[Federal Register Volume 83, Number 15 (Tuesday, January 23, 2018)]
[Notices]
[Page 3141]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-01113]



[[Page 3141]]

-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM


Agency Information Collection Activities: Announcement of Board 
Approval Under Delegated Authority and Submission to OMB

AGENCY: Board of Governors of the Federal Reserve System.

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
is adopting a proposal to extend for three years, without revision, the 
Reporting, Recordkeeping, and Disclosure Requirements Associated with 
the Guidance on Response Programs for Unauthorized Access to Customer 
Information (FR 4100; OMB No. 7100-0309).

FOR FURTHER INFORMATION CONTACT: Federal Reserve Board Clearance 
Officer--Nuha Elmaghrabi--Office of the Chief Data Officer, Board of 
Governors of the Federal Reserve System, Washington, DC 20551 (202) 
452-3829. Telecommunications Device for the Deaf (TDD) users may 
contact (202) 263-4869, Board of Governors of the Federal Reserve 
System, Washington, DC 20551.
    OMB Desk Officer--Shagufta Ahmed--Office of Information and 
Regulatory Affairs, Office of Management and Budget, New Executive 
Office Building, Room 10235, 725 17th Street NW, Washington, DC 20503 
or by fax to (202) 395-6974.

SUPPLEMENTARY INFORMATION: On June 15, 1984, the Office of Management 
and Budget (OMB) delegated to the Board authority under the Paperwork 
Reduction Act (PRA) to approve of and assign OMB control numbers to 
collection of information requests and requirements conducted or 
sponsored by the Board. Board-approved collections of information are 
incorporated into the official OMB inventory of currently approved 
collections of information. Copies of the Paperwork Reduction Act 
Submission, supporting statements and approved collection of 
information instrument(s) are placed into OMB's public docket files. 
The Federal Reserve may not conduct or sponsor, and the respondent is 
not required to respond to, an information collection that has been 
extended, revised, or implemented on or after October 1, 1995, unless 
it displays a currently valid OMB control number.

Final Approval Under OMB Delegated Authority of the Extension for Three 
Years, Without Revision, of the Following Report:

    Report title: Reporting, Recordkeeping, and Disclosure Requirements 
Associated with the Guidance on Response Programs for Unauthorized 
Access to Customer Information.
    Agency form number: FR 4100.
    OMB control number: 7100-0309.
    Frequency: On occasion.
    Respondents: State member banks (SMBs), bank holding companies 
(BHCs), affiliates and certain non-bank subsidiaries of bank holding 
companies, uninsured state agencies and branches of foreign banks, 
commercial lending companies owned or controlled by foreign banks, and 
Edge and agreement corporations.
    Estimated number of respondents: Develop response program: 1; 
Incident notification: 412.
    Estimated average hours per response: Develop response program: 24; 
Incident notification: 36.
    Estimated annual burden hours: Develop response program: 24; 
Incident notification: 14,832.
    General description of report: The ID-Theft Guidance is the 
information collection associated with the Interagency Guidance on 
Response Programs for Unauthorized Access to Customer Information and 
Customer Notice (security guidelines), which was published in the 
Federal Register in March 2005.\1\ Trends in customer information theft 
and the accompanying misuse of that information led to the issuance of 
these security guidelines applicable to financial institutions. The 
security guidelines are designed to facilitate timely and relevant 
notification to affected customers and the appropriate regulatory 
authority (ARA) of the financial institutions. The security guidelines 
provide specific direction regarding the development of response 
programs and customer notifications.
---------------------------------------------------------------------------

    \1\ See 70 FR 15736
---------------------------------------------------------------------------

    Legal authorization and confidentiality: The Board has determined 
that the reporting, recordkeeping, and disclosure requirements 
associated with the FR 4100 are authorized by the Gramm-Leach-Bliley 
Act and are mandatory (15 U.S.C. 6801(b)). Since the FR 4100 provides 
that a financial institution regulated by the Board should notify its 
designated Reserve Bank upon becoming aware of an incident of 
unauthorized access to sensitive customer information, issues of 
confidentiality may arise if the Board were to obtain a copy of a 
customer notice during the course of an examination, a copy of a 
Suspicious Activity Report (SAR), or other sensitive customer 
information. In such cases, the information would likely be exempt from 
disclosure to the public under the Freedom of Information Act (5 U.S.C 
552(b)(3), (4), (6), and (8)). Also, a federal employee is prohibited 
by law from disclosing a SAR or the existence of a SAR (31 U.S.C. 
5318(g)).
    Current actions: On September 12, 2017, the Federal Reserve 
published a notice in the Federal Register (82 FR 42814) requesting 
public comment for 60 days on the extension, without revision, of the 
Reporting, Recordkeeping, and Disclosure Requirements Associated with 
the Guidance on Response Programs for Unauthorized Access to Customer 
Information. The comment period for this notice expired on November 13, 
2017. The Federal Reserve did not receive any comments.

    Board of Governors of the Federal Reserve System, January 17, 
2018.
Ann E. Misback,
Secretary of the Board.
[FR Doc. 2018-01113 Filed 1-22-18; 8:45 am]
 BILLING CODE 6210-01-P