[Federal Register Volume 83, Number 15 (Tuesday, January 23, 2018)] [Notices] [Page 3141] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2018-01113] [[Page 3141]] ----------------------------------------------------------------------- FEDERAL RESERVE SYSTEM Agency Information Collection Activities: Announcement of Board Approval Under Delegated Authority and Submission to OMB AGENCY: Board of Governors of the Federal Reserve System. SUMMARY: The Board of Governors of the Federal Reserve System (Board) is adopting a proposal to extend for three years, without revision, the Reporting, Recordkeeping, and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information (FR 4100; OMB No. 7100-0309). FOR FURTHER INFORMATION CONTACT: Federal Reserve Board Clearance Officer--Nuha Elmaghrabi--Office of the Chief Data Officer, Board of Governors of the Federal Reserve System, Washington, DC 20551 (202) 452-3829. Telecommunications Device for the Deaf (TDD) users may contact (202) 263-4869, Board of Governors of the Federal Reserve System, Washington, DC 20551. OMB Desk Officer--Shagufta Ahmed--Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 10235, 725 17th Street NW, Washington, DC 20503 or by fax to (202) 395-6974. SUPPLEMENTARY INFORMATION: On June 15, 1984, the Office of Management and Budget (OMB) delegated to the Board authority under the Paperwork Reduction Act (PRA) to approve of and assign OMB control numbers to collection of information requests and requirements conducted or sponsored by the Board. Board-approved collections of information are incorporated into the official OMB inventory of currently approved collections of information. Copies of the Paperwork Reduction Act Submission, supporting statements and approved collection of information instrument(s) are placed into OMB's public docket files. The Federal Reserve may not conduct or sponsor, and the respondent is not required to respond to, an information collection that has been extended, revised, or implemented on or after October 1, 1995, unless it displays a currently valid OMB control number. Final Approval Under OMB Delegated Authority of the Extension for Three Years, Without Revision, of the Following Report: Report title: Reporting, Recordkeeping, and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information. Agency form number: FR 4100. OMB control number: 7100-0309. Frequency: On occasion. Respondents: State member banks (SMBs), bank holding companies (BHCs), affiliates and certain non-bank subsidiaries of bank holding companies, uninsured state agencies and branches of foreign banks, commercial lending companies owned or controlled by foreign banks, and Edge and agreement corporations. Estimated number of respondents: Develop response program: 1; Incident notification: 412. Estimated average hours per response: Develop response program: 24; Incident notification: 36. Estimated annual burden hours: Develop response program: 24; Incident notification: 14,832. General description of report: The ID-Theft Guidance is the information collection associated with the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (security guidelines), which was published in the Federal Register in March 2005.\1\ Trends in customer information theft and the accompanying misuse of that information led to the issuance of these security guidelines applicable to financial institutions. The security guidelines are designed to facilitate timely and relevant notification to affected customers and the appropriate regulatory authority (ARA) of the financial institutions. The security guidelines provide specific direction regarding the development of response programs and customer notifications. --------------------------------------------------------------------------- \1\ See 70 FR 15736 --------------------------------------------------------------------------- Legal authorization and confidentiality: The Board has determined that the reporting, recordkeeping, and disclosure requirements associated with the FR 4100 are authorized by the Gramm-Leach-Bliley Act and are mandatory (15 U.S.C. 6801(b)). Since the FR 4100 provides that a financial institution regulated by the Board should notify its designated Reserve Bank upon becoming aware of an incident of unauthorized access to sensitive customer information, issues of confidentiality may arise if the Board were to obtain a copy of a customer notice during the course of an examination, a copy of a Suspicious Activity Report (SAR), or other sensitive customer information. In such cases, the information would likely be exempt from disclosure to the public under the Freedom of Information Act (5 U.S.C 552(b)(3), (4), (6), and (8)). Also, a federal employee is prohibited by law from disclosing a SAR or the existence of a SAR (31 U.S.C. 5318(g)). Current actions: On September 12, 2017, the Federal Reserve published a notice in the Federal Register (82 FR 42814) requesting public comment for 60 days on the extension, without revision, of the Reporting, Recordkeeping, and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information. The comment period for this notice expired on November 13, 2017. The Federal Reserve did not receive any comments. Board of Governors of the Federal Reserve System, January 17, 2018. Ann E. Misback, Secretary of the Board. [FR Doc. 2018-01113 Filed 1-22-18; 8:45 am] BILLING CODE 6210-01-P