[Federal Register Volume 88, Number 2 (Wednesday, January 4, 2023)]
[Notices]
[Pages 374-376]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-28589]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal Service[supreg].

ACTION: Notice of modified system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service[supreg] (USPS) is proposing 
to revise a Customer Privacy Act System of Records (SOR). The proposed 
modifications will provide additional transparency into the collection 
and use of records for the USPS to administer and comply with Bank 
Secrecy Act (BSA), Anti-Money Laundering (AML) and Office of Foreign 
Assets Control (OFAC) requirements.
    The Postal Service is focused on continuous improvement efforts 
that increase effectiveness and efficiency, such as enhancements to 
functionality and processing capabilities that support ongoing 
administrative and compliance activities.

DATES: These revisions will become effective without further notice on 
February 3, 2023, unless responses to comments received on or before 
that date result in a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
([email protected]). To facilitate public inspection, 
arrangements to view copies of any written comments received will be 
made upon request.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, at 
202-268-3069 or [email protected].

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their systems of records 
in the Federal Register when there is a revision, change, or addition, 
or when the agency establishes a new system of records. The Postal 
Service has determined that Customer Privacy Act System of Records, 
USPS SOR 860.000, Financial Transactions, should be revised to promote 
transparency and support ongoing administrative and compliance 
activities to meet BSA, AML and OFAC requirements.

I. Background

    The Postal Service is defined as a money services business (MSB) 
under the BSA \1\ as it is a provider of money orders, gift cards, 
international wire transfer services and limited check cashing services 
to customers throughout the United States. Moreover, the Postal Service 
is the only entity specifically mentioned in the BSA as being covered 
by the BSA and therefore has a legal mandate to detect and deter 
suspicious activities; train those who sell postal financial 
instruments or services and those who supervise them; and meet federal 
recordkeeping and reporting requirements.
---------------------------------------------------------------------------

    \1\ 31 U.S.C. 5312(a)(2)(V).
---------------------------------------------------------------------------

    The Postal Service must also ensure that it is complying with the 
OFAC requirements and must perform screening for Specially Designated 
Nationals and Blocked Persons List (SDNs), as defined and mandated by 
the OFAC. Through strategic monitoring and reporting of financial 
transactions, the USPS Bank Secrecy Act and Anti-Money Laundering 
Compliance Program helps the federal government detect and prevent 
money laundering, terrorist financing, and other illegal activities.

II. Rationale for Changes to USPS Privacy Act Systems of Records

    The Postal Service continuously seeks to improve processes to 
support BSA, AML and OFAC compliance. In the spirit of continuous 
improvement, planned enhancements to functionality and processing 
capabilities will be made to support data entry, analysis, queries, and 
reporting of data, related to potential violations of the BSA, OFAC and 
AML statutes, regulations, and requirements.

III. Description of the Modified System of Records

    The Postal Service is proposing modifications to USPS SOR 860.000, 
Financial Transactions, in the summary of changes listed below:

 Updated SYSTEM LOCATION to include the BSA and AML Compliance 
group
 Updated PURPOSE #3 to include the BSA, AML and OFAC 
requirements
 Updated CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM #3, 
#4, and #5 with the broader ``financial instruments'' term
 Updated CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM #6 to 
include Specially Designated Nationals and Blocked Persons List (SDNs) 
as defined and mandated by the OFAC
 Added two new CATEGORIES OF RECORDS IN THE SYSTEM as #8 and #9 
to include information collected on the Funds Transaction Report (FTR), 
Postal Service (PS) Form 8105-A, and Suspicious Transaction Report 
(STR), PS Form 8105-B
 Updated Special Routine Use a. to include BSA and OFAC 
requirements
 Added Specially Designated Nationals and Blocked Persons List 
(SDNs) as defined and mandated by the OFAC to POLICIES AND PRACTICES 
FOR RETRIEVAL OF RECORD
 Revised #4 and #5 to POLICIES AND PRACTICES FOR RETENTION AND 
DISPOSAL OF RECORDS for new 5-year and one-month retention period
 Updated administrative information in NOTIFICATION PROCEDURES

    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments on this proposal. A report of 
the proposed revisions has been sent to Congress and to the Office of 
Management and Budget (OMB) for their evaluations. The Postal Service 
does not expect this amended system of records to have any adverse 
effect on individual privacy rights. USPS SOR 860.000, Financial 
Transactions is provided below in its entirety:

SYSTEM NAME AND NUMBER:
    USPS 860.000 Financial Transactions.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    USPS Headquarters; Integrated Business Solutions Services Centers; 
Accounting Service Centers; Bank Secrecy Act (BSA) Anti-Money 
Laundering (AML) Compliance group; and contractor sites.

SYSTEM MANAGER(S):
    Chief Financial Officer and Executive Vice President, United States 
Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401, 403, and 404; 31 U.S.C. 5318, 5325, 5331, and 7701.

PURPOSE(S) OF THE SYSTEM:
    1. To provide financial products and services.
    2. To respond to inquiries and claims related to financial products 
and services.
    3. To fulfill requirements of BSA, AML statutes and regulations and 
Office of Foreign Assets Control (OFAC).

[[Page 375]]

    4. To support investigations related to law enforcement for 
fraudulent financial transactions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Customers who use online payment or funds transfer services.
    2. Customers who file claims or make inquiries related to online 
payment services, funds transfers, money orders, and stored-value 
cards.
    3. Customers who purchase financial instruments in an amount of 
$3000 or more per day. Financial instruments are limited to money 
orders, gift cards and international wire transfer service.
    4. Customers who purchase or redeem financial instruments in a 
manner requiring collection of information as potential suspicious 
activities under anti-money laundering requirements.
    5. Beneficiaries from financial instruments totaling more than 
$10,000 in 1 day.
    6. Specially Designated Nationals and Blocked Persons List (SDNs) 
as defined and mandated by the OFAC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Customer information: Name, customer ID(s), mail and email 
address, telephone number, occupation, type of business, and customer 
history.
    2. Identity verification information: Date of birth, username and/
or ID, password, Social Security Number (SSN) or tax ID number, and 
driver's license number (or other type of ID if driver's license is not 
available, such as Alien Registration Number, Passport Number, Military 
ID, Tax ID Number). (Note: For online payment services, SSNs are 
collected, but not retained, in order to verify ID.)
    3. Billers registered for online payment services: Biller name and 
contact information, bill detail, and bill summaries.
    4. Transaction information: Name, address, and phone number of 
purchaser, payee, and biller; amount, date, and location; credit and/or 
debit card number, type, and expiration; sales, refunds, and fees; type 
of service selected and status; sender and recipient bank account and 
routing number; bill detail and summaries; transaction number, serial 
number, and/or reference number or other identifying number, pay out 
agent name and address; type of payment, currency, and exchange rate; 
Post Office information such as location, phone number, and terminal; 
employee ID numbers, license number and state, and employee comments.
    5. Information to determine credit-worthiness: Period at current 
residence, previous address, and period of time with same phone number.
    6. Information related to claims and inquiries: Name, address, 
phone number, signature, SSN, location where product was purchased, 
date of issue, amount, serial number, and claim number.
    7. Online user information: Internet Protocol (IP) address, domain 
name, operating system version, browser version, date and time of 
connection, and geographic location.
    8. Funds Transaction Report (FTR) Postal Service (PS) Form 8105-A:
    a. Type of Transaction (completed by customer): on behalf of self, 
on behalf of another individual, on behalf of a business/organization, 
law enforcement agent or government representative on behalf of an 
agency, private courier on behalf of individual, private courier on 
behalf of a business/organization, armored car service on behalf of a 
business/individual.
    b. Customer Information (completed by customer): last name/first 
name, address (number, street, box, suite/apt no.), city, state, ZIP 
CodeTM, country, date of birth (MM/DD/YYYY), SSN, telephone 
number (include area code); Photo ID: driver's license no. (U.S. only--
must indicate state), resident alien/permanent resident ID no., other 
ID (U.S./state government-issued IDs, including tribal, and Mexican 
matricular consular), state ID no. (U.S. only--must indicate state), 
military ID no. (U.S. only), passport no. (must indicate country); 
Describe other ID: ID number, issuing state, issuing country 
(passport), occupation (be as specific as possible); (Completed by 
Postal ServiceTM employee): round date stamp.
    c. Other Person/Business/Organization on Whose Behalf Transaction 
Is Being Conducted (completed by customer): last name/first name or 
business name or organization name (no acronyms), SSN or employer ID 
number (EIN), North American Industry Classification System (NAICS) (if 
business), type of business/organization/occupation, address (number, 
street, box, suite/apt no.), city, state, ZIP CodeTM, 
country, date of birth (MM/DD/YYYY), telephone number (include area 
code), ID type, ID number, issuing state;
    d. Completed by Postal Service TM Employee: type of 
transaction (check one)--purchased ($3,000.00 or more) or redeemed/
cashed (over $10,000.00), total face value (excluding fee), transaction 
date (MM/DD/YYYY), beginning serial no. thru ending serial no. money 
order ranges 1-2, number of money orders sold, number of money orders 
redeemed/cashed, number of gift cards sold (provide numbers in section 
on back of form), funds transfer 1 Sure MoneyTM/Dinero 
Seguro, signature of USPS[supreg] employee, Post OfficeTM 
ZIP CodeTM;
    e. Law Enforcement Agent of Government Representative on Behalf of 
an Agency (completed by customer): last name/first name, date of birth 
(MM/DD/YYYY), work telephone number (include area code), law 
enforcement agent/government representative photo ID number (if photo 
ID does not have a number please use agent/representative driver's 
license number), type of ID: law enforcement ID, government 
representative ID, driver's license number (must note state if using 
driver's license), state, agency name (no acronyms), address (number, 
street, box, suite/apt. no.), city, state, ZIP CodeTM, 
occupation, agency EIN, NAICS;
    f. Armored Car Service Information (completed by customer): armored 
car business name (no acronyms), EIN, telephone number (include area 
code), address (number, street, box, suite/apt no.), city, state, ZIP 
CodeTM; and
    g. Completed by Postal Service Employee (Continued): type of 
transaction (check one)--purchased ($3,000.00 or more) or redeemed/
cashed (over $10,000.00), additional transaction numbers for money 
orders, funds transfer Sure MoneyTM/Dinero Seguro, and gift 
cards--beginning serial no. thru ending serial no. money order ranges 
3-6, Sure MoneyTM/Dinero Seguro 2-5, and gift card numbers 
1-4.
    9. Suspicious Transaction Report (STR) PS Form 8105-B (completed by 
Postal ServiceTM employee): activity type--purchased, 
redeemed/cashed, other (describe in comments section), begin serial no. 
thru end serial no. money order ranges 1-3, transaction amount, 
transaction date, transaction time, recorded by camera, check box if a 
debit/credit card was used in the transaction (do not include any 
information from the debit/credit card on this form), description of 
customer(s) 1-4--sex (M/F), approximate age, height, weight, ethnicity, 
round date stamp, Post OfficeTM ZIP CodeTM, 
comments (check all that apply), vehicle description (if available)--
make, type, color, license number, license state, comments, money order 
ranges 4-5, gift cards 1-2, funds transfer Sure Money[supreg]/Dinero 
Seguro[supreg] 1-2, business name/customer last name, first name, 
address (number, street, box, suite/apt. no.), city, state, ZIP 
CodeTM, country, type of business, date of birth (MM/DD/
YYYY), SSN, driver's license no., state, other ID no., type of other 
ID, mailpiece information (if available)--mailpiece number, mailpiece 
type, additional comments.

[[Page 376]]

RECORD SOURCE CATEGORIES:
    Customers, recipients, financial institutions, and USPS employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7., 10., and 11. apply. In 
addition;
    a. Legally required disclosures to agencies for law enforcement 
purposes include disclosures of information relating to money orders, 
funds transfers, and stored-value cards as required by BSA, OFAC and 
anti-money laundering statutes, regulations and requirements.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated database, computer storage media, microfiche, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    For online payment and funds transfer services, information is 
retrieved by customer name, customer ID(s), transaction number, or 
address.
    Claim information is retrieved by name of purchaser or payee, claim 
number, serial number, transaction number, check number, customer 
ID(s), or ZIP Code.
    Information related to BSA, OFAC and AML is retrieved by customer 
name; SSN; alien registration, passport, or driver's license number; 
serial number; transaction number; ZIP Code; transaction date; data 
entry operator number; and employee comments, and individuals that 
appear on the Specially Designated Nationals and Blocked Persons List 
(SDNs) as defined and mandated by the OFAC.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. Summary records, including bill due date, bill amount, biller 
information, biller representation of account number, and the various 
status indicators, are retained 2 years from the date of processing.
    2. For funds transfers, transaction records are retained 3 years.
    3. Records related to claims are retained up to 3 years from date 
of final action on the claim.
    4. Forms related to fulfillment of BSA, anti-money laundering 
requirements are retained for a 5-year and one-month period.
    5. Related automated records are retained the same 5-year and one-
month period and purged from the system quarterly after the date of 
creation.
    6. Enrollment records related to online payment services are 
retained 7 years after the subscriber's account ceases to be active or 
the service is cancelled.
    7. Account banking records, including payment history, Demand 
Deposit Account (DDA) number, and routing number, are retained 7 years 
from the date of processing.
    8. Online user information may be retained for 6 months.
    9. Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software. Online data transmissions are protected by encryption.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedure below and Record Access Procedures 
above.

NOTIFICATION PROCEDURES:
    For online payment services, funds transfers, and stored-value 
cards, individuals wanting to know if information about them is 
maintained in this system must address inquiries in writing to the 
Chief Marketing Officer and Executive Vice President. Inquiries must 
contain name, address, and other identifying information, as well as 
the transaction number for funds transfers.
    For money order claims, or BSA, OFAC and anti-money laundering 
documentation, inquiries should be addressed to the Chief Financial 
Officer and Executive Vice President. Inquiries must include name, 
address, or other identifying information of the purchaser (such as 
driver's license, Alien Registration Number, Passport Number, etc.), 
and serial or transaction number. Information collected for anti-money 
laundering purposes will only be provided in accordance with Federal 
BSA, OFAC, anti-money laundering laws, regulations and requirements.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Systems Exempted From Certain Provisions of the Act:
    USPS has established regulations at 39 CFR 266.9 that exempt 
information contained in this system of records from various provisions 
of the Privacy Act in order to conform to the prohibition in the Bank 
Secrecy Act, 31 U.S.C. 5318(g)(2), against notification of the 
individual that a suspicious transaction has been reported.

HISTORY:
    May 8, 2008, 73 FR 26155; April 29, 2005, 70 FR 22516.
* * * * *

Sarah Sullivan,
Attorney, Ethics & Legal Compliance.
[FR Doc. 2022-28589 Filed 1-3-23; 8:45 am]
BILLING CODE P