Exhibit 10.1

Boyd M. Johnson III, Esq.

Wilmer Hale LLP

7 World Trade Center

New York, NY 10007

Samuel W. Seymour, Esq.

Sullivan & Cromwell LLP

125 Broad Street

New York, NY 10004

Re: U.S. Bancorp – Deferred Prosecution Agreement

Dear Messrs. Johnson and Seymour:

Pursuant to the understandings specified below, the Office of the United States Attorney for the Southern District of New York (the “Office”) and defendant U.S. Bancorp (“USB”), under authority granted by its Board of Directors in the form of a Board Resolution (a copy of which is attached hereto as Exhibit A), hereby enter into this Deferred Prosecution Agreement (the “Agreement”).

The Criminal Information

1. USB consents to the filing of a two-count Information (the “Information”) in the United States District Court for the Southern District of New York (the “Court”), charging USB with willfully failing to maintain an adequate anti-money laundering (“AML”) program, in violation of Title 31, United States Code, Sections 5318(h) and 5322(a) and (c) and Title 31, Code of Federal Regulations, Section 1020.210, and willfully failing to file a Suspicious Activity Report, in violation of Title 31, United States Code, Sections 5318(g) and 5322(a) and (c) and Title 31, Code of Federal Regulations, Section 1020.320. A copy of the Information is attached hereto as Exhibit B. This Agreement shall take effect upon its execution by both parties.

Acceptance of Responsibility

2. USB stipulates that the facts set forth in the Statement of Facts, attached hereto as Exhibit C and incorporated herein, are true and accurate, and admits, accepts and acknowledges that it is responsible under United States law for the acts of its current and former officers and employees as set forth in the Statement of Facts. Should the Office pursue the prosecution that is deferred by this Agreement, USB stipulates to the admissibility of the Statement of Facts in any proceeding including any trial and sentencing proceeding.

Boyd M. Johnson, Esq.

Samuel W. Seymour, Esq.

February 12, 2018

Payments and Forfeiture Obligation

3. As a result of the conduct described in the Information and the Statement of Facts, USB agrees to pay $528,000,000 to the United States, less the amount of any civil money penalty paid by USB to the Office of the Comptroller of the Currency (“OCC”) in connection with its concurrent settlement of the related regulatory action brought by the OCC (the “Stipulated Forfeiture Amount”), pursuant to this Agreement.

4. USB agrees that the Stipulated Forfeiture Amount represents a substitute res for funds received and/or transferred by Scott Tucker (“Tucker”) through USB or its subsidiaries in connection with the conduct described in the Statement of Facts, and is subject to civil forfeiture to the United States pursuant to 18 U.S.C. § 981(a)(1)(A) and (a)(1)(C).

5. USB further agrees that this Agreement, the Information and the Statement of Facts may be attached and incorporated into a civil forfeiture complaint (the “Civil Forfeiture Complaint”) that will be filed against the Stipulated Forfeiture Amount. By this agreement, USB expressly waives any challenge to that Civil Forfeiture Complaint and consents to the forfeiture of the Stipulated Forfeiture Amount to the United States. USB agrees that it will not file a claim with the Court or otherwise contest the civil forfeiture of the Stipulated Forfeiture Amount and will not assist a third party in asserting any claim to the Stipulated Forfeiture Amount. USB also waives all rights to service or notice of the Civil Forfeiture Complaint.

6. USB shall transfer the Stipulated Forfeiture Amount to the United States by no later than February 15, 2018 (or as otherwise directed by the Office following such date). Such payment shall be made by wire transfer to the United States Treasury, pursuant to wire instructions provided by the Office. If USB fails to timely make the payment required under this paragraph, interest (at the rate specified in Title 28, United States Code, Section 1961) shall accrue on the unpaid balance through the date of payment, unless the Office, in its sole discretion, chooses to reinstate prosecution pursuant to paragraphs 13 and 14 below. USB certifies that the funds used to pay the Stipulated Forfeiture Amount are not the subject of any lien, security agreement, or other encumbrance. Transferring encumbered funds or failing to pass clean title to these funds in any way will be considered a breach of this Agreement.

7. USB agrees that the Stipulated Forfeiture Amount shall be treated as a penalty paid to the United States government for all purposes, including all tax purposes. USB agrees that it will not claim, assert, or apply for a tax deduction or tax credit with regard to any federal, state, local, or foreign tax for any portion of the up to $528,000,000 that USB has agreed to pay to the United States pursuant to this Agreement.

Obligation to Cooperate

8. USB agrees to cooperate fully with the Office, the Internal Revenue Service (“IRS”), the OCC, the Financial Crimes Enforcement Network (“FinCEN”) and any other governmental agency designated by the Office regarding any matter relating to the conduct described in the Information or Statement of Facts, or any matter relating to the payday lending scheme perpetrated by Tucker and the companies he owned and controlled.

2

Boyd M. Johnson, Esq.

Samuel W. Seymour, Esq.

February 12, 2018

9. It is understood that USB shall (a) truthfully and completely disclose all information with respect to the activities of USB and its officers, agents, affiliates and employees concerning all matters about which the Office inquires of it, which information can be used for any purpose; (b) cooperate fully with the Office, IRS, OCC, FinCEN and any other governmental agency designated by the Office; (c) attend all meetings at which the Office requests its presence and use its reasonable best efforts to secure the attendance and truthful statements or testimony of any past or current officers, agents, or employees of USB at any meeting or interview or before the grand jury or at trial or at any other court proceeding; (d) provide to the Office upon request any document, record, or other tangible evidence relating to matters about which the Office or any designated law enforcement agency inquires of it; (e) assemble, organize, and provide in a responsive and prompt fashion, and upon request, on an expedited schedule, all documents, records, information and other evidence in USB’s possession, custody or control as may be requested by the Office, IRS, OCC, FinCEN or designated governmental agency; (f) volunteer and provide to the Office any information and documents that come to USB’s attention that may be relevant to the Office’s investigation of this matter or any issue related to the Statement of Facts, as designated by the Office; (g) provide testimony or information necessary to identify or establish the original location, authenticity, or other basis for admission into evidence of documents or physical evidence in any criminal or other proceeding as requested by the Office, IRS, OCC, FinCEN or designated governmental agency, including but not limited to information and testimony concerning the conduct set forth in the Information and Statement of Facts; (h) bring to the Office’s attention all criminal conduct by USB or any of its agents or employees acting within the scope of their employment related to violations of the federal laws of the United States, as to which USB’s Board of Directors, senior management, or United States legal and compliance personnel are aware; (i) bring to the Office’s attention any administrative, regulatory, civil or criminal proceeding or investigation of USB or any agents or employees acting within the scope of their employment relating to United States sanctions or AML laws; and (j) commit no crimes whatsoever under the federal laws of the United States subsequent to the execution of this Agreement. Nothing in this Agreement shall be construed to require USB to provide information, documents, or testimony protected by the attorney-client privilege, work product doctrine, or other applicable privileges.

10. USB agrees that its obligations pursuant to this Agreement, which shall commence upon the signing of this Agreement, will continue for two years from the date of the Court’s acceptance of this Agreement, unless otherwise extended pursuant to paragraph 15 below. USB’s obligation to cooperate is not intended to apply in the event that a prosecution against USB by this Office is pursued and not deferred.

Deferral of Prosecution

11. In consideration of USB’s entry into this Agreement and its commitment to: (a) accept and acknowledge responsibility for the conduct described in the Statement of Facts and the Information; (b) cooperate with the Office, IRS, OCC, FinCEN and any other law enforcement agency designated by this Office; (c) make the payment specified in this Agreement;

3

Boyd M. Johnson, Esq.

Samuel W. Seymour, Esq.

February 12, 2018

(d) comply with Federal criminal laws (as provided herein in paragraph 9); and (e) otherwise comply with all of the terms of this Agreement, the Office agrees that prosecution of USB on the Information be and hereby is deferred for two years from the date of the signing of this Agreement. USB shall expressly waive indictment and all rights to a speedy trial pursuant to the Sixth Amendment of the United States Constitution, Title 18, United States Code, Section 3161, Federal Rule of Criminal Procedure 48(b), and any applicable Local Rules of the United States District Court for the Southern District of New York for the period during which this Agreement is in effect.

12. It is understood that this Office cannot, and does not, agree not to prosecute USB for criminal tax violations. However, if USB fully complies with the terms of this Agreement, no testimony given or other information provided by USB (or any other information directly or indirectly derived therefrom) will be used against USB in any criminal tax prosecution. In addition, the Office agrees that, if USB is in compliance with all of its obligations under this Agreement, the Office will, within thirty (30) days after the expiration of the period of deferral (including any extensions thereof), seek dismissal with prejudice of the Information filed against USB pursuant to this Agreement. Except in the event of a violation by USB of any term of this Agreement or as otherwise provided in paragraph 13, the Office will bring no additional charges against USB or its subsidiaries, except for criminal tax violations, relating to conduct described in the Statement of Facts or otherwise disclosed to the Office during its investigation of this matter. This Agreement does not provide any protection against prosecution for any crimes except as set forth above and does not apply to any individual or entity other than USB and its subsidiaries. USB and the Office understand that the Agreement to defer prosecution of USB can only operate as intended if the Court grants a waiver of the Speedy Trial Act pursuant to 18 U.S.C. § 3161(h)(2). Should the Court decline to do so, both the Office and USB are released from any obligation imposed upon them by this Agreement, and this Agreement shall be null and void, except for the tolling provision set forth in paragraph 13.

13. It is further understood that should the Office in its sole discretion determine that USB has: (a) knowingly given false, incomplete or misleading information either during the term of this Agreement or in connection with the Office’s investigation of the conduct described in the Information and Statement of Facts, (b) committed any crime under the federal laws of the United States subsequent to the execution of this Agreement, or (c) otherwise violated any provision of this Agreement, USB shall, in the Office’s sole discretion, thereafter be subject to prosecution for any federal criminal violation, or suit for any civil cause of action, of which the Office has knowledge, including but not limited to a prosecution or civil action based on the Information, the Statement of Facts, the conduct described therein, or perjury and obstruction of justice. Any such prosecution or civil action may be premised on any information provided by or on behalf of USB to the Office, IRS, OCC or FinCEN at any time. In any such prosecution or civil action, it is understood that: (a) no charge or claim would be time-barred provided that such prosecution or civil action is brought within the applicable statute of limitations period (subject to any prior tolling agreements between the Office and USB), excluding the period from the execution of this Agreement until its termination; (b) USB agrees to toll, and exclude from any calculation of time, the running of the applicable statute of limitations for the length of this Agreement starting from the date of the execution of this Agreement and including any extension of the period of deferral of prosecution pursuant to paragraph 15 below; and (c) USB waives any objection to venue with

4

Boyd M. Johnson, Esq.

Samuel W. Seymour, Esq.

February 12, 2018

respect to any charges arising out of the conduct described in the Statement of Facts and consents to the filing of such charges in the Southern District of New York. By this Agreement, USB expressly intends to and hereby does waive its rights in the foregoing respects, including any right to make a claim premised on the statute of limitations, as well as any constitutional, statutory, or other claim concerning pre-indictment delay. Such waivers are knowing, voluntary, and in express reliance on the advice of USB’s counsel.

14. It is further agreed that in the event that the Office, in its sole discretion, determines that USB has violated any provision of this Agreement, including by failure to meet its obligations under this Agreement: (a) USB shall not object to the admissibility of all statements made or acknowledged by or on behalf of USB to the Office, IRS, OCC, or FinCEN, including but not limited to the Statement of Facts, or any testimony given by USB or by any agent of USB before a grand jury, or elsewhere, whether before or after the date of this Agreement, or any leads from such statements or testimony, in any and all criminal proceedings hereinafter brought by the Office against USB; and (b) USB shall not assert any claim under the United States Constitution, Rule 11(f) of the Federal Rules of Criminal Procedure, Rule 410 of the Federal Rules of Evidence, or any other federal rule, that statements made or acknowledged by or on behalf of USB before or after the date of this Agreement, or any leads derived therefrom, should be suppressed or otherwise excluded from evidence. It is the intent of this Agreement to waive any and all rights in the foregoing respects.

15. USB agrees that, in the event that the Office determines during the period of deferral of prosecution described in paragraph 10 above (or any extensions thereof) that USB has violated any provision of this Agreement, an extension of the period of deferral of prosecution may be imposed in the sole discretion of the Office, up to an additional one year, but in no event shall the total term of the deferral-of-prosecution period of this Agreement exceed three (3) years. Any extension of the deferral-of-prosecution period extends all terms of this Agreement for an equivalent period.

16. USB, having truthfully admitted to the facts in the Statement of Facts, agrees that it shall not, through its attorneys, agents, or employees, make any statement, in litigation or otherwise, contradicting the Statement of Facts or its representations in this Agreement. Consistent with this provision, USB may raise defenses and/or assert affirmative claims in any proceedings brought by private and/or public parties as long as doing so does not contradict the Statement of Facts or such representations. Any such contradictory statement by USB, its present or future attorneys, agents, or employees shall constitute a violation of this Agreement and USB thereafter shall be subject to prosecution as specified in paragraphs 13 through 14, above, or the deferral-of-prosecution period shall be extended pursuant to paragraph 15, above. The decision as to whether any such contradictory statement will be imputed to USB for the purpose of determining whether USB has violated this Agreement shall be within the sole discretion of the Office. Upon the Office’s notifying USB of any such contradictory statement, USB may avoid a finding of violation of this Agreement by repudiating such statement both to the recipient of such statement and to the Office within five business days after having been provided notice by the Office. USB consents to the public release by the Office, in its sole discretion, of any such repudiation. Nothing in this Agreement is meant to affect the obligation of USB or its officers, directors, agents or employees to testify truthfully in any proceeding.

5

Boyd M. Johnson, Esq.

Samuel W. Seymour, Esq.

February 12, 2018

17. USB agrees that it is within the Office’s sole discretion to choose, in the event of a violation, the remedies contained in paragraphs 13 and 14 above, or instead to choose to extend the period of deferral of prosecution pursuant to paragraph 15, provided, however, that if USB’s violation of this Agreement is limited to an untimely payment of the Stipulated Forfeiture Amount, the Office may elect instead to choose the additional financial penalties set forth in paragraph 6, above. USB understands and agrees that the exercise of the Office’s discretion under this Agreement is unreviewable by any court. Should the Office determine that USB has violated this Agreement, the Office shall provide notice to USB of that determination and provide USB with an opportunity to make a presentation to the Office to demonstrate that no violation occurred, or, to the extent applicable, that the violation should not result in the exercise of any of those remedies, including because the violation has been cured by USB.

The Bank’s BSA/AML Compliance Program

18. U.S. Bank National Association (the “Bank”) shall continue its ongoing effort to implement and maintain an adequate Bank Secrecy Act (“BSA”)/AML compliance program in accordance with the BSA, its implementing regulations, and the directives and orders of any United States regulator of the Bank, including without limitation the OCC, as set forth in the OCC’s Consent Order dated October 23, 2015. The Office acknowledges that, prior to the entry of this Agreement, the Bank has implemented and is continuing to implement significant remedial changes to its BSA/AML compliance program. It is understood that a violation of the BSA or the Consent Order arising from conduct exclusively occurring prior to the date of execution of this Agreement will not constitute a breach of USB’s obligations pursuant to this Agreement. However, there shall be no limitation on the ability of the Office to investigate or prosecute such violations and/or conduct in accordance with the applicable law and the other terms of this Agreement, including paragraph 12 hereof.

Review of the Bank’s BSA/AML Compliance Program

19. For the duration of the Agreement, USB shall provide the Office with semi- annual reports (“Semi-Annual Reports”) describing the status of the Bank’s implementation of the remedial changes to its BSA/AML compliance program required by the Consent Order. The Semi- Annual Reports shall identify any violations of the BSA that have come to the attention of the Bank’s legal and compliance personnel during this reporting period.

20. For the duration of this Agreement, the Office, as it deems necessary and upon request to USB, shall: (a) be provided by USB with access to any and all non-privileged books, records, accounts, correspondence, files, and any and all other documents or other electronic records, including e-mails, of USB and its representatives, agents, affiliates, and employees, relating to any matters described or identified in the Semi-Annual Reports; and (b) have the right to interview any officer, employee, agent, consultant, or representative of USB concerning any non- privileged matter described or identified in the Semi-Annual Reports.

6

Boyd M. Johnson, Esq.

Samuel W. Seymour, Esq.

February 12, 2018

21. It is understood that USB shall promptly notify the Office of (a) any deficiencies, failings, or matters requiring attention with respect to the Bank’s BSA/AML compliance program identified by any United States regulatory authority within 30 business days of any such regulatory notice; and (b) any steps taken or planned to be taken by USB to address the identified deficiency, failing, or matter requiring attention. The Office may, in its sole discretion, direct USB to provide other reports about its BSA/AML compliance program as warranted.

Limits of this Agreement

22. It is understood that this Agreement is binding on the Office but does not bind any other Federal agencies, any state or local law enforcement agencies, any licensing authorities, or any regulatory authorities. However, if requested by USB or its attorneys, the Office will bring to the attention of any such agencies, including but not limited to any regulators, as applicable, this Agreement, the nature and quality of USB’s cooperation, and USB’s compliance with its obligations under this Agreement.

Sale or Merger of USB

23. Except as may otherwise be agreed by the parties hereto in connection with a particular transaction, USB agrees that in the event it sells, merges, or transfers all or substantially all of its business operations as they exist as of the date of this Agreement, whether such sale is structured as a sale, asset sale, merger, or transfer, it shall include in any contract for sale, merger or transfer a provision binding the purchaser, or any successor in interest thereto, to the obligations described in this Agreement.

Public Filing

24. USB and the Office agree that, upon the submission of this Agreement (including the Statement of Facts and other attachments hereto) to the Court, this Agreement (and its attachments) shall be filed publicly in the proceedings in the United States District Court for the Southern District of New York.

25. The parties understand that this Agreement reflects the unique facts of this case and is not intended as precedent for other cases.

Execution in Counterparts

26. This Agreement may be executed in one or more counterparts, each of which shall be considered effective as an original signature. Further, all digital images of signatures shall be treated as originals for all purposes.

7

Boyd M. Johnson, Esq.

Samuel W. Seymour, Esq.

February 12, 2018

Integration Clause

27. This Agreement sets forth all the terms of the Deferred Prosecution Agreement between USB and the Office. No modifications or additions to this Agreement shall be valid unless they are in writing and signed by the Office, USB’s attorneys, and a duly authorized representative of USB.

8

Exhibit A

U.S. BANCORP

CERTIFICATE OF CORPORATE SECRETARY

I, Laura Bednarksi, do hereby certify that I am the duly elected and acting Corporte Secretary of U.S. Bancorp, a Delaware corporation. I further certify that attached hereto as Exhibit A is a true, correct and complete copy of a resolution adopted by the Company’s Board of Directors at a meeting duly called and held on February 13, 2018.

IN WITNESS WHEREOF, I have hereunto signed my name effective as of this 13th day of February, 2018.

(No corporate seal)

RESOLUTIONS OF THE

BOARD OF DIRECTORS OF

U.S. BANCORP

February 13, 2018

WHEREAS , U.S. Bancorp (the “Company”), together with its legal counsel, has been in discussions with the U.S. Attorney’s Office for the Southern District of New York (the “U.S. Attorney’s Office”) regarding the resolution of an investigation (the “DOJ Investigation”) being conducted by the U.S. Attorney’s Office regarding (i) a legacy relationship between U.S. Bank National Association (“U.S. Bank”) and payday lending businesses associated with former customer Scott Tucker and (ii) U.S. Bank’s legacy Bank Secrecy Act/anti-money laundering compliance program, including through the entry by the Company into a Deferred Prosecution Agreement with the U.S. Attorney’s Office, substantially in the form that was provided to the Board of Directors of the Company (the “Board”) on the date hereof (the “Agreement”); and

WHEREAS, the Company, together with its legal counsel, has also been in discussions with the (i) Office of the Comptroller of the Currency (the “OCC”) and the Financial Crimes Enforcement Network (“FinCEN”) regarding the resolutions of their reviews (the “OCC Review” and the “FinCEN Investigation,” respectively) of U.S. Bank’s legacy Bank Secrecy Act/anti-money laundering compliance program and (ii) the Board of Governors of the Federal Reserve System (the “Federal Reserve”) regarding the resolution of its review (the “Federal Reserve Review”) of the Company’s firmwide Bank Secrecy Act/anti-money laundering compliance program and sanctions compliance program,; and

WHEREAS, the Company’s General Counsel, James L. Chosy, together with outside counsel for the Company, have advised the Board of the terms of the Agreement and the consequences of entering into (i) the Agreement and all other settlement documentation with the U.S. Attorney’s Office, (ii) the Consent Order for a Civil Money Penalty to be issued to U.S. Bank by the OCC (the “OCC Consent Order”) and all other settlement documentation with the OCC, (iii) the Stipulation of Settlement and Order of Dismissal, Consent Judgment, and Assessment of Civil Money Penalty to be entered into by U.S. Bank and FinCEN (the “FinCEN Stipulation”) and all other settlement documentation with FinCEN and (iv) the Order to Cease and Desist and Order of Assessment of a Civil Money Penalty Issued Upon Consent Pursuant to the Federal Deposit Insurance Act, as Amended, to be entered into among the Company, USB Americas Holding Company and the Federal Reserve (the “Federal Reserve Order”) and all other settlement documentation with the Federal Reserve; and

WHEREAS , the Board has determined that it is in the best interests of the Company and U.S. Bank (i) for the Company to enter into the Agreement and for the Company and U.S. Bank, each to the extent necessary, to enter into any other settlement agreements and documents with the U.S. Attorney’s Office to resolve the DOJ Investigation, (ii) for U.S. Bank to enter into a Stipulation and Consent to the Issuance of an Order for a Civil Money Penalty (the “OCC Stipulation”) and for the Company and U.S. Bank, each to the extent necessary, to enter into any other settlement agreements and documents with the OCC to resolve the OCC Review, (iii) for U.S. Bank to enter into the FinCEN Stipulation, and for the Company and U.S. Bank, each to the extent necessary, to enter into any other settlement agreements and documents with FinCEN to

resolve the FinCEN Investigation and (iv) for the Company and USB Americas Holding Company to enter into the Federal Reserve Order and for the Company and U.S. Bank, each to the extent necessary, to enter into any other settlement agreements and documents with the Federal Reserve to resolve the Federal Reserve Investigation; and

NOW, THEREFORE BE IT RESOLVED , that the Board hereby approves the Agreement, with such changes as James L. Chosy or Andrew Cecere, President and Chief Executive Officer (each, an “Authorized Officer”) may approve, and any other settlement agreements and documents with the U.S. Attorney’s Office in connection with the DOJ Investigation and authorizes (i) the Authorized Officers and outside counsel representing the Company to execute and deliver the Agreement on behalf of the Company and for them, with such changes as the Authorized Officers and outside counsel may approve, (ii) the Authorized Officers to execute and deliver any and all other agreements and documents necessary to settle the DOJ Investigation, (iii) Michael Greenman, or any other appropriate officer of the Company, to take all actions as in his judgment shall be necessary, appropriate or advisable to carry out the intent and purpose of the Agreement and any and all other agreements and documents necessary to settle the DOJ Investigation and (iv) the Company to perform its obligations under the Agreement and any other settlement agreements and documents with the U.S. Attorney’s Office in all respects, including the payment of a money penalty totaling $528,000,000, a portion of which shall be credited for the amount of the civil money penalty paid to the OCC, for a net payment to the U.S. Attorney’s Office totaling $453,000,000; and further

RESOLVED, that the Board hereby approves the OCC Stipulation, substantially in the form provided to the Board on the date hereof, with such changes as the Authorized Officers may approve, and any other settlement agreements and documents with the OCC in connection with the OCC Review and authorizes (i) the Authorized Officers, to the extent necessary, to execute and deliver any and all agreements and documents necessary to settle the OCC Review, and (ii) U.S. Bank to perform its obligations under the OCC Consent Order, OCC Stipulation and any other settlement agreements and documents with the OCC in all respects, including the payment of the civil money penalty against U.S. Bank totaling $75,000,000; and further

RESOLVED, that the Board hereby approves the entry by the U.S. Bank into the FinCEN Stipulation, substantially in the form provided to the Board on the date hereof, with such changes as the Authorized Officers may approve, and any other settlement agreements and documents with FinCEN in connection with the FinCEN Investigation, in each case, as approved by the Authorized Officers, and authorizes (i) the Authorized Officers, to the extent necessary, to execute and deliver any and all agreements and documents necessary to settle the FinCEN Investigation and (ii) U.S. Bank to perform its obligations under the FinCEN Stipulation and any other settlement agreements and documents with FinCEN in all respects, including the payment of the civil money penalty totaling $185,000,000, a portion of which shall be credited for a portion of the money penalty paid to the U.S. Attorney’s Office, for a net payment to FinCEN totaling $70,000,000; and further

RESOLVED, that the Board hereby approves the entry by the Company into the Federal Reserve Order, with such changes as the Authorized Officers may approve, and any other settlement agreements and documents with the Federal Reserve in connection with the Federal Reserve Review, in each case, as approved by the Authorized Officers, and authorizes (i) the

Authorized Officers to execute and deliver the Federal Reserve Order and any and all other agreements and documents necessary to settle the Federal Reserve Review, (ii) the Company to perform its obligations under the Federal Reserve Order and any other settlement agreements and documents with the Federal Reserve in all respects, including the payment of the civil money penalty totaling $15,000,000; and further

RESOLVED , that the Authorized Officers and such persons as they respectively designate in writing are each authorized, in the name and on behalf of the Company and U.S. Bank, to take or cause to be taken any and all further actions, and to prepare, execute and deliver any and all further agreements, instruments, documents, certificates and filings, and to incur and pay all such fees, commissions and expenses as in the judgment of either of them shall be necessary, appropriate or advisable to carry out the intent and purpose of the foregoing resolutions; and further

RESOLVED , that the necessity, advisability and appropriateness of any action taken, any approval given or any amendment or change to any document or agreement made by any Authorized Officer pursuant to the authority granted under these resolutions shall be conclusively evidenced by the taking of any such action, or the execution, delivery or filing of any such document or agreement; and further

RESOLVED , that any and all actions heretofore taken by any Authorized Officer, or those acting at the direction of either of them, in connection with any matters referred to or contemplated by any of the foregoing resolutions are hereby approved, ratified and confirmed in all respects.

Exhibit B

COUNT ONE

(Willful Failure to Maintain an Adequate Anti-Money Laundering Program

In Violation of the Bank Secrecy Act)

The United States Attorney charges:

1. From at least in or about 2009 through in or about 2014, in the Southern District of New York and elsewhere, U.S. Bancorp (“USB”), the defendant, through its subsidiary, U.S. Bank National Association (the “Bank”), did willfully fail to establish, implement, and maintain an adequate anti-money laundering program, to wit, USB did, among other things, cap the number of alerts generated by its transaction monitoring systems based on staffing levels and resources and fail to monitor non-customer Western Union transactions at branches of the Bank, which resulted in a failure to monitor, investigate, and report substantial numbers of suspicious transactions flowing through the Bank.

(Title 31, United States Code, Sections 5318(h), 5322(a) and (c); and

Title 31, Code of Federal Regulations, Section 1020.210.)

COUNT TWO

(Willful Failure to File a Suspicious Activity Report

In Violation of the Bank Secrecy Act)

The United States Attorney further charges:

2. From in or about October 2011 through in or about November 2013, in the Southern District of New York and elsewhere, USB, the defendant, through the Bank, did willfully fail to report suspicious transactions relevant to a possible violation of law or regulations, as required by the Secretary of the Treasury, to wit, USB willfully failed to timely report suspicious banking activities of Scott Tucker, a customer, who used the Bank to launder proceeds from an illegal payday lending scheme.

(Title 31, United States Code, Sections 5318(g), 5322(a) and (c); and

Title 31, Code of Federal Regulations, Section 1020.320.)

2

Form No. USA-33s-274 (Ed. 9-25-58)

UNITED STATES DISTRICT COURT

SOUTHERN DISTRICT OF NEW YORK

UNITED STATES OF AMERICA

- v. -

U.S. BANCORP,

Defendant.

INFORMATION

18 Cr.

(18 U.S.C. §§ 5318 and 5322;

31 C.F.R. §§ 1010.210 and 1020.320)

GEOFFREY S. BERMAN

United States Attorney.

Exhibit C

INTRODUCTION

1. The following Statement of Facts is incorporated by reference as part of the deferred prosecution agreement (the “Agreement”) between the United States Attorney’s Office for the Southern District of New York (the “Office”) and U.S. Bancorp.

2. The parties agree and stipulate that the information contained in this Statement of Facts is true and accurate.

OVERVIEW

3. U.S. Bancorp is a bank holding company based in Minneapolis, Minnesota. It is listed on the New York Stock Exchange. U.S. Bancorp’s subsidiary U.S. Bank National Association (“USB” or the “Bank”) is the fifth largest bank in the United States. Headquartered in Minneapolis, Minnesota, the Bank has over 3,100 branches. Throughout the relevant time period, USB’s banking activity was predominantly retail and almost entirely domestic.

4. The Office has alleged, and U.S. Bancorp accepts, that its conduct through USB, as described herein, violated Title 31, United States Code, Sections 5318(g), 5318(h) and 5322(a)-(c) because USB willfully (i) failed to maintain an adequate anti-money laundering (“AML”) program and (ii) failed to report suspicious transactions relevant to a possible violation of law or regulations as required by the Secretary of the Treasury.

5. From at least in or about 2009, and continuing until 2014, USB willfully failed to establish, implement and maintain an adequate AML program. Among other things, USB capped the number of alerts generated by its transaction monitoring systems based on staffing levels and resources and failed to monitor non-customer Western Union transactions at branches of the Bank, which resulted in the Bank failing to monitor, investigate and report substantial numbers of suspicious transactions flowing through the Bank. The Bank’s then Chief Compliance Officer concealed the Bank’s practices from the Office of the Comptroller of the Currency (“OCC”), the Bank’s primary regulator.

6. In separate but related conduct, from at least in or about October 2011 through in or about November 2013, the Bank willfully failed to timely report suspicious banking activities of Scott Tucker, its longtime customer, despite being on notice of facts giving rise to suspicion that Tucker had used and was using the Bank to launder more than two billion dollars of proceeds from an illegal payday lending scheme.

THE BANK SECRECY ACT’S REQUIREMENTS

7. The Currency and Foreign Transactions Reporting Act of 1970 (commonly known as the Bank Secrecy Act or BSA), Title 31, United States Code, Section 5311, et seq. , requires financial institutions – including USB – to take certain steps to protect against their use to commit crimes and launder money.

8. The BSA requires financial institutions to establish and maintain adequate AML compliance programs that, at a minimum and among other things, comprise the following: (a) internal policies, procedures, and controls designed to guard against money laundering; (b) an individual or individuals to coordinate and monitor day-to-day compliance with BSA and AML requirements; (c) an ongoing employee training program; and (d) an independent audit function to test compliance programs. 31 U.S.C. § 5318(h).

9. In order to be effective, a bank’s AML compliance program must be risk-based and its systems for identifying suspicious activity must be tailored to the bank’s risk profile. To that end, management should review and test alert thresholds to ensure that they are appropriate for a bank’s risk profile and document how filtering criteria and thresholds used are appropriate for the bank’s risks. The systems’ programming methodology and effectiveness should be

2

independently validated to ensure that the models are detecting potentially suspicious activity. The bank must assign adequate staff to the identification, evaluation, and reporting of potentially suspicious activities, taking into account the bank’s overall risk profile and the volume of transactions.

10. Regulatory guidance in effect during the relevant time period provided that the cornerstone of a strong AML program is the adoption and implementation of comprehensive customer due diligence (“CDD”) policies, procedures, and processes for all customers, particularly those that present a higher risk for money laundering. Effective CDD policies, procedures and processes enable the bank to predict with relative certainty the types of transactions in which a customer is likely to engage, comply with regulatory requirements and report suspicious activity. CDD begins with verifying the customer’s identity. Accordingly, regulations in effect during the relevant time period also required that AML programs implement a Customer Identification Program (“CIP”), which must include reasonable and practicable risk-based procedures for verifying the true identity of the bank’s customers and the nature of their businesses and activities.

11. The BSA and regulations issued under the BSA in effect during the relevant time period required financial institutions to report “suspicious transaction[s] relevant to a possible violation of law or regulation.” 31 U.S.C. § 5318(g)(1); 31 C.F.R. § 1020.320(a)(1). BSA regulations provide that a transaction is reportable if it is “conducted or attempted by, at, or through the bank,” “involves or aggregates at least $5,000 in funds or other assets,” and “the bank knows, suspects, or has reason to suspect that . . . [t]he transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source,

3

location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation” or that the “transaction has no business or apparent lawful purpose.” 31 C.F.R. § 1020.320(a)(2). Financial institutions satisfy their obligation to report such a transaction by filing a suspicious activity report (“SAR”) with the Financial Crimes Enforcement Network (“FinCEN”), a part of the United States Department of the Treasury. 31 C.F.R. § 1020.320(b).

USB’S FAILURE TO MAINTAIN AN ADEQUATE AML PROGRAM

12. USB’s AML compliance department, referred to internally as Corporate AML, had primary responsibility for the Bank’s fulfilment of its obligations under the BSA. At all relevant times, Corporate AML was supervised by the Bank’s Chief Compliance Officer, who reported to the Chief Risk Officer, who in turn reported to the Chief Executive Officer. USB also had an AML Officer, who reported to the Chief Compliance Officer. In 2007, USB named as Chief Compliance Officer an attorney who had no prior AML experience at USB or elsewhere (the “CCO”). Soon thereafter, the CCO named as AML Officer a lawyer who also had no AML experience (the “AMLO”). Although he was promoted in 2010, the CCO retained oversight over the AML program until 2014.

13. For much of the relevant period, USB had only 25-30 AML investigators. Apart from investigators added as a result of acquiring other banks, USB did not increase substantially its number of investigators. As late as 2012, when USB had over $340 billion in assets, the Bank had 32 investigators. USB also failed to increase salaries of certain AML employees even after Human Resources and Compliance personnel complained to the CCO and the Chief Risk Officer that the Bank was paying its investigators below-market salaries and competitor banks were successfully poaching USB investigators. USB filled key compliance roles, including policy- making and transaction monitoring positions, with individuals who, by their own admission, lacked experience. The compliance department also requested but did not receive adequate funding for computers and other hardware needed to support monitoring systems, and was forced to delay certain upgrades of its systems until 2014, after the versions it was using had become obsolete in the industry.

4

USB’s Capping of SearchSpace Alerts

14. In April 2004, USB began using SearchSpace, a commercially available software system for monitoring transactions flowing through the Bank. The automated monitoring tools that USB ran against the data in SearchSpace were the “Security Blanket” and Queries. The Security Blanket examined transactions that fed into SearchSpace and, on a monthly basis, assigned each transaction a score to reflect the extent to which it was unusual or unexpected for the customer. The Bank began implementing Queries to complement the Security Blanket in 2005. Queries were “rules” that were run against transaction data in SearchSpace to identify indicia of potentially suspicious activity.

15. When it first began using SearchSpace, the Bank, at the recommendation of the SearchSpace vendor, configured the system so that the Security Blanket would generate a fixed number of alerts per month, rather than setting a risk-based threshold that would have generated all alerts naturally occurring at or above the score corresponding to a certain level of risk. USB configured the Security Blanket in this manner until 2013, even after its compliance professionals learned that doing so was inconsistent with industry standards.

16. Over time, even as the Bank grew in size, it reduced the number of Security Blanket alerts that it would review each month from a high of 1,500 in 2004 to 500 by 2009. Decisions to reduce the alert quota were made at “tuning committee” meetings. Minutes of Security Blanket tuning meetings were not kept, while decisions to reduce alert quotas were documented in project memoranda. The rationale in these memoranda for the alert cap reductions was typically the desire to focus investigative resources on Queries, which were more likely than the Security Blanket to detect suspicious activity.

5

17. However, USB had in place only 22 different Queries and set numerical caps on alerts arising from the six Queries that typically generated the largest volumes of alerts. The rationale for these caps was not reflected in minutes of Query Tuning meetings. For the results of several Queries targeting wire activity, the Bank adopted a “triage” process to decide which alerts to investigate. USB did not have a procedure or policy document in place to explain this process until the OCC asked about it in April 2014. Given the large number of alerts generated and the limitations on investigative resources, this “triage” approach had the practical effect of limiting the number of alerts that were investigated. For example, the wire report for June 2013 showed over 57,000 customers (some of which may be duplicates) alerted for wire activity, but less than 100 of those customers received an investigative review. For the remaining queries, which generally involved the generation of relatively few alerts, the Bank reviewed all of the alerts.

18. Contemporaneous documentation from as early as 2005 acknowledged that the limits on alerts were “increasingly based on staffing levels” and, as a result, constituted a “risk item” for the bank. Requests for additional investigator staffing were made but did not result in any meaningful increase in the number of investigators. In a December 1, 2009 memo from the AMLO to the CCO, the AMLO explained: “As you know, we have been experiencing significant increases in our SAR volumes, query effectiveness, closure recommendations and law enforcement inquiries,” but, “[i]n the face of these increases, we have held staffing relatively constant.” The memo further explained that the SAR volume for 2009 was projected to be 47% higher than for 2007, law enforcement inquiries were projected to be 123% higher, and closure recommendations were projected to be 160% higher—all with a corresponding staff level increase of only 15.6%. The AMLO noted that this mismatch would generate “increased workload and staff that already is stretched dangerously thin.” The AMLO then added:

6

The above numbers are especially distressing give[n] the fact that an increase in the number of alerts worked is imminent and necessary. On a monthly basis, Corporate AML tests a small sample of items that fall less than 10% outside the alert threshold in SearchSpace. As of October 2009, Corporate AML had tested 47 such items, 17 of which resulted in a SAR. This is a SAR filing percentage of 26%. . . . A regulator could very easily argue that this testing should lead to an increase in the number of queries worked.

Given this, the AMLO requested an opportunity to meet with the CCO to discuss staff increases. When that request went unanswered, the AMLO followed up with a similar memo on April 23, 2010. In that memo, the AMLO repeated that despite increases in SAR volumes, staffing had remained “relatively constant” and “dangerously thin,” and again requested an opportunity to meet with the CCO to discuss staff increases. Several months later, the Bank hired two additional investigators.

19. Meanwhile, in July 2010, AML employees worked to develop a database to track subpoenas, summonses, and other legal process, which, according to an AML Compliance Manager, would “help bring [the Bank] into full compliance with the OCC guidelines requiring reviews of accounts of customers for which we have received a grand jury subpoena.” Based on their analysis, these employees expected to receive 340 alerts per month, which would have covered all legal process, including grand jury subpoenas. When they presented their proposal and accompanying expectations to the AMLO, he responded, in part, that “340 new alerts is not practical to take on UNTIL the staff is there to work them.” Neither this proposal, nor a more targeted proposal to review accounts for which the Bank received a grand jury subpoena, was implemented at that time.

7

20. This problem of inadequate staffing persisted at least until 2014. In January 2013, for example, AML employees continued to discuss “AML alert volume vs. staffing levels” and, specifically, “how we move forward with the continuing gap between alert volume and our investigator workforce due to inability to get job offers approved.” At the time, the Corporate AML employee who was responsible for managing the SearchSpace system (the “Employee”) reported to the Bank’s new AML Officer, who joined USB in July 2012, that the “total number of outstanding alerts” had grown significantly since November 1, 2012.

21. Soon after the new AML Officer joined USB, he ordered that the Bank’s practice of limiting the number of Security Blanket alerts be halted. In response, in February 2013, the Bank removed the fixed limits from the Security Blanket settings but replaced them with fixed score thresholds chosen to indirectly replicate the limit of 500 alerts previously in place. The Bank then used the same score thresholds from month-to-month, and did not adjust the thresholds based on further risk-based tuning. After moving to this approach, the number of monthly alerts remained roughly constant: approximately 500 per month (ranging from 380 to 610 total alerts). Moreover, even after the new AML Officer directed that limits on Security Blanket alerts be lifted, USB maintained its alert caps on Queries until 2014.

USB’s Termination of Below-Threshold Testing Due to Lack of Resources

22. From at least 2007, the Bank conducted below-threshold testing (“BTT”) on several Queries to determine if its alert caps were causing the Bank to miss large numbers of suspicious transactions. This involved selecting a sampling of alerts occurring immediately below the alert thresholds – alerts that were not ordinarily being investigated given the thresholds that were in place – and then having investigators review them in order to determine whether the thresholds should be adjusted because suspicious activity was occurring below the threshold.

8

23. To estimate how much suspicious activity was occurring below the threshold, and therefore not being investigated, the Bank calculated the percentages of the reviewed below- threshold alerts that resulted in the filing of a SAR. The Bank’s BTT consistently yielded high ratios of SARs filed to number of alerts tested below the threshold—often well in excess of 25% — that indicated that thresholds should be lowered. In November 2011, the Employee, who was responsible for conducting BTT, informed the AMLO that, “[o]ver the past year, the SAR rates for our below threshold testing has averaged between 30% - 80% for the 4 queries where we perform the testing[,]” where a SAR rate of 80% indicates that the Bank would file SARs on four out of every five additional alerts it chose to investigate. Tuning Committee members wanted to lower the thresholds in order to increase the number of alerts being reviewed, but were unable to do so because the Bank lacked sufficient resources to investigate additional alerts.

24. Rather than increasing resources and adjusting thresholds to ensure that the appropriate volume of potentially suspicious activity was investigated, in or about April 2012, the Bank stopped conducting BTT altogether. The Employee, who was responsible for preparing minutes of tuning committee meetings, included a pretextual explanation for the Bank’s decision in the minutes: that a “majority” of the customers whose activity was identified as SAR-worthy during BTT would eventually move above the threshold and become subject to review in the ordinary course. The AML employee who developed this rationale acknowledged to the Employee that it was based on analysis of “a small sample size” that in fact reflected an eventual migration rate to above-threshold of less than 50 percent, and said nothing of the delay in reviewing those accounts that would eventually migrate. The AML employee opined, “I believe we can argue in support of my supposition that over time at least some under threshold customers will move above threshold and be investigated . . . . This could impact the empirical value and review of our current practice to sample below threshold. just sayin.”

9

25. In reality, the primary reason the Bank stopped conducting BTT was that BTT was showing high SAR rates below-the-line, which the Bank was not addressing due to resource limitations. The Employee deliberately did not include that reason in the minutes of the meeting at which BTT was terminated in part because he knew that the OCC, which could request the minutes, would disapprove, and because he wanted to protect himself and his supervisor from adverse consequences.

26. The OCC’s primary bank examiner assigned to the Bank’s AML program had repeatedly warned certain USB officials, including the AMLO, that managing the Bank’s monitoring programs to the size of its staff and other resources would get the Bank in trouble with the OCC. According to tuning committee meeting participants, they discussed the fact that the OCC did not approve of numerical limits and could bring an enforcement action against the Bank on this issue. The AMLO, in his December 1, 2009 memo to the CCO about BTT, reminded the CCO that a “regulator could very easily argue that this testing should lead to an increase in the number of queries worked.”

27. Although USB provided documentation to the OCC during reviews in 2008 and 2010 that indicated specific monthly targets for Security Blanket alerts, particular numbers of Query alerts the Bank was working and results of BTT, USB officials failed to disclose the Bank’s resource-based alert caps to the OCC, even when asked about the Bank’s alert management practices. After USB hired new Chief Compliance and AML Officers (the “New Officers”) in 2012, the CCO discouraged them from removing alert threshold limits and disclosing them to the OCC by representing to the New Officers that the OCC was fully aware of

10

the Bank’s monitoring practices and therefore had at least tacitly approved them. According to information gathered by one of the New Officers in 2014, the AMLO had previously answered questions from the OCC examiner assigned to AML without providing direct and meaningful answers. Driven in large measure by instructions from the CCO, compliance employees consistently did not volunteer information to regulators, including deficiencies with the program, except in response to specific requests. In 2013, the AMLO stated to another senior manager at USB that USB’s AML program was an effort to use “smoke and mirrors” to “pull the wool over the eyes” of the OCC.

28. In 2013, after the OCC’s chief examiner encouraged the Bank’s CEO to speak with the New Officers about the AML program, the New Officers prepared a PowerPoint presentation for the CEO that identified multiple vulnerabilities in the Bank’s AML program, and explained how those same problems had led the OCC to take action against other banks. The New Officers’ draft presentation explicitly referred to various problems with the Bank’s AML program, including, among other things, “[m]anipulation of system output through use of alert caps on both profiling and query detection methods” that could “potentially result in missed Suspicious Activity Reports” and “[p]otential regulatory action resulting in fines, consent order, and significant historical review of transactions.” The CCO reviewed the draft and removed references to alert caps from the presentation, added positive information about the Bank’s AML program, and otherwise altered the deck to present a more favorable image of the Bank’s AML program.

11

29. USB also failed to have SearchSpace independently validated in accordance with regulatory guidance, which the OCC recommended to USB as early as 2008. The Bank completed a validation after that recommendation and prior to the OCC’s review of SearchSpace in 2010, but the OCC informed the Bank that its validation was not performed independently and expressly recommended that the Bank complete an independent validation. In lieu of independent validation, as late as 2013, the Employee, who was responsible for managing the SearchSpace system, prepared a “biannual SearchSpace Model validation” and asked another Bank employee to review it and acknowledge having done so, while assuring him that he was “not making any representation that you are validating anything.” The Employee acknowledged that the regulator “could (and probably will at some point), force us to hire outside auditors to perform a more robust independent validation/review” but stated that “this would cost tens of thousands . . . minimum. Until we are forced to go there . . . you are sufficient.” The Bank justified its failure to conduct an independent validation to the OCC by claiming that it was planning an upgrade of its transaction monitoring system from SearchSpace to a more advanced program. In reality, that upgrade did not occur until 2014.

USB’S Failure To Monitor Western Union Transactions

30. In May 2009, USB began offering both customers and non-customers the ability to conduct Western Union (“WU”) currency transactions at USB branches. In 2012, the Bank handled 1.1 million WU transactions totaling $582 million, approximately half of which were from non-customers. As the company recognized in internal documents, the WU money transfer was one of the highest risk products that the Bank offered. According to an internal summary of WU transactions in 2013, over 40 per cent of the total number of WU wires flowing through the Bank and over 50 per cent of the total wire amounts involved countries on the Bank’s Primary or Secondary High-Risk Country lists, including Nigeria, Pakistan, Colombia, Afghanistan and Lebanon.

12

31. At the beginning of its relationship with WU, no one at the Bank performed an initial risk assessment or systematically reviewed the total suspicious activity involving WU transactions to determine if WU itself was a higher-risk customer. The Bank’s contract with WU required WU to have an AML program in place to detect and report suspicious activity, but USB employees, including the CCO and AMLO, were aware that, under applicable regulatory guidance, the Bank’s AML requirements applied to WU transactions conducted at Bank branches. They also knew that WU transactions not processed through an account of the Bank (that is, WU transactions involving non-customers of the Bank) would not be monitored in SearchSpace. Nonetheless, USB went forward with processing WU transactions involving non- customers even though they would not be subject to transaction monitoring.

32. When Bank employees flagged transactions involving non-customers by filling out Internal Referral Forms (“IRFs”), IRFs raising fraud concerns were investigated by the Corporate Security department but IRFs raising AML-related concerns went uninvestigated. In a December 2011 internal email, an employee in Corporate Security stated that “[a]ccording to the OCC, regardless if they are a customer or not, if we (US Bank) are notified of the suspicious activity, we are liable if we do not file a SAR if it is required . . . .” Thereafter, AML-related IRFs were forwarded to Corporate AML for investigation, but Corporate AML did not begin to investigate these IRFs until June 2013.

33. In mid-2012, Corporate AML became aware of a criminal investigation of WU. In or about June 2012, the Bank began to take steps to address gaps in its monitoring of WU transactions, but the steps were limited. In December 2012, the new AML Officer emailed the CCO with concerns about WU monitoring. In response, the CCO dismissed the new AML Officer’s concerns and chastised him for recording them in an email. During 2013, the Bank

13

filed approximately seven SARs per month on WU activity but failed to increase its reviews due to staffing issues. Finally, on July 1, 2014, the Bank implemented a policy requiring that all WU transactions conducted at Bank locations be done through an account of a Bank customer—a policy that foreclosed Bank processing of WU transactions by non-customers.

OCC Investigation And Consent Order

34. In or around February 2014, the OCC’s then-new examiner responsible for the Bank’s AML program, who had previously worked at the Bank, found evidence that the Bank was restricting the volume of alerts that it was investigating and began to question the Bank’s alert management processes. For several months following these initial inquiries, certain USB personnel who were aware of the Bank’s resource-driven alert management practices, including the CCO, did not fully disclose them to OCC personnel. Eventually, the new AMLO elevated his concerns to USB’s newly-appointed Chief Risk Officer (the “CRO”), informing him that, contrary to what he had previously been led by the CCO to believe, the OCC had not been aware of the Bank’s alert management practices. Meanwhile, after growing frustrated with their ability to get straight answers to their questions from Bank personnel, particularly the CCO, the OCC elevated its concerns to the new CRO.

35. In or about June 2014, the CRO caused the Bank to retain outside counsel to conduct an internal review of the Bank’s alert management practices and monitoring of Western Union transactions. The CCO was removed from having oversight over Corporate AML and offered a lesser position but left the Bank. The AMLO, who had been replaced by the new AMLO in 2012, left the Bank in 2014. The Employee was terminated in 2015.

36. In November 2014, outside counsel reported the results of the review to the OCC. In October 2015, the Bank entered into a consent order with the OCC based on various deficiencies in its AML compliance program, including gaps in suspicious activity monitoring, insufficient staffing and inadequate monitoring of Western Union transactions.

14

37. Pursuant to the consent order, the Bank performed a look-back analysis to assess the impact of the Bank’s deficient monitoring practices. Specifically, the Bank reanalyzed transactions that occurred during the six months prior to taking steps to remedy these practices, including removing fixed limits on Security Blanket alerts, lifting caps on and expanding coverage of various Queries, and excluding non-customers from WU. The look-back analysis resulted in the generation of an additional 24,179 alerts and the filing of 2,121 SARs. The value of the transactions reported in these SARs was $719,465,772.

38. Since 2015, USB has replaced Corporate AML with a new department called Enterprise Financial Crimes Compliance and spent more than $200 million in enhancements to its AML program, including software, technology and increased staffing. USB replaced SearchSpace with a new transaction monitoring program and developed and deployed a new transaction monitoring strategy. The Bank increased its AML and related compliance staff by 156% and now employs 540 fulltime employees, including 228 AML individuals whose responsibilities include investigating suspicious activity alerts.

USB’s FAILURE TO TIMELY FILE SUSPICIOUS ACTIVITY REPORTS RELATING TO SCOTT TUCKER

39. On October 13, 2017, Scott Tucker (“Tucker”) and his attorney, Timothy Muir, were convicted in the United District Court for the Southern District of New York of racketeering, wire fraud and money laundering for their roles in perpetrating a massive payday lending scheme. From in or about the late 1990s through in or about 2013, through various companies that he owned and controlled (the “Tucker Payday Lenders”), Tucker extended short- term, high-interest, unsecured loans, commonly referred to as “payday loans,” to individuals in

15

New York and around the country at interest rates as high as 700 percent or more and in violation of the usury laws of numerous states, including New York. Tucker sought to evade applicable laws by entering into a series of sham relationships with certain Native American tribes (the “Tribes”) in which he assigned nominal ownership of his payday lending companies to certain corporations created under the laws of the Tribes (the “Tribal Companies”) in order to conceal his ownership and control of the Tucker Payday Lenders and gain the protection of tribal sovereign immunity—a legal doctrine that generally prevents states from enforcing their laws against Native American tribes. On February 10, 2016, the Office entered into a nonprosecution agreement with certain Tribal Companies pursuant to which the Tribal Companies agreed to forfeit $48 million in criminal proceeds from the Tucker Payday Lenders.

40. Tucker began banking with institutions later acquired by USB in September 1997, and continued to open new accounts with USB through 2013. Tucker opened and maintained numerous operating accounts in the names of the Tribal Companies as well as accounts in the names of other companies that he owned and controlled. For the vast majority of payday loan transactions with individual borrowers, the Tucker Payday Lenders relied on payment processors, which utilized banks other than USB to serve as the Originating Depository Financial Institution (“ODFI”) to credit and debit the borrowers’ bank accounts. The Tucker Payday Lenders used operating accounts at USB to send daily wire transfers to, and receive daily wire transfers from, these payment processors for these transactions. Operating accounts at USB were also used to pay other expenses of the business, including lead generation and advertising expenses. Given the size of the payday loan business, these accounts fell under the administration of the Bank’s Middle Market Commercial Banking group. From 2008 through 2012, the Tucker Payday Lenders extended approximately 5 million loans to customers across the country, while generating more than $2 billion dollars in revenues and hundreds of millions of dollars in profits. Most of this money flowed through accounts that Tucker had opened at USB.

16

41. From 2002 until 2010, the Bank’s relationship with Tucker and the accounts he opened was managed by a relationship manager based in the Kansas City area (the “RM”). USB’s policies provided, consistent with applicable regulations, that whenever it opened an account for a new customer, including “the first time a TIN is entered on an application system[,]” commercial bankers were required to “[i]nterview the customer to fully understand the nature of the client’s ownership, business and sources of income” and “[u]nderstand the types of activities that will be transacted with the Bank and the client’s ‘normal’ transaction patterns, especially related to cash activity, wire transfers and foreign or offshore transactions.”

42. Although most of the new accounts Tucker opened were in the names of entities with TINs as yet unassociated with any existing account at the Bank, the Bank made little effort to understand the activities of these entities or their ownership, or to conduct meaningful due diligence on Tucker or his payday lending business. Several bank employees involved in the Tucker accounts, including the RM, did not accurately understand which customer entities were (nominally) owned by the Tribes and which were owned by Tucker and/or his brother, who was Tucker’s sometime business associate, and were not aware of the positions that Tucker and/or his brother held within the Tribal Companies, if any.

43. Consistent with the Bank’s CDD policies and as reflected in contemporaneous internal records, the Bank recognized that the accounts Tucker opened in the names of Tribal Companies to facilitate his payday lending business were high risk, and should therefore be subjected to enhanced due diligence. This involved periodic examination of the activity in the accounts to see if it was consistent with expected activity for a payday lender, periodic site visits to ensure the business did what it purported to do, and periodic questionnaires directed at the subject entities.

17

44. Information obtained by USB in conducting this due diligence included indications suggesting that Tucker was using the Tribes to conceal his ownership and control of the Tucker Payday Lenders. For site visits, Bank employees traveled to Tucker’s offices in Overland Park, Kansas, even though the purported customers’ addresses—and the only ones listed on the site visit verification forms and questionnaires directed at the Tribal Companies— were those of the Tribes. Although the questionnaires called for disclosure of all addresses and officers of the businesses, USB repeatedly accepted completed questionnaires that omitted Tucker and the Overland Park address and listed instead a single tribal official whom no Bank employee had met—let alone interviewed—and an address that no Bank employee had visited.

45. Some of the documentation that USB accepted as supposed verification that the Tribes were bona fide owners of the Tribal Companies contained indicators that suggested they were not. Tucker opened accounts in the names of numerous different Tribes, including in some cases accounts for multiple Tribes for the same Tucker Payday Lender. The Bank relied in part on Articles of Incorporation and AML policies provided by Tucker and his employees that were ostensibly from different Tribes but that were identical to each other except for the name of the Tribe, as well as business license certificates ostensibly from different Tribes that bore identical fonts, language, and slogans. The Bank also accepted Special Powers of Attorney executed by tribal officials that granted Tucker and certain of his preexisting corporate entities the authority to open and maintain bank accounts on behalf of the Tribal Companies. In approximately the same timeframe, Tucker provided the Bank with multiple signed Corporate Certificate of

18

Authority documents, the Bank’s rough equivalent of signature cards, in which Tucker falsely claimed that he was a Secretary of certain of the Tribal Companies and, on that basis, was an authorized signer of nominally tribal accounts at the Bank. The Bank’s diligence procedures did not detect these false statements. No Bank employee ever asked to speak with any of the tribal officials who, according to the CIP/KYC paperwork the Bank routinely accepted from Tucker, purportedly controlled the funds in the Tribal Companies’ accounts.

46. USB employees responsible for servicing Tucker’s ongoing account activity were also aware of red flags that Tucker was using the Tribes to conceal his ownership and control of the accounts. The Bank’s sole points of contact for all the accounts, including the accounts for the Tribal Companies, were some combination of Tucker, his brother, and/or one of their employees in Overland Park, Kansas. In one email from Tucker to the RM, Tucker stated that he was “sensitive” about revealing financial information about himself, as Tucker and the RM had “discussed numerous times.” None of the Bank employees had any dealings with any of the tribal officials whose names appeared on some of the account documentation, and, from time to time, heeded Tucker’s requests to close accounts purportedly held by Tribal Companies without consulting the tribal officials supposedly associated with those businesses. Tucker also requested that all bank statements for the Tribal Companies’ accounts be “held somewhere locally” and/or have a “specific mail address for all account statements to be mailed to that is different than listed on the account.” One Bank employee recalled Tucker’s brother requesting on two or three occasions that accounts be opened in time to receive incoming wires of less than $10,000 the following day. When that employee raised her concerns about the Tuckers to her supervisors, she was told that the Tuckers were “okay guys” and her concerns were dismissed.

19

47. Tucker spent large sums of money from the Tribal Companies’ accounts on personal items, including tens of millions of dollars on a vacation home in Aspen and the expenses of Tucker’s professional Ferrari racing team, which the RM was familiar with in part because he attended at least one race as Tucker’s guest. In some instances, Tucker concealed the source of funds by routing payments for these personal expenses, including vehicles, from Tribal Companies’ accounts through other USB accounts he owned and controlled before he made final payment to the vendor. Checks for many of the personal expenses were signed using a stamp with the signature of the nominal CEO of certain of the Tribal Companies. In some instances, USB officials were notified of the payments in advance so that they could ensure that they were processed. For example, in 2009, the RM wrote a reference letter on Tucker’s behalf to help Tucker purchase the Aspen home. In March 2010, Tucker gave the RM advance notice of a $10 million wire from a bank account nominally belonging to a Tribal Company to Tucker’s former business partner towards a settlement of a lawsuit brought against Tucker by the business partner. In September 2010, the RM and another Bank employee assisted the Tuckers with an additional $5 million wire from the same account for the same purpose.

48. During the relevant period, the Bank received subpoenas for bank records from regulators, including the FTC, that had taken or were contemplating enforcement actions against Tucker’s businesses. In or about February 2009, the Bank received a subpoena from the State of California. As discussed in court papers received by the Bank, the State served the subpoena to explore its allegation that Tucker’s relationship with the Tribes was a sham. Following receipt of the subpoena, the RM met with Tucker and his lawyers to discuss the case and Tucker’s motion to quash the subpoena. Per the Bank’s practice, it did not provide documents in response to the subpoena while Tucker’s motion to quash was pending. When the California court granted the

20

motion to quash, the RM emailed Tucker to congratulate him. Later, when the States obtained Bank records from the FTC, Bank employees assisted Tucker’s lawyers, who were challenging how the States had obtained the records. The receipt of these subpoenas from state and federal regulators and related events did not prompt any investigation by the Bank’s AML department.

49. When the RM wrote reference letters for Tucker, including a letter to help Tucker purchase the vacation home discussed above, he claimed that “Tucker and his companies,” as of May 1, 2009, “carried in excess of a Mid-Eight Figure average daily collected balance” at the Bank—a ballpark figure that necessarily counted funds in accounts purportedly belonging to the Tribal Companies. In February 2011, the RM became aware of a Wall Street Journal article about various payday lenders, including Tucker, who used tribes. The article questioned the legitimacy of these tribal relationships, and quoted one of the officials from a Tribe associated with Tucker saying, when asked where the operation was located, that it was “somewhere in Kansas.” The RM emailed the article to Tucker because the RM was “interested in getting your feedback in the event we have people within the bank that ask about it.”

50. Throughout the relevant period, Tucker was one of the top two customers in the Bank’s Kansas City market, and Bank employees actively pursued and received additional business from him relating to his other business ventures. The Kansas City market brought in approximately $20-$30 million in profit in 2011, and Tucker’s accounts comprised 10 percent of that amount. Bank officials described Tucker as the “largest [Treasury Management] customer in the K.C. market” and detailed efforts to “deepen” its relationship with him. In one email in 2007, the RM thanked Tucker for “always giv[ing] [the Bank] an opportunity to be the first to look at anything you are involved in.” And throughout the relevant time period, Tucker opened additional accounts and utilized the Bank’s services for other opportunities.

21

51. In April 2011, an account associated with Tucker’s brother alerted in SearchSpace for a series of cash withdrawals and an AML analyst (the “Analyst”) conducted a review of account activity. The Analyst found that, during the approximately three months surrounding the alert, the account had received checks from one company owned by the brother, a $400,000 distribution payment from another company owned by the brother, and a series of $50,000 payments from the accounts of the Tucker Payday Lenders. During the same period, the Analyst found 17 withdrawals ranging from $1,072.35 to $250,000.00, with the latter being a transfer withdrawal to one of Tucker’s brother’s companies’ accounts.

52. On May 27, 2011, the Analyst requested a Customer Transaction Assessment (“CTA”), seeking additional information about these transactions. A CTA involves sending a form to the banker with a series of questions. The form notes that further explanation is required “to understand transactions which may appear to be suspicious or ‘high-risk’ for money laundering and is needed to fulfill [the Bank’s] regulatory responsibility to document our customer’s transaction activity based on Know Your Customer requirements and normal and expected account activity.” The Analyst’s CTA summarized the alerted transactions and other activity and asked specific questions about the customer’s business. It also asked specific questions about the purpose of particular transactions that had been identified. The Analyst sent the CTA to the branch associated with the account and set a deadline of June 2, 2011.

53. No one from the branch responded within the requested timeframe, and on the due date, an automated reminder was sent noting that a response was due. A branch employee responded by email the same day that, although he understood his response was overdue, he “really wanted to look into the relationship a bit more before I contacted this client.” The employee further stated that the account that a “majority of the funds were transferred to is a

22

business account with over $2.5 million in it currently and had an avg balance of over $500K last year. I believe that the activity on his personal account was actually for the business, hence the reason most of the funds were transferred directly into that account.” The employee expressed that he was “hesitant to contact this customer due to the valuable relationship and I would hate to risk it.” The branch employee requested the Analyst’s guidance on how to proceed.

54. On June 6, 2011, the Analyst transferred the CTA to the Wholesale Banking and Commercial Relationship division. Prior to receiving a response, and with the 30-day deadline approaching, the Analyst closed the alert without filing a SAR. On June 7, 2011, the CTA was directed to the RM, who responded the same day. The RM stated that “[w]e can find out the answers to some of the questions if you want us to contact [the Tuckers] directly” while also repeatedly citing the Bank’s lengthy business relationship with the Tuckers, offering basic information about the nature of the Tuckers’ businesses, and claiming that the entirety of the Bank’s relationship with Tucker and his brother was “track[ed]” in “the AML group.” The RM did not provide any explanation for the cash transactions that had generated the alert, and neither Tucker was contacted for this information.

55. In September 2011, the Center for Public Integrity published a two-part report examining Tucker’s history, business practices, and his relationship with the Tribes, and CBS News broadcast an investigative report on Tucker. The report described evidence that the Tribes’ relationship to the Tucker Payday Lenders was a sham, explained Tucker’s use of shell companies, including many of the companies that had had accounts at the Bank for years, and suggested that Tucker’s companies (and possibly Tucker himself) had filed an affidavit with a forged signature in an enforcement action brought by a state regulator. The report also recounted negative information about Tucker’s personal history, including allegations that he had made false statements in a bankruptcy and had prior federal criminal convictions, including for an investment fraud scheme in which he had falsely held himself out as a representative of an investment bank.

23

56. Following the publication of these reports, the RM prepared a memorandum entitled “Situation Overview-Scott Tucker” and sent it to the Kansas City market president and an employee in Wholesale Banking Risk Management (“WBRM”) who assessed AML risk. In the memorandum, the RM stated that the reports, to which he provided links, provided a “better understanding of some of the legal issues around the industry but also brought to light some additional information that we were previously unaware of about Scott Tucker” including “[m]ost concerning[,] . . . a federal conviction approximately 20 years ago in which he was sentenced to a year in prison; also, he filed for bankruptcy in 1997.” The RM further noted:

This is a very large TM [Treasury Management] and Deposit relationship in the bank and because of the industry is also considered a high risk for AML purposes . . . . However even with the added due diligence from AML and the Patriot Act, we still did not have any knowledge of the issues surrounding Scott personally. In light of these articles and the fact that one of them references US Bank (relating to a signature card), we have requested a meeting as soon as possible to discuss next steps.

The RM also proposed a series of discussion topics, including whether it was the “recommendation of the [business] line that we exit this relationship, assuming the findings are accurate.”

57. Shortly thereafter, the WBRM employee, who had been working with the RM to prepare information about the Tucker relationship for management, made a “Request for Investigation support” to Corporate AML. The WBRM employee stated that “[o]ne of our very large Payday lending key principals has been the key topic of a rather negative investigative news article this week (I Watch News/CBS News).” Attaching the “Situation Overview-Scott Tucker” and pasting a link to the article, the employee explained that the article goes “into the

24

specifics on a Scott Tucker” including “a criminal record that we want/need some validation” and a claim that “he has pleaded guilty to charges in Federal court and served time in Leavenworth . . . in 1991.” The employee further noted that this “involves Payday lending that is utilizing the cloak of Indian Tribal sovereign immunity.”

58. Corporate AML assigned an AML investigator, whose job responsibilities included the filing of SARs, to the matter. The investigator reported his findings in an email that was forwarded to the WBRM employee and multiple Corporate AML employees, including senior investigators. The investigator wrote that “it looks as though Mr. Tucker is quite the slippery individual” who “really does hide behind a bunch of shell companies.” The investigator reported finding a former federal inmate named Scott A. Tucker who was “probably our guy” as well as “some old IRS liens for Mr. Tucker dating from 1991 and totaling about $150K” that were “released by 2001.” The investigator noted that the Bank had “accounts for [Tucker’s] wife” including a “personal Trust account (of course), a business account (SLK Services Inc) and an individual account.” The investigator reported reading that Tucker “likes to put things in his wife’s Trust’s name (including some real estate)” and she “receives some periodic distributions from Black Creek Capital Corp [one of Tucker’s wholly owned entities with an account at the Bank] in Henderson, NV which she moves to her Trust account and moves it on out from there.”

59. The investigator also provided some information on Tucker’s account activity. Regarding an account for one of Tucker’s companies, the investigator noted that the money “comes in via large batches (list post totals) and goes out via checks and wires to mostly other apparently related accounts/businesses”—including one entity with a “very recently opened account and the only apparent purpose it apparently serves is to move money from” the account for Tucker’s company to an account at another bank that the investigator hypothesized was

25

likewise controlled by Tucker. Finally, the investigator noted that Tucker is “fond of racing” and “sponsors (and drives for) a team called Level 5 Motorsports,” which also had accounts at the Bank. The investigator noted that “one of his payday lending accounts wrote $940K worth of checks to Level 5 just since June. Every time he moves money out of [one of the Tribal Companies’] account[s] to another bank, he also writes a check to Level 5.”

60. Based on these findings, the investigator concluded that Tucker “looks quite interesting” and was “probably a customer worth deeper investigation.” The investigator stated that his first impression was that Tucker “could be less than honorable” and reiterated that he “controls quite a few large DDA accounts (holding tens of millions of dollars in each of them)” and “[j]udging from all the movement of money I found in just this preliminary glance he will be a difficult one to follow.”

61. The Bank convened a working group to address the issues raised. After considering terminating its relationship with Tucker entirely, on October 11, 2011, the Bank decided to close the accounts in the names of the Tribal Companies—based on a concern for “reputational risk” to the Bank. The Tribal Companies’ accounts, which accounted for the large majority of Treasury Management fees that USB received from the Tucker relationship, were closed on April 4, 2012, after Tucker found a new institution to house the subject accounts’ funds. The Bank kept open Tucker’s other accounts, including accounts for his other companies. USB also failed to file a SAR reflecting anything that it learned and conducted no historical review of the Tucker-controlled accounts’ activity to determine whether it supported the assertions offered in the public news reports or its own investigator’s initial review.

26

62. In April 2012, the Federal Trade Commission (“FTC”) filed suit in U.S. District Court in the District of Nevada against Tucker, various Tribal Companies, and several other companies and individuals associated with Tucker. The lawsuit, which did not name the Bank as a party, alleged that the defendants violated federal law by, among other things, engaging in deceptive acts and practices in the marketing and offering of payday loans and deceptive collection practices in violation of the Federal Trade Commission Act, failing to properly disclose certain loan information in violation of the Truth in Lending Act and illegally conditioning the extension of credit on the preauthorization of recurring loans in violation of the Electronic Fund Transfer Act. The Bank failed to file a SAR after the FTC brought this action, which ultimately resulted in one of the Tribal Companies agreeing to pay $21 million and forgive customer debt, and the court granting summary judgment against Tucker and imposing a $1.26 billion judgment against him.

63. At these times, the Bank’s policies provided that the Bank “must file a Suspicious Activity Report with FinCEN if the Bank ‘knows, suspects or has reason to suspect’ that a transaction, pattern o[f] transactions, or attempted transaction by, through, or to the financial institution involves: possible violations of a law or regulation; money laundering or BSA violations, including structuring transactions to avoid a BSA record keeping or reporting requirement; transactions that have no business or apparent lawful purpose that are unusual for the customer where there is no reasonable explanation; or the use of legal proceeds to facilitate criminal activity (e.g., terrorism).” The Bank’s Bank Secrecy Act and Anti-Money Laundering Compliance Policy and Program in effect at the time (July 18, 2011) similarly recognized that all banks are required to file a SAR “when they know, suspect or have reason to suspect that there has been a transaction or attempted transaction involving money laundering, BSA violations, violations of law or regulations, the facilitation of criminal activity, or other suspicious activity.”

27

64. After deciding to terminate its relationship with the Tribal Companies’ accounts but retain Tucker as a client, the Bank opened numerous additional accounts for Tucker and his wholly-owned businesses. In opening these accounts, the Bank took no steps to ensure that money from the kind of activity that led the Bank to close the Tribal Companies’ accounts would not continue to flow through the Bank. When opening the new accounts, the Bank failed to conduct meaningful due diligence. For example, in February 2013, the Bank opened accounts for two new Tucker-controlled entities. The only information USB received about the entities was that they were “Software Development” and “Management Services” companies owned and controlled by Tucker, as well as Articles of Incorporation listing, rather than Tucker, “Agent Services, Inc.” as the Registered Agent and Managing Member.

65. In November 2013, the Office first served the Bank with a subpoena for Tucker- related accounts. Following receipt of this subpoena, the Bank engaged in an internal discussion concerning the remaining Tucker accounts and decided to discontinue the Bank’s relationship with Tucker entirely.

66. On November 26, 2013, the Bank also filed its first SAR relating to Tucker- controlled accounts. In preparing the SAR, the Bank found that the sources of funding for the Tucker accounts still maintained by USB were “increasingly questionable income sources through payday loan businesses” that were “under investigation by the FTC.” In only the year prior to this observation, the Bank found that the accounts had received “over $176,000,000.00 in domestic wire transfer, check or electronic deposits” and that a “large amount of funding to their accounts continues to be derived from their former payday loan businesses[.]”

28

67. The Government’s investigation revealed that USB allowed Tucker to transfer approximately $230 million in proceeds of his criminal scheme into the Bank after deciding to close the accounts in the names of the Tribal Companies in October 2011.

29

STIPULATION AND CONSENT TO THE ISSUANCE

OF AN ORDER FOR A CIVIL MONEY PENALTY

WHEREAS , the Comptroller of the Currency of the United States of America (“Comptroller”), based upon information derived from the exercise of his regulatory and supervisory responsibilities, intends to initiate a civil money penalty proceeding against U.S. Bank National Association, Cincinnati, OH (“Bank”), pursuant to 12 U.S.C. § 1818(i), for the Bank’s violations of 12 U.S.C. § 1818(s) and its implementing regulation, 12 C.F.R. § 21.21, 12 C.F.R. § 21.11, and 31 U.S.C. § 5318(i) and its implementing regulation, 31 C.F.R. § 1010.610;

WHEREAS , in the interest of cooperation and to avoid additional costs associated with administrative and judicial proceedings with respect to the above matter, the Bank, through its duly elected and acting Board of Directors (“Board”), has agreed to execute this Stipulation and Consent to the Issuance of a Civil Money Penalty (“Stipulation”), that is accepted by the Comptroller, through his duly authorized representative;

NOW, THEREFORE , in consideration of the above premises, it is stipulated by the Bank that:

ARTICLE I

JURISDICTION

(1) The Bank is a national banking association chartered and examined by the Comptroller pursuant to the National Bank Act of 1864, as amended, 12 U.S.C. § 1 et seq .

(2) The Comptroller is “the appropriate Federal banking agency” regarding the Bank pursuant to 12 U.S.C. §§ 1813(q) and
1818(i).

(3) The Bank is an “insured depository institution” within the meaning of 12 U.S.C. § 1818(i).

ARTICLE II

CONSENT

(1) The Bank, without admitting or denying any wrongdoing, consents and agrees to issuance of the accompanying Consent Order for a Civil Money Penalty (“Consent Order”) by the Comptroller.

(2) The terms and provisions of the Consent Order apply to the Bank and all of its subsidiaries, even though those subsidiaries are not named as parties to the Consent Order.

(3) The Bank consents and agrees that the Consent Order shall be deemed an “order issued with the consent of the depository institution” pursuant to 12 U.S.C. § 1818(h)(2), and consents and agrees that the Consent Order shall become effective upon its execution by the Comptroller through his authorized representative, and shall be fully enforceable by the Comptroller pursuant to 12 U.S.C. § 1818(i).

(4) Notwithstanding the absence of mutuality of obligation, or of consideration, or of a contract, the Comptroller may enforce any of the commitments or obligations herein undertaken by the Bank under his supervisory powers, including 12 U.S.C. § 1818(i), and not as a matter of contract law. The Bank expressly acknowledges that neither the Bank nor the Comptroller has any intention to enter into a contract.

2

(5) The Bank declares that no separate promise or inducement of any kind has been made by the Comptroller, or by his agents or employees, to cause or induce the Bank to consent to the issuance of the Consent Order and/or execute this Stipulation.

(6) The Bank expressly acknowledges that no officer or employee of the Comptroller has statutory or other authority to bind the United States, the United States Treasury Department, the Comptroller, or any other federal bank regulatory agency or entity, or any officer or employee of any of those entities to a contract affecting the Comptroller’s exercise of his supervisory responsibilities.

(7) The Consent Order constitutes a settlement of the civil money penalty proceeding against the Bank contemplated by the Comptroller, based on the practices and violations described in the Comptroller’s Findings set forth in Article I of the Consent Order. The Comptroller releases and discharges the Bank from all potential liability for a civil money penalty that has been or might have been asserted by the Comptroller based on the practices and violations described in Article I of the Consent Order, to the extent known to the Comptroller as of the effective date of the Consent Order. Nothing in this Stipulation or the Consent Order, however, shall prevent the Comptroller from:

3

Further, nothing in this Stipulation or the Consent Order shall affect any right of the Comptroller to determine and ensure compliance with the terms and provisions of this Stipulation or the Consent Order.

ARTICLE III

WAIVERS

(1) The Bank, by executing this Stipulation and consenting to the Consent Order, waives:

4

ARTICLE IV

CLOSING

(1) The provisions of this Stipulation and the Consent Order shall not inhibit, estop, bar, or otherwise prevent the Comptroller from taking any other action affecting the Bank if, at any time, he deems it appropriate to do so to fulfill the responsibilities placed upon him by the several laws of the United States of America.

5

(2) Nothing in this Stipulation or the Consent Order shall preclude any proceedings brought by the Comptroller to enforce the terms of the Consent Order, and nothing in this Stipulation or the Consent Order constitutes, nor shall the Bank contend that it constitutes, a release, discharge, compromise, settlement, dismissal, or resolution of any actions, or in any way affects any actions that may be or have been brought by any other representative of the United States or an agency thereof, including, without limitation, the United States Department of Justice.

(3) The terms of this Stipulation, including this paragraph, and of the Consent Order are not subject to amendment or modification by any extraneous expression, prior agreements or prior arrangements between the parties, whether oral or written.

6

IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of Directors of U.S. Bank National Association, Cincinnati, OH, have hereunto set their hands on behalf of the Bank.

7

8

Accepted by:

THE COMPTROLLER OF THE CURRENCY

9

CONSENT ORDER FOR A CIVIL MONEY PENALTY

The Comptroller of the Currency of the United States of America (“Comptroller”), through his national bank examiners and other staff of the Office of the Comptroller of the Currency (“OCC”), conducted examinations of U.S. Bank National Association, Cincinnati, OH (“Bank”). The OCC identified deficiencies in the Bank’s Bank Secrecy Act/anti-money laundering (“BSA/AML”) compliance program that resulted in violations of 12 U.S.C. § 1818(s) and its implementing regulation, 12 C.F.R. § 21.21, 12 C.F.R. § 21.11, and 31 U.S.C. § 5318(i) and its implementing regulation, 31 C.F.R. § 1010.610, and informed the Bank of the findings resulting from the examinations. The OCC issued a Consent Cease and Desist Order for the BSA/AML deficiencies on October 23, 2015 (“2015 Consent Order”).

The Bank, by and through its duly elected and acting Board of Directors (“Board”), has executed a Stipulation and Consent to the Issuance of an Order for a Civil Money Penalty, dated February 13, 2018 that is accepted by the Comptroller (“Stipulation”). By this Stipulation, which is incorporated herein by reference, the Bank has consented to the issuance of this Consent Order for a Civil Money Penalty (“Order”) by the Comptroller. The Bank has undertaken corrective action, and is committed to taking all necessary and appropriate steps to remedy the deficiencies identified by the OCC and to enhance the Bank’s BSA/AML program.

ARTICLE I

COMPTROLLER’S FINDINGS

The Comptroller finds, and the Bank neither admits nor denies, the following:

(1) In the 2015 Consent Order, the Comptroller found that the Bank violated 12 U.S.C. § 1818(s) and its implementing regulation, 12 C.F.R. § 21.21 (BSA/AML compliance program), and 12 C.F.R. § 21.11 (suspicious activity report filings). Specifically, the 2015 Consent Order addressed the following conduct:

2

(2) The Bank conducted look-backs pursuant to the 2015 Consent Order and, as a result, had to file additional SARs which constituted additional violations of 12 C.F.R. § 21.11.

(3) The Bank violated 31 U.S.C. § 5318(i) and its implementing regulation, 31 C.F.R. § 1010.610 (correspondent banking) for deficiencies in its wire transfer monitoring in its International Banking Group.

(4) Pursuant to the authority vested in him by the Federal Deposit Insurance Act, as amended, 12 U.S.C. § 1818, the Comptroller hereby ORDERS that:

ARTICLE II

ORDER FOR A CIVIL MONEY PENALTY

Pursuant to the authority vested in him by the Federal Deposit Insurance Act, 12 U.S.C. § 1818(i), the Comptroller orders, and the Bank consents to the following:

(1) The Bank shall make payment of a civil money penalty in the total amount of seventy-five million dollars ($75,000,000), which shall be paid upon the execution of this Order:

3

(2) This Order shall be enforceable to the same extent and in the same manner as an effective and outstanding order that has been issued and has become final pursuant to 12 U.S.C. § 1818(h) and (i).

ARTICLE III

OTHER PROVISIONS

(1) This Order is intended to be, and shall be construed to be, a final order issued pursuant to 12 U.S.C. § 1818(i)(2), and expressly does not form, and may not be construed to form, a contract binding on the Comptroller or the United States.

(2) This Order constitutes a settlement of the civil money penalty proceeding against the Bank contemplated by the Comptroller, based on the practices and violations described in the Comptroller’s Findings set forth in Article I of this Order. The Comptroller releases and discharges the Bank from all potential liability for a civil money penalty that has been or might have been asserted by the Comptroller based on the practices and violations described in Article I of this Order, to the extent known to the Comptroller as of the effective date of this Order.

4

Nothing in the Stipulation or this Order, however, shall prevent the Comptroller from:

Further, nothing in the Stipulation or this Order shall affect any right of the Comptroller to determine and ensure compliance with the terms and provisions of the Stipulation or this Order.

(3) The terms of this Order, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements, or prior arrangements between the parties, whether oral or written.

5

IT IS SO ORDERED, this 13 ^th day of February 2018.

6

Exhibit 10.3

STIPULATION AND ORDER OF SETTLEMENT AND DISMISSAL

WHEREAS, this Stipulation and Order of Settlement and Dismissal (“Stipulation”) is entered into by and among plaintiff the U.S. Department of the Treasury (“Treasury Department” or “Government”), by its attorney, Geoffrey S. Berman, United States Attorney for the Southern District of New York, and defendant U.S. Bank National Association (“US Bank” or the “Bank,” and together with the Treasury Department, the “Parties”), by its authorized representatives;

WHEREAS, US Bank is a full-service financial institution headquartered in Cincinnati, Ohio, with over 70,000 employees and 3,100 branches nationwide;

WHEREAS, at all times relevant to this Stipulation, US Bank was subject to, and had to comply with, various requirements set forth in the Currency and Foreign Transactions Reporting Act of 1970, as amended, 31 U.S.C. § 5311 et seq. (“Bank Secrecy Act” or “BSA”), and its implementing regulations. Specifically, the BSA required US Bank to, among other things:

(1) implement and maintain an effective anti-money laundering (“AML”) program that was reasonably designed to prevent the Bank from being used to facilitate money laundering, see 31 U.S.C. § 5318(h); 31 C.F.R. §§ 1020.200–.210; (2) file timely suspicious activity reports (“SARs”) with the Financial Crimes Enforcement Network (“FinCEN”)—a component of the

Treasury Department—on transactions at the Bank that involved funds totaling at least $5,000, and which the Bank knew, suspected, or had reason to suspect either (a) involved funds derived from illegal activities, (b) sought to evade the requirements of the BSA, or (c) had no apparent lawful purpose and could not be reasonably explained, see 31 U.S.C. § 5318(g); 31 C.F.R. § 1020.320; and (3) file timely currency transaction reports (“CTRs”) with FinCEN on any transaction or group of transactions in currency aggregating more than $10,000, see id. §§ 1010.310–.314; 1020.310;

WHEREAS, on February 15, 2018, U.S. Bancorp, US Bank’s parent corporation, entered into a Deferred Prosecution Agreement (“DPA”) with the Criminal Division of the United States Attorney’s Office for the Southern District of New York based on charges that, beginning no later than 2009 and continuing until 2014, it, through the Bank, willfully failed to implement an effective AML program, in violation of 31 U.S.C. § 5318(h), and failed to file SARs, in violation of 31 U.S.C. § 5318(g). As part of the DPA, U.S. Bancorp agreed to forfeit $528 million and admitted that it, through the Bank, had “willfully (i) failed to maintain an effective [AML] program and (ii) failed to report suspicious transactions relevant to a possible law or regulations as required by the Secretary of Treasury”;

WHEREAS, on February 15, 2018, FinCEN issued an Assessment of Civil Money Penalty against US Bank for $185 million (the “Assessment”), based on conduct in which the Bank had engaged during the period starting in December 2011 and continuing until May 2015 (the “Covered Period”). The Assessment alleges that US Bank is liable under the BSA, 31 U.S.C. § 5321, for willfully failing to implement and maintain an effective AML program and to file timely and appropriate SARs and CTRs. The alleged acts and omissions on the part of US Bank identified in the Assessment and in the Government’s complaint in the above-captioned action, The United States Department of the Treasury v. U.S. Bank National Association , No. 18 Civ. 1358 (        ) (the “Action”), constitute the “Covered Conduct” for purposes of this Stipulation;

2

WHEREAS, on February 15, 2018, after it issued the Assessment, the Treasury Department filed its complaint in this Action (the “Complaint”) in the U.S. District Court for the Southern District of New York. The Complaint alleges that, as a result of the same purported failures identified in the Assessment, US Bank is liable under the BSA for willfully failing to implement and maintain an effective AML program, file timely SARs, and file accurate CTRs. The Complaint seeks an order (1) reducing the $185 million assessment to judgment, and (2) granting the Treasury Department injunctive relief;

WHEREAS, the Parties have, through this Stipulation, reached a mutually-agreeable resolution addressing the claims asserted against US Bank in the Assessment and the Complaint, arising out of the Covered Conduct;

NOW, THEREFORE, upon the Parties’ agreement, IT IS HEREBY ORDERED that:

TERMS AND CONDITIONS

1. The Parties agree that this Court has subject matter jurisdiction over this action and consent to this Court’s exercise of personal jurisdiction over each of them.

2. The Statement of Facts to which U.S. Bancorp has agreed in connection with the DPA (“Statement of Facts”) is incorporated by reference as part of this Stipulation. US Bank admits, acknowledges and accepts responsibility for the facts and conduct contained in the Statement of Facts. Among those facts are:

3

3. US Bank further admits, acknowledges and accepts responsibility for the following facts and conduct.

4

5

6

7

4. US Bank shall pay the United States of America (“United States”) $185,000,000 (one hundred and eighty-five million dollars) within thirty (30) business days of the Effective Date, which is defined below in Paragraph 25 (“Settlement Amount”). US Bank’s obligation to pay the Settlement Amount will be deemed satisfied if, within thirty (30) business days of the Effective Date, (a) it pays $70 million (seventy million dollars) to the Treasury Department and (b) U.S. Bancorp pays the United States the full amount it is required to pay under the DPA, pursuant to the terms of the DPA.

5. The $70 million payment required by Paragraph 4 above shall be made in accordance with instructions to be provided by the Financial Litigation Unit of the United States Attorney’s Office for the Southern District of New York.

6. US Bank has provided FinCEN with a description of the substantial steps it has taken to remediate its BSA/AML program, including actions aimed at fostering a culture of compliance and ensuring compliance with all applicable BSA program and reporting requirements. Moving forward, the Bank will continue its commitment to provide sufficient resources to its BSA/AML Program, including in terms of staff levels, budgets, and systems, commensurate with its size, complexity, products, and services. The Bank will also continue its efforts to maintain an effective automated transaction monitoring system to ensure accurate and timely compliance with its reporting requirements.

8

7. To keep FinCEN informed of its efforts, US Bank agrees that, for a period of two (2) years from the Effective Date of this Stipulation, it will: (a) meet with FinCEN annually to identify all remedial actions the Bank has taken during the preceding calendar year to address prior deficiencies related to its allocation of resources (including sufficient staff) to its BSA/AML Program, and explain why existing resource levels are sufficient to maintain compliance with the BSA; and (b) meet with FinCEN annually to identify any independent testing that has been conducted (either internally or externally) during the preceding calendar year on the BSA functions at the Bank, including model validation of its transaction monitoring software and reviews of its processes and procedures regarding alert generation, investigation of alerts, and disposition of alerts (collectively, the “Reporting Requirements”).

8. Subject to the exceptions in Paragraph 9 below (concerning excluded claims) and Paragraph 16 below (concerning bankruptcy proceedings), and conditioned on US Bank’s full compliance with the terms of this Stipulation, including US Bank’s full payment of the Settlement Amount as set forth in Paragraph 4 above, as well as its full compliance with the Reporting Requirements in Paragraph 7 above and the Cooperation Requirements in Paragraph 11 below, the Government releases US Bank from any civil or administrative claim for monetary or injunctive relief that the Government has for the Covered Conduct under the BSA, 31 U.S.C. §§ 5320, 5321, and its implementing regulations. For avoidance of doubt, this Stipulation does not release any current or former officer, director, employee, or agent of US Bank from liability of any kind.

9. Notwithstanding the release given in Paragraph 8 above, or any other term of this Stipulation, the following claims of the Government are specifically reserved and are not released by this Stipulation:

a. any liability arising under Title 26, United States Code (Internal Revenue Code);

9

b. any criminal liability;

c. except as explicitly stated in this Stipulation, any civil or administrative liability;

d. any liability to the Government for any conduct other than the Covered Conduct;

e. any liability based upon obligations created by this Stipulation; and

f. any liability of individuals.

10. US Bank shall be in default of this Stipulation if it fails to make the required payment set forth in Paragraph 4 above on or before the due date for such payment, or if it fails to comply materially with any other term of this Stipulation that applies to it, including the Reporting Requirements in Paragraph 7 above and the Cooperation Requirements in Paragraph 11 below (“Default”). The Government shall provide written notice of any Default in the manner set forth in Paragraph 26 below. US Bank shall then have an opportunity to cure the Default within ten (10) calendar days from the date of delivery of the notice of Default. In the event that a Default is not fully cured within ten (10) calendar days of the delivery of the notice of Default (“Uncured Default”), interest shall accrue at the rate of 12% per annum compounded daily on any remaining unpaid principal balance of the Settlement Amount, beginning seven (7) business days after mailing of the notice of Default. In the event of an Uncured Default relating to the Settlement Amount, US Bank agrees to the entry of the consent judgment attached hereto as Exhibit A and that the Government may take action to collect on the consent judgment. In the event of an Uncured Default relating to the Settlement Amount or any other term of this Stipulation that applies to US Bank, including the Reporting and Cooperation Requirements, US Bank further agrees that the Government, at its option, may (a) rescind this Stipulation and

10

reinstate the Complaint, as well as any claims that could be asserted for the Covered Conduct; (b) seek specific performance of this Stipulation; (c) offset the remaining unpaid balance of the Settlement Amount (including interest) from any amounts due and owing to US Bank by any department, agency, or agent of the United States; or (d) exercise any other rights granted by law, or under the terms of this Stipulation, or recognizable at common law or in equity. US Bank shall not contest any offset imposed or any collection undertaken by the Government pursuant to this Paragraph, either administratively or in any Federal or State court. In addition, US Bank shall pay the Government all reasonable costs of collection and enforcement under this Paragraph, including attorneys’ fees and expenses. In the event that the Government opts to rescind this Stipulation pursuant to this Paragraph, US Bank shall not plead, argue, or otherwise raise any defenses under the theories of statute of limitations, laches, estoppel, or similar theories, to any civil or administrative claims that relate to the Covered Conduct, except to the extent such defenses were available on the date the Complaint was originally filed.

11. US Bank agrees to cooperate fully and truthfully with FinCEN’s investigation of individuals not released in this Stipulation. Upon reasonable notice, US Bank shall encourage, and agrees not to impair, the cooperation of its directors, officers, and employees, and shall use its best efforts to make available, and encourage, the cooperation of former directors, officers, and employees in interviews and testimony, consistent with the rights and privileges of such individuals. To the extent permitted by applicable law, US Bank further agrees to furnish to FinCEN, upon request, complete and unredacted copies of all non-privileged documents, reports, memoranda of interviews, and records in its possession, custody, or control concerning any investigation of the Covered Conduct that it has undertaken, or that has been performed by another on its behalf.

11

12. US Bank waives and shall not assert any defenses it may have to any criminal prosecution or administrative action relating to the Covered Conduct that may be based in whole or in part on a contention that, under the Double Jeopardy Clause in the Fifth Amendment of the Constitution, or under the Excessive Fines Clause in the Eighth Amendment of the Constitution, this Stipulation bars a remedy sought in such criminal prosecution or administrative action. Nothing in this Paragraph or any other provision of this Stipulation constitutes an agreement by the Government concerning the characterization of the Settlement Amount for purposes of the Internal Revenue laws, Title 26 of the United States Code.

13. US Bank fully and finally releases the United States, its agencies, officers, agents, employees, and servants, from any claims (including attorneys’ fees, costs, and expenses of every kind and however denominated) that it has asserted, could have asserted, or may assert in the future against the Government, its agencies, officers, agents, employees, or servants, related to the Covered Conduct and the Government’s investigation, prosecution and settlement of the Covered Conduct.

14. This Stipulation is intended to be for the benefit of the Parties only. The Parties do not release any claims against any other person or entity except as otherwise provided herein.

15. US Bank represents and warrants that it has reviewed its financial situation, that it is currently solvent within the meaning of 11 U.S.C. §§ 547(b)(3) and 548(a)(1)(B)(ii)(I), and that it reasonably believes as of the date hereof that it shall remain solvent following compliance with its obligations under this Stipulation. Further, the Parties warrant that, in evaluating whether to execute this Stipulation, they (a) have intended that the mutual promises, covenants, and obligations set forth constitute a contemporaneous exchange for new value given to US Bank within the meaning of 11 U.S.C. § 547(c)(1); and (b) have concluded that these mutual promises,

12

covenants, and obligations due, in fact, constitute such a contemporaneous exchange. Further, the Parties warrant that the mutual promises, covenants, and obligations set forth herein are intended to and do, in fact, represent a reasonably equivalent exchange of value that is not intended to hinder, delay, or defraud any entity to which US Bank was or became indebted to on or after the date of this Stipulation, within the meaning of 11 U.S.C. § 548(a)(1).

16. If US Bank commences, or a third party commences, any case, action, or other proceeding under any law relating to bankruptcy, insolvency, reorganization, or relief of debtors (a) seeking an order for relief of US Bank’s debts, or seeking to adjudicate US Bank as bankrupt or insolvent; or (b) seeking appointment of a trustee, custodian, or other similar official for US Bank or for all or any substantial part of US Bank’s assets, US Bank agrees as follows:

a. US Bank’s obligations under this Stipulation may not be avoided pursuant to 11 U.S.C. § 547, and US Bank shall not argue or otherwise take the position in any such case, action, or proceeding that (i) US Bank’s obligations under this Stipulation may be avoided under 11 U.S.C. § 547; (ii) US Bank was insolvent at the time this Stipulation was entered into; or (iii) the mutual promises, covenants, and obligations set forth in this Stipulation do not constitute a contemporaneous exchange for new value given to US Bank.

b. If US Bank’s obligations under this Stipulation are avoided for any reason, including, but not limited to, through the exercise of a trustee’s avoidance powers under the Bankruptcy Code, the Government, at its sole option, may rescind the release in this Stipulation and pursue any civil and/or administrative claim, action, or proceeding against US Bank that would otherwise be covered by the release in Paragraph 8 above. US Bank agrees that (i) any such claim, action, or proceeding brought by the Government would not be subject to an “automatic stay” pursuant to 11 U.S.C. § 362(a) as a result of the case, action, or proceeding

13

described in the first clause of this Paragraph, and US Bank shall not argue or otherwise contend that the claim, action, or proceeding is subject to an automatic stay; (ii) US Bank shall not plead, argue, or otherwise raise any defenses under the theories of statute of limitations, laches, estoppel, or similar theories, to any such claim, action, or proceeding that is brought by the Government within 60 calendar days of written notification that the releases in the Stipulation have been rescinded pursuant to this Paragraph, except to the extent such defenses were available on the date the Complaint was originally filed; and (iii) the Government has a valid claim against US Bank for the full Settlement Amount, and the Government may pursue the claim in the case, action, or proceeding described in the first clause of this Paragraph, as well as in any other case, action, or proceeding.

c. US Bank acknowledges that the agreements in this Paragraph are provided in exchange for valuable consideration provided in this Stipulation.

17. US Bank agrees to the following:

a. Unallowable Costs Defined: All costs (as defined in the Federal Acquisition Regulation, 48 C.F.R. § 31.205-47) incurred by or on behalf of US Bank in connection with:

i. the matters covered by this Stipulation;

ii. any audit(s) and civil and/or criminal investigation(s) by the United States of matters covered by this Stipulation;

iii. US Bank’s investigation, defense, and corrective actions undertaken in response to the United States’ audit(s) and civil and/or criminal investigation(s) in connection with matters covered by this Stipulation (including attorneys’ fees);

14

iv. the negotiation and performance of this Stipulation; and

v. any payments US Bank makes to the United States pursuant to this Stipulation,

are unallowable costs for government contracting purposes (hereinafter referred to as “Unallowable Costs”).

b. Future Treatment of Unallowable Costs: Unallowable Costs shall be separately determined and accounted for by US Bank, and the Bank shall not charge such Unallowable Costs directly or indirectly to any contracts with the United States.

c. Treatment of Unallowable Costs Previously Submitted for Payment: Within 90 days of the Effective Date of this Stipulation, US Bank shall identify and repay by adjustment to future claims for payment or otherwise any Unallowable Costs included in payments previously sought by US Bank from the United States. US Bank agrees that the United States, at a minimum, shall be entitled to recoup from US Bank any overpayment plus applicable interest and penalties as a result of the inclusion of such Unallowable Costs on previously-submitted requests for payment. The United States, including the Treasury Department, the Department of Justice and/or any other affected agency, reserves its rights to audit, examine, or re-examine US Bank’s books and records and to disagree with any calculations submitted by US Bank regarding any Unallowable Costs included in payments previously sought by the Bank, or the effect of any such Unallowable Costs on the amount of such payments.

18. The Government’s Complaint is hereby dismissed under Fed. R. Civ. P. 41(a)(2), but the Court shall retain jurisdiction over this Stipulation and over the Government and US Bank to enforce the obligations of each under this Stipulation.

15

19. Each Party shall bear its own legal and other costs incurred in connection with this matter.

20. Any failure by the Government to insist upon the full or material performance of any of the provisions of this Stipulation shall not be deemed a waiver of any of the provisions hereof, and the Government, notwithstanding that failure, shall have the right thereafter to insist upon the full or material performance of any and all of the provisions of this Stipulation.

21. This Stipulation is governed by the laws of the United States. The exclusive jurisdiction and venue for any dispute relating to this Stipulation is the United States District Court for the Southern District of New York. For purposes of construing this Stipulation, this Stipulation shall be deemed to have been drafted by all Parties to this Stipulation and shall not, therefore, be construed against any Party in any subsequent dispute.

22. This Stipulation constitutes the complete agreement between the Parties with respect to the subject matter hereof. This Stipulation may not be amended except by written consent of the Parties.

23. The undersigned counsel and any other signatories represent and warrant that they are fully authorized to execute this Stipulation on behalf of persons and the entities indicated below.

24. This Stipulation is binding on US Bank’s successors, transferees, heirs, and assigns.

25. This Stipulation may be executed in counterparts, each of which constitutes an original and all of which constitute one and the same Stipulation. E-mails that attach signatures in PDF form or facsimiles of signatures shall constitute acceptable, binding signatures for purposes of this Stipulation.

16

26. Any notices or requests pursuant to this Stipulation shall be in writing and shall be delivered by hand, express courier, or email transmission followed by postage-prepaid mail, and shall be addressed as follows:

IF TO THE GOVERNMENT:

Christopher B. Harwood

Caleb Hayes-Deats

Assistant United States Attorneys

United States Attorney’s Office

Southern District of New York

86 Chambers Street, Third Floor

New York, New York 10007

Email: christopher.harwood@usdoj.gov

            caleb.hayes-deats@usdoj.gov

IF TO US BANK:

Boyd M. Johnson III

Wilmer Cutler Pickering Hale Dorr LLP

7 World Trade Center

New York, NY 10007

(212) 230-8800

Email: boyd.johnson@wilmerhale.com

And:

Samuel W. Seymour

Sullivan & Cromwell LLP

125 Broad Street

New York, NY 10004

(212) 558-4000

Email: seymours@sullcrom.com

27. US Bank, having truthfully admitted the facts set forth in Paragraphs 2 & 3 above (the “Admissions”), agrees that it shall not take any action or make any public statements contradicting or denying, directly or indirectly, the Admissions.

28. The Effective Date of this Stipulation is the date upon which the Stipulation is approved and entered by the Court.

17

Agreed to by:

U.S. DEPARTMENT OF THE TREASURY

Dated: New York, New York

            February 15, 2018

18

US BANK

Dated: February 15, 2018

Dated: February     , 2018

19

CONSENT JUDGMENT

Upon the consent of plaintiff the U.S. Department of the Treasury (“Treasury Department”) and defendant U.S. Bank National Association (“US Bank”), it is hereby

ORDERED, ADJUDGED and DECREED: that the Treasury Department is awarded judgment in the amount of $185,000,000 (one hundred and eighty-five million dollars) as against US Bank, as well as post-judgment interest at the rate of 12% per annum compounded daily.

Agreed to by:

U.S. DEPARTMENT OF THE TREASURY

Dated: New York, New York

            February 15, 2018

US BANK

Dated: February 15, 2018

WHEREAS, U.S. Bancorp, Minneapolis, Minnesota (“USB”), a registered bank holding company, owns and controls U.S. Bank, N.A., Cincinnati, Ohio (“U.S. Bank N.A.”) and multiple nonbank subsidiaries;

WHEREAS, U.S. Bank N.A. has multiple subsidiaries, one of which, USB Americas Holdings Company, Minneapolis, Minnesota, (the “Agreement Corporation”), is an agreement corporation organized under section 25A of the Federal Reserve Act (12 U.S.C. § 611 et seq .);

WHEREAS, USB is a large, complex organization that has a number of separate business lines and legal entities, which operate in the United States and in foreign jurisdictions, that must comply with a wide range of applicable laws, rules, regulations, and standards;

WHEREAS, the Board of Governors of the Federal Reserve System (the “Board of Governors”) is the appropriate federal banking agency supervisor of USB and the Agreement Corporation;

1

WHEREAS, USB has adopted a firmwide compliance risk management program designed to identify and manage compliance risks across the consolidated organization related to compliance with all applicable laws, rules, and regulations;

WHEREAS, USB’s firmwide compliance risk management program includes an anti- money laundering (“AML”) program designed to identify and manage compliance risks related to the Bank Secrecy Act (the “BSA”) (31 U.S.C. § 5311 et seq .); the rules and regulations issued thereunder by the U.S. Department of Treasury (31 C.F.R. Chapter X); the AML regulations issued by the appropriate federal supervisors for USB, U.S. Bank N.A., the Agreement Corporation, and other subsidiaries of USB (collectively, the “BSA/AML Requirements”); and the sanctions regimes imposed under the International Emergency Economic Powers Act, 50 U.S.C. §§ 1701-06, and the Trading with the Enemy Act, 50 U.S.C. §§ 5 and 16, both of which are administered by OFAC (collectively, “OFAC Regulations”);

WHEREAS, USB lacked adequate risk management and compliance policies and procedures to ensure that activities conducted at U.S. Bank N.A. and the Agreement Corporation complied with applicable BSA/AML Requirements and OFAC Regulations and were timely reported in response to inquiries by the Federal Reserve Bank of Minneapolis (“Reserve Bank”);

WHEREAS, U.S. Bank N.A. consented in October 2015 to the issuance of a Consent Order by the Office of the Comptroller of the Currency (the “OCC”) designed to remedy deficiencies in U.S.Bank N.A.’s BSA/AML compliance program and has consented to the assessment of a civil money penalty (the “OCC Orders”);

2

WHEREAS, the Department of Justice (“DOJ”) has also been conducting an investigation concerning U.S. Bank N.A.’s compliance with BSA/AML Regulations and, in order to resolve the investigation, USB has agreed to enter into a settlement agreement with the DOJ;

WHEREAS, U.S. Bank N.A. has entered into a settlement agreement with the Financial Crimes Enforcement Network to address deficiencies in U.S. Bank N.A.’s BSA/AML compliance program and has agreed to the assessment of a civil money penalty;

WHEREAS, USB, the Agreement Corporation, the Board of Governors, and the Reserve Bank have the common goals that USB, on a firmwide basis, and the Agreement Corporation, operate in compliance with all applicable federal and state laws, rules, and regulations regarding the BSA/AML Requirements and OFAC Regulations, and that USB continues to implement an effective firmwide compliance risk management program that is commensurate with USB’s compliance risk profile;

WHEREAS, the Board of Governors is issuing this Consent Order to Cease and Desist and Assessment of a Civil Money Penalty (“Order”);

WHEREAS, pursuant to delegated authority, the undersigned signatories for USB and the Agreement Corporation are authorized to enter into this Order on behalf of USB and the Agreement Corporation, respectively, and consent to compliance with each and every provision of this Order, and to waive any and all rights that each may have pursuant to section 8 of the Federal Deposit Insurance Act, as amended (the “FDI Act”) (12 U.S.C. § 1818), including, but not limited to: (i) the issuance of a notice of charges on any matters set forth in this Order; (ii) a hearing for the purpose of taking evidence on any matters set forth in this Order; (iii) judicial review of this Order; and (iv) challenge or contest, in any manner, the basis, issuance, validity, terms, effectiveness, or enforceability of this Order or any provision hereof;

3

NOW, THEREFORE, it is hereby ordered that, before the filing of any notices, or taking of any testimony or adjudication of or finding on any issues of fact or law herein, and solely for the purpose of settling this matter without a formal proceeding being filed and without the necessity for protracted or extended hearings or testimony, pursuant to sections 8(b)(1) and (3) of the FDI Act (12 U.S.C. §§1818(b)(1) and 1818(b)(3)), USB and the Agreement Corporation shall cease and desist and take affirmative action as follows:

Source of Strength

1. The board of directors of USB shall take appropriate steps to fully utilize USB’s financial and managerial resources, pursuant to section 38A of the FDI Act (12 U.S.C. § 1831 o -1) and section 225.4(a) of Regulation Y of the Board of Governors (12 C.F.R. § 225.4(a)), to serve as a source of strength to the bank, including, but not limited to, taking steps to ensure that U.S. Bank N.A. complies with any supervisory action taken by U.S. Bank N.A.’s federal or state regulators.

Board Oversight

2. Within 60 days of this Order, USB’s board of directors shall submit a written plan to strengthen board oversight of USB’s firmwide compliance risk management program with regard to compliance with the BSA/AML Requirements and the OFAC Regulations acceptable to the Reserve Bank. The plan shall describe the actions that the board of directors will take to improve USB’s compliance risk management with regard to the BSA/AML Requirements and the OFAC Regulations, including, but not limited to, measures to ensure that compliance risk is effectively managed across USB, including within and across business lines, support units, legal entities, and jurisdictions in which USB and its subsidiaries and affiliates operate. The plan shall, at a minimum, address, consider, and include:

4

(a) steps taken to date to meet the provisions of the OCC Orders and plans for continued program enhancements;

(b) steps taken to date to improve the BSA/AML and OFAC compliance programs within the Agreement Corporation and plans for continued program enhancements; and

(c) steps taken to improve the information and reports that are regularly reviewed by the board of directors, including compliance risk assessments, and the status and results of measures taken, or to be taken, by senior officers to remediate outstanding compliance issues and to comply with this Order and the OCC Orders.

Regulatory Communications

3. Within 30 days of this Order, USB shall submit written policies and procedures that govern, on a firmwide basis, the conduct of personnel in all bank supervisory and regulatory matters, including, but not limited to, interaction with and requests for information by examiners for the banking regulators, acceptable to the Reserve Bank. The policies and procedures shall, at a minimum, ensure that all personnel provide prompt, complete, and accurate information to examiners and provide for employee training that emphasizes the importance of full cooperation with banking regulators by all employees.

Customer Due Diligence

4. Within 60 days of this Order, the Agreement Corporation shall submit a written enhanced customer due diligence program acceptable to the Reserve Bank. At a minimum, the program shall include the steps the Agreement Corporation has taken, or will take, to improve:

(a) policies, procedures, and controls to ensure that the Agreement Corporation collects, analyzes, and retains complete and accurate customer information for all account holders, to include, but not limited to:

5

(i) documentation necessary to verify the identity and business activities of the customer; and

(ii) documentation necessary to understand the normal and expected transactions of the customer;

(b) a methodology for assigning risk ratings to account holders that considers factors such as type of customer, type of products and services, and geographic location;

(c) a risk-focused assessment of the Agreement Corporation’s customer base to:

(i) identify the categories of customers whose transactions and banking activities are routine and usual;

(ii) identify the categories of customers that pose a heightened risk of conducting potentially illicit activities at or through the Agreement Corporation or its subsidiaries; and

(iii) determine the appropriate level of enhanced due diligence necessary for those categories of customers that pose a heightened risk of conducting potentially illicit activities at or through the Agreement Corporation or its subsidiaries;

(d) procedures to ensure periodic risk-based reviews and evaluations are conducted and documented for all account holders; and

(e) measures to ensure that customer due diligence functions that are outsourced to third-parties, including, but not limited to, affiliates, are performed to meet regulatory requirements.

6

Assessment of Civil Money Penalty

5. (a) The Board of Governors hereby assesses USB a civil money penalty in the amount of $15 million; and

    (b) The civil money penalty shall be remitted at the time of the execution of this Order by Fedwire transfer of immediately available funds to the Federal Reserve Bank of Richmond, ABA No. 05 1000033, beneficiary, Board of Governors of the Federal Reserve System. The Federal Reserve Bank of Richmond, on behalf of the Board of Governors, shall distribute this sum to the U.S. Department of the Treasury, pursuant to section 8(i) of the FDI Act (12 U.S.C. § 1818(i)).

Approval, Implementation, and Progress Reports

6. (a) USB and the Agreement Corporation, as applicable, shall submit written plans, programs, policies, and procedures that are acceptable to the Reserve Bank within the applicable time periods set forth in paragraphs 2, 3, and 4 of this Order. Each plan, program, policy, or procedure shall contain a timeline for full implementation of the plan, program, policy, or procedure with specific deadlines for the completion of each component of the plan, program, policy, or procedure.

    (b) Within 10 days of approval by the Reserve Bank, USB and the Agreement Corporation, as applicable, shall adopt the approved plans, programs, policies, and procedures. Upon adoption, USB and the Agreement Corporation, as applicable, shall promptly implement the approved plans, programs, policies, and procedures, and thereafter fully comply with them.

    (c) During the term of this Order, the approved plans, programs, policies and procedures shall not be amended or rescinded without the prior written approval of the Reserve Bank.

7

7. Within 30 days after the end of each calendar quarter following the date of this Order, the boards of directors of USB and the Agreement Corporation, or an authorized committee thereof, shall submit to the Reserve Bank written progress reports detailing the form and manner of all actions taken to secure compliance with this Order, a timetable and schedule to implement specific remedial actions to be taken, and the results thereof. The Reserve Bank may, in writing, discontinue the requirement for progress reports or modify the reporting schedule.

Communications

Deputy General Counsel

Patrick M. Bryan

Assistant General Counsel

Board of Governors of the Federal Reserve System

20th & C Streets, N.W.

Washington, D.C. 20551

Vice President

Federal Reserve Bank of Minneapolis

90 Hennepin Avenue

Minneapolis, Minnesota 55401-1804

President and

Chief Executive Officer

U.S. Bancorp

800 Nicollet Mall

Minneapolis, Minnesota 55402-7020

Executive Vice President

USB Americas Holdings Company

U.S. Bancorp Center

800 Nicollet Mall

Minneapolis, MN 55402-7020

8

Miscellaneous

9. Notwithstanding any provision of this Order to the contrary, the Reserve Bank may, in its sole discretion, grant written extensions of time to USB and the Agreement Corporation.

10. The provisions of this Order shall be binding upon USB and the Agreement Corporation and each of their institution-affiliated parties, in their capacities as such, and their successors and assigns.

11. Each provision of this Order shall remain effective and enforceable until stayed, modified, terminated, or suspended in writing by the Board of Governors.

12. Except as otherwise provided in this paragraph, the Board of Governors hereby agrees not to initiate any further enforcement actions, including for civil money penalties, against USB, and its affiliates, successors, and assigns, with respect to the conduct described in the WHEREAS clauses of this Order to the extent known by the Board of Governors as of the effective date of this Order. This release and discharge shall not preclude or affect (i) any right of the Board of Governors to determine and ensure compliance with this Order, (ii) any proceedings brought by the Board of Governors to enforce the terms of this Order, or (iii) any proceedings brought by the Board of Governors against individuals who are or were institution-affiliated parties of USB.

13. Except as provided in paragraph 12, the provisions of this Order shall not bar or otherwise prevent the Board of Governors, the Reserve Bank, or any federal or state agency from taking any other action affecting the USB or any of its current or former institution-affiliated parties and its successors and assigns.

14. Nothing in this Order, express or implied, shall give to any person or entity, other than the parties hereto and their successors hereunder, any legal or equitable right, remedy, or claim under this Order.

9

By order of the Board of Governors of the Federal Reserve System, effective this 14 ^th day of February, 2018.

10