[Federal Register Volume 87, Number 211 (Wednesday, November 2, 2022)]
[Notices]
[Pages 66178-66181]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-23805]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation (FDIC).

ACTION: Notice of modified systems of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Federal Deposit Insurance Corporation (FDIC) proposes to 
modify a current FDIC system of records titled FDIC-013, Insured 
Financial Institution Liquidation Records, by updating the name to 
FDIC-013, Financial Institution Resolution and Receivership Records to 
more closely reflect the records processed by this system of records; 
adding a new routine use to allow members of the public to locate and 
understand the status of their accounts; and revising the policies and 
practices for retention and disposal of records to describe the records 
retention schedules

[[Page 66179]]

for the records included in this system of records. Additionally, this 
notice includes non-substantive changes to simplify the formatting and 
text of the previously published notice. We hereby publish this notice 
for comment on the proposed action.

DATES: This action will become effective on November 2, 2022. The 
routine uses in this action will become effective on December 2, 2022, 
unless the FDIC makes changes based on comments received. Written 
comments should be submitted on or before December 2, 2022.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records by any of the following 
methods:
     Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for 
submitting comments on the FDIC website.
     Email: [email protected]. Include ``Comments-SORN'' in the 
subject line of communication.
     Mail: James P. Sheesley, Assistant Executive Secretary, 
Attention: Comments-SORN, Legal Division, Office of the Executive 
Secretary, Federal Deposit Insurance Corporation, 550 17th Street NW, 
Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street NW building (located on F Street 
NW), on business days between 7:00 a.m. and 5:00 p.m.
     Public Inspection: Comments received, including any 
personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. 
Commenters should submit only information that the commenter wishes to 
make available publicly. The FDIC may review, redact, or refrain from 
posting all or any portion of any comment that it may deem to be 
inappropriate for publication, such as irrelevant or obscene material. 
The FDIC may post only a single representative example of identical or 
substantially identical comments, and in such cases will generally 
identify the number of identical or substantially identical comments 
represented by the posted example. All comments that have been 
redacted, as well as those that have not been posted, that contain 
comments on the merits of this document will be retained in the public 
comment file and will be considered as required under all applicable 
laws. All comments may be accessible under the Freedom of Information 
Act.

FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Chief, Privacy Program, 
703-516-5500, [email protected].

SUPPLEMENTARY INFORMATION: The Privacy Act, 5 U.S.C. 552a, at 
subsection (b)(3), requires each agency to publish, for public notice 
and comment, significant changes that the agency intends to make to a 
Privacy Act system of records. The ``FDIC-013, Financial Institution 
Resolution and Receivership Records,'' system of records supports the 
receivership, conservatorship, and other regulatory or resolution 
functions of the FDIC. The records are maintained to: (a) identify and 
manage loan obligations, assets or liabilities acquired from failed 
FDIC-insured financial institutions for which the FDIC was appointed 
receiver or conservator, or from FDIC-insured financial institutions 
that were provided assistance by the FDIC, or identified as covered 
institutions; (b) identify, manage and discharge the obligations to 
creditors, obligees and other claimants of FDIC-insured financial 
institutions for which the FDIC was appointed receiver or conservator, 
or of FDIC-insured financial institutions that were provided assistance 
by the FDIC; and (c) support resolution planning, administration, and 
research in accordance with statutory mandates.
    The FDIC proposes to update the name of the system of records from 
``FDIC-013, Insured Financial Institution Liquidation Records,'' to 
``FDIC-013, Financial Institution Resolution and Receivership Records'' 
to better align the name with the contents of the system of record.
    The FDIC proposes to add a new routine use (18) to allow members of 
the public access to locate and understand the status of their accounts 
previously held by a financial institution.
    Additionally, after a review of business requirements, the FDIC has 
updated its retention schedules for specific types of records covered 
by this system of records. Failed insured depository institution data 
are maintained for at least ten years after appointment of FDIC as 
receiver in accordance with approved records retention schedules. 
Records generated as part of the resolution of a failed insured 
depository institution are maintained in accordance with approved 
retention schedules, typically not exceeding fifteen years after the 
termination of the receivership or as established by state or federal 
law or court order, if longer. Disposal is by shredding or other 
appropriate disposal methods.
    This notice includes non-substantive changes to simplify the 
formatting and text of the previously published notice. This modified 
system will be included in the FDIC's inventory of record systems.

System Name and Number:
    Financial Institution Resolution and Receivership Records, FDIC-
013.

Security Classification:
    Unclassified.

System Location:
    Records are maintained at FDIC facilities in Washington, DC; 
Arlington, VA; and regional offices. Original and duplicate systems may 
exist, in whole or in part, at secure sites and on secure servers 
maintained by third-party service providers for the FDIC.

System Manager(s):
    Deputy Director, Division of Resolutions and Receiverships, FDIC, 
550 17th Street NW, Washington, DC 20429; 600 North Pearl Street, Suite 
700, Dallas, Texas 75201.

Authority for Maintenance of the System:
    Sections 9, 11, and 13 of the Federal Deposit Insurance Act (12 
U.S.C. 1819, 1821, 1822, and 1823) and applicable state laws governing 
the liquidation of assets and winding-up of the affairs of financial 
institutions.

Purpose(S) Of The System:
    The records support the receivership and resolution functions of 
the FDIC. The records are maintained to: (a) identify and manage loan 
obligations, assets and liabilities acquired from failed FDIC-insured 
financial institutions for which the FDIC was appointed receiver or 
conservator, or from FDIC-insured financial institutions that were 
provided assistance by the FDIC; (b) identify, manage and discharge the 
obligations to creditors, obligees and other claimants of FDIC-insured 
financial institutions for which the FDIC was appointed receiver or 
conservator, or of FDIC-insured financial institutions that were 
provided assistance by the FDIC; and (c) support resolution planning, 
administration, and research in accordance with statutory mandates.

Categories of Individuals Covered by the System:
    Individuals who are or were obligors, obligees, or subject to 
claims of FDIC-insured or covered financial institutions for which the 
FDIC performs resolution or receivership functions.

Categories of Records in the System:
    This system contains the individual's files held by the FDIC 
insured, failing,

[[Page 66180]]

failed, or covered financial institution, including deposit, loan, or 
contractual agreements, related documents, and correspondence. The 
system also contains FDIC asset files, including judgments obtained, 
restitution orders, and loan deficiencies arising from the liquidation 
of the obligor's loan asset(s) and associated collateral, if any; 
information relating to the obligor's financial condition such as 
financial statements and income tax returns; asset or collateral 
verifications or searches; appraisals; and potential sources of 
repayment. FDIC asset files also include intra- or inter-agency 
memoranda, as well as notes, correspondence, and other documents 
relating to the liquidation of the loan obligation or asset. FDIC 
receivership claim files may include all information related to claims 
filed with the receivership estate by a failed financial institution's 
landlords, creditors, service providers or other obligees or claimants.

Record Source Categories:
    Information is obtained from the individual on whom the record is 
maintained; appraisers retained by the originating financial 
institution or the FDIC; investigative and/or research companies; 
credit bureaus and/or services; loan servicers; deposit servicers, 
court records; references named by the individual; attorneys or 
accountants retained by the originating financial institution or the 
FDIC; participants in the obligation(s) of the individual; officers and 
employees of the financial institution;; and other parties providing 
services to the FDIC in support of the resolution and receivership 
functions of the FDIC.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and Purposes of Such Uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FDIC 
as a routine use as follows:
    (1) To appropriate Federal, State, local and foreign authorities 
responsible for investigating or prosecuting a violation of, or for 
enforcing or implementing a statute, rule, regulation, or order issued, 
when the information indicates a violation or potential violation of 
law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto;
    (2) To a court, magistrate, or other administrative body in the 
course of presenting evidence, including disclosures to counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal proceedings, when the FDIC 
is a party to the proceeding or has a significant interest in the 
proceeding, to the extent that the information is determined to be 
relevant and necessary;
    (3) To a congressional office in response to an inquiry made by the 
congressional office at the request of the individual who is the 
subject of the record;
    (4) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; the FDIC and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the FDIC's efforts to respond to 
the suspected or confirmed breach or to prevent, minimize, or remedy 
such harm;
    (5) To another Federal agency or Federal entity, when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (6) To appropriate Federal, State, and local authorities in 
connection with hiring or retaining an individual, conducting a 
background security or suitability investigation, adjudication of 
liability, or eligibility for a license, contract, grant, or other 
benefit;
    (7) To appropriate Federal, State, and local authorities, agencies, 
arbitrators, and other parties responsible for processing any personnel 
actions or conducting administrative hearings or corrective actions or 
grievances or appeals, or if needed in the performance of other 
authorized duties;
    (8) To appropriate Federal agencies and other public authorities 
for use in records management inspections;
    (9) To contractors or entities performing services for the FDIC in 
connection with the liquidation of an individual's obligation(s), 
including judgments and loan deficiencies or in connection with the 
fulfillment of a claim filed with the FDIC. Third party contractors 
include, but are not limited to, asset marketing contractors; loan 
servicers; appraisers; environmental contractors; attorneys retained by 
the FDIC; collection agencies; auditing or accounting firms retained to 
assist in an audit or investigation of the FDIC's resolution 
activities; grantees, volunteers, and others performing or working on a 
contract, service, grant, cooperative agreement, or project for the 
FDIC;
    (10) To officials of a labor organization when relevant and 
necessary to their duties of exclusive representation concerning 
personnel policies, practices, and matters affecting working 
conditions;
    (11) To prospective purchaser(s) of the individual's obligation(s), 
including judgments and loan deficiencies, for the purpose of informing 
the prospective purchaser(s) about the nature and quality of the loan 
obligation(s) to be purchased;
    (12) To Federal or State agencies, such as the Internal Revenue 
Service or State taxation authorities, in the performance of their 
governmental duties, such as obtaining information regarding income, 
including the reporting of income resulting from a compromise or write-
off of a loan obligation;
    (13) To participants in the loan obligation in order to fulfill any 
contractual or incidental responsibilities in connection with the loan 
participation agreement;
    (14) To the Department of the Treasury, federal debt collection 
centers, other appropriate federal agencies, and private collection 
contractors or other third parties authorized by law, for the purpose 
of collecting or assisting in the collection of delinquent debts owed 
to the FDIC. Disclosure of information contained in these records will 
be limited to the individual's name, Social Security number, and other 
information necessary to establish the identity of the individual, and 
the existence, validity, amount, status and history of the debt.
    (15) To Federal or State agencies or to financial institutions 
where information is relevant to an application or request by the 
individual for a loan, grant, financial benefit, or other entitlement;
    (16) To Federal or State examiners for the purposes of examining 
borrowing relationships in operating financial institutions that may be 
related to an obligation of an individual covered by this system;
    (17) To the individual, the individual's counsel or other 
representatives, insurance carrier(s) or

[[Page 66181]]

underwriters of bankers' blanket bonds or other financial institution 
bonds in conjunction with claims made by the FDIC or litigation 
instituted by the FDIC or others on behalf of the FDIC against former 
officers, directors, accountants, lawyers, consultants, appraisers, or 
underwriters of bankers' blanket bonds or other financial institution 
bonds; and
    (18) To allow members of the public access to a limited portion of 
the data sufficient to help individuals locate and understand the 
status of their accounts previously held by a financial institution.

Policies and Practices for Storage of Records:
    Records are stored in electronic media and in paper format within 
individual file folders.

Policies and Practices for Retrieval of Records:
    Records are indexed by financial institution number, name of failed 
or assisted insured or covered institution, name of individual, social 
security number, and loan number, if applicable.

Policies and Practices for Retention and Disposal of Records:
    Failed insured depository institution data are maintained for at 
least ten years after appointment of FDIC as receiver in accordance 
with approved records retention schedules. Records generated as part of 
the resolution of a failed insured depository institution are 
maintained in accordance with approved retention schedules typically 
not exceeding fifteen years after the termination of the receivership 
or as established by state or federal law or court order, if longer. 
Disposal is by shredding or other appropriate disposal methods.

Administrative, Technical, and Physical Safeguards:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Administrative safeguards include written guidelines on handling 
personal information including agency-wide procedures for safeguarding 
personally identifiable information. In addition, all FDIC staff are 
required to take annual privacy and security training. Technical 
security measures within FDIC include restrictions on computer access 
to authorized individuals who have a legitimate need to know the 
information; required use of strong passwords that are frequently 
changed; multi-factor authentication for remote access and access to 
many FDIC network components; use of encryption for certain data types 
and transfers; firewalls and intrusion detection applications; and 
regular review of security procedures and best practices to enhance 
security. Physical safeguards include restrictions on building access 
to authorized individuals, security guard service, and maintenance of 
records in lockable offices and filing cabinets.

Record Access Procedures:
    Individuals wishing to request access to records about them in this 
system of records must submit their request in writing to the FDIC FOIA 
& Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email 
[email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

Contesting Record Procedures:
    Individuals wishing to contest or request an amendment to their 
records in this system of records must submit their request in writing 
to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, 
DC 20429, or email [email protected]. Requests must specify the 
information being contested, the reasons for contesting it, and the 
proposed amendment to such information in accordance with FDIC 
regulations at 12 CFR part 310.

Notification Procedures:
    Individuals wishing to know whether this system contains 
information about them must submit their request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email [email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

Exemptions Promulgated for the System:
    None.

History:
    84 FR 35184 (July 22, 2019).

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on October 27, 2022.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2022-23805 Filed 11-1-22; 8:45 am]
BILLING CODE 6714-01-P