SUPERIOR MORTGAGE CORP.
PRIVACY POLICY

Mission Statement
We, at Superior Mortgage Corp. (SMC), believe that the basis of each consumer relationship is trust. When an individual(s) chooses to do business with SMC, we are obligated to honor that relationship with great care. This begins with the information that they choose to share with us. We believe that the confidentiality of non-public personal information should not be compromised.

Responsibility
SMC's Safeguard Program Officers are the Senior Manager of Information Technology and the Senior Manager of Compliance and Quality Control. They have been given the ultimate responsibility to appropriately establish and maintain this policy and related procedures. They have the responsibility to assure that adherence to this policy and related procedures are being observed on a daily basis by all employees.

Background and Overview
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act or GLB Act includes provisions to protect consumers' non-public personal financial information held by financial institutions. The "Act" states: "It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information." There are three principal parts of the privacy requirements:

• Financial Privacy Rule - Governs the collection and disclosure of consumer/customer non-public personal financial information by financial institutions. It also applies to companies whether or not they are financial institutions, who receive such information. The Federal Trade Commission is one of eight federal agencies that, along with the states, are responsible for developing a consistent regulatory framework to administer and enforce the Financial Privacy rule.
• Safeguards Rule - Enforced by the Federal Trade Commission, requires financial institutions to have a security plan to protect the confidentiality and integrity of non-public personal information. This rule implements Section 501(b) of the GLBA. Under Section 509 (3) (A) of the GLBA, SMC falls under the definition of a "financial institution" and is therefore subject to the requirements of the Safeguards Rule.
• Pretexting - The use of false pretenses, including fraudulent statements and impersonation, to obtain personal financial information.

Policy Definitions
Consumer relationship: Any individual who is seeking to obtain or has obtained a financial product or service from SMC that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. A consumer does not, however, have a continuing relationship with you if you sell the consumer's loan and do not retain the rights to service the loan.
Customer relationship: Any individual who has a continuing relationship with SMC under which we provide one or more financial products or services (to the individual) that is used primarily for personal, family, or household purposes. In the case where the financial product or service is a mortgage loan, a customer relationship only exists where we own the servicing rights.
Non-affiliated Third Party: Any company that is not an affiliate of SMC.
Non-public personal information: Information that is collected in order to provide a financial product or service. Non-public personal information does not include information that is available from public sources, such as telephone directories or government records.
Personally identifiable financial information: Any information that SMC collects about a consumer in conjunction with providing a financial product or service. This includes:

• Information provided by the consumer during the application process (e.g. name, phone number, address, income)
• Information resulting from the financial product or service transaction (e.g. payment history, loan or deposit balances, credit card purchases)
• Information from other sources about the consumer obtained in connection with providing the financial product or service (e.g. information from a consumer credit report or from court records)

Public information: Any information that we at SMC have a reasonable basis to believe is lawfully made available to the general public from Federal, State or local government records, widely distributed media, or disclosures to the general public that are required to be made by law.

Information We Collect
As part of our application process we may collect information such as name, address, telephone number, social security number, annual income, current and past employers, deposit and loan information and payment history. We may collect information from consumer reporting agencies regarding credit and payment histories. We may retain this information in our files.

Information That We May Disclose to Non-affiliated Companies Who Provide Necessary Business Functions or Services
We may share non-public personal information with certain non-affiliated companies that act as our agent to provide access to product or services that may benefit consumers or which may be required by law. These companies perform a necessary business function. These companies are required to keep confidential any information that we disclose to them. Examples of non-public personal information may be information we receive on an application such as assets, liabilities or income.

Business Relationships with Third Parties
In the course of providing quality financial services, SMC is required to provide or obtain personally identifiable information to various third parties. We will only provide this information if an Information Security Agreement is in place with that third party. A sample is contained in Section 7 of the IT Security/Safeguard Manual. This agreement requires third parties to maintain confidentiality of the information to at least the same extent that SMC. Their use of that information will be limited solely to the purpose for which it is disclosed or as otherwise permitted by law.

Exceptions
The Right to Financial Privacy Act (RFPA) established specific procedures for government authorities which seek information from a financial institution about a consumer's financial records and imposed limitation and duties on financial institution prior to release of information sought by government agencies. The Act only applies to records of an individual or a partnership of not more than five individuals. Records may be produced for an agency only in accordance with the access methods defined in the Act. These occur when:

• Served with an administrative subpoena or summons.
• Served with a search warrant.
• Served with a judicial subpoena
• Served with a formal written request.
• An appropriate written authorization is received from a consumer.

Information or records may be provided even though none of the access methods above have been used if the information is related to the commission of a crime or the violation of a statue or regulation.

Privacy Notice
Based upon the definitions of "consumer" and "customer", SMC primarily has a consumer relationship with its borrowers since most of its loans are sold "servicing released". This means we must follow the regulation of GLBA as they apply to consumer relationships. Under the regulation, we are required to give an initial "Privacy Notice Disclosure" at the time of application. Because it is not the policy of SMC to disclose or sell any non-public personal information, the section of the Privacy Notice Disclosure labeled "Privacy Non-Disclosure Notice" should be checked. This section of the disclosure best describes our policy regarding how we handle our borrowers' non-public personal information.

Risk Identification
On an annual basis, SMC will identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of information. Based on those identified, the likelihood and potential damage to those threats will be assessed, taking into consideration the sensitivity of consumer information. For those areas of exposure, the adequacy of the policies and procedures will be evaluated. On an ongoing basis, responsibility is fixed with all Department Heads, Managers, Branch Managers and/or business line managers to ensure that security measures for managing and controlling risks are in place.

Security
We restrict access to personal information to those employees who need to know that information to provide products and services to you. Employees who violate our strict confidentiality standards are subject to disciplinary action, up to and including termination of employment. We maintain physical, electronic and procedural safeguards that comply with federal standards to guard non-public personal information.

Training
On an annual basis, all employees will be required to review the Procedure Manual and supplemental training will be provided as deemed necessary. Certification Records will be maintained to evidence the scope of training. The scope of training will be coordinated through SMC's Safeguard Officers. At a minimum, training will include:

• The proper use of consumer information.
• The importance of confidentiality and consumer privacy.
• Procedures for maintaining security of consumer information.
• Recognizing, responding to, and reporting unauthorized attempts to obtain consumer information.
• Handling service provider relationships.
• Compliance to the consumer information security program.

Testing
The security procedures as outline in the SMC's Information Technology Security/Safeguard Manual will be tested on an annual basis. SMC's Safeguard Officers will ensure that controls, systems and procedures are in compliance with the required standards as indicated in Section 501(b), Safeguards Rule, of the GLBA.

© Copyright 2009 - 2010 Superior Mortgage, Inc.