[Federal Register Volume 81, Number 164 (Wednesday, August 24, 2016)]
[Proposed Rules]
[Pages 58310-58340]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-19594]



[[Page 58309]]

Vol. 81

Wednesday,

No. 164

August 24, 2016

Part V





Bureau of Consumer Financial Protection





-----------------------------------------------------------------------





12 CFR Parts 1070 and 1091





Amendments Relating to Disclosure of Records and Information; Proposed 
Rule

  Federal Register / Vol. 81 , No. 164 / Wednesday, August 24, 2016 / 
Proposed Rules  

[[Page 58310]]


-----------------------------------------------------------------------

BUREAU OF CONSUMER FINANCIAL PROTECTION

12 CFR Parts 1070 and 1091

[Docket No. CFPB-2016-0039]
RIN 3170-AA63


Amendments Relating to Disclosure of Records and Information

AGENCY: Bureau of Consumer Financial Protection.

ACTION: Proposed rule with request for public comment.

-----------------------------------------------------------------------

SUMMARY: The Bureau of Consumer Financial Protection (Bureau) proposes 
amendments to the procedures used by the public to obtain information 
from the Bureau under the Freedom of Information Act, the Privacy Act 
of 1974, and in legal proceedings. The Bureau also proposes amendments 
to its rule regarding the confidential treatment of information 
obtained from persons in connection with the exercise of its 
authorities under Federal consumer financial law.

DATES: Comments must be received on or before October 24, 2016.

ADDRESSES: You may submit comments, identified by Docket No. CFPB-2016-
0039 or RIN 3170-AA63, by any of the following methods:
    Federal eRulemaking Portal: http://www.regulations.gov. Follow the 
instructions for submitting comments.
     Email: [email protected]. Include Docket 
No. CFPB-2016-0039 and/or RIN 3170-AA63 in the subject line of the 
email.
     Mail: Monica Jackson, Office of the Executive Secretary, 
Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 
20552.
     Hand Delivery/Courier: Monica Jackson, Office of the 
Executive Secretary, Consumer Financial Protection Bureau, 1275 First 
Street NE., Washington, DC 20002.
     Instructions: All submissions should include the agency 
name and docket number or Regulatory Information Number (RIN) for this 
rulemaking. Because paper mail in the Washington, DC area and at the 
Bureau is subject to delay, commenters are encouraged to submit 
comments electronically. In general, all comments received will be 
posted without change to http://www.regulations.gov. In addition, 
comments will be available for public inspection and copying at 1275 
First Street NE., Washington, DC 20002, on official business days 
between the hours of 10 a.m. and 5 p.m. Eastern Time. You can make an 
appointment to inspect the documents by telephoning (202) 435-7275. All 
comments, including attachments and other supporting materials, will 
become part of the public record and subject to public disclosure. 
Sensitive personal information, such as account numbers or Social 
Security numbers, should not be included. Comments generally will not 
be edited to remove any identifying or contact information.

FOR FURTHER INFORMATION CONTACT: David Snyder, Senior Counsel, Legal 
Division, 202-435-7758.

SUPPLEMENTARY INFORMATION: 

I. Background

    On July 21, 2010, the President signed into law the Dodd-Frank Wall 
Street Reform and Consumer Protection Act (Pub. L. 111-203, codified at 
12 U.S.C. 5301 et seq.) (Dodd-Frank Act). Title X of the Dodd-Frank Act 
created the Bureau. Pursuant to the provisions of the Dodd-Frank Act, 
the Bureau began to exercise its authority to regulate the offering and 
provision of consumer financial products and services under Federal 
consumer financial law on July 21, 2011.\1\
---------------------------------------------------------------------------

    \1\ Pursuant to section 1062 of the Dodd-Frank Act, 12 U.S.C. 
5582, the Secretary of the Treasury designated July 21, 2011 as the 
``transfer date'' on which various provisions of Title X of the 
Dodd-Frank Act became effective. 75 FR 57252.
---------------------------------------------------------------------------

    In order to establish safeguards for protecting the confidentiality 
of information, as well as procedures for disclosing information as 
appropriate, the Bureau published an interim final rule on July 28, 
2011, 76 FR 45371 (Jul. 28, 2011), followed by a final rule on February 
15, 2013, 78 FR 11483 (Feb. 15, 2013). The Bureau now proposes to amend 
the rule to clarify, correct, and amend certain provisions based on its 
experience over the last several years. The Bureau solicits comments on 
all aspects of its proposal.

II. Summary of the Proposed Rule

    The Bureau proposes revising all five subparts of part 1070. It 
seeks comment on all aspects of its proposed rule.
    Subpart A of the rule consists largely of definitions of terms that 
are used throughout the remainder of the part. The Bureau proposes 
revising several of these definitions to clarify their intended 
meanings as well as Bureau practices.
    Subpart B of the rule implements the Freedom of Information Act, 5 
U.S.C. 552 (the FOIA). The Bureau proposes revising this subpart to 
clarify its practices, provide additional flexibility for requesters, 
and reflect recent changes made to the FOIA by the FOIA Improvement Act 
of 2016 (Pub. L. 114-185). Additionally, these changes streamline the 
Bureau's process for assessing FOIA fees and notifying requesters of 
such fees. These changes will allow the Bureau to process FOIA requests 
more efficiently and provide records to requesters more quickly.
    Subpart C of the rule (sometimes referred to as Touhy regulations) 
sets forth procedures for requests for information from the Bureau in 
connection with legal proceedings between others, and describes the 
Bureau's procedures for considering such requests or demands for 
official information. The Bureau proposes organizational and clarifying 
revisions to the provisions currently set forth in this subpart.
    Subpart D of the rule pertains to the protection and disclosure of 
confidential information that the Bureau generates and receives during 
the course of its work. Various provisions of the Dodd-Frank Act 
require the Bureau to promulgate regulations providing for the 
confidentiality of certain types of information and protecting such 
information from public disclosure. The Bureau has sought to provide 
the maximum protection for confidential information, while ensuring its 
ability to share or disclose information to the extent necessary to 
achieve its mission. The Bureau has included detailed procedures in its 
rule in order to promote transparency regarding its practices and 
anticipated uses of confidential information.
    The Bureau has sought to balance concerns regarding the need to 
protect confidential information, including sensitive personal 
information, business information, and confidential supervisory 
information, against the need to use and disclose certain information 
in the course of its work or, as appropriate, the work of other 
agencies with overlapping statutory or regulatory authority. The Bureau 
proposes amending subpart D to clarify, correct, and amend certain 
aspects of the rule based on its experience over the last several 
years.
    In addition, in amending this subpart, the Bureau intends to codify 
its revised interpretation of 12 U.S.C. 5512(c)(6). The Bureau has 
previously interpreted 12 U.S.C. 5512(c)(6)(C)(ii), which discusses 
discretionary disclosure of confidential supervisory information to 
certain agencies with ``jurisdiction,'' to set forth a positive grant 
of authority that limits the Bureau's discretion to disclose 
confidential supervisory information under the rules authorized by 12 
U.S.C. 5512(c)(6)(A). The Bureau now believes that the better 
interpretation of 12 U.S.C.

[[Page 58311]]

5512(c)(6)(C)(ii), when read in context with 12 U.S.C. 5512(c)(6)(B) 
and 12 U.S.C. 5512(c)(6)(C)(i), is that it establishes part of an 
information-sharing regime with a limited set of other agencies. Aside 
from mandatory disclosure requirements in 12 U.S.C. 5512(c)(6)(C)(i), 
the regime does not limit the Bureau's discretion to draft rules 
related to the disclosure of confidential supervisory information. The 
Bureau proposes accounting for its revised interpretation in 12 CFR 
1070.43(b)(1), which addresses the Bureau's discretionary disclosure of 
confidential information to other agencies. The Bureau's revised 
interpretation and proposed revision to Sec.  1070.43 do not alter the 
Bureau's policy on disclosing confidential supervisory information to 
law enforcement agencies, as previously articulated in CFPB Bulletin 
12-01 (Jan. 4, 2012).
    Subpart E contains the Bureau's rule implementing the Privacy Act 
of 1974, 5 U.S.C. 552a. The Bureau proposes revising the subpart to 
clarify the Chief Privacy Officer's authority, to provide additional 
flexibility for requestors, and to make technical corrections.

III. Legal Authority

    The Bureau is proposing this rule pursuant to its authority under 
the following statutory provisions: (1) Title X of the Dodd-Frank Act, 
12 U.S.C. 5481 et seq., including (a) Section 1022(b)(1), 12 U.S.C. 
5512(b)(1), which allows the Bureau to ``prescribe rules . . . as may 
be necessary and appropriate to enable the Bureau to administer and 
carry out the purposes and objectives of the Federal consumer financial 
laws''; (b) Section 1022(c)(6)(A), 12 U.S.C. 5512(c)(6)(A), which 
states that the Bureau ``shall prescribe rules regarding the 
confidential treatment of information obtained from persons in 
connection with the exercise of its authorities under Federal consumer 
financial law''; and (c) Section 1052(d), 12 U.S.C. 5562(d), which 
instructs that ``[d]ocumentary materials and tangible things received 
as a result of a civil investigative demand shall be subject to 
requirements and procedures regarding confidentiality, in accordance 
with rules established by the Bureau,'' and addresses the disclosure of 
confidential information to Congress; (2) the Freedom of Information 
Act, 5 U.S.C. 552, which grants the public an enforceable right to 
obtain access to or copies of federal agency records unless disclosure 
of those records, or information contained within them, is exempt from 
disclosure due to one or more statutory exemptions and exclusions; (3) 
the Privacy Act of 1974, 5 U.S.C. 552a, which provides individuals with 
certain privacy protections related to federal agencies' collection, 
maintenance, use, and disclosure of information about them; (4) the 
Right to Financial Privacy Act, 12 U.S.C. 3401 et seq., which provides 
individuals with certain privacy protections related to the disclosure 
of financial records by financial institutions to federal agencies; (5) 
the Trade Secrets Act, 18 U.S.C. 1905, which provides certain 
protections related to proprietary information disclosed to federal 
agencies; (6) 18 U.S.C. 641, which prohibits the embezzlement, theft, 
purloining, knowing conversion, or unauthorized sale, conveyance, or 
disposal of a federal agency's record, voucher, money, or thing of 
value; (7) the Paperwork Reduction Act, 44 U.S.C. 3501 et seq., which 
generally addresses information collections by federal agencies; and 
(8) the Federal Records Act, 44 U.S.C. 3101, which addresses the 
creation, maintenance, use, and disposition of federal records by 
federal agencies;

IV. Section-by-Section Analysis of the Proposed Rule

Part 1070--Disclosure of Records and Information

Subpart A--General Provisions and Definitions
Section 1070.2 General Definitions
Section 1070.2(a) Agency
    The Bureau proposes adding a new definition, ``agency,'' which it 
will define to include ``a Federal, State, or foreign governmental 
authority or an entity exercising governmental authority.'' As 
currently drafted, Sec.  1070.43 provides the Bureau with discretion to 
share confidential information with Federal or State agencies in 
certain circumstances. The proposed definition, combined with proposed 
revisions to Sec. Sec.  1070.43 and 1070.45, will clarify the Bureau's 
ability to share confidential information with foreign regulators and 
certain entities that exercise governmental authority, such as 
registration and disciplinary organizations like state bar 
associations, and the procedures that should be used to do so. The 
Bureau may at times collaborate with such entities in the course of 
carrying out its authorities under Federal consumer financial laws. 
Proposed revisions to Sec.  1070.47 would expand protections for 
confidential information disclosed under subpart D to include 
information shared with these additional entities. The Bureau proposes 
additional technical corrections throughout the rule to account for use 
of this new term.\2\
---------------------------------------------------------------------------

    \2\ The Bureau also proposes renumbering the definitions in 
Sec.  1070.2 to account for the addition and subtraction of various 
definitions.
---------------------------------------------------------------------------

Section 1070.2(b) Associate Director for Supervision, Enforcement and 
Fair Lending
    The Bureau proposes adding a new definition for ``Associate 
Director for Supervision, Enforcement and Fair Lending'' in order to 
clarify the meaning of a term used in the current rule, as well as 
several times in the proposed revisions to the rule.
Section 1070.2(e) Civil Investigative Demand Material
    Section 1070.2(e) defines the term ``civil investigative demand 
material.'' For purposes of clarity and efficiency, the Bureau proposes 
incorporating this definition into the definition of ``confidential 
investigative information'' in Sec.  1070.2(j). Because the term 
``civil investigative demand material'' only arises in the rule in 
Sec.  1070.2(j), the separate definition is unnecessary.
Section 1070.2(g) Confidential Information
    Section 1070.2(g) defines the term ``confidential information.'' 
Confidential information refers to three defined categories of non-
public information--confidential consumer complaint information, 
confidential investigative information, and confidential supervisory 
information--as well as other Bureau information that is exempt from 
disclosure pursuant to one or more of the statutory exemptions to the 
FOIA.
    Confidential information does not include information contained in 
records that have been made publicly available or otherwise publicly 
disclosed by the Bureau. The Bureau proposes revising the definition to 
clarify that such appropriate disclosures may be made by either Bureau 
employees or other authorized agents of the Bureau. An unauthorized 
disclosure of information would not affect the information's 
confidentiality.
    In addition, the Bureau proposes revising the definition to clarify 
that confidential information disclosed to a third party in accordance 
with subpart D shall remain the Bureau's confidential information.
Section 1070.2(h) Confidential Consumer Complaint Information
    Section 1070.2(h) defines the term ``confidential consumer 
complaint information.'' The Bureau proposes expanding the definition 
to include any

[[Page 58312]]

information received or generated by the Bureau through processes or 
procedures established under 12 U.S.C. 5493(b)(3). The Bureau has found 
that its Consumer Response system at times receives misdirected 
complaints for which it lacks authority to act, or complaints filed by 
companies rather than consumers. This revision will clarify that any 
complaints submitted to the Bureau through its Consumer Response 
system, and any information generated therein, are similarly classified 
under its confidentiality rules and subject to the same confidentiality 
protections. The revision does not alter the current text which limits 
confidential consumer complaint information to only include information 
that is exempt from disclosure pursuant to 5 U.S.C. 552(b).
Section 1070.2(i) Confidential Investigative Information
    Section 1070.2(i) defines the term ``confidential investigative 
information.'' As discussed above with respect to Sec.  1070.2(e), the 
Bureau proposes incorporating the definition of ``civil investigative 
demand material'' into Sec.  1070.2(i). In addition, we propose 
revising the term to clarify that confidential investigative 
information includes any information obtained or generated in the 
course of Bureau enforcement activities, including general 
investigative activities that may not pertain to a specific 
institution. The Bureau also proposes replacing Sec.  1070.2(i)(2)'s 
reference to ``materials'' with ``documents, materials, or records'' in 
order to parallel similar language in the definition of ``confidential 
supervisory information'' at Sec.  1070.2(j)(2).
Section 1070.2(j) Confidential Supervisory Information
    Section 1070.2(j) defines the term ``confidential supervisory 
information.'' The Bureau proposes revising Sec.  1070.2(j)(1)(i) to 
clarify that the term includes supervisory letters and similar 
documents. Since adopting the current definition of ``confidential 
supervisory information,'' the Bureau has refined the formats it uses 
for summarizing and memorializing the results of an examination or 
other supervisory review of a supervised financial institution. The 
Bureau currently issues different types of documents, including 
examination reports and supervisory letters, to convey the results of 
its examinations and other supervisory reviews. These documents are the 
property of the Bureau and are provided to the supervised financial 
institution for its confidential use only.
    In addition, the Bureau proposes revising Sec.  1070.2(j)(1)(ii) to 
state that, in addition to ``documents'' prepared by, or on behalf of, 
or for the use of the Bureau or any other Federal, State, or foreign 
government agency in the exercise of its supervisory authority over a 
financial institution, confidential supervisory information also 
includes ``materials[] or records'' prepared by, or on behalf of, or 
for the use of the Bureau or any other Federal, State, or foreign 
government agency in the exercise of its supervisory authority over a 
financial institution. This revision is intended to clarify that any 
such physical materials can include confidential supervisory 
information, regardless of the format. Likewise, the Bureau proposes 
revising the definition to include information derived from such 
``materials[] or records.'' We note that information ``derived'' from 
such documents, materials, or records could include either physical 
materials (such as other documents, materials, or records) or 
information known to individuals (such as oral testimony or interviews 
based on knowledge gleaned from the documents, materials, or records).
    In addition, the Bureau proposes revising Sec.  1070.2(j)(1)(iv) to 
delete the reference to information collected using the Bureau's 
authority to monitor for risks to consumers in the offering or 
provision of consumer financial products or services under 12 U.S.C. 
5512(c)(4) (sometimes referred to as the Bureau's ``market monitoring'' 
authority). The Bureau believes that it is not necessary to classify 
such information as ``confidential supervisory information'' if it is 
not used for supervisory purposes. In accordance with the definition of 
``confidential information'' in Sec.  1070.2(g), market monitoring 
information will continue to be classified and protected as 
``confidential information'' to the extent that it is exempt from 
disclosure pursuant to one or more of the statutory exemptions to the 
FOIA. For example, market monitoring information that contains 
confidential business information or personal information would 
generally be classified as confidential information because that 
information generally is exempt from disclosure under the FOIA 
exemptions (b)(4) or (b)(6), respectively. See 5 U.S.C. 552(b)(4) & 
(6). Such information would be subject to the same protections 
currently accorded to it, including the limitations on public 
disclosure and disclosures to other regulators.
    In contrast, information collected for market monitoring purposes 
that is already publicly available generally would not be classified as 
confidential information because such information generally would not 
be exempt from disclosure under the FOIA. Under the proposed revision, 
the Bureau would have more flexibility to use and disclose less-
sensitive, non-confidential information as appropriate.
    The Bureau proposes replacing the ``market monitoring'' reference 
in Sec.  1070.2(j)(1)(iv) with new language stating that confidential 
supervisory information includes information obtained by the Bureau 
``for purposes of detecting and assessing risks to consumers and to 
markets for consumer financial products or services pursuant to 12 
U.S.C. 5514(b)(1)(C), 5515(b)(1)(C), and 5516(b).'' The purpose of this 
revision is to clarify that confidential supervisory information 
continues to include information obtained by the Bureau under its 
supervisory authorities at 12 U.S.C. 5514(b)(1)(C), 5515(b)(1)(C), and 
5516(b). The Bureau has previously interpreted Sec.  1070.2(j)(1)(iv) 
to address information obtained using these authorities as well as 
information obtained using its market monitoring authority. The 
revision is intended to retain the former, but exclude the latter.
    Finally, the Bureau proposes deleting Sec.  1070.2(i)(2), which 
currently states that confidential information does not include 
documents prepared by a supervised financial institution for its own 
business purposes and that the Bureau does not possess. This provision 
was intended to prevent any implication that a supervised financial 
institution's copies of internal documents would be deemed to be 
confidential supervisory information on the grounds that those 
documents had been submitted to the Bureau in the course of a Bureau 
supervisory process. However, the Bureau believes that this 
interpretation already follows from the other provisions of the rule, 
including the definition of ``confidential supervisory information,'' 
and therefore this exception is unnecessary. Should a supervised 
financial institution submit copies of such documents to the Bureau in 
the course of a Bureau supervisory process, the copies of the documents 
in the Bureau's possession would be Bureau confidential supervisory 
information. However, submission of those documents to the Bureau does 
not convert the copies of those documents that are in the possession of 
the financial institution into Bureau confidential information. The 
Bureau proposes renumbering Sec.  1070.2(j) in light of this revision.

[[Page 58313]]

Section 1070.2(l) Employee
    Section 1070.2(l) defines the term ``employee''. The Bureau 
proposes revising the definition to clarify that, for purposes of this 
rule, Bureau ``employees'' include certain contract personnel and 
employees of the Bureau's Inspector General.
Section 1070.3 Custodian of Records; Certification; Alternative 
Authority
Section 1070.3(b) Certification of Record
    Section 1070.3(b) authorizes the Bureau's Chief Operating Officer 
to certify the authenticity of any Bureau record or any copy of such 
record. The Bureau proposes revising the rule to clarify that the Chief 
Operating Officer can also certify the absence of a record. Such 
certification is contemplated in Rule 44 of the Federal Rules of Civil 
Procedure and Rule 902 of the Federal Rules of Evidence. See also 
Federal Rule of Evidence 803(10).
Section 1070.5 Service of Summonses and Complaints
    Currently, Sec.  1070.31 provides the process for serving the 
Bureau with summonses or complaints. The Bureau proposes moving the 
provision to a new section in subpart A for clarity in order to 
separate the rule governing service when the Bureau is a party from the 
remaining provisions in subpart C, which deal with requests for 
information for other proceedings. In addition, the Bureau proposes 
revising paragraph (d)'s requirement that documents be ``stamped'' 
``Service Accepted for Official Capacity Only'' by replacing the word 
``stamped'' with the word ``marked.'' This proposal would clarify that 
the documents may be labeled using a variety of methods.
Subpart B--Freedom of Information Act
Section 1070.11 Information Made Available; Discretionary Disclosures
Section 1070.11(a) In General
Section 1070.11(a)(2)
    The Bureau proposes to remove the phrase ``and copying'' and 
replace it with ``in an electronic format.'' The Bureau proposes 
similar revisions to section 1070.13. These changes are required by the 
FOIA Improvement Act of 2016.
Section 1070.14 Requests for CFPB Records
Section 1070.14(b) Form of Request
    Section 1070.14(b) specifies the form of FOIA requests. The current 
text distinguishes between requests made in writing and by electronic 
means. The Bureau proposes a technical change to this provision. It 
proposes to remove the phrase ``or by electronic means'' and add ``as 
follows:'' in its place. The Bureau also proposes changes to sections 
1070.14(b)(1) and (2) to clarify how requesters must submit FOIA 
requests to the Bureau. The Bureau proposes similar changes to the 
following sections: 1070.17(b)(1); 1070.21(c); and 1070.22(e)(1)(i).
Section 1070.14(c) Content of Request
Section 1070.14(c)(4)
    Section 1070.14(c)(4) provides that a FOIA requester should 
indicate in the request whether the requester is a commercial user, an 
educational institution, non-commercial scientific institution, 
representative of the news media, governmental entity, or ``other'' 
requester, as those terms are defined in Sec.  1070.22(b). The section 
also informs requesters that they may contact the Bureau's FOIA Public 
Liaison to seek assistance in determining the appropriate fee category. 
The current language only permits the Bureau to use information 
provided to the FOIA Public Liaison by a requester for the purpose of 
determining the requester's fee category. The Bureau proposes to remove 
this limitation so that it can use this information for other purposes, 
such as aiding a requester in clarifying the scope of a request, 
assisting in identifying records sought by a requester, and helping to 
resolve disputes related to a request.
Section 1070.14(c)(5)
    Section 1070.14(c)(5) provides that if a requester seeks a waiver 
or reduction of fees associated with processing a request, then the 
request shall include a statement to that effect. The current language 
also includes a statement that any request that does not seek a waiver 
or reduction of fees constitutes an agreement of the requester to pay 
all fees up to $25. The Bureau proposes to remove this language in 
light of other proposed fee related revisions. Under the Bureau's 
proposed revisions to Sec.  1070.22(d) and (f), FOIA requesters may 
still specify an upper limit on the fees that they are willing to pay 
to process a request and the Bureau will notify a requester of any 
potential fees beyond that limit before processing the request.
Section 1070.18 Responses To Requests for CFPB Records
Section 1070.18(a) Acknowledgement of Requests
Section 1070.18(a)(4)
    Section 1070.18(a)(4) specifies what fee related information the 
Bureau will include in acknowledgement letters it sends to requesters. 
The Bureau proposes to make a technical change to this provision, 
removing the phrase ``(of not less than $25)'' to account for the 
proposed revisions to fee-related provisions in Sec.  1070.22(d) and 
(f).
Section 1070.18(b) Initial Determination To Grant or Deny a Request
Section 1070.18(b)(4)
    The Bureau proposes to add a new provision at section 
1070.18(b)(4)(iv) requiring it to inform requesters of the right to 
seek dispute resolution services from the Bureau's FOIA Public Liaison 
or the Office of Government Information Services. The Bureau also 
proposes to renumber the existing provisions under section 
1070.18(b)(4) to accommodate this change. This change is required by 
the FOIA Improvement Act of 2016.
Section 1070.18(c) Resolution of Disputes
    The Bureau proposes a new paragraph to inform requesters about the 
resources available to resolve any disputes that may arise during the 
request process. These resources are the Bureau's FOIA Public Liaison 
and mediation services provided by the National Archives and Records 
Administration (NARA), Office of Government Information Services 
(OGIS).
Section 1070.18(d) Format of Records Disclosed
    The Bureau proposes a new paragraph to inform requesters that they 
may request records in a particular format. The Bureau will provide 
records in a requested format when the requested format can readily be 
reproduced from the original file.
Section 1070.20 Requests for Business Information Provided to the CFPB
Section 1070.20(f) Opportunity To Object to Disclosure
    Section 1070.20(f) provides a submitter of business information 
with ten business days to object to the Bureau's disclosure of the 
submitter's business information. The Bureau proposes to make two 
technical changes to this provision clarifying that the Bureau will 
delay any release of

[[Page 58314]]

information to afford the submitter ten business days to object to the 
disclosure.
Section 1070.21 Administrative Appeals
Section 1070.21(b) Time Limits for Filing Administrative Appeals
    Section 1070.21(b) provides the time limits for filing 
administrative appeals. The Bureau proposes to revise this provision to 
clarify that the time period for filing an appeal begins on the day 
after the date the initial determination is sent to the requester or 
the date of the letter transmitting the last records released, 
whichever is later. The Bureau also proposes to change the time limit 
for filing an administrative appeal from 45 days to 90 days. This 
change is required by the FOIA Improvement Act of 2016.
Section 1070.21(d) Processing of Administrative Appeals
    Section 1070.21(d) specifies how the Bureau will process 
administrative appeals. The Bureau proposes to remove the requirement 
that appeals be stamped with the date of their receipt by the FOIA 
Office. The FOIA Office does not stamp an appeal with the date the 
Bureau received it, but the date is recorded in Bureau's system for 
tracking FOIA requests. This requirement is outmoded and the Bureau 
proposes to remove it to account for its current practice.
    Section 1070.21(d) also currently provides that appeals will be 
processed in the order in which they are received. Since adopting this 
provision in 2011, the Bureau has found that it is not always 
practicable to complete action on appeals in the order in which they 
are received, and sometimes has chosen to act on a simple later-
received appeal rather than delay action pending completion of a more 
complex earlier-received appeal. In order to better align the 
regulation with current practice, the Bureau is proposing to delete the 
provision calling for first-in-first-out processing of appeals.
Section 1070.21(e) Determinations To Grant or Deny Administrative 
Appeals
    Section 1070.21(e) authorizes the General Counsel to decide 
administrative appeals, and Sec.  1070.21(e)(3) currently allows for 
remand of a FOIA determination as one option for the General Counsel's 
disposition of an appeal. The Bureau proposes to amend the first 
sentence of Sec.  1070.21(e) to add a reference to remands so that all 
options for disposition of appeals are listed in that sentence.
Section 1070.22 Fees for Processing Requests for CFPB Records
Section 1070.22(b) Categories of Requesters
Section 1070.22(b)(1)
    Section 1070.22(b)(1)(i) defines the ``Commercial user'' category 
of requester. The Bureau proposes to amend this provision to clarify 
that the Bureau's decision to place a requester in the commercial user 
category will be made on a case-by-case basis based on how the 
requester will use the information. The Bureau proposes this change to 
clarify how it will make decisions whether to place a requester in the 
commercial user category.
Section 1070.22(b)(2)
    Section 1070.22(b)(2) provides that the Bureau will notify a 
requester of its determination as to the proper fee category to apply 
to the requester. The current language of the provision provides that 
the Bureau will make its determination based on a review of the 
requester's submission and the Bureau's own records. The Bureau 
proposes to delete this limitation to clarify that it may base its 
determination on other appropriate information, including phone 
conversations with the requester and publicly available information.
Section 1070.22(d) Other Circumstances When Fees Are Not Charged
Section 1070.22(d)(2)
    The Bureau proposes to insert a new paragraph at Sec.  
1070.22(d)(2); existing paragraphs in Sec.  1070.22(d) will be 
renumbered to accommodate the new paragraph. Section 1070.22(d) 
provides certain circumstances where the Bureau may not charge a 
requester a fee for processing a FOIA request. The proposed new 
paragraph would provide that the Bureau will not charge a requester any 
fees when the fee, excluding duplication costs, is less than $250. The 
Bureau proposes this change as part of its larger goal of revising the 
process for how it assesses FOIA processing fees and how the Bureau 
notifies requesters of such fees. This new provision would streamline 
the Bureau's process for assessing FOIA fees. This change would allow 
the Bureau to process FOIA requests more quickly and efficiently 
because the Bureau will no longer need to contact a FOIA requester 
concerning processing fees when the cost to process the request is less 
than $250. As such, this provision would provide information to these 
requesters more quickly and at a reduced cost to the requesters.
Section 1070.22(d)(4)
    The Bureau proposes to revise this provision to prohibit it from 
charging search fees, or in certain cases duplication fees, when the 
Bureau has failed to comply with time limits under Sec.  1070.15 or 
Sec.  1070.21, unless (1) unusual circumstances apply to the processing 
of the request; (2) the Bureau has provided timely written notice of 
the unusual circumstances to the requester; (3) more than 5,000 pages 
are necessary to respond to the request; and (4) the Bureau has 
discussed with the requester (or made three good-faith attempts to do 
so) how the requester could effectively limit the scope of the request. 
These changes are required by the FOIA Improvement Act of 2016.
Section 1070.22(e) Waiver or Reduction of Fees
Section 1070.22(e)(5)
    Section 1070.22(e)(5) provides that the Bureau will decide whether 
to grant or deny a request to reduce or waive fees prior to processing 
the FOIA request and that the Bureau will notify the requester of such 
a determination in writing. The Bureau proposes to delete this 
requirement because it is unnecessary in light of other proposed fee 
related revisions. In many cases involving requests for fee waivers, 
the Bureau will be able to process the FOIA request without deciding 
the merits of the fee waiver request because the processing fees will 
be less than $250. Furthermore, removing this requirement will allow 
the Bureau to process FOIA requests more efficiently and provide 
information to requesters more quickly. Under the Bureau's proposed 
revisions, the Bureau will notify a requester when it has denied a fee 
waiver request and processing the request would incur fees.
Section 1070.22(e)(6)
    Section 1070.22(e)(6) specifies what information the Bureau will 
include in the letter it sends notifying the requester that the Bureau 
has denied a request for a waiver or reduction of fees. The Bureau 
proposes to make a technical change to this provision, removing the 
phrase ``(of not less than $25)'' to account for other newly proposed 
fee related provisions.
Section 1070.22(f) Advance Notice and Prepayment of Fees
    Section 1070.22(f) describes the Bureau's process for notifying a 
requester of any processing fees associated with a FOIA request. The 
Bureau proposes several changes to this provision to clarify and 
streamline its process for assessing FOIA processing

[[Page 58315]]

fees and for notifying requesters of such fees. First, the Bureau 
proposes to revise Sec.  1070.22(f)(1) to provide that the Bureau will 
notify a requester of the estimated fees to process a FOIA request when 
the estimated fees are $250 or more and the estimated fees exceed the 
limit set by the requester, the requester has not specified a limit, or 
the Bureau has denied a request for a reduction or waiver of fees. 
Next, the Bureau proposes to revise Sec.  1070.22(f)(2) to raise the 
fee threshold above which a requester must pre-pay estimated processing 
fees from $250 to $1000. This change is necessary because of the 
Bureau's proposed change to Sec.  1070.22(d): The Bureau proposes 
raising its current pre-payment threshold of $250 because it will no 
longer charge fees for processing a request when the fees are $250 or 
less. The Bureau's proposed revisions to Sec.  1070.22(f) will require 
a requester to agree to pay processing fees before the Bureau begins 
processing the request. The Bureau believes that such an agreement will 
provide sufficient assurance of payment for fees less than $1000. This 
change is in accordance with the Bureau's current practice for 
requiring pre-payment of fees. Furthermore, this change will allow the 
Bureau to process FOIA requests more efficiently and provide records to 
requesters more quickly.
Section 1070.23 Authority and Responsibilities of the Chief FOIA 
Officer
Section 1070.22(a) Chief FOIA Officer
    Paragraph 1070.22(a) discusses the role of the Bureau's Chief FOIA 
Officer. The Bureau proposes insert two new subparagraphs to this 
paragraph. The first concerns the Chief FOIA Officer's responsibility 
to offer training to Bureau staff regarding their responsibilities 
under the FOIA and the second concerns the Chief FOIA Officer's role as 
the primary Bureau liaison with the Office of Government Information 
Services and the Department of Justice's Office of Information Policy. 
The Bureau also proposes to renumber the provisions in this section to 
accommodate these changes. These changes are required by the FOIA 
Improvement Act of 2016.
Subpart C--Disclosure of CFPB Information in Connection With Legal 
Proceedings
    Subpart C addresses the disclosure of Bureau information in 
connection with legal proceedings. The Bureau proposes several 
technical corrections throughout the subpart.
Section 1070.30 Purpose and Scope; Definitions
Section 1070.30(a)
    Section 1070.30(a) defines the circumstances for which the 
procedures outlined in subpart C apply. The Bureau proposes to delete 
paragraph (a)(1) from this provision and to renumber the section 
accordingly. The Bureau proposes this revision as a technical change to 
account for moving Sec.  1070.31 to subpart A.
Section 1070.30(e)
Section 1070.30(e)(2)
    Section 1070.30(e)(2) defines the term ``legal proceeding'' for 
subpart C. The Bureau proposes to add the phrase ``their agents'' to 
the last sentence of this provision to clarify that this definition 
applies to formal and informal requests made by both attorneys and 
their agents.
Section 1070.31 Service of Summonses and Complaints
    Section 1070.31 provides the process for serving the Bureau with 
summonses or complaints. As discussed above, the Bureau proposes to 
delete Sec.  1070.31 from subpart C and move it to a new section in 
subpart A, Sec.  1070.5. The Bureau also proposes to renumber sections 
and cross-references in subpart C to account for this change. For 
additional information, see the discussion of Sec.  1070.5.
Section 1070.31 Service of Subpoenas, Court Orders, and Other Demands 
for CFPB Information or Action
Section 1070.31(d)
    Section 1070.31(d) provides that the Bureau is not authorized to 
accept on behalf of its employees any subpoenas, orders, or other 
demands or requests, which are not related to the employees' official 
duties. In addition, the current text of the provision implies that it 
is the Bureau's practice to accept such demands or requests ``upon the 
express, written authorization of the individual CFPB employee to whom 
such demand or request is directed.'' The Bureau proposes to delete 
this part of the provision because it is not the general practice of 
the Bureau to accept service on behalf of individual employees. The 
Bureau further proposes deleting the paragraph's introductory caveat, 
``[e]xcept as otherwise provided in this subpart,'' because the subpart 
does not otherwise provide for the Bureau to act as an agent for 
service for subpoenas, orders, or other demands or requests that do not 
relate to employees' official conduct.
Section 1070.33 Procedure When Testimony or Production of Documents is 
Sought; General
Section 1070.33(b)
    Section 1070.33(b) provides that the General Counsel may require a 
party seeking official information through testimony, CFPB records, or 
other material, to describe all reasonably foreseeable demands for such 
information. The Bureau proposes to make several technical changes to 
clarify this provision.
Subpart D--Confidential Information
Section 1070.41 Non-Disclosure of Confidential Information
Section 1070.41(b) Disclosures to Contractors and Consultants
    Section 1070.41(b) provides that contractors and consultants in 
possession of confidential information must treat it in accordance with 
these rules, Federal laws and regulations that apply to Federal 
agencies for the protection of the confidentiality of personally 
identifiable information and for data security and integrity, as well 
as any additional conditions or limitations that the Bureau may impose. 
The current language includes a requirement that contractors and 
consultants certify in writing that they will follow this provision. 
The Bureau proposes replacing the certification requirement with an 
affirmative statement that contractors and consultants must follow this 
provision. The revision is intended to clarify that contractors and 
consultants are subject to Sec.  1070.41(b)'s requirements irrespective 
of any affirmative certification. We note that this revision will in no 
way alter the Bureau's current practices related to requiring 
contractors and consultants to sign non-disclosure agreements, agree to 
protections in contracts, or take other appropriate steps to protect 
confidential information.
Section 1070.41(c) Disclosures of Materials Derived From Confidential 
Information
    Section 1070.41(c) addresses the disclosure of materials derived 
from confidential information. It requires that, when the Bureau 
discloses such materials, they may not directly or indirectly identify 
any particular person to whom the confidential information pertains. 
The Bureau proposes replacing the phrase ``[n]othing in this subpart 
shall limit the discretion of the CFPB'' with ``[t]he CFPB may . . .'' 
in order to clarify that Sec.  1070.41(c) authorizes such disclosure by 
the Bureau.

[[Page 58316]]

Section 1070.41(d) Disclosures of Confidential Information With Consent
    The Bureau proposes a new paragraph that, where practicable, 
authorizes the Bureau to, upon receipt of prior consent, disclose 
confidential information that directly or indirectly identifies 
particular persons. The provision would require consent from all such 
persons to the extent that the identification constitutes confidential 
information, and any such disclosure would have to comply with 
applicable law. The Bureau believes that it may at times be useful to 
disclose such information in order to achieve its mission objectives. 
By conditioning disclosure on consent, affected persons' interests 
would be appropriately protected. This new provision is intended to 
serve as a distinct authority for disclosure, and it in no way impacts 
other methods of disclosure currently addressed in the Rule, such as in 
Sec.  1070.43. The Bureau proposes renumbering the section to account 
for the new paragraph.
Section 1070.41(e) Nondisclosure of Confidential Information Provided 
to the CFPB by Other Agencies
    Section 1070.41(e) provides that nothing in subpart D requires or 
authorizes the Bureau to disclose confidential information that it has 
received from other agencies where such disclosure would contravene 
applicable law or conflict with any agreement between the CFPB and the 
provider agency. The Bureau proposes replacing the word 
``disclosability'' in the paragraph's title with ``nondisclosure'' in 
order to clarify that this provision protects the confidentiality of 
other agencies' confidential information. This revision would not make 
any substantive change to the provision.
Section 1070.42 Disclosure of Confidential Supervisory Information and 
Confidential Investigative Information to and by Financial Institutions 
and Their Affiliates
    Section 1070.42 provides that the Bureau may, in its discretion, 
disclose confidential supervisory information concerning a supervised 
financial institution or its service providers to that supervised 
financial institution or its affiliates. In addition, Sec.  1070.42 
provides that, unless directed otherwise by the Bureau's Associate 
Director for Supervision, Enforcement, and Fair Lending or by his or 
her delegee, any supervised financial institution in possession of 
confidential supervisory information pursuant to this section may 
further disclose the information to certain recipients and subject to 
certain conditions.
    The Bureau proposes expanding the scope of Sec.  1070.42 to address 
its enforcement activities in addition to its supervisory activities. 
This revision will lend clarity to the Bureau's disclosures in the 
enforcement context, and to the extent of financial institutions' 
discretion to further disclose confidential investigative information 
(such as civil investigative demands (``CIDs'') or notice and 
opportunity to respond and advise (``NORA'') letters). The resulting 
rule will provide that recipients of confidential investigative 
information have the same discretion with respect to disclosing 
confidential investigative information that they currently have with 
respect to confidential supervisory information. In addition, the 
proposal will establish a single process for such recipients to follow 
if they wish to further disclose confidential information obtained in 
the course of the Bureau's supervisory or enforcement activities. The 
proposed revisions will result in no substantive change to the Bureau's 
supervisory activities or supervised financial institutions' discretion 
to disclose confidential supervisory information, as currently 
articulated in the rule.
    To achieve these ends, the Bureau proposes revising the section's 
title to read ``Disclosure of confidential supervisory information and 
confidential investigative information.'' In addition, all references 
in the section to ``confidential supervisory information'' will be 
accompanied by the phrase ``or confidential investigative 
information.'' Furthermore, references to any ``supervised financial 
institution'' will be replaced by a broader reference to any 
``person.'' ``Supervised financial institutions'' are a kind of 
``person,'' which is defined at Sec.  1070.2. The Bureau proposes using 
this broader term because the recipients of confidential investigative 
information may not be supervised financial institutions, and at times 
some recipients, such as third-party recipients of civil investigative 
demands, may not be financial institutions. Finally, the Bureau 
proposes several non-substantive technical revisions for purposes of 
clarity.
    The Bureau also proposes revising Sec.  1070.42(a) to provide that, 
in addition to disclosing information concerning a person, its 
affiliates, or its service providers to that person or its affiliates, 
the Bureau may also disclose such information to its service providers. 
The Bureau proposes this change because such information may at times 
be relevant to supervision or enforcement activities related to service 
providers.
    In addition, the Bureau proposes revising Sec.  1070.42(b)(2) to 
clarify that a person in possession of confidential supervisory 
information or confidential investigative information relating to that 
person may disclose such information to an insurance provider pursuant 
to a claim for coverage made by that person under an existing policy. 
Such disclosures may only be made if the Bureau has not precluded 
indemnification or reimbursement for the claim.
    We note that this revised language only authorizes disclosure to 
the extent necessary for the insurance provider to process and 
administer the claim for coverage. Further distribution or use of the 
information is prohibited. These limitations do not foreclose an 
insurance provider from using information that has been publicly 
disclosed by the Bureau in making future underwriting determinations 
regarding the person or for other purposes--even if that information 
was originally submitted to the insurance provider as confidential 
information under this provision.
    Finally, the Bureau proposes to remove references to the Associate 
Director for Supervision, Enforcement, and Fair Lending's delegee. Such 
reference is no longer necessary because the new definition of 
Associate Director for Supervision, Enforcement, and Fair Lending, 
located at Sec.  1070.2(b), includes delegees.
Section 1070.43 Disclosure of Confidential Information to Agencies
    Section 1070.43 sets forth the circumstances in which the Bureau 
may disclose confidential information to other government agencies. The 
Bureau proposes revising the section's title and subtitles to delete 
the references to ``law enforcement agencies'' and ``government'' 
agencies because the references are superfluous. Instead, the title and 
subtitles will reference ``Agencies.'' Likewise, as discussed above 
with respect to Sec.  1070.2(a), the Bureau proposes revisions 
throughout the section to account for the newly proposed defined term 
``Agency.'' The Bureau proposes various other non-substantive technical 
corrections.
Section 1070.43(b) Discretionary Disclosure of Confidential Information 
to Agencies
Section 1070.43(b)(1)
    Section 1070.43(b)(1) sets forth the standard under which the 
Bureau may disclose confidential information to

[[Page 58317]]

other agencies in its discretion. The current rule establishes two 
distinct standards for disclosing confidential supervisory information 
and other confidential information. It states that the Bureau may 
disclose confidential information to an agency ``to the extent that the 
disclosure of the information is relevant to the exercise of the 
[Agency's] statutory or regulatory authority.'' However, the Bureau may 
only share confidential supervisory information with agencies ``having 
jurisdiction over a supervised financial institution.'' The Bureau 
proposes removing the separate standard for confidential supervisory 
information. This proposed change would align the two standards and 
provide the Bureau with discretion to disclose confidential supervisory 
information to another agency ``to the extent that the disclosure of 
the information is relevant to the exercise of the [agency's] statutory 
or regulatory authority,'' as it may currently do with respect to other 
categories of confidential information.
    This change is intended to facilitate communication and 
information-sharing among the Bureau and other governmental 
authorities. The Bureau has determined that sharing confidential 
supervisory information in situations where the disclosure of the 
information is relevant to the exercise of the receiving agency's 
statutory or regulatory authority will facilitate the Bureau's purposes 
and objectives. Multiple agencies engage in operations that have the 
potential to affect the offering and provision of consumer financial 
products and services, as well as the markets, industries, companies, 
and other persons relevant to the Bureau's work. In addition, multiple 
agencies have interests and obligations relating to implementation, 
interpretation, and enforcement of the Dodd-Frank Act and the other 
Federal consumer financial law administered by the Bureau. The proposed 
change will assist the Bureau in implementing and administering Federal 
consumer financial law in a more consistent and effective fashion, and 
enable the Bureau to work together with other agencies having 
responsibilities related to consumer financial matters. The Bureau also 
believes that the proposed change would comport with the intent of the 
Dodd-Frank Act, since effective coordination and communication among 
agencies is essential in order for the regulatory framework established 
by that Act to work as Congress intended.
    In the Bureau's judgment, the current rule's restrictions have 
proven overly cumbersome in application, pose unnecessary impediments 
to cooperating with other agencies, and otherwise risk impairing the 
Bureau's ability to fulfill its statutory duties. Unnecessary 
impediments to information-sharing in such circumstances impede 
supervisory and enforcement coordination and create opportunities for 
potential conflict, inefficiency, and duplication of efforts across 
agencies. The Bureau believes that retaining discretion to share 
confidential supervisory information in such situations would better 
promote the Bureau's mission and overall effectiveness.
    This proposal would codify the Bureau's revised interpretation of 
12 U.S.C. 5512(c)(6). 12 U.S.C. 5512(c)(6) has three subparagraphs. 12 
U.S.C. 5512(c)(6)(A) directs the Bureau to ``prescribe rules regarding 
the confidential treatment of information obtained from persons in 
connection with the exercise of its authorities under Federal consumer 
financial law.'' 12 U.S.C. 5512(c)(6)(B) addresses disclosure of 
confidential supervisory information to the Bureau by certain agencies: 
Subparagraph (B)(i) requires that the Bureau ``shall have access'' to 
reports of examination or financial condition by ``a prudential 
regulator or other Federal agency having jurisdiction over a covered 
person or service provider,'' and subparagraph (B)(ii) provides that 
the same agencies ``may, in [their] discretion, furnish to the Bureau 
any other report or other confidential supervisory information 
concerning any [entity] examined by such agency . . . .'' Meanwhile, 12 
U.S.C. 5512(c)(6)(C) addresses disclosure of confidential supervisory 
information by the Bureau to certain agencies: Subparagraph (C)(i) 
requires that ``a prudential regulator, a State regulator, or any other 
Federal agency having jurisdiction over a covered person or service 
provider shall have access to any report of examination made by the 
Bureau with respect to such person . . . ,'' and subparagraph (C)(ii) 
provides that the Bureau ``may, in its discretion, furnish to a 
prudential regulator or other agency having jurisdiction over a covered 
person or service provider any other report or other confidential 
supervisory information concerning such person examined by the Bureau . 
. . .''
    The Bureau had previously interpreted 12 U.S.C. 5512(c)(6)(C)(ii) 
to set forth a positive grant of authority that limits the Bureau's 
discretion to disclose confidential supervisory information under the 
rules authorized by 12 U.S.C. 5512(c)(6)(A). By only providing for the 
discretion to disclose confidential supervisory information to 
``prudential regulator[s] or other agenc[ies] having jurisdiction,'' it 
was assumed that the provision prohibited disclosure by the Bureau to 
agencies that lack ``jurisdiction.'' The Bureau articulated this 
interpretation in the interim final rule and the final rule that 
established this subpart. See 76 FR 45372, 45373-75 (Jul. 28, 2011); 78 
FR 11484, 11496 (Feb. 15, 2013).
    12 U.S.C. 5512(c)(6)'s framework--providing the Bureau with broad 
discretion to draft confidentiality rules, followed by instructions 
related to the exchange of confidential supervisory information with 
certain agencies--is ambiguous. See generally Adirondack Medical Center 
et al. v. Sebelius, 740 F.3d 692 (D.C. Cir. 2014). The juxtaposition 
implies that the provisions relate to each other, but their terms leave 
the precise relationship unclear, resulting in more than one plausible 
interpretation. The Bureau's previous interpretation was reasonable, 
but the Bureau believes that an alternative interpretation is more 
reasonable.
    12 U.S.C. 5512(c)(6)(A) provides the Bureau with broad discretion 
to draft rules regarding the confidential treatment of information. We 
think the better view is that Congress did not intend 12 U.S.C. 
5512(c)(6)(C)(ii) to restrict that discretion. The language in 
subparagraph (C)(ii) is permissive--it says ``the Bureau may, in its 
discretion'' disclose confidential supervisory information to certain 
agencies. Notably, Congress did not include any restrictive language, 
such as ``the Bureau may only'' make certain disclosures. Understanding 
subparagraph (C)(ii) as a limit to the Bureau's discretion requires, 
essentially, reading the word ``only'' into text where it does not 
exist. We find this interpretation strained, as ``Congress generally 
knows how to use the word `only' when drafting laws.'' Adirondack 
Medical Center, 740 F.3d at 697.
    Furthermore, 12 U.S.C. 5512(c)(6)(C)(ii) contrasts with 12 U.S.C. 
5562(d)(2), where Congress clearly and unambiguously restricted the 
Bureau's discretion in drafting these same confidentiality rules by 
stating that ``[n]o rule . . . shall be intended to prevent disclosure 
[to Congress].'' The difference between the permissive language used in 
12 U.S.C. 5512(c)(6)(C)(ii) and the restrictive language used in 12 
U.S.C. 5562(d)(2) indicates that Congress intended the two provisions 
to act in different ways.
    We also think that the presence of subparagraphs (B)(i), (B)(ii), 
and (C)(i) in 12 U.S.C. 5512(c)(6) demonstrate that subparagraph 
(C)(ii) could serve a purpose other than limiting

[[Page 58318]]

subparagraph (A). Although subparagraph (C)(ii), in isolation, could 
perhaps be read as a limiting principle, statutory provisions should be 
read in context. See, e.g., Food & Drug Admin. v. Brown & Williamson 
Tobacco Corp., 529 U.S. 120, 132-33 (2000) (``The meaning--or 
ambiguity--of certain words or phrases may only become evident when 
placed in context.''). That subparagraph (B) closely tracks the word-
choice and structure of subparagraph (C) shows that they could and 
should be read in relation to each other. But by addressing the 
receipt, and not the disclosure, of confidential supervisory 
information, subparagraph (B) is substantively irrelevant to the 
Bureau's confidentiality rules; its inclusion indicates that the 
provisions can serve a purpose other than to restrict the Bureau's 
discretion in drafting its rule.
    The Bureau believes that subparagraphs (B) and (C) can reasonably 
be read to establish an information-sharing regime with a limited set 
of agencies. The purpose of subparagraphs (B)(ii) and (C)(ii) is to 
contrast and limit the mandatory disclosures in subparagraphs (B)(i) 
and (C)(i), respectively. Whereas subparagraph (B)(i) requires a set of 
agencies (prudential regulators and Federal agencies having 
jurisdiction) to provide reports of examination or financial condition 
to the Bureau, subparagraph (B)(ii) clarifies that those same agencies 
have discretion with respect to disclosing other reports or other 
confidential supervisory information. Likewise, whereas subparagraph 
(C)(i) requires the Bureau to disclose reports of examination to 
prudential regulators, state regulators, and Federal regulators having 
jurisdiction, subparagraph (C)(ii) clarifies that disclosure of other 
reports and other confidential supervisory information to prudential 
regulators and other agencies is discretionary. The phrase ``other 
report and other confidential supervisory information'' clarifies, 
contrasts and narrows the reference to ``report of examination'' in 
subparagraph (C)(i).
    The Bureau has already addressed subparagraph (C)(i)'s mandatory 
disclosures in the confidentiality rules at Sec.  1070.43(a), and this 
paragraph remains unchanged. The Bureau's proposed revision to Sec.  
1070.43(b)(1) will include 12 U.S.C. 5512(c)(6)(C)(ii)'s discretionary 
disclosures of confidential supervisory information, and it will allow 
for additional disclosures to agencies that do not ``hav[e] 
jurisdiction,'' so long as such disclosure is ``relevant to the 
exercise of the [agency's] statutory or regulatory authority.'' 12 
U.S.C. 5512(c)(6)(A)'s broad grant of authority to draft 
confidentiality rules provides the Bureau sufficient discretion to make 
this change.
    Please note that the Bureau's policy regarding the disclosure of 
confidential supervisory information to law enforcement agencies, which 
we previously articulated in CFPB Bulletin 12-01 (Jan. 4, 2012), 
remains in place. The Bureau's revised interpretation of 12 U.S.C. 
5512(c)(6) and its proposed revision to Sec.  1070.43(b)(1) do not 
alter CFPB Bulletin 12-01.
Section 1070.43(b)(2)
    Section 1070.43(b)(2) sets forth a process for agencies to submit 
written requests (sometimes referred to as ``access requests'') to the 
Bureau in order to obtain access to its confidential information 
pursuant to Sec.  1070.43(b). Whereas the section currently requires 
submission of access requests to the General Counsel, the Bureau 
proposes to instead require submission to the Associate Director for 
Supervision, Enforcement, and Fair Lending. The Bureau believes that 
this change would lead to increased efficiency because the vast 
majority of access requests submitted to the Bureau pertain to work 
conducted by its Division of Supervision, Enforcement, and Fair 
Lending. The Associate Director for Supervision, Enforcement, and Fair 
Lending will continue to consult with other Bureau stakeholders, 
including the Legal Division, as necessary. The Bureau also proposes 
that access requests be emailed to a single email address, 
[email protected], or to the Bureau's mailing address at 1700 G 
Street NW., Washington, DC 20552, in order to facilitate processing. In 
making these changes, the authority to act upon access requests would 
shift from the Legal Division to other Bureau staff with expertise more 
directly related to processing these requests.
    In addition, for purposes of clarity, the Bureau proposes revising 
Sec.  1070.43(b)(2)(iii) to state that, among other things, access 
requests must include a statement certifying and identifying the 
agency's ``statutory or regulatory authority that is relevant to the 
requested information, as required by paragraph (b)(1).'' We have found 
in our experience that the current formulation (the agency must certify 
or identify its ``authority for requesting the documents'') can lead to 
confusion.
Section 1070.43(c) State Requests for Information Other Than 
Confidential Information
    Section 1070.43(c) states that state agency requests for 
information other than confidential information are not to be made and 
considered under Sec.  1070.43. The Bureau proposes deleting this 
paragraph because it is unnecessary and can lead to confusion. Because, 
by its own terms, Sec.  1070.43 only applies to confidential 
information, there is no need to state that it does not apply to 
information that is not confidential.
Section 1070.44 Disclosure of Confidential Consumer Complaint 
Information
    Section 1070.44 addresses the Bureau's disclosure of confidential 
consumer complaint information in the course of investigating, 
resolving, or otherwise responding to consumer complaints. The Bureau 
proposes replacing the phrase ``[n]othing in this subpart shall limit 
the discretion of the CFPB'' with ``[t]he CFPB may . . . .'' This 
revision is intended to clarify that Sec.  1070.44 authorizes such 
disclosure by the Bureau. The Bureau also proposes replacing the phrase 
``concerning financial institutions or consumer financial products and 
services'' with ``concerning consumer financial products and services 
or a violation of Federal consumer financial law'' in order to clarify 
that the section broadly addresses any information received or 
generated by the Bureau through processes or procedures established 
under 12 U.S.C. 5493(b)(3), including where complaints do not concern 
financial institutions, or where the Bureau lacks authority to act on 
them.
Section 1070.45 Affirmative Disclosure of Confidential Information
    Section 1070.45 addresses various instances where the Bureau may 
make disclosures of confidential information on its own initiative. The 
Bureau proposes several revisions to clarify, supplement, or amend the 
disclosures currently addressed in the section. Any disclosures made 
pursuant to this section must be made in accordance with applicable 
law.
    The Bureau proposes deleting the reference in Sec.  1070.45(a) to 
``confidential investigative information'' in the phrase ``confidential 
investigative information or other confidential information.'' Because 
confidential investigative information is a sub-category of 
confidential information, and Sec.  1070.45(a) already addresses 
confidential information generally, the separate reference to 
confidential

[[Page 58319]]

investigative information is unnecessary. Nevertheless, while the 
Bureau may disclose any category of confidential information under 
Sec.  1070.45(a), disclosures made under this section--particularly 
paragraphs (a)(3), (a)(4), and (a)(5)--are more likely to involve 
confidential investigative information, rather than other categories of 
confidential information, such as confidential supervisory information.
    Subparagraph (a)(2) addresses disclosure of confidential 
information to either House of the Congress, or to an appropriate 
committee or subcommittee of the Congress, as set forth in 12 U.S.C. 
5562(d)(2). The current text states that, upon receipt of a request 
from the Congress for confidential information that a financial 
institution submitted to the Bureau along with a claim that such 
information consists of trade secret or privileged or confidential 
commercial or financial information, or confidential supervisory 
information, the Bureau ``shall notify'' the financial institution in 
writing of its receipt of the request and provide the institution with 
a copy of the request. The Bureau proposes revising the text to state 
that it ``may notify'' the financial institution in such circumstances. 
This revision will provide greater flexibility and more closely align 
with 12 U.S.C. 5562(d)(2), which states that the Bureau ``is permitted 
to adopt rules allowing prior notice to any party that owns or 
otherwise provided the material to the Bureau and had designated such 
material as confidential.''
    Subparagraph (a)(3) pertains to the disclosure of confidential 
information in ``investigational hearings and witness interviews, as is 
reasonably necessary, at the discretion of the CFPB.'' This paragraph 
was initially intended to address disclosure in the course of 
investigations and enforcement actions. See 76 FR 45372, 45375 (Jul. 
28, 2011). The Bureau proposes revising the paragraph to state that it 
may disclose confidential information in ``investigational hearings and 
witness interviews, or otherwise in the investigation and 
administration of enforcement actions, as is reasonably necessary, at 
the discretion of the CFPB.'' This revision clarifies that the Bureau 
may disclose confidential information in its discretion to conduct its 
investigations or perform administrative tasks to further its own 
enforcement actions. This includes, for example, disclosures to expert 
witnesses, service process servers, or other federal and state agencies 
that may provide assistance with space for investigational hearings or 
advise the Bureau on local rules regarding a court filing.
    Subparagraph (a)(4) authorizes the disclosure of confidential 
information ``[i]n an administrative or court proceeding to which the 
CFPB is a party.'' The Bureau proposes revising this paragraph to state 
that it may disclose confidential information ``[i]n or related to an 
administrative or court proceeding to which the Bureau is a party.'' 
This revision clarifies that the Bureau may disclose confidential 
information not only during an administrative or court proceeding to 
which the Bureau is a party, such as in complaints and consent orders, 
but also when related to the Bureau's implementation of ongoing 
administrative or court orders. Such disclosures may be made in 
furtherance of the Bureau's reporting requirements and include, for 
example, updates on required consumer remuneration and the payment of 
civil money penalties.
    Subparagraph (a)(4) also enables the submitter of such information 
to seek a protective or other order prior to such disclosure. For 
clarity, the Bureau proposes replacing the phrase ``confidential 
investigatory materials'' with ``confidential investigative 
information,'' a defined term used throughout the rule. Likewise, the 
Bureau proposes replacing the reference to ``appropriate protective or 
in camera order'' with ``appropriate order,'' which would encompass 
both examples in the current version. Finally, the Bureau proposes 
revising the rule to also allow the Bureau to seek an appropriate order 
in its discretion. Whereas the current text only discusses the 
submitter seeking such an order, there may be times where it would be 
more efficient or appropriate for the Bureau itself to make such a 
request.
    Subparagraph (a)(5) addresses disclosure to other agencies of 
confidential information in summary form to notify them about potential 
violations of law subject to their jurisdiction. The purpose of this 
provision is to allow the Bureau to inform agencies about potential 
legal violations in which they may have an interest, including 
situations in which they may wish to submit a request for information 
under Sec.  1070.43. The Bureau proposes revising this paragraph to 
authorize disclosure to ``Agencies in summary form to the extent 
necessary to confer with such Agencies about matters relevant to the 
exercise of the Agencies' statutory or regulatory authority.'' This 
revision would clarify the paragraph's intended purpose and more 
closely align with the standard used for disclosing confidential 
information to agencies under Sec.  1070.43.
    Finally, the Bureau proposes a new subparagraph that states that 
the Bureau may disclose confidential information in ``CFPB personnel 
matters, as necessary and subject to appropriate protections.'' This 
revision is intended to clarify that confidential information may at 
times be disclosed in the course of equal employment opportunity 
matters, grievance proceedings, and other personnel matters. Any such 
disclosures would only be made as necessary, in accordance with 
applicable law, and subject to appropriate protections. The Bureau 
proposes re-numbering Sec.  1070.45 to account for this new paragraph.
Section 1070.47 Other Rules Regarding the Disclosure of Confidential 
Information
    The Bureau proposes reorganizing Sec.  1070.47 for clarity. 
Specifically, it proposes moving subparagraph 1070.47(a)(5) to 
immediately after subparagraph 1070.47(a)(2). The Bureau proposes this 
change because the two subparagraphs both address further disclosure by 
the recipient of confidential information. The Bureau further proposes 
making subparagraph 1070.47(a)(3), which addresses third-party requests 
for information, a new paragraph titled ``Third party requests for 
information.'' This revision will highlight the provision and lead to 
better ease of use. Finally, the Bureau proposes re-numbering the 
section to account for these changes.
Section 1070.47(a) Further Disclosure Prohibited
    Section 1070.47(a) describes certain steps that recipients of 
confidential information under subpart D must take to protect the 
information. It notes that confidential information disclosed under 
this subpart remains Bureau property, it prohibits further disclosure 
of confidential information without the Bureau's prior written 
permission, and it sets forth procedures to follow in the event that a 
recipient of confidential information receives from a third party a 
legally enforceable demand for the information.
    Consistent with proposed revisions to Sec.  1070.43(b), the Bureau 
proposes shifting from its General Counsel to the Associate Director 
for Supervision, Enforcement, and Fair Lending the authority in 
subparagraph (a)(1) to provide in writing that confidential information 
is no longer Bureau property, and the authority in subparagraph (a)(2) 
to provide written permission to further disclose

[[Page 58320]]

confidential information. The Bureau believes that this change would 
lead to increased efficiency because the vast majority of access 
requests submitted to the Bureau pertain to work conducted by its 
Division of Supervision, Enforcement, and Fair Lending. The General 
Counsel's authority with respect to legally enforceable demands or 
requests for confidential information, described in subparagraph 
(a)(3), will remain with the General Counsel. Finally, as discussed 
above with respect to Sec.  1070.2(a), the Bureau proposes revisions to 
account for the newly proposed defined term ``agency.''
Section 1070.47(d) Return or Destruction of Records
    The Bureau proposes adding a new paragraph (d) to clarify that the 
Bureau may require any person in possession of confidential information 
to return the records to the Bureau or destroy them.
Section 1070.47(e) Non-Waiver of CFPB Rights
    The Bureau proposes adding a new paragraph (e) to clarify that the 
Bureau's disclosure of confidential information under subpart D does 
not waive the Bureau's right to control, or impose limitations on, the 
subsequent use and dissemination of its confidential information.
Section 1070.47(f) Non-Waiver of Privilege
    The Bureau proposes moving the former paragraph (c), Non-waiver, to 
a new paragraph (f), and making corresponding technical corrections to 
subparagraph (f)(2), in order to account for the two newly proposed 
paragraphs described above. In addition, the Bureau proposes replacing 
the title ``Non-waiver'' with a new title ``Non-waiver of privilege'' 
so as to clarify the distinction between this paragraph and the newly 
proposed paragraph (e), Non-waiver of CFPB rights. As discussed 
previously in the preamble to the Bureau's final rule, Confidential 
Treatment of Privileged Information, 77 FR 39671 (Jul 5, 2012), this 
provision applies to situations where the Bureau transfers information 
to, or permits information to be used by, agencies.
Section 1070.47(g) Reports of Unauthorized Disclosure
    The Bureau proposes adding a new paragraph (g) to require any 
persons in possession of confidential information to immediately notify 
the Bureau upon discovery of any disclosures of confidential 
information made in violation of subpart D.
Section 1070.48 Privileges Not Affected by Disclosure to the CFPB
    Section 1070.48 provides that the submission by any person of any 
information to the Bureau in the course of the Bureau's supervisory or 
regulatory processes will not waive or otherwise affect any privilege 
such person may claim with respect to such information under Federal or 
State law as to any other person or entity. This section was 
promulgated separately from the rest of this rule in a final rule, 
Confidential Treatment of Privileged Information, 77 FR 39617 (Jul. 5, 
2012). Congress subsequently enacted Public Law 112-215, 126 Stat. 
1589, Dec. 20, 2012, which amended 12 U.S.C. 1828(x) to provide these 
same protections to privileged information submitted to the Bureau. 
Because 12 U.S.C. 1828(x), as revised, provides the exact same 
protections as Sec.  1070.48, it renders Sec.  1070.48 superfluous and 
unnecessary going forward. To avoid confusion, the Bureau proposes 
deleting the current text of Sec.  1070.48.
Section 1070.48 Disclosure of Confidential Information by the Inspector 
General
    The Bureau proposes adding a new section to clarify that part 1070 
does not limit the discretion of its Inspector General's office to 
disclose confidential information as needed in fulfilling its 
responsibilities under the Inspector General Act of 1978, 5 U.S.C. App. 
3. Because the Bureau proposes deleting the current text of Sec.  
1070.48, this new section would replace that text.
Subpart E--The Privacy Act
Section 1070.51 Authority and Responsibilities of the Chief Privacy 
Officer
    Section 1070.51 specifies the authority and responsibilities of the 
Bureau's Chief Privacy Officer. The Bureau proposes to add a new 
paragraph at Sec.  1070.51(a) authorizing the Chief Privacy Officer to 
``[d]evelop, implement, and maintain an organization-wide privacy 
program'' and to renumber the other paragraphs in Sec.  1070.51 to 
reflect this change. This change is in accordance with National 
Institute of Standards and Technology (NIST) Special Publication 800-53 
Revision 4, which provides that agencies should ``[appoint] a Senior 
Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) 
accountable for developing, implementing, and maintaining an 
organization-wide governance and privacy program to ensure compliance 
with all applicable laws and regulations regarding the collection, use, 
maintenance, sharing, and disposal of personally identifiable 
information (PII) by programs and information systems . . . .'' The 
Bureau proposes this change to clarify the authority of its Chief 
Privacy Officer.
Section 1070.53 Request for Access to Records
Section 1070.53(a) Procedures for Making a Request for Access to 
records
    Section 1070.53(a) specifies the procedures for making Privacy Act 
requests for records. The current text distinguishes between requests 
made in writing and by electronic means. The Bureau proposes a 
technical change to this provision. It proposes to remove the phrase 
``or by electronic means'' and add ``as follows:'' in its place. The 
Bureau also proposes changes to section 1070.53(a)(1) to clarify how 
requesters must submit Privacy Act requests to the Bureau. The Bureau 
proposes similar changes to sections 1070.56(a) and 1070.58(b).
Section 1070.56 Request for Amendment of Records
Section 1070.56(a) Procedures for Making Request
Section 1070.56(a)(2)(i)
    Section 1070.56(a)(2)(i) provides that an individual requesting an 
amendment of a record must identify the system of records containing 
the record. The Bureau proposes to revise this provision to allow an 
individual to provide a description of the record in sufficient detail 
to allow Bureau personnel to locate the system of records containing 
the record. This revision would provide a requester with more 
flexibility in the event that the requester does not know the precise 
name of the applicable system of records. Furthermore, this change is 
consistent with Sec.  1070.53(b)(2), which specifies requirements for 
requests for access to records.
Section 1070.61 Training; Rules of Conduct; Penalties for Non-
Compliance
    Section 1070.61 addresses, among other things, the CFPB's 
obligations to conduct privacy-related training and establish rules of 
conduct related to privacy. The Bureau proposes to replace references 
to ``employees of Government contractors'' with the term ``contract 
personnel'' to avoid confusion with respect to Sec.  1070.2(l), which 
defines the term ``employee.''

[[Page 58321]]

Part 1091--Procedural Rule To Establish Supervisory Authority Over 
Certain Nonbank Covered Persons Based on Risk Determination

Section 1091.103 Contents of Notice
    The Bureau proposes to revise subparagraph 1091.103(a)(2)(vii) to 
remove the cross-reference to Sec.  1070.2(i)(1) and replace it with 
the appropriate cross-reference to Sec.  1070.2(j).
Section 1091.115 Change of Time Limits and Confidentiality of 
Proceedings
    The Bureau proposes to revise paragraph 1091.115(c) to remove the 
cross-reference to Sec.  1070.2(i)(1) and replace it with the 
appropriate cross-reference to Sec.  1070.2(j).

V. Section 1022(b)(2)(A) of the Dodd-Frank Act

    In developing this proposed rule, the Bureau has considered the 
potential benefits, costs, and impacts required by section 
1022(b)(2)(A) of the Dodd-Frank Act. The Bureau has consulted, or 
offered to consult with, the prudential regulators and the Federal 
Trade Commission including consultation regarding consistency with any 
prudential, market, or systemic objectives administered by such 
agencies.\3\
---------------------------------------------------------------------------

    \3\ Section 1022(b)(2)(A) of the Dodd-Frank Act addresses the 
consideration of the potential benefits and costs of regulation to 
consumers and covered persons, including the potential reduction of 
access by consumers to consumer financial products or services; the 
impact on depository institutions and credit unions with $10 billion 
or less in total assets as described in section 1026 of the Dodd-
Frank Act; and the impact on consumers in rural areas. Section 
1022(b)(2)(B) directs the Bureau to consult, before and during the 
rulemaking, with appropriate prudential regulators or other Federal 
agencies, regarding consistency with objectives those agencies 
administer.
---------------------------------------------------------------------------

    The Bureau has chosen to consider the benefits, costs, and impacts 
of the proposed provisions as compared to the status quo: The current 
statutory provisions and the regulations as set forth by the Bureau on 
February 15, 2013, 78 FR 11483 (Feb. 15, 2013) (which includes the 
protections for privileged information which Congress enacted in Public 
Law 112-215, 126 Stat. 1589, Dec. 20, 2012, which amended 12 U.S.C. 
1828(x)).\4\ At this time, the Bureau does not have data with which to 
quantify the benefits or costs of the proposed rule.
---------------------------------------------------------------------------

    \4\ The Bureau has discretion in any rulemaking to choose an 
appropriate scope of analysis with respect to potential benefits and 
costs and an appropriate baseline.
---------------------------------------------------------------------------

    In this analysis, the Bureau focuses on the benefits, costs, and 
impacts of the main aspects of the proposed rule. The proposed changes 
to the definitions in subpart A would alter the treatment of certain 
information submitted to the Bureau. The revised definition of 
confidential consumer complaint information would now include any 
information received or generated by the CFPB through processes or 
procedures established under 12 U.S.C. 5493(b)(3), clarifying that any 
complaints submitted to the CFPB through its Consumer Response system, 
and any information generated therein, are similarly classified under 
its confidentiality rules and subject to the same confidentiality 
protections. The revised definition of confidential supervisory 
information will no longer include reference to information collected 
using the Bureau's market monitoring authority.
    The proposed changes in subpart D would alter the rules concerning 
the disclosure of confidential investigative information to and by 
financial institutions and their affiliates by lending clarity to the 
Bureau's disclosures of confidential investigative information in the 
enforcement context; providing that recipients of confidential 
investigative information have the same discretion with respect to 
disclosing confidential investigative information that they currently 
have with respect to confidential supervisory information; providing 
that, in addition to disclosing information concerning a person, its 
affiliates, or its service providers to that person or its affiliates, 
the Bureau may also disclose such information to its service providers; 
and providing that a person lawfully in possession of confidential 
supervisory information or confidential investigative information 
provided directly to it by the Bureau pursuant to Sec.  1070.42 may 
disclose the information to an insurance provider to the extent 
necessary for the insurance provider to process and administer any 
claims for coverage.
    The proposed changes also alter the rules concerning the sharing of 
confidential supervisory information between the Bureau and other 
agencies by providing the Bureau with discretion to disclose 
confidential supervisory information to another agency ``to the extent 
that the disclosure of the information is relevant to the exercise of 
the [agency's] statutory or regulatory authority,'' rather than to 
another agency ``having jurisdiction over a supervised financial 
institution.''
    Lastly, the proposed rule would authorize the Bureau, upon receipt 
of prior consent, to disclose confidential information that directly or 
indirectly identifies particular persons. The proposed rule also 
includes clarifications that the Bureau may disclose confidential 
information in its discretion as needed to conduct its investigations 
or perform administrative tasks to further its own enforcement actions; 
and, that the Bureau may disclose confidential information not only 
during an administrative or court proceeding to which the Bureau is a 
party, such as in complaints and consent orders, but also when related 
to the Bureau's implementation of ongoing administrative or court 
orders.
    The Bureau views the remainder to the proposed rule to mainly 
include clarifications, corrections and technical changes.
    The proposed revisions to the definition of confidential consumer 
complaint information would provide benefits for consumers and covered 
persons. Specifically, the expansion of the definition of confidential 
consumer complaint information should afford greater protections to 
consumers submitting, and covered persons referenced by, any 
misdirected complaints that the Bureau receives and that are now 
covered under the definition.
    The change to the definition of confidential supervisory 
information and the proposed changes regarding information sharing 
would also benefit consumer and covered persons. Removing market 
monitoring information that contains confidential business information 
or personal information from the definition would have limited effect 
since such information would be subject to the same protections 
currently accorded to it, including the limitations on public 
disclosures and disclosures to other regulators. In contrast, the 
Bureau would have more flexibility to use and disclose less sensitive, 
non-confidential information collected for market monitoring purposes 
such as data that are already publicly available. The lesser burden 
should allow the Bureau to implement and administer Federal consumer 
financial law more efficiently.
    Regarding the proposed provisions related to sharing information, 
consumers would benefit, to the extent that each of these changes 
allows more efficient sharing of confidential information between the 
CFPB and various parties and thus also results in more efficient 
administration of consumer financial laws. Covered persons would 
benefit, to the extent that the efficiencies embodied in these changes 
reduce costs either by altering and simplifying the covered person's 
obligations or by allowing for more efficient sharing among regulators 
that interact with the covered person. For

[[Page 58322]]

example, the creation of one standard for how covered persons can share 
confidential supervisory information and confidential investigative 
information would lower the internal costs at these firms.
    The changes in the sharing provisions of the rule may entail 
certain costs to covered persons. The broader sharing of information 
provided for in the proposed rule has an increased risk for a loss of 
confidentiality. However, as noted above, the Bureau has sought to 
provide the maximum protection for confidential information, while 
ensuring its ability to share or disclose information to the extent 
necessary to achieve its mission. The Bureau will continue to 
appropriately protect sensitive information. Further, as noted in the 
original 2013 rule, increased sharing of information under the proposed 
the rule may increase the volume and costs of litigation or regulatory 
action for covered persons whose information the Bureau will share with 
other agencies, and which such agencies may use as bases for 
administrative or judicial actions against covered persons. To the 
extent that such costs occur, the Bureau believes that in most cases 
these costs would be associated with concomitant benefits to consumers 
from the prevention or remedy of harms associated with violations of 
law by covered persons.
    The CFPB does not expect that the proposed rule would have an 
appreciable impact on consumers' access to consumer financial products 
or services. The scope of the rulemaking is limited to matters related 
to access to and disclosure of certain types of information, and does 
not relate to credit access.
    The Bureau does not believe that this proposed rule would have a 
unique impact on insured depository institutions or insured credit 
unions with less than $10 billion in assets as described in section 
1026(a) of the Dodd-Frank Act. Since such institutions are not 
supervised by the Bureau, they are generally less likely to share 
information with the Bureau and therefore any impacts of the rule from 
the provisions on supervisory information may indeed be less compared 
to other institutions.
    The Bureau also does not believe that this proposed rule would have 
a unique impact on consumers in rural areas. To the extent that these 
consumers may use smaller financial service providers not supervised by 
the Bureau, and therefore less likely to share information with the 
Bureau, the impacts of the rule from the provisions on supervisory 
information for these consumers may indeed be less than for other 
consumers.

VI. Procedural Requirements

    The Regulatory Flexibility Act, 5 U.S.C. 601 et seq., as amended by 
the Small Business Regulatory Enforcement Fairness Act of 1996 (the 
RFA), requires each agency to consider the potential impact of its 
regulations on small entities, including small businesses, small 
governmental units, and small not-for-profit organizations, unless the 
head of the agency certifies that the rule will not have a significant 
economic impact on a substantial number of small entities. The 
undersigned so certifies. The rule does not impose any obligations or 
standards of conduct for purposes of analysis under the RFA, and it 
therefore does not give rise to a regulatory compliance burden for 
small entities.
    Finally, the Bureau has determined that this proposed rule does not 
impose any new recordkeeping, reporting, or disclosure requirements on 
members of the public that would be collections of information 
requiring approval under the Paperwork Reduction Act, 44 U.S.C. 3501 et 
seq.

List of Subjects

12 CFR Part 1070

    Confidential business information, Consumer protection, Freedom of 
information, Privacy.

12 CFR Part 1091

    Administrative practice and procedure, Consumer protection, Credit, 
Trade practices.

Authority and Issuance

    For the reasons set forth in the preamble, the Bureau proposes to 
amend chapter X of title 12 of the CFR to read as follows:

PART 1070--DISCLOSURE OF RECORDS AND INFORMATION

0
1. Revise part 1070 to read as follows.
Subpart A--General Provisions and Definitions
Sec.
1070.1 Authority, purpose and scope.
1070.2 General definitions.
1070.3 Custodian of records; certification; alternative authority.
1070.4 Records of the CFPB not to be otherwise disclosed.
1070.5 Service of summonses and complaints
Subpart B--Freedom of Information Act
1070.10 General.
1070.11 Information made available; discretionary disclosures.
1070.12 Publication in the Federal Register.
1070.13 Public inspection in an electronic format.
1070.14 Requests for CFPB records.
1070.15 Responsibility for responding to requests for CFPB records.
1070.16 Timing of responses to requests for CFPB records.
1070.17 Requests for expedited processing.
1070.18 Responses to requests for CFPB records.
1070.19 Classified information.
1070.20 Requests for business information provided to the CFPB.
1070.21 Administrative appeals.
1070.22 Fees for processing requests for CFPB records.
1070.23 Authority and responsibilities of the Chief FOIA Officer.
Subpart C--Disclosure of CFPB Information in Connection With Legal 
Proceedings
1070.30 Purpose and scope; definitions.
1070.31 Service of subpoenas, court orders, and other demands for 
CFPB information or action.
1070.32 Testimony and production of documents prohibited unless 
approved by the General Counsel.
1070.33 Procedure when testimony or production of documents is 
sought; general.
1070.34 Procedure when response to demand is required prior to 
receiving instructions.
1070.35 Procedure in the event of an adverse ruling.
1070.36 Considerations in determining whether the CFPB will comply 
with a demand or request.
1070.37 Prohibition on providing expert or opinion testimony.
Subpart D--Confidential Information
1070.40 Purpose and scope.
1070.41 Non-disclosure of confidential information.
1070.42 Disclosure of confidential supervisory information and 
confidential investigative information.
1070.43 Disclosure of confidential information to agencies.
1070.44 Disclosure of confidential consumer complaint information.
1070.45 Affirmative disclosure of confidential information.
1070.46 Other disclosures of confidential information.
1070.47 Other rules regarding the disclosure of confidential 
information.
1070.48 Disclosure of confidential information by the Inspector 
General.
Subpart E--Privacy Act
1070.50 Purpose and scope; definitions.
1070.51 Authority and responsibilities of the Chief Privacy Officer.
1070.52 Fees.
1070.53 Request for access to records.
1070.54 CFPB procedures for responding to a request for access.
1070.55 Special procedures for medical records.
1070.56 Request for amendment of records.
1070.57 CFPB review of a request for amendment of records.
1070.58 Appeal of adverse determination of request for access or 
amendment.

[[Page 58323]]

1070.59 Restrictions on disclosure.
1070.60 Exempt records.
1070.61 Training; rules of conduct; penalties for non-compliance.
1070.62 Preservation of records.
1070.63 Use and collection of Social Security numbers.

    Authority:  12 U.S.C. 5481 et seq.; 5 U.S.C. 552; 5 U.S.C. 552a; 
18 U.S.C. 1905; 18 U.S.C. 641; 44 U.S.C. ch. 31; 44 U.S.C. ch. 35; 
12 U.S.C. 3401 et seq.

Subpart A--General Provisions and Definitions


Sec.  1070.1   Authority, purpose, and scope.

    (a) Authority. (1) This part is issued by the Bureau of Consumer 
Financial Protection, an independent Bureau within the Federal Reserve 
System, pursuant to the Consumer Financial Protection Act of 2010, 12 
U.S.C. 5481 et seq.; the Freedom of Information Act, 5 U.S.C. 552; the 
Privacy Act of 1974, 5 U.S.C. 552a; the Federal Records Act, 44 U.S.C. 
3101; the Paperwork Reduction Act, 44 U.S.C. 3501 et seq.; the Right to 
Financial Privacy Act of 1978, 12 U.S.C. 3401; the Trade Secrets Act, 
18 U.S.C. 1905; 18 U.S.C. 641; and any other applicable law that 
establishes a basis for the exercise of governmental authority by the 
CFPB.
    (2) This part establishes mechanisms for carrying out the CFPB's 
statutory responsibilities under the statutes in paragraph (a)(1) of 
this section to the extent those responsibilities require the 
disclosure, production, or withholding of information. In this regard, 
the CFPB has determined that the CFPB, and its delegates, may disclose 
information of the CFPB, in accordance with the procedures set forth in 
this part, whenever it is necessary or appropriate to do so in the 
exercise of any of the CFPB's authority. The CFPB has determined that 
all such disclosures, made in accordance with the rules and procedures 
specified in this part, are authorized by law.
    (b) Purpose and scope. This part contains the CFPB's rules relating 
to the disclosure of records and information generated by and obtained 
by the CFPB.
    (1) Subpart A contains general provisions and definitions used in 
this part.
    (2) Subpart B implements the Freedom of Information Act, 5 U.S.C. 
552.
    (3) Subpart C sets forth the procedures with respect to subpoenas, 
orders, or other requests for CFPB information in connection with legal 
proceedings.
    (4) Subpart D provides for the protection of confidential 
information and procedures for sharing confidential information with 
supervised institutions, government agencies, and others in certain 
circumstances.
    (5) Subpart E implements the Privacy Act of 1974, 5 U.S.C. 552a.


Sec.  1070.2  General definitions.

    For purposes of this part:
    (a) Agency means a Federal, State, or foreign governmental 
authority, or an entity exercising governmental authority.
    (b) Associate Director for Supervision, Enforcement and Fair 
Lending means the Associate Director for Supervision, Enforcement and 
Fair Lending of the CFPB or any CFPB employee to whom the Associate 
Director for Supervision, Enforcement and Fair Lending has delegated 
authority to act under this part.
    (c) Business day means any day except Saturday, Sunday or a legal 
Federal holiday.
    (d) CFPB means the Bureau of Consumer Financial Protection.
    (e) Chief FOIA Officer means the Chief Operating Officer of the 
CFPB, or any CFPB employee to whom the Chief Operating Officer has 
delegated authority to act under this part.
    (f) Chief Operating Officer means the Chief Operating Officer of 
the CFPB, or any CFPB employee to whom the Chief Operating Officer has 
delegated authority to act under this part.
    (g) Confidential information means confidential consumer complaint 
information, confidential investigative information, and confidential 
supervisory information, as well as any other CFPB information that may 
be exempt from disclosure under the Freedom of Information Act pursuant 
to 5 U.S.C. 552(b). Confidential information does not include 
information contained in records that have been made publicly available 
by the CFPB or information that has otherwise been publicly disclosed 
by an employee, or agent of the CFPB, with the authority to do so. 
Confidential information obtained by a third party or otherwise 
incorporated in the records of a third party, including another Agency, 
shall remain confidential information subject to this Part.
    (h) Confidential consumer complaint information means information 
received or generated by the CFPB through processes or procedures 
established under 12 U.S.C. 5493(b)(3), to the extent that such 
information is exempt from disclosure pursuant to 5 U.S.C. 552(b).
    (i) Confidential investigative information means:
    (1) Any documentary material, written report, or written answers to 
questions, tangible thing, or transcript of oral testimony received by 
the CFPB in any form or format pursuant to a civil investigative 
demand, as those terms are set forth in 12 U.S.C. 5562, or received by 
the CFPB voluntarily in lieu of a civil investigative demand; and
    (2) Any other documents, materials, or records prepared by, on 
behalf of, received by, or for the use by the CFPB or any other Agency 
in the conduct of enforcement activities, and any information derived 
from such materials.
    (j) Confidential supervisory information means:
    (1) Reports of examination, inspection and visitation, non-public 
operating, condition, and compliance reports, supervisory letter, or 
similar document, and any information contained in, derived from, or 
related to such documents;
    (2) Any documents, materials, or records, including reports of 
examination, prepared by, or on behalf of, or for the use of the CFPB 
or any other Agency in the exercise of supervisory authority over a 
financial institution, and any information derived from such documents, 
materials, or records;
    (3) Any communications between the CFPB and a supervised financial 
institution or a Federal, State, or foreign government agency related 
to the CFPB's supervision of the institution;
    (4) Any information provided to the CFPB by a financial institution 
for purposes of detecting and assessing risks to consumers and to 
markets for consumer financial products or services pursuant to 12 
U.S.C. 5414(b)(1)(C), 5515(b)(1)(C), or 5516(b), or to assess whether 
an institution should be considered a covered person, as that term is 
defined by 12 U.S.C. 5481, or is subject to the CFPB's supervisory 
authority; and/or
    (5) Information that is exempt from disclosure pursuant to 5 U.S.C. 
552(b)(8).
    (k) Director means the Director of the CFPB or his or her designee, 
or a person authorized to perform the functions of the Director in 
accordance with law.
    (l) Employee means all current employees or officials of the CFPB, 
including contract personnel, the employees of the Office of the 
Inspector General of the Board of Governors of the Federal Reserve 
System and the Consumer Financial Protection Bureau, and any other 
individuals who have been appointed by, or are subject to the 
supervision, jurisdiction, or control of the Director, as well as the 
Director. The procedures established within this part also apply to 
former employees where specifically noted.

[[Page 58324]]

    (m) Financial institution means any person involved in the offering 
or provision of a ``financial product or service,'' including a 
``covered person'' or ``service provider,'' as those terms are defined 
by 12 U.S.C. 5481.
    (n) General Counsel means the General Counsel of the CFPB or any 
CFPB employee to whom the General Counsel has delegated authority to 
act under this part.
    (o) Person means an individual, partnership, company, corporation, 
association (incorporated or unincorporated), trust, estate, 
cooperative organization, or other entity.
    (p) Report of examination means the report prepared by the CFPB 
concerning the examination or inspection of a supervised financial 
institution.
    (q) State means any State, territory, or possession of the United 
States, the District of Columbia, the Commonwealth of Puerto Rico, the 
Commonwealth of the Northern Mariana Islands, Guam, American Samoa, or 
the United States Virgin Islands or any Federally recognized Indian 
tribe, as defined by the Secretary of the Interior under section 104(a) 
of the Federally Recognized Indian Tribe List Act of 1994 (25 U.S.C. 
479a-1(a)), and includes any political subdivision thereof.
    (r) Supervised financial institution means a financial institution 
that is or that may become subject to the CFPB's supervisory authority.


Sec.  1070.3  Custodian of records; certification; alternative 
authority.

    (a) Custodian of records. The Chief Operating Officer is the 
official custodian of all records of the CFPB, including records that 
are in the possession or control of the CFPB or any CFPB employee.
    (b) Certification of record. The Chief Operating Officer may 
certify the authenticity of any CFPB record or any copy of such record, 
or the absence thereof, for any purpose, and for or before any duly 
constituted Federal or State court, tribunal, or agency.
    (c) Alternative authority. Any action or determination required or 
permitted to be done by the Chief Operating Officer may be done by any 
employee who has been duly designated for this purpose by the Chief 
Operating Officer.


Sec.  1070.4  Records of the CFPB not to be otherwise disclosed.

    Except as provided by this part, employees or former employees of 
the CFPB, or others in possession of a record of the CFPB that the CFPB 
has not already made public, are prohibited from disclosing such 
records, without authorization, to any person who is not an employee of 
the CFPB.


Sec.  1070.5  Service of summonses and complaints.

    (a) Only the General Counsel is authorized to receive and accept 
summonses or complaints sought to be served upon the CFPB or CFPB 
employees sued in their official capacity. Such documents should be 
served upon the General Counsel, Consumer Financial Protection Bureau, 
1700 G Street NW., Washington, DC 20552. This authorization for receipt 
shall in no way affect the requirements of service elsewhere provided 
in applicable rules and regulations.
    (b) If, notwithstanding paragraph (a) of this section, any summons 
or complaint described in that paragraph is delivered to an employee of 
the CFPB, the employee shall decline to accept the proffered service 
and may notify the person attempting to make service of the regulations 
set forth herein. If, notwithstanding this instruction, an employee 
accepts service of a document described in paragraph (a) of this 
section, the employee shall immediately notify and deliver a copy of 
the summons and complaint to the General Counsel.
    (c) When a CFPB employee is sued in an individual capacity for an 
act or omission occurring in connection with duties performed on behalf 
of the CFPB (whether or not the officer or employee is also sued in an 
official capacity), the employee by law is to be served personally with 
process. See Fed. R. Civ. P. 4(i)(3). An employee sued in an individual 
capacity for an act or omission occurring in connection with duties 
performed on behalf of the CFPB shall immediately notify, and deliver a 
copy of the summons and complaint to, the General Counsel.
    (d) The CFPB will only accept service of process for an employee 
sued in his or her official capacity. Documents for which the General 
Counsel accepts service in official capacity shall be marked ``Service 
Accepted in Official Capacity Only.'' Acceptance of service shall not 
constitute an admission or waiver with respect to jurisdiction, 
propriety of service, improper venue, or any other defense in law or 
equity available under applicable laws or rules.

Subpart B--Freedom of Information Act


Sec.  1070.10   General.

    This subpart contains the regulations of the CFPB implementing the 
Freedom of Information Act (the FOIA), 5 U.S.C. 552, as amended. These 
regulations set forth procedures for requesting access to records 
maintained by the CFPB. These regulations should be read together with 
the FOIA, the 1987 Office of Management and Budget Guidelines for FOIA 
Fees, the CFPB's Privacy Act regulations set forth in subpart E, and 
the FOIA Web page on the CFPB's Web site, http://www.consumerfinance.gov, which provide additional information about 
this topic.


Sec.  1070.11  Information made available; discretionary disclosures.

    (a) In general. The FOIA provides for public access to information 
and records developed or maintained by Federal agencies. Generally, the 
FOIA divides agency information into three major categories and 
provides methods by which each category of information is to be made 
available to the public. The three major categories of information are 
as follows:
    (1) Information required to be published in the Federal Register 
(see Sec.  1070.12);
    (2) Information required to be made available for public inspection 
and in an electronic format or, in the alternative, to be published and 
offered for sale (see Sec.  1070.13); and
    (3) Information required to be made available to any member of the 
public upon specific request (see Sec. Sec.  1070.14 through 1070.22).
    (b) Discretionary disclosures. Even though a FOIA exemption may 
apply to the information or records requested, the CFPB may, if not 
precluded by law, elect under the circumstances not to apply the 
exemption. The fact that the exemption is not applied by the CFPB in 
response to a particular request shall have no precedential 
significance in processing other requests, but is merely an indication 
that, in the processing of the particular request, the CFPB finds no 
necessity for applying the exemption.
    (c) Disclosures of records frequently requested. Subject to the 
application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and 
(c)), the CFPB shall make publicly available, as provided by Sec.  
1070.13, all records regardless of form or format, which have been 
released previously to any person under 5 U.S.C. 552(a)(3) and 
Sec. Sec.  1070.14 through 1070.22, and which the CFPB determines have 
become or are likely to become the subject of subsequent requests for 
substantially the same records. When the CFPB receives three (3) or 
more requests for substantially the same records, then the CFPB shall 
also make the released records publicly available.

[[Page 58325]]

Sec.  1070.12  Publication in the Federal Register.

    (a) Requirement. The CFPB shall separately state, publish and 
maintain current in the Federal Register for the guidance of the public 
the following information:
    (1) Descriptions of its central and field organization and the 
established place at which, the persons from whom, and the methods 
whereby, the public may obtain information, make submissions or 
requests, or obtain decisions;
    (2) Statements of the general course and method by which its 
functions are channeled and determined, including the nature and 
requirements of all formal and informal procedures available;
    (3) Rules of procedure, descriptions of forms available or the 
places at which forms may be obtained, and instructions as to the scope 
and contents of all papers, reports, or examinations;
    (4) Substantive rules of general applicability adopted as 
authorized by law, and statements of general policy or interpretations 
of general applicability formulated and adopted by the CFPB; and
    (5) Each amendment, revision, or repeal of matters referred to in 
paragraphs (a)(1) through (4) of this section.
    (b) Exceptions. Publication of the information under paragraph (a) 
of this section shall be subject to the application of the FOIA 
exemptions and exclusions (5 U.S.C. 552(b) and (c)) and the limitations 
provided in 5 U.S.C. 552(a)(1).


Sec.  1070.13  Public inspection in an electronic format.

    (a) In general. Subject to the application of the FOIA exemptions 
and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall, in 
conformance with 5 U.S.C. 552(a)(2), make available for public 
inspection in an electronic format, including by posting on the CFPB's 
Web site, http://www.consumerfinance.gov, or, in the alternative, 
promptly publish and offer for sale the following information:
    (1) Final opinions, including concurring and dissenting opinions, 
and orders made in the adjudication of cases;
    (2) Those statements of policy and interpretations which have been 
adopted by the CFPB but are not published in the Federal Register;
    (3) Its administrative staff manuals and instructions to staff that 
affect a member of the public;
    (4) Copies of all records made publicly available pursuant to Sec.  
1070.11; and
    (5) A general index of the records referred to in paragraph (a)(4) 
of this section.
    (b) Information made available online. For records required to be 
made available for public inspection in an electronic format pursuant 
to 5 U.S.C. 552(a)(2) (paragraphs (a)(1) through (4) of this section), 
as soon as practicable, the CFPB shall make such records available on 
its e-FOIA Library, located at http://www.consumerfinance.gov.
    (c) Record availability at the on-site e-FOIA Library. Any member 
of the public may, upon request, access the CFPB's e-FOIA Library via a 
computer terminal at 1700 G Street NW., Washington, DC 20552. Such a 
request may be made by electronic means as set forth on the CFPB's Web 
site, http://www.consumerfinance.gov, or in writing, to the Chief FOIA 
Officer, Consumer Financial Protection Bureau, 1700 G Street NW., 
Washington, DC 20552. The request must indicate a preferred date and 
time for the requested access. The CFPB reserves the right to arrange a 
different date and time with the requester, if necessary.
    (d) Redaction of identifying details. To prevent a clearly 
unwarranted invasion of personal privacy, the CFPB may redact 
identifying details contained in any matter described in paragraphs 
(a)(1) through (4) of this section before making such matters available 
for inspection or publication. The justification for the redaction 
shall be explained fully in writing, and the extent of such redaction 
shall be indicated on the portion of the record which is made available 
or published, unless including that indication would harm an interest 
protected by the exemption in 5 U.S.C. 552(b) under which the redaction 
is made. If technically feasible, the extent of the redaction shall be 
indicated at the place in the record where the redaction is made.


Sec.  1070.14  Requests for CFPB records.

    (a) In general. Subject to the application of the FOIA exemptions 
and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall promptly make 
its records available to any person pursuant to a request that conforms 
to the rules and procedures of this section.
    (b) Form of request. A request for records of the CFPB shall be 
made in writing as follows:
    (1) If a request is submitted by mail or delivery service, it shall 
be addressed to the Chief FOIA Officer, Consumer Financial Protection 
Bureau, 1700 G Street NW., Washington, DC 20552. The request shall be 
labeled ``Freedom of Information Act Request.''
    (2) If a request is submitted by electronic means, it shall be 
submitted as set forth on the CFPB's Web site, http://www.consumerfinance.gov. The request shall be labeled ``Freedom of 
Information Act Request.''
    (c) Content of request. (1) In order to ensure the CFPB's ability 
to respond in a timely manner, a FOIA request should describe the 
records that the requester seeks in sufficient detail to enable CFPB 
personnel to locate them with a reasonable amount of effort. Whenever 
possible, the request should include specific information about each 
record sought, such as the date, title or name, author, recipient, and 
subject matter of the record. If known, the requester should include 
any file designations or descriptions for the records requested. As a 
general rule, the more specific the requester is about the records or 
type of records requested, the more likely the CFPB will be able to 
locate those records in response to the request;
    (2) In order to ensure the CFPB's ability to communicate 
effectively with the requester, a request should include contact 
information for the requester, including the name of the requester and, 
to the extent available, a mailing address, telephone number, and email 
address at which the CFPB may contact the requester regarding the 
request;
    (3) The request should state whether the requester wishes to 
inspect the records or desires to receive an electronic copy or have a 
copy made and furnished without first inspecting the records;
    (4) For the purpose of determining any fees that may apply to 
processing a request, a requester should indicate in the request 
whether the requester is a commercial user, an educational institution, 
non-commercial scientific institution, representative of the news 
media, governmental entity, or ``other'' requester, as those terms are 
defined in Sec.  1070.22(b), and the basis for claiming that fee 
category. Requesters may seek assistance in determining the appropriate 
fee category by contacting the CFPB's FOIA Public Liaison at the 
telephone number listed on the CFPB's Web site, http://www.consumerfinance.gov.
    (5) If a requester seeks a waiver or reduction of fees associated 
with processing a request, then the request shall include a statement 
to that effect as is required by Sec.  1070.22(e); and
    (6) If a requester seeks expedited processing of a request, then 
the request must include a statement to that effect as is required by 
Sec.  1070.17.
    (d) Perfected requests; effect of request deficiencies. For 
purposes of computing its deadline to respond to a

[[Page 58326]]

request, the CFPB will deem itself to have received a request only if, 
and on the date that, it receives a request that contains substantially 
all of the information required by and that otherwise conforms with 
paragraphs (b) and (c) of this section. The CFPB need not accept a 
request, process a request, or be bound by any deadlines in this 
subpart for processing a request that fails to conform, in any material 
respect, to the requirements of paragraphs (b) and (c) of this section. 
If a request is deficient in any material respect, then the CFPB may 
return it to the requester and if it does so, it shall advise the 
requester in what respect the request is deficient, and what additional 
information is needed to respond to the request. The requester may then 
amend or resubmit the request. A determination by the CFPB that a 
request is deficient in any respect is not a denial of a request for 
records and such determinations are not subject to appeal. If a 
requester fails to respond to a CFPB notification that a request is 
deficient within thirty (30) days of the CFPB's notification, the CFPB 
will deem the request withdrawn.
    (e) Requests by an individual for CFPB records pertaining to that 
individual. An individual who wishes to inspect or obtain copies of 
records of the Bureau that pertain to that individual shall file a 
request in accordance with subpart E of these rules.
    (f) Requests for CFPB records pertaining to another individual. 
Where a request for records pertains to a third party, a requester may 
receive greater access by submitting either a notarized authorization 
signed by that individual or a declaration by that individual made in 
compliance with the requirements set forth in 28 U.S.C. 1746 
authorizing disclosure of the records to the requester, or submits 
proof that the individual is deceased (e.g., a copy of a death 
certificate or an obituary). The CFPB may require a requester to supply 
additional information if necessary in order to verify that a 
particular individual has consented to disclosure.


Sec.  1070.15  Responsibility for responding to requests for CFPB 
records.

    (a) In general. In determining which records are responsive to a 
request, the CFPB ordinarily will include only records in its 
possession as of the date the CFPB begins its search for them. If any 
other date is used, the CFPB shall inform the requester of that date.
    (b) Authority to grant or deny requests. The Chief FOIA Officer 
shall be authorized to grant or deny any request for a record of the 
CFPB.
    (c) Consultations and referrals. (1) When a requested record has 
been created by an agency other than the CFPB, the CFPB shall refer the 
record to the originating agency for a direct response to the 
requester.
    (2) When a FOIA request is received for a record created by the 
CFPB that includes information originated by another agency, the CFPB 
shall consult the originating agency for review and recommendation on 
disclosure. The CFPB shall not release any such records without prior 
consultation with the originating agency.
    (d) Notice of referral. Whenever the CFPB refers all or any part of 
the responsibility for responding to a request to another agency, it 
will notify the requester of the referral and inform the requester of 
the name of each agency to which the request has been referred, in 
whole or in part.


Sec.  1070.16  Timing of responses to requests for CFPB records.

    (a) In general. Except as set forth in paragraphs (b) through (d) 
of this section, and Sec.  1070.17, the CFPB shall respond to requests 
according to their order of receipt.
    (b) Multitrack processing. (1) The CFPB may establish separate 
tracks to process simple and complex requests. The CFPB may assign a 
request to the simple or complex track(s) based on the amount of work 
and/or time needed to process the request. The CFPB shall process 
requests in each track based on the date the request was perfected in 
accordance with Sec.  1070.14(d).
    (2) The CFPB may provide a requester in its complex track with an 
opportunity to limit the scope of the request to qualify for faster 
processing within the specified limits of the simple track(s).
    (c) Time period for responding to requests for records. Ordinarily, 
the CFPB shall have twenty (20) business days from when a request is 
received by the CFPB to determine whether to grant or deny a request 
for records. The twenty (20) business day time period set forth in this 
paragraph shall not be tolled by the CFPB except that the CFPB may:
    (1) Make one reasonable demand to the requester for clarifying 
information about the request and toll the twenty (20) business day 
time period while it awaits the clarifying information; or
    (2) Toll the twenty (20) business day time period while it awaits 
clarification from or addresses any dispute with the requester 
regarding the assessment of fees.
    (d) Unusual circumstances. (1) Where the CFPB determines that due 
to unusual circumstances it cannot respond either to a request within 
the time period set forth in paragraph (c) of this section or to an 
appeal within the time period set forth in Sec.  1070.21, the CFPB may 
extend the applicable time periods by informing the requester in 
writing of the unusual circumstances and of the date by which the CFPB 
expects to complete its processing of the request or appeal. Any 
extension or extensions of time with respect to a request or an appeal 
shall not cumulatively total more than ten (10) business days. However, 
if the CFPB determines that it needs additional time beyond a ten (10) 
business day extension to process the request or appeal, then the CFPB 
shall notify the requester and provide the requester with an 
opportunity to limit the scope of the request or appeal or to arrange 
for an alternative time frame for processing the request or appeal or a 
modified request or appeal. The requester shall retain the right to 
define the desired scope of the request or appeal, as long as it meets 
the requirements contained in this subpart.
    (2) As used in this paragraph, ``unusual circumstances'' means:
    (i) The need to search for and collect the requested records from 
field facilities or other establishments that are separate from the 
office processing the request;
    (ii) The need to search for, collect, and appropriately examine a 
voluminous amount of separate and distinct records which are demanded 
in a single request; or
    (iii) The need for consultation, which shall be conducted with all 
practicable speed, with another Agency having a substantial interest in 
the determination of the request, or among two or more CFPB offices 
having substantial subject matter interest therein.


Sec.  1070.17  Requests for expedited processing.

    (a) In general. The CFPB shall process a request on an expedited 
basis whenever a requester demonstrates a compelling need for expedited 
processing in accordance with the requirements of this paragraph or in 
other cases that the CFPB deems appropriate.
    (b) Form and content of a request for expedited processing. A 
request for expedited processing shall be made as follows:
    (1) A request for expedited processing shall be made in writing and 
submitted as part of a request for records in accordance with Sec.  
1070.14(b). When a request for records includes a request for expedited 
processing, the request shall be labeled ``Expedited Processing 
Requested.''

[[Page 58327]]

    (2) A request for expedited processing shall contain a statement 
that demonstrates a compelling need for the requester to obtain 
expedited processing of the requested records. A ``compelling need'' is 
defined as follows:
    (i) Failure to obtain the requested records on an expedited basis 
could reasonably be expected to pose an imminent threat to the life or 
physical safety of an individual. The requester shall fully explain the 
circumstances warranting such an expected threat so that the CFPB may 
make a reasoned determination that a delay in obtaining the requested 
records could pose such a threat; or
    (ii) With respect to a request made by a person primarily engaged 
in disseminating information, urgency to inform the public concerning 
actual or alleged Federal government activity. A person ``primarily 
engaged in disseminating information'' does not include individuals who 
are engaged only incidentally in the dissemination of information. The 
standard of ``urgency to inform'' requires that the records requested 
pertain to a matter of current exigency to the American public and that 
delaying a response to a request for records would compromise a 
significant recognized interest to and throughout the American general 
public. The requester must adequately explain the matter or activity 
and why the records sought are necessary to be provided on an expedited 
basis.
    (3) The requester shall certify the written statement that purports 
to demonstrate a compelling need for expedited processing to be true 
and correct to the best of the requester's knowledge and belief. The 
certification must be in the form prescribed by 28 U.S.C. 1746: ``I 
declare under penalty of perjury that the foregoing is true and correct 
to the best of my knowledge and belief. Executed on [date].'' The 
requester shall mail or submit electronically a copy of such written 
certification to the Chief FOIA Officer as set forth in Sec.  
1070.14(b). The CFPB may waive this certification requirement in 
appropriate circumstances.
    (c) Determinations of requests for expedited processing. Within ten 
(10) calendar days of its receipt of a request for expedited 
processing, the CFPB shall decide whether to grant it and shall notify 
the requester of the determination in writing.
    (d) Effect of granting requests for expedited processing. If the 
CFPB grants a request for expedited processing, then the CFPB shall 
give the expedited request priority over non-expedited requests and 
shall process the expedited request as soon as practicable. The CFPB 
may assign expedited requests to their own simple and complex 
processing tracks based upon the amount of work and/or time needed to 
process them. Within each such track, an expedited request shall be 
processed in the order of its receipt.
    (e) Appeals of denials of requests for expedited processing. If the 
CFPB denies a request for expedited processing, then the requester 
shall have the right to submit an appeal of the denial determination in 
accordance with Sec.  1070.21. The CFPB shall communicate this appeal 
right as part of its written notification to the requester denying 
expedited processing. The requester shall label its appeal request 
``Appeal for Expedited Processing.'' The CFPB shall act expeditiously 
upon an appeal of a denial of a request for expedited processing.


Sec.  1070.18  Responses to requests for CFPB records.

    (a) Acknowledgements of requests. Upon receipt of a perfected 
request, the CFPB will assign to the request a unique tracking number. 
The CFPB will send an acknowledgement letter to the requester by mail 
or email within ten (10) calendar days of receipt of the request. The 
acknowledgment letter will contain the following information:
    (1) The applicable request tracking number;
    (2) The date of receipt of the request, as determined in accordance 
with section 1070.14(d), as well as the date when the requester may 
expect a response;
    (3) A brief statement identifying the subject matter of the 
request; and
    (4) A confirmation, with respect to any fees that may apply to the 
request pursuant to Sec.  1070.22, that the requester has sought a 
waiver or reduction in such fees, has agreed to pay any and all 
applicable fees, or has specified an upper limit that the requester is 
willing to pay in fees to process the request.
    (b) Initial determination to grant or deny a request. (1) The 
officer designated in Sec.  1070.15(b) to this subpart, or his or her 
delegate, shall make initial determinations either to grant or to deny 
in whole or in part requests for records.
    (2) If the request is granted in full or in part, and if the 
requester requests a copy of the records requested, then a copy of the 
records shall be mailed or emailed to the requester in the requested 
format, to the extent the records are readily producible in the 
requested format. The CFPB shall also send the requester a statement of 
the applicable fees, either at the time of the determination or shortly 
thereafter.
    (3) In the case of a request for inspection, the requester shall be 
notified in writing of the determination, when and where the requested 
records may be inspected, and of the fees incurred in complying with 
the request. The CFPB shall then promptly make the records available 
for inspection at the time and place stated, in a manner that will not 
interfere with CFPB's operations and will not exclude other persons 
from making inspections. The requester shall not be permitted to remove 
the records from the room where inspection is made. If, after making 
inspection, the requester desires copies of all or a portion of the 
requested records, copies shall be furnished upon payment of the 
established fees prescribed by Sec.  1070.22. Fees may be charged for 
search and review time as stated in Sec.  1070.22.
    (4) If it is determined that the request for records should be 
denied in whole or in part, the requester shall be notified by mail or 
by email. The letter of notification shall:
    (i) State the exemptions relied upon in denying the request;
    (ii) If technically feasible, indicate the amount of information 
deleted and the exemptions under which the deletion is made at the 
place in the record where such deletion is made (unless providing such 
indication would harm an interest protected by the exemption relied 
upon to deny such material);
    (iii) Set forth the name and title or position of the responsible 
official;
    (iv) Advise the requester of the right to seek dispute resolution 
services from the Bureau's FOIA Public Liaison or the Office of 
Governmental Information Services;
    (v) Advise the requester of the right to administrative appeal in 
accordance with Sec.  1070.21; and
    (vi) Specify the official or office to which such appeal shall be 
submitted.
    (5) If it is determined, after a reasonable search for records, 
that no responsive records have been found to exist, the requester 
shall be notified in writing or by email. The notification shall also 
advise the requester of the right to administratively appeal the CFPB's 
determination that no responsive records exist (i.e., to challenge the 
adequacy of the CFPB's search for responsive records) in accordance 
with Sec.  1070.21. The response shall specify the official or office 
to which the appeal shall be submitted for review.
    (c) Resolution of disputes. The CFPB is committed to efficiently 
resolving disputes during the request process. The following resources 
are available to

[[Page 58328]]

requesters to resolve any disputes that may arise during the request 
process:
    (1) FOIA Public Liaison. Any request related questions or concerns 
should be directed to the FOIA Public Liaison, who is responsible for 
reducing delays, increasing transparency and understanding of the 
status of requests, and assisting in the resolution of disputes.
    (2) Mediation. The National Archives and Records Administration 
(NARA), Office of Government Information Services (OGIS) offers non-
compulsory, non-binding mediation services to help resolve FOIA 
disputes. A requester may contact OGIS directly at Office of Government 
Information Services, National Archives and Records Administration, 
Room 2510, 8601 Adelphi Road, College Park, MD 20740-6001, Email: 
[email protected], Phone: (301) 837-1996, Fax: (301) 837-0348. This 
information is provided as a public service only. By providing this 
information, the CFPB does not commit to refer disputes to OGIS, or to 
defer to OGIS mediation decisions in particular cases.
    (d) Format of records disclosed. (1) The CFPB will provide records 
in the requested format if the records can readily be reproduced from 
the original file to that specific format.
    (2) The CFPB may charge fees associated with converting records or 
files into the requested format in accordance with Sec.  1070.22.


Sec.  1070.19  Classified information.

    Whenever a request is made for a record containing information that 
another agency has classified, or which may be appropriate for 
classification by another agency under Executive Order 13526 or any 
other executive order concerning the classification of information, the 
CFPB shall refer the responsibility for responding to the request to 
the classifying or originating agency, as appropriate.


Sec.  1070.20  Requests for business information provided to the CFPB.

    (a) In general. Business information provided to the CFPB by a 
business submitter shall not be disclosed pursuant to a FOIA request 
except in accordance with this section.
    (b) Definitions. For purposes of this section:
    (1) Business information means commercial or financial information 
obtained by the CFPB from a submitter that may be protected from 
disclosure under Exemption 4 of the FOIA, 5 U.S.C. 552(b)(4).
    (2) Submitter means any person from whom the CFPB obtains business 
information, directly or indirectly. The term includes, without 
limitation, corporations, State, local, and tribal governments, and 
foreign governments.
    (c) Designation of business information. A submitter of business 
information will use good-faith efforts to designate, by appropriate 
markings, either at the time of submission or at a reasonable time 
thereafter, any portions of its submission that it considers to be 
protected from disclosure under Exemption 4 of the FOIA. These 
designations will expire ten (10) years after the date of the 
submission unless the submitter requests otherwise and provides 
justification for, a longer designation period.
    (d) Notice to submitters. The CFPB shall provide a submitter with 
prompt written notice of receipt of a request or appeal encompassing 
its business information whenever required in accordance with paragraph 
(e) of this section. Such written notice shall either describe the 
exact nature of the business information requested or provide copies of 
the records or portions of records containing the business information. 
When notification of a voluminous number of submitters is required, 
notification may be made by posting or publishing the notice in a place 
reasonably likely to accomplish it.
    (e) When notice is required. (1) The CFPB shall provide a submitter 
with notice of receipt of a request or appeal whenever:
    (i) The information has been designated in good faith by the 
submitter as information considered protected from disclosure under 
Exemption 4; or
    (ii) The CFPB has reason to believe that the information may be 
protected from disclosure under Exemption 4.
    (2) The notice requirements of this paragraph shall not apply if:
    (i) The CFPB determines that the information is exempt under the 
FOIA;
    (ii) The information lawfully has been published or otherwise made 
available to the public;
    (iii) Disclosure of the information is required by statute (other 
than the FOIA) or by a regulation issued in accordance with the 
requirements of Executive Order 12600 (3 CFR, 1988 Comp., p. 235); or
    (iv) The designation made by the submitter under paragraph 
(e)(1)(i) of this section appears obviously frivolous, except that, in 
such a case, the CFPB shall, within a reasonable time prior to a 
specified disclosure date, give the submitter written notice of any 
final decision to disclose the information.
    (f) Opportunity to object to disclosure before release. (1) Through 
the notice described in paragraph (d) of this section, the CFPB shall 
delay any release in order to afford a submitter ten (10) business days 
from the date of the notice to provide the CFPB with a detailed 
statement of any objection to disclosure. Such statement shall specify 
all grounds for withholding any of the information under any exemption 
of the FOIA and, in the case of Exemption 4, shall demonstrate why the 
information is considered to be a trade secret or commercial or 
financial information that is privileged or confidential. In the event 
that a submitter fails to respond to the notice within the time 
specified in it, the submitter shall be considered to have no objection 
to disclosure of the information. Information provided by a submitter 
pursuant to this paragraph may itself be subject to disclosure under 
the FOIA.
    (2) When notice is given to a submitter under this section, the 
requester shall be advised that such notice has been given to the 
submitter. The requester shall be further advised that a delay in 
responding to the request may be considered a denial of access to 
records and that the requester may proceed with an administrative 
appeal or seek judicial review, if appropriate. However, the requester 
will be invited to agree to a voluntary extension of time so that the 
CFPB may review the submitter's objection to disclose, if any.
    (g) Notice of intent to disclose. The CFPB shall consider a 
submitter's objections and specific grounds for nondisclosure prior to 
determining whether to disclose business information. Whenever the CFPB 
decides to disclose business information over the objection of a 
submitter, the CFPB shall forward to the submitter a written notice 
which shall include:
    (1) A statement of the reasons for which the submitter's disclosure 
objections were not sustained;
    (2) A description of the business information to be disclosed; and
    (3) A specified disclosure date which is not less than ten (10) 
business days after the notice of the final decision to release the 
requested information has been mailed to the submitter. Except as 
otherwise prohibited by law, a copy of the disclosure notice shall be 
forwarded to the requester at the same time.
    (h) Notice to submitter of FOIA lawsuit. Whenever a requester 
brings suit seeking to compel disclosure of business information, the 
CFPB shall promptly notify the submitter of that business information 
of the existence of the suit.
    (i) Notice to requester of business information. The CFPB shall 
notify a requester whenever it provides the

[[Page 58329]]

submitter with notice and an opportunity to object to disclosure; 
whenever it notifies the submitter of its intent to disclose the 
requested information; and whenever a submitter files a lawsuit to 
prevent the disclosure of the information.


Sec.  1070.21  Administrative appeals.

    (a) Grounds for administrative appeals. A requester may appeal an 
initial determination of the CFPB, including for the following reasons:
    (1) To deny access to records in whole or in part (as provided in 
Sec.  1070.18(b));
    (2) To assign a particular fee category to the requestor (as 
provided in Sec.  1070.22(b));
    (3) To deny a request for a reduction or waiver of fees (as 
provided in Sec.  1070.22(e));
    (4) That no records exist that are responsive to the request (as 
provided in Sec.  1070.18(b)); or
    (5) To deny a request for expedited processing (as provided in 
Sec.  1070.17(e)).
    (b) Time limits for filing administrative appeals. An appeal, other 
than an appeal of a denial of expedited processing, must be postmarked 
or submitted electronically on a date that is within ninety (90) 
calendar days after the date the initial determination is sent to the 
requester or the date of the letter transmitting the last records 
released, whichever is later. An appeal of a denial of expedited 
processing must be made within ten (10) days of the date of the initial 
determination letter to deny expedited processing (see Sec.  1070.17).
    (c) Form and content of administrative appeals. In order to ensure 
a timely response to an appeal, the appeal shall be made in writing as 
follows:
    (1) If appeal is submitted by mail or delivery service, it shall be 
addressed to and submitted to the officer specified in paragraph (e) of 
this section at the address set forth in 1070.14(b). The appeal shall 
be labeled ``Freedom of Information Act Appeal.''
    (2) If an appeal is submitted by electronic means, it shall be 
addressed to the officer specified in paragraph (e) of this section and 
submitted as set forth on the CFPB's Web site, http://www.consumerfinance.gov. The appeal shall be labeled ``Freedom of 
Information Act Appeal.''
    (3) The appeal shall set forth contact information for the 
requester, including, to the extent available, a mailing address, 
telephone number, or email address at which the CFPB may contact the 
requester regarding the appeal; and
    (4) The appeal shall specify the applicable request tracking 
number, the date of the initial request, and the date of the letter of 
initial determination, and, where possible, enclose a copy of the 
initial request and the initial determination being appealed.
    (d) Processing of administrative appeals. The FOIA office will 
record the date that appeals are received. The receipt of the appeal 
will be acknowledged by the CFPB and the requester will be advised of 
the date the appeal was received, the appeal tracking number, and the 
expected date of response.
    (e) Determinations to grant or deny administrative appeals. The 
General Counsel is authorized to and shall decide whether to affirm the 
initial determination (in whole or in part), to reverse the initial 
determination (in whole or in part) or to remand the initial 
determination to the Chief FOIA Officer for further action and shall 
notify the requester of this decision in writing within twenty (20) 
business days after the date of receipt of the appeal, unless extended 
pursuant to Sec.  1070.16(d).
    (1) If it is decided that the appeal is to be denied (in whole or 
in part) the requester shall be:
    (i) Notified in writing of the denial;
    (ii) Notified of the reasons for the denial, including which of the 
FOIA exemptions were relied upon;
    (iii) Notified of the name and title or position of the official 
responsible for the determination on appeal;
    (iv) Provided with a statement that judicial review of the denial 
is available in the United States District Court for the judicial 
district in which the requester resides or has a principal place of 
business, the judicial district in which the requested records are 
located, or the District of Columbia in accordance with 5 U.S.C. 
552(a)(4)(B); and
    (v) Provided with notification that mediation services are 
available to the requester as a non-exclusive alternative to litigation 
through the Office of Government Information Services in accordance 
with 5 U.S.C. 552(h)(3).
    (2) If the initial determination is reversed on appeal, the 
requester shall be so notified and the request shall be processed 
promptly in accordance with the decision on appeal.
    (3) If the initial determination is remanded on appeal to the Chief 
FOIA Officer for further action, the requester shall be so notified and 
the request shall be processed in accordance with the decision on 
appeal. The remanded request shall be treated as a new request received 
by the CFPB as of the date when the General Counsel transmits the 
remand notification to the requester. The procedures and deadlines set 
forth in this subpart for processing, deciding, responding to, and 
filing administrative appeals of new FOIA requests shall apply to the 
remanded request.
    (f) Adjudication of administrative appeals of requests in 
litigation. An appeal ordinarily will not be adjudicated if the request 
becomes a matter of FOIA litigation.


Sec.  1070.22  Fees for processing requests for CFPB records.

    (a) In general. The CFPB shall determine whether and to what extent 
to charge a requester fees for processing a FOIA request, for the 
services and in the amounts set forth in this paragraph, by determining 
an appropriate fee category for the requester (as set forth in 
paragraph (b) of this section) and then by charging the requester those 
fees applicable to the assigned category (as set forth in paragraph (c) 
of this section), unless circumstances exist (as described in paragraph 
(d) of this section) that render fees inapplicable or inadvisable or 
unless the requester has requested and the CFPB has granted a reduction 
in or waiver of fees (as set forth in paragraph (e) of this section).
    (1) The CFPB shall charge a requester fees for the cost of copying 
or printing records at the rate of $0.10 per page.
    (2) The CFPB shall charge a requester for all time spent by its 
employees searching for records that are responsive to a request. The 
CFPB shall charge the requester fees for search time as follows:
    (i) The CFPB shall charge for search time at the salary rate(s) 
(basic pay plus sixteen (16) percent) of the employee(s) who conduct 
the search. However, the CFPB shall charge search fees at the rate of 
$9.00 per fifteen (15) minutes of search time whenever only 
administrative/clerical employees conduct a search and at the rate of 
$23.00 per fifteen (15) minutes of search time whenever only 
professional/executive employees conduct a search. Search charges shall 
also include transportation of employees and records necessary to the 
search at actual cost. Fees may be charged for search time even if the 
search does not yield any responsive records, or if records are exempt 
from disclosure.
    (ii) The CFPB shall charge the requester for the actual direct 
costs of conducting an electronic records search, including computer 
search time, runs, and output. The CFPB shall also charge for time 
spent by computer operators or programmers (at the rates set forth in 
paragraph (a)(2)(i) of this section) who conduct or assist in the 
conduct of an electronic records search.
    (3) The CFPB shall charge a requester for time spent by its 
employees

[[Page 58330]]

examining responsive records to determine whether any portions of such 
record are exempt from disclosure, pursuant to the FOIA exemptions of 5 
U.S.C. 552(b). The CFPB shall also charge a requester for time spent by 
its employees redacting any such exempt information from a record and 
preparing a record for release to the requester. The CFPB shall charge 
a requester for time spent reviewing records at the salary rate(s) 
(i.e., basic pay plus sixteen (16) percent) of the employees who 
conduct the review. However, the CFPB shall charge review fees at the 
rate of $9.00 per fifteen (15) minutes of search time whenever only 
administrative/clerical employees review records and at the rate of 
$23.00 per fifteen (15) minutes of search time whenever only 
professional/executive employees review records. Fees shall be charged 
for review time even if records ultimately are not disclosed.
    (4) Fees for all services provided shall be charged whether or not 
copies are made available to the requester for inspection. However, no 
fee shall be charged for monitoring a requester's inspection of 
records.
    (5) Other services and materials requested which are not covered by 
this part nor required by the FOIA are chargeable at the actual cost to 
the CFPB. This includes, but is not limited to:
    (i) Certifying that records are true copies; or
    (ii) Sending records by special methods such as express mail, etc.
    (b) Categories of requesters. (1) For purposes of assessing fees as 
set forth in this section, each requester shall be assigned to one of 
the following categories:
    (i) Commercial user refers to one who seeks information for a use 
or purpose that furthers the commercial, trade, or profit interests of 
the requester or the person on whose behalf the request is made, which 
can include furthering those interests through litigation. The CFPB's 
decision to place a requester in the commercial use category will be 
made on a case-by-case basis based on how the requester will use the 
information.
    (ii) Educational institution refers to a preschool, a public or 
private elementary or secondary school, an institution of graduate 
higher education, an institution of undergraduate higher education, an 
institution of professional education, and an institution of vocational 
education, which operates a program or programs of scholarly research.
    (iii) Non-commercial scientific institution refers to an 
institution that is not operated on a ``commercial user'' basis as that 
term is defined in paragraph (b)(2)(i) of this section, and which is 
operated solely for the purpose of conducting scientific research, the 
results of which are not intended to promote any particular product or 
industry.
    (iv) Representative of the news media refers to any person or 
entity that gathers information of potential interest to a segment of 
the public, uses its editorial skills to turn the raw materials into a 
distinct work, and distributes that work to an audience. In this 
paragraph, the term `news' means information that is about current 
events or that would be of current interest to the public. Examples of 
news-media entities are television or radio stations broadcasting to 
the public at large and publishers of periodicals (but only if such 
entities qualify as disseminators of `news') who make their products 
available for purchase by or subscription by or free distribution to 
the general public. Other examples of news media entities include 
online publications and Web sites that regularly deliver news content 
to the public. These examples are not all-inclusive. Moreover, as 
methods of news delivery evolve (for example, the adoption of the 
electronic dissemination of newspapers through telecommunications 
services), such alternative media shall be considered to be news-media 
entities. A freelance journalist shall be regarded as working for a 
news-media entity if the journalist can demonstrate a solid basis for 
expecting publication through that entity, whether or not the 
journalist is actually employed by the entity. A publication contract 
would present a solid basis for such an expectation; the CFPB may also 
consider the past publication record of the requester in making such a 
determination.
    (v) ``Other'' requester refers to a requester who does not fall 
within any of the previously described categories.
    (2) Within twenty (20) calendar days of its receipt of a request, 
the CFPB shall make a determination as to the proper fee category to 
apply to a requester. The CFPB shall inform the requester of the 
determination in the request acknowledgment letter, or if no such 
letter is required, in another writing. Where the CFPB has reasonable 
cause to doubt the use to which a requester will put the records 
sought, or where that use is not clear from the request itself, the 
CFPB should seek additional clarification before assigning the request 
to a specific category.
    (3) If the CFPB assigns to a requester a fee category, then the 
requester shall have the right to submit an appeal of the CFPB's 
determination in accordance with Sec.  1070.21. The CFPB shall 
communicate this appeal right as part of its written notification to 
the requester of an adverse fee category determination. The requester 
shall label its appeal request ``Appeal of Fee Category 
Determination.''
    (c) Fees applicable to each category of requester. The following 
fee schedule applies uniformly throughout the CFPB to requests 
processed under the FOIA. Specific levels of fees are prescribed for 
each category of requester defined in paragraph (b) of this section.
    (1) Commercial users shall be charged the full direct costs of 
searching for, reviewing, and duplicating the records they request. 
Moreover, when a request is received for disclosure that is primarily 
in the commercial interest of the requester, the CFPB is not required 
to consider a request for a waiver or reduction of fees based upon the 
assertion that disclosure would be in the public interest. The CFPB may 
recover the cost of searching for and reviewing records even if there 
is ultimately no disclosure of records or no records are located.
    (2) Educational and non-commercial scientific institution 
requesters shall be charged only for the cost of duplicating the 
records they request, except that the CFPB shall provide the first one 
hundred (100) pages of duplication free of charge. To be eligible, 
requesters must show that the request is made under the auspices of a 
qualifying institution and that the records are not sought for a 
commercial use, but are sought in furtherance of scholarly (if the 
request is from an educational institution) or scientific (if the 
request is from a non-commercial scientific institution) research. 
These categories do not include requesters who want records for use in 
meeting individual academic research or study requirements.
    (3) Representatives of the news media shall be charged only for the 
cost of duplicating the records they request, except that the CFPB 
shall provide them with the first one hundred (100) pages of 
duplication free of charge.
    (4) Other requesters who do not fit any of the categories described 
above shall be charged the full direct cost of searching for and 
duplicating records that are responsive to the request, except that the 
CFPB shall provide the first one hundred (100) pages of duplication and 
the first two hours of search time free of charge. The CFPB may recover 
the cost of searching for records even if there is ultimately no 
disclosure of records, or no records are located. Requests from persons 
for

[[Page 58331]]

records about themselves filed in the CFPB's systems of records shall 
continue to be treated under the fee provisions of the Privacy Act of 
1974, 5 U.S.C. 552a, which permit fees only for duplication, after the 
first one hundred (100) pages are furnished free of charge.
    (d) Other circumstances when fees are not charged. Notwithstanding 
paragraphs (b) and (c) of this section, the CFPB may not charge a 
requester a fee for processing a FOIA request if any of the following 
applies:
    (1) The cost of collecting a fee would be equal to or greater than 
the fee itself;
    (2) The fee is less than $250, excluding duplication costs;
    (3) The fees were waived or reduced in accordance with paragraph 
(e) of this section;
    (4) If the CFPB fails to comply with any time limit under Sec.  
1070.15 or Sec.  1070.21, then the CFPB shall not assess search fees, 
or if the requester is a representative of the news media or an 
educational or noncommercial scientific institution, then the CFPB 
shall not assess duplication fees, unless the CFPB has:
    (i) Determined that unusual circumstances apply to the processing 
of the request;
    (ii) Provided timely written notice to the requester of the unusual 
circumstances in accordance with Sec.  1070.16(d);
    (iii) Determined that more than 5,000 pages are necessary to 
respond to the request; and
    (iv) Discussed with the requester via mail, email, or telephone (or 
made not less than three good-faith attempts to do so) how the 
requester could effectively limit the scope of the request.
    (5) If the CFPB determines, as a matter of administrative 
discretion, that waiving or reducing the fees would serve the interest 
of the United States Government.
    (e) Waiver or reduction of fees. (1) A requester shall be entitled 
to receive from the CFPB a waiver or reduction in the fees otherwise 
applicable to a FOIA request whenever the requester:
    (i) Requests such waiver or reduction of fees in writing as part of 
the FOIA request;
    (ii) Labels the request for waiver or reduction of fees ``Fee 
Waiver or Reduction Requested'' on the FOIA request; and
    (iii) Demonstrates that the fee reduction or waiver request that a 
waiver or reduction of the fees is in the public interest because:
    (A) Furnishing the information is likely to contribute 
significantly to public understanding of the operations or activities 
of the government; and
    (B) Furnishing the information is not primarily in the commercial 
interest of the requester.
    (2) To determine whether the requester has satisfied the 
requirements of paragraph (e)(1)(iii)(A), the CFPB shall consider the 
following factors:
    (i) The subject of the requested records must concern identifiable 
operations or activities of the Federal government, with a connection 
that is direct and clear, and not remote or attenuated.
    (ii) The disclosable portions of the requested records must be 
meaningfully informative about government operations or activities in 
order to be ``likely to contribute'' to an increased public 
understanding of those operations or activities. The disclosure of 
information that already is in the public domain, in either a 
duplicative or a substantially similar form, is not as likely to 
contribute to the public's understanding.
    (iii) The disclosure must contribute to the understanding of a 
reasonably broad audience of persons interested in the subject, as 
opposed to the individual understanding of the requester. A requester's 
expertise in the subject area and ability and intention to effectively 
convey information to the public shall be considered. It shall be 
presumed that a representative of the news media will satisfy this 
consideration.
    (iv) The public's understanding of the subject in question, as 
compared to the level of public understanding existing prior to the 
disclosure, must be enhanced by the disclosure to a significant extent.
    (3) To determine whether the requester has satisfied the 
requirements of paragraph (e)(1)(iii)(B), the CFPB shall consider the 
following factors:
    (i) The CFPB shall consider any commercial interest of the 
requester (with reference to the definition of ``commercial user'' in 
(b)(1)(i) of this section), or of any person on whose behalf the 
requester may be acting, that would be furthered by the requested 
disclosure. Requesters shall be given an opportunity in the 
administrative process to provide explanatory information regarding 
this consideration.
    (ii) A fee waiver or reduction is justified where the public 
interest standard is satisfied and that public interest is greater in 
magnitude than that of any identified commercial interest in 
disclosure. The CFPB ordinarily shall presume that where a news media 
requester has satisfied the public interest standard, the public 
interest will be the interest primarily served by disclosure to that 
requester. Disclosure to data brokers or others who merely compile and 
market government information for direct economic return shall not be 
presumed to primarily serve the public interest.
    (4) Where only some of the records to be released satisfy the 
requirements for a waiver of fees, a waiver shall be granted for those 
records.
    (5) If the CFPB denies a request to reduce or waive fees, then the 
CFPB shall advise the requester, in the denial notification letter, 
that the requester may incur fees if the CFPB proceeds to process the 
request. The notification letter shall also advise the requester that 
the CFPB will not proceed to process the request further unless the 
requester, in writing, directs the CFPB to do so and either agrees to 
pay any fees that may apply to processing the request or specifies an 
upper limit that the requester is willing to pay to process the 
request. If the CFPB does not receive this written direction and 
agreement/specification within thirty (30) calendar days of the date of 
the denial notification letter, then the CFPB shall deem the request to 
be withdrawn.
    (6) If the CFPB denies a request to reduce or waive fees, then the 
requester shall have the right to submit an appeal of the denial 
determination in accordance with Sec.  1070.21. The CFPB shall 
communicate this appeal right as part of its written notification to 
the requester denying the fee reduction or waiver request. The 
requester should label its appeal request ``Appeal for Fee Reduction/
Waiver.''
    (f) Advance notice and prepayment of fees. (1) The CFPB shall 
notify a requester of the estimated fees for processing a request and 
provide a breakdown of the fees attributable to search, review, and 
duplication, when the estimated fees are $250 or more and:
    (i) The fees exceed the limit set by the requester;
    (ii) The requester did not specify a limit; or
    (iii) The CFPB has denied a request for a reduction or waiver of 
fees.
    The requester must provide an agreement to pay the estimated fees; 
however, the requester shall also be given an opportunity to 
reformulate the request in an attempt to reduce fees.
    (2) If the fees are estimated to exceed $1000, the requester must 
pre-pay such amount prior to the processing of the request, or provide 
satisfactory assurance of full payment if the requester has a history 
of prompt payment of FOIA fees. The requester shall also be given an 
opportunity to reformulate the request in such a way as to lower the 
applicable fees.

[[Page 58332]]

    (3) The CFPB reserves the right to request prepayment after a 
request is processed and before documents are released.
    (4) If a requester has previously failed to pay a fee within thirty 
(30) calendar days of the date of the billing, the requester shall be 
required to pay the full amount owed plus any applicable interest and 
to make an advance payment of the full amount of the estimated fee 
before the CFPB begins to process a new request or the pending request.
    (5) When the CFPB acts under paragraphs (f)(1) through (4) of this 
section, the statutory time limits of twenty (20) days (excluding 
Saturdays, Sundays, and legal public holidays) from receipt of initial 
requests or appeals, plus extensions of these time limits, shall begin 
only after fees have been paid, a written agreement to pay fees has 
been provided, or a request has been reformulated.
    (g) Form of payment. Payment may be tendered as set forth on the 
CFPB's Web site, http://www.consumerfinance.gov.
    (h) Charging interest. The CFPB may charge interest on any unpaid 
bill starting on the 31st day following the date of billing the 
requester. Interest charges will be assessed at the rate provided in 31 
U.S.C. 3717 and will accrue from the date of the billing until payment 
is received by the CFPB. The CFPB will follow the provisions of the 
Debt Collection Act of 1982 (Pub. L. 97-365, 96 Stat. 1749), as 
amended, and its administrative procedures, including the use of 
consumer reporting agencies, collection agencies, and offset.
    (i) Aggregating requests. Where the CFPB reasonably believes that a 
requester or a group of requesters acting together is attempting to 
divide a request into a series of requests for the purpose of avoiding 
fees, the CFPB may aggregate those requests and charge accordingly. The 
CFPB may presume that multiple requests of this type made within a 
thirty (30) day period have been made in order to avoid fees. Where 
requests are separated by a longer period, the CFPB will aggregate them 
only where there exists a solid basis for determining that aggregation 
is warranted under all the circumstances involved. Multiple requests 
involving unrelated matters will not be aggregated.


Sec.  1070.23  Authority and responsibilities of the Chief FOIA 
Officer.

    (a) Chief FOIA Officer. The Director authorizes the Chief FOIA 
Officer to act upon all requests for agency records, with the exception 
of determining appeals from the initial determinations of the Chief 
FOIA Officer, which will be decided by the General Counsel. The Chief 
FOIA officer shall, subject to the authority of the Director:
    (1) Have CFPB-wide responsibility for efficient and appropriate 
compliance with the FOIA;
    (2) Monitor implementation of the FOIA throughout the CFPB and keep 
the Director, the General Counsel, and the Attorney General 
appropriately informed of the CFPB's performance in implementing the 
FOIA;
    (3) Recommend to the Director such adjustments to agency practices, 
policies, personnel and funding as may be necessary to improve the 
Chief FOIA Officer's implementation of the FOIA;
    (4) Review and report to the Attorney General, through the 
Director, at such times and in such formats as the Attorney General may 
direct, on the CFPB's performance in implementing the FOIA;
    (5) Facilitate public understanding of the purposes of the 
statutory exemptions of the FOIA by including concise descriptions of 
the exemptions in both the CFPB's handbook and the CFPB's annual report 
on the FOIA, and by providing an overview, where appropriate, of 
certain general categories of CFPB records to which those exemptions 
apply;
    (6) Designate one or more FOIA Public Liaisons;
    (7) Offer Training to Bureau staff regarding their responsibilities 
under the FOIA;
    (8) Serve as the primary Bureau liaison with the Office of 
Government Information Services and the Office of Information Policy; 
and
    (9) Maintain and update, as necessary and in accordance with the 
requirements of this subpart, the CFPB's FOIA Web site, including its 
e-FOIA Library.
    (b) FOIA Public Liaisons. FOIA Public Liaisons shall report to the 
Chief FOIA Officer and shall serve as supervisory officials to whom a 
requester can raise concerns about the service the requester has 
received from the CFPB's FOIA office, following an initial response 
from the FOIA office staff. FOIA Public Liaisons shall be responsible 
for assisting in reducing delays, increasing transparency and 
understanding of the status of requests, and assisting in the 
resolution of disputes.

Subpart C--Disclosure of CFPB Information in Connection with Legal 
Proceedings


Sec.  1070.30  Purpose and scope; definitions.

    (a) This subpart sets forth the procedures to be followed with 
respect to subpoenas, court orders, or other requests or demands for 
any CFPB information, whether contained in the files of the CFPB or 
acquired by a CFPB employee as part of the performance of that 
employee's duties or by virtue of employee's official status.
    (b) This subpart does not apply to requests for official 
information made pursuant to subparts B, D, and E of this part.
    (c) This subpart does not apply to requests for information made in 
the course of adjudicating claims against the CFPB by CFPB employees 
(present or former) or applicants for CFPB employment for which 
jurisdiction resides with the U.S. Equal Employment Opportunity 
Commission, the U.S. Merit Systems Protection Board, the Office of 
Special Counsel, the Federal Labor Relations Authority, or their 
successor agencies, or a labor arbitrator operating under a collective 
bargaining agreement between the CFPB and a labor organization 
representing CFPB employees.
    (d) This subpart is intended only to inform the public about CFPB 
procedures concerning the service of process and responses to 
subpoenas, summons, or other demands or requests for official 
information or action and is not intended to and does not create, and 
may not be relied upon to create any right or benefit, substantive or 
procedural, enforceable at law by a party against the CFPB or the 
United States.
    (e) For purposes of this subpart:
    (1) Demand means a subpoena or order for official information, 
whether contained in CFPB records or through testimony, related to or 
for possible use in a legal proceeding.
    (2) Legal proceeding encompasses all pre-trial, trial, and post-
trial stages of all judicial or administrative actions, hearings, 
investigations, or similar proceedings before courts, commissions, 
boards, grand juries, arbitrators, or other judicial or quasi-judicial 
bodies or tribunals, whether criminal, civil, or administrative in 
nature, and whether foreign or domestic. This phrase includes all 
stages of discovery as well as formal or informal requests by 
attorneys, their agents, or others involved in legal proceedings.
    (3) Official Information means all information of any kind, however 
stored, that is in the custody and control of the CFPB or was acquired 
by CFPB employees, or former employees as part of their official duties 
or because of their official status while such individuals were 
employed by or served on behalf of the CFPB. Official information also 
includes any information acquired by CFPB employees or former employees

[[Page 58333]]

while such individuals were engaged in matters related to consumer 
financial protection functions prior to the employees' transfer to the 
CFPB pursuant to Subtitle F of the Consumer Financial Protection Act of 
2010.
    (4) Request means any request for official information in the form 
of testimony, affidavits, declarations, admissions, responses to 
interrogatories, document production, inspections, or formal or 
informal interviews, during the course of a legal proceeding, including 
pursuant to the Federal Rules of Civil Procedure, the Federal Rules of 
Criminal Procedure, or other applicable rules of procedure.
    (5) Testimony means a statement in any form, including personal 
appearances before a court or other legal tribunal, interviews, 
depositions, telephonic, televised, or videographed statements or any 
responses given during discovery or similar proceeding in the course of 
litigation.


Sec.  1070.31  Service of subpoenas, court orders, and other demands 
for CFPB information or action.

    (a) Except in cases in which the CFPB is represented by legal 
counsel who have entered an appearance or otherwise given notice of 
their representation, only the General Counsel is authorized to receive 
and accept subpoenas or other demands or requests directed to the CFPB 
or its employees, whether civil or criminal in nature, for:
    (1) Records of the CFPB;
    (2) Official information including, but not limited to, testimony, 
affidavits, declarations, admissions, responses to interrogatories, or 
informal statements, relating to material contained in the files of the 
CFPB or which any CFPB employee acquired in the course and scope of the 
performance of his or her official duties;
    (3) Garnishment or attachment of compensation of current or former 
employees; or
    (4) The performance or non-performance of any official CFPB duty.
    (b) Documents described in paragraph (a) of this section should be 
served upon the General Counsel, Consumer Financial Protection Bureau, 
1700 G Street NW., Washington, DC 20552. Service must be effected as 
provided in applicable rules and regulations governing service in 
Federal judicial and administrative proceedings. Acceptance of such 
documents by the General Counsel does not constitute a waiver of any 
defense that might otherwise exist with respect to service under the 
Federal Rules of Civil or Criminal Procedure or other applicable laws 
or regulations.
    (c) In the event that any demand or request described in paragraph 
(a) of this section is sought to be delivered to a CFPB employee other 
than in the manner prescribed in paragraph (b) of this section, such 
employee shall decline service and direct the server of process to 
these regulations. If the demand or request is nonetheless delivered to 
the employee, the employee shall immediately notify, and deliver a copy 
of that document to, the General Counsel.
    (d) The CFPB is not an agent for service for, or otherwise 
authorized to accept on behalf of its employees, any subpoenas, orders, 
or other demands or requests, which are not related to the employees' 
official duties.
    (e) Copies of any subpoenas, orders, or other demands or requests 
that are directed to former employees of the CFPB in connection with 
the performance of official CFPB duties shall also be served upon the 
General Counsel. The CFPB shall not, however, serve as an agent for 
service for the former employee, nor is the CFPB otherwise authorized 
to accept service on behalf of its former employees. If the demand 
involves their official duties as CFPB employees, former employees who 
receive subpoenas, orders, or similar compulsory process should also 
notify, and deliver a copy of the document to, the General Counsel.


Sec.  1070.32  Testimony and production of documents prohibited unless 
approved by the General Counsel.

    (a) Unless authorized by the General Counsel, no employee or former 
employee of the CFPB shall, in response to a demand or a request 
provide oral or written testimony by deposition, declaration, 
affidavit, or otherwise concerning any official information.
    (b) Unless authorized by the General Counsel, no employee or former 
employee shall, in response to a demand or request, produce any 
document or any material acquired as part of the performance of that 
employee's duties or by virtue of that employee's official status.


Sec.  1070.33  Procedure when testimony or production of documents is 
sought; general.

    (a) If, as part of a proceeding in which the United States or the 
CFPB is not a party, official information is sought through a demand 
for testimony, CFPB records, or other material, the party seeking such 
information must (except as otherwise required by Federal law or 
authorized by the General Counsel) set forth in writing:
    (1) The title and forum of the proceeding, if applicable;
    (2) A detailed description of the nature and relevance of the 
official information sought;
    (3) A showing that other evidence reasonably suited to the 
requester's needs is not available from any other source; and
    (4) If testimony is requested, the intended use of the testimony, a 
general summary of the desired testimony, and a showing that no 
document could be provided and used in lieu of testimony.
    (b) To the extent he or she deems necessary or appropriate, the 
General Counsel may also require from the party seeking such 
information a plan of all reasonably foreseeable demands, including but 
not limited to the names of all employees and former employees from 
whom testimony or discovery will be sought, areas of inquiry, expected 
duration of proceedings requiring oral testimony, identification of 
potentially relevant documents, or any other information deemed 
necessary to make a determination. The purpose of this requirement is 
to assist the General Counsel in making an informed decision regarding 
whether testimony, the production of documents, or the provision of 
other information should be authorized.
    (c) The General Counsel may consult or negotiate with an attorney 
for a party, or the party if not represented by an attorney, to refine 
or limit a request or demand so that compliance is less burdensome.
    (d) The General Counsel will notify the CFPB employee and such 
other persons as circumstances may warrant of his or her decision 
regarding compliance with the request or demand.


Sec.  1070.34  Procedure when response to demand is required prior to 
receiving instructions.

    (a) If a response to a demand described in Sec.  1070.34 is 
required before the General Counsel renders a decision, the CFPB will 
request that the appropriate CFPB attorney or an attorney of the 
Department of Justice, as appropriate, take steps to stay, postpone, or 
obtain relief from the demand pending decision. If necessary, the 
attorney will:
    (1) Appear with the employee upon whom the demand has been made;
    (2) Furnish the court or other authority with a copy of the 
regulations contained in this subpart;
    (3) Inform the court or other authority that the demand has been, 
or is being, as the case may be, referred for the prompt consideration 
of the appropriate CFPB official; and

[[Page 58334]]

    (4) Request the court or authority to stay the demand pending 
receipt of the requested instructions.
    (b) In the event that an immediate demand for production or 
disclosure is made in circumstances which would preclude the proper 
designation or appearance of an attorney of the CFPB or the Department 
of Justice on the employee's behalf, the employee, if necessary, shall 
request from the demanding court or authority a reasonable stay of 
proceedings for the purpose of obtaining instructions from the General 
Counsel.


Sec.  1070.35  Procedure in the event of an adverse ruling.

    If a stay of, or other relief from, the effect of a demand made 
pursuant to Sec. Sec.  1070.33 and 1070.34 is declined or not obtained, 
or if the court or other judicial or quasi-judicial authority declines 
to stay the effect of the demand made pursuant to Sec. Sec.  1070.33 
and 1070.34, or if the court or other authority rules that the demand 
must be complied with irrespective of the General Counsel's 
instructions not to produce the material or disclose the information 
sought, the employee upon whom the demand has been made shall decline 
to comply with the demand citing this subpart and United States ex rel. 
Touhy v. Ragen, 340 U.S. 462 (1951).


Sec.  1070.36  Considerations in determining whether the CFPB will 
comply with a demand or request.

    (a) In deciding whether to comply with a demand or request, CFPB 
officials and attorneys shall consider, among other pertinent 
considerations:
    (1) Whether such compliance would be unduly burdensome or otherwise 
inappropriate under the applicable rules of discovery or the rules of 
procedure governing the case or matter in which the demand arose;
    (2) Whether the number of similar requests would have a cumulative 
effect on the expenditure of CFPB resources;
    (3) Whether compliance is appropriate under the relevant 
substantive law concerning privilege or disclosure of information;
    (4) The public interest;
    (5) The need to conserve the time of CFPB employees for the conduct 
of official business;
    (6) The need to avoid spending time and money of the United States 
for private purposes;
    (7) The need to maintain impartiality between private litigants in 
cases where a substantial government interest is not implicated;
    (8) Whether compliance would have an adverse effect on performance 
by the CFPB of its mission and duties;
    (9) The need to avoid involving the CFPB in controversial issues 
not related to its mission;
    (10) Whether compliance would interfere with supervisory 
examinations, compromise the CFPB's supervisory functions or programs, 
or undermine public confidence in supervised financial institutions; 
and
    (11) Whether compliance would interfere with the CFPB's ability to 
monitor for risks to consumers in the offering or provision of consumer 
financial products and services.
    (b) Among those demands and requests in response to which 
compliance will not ordinarily be authorized are those with respect to 
which any of the following factors, inter alia, exist:
    (1) Compliance would violate a statute or applicable rule of 
procedure;
    (2) Compliance would violate a specific regulation or Executive 
order;
    (3) Compliance would reveal information properly classified in the 
interest of national security;
    (4) Compliance would reveal confidential or privileged commercial 
or financial information or trade secrets without the owner's consent;
    (5) Compliance would compromise the integrity of the deliberative 
processes of the CFPB;
    (6) Compliance would not be appropriate or necessary under the 
relevant substantive law governing privilege;
    (7) Compliance would reveal confidential information; or
    (8) Compliance would interfere with ongoing investigations or 
enforcement proceedings, compromise constitutional rights, or reveal 
the identity of a confidential informant.
    (c) The CFPB may condition disclosure of official information 
pursuant to a request or demand on the entry of an appropriate 
protective order.


Sec.  1070.37  Prohibition on providing expert or opinion testimony.

    (a) Except as provided in this section, and subject to 5 CFR 
2635.805, CFPB employees or former employees shall not provide opinion 
or expert testimony based upon information which they acquired in the 
scope and performance of their official CFPB duties, except on behalf 
of the CFPB or the United States or a party represented by the CFPB, or 
the Department of Justice, as appropriate.
    (b) Any expert or opinion testimony by a former employee of the 
CFPB shall be excepted from paragraph (a) of this section where the 
testimony involves only general expertise gained while employed at the 
CFPB.
    (c) Upon a showing by the requestor of exceptional need or unique 
circumstances and that the anticipated testimony will not be adverse to 
the interests of the United States, the General Counsel may, consistent 
with 5 CFR 2635.805, exercise his or her discretion to grant special, 
written authorization for CFPB employees, or former employees, to 
appear and testify as expert witnesses at no expense to the United 
States.
    (d) If, despite the final determination of the General Counsel, a 
court of competent jurisdiction or other appropriate authority orders 
the appearance and expert or opinion testimony of a current or former 
CFPB employee, that person shall immediately inform the General Counsel 
of such order. If the General Counsel determines that no further legal 
review of or challenge to the court's order will be made, the CFPB 
employee, or former employee, shall comply with the order. If so 
directed by the General Counsel, however, the employee, or former 
employee, shall decline to testify.

Subpart D--Confidential Information


Sec.  1070.40  Purpose and scope.

    This subpart does not apply to requests for official information 
made pursuant to subparts B, C, or E of this part.


Sec.  1070.41  Non-disclosure of confidential information.

    (a) Non-disclosure. Except as required by law or as provided in 
this part, no current or former employee or contractor or consultant of 
the CFPB, or any other person in possession of confidential 
information, shall disclose such confidential information by any means 
(including written or oral communications) or in any format (including 
paper and electronic formats), to:
    (1) Any person who is not an employee, contractor, or consultant of 
the CFPB; or
    (2) Any CFPB employee, contractor, or consultant when the 
disclosure of such confidential information to that employee, 
contractor, or consultant is not relevant to the performance of the 
employee's, contractor's, or consultant's assigned duties.
    (b) Disclosures to contractors and consultants. CFPB contractors or 
consultants must treat confidential information in accordance with this 
part, other Federal laws and regulations

[[Page 58335]]

that apply to Federal agencies for the protection of the 
confidentiality of personally identifiable information and for data 
security and integrity, as well as any additional conditions or 
limitations that the CFPB may impose.
    (c) Disclosure of materials derived from confidential information. 
The CFPB may, in its discretion, disclose materials that it derives 
from or creates using confidential information to the extent that such 
materials do not identify, either directly or indirectly, any 
particular person to whom the confidential information pertains.
    (d) Disclosure of confidential information with consent. Where 
practicable, the CFPB may, in its discretion and in accordance with 
applicable law, disclose confidential information that directly or 
indirectly identifies particular persons if the CFPB obtains prior 
consent from such persons to make the disclosure.
    (e) Nondisclosure of confidential information provided to the CFPB 
by other agencies. Nothing in this subpart requires or authorizes the 
CFPB to disclose confidential information that another agency has 
provided to the CFPB to the extent that such disclosure contravenes 
applicable law or the terms of any agreement that exists between the 
CFPB and the agency to govern the CFPB's treatment of information that 
the agency provides to the CFPB.


Sec.  1070.42  Disclosure of confidential supervisory information and 
confidential investigative information.

    (a) Discretionary disclosure of confidential supervisory 
information or confidential investigative information by the CFPB. The 
CFPB may, in its discretion, and to the extent consistent with 
applicable law, disclose confidential supervisory information or 
confidential investigative information concerning a person, its 
affiliates, or its service providers to that person, its affiliates, or 
its service providers.
    (b) Disclosure of confidential supervisory information or 
confidential investigative information by the recipients of the 
information. Unless directed otherwise by the Associate Director for 
Supervision, Enforcement, and Fair Lending:
    (1) Any person lawfully in possession of confidential supervisory 
information or confidential investigative information provided directly 
to it by the CFPB pursuant to this section may disclose such 
information, or portions thereof, to its affiliates and to the 
following individuals to the extent that the disclosure of such 
confidential supervisory information or confidential investigative 
information is relevant to the performance of such individuals' 
assigned duties:
    (i) Its directors, officers, trustees, members, general partners, 
or employees; and
    (ii) The directors, officers, trustees, members, general partners, 
or employees of its affiliates.
    (2) Any person lawfully in possession of confidential supervisory 
information or confidential investigative information provided directly 
to it by the CFPB pursuant to this section may disclose such 
information, or portions thereof, to:
    (i) Its certified public accountant, legal counsel, contractor, 
consultant, or service provider;
    (ii) Its insurance provider pursuant to a claim made under an 
existing policy, provided that the Bureau has not precluded 
indemnification or reimbursement for the claim; information disclosed 
pursuant to this subparagraph may be used by the insurance provider 
solely for purposes of administering such a claim; or
    (iii) Another person, with the prior written approval of the 
Associate Director for Supervision, Enforcement, and Fair Lending.
    (3) Where a person discloses confidential supervisory information 
or confidential investigative information pursuant to paragraph (b) of 
this section:
    (i) The recipient of such confidential supervisory information or 
confidential investigative information shall not, without the prior 
written approval of the Associate Director for Supervision, 
Enforcement, and Fair Lending, utilize, make, or retain copies of, or 
disclose confidential supervisory information or confidential 
investigative information for any purpose, except as is necessary to 
provide advice or services to the person or its affiliate; and
    (ii) The person disclosing the confidential supervisory information 
or confidential investigative information shall take reasonable steps 
to ensure that the recipient complies with paragraph (b)(3)(i) of this 
section.


Sec.  1070.43  Disclosure of confidential information to agencies.

    (a) Required disclosure of confidential information to agencies. 
The CFPB shall:
    (1) Disclose a draft of a report of examination of a supervised 
financial institution prior to its finalization, in accordance with 12 
U.S.C. 5515(e)(1)(C), and disclose a final report of examination, 
including any and all revisions made to such a report, to a Federal or 
State agency with jurisdiction over that supervised financial 
institution, provided that the CFPB receives from the agency reasonable 
assurances as to the confidentiality of the information disclosed; and
    (2) Disclose confidential consumer complaint information to a 
Federal or State agency to facilitate preparation of reports to 
Congress required by 12 U.S.C. 5493(b)(3)(C) and to facilitate the 
CFPB's supervision and enforcement activities and its monitoring of the 
market for consumer financial products and services, provided that the 
agency shall first give written assurance to the CFPB that it will 
maintain such information in confidence, including in a manner that 
conforms to the standards that apply to Federal agencies for the 
protection of the confidentiality of personally identifiable 
information and for data security and integrity.
    (b) Discretionary disclosure of confidential information to 
agencies. (1) Upon receipt of a written request that contains the 
information required by paragraph (b)(2) of this section, the CFPB may, 
in its discretion, disclose confidential information to an Agency to 
the extent that the disclosure of the information is relevant to the 
exercise of the Agency's statutory or regulatory authority.
    (2) To obtain access to confidential information pursuant to 
paragraph (b)(1) of this section, an authorized officer or employee of 
the agency shall submit a written request to the CFPB's Associate 
Director for Supervision, Enforcement, and Fair Lending at 
[email protected] or at 1700 G Street NW., Washington, DC 20552. 
The request shall include the following:
    (i) A description of the particular information, kinds of 
information, and where possible, the particular documents to which 
access is sought;
    (ii) A statement of the purpose for which the information will be 
used;
    (iii) A statement certifying and identifying the Agency's statutory 
or regulatory authority that is relevant to the requested information, 
as required by paragraph (b)(1) of this section;
    (iv) A statement certifying and identifying the agency's legal 
authority for protecting the requested information from public 
disclosure; and
    (v) A certification that the agency will maintain the requested 
confidential information in confidence, including in a manner that 
conforms to the standards that apply to Federal agencies for the 
protection of the confidentiality of personally identifiable 
information and for data security and integrity, as well as any 
additional conditions or limitations that the CFPB may impose.
    (c) Negotiation of standing requests. The CFPB may negotiate terms 
governing the exchange of confidential

[[Page 58336]]

information with Agencies on a standing basis, as appropriate.


Sec.  1070.44  Disclosure of confidential consumer complaint 
information.

    The CFPB may, to the extent permitted by law, disclose confidential 
consumer complaint information as it deems necessary to investigate, 
resolve, or otherwise respond to consumer complaints or inquiries 
concerning consumer financial products and services or a violation of 
Federal consumer financial law.


Sec.  1070.45  Affirmative disclosure of confidential information.

    (a) The CFPB may disclose confidential information, in accordance 
with applicable law, as follows:
    (1) To a CFPB employee, as that term is defined in Sec.  1070.2 and 
in accordance with Sec.  1070.41;
    (2) To either House of the Congress or to an appropriate committee 
or subcommittee of the Congress, as set forth in 12 U.S.C. 5562(d)(2), 
provided that, upon the receipt by the CFPB of a request from the 
Congress for confidential information that a financial institution 
submitted to the CFPB along with a claim that such information consists 
of a trade secret or privileged or confidential commercial or financial 
information, or confidential supervisory information, the CFPB may 
notify the financial institution in writing of its receipt of the 
request and provide the institution with a copy of the request;
    (3) In investigational hearings and witness interviews, or 
otherwise in the investigation and administration of enforcement 
actions, as is reasonably necessary, at the discretion of the CFPB;
    (4) In or related to an administrative or court proceeding to which 
the CFPB is a party. In the case of confidential investigative 
information that contains any trade secret or privileged or 
confidential commercial or financial information, as claimed by 
designation by the submitter of such material, or confidential 
supervisory information, the submitter, or the CFPB, in its discretion, 
may seek an appropriate order prior to disclosure of such material in a 
proceeding;
    (5) In CFPB personnel matters, as necessary and subject to 
appropriate protections;
    (6) To Agencies in summary form to the extent necessary to confer 
with such Agencies about matters relevant to the exercise of the 
Agencies' statutory or regulatory authority; or
    (7) As required under any other applicable law.


Sec.  1070.46  Other disclosures of confidential information.

    (a) To the extent permitted by law and as authorized by the 
Director in writing, the CFPB may disclose confidential information 
other than as set forth in this subpart.
    (b) Prior to disclosing confidential information pursuant to 
paragraph (a) of this section, the CFPB may, as it deems appropriate 
under the circumstances, provide written notice to the person to whom 
the confidential information pertains that the CFPB intends to disclose 
its confidential information in accordance with this section.
    (c) The authority of the Director to disclose confidential 
information pursuant to paragraph (a) of this section shall not be 
delegated. However, a person authorized to perform the functions of the 
Director in accordance with law may exercise the authority of the 
Director as set forth in this section.


Sec.  1070.47  Other rules regarding the disclosure of confidential 
information.

    (a) Further disclosure prohibited. (1) All confidential information 
made available under this subpart shall remain the property of the 
CFPB, unless the Associate Director for Supervision, Enforcement, and 
Fair Lending provides otherwise in writing.
    (2) Except as set forth in this subpart, no supervised financial 
institution, Agency, any officer, director, employee or agent thereof, 
or any other person to whom the confidential information is made 
available under this subpart, may further disclose such confidential 
information without the prior written permission of the Associate 
Director for Supervision, Enforcement, and Fair Lending.
    (3) No person obtaining access to confidential information pursuant 
to this subpart may make a personal copy of any such information, and 
no person may remove confidential information from the premises of the 
institution or agency in possession of such information except as 
permitted under this subpart or by the CFPB.
    (b) Third party requests for information. (1) A supervised 
financial institution, agency, any officer, director, employee or agent 
thereof, or any other person to whom the CFPB's confidential 
information is made available under this subpart, that receives from a 
third party a legally enforceable demand or request for such 
confidential information (including but not limited to, a subpoena or 
discovery request or a request made pursuant to the Freedom of 
Information Act, 5 U.S.C. 552, the Privacy Act of 1974, 5 U.S.C. 552a, 
or any State analogue to such statutes) should:
    (i) Inform the General Counsel of such request or demand in writing 
and provide the General Counsel with a copy of such request or demand 
as soon as practicable after receiving it;
    (ii) To the extent permitted by applicable law, advise the 
requester that:
    (A) The confidential information sought may not be disclosed 
insofar as it is the property of the CFPB; and
    (B) Any request for the disclosure of such confidential information 
is properly directed to the CFPB pursuant to its regulations set forth 
in this part.
    (iii) Consult with the General Counsel before complying with the 
request or demand, and to the extent applicable:
    (A) Give the CFPB a reasonable opportunity to respond to the demand 
or request;
    (B) Assert all reasonable and appropriate legal exemptions or 
privileges that the CFPB may request be asserted on its behalf; and
    (C) Consent to a motion by the CFPB to intervene in any action for 
the purpose of asserting and preserving any claims of confidentiality 
with respect to any confidential information.
    (2) Nothing in this section shall prevent a supervised financial 
institution, agency, any officer, director, employee or agent thereof, 
or any other person to whom the information is made available under 
this subpart from complying with a legally valid and enforceable order 
of a court of competent jurisdiction compelling production of the 
CFPB's confidential information, or, if compliance is deemed 
compulsory, with a request or demand from either House of the Congress 
or a duly authorized committee of the Congress. To the extent that 
compulsory disclosure of confidential information occurs as set forth 
in this paragraph, the producing party shall use its best efforts to 
ensure that the requestor secures an appropriate protective order or, 
if the requestor is a legislative body, use its best efforts to obtain 
the commitment or agreement of the legislative body that it will 
maintain the confidentiality of the confidential information.
    (c) Additional conditions and limitations. The CFPB may impose any 
additional conditions or limitations on disclosure or use under this 
subpart that it determines are necessary.
    (d) Return or destruction of records. The CFPB may require any 
person in possession of CFPB confidential information to return the 
records to the CFPB or destroy them.

[[Page 58337]]

    (e) Non-waiver of CFPB rights. The disclosure of confidential 
information to any person in accordance with this subpart does not 
constitute a waiver by the CFPB of its right to control, or impose 
limitations on, the subsequent use and dissemination of the 
information.
    (f) Non-waiver of privilege--(1) In general. The CFPB shall not be 
deemed to have waived any privilege applicable to any information by 
transferring that information to, or permitting that information to be 
used by, any Federal or State Agency.
    (2) Rule of Construction. Paragraph (f)(1) of this section shall 
not be construed as implying that any person waives any privilege 
applicable to any information because paragraph (f)(1) of this section 
does not apply to the transfer or use of that information.
    (g) Reports of unauthorized disclosure. Any person in possession of 
confidential information shall immediately notify the CFPB upon the 
discovery of any disclosures made in violation of this subpart.


Sec.  1070.48  Disclosure of confidential information by the Inspector 
General.

    (a) Nothing in this subpart shall limit the discretion of the 
Office of the Inspector General of the Board of Governors of the 
Federal Reserve System and the Consumer Financial Protection Bureau to 
disclose confidential information as needed in accordance with the 
Inspector General Act of 1978, 5 U.S.C. App. 3.

Subpart E--Privacy Act


Sec.  1070.50  Purpose and scope; definitions.

    (a) This subpart implements the provisions of the Privacy Act of 
1974, 5 U.S.C. 552a (the Privacy Act). The regulations apply to all 
records maintained by the CFPB and which are retrieved by an 
individual's name or personal identifier. The regulations set forth the 
procedures for requests for access to, or amendment of, records 
concerning individuals that are contained in systems of records 
maintained by the CFPB. These regulations should be read in conjunction 
with the Privacy Act, which provides additional information about this 
topic.
    (b) For purposes of this subpart, the following definitions apply:
    (1) The term Chief Privacy Officer means the Chief Information 
Officer of the CFPB or any CFPB employee to whom the Chief Information 
Officer has delegated authority to act under this part;
    (2) The term guardian means the parent of a minor, or the legal 
guardian of any individual who has been declared to be incompetent due 
to physical or mental incapacity or age by a court of competent 
jurisdiction;
    (3) Individual means a citizen of the United States or an alien 
lawfully admitted for permanent residence;
    (4) Maintain includes maintain, collect, use, or disseminate;
    (5) Record means any item, collection, or grouping of information 
about an individual that is maintained by an agency, including, but not 
limited to, his education, financial transactions, medical history, and 
criminal or employment history and that contains his name or the 
identifying number, symbol, or other identifying particular assigned to 
the individual, such as a finger or voiceprint or a photograph;
    (6) Routine use means the disclosure of a record that is compatible 
with the purpose for which it was collected;
    (7) System of records means a group of any records under the 
control of an agency from which information is retrieved by the name of 
the individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual; and
    (8) Statistical record means a record in a system of records 
maintained for statistical research or reporting purposes only and not 
used in whole or in part in making any determination about an 
identifiable individual, except as provided by 13 U.S.C. 8.


Sec.  1070.51  Authority and responsibilities of the Chief Privacy 
Officer.

    The Chief Privacy Officer is authorized to:
    (a) Develop, implement, and maintain an organization-wide privacy 
program;
    (b) Respond to requests for access to, accounting of, or amendment 
of records contained in a system of records maintained by the CFPB;
    (c) Approve the publication of new systems of records and amend 
existing systems of record; and
    (d) File any necessary reports related to the Privacy Act.


Sec.  1070.52  Fees.

    (a) Copies of records. The CFPB shall provide the requester with 
copies of records requested pursuant to Sec.  1070.53 at the same cost 
charged for duplication of records under Sec.  1070.22.
    (b) No fee. The CFPB will not charge a fee if:
    (1) Total charges associated with a request are less than $5, or
    (2) The requester is a CFPB employee or former employee, or an 
applicant for employment with the CFPB, and the request pertains to 
that employee, former employee, or applicant.


Sec.  1070.53  Request for access to records.

    (a) Procedures for making a request for access to records. An 
individual's requests for access to records that pertain to that 
individual (or to the individual for whom the requester serves as 
guardian) may be submitted to the CFPB in writing as follows:
    (1) If submitted by mail or delivery service, the request shall be 
labeled ``Privacy Act Request'' and shall be addressed to the Chief 
Privacy Officer, Consumer Financial Protection Bureau, 1700 G Street 
NW., Washington, DC 20552.
    (2) If submitted by electronic means, the request shall be labeled 
``Privacy Act Request'' and the request shall be submitted as set forth 
at the CFPB's Web site, http://www.consumerfinance.gov.
    (b) Content of a request for access to records. A request for 
access to records shall include:
    (1) A statement that the request is made pursuant to the Privacy 
Act;
    (2) The name of the system of records that the requester believes 
contains the record requested, or a description of the nature of the 
record sought in detail sufficient to enable CFPB personnel to locate 
the system of records containing the record with a reasonable amount of 
effort;
    (3) Whenever possible, a description of the nature of the record 
sought, the date of the record or the period in which the requester 
believes that the record was created, and any other information that 
might assist the CFPB in identifying the record sought (e.g., maiden 
name, dates of employment, account information, etc.).
    (4) Information necessary to verify the requester's identity 
pursuant to paragraph (c) of this section;
    (5) The mailing or email address where the CFPB's response or 
further correspondence should be sent.
    (c) Verification of identity. To obtain access to the CFPB's 
records pertaining to a requester, the requester shall provide proof to 
the CFPB of the requester's identity as provided below.
    (1) In general, the following will be considered adequate proof of 
a requester's identity:
    (i) A photocopy of two forms of identification, including one form 
of identification that bears the requester's photograph, and one form 
of identification that bears the requester's signature;
    (ii) A photocopy of a single form of identification that bears both 
the requester's photograph and signature; or
    (iii) A statement swearing or affirming the requester's identity 
and to the fact that the requester understands the

[[Page 58338]]

penalties provided in 5 U.S.C. 552a(i)(3).
    (2) Notwithstanding paragraph (c)(1) of this section, a designated 
official may require additional proof of the requester's identity 
before action will be taken on any request, if such official determines 
that it is necessary to protect against unauthorized disclosure of 
information in a particular case. In addition, if a requester seeks 
records pertaining to an individual in the requester's capacity as that 
individual's guardian, the requester shall be required to provide 
adequate proof of the requester's legal relationship before action will 
be taken on any request.
    (d) Request for accounting of previous disclosures. An individual 
may request an accounting of previous disclosures of records pertaining 
to that individual in a system of records as provided in 5 U.S.C. 
552a(c). Such requests should conform to the procedures and form for 
requests for access to records set forth in paragraphs (a) and (b) of 
this section.


Sec.  1070.54  CFPB procedures for responding to a request for access.

    (a) Acknowledgment and response. The CFPB will provide written 
acknowledgement of the receipt of a request within twenty (20) business 
days from the receipt of the request and will, where practicable, 
respond to each request within that twenty (20) day period. When a full 
response is not practicable within the twenty (20) day period, the CFPB 
will respond as promptly as possible.
    (b) Disclosure. (1) When the CFPB discloses information in response 
to a request, the CFPB will make the information available for 
inspection and copying during regular business hours as provided in 
Sec.  1070.13, or the CFPB will mail it or email it to the requester, 
if feasible, upon request.
    (2) The requester may bring with him or her anyone whom the 
requester chooses to see the requested material. All visitors to the 
CFPB's buildings must comply with the applicable security procedures.
    (c) Denial of a request. If the CFPB denies a request made pursuant 
to Sec.  1070.53, it will inform the requester in writing of the 
reason(s) for denial and the procedures for appealing the denial.


Sec.  1070.55  Special procedures for medical records.

    If an individual requests medical or psychological records pursuant 
to Sec.  1070.53, the CFPB will disclose them directly to the requester 
unless the CFPB determines that such disclosure could have an adverse 
effect on the requester. If the CFPB makes that determination, the CFPB 
shall provide the information to a licensed physician or other 
appropriate representative that the requester designates, who shall 
disclose those records to the requester in a manner he or she deems 
appropriate.


Sec.  1070.56  Request for amendment of records.

    (a) Procedures for making request. (1) If an individual wishes to 
amend a record that pertains to that individual in a system of records, 
that individual may submit a request in writing to the Chief Privacy 
Officer, as set forth in Sec.  1070.53(a). The request shall be labeled 
``Privacy Act Amendment Request.''
    (2) A request for amendment of a record must:
    (i) Identify the name of the system of records that the requester 
believes contains the record for which the amendment is requested, or a 
description of the nature of the record in detail sufficient to enable 
CFPB personnel to locate the system of records containing the record 
with a reasonable amount of effort;
    (ii) Specify the portion of that record requested to be amended; 
and
    (iii) Describe the nature and reasons for each requested amendment.
    (3) When making a request for amendment of a record, the CFPB will 
require a requester to verify his or her identity under the procedures 
set forth in Sec.  1070.53(c), unless the requester has already done so 
in a related request for access or amendment.
    (b) Burden of proof. In a request for amendment of a record, the 
requester bears the burden of proving by a preponderance of the 
evidence that the record is not accurate, relevant, timely, or 
complete.


Sec.  1070.57  CFPB review of a request for amendment of records.

    (a) Time limits. The CFPB will acknowledge a request for amendment 
of records within ten (10) business days after it receives the request. 
In the acknowledgment, the CFPB may request additional information 
necessary for a determination on the request for amendment. The CFPB 
will make a determination on a request to amend a record promptly.
    (b) Contents of response to a request for amendment. When the CFPB 
responds to a request for amendment, the CFPB will inform the requester 
in writing whether the request is granted or denied, in whole or in 
part. If the CFPB grants the request, it will take the necessary steps 
to amend the record and, when appropriate and possible, notify prior 
recipients of the record of its action. If the CFPB denies the request, 
in whole or in part, it will inform the requester in writing:
    (1) Why the request (or portion of the request) was denied;
    (2) That the requester has a right to appeal; and
    (3) How to file an appeal.


Sec.  1070.58  Appeal of adverse determination of request for access or 
amendment.

    (a) Appeal. A requester may appeal a denial of a request made 
pursuant to Sec.  1070.53 or Sec.  1070.56 within ten (10) business 
days after the CFPB notifies the requester that it has denied the 
request.
    (b) Content of appeal. A requester may submit an appeal in writing 
as set forth in Sec.  1070.53(a). The appeal shall be addressed to the 
General Counsel and labeled ``Privacy Act Appeal.'' The appeal must 
also:
    (1) Specify the background of the request; and
    (2) Provide reasons why the requester believes the denial is in 
error.
    (c) Determination. The General Counsel will make a determination as 
to whether to grant or deny an appeal within thirty (30) business days 
from the date it is received, unless the General Counsel extends the 
time for good cause.
    (1) If the General Counsel grants an appeal regarding a request for 
amendment, he or she will take the necessary steps to amend the record 
and, when appropriate and possible, notify prior recipients of the 
record of its action.
    (2) If the General Counsel denies an appeal, he or she will inform 
the requester of such determination in writing, including the reasons 
for the denial, and the requester's right to file a statement of 
disagreement and to have a court review its decision.
    (d) Statement of disagreement. (1) If the General Counsel denies an 
appeal regarding a request for amendment, a requester may file a 
concise statement of disagreement with the denial. The CFPB will 
maintain the requester's statement with the record that the requester 
sought to amend and any disclosure of the record will include a copy of 
the requester's statement of disagreement.
    (2) When practicable and appropriate, the CFPB will provide a copy 
of the statement of disagreement to any prior recipients of the record.


Sec.  1070.59  Restrictions on disclosure.

    The CFPB will not disclose any record about an individual contained 
in a system of records to any person or agency without the prior 
written consent of that individual unless the

[[Page 58339]]

disclosure is authorized by 5 U.S.C. 552a(b). Disclosures authorized by 
5 U.S.C. 552a(b) include disclosures that are compatible with one or 
more routine uses that are contained within the CFPB's Systems of 
Records Notices, which are available on the CFPB's Web site, at http://www.consumerfinance.gov.


Sec.  1070.60  Exempt records.

    (a) Exempt systems of records. Pursuant to 5 U.S.C. 552a(k)(2), the 
CFPB exempts the systems of records listed below from 5 U.S.C. 
552a(c)(3), (d), (e)(1), (e)(4)(G)-(H), and (f), and Sec. Sec.  1070.53 
through 1070.59, to the extent that such systems of records contain 
investigatory materials compiled for law enforcement purposes, 
provided, however, that if any individual is denied any right, 
privilege, or benefit to which he or she would otherwise be entitled 
under Federal law, or for which he or she would otherwise be eligible 
as a result of the maintenance of such material, such material shall be 
disclosed to such individual, except to the extent that the disclosure 
of such material would reveal the identity of a source who furnished 
information to the CFPB under an express promise that the identity of 
the source would be held in confidence:
    (1) CFPB.002 Depository Institution Supervision Database.
    (2) CFPB.003 Non-Depository Institution Supervision Database.
    (3) CFPB.004 Enforcement Database.
    (4) CFPB.005 Consumer Response System.
    (b) Information compiled for civil actions or proceedings. This 
subpart does not permit an individual to have access to any information 
compiled in reasonable anticipation of a civil action or proceeding.


Sec.  1070.61  Training; rules of conduct; penalties for non-
compliance.

    (a) Training. The Chief Privacy Officer shall institute a training 
program to instruct CFPB employees and contractor personnel covered by 
5 U.S.C. 552a(m), who are involved in the design, development, 
operation, or maintenance of any CFPB system of records, on a 
continuing basis with respect to the duties and responsibilities 
imposed on them and the rights conferred on individuals by the Privacy 
Act, the regulations in this subpart, and any other related 
regulations. Such training shall provide suitable emphasis on the civil 
and criminal penalties imposed on the CFPB and the individual employees 
by the Privacy Act for non-compliance with specified requirements of 
the Act as implemented by the regulations in this subpart.
    (b) Rules of conduct. The following rules of conduct are applicable 
to employees of the CFPB (including, to the extent required by the 
contract or 5 U.S.C. 552a(m), Government contractors and employees of 
such contractors), who are involved in the design, development, 
operation or maintenance of any system of records, or in maintain any 
records, for or on behalf of the CFPB.
    (1) The head of each office of the CFPB shall be responsible for 
assuring that employees subject to such official's supervision are 
advised of the provisions of the Privacy Act, including the criminal 
penalties and civil liabilities provided therein, and the regulations 
in this subpart, and that such employees are made aware of their 
individual and collective responsibilities to protect the security of 
personal information, to assure its accuracy, relevance, timeliness and 
completeness, to avoid unauthorized disclosure either orally or in 
writing, and to ensure that no system of records is maintained without 
public notice.
    (2) Employees of the CFPB involved in the design, development, 
operation, or maintenance of any system of records, or in maintaining 
any record shall:
    (i) Collect no information of a personal nature from individuals 
unless authorized to collect it to achieve a function or carry out a 
responsibility of the CFPB;
    (ii) Collect information, to the extent practicable, directly from 
the individual to whom it relates;
    (iii) Inform each individual asked to supply information, on the 
form used to collect the information or on a separate form that can be 
retained by the individual of--
    (A) The authority (whether granted by statute, or by executive 
order of the President) which authorizes the solicitation of the 
information and whether disclosure of such information is mandatory or 
voluntary;
    (B) The principal purpose or purposes for which the information is 
intended to be used;
    (C) The routine uses which may be made of the information, as 
published pursuant to 5 U.S.C. 552a(e)(4)(D); and
    (D) The effects on the individual, if any, of not providing all or 
any part of the requested information.
    (iv) Not collect, maintain, use or disseminate information 
concerning an individual's religious or political beliefs or activities 
or membership in associations or organizations, unless expressly 
authorized by statute or by the individual about whom the record is 
maintained or unless pertinent to and within the scope of an authorized 
law enforcement activity;
    (v) Advise their supervisors of the existence or contemplated 
development of any record system which is capable of retrieving 
information about individuals by individual identifier;
    (vi) Assure that no records maintained in a CFPB system of records 
are disseminated without the permission of the individual about whom 
the record pertains, except when authorized by 5 U.S.C. 552a(b);
    (vii) Maintain and process information concerning individuals with 
care in order to ensure that no inadvertent disclosure of the 
information is made either within or without the CFPB;
    (viii) Prior to disseminating any record about an individual to any 
person other than an agency, unless the dissemination is made pursuant 
to 5 U.S.C. 552a(b)(2) of this section, make reasonable efforts to 
assure that such records are accurate, complete, timely, and relevant 
for agency purposes; and
    (ix) Assure that an accounting is kept in the prescribed form, of 
all dissemination of personal information outside the CFPB, whether 
made orally or in writing, unless disclosed under 5 U.S.C. 552 or 
subpart B of this part.
    (3) The head of each office of the CFPB shall, at least annually, 
review the record systems subject to their supervision to ensure 
compliance with the provisions of the Privacy Act of 1974 and the 
regulations in this subpart.


Sec.  1070.62  Preservation of records.

    The CFPB will preserve all correspondence pertaining to the 
requests that it receives under this part, as well as copies of all 
requested records, until disposition or destruction is authorized by 
title 44 of the United States Code or the National Archives and Records 
Administration's General Records Schedule 14. Records will not be 
disposed of or destroyed while they are the subject of a pending 
request, appeal, proceeding, or lawsuit.


Sec.  1070.63  Use and collection of Social Security numbers.

    The CFPB will ensure that employees authorized to collect 
information are aware:
    (a) That individuals may not be denied any right, benefit, or 
privilege as a result of refusing to provide their Social Security 
numbers, unless the collection is authorized either by a statute or by 
a regulation issued prior to 1975; and

[[Page 58340]]

    (b) That individuals requested to provide their Social Security 
numbers must be informed of:
    (1) Whether providing Social Security numbers is mandatory or 
voluntary;
    (2) Any statutory or regulatory authority that authorizes the 
collection of Social Security numbers; and
    (3) The uses that will be made of the numbers.

PART 1091--PROCEDURAL RULE TO ESTABLISH SUPERVISORY AUTHORITY OVER 
CERTAIN NONBANK COVERED PERSONS BASED ON RISK DETERMINATION

0
2. The authority citation for part 1091 continues to read as follows:

    Authority:  12 U.S.C. 5512(b)(1), 5514(a)(1)(C), 5514(b)(7).

Subpart B--Determination and Voluntary Consent Procedures

0
3. Section 1091.103 is amended by revising paragraph (a)(2)(vii) to 
read as follows:


Sec.  1091.103  Contents of notice.

* * * * *
    (a) * * *
    (2) * * *
    (vii) In connection with a proceeding under this part, including a 
petition for termination under Sec.  1091.113, all documents, records 
or other items submitted by a respondent to the Bureau, all documents 
prepared by, or on behalf of, or for the use of the Bureau, and any 
communications between the Bureau and a person, shall be deemed 
confidential supervisory information under 12 CFR 1070.2(j).
* * * * *

Subpart D--Time Limits and Deadlines

0
4. Section 1091.115 is amended by revising paragraph (c) to read as 
follows:


Sec.  1091.115  Change of time limits and confidentiality of 
proceedings.

* * * * *
    (c) In connection with a proceeding under this part, including a 
petition for termination under Sec.  1091.113, all documents, records 
or other items submitted by a respondent to the Bureau, all documents 
prepared by, or on behalf of, or for the use of the Bureau, and any 
communications between the Bureau and a person, shall be deemed 
confidential supervisory information under 12 CFR 1070.2(j).

    Dated: July 13, 2016.
Richard Cordray,
Director, Bureau of Consumer Financial Protection.
[FR Doc. 2016-19594 Filed 8-23-16; 8:45 am]
 BILLING CODE 4810-AM-P