[Federal Register Volume 89, Number 173 (Friday, September 6, 2024)]
[Notices]
[Pages 72916-72917]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-20134]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[SEC File No. 270-480, OMB Control No. 3235-0537]


Submission for OMB Review; Comment Request; Extension: Regulation 
S-P

Upon Written Request, Copies Available From: Securities and Exchange 
Commission, Office of FOIA Services,

[[Page 72917]]

100 F Street NE, Washington, DC 20549-2736

    Notice is hereby given that, pursuant to the Paperwork Reduction 
Act of 1995 (``PRA'') (44 U.S.C. 3501 et seq.), the Securities and 
Exchange Commission (``Commission'') has submitted to the Office of 
Management and Budget (``OMB'') a request for approval of extension of 
the previously approved collection of information provided for in the 
privacy notice and opt out notice provisions of Regulation S-P--Privacy 
of Consumer Financial Information (17 CFR part 248, subpart A) under 
the Securities Exchange Act of 1934 (``Exchange Act'') (15 U.S.C. 78a 
et seq.).
    The privacy notice and opt out notice provisions of Regulation S-P 
(the ``Rule'') implement the privacy notice and opt out notice 
requirements of Title V of the Gramm-Leach-Bliley Act (``GLBA''), which 
requires that, at the time of establishing a customer relationship with 
a consumer and not less than annually during the continuation of such 
relationship, a financial institution shall provide a clear and 
conspicuous disclosure to such consumer of such financial institution's 
policies and practices with respect to disclosing nonpublic personal 
information to affiliates and nonaffiliated third parties (``privacy 
notice''). Title V of the GLBA also provides that, unless an exception 
applies, a financial institution may not disclose nonpublic personal 
information of a consumer to a nonaffiliated third party unless the 
financial institution clearly and conspicuously discloses to the 
consumer that such information may be disclosed to such third party; 
the consumer is given the opportunity, before the time that such 
information is initially disclosed, to direct that such information not 
be disclosed to such third party; and the consumer is given an 
explanation of how the consumer can exercise that nondisclosure option 
(``opt out notice''). The Rule applies to broker-dealers, investment 
advisers registered with the Commission, and investment companies 
(``covered entities'').
    Commission staff estimates that, as of April 1, 2024, the Rule's 
information collection burden applies to approximately 32,707 covered 
entities (approximately 3,410 broker-dealers, 15,531 investment 
advisers registered with the Commission, and 13,766 investment 
companies). In view of (a) the minimal recordkeeping burden imposed by 
the Rule (since the Rule has no recordkeeping requirement and records 
relating to customer communications already must be made and retained 
pursuant to other SEC rules); (b) the summary fashion in which 
information must be provided to customers in the privacy and opt out 
notices required by the Rule (the model privacy form adopted by the SEC 
and the other agencies in 2009, designed to serve as both a privacy 
notice and an opt out notice, is only two pages); (c) the availability 
to covered entities of the model privacy form and online model privacy 
form builder; and (d) the experience of covered entities' staff with 
the notices, SEC staff estimates that covered entities will each spend 
an average of approximately 12 hours per year complying with the Rule, 
for a total of approximately 392,484 annual burden hours (12 x 32,707 = 
392,484). SEC staff understands that the vast majority of covered 
entities deliver their privacy and opt out notices with other 
communications such as account opening documents and account 
statements. Because the other communications are already delivered to 
consumers, adding a brief privacy and opt out notice should not result 
in added costs for processing or for postage and materials. Also, 
privacy and opt out notices may be delivered electronically to 
consumers who have agreed to electronic communications, which further 
reduces the costs of delivery. Because SEC staff assumes that most 
paper copies of privacy and opt out notices are combined with other 
required mailings, the burden-hour estimates above are based on 
resources required to integrate the privacy and opt notices into 
another mailing, rather than on the resources required to create and 
send a separate mailing. SEC staff estimates that, of the estimated 12 
annual burden hours incurred, approximately 8 hours would be spent by 
administrative assistants at an hourly rate of $90, and approximately 4 
hours would be spent by internal counsel at an hourly rate of $518, for 
a total annual internal cost of compliance of approximately $2,792 for 
each of the covered entities (8 x $90 = $720; 4 x $518 = $2,072; $720 + 
$2,072 = $2,792). Hourly cost of compliance estimates for 
administrative assistant time are derived from the Securities Industry 
and Financial Markets Association's Office Salaries in the Securities 
Industry 2013, modified by SEC staff to account for an 1,800-hour work-
year and multiplied by 2.93 to account for bonuses, firm size, employee 
benefits and overhead. Hourly cost of compliance estimates for internal 
counsel time are derived from the Securities Industry and Financial 
Markets Association's Management & Professional Earnings in the 
Securities Industry 2013, modified by SEC staff to account for an 
1,800-hour work-year and multiplied by 5.35 to account for bonuses, 
firm size, employee benefits, and overhead. Accordingly, SEC staff 
estimates that the total annual internal cost of compliance for the 
estimated total hour burden for the approximately 32,707 covered 
entities subject to the Rule is approximately $91,371,944 ($2,792 x 
32,707 = $91,317,944).
    An agency may not conduct or sponsor, and a person is not required 
to respond to, a collection of information under the PRA unless it 
displays a currently valid OMB control number.
    The public may view background documentation for this information 
collection at the following website: www.reginfo.gov. Find this 
particular information collection by selecting ``Currently under 30-day 
Review--Open for Public Comments'' or by using the search function. 
Written comments and recommendations for the proposed information 
collection should be sent by October 7, 2024 to (i) www.reginfo.gov/public/do/PRAMain and (ii) Austin Gerig, Director/Chief Data Officer, 
Securities and Exchange Commission, c/o Oluwaseun Ajayi, 100 F Street 
NE, Washington, DC 20549, or by sending an email to: 
[email protected].

    Dated: September 3, 2024.
Vanessa A. Countryman,
Secretary.
[FR Doc. 2024-20134 Filed 9-5-24; 8:45 am]
BILLING CODE 8011-01-P