[Federal Register Volume 71, Number 86 (Thursday, May 4, 2006)]
[Rules and Regulations]
[Pages 26220-26225]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 06-4144]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 275

[DOD-2006-OS-0072]
RIN 0790-AH84


Obtaining Information From Financial Institutions

AGENCY: Department of Defense.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Defense is revising its current policies 
concerning obtaining information from financial institutions under the 
Right to Financial Privacy Act of 1978, as amended (12 U.S.C. chapter 
35). This part prescribes practices and procedures for the Department 
of Defense to obtain from a financial institution the financial records 
of its customers.

EFFECTIVE DATES: February 2, 2006.

FOR FURTHER INFORMATION CONTACT: Mr. Vahan Moushegian, Jr., at (703) 
607-2943.

SUPPLEMENTARY INFORMATION: The proposed rule was published in the 
Federal Register on February 2, 2006, at 71 FR 5631. No public comments 
were received. The only change made to this final rule was to move 
portions of the information into appendices.

Executive Order 12866, ``Regulatory Planning and Review''

    It has been determined that 32 CFR part 275 is not a significant 
regulatory action. The rule does not (1) Have an annual effect to the 
economy of $100 million or more or adversely affect in a material way 
the economy; a section of the economy; productivity; competition; jobs; 
the environment; public health or safety; or State, local, or tribal 
governments or communities; (2) Create a serious inconsistency or 
otherwise interfere with an action taken or planned by another Agency; 
(3) Materially alter the budgetary impact of entitlements, grants, user 
fees, or loan programs, or the rights and obligations of recipients 
thereof; or (4) Raise novel legal or policy issues arising out of legal 
mandates, the President's priorities, or the principles set forth in 
this Executive order.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)

    It has been certified that this rule is not subject to the 
Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if 
promulgated, have a significant economic impact on a substantial number 
of small entities because it is only concerned with accessing financial 
records as prescribed by Federal law.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been certified that this rule does not impose reporting or 
recordkeeping requirements under the Paperwork Reduction Act of 1995.

Unfunded Mandates Reform Act (Sec. 202, Pub. L. 104-4)

    It has been certified that this rule does not contain a Federal 
mandate that may result in the expenditure by State, local, and tribal 
governments, in the aggregate, or by the private sector, of $100 
million or more in any one year.

Executive Order 13132, ``Federalism''

    It has been certified that this rule does not have federalism 
implications, as set forth in Executive Order 13132. This rule does not 
have substantial direct effects on the States, the relationship between 
the National Government and the States, or the distribution of power 
and responsibilities among the various levels of government.

List of Subjects in 32 CFR Part 275

    Banks, banking, Credit, Privacy.


[[Page 26221]]



0
Accordingly, 32 CFR part 275 is revised as follows:

PART 275--OBTAINING INFORMATION FROM FINANCIAL INSTITUTIONS; RIGHT 
TO FINANCIAL PRIVACY ACT OF 1978

Sec.
275.1 Purpose.
275.2 Applicability and scope.
275.3 Definitions.
275.4 Policy.
275.5 Responsibilities.
Appendix A to Part 275--Obtaining Basic Identifying Account 
Information
Appendix B to Part 275--Obtaining Customer Authorization
Appendix C to Part 275--Obtaining Access by Administrative or 
Judicial Subpoena or by Formal Written Request
Appendix D to Part 275--Obtaining Access by Search Warrant
Appendix E to Part 275--Obtaining Access for Foreign Intelligence, 
Foreign Counterintelligence, and International Terrorist Activities 
or Investigations
Appendix F to Part 275--Obtaining Emergency Access
Appendix G to Part 275--Releasing Information Obtained From 
Financial Institutions
Appendix H to Part 275--Procedures for Delay of Notice
Appendix I to Part4 275--Format for Obtaining Basic Identifying 
Account Information
Appendix J to Part 275--Format for Customer Authorization
Appendix K to Part 275--Format for Formal Written Request
Appendix L to Part 275--Format for Customer Notice for 
Administrative or Judicial Subpoena or for a Formal Written Request
Appendix M to Part 275--Format for Certificate of Compliance With 
the Right to Financial Privacy Act of 1978
Appendix N to Part 275--Obtaining Access to Financial Records 
Overseas

    Authority: 12 U.S.C. 3401, et seq.


Sec.  275.1  Purpose.

    This part:
    (a) Updates policies and responsibilities, and prescribes 
procedures for obtaining access to financial records maintained by 
financial institutions.
    (b) Implements 12 U.S.C. Chapter 35 by providing guidance on the 
requirements and conditions for obtaining financial records.


Sec.  275.2  Applicability and scope.

    This part applies to:
    (a) The Office of the Secretary of Defense, the Military 
Departments, the Chairman of the Joint Chiefs of Staff, the Combatant 
Commands, the Office of the Inspector General of the Department of 
Defense, the Defense Agencies, the DoD Field Activities, and all other 
organizational entities in the Department of Defense (hereafter 
referred to collectively as the ``DoD components'').
    (b) Only to financial records maintained by financial institutions.


Sec.  275.3  Definitions.

    (a) Administrative Summons or Subpoena. A statutory writ issued by 
a Government Authority.
    (b) Customer. Any person or authorized representative of that 
person who used or is using any service of a financial institution or 
for whom a financial institution is acting or has acted as fiduciary 
for an account maintained in the name of that person.
    (c) Financial Institution (for intelligence activity purposes only. 
(1) An insured bank (includes a foreign bank having an insured branch) 
whose deposits are insured under the Federal Deposit Insurance Act.
    (2) A commercial bank or trust company.
    (3) A private banker.
    (4) An agency or branch of a foreign bank in the United States.
    (5) Any credit union.
    (6) A thrift institution.
    (7) A broker or dealer registered with the Securities and Exchange 
Commission.
    (8) A broker or dealer in securities or commodities.
    (9) An investment banker or investment company.
    (10) A currency exchange.
    (11) An issuer, redeemer, or cashier of travelers' checks, checks, 
money orders, or similar instruments.
    (12) An operator of a credit card system.
    (13) An insurance company.
    (14) A dealer in precious metals, stones, or jewels.
    (15) A pawnbroker.
    (16) A loan or finance company.
    (17) A travel agency.
    (18) A licensed sender of money or any other person who engages as 
a business in the transmission of funds, including any person who 
engages as a business in an informal money transfer system or any 
network of people who engage as a business in facilitating the transfer 
of money domestically or internationally outside of the conventional 
financial institutions system.
    (19) A telegraph company.
    (20) A business engaged in vehicle sales, including automobile, 
airplane, and boat sales.
    (21) Persons involved in real estate closings and settlements.
    (22) The United States Postal Service.
    (23) An agency of the United States Government or of a State or 
local government performing a duty or power of a business described in 
this definition.
    (24) A casino, gambling casino, or gaming establishment with an 
annual gaming revenue of more than $1,000,000 which is licensed as a 
casino, gambling casino, or gaming establishment under the laws of a 
State or locality or is an Indian gaming operation conducted pursuant 
to, and as authorized by, the Indian Gaming Regulatory Act.
    (25) Any business or agency that engages in any activity which the 
Secretary of the Treasury, by regulation determines to be an activity 
in which any business described in this definition is authorized to 
engage; or any other business designated by the Secretary of the 
Treasury whose cash transactions have a high degree of usefulness in 
criminal, tax, or regulatory matters.
    (26) Any futures commission merchant, commodity trading advisor, or 
commodity pool operator registered, or required to register, under the 
Commodity Exchange Act that is located inside any State or territory of 
the United States, the District of Columbia, Puerto Rico, Guam, 
American Samoa, the Commonwealth of the Northern Mariana Islands, or 
the United States Virgin Islands.
    (d) Financial Institution (other than for intelligence activity 
purposes). Any office of a bank, savings bank, credit card issuer, 
industrial loan company, trust company, savings association, building 
and loan, or homestead association (including cooperative banks), 
credit union, or consumer finance institution that is located in any 
state or territory of the United States, or in the District of 
Columbia, Puerto Rico, Guam, American Samoa, or the Virgin Islands.
    (e) Financial Record. An original, its copy, or information known 
to have been derived from the original record held by a financial 
institution that pertains to a customer's relationship with the 
financial institution.
    (f) Government Authority. Any agency or Department of the United 
States, or any officer, employee, or agent thereof, to include DoD law 
enforcement offices, personnel security elements, and/or intelligence 
organizations.
    (g) Intelligence Activities. The collection, production, and 
dissemination of foreign intelligence and counterintelligence, to 
include investigation or analyses related to international terrorism, 
by DoD intelligence organizations.
    (h) Intelligence Organizations. Any element of a DoD Component 
authorized by the Secretary of Defense to conduct intelligence 
activities.

[[Page 26222]]

    (i) Law Enforcement Inquiry. A lawful investigation or official 
proceeding that inquires into a violation of or failure to comply with 
a criminal or civil statute, or any rule, regulation, or order issued 
pursuant thereto.
    (j) Law Enforcement Office. Any element of a DoD Component 
authorized by the Head of the DoD Component conducting law enforcement 
inquiries.
    (k) Person. An individual or a partnership consisting of five or 
fewer individuals.
    (l) Personnel Security Element. Any element of a DoD Component 
authorized by the Secretary of Defense conducting personnel security 
investigations.
    (m) Personnel Security Investigation. An investigation required for 
determining a person's eligibility for access to classified 
information, acceptance or retention in the Armed Forces, assignment or 
retention in sensitive duties, or other designated duties requiring 
such investigation. Personnel security investigations include 
investigations conducted for the purpose of making personnel security 
determinations. They also include investigations of allegations that 
may arise subsequent to favorable adjudicative action and require 
resolution to determine a person's current eligibility for access to 
classified information or assignment or retention in a sensitive 
position.


Sec.  275.4  Policy.

    It is DoD policy that:
    (a) Authorization of the customer to whom the financial records 
pertain shall be sought unless doing so compromises or harmfully delays 
either a legitimate law enforcement inquiry or a lawful intelligence 
activity. If the person declines to consent to disclosure, the 
alternative means of obtaining the records authorized by subpart B 
shall be utilized.
    (b) The provisions of 12 U.S.C. Chapter 35 do not govern obtaining 
access to financial records maintained by military banking contractors 
located outside the United States, the District of Columbia, Guam, 
American Samoa, Puerto Rico, and the Virgin Islands. The guidance set 
forth in Appendix N of subpart B may be used to obtain financial 
information from these contractor operated facilities.


Sec.  275.5  Responsibilities.

    (a) The Director of Administration and Management, Office of the 
Secretary of Defense shall:
    (1) Exercise oversight to ensure compliance with this part.
    (2) Provide policy guidance to affected DoD Components to implement 
this part.
    (b) The Secretaries of the Military Departments and the Heads of 
the affected DoD Components shall:
    (1) Implement policies and procedures to ensure implementation of 
this part when seeking access to financial records.
    (2) Adhere to the guidance and procedures contained in this part.

Appendix A to Part 275--Obtaining Basic Identifying Account Information

    A. A DoD law enforcement office may issue a formal written 
request for basic identifying account information to a financial 
institution relevant to a legitimate law enforcement inquiry. A 
request may be issued to a financial institution for any or all of 
the following identifying data:
    1. Name.
    2. Address.
    3. Account number.
    4. Type of account of any customer or ascertainable group of 
customers associated with a financial transaction or class of 
financial transactions.
    B. The notice (paragraph B of Appendix C to this part), 
challenge (paragraph D of Appendix C to this part), and transfer 
(paragraph B. of Appendix G to this part) requirements of this part 
shall not apply when a Government authority is seeking only the 
above specified basic identifying information concerning a 
customer's account.
    C. A format for obtaining basic identifying account information 
is set forth in Appendix I to this part.

Appendix B to Part 275--Obtaining Customer Authorization

    A. A DoD law enforcement office or personal security element 
seeking access to a person's financial records shall, when feasible, 
obtain the customer's consent.
    B. Any authorization obtained under paragraph A. of this 
appendix, shall:
    1. Be in writing, signed, and dated.
    2. Identify the particular financial records that are being 
disclosed.
    3. State that the customer may revoke the authorization at any 
time before disclosure.
    4. Specify the purposes for disclosure and to which Governmental 
authority the records may be disclosed.
    5. Authorize the disclosure for a period not in excess of 3 
months.
    6. Contain a ``State of Customer Rights'' as required by 12 
U.S.C. Chapter 35 (see Appendix J to this part).
    7. Contain a Privacy Act Statement as required by 32 CFR part 
310 for a personnel security investigation.
    C. Any customer's authorization not containing all of the 
elements listed in paragraph B. of this appendix, shall be void. A 
customer authorization form, in a format set forth in Appendix J to 
this part, shall be used for this purpose.
    D. A copy of the customer's authorization shall be made a part 
of the law enforcement or personnel security file where the 
financial records are maintained.
    E. A certificate of compliance stating that the applicable 
requirements of 12 U.S.C. Chapter 35 have been met (Appendix M to 
this part), along with the customer's authorization, shall be 
provided to the financial institution as a prerequisite to obtaining 
access to financial records.

Appendix C to Part 275--Obtaining Access by Administrative or Judicial 
Subpoena or by Formal Written Request

    A. Access to information contained in financial records from a 
financial institution may be obtained by Government authority when 
the nature of the records is reasonably described and the records 
are acquired by:
    1. Administrative Summons or Subpoena. a. Within the Department 
of Defense, the Inspector General, DoD, has the authority under the 
Inspector General Act to issue administrative subpoenas for access 
to financial records. No other DoD Component official may issue 
summons or subpoenas for access to these records.
    b. The Inspector General, DoD shall issue administrative 
subpoenas for access to financial records in accordance with 
established procedures but subject to the procedural requirements of 
this appendix.
    2. Judicial Subpoena.
    3. Formal Written Request.
    a. Formal requests may only be used if an administrative summons 
or subpoena is not reasonably available to obtain the financial 
records.
    b. A formal written request shall be in a format set forth in 
Appendix K to this part and shall:
    1. State that the request is issued under 12 U.S.C. Chapter 35 
and the DoD Component's implementation of this part.
    2. Describe the specific records to be examined.
    3. State that access is sought in connection with a legitimate 
law enforcement inquiry.
    4. Describe the nature of the inquiry.
    5. Be signed by the head of the law enforcement office or a 
designee.
    B. A copy of the administrative or judicial subpoena or formal 
request, along with a notice specifying the nature of the law 
enforcement inquiry, shall be served on the person or mailed to the 
person's last known mailing address on or before the subpoena is 
served on the financial institution unless a delay of notice has 
been obtained under Appendix H of this part.
    C. The notice to the customer shall be in a format similar to 
Appendix L to this part and shall be personally served at least 10 
days or mailed at least 14 days prior to the date on which access is 
sought.
    D. The customer shall have 10 days to challenge a notice request 
when personal service is made and 14 days when service is by mail.
    E. No access to financial records shall be attempted before the 
expiration of the pertinent time period while awaiting receipt of a 
potential customer challenge, or prior to the adjudication of any 
challenge made.
    F. The official who signs the customer notice shall be 
designated to receive any challenge from the customer.

[[Page 26223]]

    G. When a customer fails to file a challenge to access to 
financial records within the above pertinent time periods, or after 
a challenge is adjudicated in favor of the law enforcement office, 
the head of the office, or a designee, shall certify in writing to 
the financial institution that such office has complied with the 
requirements of 12 U.S.C. Chapter 35. No access to any financial 
records shall be made before such certification (Appendix M to this 
part) is provided the financial institution.

Appendix D to Part 275--Obtaining Access By Search Warrant

    A. A Government authority may obtain financial records by using 
a search warrant obtained under Rule 41 of the Federal Rules of 
Criminal Procedure.
    B. Unless a delay of notice has been obtained under provisions 
of Appendix H to this part, the law enforcement office shall, no 
later than 90 days after serving the search warrant, mail to the 
customer's last known address a copy of the search warrant together 
with the following notice:
    ``Records or information concerning your transactions held by 
the financial institution named in the attached search warrant were 
obtained by this [DoD office or activity] on [date] for the 
following purpose: [state purpose]. You may have rights under the 
Right to Financial Privacy Act of 1978.''
    C. In any state or territory of the United States, or in the 
District of Columbia, Puerto Rico, Guam, American Samoa, or the 
Virgin Islands, search authorizations signed by installation 
commanders, military judges, or magistrates shall not be used to 
gain access to financial records.

Appendix E to Part 275--Obtaining Access for Foreign Intelligence, 
Foreign Counterintelligence, and International Terrorist Activities or 
Investigations

    A. Financial records may be obtained from a financial 
institution (as identified at Sec.  275.3) by an intelligence 
organization, as identified in DoD Directive 5240.1 \1\, authorized 
to conduct intelligence activities, to include investigation or 
analyses related to international terrorism, pursuant to DoD 
Directive 5240.1 and Executive Order 12333.
---------------------------------------------------------------------------

    \1\ Copies may be obtained at http://www.dtic.mil/whs/directives/.
---------------------------------------------------------------------------

    B. The provisions of this part do not apply to the production 
and disclosure of financial records when requests are submitted by 
intelligence organizations except as may be required by this 
Appendix.
    C. When a request for financial records is made under paragraph 
A. of this appendix, a Component official designated by the 
Secretary of Defense, the Secretary of a Military Department, or the 
Head of the DoD Component authorized to conduct foreign intelligence 
or foreign counterintelligence activities shall certify to the 
financial institution that the requesting Component has complied 
with the provisions of U.S.C. chapter 35. Such certification in a 
format similar to Appendix M to this part shall be made before 
obtaining any records.
    D. An intelligence organization requesting financial records 
under paragraph A. of this appendix, may notify the financial 
institution from which records are sought 12 U.S.C. 3414(3) 
prohibits disclosure to any person by the institution, its agents, 
or employees that financial records have been sought or obtained. An 
intelligence organization requesting financial records under 
paragraph A. of this appendix, shall maintain an annual tabulation 
of the occasions in
    E. An intelligence organization requesting financial records 
under paragraph A. of this appendix, shall maintain an annual 
tabulation of the occasions in which this access procedure was used.

Appendix F to Part 275--Obtaining Emergency Access

    A. Except as provided in paragraphs B. and C. of this appendix, 
nothing in this part shall apply to a request for financial records 
from a financial institution when a determination is made that a 
delay in obtaining access to such records would create an imminent 
danger of:
    1. Physical injury to any person.
    2. Serious property damage.
    3. Flight to avoid prosecution.
    B. When access is made to financial records under paragraph A of 
this appendix, a Component official designated by the Secretary of 
Defense or the Secretary of a Military Department shall:
    1. Certify in writing, in a format set forth in Appendix M to 
this part, to the financial institution that the Component has 
complied with the provisions of 12 U.S.C. chapter 35, as a 
prerequisite to obtaining access.
    2. Submit for filing with the appropriate court a signed sworn 
statement setting forth the grounds for the emergency access within 
5 days of obtaining access to financial records.
    C. When access to financial records are obtained under paragraph 
A. of this appendix, a copy of the request, along with the following 
notice, shall be served on the person or mailed to the person's last 
known mailing address as soon as practicable after the records have 
been obtained unless a delay of notice has been obtained under 
appendix H of this part.
    ``Records concerning your transactions held by the financial 
institution named in the attached request were obtained by [Agency 
or Department] under the Right to Financial Privacy Act of 1978 on 
[date] for the following purpose: [state with reasonable specificity 
the nature of the law enforcement inquiry]. Emergency access to such 
records was obtained on the grounds that [state grounds].''
    Mailings under this paragraph shall be by certified or 
registered mail.

Appendix G to Part 275--Releasing Information Obtained From Financial 
Institutions

    A. Financial records obtained under 12 U.S.C. chapter 35 shall 
be marked: ``This record was obtained pursuant to the Right to 
Financial Privacy Act of 1978, 12 U.S.C. 3401 et seq., and may not 
be transferred to another Federal Agency or Department without prior 
compliance with the transferring requirements of 12 U.S.C. 3412.''
    B. Financial records obtained under this part shall not be 
transferred to another Agency or Department outside the Department 
of Defense unless the head of the transferring law enforcement 
office, personnel security element, or intelligence organization, or 
designee, certifies in writing that there is reason to believe that 
the records are relevant to a legitimate law enforcement inquiry, or 
intelligence or counterintelligence activity (to include 
investigation or analyses related to international terrorism) within 
the jurisdiction of the receiving Agency or Department. Such 
certificates shall be maintained with the DoD Component along with a 
copy of the released records.
    C. Subject to paragraph D. of this appendix, unless a delay of 
customer notice has been obtained under Appendix H of this part, the 
law enforcement office or personnel security element shall, within 
14 days, personally serve or mail to the customer, at his or her 
last known address, a copy of the certificate required by paragraph 
B., along with the following notice:
    ``Copies of or information contained in your financial records 
lawfully in possession of [name of Component] have been furnished to 
[name of Agency or Department] pursuant to the Right to Financial 
Privacy Act of 1978 for the following purposes: [state the nature of 
the law enforcement inquiry with reasonable specificity]. If you 
believe that this transfer has not been made to further a legitimate 
law enforcement inquiry, you may have legal rights under the 
Financial Privacy Act of 1978 or the Privacy Act of 1974.''
    D. If a request for release of information is from a Federal 
Agency, as identified in E.O. 12333, authorized to conduct foreign 
intelligence or foreign counterintelligence activities, the 
transferring DoD Component shall release the information without 
notifying the customer, unless permission to provide notification is 
given in writing by the requesting Agency.
    E. Whenever financial data obtained under this part is 
incorporated into a report of investigation or other correspondence; 
precautions must be taken to ensure that:
    1. The reports or correspondence are not distributed outside the 
Department of Defense except in compliance with paragraph B.; and
    2. The report or other correspondence contains an appropriate 
warning restriction on the first page or cover. Such a warning could 
read as follows:
    ``Some of the information contained herein (cite specific 
paragraph) is financial record information which was obtained 
pursuant to the Right to Privacy Act of 1978, 12 U.S.C. 3401 et seq. 
This information may not be released to another Federal Agency or 
Department outside the Department of Defense except for those 
purposes expressly authorized by Act.''

Appendix H to Part 275--Procedures for Delay of Notice

    A. The customer notice required when seeking an administrative 
subpoena or summons (paragraph B. of appendix C to this part), 
obtaining a search warrant (paragraph B. of appendix D to this 
part), seeking a judicial subpoena (paragraph B. to appendix

[[Page 26224]]

C to this part), making a formal written request (paragraph B. to 
appendix C to this part), obtaining emergency access (paragraph C. 
of appendix F to this part), or transferring information (paragraph 
C. of appendix G to this part), may be delayed for an initial period 
of 90 days and successive periods of 90 days. The notice required 
when obtaining a search warrant (paragraph B. of appendix D to this 
part) may be delayed for a period of 180 days and successive periods 
of 90 days. A delay of notice may only be made by an order of an 
appropriate court if the presiding judge or magistrate finds that:
    1. The investigation is within the lawful jurisdiction of the 
Government authority seeking the records.
    2. There is reason to believe the records being sought are 
relevant to a law enforcement inquiry.
    3. There is reason to believe that serving the notice will 
result in:
    a. Endangering the life or physical safety of any person.
    b. Flight from prosecution.
    c. Destruction of or tampering with evidence.
    d. Intimidation of potential witnesses.
    e. Otherwise seriously jeopardizing an investigation or official 
proceeding or unduly delaying a trial or ongoing official proceeding 
to the same degree as the circumstances in paragraphs A.2.a. through 
A.2.d. of this appendix.
    B. When a delay of notice is appropriate, legal counsel shall be 
consulted to obtain such a delay. Application for delays of notice 
shall be made with reasonable specificity.
    C. Upon the expiration of a delay of notification obtained under 
paragraph A. of this appendix for a search warrant, the law 
enforcement office obtaining such records shall mail to the customer 
a copy of the search warrant, along with the following notice:
    ``Records or information concerning your transactions held by 
the financial institution named in the attached search warrant were 
obtained by this [agency or department] on [date].
    Notification was delayed beyond the statutory 180-day delay 
period pursuant to a determination by the court that such notice 
would seriously jeopardize an investigation concerning [state with 
reasonable specificity]. You may have rights under the Right to 
Financial Privacy Act of 1978.''
    D. Upon the expiration of all other delays of notification 
obtained under paragraph A. of this appendix, the customer shall be 
served with or mailed a copy of the legal process or formal request, 
together with the following notice which shall state with reasonable 
specificity the nature of the law enforcement inquiry.
    ``Records or information concerning your transactions which are 
held by the financial institution named in the attached process or 
request were supplied to or requested by the Government authority 
named in the process or request on (date). Notification was withheld 
pursuant to a determination by the (title of the court ordering the 
delay) under the Right to Financial Privacy Act of 1978 that such 
notice might (state the reason). The purpose of the investigation or 
official proceeding was (state the purpose).''

Appendix I to Part 275--Format for Obtaining Basic Identifying Account 
Information

[Official Letterhead]

[Date]

Mr./Mrs. XXXXXXXXXX
Chief Teller [as appropriate]
First National Bank
Anywhere, VA 00000-0000

Dear Mr./Mrs. XXXXXXXXXX

    In connection with a legitimate law enforcement inquiry and 
pursuant to section 3413(g) of the Right to Financial Privacy Act of 
1978, 12 U.S.C. 3401 et. seq., you are requested to provide the 
following account information:
    [Name, address, account number, and type of account of any 
customer or ascertainable group of customers associated with a 
financial transaction or class of financial transactions.
    I hereby certify, pursuant to section 3403(b) of the Right of 
Financial Privacy Act of 1978, that the provisions of the Act have 
been complied with as to this request for account information.
    Under section 3417(c) of the Act, good faith reliance upon this 
certification relieves your institution and its employees and agents 
of any possible liability to the customer in connection with the 
disclosure of the requested financial records.

[Official Signature Block]

Appendix J to Part 275--Format for Customer Authorization

    Pursuant to section 3404(a) of the Right to Financial Privacy 
Act of 1978, I, [Name of customer], having read the explanation of 
my rights on the reverse side, hereby authorize the [Name and 
address of financial institution] to disclose these financial 
records: [List the particular financial records] to [DoD Component] 
for the following purpose(s): [Specify the purpose(s)].
    I understand that the authorization may be revoked by me in 
writing at any time before my records, as described above, are 
disclosed, and that this authorization is valid for no more than 
three months from the date of my signature.

Signature:-------------------------------------------------------------

Date:------------------------------------------------------------------

[Typed name]
[Mailing address of customer]

Statement of Customer Rights Under the Right to Financial Privacy Act 
of 1978

    Federal law protects the privacy of your financial records. 
Before banks, savings and loan associations, credit unions, credit 
card issuers, or other financial institutions may give financial 
information about you to a Federal Agency, certain procedures must 
be followed.

Authorization To Access Financial Records

    You may be asked to authorize the financial institution to make 
your financial records available to the Government. You may withhold 
your authorization, and your authorization is not required as a 
condition of doing business with any financial institution. If you 
provide authorization, it can be revoked in writing at any time 
before your records are disclosed. Furthermore, any authorization 
you provide is effective for only three months, and your financial 
institution must keep a record of the instances in which it 
discloses your financial information.

Without Your Authorization

    Without your authorization, a Federal Agency that wants to see 
your financial records may do so ordinarily only by means of a 
lawful administrative subpoena or summons, search warrant, judicial 
subpoena, or formal written request for that purpose. Generally, the 
Federal Agency must give you advance notice of its request for your 
records explaining why the information is being sought and telling 
you how to object in court.
    The Federal Agency must also send you copies of court documents 
to be prepared by you with instructions for filling them out. While 
these procedures will be kept as simple as possible, you may want to 
consult an attorney before making a challenge to a Federal Agency's 
request.

Exceptions

    In some circumstances, a Federal Agency may obtain financial 
information about you without advance notice or your authorization. 
In most of these cases, the Federal Agency will be required to go to 
court for permission to obtain your records without giving you 
notice beforehand. In these instances, the court will make the 
Government show that its investigation and request for your records 
are proper. When the reason for the delay of notice no longer 
exists, you will be notified that your records were obtained.

Transfer of Information

    Generally, a Federal Agency that obtains your financial records 
is prohibited from transferring them to another Federal Agency 
unless it certifies in writing that the transfer is proper and sends 
a notice to you that your records have been sent to another Agency.

Penalties

    If the Federal Agency or financial institution violates the 
Right to Financial Privacy Act, you may sue for damages or seek 
compliance with the law. If you win, you may be repaid your 
attorney's fee and costs.

Additional Information

    If you have any questions about your rights under this law, or 
about how to consent to release your financial records, please call 
the official whose name and telephone number appears below:
-----------------------------------------------------------------------

(Last Name, First name, Middle Initial) Title
(Area Code) (Telephone number)

-----------------------------------------------------------------------

(Component activity, Local Mailing Address)

Appendix K to Part 275--Format for Formal Written Request

[Official Letterhead]

Mr./Mrs. XXXXXXXXXX
President (as appropriate)

[[Page 26225]]

City National Bank and Trust Company
Anytown, VA 00000-0000

Dear Mr./Mrs. XXXXXXXXX

    In connection with a legitimate law enforcement inquiry and 
pursuant to section 3402(5) and section 3408 of the Right to 
Financial Privacy Act of 1978, 12 U.S.C. 3401 et. seq., and [cite 
Component's implementation of this Part], you are requested to 
provide the following account information pertaining to the subject:

[Describe the specific records to be examined]

    The [DoD Component] is without authority to issue an 
administrative summons or subpoena for access to these financial 
records which are required for [Describe the nature or purpose of 
the inquiry].
    A copy of this request was [personally served upon or mailed to 
the subject on [date] who has [10 or 14] days in which to challenge 
this request by filing an application in an appropriate United 
States District Court if the subject desires to do so.
    Upon the expiration of the above mentioned time period and 
absent any filing or challenge by the subject, you will be furnished 
a certification certifying in writing that the applicable provisions 
of the Act have been complied with prior to obtaining the requested 
records. Upon your receipt of a Certificate of Compliance with the 
Right to Financial Privacy Act of 1978, you will be relieved of any 
possible liability to the subject in connection with the disclosure 
of the requested financial records.

[Official Signature Block]

Appendix L to Part 275--Format for Customer Notice for Administrative 
or Judicial Subpoena or for a Formal Written Request

[Official Letterhead]

[Date]

Mr./Ms. XXXXX X. XXXX
1500 N. Main Street
Anytown, VA 00000-0000

Dear Mr./Ms. XXXX:

    Information or records concerning your transactions held by the 
financial institution named in the attached [administrative subpoena 
or summons] [judicial subpoena] [request] are being sought by the 
[Agency/Department] in accordance with the Right to Financial 
Privacy Act of 1978, Title 12, United States Code, Section 3401 et 
seq., and [Component's implementing document], for the following 
purpose(s):

[List the purpose(s)]

    If you desire that such records or information not be made 
available, you must:
    1. Fill out the accompanying motion paper and sworn statement or 
write one of your own, stating that you are the customer whose 
records are being requested by the Government and either giving the 
reasons you believe that the records are not relevant to the 
legitimate law enforcement inquiry stated in this notice or any 
other legal basis for objecting to the release of the records.
    2. File the motion and statement by mailing or delivering them 
to the clerk of any one of the following United States District 
Courts:

[List applicable courts]

    3. Serve the Government authority requesting the records by 
mailing or delivering a copy of your motion and statement to: [Give 
title and address].
    4. Be prepared to come to court and present your position in 
further detail.
    5. You do not need to have a lawyer, although you may wish to 
employ one to represent you and protect your rights.
    If you do not follow the above procedures, upon the expiration 
of 10 days from the date of personal service or 14 days from the 
date of mailing of this notice, the records or information requested 
therein may be made available. These records may be transferred to 
other Government authorities for legitimate law enforcement 
inquiries, in which event you will be notified after the transfer.

[Signature]
[Name and title of official]
[DoD Component]
[Telephone]

Attachments--3

    1. Copy of request
    2. Motion papers
    3. Sworn statement

Appendix M to Part 275--Format for Certificate of Compliance With the 
Right to Financial Privacy Act of 1978

[Official Letterhead]

[Date]

Mr./Mrs. XXXXXXXXX
Manager
Army Federal Credit Union
Fort Anywhere, VA 00000-0000

Dear Mr./Mrs. XXXXXXXXX

    I certify, pursuant to section 3403(b) of the Right to Financial 
Privacy Act of 1978, 12 U.S.C. 3401 et. seq., that the applicable 
provisions of that statute have been complied with as to the 
[Customer's authorization, administrative subpoena or summons, 
search warrant, judicial subpoena, formal written request, emergency 
access, as applicable] presented on [date], for the following 
financial records of [customer's name]:

[Describe the specific records]

    Pursuant to section 3417(c) of the Right to Financial Privacy 
Act of 1978, good faith reliance upon this certificate relieves your 
institution and its employees and agents of any possible liability 
to the customer in connection with the disclosure of these financial 
records.

[Official Signature Block]

Appendix N to Part 275--Obtaining Access to Financial Records Overseas

    A. The provisions of 12 U.S.C. Chapter 35 do not govern 
obtaining access to financial records maintained by military banking 
contractors overseas or other financial institutions in offices 
located on DoD installations outside the United States, the District 
of Columbia, Guam, American Samoa, Puerto Rico, or the Virgin 
Islands.
    B. Access to financial records held by such contractors or 
institutions is preferably obtained by customer authorization. 
However, in those cases where it would not be appropriate to obtain 
this authorization or where such authorization is refused and the 
financial institution is not otherwise willing to provide access to 
its records:
    1. A law enforcement activity may seek access by the use of a 
search authorization issued pursuant to established Component 
procedures; Rule 315, Military Rules of Evidence (Part III, Manual 
for Courts-Martial); and Article 46 of the Uniform Code of Military 
Justice.
    2. An intelligence organization may seek access pursuant to 
Procedure 7 of DoD 5240.1-R.
    3. Information obtained under this appendix shall be properly 
identified as financial information and transferred only where an 
official need-to-know exists. Failure to identify or limit access in 
accordance with this paragraph does not render the information 
inadmissible in courts-martial or other proceedings.
    4. Access to financial records maintained by all other financial 
institutions overseas by law enforcement activities shall be in 
accordance with the local foreign statutes or procedures governing 
such access.

    Dated: April 27, 2006.
L.M. Bynum,
OSD Federal Register Liaison Officer, DoD.
[FR Doc. 06-4144 Filed 5-3-06; 8:45 am]
BILLING CODE 5001-06-M