INTRODUCTION  |  About This Document

This Business Online Banking Terms and Conditions document (this “Agreement”) governs your access to and use of all online and electronic banking services provided by Bank of the Lowcountry (“Bank,” “we,” “us,” or “our”) to your business (“Business,” “you,” or “your”). By signing the Business Online Banking Service Profile, you acknowledge that you have received, read, and agree to be bound by all terms contained in this Agreement.

This Agreement is organized into sections corresponding to the specific services the Bank may make available to you. Not all services described herein are available to all customers. The services authorized for your Business, together with the accounts to which they apply and the transaction limits established for each, are documented on your Business Online Banking Service Profile, which is incorporated by reference as part of this Agreement.

HOW THIS AGREEMENT WORKS
This document contains the complete terms governing your Business Online Banking relationship with Bank of the Lowcountry. Your Service Profile records which services are active for your Business. When changes are made — adding services, adjusting limits, adding or removing users — an updated Service Profile will be presented for your review and signature. Questions? Contact Deposit Operations at (843) 549-2265.


Definitions

As used throughout this Agreement, the following terms have the meanings set forth below:

  • “Authorized User” means any individual designated by the Business on the Service Profile to access online banking services on the Business’s behalf.

  • “Administrator” means an Authorized User designated on the Service Profile with elevated access rights, including the ability to manage sub-users, establish Positive Pay rules, and perform other administrative functions within the online banking platform.

  • “Service Profile” means the Business Online Banking Service Profile form executed by the Business, which identifies active services, linked accounts, transaction limits, and Authorized Users.

  • “Services” means, collectively, all online and electronic banking services provided under this Agreement, including but not limited to Online Banking Platform access, ACH Origination, Wire Transfer, Remote Deposit Capture (RDC) (comprising the Desktop Scanner and Mobile Deposit channels), and Positive Pay.

  • “Business Day” means Monday through Friday, excluding federal holidays observed by the Federal Reserve Bank of Richmond.

  • “NACHA Rules” means the operating rules and guidelines published by the National Automated Clearing House Association, as amended from time to time.

  • “Payment Order” means an instruction by the Business or an Authorized User to transfer funds, including wire transfer instructions.

  • “Access Credentials” means any combination of user ID, password, token, security question, or other authentication method used to access the Services.


PART I | General Terms and Conditions

1. Authorized Users and Administrator Designation

The Business is solely responsible for designating all Authorized Users on the Service Profile, including identifying which users hold Administrator-level access. The Business represents and warrants that each person designated as an Authorized User or Administrator has the authority to act on behalf of the Business with respect to the Services assigned to that user.

Administrator Access
An Administrator is an Authorized User with elevated permissions within the online banking platform. Depending on the services enrolled, Administrator-level access may include the ability to:

  • Create, modify, or remove sub-users within the platform;

  • Establish and manage Positive Pay rules, approved entities, and blocked entities;

  • Upload ACH files and manage payment templates;

  • Initiate or approve wire transfers within assigned limits;

  • Perform other account management functions as enabled by the Bank.

The Business accepts full responsibility for the actions of any Administrator, including any sub-users that Administrator creates or manages. The Bank may rely on any instruction issued through valid Administrator credentials as a duly authorized instruction from the Business.

User Changes
The Business is responsible for promptly notifying the Bank in writing of any changes to Authorized User access, including the termination of any user’s employment or authority. Changes must be submitted in writing and will be effective only after the Bank has had a reasonable opportunity to act on the notice. The Bank will not be responsible for transactions completed by a user whose access the Business has failed to timely revoke.

2. Security Procedures and Your Responsibilities

The Business agrees that the security procedures described in this Agreement and implemented through the Bank’s online banking platform — including user IDs, passwords, multi-factor authentication, and any token or device-based authentication required by the Bank from time to time — are commercially reasonable security procedures for the authentication of Payment Orders and other instructions. The Business agrees to be bound by any instruction authenticated in accordance with these procedures, whether or not that instruction was actually authorized by the Business, provided the Bank acted in good faith and in compliance with the security procedures.

The Business agrees to:

  • Protect all Access Credentials and never share them with unauthorized persons;

  • Instruct each Authorized User to maintain the confidentiality of their individual credentials;

  • Immediately notify the Bank at (843) 549-2265 if the Business suspects any Access Credentials have been compromised, disclosed to an unauthorized person, or used without authorization;

  • Never leave an active online banking session unattended;

  • Always log off completely after each session;

  • Change passwords promptly whenever an Authorized User’s access is terminated.

The Bank shall have no liability for unauthorized transactions that occur before the Bank receives notice of a compromise and has had a reasonable opportunity to act on that notice.

3. Transaction Limits

Transaction limits for ACH origination, wire transfers, and RDC are established by the Bank based on the Business’s account history, average transaction volume, business type, and risk profile, and are documented on the Service Profile. Limits are calibrated to the Business’s legitimate operational needs and are not a guarantee of availability. The Business acknowledges that:

  • Limits are not an entitlement. The Business has no right to any specific limit, and limits are established solely at the Bank’s discretion.

  • Limits may be changed. The Bank may increase, decrease, suspend, or eliminate any transaction limit at any time at its sole discretion. While the Bank will endeavor to provide notice of limit changes, prior notice is not required, particularly where the Bank determines that a limit change is necessary for risk management or security purposes.

  • User-level limits. Individual Authorized Users may be assigned limits lower than the Business’s overall account limits as documented on the Service Profile. User-level limits cannot exceed account-level limits.

  • Shared RDC limit. RDC’s two channels — the Desktop Scanner and Mobile Deposit — share a single daily image deposit limit. This limit applies in the aggregate across both channels and is not a separate limit for each. Deposits made through either channel draw against the same daily ceiling documented on the Service Profile.

  • Limit change requests. The Business may request changes to transaction limits in writing. All requests are subject to Bank approval and are not effective until the Bank confirms approval and an updated Service Profile is executed.

  • Business changes. The Business agrees to notify the Bank promptly if there is a material change in the Business’s ownership, structure, revenue, or primary business activity that may affect the appropriateness of established limits.

4. Bank’s Right to Suspend, Modify, or Terminate Services

The Bank reserves the right to suspend, restrict, reduce, modify, or terminate any Service or any portion of any Service at any time, at its sole discretion and without prior notice. Without limiting the generality of the foregoing, the Bank may exercise these rights if it suspects fraud, unauthorized access, account misuse, breach of this Agreement, or for any other reason the Bank deems appropriate in the exercise of sound banking judgment.

The Business agrees that the Bank shall have no liability to the Business or to any third party arising from the Bank’s exercise of its rights under this section. The Business’s obligation to pay any fees accrued prior to termination, and any indemnification obligations under this Agreement, survive termination.

5. Liability — General Framework

Bank’s Liability
The Bank’s liability to the Business for any failure or error in connection with the Services shall be limited to direct damages actually caused by the Bank’s gross negligence or willful misconduct. In no event shall the Bank be liable for any indirect, consequential, special, incidental, exemplary, or punitive damages, including but not limited to lost profits, loss of business, or loss of data, even if the Bank has been advised of the possibility of such damages.

The Bank shall not be liable for any failure to perform, or delay in performance of, any obligation under this Agreement that is caused by circumstances beyond the Bank’s reasonable control, including but not limited to acts of God, natural disasters, power failures, communications system failures, actions of governmental authorities, or the failure of any third-party payment system or network.

Business’s Liability and Indemnification
The Business is liable for all transactions initiated by any Authorized User or Administrator acting within the scope of access granted on the Service Profile, whether or not the Business specifically authorized the individual transaction. The Business’s liability continues until written notice of revocation is received by the Bank and the Bank has had a reasonable opportunity to act.

The Business agrees to indemnify, defend, and hold harmless the Bank, its officers, directors, employees, and agents from and against any and all claims, losses, liabilities, damages, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to: (a) the Business’s breach of any provision of this Agreement; (b) the actions or omissions of any Authorized User or Administrator; (c) the Business’s failure to maintain adequate security controls; (d) any unauthorized access to the Services that results from the Business’s failure to protect Access Credentials; or (e) the Business’s failure to timely notify the Bank of a compromise or unauthorized use.

6. Fees

The Business agrees to pay all fees applicable to the Services as set forth in the Bank’s current Schedule of Fees, which is provided separately and incorporated by reference. Fees are subject to change upon thirty (30) days prior written notice to the Business. The Bank may deduct fees directly from any account maintained by the Business at the Bank.

7. Account Reconciliation and Error Reporting

The Business is responsible for promptly reviewing all account statements, online transaction histories, and payment confirmations. Discrepancies must be reported to the Bank within thirty (30) days of the date the first statement reflecting the discrepancy is made available to the Business. Failure to report within this period will preclude the Business from asserting any claim against the Bank arising from the discrepancy.

8. Amendments and Notices

The Bank may amend this Agreement at any time upon notice to the Business. Notice may be provided by mail, email, posting on the Bank’s website, or through the online banking platform. Unless a longer notice period is required by law, amendments will be effective ten (10) days after notice is provided, regardless of whether the Business has actually reviewed the notice. The Business’s continued use of any Service following the effective date of an amendment constitutes acceptance of the amended terms.

Written notices from the Business to the Bank must be directed to: Bank of the Lowcountry, Deposit Operations, 1100 North Jefferies Boulevard, Walterboro, SC 29488, or by email to operations@banklowcountry.com.

9. Confidentiality

The Business agrees to maintain the confidentiality of account information and transaction data and not to disclose such information to any third party except as required by law, as necessary to complete an authorized transaction, or with the Bank’s prior written consent. The Bank’s obligations regarding the confidentiality of the Business’s information are governed by the Bank’s Privacy Policy, which is provided separately.

10. Governing Law; Dispute Resolution

This Agreement and all transactions hereunder are governed by the laws of the State of South Carolina, except to the extent that federal law governs. Any dispute arising under this Agreement shall be resolved under the laws of the State of South Carolina, and the Business consents to personal jurisdiction in the courts of the State of South Carolina. The Business waives any right to a jury trial in connection with any dispute arising out of or relating to this Agreement.

11. Entire Agreement; Severability

This Agreement, together with the Service Profile and all schedules, addenda, and documents incorporated by reference, constitutes the entire agreement between the parties with respect to the Services and supersedes all prior agreements, representations, and understandings. If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.


PART II | Online Banking Platform

This Part governs your access to and use of the Bank’s Business Online Banking platform (the “Platform”), which is operated in partnership with Fiserv, Inc. (“Fiserv”). The Platform provides access to account information, electronic funds transfer services, and other account management functions.

12. License and Use

The Bank grants the Business a limited, non-exclusive, non-transferable sublicense to use the Platform solely for the Business’s internal business purposes. The Business acknowledges that the Platform and all related software, content, and documentation are the proprietary property of Fiserv and/or the Bank. The Business agrees not to copy, reverse engineer, modify, distribute, or create derivative works from any component of the Platform.

The Business agrees to use the Platform only for lawful purposes and in accordance with this Agreement. The Business agrees not to use the Platform in any manner that could damage, disable, overburden, or impair any Bank or Fiserv system, or interfere with any other party’s use of the Platform.

13. Platform Availability

The Bank endeavors to make the Platform available twenty-four (24) hours a day, seven (7) days a week. However, availability may be interrupted for scheduled maintenance, system upgrades, or circumstances beyond the Bank’s control. The Bank will make reasonable efforts to provide advance notice of scheduled maintenance but is not obligated to do so. The Bank shall have no liability for Platform unavailability regardless of the cause.

14. Account Activity Levels

Access to specific account functions within the Platform is governed by the activity level assigned to each Authorized User on the Service Profile. Available activity levels include:

  • Account Inquiry: View current balances and up to sixty (60) days of transaction history. Does not include transfer capability.

  • Funds Transfer: All account inquiry functions, plus the ability to transfer funds between linked accounts and access to other banking services as enabled.

  • Full Access: All funds transfer functions, plus access to payment services (ACH, Wire), Positive Pay, and other services as authorized on the Service Profile.

15. Funds Transfers Within the Platform

The Business may transfer funds between linked accounts using the Platform. All such transfers are subject to available balances at the time of the transfer. Transfers are immediate and generally cannot be reversed once submitted. The Business is responsible for verifying transfer instructions before submission.

Transfers from savings and money market accounts are subject to applicable federal regulations limiting the number of pre-authorized transfers per monthly statement cycle. Fees may apply for transfers that exceed permitted limits.

16. Stop Payment Requests

The Business may submit stop payment requests through the Platform. Stop payment orders submitted through the Platform are treated as written stop payment orders and are effective for six (6) months from the date submitted, after which they expire unless renewed. Stop payment requests on ACH/EFT items are effective until revoked and do not expire automatically.

The Business acknowledges that a stop payment order cannot be guaranteed if the item has already been paid or if the information provided is inaccurate or incomplete. The Bank will not be liable for paying an item against which a stop payment has been placed if the information provided does not precisely identify the item.

17. Statement Review; Unauthorized Transactions

The Platform provides online access to account statements and transaction histories. The Business is solely responsible for reviewing this information promptly and regularly. The Business must notify the Bank immediately by telephone at (843) 549-2265 if it suspects any unauthorized access to the Platform or any unauthorized transaction.

Discrepancies between Platform records and the Business’s own records must be reported within thirty (30) days of the statement date on which the discrepancy appears. Failure to report within this period constitutes acceptance of the transaction and waiver of any claim

18. Disclaimer of Warranties

THE PLATFORM IS PROVIDED “AS IS” AND “AS AVAILABLE.” THE BANK AND FISERV MAKE NO WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE PLATFORM, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. NEITHER THE BANK NOR FISERV WARRANTS THAT THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS. THE BUSINESS ASSUMES ALL RISK ASSOCIATED WITH ITS USE OF THE PLATFORM.


PART III | ACH Origination Services

This Part governs the Business’s use of the Bank’s ACH origination services (“ACH Services”). ACH Services are provided through the Federal Reserve Bank of Richmond’s Automated Clearing House network. This Part supplements Part I and the provisions of Part I apply in full to ACH Services.

19. Scope of ACH Services

Subject to approval and the limits established on the Service Profile, the Bank will transmit ACH credit and debit entries originated by the Business to the ACH network in accordance with the NACHA Rules and this Agreement. The Bank authorizes the Business to originate the following Standard Entry Class (SEC) codes:

  • PPD (Prearranged Payment and Deposit) — consumer accounts, where the receiver has provided written authorization;

  • CCD (Corporate Credit or Debit) — business-to-business transactions;

  • Payroll — direct deposit entries for employee compensation, processed as PPD or CCD as appropriate.

The Business may not originate entries using any other SEC code without the Bank’s prior written approval. Unauthorized entry types will be rejected.

20. NACHA Compliance

The Business agrees to comply with the NACHA Rules as in effect from time to time, which are incorporated by reference. The NACHA Rules include obligations to comply with applicable U.S. laws and regulations, including OFAC-administered sanctions laws. Changes to the NACHA Rules are binding on the Business without the necessity of a new or amended agreement. The Bank reserves the right to audit the Business’s compliance with the NACHA Rules and the terms of this Agreement, and to terminate ACH Services for breach of the NACHA Rules.

21. Authorizations

The Business represents and warrants that it has obtained, and will maintain on file, valid written authorization from each receiver for each type of entry originated. The Business agrees to retain the original or a copy of each authorization for a minimum of two (2) years after the authorization is terminated or revoked. Upon request by the Bank or the originating depository financial institution (ODFI), the Business will provide a copy of any authorization form within ten (10) Business Days.

22. File Submission; Timing

The Business shall submit ACH files in electronic format, in the format required by the Bank. Files must be delivered to the Bank no later than the cutoff time established by the Bank and communicated to the Business. Files received after the applicable cutoff will be processed on the next Business Day. The Business is solely responsible for the accuracy and completeness of all data in submitted files.

23. Settlement; Return Item Liability

The Business will receive settlement for debit entries on the applicable Settlement Date. If any debit entry is rejected, returned, or reversed after the Bank has permitted the Business to access the settled funds, the Business is required to immediately reimburse the Bank for the full amount of the returned entry, together with any applicable fees. The Business agrees that the Bank may debit any account of the Business at the Bank for amounts owed under this section without prior notice.

The Business agrees to maintain sufficient collected funds in its designated settlement account to cover all outstanding ACH obligations at all times.

24. Error Correction

If the Business discovers an error in an entry it has submitted, it must notify the Bank immediately. If notice is received before the applicable cutoff, the Bank will use its best efforts to initiate a correcting entry. If notice is received after the cutoff, the Bank will use its best efforts consistent with the NACHA Rules but cannot guarantee correction.

25. Rejection of Entries

The Bank may reject any entry or file that does not comply with the NACHA Rules, this Agreement, or the Bank’s internal procedures, or that the Bank determines poses unacceptable risk. The Bank will notify the Business of any rejection, and it shall be the Business’s responsibility to correct and re-submit rejected entries.

26. Bank’s Liability for ACH

The Bank’s liability to the Business for errors in processing ACH entries shall be limited to direct damages actually caused by the Bank’s own gross negligence or willful misconduct in handling a specific entry. In no event shall the Bank be liable for indirect, consequential, or punitive damages, for the acts or omissions of the ACH network, a receiving depository financial institution, or any third party, or for any delay caused by circumstances beyond the Bank’s reasonable control.

27. Ongoing Monitoring of ACH Services

The Bank monitors ACH origination activity on an ongoing basis as part of its risk management program. This monitoring includes review of transaction patterns, return rates, volume relative to established limits, and consistency with the Business’s known profile. The Bank may, at its discretion and on a risk-based schedule, request updated financial or business information from the Business. Failure to provide requested information within a reasonable time may result in suspension or adjustment of ACH Services.

The Business’s transaction limits are calibrated at enrollment based on the Business’s profile and are reviewed whenever the Business requests a limit change, when observed activity is inconsistent with the established profile, or when the Bank determines a review is warranted based on risk factors. This risk-based approach to monitoring is consistent with FFIEC guidance, which does not prescribe a fixed review frequency but requires ongoing monitoring proportionate to the risk presented by the customer relationship.

28. Confidentiality of Entry Information

Except as required by the NACHA Rules or applicable law, both parties agree to maintain the confidentiality of entry information and not to disclose information that identifies any receiver or account without prior written consent, except as necessary to complete the transaction.


PART IV | Wire Transfer Services

This Part governs the Business’s use of the Bank’s wire transfer services (“Wire Services”). Wire transfers are irrevocable once executed. The Business should carefully review all wire instructions before submission. This Part supplements Part I and the provisions of Part I apply in full to Wire Services.

WIRE TRANSFERS ARE IRREVOCABLE
Once the Bank has executed a wire transfer in accordance with this Agreement, the Bank has no obligation to reverse or cancel the transfer. The Business is solely responsible for verifying the accuracy of all wire instructions, including the receiving bank’s ABA routing number and the beneficiary account number, before submission.

If you suspect a fraudulent wire: Call (843) 549-2265 immediately.

29. Authorized Representatives; Wire Limits

The individuals authorized to initiate and/or approve wire transfers on behalf of the Business, together with their individual dollar limits, are identified on the Service Profile. Wire transfer limits are established based on the Business’s account history, average transaction volume, business type, and risk profile. Limits are calibrated to the Business’s documented operational needs and are not a guarantee of availability.

The Business may designate separate initiator and approver roles to establish dual-control over wire transactions. The Bank strongly recommends dual-control for all wire transactions. Any changes to authorized wire users or limits must be submitted to the Bank in writing and will be effective only after the Bank has confirmed receipt and an updated Service Profile has been executed.

30. Wire Transfer Instructions; Cutoff Times

Wire Payment Orders must be submitted through the online banking platform or, if the platform is unavailable, by delivery of a signed written wire transfer instruction form in person or by fax to the Bank’s Deposit Operations department. Payment Orders must conform to the Bank’s format requirements and must be received by the following cutoff times on a Business Day:

  • Domestic wire transfers: 4:30 PM Eastern Time

  • International wire transfers: 3:30 PM Eastern Time

Payment Orders received after the applicable cutoff will be treated as received on the next Business Day. The Bank reserves the right to amend cutoff times upon notice to the Business.

31. Security Procedures for Wire Transfers

The security procedures applicable to wire transfers include user ID and password authentication, multi-factor authentication as required by the Bank, and such other verification measures as the Bank may establish from time to time. The Bank may also, at its discretion, perform callback verification on any wire transaction, particularly for new beneficiaries, large amounts, or transactions that appear inconsistent with the Business’s normal patterns.

The Business acknowledges that these security procedures are designed to verify the authenticity of Payment Orders and are not designed to detect errors in the content of instructions. The Business agrees that the security procedures are commercially reasonable.

The Business agrees that no individual Authorized User will be permitted to both initiate and approve a wire transfer without adequate supervisory controls. Where dual-control is established on the Service Profile, both roles must be performed by different individuals.

32. Accuracy of Instructions; Bank’s Reliance

The Business is solely responsible for the accuracy of all information contained in Payment Orders. The Bank — and any receiving bank or intermediary bank — may rely entirely on the account number and routing number provided in a Payment Order, even if that account number does not correspond to the name of the beneficiary stated in the order. The Bank has no duty to determine whether a name and account number refer to the same person or entity.

If the Business provides an incorrect account number or routing number and the wire is transmitted to the wrong account, the Bank shall not be liable for any resulting loss. The Business agrees to indemnify and hold the Bank harmless from any loss or liability, including attorneys’ fees, resulting from the Bank’s reliance on information provided by the Business.

33. Cancellation or Amendment of Payment Orders

The Business has no right to cancel or amend a Payment Order after it has been received by the Bank. The Bank may, at its sole discretion, make a reasonable effort to cancel or amend a Payment Order if the request is received before the order has been executed and if the request complies with the Bank’s security procedures. The Bank shall have no liability if a cancellation or amendment request is not honored.

34. Rejection of Payment Orders

The Bank may reject any Payment Order that: (a) does not comply with this Agreement or the Bank’s format requirements; (b) cannot be authenticated in accordance with the security procedures; (c) involves an account with insufficient available funds; (d) would violate any applicable law, regulation, or OFAC sanction; or (e) the Bank determines poses unacceptable risk in its sole discretion. The Bank shall notify the Business of any rejection as soon as reasonably practicable.

35. International Wire Transfers

International wire transfers are subject to additional risk, including currency exchange rate risk, foreign banking regulations, and the acts or omissions of foreign financial institutions and intermediaries. The Bank will convert funds to the applicable foreign currency at the Bank’s quoted exchange rates at the time of conversion. The Business bears all exchange rate risk.

International wire transfers are subject to OFAC sanctions screening. The Bank will not process any wire to a sanctioned country, entity, or individual. If a wire is blocked due to OFAC screening, the Bank will notify the Business and follow applicable regulatory procedures.

36. Bank’s Liability for Wire Transfers

If the Bank fails to execute a valid Payment Order, or executes it in the wrong amount, the Bank’s liability shall be limited to: (a) interest on the amount involved for the period of delay, calculated at the average federal funds rate for each day of delay, computed on a 360-day basis; and (b) in the event of a wrongful refusal or gross negligence, a refund of the transaction amount plus interest not to exceed sixty (60) days. In no event shall the Bank be liable for consequential, indirect, special, or punitive damages.

37. Ongoing Monitoring of Wire Services

The Bank monitors wire transfer activity on an ongoing basis as part of its risk management program. This monitoring includes review of transaction patterns, beneficiary profiles, volume relative to established limits, and consistency with the Business’s known profile. The Bank may perform callback verification on transactions that appear inconsistent with normal patterns, involve new beneficiaries, or exceed threshold amounts as determined by the Bank.

Wire transfer limits are reviewed whenever the Business requests a limit change, when observed activity is inconsistent with the established profile, or when the Bank determines a review is warranted based on risk factors. This risk-based approach is consistent with FFIEC guidance and does not require a fixed annual review cycle.


PART V  |  Remote Deposit Capture

This Part governs the Business’s use of the Bank’s Remote Deposit Capture service (“RDC”), which allows the Business to create electronic images of paper checks and transmit them to the Bank for processing and deposit. RDC is provided through two channels:

  • Desktop Scanner — a Bank-provided desktop scanner used with the browser-based Fiserv Access Manager platform; and

  • Mobile Deposit — the camera on a mobile device used with the Bank’s Business Mobile Banking application.

Except where a provision is expressly limited to one channel, all terms in this Part apply equally to both channels. This Part supplements Part I, and the provisions of Part I apply in full to RDC.

38. Eligibility and Service Activation

RDC is available to Business customers in good standing who have been approved by the Bank. The Bank establishes eligibility based on account history, deposit volume, business type, and risk profile, as determined by the Bank in its sole discretion. Approval does not obligate the Bank to maintain the service indefinitely, and the Bank reserves the right to suspend or revoke RDC, or either channel, at any time.

The Mobile Deposit channel is an optional feature that must be specifically enabled for the Business’s account and is indicated on the Service Profile. The Bank does not enable Mobile Deposit by default; activation requires authorization by the Bank.

Both channels are accessed through the Bank’s authenticated online banking environment using the same credentials established for Business Online Banking. Access requires a valid online banking session; no separate login or standalone access path exists. The Bank’s authentication environment provides the security layer for RDC.

39. Desktop Scanner — Equipment and Program License

This Section applies only to the Desktop Scanner channel. The Bank will provide the Business with a Bank-approved scanner for use with RDC. The Business acknowledges that:

  • The scanner remains the property of the Bank at all times;

  • The Business is granted a non-exclusive license to use the scanner solely for depositing checks under this Agreement;

  • The scanner may only be used at the Business’s approved location;

  • Any relocation of the scanner requires prior written approval from the Bank;

  • The Business must return the scanner to the Bank in good condition upon termination of the service;

  • The Business must not attempt to repair, modify, or service the scanner without the Bank’s written consent.

The Fiserv Access Manager platform and its associated software (the “Program”) are proprietary property of Fiserv, Inc. The Business agrees not to transfer, copy, reverse-engineer, modify, or alter the Program. Technical support is provided by the Bank and Fiserv as necessary. Network connectivity required to use RDC is the Business’s responsibility.

40. Eligible Items

The Business may only use RDC to deposit items that qualify as “checks” under Federal Reserve Regulation CC, drawn on financial institutions located in the United States and payable in U.S. dollars. The following items are NOT eligible for deposit through either channel:

  • Items payable to any party other than the Business;

  • Items drawn on the Business’s own accounts or accounts on which the Business is an authorized signer;

  • Items with multiple payees;

  • Government-issued checks (unless specifically authorized by the Bank);

  • Traveler’s checks or money orders;

  • Items containing obvious alterations or that the Business knows or suspects are fraudulent;

  • Items previously converted to a substitute check under Check 21;

  • Items more than six (6) months old (stale-dated);

  • Any item the Bank determines is non-eligible in its sole discretion.

The Bank reserves the right to reject any item for any reason. If an item is rejected, the Business must deposit the item by other means.

41. Endorsement Requirements

All items deposited through RDC must be restrictively endorsed by the Business prior to capture as follows:

REQUIRED ENDORSEMENT — ALL RDC ITEMS

For Mobile Deposit Only
Bank of the Lowcountry
Authorized Signer Signature or Business Stamp with Business Name

Items that are not properly endorsed may be rejected. The Business is responsible for all items that are improperly endorsed and subsequently negotiated more than once.

42. Image Quality Standards

The Business is responsible for ensuring that all images transmitted through RDC are legible and meet the image quality standards established by ANSI, the Federal Reserve Board, and any applicable regulatory or clearinghouse requirements. The Bank reserves the right to reject any image that is unclear, skewed, incomplete, suspicious, or that does not meet applicable standards. Images rejected for quality issues must be submitted in paper form to a Bank branch and may not be re-captured.

43. Processing, Cutoff Time, and Funds Availability

The cutoff time for RDC submissions to receive same-Business-Day processing is 5:00 PM Eastern Time, through either channel. Submissions received after this cutoff will be processed on the next Business Day. Funds will become available only after the Bank has reviewed and released the deposit, subject to the Bank’s funds availability policy. The Bank reviews all deposited items — including both the front and back of each check — as part of its standard processing procedures. Confirmation that an image has been received does not guarantee that the transmission was error-free or that funds will be made available immediately. Any holds or delayed availability will be communicated to the Business.

44. Deposit Limits

RDC is subject to a single daily image deposit limit that applies in the aggregate to deposits made through both the Desktop Scanner and Mobile Deposit channels. This limit is established by the Bank based on the Business’s account history, average deposit volume, and risk profile, and is documented on the Service Profile. Deposits exceeding the authorized limit may, at the Bank’s discretion, be processed only after additional authorization from the Bank, or may be refused for electronic deposit and required to be submitted in paper form. The Bank reserves the right to modify the limit at any time.

45. Check Retention and Destruction

After receiving confirmation that an image has been received by the Bank, the Business must:

  • Mark the original check prominently as “Electronically Presented” or “VOID”;

  • Store the original check securely for a period of sixty (60) days;

  • After sixty (60) days, and after confirming that the deposited funds have been applied correctly, destroy the original check by shredding or other appropriate means;

  • Never re-deposit, re-present, re-scan, or otherwise attempt to negotiate the original check in any form.

The Business agrees to provide any retained check, or a copy of the front and back, to the Bank upon request for clearing, collection, or audit purposes. Failure to comply with check retention and destruction requirements exposes the Bank and the Business to duplicate presentment risk, and the Business accepts full liability for any losses resulting from such non-compliance.

46. Security and Access Controls

Access to RDC is secured through the Bank’s authenticated online banking environment — Fiserv Access Manager for the Desktop Scanner channel and the Business Mobile Banking application for the Mobile Deposit channel — each requiring valid online banking credentials, multi-factor authentication, and the same security procedures applicable to all other online banking services. The Business agrees to:

  • Limit access to RDC to Authorized Users designated on the Service Profile;

  • Store captured checks in a secure location until destroyed in accordance with Section 45;

  • Immediately notify the Bank of any security incident, suspected unauthorized access, or compromise of Access Credentials.

Because RDC is accessed exclusively through the Bank’s authenticated online banking environment, the Bank does not require the Business to maintain or certify separate standalone security infrastructure beyond the security obligations applicable to Business Online Banking generally under Section 2 of this Agreement.

47. Bank Monitoring of RDC Activity

The Bank reviews all items deposited through RDC as part of its standard deposit processing procedures. This item-level review constitutes continuous monitoring of the Business’s RDC activity and provides the Bank with ongoing visibility into deposit patterns, item volume, image quality, and any anomalies. The Bank may also periodically review deposit volume relative to established limits and may adjust limits or suspend access based on observed activity.

This continuous item-level monitoring, combined with the Bank’s Business Online Banking Service Profile attestation cycle — under which the Business periodically reviews and signs its current access configuration including RDC limits and authorized users — constitutes the Bank’s ongoing monitoring program for RDC, consistent with FFIEC risk management guidance for Remote Deposit Capture.

48. Return Items

If an item deposited through RDC is returned unpaid, the Bank will charge or debit the returned item to the Business’s account and provide notice. The Business authorizes this debit, accepts full responsibility for any item returned for any reason after funds have been released, and agrees to reimburse the Bank for the full amount upon demand.

49. Business Warranties

By using RDC, the Business warrants to the Bank that:

  • Only eligible items will be transmitted;

  • All images meet the applicable quality standards;

  • No item will be deposited more than once through any means or channel;

  • The original item will not be re-deposited or re-presented after capture;

  • All information provided is accurate and true;

  • The Business will comply with this Agreement and all applicable laws and regulations.

The Business agrees to indemnify and hold the Bank harmless from any loss resulting from a breach of these warranties.

50. Business Continuity

If the Business is unable to use RDC for any reason, the Business is responsible for depositing items by other means, including delivery of paper checks to a Bank branch.

51. Error Reporting

If the Business believes an error has occurred with respect to a RDC deposit, it should contact the Bank immediately at (843) 549-2265, or by writing to Bank of the Lowcountry, P.O. Box 1707, Walterboro, SC 29488.


PART VI  |  Positive Pay Services

This Part governs the Business’s use of the Bank’s Positive Pay services (“Positive Pay Services”), which include Check Positive Pay and ACH Positive Pay. Positive Pay is a fraud detection service that allows the Business to monitor and control the payment of checks and ACH debits against its accounts. This Part supplements Part I and the provisions of Part I apply in full to Positive Pay Services.

The specific Positive Pay services enrolled for the Business and the accounts to which they apply are identified on the Service Profile. Positive Pay Services require enrollment in Business Online Banking.

52. Check Positive Pay

How It Works
Check Positive Pay allows the Business to submit an “issue file” — a list of checks the Business has issued — to the Bank through the online banking platform. The Bank compares each check presented for payment against the Business’s issue file. Any check that does not match the issue file (an “exception item”) is flagged for the Business’s review and decision.

File Submission
The Business must submit an issue file to the Bank each time it issues checks. Issue files must be uploaded through the online banking platform or the Bank’s Positive Pay portal. Files must be in the format established by the Bank and must include: Account Number, Check Number, Issue Date, Transaction Amount, and Payee Name.

Exception Processing Window
The Business is responsible for reviewing and decisioning all exception items each Business Day between 7:00 AM and 10:00 AM Eastern Time. Exception items on which the Business has not submitted a pay or return decision by 10:00 AM ET will be processed in accordance with the Business’s standing default election documented on the Service Profile:

  • Pay All: Exception items will be paid by default.

  • Return All: Exception items will be returned by default.

The Business must select its default election on the Service Profile. The Business is strongly encouraged to select Return All to maximize fraud protection.

Violations
If a check is presented for immediate payment at a Bank branch (a “violation”) and does not match the issue file, a Bank representative may contact the Business for instruction. If the Bank is unable to reach an authorized contact, the item will be returned or refused.

Limitations
Check Positive Pay does not verify signatures, detect counterfeit checks where the MICR data matches the issue file, identify duplicate serial numbers, or detect missing endorsements. The Business agrees to regularly review all account statements, returned items, and transaction reports. The Bank assumes no duty to identify or return items outside the scope of the Positive Pay matching process.

53. ACH Positive Pay

How It Works
ACH Positive Pay allows the Business to monitor ACH debit entries posting to enrolled accounts and to approve or return unauthorized entries before they are finalized.

Setting Up Authorized Entities
The Business’s Administrator establishes rules within the Positive Pay system identifying authorized ACH originators, permitted Standard Entry Class codes, and maximum allowable amounts per originator. Any ACH debit entry that does not match an established rule is flagged as an exception for the Business’s review.

Exception Processing Window
The Business must review and decision ACH exception items each Business Day between 7:00 AM and 10:00 AM Eastern Time. ACH exception items not decisioned by 10:00 AM ET will be processed in accordance with the Business’s default election on the Service Profile (Pay All or Return All).

Administrator Responsibilities for ACH Positive Pay
The Administrator designated on the Service Profile has authority to grant additional users access to the ACH Positive Pay system, establish and modify authorized originator rules, set maximum transaction amounts, and manage block and filter lists. The Business accepts full responsibility for all actions taken by the Administrator and any users the Administrator authorizes.

54. Positive Pay — General Provisions

The Business acknowledges that:

  • Failure to use Positive Pay, or failure to properly maintain issue files and review exceptions, substantially increases the risk of undetected fraudulent activity;

  • If the Bank requests that the Business implement Positive Pay and the Business declines, the Business is precluded from asserting a claim against the Bank for paying any unauthorized, altered, counterfeit, or fraudulent item that Positive Pay was designed to detect;

  • The Bank is not responsible for determining the accuracy, timeliness, or completeness of information the Business provides to the Positive Pay system;

  • The Bank will have no liability for payment of any check or ACH item that was presented as an exception and paid due to the Business’s failure to timely submit a return decision;

  • The Business must fulfill its Positive Pay responsibilities on each Business Day regardless of whether the Business’s own offices are open.

55. Processing Days; Cutoff Times

All Positive Pay exception decisions must be submitted by 10:00 AM Eastern Time on the date specified. The Bank will not process exceptions on federal holidays observed by the Federal Reserve Bank. The Bank may close early on certain days (including Christmas Eve) and will provide reasonable notice via its online channels and email.

56. Security; Authorized Users

Access to the Positive Pay system is protected by the same security credentials used for Business Online Banking. The Business Administrator is responsible for managing user access to the Positive Pay system, including granting access, setting permissions, and revoking access when users are no longer authorized. All security obligations in Part I apply to the Positive Pay system. The Business agrees that the Bank’s security procedures for Positive Pay are commercially reasonable.


APPENDIX A | Online Banking Fraud Prevention Best Practices

The following best practices are provided for informational purposes to help the Business protect its accounts. These practices do not create additional legal obligations but represent minimum security hygiene the Bank strongly recommends.

Access Credentials

  • Create strong passwords using a minimum of twelve (12) characters including uppercase and lowercase letters, numbers, and special characters.

  • Change passwords regularly — at least every ninety (90) days and immediately upon any suspected compromise.

  • Never share usernames or passwords with third-party providers or service vendors.

  • Do not use the browser’s automatic password-save feature for online banking credentials.

  • Do not use account numbers, Social Security numbers, or other sensitive identifiers as part of a password.

General Access Security

  • Never access online banking from a public computer, public Wi-Fi, or unsecured network.

  • Review your account’s last login date and time every time you log in.

  • Never leave a device unattended while logged in to online banking.

  • Always log off completely after each session — do not simply close the browser.

Transaction Monitoring

  • Review account balances and transaction details daily.

  • Use account alerts to receive notification of transactions above a specified amount.

  • Review ACH and wire transaction histories regularly and report any unrecognized activity immediately.

  • For Positive Pay customers: Work exceptions every Business Day between 7:00 AM and 10:00 AM Eastern Time without exception.

Phishing, Malware, and Social Engineering

  • Never open attachments or click links in unsolicited emails claiming to be from the Bank. The Bank will never ask for your password by email.

  • If you receive a suspicious email appearing to be from the Bank, call (843) 549-2265 to verify before taking any action.

  • Install and maintain commercial-grade anti-virus and anti-malware software on all devices used for online banking.

  • Keep operating systems and applications updated with current security patches.

  • Be alert to urgent or threatening requests for wire transfers or ACH payments — contact the requestor directly using a known phone number to verify.

If You Suspect a Problem

  • Call (843) 549-2265 immediately if you suspect your credentials have been compromised or you see an unauthorized transaction.

  • Do not use email to report suspected fraud — call the Bank directly.

  • Preserve any suspicious emails, messages, or documentation for review by the Bank.