[Federal Register Volume 87, Number 94 (Monday, May 16, 2022)]
[Notices]
[Pages 29746-29748]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-10427]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation (FDIC).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Federal Deposit Insurance Corporation (FDIC) is 
establishing a new system of records titled, FDIC-038, Failed Insured 
Depository Institution Research. This system of records maintains 
information collected to conduct research that inform decisions 
regarding core business objectives of the FDIC, including: Helping the 
FDIC improve its operations and processes; informing national and 
international policy discussions and rule-making in areas as varied as 
resolutions, emerging risks and risk assessments, deposit insurance, 
and banking policy, among others; and providing important contributions 
to the broader academic literature on many topics of relevance to the 
FDIC.

DATES: This action will become effective on May 16, 2022. The routine 
uses in this action will become effective on June 15, 2022, unless the 
FDIC makes changes based on comments received. Written comments should 
be submitted on or before the routine uses effective date of June 15, 
2022.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records by any of the following 
methods:
     Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for 
submitting comments on the FDIC website.
     Email: [email protected]. Include ``Comments-SORN'' in the 
subject line of communication.
     Mail: James P. Sheesley, Assistant Executive Secretary, 
Attention: Comments-SORN, Legal Division, Office of the Executive 
Secretary, Federal Deposit Insurance Corporation, 550 17th Street NW, 
Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street NW building (located on F Street 
NW), on business days between 7:00 a.m. and 5:00 p.m.

FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Chief, Privacy Program, 
703-516-5500, [email protected].

SUPPLEMENTARY INFORMATION:

I. Background

    Pursuant to the provisions of the Privacy Act of 1974, as amended, 
the FDIC is establishing a new system of records titled, FDIC-038 
Failed Insured Depository Institution Research. The SORN is being 
published to reflect the use of failed insured depository institution 
data for research purposes. Under the authority of the Federal Deposit 
Insurance (FDI) Act, the Federal Deposit Insurance Corporation (FDIC) 
collects data from core systems of failed insured depository 
institutions. Once the failure of an insured depository institution has 
been appropriately resolved, the FDIC Division of Insurance and 
Research (DIR) conducts research using these data that inform decisions 
regarding core business objectives of the FDIC, including: (a) Helping 
the FDIC improve its operations and processes; (b) informing national 
and international policy discussions and rule-making in areas as varied 
as resolutions, emerging risks and risk assessments, deposit insurance, 
and banking policy, among others; and (c) providing important 
contributions to the broader academic literature on many topics of 
relevance to the FDIC. The data are collected from the failed insured 
financial institution into electronic and physical storage managed by 
the FDIC.
    This newly established system will be included in FDIC's inventory 
of record systems.

SYSTEM NAME AND NUMBER:
    Failed Insured Depository Institution Research, FDIC-038.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at FDIC facilities in Arlington, VA, and 
regional offices. Original and duplicate systems may exist, in whole or 
in part, at secure sites and on secure servers maintained by third-
party service providers for the FDIC.

SYSTEM MANAGER(S):
    FDIC Business Data Services System Program Manager, Chief 
Information Officer Organization, FDIC, 550 17th Street NW, Washington, 
DC 20429.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 9, 10, 11, and 13 of the Federal Deposit Insurance Act (12 
U.S.C. 1819, 1820, 1821, and 1822) and 12 CFR part 380.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to conduct research using data from 
failed insured depository institutions to inform decisions regarding 
core business objectives of the FDIC, including: (a) Helping the FDIC 
improve its operations and processes; (b) informing national and 
international policy discussions and rule-making in areas as varied as 
resolutions, emerging risks and risk assessments, deposit insurance, 
and banking policy, among others; and (c) providing important 
contributions to the broader academic literature on many topics of 
relevance to

[[Page 29747]]

the FDIC. The failed financial institution data are collected from the 
failed insured depository institution into electronic and physical 
storage managed by the FDIC.
    Data may contain personal identifiers. Those personal identifiers 
may be useful for research purposes. For example, data with personal 
identifiers may be used for matching records across different systems 
of a failed depository institution to conduct aggregate analysis on the 
failed insured depository institution, such as estimating the dollar 
amount of insured and uninsured deposits at the depository institution. 
Disclosure limitation methodologies, including disclosure review of 
research outputs such as tables, charts, text excerpts, and computer 
code, are used to reduce the risk of unintentional disclosure of 
information that impacts privacy. The FDIC does not use any research 
results to make a determination about a specific individual.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Information in the system contains data that have been collected 
from failed insured depository institutions for which the FDIC was 
appointed receiver. This includes information about depository 
institution customers, guarantors, and vendors of the failed insured 
financial institution, and bank officers, directors, and employees of 
the failed insured depository institution.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system from the failed insured depository 
institution fall into the following categories: Loan and collateral 
files; deposit files; financial institution financials, email, file 
shares, Suspicious Activity Reports (SAR), Reports of Examinations 
(ROE), payroll records, human resources records, Board of Directors' 
minutes, and other related records as necessary to meet the FDIC 
statutory requirements. The records may include:
     Contact information (e.g., names, phone numbers, email 
addresses, physical addresses);
     date of birth;
     Social Security number (SSN);
     mother's maiden name;
     certificates (e.g., birth, death, naturalization, 
marriage, etc.);
     employee identification number (EIN);
     driver's license/state identification number, vehicle 
identifiers (e.g., license plates);
     legal documents, records, or notes (e.g., divorce decree);
     financial information;
     employment status/history;
     criminal information; and
     military state and/or records.

RECORD SOURCE CATEGORIES:
    Information in this system is collected from failed insured 
depository institutions for which the FDIC was appointed receiver.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USE:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FDIC 
as a routine use as follows:
    (1) To a congressional office in response to an inquiry made by the 
congressional office at the request of the individual who is the 
subject of the record;
    (2) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; the FDIC and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the FDIC's efforts to respond to 
the suspected or confirmed breach or to prevent, minimize, or remedy 
such harm;
    (3) To another Federal agency or Federal entity, when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach;
    (4) To contractors, grantees, volunteers, and others performing or 
working on a contract, service, grant, cooperative agreement, or 
project for the OIG, the FDIC or the Federal Government in order to 
assist those entities or individuals in carrying out their obligation 
under the related contract, grant, agreement or project; and
    (5) To academic researchers and researchers from other agencies 
that serve as visiting scholars performing or working on contract with 
the FDIC to help the FDIC improve its operations and processes, and 
inform national and international policy discussions and rule-making in 
areas as varied as resolutions, emerging risks and risk assessments, 
deposit insurance, and banking policy, among others.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in a database and in electronic media hosted in 
a secure location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are indexed by failed insured depository institution number 
and name of insured depository institution. Records may contain 
personal identifiers for the purpose of matching records. The FDIC 
retains the personal identifiers after matching, but only for the 
purpose of performing similar matches for future research and to 
provide individuals with access to their information pursuant to the 
record access, contesting records, and notification procedures listed 
below.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Failed insured depository institution data are maintained for 
thirty years after appointment of FDIC as receiver in accordance with 
approved records retention schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records are password-protected and accessible only by 
authorized personnel. Access to electronic records is restricted to 
authorized personnel. Identifiable data is solely under the control of 
a limited number of employees or contractors who are required to uphold 
confidentiality restrictions of the FDIC. In addition, any contract 
personnel who have access to the records are required to sign 
nondisclosure agreements prior to working with the data. Role-based 
training on research procedures and the process for disclosure review 
must be completed prior to obtaining access to the records.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them in this 
system of records must submit their request in writing to the FDIC FOIA 
& Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email 
[email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

[[Page 29748]]

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest or request an amendment to their 
records in this system of records must submit their request in writing 
to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, 
DC 20429, or email [email protected]. Requests must specify the 
information being contested, the reasons for contesting it, and the 
proposed amendment to such information in accordance with FDIC 
regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals wishing to know whether this system contains 
information about them must submit their request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email [email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on May 6, 2022.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2022-10427 Filed 5-13-22; 8:45 am]
BILLING CODE 6714-01-P