Skip to main content

Enterprise Risk & Compliance Solution Terms of Service 

 

The Prosight Enterprise Risk & Compliance Solution includes the following products and services: ProSight Learning Manager; ProSight Policy Manager; Prosight Enterprise Risk Manager; ProSight Business Risk Manager; ProSight Vendor Manager; ProSight Audit Manager; ProSight Board Manager; and the ProSight Content Service Portal.

 

PROSIGHT PROGRAMS

ProSight Financial Association (“ProSight”) is the organization formerly operating as BAI, following its merger with Risk Management Association (“RMA”).

Compliance

ProSight provides compliance and professional development training courseware to entities such as financial services organizations. ProSight’s compliance training is designed to assist Clients in meeting regulator training requirements as part of a Client’s comprehensive compliance program. The following are ProSight Compliance Programs:

“Banking Series” is ProSight’s Compliance library of courses and resources intended for all bank employees, and is focused on banking regulations, product information, human resources training, overall skills and responsibilities.

“Credit Union Series” is ProSight’s Compliance library of courses and resources intended for all credit union employees, and is focused on financial regulations, product information, human resources training, overall skills and responsibilities.

“Mortgage Series” is ProSight’s Compliance library of courses and resources intended for all mortgage organization employees, and is focused on financial regulations, product information, human resources training, overall skills and responsibilities.

“Nonbank Series” is ProSight’s Compliance library of courses and resources intended for all nonbank financial institution employees, and is focused on financial regulations, product information, human resources training, overall skills and responsibilities.

“Board of Directors Insight Series – Bank” is a library of courses that assist in compliance and training professionals to effectively facilitate institution-specific in-person training sessions for the Board of Directors. Courses cover regulatory information, examination and risk management issues for banks.

“Board of Directors Insight Series – Credit Union” is a library of courses that assist in compliance and training professionals to effectively facilitate institution-specific in-person training sessions for the Board of Directors. Courses cover regulatory information, examination and risk management issues for credit unions.

Professional Development

ProSight’s professional development training is designed to provide Clients an opportunity to enhance the skills of their employees as part of the financial services industry. The following are ProSight Professional Development Programs:

“Credit Risk Library” is a library of courses for developing high-performing C&I and commercial real estate lending employees. Courses cover small business, commercial lending, and commercial real estate, and provide analysts, lenders, business development officers, and seasoned employees with the tools they need to help institutions manage and grow its credit portfolio.

“Professional Skills Series” is ProSight’s professional development library of courses and resources intended for all employees, to enhance institutional day-to-day operations, help to build and maintain stronger customer relationships, and promote organizational leadership development.

“Leadership Innovation Library” is ProSight’s professional development library of courses and resources intended specifically for financial services leaders to meet the growing demands of a changing industry. These courses deliver practical information on how to lead innovation initiatives, case studies to guide successful projects and clear goals for success.

“Live Learning Library” is a professional development library of virtual instructor-led courses intended for analysts, lenders, business development officers, and related roles who are seeking to build and grow their skillsets to support commercial lending, small business lending, and commercial real estate lending.

“Private Class Subscription” is a professional development library of privately delivered virtual or in-person instructor-led courses intended for analysts, lenders, business development officers, and related roles who are seeking to build and grow their skillsets to support commercial lending, small business lending, and commercial real estate lending.

“Materials Library” is a professional development library of materials that can be taught at one’s institution by its own employees with subject matter expertise in the topical area. These materials are the same instructor-led materials used in our public and private classes, and are intended for analysts, lenders, business development officers, and related roles who are seeking to build and grow their skillsets to support commercial lending, small business lending, and commercial real estate lending.

“Commercial & Industrial (C&I) Diagnostic Bundle” is a pairing of the C&I diagnostic assessments — objective, industry-developed tools to identify skill gaps — with related remediation training found in our flagship self-directed eLearning curriculum known as The Lending Decision Process.

“Commercial Real Estate (CRE) Diagnostic Bundle” is a pairing of the CRE diagnostic assessments — objective, industry-developed tools to identify skill gaps — with related remediation training found in our highly regarded self-directed eLearning curriculum known as The Commercial Real Estate Lending Decision Process.

“Credit Risk Certification” is a professional designation for credit and lending professionals. It demonstrates a commitment to the credit risk industry and a high level of industry knowledge. Those that earn this distinguished credential must maintain it by earning a minimum number of continuing education credits every three years.

ProSight Policy Management Solution

ProSight provides a policy management system to entities such as financial services organizations. The ProSight’s policy management system is designed to assist Clients in the processes of creating, editing, collaborating, maintaining and publishing corporate policies to their employees. Furthermore, the system offers a library of policy templates that are updated from time to time to reflect regulatory changes, as well as monitoring and reporting capabilities. Jointly, the ProSight’s policy management system, the policy templates and the monitoring and reporting capabilities constitute the ProSight Policy Management Solution (“Policy Management Solution”).

The Policy Management Solution constitutes one of the Services referenced in the Master Agreement.

Policy templates made available by ProSight as a part of the Policy Management Solution constitute ProSight Property as defined in the Master Agreement.

Clients can develop policy documents entirely on their own or customize ProSight policy templates for that purpose. However once a Client turns a ProSight policy template into a policy document, ProSight no longer makes regulatory updates to it. Updates to policy documents are the Client’s responsibility.

Policy documents based on ProSight Property (e.g. policy documents developed as a result of customization of ProSight policy templates) constitute Derivative Works as defined in the Master Agreement.

ProSight creates new policy templates, retires policy templates, and updates policy templates regularly to address regulatory changes. ProSight strives to make policy template changes prior to regulatory effective change dates. This is not always possible as regulators do not always provide sufficient notice of effective change dates.

ProSight may at times provide guidance or resources as part of the Policy Management Solution. These are intended only as suggestions for consideration. Policy management decisions are ultimately the responsibility of professionals within the Client.

Enterprise Risk and Compliance Solution

ProSight provides an enterprise risk and compliance system to entities such as financial services organizations. The ProSight’s enterprise risk and compliance system is designed to assist Clients with managing their governance, risk management, and compliance processes. Furthermore, the system offers resources such as tool tips, risk and compliance templates, educational resources as well as monitoring and reporting capabilities. Jointly, ProSight’s enterprise risk and compliance system, the educational resources and the monitoring and reporting capabilities constitute the ProSight Enterprise Risk and Compliance Solution(1) (“ERCS”).

The Enterprise Risk and Compliance Solution constitutes one of the Services referenced in the Master Agreement.

ERCS consists of programs, which can be licensed by Clients individually or jointly. The following are ProSight ERC programs:

“Vendor Manager (VM)” is an ERCS module designed to help Clients with third-party due diligence and inventory of their vendors;

“Enterprise Risk Manager (ERM)” is an ERCS module designed to help Clients with managing risks, controls, incidents and actions;

“Business Risk Manager (BRM)” is an ERCS module designed to help Clients with identification of business priorities, inherent risks, and controls assessment;

“Audit Manager (“AM)” is an ERCS module designed to help Clients maintain a repository for all audit activities, documentation, and progress tracking;

“Board Manager (“BM)” is an ERCS module designed to help Clients with managing board meetings, share documents, communicate, reporting and voting.

From time to time ProSight may provide additional ERCS modules.

Risk and compliance templates and educational resources made available by ProSight as a part of ERCS constitute ProSight Property as defined in the Master Agreement.

ProSight creates, retires and updates risk and compliance templates and educational resources regularly to address regulatory changes. ProSight strives to make these changes prior to regulatory effective change dates. This is not always possible as regulators do not always provide sufficient notice of effective change dates.

ProSight may at times provide additional guidance or resources as a part of the Enterprise Risk and Compliance Solution. These are intended only as suggestions for consideration. Governance, Risk and Compliance decisions are ultimately the responsibility of professionals within the Client.

 

Program Availability and Customization

ProSight creates new Programs, retires Programs, and updates Programs regularly to address regulatory changes. ProSight strives to make Program content changes at least 90-days prior to regulatory effective change dates. This is not always possible as regulators do not always provide sufficient notice of effective change dates.

For an additional fee ProSight does make source code and/or scripts of ProSight Compliance Programs and ProSight Professional Development Programs available to Clients in order for Clients to be able to provide the source code/scripts to auditors or regulators, or to utilize themselves as part of a customization process.

ProSight does allow Clients to customize ProSight Compliance Programs and ProSight Professional Development Programs. However once Clients turn ProSight Programs into custom courses, ProSight no longer makes regulatory updates to them. Updates to custom courses are the Client’s responsibility.

ProSight does at times provide guidance on what Programs should be considered for employees with specific responsibilities. These are intended only as suggestions for consideration. Course assignments are ultimately the responsibility of professionals within the Client.

 

Licensing and Services

License Definitions

“User Licenses” refers to the named licenses that Client has purchased under its Subscription Agreement.

“Permitted Users” means its employees and those of its other financial subsidiaries, parents, subsidiaries, and any entity in which Client owns a majority ownership interest who have the right to use the Services, as dictated by the applicable license parameters in the Enrollment Form (e.g., number of users, number of active users, size of assets, or other agreed metrics) purchased by Client pursuant to an Enrollment Form.  Client may assign a Client vendor as a Permitted Users with limited scope of access and permissions subject to the terms of the Agreement.

“Active Users” means Permitted Users that are set by Client to an “active” status within the ProSight Learning Manager, as dictated by the number of User Licenses purchased by Client pursuant to an Enrollment Form.

“Institution License” refers to an organization wide license that covers each individual in an organization.

“Unique Users” means Permitted Users who access a Program on a Client learning management system, as dictated by the number of User Licenses purchased by Client pursuant to an Enrollment Form.

Client acknowledges and agrees that ProSight will provide ongoing information regarding the Program and Services via email.  Client agrees to take necessary steps to allow receipt of email communications from ProSight; and ProSight will provide information concerning technical communication requirements to Client.  Communication may include e-newsletters, compliance and regulatory information, or promotional information regarding products and services of ProSight and its affiliates.

ProSight provides access to Programs via Subscriptions in four ways.

ProSight Learning Manager Service

First ProSight licenses use of its Programs as part of a comprehensive solution within the ProSight Learning Manager, the “Service” as defined in the Subscription Agreement. The ProSight Learning Manager allows organizations to administer training through assigning specific Programs to specific Permitted Users, monitoring progress by user, and reporting on user completions in detail. There are three options.

  1. “Premium eLearning” provides Clients with the Programs, the ProSight Learning Manager, as well as several additional tools that facilitate the assigning and administration of training programs, as well as the ability to customize Program. These include:
  • “ProSight Training Insights” – a unique collaboration tool within the ProSight Learning Manager designed to help determine which compliance courses to assign to which people and then document those decisions.
  • “ProSight Career Pathing software” — provides administrators with the ability to group courses by associated skills and then display that course grouping for students and managers.
  • “ProSight I-Design” course authoring tool – allows Clients to create and publish custom courses to the ProSight Learning Manager.
  • “ProSight I-Modify” that allows clients to make select customizations to ProSight courses.
  1. “Essentials Plus eLearning” provides Clients with the Programs, the ProSight Learning Manager, as well as Training Insights.
  2. “Essentials eLearning” provides Clients with the Programs and the ProSight Learning Manager.

These options also have related services that ProSight charges for separately, including Setup, HRIS file syncing, and Single Sign On (SSO) implementation.  These services will be set forth in a Statement of Work between Client and ProSight.

License fees for these options are based on the number of Active Users from the Client within the ProSight Learning Manager at any given time.

Every Permitted User in the ProSight Learning Manager must have a unique username, typically email address.

Client may print student records and training plans from the Programs and Services without written permission of ProSight.

Client Learning Management System:

ProSight also licenses its Programs to be used by Clients within other Learning Manager Systems.

With “ProSight’s Content Provider Service,” ProSight sends Program files, configured based on the Client’s pre-approved Learning Management System settings, directly to Clients. ProSight will provide reasonable assistance to Client to configure the files so they work as the Client desires in the Client’s learning management system. If the Client requires programming changes and redelivery of Program, ProSight will do so for a fee.

License fees for these options are based on the number of Unique Users from Client who access a course within a 12-month period.

ProSight Policy Management Solution:

ProSight licenses use of its Policy Management Solution as defined in the Subscription Agreement. License fees are based on the number of Active Users from the Client within the ProSight Policy Management Solution at any given time. Every Active User in the Policy Management Solution must have a unique username, typically a business email address. For the avoidance of doubt, each Active User is a named individual; sharing access to the Policy Management Solution by multiple individuals constitutes a breach of the Subscription Agreement.

Enterprise Risk and Compliance Solution:

“Enterprise Risk and Compliance Solution” (ERCS):

ProSight licenses use of ERCS as defined in the Subscription Agreement. Each ERCS module is priced individually. License fees for ERCS modules under the ERCS Institution License are determined based on the asset size of the contracting entity (e.g., the specific bank or subsidiary entering into the agreement), as verified by the Client’s most recent audited financial statements or other documentation reasonably acceptable to ProSight (e.g., FDIC, NCUA). Where the contracting entity is part of a larger holding company, only the assets of the contracting entity itself shall be used to determine the applicable price band. Asset size will be re-verified upon renewal. If the Client’s asset size changes materially (including, for example, as a result of an acquisition), the Client shall notify ProSight without undue delay, and the contract shall be updated to reflect the revised asset size.

ProSight Service Levels

ProSight targets the following availability service levels:

  • Business hours (M-F 7am-7pm CT) availability: 99.5%.
  • Overall 24×7 availability: 98.0%.

A “failure” is defined as the system being available to the customer for less than the target levels in any month, provided:

  • System is considered “available” if it is reachable by greater than 50% of ProSight users and is functioning using a supported web browser. If a learner is able to sign on and launch a course, the system is considered to be functioning.
  • Outages of less than 5 minutes duration do not count in determining availability and do not constitute failures (example cause: Internet network re-convergence after a fiber cut).
  • Problems affecting individual user accounts, IP addresses, non-essential system features, etc. do not constitute failure.
  • Problems involving customer’s own network, service provider, or hardware/software not supported or maintained by ProSight (examples: web filters, firewalls, IPS, anti-virus, unsupported browser versions) do not constitute failure.
  • Standard force majeure events (earthquake, pandemic, hurricane, acts of terrorism or war, etc.) do not constitute failure.
  • Apparent outages caused by Denial-of-service attacks do not constitute failure.

 

 

————————————

(1) ERCS is the property of Foundry Street Partners LLC distributed exclusively by ProSight.