect, or to any successor statute or statutory provision relating to the same subject as the statutory provision so referred to in this Agreement, and to any then-applicable rules or regulations promulgated thereunder, unless otherwise provided.

ARTICLE 2. PRODUCTION SUPPORT SERVICES.

2.1 Use of SunTrust Marks. SunTrust hereby grants to each of FMC and FMER a limited, royalty-free, nonexclusive license to use the SunTrust Marks during the Term as necessary to solicit Loans until

the termination date of this Agreement and pursuant to the provisions of this Agreement, to use the SunTrust Marks on and in connection with Program Materials and in connection with the ongoing origination services. Each of FMC and FMER acknowledges and agrees that (i) it is not acquiring any right, title or interest in the SunTrust Marks and that the SunTrust Marks, all rights therein, and the goodwill associated therewith, are, and shall remain, the exclusive property of SunTrust; (ii) it shall take no action that would reasonably be expected to adversely affect SunTrust’s exclusive ownership of the SunTrust Marks or the goodwill associated with the SunTrust Marks; and (iii) any and all goodwill arising from use of the SunTrust Marks by FMC and/or FMER shall inure to the benefit of SunTrust. Nothing herein shall give FMC or FMER any right, title, or interest of any kind in or to the SunTrust Marks, except the right to use the SunTrust Marks in accordance with this Agreement, and neither FMC nor FMER shall contest the validity of, or SunTrust’s title in and to, the SunTrust Marks. In the event of any changes to the SunTrust Marks, FMC and/or FMER shall promptly make necessary changes to the Program Materials. Except as expressly permitted by this Agreement, neither FMC nor FMER shall have the right to, and nothing in this Agreement or any other signed and written agreement among the Parties shall be construed to give FMC or FMER the right to, and FMC and FMER shall not, other than the use of the SunTrust Marks in the specific manner as approved pursuant to the terms of this Agreement, use any marks, symbols, copyrights, logos, designs, representations, ideas or other proprietary designations or properties owned, developed, created by or licensed to SunTrust or any Affiliates of SunTrust, including the use of SunTrust Marks on or in conjunction with any goods or products of FMC or FMER not related to the Program or this Agreement. Neither of FMC nor FMER shall authorize use of, transfer, assign, lease or sub-license in whole or in part any SunTrust Marks without SunTrust’s prior written consent.

2.2 Marketing of the Program.

FMC covenants and agrees that, during the first [**] months after the effectiveness of this Agreement (the “Initial Marketing Period”), it shall expend [**] Dollars ($[**]) solely in support of its marketing efforts for the Program. SunTrust agrees to reimburse FMC [**]% of the amount expended by FMC under this section up to a maximum reimbursement of [**] Dollars ($[**]). SunTrust shall reimburse FMC for the first [**] Dollars ($[**]) spent in support of marketing efforts for the Program, and FMC shall be responsible for payment of the remaining [**] Dollars ($[**]) spent in support of marketing efforts for the Program during the first [**] months after the effectiveness of this Agreement. In the event that less than [**] Dollars ($[**]) is spent solely in support of marketing efforts for the Program during the first [**] months after the effectiveness of the Agreement, then upon the conclusion of [**] months after the effectiveness of this Agreement, FMC shall pay to SunTrust an amount sufficient to make the expenditure equal to the Parties.

FMC and SunTrust agree that the funds expended by FMC shall be contributed equally to campaigns (media and creative development). The funds will be allocated in a mutually agreed upon manner to support marketing tactics, which may include, for example, the following channels:

•

Marketing to SunTrust customers

•

Online marketing, including but not limited to paid search, direct mail, third-party referral, email, display and referral marketing

•

Direct solicitations for Applications (by FMC and SunTrust)

All campaigns that FMC manages shall be conducted using tactics as mutually agreed by SunTrust and FMC, including but not limited to potential Applicant sources and targets, marketing materials format and content, and any Advertising Media to be used. Each of the three tactics listed above shall be tested within the first [**] months after the launch of the Program. Based upon the results of the first [**] months of marketing activities, as measured by the ratio of the Disbursed Loan Amount to funds spent for each marketing channel, FMC and SunTrust shall together evaluate additional marketing commitments. Once FMC and SunTrust agree to the nature of future marketing activities and the amount to be spent on such activities, SunTrust and FMC shall either contribute equal amounts to such activities or each party shall

compensate the other for additional volume generated by mutually agreeing in writing to adjustments in the amount or nature of fees charged under this Agreement to account for Loans sourced from each marketing tactic undertaken by the other party at its expense. SunTrust and FMC shall mutually agree on future marketing efforts, no less frequently than on an annual basis. For marketing activities to be performed by FMC or Marketers, FMC shall provide to SunTrust copies of original invoices to document the expenses invoiced to SunTrust.

2.3 Production Support Services Research.

FMC may use the data collected in activities conducted pursuant to Section 2.2 (the “Production Support Services Activities”) to prepare deliverables, materials, ad copy, software, flowcharts, ideas, concepts, designs, and reports or other analyses with respect to the results of those Production Support Services Activities (“Production Support Services Work Product”), including reports or studies regarding marketing trends, the effectiveness of content and media and of techniques for utilizing each of these, provided, however, that such Production Support Services Work Product does not include Consumer Information, which may be used to perform analysis but shall not be included in reports or studies except on an aggregated and de-identified basis. Such reports or studies may include comparative analyses of the capacity of experimental marketing techniques to reach customers not found through customary means (e.g., compare online responders to purchased target marketing direct mail lists). FMC may use Production Support Services Work Product for any lawful purpose, including in support of other loan programs, during the Term and following termination of the Agreement. FMC may disclose Production Support Services Work Product to SunTrust and SunTrust may use any Production Support Services Work Product disclosed to it for any lawful purpose during the Term and following termination of the Agreement.

2.4 Ownership. All Applications and related Credit Agreements created under the Program and this Agreement for Primary Applicants, Secondary Applicants, Borrowers, and Cosigners shall be owned by SunTrust and shall not constitute property of FMC. SunTrust hereby authorizes FMC as its agent, to the extent permitted by Requirements of Law, to use data collected from Applications and Loan inquiries to conduct activities under this Article 2 on behalf and at the direction of SunTrust, including retaining sources of customer lists and comparing such lists with data obtained from partial or completed Applications, subject in all cases to the confidentiality and information security provisions of this Agreement and Requirements of Law; provided, however, FMC shall not use information obtained or derived from Applications to solicit individuals for financial services other than Loans under the Guidelines. It shall not be deemed to be a breach of the foregoing prohibition for FMC to undertake marketing and solicitation activities for any product or service directed to the general public or based on marketing lists derived from generally available data (such as credit bureau reporting data excluding data used or obtained by FMC in performing its services hereunder) or from any source other than SunTrust; provided, however, that during the Term and for three (3) years following the termination of this Agreement FMC and FMER shall not: (a) use such marketing lists obtained by FMC or FMER in performance of its obligations pursuant to this Agreement that are based on or derived from Applications or (b) undertake marketing activities specifically or primarily targeted to Primary Applicants, Secondary Applicants, Borrowers, or Cosigners sourced through marketing efforts of this Program, except for the performance of their obligations under this Agreement.

2.5 Production Support Reports. In connection with the marketing activities undertaken pursuant to this Agreement, FMC and SunTrust may develop from time to time various reports which may contain detailed metrics, analyses, studies and summaries of marketing results relating to their activities, and FMC and SunTrust shall provide such reports to the other solely for the purpose of mutual planning and execution of future marketing tactics and campaigns in support of the Program.

2.6 Program Materials. FMC covenants that it will cause all Program Materials to comply with Requirements of Law and to fairly and accurately present Loans and the Program. SunTrust shall be

responsible for the compliance of Program Materials with Requirements of Law to the extent, and only to the extent, of changes to such Program Materials required by SunTrust. FMC shall submit all Program Materials to SunTrust for written approval of proposed use and content prior to any use of the Program Materials. SunTrust shall provide comments or approval on Program Materials submitted to it within ten (10) Business Days of submission. To the extent that content templates are prepared, FMC may submit templates of Program Materials to SunTrust for written approval, provided, however, FMC shall not use any final Program Materials based on SunTrust-approved templates without SunTrust’s prior written consent.

2.7 Retention of Vendors by FMC and FMER.

2.7.1 In furtherance of its efforts to locate effective marketing channels for Loans, SunTrust may, by its prior written approval, authorize and direct FMC and/or FMER to select and retain one or more marketing firms to: (i) prepare content and strategies for mass marketing (such as television and radio) and direct marketing (such as telemarketing and web-based marketing) with respect to the Program (such vendors collectively “Advertising Firms”) and (ii) implement and administer all consumer contact in accordance with such content and strategies and applicable Requirements of Law (such vendors collectively, “Marketers”). Neither FMC nor FMER shall engage such Advertising Firms or Marketers as remarketers or as marketers of the Program under any product or brand name. FMC and/or FMER may enter into appropriate contracts with all Advertising Firms and Marketers; provided, however, that FMC and/or FMER provide copies of such contracts to SunTrust within three (3) Business Days of receiving SunTrust’s written request.

2.7.2 FMC and/or FMER shall not retain any Advertising Firm or Marketer, other than any Initial Vendors, without first providing to SunTrust at least ten (10) Business Days advance written notice of the identity, qualifications, and general proposed activities of such Advertising Firm or Marketer. SunTrust may reasonably object to the selection or continued use of any Advertising Firm or Marketer by providing written notice of SunTrust’s reasonable objection, in which case FMC and/or FMER shall be prohibited from using the proposed Advertising Firm or Marketer; provided, however, that if SunTrust objects to the continued use of any Advertising Firm or Marketer, FMC and/or FMER shall use commercially reasonable efforts to use a different, previously approved Advertising Firm or Marketer to perform the work. If FMC and/or FMER is not able to use of a different, previously approved Advertising Firm or Marketer to perform the work, despite commercially reasonable efforts, FMC and/or FMER shall be required to terminate the use of any such Advertising Firm or Marketer only when permitted by the contract between such Advertising Firm or Marketer and FMC and/or FMER and only after the Parties have identified and mutually agreed upon a successor Advertising Firm or Marketer. If SunTrust does not respond to the notice from FMC or FMER with respect to such proposed Advertising Firm or Marketer within ten (10) Business Days, then contracting with such firm by FMC and/or FMER, directly or through subcontract, shall be deemed to have been approved by SunTrust.

2.7.3 In addition, subject to the next sentence of this Section 2.7.3, SunTrust authorizes FMC and/or FMER to retain from time to time one or more firms, directly or through subcontract, to provide media commodities, electronic provision of a web-hosting environment, printing, letter shop, data processing, broadcast production and editing services in connection with services received from Advertising Firms and Marketers under this Agreement (“Commodity Vendors”). Neither FMC nor FMER will retain, either directly or through subcontract, any Commodity Vendor to perform any of the Services hereunder who will receive Consumer Information without obtaining SunTrust’s approval pursuant to the requirements of this Section 2.7 above.

2.8 Promotion of Program.

SunTrust agrees to not proactively purchase lists or customer data to promote this Program based on criteria that a borrower has a loan owned by one of the National Collegiate Student Loan Trusts. FMC agrees to not proactively purchase lists or customer data based on criteria that a borrower has a loan owned by SunTrust Bank.

2.9 Exclusivity. FMC agrees that, for the Initial Term of this Agreement, it shall not design, facilitate or otherwise provide services for, or offer to design, facilitate or otherwise provide services for a Combination Consolidation Program, except for the Program offered through this Agreement. In addition, for the first fourteen (14) months following the date the first Application is received, FMC agrees that (a) neither it nor any of its Affiliates (including but not limited to Union Federal Savings Bank) shall offer or fund a Private Consolidation Loan program with a lower interest rate than the Program’s lowest interest rate, as such rate may be modified by the Parties from time to time pursuant to Section 3.7, and (b) neither FMC nor any of its Affiliates shall coordinate marketing activities for, offer, originate or fund any Private Consolidation Loan program in any of the SunTrust Footprint States. Notwithstanding the foregoing, if, after the expiration of fourteen (14) months from the date the first Application is received, (x) Outstanding Loan Volume plus (y) the total dollar amount of Underlying Loans associated with Applications for which the AD has been accepted as of such date, exceeds [**] dollars ($[**]), then the restrictions set forth in subsections (a) and (b) in the previous sentence of this Section 2.9 shall be extended through the end of the Initial Term. In the event FMC fails to perform its obligations and SunTrust has fulfilled its obligations to expend the funds as described in Section 2.2, this Exclusivity provision shall remain in effect until the end of the Initial Term.

Each of the Parties understands and agrees that, subject to the requirements of Sections 2.2, 2.4, 2.8, the foregoing Section 2.9, and Article 14 of this Agreement, any of the Parties may design, facilitate, offer, provide or procure services for and/or fund a loan program substantially similar to the Program at any time, either prior to or after the expiration or termination of this Agreement.

ARTICLE 3. LOAN PROCESSING SERVICES

3.1 Web Application; Credit Agreement.

3.1.1 FMER will use the forms of Credit Agreements approved by SunTrust and included in the Guidelines. SunTrust and FMER shall notify each other from time to time of recommended changes to the Credit Agreements, and each shall respond promptly to such notifications, noting the feasibility and desirability of such changes, as well as the implementation time needed to make such changes. After SunTrust and FMER have reviewed and negotiated the proposed changes to the Credit Agreements, the Parties shall agree on the written version of such negotiated changes, and FMER shall revise the Credit Agreement in accordance therewith. SunTrust represents and warrants that the forms of Credit Agreement comply, and as they may be modified from time to time with SunTrust’s approval for inclusion in the Guidelines, will comply, with the Guidelines and Requirements of Law. FMER represents that its use of such forms shall comply with this Agreement, the Guidelines and Requirements of Law.

3.1.2 FMER will use the Online Application System approved in writing by SunTrust. FMER represents, warrants and covenants that the content and operation of its Online Application System complies with this Agreement, the Guidelines and Requirements of Law; provided, however, that SunTrust represents, warrants and covenants that the content of the Online Application System complies with the Guidelines and Requirements of Law to the extent, and only to the extent, of content in such Online Application System that is specifically required by SunTrust. FMER shall accept Applications via the Program Website. The Program Website is the responsibility of FMC and SunTrust, subject to the conditions set forth in this Agreement. The Program Website shall comply with any requirements specified in this Section 3, the Guidelines, and Requirements of Law, and shall be subject to SunTrust’s approval. SunTrust represents, warrants and covenants that the content of the Program Website complies with the Guidelines and Requirements of Law to the extent, and only to the extent, of content in such Program Website that is specifically required by SunTrust.

3.2 Disclosures. The forms of state and federal disclosures, including Truth in Lending Disclosure Statements, and adverse action notices, must be approved in writing by SunTrust as set forth in the Guidelines. FMER represents, warrants and covenants that its use of such forms and disclosures, including mathematic calculations contained therein, shall comply with the Agreement, the Guidelines and all Requirements of Law. Notwithstanding anything in this Agreement or the Guidelines, FMC shall make the ASD available to potential Primary Applicants and Secondary Applicants at the beginning of and during the entire Application process as directed by SunTrust. It is understood and agreed that the ASD must be viewed and acknowledged by potential Applicants prior to the time such Applicant provides application information.

3.3 Privacy Notice. SunTrust will provide FMER and FMC with a web link to its online Privacy Notice which FMC will make available on both the FMC Website and each page of the Online Application System; provided, however, that neither FMC nor FMER is responsible for the content of SunTrust’s Privacy Notice or its compliance with the requirements of any Requirements of Law, including the Gramm-Leach-Bliley Act or Regulation P. FMER shall include its privacy statement link in the Online Application System in the same manner as denoted for SunTrust’s Privacy Notice.

3.4 Additional Forms, Documents and Disclosures; Changes. Any documentation not set forth in this Article 3 or the Guidelines that SunTrust requires for the origination and processing of Applications will be identified and provided by SunTrust to FMC for FMER and/or FMC’s use. SunTrust represents, warrants and covenants that any such form provided to FMC and/or FMER and any instructions with respect thereto shall comply with the Agreement, the Guidelines and Requirements of Law. In the event FMER and/or FMC determine changes should be made to the Guidelines or any documentation contained therein, FMER and/or FMC, as applicable, shall not implement such changes without SunTrust’s prior written consent. If SunTrust agrees with FMC’s recommendations, they shall be acknowledged by each of the Parties in writing approving such recommendations, and they shall be implemented as soon as reasonably practicable. Within twenty (20) Business Days of receiving a request from SunTrust to make changes to either the Guidelines or the documentation contained therein (other than changes to the Pricing Schedule, which shall instead be subject to Section 3.7 of this Agreement), FMER and/or FMC will provide in writing a response with a statement of FMER’s and/or FMC’s ability to implement the change to deliver the requested services and the terms and conditions on which FMER and/or FMC would be willing to do so. In the event SunTrust elects to authorize such services on the terms and conditions set forth in FMER’s and/or FMC’s response, SunTrust will, within twenty (20) Business Days of its receipt of FMER’s and/or FMC’s response, respond to FMC and/or FMER by executing and returning a change order to FMER and/or FMC reflecting the agreed upon terms and conditions relating to such Services. Such change in Services as agreed to by the Parties shall be incorporated into a new or restated Exhibit to this Agreement or as an addendum to the Guidelines, which shall be signed by duly authorized representatives of the applicable Parties.

3.5 Credit Bureau Requests. Prior to the execution of this Agreement, FMER shall obtain a subscriber code authorizing FMER to make credit inquiries on SunTrust’s behalf solely for purposes of this Program as permitted by Requirements of Law and the Guidelines. Credit inquiries shall be made pursuant to the TU Addenda.

3.6 Application Receipt and Review.

3.6.1 Upon receipt of an Application for review from a Primary Applicant and Secondary Applicant, if applicable, FMER will review the data for completeness according to the standards in the Guidelines. If any necessary data is outstanding, FMER will use commercially reasonable efforts to secure such data from the Primary Applicant and Secondary Applicant, if applicable, on behalf of SunTrust as required by the Guidelines. After receipt of complete data relating to the Primary Applicant and Secondary Applicant, if applicable, FMER will review such data and, on a preliminary basis, apply the standards in the Guidelines with respect to loan underwriting and determine whether the Primary

Applicant and Secondary Applicant, if applicable, is/are credit approved for a Loan in accordance with the Guidelines. FMER shall adhere to maximum FMC Custom Scores, minimum FICO scores, and credit tiers as set forth in the Guidelines.

Application review shall initially be conducted using FMER’s automated Online Application System. If any part of the Application process cannot be conducted on an automated basis by the Online Application System, but instead must be performed manually, such manual performance shall not cause unnecessary delay and the performance of any such manual process shall be completed in accordance with the Guidelines. FMER will respond promptly to all inquiries that it or SunTrust may receive from any Applicant concerning the status of an Application. SunTrust will promptly forward to FMER Application status inquiries from Applicants that SunTrust receives.

3.6.1.2 Rejection or denial of an Application. If an Application is rejected or denied by FMER on behalf of SunTrust, FMER will so notify the the Primary Applicant and the Secondary Applicant, if any, in accordance with Requirements of Law (which, for the avoidance of doubt, shall include the Equal Credit Opportunity Act and the Fair Credit Reporting Act) and the Guidelines.

3.6.1.3 Credit Approval of an Application; Request for Additional Documentation. If an Application is credit approved by FMER on behalf of SunTrust, FMER will generate a notice to the Applicant(s) that the Application has passed the credit check and provide the Applicant(s) with the choice of three repayment terms and two interest rate options. In all cases, FMER will generate and send to the Applicant(s) Regulation B compliant notices of incompleteness the day following credit approval. If Loan options are not chosen for an Application within thirty (30) days, FMER will send a withdrawal letter to all parties on the Application confirming that no further consideration will be given to the Application. After the Application becomes a Configured Application, FMER will request supporting documentation required by the Guidelines, including, but not limited to, the highest degree obtained by the Primary Applicant and verification thereof, in the manner set forth in the Guidelines. Upon receipt of the requested documentation, FMER will review such supporting documentation to ensure its adequacy under the Guidelines. If any necessary signature(s), form(s), payoff verification data, or other data or information remains outstanding, FMER will use commercially reasonable efforts to secure it on behalf of SunTrust from the Applicant(s), the National Student Clearinghouse or the applicable Current Servicer/Holder(s) as required. FMER will use commercially reasonable efforts to notify the Applicant(s) as to all missing data, signature(s), forms or other information promptly after receipt of an incomplete Application. In processing Applications, FMER’s policies will comply with the Customer Identification Program, Red Flags Program, OFAC Program, and Address Mismatch Program as described in the Guidelines. Furthermore, FMER’s policies will comply with any other regulatory programs as required under this Agreement and the Requirements of Law. Upon receipt of complete Application data, including but not limited to certification of existing loan payoff amount(s), FMER will continue processing the Application hereunder.

3.6.1.4. Approval Disclosure; Credit Agreement. After submission of required documentation and approval of such documentation pursuant to Section 3.6.1.3 and the Guidelines, FMER will conduct a final review to confirm that the Application is approved for a Loan in accordance with the standards and processes contained in the Guidelines. Such decision will be made solely in accordance with the Guidelines and any other SunTrust instructions in connection with credit appeals and exceptions and comply with Requirements of Law. SunTrust covenants, represents, and warrants that such instructions comply with this Agreement, the Guidelines, and Requirements of Law. FMER shall then generate an AD and a Credit Agreement containing appropriate instructions for completion of the Application process. ADs, Credit Agreements and instructions will be provided to the Applicant(s) by access to the Online Application System or by U.S. mail. To the extent authorized by the Guidelines, FMER will provide the Applicant(s) the

ability to electronically review and accept the AD and review, sign and return the Credit Agreement to FMER. After delivery of the AD, FMER shall not make any changes to the Application or proposed Loan terms, except as permitted by Requirements of Law or the Guidelines, and shall allow the Applicants to accept the Loan within the time period prescribed under Requirements of Law and the Guidelines.

3.6.2 Final Approval of an Application. Upon acceptance of the AD by each Applicant, receipt of the Credit Agreement and receipt of other requested information from Applicant(s) who has/have received credit approval under Section 3.6.1, FMER will perform the following functions:

3.6.2.1 Approval Disclosure Acceptance; Credit Agreement Review. FMER shall ensure that the AD has been accepted in accordance with the process and methods set forth in the Guidelines and that the Credit Agreement has been executed in the name of the Applicant(s). If any necessary signature(s) or other data or required information are outstanding, FMER will use commercially reasonable efforts to secure such missing data, signatures, or other information on behalf of SunTrust from the Applicant(s).

3.6.2.2 Updated Payoff Amounts; Final Disclosure. When FMER has possession of valid AD acceptance from each Applicant as well as a Credit Agreement properly executed by each Applicant, FMER shall review the payoff statements to determine if the payoffs are still valid given the timeframe. Using this timeframe, FMER will determine whether or not the Loan can be disbursed or if updated Payoff Amount(s) are required. If necessary, and by following the Guidelines, FMER shall obtain updated payoff amounts. To the extent required by the Guidelines, FMER will communicate with the Current Servicer/Holder(s) in order to obtain updated payoff amount(s). FMER shall then send the FD to each Applicant in accordance with the Guidelines and Requirements of Law. FMER shall not disburse funds until the expiration of the right to cancel set forth in the FD, as required under Requirements of Law. Cancellation shall be effective as set forth in the requirements for the FD set forth in the Guidelines.

3.6.3 Fulfillment and Disbursement of Approved Loans.

3.6.3.1 FMER shall populate and distribute the Truth in Lending Disclosure Statements in accordance with Requirements of Law and the Guidelines.

3.6.3.2 By 12:00 p.m. eastern standard or daylight time, as applicable, on the Roster Date for each Loan, FMER will provide SunTrust with a Disbursement roster detailing all Loans scheduled for Disbursement. SunTrust will fund each Loan on the Disbursement roster by depositing in the SunTrust Disbursement Account by no later than 11:59 p.m. eastern standard or daylight time, as applicable, on the Roster Date, an amount equal to the sum to be disbursed for the Loans on the disbursement roster. SunTrust hereby authorizes FMER to access such account by automated clearinghouse (“ACH”) debit to transfer the disbursement funds to the FMER Funding Account and complete the Disbursement of the Loan on the Disbursement Date. SunTrust understands that FMER intends to disburse Loan proceeds from the FMER Funding Account as frequently as necessary to accommodate the funding needs of the Current Servicer/Holder(s), including as frequently as daily. SunTrust agrees to fund the SunTrust Disbursement Account as often as necessary to facilitate such frequent disbursements. Provided that adequate funds are transferred by SunTrust to the SunTrust Disbursement Account, FMER will complete disbursement of the Loans on the Disbursement Date by electronic funds transfer to the applicable Current Servicer/Holder(s) or by paper check written in accordance with the Guidelines.

3.6.3.3 SunTrust hereby authorizes FMER, on SunTrust’s behalf and as SunTrust’s agent, to send payoff amounts to the Current Servicer/Holder(s) for the Underlying Loans under this Agreement utilizing paper checks or electronic fund transfers.

3.7 Pricing Schedule. SunTrust may revise the Pricing Schedule set forth in the Guidelines from time to time upon [**] Business Days prior written notice to FMC; provided, however, that SunTrust agrees that any such change made by it shall be commercially reasonable, in accordance with the representation and warranty made in Section 8.2.3 of this Agreement, and with respect to Fixed Rate Loans, based on market conditions or fluctuations in the cost of certain financial instruments. Unless otherwise agreed by SunTrust and FMC in writing, changes in the Pricing Schedule shall be effective for and applied only to Applications submitted for a credit check after the effective date of such changes, and not to Applications for which a credit check has already been completed.

3.8 Performance of Regulatory Programs.

3.8.1 OFAC Check. FMER agrees that, in regards to all Services provided to SunTrust, it will perform all necessary actions to ensure that FMER and SunTrust are both in, and remain in, compliance with all applicable Executive Orders, laws, rules, regulations and sanctions administered, enforced or implemented by the United States Treasury Department’s Office of Foreign Assets Control (“OFAC”) or any other Governmental Authority’s rules, regulations and sanctions related to foreign asset control (collectively, the “Sanctions”). As part of its obligations, FMER will perform, prior to originating any Loan, all necessary reviewing and scanning of the Primary Applicant or both Applicants, as applicable, against the List of Specially Designated Nationals and Blocked Persons administered by OFAC. If originating a Loan would violate any of the Sanctions, FMER agrees to not originate any such Loan. If FMER becomes aware that the name of the Primary Applicant or the Secondary Applicant, as applicable is potentially or actually the subject of one or more Sanctions, FMER will promptly notify SunTrust of such fact by following the notification provisions provided in Section 19.1 below and in the Guidelines and FMER will provide SunTrust with any requested information and documentation related to any such violation or potential violation. At the request of SunTrust, FMER shall provide SunTrust with a data file or report with information regarding all or a selected group of Loans that have been applied for or established, as well as any other data and information reasonably requested by SunTrust. Such data file or report shall be provided by FMER on a daily basis and will contain the requested information in a form and format as requested by SunTrust unless otherwise specified by SunTrust.

3.8.2 Employee Check. All FMER employees performing services or supporting FMER activities under this Agreement, regardless of their location, shall be validated by FMER to not be on any list published and maintained by the United States government of Persons with whom any U.S. Person is prohibited from conducting business. Currently, the lists of such Persons can be found on the following web sites:

(i) Denied Persons List on the Bureau of Industry and Security at

http://www.bis.doc.gov/dpl/Default.shtm.

(ii) The Specially Designated Nationals and Blocked Persons List of the Office of Foreign Assets Control - Department of Treasury at

http://www.treas.gov/offices/enforcement/ofac/sdn/.

(iii) Office of Foreign Assets Control - Recent OFAC Actions

http://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20040218.aspx.

(iv) Palestinian Legislative Council (PLC) List

http://www.treas.gov/offices/enforcement/ofac/programs/terror/ns/index.shtml.

FMER shall conduct periodic reviews, no less frequently than quarterly, of the lists mentioned above. FMER shall report to SunTrust immediately if the name of any FMER employee performing the services matches with the name of any Person listed on any list published by the United States government of Persons with whom any U.S. Person is prohibited from doing business. FMER shall mandate that each Subcontractor shall validate that its own employees are not on the lists referred to above.

3.8.3 FACT Act. Subject to Sections 3.6.2.1 and 3.8.5 of this Agreement, FMER shall perform its obligations under this Agreement in conformity with the requirements imposed on SunTrust as a user and furnisher of consumer report information under the Fair and Accurate Credit Transactions Act of 2003 and all regulations issued pursuant thereto, including proper responses to fraud alerts, active duty alerts, red flags, and address mismatch notices that are included in any consumer report obtained in connection with the origination of a Loan and timely and lawful forwarding to SunTrust of any identity theft report received from any Primary Applicant or Secondary Applicant, as applicable.

3.8.4 Suspicious Activity Reporting. FMER agrees that on behalf of SunTrust, it will monitor for any potential or actual suspicious activity detected regarding any Services that FMER performs on behalf of SunTrust, including any potential or actual suspicious activity which is committed by the Primary Applicant or Secondary Applicant, as applicable, or the Borrower or the Cosigner. Such suspicious activity includes any potential or actual activity or transaction that would require SunTrust to file a Suspicious Activity Report as described in the USA PATRIOT Act or 12 C.F.R. § 208.62 (“USA PATRIOT Act”) or other activity which involves fraud, violations of federal, state or local law or which appears to have no legitimate purpose. If FMER becomes aware of any potential or actual suspicious activity, FMER will promptly, and in all cases within seventy-two (72) hours, notify SunTrust’s Consumer Lending Operations Department of the precise nature of any such activity and provide SunTrust with any information and documents concerning the matter. Further, FMER agrees to reasonably cooperate with SunTrust and to provide SunTrust with any additional information and documentation requested regarding any investigation of potential or actual suspicious activity. The contact in the SunTrust’s Consumer Lending Operations Department is Ms. Debra Hendricks, whose contact information is: Telephone: (804) 319-1533, Fax: (877) 862-8494, E-Mail: debra.hendricks@suntrust.com. SunTrust may change its contact in its Consumer Lending Operations Department at any time by written notice to FMC and FMER that meets the requirements of Section 19.1.

3.8.5 Customer Identification Program. FMER agrees that prior to establishing any Loan in the name of SunTrust, it will perform all aspects of SunTrust’s Customer Identification Program, as indicated below, and which may be amended from time to time by SunTrust on thirty (30) days written notice to FMER.

3.8.5.1 Primary Applicant and Secondary Applicant Notice. FMER agrees that the Primary Applicant or the Applicants, as applicable, will be provided notice that FMER is requesting information about them on behalf of SunTrust to verify their identities as required by Federal law. FMER may use any verbal or written means of such notification which is reasonably designed to provide such notice to Primary Applicant or the Applicants, as applicable, before the issuance of a Loan, including, but not limited to, one or more of the following:

•

Verbal notification to the Primary Applicant or the Applicants, as applicable

•

Notice on Application form or other documents being provided to the Primary Applicant or the Applicants, as applicable

•

Notice on a website or other promotional items or Program Materials

Such notice shall be substantially in the following form:

Important Information About Procedures for Opening a New Account

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.

Upon request by SunTrust, FMER will provide SunTrust with a copy and description of any methods of notice used.

3.8.5.2 Collection of Primary Applicant and Secondary Applicant Information. FMER will collect and record the following information from the Primary Applicant and the Secondary Applicant, as applicable, as part of the Online Application System and prior to requesting a credit bureau report (the “Identity Information”):

•

Name

•

Date of Birth

•

Physical Address (which includes a residential or business street address or if the individual does not have such an address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, the residential or business street address of next of kin or of another contact individual, or a description of the customer’s physical location)

•

For a United States person, a Taxpayer Identification Number and for a non-United States person, one or more of the following: a Taxpayer Identification Number, a passport number and country of issuance, an alien identification card number, or a number and country of issuance of any other unexpired government-issued document evidencing nationality or residence which bears a photograph or similar safeguard

3.8.5.3 Primary Applicant and Secondary Applicant Identity Verification and Recordation. FMER will verify the accuracy of the Identity Information through either a documentary method or a non-documentary method. Under either method, FMER will record how such verification was done and the results of such verification.

•

Documentary methods of verifying the Identity Information include reviewing and recording one or more of the following types of unexpired identification: driver’s license; passport; state identification card; armed forced identification card; alien identification card; marticula consular card; instituto federal electoral identification; cedula de identidad identification; diplomatic identification; or diplomatic driver’s license. The recording of such verification will include recording the type of identification reviewed, the number of such identification, the place of issuance, the date of issuance and the date of expiration (if any) of such identification.

•

Non-documentary methods of verifying the Identity Information include comparing the information with information obtained in advance from a credit reporting agency, Lexis/Nexis, TransUnion’s Total ID or Compliance Verification products or TrustedID.

3.8.5.4 Addressing Inconsistencies. After collecting and attempting to verify the Identity Information, FMER will attempt to resolve any inconsistencies in information. If any such inconsistencies cannot be resolved with a reasonable explanation and verification, FMER will not further process or close any Loan for the Primary Applicant or the Secondary Applicant, as applicable. Further, FMER will notify SunTrust of the inconsistency for possible further investigation. FMER agrees to fully cooperate with SunTrust in any such investigation.

3.8.5.5 Comparison with Government Lists. As required by the USA PATRIOT Act and its implementing regulations, FMER will verify that the Primary Applicant and the Secondary Applicant, as applicable, is/are not included on any lists of known or suspected terrorists or terrorist organizations issued by the United States government. If the Primary Applicant or the Secondary Applicant, as applicable, is included on any such lists, FMER will not establish a Loan for the Primary Applicant or the Secondary Applicant, as applicable, and will immediately notify SunTrust of such fact.

3.8.5.6 Access to and Maintaining of Records. FMER agrees to allow SunTrust access to any records maintained regarding the Identity Information and its verification. Such access will include allowing access at SunTrust’s request and direction to any individual or entity that is performing tests, audits or exams of, for or on behalf of SunTrust. FMER agrees to maintain all records of Identity Information along with any Loan documentation it retains (or any copies thereof) for at least seven (7) years from either the time the Loan is repaid and closed or the Loan is sold by SunTrust to a third party and to keep records of the verification of the Identity Information for at least seven (7) years from the date of such verification.

3.9 Transfer to Servicing System. Within [**] Business Days following the Disbursement of the Loan, FMER will forward to the Servicer a copy of the original Credit Agreement, along with a complete copy of the Truth in Lending Disclosure Statements (other than the ASD), income verification, verification/certification of the existing loan payoff amount(s), missing information notices, and correspondence and information received from the Primary Applicant and the Secondary Applicant, as applicable, except for verification documentation received pursuant to Section 3.8.5. FMER will cooperate with SunTrust or Servicer in transferring all additional information necessary to service such Loan. FMER will be responsible for the safe maintenance of Loan documentation as set forth in Section 12.2 of this Agreement.

3.10 Loan Origination Data.

3.10.1 Notwithstanding any other provision of the Agreement, SunTrust hereby authorizes FMER to retain and use records of applicable data and information relating to Borrowers and Cosigners received under this Agreement, in identified form, for the limited purpose of calculating cumulative education debt, annual loan limits and Program limits with respect to the Application, and to provide Program Support Services set forth in this Agreement.

3.10.2 Notwithstanding the foregoing or any other provision of this Agreement to the contrary, FMER may retain and use records of data and information relating to Primary Applicants, Secondary Applicants, Borrowers, and Cosigners received under this Agreement, in identified form, for the limited purpose of identifying red flags or indications of identity theft or other fraud (“Fraud Database Data”). If SunTrust’s education loan applications have previously been processed by FMER prior to the date of this Agreement (in FMER’s capacity as either agent for SunTrust or subcontractor of SunTrust’s agent), SunTrust hereby authorizes the use of historic records of application data and information relating to applicants and borrowers received under such agreement, in identified form, by FMER for the limited purposes set forth in the preceding sentence. SunTrust hereby authorizes FMER to disclose the Fraud Database Data to its Affiliates, and to use records of application data and information in FMER’s possession relating to any of SunTrust’s historic education loan applications, for the limited purposes set forth above.

3.11 Reports. FMER will provide to SunTrust the “Datamart” report as described in Exhibit A on each Business Day. All such reports, transmittals, records or data files required, maintained or provided by FMER hereunder shall be accurate in all material respects, and SunTrust shall have the right to rely thereon. Additional reports, including reports for SunTrust’s use in connection with regulatory matters, shall be prepared by FMER as may be mutually agreed by the Parties at an additional cost.

3.12 Subcontractors. FMER or FMC may retain Subcontractors to provide customer service and ministerial services in connection with its performance of Loan Processing Services, provided, however, that any such Subcontractors other than the Initial Vendors must be approved by SunTrust in accordance with the procedure set forth for Advertising Firms and Marketers in Section 2.7.2.

ARTICLE 4. PROGRAM SUPPORT SERVICES

4.1 Program Analytics and Development.

4.1.1 From time to time, but no less frequently than once every six (6) months, FMC shall review the Pools on an aggregate basis and present such findings to SunTrust regarding product reconfigurations including, but not limited to, the following categories: pricing, tier construction, Borrower/Cosigner credit profile and other data, annual and cumulative borrowing limits, and repayment terms in the Guidelines. The Parties may recommend changes to the Program based on such review or on such factors or at such other times as may be determined by the Parties. In addition, SunTrust may at any time and based on its own analysis, propose changes to the Program. If the Parties agree with the other Party’s recommendations and proposed changes to the Program, each Party shall approve such recommendations by executing an addendum or amendment to the Guidelines or an amended and restated Exhibit D hereto, as appropriate, which revised Exhibit shall be deemed to be a part of this Agreement upon execution, and any changes pursuant to such revised Exhibit shall be implemented as soon as reasonably practicable, or upon the effective date provided in the applicable revised Exhibit. If the Parties do not agree on the recommended changes within ten (10) Business Days of the applicable request, the Parties shall confer in good faith about the proposed changes. If the Parties cannot agree on such changes within thirty (30) days after the date a Party first delivered recommendations to the other Parties, then any Party may, by notice to the other Parties delivered no later than thirty (30) days after the expiration of such thirty (30) day period during which changes could not be agreed, terminate this Agreement on fifteen (15) days’ written notice to the other Parties, subject to Section 18.1 and Section 18.3 hereof. Notwithstanding the foregoing, changes to the Pricing Schedule shall be subject to Section 3.7 and not to this Section 4.1.1.

4.1.2 FMC shall assist SunTrust with the initial and ongoing administration of the Program by providing Program analytics and portfolio performance reporting on the Pools. FMC shall provide a key metrics report monthly, containing the information set forth in Schedule 1 to Exhibit C or as otherwise agreed to in writing by the Parties; provided however, that FMC shall not be required to deliver such report more frequently than weekly. To support this service, SunTrust will provide or cause to be provided to FMC accurate and complete origination and servicing information periodically as reasonably requested by FMC, including the amount of paid and unpaid principal and accrued interest with respect to each Loan, and payment status, together with the information contained in the data requirements set forth in this Agreement. FMC may create, use and disclose, in any manner reasonably necessary, any data, or statistical abstracts of data, from Primary Applicants, Secondary Applicants, Borrowers and Cosigners as long as all information which identifies, or which reasonably could be used to identify Primary Applicants, Secondary Applicants, Borrowers or Cosigners has been removed. FMC and SunTrust shall participate in monthly conference calls to review portfolio performance, and the Parties shall discuss whether to implement changes to the Guidelines. As a result of its analysis of Loan data and performance metrics, FMC may also provide SunTrust additional services such as retention strategies and prepayment mitigation strategies, as agreed to in writing from time to time.

4.1.3 FMC shall provide Services under this Section 4.1 in good faith and in accordance with the same standard of care, judgment and conduct as would be used by a reasonable and prudent professional providing such Services. FMC EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING OR RELATING TO FORWARD-LOOKING PORTFOLIO

METRICS AND OTHER PREDICTIVE MEASURES, DOCUMENTS, MATERIALS, ANALYSES, AND STATEMENTS IT PROVIDES TO SUNTRUST (COLLECTIVELY, “FORWARD-LOOKING MATERIALS”). WITH RESPECT TO THE FORWARD-LOOKING MATERIALS, FMC (A) SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTY ARISING UNDER STATUTE OR OTHERWISE IN LAW OR FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OR TRADE PRACTICE; AND (B) DOES NOT WARRANT, GUARANTEE, OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THE FORWARD-LOOKING MATERIALS IN TERMS OF CORRECTNESS, QUALITY, ACCURACY OR RELIABILITY.

4.2 Post-Disbursement Loan Servicing. FMC shall perform its obligations to SunTrust as Program Administrator, as defined and more fully set forth in the Servicing Agreement.

4.3 Loan Sale; Right of First Refusal.

4.3.1 SunTrust agrees, in consideration of FMC’s undertakings pursuant to this Agreement, that if SunTrust seeks or offers to sell, transfer, or assign one or more Loans to any Person other than one of its Affiliates, SunTrust shall notify FMC of any such proposed sale, transfer, or assignment, and invite FMC and its Affiliates to participate as a potential purchaser in any bid process in connection therewith. Prior to accepting any bid in the bid process (a “Bid Acceptance”), or if SunTrust receives any bona fide third-party written offer to purchase such Loan(s) outside of a bid process initiated by SunTrust (“Third-Party Offers”), SunTrust shall, prior to any Bid Acceptance or prior to accepting any Third-Party Offer, provide a copy of the terms of the leading bid (the “Leading Bid Terms”) or the Third-Party Offer, as applicable, to FMC, and FMC (or an entity affiliated with or sponsored by FMC) shall have the sole and exclusive right to notify SunTrust within [**] Business Days that it will purchase such Loan(s) on the Leading Bid Terms or the terms of the Third-Party Offer, as applicable. If, within [**] Business Days after receipt of the Third-Party Offer or Leading Bid Terms from SunTrust, FMC (or an entity affiliated with or sponsored by FMC) notifies SunTrust that it declines to purchase, or fails to notify SunTrust that it (or an entity affiliated with or sponsored by it) will purchase such Loan(s) on the terms of the Third-Party Offer or the Leading Bid Terms, SunTrust shall within its sole discretion be entitled to sell such Loan(s) to that third party, in whole or in part, for its own account on the terms of the Third-Party Offer or Leading Bid Terms, as applicable, free and clear of any claim under this Agreement.

4.3.2 SunTrust shall not, without the express written consent of FMC, transfer, sell, or assign any Loan to a “variable interest entity”, within the meaning of Accounting Standards Codification, 810-10, Consolidation, if such transfer, sale, or assignment would require FMC to consolidate any such Loan or such entity on its balance sheet.

4.3.3 The funds in the Participation Account (including ongoing rights and obligations related to Recoveries) shall accompany any transfer, sale or securitization of Loans and be available for the transferee under the terms of this Agreement if the rights of FMC and FMER to perform Services related to such Loans and receive compensation for such Services under the terms of this Agreement are also transferred.

4.4 Portfolio Management Services Generally.

4.4.1 SunTrust hereby retains FMER to perform Portfolio Management Services. FMER shall develop default prevention and collection strategies and customized Loan treatment streams to minimize credit losses. Activities will include:

(a) promotion of the 0.25% interest rate reductions for automatic payments and the additional automatic payment benefit for SunTrust account holders, to educate consumers about the savings that can be achieved by using automatic payments;

(b) multi-channel (mail, secure e-mail and outbound calling) contact strategies; or

(c) development and optimization of tools (payment plans, forbearance, payment vehicles, etc.) tailored to SunTrust needs.

In carrying out its duties with respect to the Portfolio Management Services and subject to Section 4.5 and FMER’s indemnification obligations set forth herein, FMER may retain and employ Subcontractors as provided herein.

4.4.2 Nothing in this Agreement shall be construed to require or permit FMER to undertake direct or indirect collection activities with respect to Borrowers or Cosigners, it being the intent of the Parties that consumer-facing collection activities be conducted by Subcontractors primarily engaged in the business of collecting consumer debts for third parties.

4.4.3 SunTrust shall cause Servicer to provide to FMER (a) consumer file data in the manner and form described in Section 4.8.1, and (b) view-only access to Loan accounts on Servicer’s system.

4.5 Default Prevention Services. FMER shall provide Default Prevention Services as described in this Section 4.5 (“Default Prevention Services”).

4.5.1 FMER shall retain and be responsible for licensed, third party Subcontractors who are Approved Collectors to perform Default Prevention Services as requested by SunTrust. FMER shall ensure Subcontractors perform Default Prevention Services in compliance with all Requirements of Law and this Agreement. FMER shall manage Subcontractors in order to minimize losses from those categories of Delinquent Loans for which SunTrust and FMER agree from time to time that Default Prevention Services will be performed (i.e., Loans at or beyond a specified stage of delinquency). Such tactics shall be undertaken in order to incent Borrowers and Cosigners who are past due but with respect to whom Servicer has not yet submitted a notification of a Charged Off Loan (in the manner set forth in the Servicing Guidelines) to SunTrust to become current. FMER shall require Subcontractors to provide dedicated staff to make outbound calls related to past due accounts referred by FMER and receive inbound calls resulting from Subcontractor’s efforts. FMER also shall require Subcontractors to draft and mail letters (subject to prior review and approval by SunTrust) and conduct other activities reasonably calculated to minimize losses from Delinquent Loans. Default Prevention Services include both telephonic and mail contacts, as well as address verification and skip tracing; provided, however, Default Prevention Services shall not include any activity that is prohibited by Requirements of Law, as determined by SunTrust in its sole discretion.

4.5.2 FMER shall use commercially reasonable efforts to maximize collections in connection with the operations of Subcontractors.

4.5.3 Notwithstanding anything to the contrary herein or in the Guidelines or Servicing Agreement, and regardless of the length of the delinquency of any Loan, in no event shall FMER and the applicable Subcontractors continue the Default Prevention Services with respect to each applicable Loan past the date a Charged Off Loan notification is submitted with respect to such Loan in accordance with the Servicing Guidelines.

4.5.4 Loan Payments. Except as set forth in this Section 4.5.4, neither FMER nor any Subcontractor shall solicit payments directly to FMER or the Subcontractor from any Borrower or Cosigners or any other Person with respect to a Delinquent Loan, or accept payments from any Borrower or Cosigner or any other Person with respect to a Delinquent Loan. Subcontractors shall direct Borrowers, Cosigners, and any other Persons making payments on behalf of a Borrower or a Cosigner with respect to a Loan to make such payments directly to Servicer or may (i) receive payments by electronic check or other electronic means and post such payments directly to Servicer’s payment system of record, such that the Subcontractor shall have processed the payment on behalf of SunTrust but will not itself have received the payment funds, or (ii) process payments as an ACH transmission whereby entries

are initiated by the Subcontractor to the Automated Clearinghouse through the rules and guidelines established by the National Automated Clearinghouse Association as in effect from time to time. The Parties also acknowledge and agree that a Subcontractor may facilitate payments to Servicer by taking information from a Borrower, Cosigner, or other Person necessary to effectuate such payments, and forwarding such information to Servicer. This Section 4.5.4 shall not affect the ability of Approved Collectors to forward Borrower and Cosigner payments.

4.6 Subcontractors. FMC and/or FMER may utilize the services of the Subcontractors listed in Schedule 2 to Exhibit C in the performance of FMC’s and/or FMER’s Services, provided that: (a) FMC and/or FMER take commercially reasonable due diligence measures before engaging such Subcontractor, and on at least an annual basis thereafter, (b) FMC and FMER will remain liable for all responsibilities and obligations of FMC and/or FMER under the terms and conditions of this Agreement, even if some of such responsibilities and obligations are performed by FMC’s or FMER’s Subcontractors; and (c) FMC and/or FMER enters into a written Agreement with any such Subcontractor that requires the Subcontractor to abide by the terms and conditions of this Agreement, including Requirements of Law, that are applicable to FMC and/or FMER, as applicable. FMC and FMER will pay, and hereby accept full and exclusive liability for the payment of, any and all contributions and taxes for unemployment compensation, disability insurance, old age pension, or annuities, and all similar provisions now or hereafter imposed by any Governmental Authority, which are imposed with respect to or measured by wages, salaries, or other compensation paid by FMC and/or FMER to its Personnel; provided, however, that with respect to Subcontractors, the foregoing obligates FMC and/or FMER to compensate Subcontractor Personnel only as between SunTrust, on the one hand, and FMC and/or FMER, on the other hand. Nothing in this Agreement shall obligate SunTrust to compensate Personnel, including Personnel of Subcontractors.

4.7 Special Accounts.

4.7.1 Bankruptcy. In the event any Borrower or Cosigner becomes a debtor under the U.S. Bankruptcy Code , FMER shall accept from Servicer the documentation specified under “Bankruptcy Notification” set forth in the Servicing Guidelines and file necessary proofs of claim and other documents required to preserve SunTrust’s interests in the subject Loan. FMER shall promptly forward to SunTrust any notice of an adversary proceeding received by it, and the management and defense of such proceeding shall be conducted in accordance with Section 4.7.3.

4.7.2. Partial Discharge in Bankruptcy. The Party responsible for coverage of the Charged Off Loan under Section 7.1.4 of this Agreement shall be entitled to any recoveries resulting from partial discharge or settlement of such Charged Off Loan.

4.7.3 With respect to Loans where a Borrower or Cosigner is a debtor in a bankruptcy proceeding for which litigation will be initiated or defended, FMER, on behalf of SunTrust, shall be responsible for supervising Approved Collectors, who subcontract with collection attorneys who shall be engaged to litigate such matters on behalf of FMER and SunTrust (“FMER Managed Litigation”). FMER shall promptly transmit to SunTrust any pleadings or other documents it receives naming SunTrust in collection litigation, including counterclaims in FMER Managed Litigation. Fees for collection attorneys shall be shared equally between FMC and SunTrust and included in monthly invoices. With regard to FMER Managed Litigation, FMER will provide evidentiary support for collection agencies and their attorneys, including basic factual orientation, copies of documents, records of account balances, affidavits and testimony, as reasonably necessary. FMC in its role as Program Administrator shall obtain from Servicer original documents as necessary. FMER shall supervise the progress of FMER Managed Litigation and review the progress of such litigation at least quarterly. Such review shall include the establishment and prosecution of appropriate post-judgment enforcement, to the extent lawful. FMER shall regularly report to SunTrust on the progress of such matters and consult with SunTrust regarding

litigation strategy, and shall provide reasonable notice to SunTrust regarding any need for SunTrust deposition and trial witnesses and requests for records and discovery responses. For Charged Off Loans where the Charged Off Loan payment is paid by FMC, Approved Collectors may be authorized by FMER to settle Loan claims in exchange for immediate payment where such settlement is, in the reasonable judgment of FMER, advisable to maximize recovery on the Loan in light of all relevant facts and circumstances. Additionally, FMER (and Approved Collectors) shall have any settlement authority as mutually agreed by SunTrust and FMC from time to time.

4.7.4 Deceased. With respect to any Loan other than a Charged Off Loan, in the event any Borrower or Cosigner subject to the Portfolio Management Services is deceased, FMER shall be obligated to perform the applicable activities required under this Agreement, the Guidelines and the Servicing Agreement related to such deceased person.

4.7.5 Fraud. With respect to any Application or Loan for which fraud or identity theft is alleged, FMER shall assist SunTrust by promptly performing its obligations and services required under the terms of this Agreement, the Guidelines and the Servicing Agreement.

4.7.6 Complaints and Requests for Information. In addition to any requirements set forth in the Guidelines and the Servicing Agreement, FMER will immediately notify SunTrust regarding any written consumer complaint that it receives relating to the Services performed under this Agreement, and shall forward a copy of the complaint to SunTrust. FMER shall not respond to any complaint or request for information on SunTrust’s behalf without prior written approval of such response and attachments, if any. FMER will compile and maintain an accurate record of all complaints received and responded to and provide such record to SunTrust on a monthly basis. FMER will also cooperate by providing information, documents and data requested by SunTrust in order to facilitate response by SunTrust to any complaints it receives related to the Program or any Application taken or Loan made pursuant to the Program. SunTrust may require FMER to implement additional procedures for receiving, record-keeping and response to Applicant or Borrower complaints, with the terms of such procedures as mutually agreed to by Lender and FMER. Notwithstanding the foregoing, FMER shall implement any such additional procedures required by Requirements of Law.

4.7.7 Court Orders and Litigation. In addition to the requirements in the Guidelines and the Servicing Agreement, FMC and/or FMER shall promptly notify SunTrust upon receipt of any subpoenas to forward documents, testify in court proceedings or otherwise provide evidence with respect to its performance of any Services hereunder, and respond to such subpoenas. FMC and/or FMER shall provide a copy of such responses, if applicable and if permitted by Requirements of Law, to SunTrust. FMC and/or FMER shall promptly notify SunTrust upon receipt of any subpoenas to forward documents, testify in court proceedings or otherwise provide evidence where SunTrust is the addressee or named recipient.

4.8 Servicer Data to be Delivered for Program Support Services

4.8.1

Data Requirements:

4.8.1.1 On a daily basis, SunTrust shall, through the Servicer, provide the following data to FMC, along with other data reasonably requested from time to time and necessary for the performance of the Services:

•

Default prevention data regarding Loans thirty-one (31) or more days past due

•

Default claims data for Charged Off Loans

•

Loan level Borrower and Cosigner communication details and call disposition data reflecting dates and times of attempts and contacts, current principal balance, amounts outstanding and past due, promise-to-pay dates and other results of calls

4.8.1.2 On a weekly basis, SunTrust shall, through the Servicer, provide the following data to FMC, along with other data reasonably requested from time to time and necessary for the performance of the Services:

•

Loan level detail, including information on the following subjects:

•

Identifying information, such as account ID, name, address, birth date, Social Security number, and telephone number

•

Disbursement Date and amount

•

Loan type

•

Current principal balance

•

Interest rate, accrued interest, and capitalization

•

Current loan status

•

Forbearance

•

Deferment

4.8.1.3 On a monthly basis, SunTrust shall, through the Servicer, provide the following data to FMC no later than the third (3^rd) Business Day of each month, along with other data reasonably requested from time to time and necessary for the performance of the Services:

•

Loan level detail, including information on the following subjects:

•

Commonline data

•

Identifying information, such as account ID, name, address, birth date, Social Security number, and telephone number

•

Disbursement Date and amount

•

Loan type

•

Current principal balance

•

Interest rate, accrued interest, and capitalization

•

Current Loan status

•

Forbearance

•

Pricing tier

•

Loan payments

•

Repayment period

•

School that Borrower graduated from

•

Transaction details for the month reflecting account activity

•

Data reflecting eligibility for and usage of borrower benefits

4.8.2 Data Format and Transmission: Lender shall cause the Servicer to deliver the files set forth in Section 4.8.1 in a format and manner that is reasonably acceptable to FMC.

4.9 Portfolio Management Transfer. SunTrust reserves the right to perform all Services set forth in Sections 4.4 through 4.8 upon [**] Business Days prior written notice to FMC if, after the full funding of the Participation Account at the end of the Initial Term and at the time SunTrust delivers such notice, the amount of the balance in the Participation Account is below [**] percent ([**]%) of the Participation Percentage multiplied by Outstanding Loan Volume. For example, if Outstanding Loan Volume is $[**],

and the Participation Percentage is [**]%, then SunTrust may deliver to FMC its notice of its election to perform all Services set forth in Sections 4.2 and 4.4 to 4.8 if the balance in the Participation Account is less than $[**]. In the event SunTrust provides such notice to FMC, and the Services provided in this Section 4 are terminated, (a) the transition rules set forth in Section 18.3.2 shall apply, and (b) after the end of the Transition Period, SunTrust shall no longer be obligated to pay to FMC any fees other than the Program Administration Services Fee and the Participation Account Administrative Fee, subject to Sections 6.2, 18.3.1(b) and (c).

ARTICLE 5. PURCHASE

5.1 FMC’s Purchase Obligations. SunTrust shall be entitled to cause FMC (or its Affiliate designee) to purchase, subject to the terms and conditions set forth in this Article 5, any Loan (each such Loan purchased pursuant to this Article 5, a “Purchased Loan”). Such right shall apply to any Loan that is reasonably determined by SunTrust to be a Loan which should not have been approved due to FMER’s or FMC’s failure to comply in any material respect with the terms of this Agreement, the Guidelines or Requirements of Law, and not due to any written instruction of SunTrust related to the Loan or failure by SunTrust to fulfill its obligations under this Agreement, the Guidelines, or Requirements of Law related to the Loan. In order to exercise such purchase right, SunTrust shall make demand of FMC in writing that FMC purchase such Loans as have been so determined for an amount equal to the Purchase Price, calculated in the manner set forth below. If FMC objects to SunTrust’s characterization of any Loan as a Loan which should not have been approved, the dispute resolution procedure set forth in this Agreement shall apply; if FMC provides no such objection to SunTrust within ten (10) Business Days of SunTrust’s written purchase demand, then FMC shall pay SunTrust the Purchase Price in immediately available funds (outside of funds in the Participation Account) within fifteen (15) Business Days after receipt of SunTrust’s purchase notice.

5.2 Purchase Price. The “Purchase Price” for each Purchased Loan shall be an amount equal to the outstanding balance of the Loan, including accrued and unpaid interest through the date the Loan is removed from the Servicer’s system, plus the refund to SunTrust of any Loan Processing Fees previously paid for such Loan pursuant to Section 6.3.1.

5.3 Conveyance. Upon payment of the Purchase Price with respect to such Purchased Loan, SunTrust shall convey to MG Private Student Loan Trust 2012-1, at FMC’s cost and expense, any such Purchased Loan. No later than the time that is contemporaneous with the payment of the Purchase Price, SunTrust shall deliver, or cause to be delivered, to MG Private Student Loan Trust 2012-1 (or its designee) the Credit Agreement, all related Loan documentation and complete Loan file relating to such Purchased Loan and shall execute and deliver such instruments of transfer or assignment, in each case without recourse absent any violation by FMC or SunTrust of Requirements of Law or the Credit Agreement, as shall be necessary to vest in FMC (or its Affiliate designee) title to such Purchased Loan.

ARTICLE 6. FEES

6.1 Invoices. All fees will be invoiced to SunTrust by FMC on behalf of itself and FMER at the following address:

SunTrust Bank

SunTrust Education Loans

1001 Semmes Avenue

Richmond, VA 23224

Attn: Marnie Crane

SunTrust may change its designated address for invoices at any time by written notice to FMC which meets the requirements of Section 19.1.

6.2 General. All fees shall be paid by SunTrust within sixty (60) days after SunTrust’s receipt of the invoice therefore, except fees subject to good faith dispute between the Parties. Except as set forth in this Article 6, Section 18.1, Section 18.3.1, or as otherwise set forth in this Agreement, no fees will be paid after the termination of this Agreement, except for Applications which have already been submitted and credit approved prior to the termination of this Agreement. In the event of any occurrence triggering SunTrust’s right to terminate this Agreement under Section 18.2.1, if, despite Section 7.1.11, an action of the bankruptcy court in the FMC bankruptcy proceeding causes a reduction in the funds available to SunTrust in the Participation Account pursuant to Section 7.1, SunTrust may, if consistent with any orders of such bankruptcy court, withhold any amounts otherwise payable to FMC or FMER pursuant to this Article 6 to the extent that amounts remaining in the Participation Account are insufficient to fulfill the obligations of FMC under Article 7. Except pursuant to an indemnity obligation or as otherwise expressly stated in this Agreement, no other amounts shall be due or payable by SunTrust.

6.3 Loan Processing Services Fees.

6.3.1 For the Loan Processing Services rendered during the Term of this Agreement, FMC shall invoice to SunTrust on a monthly basis, and SunTrust shall pay to FMER fees (the “Loan Processing Fees”) equal to $[**] for each Underlying Loan, up to but no greater than four (4), included in each Configured Application for the prior month, plus [**]% of the principal amount of the Disbursed Loan Amount for the prior month. Such fees may be payable for the same Loan in different months, for example, if an Application is configured in May but Disbursement is in June. The fee for Configured Applications shall apply only the first time an Application is configured and not on subsequent configurations of the same Application.

6.3.2 Loan Processing Fees shall be invoiced monthly as agreed by the Parties from time to time and in an agreed upon format. FMC’s invoice for FMER’s Loan Processing Services will state the number and amount of Loans disbursed during the month covered by the invoice. FMC’s invoice shall contain the total number of Configured Applications and Disbursed Loan Amount covered by the invoice and the supporting documentation accompanying such invoice shall state the number of each Configured Application and number and dollar amount of each Underlying Loan(s).

6.3.3 FMER shall be responsible for all fees incurred by FMER in requesting credit bureau reports and related services through a service provider mutually agreed to by FMC and SunTrust. SunTrust shall take the necessary actions to cause such invoices to be forwarded to FMER for payment, and FMER shall timely pay such invoices in accordance with the requirements of the service provider or its billing agent.

6.4 Program Support Services Fees.

6.4.1 For Program Support Services rendered during the Term of this Agreement, other than Production Support Services and Program Administration Services, SunTrust shall be responsible for paying an ongoing monthly fee equal to [**]% multiplied by the Average Daily Balance, divided by [**]. SunTrust shall be invoiced on a monthly basis by FMC and shall remit payment to the Servicer for all Program Support Services fees incurred hereunder.

6.5 Participation Account Administrative Fee; Program Administration Services Fees.

6.5.1 For administration of the Participation Account, SunTrust shall pay the monthly Participation Account Administrative Fee as set forth in this Agreement. For Program Administration Services, SunTrust shall pay FMC the monthly Program Administration Services Fee.

6.5.2 SunTrust shall be invoiced for this fee monthly by FMC.

6.5.3 Notwithstanding Section 6.5.1, in the event the Program Administration Services Fee is less than $0, SunTrust shall offset the Participation Account Administrative Fee by an amount equal to the amount the Program Administration Services Fee falls below $0.

6.6 After termination of this Agreement, SunTrust shall continue to pay FMC the Program Administration Services Fee on a monthly basis.

6.7 For example purposes only, with respect to the fees for Program Support Services, Participation Account Administration, and Program Administration Services:


Average Daily Balance	$	[**]
Monthly Accrued Interest	$	[**]
Sum of accrued interest due to FMC in each pricing segment	$	[**]
Program Support Services Fee	$	[**]	([*]% Average Daily Balance)/ [**]
Participation Account Administrative Fee (monthly)	$	[**]	([*]% Average Daily Balance)/ [**]
Program Administration Services Fee (monthly)	$	[**]	(FMC Share of Portfolio Yield, less the Program Support Services Fee, less the Participation Account Administrative Fee)

ARTICLE 7. FMC CREDIT ENHANCEMENT

7.1 Participation by FMC. In connection with Loans originated and funded under the terms of this Agreement, FMC agrees to fund the Participation Account for charge off coverage and credit enhancement purposes as set forth in this Article 7. The Participation Account shall be governed by this Article 7 and the other provisions of this Agreement relating to the Participation Account (including, for example, Section 18.3.1) or otherwise necessary for the interpretation of this Article 7 or any such provisions, including any definitions or other provisions set forth in Article 1. SunTrust agrees to compensate FMC, by paying to FMC an undivided fractional interest in the Portfolio Yield from its portfolio of such Loans, on the following terms and conditions:

7.1.1 Initial Participation Account Deposit; Quarterly Participation Account Deposits. Prior to the commencement of the Loan Processing Services, FMC shall deposit the Initial Participation Account Deposit in a Participation Account for the initial Pool, which amount shall be counted toward the Participation Cap. Not later than fifteen (15) days following the end of each calendar quarter, FMC shall calculate the average of (i) the Participation Interest on the Expected Loan Volume for the initial Pool as of the end of such quarter and (ii) the Participation Percentage multiplied by the Disbursed Loan Amount as of the end of such quarter, in each case after giving effect to changes to the Projected Default Rate as of quarter-end. Not later than fifteen (15) days following the end of the calendar quarter, and subject to the Participation Cap, FMC shall deposit in the Participation Account the amount, if any, by which the foregoing average exceeds the cumulative previous deposits made by FMC to the Participation Account as of the end of such quarter (each, a “Participation Account Deposit”). For the avoidance of doubt, such calculation shall be made and a corresponding Participation Account Deposit shall be made, if necessary, following the final quarter of the Initial Term. The Parties intend that additional Participation Account Deposits shall be made by FMC quarterly through the expiration or termination of this Agreement, subject to the Participation Cap, to the extent the distribution of the Disbursed Loan Amount among pricing tiers changes the Projected Default Rate, and therefore, the Participation Interest, for the Pools, taken together.

7.1.2 Initial Participation Account Deposit Reconciliation. On the last day of the month in which the first anniversary of the Initial Participation Account Deposit by FMC occurs, FMC shall be entitled to a payment from the Participation Account of any amount by which the sum of Participation Account Deposits exceeds the Participation Percentage multiplied by the Disbursed Loan Amount, through the last day of such month (e.g., if Loan volume is substantially below projections, the amount, if any, by which the Initial Participation Account Deposit exceeded the required deposit for Disbursed Loan Amount during the first year of the Agreement). SunTrust agrees to withdraw and pay such amounts to FMC within fifteen (15) calendar days after the end of such month.

7.1.3 Participation Account Deposits for Subsequent Pool; Reconciliation. With respect to the second Pool during the Initial Term, subject to the Participation Cap, FMC shall deposit an Initial Participation Account Deposit in the Participation Account prior to the disbursement of the first Loan in such Pool. Not later than fifteen (15) days following the end of each calendar quarter during the second year of the Initial Term, FMC shall calculate the average of (i) the Participation Interest on the Pools as of the end of such quarter and (ii) the Participation Percentage multiplied by the Disbursed Loan Amount as of the end of such quarter, in each case after giving effect to changes to the Projected Default Rate as of quarter-end. Not later than fifteen (15) days following the end of the calendar quarter, FMC shall deposit in the Participation Account the amount, if any, by which the foregoing average exceeds the cumulative previous deposits in the Participation Account as of the end of such quarter, minus amounts paid from the Participation Account pursuant to Section 7.1.2. Not later than 270 days following the end of the then-current Term, and subject to the Participation Cap, (a) if the sum of previous deposits in the Participation Account as of the end of the then-current Term, less any amounts paid from the Participation Account pursuant to Section 7.1.2, is less than the Participation Percentage for all Pools multiplied by the Disbursed Loan Amount, for all Pools as of the end of the then-current Term, after giving effect to changes to the Projected Default Rate as of the end of the Term, then FMC shall deposit a final Participation Account Deposit into the Participation Account equal to the amount of such difference, or (b) if the sum of all Participation Account Deposits, less any amounts paid from the Participation Account pursuant to Section 7.1.2, is greater than the Participation Percentage for all Pools multiplied by the Disbursed Loan Amount, then FMC shall be entitled to payments from the Participation Account of any amount by which the sum of Participation Account Deposits, less any amounts paid from the Participation Account pursuant to Section 7.1.2, exceeds the Participation Percentage for all Pools as of the end of the Term multiplied by the Disbursed Loan Amount. SunTrust agrees to withdraw and pay to FMC such amounts subject to subsection (b) above, if any, no later than two hundred eighty-five (285) days after the end of the Term.

7.1.4 Charged Off Loan Payments.

7.1.4.1. First Loss Coverage. FMER shall pay SunTrust for Charged Off Loans up to the First Loss Maximum (such Charged Off Loans, the “First Loss Coverage Loans”). The Parties anticipate and agree that Participation Account Deposits shall generally be used to make such payments; however, FMC agrees to make payments to SunTrust for Charged Off Loans up to the First Loss Maximum regardless of whether there are any releases that occur pursuant to Section 7.1.7. Not later than forty-five (45) days following the end of each month, SunTrust shall withdraw on a monthly basis from the Participation Account, to the extent of available funds the outstanding principal and accrued interest balance as of the date each Charged Off Loan is moved from the Servicer’s system. On the date of any payment under this Section 7.1.4.1, SunTrust shall only be entitled to withdraw a payment in an amount equal to the outstanding principal and accrued interest balance as of the date each Charged Off Loan is moved from the Servicer’s system to FMC. Funds deposited in the Participation Account under Section 7.1.6 of this Agreement shall not be available for withdrawal by SunTrust under this Section 7.1.4. If in any month the amount in the Participation Account is insufficient to make such payments to SunTrust for the amount of outstanding principal and accrued interest for all Charged Off Loans eligible for reimbursement to SunTrust under this Section (regardless of any Participation Account Payments permitted to FMC pursuant to Section 7.1.7), SunTrust may invoice FMC for the amount remaining due to SunTrust. In the event FMC does not pay SunTrust’s invoice in full within thirty (30) days of the invoice date, SunTrust shall be entitled to offset the unpaid amount against any amounts due from SunTrust to FMC.

7.1.4.2 Second Loss Coverage. No funds from the Participation Account or FMC shall be used to pay for the amount of Charged Off Loans between the First Loss Maximum and the Second Loss

Maximum. For Charged Off Loan amounts between the First Loss Maximum and the Second Loss Maximum (such Charged Off Loans, the “Second Loss Coverage Loans”), SunTrust shall be responsible for covering the outstanding principal and accrued interest balance for each such Charged Off Loan as of the date each Charged Off Loan is moved from the Servicer’s system to SunTrust.

7.1.4.3. Third Loss Coverage. No funds from the Participation Account shall be used to pay for the amount of Charged Off Loans in excess of the Second Loss Maximum. For Charged Off Loan amounts in excess of the Second Loss Maximum (such Charged Off Loans, the “Third Loss Coverage Loans”), SunTrust and FMC shall each be responsible for covering [**] per cent ([**]%) of the Charged Off Loans, as follows. Each of SunTrust and FMC shall cover the outstanding principal and accrued but unpaid interest as of the date each Charged Off Loan is moved from the Servicer’s system for the Charged Off Loans that are Third Loss Coverage Loans). On a monthly basis, FMC shall include in the monthly invoice prepared pursuant to Article 6, the dollar amount (for the even Social Security Numbers) of Charged Off Loans that were removed from the Servicer’s system as Charged Off Loans in the month covered by the invoice. In each monthly invoice, (a) the Third Loss Coverage Loans ending in an even SSN for that month shall be listed, and FMC shall be responsible for payment to SunTrust of the dollar amount of those Loans. SunTrust will be responsible for Charged Off Loans ending in an odd Social Security Numbers. If either FMC or SunTrust is responsible, in dollars, for more Third Loss Coverage Loan volume than the other in any six month period, a true up process will occur in the next six months where the party that had the lesser amount of charge-offs will purchase an amount in the next month(s) that would be equal to the deficit regardless of Social Security Number. If in any month the amount owed by FMC for Third Loss Coverage Loans exceeds all fees owed to FMC and FMER under this Agreement for the month covered by the invoice, FMC shall pay to SunTrust within thirty (30) days after the date of the invoice the amount owed by FMC for Third Loss Coverage Loans in such month exceeds all fees owed to FMC and FMER under this Agreement for the month covered by the invoice. In the event the payment is not made by FMC within thirty (30) days, SunTrust has the right to offset future invoices until the amount owed by FMC is $0.

7.1.5 Loan Transfer Upon Charge Off. After payment for FMC assigned Charged Off Loans under Sections 7.1.4.1 and 7.1.4.3 above, SunTrust shall assign each Charged Off Loan to FMC (or its Affiliate designee) by delivering, or causing to be delivered, the Credit Agreement, all related Loan documentation and complete Loan file relating to such Charged Off Loan and shall execute and deliver such instruments of transfer or assignment, in each case without recourse absent any violation by FMC or SunTrust of Requirements of Law or the Credit Agreement, as shall be necessary to vest in FMC (or its Affiliate designee) title to such Charged Off Loan.

7.1.6 Participation Account Administrative Fee. Not later than forty-five (45) days following the end of each month, SunTrust shall deposit the Participation Account Administrative Fee in the Participation Account. Regardless of whether funds in the Participation Account are sufficient to cover the payment to SunTrust for any Charged Off Loan, the Participation Account Administrative Fee deposited by SunTrust shall be released to FMC within two (2) Business Days of deposit into the Participation Account. During the Term, the Participation Account Administrative Fee shall be modified quarterly to reflect the extent to which the distribution of the Disbursed Loan Amount among pricing tiers changes the Projected Default Rate for the Pool. FMC shall invoice SunTrust for the amount of such fee as set forth in Section 6.2.

7.1.7 Participation Account Payments. In addition to any payments set forth in Section 7.1.2, payments shall be made to FMC monthly, after the date that is forty-eight (48) months after the Effective Date, to the extent that funds in the Participation Account as of the end of any month, as a percentage of Outstanding Loan Volume as of the end of such month, exceed the Participation Percentage, as calculated after the last Loan disbursement has been funded (such excess, the “Participation Account Excess Percentage”). Such monthly payment to FMC at the end of any such month (the “Participation Account Payment”) in which the Participation Account Excess Percentage is positive shall equal the Participation

Account Excess Percentage multiplied by the Outstanding Loan Volume at the end of such month. SunTrust shall be required to withdraw the amount of each such Participation Account Payment from the Participation Account and make each such Participation Account Payment to FMC no later than forty-five (45) days after receipt of monthly reporting from the Servicer for the month in question.

7.1.8 Recoveries. After the payment to SunTrust with respect to any Charged Off Loans under Section 7.1.4.1, and after SunTrust has assigned the Charged Off Loan to FMC (or its Affiliate designee), Recoveries on First Loss Coverage Loans shall be retained by FMER and/or FMC. Recoveries on Second Loss Coverage Loans shall be retained by SunTrust. After FMC has made payment to SunTrust for any Charged Off Loans under Section 7.1.4.3, and after SunTrust has assigned the Charged Off Loan to FMC (or its Affiliate designee), Recoveries on Third Loss Coverage Loans that are so assigned shall be retained by FMER and/or FMC. Recoveries on Third Loss Coverage Loans that are kept by SunTrust and not assigned to FMC (or its Affiliate designee) shall be retained by SunTrust.

7.1.9 Monthly Statement; Review of Participation Reporting. For so long as there are any funds in the Participation Account, SunTrust shall deliver to FMC, at its address provided pursuant to Section 19.1, no later than fifteen (15) days following the end of any calendar month, a written or electronic statement for the previous calendar month setting forth the balance of the Participation Account as of the last date of such month and all transactions with respect to funds in the Participation Account during such month, including all deposits, withdrawals, payments of interest (and the associated Effective Interest Rate during such period) and any other changes in the balance of the Participation Account, and the corresponding dates thereof within the period. FMC shall review such monthly Participation Account statement during the first ten (10) days after receiving it and shall notify the SunTrust in writing (which may be in the form of an email communication) if it in good faith disputes any items in such report during such 10-day period. If FMC disputes any item in the statement, the payments required in Section 7.1.4 relating to a disputed item shall be withheld until such dispute is resolved to the satisfaction of FMER, SunTrust and FMC. If, within thirty (30) days of receiving a notice of dispute, the Parties are unable to resolve the dispute, any Party may invoke the dispute resolution procedures of this Agreement.

7.1.10 Account Access. SunTrust agrees that it shall provide view-only online access to the Participation Account to FMC and/or FMER employees designated by FMC and/or FMER from time to time.

7.1.11 Security Interest in Participation Account. FMC hereby grants SunTrust a security interest in the Participation Account pursuant to Article 9 of the Georgia Uniform Commercial Code (“Article 9”). SunTrust is responsible for perfecting this security interest in accordance with Article 9 and FMC shall cooperate in good faith to enable SunTrust to perfect its security interest in the Participation Account. SunTrust shall be entitled to enforce its security interest in the Participation Account in accordance with Article 9, subject to the terms of this Agreement, only upon the occurrence of one or more events giving SunTrust the right to terminate this Agreement pursuant to Section 18.2.1 hereof.

7.1.12 Participation Cap and Transition. At such time as FMC has deposited, in the aggregate and inclusive of Initial Participation Account Deposits, [**] dollars ($[**]) in the Participation Account, FMC shall monitor the number and amount of pending Applications and amount of potential Loan disbursements, and FMC and SunTrust shall confer and mutually establish a date to cease accepting new Applications. Such date shall reasonably approximate the date on which cumulative deposits in the Participation Account, whether previously made by FMC or which FMC will be obligated to make once Loan Disbursements are complete, are expected to equal or exceed [**] dollars ($[**]), after giving effect to estimated future Loan Disbursements that will be made for all Applications submitted for a credit inquiry on or before such date. All Applications submitted for a credit inquiry by such date shall be processed in accordance with Section 18.4 of this Agreement, and FMC shall make Participation Account Deposits in connection with any Loans made for such Applications, regardless of whether the total deposits ultimately made by FMC in the Participation Account are less than or greater than [**] dollars ($[**]).

7.1.13 Interest on the Participation Account. For so long as any funds or other amounts remain in the Participation Account, all such amounts shall bear interest on a monthly variable rate. The rate for each month shall be no less than the greater of (a) [**]% or (b) the amount shown in the following table, based upon the balance in the Participation Account (the “Effective Interest Rate”):


CPMMA Default - 30 Day LIBOR
Plan 161
Floor: [**]%
$[] - []	1	[**]
$[] - []	2	[**]
$[] - []	3	[**]
$[] - []	4	[**]
$[] - []	5	[**]
$[**]	6	[**]

For purposes of the table above, LIBOR means the 30-day London interbank offered rate, as published in the “Money Rates” table of The Wall Street Journal Eastern Edition (“LIBOR”) on a particular calendar day of the previous month, as established by SunTrust from time to time with prior notice to FMC. If The Wall Street Journal Eastern Edition is no longer available, FMC and SunTrust shall mutually adopt an alternate source for the one-month LIBOR index.

7.1.14 Additional Provisions Related to the Participation Agreement. SunTrust acknowledges and agrees that the Participation Account shall be a restricted account to be used solely for the purposes described in this Agreement. SunTrust further agrees that it shall not, and has no right to pursuant to this Agreement or otherwise, to withdraw, release, assign or otherwise transfer any funds, accrued interest, or other amounts or assets contained in the Participation Account (any of the foregoing, “Participation Account Assets”) for any purpose or to pay any funds or other amounts from the Participation Account to SunTrust or to any other Person except as and to the extent specifically authorized by this Agreement. Except with respect to withdrawals, releases, payments and the enforcement of its security interest specifically authorized by this Agreement, SunTrust further acknowledges and agrees that it shall not transfer, assign or grant any control over the Participation Account or any Participation Account Assets to any other financial institution or other Person, including any Affiliate of SunTrust, without the prior written consent of FMC. In the event that SunTrust desires to request such consent of FMC, SunTrust acknowledges and agrees that FMC shall be entitled to require that an agreement among FMC, SunTrust and such other Person regarding deposits, withdrawals, procedures and other matters with respect to the Participation Account and this Agreement be entered into prior to any such movement or transfer of the Participation Account or any Participation Account Assets, such agreement to be reasonably satisfactory to FMC.

7.1.15 Additional Representations, Warranties and Covenants of SunTrust Related to Participation Account. SunTrust hereby represents, warrants and covenants to FMC and FMER that, as of the Effective Date, throughout the Term of this Agreement and until such time as no Participation Account Assets remain in the Participation Account:

(i) it is an organization engaged in the business of banking and is acting in such capacity in maintaining the Participation Account at SunTrust hereunder;

(ii) it has established the Participation Account as set forth in this Agreement, and will maintain it in the manner set forth herein until such time as no funds remain in the Participation Account;

(iii) it has not entered into any currently effective agreement with any Person under which SunTrust may be obligated to comply with any instructions with respect to the Participation Account or any Participation Account Assets originated by a Person other than SunTrust or FMC; and SunTrust will not enter into any agreement with any Person under which SunTrust may be obligated to comply with any such instructions originated by a Person other than SunTrust or FMC;

(iv) except for the claims and interests of SunTrust and FMC, SunTrust does not know or have notice of any claim to, or interest in, the Participation Account; SunTrust will keep the Participation Account and the Participation Account Assets free from all other security interests and all liens, encumbrances, garnishments, attachments, executions, levies and rights of any Person other than SunTrust or FMC;

(v) if SunTrust obtains any knowledge of any Person asserting any lien, encumbrance or adverse claim (including any writ, garnishment, judgment, warrant of attachment, execution or similar process) against the Participation Account, SunTrust will promptly notify FMC thereof;

(vi) all cash and money delivered to SunTrust by FMC pursuant to this Agreement for deposit in the Participation Account will be promptly credited to the Participation Account;

(vii) it shall not change a name, account number or designation of the Participation Account without the prior written consent of FMC.

7.1.16 Additional Representations, Warranties and Covenants of FMC and FMER Related to Participation Account. Each of FMC and FMER hereby represents, warrants and covenants to SunTrust that, as of the Effective Date, throughout the Term of this Agreement and until such time as its obligations regarding the Participation Account pursuant to this Agreement have ceased:

(i) neither FMC nor FMER has entered into any currently effective agreement with any Person under which FMC or FMER may be obligated to comply with any instructions with respect to the Participation Account or any Participation Account Assets originated by a Person other than SunTrust or FMC; and FMC and FMER will not enter into any agreement with any Person under which FMC or FMER may be obligated to comply with any such instructions originated by a Person other than SunTrust or FMC;

(ii) except for the claims and interests of SunTrust and FMC, FMC and FMER do not know or have notice of any claim to, or interest in, the Participation Account; FMC and FMER will keep the Participation Account and the Participation Account Assets free from all other security interests and all liens, encumbrances, garnishments, attachments, executions, levies and rights of any Person other than SunTrust or FMC;

(iii) if FMC or FMER obtains any knowledge of any Person asserting any lien, encumbrance or adverse claim (including any writ, garnishment, judgment, warrant of attachment, execution or similar process) against the Participation Account, FMC will promptly notify SunTrust thereof.

ARTICLE 8. REPRESENTATIONS AND WARRANTIES

8.1 Representations and Warranties of the Parties. Each Party hereby represents and warrants to the other Parties as of the Effective Date and throughout the Term of this Agreement as follows:

8.1.1 Organization. It is duly organized, validly existing and in good standing under the laws of its state of organization and/or the United States, and has full power and authority to conduct its business as it is presently being conducted.

8.1.2 Authorization. It has all necessary authority and has taken all necessary action to enter into this Agreement and to consummate the transactions contemplated hereby and to perform its obligations hereunder. This Agreement has been duly executed and delivered by each Party and is a legal, valid and binding obligation of each Party, enforceable against it in accordance with its terms, except as the enforcement thereof may be limited by applicable bankruptcy, insolvency, rearrangement, reorganization or similar debtor relief legislation affecting the rights of creditors generally from time to time in effect and by general principles of equity (regardless of whether such enforcement is sought in a proceeding at law or in equity) and the discretion of the court before which any such proceeding may be brought.

8.1.3 Absence of Conflicts. Neither the execution and delivery of this Agreement by any Party nor the performance by any Party of its obligations hereunder will result in (i) a violation of the articles of incorporation or charter documents of such Party, (ii) a breach of, or a default under any contract, agreement, instrument, lease, commitment, franchise, license, permit or authorization to which such Party is a party or by which it or its assets are bound, which breach or default would have a material adverse effect on its business or financial condition or its ability to consummate the transactions contemplated hereby, or (iii) a violation by such Party of any Requirements of Law, which violation would have a material adverse effect on such Party’s business or financial condition, its ability to consummate the transactions contemplated hereby or perform its obligations hereunder, or which could materially impair the enforceability of the Loans.

8.1.4 Consents and Approvals. Each Party has obtained any and all consents, approvals or authorizations of, and made any and all declarations, filings or registrations with, any Governmental Authority, or any other Person, required to be obtained or made by such Party in order to execute, deliver and perform its obligations under this Agreement or consummate the transactions contemplated hereby, except where the failure to do so would not have a material adverse effect on its business or financial condition, its ability to consummate the transactions contemplated hereby or perform its obligations hereunder, or which would not materially impair the enforceability of the Loans.

8.1.5 Litigation. There is no action, order, writ, injunction, judgment or decree outstanding or claim, suit, litigation, proceeding, labor dispute, arbitral action or investigation pending, or to the actual knowledge of any Party threatened, against or relating to such Party that would likely have a material adverse effect on this Agreement or on its business or financial condition, its ability to consummate the transactions contemplated hereby or perform its obligations hereunder, or which could materially impair the enforceability of the Loans.

8.1.6 Compliance with Law. It does and will at all times comply with all applicable Requirements of Law, in all material respects including the provisions of Title X and the marketing and conduct requirements of Section 1011 thereof, 15 U.S.C. § 1650.

8.1.7 Intellectual Property. It owns, or has the right to use under valid and enforceable agreements, all intellectual property rights reasonably necessary for and related to its performance under this Agreement and such performance will not infringe or violate any intellectual property rights of any other Person.

Each Party is bound by the representations and warranties specifically designated to it within this Agreement and any exhibit attached hereto.

8.2 Representations and Warranties of SunTrust. With respect to Loan Processing Services and subject to FMER’s and FMC’s representations, warranties and covenants regarding compliance with Requirements of Law as expressly set forth in the Agreement, SunTrust represents, warrants and covenants to FMC and FMER that it will at all times comply with all Requirements of Law. Without limiting the generality of the foregoing, SunTrust represents, warrants and covenants that:

8.2.1 the content of all documents and forms provided by SunTrust to FMC or FMER and all instructions with respect thereto, including the forms of Loan Applications and Credit Agreements, comply with all Requirements of Law;

8.2.2 SunTrust is a federally-insured financial institution and has obtained any and all consents, approvals or authorizations of, and made any and all declarations, filings or registrations with, any Governmental Authority, or any other Person, required to be obtained or made by it in order to advertise, make, fund, hold or collect Loans; and

8.2.3 the Guidelines, including but not limited to the Pricing Schedule conform to all Requirements of Law.

8.3 Representations and Warranties of FMER. With respect to Loan Processing Services, FMER hereby represents and warrants to SunTrust, subject to the exceptions noted in subsection 8.3.12 below, as follows:

8.3.1 With respect to each Loan originated hereunder, a Credit Agreement has been duly and properly executed by the Borrower and any Cosigner thereunder and is enforceable against such Borrower and any Cosigner in accordance with its terms except as enforceability may be affected by bankruptcy, insolvency, moratorium or other similar laws affecting the rights of creditors generally and by equitable principles.

8.3.2 Without limiting the generality of the foregoing subsection 8.3.1, each Loan has been made to a Borrower and Cosigner, if any, who, at the time of origination of the Loan:

(i) had the legal capacity to execute and deliver a Credit Agreement under Requirements of Law, including attaining the age of majority;

(ii) was not deceased; and,

(iii) was a United States citizen/national or a permanent resident alien of the United States.

8.3.3 Except as expressly otherwise approved in writing by SunTrust, each Loan has been originated and each Application has been processed, in the United States of America, its territories, its possessions or other areas subject to its jurisdiction, by FMER in the ordinary course of its business.

8.3.4 Each Loan has been originated and each Application has been processed in conformity in all material respects with the Guidelines and all Requirements of Law with respect to the origination thereof, including the Equal Credit Opportunity Act and any applicable usury laws. No Application for a Loan shall be, or has been, rejected, approved or discouraged by FMER on behalf of SunTrust on the basis of race, sex, color, religion, national origin, age (other than laws limiting the capacity to enter a binding contract) or marital status, the fact that all or a part of any Primary Applicant or Secondary Applicant, as applicable, income derives from any public assistance program, or the fact that any Primary Applicant or Secondary Applicant, as applicable, has, in good faith, exercised any right under the Consumer Credit Protection Act.

8.3.5 Each Loan has been documented on forms set forth in the Guidelines, which forms, except to the extent otherwise modified from time to time pursuant to Section 3.1.1, (a) require interest

accrual (whether or not such interest is being paid currently or is being capitalized) and yield interest at the applicable rate thereto, (b) provide or, when the payment schedule with respect thereto is determined, will provide for payments on a periodic basis that fully amortize the principal amount of the Loan by its maturity, as such maturity may be modified in accordance with any applicable deferment or forbearance periods granted in accordance with Requirements of Law and the Guidelines and/or Servicing Guidelines; and (c) contain consumer Loan terms in strict conformity with the Guidelines.

8.3.6 With respect to each Loan and each Application (subject to SunTrust’s obligations above), FMER has provided or caused to be provided, all notices, statements and disclosures required under the Guidelines, Requirements of Law, and rules and regulations with respect to the origination thereof, including but not limited to the Truth in Lending Disclosure Statements, and each such notice, statement and disclosure was true, correct and complete in all material respects when provided.

8.3.7 Neither FMER nor any of its Affiliates has received any notice or communication alleging noncompliance with the Guidelines, or any applicable Requirement of Law with regard to the origination of any Loan and the receipt and process of each Application.

8.3.8 FMER has not impaired, waived, altered or modified the terms of any Credit Agreement.

8.3.9 All data and records provided by or on behalf of FMER to SunTrust (and the Servicer) with respect to each Loan and each Application shall be true, correct and complete when provided in all material respects.

8.3.10 At the time of Application, according to the credit bureau report or self-reported Application information, no Borrower or Cosigner was a debtor in a bankruptcy proceeding.

8.3.11 All agreements with Subcontractors shall require the Subcontractors to perform in accordance with the relevant portions of this Agreement, the Guidelines, the Servicing Agreement, and Requirements of Law.

8.3.12 All of FMC’s and FMER’s representations, warranties and covenants hereunder are subject to the following:

(i) FMC’s and FMER’s representations, warranties and covenants hereunder shall not be breached by any occurrence or condition to the extent such occurrence or condition is caused by a breach of one or more of SunTrust’s representations, warranties or covenants regarding compliance with Requirements of Law or the failure of SunTrust to perform any of its other agreements hereunder related to FMER’s or FMC’s performance as expressly set forth in this Agreement.

(ii) Execution of Credit Agreements shall be deemed lawful and complete if: (A) an original document received by U.S. mail contains original signatures purporting to be the signatures of the Borrower and any Cosigner, (B) a copy received by fax or scan/upload through an Applicant’s account contains copies of signatures purporting to be signatures of the Borrower and any Cosigner, or (C) if execution is by electronic signature, the Borrower and Cosigner who is/are electronically signing has/have satisfied the authentication criteria set forth in the Guidelines.

(iii) In performing its obligations under this Agreement, FMC and FMER shall be entitled to rely on the accuracy and completeness of all information provided to it by SunTrust, any Primary Applicant, Secondary Applicant, Borrower, or Cosigner.

(iv) To the extent that FMER has followed the policies and procedures set forth in its Customer Identification Program, Red Flags Program and Address Mismatch Program, neither FMC nor FMER shall not be liable with respect to any Primary Applicant, Secondary Applicant, Borrower or Cosigner fraud, identity theft or defective execution with respect to any Primary Applicant or Secondary Applicant, as applicable, Borrower, or Cosigner (or purported Primary Applicant, Secondary Applicant, Borrower, or Cosigner).

8.4 Custom Scoring Model. FMC represents and warrants that the FMC Custom Score model, by itself and when combined with the Guidelines, complies with Requirements of Law, including that the model does not use (i) any of the following elements as inputs or model variables: gender, age, race, color, religion, national origin, childbearing or familial status, marital status, ethnic group, veteran status, disability, receipt of income from any public assistance program, or good faith exercise of any right under the federal Consumer Credit Protection Act, or any other factor prohibited by Requirements of Law, or (ii) geographic information in a way that would result in restricting credit from geographic areas on any basis prohibited by Requirements of Law.

8.5 Performance of FMER and FMC. Each of FMER and FMC acknowledge and agree with SunTrust that each of them shall be jointly and severally liable to SunTrust for any failure of either of them to perform as required by the terms of this Agreement.

8.6 Licensing. Each Party warrants that it will maintain during the effectiveness of this Agreement the legal authority to conduct all of the activities required to be conducted by it pursuant to the terms of this Agreement.

ARTICLE 9. COMPLIANCE WITH REQUIREMENTS OF LAW. Each Party shall comply with all applicable Requirements of Law in all material respects in performing its respective obligations under this Agreement. Notwithstanding the foregoing, the Parties acknowledge and agree that unless expressly set forth in the Agreement, neither FMER nor FMC makes any representation or warranties regarding conformity of any loan servicing processes or loan product terms or any forms, documents or disclosures with Requirements of Law. With respect to all aspects of the Program for which FMER and FMC make no express representations, including the Guidelines, SunTrust shall be responsible for compliance of such aspect of the Program with Requirements of Law.

ARTICLE 10. INSURANCE.

10.1 FMC shall (on behalf of itself and its Affiliates) at all times and at its sole cost and expense, keep in full force and effect until one (1) year after termination of this Agreement, the insurance coverage in amounts no less than what is specified on Exhibit F, attached hereto and incorporated herein (“Insurance Requirements”). All insurance policies or bonds required by this Agreement will be issued by insurance companies with an A.M. Best Rating of not less than “A1”, a Standard & Poor’s rating of not less than “A-”, or a Moody’s rating of not less than “A3”. Except as otherwise approved in writing by SunTrust, FMC must also ensure that its Subcontractors comply with the Insurance Requirements. FMC shall also maintain workers compensation insurance in compliance with all applicable Requirements of Law.

10.2 No insurance policy shall be cancelled, amended or modified by FMC in any manner that materially limits, restricts, or conditions the coverage provided, decreases the amount of coverage or increases the deductible, or in any other way reduces the coverage provided with the result that the Insurance Requirements are no longer met, without the prior written consent of SunTrust, which shall not be unreasonably withheld. Cancellation, amendment or modification of any insurance policy shall not relieve either FMC of its continuing obligation to maintain insurance coverage in accordance with the Insurance Requirements.

10.3 FMC agrees to waive, and will require its insurers to waive, all rights of subrogation against SunTrust, its directors, officers, and Personnel as it relates to the General Liability and Umbrella Liability policies required on Exhibit F. On or prior to the Effective Date, FMC will provide SunTrust with a certificate of insurance evidencing such required coverage; provided that SunTrust reserves the right to require FMC to deliver complete copies of FMC’s insurance policies from time to time thereafter. In addition, SunTrust will be notified of any material change or cancellation of such policies with at least thirty (30) days prior written notice. Notwithstanding any other provision in this Agreement, if FMC, at

any time, neglects or refuses to maintain or deliver evidence of the insurance required herein within a reasonable time after SunTrust’s request, or should such insurance be canceled or materially changed with the result that the Insurance Requirements are no longer met without SunTrust’s consent, SunTrust will have the right to immediately terminate this Agreement without penalty, subject to Section 18 hereof.

ARTICLE 11. INTELLECTUAL PROPERTY.

11.1 Except as otherwise agreed to in writing by the Parties, in connection with the provision of Services as specified in this Agreement, each Party shall retain all right, title and interest in and to its intellectual property, Proprietary Information, systems, software, programs, processes, technology, services, methodologies, models, products, trademarks, service marks and any other materials or rights, tangible or intangible (collectively, “Intellectual Property”) and nothing shall or shall be construed to restrict, impair, transfer, license, convey or otherwise alter or deprive either Party of any of its rights or proprietary interests in its Intellectual Property, including any modifications, enhancements or derivative works thereof.

11.2 No Party may use any other Party’s Intellectual Property for any purpose other than as specified in this Agreement. Upon expiration or termination of this Agreement, all licenses granted by any Party to the other shall immediately terminate without notice required, and each Party shall return the other Party’s Intellectual Property and all copies or derivative works made thereof, as specifically permitted hereunder. Each Party shall have no further rights or licenses to use the other Party’s Intellectual Property or any such copies or derivative works, except as specifically agreed between the Parties in writing.

11.3 Nothing contained in this Agreement shall be construed as granting to any Party any right or license under any of the other Parties’ present or future patent rights or copyrights, or as granting to any Party any right or license to use for any purpose other than those purposes expressly stated herein any of the other Parties’ information or any other information, materials or results received, discovered, or produced by any Party in connection with the Services performed for SunTrust.

ARTICLE 12. BOOKS AND RECORDS; AUDIT RIGHTS

12.1 Maintenance of Books and Records. Each Party will keep proper Books and Records reflecting all of its activities and transactions under this Agreement so that its financial statements can be maintained in accordance with generally acceptable accounting practices. Each Party shall maintain its Books and Records relating to activities under this Agreement throughout the term hereof and thereafter for such periods as are required under applicable Requirements of Law or such Party’s policy, whichever is longer.

12.2 Recordkeeping Requirements. FMER shall retain the original Credit Agreement for each Loan (or a copy thereof in the case of execution by fax or electronic signature as permitted in the Guidelines), along with a complete copy of the Truth in Lending Disclosure Statements (other than the ASD), income verification, verification/certification of the existing loan payoff amount(s), credit bureau report, missing information notices, correspondence from the Primary Applicants and Secondary Applicants, and all other documents and data related to the Loan, whether originally sent to SunTrust (and forwarded to FMER) or to FMER. FMER shall also retain records of the time and date each Primary Applicant and Secondary Applicant, as applicable, acknowledges the ASD and records of the content of the ASD that each Primary Applicant and Secondary Applicant, as applicable, viewed at such date and time. FMER will be responsible for the safe maintenance of such Loan documentation and all records of Identity Information for at least seven (7) years from either the time the Loan is fully repaid or the Loan is sold by SunTrust to a third party.

12.3	Audit Rights.

12.3.1 General Audits. SunTrust shall have the right to review, inspect and audit, at SunTrust’s expense, at such reasonable times as mutually agreed by the Parties, and upon at least ten (10) Business

Days’ advance notice (except in the event SunTrust articulates to FMC in writing a reasonable basis to believe that FMC or FMER may have materially breached its obligations under this Agreement, in which case no such notice is required), the books, records, documents, other writings, information, whether in hard copies, electronic form or otherwise, of FMC or any Affiliate thereto performing Services to the extent related to: (i) such Party’s activities hereunder or (ii) conformance with such Party’s obligations hereunder. Upon at least ten (10) Business Days’ advance written notice to FMC, and subject to FMC’s reasonable security requirements, FMC shall provide to SunTrust (and SunTrust’s internal and external auditors, inspectors, regulators and other representatives that SunTrust may designate from time to time) access at reasonable hours to FMC’s Personnel, to the facilities at or from which Services are then being provided, and to FMC’s records and other pertinent information, all to the extent relevant to FMC’s obligations under this Agreement. Such access shall be provided for the purpose of performing audits and inspections of FMC and its businesses and to examine FMC’s performance under this Agreement, including: (a) verifying the integrity of data related to or concerning systems in FMC’s possession and control; (b) examining the systems that process, store, support and transmit such data; (c) examining the controls (e.g., organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls) and the security, disaster recovery and back-up practices and procedures; (d) examining FMC’s measurement, monitoring and management tools; and (e) enabling SunTrust to meet applicable legal, regulatory and contractual requirements. FMC shall provide any assistance reasonably requested by SunTrust or its designee, and at SunTrust’s expense, in conducting any such audit. Such audit and any information obtained therefrom shall be subject to the confidentiality restrictions contained in this Agreement and SunTrust shall be responsible for enforcing such restrictions with respect to its internal and external auditors, inspectors, regulators (to the extent permitted by Requirements of Law) and other representatives. SunTrust shall also have the right to perform a monthly audit of Application and Loan files at a time and using procedures mutually acceptable to FMER and SunTrust.

12.3.2 Within five (5) Business Days of receipt of any audit notice, FMC shall notify SunTrust, in writing, of any objections to the scope of the review, inspection or audit or the supporting documentation requested, it being understood that any objections must be based upon a reasonable and documented belief that such review, inspection, audit or documentation is not reasonably related to the obligations of FMC or FMER under this Agreement or would require the disclosure of Proprietary Information (other than information that is proprietary solely as a result of this Agreement). The Parties shall cooperate in good faith to resolve objections with respect to any review, inspection or audit proposed by SunTrust and such review, inspection or audit shall not commence until such objections are resolved, unless sooner required for compliance with a court order, civil investigation demand or other Governmental Authority inquiry. In the event the Parties are not able to resolve such objections, the matter shall be resolved in accordance with the procedures set forth in Article 17.

12.3.3 Any review, inspection or audit to be performed by SunTrust pursuant to this Section 12.3 shall be conducted only during normal business hours, using reasonable care not to cause damage and not to interrupt the normal business operations of the Party to be inspected.

12.4 Regulatory Agency Requirements. FMC and FMER understand and acknowledge that SunTrust is subject to examination by a Governmental Authority with authority over SunTrust and its Affiliates. FMC and FMER agree to cooperate fully with any examination or inquiry by any such Governmental Authority at SunTrust’s expense. FMC and FMER further acknowledge that SunTrust, as a regulated financial institution, is required to engage in ongoing oversight of its relationship with FMC and FMER, including reviewing such Parties’ compliance with Privacy Requirements, insurance coverage, and performance under this Agreement. FMC and FMER agree to notify SunTrust promptly in writing in the event it experiences any material adverse change, including material financial difficulty, other catastrophic event, material change in strategic goals, or significant staffing changes relative to its obligations under this Agreement. With respect to audits and examinations related to the Program to be

performed on FMC and/or FMER by a Governmental Authority with authority over SunTrust and its Affiliates, SunTrust shall provide FMC with as much prior written notice as reasonably practicable; provided, however, that the notice requirement of Section 12.3.1 shall not apply to any such audit or examination.

12.5 Regulatory Audits. Within ten (10) Business Days of its receipt, FMC shall provide SunTrust with a copy of the final written results of any audit performed by a Governmental Authority, unless such results are confidential under Requirements of Law; it being understood that FMC shall not be required to disclose the results of any examinations conducted by, or correspondence with, the Office of the Comptroller of the Currency (“OCC”), Federal Reserve Board (“FRB”) or Consumer Financial Protection Bureau (“CFPB”) that are deemed confidential by the OCC, FRB, or CFPB, respectively. If any audit results in FMC being notified that it is not in compliance with any Requirements of Law, or relevant and generally accepted accounting principle or other material audit requirement related to the Services, FMC shall immediately notify SunTrust and confer with SunTrust to determine the merits of the alleged violation and the appropriate response. In the event the Parties conclude that the auditor’s or regulator’s notice of violation is accurate, in whole or in part, FMC shall promptly use commercially reasonable efforts to comply with such audit to the extent that the alleged violations are deemed accurate by the Parties at no cost to SunTrust.

ARTICLE 13. PRIVACY AND SECURITY POLICIES

13.1 Privacy and Security. FMC’s privacy and security policies, as of the Effective Date, are attached hereto and incorporated herein as Exhibit G. FMC reserves the right to modify its privacy and security policies in its reasonable discretion from time to time by notice, in writing, to SunTrust; provided, however, that any modifications that materially adversely affect SunTrust’s rights or interests must be approved in advance and in writing by SunTrust before FMC implements such modifications. Within ten (10) Business Days after receipt of a modification notice from FMC, SunTrust shall notify FMC as to whether it believes the proposed modifications will materially adversely affect SunTrust’s rights or interests. If SunTrust notifies FMC that the proposed modifications will materially adversely affect SunTrust’s rights or interests, SunTrust and FMC shall confer regarding how such proposed modifications may be altered so that they would not materially adversely affect SunTrust’s rights or interests. In the event SunTrust and FMC are unable to reach agreement on proposed modifications within sixty (60) days after the date of FMC’s original notice, the dispute shall be resolved using the procedures set forth in Article 17.

ARTICLE 14. CONFIDENTIALITY OF PROPRIETARY INFORMATION.

14.1 Proprietary Information Access or Exchange. In the performance of this Agreement, each Party may disclose to the other Party certain Proprietary Information.

14.2 Definitions. For the purposes of this Agreement, the following terms will have the definitions set forth below.

14.2.1 “Proprietary Information” means Trade Secrets, Confidential Business Information, and NPPI.

14.2.2 “Trade Secrets” means trade secrets as defined under Georgia law, as amended from time to time, and will include without limitation and without regard to form, technical or non-technical data, formulae, patterns, compilations, programs, software programs, devices, methods, techniques, drawings, processes, financial data, financial plans, product plans, non-public forecasts, studies, projections, analyses, all customer data of any kind, lists of actual or potential customers, business and contractual relationships, or any other information similar to the foregoing that: (a) derives economic value, actual or potential, from not being generally known and not being readily ascertainable by proper means to other persons who can obtain economic value from its disclosure or use; and (b) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. For the sake of clarity, “Trade Secrets” will include information provided to any Party by any third parties, which such Party is obligated to hold in confidence.

14.2.3 “Confidential Business Information” means (a) any valuable, secret business information, other than Trade Secrets, that is designated or identified as confidential at the time of the disclosure or is by its nature clearly recognizable as confidential information to a reasonably prudent person with knowledge of the Disclosing Party’s business and industry, and (b) for purposes of this Agreement, FMC Custom Model Property.

14.2.4 “NPPI” means non-public, personally identifiable information of SunTrust’s customers, SunTrust Personnel or other individuals, which has been provided to SunTrust by such persons or their representatives.

14.2.5 “Disclosing Party” means the Party disclosing any Proprietary Information hereunder, whether such disclosure is directly from or through the Disclosing Party’s Personnel.

14.2.6 “Receiving Party” means the Party receiving any Proprietary Information hereunder, whether such disclosure is received directly from or through the Receiving Party’s Personnel.

14.3 Exclusions. Notwithstanding the definition of Proprietary Information above, Proprietary Information does not include any information that: (a) was in the Receiving Party’s possession before being disclosed to it by the Disclosing Party without a duty of confidentiality on the Receiving Party; (b) is or becomes a matter of public knowledge through no fault of the Receiving Party; (c) is rightfully received by the Receiving Party from a third party without a duty of confidentiality; (d) is disclosed by the Disclosing Party to a third party without a duty of confidentiality on the third party; (e) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Proprietary Information; or (f) is disclosed by the Receiving Party with the Disclosing Party’s prior written approval without a duty of confidentiality on the Party making such disclosure or the third party to which disclosure is authorized. In addition, notwithstanding anything else contained in this Article 14 or this Agreement, nothing in this Article 14 will be construed to prohibit disclosure of any information to regulatory agencies, rating agencies, attorneys, accountants, servicers and/or consultants of a Party, and/or the employees and agents of any of the foregoing, who are obliged to respect the confidentiality thereof.

14.4 Ownership and Restrictions on Use. The Receiving Party acknowledges and agrees that except to the extent otherwise expressly provided herein, the Proprietary Information of the Disclosing Party will remain the sole and exclusive property of the Disclosing Party or a third party providing such information to the Disclosing Party, and the disclosure of such information to the Receiving Party does not confer upon it any license, interest, or right of any kind in or to the Proprietary Information, except as provided under this Agreement. At all times and notwithstanding any termination or expiration of this Agreement, the Receiving Party agrees that it will: (a) hold in strict confidence and not disclose to any third party the Proprietary Information of the Disclosing Party, except as approved in writing by the Disclosing Party; (b) only permit access to the Proprietary Information of the Disclosing Party to those of its Personnel who have a need to know and have signed confidentiality agreements or are otherwise bound by confidentiality obligations substantially similar to those contained in this Agreement; (c) be responsible to the Disclosing Party for any third party’s use and disclosure of the Proprietary Information provided to such third party by the Receiving Party; (d) only use Proprietary Information that it receives to carry out the purposes of the Agreement and for no other purpose whatsoever; and (e) use at least the same degree of care it would use to protect its own Proprietary Information of like importance, but in no event less than a reasonable degree of care, including maintaining information security standards for such Proprietary Information as are commercially reasonable and customary for the type of information. Specifically, with regard to NPPI, FMC and FMER will comply with the information security standards specific to such information set forth in this Agreement. No Party will communicate any information to the other Party in violation of the proprietary rights of any third party. Applicant data gathered by FMC for purposes of carrying out its obligations hereunder and reports generated by FMC derived from such data may be used by SunTrust in a manner consistent with applicable law and shall not be considered the Proprietary Information of FMC for purposes of this Agreement.

To the extent FMC or FMER delivers or is required to deliver to SunTrust any FMC Custom Model Property, FMC shall own all right, title and interest (including all trademarks, trade secrets, copyrights, patents and any other intellectual property rights) in such FMC Custom Model Property. In addition, FMC may use the data collected in activities conducted pursuant to this Agreement to prepare, develop, or modify FMC Custom Model Property, provided, however, that such FMC Custom Model Property does not include Consumer Information, which may be used to perform analysis but shall not be included in reports, studies or other FMC Custom Model Property except on an aggregated and de-identified basis. In consideration of its obligations under this Agreement, FMC shall own all right, title and interest in and to all FMC Custom Model Property. FMC Custom Model Property shall not constitute a “work made for hire” as that term is defined in the federal Copyright Act. FMC may use FMC Custom Model Property for any lawful purpose, including in support of other loan programs, during the term of the Agreement and following termination of the Agreement subject to the restrictions set forth in Section 2.9 of this Agreement.

14.5 Required Disclosures. If the Receiving Party is required by a Governmental Authority or law to disclose any of the Proprietary Information of the Disclosing Party, the Receiving Party must, if legally permissible: (a) first give written notice of such required disclosure to the Disclosing Party; (b) make a reasonable effort to obtain a protective order requiring that the Proprietary Information so disclosed be used only for the purposes for which disclosure is required; (c) take reasonable steps to allow the Disclosing Party to seek to protect the confidentiality of the Proprietary Information required to be disclosed; and (d) disclose only that part of the Proprietary Information which, in the opinion of its legal counsel, it is required to disclose. The foregoing requirements will not apply and are not intended to limit any Party’s ability to fully comply with requests for information from regulators or the Internal Revenue Service, as permitted by the last sentence of Section 14.3.

14.6 Notice of Unauthorized Disclosures. Each Party to this Agreement will immediately notify the other Parties in writing upon discovery of any loss or unauthorized disclosure of the Proprietary Information of the other Parties.

14.7 Limit on Reproductions. The Receiving Party will not reproduce the Disclosing Party’s Proprietary Information in any form except as reasonably necessary to fulfill such Party’s duties and obligations and otherwise comply with the agreements of such Party under this Agreement. Any reproduction of any Proprietary Information by the Receiving Party will remain the property of the Disclosing Party and will contain any and all confidential or proprietary notices or legends that appear on the original, unless otherwise authorized in writing by the Disclosing Party.

14.8 Document Destruction - Information Erasure. Except as otherwise set forth in this Agreement, upon the earlier of: termination of this Agreement, the written request of the Disclosing Party, or when no longer needed by any Party for fulfillment of its obligations under this Agreement, each Receiving Party will either upon written instruction from the other Party: (a) promptly return to the Disclosing Party all documents and other tangible (including electronic) materials containing the Disclosing Party’s Proprietary Information, including all copies thereof in its possession or control; or (b) erase or destroy all such materials by the following methods. If return, erasure, or destruction is not feasible, then the Receiving Party may maintain the Disclosing Party’s Proprietary Information in compliance with the requirements of the confidentiality and information security provisions of this Agreement; provided, however, that when the return, destruction, or erasure of any such materials becomes feasible for the Receiving Party, the Receiving Party must comply with the requirements of (a) or (b) above within sixty (60) calendar days. Notwithstanding the foregoing, SunTrust understands and agrees that FMC or FMER shall maintain encrypted, archived back-up tapes stored at a secure, offsite location that include transaction history received in connection with the Services and this Agreement and related documents and records for purposes of internal and external auditing of controls and recordkeeping requirements in a manner consistent with the requirements of this Agreement.


TYPE OF PROPRIETARY INFORMATION STORED OR USED		DESTRUCTION METHOD

Hard Copy		Shredding, pulverizing, burning, or other suitable destruction method so that any Proprietary Information is not readable at all and cannot be reassembled or reconstructed in any way so that it is practicably readable.

Electronic Tangible Media, such as CDs, Disks, Tapes		Destruction or erasure of such media so that any Proprietary Information is not readable at all and cannot be reassembled or reconstructed in any way so that it is practicably readable.

Hard Drive Storage or similar Computer or Device Storage		Erasure or elimination of Proprietary Information from such device so that any Proprietary Information is not readable at all and cannot be reassembled or reconstructed in any way so that it is practicably readable.

14.9 Equitable Relief. If any Party should breach or threaten to breach any provision of this Article 14 of the Agreement, the non-breaching Party, in addition to any other remedy it may have at law or in equity, will be entitled to seek a restraining order, injunction, or other similar remedy in order to specifically enforce the provisions of this Agreement. Each Party specifically acknowledges that money damages alone would be an inadequate remedy for the injuries and damages that would be suffered and incurred by the non-breaching Party as a result of a breach of any provision of this Agreement. In the event that any Party should seek an injunction hereunder, the other Parties hereby waive any requirement for the submission of proof of the economic value of any Proprietary Information or the posting of a bond or any other security.

14.10 Survival. Notwithstanding any termination of this Agreement, all of the Receiving Party’s nondisclosure and use obligations pursuant to this Article 14 will survive: (a) for three (3) years after termination with respect to any Confidential Business Information received prior to such termination, other than the FMC Custom Model Property, for which the Receiving Party’s nondisclosure and non-use obligations pursuant to this Article 14 will survive for the maximum period of time permitted by Applicable Law; (b) with respect to Trade Secrets, for so long as such information continues to constitute a trade secret under Requirements of Law; and (c) with respect to NPPI, for so long as required by applicable state and federal laws.

14.11 Prior Agreements. The provisions set forth in this Agreement supersede any previous agreement between the Parties relating to the protection of any Proprietary Information.

14.12 Information related to Tax Structure and Treatment. It is the Parties’ mutual intent that the tax structure and tax treatment of the transactions contemplated by this Agreement will not be confidential and, that notwithstanding anything herein to the contrary, each Party and its Personnel may disclose to any and all Persons of any kind, the tax structure and tax treatment of the transactions contemplated herein such that the transactions will be treated as not having been offered under conditions of confidentiality for purposes of Section 1.6011-4(b)(3) (or any successor provision) of the Treasury Regulations promulgated under Section 6011 of the Internal Revenue Code of 1986, as amended, and any comparable provision in the law of any other jurisdiction.

ARTICLE 15. INFORMATION SECURITY.

15.1 General Requirements. FMC will provide information, data back-up procedures, and information security so as to reasonably ensure that any Proprietary Information provided by or for SunTrust is not lost, stolen, modified, disclosed to or accessed by any other party (other than those permitted parties under Article 14 of this Agreement) without SunTrust’s prior written approval. Such security measures will equal or exceed standard industry practices for similar entities dealing with Proprietary Information. FMC warrants to SunTrust that FMC will reasonably monitor, evaluate and adjust its information security systems and procedures, its data security systems, and its processes in response to relevant changes in technology, changes in the sensitivity of any SunTrust Proprietary Information, as reasonably determined by SunTrust, and internal and external threats to information security. FMC will promptly notify SunTrust of: (a) any unauthorized possession, use, or knowledge or attempt thereof, of the data-processing files, transmission messages, or other SunTrust Proprietary Information by any person or entity that may become known; (b) the effect of such; and (c) the corrective action FMC has taken in response thereto.

15.2 FMC Encryption. FMC represents and warrants that, to the extent FMC will be placing, and retaining SunTrust Proprietary Information on the following types of devices, FMC will encrypt with whole disk encryption all laptop computers maintaining SunTrust Proprietary Information on such devices. Other portable devices (including, but not limited to, personal digital assistants and flash drives) must be encrypted and files on portable media (including, but not limited to, tapes and CDs) must be encrypted. All encryption must meet a minimum standard of Advanced Encryption Standard (AES) algorithm with a minimum key strength of 256-bit.

15.3 Information Security Audits. During the term of this Agreement, and for one (1) year following termination:

15.3.1 Audit Scope. Solely with respect to SunTrust Proprietary Information, to assess the effective protection of such information, SunTrust will have the right to request or conduct remote or on-site audits of FMC, at SunTrust’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) at any time during FMC’s regular business hours, upon no less than ten (10) Business Days prior written notice to FMC. The Parties shall mutually agree on the scope, scale and type of testing. The audits may be performed by an independent third party identified and contracted by FMC and subject to reasonable approval of SunTrust bound by non-disclosure provisions similar to those in this Agreement, and shall include reasonable testing of the Security Systems, including periodic vulnerability scans. The Parties will schedule the testing at a mutually agreeable time and will cooperate in structuring the tests so as to use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC or any third parties. FMC agrees to promptly grant reasonable access to logs, policies, records, other materials, and FMC Personnel reasonably required for SunTrust to perform the audit. SunTrust will reasonably determine the extent and methodology of the testing subject to the approval of FMC, such approval not to be unreasonably withheld. Further, FMC agrees to make available to SunTrust the results of any third party’s or its own testing, monitoring and auditing of such Security Systems; provided, however, that FMC will not be required to make available any such results which would breach confidentiality obligations between FMC and any third party and may instead provide a summary of results describing any identified vulnerability or risk and proposing remedial action. To the extent that any system data or information is obtained by SunTrust in the course of an assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust shall treat it in accordance with Article 14. In no event shall SunTrust retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etc.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.

15.3.2 Audit Finding / Remediation. Should such an audit, test or review reveal that the Security Systems or the contemplated Services do not effectively protect any SunTrust Proprietary Information, then FMC will prepare and present to SunTrust within thirty (30) days of receipt of the relevant audit, test, or review finding a remediation plan, including proposed modifications of the Security Systems, the cost, proposed allocation of such costs among the Parties, and deadlines to meet the information security requirements of SunTrust, its regulators, and the provisions of Requirements of Law. Should the Parties be unable to agree to a remediation plan within thirty (30) days of FMC’s preparation and presentation of such plan to SunTrust pursuant to the previous sentence, or shall FMC or FMER, as applicable, be unable to complete and install adequate modifications (as set forth in the plan of remediation) within the deadline set forth in any such plan of remediation, then any Party shall be entitled to immediately terminate this Agreement for cause as provided in Section 18.2.

15.3.3 Audit Costs. Prior to the initiation of any audit or review as permitted under this Agreement, the Parties will discuss and mutually agree upon a reasonable estimate of the total costs of the audit, which Party will bear these costs, and the payment schedule for such costs. SunTrust will reimburse FMC’s reasonable incremental direct expenses associated with the audit (e.g., reasonable copy charges or other reasonable standard expenses), but not any other expenses, such as a charge for access to FMC Personnel or other sources of information. It is the intent of the Parties that SunTrust bear the agreed upon cost of any such audit as described in this Article 15, unless a substantial and previously unknown security breach is identified as a result of such audit.

15.4 Procedures for Security Breaches. In the event FMC and/or FMER, as applicable, knows or reasonably believes that there has been any unauthorized access or attempted unauthorized access to Proprietary Information of SunTrust or Consumer Information in the possession or control of FMC or FMER, as applicable, that compromises the security, confidentiality or integrity of such Proprietary Information or Consumer Information, FMC or FMER, as applicable, shall take the following actions:

(a) immediately notify SunTrust of such unauthorized access or attempted unauthorized access;

(b) take reasonable steps to remedy the circumstances that permitted any such unauthorized access to occur;

(d) upon request, cooperate with SunTrust or its agents to investigate the scope and content of the unauthorized access; and

(e) take corrective action as required by SunTrust in its sole discretion as related to SunTrust Consumer Information.

ARTICLE 16. INDEMNIFICATION; EXCLUSIONS FROM LIABILITY

16.1 Mutual General Indemnity.

Subject to the conditions set forth in Section 16.4 and the limitations in Section 16.6, each Party will indemnify, defend, and hold the applicable Indemnified Parties harmless from and against any and all damages (including any and all third party claims against such Indemnified Party and damages resulting therefrom, whether ordinary, direct, indirect, incidental, special, consequential, or exemplary), judgments, liabilities, fines, penalties, losses, claims, actions, demands, lawsuits, costs, and expenses including reasonable attorneys’ fees (collectively, “Damages”) incurred by such Indemnified Parties that arise out of or relate to any:

(a) gross negligence, willful misconduct or fraud of the Indemnifying Party;

(b) breach of the Indemnifying Party’s confidentiality or information security obligations under this Agreement;

(d) failure by the Indemnifying Party to comply with Requirements of Law applicable to it or with the Guidelines,

provided, however, that in the case of any Damages resulting from a breach or failure described in Section 16.1(b), Section 16.1(c) or Section 16.1(d), no Indemnified Party shall be entitled to indemnification under this Article 16 to the extent that such breach or failure occurred as a result of or in connection with the willful misconduct or fraud of an Indemnified Party, any failure of any representation or warranty made by an Indemnified Party in or pursuant to this Agreement to be true and correct, the non-fulfillment or non-performance of any covenant or obligation of an Indemnified Party contained in this Agreement, or the failure by an Indemnified Party to comply with Requirements of Law applicable to it or with the Guidelines.

For purposes of this Article 16, the acts or omissions of a Party’s Personnel will be deemed the acts or omissions of such Party.

16.2 FMC Infringement Indemnity.

FMC, at its expense, will defend, indemnify, and hold each SunTrust Indemnified Party harmless from and against any and all Damages that arise out of or relate to third party claims against a SunTrust Indemnified Party associated with SunTrust’s use of any FMC Intellectual Property and the infringement by such FMC Intellectual Property of such third party’s patent, trade secret, copyright, or trademark or other intellectual property right. For purposes of this Section 16.2 and Section 16.3 only, “FMC Intellectual Property” will include the following: FMC’s custom and proprietary credit scoring model and the Online Application System.

16.3 Specific Conditions and Additional Remedies Associated with FMC’s Infringement Indemnity.

16.3.1 Additional Remedies. In the event a court of competent jurisdiction makes a determination that any FMC Intellectual Property infringes or otherwise violates any third party intellectual property right, or if FMC determines that any FMC Intellectual Property likely infringes or otherwise violates such third party’s intellectual property right, FMC, at its option and sole expense, in addition to the indemnification obligation set forth above, will:

16.3.1.1 modify the infringing portion of any FMC Intellectual Property so as to make it non-infringing and non-violating, while maintaining equivalent functionality that is reasonably satisfactory to SunTrust;

16.3.1.2 replace the infringing portion of any FMC Intellectual Property with a non-infringing and non-violating solution having equivalent functionality that is reasonably satisfactory to SunTrust; or

16.3.1.3 obtain the right for SunTrust to continue using the infringing or violating portion of FMC Intellectual Property.

16.3.2 Conditions. FMC’s intellectual property infringement indemnity obligations will not apply to the extent of any applicable third party claim resulting solely from:

16.3.2.1 modifications to any FMC Intellectual Property by any party other than FMC or its authorized Personnel that are made without FMC’s written approval and only to the extent such modifications caused the infringement or violation;

16.3.2.2 the combination of any FMC Intellectual Property with other products, processes, or materials prohibited by FMC in the applicable specifications if, but for such other products, processes, or materials, the infringement would not have occurred; or

16.3.2.3 SunTrust’s use of any FMC Intellectual Property other than in accordance with the terms and conditions of this Agreement or the applicable specifications relating to such FMC Intellectual Property.

16.4 General Conditions on Indemnity Obligations. Each potential Indemnifying Party’s obligations under this Agreement will be subject to the Indemnified Party: (a) promptly, after receipt of any written claim, notice of any action giving rise to a claim for indemnification or the discovery by such Indemnified Party of any Damages that may give rise to a claim for indemnification, providing the Indemnifying Party notice of the claim, action or Damages (provided that failure to so notify the potential Indemnifying Party will not relieve the potential Indemnifying Party of its indemnification obligations, except to the extent that the potential Indemnifying Party’s ability to defend against the claim or event with respect to which indemnification is sought is adversely affected by the failure of the potential Indemnified Party to give prompt notice as required by this Section); (b) providing reasonable cooperation and assistance in the defense or settlement of any claim; and (c) granting the Indemnifying Party control over the defense and settlement of the same (provided that any Indemnified Party shall be entitled to participate in the defense and settlement of the claim and to employ counsel at its own expense to assist in the handling of the claim; and provided further that the Indemnified Party does not invoke its retained right to defend as stated below).

The Indemnifying Party will not agree to any settlement which results in an admission of liability by the Indemnified Party without the Indemnified Party’s prior written consent.

16.5 Reservation of Right to Defend. If either SunTrust, on the one hand, or FMC or FMER, on the other hand, as an Indemnified Party, reasonably determines that the Indemnifying Party has failed to diligently assume and maintain a prompt and vigorous defense of any claim to which Indemnified Party is entitled to indemnification hereunder and with respect to which the conditions set forth in Section 16.4 have been satisfied, either SunTrust, on the one hand, or FMC or FMER, on the other hand, as an Indemnified Party, may, at its own expense, option and discretion, assume sole control of the defense of any claim and all related settlement negotiations with counsel of its own choosing and without waiving any other rights to indemnification. If SunTrust or FMC and/or FMER, as applicable, provides sufficient evidence to support its right to defend pursuant to this Section, the Indemnifying Party will pay all costs and expenses (including reasonable attorneys’ fees) incurred by such Indemnified Party in such defense. Notwithstanding anything to the contrary in the foregoing, SunTrust or FMC and/or FMER, as applicable, will not accept any settlement on behalf of the Indemnifying Party that results in an admission of liability by the Indemnifying Party without the Indemnifying Party’s express written consent.

16.6 Exclusions from Liability.

16.6.1 Except for each Party’s respective indemnification obligations in respect of third party claims against an Indemnified Party, in no event shall any Party be liable for indirect, incidental, special, consequential, or exemplary or punitive damages (or any comparable category or form of such damages, howsoever characterized in any jurisdiction), regardless of the form of action, whether in contract, tort, strict liability or otherwise, and even if foreseeable or if such Party has been advised of the possibility of such damages.

16.6.2 The limitation of liability provisions of Section 16.6.1 do not apply to liability that is the result of the Party seeking to limit its liability hereunder in connection with (i) a breach of its confidentiality, privacy or security obligations contained in this Agreement (including with respect to any Consumer Information or NPPI, or any Intellectual Property or other Proprietary Information of another Party to this Agreement), (ii) such Party’s violation of Requirements of Law or (iii) such Party’s fraud or willful misconduct.

16.6.3 SunTrust acknowledges and agrees that any liability of FMC and/or FMER hereunder to SunTrust or any of its Affiliates for Damages in any way related to a Loan that is purchased by FMC pursuant to Section 5 shall be reduced by the Purchase Price of any such Loan that is purchased by FMC or any of its Affiliates pursuant to Section 5.

16.7 Exclusive Remedies. EXCEPT IN CONNECTION WITH (I) THE OTHER PARTY’S FRAUD, WILLFUL MISCONDUCT OR GROSS NEGLIGENCE, (II) A PARTY’S EXERCISE OF EQUITABLE REMEDIES AVAILABLE TO IT, (III) THE RIGHTS OF SUNTRUST PURSUANT TO SECTION 5 OR (IV) A PARTY’S RIGHT TO SET OFF AMOUNTS PAYABLE TO THE OTHER PARTY AGAINST AMOUNTS OWED TO IT BY SUCH OTHER PARTY, IT IS UNDERSTOOD AND AGREED THAT THE INDEMNIFICATION OBLIGATIONS OF A PARTY SET FORTH IN THIS ARTICLE 16 CONSTITUTE THE SOLE AND EXCLUSIVE REMEDIES OF A PARTY AGAINST ANY OTHER PARTY HERETO IN RESPECT OF THIS AGREEMENT OR THE SUBJECT MATTER HEREOF.

ARTICLE 17. DISPUTE RESOLUTION

17.1 Except as otherwise expressly set forth in this Agreement, the Parties agree that any dispute arising in connection with the interpretation of this Agreement or the performance of either Party under this Agreement or otherwise relating to this Agreement will be treated in accordance with the procedures set forth in this Article 17, prior to the resort by either Party to arbitration or litigation in connection with such dispute. The dispute will be referred for resolution first to a Senior Vice President or such other officer as may be designated by SunTrust, and designated legal counsel for SunTrust, and the General Counsel or Chief Financial Officer for FMC. Such procedure will be invoked by either Party presenting to the other Party a Notice of Request for Resolution of Dispute (a “Notice”) identifying the issues in dispute sought to be addressed hereunder. A telephone or personal conference of those executives will be held within ten (10) Business Days after the delivery of the Notice. In the event that the telephone or personal conference between these executives does not take place or does not resolve the dispute, either Party may refer the dispute to binding arbitration pursuant to the arbitration provisions set forth below.

17.2 Except as otherwise expressly set forth in this Agreement and except for actions for equitable relief, all claims or disputes between the Parties arising out of or relating to this Agreement will be decided by arbitration pursuant to the Commercial Arbitration Rules of the American Arbitration Association in effect at the time of the claim or dispute and in accordance with Title 9 of the United States Code. Notice of the demand for arbitration must be provided in writing to the other Party and must be made within a reasonable time after the dispute has arisen. If the amount claimed to be in dispute is equal to or greater than Two Hundred Fifty Thousand Dollars ($250,000), then the arbitration will be decided by a panel of three (3) arbitrators selected under the Commercial Arbitration Rules of the American Arbitration Association. If the amount claimed to be in dispute is less than that amount, then the arbitration will be decided by one (1) arbitrator selected pursuant to the same rules. Said arbitration will occur within sixty (60) calendar days after the Party demanding arbitration delivers the written demand on the other Party, unless the Parties mutually agree otherwise in writing. The award rendered by the arbitrators will be final and specifically enforceable under Requirements of Law, and judgment may be entered upon it in any court having jurisdiction thereof. No arbitration arising out of or relating to this Agreement may include, by consolidation, joinder or in any other manner, any Person not a Party to this Agreement. Neither Party will appeal such award nor seek review, modification, or vacation of such award in any court or regulatory agency.

17.3 The arbitrators will award to the prevailing Party, if any, as determined by the arbitrators, all of its Costs and Fees. “Costs and Fees” mean all reasonable pre-award expenses of the arbitration, including the arbitrators’ fees, administrative fees, travel expenses, and out-of-pocket expenses, such as copying, telephone, court costs, witness fees and attorneys’ fees.

17.4 No provision of this Article 17 shall limit the right of any Party to this Agreement to seek to exercise any equitable remedies available to it (whether available in a court of law or a court of equity), exercise self-help remedies such as setoff, or obtain provisional or ancillary remedies from a court of competent jurisdiction before, after, or during the pendency of any arbitration or other proceeding. The exercise of a remedy does not waive the right of either party to resort to arbitration.

17.5 Permissible Legal Proceedings. Notwithstanding anything contained in this Article 17, (a) a Party may institute legal proceedings to seek a temporary restraining order or other temporary or preliminary injunctive relief to prevent immediate and irreparable harm to such Party, and for which monetary damages would be inadequate, pending final resolution of the dispute, controversy or claim pursuant to arbitration, and (b) a Party may institute legal proceedings if necessary to preserve a superior position with respect to other creditors. Such conduct shall not constitute a waiver of the right of either party to resort to arbitration to obtain relief other than that specified in this Section 17.5.

ARTICLE 18. TERM AND TERMINATION

18.1 Term of Agreement. Subject to this Section 18.1, this Agreement and the Services contemplated hereby shall commence on the Effective Date and shall continue through the earlier of two (2) years after the Effective Date or the date on which the Participation Cap is reached, unless earlier terminated pursuant to the provisions of this Section (the “Initial Term”) and this Agreement and the Services contemplated hereby may be extended for one or more additional one-year periods upon the written agreement of the Parties (any such additional term(s), together with the Initial Term, the “Term”). Notwithstanding the expiration of the Term or termination of Loan Processing Services, the Program Administration Services and Program Support Services set forth in Article 4 shall continue to be provided, and the associated fees and compensation to FMC and/or FMER therefor shall continue to accrue and become payable for such Services, for all periods through the month following the month during which the principal and interest of each Loan have been fully paid and remitted to SunTrust (the “Final Services Termination Period”). Notwithstanding the foregoing, if the Agreement is terminated prior to the Final Services Termination Period, Program Support Services shall no longer be performed by FMC and FMER and the Program Support Services Fee due in Section 6.4.1 shall no longer by paid by SunTrust to FMC. In addition, in connection with a breach that is not cured as permitted by Section 18.2.2, a Force Majeure Event pursuant to Section 18.2.3, or a failure of audit remediation of the scope and for the applicable period described in Section 15.3.2, the Program Support Services may be terminated prior to the end of the Final Services Termination Period to the extent that such uncured breach, Force Majeure Event, or audit remediation failure, as applicable, is directly related to the Services that a Party seeks to terminate, and the Party seeking to terminate under such provisions timely gives the other Parties the notice of termination specified in Section 18.2.2, 18.2.3 or 18.2.6, as applicable. In the event of termination of Program Support Services under the preceding sentence, the Program Support Services Fee shall no longer be payable to FMC.

If FMC or SunTrust undergoes a Change in Control, the other Party may elect to terminate Loan Processing Services upon sixty (60) Business Days prior written notice; provided, however, that prior to delivering such notice, the Party considering such termination shall meet with representatives of the successor entity and engage in good faith negotiations for the continuation of this Agreement upon mutually acceptable terms and conditions.

18.2 Termination for Cause. From and after the Effective Date, FMC and SunTrust may each terminate the Agreement, subject to Section 18.1 and Section 18.3, immediately (after giving effect to notice and cure periods set forth in Sections 18.2.1 to 18.2.6, as applicable) by delivery of a written notice of termination to the affected Party or Parties, if:

18.2.1 Insolvency or Reorganization. The other Party shall file a petition to take advantage of any applicable insolvency or reorganization statute; or shall file a petition or answer seeking or shall consent to the appointment of a conservator or receiver or liquidator in any insolvency, readjustment of debt, marshaling of assets and liabilities or similar proceedings of or relating to such Party or Parties or relating to all or substantially all of its or their property; or a decree or order of a court or agency or supervisory authority having jurisdiction in the premises for the appointment of a conservator or receiver or liquidator in any insolvency, readjustment of debt, marshaling of assets and liabilities or similar proceedings, or the winding-up or liquidation of its affairs, shall have been entered against such Party or Parties, which decree or order entered against such Party or Parties shall have remained in force undischarged or unstayed for a period of fifteen (15) days; or such Party or Parties shall be insolvent, admit in writing its inability to pay its or their debts generally as they become due, make an assignment for the benefit of its creditors or voluntarily suspend payment of its obligations; or

18.2.2 Breach. The other Party fails to perform any of its obligations (including the failure to pay fees for Services when due and not the subject of a good faith dispute) in any material respect, or shall breach any of its or their representations, warranties or covenants in this Agreement, in any material respect and such failure or breach continues unremedied after the expiration of thirty (30) days following written notice to such Party or Parties specifying the nature of such failure or breach and stating the intention of the terminating Party to terminate this Agreement absent a cure of such failure or breach in all material respects within such thirty (30) day period; or

18.2.3 Force Majeure Event. In the event that a Force Majeure Event occurs, if any Party is prevented from performing or its performance is rendered impracticable for a period of at least five (5) days after notice of such event and inability to perform was provided to the other Party or Parties, provided, however, that if the Party previously unable to perform regains its ability to perform hereunder within five (5) days after notice of the event and inability to perform, the notice of termination must be delivered to the other Parties no later than thirty (30) days after the Party regains such ability to perform and notifies the other Parties thereof; or

18.2.4 Failure to Agree on Program Changes. If SunTrust and FMC cannot agree on Program changes (other than changes to the Pricing Schedule) following full compliance with the procedures set forth in Section 4.1.1, then any Party may terminate this Agreement on fifteen (15) days’ written notice to the other Parties, provided, however, that such notice of termination is delivered to the other Parties no later than thirty (30) days after the expiration of the thirty (30) day period described in Section 4.1.1 during which changes could not be agreed; or

18.2.5 Governmental Authority. To the extent required by Requirements of Law, a Governmental Authority with oversight of SunTrust requires, in writing, termination of this Agreement because, among other things, SunTrust is considered a “troubled” institution, which termination shall be without penalty to SunTrust; provided, however, that such termination shall be effective only to the extent of the Services required by such Governmental Authority to be terminated; or

18.2.6 Audit Remediation Failure. As set forth in Section 15.3.2, if the Parties are unable to agree to a remediation plan within thirty (30) days of FMC’s preparation and presentation of such plan to SunTrust pursuant to the first sentence of Section 15.3.2, or if FMC or FMER, as applicable, shall be unable to complete and install adequate modifications (as set forth in the plan of remediation) within the deadline set forth in any such plan of remediation; provided, however, that if (i) subsequent to such thirty (30) day period a remediation plan shall be agreed, or if subsequent to such other deadline set forth in any such plan of remediation, FMC or FMER, as applicable, is able to complete and install adequate modifications in accordance therewith, as applicable, and (ii) the Agreement has not been effectively terminated prior to such agreement or completion of modifications, then no Party may deliver a notice of termination under this Section 18.2.6 thereafter in connection with such subsequently remedied failure described in this subsection or Section 15.3.2.

18.3 Rights and Obligations Upon Notice of Termination.

18.3.1 Requirements Upon Termination. As of the effective date of termination of this Agreement, FMER shall (i) cease accepting new Applications for Loans and (ii) unless otherwise agreed by the Parties in writing, process all Applications received prior to the effective date of termination through disbursement or denial. In addition, upon the termination of this Agreement for any reason:

(a) FMC shall make a final Participation Account Deposit in the Participation Account pursuant to Section 7.1.3 and shall thereafter not be required to make further Participation Account Deposits;

(b) payments pursuant to Section 6.5.1, Section 7.1.4, and Section 7.1.6, shall continue notwithstanding such termination except to the extent that, notwithstanding Section 7.1.11, SunTrust’s rights to payments from the Participation Account are reduced by the bankruptcy court in any voluntary or involuntary filing by FMC or FMER as described in Section 18.2.1, and an order of the bankruptcy court permits SunTrust to cease making such payments; and

(c) releases from the Participation Account pursuant to Section 7.1.7 shall continue notwithstanding such termination except to the extent that, notwithstanding Section 7.1.11, SunTrust’s rights to payments from the Participation Account are reduced by the bankruptcy court in any voluntary or involuntary filing by FMC or FMER as described in Section 18.2.1, and an order of the bankruptcy court permits SunTrust to cease making such releases.

18.3.2 Transition Services. Upon notice of termination of this Agreement or any Services provided hereunder, the Parties shall meet to develop a plan to wind down the affected Services and transition for the terminated Services, to extend for a period not to exceed one hundred twenty (120) days past the effective date of termination (the “Transition Period”), unless mutually agreed by the Parties in writing to be longer than one hundred twenty (120) days. The fees paid for Services provided during the Transition Period shall be in accordance with the fees in effect at the expiration or termination of this Agreement. Except as otherwise set forth in this Agreement, upon the conclusion of the Transition Period for any specific Services, each Party shall cease the affected Services and return to the other Party or Parties, as applicable, or destroy all Proprietary Information and/or Consumer Information in accordance with Section 14.8 of this Agreement, except as necessary pursuant to any Requirements of Law.

18.4 Requirements Upon Termination. In addition to the requirements contained in Section 18.3.2 of the Agreement, (i) Loan Applications will no longer be accepted by FMER as of the termination date and (ii) any legal commitments already made to Primary Applicants, Secondary Applicants, Borrowers, or Cosigners shall be fulfilled and all Applications received for a credit inquiry prior to termination shall be processed through denial or Disbursement.

Each of the Parties understands and agrees that, subject to the requirements of Sections 2.2, 2.4, 2.8, 2.9, and Article 14 of this Agreement, any of the Parties may design, facilitate, offer, provide or procure services for and/or fund a loan program substantially similar to the Program at any time, either prior to or after the expiration or termination of this Agreement.

18.5 Rights Upon Termination. With respect to the termination of Portfolio Management Services, FMER shall provide to SunTrust a final reconciliation of all amounts collected by Subcontractors, collect all original files from Subcontractors, and transmit all such files to SunTrust.

ARTICLE 19. MISCELLANEOUS

19.1 Notice Procedure; Addresses. All notices, demands and other communications hereunder shall be in writing and shall be deemed to have been duly given and received at the time delivered by hand, if personally delivered; when receipt is acknowledged, if mailed by certified mail, postage prepaid, return receipt requested; the next Business Day after timely delivery to the courier, if sent by overnight air courier guaranteeing next-day delivery; and when received, if delivered by hand, as follows:

If to SunTrust:

SunTrust Bank

Attn: W. Mark Smith

Executive Vice President

1001 Semmes Avenue

Mail Code CS-RVW-7900

Richmond, VA 23224

If to FMC:

The First Marblehead Corporation

Attn: Chief Executive Officer

800 Boylston Street, 34th Floor

Boston, MA 02199-8157

If to FMER:

First Marblehead Education Resources, Inc.

Attn: President

One Cabot Road

Medford, MA 02155

With a copy to:

SunTrust Bank

Legal Department

303 Peachtree Street, N.E., 36^th Floor

Atlanta, GA 30308

For either FMC, FMER, as applicable, with a copy to:

The First Marblehead Corporation

Legal Department

800 Boylston Street, 34^th Floor

Boston, MA 02199-8157

The Persons or addresses to which mailings or deliveries shall be made may be changed from time to time by notice given pursuant to the provisions of this Section.

19.2 Press Releases; Regulatory Reports. No Party shall issue any press release or other announcement regarding the subject matter of this Agreement without the written consent of the other affected Parties with respect to mutually acceptable language (which consent shall not be unreasonably withheld), unless a Party refuses to consent and the Party desiring to issue the release or other announcement is advised by its legal counsel that the press release or other announcement is required in order to comply with applicable Requirements of Law. Notwithstanding the foregoing, SunTrust acknowledges that FMC expects to be required pursuant to Requirements of Law to file this Agreement and a report regarding this Agreement with the Securities and Exchange Commission which FMC shall provide to SunTrust at least three (3) Business Days prior to FMC releasing such report to provide SunTrust a reasonable opportunity to review, comment, and consent, which consent shall not be unreasonably withheld.

19.3 Relationship of the Parties. The Parties agree that in carrying out their responsibilities pursuant to this Agreement they are in the position of independent contractors. This Agreement is not intended to create, nor does it create and shall not be construed to create, a relationship of partners or joint venturers, fiduciaries or any association for profit between and among the Parties or any of their respective Affiliates.

19.4 Expenses. Except as is otherwise specifically provided in this Agreement, each Party shall pay its own costs and expenses in connection with this Agreement and the transactions contemplated hereby, including all regulatory fees, attorneys’ fees, accounting fees and other expenses.

19.5 Successors and Assigns. All terms and provisions of this Agreement shall be binding upon and shall inure to the benefit of the Parties, and each of their respective permitted transferees, successors and

assigns. Neither Party may assign or transfer any right or obligation under this Agreement without the prior written consent of the other Party; provided, however, that (i) no prior written consent of the other Party is required in the event that FMC or FMER assigns or delegates any Services set forth in this Agreement to the other or to any other Affiliate of FMC, and such assignee or delegatee would be able to make the representations and warranties of FMC or FMER, as applicable, herein, and comply with each of the covenants and other agreements of FMC or FMER, as applicable, herein. Notwithstanding the foregoing, neither SunTrust, on the one hand, nor FMC and/or FMER, on the other hand, shall be permitted to assign or otherwise transfer the rights and obligations of this Agreement (including any transfer by operation of law) to any Person completing a Change in Control of the assigning Party, without the written consent of the other Party and the assumption by the Person completing such Change in Control of all of the assigning or transferring Party’s obligations under this Agreement.

19.6 Multiple Counterparts. This Agreement may be executed in multiple counterparts, each of which shall be deemed an original for all purposes and all of which shall be deemed, collectively, one agreement.

19.7 Drafting; Captions. Each Party acknowledges that its legal counsel participated in the drafting of this Agreement. The Parties hereby agree that the rule of construction that ambiguities are to be resolved against the drafting Party shall not be employed in the interpretation of this Agreement to favor one Party over any other. Further, the captions, headings and arrangements used in this Agreement are for convenience only and do not in any way affect, limit or amplify the terms and provisions hereof.

19.8 Entire Agreement; Amendments. The making, execution and delivery of this Agreement by the Parties have been induced by no representations, warranties, statements or agreements other than those herein expressed. This Agreement, including the Schedules and Exhibits attached hereto, embodies the entire understanding of the Parties, and there are no further or other agreements or understandings, written or oral, in effect among the Parties relating to the subject matter hereof. This Agreement may be amended or modified only by a written instrument signed by each of the Parties.

19.9 Waiver. None of the Parties shall be deemed to have waived any of its rights, powers or remedies under this Agreement unless such waiver is approved in writing by an authorized representative of the waiving Party. No delay or failure by any Party to exercise any right, power or remedy hereunder shall constitute a waiver thereof by such Party, and no single or partial exercise by any Party of any right, power or remedy shall preclude other or further exercise thereof or any exercise of any other rights, powers or remedies.

19.10 Severability. Whenever possible, each provision of this Agreement will be interpreted in such manner as to be effective and valid under Requirements of Law, but if any provision of this Agreement is held to be prohibited by or invalid under Requirements of Law, such provision will be ineffective only to the extent of such prohibition or invalidity, without invalidating the remainder of such provision or the remaining provisions of this Agreement.

19.11 Disaster Recovery and Force Majeure. Each of the Parties will timely implement, if it has not already, and maintain a reasonable disaster recovery plan. Upon request by SunTrust, FMC shall promptly provide to SunTrust a description of and summary test results for FMC’s disaster recovery plan, including such information as may reasonably be requested by SunTrust to comply with Requirements of Law. Upon the occurrence of any disaster requiring use of FMC’s disaster recovery plan, FMC shall promptly notify SunTrust of same, and FMC shall provide to SunTrust access to services equal to services provided to other clients. Subject to the foregoing, no Party hereto shall be responsible for, or in breach of, this Agreement if it is unable to perform or its performance is rendered impracticable as a result of delays or failures due to any cause beyond its control, howsoever arising, and not due to its own act or negligence and that cannot be overcome by the exercise of due diligence. Such causes shall include, but not be limited to, labor disturbances, riots, fires, earthquakes, floods, storms, lightning, epidemics, terrorist attacks, wars, civil disorder, hostilities, expropriation or confiscation of property, failure or delay

by carriers, interference by civil and military authorities whether by legal proceeding or in fact and whether purporting to act under some constitution, decree, law or otherwise, or acts of God (each such event, a “Force Majeure Event”). Upon the occurrence of a Force Majeure Event, the Party declaring such event shall provide written notice thereof to the other Party as soon as practicable. Notwithstanding any other provision in this Agreement, either SunTrust or FMC may immediately terminate this Agreement if the other Party cannot perform the Services (in the case of FMC) or otherwise perform their obligations hereunder for more than five (5) days, subject to the provisions of Section 18.1 and Section 18.3, and provided, however, that if the Party previously unable to perform regains its ability to perform hereunder, the notice of termination must be delivered to the other Parties no later than thirty (30) days after the Party regains such ability to perform and notifies the other Parties thereof.

19.12 GOVERNING LAW. THIS AGREEMENT SHALL BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE INTERNAL LAWS OF THE STATE OF GEORGIA, WITHOUT GIVING EFFECT TO ANY CHOICE OR CONFLICT OF LAW PROVISION OR RULE THAT WOULD CAUSE THE APPLICATION OF LAWS OF ANY JURISDICTION OTHER THAN THOSE OF THE STATE OF GEORGIA. EACH PARTY WAIVES ITS RIGHT TO A JURY TRIAL WITH RESPECT TO ANY ACTION OR CLAIM ARISING OUT OF ANY DISPUTE IN CONNECTION WITH THIS AGREEMENT, ANY RIGHTS OR OBLIGATIONS HEREUNDER OR THE PERFORMANCE OF ANY SUCH RIGHTS OR OBLIGATIONS.

19.13 No Third Parties Benefitted. This Agreement is made and entered into for the protection and legal benefit of the Parties, and their permitted successors and assigns, and each and every Indemnified Party (all of which shall be entitled to enforce the indemnity contained herein), and no other Person shall be a direct or indirect legal beneficiary of, or have any direct or indirect cause of action or claim in connection with, this Agreement.

19.14 Permitted Filing. Each Party may file this Agreement (with redactions as permitted by Requirements of Law) with the appropriate state or federal regulators, including the Securities and Exchange Commission, as required by such regulators.

19.15 Survival. Any and all provisions, promises, and warranties contained herein, which by their nature or effect are required or intended to be observed, kept or performed after expiration or termination of this Agreement (including representations and warranties, confidentiality, information security, audit rights, indemnification, limitation of liability, dispute resolution and miscellaneous provisions), will survive the expiration or termination of this Agreement and remain binding upon and for the benefit of the Parties hereto.

[Signatures appear on next page]

IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be executed by their respective officers, being first duly authorized, as of the day and year first above written.


SUNTRUST BANK

By:		/s/ Sumeet Sanghani


Name:		Sumeet Sanghani


Title:		Director of Strategic Sourcing

THE FIRST MARBLEHEAD CORPORATION

By:		/s/ Daniel Maxwell Meyers


Name:		Daniel Maxwell Meyers


Title:		President and CEO



FIRST MARBLEHEAD EDUCATION RESOURCES, INC.

By:		/s/ Seth Gelber


Name:		Seth Gelber


Title:		President

EXHIBIT A

Datamart Report

In addition to the data set forth in the Guidelines and Servicing Agreement, the report shall consist of Application and Loan level data and provide at least the following information with respect to each Loan Application:

•

Identifying information and demographic information

•

Applicable borrower benefits for which the borrower may become eligible

•

Missing information reasons, if any

•

Decline reasons, if applicable

•

Current application status

•

Acquisition channel

•

Credit score (including FMC custom credit score)

•

Such other data as requested by SunTrust and as agreed by FMC

EXHIBIT B

FMC Compensation Schedule

[**]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

[**

]

EXHIBIT C


Schedule 1		Key Metrics Report

Schedule 2		Approved Collectors

Schedule 3		Approved Initial Vendors

Schedule 1 to Exhibit C

Key Metrics Report

The report shall consist of aggregate program data and metrics and provide information in at least the following categories:

•

Application metrics

•

Configuration and submission rate

•

Application status

•

Cosign rate

•

Booking rate

•

Cancellation rate

•

Initial credit decisions

•

Conditional approvals

•

Declines and top decline reasons

•

Applications Pending Review

•

Tier and Repayment Term Distribution

•

Such other data as requested by SunTrust and as agreed by FMC

Schedule 2 to Exhibit C

Approved Collectors

Diversified Collection Services, Inc.

Simm Associates, Inc.

American Education Services

Estate Information Services, Inc.

Weltman, Weinberg & Reis

Schedule 3 to Exhibit C

Approved Initial Vendors

Google

Cambridge, MA

Services: Online advertising tracking, optimization and analysis.

National Student Clearinghouse

Herndon, VA

Services: student enrollment verification

Trans Union LLC

Chicago, IL

Services: Consumer reports, Total ID, fraud readiness

7Labs

Buffalo, NY

Graphic Designer and Programming: Brand, website, advertising and collateral design.

Euro RSCG Edge

Boston, MA

Creative development and media buying agency.

ByteJam

Richmond, VA

Digital production and testing, server ownership.

Collegiate Productions

Buffalo, NY

Print production house.

EXHIBIT D

Guidelines

Confidential Materials omitted and filed separately with the Securities and Exchange Commission. A total of 178 pages were omitted pursuant to a request for confidential treatment.

[**]

EXHIBIT E

SunTrust Service Marks

LOGO

SunTrust

EXHIBIT F

LOGO

INSURANCE REQUIREMENTS

WORKERS’ COMPENSATION:


(A) Workers’ Compensation: Statutorily Required (B) Employer’s Liability:

	(1) Bodily Injury by Accident, for Each Accident:	$	[	**]
	(2) Bodily Injury for Each Employee by Disease:	$	[	**]
	(3) Policy Limit for Bodily Injury by Disease:	$	[	**]

COMMERCIAL GENERAL LIABILITY:

Written on a per occurrence basis to include coverage for: Broad Form Property Damage; Bodily Injury; Personal Injury; Blanket Contractual Liability; Products/Completed Operations.


(A) Combined Single Limit Per Occurrence:	$	[	**]
(B) General Aggregate:	$	[	**]
(C) Fire Legal Liability Per Occurrence:	$	[	**]
(D) Medical Expense Per Person per Occurrence:	$	[	**]

SunTrust Banks, Inc., its subsidiaries, affiliate companies, its officers, directors and employees will be listed as additional insureds. FMC’s insurance will be primary and non-contributory.

AUTOMOTIVE LIABILITY:

Such policy will include coverage for all vehicles owned, hired, non-hired, non-owned and borrowed by FMC in the performance of the Services covered by this Agreement.


Combined Single Limit:		$	[	**]

UMBRELLA LIABILITY:


Combined Single Limit:		$	[	**]

SunTrust Banks, Inc., its subsidiaries, affiliate companies, its officers, directors and employees will be listed as additional insureds.

ERRORS & OMISSIONS LIABILITY (PROFESSIONAL LIABILITY):

Such policy will include coverage for actual or alleged breach of duty, act, error, and omission, misstatement, misleading statement or neglect in the rendering of or failure to render the Services under this Agreement.


Combined Single Limit:		$	[	**]

FIDELITY BOND (CRIME INSURANCE):


Including blanket employee dishonesty:		$	[	**]

CYBER / PRIVACY LIABILITY:

Such policy will include coverage for first and third party legal liability as a result of a physical privacy breach or breach of privacy regulations, as well as damages and claims for expenses arising out of computer attacks caused by security failures. $[**]

EXHIBIT G

FMC Privacy and Security Policies

First Marblehead Corporation

Information Security Policy

The reputation, business stability, and future growth of The First Marblehead Corporation and its affiliates, hereafter referred to as “First Marblehead” or “the Company”, are critically dependent on the way the Company manages and protects information and information systems that store and process client, customer, and business partner data. The Company has implemented this Policy to ensure that appropriate safeguards and controls to protect such data are established and maintained.

The Information Security Policy, hereafter referred to as “ISP” or “the Policy”, is a set of Information Security Standards designed to provide direction and to define an overarching data protection framework of fundamental objectives, values, and principles, which provides a basis for all other information protection directives.

Scope

This Policy applies to all First Marblehead employees and temporary employees as well as all contractors, consultants, and vendors who have access to Company systems, applications, and assets (collectively, “Workforce Members”). Compliance with this Policy and all other First Marblehead information protection directives is mandatory for all Workforce Members regardless of physical location.

Exception Handling

Requests for an exception to this Policy must include a documented business justification that is approved by business unit management and submitted to the Chief Risk Officer or designee for review. The Chief Risk Officer or designee will inform the approving department head of a decision within two business days of receiving the request.

Approvals


Policy Owners:		Bill Baumer, Managing Director and Chief Risk Officer David Pelkey, Managing Director of Operations and Information Technology

Effective Date:		June 30, 2012

Table of Contents



Acronyms & Definitions			3

Acceptable Use of Electronic Resources and the Internet Standard			5

Electronic Mail (E-Mail) Services Standard			6

Social Media Standard			7

Physical Security Standard			10

Proprietary Information Standard			12

Personally Identifiable Information Protection Standard			13

Servers, Laptops, Desktops Standard			15

Encryption Standard			17

Data Destruction Standard			18

Authentication and Verification Standard			21

Remote Access Standard			23

Access Rights Standard			25

Monitoring and Notification Standard			26

Online Student Loan Application Access Standard			28

Roles and Responsibilities Standard			29

Acronyms & Definitions

Access Administrator - an authorized Workforce Member responsible for creating and managing system access accounts.

Application Owner - the application’s largest stakeholder, usually the owner of the primary business functions served by the application.

Auto- forward rule - setting up parameters in Microsoft Outlook to facilitate automated forwarding or redirection of any message, which matches specific characteristics, to another e-mail account.

Chain email or letter - email sent to successive people. Typically the body of the note has direction to send out multiple copies of the note and promises good luck or money if the direction is followed.

Data owner - person who can authorize or deny access to certain data and is responsible for its accuracy, integrity, and timeliness.

Email - the electronic transmission of information through a mail protocol such as SMTP or IMAP.

Encryption - process of making data unreadable except to those who have a way to decrypt it using a special process, usually referred to as a key.

GRC - Governance, Risk & Compliance

Intellectual Property - includes, but is not limited to, inventions, improvements, discoveries, methods, developments, software, and works of authorship, whether patentable, trademarkable, copyrightable or not, which are created, made, conceived or reduced to practice by an employee during employment with First Marblehead, whether or not during normal working hours or on the premises of First Marblehead. For the purposes of this Standard, “Intellectual Property” does not include anything which does not relate to the business or research and development conducted or planned to be conducted by First Marblehead at the time it is created, made, conceived or reduced to practice and which is created, made, conceived or reduced to practice by the employee not during normal working hours, not on First Marblehead’s premises and not using First Marblehead’s tools, devices, equipment or Proprietary Information.

Malware - software of malicious intent/impact such as viruses, worms, and spyware.

Personally Identifiable Information (PII) - information that can be used to uniquely identify, contact, or locate, a person or can be used with other sources to uniquely identify a single individual.

Proprietary Information - includes, but is not limited to, Intellectual Property, client lists, client account and financial information, First Marblehead financial information, marketing and sales information, systems, software, databases, processes, research data and PII owned or maintained by First Marblehead.

Sensitive Information includes:

•

Confidential information - data for which unauthorized disclosure, access, modification, or destruction, whether the result of inadvertent or deliberate actions, could have a significant financial impact to a large number of First Marblehead employees, business partners, or the corporation as a whole. Confidential assets are distinguishable from internal assets in both the size (e.g., total cost) and scope (e.g., number of business units affected) of the potential impact.

•

Restricted information - assets for which unauthorized disclosure, access, modification, or destruction, whether the result of inadvertent or deliberate actions, could have legal, statutory, or regulatory repercussions.

Personal Identifiable Information (see PII standard for further definition)

All credit cardholder data

Corporate earnings information prior to public release, stock or transaction information covered by Securities and Exchange Commission regulations

Social Media - includes social networking websites including, but not limited to, Facebook, Twitter, MySpace, Linked-in, all blogs, or similar forms of online journals or personal newsletters, and Internet chat rooms.

Spam - unauthorized and/or unsolicited electronic mass mailings.

Supporting Infrastructure - a set of hardware and software designated for process and data management.

Unauthorized Disclosure - the intentional or unintentional revealing of Sensitive Information to people, both inside and outside the Company, who do not have a need to know that information.

Workforce Member - all First Marblehead employees and temporary employees as well as all contractors, consultants, and vendors who have access to Company systems, applications, and assets.

Acceptable Use of Electronic Resources and the Internet Standard

Scope and Objective

The purpose of this standard is to outline the acceptable use of electronic resources and the Internet in order to protect First Marblehead Workforce Members and the Company against virus attacks, compromise of information systems and services, and legal issues.

Requirements

1.	Workforce Members should have no expectation of privacy when using First Marblehead information systems.

All user system activity is subject to logging, monitoring, and subsequent analysis.

At any time and without prior notice, First Marblehead management reserves the right to examine electronic messages and files as well as the Internet, phone or other activity logged on Company systems.

2.	First Marblehead reserves the right to block access to any websites that management considers to be objectionable or non-business related in nature.

3.	Downloading of large files and use of video and audio streaming are resource intensive, and should be limited to business related purposes.

4.	Workforce Members shall not engage in illegal, malicious, or inappropriate activities utilizing Company resources.

5.	Workforce Members shall be responsible for all activity performed under assigned system accounts and shall take all reasonable steps to protect them.

6.	Passwords shall not be shared or left in a place where unauthorized persons might discover them.

Workforce Members shall not scan, test, or probe for vulnerabilities, attempt to exploit known vulnerabilities, or circumvent security controls applied on First Marblehead computer systems or networks, unless authorized by the Chief Risk Officer and the Managing Director of Operations and Information Technology.

Electronic Mail (E-mail) Services Standard

Scope and Objective

The purpose of this standard is to outline the appropriate use of e-mail.

Requirements

1.	Electronic mail (e-mail) services are available to First Marblehead Workforce Members to facilitate business communication consistent with First Marblehead’s business goals, Code of Conduct and Employee Handbook guidelines.

2.	First Marblehead e-mail services shall be provided only during active employment or contract with First Marblehead and shall be removed upon termination of the employment or the contract with the Company.

3.	E-mail encryption shall be used when sending messages containing Sensitive Information to external parties.

4.	All in-bound e-mail shall be checked for viruses.

5.	Group e-mail accounts and distribution lists available in the Global Address List (GAL) shall be created per formal approval from a Director or above.

An owner shall be assigned to every group mailbox or distribution list. The owner shall be responsible for:

Performing periodic access reviews

ii.

Managing and archiving messages as needed.

iii.

Notifying email service administrators when the account or the distribution list is no longer needed.

6.	Examples of prohibited uses of e-mail services, include, but are not limited to:

•

Sending any Company owned data to personal e-mail addresses or any other unauthorized recipient(s).

•

Setting up auto-forward rules to non-First Marblehead e-mail addresses.

•

Downloading or storing personal storage table (.pst) files on local or external hard drives.

•

Intentional and unauthorized access to other users’ e-mail.

•

Creating or using a false or alias e-mail address in order to impersonate another user or send fraudulent communications.

•

Use of First Marblehead’s electronic address book for solicitation of business, donations, commercial activities or personal gain.

•

Use of e-mail for political or lobbying activities.

•

Sending “spam”, chain letters, or any other type of widespread distribution of unsolicited mail, including offensive or abusive messages.

•

Use of e-mail to transmit materials in a manner which violates copyright laws.

•

Sending messages that constitute violations of First Marblehead’s Code of Conduct.

Social Media Standard

Scope and Objective

The purpose of this standard is to outline the acceptable use of Social Media in order to protect First Marblehead Workforce Members, the Company and our business partners, from reputation risk, compromise of information, and legal issues.

“Social Media” includes social networking websites including, but not limited to, Facebook, Twitter, MySpace, and Linked-in, all blogs or similar forms of online journals or personal newsletters, and internet chat rooms. The Company recognizes that certain forms of Social Media serve as tools that facilitate or support business activities. The Company also recognizes the rights of Workforce Members to participate in Social Media outside of business hours. In both cases, individuals are expected to conduct themselves appropriately and in a manner that does not conflict with the Company’s policies or expectations.

Requirements

All use of, and participation in, Social Media must comply with all Company policies which may be added, or amended from time to time at the Company’s sole discretion, including the Employee Handbook, the full Information Security Policy, and all applicable law.

Information that pertains to and/or is confidential to the Company, our employees, clients, or third-party vendors should not be posted on any Social Media. Such information includes, but is not limited to, anything addressed in the Employee Handbook, and includes client or customer names, projects, assignments, workloads, business methodology or analytic approaches, non-public financial reporting or data, any work created on First Marblehead systems, and other proprietary and nonpublic information.

Information published by an individual on behalf of the Company must be disclosed and disclaimed within the guidelines provided here and within the Employee Handbook.

Employees’, clients’, customers’ and vendors’ home addresses or confidential contact information must not be disclosed.

The Company will not tolerate statements about the Company, its employees or any organizations associated or doing business with the Company that are discriminatory, defamatory, obscene, threatening or harassing, or otherwise prohibited by applicable law. Be respectful and professional to fellow employees, business partners, competitors and clients and reach out to the individual(s) before posting information about them.

Respect the Company’s brand integrity. Do not post logo or trademarks of the Company or any client or vendor or any information or documents bearing such trademark, or logo.

If you identify yourself as employed by or affiliated with the Company or if your connection to the Company is apparent, make it clear that you are speaking for yourself and not on behalf of the Company. State explicitly and in a prominent place on the site “The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.” You should note, however, that this disclaimer will not relieve you of any legal consequences that

may arise from your commentary, especially if you publish defamatory comments about an individual or company. Your Internet postings should not violate any other applicable policy of First Marblehead, including those set forth in the Information Security Policy and the Code of Conduct. Any exceptions to this provision require written prior approval from the Chief Risk Officer.

Use a personal email address (not your Company.com address) as your primary means of identification. Just as you would not use Company stationery for a letter to the editor with your personal views, do not use your Company e-mail address to communicate personal views on-line.

Don’t link to the Company’s internal URLs from any personal blogs.

10.

Don’t post photographs of Company events or other Company employees or representatives engaged in Company activities unless you have received express permission from the Managing Director of Human Resources or the Chief Risk Officer, or his/her designee.

11.

You may include clients in your networks of online contacts as long as such individuals are not identified or identifiable as being Company clients. Outside observers should not be able to discern whether these contacts are business contacts or personal contacts.

12.

Endorsements made by you which explicitly or implicitly imply the Company’s endorsement of a vendor, product, organization or conference require prior approval of the Chief Risk Officer or his or her designee. You may provide personal endorsements or recommendations unrelated to the Company provided that it is explicitly clear that the recommendation comes from you and not from the Company.

13.

The Company respects Workforce Members’ rights to express personal opinions and does not retaliate or discriminate against Workforce Members who use the internet for lawful purposes and in a manner consistent with Company policies.

14.

The Company reserves the right to initiate disciplinary action, up to and including termination, if a Workforce Member’s use of Social Media is found to violate the Company’s Code of Conduct or the ISP.

Monitoring

The Company has no duty to monitor internet or any network activity but reserves the right to do so in its sole and absolute discretion. The Company may use, among things, software and search tools to monitor comments posted anywhere by employees or nonemployees about the Company, its clients, vendors, employees or competitors, and to block or ban content that the Company deems to violate this policy. To the extent that the Company maintains archives of all electronic communications created with company equipment, this material is also subject to search and monitoring. The Company has the right at any time to access and disclose data stored on its communication and information systems. Employees and others using these systems should have no expectation of privacy while using Company equipment and facilities for any purpose, including Social Media.

Legal Liability

Compliance with this policy does not excuse legal liability. Though you are free to post your personal views, you are legally responsible for the opinions you publish. Be aware that the Company, its employees, and others may pursue legal action against you personally based on information you post for such claims, including but not limited to: (i) defamation (i.e., making false allegations against other employees or the Company, even if you sincerely believed the information to be true). (ii) conduct that violates the legal rights of other employees, such as posting information that invades the privacy rights of other employees, individuals, or the Company. (iii) theft of information or intellectual property, and (iv) breach of confidentiality.

Physical Security Standard

Scope and Objective

The purpose of this standard is to protect First Marblehead’s electronic information systems, as well as related buildings and equipment from an unauthorized intrusion.

Requirements

1.	First Marblehead Workforce Members will be provided with photo identification badges or other Company issued access devices (“Company ID”). While on First Marblehead’s premises, all First Marblehead Workforce Members shall keep their Company ID on their person.

2.	Workforce Members shall not permit unknown or unauthorized persons to follow them through doors, gates, or other entrances to restricted areas.

3.	Workforce Members shall not attempt to enter restricted areas for which they have not received access authorization.

4.	Access to Company facilities, including offices, computer rooms, and work areas containing Sensitive Information, shall be restricted to appropriate Workforce Members and escorted visitors.

5.	Handling and processing of Sensitive Information shall take place in work areas that are physically secured and protected against unauthorized access, interference, and damage.

Building Security

1.	Access to First Marblehead facilities, including departments processing Sensitive Information, shall be restricted based on job role.

2.	After hours building access shall be approved by the hiring manager.

3.	All physical security access rights and access codes shall be promptly terminated or changed at the time that a Workforce Member ceases to provide services to First Marblehead.

4.	Access to each facility shall be reviewed quarterly by Facilities Management.

Visitors

1.	Visitors shall be issued a one-day pass, and are required to sign-in and be escorted by a First Marblehead employee during their visit on Company premises.

2.	Visitors shall be required to sign out upon completion of their visit and shall be escorted off of Company premises by a First Marblehead employee.

3.	Outside vendors (such as janitorial or maintenance personnel) shall have limited access to First Marblehead premises and shall be appropriately supervised while in work areas.

Secure and Clean Workspace

1.	Papers or data storage media that may contain Sensitive Information shall be locked in cabinets when left unattended.

2.	Workforce Members who are provided with a Company owned laptop and/or personal digital assistant (PDA) are responsible for taking reasonable steps to safeguard these assets.

3.	All printers, copiers, and fax machines shall be located in physically secured areas.

4.	Sensitive Information shall not be left on fax machines or printers.

5.	Printers and multifunction scanners that have the capability of storing data shall have this ability disabled or be configured to purge data each day.

6.	Documents containing Sensitive Information shall be discarded in provided shred bins and shall not be thrown away in the regular trash cans or blue recycle bins.

7.	Department managers shall periodically inspect their work area(s) to ensure that Sensitive Information is not left unattended. Violations shall be documented and addressed.

Proprietary Information Standard

Scope and Objective

The purpose of this standard is to define guidelines for protecting First Marblehead’s Proprietary Information from unauthorized release or disclosure.

Proprietary Information includes, but is not limited to, Intellectual Property, or any work product that is relevant to the business or research and development conducted or planned to be conducted by First Marblehead, which is created, made, conceived or reduced to practice by a Workforce Member during employment with First Marblehead, whether or not during normal working hours or on the premises of First Marblehead, to be the exclusive property of First Marblehead. The Company considers any Proprietary Information to be the exclusive property of First Marblehead.

Requirements

1.	All Workforce Members shall sign a First Marblehead non-disclosure agreement and are required to certify understanding of the Information Security Policy within 30 days of starting work at First Marblehead.

2.	The use of First Marblehead Proprietary Information for anything other than its designated business purposes is strictly prohibited and may result in disciplinary action consistent with the severity of the violation.

3.	First Marblehead’s Proprietary Information shall not be sold or otherwise transferred to any non-First Marblehead party for any purposes other than the business purposes expressly authorized by First Marblehead management as set forth in an agreement drafted by Corporate Law.

Proprietary Information shall not be downloaded from First Marblehead data storing and processing systems to a personal computer or a workstation unless a clear business need exists and advance permission has been obtained from the Data Owner in consultation with Corporate Law and/or the Chief Risk Officer or designee, where appropriate.

5.	Security controls shall be consistent with the sensitivity and value of each Proprietary Information material or data element.

6.	Workforce Members shall consult with Corporate Law before:

Discussing First Marblehead’s Proprietary Information with, or disclosing such information to, third parties, including consultants, customers and vendors.

Permitting third parties to use First Marblehead’s Proprietary Information.

Contacting anyone suspected of infringing upon any First Marblehead Proprietary Information rights.

Personally Identifiable Information Protection Standard

Scope and Objective

The purpose of this standard is to protect Personally Identifiable Information (PII) stored on First Marblehead systems and applications from unauthorized release or disclosure and to define standards for ensuring the security and confidentiality of such data.

Requirements

1.	An individual’s name (Last Name with First Name or First Name initial) in combination with one of the following data elements shall be considered Personally Identifiable Information and must be stored and protected in a manner consistent with this standard:

Social Security Number (SSN) or Tax ID

Date of Birth or Death

Drivers License Number(s) or State ID

Passport Number

Bank and/or Financial Account Number(s)

Credit Card Number(s)

Income or Other Financial Information

Loan Number(s)

Account Passwords or PIN codes

Credit History

Digitized Signatures

Full Face Photographic Images

2.	PII shall only be collected where necessary and as required to meet a business need.

3.	All Workforce Members authorized to access PII data must only use the data for the intended purposes for which it was collected and/or stored.

4.	PII shall not be transferred outside of First Marblehead, unless has been approved by the Data Owner and the Chief Risk Officer and the receiving entity has confirmed that adequate safeguarding controls are in place.

5.	All requests (verbal or written) for PII of an employee or a consumer shall indicate the intended use and shall be for legitimate purposes only.

6.	Provisions for use of Social Security Numbers (SSN):

Account numbers shall not be based on the consumer’s SSN, including truncated versions of the social security number.

Account identification numbers shall be used whenever possible and in lieu of an SSN.

SSN shall be blanked out / redacted from any requested document or file, when the SSN is not relevant to the request.

7.	Electronic communication and transfer of PII shall be conducted in a secure manner.

8.	PII must be safeguarded at all times and in all formats/media both at rest and in transit.

9.	Data owners shall ensure effectiveness of security controls put in place to safeguard PII under their control.

10.	PII shall be kept no longer than is required by a business need or applicable state and federal law.

11.	PII shall not be stored on local hard drives or portable storage devices (CDs, external hard drives, thumb drives, etc), unless approved by the Chief Risk Officer or designee.

12.	PII shall not be transferred to a country or territory outside the United States of America, unless approved by the Chief Risk Officer or designee.

13.	Use of PII is strictly prohibited in testing, training, and presentation reports or marketing materials, unless that data is de-identified by: removing, masking, or transforming key data elements that could be used to reconstruct a record.

In the event that an exception is granted by the Chief Risk Officer to allow PII to be used for testing purposes in a non-production environment, the following data safeguarding controls must be met:

Both logical and physical access to PII data shall be restricted.

ii.

Electronic access shall be limited to authorized individuals only and shall be consistent with job role and responsibility.

iii.

Back up tapes shall be appropriately secured.

iv.

Data safeguarding controls shall be periodically tested for operating effectiveness; deficiencies must be reported and remedied.

14.	It is First Marblehead’s policy to comply with Payment Card Industry (PCI) standards and regulations. Recording of credit card numbers in any First Marblehead system is prohibited without the written consent of the Chief Risk Officer or designee.

15.	Any Workforce Member who has substantially breached the confidentiality of PII may be subject to disciplinary action, up to employment termination.

Servers, Laptops, Desktops Standard

Scope and Objective

The purpose of this standard is to minimize the risk of loss or exposure of Sensitive Information stored and maintained by First Marblehead and to reduce the risk of corrupted computers being used by the Company.

Requirements

1.	Workforce Members or visitors shall not connect non-First Marblehead owned PCs, PC peripherals (e.g., including, but not limited to, external hard drives, phones, and cameras), or PC software to the First Marblehead network without the written approval of the Chief Risk Officer or designee.

2.	Workforce Members who are provided with a Company owned laptop and/or personal digital assistant (PDA) are responsible for taking reasonable steps to safeguard these assets.

Workforce Members shall not disable any security software including virus scanning software, change operating system configurations, upgrade existing or install new operating systems, or modify security controls on any First Marblehead owned PC or network server. Requests for exceptions shall be communicated to the Help Desk.

4.	Workforce Members shall not test, circumvent, or attempt to compromise any information security mechanisms unless specifically authorized in writing by the Chief Risk Officer and the Managing Director of Operations and Information Technology.

5.	Workforce Members shall either log off or use the Windows “Lock Computer” function prior to leaving their workstation or a server that is connected to the First Marblehead network.

6.	No new software shall to be installed on any First Marblehead owned computer equipment without the formal approvals of the Chief Risk Officer and the Managing Director of Information Technology.

7.	Making unauthorized copies of First Marblehead licensed and copyrighted software, including for “evaluation” purposes, is forbidden.

Securing Computing Devices

1.	All computer equipment shall be marked with identification information that clearly indicates that it is property of First Marblehead.

2.	An up-to-date inventory list of computer equipment shall be maintained and approved by Information Technology Management.

3.	All Company owned servers shall be controlled, configured and centrally administered by IT.

4.	All PCs and servers shall be password protected.

5.	Systems shall be configured to lock after [**] minutes of inactivity.

6.	All PCs and servers shall have anti-virus software installed and enabled. Virus definition files shall be current and updated centrally.

7.	Access rights to install, configure or disable software and hardware settings on any First Marblehead owned machine shall be limited to authorized personnel only.

8.	CD/DVD RW drives, USB and FireWire ports, Bluetooth, Wi-Fi and IrDA shall be disabled.

9.	Servers shall be configured in accordance with the Information Technology Server Build Standard.

10.	Trusted host features shall be disabled on publicly accessible servers.

11.	Publicly accessible servers shall be placed on a separate, isolated sub-network. A firewall shall be used to manage connectivity to subnets.

12.	No internal wireless networks will be enabled on First Marblehead systems.

13.	First Marblehead discourages use of unsecured wireless networks in publicly accessible areas such as airports, hotels, etc. Employees should take reasonable steps to ensure that wireless networks are secure.

14.	Publicly accessible servers shall be configured to suppress system identifiable information, for example, operating system, patch level, etc. This shall include deploying [**] for web applications.

Computer Viruses and Malware

1.	All externally supplied removable storage media, computer-readable files, software programs, databases, word processing documents, and spreadsheets shall be subjected to a virus checking process.

2.	Workforce Members shall not intentionally write, compile, copy, propagate, execute, or attempt to introduce any computer code designed to self-replicate, damage, or otherwise hinder the performance of First Marblehead’s computer systems.

3.	Workforce Members are required to physically disconnect their machine from the network and report the issue to the Help Desk immediately, if there is a suspicion of a virus.

4.	Workforce Members shall not attempt to eradicate a virus without expert assistance.

Encryption Standard

Scope and Objective

The purpose of this standard is to define encryption guidelines for protection of sensitive Company, client, customer, and business partner data.

Requirements

1.	The Company prohibits encryption of First Marblehead data, except for the following:

Electronic transfer of Sensitive Information between First Marblehead and an external party shall be encrypted.

E-mails containing Sensitive Information, either in the body or in the attachments, must be encrypted prior to being sent to an external recipient.

If data must be sent routinely to an external party, a job shall be scheduled through Job Scheduling to encrypt and automate the data transfer.

Removable media including all First Marblehead owned laptops, back-up tapes, and portable storage devices shall be encrypted using a Company approved encryption solution.

If encryption is not feasible, compensating controls shall be applied to ensure integrity and confidentiality of such data. Examples include:

Use of only Company approved removable media devices.

Password protection.

Encryption of the file using Company provided file encryption software.

2.	Electronic communication and transfer of Sensitive Information over public networks shall be encrypted.

3.	Encryption key management servers shall be centrally managed by Information Technology. The encryption mechanism shall require the following:

Encryption keys shall be backed-up and stored with security measures comparable to or more stringent than measures applied to the involved data.

Cryptosystem key length shall be at least [**] bits.

Keys in storage and transit shall be encrypted.

Keys for encrypting key management servers shall be stored separately from keys used for encrypting/decrypting data.

Data Destruction Standard

Scope and Objective

The purpose of this standard is to provide guidelines for the secure and appropriate destruction of data.

Requirements

All information technology hardware assets used to process or store Sensitive Information, such as employee or customer personal data, strategic business plans, sensitive legal issues, and other information that could, if released to unauthorized persons, cause serious harm to First Marblehead, that are no longer needed for business purposes must be disposed of using a process that meets or exceeds the Department of Defense (DoD) Standard 5220.22-M for data sanitization and must be performed by an assigned and authorized First Marblehead employee or an approved third party provider specializing in this service.

Information on First Marblehead owned information technology hardware assets, including but not limited to computers, hard drives, PDAs, fax machines, network communications equipment, CDs, external storage devices, diskettes, and magnetic tapes used to process or store data, shall meet all data retention requirements before disposal may occur.

3.	Whenever licensed software is resident on any computer media being sold, transferred, or otherwise disposed of, the terms of the license agreement shall be followed.

4.	Each sanitization process shall be certified and a record maintained as specified by First Marblehead’s records retention guidelines:

A verifiable chain of custody, which can trace the assets from the time they left First Marblehead control through the time it is certified that all data has been rendered irretrievable through any recovery process, shall be retained as specified by First Marblehead records retention schedule.


Sanitization Types
Method		Description

Disposal		Disposal is the act of discarding media with no other sanitization considerations. This is most often done by paper recycling containing non-confidential information but may also include other media.

Clearing		Clearing information is a level of media sanitization that would protect the confidentiality of information against a robust keyboard attack. Simple deletion of items would not suffice for clearing. Clearing must not allow information to be retrieved by data, disk, or file recovery utilities. It must be resistant to keystroke recovery attempts executed from standard input devices and from data scavenging tools. For example, overwriting is an acceptable method for clearing media. The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for media that are damaged or not writeable. The media type and size may also influence whether overwriting is a suitable sanitization method.

Purging		Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack. For some media, clearing media would not suffice for purging. However, for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged.

Destroying

Destruction of media is the ultimate form of sanitization. After media are destroyed, they cannot be reused as originally intended. Physical destruction can be accomplished using a variety of methods, including disintegration, incineration, pulverizing, shredding, and melting.

• Disintegration, Incineration, Pulverization, and Melting. These sanitization methods are designed to completely destroy the media.

• Shredding. Paper shredders can be used to destroy flexible media such as diskettes once the media are physically removed from their outer containers. The shred size of the refuse should be small enough that there is reasonable assurance in proportion to the data confidentiality level that the information cannot be reconstructed. Optical mass storage media, including compact disks (CD, CD-RW, CD-R, CD-ROM), optical disks (DVD), and magneto-optic (MO) disks must be destroyed by pulverizing, crosscut shredding or burning.

Destruction of media should be conducted only by trained and authorized personnel. Safety, hazmat, and special disposition needs should be identified and addressed prior to conducting any media destruction.


Media Sanitization Decision Matrix
Media Type	Clear	Purge	Physical Destruction

Hard Copy Storages

Paper and microforms	[**]	[**]	[**]

Hand-Held Devices

Cell Phones	[**]	[**]	[**]

Personal Digital Assistant (PDA)	[**]	[**]	[**]

Networking Devices

Routers	[**]	[**]	[**]

Equipment

Copy Machines	[**]	[**]	[**]

Fax Machines	[**]	[**]	[**]

Magnetic Disks

Reel and Cassette Format Magnetic Tapes	[**]	[**]	[**]

Optical Disks

CDs	[**]	[**]	[**]

DVDs	[**]	[**]	[**]

Memory

Compact Flash Drives, SD	[**]	[**]	[**]

Dynamic Random Access Memory (DRAM)	[**]	[**]	[**]

Electronically Alterable PROM (EAPROM)	[**]	[**]	[**]

Electronically Erasable PROM (EEPROM)	[**]	[**]	[**]

Erasable Programmable ROM (EPROM)	[**]	[**]	[**]

Field Programmable Gate Array (FPGA) Devices (Non-Volatile)	[**]	[**]	[**]


Media Sanitization Decision Matrix
Media Type	Clear	Purge	Physical Destruction

Field Programmable Gate Array (FPGA) Devices (Volatile)	[**]	[**]	[**]

Flash Cards	[**]	[**]	[**]

Flash Cards (FEPROM)	[**]	[**]	[**]

Magnetic Bubble Memory	[**]	[**]	[**]

Magnetic Core Memory	[**]	[**]	[**]

Non Volatile RAM (NOVRAM)	[**]	[**]	[**]

PC Cards or Personal Computer Memory Card International Association (PCMCIA) Cards	[**]	[**]	[**]

Programmable ROM (PROM)	[**]	[**]	[**]

RAM	[**]	[**]	[**]

ROM	[**]	[**]	[**]

USB Removable Media (Pen Drives, Thumb Drives, Flash Drives, Memory Sticks) without Hard Drives	[**]	[**]	[**]

Smart Cards	[**]	[**]	[**]

Magnetic Cards

Magnetic Cards	[**]	[**]	[**]

Authentication and Verification Standard

Scope and Objective

The purpose of this standard is to establish authentication requirements for verification of user identity and associated access privileges.

Requirements

1.	Workforce Members shall be responsible for all activity performed with their personal access account, also known as User ID, and shall take all reasonable steps to protect it.

2.	Account passwords shall not be written down and left in a place where unauthorized persons might discover them.

3.	Workforce Members shall not reveal or share their account password(s):

Technical support personnel shall not ask for account passwords, unless there is a system limitation requiring such personnel to simulate user experience while troubleshooting an issue.

4.	Account passwords must be immediately changed if suspected or known to have been compromised.

System Authentication

1.	All Workforce Members authorized to access Company systems and applications shall verify themselves via an assigned account and self- selected password.

2.	A multi-factor authentication methodology shall be employed for remote access to the network.

3.	First Marblehead systems shall be configured to:

Display a network login banner.

Not indicate the specific cause of failed login.

Accounts

1.	Each access account, including resource or service accounts, shall uniquely identify only one user and have an assigned owner.

2.	Vendor supplied default accounts shall be removed, disabled, or renamed prior to using the software in production environment.

3.	Service or resource accounts required to run a system process shall be configured to prevent interactive logon where technically feasible.

4.	All access accounts created for non-First Marblehead employees shall have a specified expiration date, with a default expiration of [**] days where the actual expiration date is unknown.

Managers are required to promptly notify the Help Desk when access to First Marblehead resources is no longer needed.

5.	Access accounts, defined in systems and applications, containing Sensitive Information including access provision systems, shall be:

Disabled if inactive over [**] days.

Deleted if remained disabled for over [**] days.

Passwords

1.	First Marblehead systems shall be configured to require the following strong password requirements:

Minimum password length shall be [**] characters.

Passwords shall contain at least [**] of the following complexity requirements:

Alpha character.

ii.

Numeric character.

iii.

One special character.

iv.

Upper case character.

Passwords shall expire after [**] days.

Password history shall be retained for past [**] passwords.

[**] consecutive incorrect passwords shall result in disabling the account.

Passwords shall not be displayed in clear text.

2.	Default passwords shall expire upon first login, requiring Workforce Members to select their own password.

3.	All vendor supplied default passwords shall be reset prior to using the software in production environment.

4.	Passwords shall be encrypted when held in storage or when transmitted over public network.

5.	Passwords shall not be hard-coded into software code or macros, batch files, or automatic logon scripts.

6.	All passwords on critical systems must be immediately changed if a privileged resource or user account has been compromised.

Remote Access Standard

Scope and Objective

The purpose of this standard is to define guidelines for requesting authorization for remote access to First Marblehead network or e-mail and for establishing remote access sessions.

Requirements

1.	A Security Authorization Form shall be submitted for approval to GRC for access to the Virtual Private Network, hereafter referred to as “remote network access” or “VPN”, or Outlook Web access, hereafter referred to as “web e-mail” or “OWA.”

2.	VPN or OWA access to shall be restricted based on job role and least required access principles.

3.	The remote access user bears the responsibility for the consequences should the access be misused to violate any First Marblehead policies, perform illegal activity or be used for outside of business interests.

At no time shall remote access users share their login name, password, remote access token or token code; remote access users shall always protect this information.

4.	Workforce Members with VPN access privileges shall not use non-First Marblehead e-mail accounts, equipment or other external resources to conduct First Marblehead business.

5.	Non-employees approved for VPN remote access shall be restricted via the VPN device to only specific resources required to perform tasks identified in an approved Statement of Work.

While remotely accessing First Marblehead’s network, all Workforce Members must understand that their machines are a de facto extension of First Marblehead’s network, and as such are subject to the same rules and regulations that apply to First Marblehead-owned equipment and acceptable use standards, i.e., their machines and expected conduct must adhere to the Information Security Policy and the Code of Conduct requirements.

7.	A VPN session shall timeout after [] minutes of inactivity and shall require re-authentication after [] hours. Pings or other artificial network processes are not to be used to keep the connection open.

8.	Exceptions to the aforementioned full remote network access requirements must be approved jointly by the Chief Risk Officer and the Managing Director of Operations and Information Technology.

System Requirements

1.	VPN access shall require the use of a First Marblehead owned laptop.

2.	All in-bound access shall employ []-factor user authentication with at least [] of the factors not subject to replay.

3.	Resource computer system IDs shall not be used in remote access to First Marblehead systems.

4.	Secure communication over networks shall be maintained.

5.	Split-tunneling or dual homing is not permitted at any time.

6.	The VPN concentrator shall be limited to an absolute connection time of [**] hours.

7.	All computers remotely connected to the First Marblehead network must have up-to-date anti-virus signatures and security patches, and configured personal firewall when remotely connected to First Marblehead network.

8.	Remote access to First Marblehead systems shall adhere to the following access and authentication standards:

Authentication and Verification Standard

Access Rights Standard

Encryption Standard

9.	VPN device shall provide an audit log.

Access Rights Standard

Scope and Objective

The purpose of this standard is to define guidelines for access request, authorization, and validation.

Requirements

1.	Access to systems, applications and data shall be restricted based on job role, and adhere to the principle of least privileged access - access granted is the minimum level required for a user to perform assigned job responsibilities.

2.	Access shall be granted by designated Access Administrator(s) upon receiving a complete and approved Security Authorization Form from the application owner.

3.	Access to First Marblehead information systems shall be promptly disabled at the time that a Workforce Member ceases to provide services to First Marblehead.

Access privileges enabling a Workforce Member to access the files, computers, or applications of other users, shall be restricted only to those who are directly responsible for system administration and support or are required to work on internal investigations. All such requests must be approved by the Chief Risk Officer or designee.

Violations and misuse of system administrative access privileges will result in disciplinary actions commensurate with the severity of the incident, up to and including termination of employment or contracts, in some case without benefit of a warning, as well as possible criminal or civil penalties.

5.	First Marblehead’s system, application, or file access control permissions must be set to a default that blocks access for unauthorized users.

6.	All Application Owners shall validate effectiveness of application/data security controls at least [**], or in accordance with GRC guidelines. Application Owners must ensure that:

Application authentication requirements are consistent with the “Authentication and Verification Standard” of the Information Security Policy.

Administrative access to the application(s) is restricted to authorized personnel only.

All accounts of terminated employees have been removed.

Active accounts shall be consistent with users’ roles and responsibilities:

Maintain a table for access rights/profiles for each job level.

ii.

Segregate duties to prevent conflict of interest:

Requestors shall not approve requests.

Approvers shall not administer access.

Administrators shall only process but not approve requests for access.

iii.

Confirm that all accounts of terminated employees have been disabled.

iv.

Validate formal approval for each system/application user.

Access to Supporting Infrastructure has been restricted to authorized personnel only.

vi.

Validate appropriateness of access to system/application/shared drives/mailboxes.

Ensure risk-based event monitoring procedures are in place to detect inappropriate activity.

Monitoring and Notification Standard

Scope and Objective

The purpose of this standard is to define system monitoring and notification requirements.

Requirements

1.	First Marblehead reserves the right to monitor system and user activities at any time and without prior notice.

Workforce Members have a duty to report all information security violations (e.g. unauthorized activity, including but not limited to loss of or changes to computerized production data and questionable usage of files, databases, communications networks or compromised passwords), and suspected or confirmed information security problems and vulnerabilities to GRC by either contacting the Director of Information Security or emailing informationsecurity@fmd.com immediately so that appropriate action is taken in a timely manner according to FMD’s Security Incident Response Process.

3.	Workforce Members shall never attempt to interfere with, prevent, obstruct, or dissuade a staff member in his/her efforts to report a suspected information security problem or violation, or retaliate against an individual reporting or investigating information security problems or violations.

4.	Decisions involving any contact with law enforcement or other external parties regarding information security incidents or problems shall be made by Chief Risk Officer or designee.

5.	All production systems and applications must log all pertinent system and account events in real-time, including, but not limited to:

Access to systems and applications.

Failed authentication attempts.

Failed attempts to access system and application resources.

Privileged account activity:

System or application administrator activity.

ii.

Change of system or application records.

iii.

Changes to standard business transactions.

iv.

Changes to systems, applications, and files.

Data import and export events.

vi.

Increase or decrease of various security events.

Logs must include at a minimum:

Event type.

ii.

Account name.

iii.

System time stamp.

iv.

Event success or failure.

Source and Destination identification attributes.

Logs of computer security-relevant events must provide sufficient data to support comprehensive audits on the effectiveness of and compliance with security measures.

Log files shall be protected from any changes and shall be viewed only by authorized personnel on a need to know basis.

Log files shall not be overwritten or deleted until they have been backed up to off-line media.

Log files shall be retained in accordance with the corporate records retention guidelines.

Existing applications or systems that cannot comply with data object access logging requirements, due to technical limitations or prohibitive costs related to making the application or system compliant, shall be exempt from this standard. Applications or systems that cannot comply with this standard are required to document the reasons for non-compliance. In addition, to reduce the risk associated with non-compliance, adequate compensating controls must be documented and implemented.

Online Student Loan Application Access Standard

Scope and Objective

The purpose of this standard is to define authentication requirements for online loan application access.

Requirements

1.	Applicant User IDs must be set to expire [] months from the time they are established and be renewable in [] months intervals.

2.	A multifactor authentication shall be employed on loan application processing websites, and consist of the following: :

[**].

And

[**].

Or,

ii.

[**].

3.	All fixed password resets or changes shall be promptly confirmed by [] to a [] so that the authorized user can readily detect and report any fraudulent or abusive behavior:

A loan applicant shall not be able to retrieve his/her password. The system shall prompt the loan applicant to submit his/her User ID and answer [**] previously defined questions. A one time personal identification number (PIN) shall be sent via [**] to a [**] for a one time use.

Roles and Responsibilities Standard

Scope and Objective

The purpose of this standard is to define the roles and responsibilities of Workforce Members with regard to the protection of First Marblehead information and information systems.

Requirements

1.	All First Marblehead Workforce Members shall:

Annually certify understanding of the Information Security Policy (ISP).

Adhere to the ISP.

Protect and safeguard Company provided electronic resources and data.

Participate in Company-sponsored ISP training and awareness activities.

2.	Human Resources is responsible for supporting Company compliance with the ISP, including completion of the following:

All First Marblehead Workforce Members shall personally sign a First Marblehead non-disclosure agreement before starting work with First Marblehead.

All Workforce Members must pass a background check that includes examination of criminal conviction records, lawsuit records, credit bureau records, driver’s license records, and verification of previous employment:

Background Investigations may include, but are not limited to, the following:

Review of Credit Report

Review of civil litigation

Review of criminal history (SORI- Sex Offender Registry Information)

Verification of previous employment

Verification of education

3.	Business Unit Leaders are responsible for working with GRC to ensure adequate controls are in place to safeguard data relied upon in order to perform a specific business function. This includes, but is not limited to:

Appointing a qualified Workforce Member(s) to the role of Application Owner for each application owned by the business unit.

Maintaining an access entitlement matrix based upon defined job roles.

Establishing adequate system security controls and performing periodic testing of design and effectiveness.

Inventorying data assets under their management.

Ensuring Workforce Members under their management participate in required Information Security training and (re)certification of ISP understanding.

Collaborating with Information Technology (IT) to ensure data is securely stored, backed up, transmitted and received using adequate security controls.

Enforcing compliance with the ISP for all resources under their management.

Reporting ISP violations to GRC in a timely manner.

Enforcing the Secure and Clean workspace provision of the Physical Security Standard within the supervised work area.

4.	An Application Owner is the individual who has been assigned the ultimate responsibility for a system because he/she is responsible for the primary business functions served by the system. The responsibilities of this role include, but are not limited to:

Defining the scope and strategic objectives of the system.

Understanding the overall purpose and sufficient details of the system.

Approving access requests to the system.

Ensuring appropriate support, maintenance, and problem resolution as it pertains to the security, availability, and integrity of the data stored in that system.

Coordinating system enhancements, and providing final approval for the implementation of all changes to the system.

Ensuring adequate level of documentation exists on how the system supports business processes and controls.

Responding to Internal Audit requests and mitigating audit findings or self-discovered system weaknesses.

Collaborating with IT and GRC on creating business resumption and disaster recovery plans.

Validating effectiveness of system security controls.

5.	GRC is responsible for creating and maintaining the Information Security Program to ensure that adequate controls exist to safeguard Company systems and data against unauthorized access, disclosure, modification and/or destruction. This includes, but is not limited to:

Documenting and maintaining the ISP.

Revising the ISP based on new or amended regulations and Company needs.

Communicating and providing ISP awareness training to Workforce Members.

Monitoring compliance with the ISP using security appliances and systems.

Approving exceptions to the ISP and maintaining policy exception tracking and reporting.

Maintaining a catalog of authorized monitoring practices and ad hoc monitoring reports.

Performing risk assessments.

Designing, implementing, and testing security controls.

Defining and documenting security needs for the Company.

Updating management on Company’s compliance with the ISP.

Providing guidance on current government regulations and articulating them into actionable requirements.

Collaborating with IT to identify gaps between security needs and current technologies.

Working with IT to prioritize security projects.

Monitoring and responding to ISP related exception reporting (e.g. functional alerts and quarantines).

Researching exceptions within the environment.

Assisting in the functional testing of appliances and systems at the time of new implementations, upgrades or policy/configuration changes.

Functioning as the primary point of contact with the business units for matters related to the functional operation of appliances and systems.

Functioning as the primary point of contact and manager for incident response.

Reviewing third party service provider security controls.

Reporting on the overall status of the ISP to the Board of Directors or Audit Committee on an annual basis, including:

Conclusions as to compliance with Interagency Guidelines Establishing Standards for Safeguarding Customer Information (GLBA Sec 501 and 503)

Discussion of material matters with regard to risk assessment, risk management and control decisions, service provider arrangements, results of testing, security breaches or violations and management’s responses, and recommended changes to the Information Security Policy and related procedures.

6.	IT is responsible for supporting and maintaining the information technology infrastructure and business applications to support First Marblehead’s goals and objectives. This includes, but is not limited to:

Maintaining security architecture.

Collaborating with GRC to identify security deficiencies and prioritize remediation.

Working with GRC to identify technology solutions to meet regulatory/business/security requirements.

Implementing technology improvements in support of the ISP.

Maintaining Company disaster recovery plans.

Promoting industry best practices.

Administering access to key systems.

Documenting and maintaining procedures for performing system access administration for systems under IT’s control.

Managing access to security appliances, consistent with ISP and internal procedures.

Converting security requirements into technical specifications.

Performing technical implementations based on review and approval from GRC.

Implementing policy or filter changes as directed or agreed to by GRC that would modify how a security system captures, reviews, quarantines, or releases information.

Maintaining an ongoing log of production and ad-hoc monitoring activities and implementations.

Monitoring and responding to technology support exception reporting (e.g. functional alerts, ad-hoc trouble shooting reports, etc.).

Providing GRC non-administrative access to systems where needed for GRC to monitor effectiveness of systems and manage quarantines.

Managing IT vendor relationship(s) and serving as the sole point of technical support escalation.

Budgeting for the funding required for acquisition, support and maintenance of appliances and systems.

Maintaining regular communication with GRC regarding the status of security systems, technical and data security events and trends, and process improvement recommendations.

7.	Third Party Service Providers that have access to First Marblehead systems or data:

Understand and adhere to the ISP.

Acknowledge ISP requirements prior to accessing any First Marblehead systems, applications, files or data.

LOGO

Employee Code of Conduct May 2012


Letter from the Chairman & Chief Executive Officer

		May 2012
		Code of Conduct Contact Information
Dear Fellow Employees,		Code of Conduct Contact Information
At First Marblehead, integrity is a fundamental corporate value. We are strongly committed to it, and to the ethical conduct, honesty and compliance with law that underlie it. Integrity is vital to our long-term relationships with clients, colleagues and investors, particularly at this time in the history of our Company and industry. Our Code of Conduct outlines standards for employee conduct. It is intended to raise your awareness about what is expected of each of us, to provide you with guidance if you have questions about what is proper conduct for you or anyone else, and to encourage you to report any ethical, accounting or legal problems that you may confront. Given the variety of situations to which our standards apply, the Code is not intended to provide you with a roadmap for every question that you have or specific concern that may arise. Each of us is expected to use our judgment and common sense in order to comply not only with the letter of the Code but also with its spirit. Please read the Code carefully and thoroughly, as it has been updated to clarify some requirements as well as to reflect our growing and evolving businesses. You are required to formally acknowledge that you have read the Code, understand it, and agree to abide by it. The principles of the Code apply to everyone at First Marblehead regardless of job function or seniority. Each of us must do our part to prevent or correct violations and maintain a culture where absolutely nothing compromises our commitment to integrity. I encourage you to discuss any questions or concerns you may have about the Code or any activity at our Company with any member of the Code of Conduct Committee. Our Code provides a foundation, but the value we get from it depends on your level of dedication to upholding its principles. Please join me in renewing our commitment to protecting and strengthening First Marblehead’s reputation for integrity and the trust that our clients, colleagues and investors have placed in each of us. Daniel Meyers Chairman & Chief Executive Officer		Employees are encouraged to contact any member of the Code of Conduct Committee at any time if there are concerns about possible violations of our Code of Conduct. Code of Conduct Committee Member = (M) Bill Baumer (M) Managing Director & Chief Risk Officer (617) 638-2093 wbaumer@fmd.com Suzanne Murray (M) Managing Director & Acting General Counsel (617) 638-2137 smurray@fmd.com Jo-Ann Burnham (M) Managing Director, Human Resources (617) 638-2005 jburnham@fmd.com Ken Klipper (M) Managing Director & Chief Financial Officer (617) 638-2163 kklipper@fmd.com Daniel Meyers Chairman & Chief Executive Officer (617) 638-2001 dmeyers@fmd.com Peter Drotch Chairman - Audit Committee The First Marblehead Corporation Board of Directors (508) 872-6647 pdrotch@comcast.net Outside Counsel Wilmer Cutler Pickering Hale and Dorr LLP (617) 526-6000 Attention: Susan Murley, Esquire Mailing addresses available on page 20.

LOGO

Introduction

We are all equal under the Code

At The First Marblehead Corporation (Company), we are committed to upholding the highest standards of honest, ethical conduct. Always. Without compromise. That commitment also reflects our goals to meet and exceed the expectations of our stakeholders - those groups of people with a vested interest in the success of our Company.

Our Code of Conduct (Code) summarizes the shared values and behaviors we must exhibit in all of our business transactions and interactions with our key stakeholders, including customers, fellow employees, business partners, suppliers, shareholders, government regulators and communities.

Our Code applies equally to all employees, officers and on-site contractors and vendors. In addition, we will not participate in or tolerate fraudulent behavior, and we expect our other vendors and business partners to uphold our ethical standards and values. Compliance with our Code, Company policies and procedures, and applicable laws and regulations is a responsibility that we take seriously, and we will hold each other accountable in meeting that responsibility.

Our leaders and managers are expected to serve as ethical role models.

They are expected to be familiar with our Code and effectively communicate its importance and guidelines and answer the questions of those who report to them.

Leaders and managers also have an obligation to create a positive work environment in which Company personnel feel comfortable asking questions or reporting concerns. Leaders and managers who fail to meet this responsibility or who do not act promptly to report suspected misconduct will be subject to disciplinary action that may include termination.


		The First Marblehead Corporation		3

LOGO

Table of Contents


	PAGE

Raising and Reporting Ethical Issues		5

Reporting Process		6

Concerns About Accounting or Auditing Matters		7

Reporting Company Information		8

Protecting Company Assets		9

Protecting Information		10

Gifts & Entertainment		12

Fair Dealing and Conflicts of Interest		14

Compliance with the Law		15

Respect for the Individual		16

Workplace Policies		17

Supporting Our Code of Conduct		19

Code of Conduct Contact Information		20


		The First Marblehead Corporation		4

LOGO

Raising and Reporting Ethical Issues

What to do when you think something is wrong

If you believe that any employee, officer, director or anyone working on our behalf may have engaged in ethical or legal misconduct, it is your responsibility to promptly report the matter to your manager or any member of the Code of Conduct Committee (see the list and contact information at the end of this document). Doing so helps us to address issues and prevent future misconduct.

Suspected Code violations can be reported to anyone on our Code of Conduct Committee, or call our toll-free HOTLINE, 866-709-9950, or e-mail CodeOfConduct@fmd.com, where you can leave a message about any suspected violation. While we prefer that you identify yourself when reporting suspected violations so that we may follow up with you, you may leave messages anonymously.

We will promptly and thoroughly investigate complaints to determine whether violations have occurred and if so, how to effectively address them. Disciplinary measures for violations may include, but are not limited to:

•

Reprimands

•

warnings

•

probation or suspension without pay

•

demotions

•

reductions in salary

•

restitution

•

termination of employment

Certain violations may require external reporting

Certain violations of our Code may require us to refer the matter to the appropriate governmental or regulatory authorities for investigation or prosecution.

We may also be required to report particular violations to clients, and the clients may report the violation to appropriate regulators. Employees, officers and directors are expected to cooperate fully with any inquiry or investigation by the Company regarding an alleged violation of our Code. Failure to cooperate with any such inquiry or investigation may result in disciplinary action up to and including discharge.

If the alleged violation involves an executive officer, then the Board of Directors and the Chief Executive Officer (but only to the extent that the CEO is not involved in the alleged violation) will determine whether a violation of our Code has occurred and, if so, will determine the disciplinary measures to be taken.

While we prefer to coordinate matters internally, nothing in our Code should discourage you from reporting any illegal activity, including any violation of securities laws or any other federal, state or foreign law, rule or regulation, to the appropriate regulatory authority.

You are protected

Employees, officers and directors will not fire, demote, suspend, threaten, harass or in any other manner discriminate or retaliate against a person because he or she reports a violation, unless it is determined that the report was made with knowledge that it was false. Our Code does not prevent you from testifying, participating or otherwise assisting in any state or federal administrative, judicial or legislative proceeding or investigation.


		The First Marblehead Corporation		5

LOGO

Reporting Process

You have three options for reporting a violation:

LOGO

If the alleged violation involves a member of the Code of Conduct Committee, that member will not participate in the investigative process. In addition, suspected violations involving a member of the Audit Committee may be reported to WilmerHale LLP, our outside counsel. All contact information is included on the last page of this Code.


		The First Marblehead Corporation		6

LOGO

Concerns about Accounting or Auditing Matters

Reporting your concerns

If you become aware of an actual or potential problem with our accounting, internal accounting controls or auditing matters, please raise your concerns immediately, by using the reporting process on page 6, by contacting the Chairman of the Audit Committee directly or by contacting Susan Murley at WilmerHale LLP, our outside counsel, (617) 526-6000.

All concerns of merit will be forwarded to the Audit Committee, and a record of all complaints and concerns received will be provided to the Audit Committee each quarter. Again, you may report any concerns regarding accounting or auditing matters confidentially and anonymously.

Working with Independent Auditors or Regulators

We are expected to cooperate completely and provide all information requested in any internal or external investigation, audit or regulatory inquiry. This requires us to provide accurate and complete information to these parties when requested.

•

No one may directly or indirectly make, or cause to be made, a false or misleading statement.

•

No one may omit to state, or cause another person to omit to state, any material fact in connection with any audit review, examination or investigation.

•

No one may directly, or indirectly, take any action to coerce, manipulate, mislead or fraudulently influence any independent public or certified public accountant engaged in the performance of an audit or review of our financial statement.


		The First Marblehead Corporation		7

LOGO

Reporting Company Information

Compliance with all laws, rules and regulations is vital

We report corporate and business data to a number of regulatory agencies, including the Securities and Exchange Commission, the Internal Revenue Service and the New York Stock Exchange, in addition to the financial and educational institutions and other enterprises with which we do business. The accuracy and integrity of this information is critical to maintain our marketplace reputation and business model.

It is the responsibility of each one of us to comply with all laws, rules and regulations applicable to our business, as well as our Code and Company policies.

You are responsible for the accuracy of books, records and public reports

Because our regulators, shareholders and other business partners rely on the detailed information contained in our business records, we must make sure that the information we provide is accurate, timely and complete. You are responsible for the accuracy of the records and reports you create and/or review. Accurate information is essential to our ability to meet our legal and regulatory obligations.

All of our books, records and accounts must be maintained in accordance with all applicable regulations and standards and accurately reflect the true nature of the transactions they record.

Financial Statements

Our financial statements must conform to generally accepted accounting principles, as well as our accounting policies and internal control procedures.

•

No undisclosed or unrecorded account or fund can be established for any purpose.

•

No false or misleading entries can be made in our books or records for any reason.

•

No disbursement of corporate funds or other corporate property can be made without adequate supporting documentation.

•

It is our policy to provide full, fair, timely and understandable disclosure in reports and documents filed with, or submitted to, our regulators and in other public communications.

Protecting Company Assets


		The First Marblehead Corporation		8

LOGO

Protection of Our Company Assets

We are all trusted to respect and safeguard Company property, which includes both physical and intangible assets. We must be diligent and work together to prevent identity theft, destruction or misappropriation of Company property, including our physical property, consumer information, proprietary client information, confidential and proprietary internal information and intellectual property.

Protecting Physical Assets

At all times we must protect Company facilities, equipment and supplies from theft, loss, damage or misuse. Company issued portable devices, such as BlackBerrys or laptops, should be used for acceptable work-related purposes.

Protecting Intellectual Property

We also have an obligation to protect our intangible assets. Intellectual property refers to those intangible assets of the Company which include business methods, inventions, publications, patents, copyrights and trademarks. We were all asked to sign a non-disclosure agreement when we were hired. These signed agreements are kept in Human Resources and represent each of our individual commitments to protect our intellectual property. In addition, it is our policy to respect the intellectual property of others and to adhere strictly to all relevant laws and regulations regarding the patents, trademarks or copyrights owned by others.

John & Joe are on the T after work discussing their day. John brings up comments made by management at a Town Hall meeting held earlier in the week. He is interested in knowing Joe’s thoughts on certain statements about stock options and pending clients, which John names, that were confidentially made to employees at the meeting. How should Joe respond?

Without drawing further attention to John’s specific statements, Joe should make clear to John that the timing and setting are inappropriate for the conversation. John’s public statements are in breach of his confidentiality obligations under our Code and are especially inappropriate if he is wearing anything identifying him with First Marblehead (fleece, name badge, computer bag or other item).


		The First Marblehead Corporation		9

LOGO

Protecting Information

Consumer Information

We are all required to comply with the privacy policy applicable to the customer relationships that we facilitate. In addition, federal and state law and contract requirements impose strict rules protecting consumer information.

All consumer data is confidential. Individual department policies define personnel who are authorized to access consumer data, and only authorized personnel with a need to know are permitted access.

Unauthorized access to consumer data is prohibited. Consumer data may only be used and disclosed to third parties in accordance with applicable law and applicable contractual requirements and restrictions.

All consumer data, such as personal data provided to us by or about loan applicants and borrowers, must be safeguarded against unauthorized access in accordance with our Information Security Policy. If you have any questions concerning access to, use of, or safeguarding of consumer data, contact our Chief Risk Officer.

Company information

Proprietary and confidential information is generally not available to the public and includes internal business information, such as contract documentation, business processes, and corporate strategies and plans.

We must maintain the confidentiality of proprietary and confidential information entrusted to us by the Company or other companies, including our suppliers and clients, except when disclosure is authorized by a manager or is legally mandated.

Unauthorized disclosure of any proprietary or confidential information is prohibited. In addition, you should take appropriate precautions to ensure that confidential or sensitive business information, whether it is proprietary to us or another company, is not communicated within the Company except to authorized personnel or outside parties who need this information for legitimate business purposes.

You may find yourself in a position where a third party asks you for information concerning the Company. You must not discuss internal Company matters with anyone outside the Company, except as required in the performance of your duties and after a confidentiality agreement is in place. You must use the Company’s assets only for legitimate business purposes and not use them for any personal benefit or for the benefit of any third party.

If you are unsure whether or not you should share information with a third party, contact your manager or the General Counsel for guidance.

Client information

We are all responsible for protecting the confidentiality and security of our clients’ proprietary and confidential information. Unauthorized disclosure of client information to third parties, or internal parties not having a need to know the information, is prohibited. We must take care to safeguard client information and to ensure that client information is communicated within the Company only to the extent that employees, officers or directors with a need to know are able to perform their duties. This obligation continues even after our employment with the Company ends.


		The First Marblehead Corporation		10

LOGO

Protecting Information

Send requests for company information to Investor Relations

To further protect the Company’s information and make certain that it is released to the public in a manner that is both accurate and consistent, only designated spokespersons may communicate with the public on behalf of the Company. This applies particularly to requests from the media, market professionals (including securities analysts, institutional investors, investment advisors, brokers and dealers) and security holders.

If you receive any requests, you must decline to comment and refer the inquirer to Investor Relations: 800-895-4283 or info@fmd.com

Our employees’ personal information deserves protection too

Just as we are committed to maintaining the privacy and confidentiality of our Company and client information, we are also committed to maintaining the privacy and confidentiality of our employees’ personal information. Employment information or medical records must not be shared or discussed inside or outside of the Company except as authorized by the employee or officer or as is required by law. Within the Company access must be limited only to those who have a substantial and legitimate need to know the information or who require information due to legal process.


		The First Marblehead Corporation		11

LOGO

Gifts and Entertainment

Before accepting a gift, check the guidelines

In the course of our work with clients and to build or strengthen good working relationships, it may be acceptable to give gifts or entertainment to, or accept gifts or entertainment from, suppliers, vendors or business partners. However, good judgment, discretion and moderation should always be guides in these situations. We may never solicit, accept or give gifts or entertainment that may influence or be perceived to influence business decisions.

You must not accept, or permit any member of your immediate family to accept any gifts or gratuities from any client, supplier, vendor or other person doing or seeking to do business with the Company, other than items of insignificant value (<$50 in total from anyone in any calendar year).

Any gifts you receive that are of significant value (>$50) should be returned immediately and reported to your manager and the General Counsel. If immediate return is not practical, the gift should be given promptly to the Company for charitable donation or such other disposition as the Company believes appropriate.

If you are unsure about whether a gift or specific event is in compliance, please ask your manager or a member of the Code of Conduct Committee for guidance.

Q	A vendor has offered Tim two tickets to a Celtics playoff game. The vendor cannot make the game but told Tim to take a friend and enjoy himself. Can Tim accept the tickets?

A	No. Since the vendor is not accompanying Tim to the game, the tickets are really a gift and not business entertainment. The Company limit for accepting gifts without approval is less than $50. Tim cannot accept the tickets.


		The First Marblehead Corporation		12

LOGO

Gifts and Entertainment

Before you give to others, consider how it may be perceived

Gifts, gratuities or other favors from you to clients, suppliers, vendors or other persons doing or seeking to do business with us that are of insignificant value (<$50 in total to anyone in any calendar year) are permitted if made in compliance with the terms of this paragraph.

All gifts, gratuities or other favors of significant value (>$50 in total to any party in any calendar year) from you to clients, suppliers, vendors or other persons doing or seeking to do business with us are prohibited unless approved in advance by the General Counsel.

Bribes, kickbacks, and other fraudulent activities are criminal acts, prohibited by law. You must not offer, give, solicit or receive any form of bribe or kickback or tolerate fraudulent acts anywhere in the world where we conduct business.

All gifts, gratuities or other favors, regardless of value, are prohibited if:

•

not made in compliance with applicable law and our Code or policies to which the recipient may be subject, or

•

given in consideration or expectation of any action by the recipient, or

•

given to government officials.

Requests for exceptions should be submitted to the General Counsel.

What’s reasonable (<$50)

•

A bottle of wine of reasonable value from a client or vendor

•

Tickets to a local sporting or cultural event with a value of less than $50

•

An unsolicited gift of modest value given by a vendor

•

Modest gifts of gratitude or to acknowledge personal events such as weddings, births or anniversaries

What’s excessive (>$50)

•

A case of fine wine

•

Front row tickets to a professional sports team playoff game

•

A golf outing which includes tee time, hotel and other accommodations

•

Cash, gift cards or other stored value products that are similar to cash

•

A lavish gift, such as a leather briefcase, fine jewelry or art


		The First Marblehead Corporation		13

LOGO

Fair Dealing and Conflicts of interest

We are committed to dealing fairly with other businesses

Our actions in the marketplace define who we are as a company. We support vigorous yet fair competition. We not only have a responsibility to the regulatory, client and shareholder communities, but we also have an obligation to deal fairly and responsibly with our suppliers and competitors.

Fair dealing requires that we recognize and strive for the highest standards of honesty and integrity in the business community. We concentrate on anticipating and satisfying the needs of our clients and customers. While we will vigorously compete in the marketplace each and every day, we will not seek to restrict the competitive opportunities of our rivals in any way that may be considered deceitful or unethical.

Avoid conflicts of interest

A “conflict of interest” is defined as engaging in an activity in which you have a personal interest that intersects with or interferes with the interests of the Company. A conflict of interest can arise whenever you take action or have an interest that prevents you from performing your duties and responsibilities honestly and objectively.

You must act in the best interests of the Company and may not engage in any activity or have a personal interest, like a substantial financial investment, that presents a conflict of interest. For these reasons you may not perform services as a consultant, employee, officer, advisor or in any other capacity for, or have a financial interest in, a competitor of the Company, other than services performed at our request, a financial interest representing less than one percent (1%) of the outstanding shares of a publicly-held company or as may otherwise be approved by our Board of Directors.

Mike runs a small home business selling magazine subscriptions. He does most of his work on weekends and it in no way conflicts with his performance at work. Recently, Mike has been eating lunch at his desk and using his First Marblehead computer to process pending orders. The Code says limited personal use of Company equipment is OK. Is this limited activity acceptable?

No. Under our Code, engaging in any activity which potentially interferes with the interests of the Company presents a conflict of interest. Our Company’s digital resources are used for business purposes, and personal use, especially in today’s resource and content rich website environment, does strain the system. Mike must run his “home” business from home.

In addition, no one may use his or her position with our Company to influence a transaction with a supplier or client in which such a person, or an immediate family member, has any personal interest, other than a financial interest representing less than one percent (1%) of the outstanding shares of a publicly-held company.

You are responsible for immediately disclosing any material transaction, or personal or financial relationship that might reasonably be expected to create a conflict of interest to the General Counsel. If you are a senior manager, you are also responsible for reporting such a transaction or relationship to the Board of Directors, which will be responsible for determining whether the transaction or relationship constitutes a conflict of interest.


		The First Marblehead Corporation		14

LOGO

Compliance with the Law

In addition to the regulatory requirements regarding the disclosure of Company financial information, we are also subject to federal, state and local laws that govern the way we do business. You are expected to use good judgment and common sense in complying with all applicable laws, rules and regulations. If you are in doubt, ask for advice and guidance from your manager, General Counsel or the Chief Risk Officer.

Inside Information and insider trading

In the course of your employment with us, you may come into possession of inside information. - Inside information || is non-public information about the Company or other companies with which we have a relationship that, if publicly disclosed, might be of use to our competitors, or otherwise harmful to us or our clients. Material inside information about a company is inside information that would be considered important by a reasonable investor in determining whether to buy, sell or hold securities of that company. Information concerning any of the following subjects, or our plans with respect to any of these subjects could be considered to be material inside information:

•

our revenues or earnings

•

our capital markets activities

•

a new product offering or a significant development with regard to an existing one

•

the establishment, modification or termination of agreements with business partners or strategic partners

•

the loss of, delay or gain of a significant contract regarding our clients

•

a merger or acquisition involving us

•

a change in our control or a significant change in our management

•

a change in or dispute with our auditors

This list is illustrative only. There are many other circumstances that could give rise to material inside information.

Q	Stephen knows about a potential business development that will likely make our Company’s stock price rise. He knows that he cannot trade on this information but wants to tell his friend this information and encourage him to buy shares of the Company’s securities. Can Stephen do this?

No. The potential business development is considered material nonpublic information. If Stephen shares this information with his friend, he would be engaging in tipping, which violates our Code and the Company’s Insider Trading Policy. Stephen and his friend might also be subject to criminal penalties for violating insider trading laws.

If you have material inside information about us or other companies, including our suppliers and clients, as a result of their relationship with us, you are prohibited by law and Company policy from trading in our securities or those of other such companies, as well as communicating such information to others who might trade on the basis of that information.

Buying, selling or tipping (disclosing inside information to someone who trades a security based on the information you provided) violates not only our policy but the laws of many countries. Violations may carry both civil and criminal penalties for those involved. If you are in doubt, ask for guidance from your manager, the General Counsel or the Chief Risk Officer.


		The First Marblehead Corporation		15

LOGO

Respect for the Individual

We should respect and value one another

We strive to maintain a workplace that allows everyone to contribute at the highest level in an atmosphere that fosters growth and innovation. In our daily decisions and actions, we should all be responsible for maintaining a workplace that is free of harassment and discrimination and that promotes respect for individuals.

We make employment, pay and promotion decisions without regard to race, color, religion, gender, age, national origin or ancestry, sexual orientation or other protected class status. The Company is committed to full compliance with all anti-discrimination laws, including state and federal laws against discrimination and harassment in employment, the Americans with Disabilities Act and the guidelines under the Massachusetts Commission Against Discrimination and the Equal Employment Opportunity Commission. (Please refer to the First Marblehead Employee Handbook for additional information on your rights under these laws.)

Harassment and discrimination are not tolerated

We are committed to maintaining a workplace that is free of harassment and discrimination. - Harassment || includes offensive behavior that interferes with another individual’s work environment or that has the purpose or effect of creating an intimidating or hostile work environment. Harassment may include conduct done physically or verbally, or done in person or by other means. It may also include conduct that is sexual in nature or otherwise inappropriate. To that end, we are committed to upholding the existing laws regarding sexual harassment and equality of employment opportunities. We will not tolerate retaliation against an individual who reports sexual or other forms of harassment or discrimination. Retaliation is unlawful.

Q	Linda feels harassed by her manager, Justin. He frequently makes improper comments about her appearance when alone, making her uncomfortable. Linda has told Justin his comments bother her on more than one occasion, but he has not changed or stopped the behavior. What should she do?

A	Linda should report Justin’s conduct to Human Resources or a member of the Code of Conduct Committee immediately. Justin’s actions are unwanted and violate the Code and our Company’s policy against harassment. The harassing behavior will not be tolerated.

“Sexual harassment” is defined by Massachusetts law as requests for sexual favors, and other verbal or physical conduct of a sexual nature when submission to or rejection of such advances, requests or conduct is made either explicitly or implicitly a term or condition of employment or as a basis for employment decisions; or when such advances, requests or conduct have the purpose or effect of unreasonably interfering with an individual’s work performance by creating an intimidating, hostile, humiliating, or sexually offensive work environment. Discrimination on the basis of sex includes, but is not limited to, sexual harassment.

We will investigate all complaints of sexual or other harassment and take appropriate disciplinary or corrective action when necessary. For further information on how to initiate a complaint or investigation, please see the First Marblehead Employee Handbook, or call the HOTLINE.


		The First Marblehead Corporation		16

LOGO

Workplace Policies

Employee Safety and Health

Our greatest asset is you, so we are committed to the highest standards of your safety and protection. In addition to maintaining a harassment-free environment, we are also committed to a drug- and violence-free workplace.

Workplace violence includes intimidation, threats, physical attack or property damage directed at a fellow employee, officer or director. Anyone who engages in these behaviors may be subject to disciplinary action up to and including termination.

No illegal drugs or alcohol on the job. In addition, the Company is committed to fostering the health and well-being of all of us. That commitment is jeopardized when someone uses illegal drugs or alcohol on the job, comes to work with these substances present in his or her body or possesses, sells or distributes drugs in the workplace.

It is a violation of our policy and our Code for anyone to possess, sell or trade or offer for sale illegal drugs or otherwise engage in the illegal use of drugs, intoxicants or alcohol on the job. Anyone who engages in the behaviors outlined may be considered in violation and may be subject to disciplinary action, up to and including termination.

Report violence promptly:

If you know of actual or potential workplace violence, call or e-mail the HOTLINE. If you believe someone is in immediate danger dial 911 and contact building security:

Medford Security: (781) 396-2559

Prudential Security: (617) 236-3114

Political activities and contributions

You are encouraged to exercise your rights as voters and citizens. However, political activity must take place on your own time and you may not use Company resources or assets directly or indirectly for any political activities, except as otherwise approved by the Board of Directors or in connection with your job responsibility. You may not allow your status as an employee or officer to be used in support of a particular political candidate or issue, except if approved by the Board of Directors or in connection with your job responsibilities.

In addition, you may not pressure, either directly, or indirectly, employees, officers or directors to make political contributions or to participate in support of a political party, issue or candidate. Finally, corporate funds or assets may not be used to support a political party, an elected official or the campaign of any candidate for local, state or federal elected office.


		The First Marblehead Corporation		17

LOGO

Workplace Policies

Responsible use of e-mail and the internet at work

Systems facilitating access to e-mail and the internet are Company resources that are provided primarily for business use, so you need to exercise good judgment in using these assets. All e-mails and documents residing on Company systems are the property of the Company and employees, officers and directors should have no expectation of privacy.

Any use of e-mail or internet access for inappropriate purposes, including gaining access to pornographic or other unsuitable websites, is strictly prohibited. In addition, employees, officers and directors are legally responsible for their blog and social network postings and may be subject to liability if contents are found to be defamatory, harassing or in violation of any applicable law. It is expected that e-mail, internet, and social media usage is business appropriate and is in compliance with the Information Security Policy.

Working together to protect the environment

We are firmly committed to protecting the environment. We comply with all applicable environmental laws and regulations, as well as any guidelines set forth by the Company. Our commitment means that we must operate with respect for the environment by working to minimize environmental hazards, conserve and protect natural resources, and manage our energy usage.

We encourage individuals to do their part too. We should recycle, turn off lights and computers when they are not in use, and take public transportation whenever possible. If you have ideas, please share them with your manager or e-mail: facilitiesgroup@fmd.com.

Samantha notices that several individuals who sit near her regularly play games and watch movies on their Company computers. She finds out that some of the websites these individuals are accessing are restricted and should be blocked by the Company’s internet filtering tools. When testing access to these websites from her work computer, Samantha was redirected and received a message saying the websites were blocked. What should Samantha do?

Samantha should report her concerns to her manager or any member of the Code of Conduct Committee and she can choose to do so confidentially. The situation will be investigated. If it is determined that individuals intentionally bypassed security controls allowing them access, they will be disciplined. Further, any retaliation against Samantha for reporting this information will not be tolerated.


		The First Marblehead Corporation		18

LOGO

Supporting Our Code of Conduct

We have to work together to uphold the Code

Our Code not only outlines our operating responsibilities and guidelines; it is an agreement that we share about the ethics and values which guide our business actions and decisions. We are all responsible for upholding and enforcing it.

If you develop any questions or concerns about ethical behavior or potentially fraudulent activities in our workplace we encourage you to raise them or report them.

Waivers of the Code

While most of the requirements contained in our Code must be strictly adhered to, in some cases exceptions may be possible. If you believe that an exception to any of these requirements may be appropriate, you should first contact your manager. If your manager agrees that an exception is appropriate, the written approval of the General Counsel must then be obtained. The General Counsel is responsible for maintaining a record of all requests for exceptions to any of these requirements and the disposition of the requests.

Any executive officer who seeks an exception to any of these requirements should contact the General Counsel. Any waiver of our Code for executive officers must be made only by the Board of Directors of the Company and will be disclosed as required by the law or regulation.

As First Marblehead employees, we agree:

•

To prepare and maintain accurate business and financial reports

•

Not to mislead or inappropriately influence auditors or regulators

•

To protect the confidential information and intellectual property of our company, clients and partners and to keep private consumer information secure

•

Not to give or accept inappropriate gifts (generally gifts of >$50 per year)

•

To use company resources - especially e-mail and internet - only for appropriate purposes

•

To deal fairly with business partners, vendors and competitors

•

Not to engage in insider trading or any other illegal activities

•

To maintain a safe workplace


		The First Marblehead Corporation		19

LOGO

Contact Information

Code of Conduct Committee Member = (M)

Bill Baumer (M)

Managing Director & Chief Risk Officer

The First Marblehead Corporation

800 Boylston Street, 34th Floor

Boston, MA 02199-8157

(617) 638-2093

wbaumer@fmd.com

Suzanne Murray (M)

Managing Director & General Counsel

The First Marblehead Corporation

800 Boylston Street, 34th Floor

Boston, MA 02199-8157

(617) 638-2137

smurray@fmd.com

Jo-Ann Burnham (M)

Managing Director, Human Resources

The First Marblehead Corporation

800 Boylston Street, 34th Floor

Boston, MA 02199-8157

(617) 638-2005

jburnham@fmd.com

Ken Klipper (M)

Managing Director & Chief Financial Officer

The First Marblehead Corporation

800 Boylston Street, 29th Floor

Boston, MA 02199-8157

(617) 638-2163

kklipper@fmd.com

Daniel Meyers

Chairman & Chief Executive Officer

The First Marblehead Corporation

800 Boylston Street, 34th Floor

Boston, MA 02199-8157

(617) 638-2001

dmeyers@fmd.com

Peter Drotch

Chairman – Audit Committee

The First Marblehead Corporation Board of Directors

800 Boylston Street, 34th Floor

Boston, MA 02199-8157

(508) 872-6647

pdrotch@comcast.net

Outside Counsel

Wilmer Cutler Pickering Hale and Dorr LLP

60 State Street

Boston, MA 02105

(617) 526-6000

Attention: Susan Murley, Esquire

Questions?

If you have questions or suggestions related to our Code, first discuss it with your manager, or you can contact anyone on the Code of Conduct Committee.

See page 6 for an overview of the reporting process.

You can choose to submit your concern anonymously and there will be no retaliation for making a report. Disciplinary action will only be taken if it is determined that the report was made with the prior knowledge that it was false information.

The Code of Conduct is available online via Reference Online.

Hard copies of the Code are available from the Chief Risk Officer upon request.


		The First Marblehead Corporation		20

Exhibit H: TransUnion Addenda

AMENDED AND RESTATED AGENT ADDENDUM TO THE TRANSUNION

MASTER SERVICES AGREEMENT FOR CONSUMER REPORTING AND ANCILLARY SERVICES

This Amended and Restated Agent Addendum (“Addendum”), effective the 28^th day of June, 2012 (the “Effective Date”), by and between Trans Union LLC, with its principal place of business located at 555 West Adams, Chicago, Illinois 60661 (“TransUnion”), and SunTrust Bank, with its principal place of business located at 303 Peachtree Street, Atlanta, GA 30308 (“SUBSCRIBER”), supersedes and replaces that certain Agent Addendum to the TransUnion Master Services Agreement for Consumer Reporting and Ancillary Services entered into by the parties and First Marblehead Education Resources as of July 15, 2010 (the “2010 Addendum”),which modified the terms of the Master Agreement for Consumer Reporting and Ancillary Services entered between TransUnion and SUBSCRIBER on or about August 26, 2003 (the “MSA”).

RECITALS

WHEREAS, SUBSCRIBER and its agent, First Marblehead Education Resources (“Agent”), have entered into an agreement for the purpose of conducting those loan origination projects more fully described in Exhibit A (collectively, the “Projects”);

WHEREAS, the Projects require TransUnion to disclose Services and Services Information directly to Agent on behalf of SUBSCRIBER; and,

WHEREAS, SUBSCRIBER desires TransUnion disclose such Services and Services Information directly to Agent on its behalf, and TransUnion has agreed to such disclosure, subject to the terms contained in both the MSA and this Addendum.

NOW, THEREFORE, in exchange for the mutual promises and covenants contained herein, and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties hereto agree as follows:

1.	The forgoing Recitals are hereby incorporated by reference as a material part of this Addendum.

2.	Capitalized terms not defined herein shall have the definition ascribed in the MSA.

3.	SUBSCRIBER hereby appoints Agent its agent with all necessary authority to request and receive Services and Services Information from TransUnion.Moreover, SUBSCRIBER hereby requests TransUnion to disclose Services and Services Information to Agent on its behalf.

4.	SUBSCRIBER hereby represents to TransUnion that it has entered into a written agreement with Agent containing obligations and restrictions consistent with its obligations and restrictions under the MSA.

5.	TransUnion, subject to the terms of the MSA and this Addendum, agrees to disclose Services and Services Information to Agent on behalf of SUBSCRIBER.

SUBSCRIBER shall at all times be responsible for compliance with, and any violation of, the terms, certifications, obligations and restrictions as set forth in the MSA with respect to Services and/or Services Information disclosed to Agent, including, but not limited to, those terms related to compliance with laws, security, and one-time use for SUBSCRIBER’s sole benefit for the permissible purpose certified at the time of the request for Services. Moreover, and without regard to any cap on liability set forth in the MSA, SUBSCRIBER shall defend, indemnify and hold TransUnion harmless

from and against any and all claims, expenses, costs, damages, settlements, judgments or awards, including attorney’s fees, directly or indirectly resulting from, or alleged to have directly or indirectly resulted from, disclosure hereunder.

SUBSCRIBER authorizes, and TransUnion agrees, that for any Services and/or Services Information accessed by its Agent, TransUnion will invoice SUBSCRIBER care-of TransUnion’s billing agent, the San Antonio Retail Merchants Association (“SARMA”), at a rate previously agreed upon by TransUnion and SARMA. TransUnion shall cause SARMA to promptly forward such invoices as directed by Subscriber.

TransUnion recognizes the confidential nature of the information contained in the TransUnion invoice(s) and shall cause SARMA to keep all information in any way related to the TransUnion invoice(s) in confidence,and not use, or disclose to third parties, such information except for purposes of this Addendum. Moreover, TransUnion shall, and shall cause SARMA to, limit the disclosure of such information inside its organization to employees having a need to know.

9.	All notices and correspondence required under the Addendum shall be sent to the Parties at the following addresses. Either party may change such name and address by notice to the other in accordance herewith. Any such change shall take effect immediately upon receipt of such notice.


If to TransUnion: TransUnion LLC 555 West Adams Chicago, IL 60661 Attn: General Counsel

If to SunTrust: SunTrust Bank 1001 Semmes Avenue Mail Code CS-RVW-7900 Richmond, VA 23224 Attn: Mark Smith, Executive Vice President		With a copy to: SunTrust Bank Legal Department 303 Peachtree St., NE - 36^th Floor Atlanta, GA 30308

10.	All terms of the MSA are incorporated into this Addendum. In the event of a conflict between any of the terms of this Addendum and those of the MSA, the terms of this Addendum shall govern. The remaining terms of the MSA shall at all times remain in full force and effect.

11.	This Addendum shall be coterminous with the MSA unless earlier terminated by SUBSCRIBER in accordance with the termination provisions contained in the MSA or by TransUnion upon written notice to SUBSCRIBER.

12.	For the avoidance of doubt, upon execution of this Addendum, the 2010 Agent Addendum shall be terminated in full, and all terms and conditions contained in the 2010 Agent Addendum shall be rendered null and void.

IN WITNESS WHEREOF, the parties, intending to be legally bound, have caused this Addendum to be executed by their duly authorized representatives as of the Effective Date.


TransUnion LLC		SunTrust Bank

By:	/s/ Steve Sassaman	By:	/s/ David N. Braxton

	Steve Sassaman, EVP		David N. Braxton, SVP

	Name and Title of Signer		Name and Title of Signer

	06/28/2012		06/29/2012
	Date Signed		Date Signed

Schedule A

Project Description:

1. Custom Choice Loan^sm Student Loan Origination

2. Private Student Loan Consolidation Origination

All SUBSCRIBER orders placed hereunder shall be made under the following TransUnion Subscriber Code: .

AMENDED AND RESTATED AGENT ADDENDUM

AGENT SERVICE ADDENDUM TO THE FICO SCORE SERVICES AGREEMENT

This Amended and Restated Agent Service Addendum (the “Addendum”), effective the 28^th day of June, 2012(the “Effective Date”), by and between Trans Union LLC, with its principal place of business located at 555 West Adams, Chicago, Illinois 60661 (“TransUnion”), Fair Isaac Corporation, with its principal place of business located at 901 Marquette Avenue Suite 3200 Minneapolis, MN 55402 (“FICO”), SunTrust Bank, with a place of business located at 1001 Semmes Avenue, Richmond, Virginia 23224 (“SUBSCRIBER”), and First Marblehead Education Resources, Inc.with its principal place of business located at One Cabot Road, Medford, Massachusetts 02155(“Agent”), supersedes and replaces the Agent Service Addendum to the Fair Isaac Score Services Agreement entered into by the parties as of July 15, 2010 (the “2010 Agent Addendum”) which modified the terms of the Agreement for Fair Isaac Score Services entered between TransUnion, FICO and SUBSCRIBER on or about July 15^th, 2010(the “FICO Agreement”) as more fully explained herein.

RECITALS

WHEREAS, SUBSCRIBER and Agent have entered into an agreement for the purpose of conducting those loan origination projects more fully described in Exhibit A (collectively, the “Projects”);

WHEREAS, the Projects requires TransUnion to disclose FICO Score Services directly to Agent on behalf of SUBSCRIBER; and,

WHEREAS, SUBSCRIBER desires TransUnion disclose such FICO Score Services directly to Agent, and TransUnion and FICO have agreed to such disclosure, subject to the terms contained in both the FICO Agreement and this Addendum.

The forgoing Recitals are hereby incorporated by reference as a material part of this Agreement.

Capitalized terms not defined herein shall have the definition ascribed in the FICO AGREEMENT.

SUBSCRIBER hereby appoints Agent its agent with all necessary authority to request and receive from TransUnion, FICO Score Services. Moreover, SUBSCRIBER hereby authorizes TransUnion to disclose FICO Score Services to Agent.

SUBSCRIBER shall at all times be responsible and ensure Agent’s compliance with the terms and conditions of the FICO AGREEMENT. Additionally SUBSCRIBER hereby represents to TransUnion and FICO that it has entered into a written agreement with Agent containing obligations and restrictions consistent with its obligations and restrictions under the FICO AGREEMENT. SUBSCRIBER further agrees to enforce such obligations and restrictions against Agent to the satisfaction of TransUnion and

Page 1 of 5

FICO, and to immediately notify TransUnion and FICO upon the discovery of any violation of such obligations and restrictions by Agent. In the event SUBSCRIBER fails to enforce said obligations and restrictions to TransUnion’s and/or FICO’s satisfaction, SUBSCRIBER hereby agrees to assign to FICO all such enforcement rights against Agent.

TransUnion and FICO, subject to the terms of the FICO AGREEMENT and this Addendum, agree todisclose FICO Score Services to Agent on behalf of SUBSCRIBER.

Agent certifies that it will request and use any information provided as part of the FICO Score Services in compliance with the terms and conditions of the FICO AGREEMENT and only on behalf of SUBSCRIBER. Agent further certifies that it will limit the disclosure of FICO Score Services to those individuals inside its organization with a “need to know”, and that it will not disclose such information to any third party other than the SUBSCRIBER.

SUBSCRIBER and Agent shall at all times be responsible for compliance with, and any violation of, the terms, certifications, obligations and restrictions as set forth in the FICO AGREEMENT with respect to the FICO Score Services disclosed to Agent, including, but not limited to, those terms related to compliance with laws and security. Moreover, and without regard to any cap on liability set forth in the FICO Agreement, SUBSCRIBER and Agent shall jointly and severally defend, indemnify and hold FICO harmless from and against any and all claims, expenses, costs, damages, settlements, judgments or awards, including attorney’s fees, directly or indirectly resulting from, or alleged to have directly or indirectly resulted from, disclosure hereunder.

SUBSCRIBER authorizes, and TransUnion agrees, that for any Services and/or Services Information accessed by its Agent, TransUnion will invoice SUBSCRIBER care-of TransUnion’s billing agent, the San Antonio Retail Merchants Association (“SARMA”) at a rate previously agreed upon by TransUnion and SARMA. TransUnion shall cause SARMA to promptly forward such invoices as directed by SUBSCRIBER.

TransUnion recognizes the confidential nature of the information contained in the TransUnion invoice(s) and shall cause SARMA to keep all information in any way related to the TransUnion invoice(s) in confidence, and not use,or disclose to third parties,such information, except for purposes of this Addendum.Moreover, TransUnion shall, and shall cause SARMA to, limit the disclosure of such information inside its organization to employees having a need to know.

10.

All notices and correspondence required under the Addendum shall be sent to the Parties at the following addresses. Any party may change such name and address by notice to the other in accordance herewith. Any such change shall take effect immediately upon receipt of such notice.


TransUnion LLC		SunTrust Bank(Subscriber)
555 West Adams		1001 Semmes Avenue
Chicago, IL60661		Richmond, Virginia23224
Attn: General Counsel		Attn: W. Mark Smith
		Executive Vice President

Page 2 of 5

FMER

ATTN: Loan Originations

One Cabot Road

Medford, Massachusetts 02155

Attn: Managing Director

11.

All terms of the FICO AGREEMENT are incorporated into this Addendum and are expressly applicable to all orders hereunder. In the event of a conflict between any of the terms of this Addendum and those of the FICO AGREEMENT, the terms of this Addendum shall govern. The remaining terms of the FICO AGREEMENT shall at all times remain in full force and effect.

12.

This Addendum shall be coterminous with the FICO AGREEMENT unless earlier terminated by SUBSCRIBER in accordance with the termination provisions contained in the FICO AGREEMENT or by TransUnion or FICO upon written notice to SUBSCRIBER.

13.

Upon execution of this Addendum, the 2010 Agent Addendum shall be terminated in full, and all terms and conditions contained in such addendum shall be rendered null and void.

[Signatures appear on next page.]

Page 3 of 5

IN WITNESS WHEREOF, the parties, intending to be legally bound, have caused this Addendum to be executed by their duly authorized representatives as of the Effective Date.


Trans Union LLC		SunTrust Bank
for itself and Fair Isaac Corporation

By:	/s/ Steve Sassaman	By:	/s/ David N. Braxton

	Steve Sassaman, EVP		David N. Braxton, SVP

	Name and Title of Signer		Name and Title of Signer

	06/28/2012		06/29/2012
	Date Signed		Date Signed

First Marblehead Education Resources, Inc.

By:	/s/ David Pelkey

	David Pelkey, Managing Director

	06/28/2012
	Date Signed

Page 4 of 5

Schedule A

Project Description:

1. Custom Choice Loan^SM Student Loan Origination

2. Private Student Loan Consolidation Origination

Page 5 of 5

Addendum for Access via TransUnion Direct

This Addendum for Access via TransUnion Direct (FKA TransUnion DeskTop) (“Addendum”) is part of one or more addendums to service agreements in effect between the parties related to Subscriber’s private educational lending programs (“Subscriber Private Loan Programs”) listed on the attached Exhibit B (“ Service Agreement Addendums”) and is executed this 27^th day of June, 2012 by and between TRANS UNION LLC (“TransUnion”) and SunTrust Bank (“Subscriber”).

WHEREAS, TransUnion and Subscriber have entered into the Service Agreement Addendums pursuant to which TransUnion is providing, to Subscriber, certain of the TransUnion services related to Subscriber Private Loan Programs (“TransUnion Services”) which TransUnion makes or may make available through TransUnion Direct; and

WHEREAS, TransUnion has developed and/or licensed a system for providing access to such TransUnion Services via the Internet (“TransUnion Direct”); and

WHEREAS, TransUnion has developed a website for allowing Subscribers to administer and manage TransUnion Direct access for its users (“Administration Site”); and

WHEREAS, Subscriber desires (a) to utilize TransUnion Direct to receive those TransUnion Services for which Subscriber currently has a Service Agreement with TransUnion to receive and (b) to utilize the Administration Site to manage Subscriber access to TransUnion Direct.

NOW, THEREFORE, in consideration of the foregoing and the promises and mutual covenants set forth herein, the parties agree as follows:

1.	Recitals. The recitals set forth above are an integral part of this Addendum and are hereby incorporated herein.

2.	Term and Termination.

2.1

This Addendum shall commence on the last signature date below (the “Effective Date”) and shall be coterminous with each of the Service Agreement Addendums and, for each TransUnion Product, shall automatically terminate upon expiration or termination of the associated Service Agreement. The foregoing notwithstanding, this Addendum shall automatically terminate for all TransUnion Services in the event the Certificate(s), (as defined below), is/are elected and not renewed. Moreover, this Addendum may be terminated by either party upon thirty (30) days’ prior written notice to the other party.

2.2

Without limiting any other remedies to which TransUnion may be entitled including, but not limited to, injunctive relief, TransUnion reserves the right to immediately terminate this Addendum if TransUnion, in good faith, determines that (1) Subscriber has materially breached any of its obligations under this Addendum and/or any Service Agreement; (2) the requirements of any law, regulation, or judicial action have not been met; or (3) as a result of changes in laws, regulations or regulatory or judicial action, the requirements of any law, regulation or judicial action will not be met. TransUnion shall promptly provide written notification to Subscriber of such action.

2.3

Survival. With the exception of the license granted to Subscriber, set forth below, and TransUnion’s obligation to provide TransUnion Services via TransUnion Direct under the terms and conditions of this Addendum, all provisions of this Addendum shall survive any such termination of this Addendum. Moreover, any such termination shall not relieve Subscriber of any fees or other payments due to TransUnion through the date of any such termination nor affect any rights, duties or obligations of either party that accrue prior to the effective date of any such termination.

3.	License.

3.1

TransUnion hereby grants to Subscriber a time-limited, revocable, non-exclusive, non-transferable license to use TransUnion Direct, and all other documentation and other related materials provided to Subscriber under this Addendum, solely for the purpose of receiving TransUnion Service via the Internet and solely for those TransUnion Services for which Subscriber is entitled to receive by virtue of the Service Agreement(s). Title to TransUnion Direct including, without limitation, all documentation and other related materials, shall at all times vest exclusively in TransUnion. TransUnion reserves all rights not explicitly granted to Subscriber under this Addendum.

3.2	Subscriber shall not attempt, directly or indirectly, to reverse engineer, decompile, or disassemble TransUnion Direct, any software, related documentation, nor any confidential or proprietary criteria developed or used by TransUnion relating to TransUnion Direct.

3.3

In addition, Subscriber’s access to stored data on TransUnion Direct is subject to Subscriber’s contractual obligations and all applicable legal requirements under the FCRA, including the FCRA Subscriber certification provided upon initial request of the data. The data is intended for Subscriber’s exclusive use and may be used for no other purpose except as defined by the FCRA.


January 16, 2009		Page 1 of 3

4.	Passwords, Digital Certificates and Security.

4.1

Subscriber shall designate an individual within Subscriber’s organization who shall administer and manage Subscriber access to TransUnion Direct through the Administration Site (“Company Administrator”). This initial Company Administrator may then designate other Company Administrators, administrators for each Subscriber location from which TransUnion Direct will be accessed (“Location Administrator(s)”), and Subscriber employees who are authorized to utilize TransUnion Direct (“User(s)”).

4.2

TransUnion Direct may only be utilized by Subscriber, through Subscriber’s TransUnion sales representative, after Subscriber applies for and obtains: (a) a TransUnion-supplied identification code (“User ID”) and associated password (“Password”) for the Company Administrator who Subscriber authorizes to utilize TransUnion Direct and the Administration Site; (b) a TransUnion-issued digital certificate (“Certificate”) for all Company and Location Administrators; and, optionally (c) a Certificate for each individual user of TransUnion Direct, which shall be downloaded onto a Subscriber personal computer (desktop and/or portable)/workstation/terminal from which Subscriber will utilize TransUnion Direct (“Workstation”). Minimally, all Users of TransUnion Direct must have a User ID and Password to utilize TransUnion Direct.

Digital Certificate Option Declination for Users. By initializing the box on the left, Subscriber hereby expressly declines to utilize the aforementioned Certificates for its Users to access TransUnion Direct. However, a Company or Location Administrator may change this Digital Certificate option through the Administration Site.

4.3

Company and Location Administrators shall be responsible for: (a) all tasks performed through the Administration Site; (b) the creation, assignment, and distribution to Users of their User IDs and temporary Passwords; (c) the issuance, management, and revocation of Certificates; (d) maintaining the security of the digital certificate administration URL; and (e) promptly disabling or terminating a User ID/Password or revoking a Certificate (e.g. Subscriber decision to no longer utilize TransUnion Direct via one or more Workstations, changes affecting a User (e.g. leave of absence or termination of employment) who has access to TransUnion Direct, or a breach of security).

4.4

Certificate Applications and License. In the event Certificates are elected by Subscriber, upon: (a) completion of the TransUnion Direct Registration Request Form attached as Attachment A and incorporated herein (“Application”); and (b) approval of the Application by TransUnion, TransUnion hereby grants Subscriber a limited, non-exclusive, non-transferable two (2) year license to use such Certificate(s) for the sole purpose of accessing the TransUnion Services via TransUnion Direct in accordance with the terms of this Addendum and each Service Agreement. In no event shall Subscriber use Certificates for any other purpose whatsoever including, but not limited to, in association with electronic transactions with third parties.

4.5

Downloading of Certificates. In addition, if Certificates are elected, then upon TransUnion’s approval of the Application and Subscriber’s payment of any applicable License Fees, TransUnion will supply access to the website where a Company or Location Administrator may download each Certificate onto a single Workstation. Moreover, a Company or Location Administrator may opt to allow Users, through the Administration Site, to download Certificates without Administrator assistance. Certificates are not transferable, and Subscriber shall not copy or otherwise transfer a Certificate from a Workstation without TransUnion’s prior written consent. The foregoing notwithstanding, without TransUnion’s prior written consent, Subscriber may transfer a Certificate from one Workstation to another Workstation solely in the event the original Workstation is being replaced. Subscriber understands that as certificates are licensed for only two (2) year periods, Subscriber must actively apply to TransUnion for renewal of each Certificate.

4.6

Security. Subscriber represents and warrants that it will use its best reasonable efforts to ensure that: (1) only authorized Users have access to TransUnion Direct through Workstations; (2) TransUnion Services obtained by Subscriber via TransUnion Direct are not accessible by unauthorized parties via Subscriber’s connection to the Internet or otherwise; (3) all Passwords are kept confidential and secure by such authorized Users (e.g., Subscriber shall ensure that Passwords are not stored on any Workstation nor other storage and retrieval system and/or media and that Internet browser caching functionality is not used to store Passwords); (4) each User ID and Password is used solely by the authorized User to whom such User ID and Password was issued; (5) all documentation and/or other materials provided by TransUnion to Subscriber under this Addendum is held in confidence by Subscriber (and accessible only to those Users who Subscriber has authorized to utilize TransUnion Direct); and (6) Certificates are only installed on Subscriber Workstations located at, or otherwise


January 16, 2009		Page 2 of 3

inventoried out of (in the case of portable Workstations), Subscriber’s location indicated on the Application or such other location (e.g., Subscriber employee home office) as may be mutually agreed upon by Subscriber and TransUnion.

4.6.1

In the event of any compromise of security involving User IDs, Passwords and/or Certificates, Subscribers shall immediately notify TransUnion.

DISCLAIMER OF REPRESENTATIONS AND WARRANTIES. THE PARTIES ACKNOWLEDGE THAT, BECAUSE TRANSUNION DIRECT IS ACCESSED VIA THE INTERNET WHICH IS AN OPEN NETWORK, NEITHER, TRANSUNION NOR ITS SUPPLIERS, CONTRACTORS, AND VENDORS, OF ANY TIER, MAKE ANY WARRANTIES OF ANY KIND WITH RESPECT TO TRANSUNION DIRECT; WITH RESPECT TO ANY AND ALL DOCUMENTS AND/OR OTHER MATERIALS PROVIDED TO SUBSCRIBER UNDER THIS ADDENDUM; WITH RESPECT TO LOSS OR CORRUPTION OF DATA; LOSS OF, OR DAMAGE TO, EQUIPMENT AND/OR SOFTWARE; SYSTEM RESPONSE TIMES, ACCESS DELAYS OR ACCESS INTERRUPTIONS; NOR COMPUTER VIRUSES, WHETHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. MOREOVER, IN NO EVENT SHALL TRANSUNION NOR ITS SUPPLIERS, CONTRACTORS, AND VENDORS, OF ANY TIER, BE HELD LIABLE IN ANY MANNER WHATSOEVER FOR ANY LOSS OR INJURY TO SUBSCRIBER, ARISING OUT OF OR FROM THIS ADDENDUM INCLUDING, BUT NOT LIMITED TO, ANY CONSEQUENTIAL, INCIDENTAL, DIRECT, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES INCURRED BY SUBSCRIBER REGARDLESS OF THE THEORY UPON WHICH SUCH DAMAGES ARE BASED AND EVEN IF TRANSUNION OR ITS SUPPLIERS, CONTRACTORS, AND VENDORS, OF ANY TIER, OR ANY ONE OR MORE OF THE FOREGOING PARTIES, HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. Subscriber shall have the right, and is encouraged by TransUnion, to maintain any other type of TransUnion-authorized connection to TransUnion for use in conjunction with the TransUnion Services and any other TransUnion services or services that Subscriber has purchased or licensed from TransUnion and which are not accessible via TransUnion Direct.

Indemnification. Subscriber shall indemnify and hold TransUnion harmless from any and all third-party claims, losses and damages, liability, and costs, including attorney’s fees, against, or incurred by, TransUnion to the extent such claims, damages, liability and costs result directly or indirectly from: (a) Subscriber’s negligence or intentional conduct; and/or (b) Subscriber’s breach of its obligations under this Addendum including, but not limited to, any breach which results in the unauthorized and/or non-permissible use of information obtained via TransUnion Direct under this Addendum.

Effect of Service Agreement Addendums. Except as otherwise explicitly provided for in this Addendum, the terms and conditions of the Service Agreement Addendums shall continue to be in full force and effect. In the event of a conflict between the terms of the Service Agreement Addendums and the terms of this Addendum, the terms of this Addendum shall control.

Limited Applicability. This Addendum shall apply solely to the services provided or made available by TransUnion to Subscriber related to Subscriber Private Loan Programs as described in the Service Agreement Addendums and shall not be construed to amend or become part of any other agreements in effect between TransUnion and Subscriber except to the extent applicable to the Subscriber Private Loan Programs. 9. Entire Agreement. THIS ADDENDUM INCLUDING ALL EXHIBITS CONSTITUTES THE ENTIRE AGREEMENT BETWEEN THE PARTIES HERETO AND SUPERSEDES ALL PREVIOUS AGREEMENTS AND UNDERSTANDINGS, WHETHER ORAL OR WRITTEN, EXPRESS OR IMPLIED, SOLELY WITH RESPECT TO THE SUBJECT MATTER OF THIS ADDENDUM. THIS ADDENDUM MAY NOT BE ALTERED, AMENDED, OR MODIFIED EXCEPT BY WRITTEN INSTRUMENT SIGNED BY THE DULY AUTHORIZED REPRESENTATIVES OF BOTH PARTIES.

WHEREAS, the parties hereto, intending to be legally bound, have caused this Addendum to be executed by their duly authorized representatives as of the last date and year written below. The parties hereto agree that a facsimile transmission of this fully executed Addendum shall constitute an original and legally binding document.

SunTrust Bank

Subscriber Name


Signature: /s/ David Braxton


Print Name: David Braxton


Title: SVP


Date: 06/29/2012

TRANS UNION LLC


Signature: /s/ Steve Sassaman


Print Name: Steve Sassaman


Title: EVP


Date: 06/27/2012


January 16, 2009		Page 3 of 3

LOGO


ATTACHMENT A				TransUnion Direct
				Registration Request Form

Company Name:

Date:

This Registration Request Form must be completed and signed jointly by both an existing TransUnion Subscriber and TransUnion sales representative or account manager. Only registration forms submitted by a TransUnion sales representative or account manager will be processed.

This Registration Request Form does not need to be completed and submitted for each Location requiring access to TransUnion Direct. The Company Administrator is to assign other Administrators and Users and their eligible subscriber codes (as needed) for each Location if TransUnion Direct will be accessed.


Initial Location name:	FMER

Location address:	One Cabot Road

City:	Medford	State:	MA	Zip code:	02155

Fax number:

Company Administrator



Company Administrator:		Carlin F. DeMello

Phone number:		781-658-5102

Email Address:		cdemello@fmd.com

Back-up Company Administrator (Recommended)



Company Administrator:		Marcos Marcal

Phone number:		781-658-5241

Email Address:		mmarcal@fmd.com

Company Subscriber Codes (List in order of most frequent usage)

*Default Subscriber Code



Market/Submarket:	3.	6.


*1, 1407B4109241	4.	7.


2.1407B4338138	5.	8.

Individual Digital Certificates

Digital Certificates Requested: Yes x No ¨

Thank You. Please return the completed form to your TransUnion Sales Representative.


Sales Rep’s Name:	Kathleen Harper

TransUnion Division:	Trans Union Financial Services

Phone number:	312-466-7846	Fax number:

E-mail address:	kharper@transunion.com	Mkt/submkt:

Company acct code: (Corporate Use Only)



Approved by:	/s/ David Braxton, SVP SunTrust Bank	Date:	06/27/2012
	Subscriber

Approved by:	/s/ Kathleen Harper	Date:	06/27/2012
	TransUnion Sales / Account Manager

EXHIBIT B

1. Amended and Restated Agent Addendum (“Addendum”), effective the day of June , 2012 (the “Effective Date”), by and between Trans Union LLC, with its principal place of business located at 555 West Adams, Chicago, Illinois 60661 (“TransUnion”), and SunTrust Bank, with its principal place of business located at 303 Peachtree Street, Atlanta, GA 30308 (“SUBSCRIBER”).

2. Amended and Restated Agent Service Addendum (the “Addendum”), effective the day of June , 2012 (the “Effective Date”), by and between Trans Union LLC, with its principal place of business located at 555 West Adams, Chicago, Illinois 60661 (“TransUnion”), Fair Isaac Corporation, with its principal place of business located at 901 Marquette Avenue Suite 3200 Minneapolis, MN 55402 (“FICO”), SunTrust Bank, with a place of business located at 1001 Semmes Avenue, Richmond, Virginia 23224 (“SUBSCRIBER”), and First Marblehead Education Resources, Inc. with its principal place of business located at One Cabot Road, Medford, Massachusetts 02155 (“Agent”)

Attached files

Stock widget

Investing forum

FIRST MARBLEHEAD CORP Reports

Also read