Proposed Agency Information Collection Activities; Comment Request

AGENCY:

Board of Governors of the Federal Reserve System.

ACTION:

Notice, request for comment.

SUMMARY:

The Board of Governors of the Federal Reserve System (Board) invites comment on a proposal to extend for three years, without revision, the Reporting, Recordkeeping, and Disclosure Provisions Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (FR 4100; OMB No. 7100-0309).

DATES:

Comments must be submitted on or before December 14, 2020.

ADDRESSES:

You may submit comments, identified by FR 4100, by any of the following methods:

• Agency Website: https://www.federalreserve.gov/. Follow the instructions for submitting comments at https://www.federalreserve.gov/apps/foia/proposedregs.aspx.
• Email: regs.comments@federalreserve.gov. Include the OMB number in the subject line of the message.
• FAX: (202) 452-3819 or (202) 452-3102.
• Mail: Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551.

All public comments are available from the Board's website at https://www.federalreserve.gov/apps/foia/proposedregs.aspx as submitted, unless modified for technical reasons or to remove personally identifiable information at the commenter's request. Accordingly, comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper in Room 146, 1709 New York Avenue NW, Washington, DC 20006, between 9:00 a.m. and 5:00 p.m. on weekdays. For security reasons, the Board requires that visitors make an appointment to inspect comments. You may do so by calling (202) 452-3684. Upon arrival, visitors will be required to present valid government-issued photo identification and to submit to security screening in order to inspect and photocopy comments.

Additionally, commenters may send a copy of their comments to the Office of Management and Budget (OMB) Desk Officer—Shagufta Ahmed—Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 10235, 725 17th Street NW, Washington, DC 20503, or by fax to (202) 395-6974.

FOR FURTHER INFORMATION CONTACT:

Federal Reserve Board Clearance Officer—Nuha Elmaghrabi—Office of the Chief Data Officer, Board of Governors of the Federal Reserve System, Washington, DC 20551, (202) 452-3829.

SUPPLEMENTARY INFORMATION:

On June 15, 1984, OMB delegated to the Board authority under the PRA to approve and assign OMB control numbers to collections of information conducted or sponsored by the Board. In exercising this delegated authority, the Board is directed to take every reasonable step to solicit comment. In determining whether to approve a collection of information, the Board will consider all comments received from the public and other agencies.

A copy of the Paperwork Reduction Act (PRA) OMB submission, including the reporting form and instructions, supporting statement, and other documentation will be available at https://www.reginfo.gov/public/do/PRAMain,, if approved. These documents will also be made available on the Board's public website at https://www.federalreserve.gov/apps/reportforms/review.aspx or may be requested from the agency clearance officer, whose name appears above.

Request for Comment on Information Collection Proposal

The Board invites public comment on the following information collection, which is being reviewed under authority delegated by the OMB under the PRA. Comments are invited on the following:

a. Whether the proposed collection of information is necessary for the proper performance of the Board's functions, including whether the information has practical utility;

b. The accuracy of the Board's estimate of the burden of the proposed information collection, including the validity of the methodology and assumptions used;

c. Ways to enhance the quality, utility, and clarity of the information to be collected;

d. Ways to minimize the burden of information collection on respondents, including through the use of automated collection techniques or other forms of information technology; and

e. Estimates of capital or startup costs and costs of operation, maintenance, and purchase of services to provide information.

At the end of the comment period, the comments and recommendations received will be analyzed to determine the extent to which the Board should modify the proposal.

Proposal Under OMB Delegated Authority To Extend for Three Years, Without Revision, the Following Information Collection

Report title: Reporting, Recordkeeping, and Disclosure Provisions Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.

Agency form number: FR 4100.

OMB control number: 7100-0309.

Frequency: On occasion.

Respondents: State member banks, bank holding companies (BHCs), affiliates and certain non-banking subsidiaries of BHCs, uninsured state agencies and branches of foreign banks, commercial lending companies owned or controlled by foreign banks, savings and loan holding companies, and Edge and agreement corporations.

Estimated number of respondents: Recordkeeping, 1; Reporting, 831; Disclosure, 831.

Estimated average hours per response: Recordkeeping, 24 hours; Reporting, 9 hours; Disclosure, 27 hours.

Estimated annual burden hours: Recordkeeping, 24 hours; Reporting, 7,479 hours; Disclosure, 22,437 hours.

General description of report: The FR 4100 is the Board's information collection associated with the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (“ID-Theft Guidance” or “Guidance”). The ID-Theft Guidance was published in the Federal Register in March 2005. The ID-Theft Guidance, which applies to financial institutions, was issued in response to developing trends in the theft and accompanying misuse of customer information. The Guidance includes certain voluntary reporting, recordkeeping, and disclosure provisions.

Legal authorization and confidentiality: The FR 4100 is authorized by section 501(b) of the Gramm-Leach-Bliley Act, which requires the Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency to establish appropriate standards for financial institutions to develop and implement an information security program designed to protect their customers' information and a response program that specifies actions to be taken when the institution suspects or detects that unauthorized individuals have gained access to customer information systems.

Because the provisions under the FR 4100 are contained in guidance, which is nonbinding, the provisions are voluntary.

The disclosure provisions of FR 4100 are not confidential. The records maintained under recordkeeping provisions of FR 4100 would be maintained at each banking organization, and the Freedom of Information Act (“FOIA”) would only be implicated if the Board obtained such records as part of the examination or supervision of a banking organization. In the event the records are obtained by the Board as part of an examination or supervision of a financial institution, this information may be considered confidential pursuant to exemption 8 of the FOIA, which protects information contained in “examination, operating, or condition reports” obtained in the bank supervisory process. In addition, the information obtained by the Board under the FR 4100 may also be kept confidential under exemption 4 for the FOIA, which protects commercial or financial information obtained from a person that is privileged or confidential.

Consultation outside the agency: Representatives from the Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency responsible for the reporting, recordkeeping, and disclosure requirements associated with the ID-Theft Guidance have reviewed their respective information collections and agreed that no revisions to the collections are necessary at this time.