[Federal Register Volume 86, Number 29 (Tuesday, February 16, 2021)]
[Notices]
[Page 9506]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-03072]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM


Agency Information Collection Activities: Announcement of Board 
Approval Under Delegated Authority and Submission to OMB

AGENCY: Board of Governors of the Federal Reserve System.

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
is adopting a proposal to extend for three years, without revision the 
Reporting, Recordkeeping, and Disclosure Provisions Associated with the 
Guidance on Response Programs for Unauthorized Access to Customer 
Information and Customer Notice (FR 4100; OMB No. 7100-0309).

FOR FURTHER INFORMATION CONTACT: Federal Reserve Board Clearance 
Officer--Nuha Elmaghrabi--Office of the Chief Data Officer, Board of 
Governors of the Federal Reserve System, Washington, DC 20551, (202) 
452-3829. Office of Management and Budget (OMB) Desk Officer--Shagufta 
Ahmed--Office of Information and Regulatory Affairs, Office of 
Management and Budget, New Executive Office Building, Room 10235, 725 
17th Street NW, Washington, DC 20503, or by fax to (202) 395-6974.

SUPPLEMENTARY INFORMATION: On June 15, 1984, OMB delegated to the Board 
authority under the PRA to approve and assign OMB control numbers to 
collections of information conducted or sponsored by the Board. Board-
approved collections of information are incorporated into the official 
OMB inventory of currently approved collections of information. The OMB 
inventory, as well as copies of the PRA Submission, supporting 
statements, and approved collection of information instrument(s) are 
available at https://www.reginfo.gov/public/do/PRAMain. These documents 
are also available on the Federal Reserve Board's public website at 
https://www.federalreserve.gov/apps/reportforms/review.aspx or may be 
requested from the agency clearance officer, whose name appears above.

Final Approval Under OMB Delegated Authority of the Extension for Three 
Years, Without Revision, of the Following Information Collection

    Report title: Reporting, Recordkeeping, and Disclosure Provisions 
Associated with the Guidance on Response Programs for Unauthorized 
Access to Customer Information and Customer Notice.
    Agency form number: FR 4100.
    OMB control number: 7100-0309.
    Frequency: On occasion.
    Respondents: State member banks, bank holding companies (BHCs), 
affiliates and certain non-banking subsidiaries of BHCs, uninsured 
state agencies and branches of foreign banks, commercial lending 
companies owned or controlled by foreign banks, savings and loan 
holding companies, and Edge and agreement corporations.
    Estimated number of respondents: Recordkeeping, 1; Reporting, 831; 
Disclosure, 831.
    Estimated average hours per response: Recordkeeping, 24 hours; 
Reporting, 9 hours; Disclosure, 27 hours.
    Estimated annual burden hours: Recordkeeping, 24 hours; Reporting, 
7,479 hours; Disclosure, 22,437 hours.
    General description of report: The FR 4100 is the Board's 
information collection associated with the Interagency Guidance on 
Response Programs for Unauthorized Access to Customer Information and 
Customer Notice (``ID-Theft Guidance'' or ``Guidance''). The ID-Theft 
Guidance was published in the Federal Register in March 2005.\1\ The 
ID-Theft Guidance, which applies to financial institutions, was issued 
in response to developing trends in the theft and accompanying misuse 
of customer information. The Guidance includes certain voluntary 
reporting, recordkeeping, and disclosure provisions.
---------------------------------------------------------------------------

    \1\ See 70 FR 15736 (March 29, 2005).
---------------------------------------------------------------------------

    Legal authorization and confidentiality: The FR 4100 is authorized 
by section 501(b) of the Gramm-Leach-Bliley Act,\2\ which requires the 
Board, the Federal Deposit Insurance Corporation, and the Office of the 
Comptroller of the Currency to establish appropriate standards for 
financial institutions to develop and implement an information security 
program designed to protect their customers' information and a response 
program that specifies actions to be taken when the institution 
suspects or detects that unauthorized individuals have gained access to 
customer information systems.
---------------------------------------------------------------------------

    \2\ 15 U.S.C. 6801(b).
---------------------------------------------------------------------------

    Because the provisions under the FR 4100 are contained in guidance, 
which is nonbinding, the provisions are voluntary.\3\
---------------------------------------------------------------------------

    \3\ See SR 18-5/CA 18-7: Interagency Statement Clarifying the 
Role of Supervisory Guidance (Sept. 11, 2018).
---------------------------------------------------------------------------

    The disclosure provisions of FR 4100 are not confidential. The 
records maintained under recordkeeping provisions of FR 4100 would be 
maintained at each banking organization, and the Freedom of Information 
Act (``FOIA'') would only be implicated if the Board obtained such 
records as part of the examination or supervision of a banking 
organization. In the event the records are obtained by the Board as 
part of an examination or supervision of a financial institution, this 
information may be considered confidential pursuant to exemption 8 of 
the FOIA, which protects information contained in ``examination, 
operating, or condition reports'' obtained in the bank supervisory 
process. In addition, the information obtained by the Board under the 
FR 4100 may also be kept confidential under exemption 4 for the FOIA, 
which protects commercial or financial information obtained from a 
person that is privileged or confidential.\4\
---------------------------------------------------------------------------

    \4\ 5 U.S.C. 552(b)(4).
---------------------------------------------------------------------------

    Current actions: On October 14, 2020, the Board published a notice 
in the Federal Register (85 FR 65046) requesting public comment for 60 
days on the extension, without revision, of the Reporting, 
Recordkeeping, and Disclosure Provisions Associated with the Guidance 
on Response Programs for Unauthorized Access to Customer Information 
and Customer Notice. The comment period for this notice expired on 
December 14, 2020. The Board did not receive any comments.

    Board of Governors of the Federal Reserve System, February 10, 
2021.
Michele Taylor Fennell,
Deputy Associate Secretary of the Board.
[FR Doc. 2021-03072 Filed 2-12-21; 8:45 am]
BILLING CODE 6210-01-P