[Federal Register Volume 84, Number 103 (Wednesday, May 29, 2019)]
[Rules and Regulations]
[Pages 24707-24709]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-11013]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 275

[Docket ID: DOD-2018-OS-0026]
RIN 0790-AK01


Right to Financial Privacy Act

AGENCY: Department of Defense.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This rule describes the procedures the Department of Defense 
(DoD) will follow when seeking access to customer records maintained by 
financial institutions. These updates fulfill DoD's responsibilities 
under the Right to Financial Privacy Act.

DATES: This final rule is effective on June 28, 2019.

FOR FURTHER INFORMATION CONTACT: Cindy Allard, (703) 571-0086.

SUPPLEMENTARY INFORMATION:

Background

    DoD's current rule was last updated on May 4, 2006 (71 FR 26221). 
DoD's

[[Page 24708]]

revisions modified the regulatory text to only include content relating 
to those instances when the Department submits ``formal written 
requests'' to financial institutions for customer records, as described 
by 12 U.S.C. 3408. On October 29, 2018 the Department of Defense 
published the proposed rule in the Federal Register at (83 FR 54297-
54300). Four commenters provided responses addressing issues within the 
scope of this rule. The comments are available through the eRulemaking 
docket, available online at www.regulations.gov, and then navigating to 
this rulemaking docket, DOD-2018-OS-0026.

Discussion of Comments

    All four commenters expressed agreement with the rule. Commenters 
affirmed the need to protect financial privacy. Based on the comments, 
DoD is adopting the proposed changes in the final rule without 
revision. This rule will apply DoD-wide to provide consistent 
implementation across all components. Upon publication, one component-
level rule at 32 CFR part 504 will be rescinded.

Expected Costs and Benefits

    The primary benefit to a DoD-wide rule is consistent implementation 
across the DoD's responsibilities under the Act. The Act requires DoD 
to reimburse a financial institution for such costs as are reasonably 
necessary and which have been directly incurred based on the rates of 
reimbursement established by the Federal Reserve Board in 12 CFR 219.3. 
The average cost of reimbursement from DoD to financial institutions 
over the past five years is $4,328 per year and the Department does not 
anticipate an increase with the finalization of this rule. DoD has not 
paid any civil penalties associated with this rule as discussed in the 
Civil Liability section of the rule.

Regulatory Procedures

Executive Order 12866, ``Regulatory Planning and Review'' and Executive 
Order 13563, ``Improving Regulation and Regulatory Review''

    Executive Orders 12866 and 13563 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distribute impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. This rule has not been designated a ``significant 
regulatory action,'' under section 3(f) of Executive Order 12866 and 
was not reviewed by the Office of Management and Budget (OMB).

Executive Order 13771, ``Reducing Regulation and Controlling Regulatory 
Costs''

    This final rule is not subject to the requirements of E.O. 13771 
(82 CFR 9339, February 3, 2017) because this final rule is not 
significant under E.O. 12866.

Public Law 104-4, ``Unfunded Mandates Reform Act'' (2 U.S.C. Ch. 25)

    This final rule is not subject to the Unfunded Mandates Reform Act 
because it does not contain a federal mandate that may result in the 
expenditure by state, local, and tribal governments, in the aggregate, 
or by the private sector, of $100M or more in any one year.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Ch. 6)

    It has been certified that 32 CFR part 275 is not subject to the 
Regulatory Flexibility Act (5 U.S.C. 601) because it does not have a 
significant economic impact on a substantial number of small entities.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Ch. 35)

    It has been certified that 32 CFR part 275 does not impose 
reporting or recordkeeping requirements under the Paperwork Reduction 
Act of 1995.

Executive Order 13132, ``Federalism''

    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct requirement costs on state 
and local governments, preempts state law, or otherwise has federalism 
implications. This final rule will not have a substantial effect on 
state and local governments, or otherwise have federalism implications.

List of Subjects in 32 CFR Part 275

    Banks, Banking, Credit, Privacy.


0
Accordingly, 32 CFR part 275 is revised to read as follows:

PART 275--RIGHT TO FINANCIAL PRIVACY ACT

Sec.
275.1 Purpose.
275.2 Definitions.
275.3 Authorization.
275.4 Formal written request.
275.5 Certification.
275.6 Cost reimbursement.

    Authority: 12 U.S.C. 3401, et seq.


Sec.  275.1  Purpose.

    The purpose of this part is to authorize DoD Components to request 
financial records from a financial institution pursuant to the formal 
written request procedure authorized by section 1108 of the Act and to 
set forth the conditions under which such requests may be made.


Sec.  275.2  Definitions.

    The terms used in this part have the same meaning as similar terms 
used in the Right to Financial Privacy Act of 1978, Title XI of Public 
Law 95-630.
    Act means the Right to Financial Privacy Act of 1978.
    DoD Components means the law enforcement activities of the Office 
of the Secretary of Defense, the Military Departments, the Office of 
the Chairman of the Joint Chiefs of Staff, the Joint Staff, the 
Combatant Commands, the Office of the Inspector General of the 
Department of Defense, the Defense Agencies, the DoD Field Activities, 
and all other organizational entities in the Department of Defense 
(hereafter referred to as the ``DoD Components'').


Sec.  275.3  Authorization.

    The DoD Components are authorized to request financial records of 
any customer from a financial institution pursuant to a formal written 
request under the Act only if:
    (a) No administrative summons or subpoena authority reasonably 
appears to be available to the DoD Component to obtain financial 
records for the purpose for which the records are sought;
    (b) There is reason to believe that the records sought are relevant 
to a legitimate law enforcement inquiry and will further that inquiry;
    (c) The request is issued by a supervisory official of a grade 
designated by the head of the DoD Component. Officials so designated 
shall not delegate this authority to others;
    (d) The request adheres to the requirements set forth in Sec.  
275.4; and
    (e) The notice requirements required by section 1108(4) of the Act, 
or the requirements pertaining to the delay of notice in section 1109 
of the Act, and described in paragraphs (e)(1) through (5) of this 
section are satisfied, except in situations (e.g., section 1113(g)) 
where no notice is required.
    (1) The notice requirements are satisfied when a copy of the 
request has

[[Page 24709]]

been served on the customer or mailed to the customer's last known 
address on or before the date on which the request was made to the 
financial institution together with the following notice which shall 
state with reasonable specificity the nature of the law enforcement 
inquiry: ``Records or information concerning your transactions held by 
the financial institution named in the attached request are being 
sought by the Department of Defense [or the specific DoD Component] in 
accordance with the Right to Financial Privacy Act of 1978 for the 
following purpose:''
    (2)(i) Within ten days of service or within fourteen days of 
mailing of a subpoena, summons, or formal written request, a customer 
may file a motion to quash an administrative summons or judicial 
subpoena, or an application to enjoin a Government authority from 
obtaining financial records pursuant to a formal written request, with 
copies served upon the Government authority. A motion to quash a 
judicial subpoena shall be filed in the court that issued the subpoena. 
A motion to quash an administrative summons or an application to enjoin 
a Government authority from obtaining records pursuant to a formal 
written request shall be filed in the appropriate United States 
District Court. Such motion or application shall contain an affidavit 
or sworn statement stating:
    (A) That the applicant is a customer of the financial institution 
from which financial records pertaining to said customer have been 
sought; and
    (B) The applicant's reasons for believing that the financial 
records sought are not relevant to the legitimate law enforcement 
inquiry stated by the Government authority in its notice, or that there 
has not been substantial compliance within the provisions of the Act.
    (ii) Service shall be made upon a Government authority by 
delivering or mailing by registered or certified mail a copy of the 
papers to the person, office, or department specified in the notice 
which the customer has received a request.
    (3) If a customer desires that such records or information not be 
made available, the customer must:
    (i) Fill out the accompanying motion paper and sworn statement or 
write one of the customer's own, stating that he or she is the customer 
whose records are being requested by the Government and either giving 
the reasons the customer believes that the records are not relevant to 
the legitimate law enforcement inquiry stated in this notice or any 
other legal basis for objecting to the release of the records.
    (ii) File the motion and statement by mailing or delivering them to 
the clerk at an appropriate United States District Court.
    (iii) Serve the Government authority requesting the records by 
mailing or delivering a copy of the motion and statement to the 
Government authority.
    (iv) Be prepared to go to court and present the customer's position 
in further detail.
    (v) The customer does not need to have a lawyer, although he or she 
may wish to employ a lawyer to represent the customer and protect the 
customer's rights.
    (4) If the customer does not follow the procedures in paragraphs 
(e)(2) and (3) of this section, upon the expiration of ten days from 
the date of service or fourteen days from the date of mailing of the 
notice, the records or information requested therein may be made 
available. The records may be transferred to other Government 
authorities for legitimate law enforcement inquiries, in which event 
the customer will be notified after the transfer.
    (5) Also, the records or information requested therein may be made 
available if ten days have expired from the date of service or fourteen 
days from the date of mailing of the notice and within such time period 
the customer has not filed a sworn statement and an application to 
enjoin the Government authority in an appropriate court, or the 
customer challenge provisions.


Sec.  275.4  Formal written request.

    (a) The formal written request must be in the form of a letter or 
memorandum to an appropriate official of the financial institution from 
which financial records are requested. The request shall be signed by 
the issuing official, and shall set forth that official's name, title, 
business address, and business phone number. The request shall also 
contain the following:
    (1) The identity of the customer or customers to whom the records 
pertain;
    (2) A reasonable description of the records sought; and
    (3) Such additional information which may be appropriate--e.g., the 
date when the opportunity for the customer to challenge the formal 
written request expires, the date on which the DoD Component expects to 
present a certificate of compliance with the applicable provisions of 
the Act, the name and title of the individual (if known) to whom 
disclosure is to be made.
    (b) In cases where customer notice is delayed by court order, a 
copy of the court order must be attached to the formal written request.


Sec.  275.5  Certification.

    Before obtaining the requested records pursuant to a formal written 
request described in Sec.  275.4, an official of a rank designated by 
the head of the requesting DoD Component shall certify in writing to 
the financial institution that the DoD Component has complied with the 
applicable provisions of the Act.


Sec.  275.6  Cost reimbursement.

    Cost reimbursement to financial institutions for providing 
financial records will be made consistent with 12 CFR part 219, subpart 
A.

    Dated: May 22, 2019.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2019-11013 Filed 5-28-19; 8:45 am]
BILLING CODE 5001-06-P