[Federal Register Volume 82, Number 175 (Tuesday, September 12, 2017)]
[Notices]
[Pages 42814-42815]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-19217]



[[Page 42814]]

=======================================================================
-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM


Proposed Agency Information Collection Activities; Comment 
Request

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Notice, request for comment.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
invites comment on a proposal to extend for three years, without 
revision, the mandatory Reporting, Recordkeeping, and Disclosure 
Requirements Associated with the Guidance on Response Programs for 
Unauthorized Access to Customer Information (FR 4100; OMB No. 7100-
0309).
    On June 15, 1984, the Office of Management and Budget (OMB) 
delegated to the Board authority under the Paperwork Reduction Act 
(PRA) to approve of and assign OMB control numbers to collection of 
information requests and requirements conducted or sponsored by the 
Board. In exercising this delegated authority, the Board is directed to 
take every reasonable step to solicit comment. In determining whether 
to approve a collection of information, the Board will consider all 
comments received from the public and other agencies.

DATES: Comments must be submitted on or before November 13, 2017.

ADDRESSES: You may submit comments, identified by FR 4100, by any of 
the following methods:
     Agency Web site: http://www.federalreserve.gov. Follow the 
instructions for submitting comments at http://www.federalreserve.gov/apps/foia/proposedregs.aspx.
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Email: [email protected]. Include OMB 
number in the subject line of the message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Ann E. Misback, Secretary, Board of Governors of the 
Federal Reserve System, 20th Street and Constitution Avenue NW., 
Washington, DC 20551.
    All public comments are available from the Board's Web site at 
http://www.federalreserve.gov/apps/foia/proposedregs.aspx as submitted, 
unless modified for technical reasons. Accordingly, your comments will 
not be edited to remove any identifying or contact information. Public 
comments may also be viewed electronically or in paper form in Room 
3515, 1801 K Street (between 18th and 19th Streets NW.) Washington, DC 
20006 between 9:00 a.m. and 5:00 p.m. on weekdays.
    Additionally, commenters may send a copy of their comments to the 
OMB Desk Officer--Shagufta Ahmed--Office of Information and Regulatory 
Affairs, Office of Management and Budget, New Executive Office 
Building, Room 10235, 725 17th Street NW., Washington, DC 20503 or by 
fax to (202) 395-6974.

FOR FURTHER INFORMATION CONTACT: A copy of the PRA OMB submission, 
including the proposed reporting form and instructions, supporting 
statement, and other documentation will be placed into OMB's public 
docket files, once approved. These documents will also be made 
available on the Federal Reserve Board's public Web site at: http://www.federalreserve.gov/apps/reportforms/review.aspx or may be requested 
from the agency clearance officer, whose name appears below.
    Federal Reserve Board Clearance Officer--Nuha Elmaghrabi--Office of 
the Chief Data Officer, Board of Governors of the Federal Reserve 
System, Washington, DC 20551 (202) 452-3829. Telecommunications Device 
for the Deaf (TDD) users may contact (202) 263-4869, Board of Governors 
of the Federal Reserve System, Washington, DC 20551.

SUPPLEMENTARY INFORMATION: 

Request for Comment on Information Collection Proposal

    The Board invites public comment on the following information 
collection, which is being reviewed under authority delegated by the 
OMB under the PRA. Comments are invited on the following:
    a. Whether the proposed collection of information is necessary for 
the proper performance of the Federal Reserve's functions; including 
whether the information has practical utility;
    b. The accuracy of the Federal Reserve's estimate of the burden of 
the proposed information collection, including the validity of the 
methodology and assumptions used;
    c. Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    d. Ways to minimize the burden of information collection on 
respondents, including through the use of automated collection 
techniques or other forms of information technology; and
    e. Estimates of capital or startup costs and costs of operation, 
maintenance, and purchase of services to provide information.
    At the end of the comment period, the comments and recommendations 
received will be analyzed to determine the extent to which the Federal 
Reserve should modify the proposal prior to giving final approval.
    Proposal to approve under OMB delegated authority the extension for 
three years, without revision, of the following report:
    Report title: Reporting, Recordkeeping, and Disclosure Requirements 
Associated with the Guidance on Response Programs for Unauthorized 
Access to Customer Information.
    Agency form number: FR 4100.
    OMB control number: 7100-0309.
    Frequency: On occasion.
    Respondents: State member banks, bank holding companies, affiliates 
and certain non-bank subsidiaries of bank holding companies, uninsured 
state agencies and branches of foreign banks, commercial lending 
companies owned or controlled by foreign banks, and Edge and agreement 
corporations.
    Estimated number of respondents: Develop response program: 1; 
Incident notification: 412.
    Estimated average hours per response: Develop response program: 24; 
Incident notification: 36.
    Estimated annual burden hours: Develop response program: 24; 
Incident notification: 14,832.
    General description of report: The ID-Theft Guidance is the 
information collection associated with the Interagency Guidance on 
Response Programs for Unauthorized Access to Customer Information and 
Customer Notice (security guidelines), which was published in the 
Federal Register in March 2005.\1\ Trends in customer information theft 
and the accompanying misuse of that information led to the issuance of 
these security guidelines applicable to financial institutions. The 
security guidelines are designed to facilitate timely and relevant 
notification to affected customers and the appropriate regulatory 
authority of the financial institutions. The security guidelines 
provide specific direction regarding the development of response 
programs and customer notifications.
---------------------------------------------------------------------------

    \1\ See 70 FR 15736.
---------------------------------------------------------------------------

    Legal authorization and confidentiality: The Board has determined 
that the reporting, recordkeeping, and disclosure requirements 
associated with the FR 4100 are authorized by the Gramm-Leach-Bliley 
Act and are mandatory (15 U.S.C. 6801(b)). Since the FR 4100 provides 
that a financial institution regulated by the Board should notify its 
designated Reserve Bank upon becoming aware of an incident of

[[Page 42815]]

unauthorized access to sensitive customer information, issues of 
confidentiality may arise if the Board were to obtain a copy of a 
customer notice during the course of an examination, a copy of a SAR, 
or other sensitive customer information. In such cases, the information 
would likely be exempt from disclosure to the public under the Freedom 
of Information Act (5 U.S.C. 552(b)(3), (4), (6), and (8)). Also, a 
federal employee is prohibited by law from disclosing a SAR or the 
---------------------------------------------------------------------------
existence of a SAR (31 U.S.C. 5318(g)).

    Board of Governors of the Federal Reserve System, September 6, 
2017.
Ann E. Misback,
Secretary of the Board.
[FR Doc. 2017-19217 Filed 9-11-17; 8:45 am]
 BILLING CODE 6210-01-P