[Federal Register Volume 85, Number 199 (Wednesday, October 14, 2020)]
[Notices]
[Pages 65046-65047]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-22683]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM


Proposed Agency Information Collection Activities; Comment 
Request

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Notice, request for comment.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
invites comment on a proposal to extend for three years, without 
revision, the Reporting, Recordkeeping, and Disclosure Provisions 
Associated with the Guidance on Response Programs for Unauthorized 
Access to Customer Information and Customer Notice (FR 4100; OMB No. 
7100-0309).

DATES: Comments must be submitted on or before December 14, 2020.

ADDRESSES: You may submit comments, identified by FR 4100, by any of 
the following methods:
     Agency Website: https://www.federalreserve.gov/. Follow 
the instructions for submitting comments at https://www.federalreserve.gov/apps/foia/proposedregs.aspx.
     Email: [email protected]. Include the OMB 
number in the subject line of the message.
     FAX: (202) 452-3819 or (202) 452-3102.
     Mail: Ann E. Misback, Secretary, Board of Governors of the 
Federal Reserve System, 20th Street and Constitution Avenue NW, 
Washington, DC 20551.
    All public comments are available from the Board's website at 
https://www.federalreserve.gov/apps/foia/proposedregs.aspx as 
submitted, unless modified for technical reasons or to remove 
personally identifiable information at the commenter's request. 
Accordingly, comments will not be edited to remove any identifying or 
contact information. Public comments may also be viewed electronically 
or in paper in Room 146, 1709 New York Avenue NW, Washington, DC 20006, 
between 9:00 a.m. and 5:00 p.m. on weekdays. For security reasons, the 
Board requires that visitors make an appointment to inspect comments. 
You may do so by calling (202) 452-3684. Upon arrival, visitors will be 
required to present valid government-issued photo identification and to 
submit to security screening in order to inspect and photocopy 
comments.
    Additionally, commenters may send a copy of their comments to the 
Office of Management and Budget (OMB) Desk Officer--Shagufta Ahmed--
Office of Information and Regulatory Affairs, Office of Management and 
Budget, New Executive Office Building, Room 10235, 725 17th Street NW, 
Washington, DC 20503, or by fax to (202) 395-6974.

FOR FURTHER INFORMATION CONTACT: Federal Reserve Board Clearance 
Officer--Nuha Elmaghrabi--Office of the Chief Data Officer, Board of 
Governors of the Federal Reserve System, Washington, DC 20551, (202) 
452-3829.

SUPPLEMENTARY INFORMATION: On June 15, 1984, OMB delegated to the Board 
authority under the PRA to approve and assign OMB control numbers to 
collections of information conducted or sponsored by the Board. In 
exercising this delegated authority, the Board is directed to take 
every reasonable step to solicit comment. In determining whether to 
approve a collection of information, the Board will consider all 
comments received from the public and other agencies.
    A copy of the Paperwork Reduction Act (PRA) OMB submission, 
including the reporting form and instructions, supporting statement, 
and other documentation will be available at https://www.reginfo.gov/public/do/PRAMain, if approved. These documents will also be made 
available on the Board's public website at https://www.federalreserve.gov/apps/reportforms/review.aspx or may be requested 
from the agency clearance officer, whose name appears above.

Request for Comment on Information Collection Proposal

    The Board invites public comment on the following information 
collection, which is being reviewed under authority delegated by the 
OMB under the PRA. Comments are invited on the following:
    a. Whether the proposed collection of information is necessary for 
the proper performance of the Board's functions, including whether the 
information has practical utility;
    b. The accuracy of the Board's estimate of the burden of the 
proposed information collection, including the validity of the 
methodology and assumptions used;
    c. Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    d. Ways to minimize the burden of information collection on 
respondents, including through the use of automated collection 
techniques or other forms of information technology; and
    e. Estimates of capital or startup costs and costs of operation, 
maintenance, and purchase of services to provide information.
    At the end of the comment period, the comments and recommendations 
received will be analyzed to determine the extent to which the Board 
should modify the proposal.

Proposal Under OMB Delegated Authority To Extend for Three Years, 
Without Revision, the Following Information Collection

    Report title: Reporting, Recordkeeping, and Disclosure Provisions 
Associated with the Guidance on Response Programs for Unauthorized 
Access to Customer Information and Customer Notice.
    Agency form number: FR 4100.
    OMB control number: 7100-0309.
    Frequency: On occasion.
    Respondents: State member banks, bank holding companies (BHCs), 
affiliates and certain non-banking

[[Page 65047]]

subsidiaries of BHCs, uninsured state agencies and branches of foreign 
banks, commercial lending companies owned or controlled by foreign 
banks, savings and loan holding companies, and Edge and agreement 
corporations.
    Estimated number of respondents: Recordkeeping, 1; Reporting, 831; 
Disclosure, 831.
    Estimated average hours per response: Recordkeeping, 24 hours; 
Reporting, 9 hours; Disclosure, 27 hours.
    Estimated annual burden hours: Recordkeeping, 24 hours; Reporting, 
7,479 hours; Disclosure, 22,437 hours.
    General description of report: The FR 4100 is the Board's 
information collection associated with the Interagency Guidance on 
Response Programs for Unauthorized Access to Customer Information and 
Customer Notice (``ID-Theft Guidance'' or ``Guidance''). The ID-Theft 
Guidance was published in the Federal Register in March 2005.\1\ The 
ID-Theft Guidance, which applies to financial institutions, was issued 
in response to developing trends in the theft and accompanying misuse 
of customer information. The Guidance includes certain voluntary 
reporting, recordkeeping, and disclosure provisions.
---------------------------------------------------------------------------

    \1\ See 70 FR 15736 (March 29, 2005).
---------------------------------------------------------------------------

    Legal authorization and confidentiality: The FR 4100 is authorized 
by section 501(b) of the Gramm-Leach-Bliley Act,\2\ which requires the 
Board, the Federal Deposit Insurance Corporation, and the Office of the 
Comptroller of the Currency to establish appropriate standards for 
financial institutions to develop and implement an information security 
program designed to protect their customers' information and a response 
program that specifies actions to be taken when the institution 
suspects or detects that unauthorized individuals have gained access to 
customer information systems.
---------------------------------------------------------------------------

    \2\ 15 U.S.C. 6801(b).
---------------------------------------------------------------------------

    Because the provisions under the FR 4100 are contained in guidance, 
which is nonbinding, the provisions are voluntary.\3\
---------------------------------------------------------------------------

    \3\ See SR 18-5/CA 18-7: Interagency Statement Clarifying the 
Role of Supervisory Guidance (Sept. 11, 2018).
---------------------------------------------------------------------------

    The disclosure provisions of FR 4100 are not confidential. The 
records maintained under recordkeeping provisions of FR 4100 would be 
maintained at each banking organization, and the Freedom of Information 
Act (``FOIA'') would only be implicated if the Board obtained such 
records as part of the examination or supervision of a banking 
organization. In the event the records are obtained by the Board as 
part of an examination or supervision of a financial institution, this 
information may be considered confidential pursuant to exemption 8 of 
the FOIA, which protects information contained in ``examination, 
operating, or condition reports'' obtained in the bank supervisory 
process. In addition, the information obtained by the Board under the 
FR 4100 may also be kept confidential under exemption 4 for the FOIA, 
which protects commercial or financial information obtained from a 
person that is privileged or confidential.\4\
---------------------------------------------------------------------------

    \4\ 5 U.S.C. 552(b)(4).
---------------------------------------------------------------------------

    Consultation outside the agency: Representatives from the Board, 
the Federal Deposit Insurance Corporation, and the Office of the 
Comptroller of the Currency responsible for the reporting, 
recordkeeping, and disclosure requirements associated with the ID-Theft 
Guidance have reviewed their respective information collections and 
agreed that no revisions to the collections are necessary at this time.

    Board of Governors of the Federal Reserve System, October 7, 
2020.
Michele Taylor Fennell,
Assistant Secretary of the Board.
[FR Doc. 2020-22683 Filed 10-13-20; 8:45 am]
BILLING CODE 6210-01-P