CBank Online Banking

Treasury Management Services Agreement Addendum

ADDENDUM PURPOSE

Prior to November 2018, Citizens Business Bank offered online banking services to businesses through its legacy Fiserv Business Online Banking system (“Fiserv Services”). In November 2018, the Bank acquired a second system, Q2 Business Online Banking (“Q2 Services”). Effective immediately, all net new Citizens Business Bank business customers will be offered online banking through Q2 Services. In addition, some existing Fiserv Services customers may transition onto Q2 Services.

Please be advised that the Treasury Management Services Agreement (“TMA”) provided to you upon implementation of online banking services references Fiserv Business Online Banking system (“Fiserv Services”). This Addendum appends the TMA with information about Q2 Services and further defines the difference in user-administrator rights and entitlements between the two systems. Depending on which of the Services are used and applicable, which the Bank can identify for you upon request, you will be subject to the applicable provisions below regarding the Appointment of an Administrator for certain Services.

FISERV SERVICES APPLICABLE PROVISION – APPOINTMENT OF ADMINISTRATOR

As a Principal or Owner, you must appoint at least one individual for certain Fiserv Services (a Fiserv Services Administrator, or “FS-Admin”) with the authority to determine: (a) who will be authorized to use the Services and further (b) who will be authorized to transact on accounts on your behalf. To clarify, a Principal/Owner can add accounts and assign FS-Admins to Services, and an FS-Admin can assign users access to accounts within the Services. An FS-Admin cannot add other FS-Admins to a Service. The FS-Admin can establish separate Credentials for you and each user, as well as limits on each user’s authority to access information and conduct transactions. You are strongly encouraged to use these controls to help reduce losses or damages that may arise out of improper or unauthorized use of a Service by designated users and others. You assume sole responsibility for the actions of the FS-Admin, the authority he or she gives others to act on your behalf, and the actions of the persons designated by the FS-Admin to use the Services. We strongly recommend that you utilize online banking transaction initiation and approval controls to impose a dual control environment in connection with the creation and transmission of check issuance data, bill payments, wire transfers, ACH transactions and other payment instructions. Users should keep their Credentials confidential and never share with anyone else.

FISERV SERVICES APPLICABLE PROVISION – USER SECURITY: BUSINESS ONLINE BANKING / BILL PAY

Fiserv Business Online Banking User Security Level for Business Online Banking / Security Level for Bill Payment. You will need to designate which Services will be utilized and the accounts that will be utilized for each Service. If you designate an account that requires more than one (1) signature for the withdrawal or transfer of funds by check or other form of presented document, it is agreed that, with respect to any online banking Services provided pursuant to this Agreement, we may act upon any Service instruction that is accompanied by the Credential designated by you or the FS-Admin for that account and the Service in question. Note: This may mean that we will act upon the instruction of only ONE (1) person (e.g., to wire funds, transfer funds, or originate ACH transactions), even though the signature card for the account in question requires two (2) or more signatures on checks or withdrawal. As long as an instruction is accompanied by the designated Credentials, the transaction will be deemed authorized by you.

Q2 SERVICES APPLICABLE PROVISION – APPOINTMENT OF ADMINISTRATOR

Appointment of Administrator: Q2 Services Applicable Provision. As a Principal or Owner, you must appoint an individual for certain Q2 Services (a Q2 Services Administrator, or Q2-Admin) with the authority to determine who will be authorized to use the Q2 Services on your behalf. Your Q2-Admin can establish separate Credential(s) (described in Section 4) for you and each user, as well as limits on each user’s authority to access information and conduct transactions. Your Q2-Admin also can empower other users with equal authority (in which case, they will also be considered Q2-Admins). You are strongly encouraged to use these controls to reduce losses or damages that may arise out of improper or unauthorized use of a Q2 Service by designated users and others. You assume sole responsibility for the actions of your Q2-Admin, the authority he or she gives others to act on your behalf, and the actions of the persons designated by the Q2-Admin to use the Services. We strongly recommend that you impose a dual control environment in connection with the transmission of check issuance data and payment instructions. If you elect not to do so, you acknowledge and agree you are assuming responsibility for acting with greater care with respect to your accounts, transactions and statements. Other anti-fraud procedures and safety tips are set forth in the Account Agreement and you are urged to review them and determine what anti-fraud and safety procedures are appropriate for you.

Q2 SERVICES APPLICABLE PROVISION – USER SECURITY: BUSINESS ONLINE BANKING / BILL PAY

Q2 Business Online Banking User Authorization. You or your Q2-Admin will need to designate which deposit and/or loan accounts will be utilized for Q2 Service payments and transfers. If your Q2-Admin designates an account that requires more than one signature for the withdrawal or transfer of funds, you agree that we may act upon any Q2 Service instruction that is accompanied by the Credential(s) assigned to a user by you or your Q2-Admin for that account and the Q2 Service in question. Note: This may mean that we will act upon the instruction of only ONE person (e.g., to wire funds), even though the signature card for the account in question requires two or more signatures on checks. As long as an instruction is accompanied by the designated Credential(s), the transaction will be deemed authorized by you. See the Account Agreement with respect to our obligations with respect to signatures on checks.

Q2 SERVICES APPLICABLE PROVISION – MOBILE DEVICE INFORMATION

If you are approved for this Q2 Service, you can use a Mobile Device, together with your Credential(s), to access our Q2 Mobile Banking Services (e.g., account information, alerts, and fund transfers). Your Mobile Device must support 128-bit encryption, be web-enabled, and able to send and receive text SMS messages. This Agreement does not amend any agreement you may have with your Internet service or wireless providers. Q2 Mobile Banking may not be available over some network carriers and may not support all Mobile Devices. See our Q2 User Guide for further details and check our website for downloadable applications.

Q2 SERVICES APPLICABLE PROVISION – CONSENT TO RECEIVE EMAIL AND TEXT MESSAGES

You may receive electronic mail (“email”) and SMS text messages relating to your account and transactions from time to time. You authorize us to send emails and SMS text messages to you in connection with your accounts and transactions at the email address or mobile phone number you provide to us, even if you elect not to receive other marketing messages from us in that manner. Your carrier’s normal rates and fees, such as text messaging fees, will apply. To stop receiving SMS messages you can initiate the opt-out process by sending an SMS message. Just text “STOP” to this number: 320-75.

Q2 SERVICES APPLICABLE PROVISION – MOBILE DEVICE SECURITY

Your Mobile Device may be subject to unauthorized tracking or other manipulation by “spyware” or other malicious code. You agree to take reasonable precautions to ensure the safety, security and integrity of transactions conducted with your Mobile Device (e.g., not leaving your Mobile Device unattended when logged into any Q2 Service). We are not liable for any unauthorized use of or transaction initiated on your Mobile Device, and you will indemnify us and hold us harmless from any loss or liability for any such unauthorized use or transaction.

Q2 SERVICES APPLICABLE PROVISION – LIMITATION OF OUR LIABILITY FOR MOBILE BANKING SERVICE

Alerts that we send to you are not intended to replace your account statements or other communications and may be delayed or prevented by factors affecting your Mobile Device manufacturer, Internet service provider or carrier. We assume no liability for losses or damages arising from the non-delivery, delayed delivery, or misdelivery of alerts. Information available through our website may not be available through your Mobile Device, may be described with different terminology, and may vary from the information available through your Mobile Device.