[Federal Register Volume 71, Number 22 (Thursday, February 2, 2006)]
[Proposed Rules]
[Pages 5631-5637]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-1326]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 275

[DOD-2006-OS-0006]
RIN 0790-AH84


Obtaining Information From Financial Institutions

AGENCY: Department of Defense.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Defense is proposing to revise its current 
policies concerning obtaining information from financial institutions 
under the Right to Financial Privacy Act of 1978, as amended (12 U.S.C. 
chapter 35). This part prescribes practices and procedures for the 
Department of Defense to obtain from a financial institution the 
financial records of its customers.

DATES: Comments must be received by April 3, 2006.

ADDRESSES: You may submit comments, identified by docket number and or 
RIN number and title, by any of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Federal Docket Management System Office, 1160 
Defense Pentagon, Washington, DC 20301-1160.
    Instructions: All submissions received must include the agency name 
and docket number or Regulatory Information Number (RIN) for this 
Federal Register document. The general policy for comments and other 
submissions from members of the public is to make these submissions 
available for public viewing on the Internet at http://regulations.gov 
as they are received without change, including any personal identifiers 
or contact information.

FOR FURTHER INFORMATION CONTACT: Mr. Vahan Moushegian, Jr., at (703) 
607-2943.

SUPPLEMENTARY INFORMATION:

Executive Order 12866, ``Regulatory Planning and Review''

    It has been determined that Privacy Act rules for the Department of 
Defense are not significant rules. The rules do not (1) Have an annual 
effect on the economy of $100 million or more or adversely affect in a 
material way the economy; a sector of the economy; productivity; 
competition; jobs; the environment; public health or safety; or State, 
local, or tribal governments or communities; (2) Create a serious

[[Page 5632]]

inconsistency or otherwise interfere with an action taken or planned by 
another Agency; (3) Materially alter the budgetary impact of 
entitlements, grants, user fees, or loan programs, or the rights and 
obligations of recipients thereof; or (4) Raise novel legal or policy 
issues arising out of legal mandates, the President's priorities, or 
the principles set forth in this Executive order.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)

    It has been determined that Privacy Act rules for the Department of 
Defense do not have significant economic impact on a substantial number 
of small entities because they are concerned only with the 
administration of Privacy Act systems of records within the Department 
of Defense.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been determined that Privacy Act rules for the Department of 
Defense impose no information requirements beyond the Department of 
Defense and that the information collected within the Department of 
Defense is necessary and consistent with 5 U.S.C. 552a, known as the 
Privacy Act of 1974.

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    It has been determined that Privacy Act rulemaking for the 
Department of Defense does not involve a Federal mandate that may 
result in the expenditure by State, local and tribal governments, in 
the aggregate, or by the private sector, of $100 million or more and 
that such rulemaking will not significantly or uniquely affect small 
governments.

Executive Order 13132, ``Federalism''

    It has been determined that Privacy Act rules for the Department of 
Defense do not have federalism implications. The rules do not have 
substantial direct effects on the States, on the relationship between 
the National Government and the States, or on the distribution of power 
and responsibilities among the various levels of government.

List of Subjects in 32 CFR Part 275

    Banks, banking; Credit; Privacy.

    Accordingly, 32 CFR part 275 is proposed to be revised as follows:

PART 275--OBTAINING INFORMATION FROM FINANCIAL INSTITUTIONS; RIGHT 
TO FINANCIAL PRIVACY ACT OF 1978

Sec.
275.1 Purpose.
275.2 Applicability and scope.
275.3 Definitions.
275.4 Policy.
275.5 Responsibilities.
275.6 Obtaining basic identifying account information.
275.7 Obtaining customer authorization.
275.8 Obtaining access by administrative or judicial subpoena or by 
formal written request.
275.9 Obtaining access by search warrant.
275.10 Obtaining access for foreign intelligence, foreign 
counterintelligence, and international terrorist activities or 
investigations.
275.11 Obtaining emergency access.
275.12 Releasing information obtained from financial institutions.
275.13 Procedures for delay of notice.
275.14 Obtaining access to financial records overseas.
Appendix A to Part 275--Format for Obtaining Basic Identifying 
Account Information
Appendix B to Part 275--Format for Customer Authorization
Appendix C to Part 275--Format for a Formal Written Request
Appendix D to Part 275--Format for Customer Notice for 
Administrative or Judicial Subpoena or for Formal Written Request
Appendix E to Part 275--Format for Certificate of Compliance with 
the Right to Financial Privacy Act of 1978

    Authority: 12 U.S.C. 3401, et seq.


Sec.  275.1  Purpose.

    This part:
    (a) Updates policies and responsibilities, and prescribes 
procedures for obtaining access to financial records maintained by 
financial institutions.
    (b) Implements 12 U.S.C. Chapter 35 by providing guidance on the 
requirements and conditions for obtaining financial records.


Sec.  275.2  Applicability and scope.

    This part applies to:
    (a) The Office of the Secretary of Defense, the Military 
Departments, the Chairman of the Joint Chiefs of Staff, the Combatant 
Commands, the Office of the Inspector General of the Department of 
Defense, the Defense Agencies, the DoD Field Activities, and all other 
organizational entities in the Department of Defense (hereafter 
referred to collectively as the ``DoD Components'').
    (b) Only to financial records maintained by financial institutions.


Sec.  275.3  Definitions.

    (a) Administrative Summons or Subpoena. A statutory writ issued by 
a Government Authority.
    (b) Customer. Any person or authorized representative of that 
person who used or is using any service of a financial institution or 
for whom a financial institution is acting or has acted as fiduciary 
for an account maintained in the name of that person.
    (c) Financial Institution (for intelligence activity purposes 
only).
    (1) An insured bank (includes a foreign bank having an insured 
branch) whose deposits are insured under the Federal Deposit Insurance 
Act.
    (2) A commercial bank or trust company.
    (3) A private banker.
    (4) An agency or branch of a foreign bank in the United States.
    (5) Any credit union.
    (6) A thrift institution.
    (7) A broker or dealer registered with the Securities and Exchange 
Commission.
    (8) A broker or dealer in securities or commodities.
    (9) An investment banker or investment company.
    (10) A currency exchange.
    (11) An issuer, redeemer, or cashier of travelers' checks, checks, 
money orders, or similar instruments.
    (12) An operator of a credit card system.
    (13) An insurance company.
    (14) A dealer in precious metals, stones, or jewels.
    (15) A pawnbroker.
    (16) A loan or finance company.
    (17) A travel agency.
    (18) A licensed sender of money or any other person who engages as 
a business in the transmission of funds, including any person who 
engages as a business in an informal money transfer system or any 
network of people who engage as a business in facilitating the transfer 
of money domestically or internationally outside of the conventional 
financial institutions system.
    (19) A telegraph company.
    (20) A business engaged in vehicle sales, including automobile, 
airplane, and boat sales.
    (21) Persons involved in real estate closings and settlements.
    (22) The United States Postal Service.
    (23) An agency of the United States Government or of a State or 
local government performing a duty or power of a business described in 
this definition.
    (24) A casino, gambling casino, or gaming establishment with an 
annual gaming revenue of more than $1,000,000 which is licensed as a 
casino, gambling casino, or gaming establishment under the laws of a 
State or locality or is an Indian gaming operation conducted pursuant 
to, and as authorized by, the Indian Gaming Regulatory Act.
    (25) Any business or agency that engages in any activity which the

[[Page 5633]]

Secretary of the Treasury, by regulation determines to be an activity 
in which any business described in this definition is authorized to 
engage; or any other business designated by the Secretary of the 
Treasury whose cash transactions have a high degree of usefulness in 
criminal, tax, or regulatory matters.
    (26) Any futures commission merchant, commodity trading advisor, or 
commodity pool operator registered, or required to register, under the 
Commodity Exchange Act that is located inside any State or territory of 
the United States, the District of Columbia, Puerto Rico, Guam, 
American Samoa, the Commonwealth of the Northern Mariana Islands, or 
the United States Virgin Islands.
    (d) Financial Institution (other than for intelligence activity 
purposes). Any office of a bank, savings bank, credit card issuer, 
industrial loan company, trust company, savings association, building 
and loan, or homestead association (including cooperative banks), 
credit union, or consumer finance institution that is located in any 
state or territory of the United States, or in the District of 
Columbia, Puerto Rico, Guam, American Samoa, or the Virgin Islands.
    (e) Financial Record. An original, its copy, or information known 
to have been derived from the original record held by a financial 
institution that pertains to a customer's relationship with the 
financial institution.
    (f) Government Authority. Any agency or Department of the United 
States, or any officer, employee, or agent thereof, to include DoD law 
enforcement offices, personnel security elements, and/or intelligence 
organizations.
    (g) Intelligence Activities. The collection, production, and 
dissemination of foreign intelligence and counterintelligence, to 
include investigation or analyses related to international terrorism, 
by DoD intelligence organizations.
    (h) Intelligence Organizations. Any element of a DoD Component 
authorized by the Secretary of Defense to conduct intelligence 
activities.
    (i) Law Enforcement Inquiry. A lawful investigation or official 
proceeding that inquires into a violation of or failure to comply with 
a criminal or civil statute, or any rule, regulation, or order issued 
pursuant thereto.
    (j) Law Enforcement Office. Any element of a DoD Component 
authorized by the Head of the DoD Component conducting law enforcement 
inquiries.
    (k) Person. An individual or a partnership consisting of five or 
fewer individuals.
    (l) Personnel Security Element. Any element of a DoD Component 
authorized by the Secretary of Defense conducting personnel security 
investigations.
    (m) Personnel Security Investigation. An investigation required for 
determining a person's eligibility for access to classified 
information, acceptance or retention in the Armed Forces, assignment or 
retention in sensitive duties, or other designated duties requiring 
such investigation. Personnel security investigations include 
investigations conducted for the purpose of making personnel security 
determinations. They also include investigations of allegations that 
may arise subsequent to favorable adjudicative action and require 
resolution to determine a person's current eligibility for access to 
classified information or assignment or retention in a sensitive 
position.


Sec.  275.4  Policy.

    It is DoD policy that:
    (a) Authorization of the customer to whom the financial records 
pertain shall be sought unless doing so compromises or harmfully delays 
either a legitimate law enforcement inquiry or a lawful intelligence 
activity. If the person declines to consent to disclosure, the 
alternative means of obtaining the records authorized by this part 
shall be utilized.
    (b) The provisions of 12 U.S.C. Chapter 35 do not govern obtaining 
access to financial records maintained by military banking contractors 
located outside the United States, the District of Columbia, Guam, 
American Samoa, Puerto Rico, and the Virgin Islands. The guidance set 
forth in Sec.  275.14 may be used to obtain financial information from 
these contractor operated facilities.


Sec.  275.5  Responsibilities.

    (a) The Director of Administration and Management, Office of the 
Secretary of Defense shall:
    (1) Exercise oversight to ensure compliance with this part.
    (2) Provide policy guidance to affected DoD Components to implement 
this part.
    (b) The Secretaries of the Military Departments and the Heads of 
the affected DoD Components shall:
    (1) Implement policies and procedures to ensure implementation of 
this part when seeking access to financial records.
    (2) Adhere to the guidance and procedures contained in this part.


Sec.  275.6  Obtaining basic identifying account information.

    (a) A DoD law enforcement office may issue a formal written request 
for basic identifying account information to a financial institution 
relevant to a legitimate law enforcement inquiry. A request may be 
issued to a financial institution for any or all of the following 
identifying data:
    (1) Name.
    (2) Address.
    (3) Account number.
    (4) Type of account of any customer or ascertainable group of 
customers associated with a financial transaction or class of financial 
transactions.
    (b) The notice (Sec.  275.8(b)), challenge (Sec.  275.9(d)), and 
transfer (Sec.  275.12(b)) requirements of this part shall not apply 
when a Government authority is seeking only the above specified basic 
identifying information concerning a customer's account.
    (c) A format for obtaining basic identifying account information is 
set forth in Appendix A to this part.


Sec.  275.7  Obtaining customer authorization.

    (a) A DoD law enforcement office or personal security element 
seeking access to a person's financial records shall, when feasible, 
obtain the customer's consent.
    (b) Any authorization obtained under paragraph (a) of this section, 
shall:
    (1) Be in writing, signed, and dated.
    (2) Identify the particular financial records that are being 
disclosed.
    (3) State that the customer may revoke the authorization at any 
time before disclosure.
    (4) Specify the purposes for disclosure and to which Governmental 
authority the records may be disclosed.
    (5) Authorize the disclosure for a period not in excess of 3 
months.
    (6) Contain a ``Statement of Customer Rights'' as required by 12 
U.S.C. Chapter 35 (see Appendix B to this part).
    (7) Contain a Privacy Act Statement as required by 32 CFR part 310 
for a personnel security investigation.
    (c) Any customer's authorization not containing all of the elements 
listed in paragraph (b) of this section, shall be void. A customer 
authorization form, in a format set forth in Appendix B to this part, 
shall be used for this purpose.
    (d) A copy of the customer's authorization shall be made a part of 
the law enforcement or personnel security file where the financial 
records are maintained.
    (e) A certificate of compliance stating that the applicable 
requirements of 12 U.S.C. Chapter 35 have been met (Appendix E to this 
part), along with the customer's authorization, shall be

[[Page 5634]]

provided to the financial institution as a prerequisite to obtaining 
access to financial records.


Sec.  275.8  Obtaining access by administrative or judicial subpoena or 
by formal written request.

    (a) Access to information contained in financial records from a 
financial institution may be obtained by Government authority when the 
nature of the records is reasonably described and the records are 
acquired by:
    (1) Administrative Summons or Subpoena. (i) Within the Department 
of Defense, the Inspector General, DoD, has the authority under the 
Inspector General Act to issue administrative subpoenas for access to 
financial records. No other DoD Component official may issue summons or 
subpoenas for access to these records.
    (ii) The Inspector General, DoD shall issue administrative 
subpoenas for access to financial records in accordance with 
established procedures but subject to the procedural requirements of 
this section.
    (2) Judicial Subpoena.
    (3) Formal Written Request.
    (i) Formal requests may only be used if an administrative summons 
or subpoena is not reasonably available to obtain the financial 
records.
    (ii) A formal written request shall be in a format set forth in 
Appendix C to this part and shall:
    (A) State that the request is issued under 12 U.S.C. Chapter 35 and 
the DoD Component's implementation of this part.
    (B) Describe the specific records to be examined.
    (C) State that access is sought in connection with a legitimate law 
enforcement inquiry.
    (D) Describe the nature of the inquiry.
    (E) Be signed by the head of the law enforcement office or a 
designee.
    (b) A copy of the administrative or judicial subpoena or formal 
request, along with a notice specifying the nature of the law 
enforcement inquiry, shall be served on the person or mailed to the 
person's last known mailing address on or before the subpoena is served 
on the financial institution unless a delay of notice has been obtained 
under Sec.  275.13.
    (c) The notice to the customer shall be in a format similar to 
Appendix D to this part and shall be personally served at least 10 days 
or mailed at least 14 days prior to the date on which access is sought.
    (d) The customer shall have 10 days to challenge a notice request 
when personal service is made and 14 days when service is by mail.
    (e) No access to financial records shall be attempted before the 
expiration of the pertinent time period while awaiting receipt of a 
potential customer challenge, or prior to the adjudication of any 
challenge made.
    (f) The official who signs the customer notice shall be designated 
to receive any challenge from the customer.
    (g) When a customer fails to file a challenge to access to 
financial records within the above pertinent time periods, or after a 
challenge is adjudicated in favor of the law enforcement office, the 
head of the office, or a designee, shall certify in writing to the 
financial institution that such office has complied with the 
requirements of 12 U.S.C. Chapter 35. No access to any financial 
records shall be made before such certification (Appendix E to this 
part) is provided the financial institution.


Sec.  275.9  Obtaining access by search warrant.

    (a) A Government authority may obtain financial records by using a 
search warrant obtained under Rule 41 of the Federal Rules of Criminal 
Procedure.
    (b) Unless a delay of notice has been obtained under provisions of 
Sec.  275.13, the law enforcement office shall, no later than 90 days 
after serving the search warrant, mail to the customer's last known 
address a copy of the search warrant together with the following 
notice:

    Records or information concerning your transactions held by the 
financial institution named in the attached search warrant were 
obtained by this [DoD office or activity] on [date] for the 
following purpose: [state purpose]. You may have rights under the 
Right to Financial Privacy Act of 1978.

    (c) In any state or territory of the United States, or in the 
District of Columbia, Puerto Rico, Guam, American Samoa, or the Virgin 
Islands, search authorizations signed by installation commanders, 
military judges, or magistrates shall not be used to gain access to 
financial records.


Sec.  275.10  Obtaining access for foreign intelligence, foreign 
counterintelligence, and international terrorist activities or 
investigations.

    (a) Financial records may be obtained from a financial institution 
(as identified at Sec.  275.3) by an intelligence organization, as 
identified in DoD Directive 5240.1,\1\ authorized to conduct 
intelligence activities, to include investigation or analyses related 
to international terrorism, pursuant to DoD Directive 5240.1 and 
Executive Order 12333.
---------------------------------------------------------------------------

    \1\ Copies may be obtained at http://www.dtic.mil/whs/directives/.
---------------------------------------------------------------------------

    (b) The provisions of this part do not apply to the production and 
disclosure of financial records when requests are submitted by 
intelligence organizations except as may be required by this section.
    (c) When a request for financial records is made under paragraph 
(a) of this section, a Component official designated by the Secretary 
of Defense, the Secretary of a Military Department, or the Head of the 
DoD Component authorized to conduct foreign intelligence or foreign 
counterintelligence activities shall certify to the financial 
institution that the requesting Component has complied with the 
provisions of 12 U.S.C. Chapter 35. Such certification in a format 
similar to Sec.  275.13 to this part shall be made before obtaining any 
records.
    (d) An intelligence organization requesting financial records under 
paragraph (a) of this section, may notify the financial institution 
from which records are sought 12 U.S.C. 3414(3) prohibits disclosure to 
any person by the institution, its agents, or employees that financial 
records have been sought or obtained. An intelligence organization 
requesting financial records under paragraph (a) of this section, shall 
maintain an annual tabulation of the occasions.
    (e) An intelligence organization requesting financial records under 
paragraph (a) of this section, shall maintain an annual tabulation of 
the occasions in which this access procedure was used.


Sec.  275.11  Obtaining emergency access.

    (a) Except as provided in paragraphs (b) and (c) of this section, 
nothing in this part shall apply to a request for financial records 
from a financial institution when a determination is made that a delay 
in obtaining access to such records would create an imminent danger of:
    (1) Physical injury to any person.
    (2) Serious property damage.
    (3) Flight to avoid prosecution.
    (b) When access is made to financial records under paragraph (a) of 
this section, a Component official designated by the Secretary of 
Defense or the Secretary of a Military Department shall:
    (1) Certify in writing, in a format set forth in Appendix E to this 
part, to the financial institution that the Component has complied with 
the provisions of 12 U.S.C. Chapter 35, as a prerequisite to obtaining 
access.
    (2) Submit for filing with the appropriate court a signed sworn 
statement setting forth the grounds for

[[Page 5635]]

the emergency access within 5 days of obtaining access to financial 
records.
    (c)(1) When access to financial records are obtained under 
paragraph (a) of this section, a copy of the request, along with the 
following notice, shall be served on the person or mailed to the 
person's last known mailing address as soon as practicable after the 
records have been obtained unless a delay of notice has been obtained 
under Sec.  275.13.

    Records concerning your transactions held by the financial 
institution named in the attached request were obtained by [Agency 
or Department] under the Right to Financial Privacy Act of 1978 on 
[date] for the following purpose: [state with reasonable specificity 
the nature of the law enforcement inquiry]. Emergency access to such 
records was obtained on the grounds that [state grounds].

    (2) Mailings under this paragraph shall be by certified or 
registered mail.


Sec.  275.12  Releasing information obtained from financial 
institutions.

    (a) Financial records obtained under 12 U.S.C. Chapter 35 shall be 
marked: ``This record was obtained pursuant to the Right to Financial 
Privacy Act of 1978, 12 U.S.C. 3401 et seq., and may not be transferred 
to another Federal Agency or Department without prior compliance with 
the transferring requirements of 12 U.S.C. 3412.''
    (b) Financial records obtained under this part shall not be 
transferred to another Agency or Department outside the Department of 
Defense unless the head of the transferring law enforcement office, 
personnel security element, or intelligence organization, or designee, 
certifies in writing that there is reason to believe that the records 
are relevant to a legitimate law enforcement inquiry, or intelligence 
or counterintelligence activity (to include investigation or analyses 
related to international terrorism) within the jurisdiction of the 
receiving Agency or Department. Such certificates shall be maintained 
with the DoD Component along with a copy of the released records.
    (c) Subject to paragraph (d) of this section, unless a delay of 
customer notice has been obtained under Sec.  275.13, the law 
enforcement office or personnel security element shall, within 14 days, 
personally serve or mail to the customer, at his or her last known 
address, a copy of the certificate required by paragraph (b) of this 
section, along with the following notice:

    Copies of or information contained in your financial records 
lawfully in possession of [name of Component] have been furnished to 
[name of Agency or Department] pursuant to the Right to Financial 
Privacy Act of 1978 for the following purposes: [state the nature of 
the law enforcement inquiry with reasonable specificity]. If you 
believe that this transfer has not been made to further a legitimate 
law enforcement inquiry, you may have legal rights under the 
Financial Privacy Act of 1978 or the Privacy Act of 1974.

    (d) If a request for release of information is from a Federal 
Agency, as identified in E.O. 12333, authorized to conduct foreign 
intelligence or foreign counterintelligence activities, the 
transferring DoD Component shall release the information without 
notifying the customer, unless permission to provide notification is 
given in writing by the requesting Agency.
    (e) Whenever financial data obtained under this part is 
incorporated into a report of investigation or other correspondence; 
precautions must be taken to ensure that:
    (1) The reports or correspondence are not distributed outside the 
Department of Defense except in compliance with paragraph (b) of this 
section; and
    (2) The report or other correspondence contains an appropriate 
warning restriction on the first page or cover. Such a warning could 
read as follows:

    Some of the information contained herein (cite specific 
paragraph) is financial record information which was obtained 
pursuant to the Right to Privacy Act of 1978, 12 U.S.C. 3401 et seq. 
This information may not be released to another Federal Agency or 
Department outside the Department of Defense except for those 
purposes expressly authorized by Act.

Sec.  275.13  Procedures for delay of notice.

    (a) The customer notice required when seeking an administrative 
subpoena or summons (Sec.  275.8(b)), obtaining a search warrant (Sec.  
275.9(b)), seeking a judicial subpoena (paragraph (b) to appendix C to 
this part), making a formal written request (Sec.  275.8(b)), obtaining 
emergency access (Sec.  275.11(c)), or transferring information (Sec.  
275.12(c)) may be delayed for an initial period of 90 days and 
successive periods of 90 days. The notice required when obtaining a 
search warrant (Sec.  275.9(b)) may be delayed for a period of 180 days 
and successive periods of 90 days. A delay of notice may only be made 
by an order of an appropriate court if the presiding judge or 
magistrate finds that:
    (1) The investigation is within the lawful jurisdiction of the 
Government authority seeking the records.
    (2) There is reason to believe the records being sought are 
relevant to a law enforcement inquiry.
    (3) There is reason to believe that serving the notice will result 
in:
    (i) Endangering the life or physical safety of any person.
    (ii) Flight from prosecution.
    (iii) Destruction of or tampering with evidence.
    (iv) Intimidation of potential witnesses.
    (v) Otherwise seriously jeopardizing an investigation or official 
proceeding or unduly delaying a trial or ongoing official proceeding to 
the same degree as the circumstances in paragraphs (a)(2)(i). through 
(a)(2)(iv) of this section.
    (b) When a delay of notice is appropriate, legal counsel shall be 
consulted to obtain such a delay. Application for delays of notice 
shall be made with reasonable specificity.
    (c) Upon the expiration of a delay of notification obtained under 
paragraph (a) of this section for a search warrant, the law enforcement 
office obtaining such records shall mail to the customer a copy of the 
search warrant, along with the following notice:

    Records or information concerning your transactions held by the 
financial institution named in the attached search warrant were 
obtained by this [agency or department] on [date].
    Notification was delayed beyond the statutory 180-day delay 
period pursuant to a determination by the court that such notice 
would seriously jeopardize an investigation concerning [state with 
reasonable specificity]. You may have rights under the Right to 
Financial Privacy Act of 1978.

    (d) Upon the expiration of all other delays of notification 
obtained under paragraph (a) of this section, the customer shall be 
served with or mailed a copy of the legal process or formal request, 
together with the following notice which shall state with reasonable 
specificity the nature of the law enforcement inquiry.

    Records or information concerning your transactions which are 
held by the financial institution named in the attached process or 
request were supplied to or requested by the Government authority 
named in the process or request on (date). Notification was withheld 
pursuant to a determination by the (title of the court ordering the 
delay) under the Right to Financial Privacy Act of 1978 that such 
notice might (state the reason). The purpose of the investigation or 
official proceeding was (state the purpose).


Sec.  275.14  Obtaining access to financial records overseas.

    (a) The provisions of 12 U.S.C. Chapter 35 do not govern obtaining 
access to financial records maintained by military banking contractors 
overseas or other financial institutions in offices located on DoD 
installations outside the United States, the District of Columbia, 
Guam, American Samoa, Puerto Rico, or the Virgin Islands.

[[Page 5636]]

    (b) Access to financial records held by such contractors or 
institutions is preferably obtained by customer authorization. However, 
in those cases where it would not be appropriate to obtain this 
authorization or where such authorization is refused and the financial 
institution is not otherwise willing to provide access to its records:
    (1) A law enforcement activity may seek access by the use of a 
search authorization issued pursuant to established Component 
procedures; Rule 315, Military Rules of Evidence (Part III, Manual for 
Courts-Martial); and Article 46 of the Uniform Code of Military 
Justice.
    (2) An intelligence organization may seek access pursuant to 
Procedure 7 of DoD 5240.1-R.
    (3) Information obtained under this section shall be properly 
identified as financial information and transferred only where an 
official need-to-know exists. Failure to identify or limit access in 
accordance with this paragraph does not render the information 
inadmissible in courts-martial or other proceedings.
    (4) Access to financial records maintained by all other financial 
institutions overseas by law enforcement activities shall be in 
accordance with the local foreign statutes or procedures governing such 
access.

Appendix A to Part 275--Format for Obtaining Basic Identifying Account 
Information

[Official Letterhead]
[Date]

Mr./Mrs. XXXXXXXXXX,
Chief Teller [as appropriate],
First National Bank,
Anywhere, VA 00000-0000,

Dear Mr./Mrs. XXXXXXXXXX: In connection with a legitimate law 
enforcement inquiry and pursuant to section 3413(g) of the Right to 
Financial Privacy Act of 1978, 12 U.S.C. 3401 et. seq., you are 
requested to provide the following account information:
    [Name, address, account number, and type of account of any 
customer or ascertainable group of customers associated with a 
financial transaction or class of financial transactions.]
    I hereby certify, pursuant to section 3403(b) of the Right of 
Financial Privacy Act of 1978, that the provisions of the Act have 
been complied with as to this request for account information.
    Under section 3417(c) of the Act, good faith reliance upon this 
certification relieves your institution and its employees and agents 
of any possible liability to the customer in connection with the 
disclosure of the requested financial records.

[Official Signature Block]

Appendix B to Part 275--Format for Customer Authorization

    Pursuant to section 3404(a) of the Right to Financial Privacy 
Act of 1978, I, [Name of customer], having read the explanation of 
my rights on the reverse side, hereby authorize the [Name and 
address of financial institution] to disclose these financial 
records: [List the particular financial records] to [DoD Component] 
for the following purpose(s): [Specify the purpose(s)].
    I understand that the authorization may be revoked by me in 
writing at any time before my records, as described above, are 
disclosed, and that this authorization is valid for no more than 
three months from the date of my signature.

Signature:-------------------------------------------------------------

Date:------------------------------------------------------------------

[Typed name]-----------------------------------------------------------

[Mailing address of customer]------------------------------------------

Statement of Customer Rights Under the Right to Financial Privacy Act 
of 1978

    Federal law protects the privacy of your financial records.
    Before banks, savings and loan associations, credit unions, 
credit card issuers, or other financial institutions may give 
financial information about you to a Federal Agency, certain 
procedures must be followed.

Authorization To Access Financial Records

    You may be asked to authorize the financial institution to make 
your financial records available to the Government. You may withhold 
your authorization, and your authorization is not required as a 
condition of doing business with any financial institution. If you 
provide authorization, it can be revoked in writing at any time 
before your records are disclosed. Furthermore, any authorization 
you provide is effective for only three months, and your financial 
institution must keep a record of the instances in which it 
discloses your financial information.

Without Your Authorization

    Without your authorization, a Federal Agency that wants to see 
your financial records may do so ordinarily only by means of a 
lawful administrative subpoena or summons, search warrant, judicial 
subpoena, or formal written request for that purpose. Generally, the 
Federal Agency must give you advance notice of its request for your 
records explaining why the information is being sought and telling 
you how to object in court.
    The Federal Agency must also send you copies of court documents 
to be prepared by you with instructions for filling them out. While 
these procedures will be kept as simple as possible, you may want to 
consult an attorney before making a challenge to a Federal Agency's 
request.

Exceptions

    In some circumstances, a Federal Agency may obtain financial 
information about you without advance notice or your authorization. 
In most of these cases, the Federal Agency will be required to go to 
court for permission to obtain your records without giving you 
notice beforehand. In these instances, the court will make the 
Government show that its investigation and request for your records 
are proper. When the reason for the delay of notice no longer 
exists, you will be notified that your records were obtained.

Transfer of Information

    Generally, a Federal Agency that obtains your financial records 
is prohibited from transferring them to another Federal Agency 
unless it certifies in writing that the transfer is proper and sends 
a notice to you that your records have been sent to another Agency.

Penalties

    If the Federal Agency or financial institution violates the 
Right to Financial Privacy Act, you may sue for damages or seek 
compliance with the law. If you win, you may be repaid your 
attorney's fee and costs.

Additional Information

    If you have any questions about your rights under this law, or 
about how to consent to release your financial records, please call 
the official whose name and telephone number appears below:

-----------------------------------------------------------------------
(Last Name, First Name, Middle Initial) Title

(Area Code) (Telephone number)

-----------------------------------------------------------------------
(Component activity, Local Mailing Address)

Appendix C to Part 275--Format for Formal Written Request

[Official Letterhead]
[Date]

Mr./Mrs. XXXXXXXXXX,
President (as appropriate),
City National Bank and Trust Company,
Anytown, VA 00000-0000.

Dear Mr./Mrs. XXXXXXXXXXXXX: In connection with a legitimate law 
enforcement inquiry and pursuant to section 3402(5) and section 3408 
of the Right to Financial Privacy Act of 1978, 12 U.S.C. 3401 et 
seq., and [cite Component's implementation of this Part], you are 
requested to provide the following account information pertaining to 
the subject:
    [Describe the specific records to be examined]
    The [DoD Component] is without authority to issue an 
administrative summons or subpoena for access to these financial 
records which are required for [Describe the nature or purpose of 
the inquiry].
    A copy of this request was [personally served upon or mailed to 
the subject on [date] who has [10 or 14] days in which to challenge 
this request by filing an application in an appropriate United 
States District Court if the subject desires to do so.
    Upon the expiration of the above mentioned time period and 
absent any filing or challenge by the subject, you will be furnished 
a certification certifying in writing that the applicable provisions 
of the Act have been complied with prior to obtaining the requested 
records. Upon your receipt of a Certificate of Compliance with the 
Right to Financial Privacy Act of 1978, you will be relieved of any 
possible liability to the

[[Page 5637]]

subject in connection with the disclosure of the requested financial 
records.

[Official Signature Block]

Appendix D to Part 275--Format for Customer Notice for Administrative 
or Judicial Subpoena or for a Formal Written Request

[Official Letterhead]
[Date]

Mr./Ms. XXXXX X. XXXX,
1500 N. Main Street,
Anytown, VA 00000-0000.

Dear Mr./Ms. XXXX: Information or records concerning your 
transactions held by the financial institution named in the attached 
[administrative subpoena or summons] [judicial subpoena] [request] 
are being sought by the [Agency/Department] in accordance with the 
Right to Financial Privacy Act of 1978, Title 12, United States 
Code, section 3401 et seq., and [Component's implementing document], 
for the following purpose(s):
    [List the purpose(s)]
    If you desire that such records or information not be made 
available, you must:
    1. Fill out the accompanying motion paper and sworn statement or 
write one of your own, stating that you are the customer whose 
records are being requested by the Government and either giving the 
reasons you believe that the records are not relevant to the 
legitimate law enforcement inquiry stated in this notice or any 
other legal basis for objecting to the release of the records.
    2. File the motion and statement by mailing or delivering them 
to the clerk of any one of the following United States District 
Courts:
    [List applicable courts]
    3. Serve the Government authority requesting the records by 
mailing or delivering a copy of your motion and statement to: [Give 
title and address].
    4. Be prepared to come to court and present your position in 
further detail.
    5. You do not need to have a lawyer, although you may wish to 
employ one to represent you and protect your rights.
    If you do not follow the above procedures, upon the expiration 
of 10 days from the date of personal service or 14 days from the 
date of mailing of this notice, the records or information requested 
therein may be made available. These records may be transferred to 
other Government authorities for legitimate law enforcement 
inquiries, in which event you will be notified after the transfer.

[Signature],
[Name and title of official],
[DoD Component],
[Telephone].

Attachments--3
    1. Copy of request
    2. Motion papers
    3. Sworn statement

Appendix E to Part 275--Format for Certificate of Compliance With the 
Right to Financial Privacy Act of 1978

[Official Letterhead]
[Date]

Mr./Mrs. XXXXXXXXXX,
Manager,
Army Federal Credit Union,
Fort Anywhere, VA 00000-0000.

    Dear Mr./Mrs. XXXXXXXXXX: I certify, pursuant to section 3403(b) 
of the Right to Financial Privacy Act of 1978, 12 U.S.C. 3401 et 
seq., that the applicable provisions of that statute have been 
complied with as to the [Customer's authorization, administrative 
subpoena or summons, search warrant, judicial subpoena, formal 
written request, emergency access, as applicable] presented on 
[date], for the following financial records of [customer's name]:
    [Describe the specific records]
    Pursuant to section 3417(c) of the Right to Financial Privacy 
Act of 1978, good faith reliance upon this certificate relieves your 
institution and its employees and agents of any possible liability 
to the customer in connection with the disclosure of these financial 
records.

[Official Signature Block]

    Dated: January 27, 2006.
L.M. Bynum,
Alternate OSD Federal Register Liaison Officer, DoD.
 [FR Doc. E6-1326 Filed 2-1-06; 8:45 am]
BILLING CODE 5001-06-P