[Federal Register Volume 81, Number 105 (Wednesday, June 1, 2016)]
[Notices]
[Pages 35001-35003]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-12858]


=======================================================================
-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Agency Information Collection Activities: Notice of Intent To 
Renew Collection 3038-0067, Part 162 Subpart C--Identify Theft Red 
Flags

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Commodity Futures Trading Commission (``CFTC'' or 
``Commission'') is announcing an opportunity for public comment on the 
proposed renewal of a collection of certain information by the agency. 
Under the Paperwork Reduction Act (``PRA''), Federal agencies are 
required to publish notice in the Federal Register concerning each 
proposed collection of information, including each proposed extension 
of an existing collection of information, and to allow 60 days for 
public comment. This notice solicits comments on the duties of CFTC 
registrants to design, develop and implement reasonable policies and 
procedures to identify relevant red flags (the ``Identity Theft Red 
Flags Rules''), and potentially to notify cardholders of identity theft 
risks. Regulations in part 162 subpart C--Identify Theft Red Flags, 
including the information collection requirements thereunder, are 
designed to better protect investors from the risks of identity theft, 
and, in the case of entities that issue credit or debit cards, to 
assess the validity of, and communicate with cardholders regarding, 
address changes.

DATES: Comments must be submitted on or before August 1, 2016.

ADDRESSES: You may submit comments, identified by ``Part 162 Subpart 
C--Identify Theft Red Flags; OMB Control No. 3038-0067,'' by any of the 
following methods:
     The Agency's Web site, at http://comments.cftc.gov/. 
Follow the instructions for submitting comments through the Web site.
     Mail: Christopher Kirkpatrick, Secretary of the 
Commission, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW., Washington, DC 20581.
     Hand Delivery/Courier: Same as Mail above.
     Federal eRulemaking Portal: http://www.regulations.gov/. 
Follow the instructions for submitting comments through the Portal.
    Please submit your comments using only one method.
    All comments must be submitted in English, or if not, accompanied 
by an English translation. Comments will be posted as received to 
http://www.cftc.gov.

FOR FURTHER INFORMATION CONTACT: Sue McDonough, Office of General 
Counsel, Commodity Futures Trading Commission, 1155 21st Street NW., 
Washington, DC 20581; (202) 418-5132, email: [email protected].

SUPPLEMENTARY INFORMATION: Under the PRA, Federal agencies must obtain 
approval from the Office of Management and Budget (OMB) for each 
collection of information they conduct or sponsor. ``Collection of 
Information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3 and 
includes agency requests or requirements that members of the public 
submit reports, keep records, or provide information to a third party. 
Section 3506(c)(2)(A) of the PRA, 44 U.S.C. 3506(c)(2)(A), requires 
Federal agencies to provide a 60-day notice in the Federal Register 
concerning each proposed collection of information before submitting 
the collection to OMB for approval. To comply with this requirement, 
the CFTC is publishing notice of the proposed collection of information 
listed below.
    Title: Part 162 Subpart C--Identify Theft Red Flags (OMB Control 
No. 3038-0067). This is a request for extension of a currently approved 
information collection.
    Abstract: This collection of information is needed because under 
part 162 subpart C--Identify Theft, CFTC-regulated entities are 
required to develop and implement reasonable policies and procedures to 
identify,

[[Page 35002]]

detect, and respond to relevant red flags (the Identity Theft Red Flags 
Rules) and, in the case of entities that issue credit or debit cards, 
to assess the validity of, and communicate with cardholders regarding, 
address changes. Section 162.30 includes the following information 
collection requirements for each CFTC-regulated entity that qualifies 
as a ``financial institution'' or ``creditor'' under and that offers or 
maintains covered accounts: (i) Creation and periodic updating of an 
identity theft prevention program (``Program'') that is approved by the 
board of directors, an appropriate committee thereof, or a designated 
senior management employee; (ii) periodic staff reporting to the board 
of directors on compliance with the Identity Theft Red Flags Rules and 
related guidelines; and (iii) training of staff to implement the 
Program. Section 162.32 includes the following information collection 
requirements for each CFTC-regulated entity that is a credit or debit 
card issuer: (i) Establishment of policies and procedures that assess 
the validity of a change of address notification if a request for an 
additional or replacement card on the account follows soon after the 
address change; and (ii) notification of a cardholder, before issuance 
of an additional or replacement card, at the previous address or 
through some other previously agreed-upon form of communication, or 
alternatively, assessment of the validity of the address change request 
through the entity's established policies and procedures. The 
Commission uses the collection of information to discharge its 
regulatory responsibilities to protect investors from the risks of 
identity theft.
    With respect to the collection of information, the CFTC invites 
comments on:
     Whether the proposed collection of information is 
necessary for the proper performance of the functions of the CFTC, 
including whether the information will have a practical use;
     The accuracy of the CFTC's estimate of the burden of the 
proposed collection of information, including the validity of the 
methodology and assumptions used;
     Ways to enhance the quality, usefulness, and clarity of 
the information to be collected; and
     Ways to minimize the burden of collection of information 
on those who are to respond, including through the use of appropriate 
automated electronic, mechanical, or other technological collection 
techniques or other forms of information technology; e.g., permitting 
electronic submission of responses.
    You should submit only information that you wish to make available 
publicly. If you wish the CFTC to consider information that you believe 
is exempt from disclosure under the Freedom of Information Act, a 
petition for confidential treatment of the exempt information may be 
submitted according to the procedures established in Sec.  145.9 of the 
CFTC's regulations.\1\
---------------------------------------------------------------------------

    \1\ 17 CFR 145.9.
---------------------------------------------------------------------------

    The CFTC reserves the right, but shall have no obligation, to 
review, pre-screen, filter, redact, refuse or remove any or all of your 
submission from http://www.cftc.gov that it may deem to be 
inappropriate for publication, such as obscene language. All 
submissions that have been redacted or removed that contain comments on 
the merits of the ICR will be retained in the public comment file and 
will be considered as required under the Administrative Procedure Act 
and other applicable laws, and may be accessible under the Freedom of 
Information Act.
    Burden Statement: CFTC staff estimates of the hour burdens 
associated with section 162.30 include the one-time burden of complying 
with this section for newly-formed CFTC-regulated entities, as well as 
the ongoing costs of compliance for all CFTC-regulated entities. With 
respect to the one-time burden hours, staff estimates that each newly-
formed financial institution or creditor would incur a burden of 2 
hours to conduct an initial assessment of covered accounts. Staff 
estimates that approximately 572 CFTC-regulated financial institutions 
and creditors are newly formed each year, and the total estimated one-
time burden to initially assess covered accounts is therefore 1,144 
hours. Staff also estimates that each financial institution or creditor 
that maintains covered accounts would incur an additional initial 
burden of 29 hours to develop and obtain board approval of a Program 
and hours to train the staff of the financial institution or creditor. 
Staff estimates that approximately 47 \2\ CFTC-regulated financial 
institutions and creditors that maintain covered accounts are newly 
formed each year, and thus the total estimated one-time burden to 
develop and obtain board approval of a Program and train staff is 1,363 
hours. Thus, the total initial estimated burden for all newly-formed 
CFTC-regulated entities is 2,507 hours (1,144 hours + 1,363 hours).
---------------------------------------------------------------------------

    \2\ Based on a review of new registrations typically filed with 
the CFTC each year, CFTC staff estimates that approximately 6 
futures commission merchants (``FCMs''), 83 introducing brokers 
(``IBs''), 282 commodity trading advisors (``CTAs''), 198 commodity 
pool operators (``CPOs''), and 3 swap dealers (``SDs'') are newly 
formed each year, for a total of 572 entities. CFTC staff also has 
observed that approximately 50 percent of all CPOs are dually 
registered as CTAs, thus half of the 198 CPOs or 99 CPOs are 
excluded from the calculation. With respect to retail forex dealers 
(``RFEDs''), CFTC staff has observed that all entities registering 
as RFEDs also register as FCMs. Based on these observation, CFTC has 
determined that the total number of newly-formed financial 
institutions and creditors is 473 (572-99 CPOs that are also 
registered as CTAs). There were no newly registered RFEDs or MSPs. 
Each of these 473 financial institutions or creditors would bear the 
initial one-time burden of compliance.
    Of the total 473 newly-formed entities, staff estimates that all 
of the FCMs are likely to carry covered accounts, 10 percent of CTAs 
and CPOs are likely to carry covered accounts, and none of the IBs 
are likely to carry covered accounts, for a total of 44 newly-formed 
financial institutions or creditors (6 FCMs, 38 CPOS and CTAs, and 3 
SDs) carrying covered accounts that would be required to conduct an 
initial one-time burden of compliance with subpart C of part 162.
---------------------------------------------------------------------------

    With respect to ongoing annual burden hours, CFTC staff estimates 
that each financial institution or creditor would incur a burden of 2 
hours to periodically assess whether it offers or maintains covered 
accounts. Staff estimates that there are approximately 3,956 CFTC-
regulated entities that are either financial institutions or creditors, 
and the total estimated annual burden to periodically assess covered 
accounts is therefore 7,912 hours. Staff also estimates that each 
financial institution or creditor that maintains covered accounts would 
incur an additional annual burden of 4 hours to prepare and present an 
annual report to the board and 2 hours to periodically review and 
update the Program. Staff estimates that there are approximately 47 
CFTC-regulated entities that are financial institutions or creditors 
that offer or maintain covered accounts, and thus the total estimated 
additional annual burden for these entities is 282 hours. Thus, the 
total ongoing annual estimated burden for all CFTC-regulated entities 
is 8,194 hours (7912 hours + 282 hours).
    The collections of information required by section 162.32 will 
apply only to CFTC-regulated entities that issue credit or debit cards. 
CFTC staff understands that CFTC-regulated entities generally do not 
issue credit or debit cards, but instead may partner with other 
entities, such as banks, that issue cards on their behalf. These other 
entities, which are not regulated by the CFTC, are already subject to 
substantially similar change of address obligations pursuant to other 
federal regulators' identity theft red flags rules. Therefore, staff 
does not expect that any CFTC-regulated entities will be subject to the 
information collection requirements of section 163.32, and

[[Page 35003]]

accordingly, staff estimates that there is no hour burden related to 
section 162.32 for CFTC-regulated entities.
    In total, CFTC staff estimates that the aggregate annual 
information collection burden of part 162 subpart C--Identity Theft is 
10,701 hours (2,507 hours + 8,194 hours). Compliance with part 162 
subpart C--Identity Theft, including compliance with the information 
collection requirements thereunder, is mandatory for each CFTC 
regulated entity that qualifies as a ``financial institution'' or 
``creditor'' under Part 162 Subpart C--Identity Theft (as discussed 
above, certain collections of information under Part 162 Subpart C--
Identity Theft are mandatory only for financial institutions or 
creditors that offer or maintain covered accounts).
    Frequency of collection: Ongoing. There are no capital costs or 
operating and maintenance costs associated with this collection.

    Authority:  44 U.S.C. 3501 et seq.

    Dated: May 26, 2016.
Robert N. Sidman,
Deputy Secretary of the Commission.
[FR Doc. 2016-12858 Filed 5-31-16; 8:45 am]
 BILLING CODE 6351-01-P