[Federal Register Volume 88, Number 82 (Friday, April 28, 2023)]
[Notices]
[Pages 26301-26305]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-09017]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation (FDIC).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the FDIC proposes to modify a current FDIC system of records 
notice titled FDIC-010, Investigative Files of the Office of Inspector 
General (OIG), by updating the categories of records in the system to 
include video and audio recordings; updating the categories of records 
in the system to include violations or potential violations of 
administrative or civil law within the FDIC OIG's jurisdiction; 
updating the system location to include secure sites and secure servers 
maintained by third-party service providers; and adding new routine 
uses to authorize sharing of information with complainants, witnesses, 
and subjects, and to the public and news media, in certain limited 
circumstances. Additionally, this notice includes non-substantive 
changes to simplify the formatting and text of the previously published 
notice. We hereby publish this notice for comment on the proposed 
actions.

DATES: This action will become effective on April 28, 2023. The routine 
uses in this action will become effective on May 30, 2023, unless the 
FDIC makes changes based on comments received. Written comments should 
be submitted on or before May 30, 2023.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records (FDIC-010) by any of the 
following methods:
     Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for 
submitting comments on the FDIC website.
     Email: [email protected]. Include ``Comments-SORN (FDIC-
010)'' in the subject line of communication.
     Mail: James P. Sheesley, Assistant Executive Secretary, 
Attention: Comments: SORN (FDIC-010), Legal Division, Office of the 
Executive Secretary, Federal Deposit Insurance Corporation, 550 17th 
Street NW, Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street NW building (located on F Street 
NW), on business days between 7:00 a.m. and 5:00 p.m.
    Public Inspection: Comments received, including any personal 
information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. 
Commenters should submit only information that the commenter wishes to 
make available publicly. The FDIC may review, redact, or refrain from 
posting all or any portion of any comment that it may deem to be 
inappropriate for publication, such as irrelevant or obscene material. 
The FDIC may post only a single representative example of identical or 
substantially identical comments, and in such cases will generally 
identify the number of identical or substantially identical comments 
represented by the posted example. All comments that have been 
redacted, as well as those that have not been posted, that contain 
comments on the merits of this document will be retained in the public 
comment file and will be considered as required under all applicable 
laws. All comments may be accessible under the Freedom of Information 
Act (FOIA).

FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Chief, Privacy Program, 
703-516-5500, [email protected];

SUPPLEMENTARY INFORMATION: The Privacy Act, 5 U.S.C. 552a, at 
subsection (b)(3), requires each agency to publish, for public notice 
and comment, significant changes that the agency intends to make to a 
Privacy Act system of records. The ``Investigative Files of the Office 
of Inspector General, FDIC-010'' system of records is maintained for 
the purpose of documenting, tracking, reviewing and reporting on all 
phases of the FDIC Office of Inspector General's investigative and 
investigative-related litigation activities, and serves as a repository 
and source for information necessary to fulfill statutory reporting, 
access and disclosure requirements,

[[Page 26302]]

including those pertaining to the Inspector General (IG) Act.
    The FDIC proposes to update the categories of records in the system 
to include video and audio recordings, which will facilitate the FDIC 
OIG's compliance with Executive Order (E.O.) 14074, Advancing 
Effective, Accountable Policing and Criminal Justice Practices to 
Enhance Public Trust and Public Safety, issued May 25, 2022. Video and 
audio recordings of individuals may be captured by FDIC OIG criminal 
investigators wearing body cameras during the execution of search and 
arrest warrants, including during interviews with individuals that take 
place during investigative operations. The recordings will be used for 
gathering and preserving evidence in accord with E.O. 14074.
    The FDIC also proposes to update the categories of records in the 
system to include violations or potential violations of administrative 
or civil law within the FDIC OIG's jurisdiction. This modification is 
to clarify that the system of records may include information about 
individuals that may be obtained in the course of the FDIC OIG 
investigating administrative and civil cases.
    Additionally, the FDIC proposes updating the system location of the 
system to include secure sites and secure servers maintained by third-
party service providers. This modification is being made in conjunction 
with the implementation of a solution to support FDIC OIG's compliance 
with E.O. 14074, as well as to support other solutions or processes 
that may require the support of third-party service providers.
    The FDIC also proposes to update a routine use (7) indicating that 
the FDIC OIG may share information during the course of an 
investigation with subjects and/or respondents of an investigation, 
their representatives, or other persons or entities to the extent 
necessary to provide such persons with information and explanations 
concerning the results of an investigation or other inquiry arising 
from matters about which they were a subject and/or respondent.
    Additionally, the FDIC proposes to add two new routine uses (8 and 
9) indicating that information may be shared with complainants, 
witnesses, and subjects to the extent necessary to provide such persons 
with information and explanations concerning the results of the 
investigation or other inquiry arising from the matters about which 
they complained and/or with respect to which they were a victim or 
witness; and (9) indicating that information may be shared with an 
individual who has been interviewed or contacted pursuant to an 
investigation or other inquiry, to the extent that the FDIC OIG may 
provide copies of that individual's statements, testimony, or records 
produced by such individual.
    Finally, the FDIC proposes to add two new routine uses (27 and 28) 
indicating that information about individuals may be shared with the 
news media and/or the public when such information has been disclosed 
publicly in court proceedings, and in rare instances when the community 
needs to be reassured that the appropriate law enforcement agency is 
investigating a matter, or where release of information is necessary to 
protect the public safety.
    This notice includes non-substantive changes to simplify the 
formatting and text of the previously published notice. This modified 
system will be included in the FDIC's inventory of record systems.

SYSTEM NAME AND NUMBER:
    Investigative Files of the Office of Inspector General, FDIC-010.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    FDIC Office of Inspector General (OIG), 3501 Fairfax Drive, 
Arlington, VA 22226. In addition, records are maintained in FDIC OIG 
field offices. FDIC OIG field office locations can be obtained by 
contacting the Assistant Inspector General for Investigations at said 
address. Original and duplicate systems may exist, in whole or in part, 
at secure sites and on secure servers maintained by third-party service 
providers for the FDIC OIG.

SYSTEM MANAGER(S):
    Assistant Inspector General for Investigations, FDIC Office of 
Inspector General, 3501 Fairfax Drive, Arlington, VA 22226.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 9 of the Federal Deposit Insurance Act (12 U.S.C. 1819); 
the Inspector General Act of 1978, as amended (5 U.S.C. appendix).

PURPOSE(S) OF THE SYSTEM:
    Pursuant to the Inspector General Act, the system is maintained for 
the purpose of documenting, tracking, reviewing and reporting on all 
phases of the FDIC Office of Inspector General's investigative and 
investigative-related litigation activities and serves as a repository 
and source for information necessary to fulfill statutory reporting, 
access and disclosure requirements, including those pertaining to the 
Inspector General Act.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current and former FDIC employees and individuals involved in or 
associated with FDIC programs and operations, including contractors, 
subcontractors, vendors and other individuals, including members of the 
public, associated with investigative inquiries and investigative 
cases, including, but not limited to, witnesses, complainants, subjects 
and those contacting the FDIC OIG Hotline.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Investigative files, including memoranda, computer-generated 
background information, correspondence, including payroll records, call 
records, email records, electronic case management, forensic, and 
tracking files, FDIC OIG Hotline- related records, reports of 
investigations with related exhibits, statements, affidavits, records 
or other pertinent documents, reports from or to other law enforcement 
organizations, pertaining to violations or potential violations of 
criminal, civil, or administrative laws, fraud, waste, and abuse with 
respect to administration of FDIC programs and operations, and 
violations of employee and contractor Standards of Conduct as set forth 
in section 12(f) of the Federal Deposit Insurance Act (12 U.S.C. 
1822(f)), 12 CFR parts 336, 366, and 5 CFR parts 2634, 2635, and 3201. 
Records in this system may contain personally identifiable information 
such as names, social security numbers, dates of birth and addresses. 
This system may also contain such information as employment history, 
bank account numbers and information, driver's licenses, educational 
records, criminal history, photographs, video and audio recordings, and 
other information of a personal nature provided or obtained in 
connection with an investigation.

RECORD SOURCE CATEGORIES:
    Official records of the FDIC; current and former employees of the 
FDIC, other government employees, private individuals, vendors, 
contractors, subcontractors, witnesses and informants. Records in this 
system may have originated in other FDIC systems of records and 
subsequently been transferred to this system.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be

[[Page 26303]]

disclosed outside the FDIC as a routine use as follows:
    (1) To the appropriate Federal, State, local, foreign or 
international agency or authority which has responsibility for 
investigating or prosecuting a violation of or for enforcing or 
implementing a statute, rule, regulation, or order to assist such 
agency or authority in fulfilling these responsibilities when the 
record, either by itself or in combination with other information, 
indicates a violation or potential violation of law, or contract, 
whether civil, criminal, or regulatory in nature, and whether arising 
by general statute or particular program statute, or by regulation, 
rule, or order issued pursuant thereto;
    (2) To a court, magistrate, alternative dispute resolution mediator 
or administrative tribunal (collectively referred to as the 
adjudicative bodies) in the course of presenting evidence, including 
disclosures to counsel or witnesses in the course of civil discovery, 
litigation, or settlement negotiations or in connection with criminal 
proceedings (collectively, the litigated proceedings) when the FDIC or 
FDIC OIG is a party to the proceeding or has a significant interest in 
the proceeding and the information is determined to be relevant and 
necessary in order for the adjudicatory bodies, or any of them, to 
perform their official functions in connection with the presentation of 
evidence relative to the litigated proceedings;
    (3) To the FDIC's or another Federal agency's legal representative, 
including the U.S. Department of Justice or other retained counsel, 
when the FDIC, FDIC OIG or any employee thereof is a party to 
litigation or administrative proceeding or has a significant interest 
in the litigation or proceeding to assist those representatives by 
providing them with information or evidence for use in connection with 
such litigation or proceedings;
    (4) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; and (c) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the FDIC's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm;
    (5) To another Federal agency or Federal entity, when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach;
    (6) To a grand jury agent pursuant either to a Federal or State 
grand jury subpoena or to a prosecution request that such record be 
released for the purpose of its introduction to a grand jury;
    (7) To the subjects and/or respondents of an investigation and 
their representatives during the course of an investigation and to any 
other person or entity that has or may have information relevant or 
pertinent to the investigation to the extent necessary to assist in the 
conduct of the investigation, or to the extent necessary to provide 
such persons with information and explanations concerning the results 
of an investigation or other inquiry arising from matters about which 
they were a subject and/or respondent;
    (8) To complainants, victims, and/or witnesses to the extent 
necessary to provide such persons with information and explanations 
concerning the results of the investigation or other inquiry arising 
from the matters about which they complained and/or with respect to 
which they were a victim or witness;
    (9) To an individual who has been interviewed or contacted pursuant 
to an investigation or other inquiry, to the extent that the FDIC OIG 
may provide copies of that individual's statements, testimony, or 
records produced by such individual;
    (10) To third-party sources during the course of an investigation 
only such information as determined to be necessary and pertinent to 
the investigation in order to obtain information or assistance relating 
to an audit, trial, hearing, or any other authorized activity of the 
FDIC OIG;
    (11) To a congressional office in response to a written inquiry 
made by the congressional office at the request of the individual to 
whom the records pertain;
    (12) To a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary for the FDIC to 
obtain information concerning the hiring or retention of an employee, a 
security clearance determination or adjudication, the letting of a 
contract, or the issuance of a license, grant, or other benefit;
    (13) To a Federal agency responsible for considering suspension or 
debarment action where such record is determined to be necessary and 
relevant to that agency's consideration of such action;
    (14) To a consultant, person or entity who contracts or 
subcontracts with the FDIC or FDIC OIG, to the extent necessary for the 
performance of the contract or subcontract. The recipient of the 
records shall be required to comply with the requirements of the 
Privacy Act of 1974, as amended (5 U.S.C. 552a);
    (15) To contractors, grantees, volunteers, and others performing or 
working on a contract, service, grant, cooperative agreement, or 
project for the FDIC OIG, the FDIC or the Federal Government in order 
to assist those entities or individuals in carrying out their 
obligation under the related contract, grant, agreement or project;
    (16) To the U.S. Office of Personnel Management, Government 
Accountability Office, Office of Government Ethics, Merit Systems 
Protection Board, Office of Special Counsel, Equal Employment 
Opportunity Commission, Department of Justice, Office of Management and 
Budget or the Federal Labor Relations Authority of records or portions 
thereof determined to be relevant and necessary to carrying out their 
authorized functions, including but not limited to a request made in 
connection with hiring or retaining an employee, rendering advice 
requested by FDIC OIG, making a security clearance determination or 
adjudication, reporting an investigation of an employee, reporting an 
investigation of prohibited personnel practices, letting a contract or 
issuing a grant, license, or other benefit by the requesting agency, 
but only to the extent that the information disclosed is necessary and 
relevant to the requesting agency's decision on the matter;
    (17) To appropriate Federal, State, and local authorities in 
connection with hiring or retaining an individual, conducting a 
background security or suitability investigation, adjudication of 
liability, or eligibility for a license, contract, grant, or other 
benefit;
    (18) To appropriate Federal, State, and local authorities, 
agencies, arbitrators, and other parties responsible for processing any 
personnel actions or conducting administrative hearings or corrective 
actions or grievances or appeals, or if needed in the performance of 
other authorized duties;
    (19) To officials of a labor organization when relevant and 
necessary to their duties of exclusive

[[Page 26304]]

representation concerning personnel policies, practices, and matters 
affecting working conditions;
    (20) To a financial institution affected by enforcement activities 
or reported criminal activities authorities to ascertain the knowledge 
of or involvement in matters that have been developed during the course 
of the investigation;
    (21) To the Internal Revenue Service and appropriate State and 
local taxing authorities for their use in enforcing the relevant 
revenue and taxation law and related official duties;
    (22) To other Federal, State or foreign financial institutions, 
supervisory or regulatory authorities for their use in administering 
their official functions, to include examination, supervision, 
litigation, and resolution authorities with respect to financial 
institutions, receiverships, liquidations, conservatorships, bridge 
institutions, and similar functions;
    (23) To appropriate Federal agencies and other public authorities 
for use in records management inspections;
    (24) To a governmental, public or professional or self-regulatory 
licensing organization for use in licensing or related determinations 
when such record indicates, either by itself or in combination with 
other information, a violation or potential violation of professional 
standards, or reflects on the moral, educational, or professional 
qualifications of an individual who is licensed or who is seeking to 
become licensed;
    (25) To the Department of the Treasury, federal debt collection 
centers, other appropriate federal agencies, and private collection 
contractors or other third parties authorized by law, for the purpose 
of collecting or assisting in the collection of delinquent debts owed 
to the FDIC or to obtain information in the course of an investigation 
(to the extent permitted by law). Disclosure of information contained 
in these records will be limited to the individual's name, Social 
Security number, and other information necessary to establish the 
identity of the individual, and the existence, validity, amount, status 
and history of the debt;
    (26) To other Federal Offices of Inspector General or other 
entities for the purpose of conducting quality assessments or peer 
reviews of the FDIC OIG, or its investigative components, or for 
statistical purposes;
    (27) To the news media and/or the public when such information has 
been publicly disclosed in court proceedings, subject to limitations 
imposed by law or court rule or order; and,
    (28) To the news media and/or the public when the Inspector General 
determines that the community needs to be reassured that the 
appropriate law enforcement agency is investigating a matter, or where 
release of information is necessary to protect the public safety, and 
that disclosure would not constitute an unwarranted invasion of 
personal privacy.
    Disclosure to Consumer Reporting Agencies: Pursuant to 5 U.S.C. 
552a (b)(12), disclosures may be made from this system to consumer 
reporting agencies as defined in the Fair Credit Reporting Act (15 
U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 
U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in electronic media and in paper format within 
individual file folders.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are indexed and may be retrieved by a variety of fields, 
including but not limited to, name of individual, unique investigation 
number assigned, referral number, social security number, or 
investigative subject matter.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained as follows and then dispositioned in 
accordance with approved records retention schedules. Records regarding 
``significant'' investigations (i.e., those receiving national media 
attention, involving a Congressional investigation, or otherwise having 
been deemed to have historic value) are retained permanently. For 
records that are investigative in nature but not related to a specific 
investigation, the retention period is five years. For records related 
to a specific investigation, except significant investigations 
(national media attention, Congressional investigation, or substantive 
changes in agency policies and procedures), the retention period is ten 
years after the Office of Investigations' closure of the file.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    FDIC and FDIC OIG have imposed strict controls to minimize the risk 
of compromising the information that is being stored. Access to the 
records in this system is limited to those individuals who have 
completed mandatory privacy and security training and have a need to 
know the information for the performance of their official duties. FDIC 
and FDIC OIG have also implemented policies and procedures to safeguard 
the records. This includes maintaining files in secured facilities and 
restricting access to records to individuals who have appropriate role 
based permissions.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them in this 
system of records must submit their request in writing to the FDIC FOIA 
& Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email 
[email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest or request an amendment to their 
records in this system of records must submit their request in writing 
to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, 
DC 20429, or email [email protected]. Requests must specify the 
information being contested, the reasons for contesting it, and the 
proposed amendment to such information in accordance with FDIC 
regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals wishing to know whether this system contains 
information about them must submit their request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email [email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    This system of records, to the extent that it consists of 
information compiled for the purpose of criminal investigations, has 
been exempted from the requirements of subsections (c)(3) and (4); (d); 
(e)(1), (2) and (3); (e)(4)(G) and (H); (e)(5); (e)(8); (e)(12); (f); 
(g); and (h) of the Privacy Act pursuant to 5 U.S.C. 552a(j)(2). In 
addition, this system of records, to the extent that it consists of 
investigatory material compiled: (A) for other law enforcement purposes 
(except where an individual has been denied any right, privilege, or 
benefit for which he or she would otherwise be entitled to or eligible 
for under Federal law, so long as the disclosure of such information 
would not reveal the identity of a source who furnished information to 
the FDIC under an express promise that his or her identity would be 
kept confidential); or

[[Page 26305]]

(B) solely for purposes of determining suitability, eligibility, or 
qualifications for Federal civilian employment or Federal contracts, 
the release of which would reveal the identity of a source who 
furnished information to the FDIC on a confidential basis, has been 
exempted from the requirements of subsections (c)(3); (d); (e)(1); 
(e)(4)(G) and (H); and (f) of the Privacy Act pursuant to 5 U.S.C. 
552a(k)(2) and (k)(5), respectively. Note, records in this system that 
originated in another system of records shall be governed by the 
exemptions claimed for this system as well as any additional exemptions 
claimed for the other system.

HISTORY:
    84 FR 35184 (July 22, 2019).


Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on April 24, 2023.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2023-09017 Filed 4-27-23; 8:45 am]
BILLING CODE 6714-01-P