Skip to Content


Proposed Agency Information Collection Activities; Comment Request

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble Start Printed Page 42814


Board of Governors of the Federal Reserve System.


Notice, request for comment.


The Board of Governors of the Federal Reserve System (Board) invites comment on a proposal to extend for three years, without revision, the mandatory Reporting, Recordkeeping, and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information (FR 4100; OMB No. 7100-0309).

On June 15, 1984, the Office of Management and Budget (OMB) delegated to the Board authority under the Paperwork Reduction Act (PRA) to approve of and assign OMB control numbers to collection of information requests and requirements conducted or sponsored by the Board. In exercising this delegated authority, the Board is directed to take every reasonable step to solicit comment. In determining whether to approve a collection of information, the Board will consider all comments received from the public and other agencies.


Comments must be submitted on or before November 13, 2017.


You may submit comments, identified by FR 4100, by any of the following methods:

All public comments are available from the Board's Web site at​apps/​foia/​proposedregs.aspx as submitted, unless modified for technical reasons. Accordingly, your comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper form in Room 3515, 1801 K Street (between 18th and 19th Streets NW.) Washington, DC 20006 between 9:00 a.m. and 5:00 p.m. on weekdays.

Additionally, commenters may send a copy of their comments to the OMB Desk Officer—Shagufta Ahmed—Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 10235, 725 17th Street NW., Washington, DC 20503 or by fax to (202) 395-6974.

Start Further Info


A copy of the PRA OMB submission, including the proposed reporting form and instructions, supporting statement, and other documentation will be placed into OMB's public docket files, once approved. These documents will also be made available on the Federal Reserve Board's public Web site at:​apps/​reportforms/​review.aspx or may be requested from the agency clearance officer, whose name appears below.

Federal Reserve Board Clearance Officer—Nuha Elmaghrabi—Office of the Chief Data Officer, Board of Governors of the Federal Reserve System, Washington, DC 20551 (202) 452-3829. Telecommunications Device for the Deaf (TDD) users may contact (202) 263-4869, Board of Governors of the Federal Reserve System, Washington, DC 20551.

End Further Info End Preamble Start Supplemental Information


Request for Comment on Information Collection Proposal

The Board invites public comment on the following information collection, which is being reviewed under authority delegated by the OMB under the PRA. Comments are invited on the following:

a. Whether the proposed collection of information is necessary for the proper performance of the Federal Reserve's functions; including whether the information has practical utility;

b. The accuracy of the Federal Reserve's estimate of the burden of the proposed information collection, including the validity of the methodology and assumptions used;

c. Ways to enhance the quality, utility, and clarity of the information to be collected;

d. Ways to minimize the burden of information collection on respondents, including through the use of automated collection techniques or other forms of information technology; and

e. Estimates of capital or startup costs and costs of operation, maintenance, and purchase of services to provide information.

At the end of the comment period, the comments and recommendations received will be analyzed to determine the extent to which the Federal Reserve should modify the proposal prior to giving final approval.

Proposal to approve under OMB delegated authority the extension for three years, without revision, of the following report:

Report title: Reporting, Recordkeeping, and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information.

Agency form number: FR 4100.

OMB control number: 7100-0309.

Frequency: On occasion.

Respondents: State member banks, bank holding companies, affiliates and certain non-bank subsidiaries of bank holding companies, uninsured state agencies and branches of foreign banks, commercial lending companies owned or controlled by foreign banks, and Edge and agreement corporations.

Estimated number of respondents: Develop response program: 1; Incident notification: 412.

Estimated average hours per response: Develop response program: 24; Incident notification: 36.

Estimated annual burden hours: Develop response program: 24; Incident notification: 14,832.

General description of report: The ID-Theft Guidance is the information collection associated with the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (security guidelines), which was published in the Federal Register in March 2005.[1] Trends in customer information theft and the accompanying misuse of that information led to the issuance of these security guidelines applicable to financial institutions. The security guidelines are designed to facilitate timely and relevant notification to affected customers and the appropriate regulatory authority of the financial institutions. The security guidelines provide specific direction regarding the development of response programs and customer notifications.

Legal authorization and confidentiality: The Board has determined that the reporting, recordkeeping, and disclosure requirements associated with the FR 4100 are authorized by the Gramm-Leach-Bliley Act and are mandatory (15 U.S.C. 6801(b)). Since the FR 4100 provides that a financial institution regulated by the Board should notify its designated Reserve Bank upon becoming aware of an incident of Start Printed Page 42815unauthorized access to sensitive customer information, issues of confidentiality may arise if the Board were to obtain a copy of a customer notice during the course of an examination, a copy of a SAR, or other sensitive customer information. In such cases, the information would likely be exempt from disclosure to the public under the Freedom of Information Act (5 U.S.C. 552(b)(3), (4), (6), and (8)). Also, a federal employee is prohibited by law from disclosing a SAR or the existence of a SAR (31 U.S.C. 5318(g)).

Start Signature

Board of Governors of the Federal Reserve System, September 6, 2017.

Ann E. Misback,

Secretary of the Board.

End Signature End Supplemental Information


[FR Doc. 2017-19217 Filed 9-11-17; 8:45 am]