Bankers' Bank of the West's network is configured so that multiple accesses to the network are available from all workstations and protected by a biometric login requirement. In addition to the in-house network stations, three outside workstations including the programming consultant, the network administrator and the hot site have secure access to the BBW network and could be used as disaster recovery sites also.

There are several written agreements in place that provide support to backup and disaster recovery of data and equipment resources. These include an ISP for data backup and Internet connectivity, a secondary backup ISP, and a data processor to restore files and provide data recovery for delivery of data to BIDS. The data would then be processed over a secure Internet T1 connection to BBW or the designated disaster recovery site.

A telephone disaster recovery agreement is in place with our telecommunications provider in the event we lose telephone service in downtown Denver. This plan has been tested with successful implementation. Implementing the test via the Internet redirected telephone traffic from our main telephone system to our designated backup equipment occurred in less than 10 seconds once the command was confirmed to switch.

BBW's IS department has procedures in place to automatically update policies and procedures as requirements or upgrades are put into production. In addition, the Board of Directors and Federal Reserve Bank require reviews and updates to all bank policies and procedures on at least an annual basis. These annual reviews include all computer and network policies and procedures. In a separate attached memo are included the process of monitoring the network for possible failure and intrusions. The Cashier of the bank is responsible for this process.

An agreement is in place for implementation of our disaster recovery procedures at an undisclosed location in Englewood, CO. Procedures include the designation of critical mission applications and the required staff. A dedicated server will be used as the main disaster recovery server and multiple laptop PCs will be configured with certain bank operating systems and set up as a remote network enviorment. Customer information files do not reside on the laptops. In the event of an actual disaster prior day's files including customer information would be downloaded via a secure Internet connection from our offsite data backup provider. Other components of the disaster recovery and business continuation plan include using our ISP and data processor as file and data backup and recovery and our BIDS provider for data delivery to our customer via our secure Internet connection, BIDS. All files currently received at BBW via FEDLINE would be rerouted to the Disaster Recovery site connection.

All of the vendors responsible for mission critical applications have established disaster recovery procedures in the event that their own systems fail.

Our T1 Internet provider could reroute our Internet traffic to another carrier through their hot site outside of Denver. If that fails, BBW has a signed backup agreement to immediately reroute data to a DSL Internet connection via our backup ISP in Denver.

Our data processing center is located in another state. In the event of a disaster in their main facility, processing would be transferred to their hot site located far from their main facility.

Our BIDS provider has a backup site located in another state and a backup Internet service provider located in Texas.

All of the above disaster recovery contingency plans have been examined and tested positively. We maintain a point-to-point telephone connection with our data processor for data processing and the print back of reports and statements. This was tested by having our data processor deliver the reports to our BIDS provider. In turn, our BIDS provider transmitted the report to BBW via our BIDS connection.

Policies are in place for updates or changes in the network configuration. Any issues that would require a substantial change in the network in terms of hardware, software or procedures are discussed with the IT Committee consisting of the IT manager, the Cashier and CEO of the bank. Normal software upgrades to the operating system, virus protection or maintenance equipment is normally not reviewed by the IT Committee but is automatically installed. All changes are documented.

Bankers' Bank of the West does not have a SAS 70 audit conducted. As a financial institution, both the Federal Reserve Bank and the Colorado Division of Banking, on an annual basis, examine the bank. The examination procedures include an IT examination and a review of policies and procedures.

Information and data transmitted from BBW to respondent banks could include a daily account statement on the respondent's account with BBW. Other information would be a Cash Position Report detailing the previous day's activity in regards to cash letter processing.

The information that BBW would be responsible for would be delivered via BIDS, our 128-bit encrypted secure Internet connection. Other means could be via fax and upon request, encrypted email or ground mail.

No new data circuits would be required to facilitate the movement of information, reports or wire transfers. This process requires Internet access.

The Bankers' Bank of the West maintains third party strategic alliances with companies who provide annual IT audit and testing, network risk assessments and penetration testing. One of these companies provides 24/7/365 network intrusion detection and prevention. All occurrences of attacks and resulting preventative measures are automatically reported to the Network Administrator.

Confidentiality agreements and network security integrity preclude our desire to offer more detailed information. As stated above, as a regulated and examined correspondent financial institution, BBW is acutely aware of maintaining a safe and secure electronic banking environment for our correspondent bank customers.