Regulations Governing Securities Held in TreasuryDirect, 30977-30978 [07-2744]

Download as PDF cprice-sewell on PROD1PC71 with RULES Federal Register / Vol. 72, No. 107 / Tuesday, June 5, 2007 / Rules and Regulations unauthorized inspection or disclosure plus, in the case of a willful inspection or disclosure or an inspection or disclosure that is the result of gross negligence, punitive damages. In addition, costs and reasonable attorneys fees may be awarded; and (5) A conviction for an offense referenced in paragraph (d)(2) or (3) of this section shall, in addition to any other punishment, result in dismissal from office or discharge from employment if the person convicted is an officer or employee of the United States. (e) Safeguards. (1) Any person, or agent or subcontractor of the person, who may receive returns or return information under paragraph (a) of this section, shall agree, before disclosure of any returns or return information to the person, agent, or subcontractor, to permit an inspection by the IRS of his, her, or its site or facilities. (2) Any person, or officer, employee, agent or subcontractor of the person, or officer or employee of the agent or subcontractor, who receives returns or return information under paragraph (a) of this section, shall comply with all applicable conditions and requirements as the IRS may prescribe from time to time (prescribed requirements) for the purposes of protecting the confidentiality of returns and return information and preventing any disclosure or inspection of returns or return information in a manner not authorized by this section. (3) The terms of any written contract or agreement for the acquisition of property or services as described in paragraph (a) of this section shall provide, or shall be amended to provide, that any person, or officer, employee, agent or subcontractor of the person, or officer or employee of the agent or subcontractor, who receives returns or return information under paragraph (a) of this section, shall comply with the prescribed requirements. Any contract or agreement shall be made available to the IRS before execution of the contract or agreement. For purposes of this paragraph (e)(3), a written contract or agreement shall include any contract or agreement between a person and an agent or subcontractor of the person to provide the property or services described in paragraph (a) of this section. (4) If the IRS determines that any person, or officer, employee, agent or subcontractor of the person, or officer or employee of the agent or subcontractor, who receives returns or return information under paragraph (a) of this section, has failed to, or does not, satisfy the prescribed requirements, the IRS, VerDate Aug<31>2005 15:27 Jun 04, 2007 Jkt 211001 consistent with the regulations under section 6103(p)(7), may take any actions it deems necessary to ensure that the prescribed requirements are or will be satisfied, including— (i) Suspension of further disclosures of returns or return information by the IRS to the State tax agency, the Social Security Administration, or the Department of Justice, until the IRS determines that the conditions and requirements have been or will be satisfied; (ii) Suspension of further disclosures by the Treasury Department otherwise authorized by paragraph (a) of this section; and (iii) Suspension or termination of any duty or obligation arising under a contract or agreement with the Treasury Department. (f) Definitions. For purposes of this section— (1) The term Treasury Department includes the IRS, the Office of the Chief Counsel for the IRS, and the Office of the Treasury Inspector General for Tax Administration; (2) The term State tax agency means an agency, body, or commission described in section 6103(d); and (3) The term Department of Justice includes offices of the United States Attorneys. (g) Effective date. This section is applicable on June 5, 2007. Kevin M. Brown, Deputy Commissioner for Services and Enforcement. Approved: May 19, 2007. Eric Solomon, Assistant Secretary for Tax Policy. [FR Doc. E7–10798 Filed 6–4–07; 8:45 am] BILLING CODE 4830–01–P DEPARTMENT OF THE TREASURY Fiscal Service 31 CFR Part 363 Regulations Governing Securities Held in TreasuryDirect Bureau of the Public Debt, Fiscal Service, Treasury. ACTION: Final rule. AGENCY: SUMMARY: TreasuryDirect is an accountbased, book-entry, online system for purchasing, holding, and conducting transactions in Treasury securities. An account owner currently accesses his or her account using a password to authenticate the account owner’s identity. Treasury is now introducing additional customer-based PO 00000 Frm 00023 Fmt 4700 Sfmt 4700 30977 authentication mechanisms for accessing accounts. This final rule provides Treasury the flexibility to require additional methods of authentication for the protection of customer accounts. Treasury is also strengthening its ability to respond to attempted fraud and abuse of TreasuryDirect. Currently, Treasury has the authority to close any account. This rule explicitly permits Treasury to liquidate the securities held in the account to be closed and pay the proceeds to the person entitled. DATES: Effective: June 5, 2007. ADDRESSES: You can download this final rule at the following Internet addresses: http://www.publicdebt.treas.gov or http://www.gpoaccess.gov/ecfr. FOR FURTHER INFORMATION CONTACT: Elisha Whipkey, Director, Division of Program Administration, Office of Securities Operations, Bureau of the Public Debt, at (304) 480–6319 or elisha.whipkey@bpd.treas.gov. Susan Sharp, Attorney-Adviser, Dean Adams, Assistant Chief Counsel, Edward Gronseth, Deputy Chief Counsel, Office of the Chief Counsel, Bureau of the Public Debt, at (304) 480–8692 or susan.sharp@bpd.treas.gov. Treasury is committed to protecting its TreasuryDirect investors from potential losses through authentication of the investor at account access. Authentication is the process of ensuring that the person accessing his or her account is the same as the person whose identity was initially verified at account establishment. Authentication methods involve something that the user knows (such as a password), something that the user has (such as a gridcard), or something that the user is (such as a fingerprint). Multifactor authentication consists of requiring two or more methods of authentication to access an account. To date, Treasury has used single factor authentication, requiring passwords and other information that an account holder knows to conduct transactions in TreasuryDirect. Treasury now intends to introduce technology that uses multifactor authentication, which is more reliable and difficult to compromise than single factor authentication. Through this final rule, Treasury will have the flexibility to introduce additional methods of authentication for TreasuryDirect users to ensure that their accounts remain secure. In addition, Treasury is strengthening its ability to respond to attempted fraud SUPPLEMENTARY INFORMATION: E:\FR\FM\05JNR1.SGM 05JNR1 30978 Federal Register / Vol. 72, No. 107 / Tuesday, June 5, 2007 / Rules and Regulations and abuse of TreasuryDirect. Treasury has the authority to refuse to open an account, to close any existing account, to suspend transactions in an account or any security held in an account, and to take any other action with regard to an account that we deem necessary, if it is not inconsistent with existing law and rights. This rule clarifies Treasury’s authority to close an account, by specifically including the authority to liquidate securities held in an account to be closed and pay the proceeds to the person entitled. This final rule also clarifies certain terms that we have used in the past. We have used the term ‘‘authentication service’’ to refer to the verification of the identity of the account owner at account establishment through a verification service; we have used the term ‘‘authentication’’ to refer to the confirmation of the identity of an account owner when accessing his or her account. We will now use the term ‘‘verification’’ to refer to confirmation of the identity of the account owner at account establishment; we will use the term ‘‘authentication’’ to refer to confirmation of the identity of the account owner when accessing his or her account after account establishment. Because it provides multifactor authentication for transactions in TreasuryDirect accounts, this authentication enhancement has significant benefits for both investors and the government. Increasing from single to multifactor authentication will help protect investors from losses in their TreasuryDirect accounts due to identity theft and fraud. This rule will benefit the government by increasing investor confidence in the security of online transactions in the TreasuryDirect system. cprice-sewell on PROD1PC71 with RULES Procedural Requirements This final rule does not meet the criteria for a ‘‘significant regulatory action’’ as defined in Executive Order 12866. Therefore, a regulatory assessment is not required. Because this final rule relates to matters of public contract and procedures for United States securities, notice and public procedure and delayed effective date requirements are inapplicable, pursuant to 5 U.S.C. 553(a)(2). As no notice of proposed rulemaking is required, the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) does not apply. We ask for no new collections of information in this final rule. Therefore, the Paperwork Reduction Act (44 U.S.C. 3507) does not apply. VerDate Aug<31>2005 15:27 Jun 04, 2007 Jkt 211001 List of Subjects in 31 CFR Part 363 I Bonds, Electronic funds transfer, Federal Reserve system, Government securities, Securities. I Accordingly, for the reasons set out in the preamble, 31 CFR Chapter II, Subchapter B, is amended as follows: § 363.15 What is the procedure for offline verification? PART 363—REGULATIONS GOVERNING SECURITIES HELD IN TREASURYDIRECT I 5. Amend § 363.15 by revising the heading and the first sentence to read as follows: In the event we require offline verification, we will provide a printable verification form. * * * 6. Revise § 363.16 to read as follows: § 363.16 1. The authority citation for part 363 continues to read as follows: I Authority: 5 U.S.C. 301; 12 U.S.C. 391; 31 U.S.C. 3102, et seq.; 31 U.S.C. 3121, et seq. 2. Amend § 363.6 by: a. Removing the definition of ‘‘Authentication service’’; I b. adding the definitions of ‘‘Authentication,’’ ‘‘Verification,’’ and ‘‘Verification service’’ to read in alphabetical order as follows: I I § 363.6 What special terms do I need to know to understand this part? Authentication means confirming that the person accessing a TreasuryDirect account is the same person whose identity was initially verified at account establishment. * * * * * Verification means confirming the identity of an online applicant for a TreasuryDirect account at account establishment using a verification service. Verification service means a public or private service that confirms the identity of an online applicant for a TreasuryDirect account at account establishment using information provided by the applicant. * * * * * I 3. Amend § 363.13 by revising the final sentence and adding a sentence at the end of the section, to read as follows: § 363.13 How can I open a TreasuryDirect  account? * * * We will verify your identity and send your account number to you by e-mail when your account application is approved. In addition to your password, we may require you to use any other form(s) of authentication that we consider necessary for the protection of your account. I 4. Revise § 363.14 to read as follows: § 363.14 How will you verify my identity? We may use a verification service to verify your identity using information you provide about yourself on the online application. At our option, we may require offline verification. PO 00000 Frm 00024 Fmt 4700 Sfmt 4700 How do I access my account? You may access your account online using your account number, password, and any other form(s) of authentication that we may require. I 7. Revise § 363.17 to read as follows: § 363.17 Who is liable if someone else accesses my TreasuryDirect  account using my password? You are solely responsible for the confidentiality and use of your account number, password, and any other form(s) of authentication we may require. We will treat any transactions conducted using your password as having been authorized by you. We are not liable for any loss, liability, cost, or expense that you may incur as a result of transactions made using your password. I 8. Revise § 363.19 to read as follows: § 363.19 What should I do if I become aware that my password or other form of authentication has become compromised? If you become aware that your password has become compromised, that any other form of authentication has been compromised, lost, stolen, or misused, or that there have been any unauthorized transactions in your account, you may place a hold on your account so that it cannot be accessed by anyone, and you should notify us immediately by e-mail or telephone. Contact information is available on the TreasuryDirect Web site. 9. Amend § 363.29 by revising paragraph (b) to read as follows: I § 363.29 May Treasury close an account, suspend transactions in an account, or refuse to open an account? * * * * * (b) Close any existing account, redeem, sell, or liquidate the securities held in the account, and pay the proceeds to the person entitled; * * * * * Kenneth E. Carfine, Fiscal Assistant Secretary. [FR Doc. 07–2744 Filed 6–4–07; 8:45 am] BILLING CODE 4810–39–P E:\FR\FM\05JNR1.SGM 05JNR1

Agencies

[Federal Register Volume 72, Number 107 (Tuesday, June 5, 2007)]
[Rules and Regulations]
[Pages 30977-30978]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-2744]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Fiscal Service

31 CFR Part 363


Regulations Governing Securities Held in TreasuryDirect

AGENCY: Bureau of the Public Debt, Fiscal Service, Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: TreasuryDirect is an account-based, book-entry, online system 
for purchasing, holding, and conducting transactions in Treasury 
securities. An account owner currently accesses his or her account 
using a password to authenticate the account owner's identity. Treasury 
is now introducing additional customer-based authentication mechanisms 
for accessing accounts. This final rule provides Treasury the 
flexibility to require additional methods of authentication for the 
protection of customer accounts. Treasury is also strengthening its 
ability to respond to attempted fraud and abuse of TreasuryDirect. 
Currently, Treasury has the authority to close any account. This rule 
explicitly permits Treasury to liquidate the securities held in the 
account to be closed and pay the proceeds to the person entitled.

DATES: Effective: June 5, 2007.

ADDRESSES: You can download this final rule at the following Internet 
addresses: http://www.publicdebt.treas.gov or http://www.gpoaccess.gov/
ecfr.

FOR FURTHER INFORMATION CONTACT:

Elisha Whipkey, Director, Division of Program Administration, Office of 
Securities Operations, Bureau of the Public Debt, at (304) 480-6319 or 
elisha.whipkey@bpd.treas.gov.
Susan Sharp, Attorney-Adviser, Dean Adams, Assistant Chief Counsel, 
Edward Gronseth, Deputy Chief Counsel, Office of the Chief Counsel, 
Bureau of the Public Debt, at (304) 480-8692 or 
susan.sharp@bpd.treas.gov.

SUPPLEMENTARY INFORMATION: Treasury is committed to protecting its 
TreasuryDirect investors from potential losses through authentication 
of the investor at account access. Authentication is the process of 
ensuring that the person accessing his or her account is the same as 
the person whose identity was initially verified at account 
establishment. Authentication methods involve something that the user 
knows (such as a password), something that the user has (such as a 
gridcard), or something that the user is (such as a fingerprint). 
Multifactor authentication consists of requiring two or more methods of 
authentication to access an account. To date, Treasury has used single 
factor authentication, requiring passwords and other information that 
an account holder knows to conduct transactions in TreasuryDirect. 
Treasury now intends to introduce technology that uses multifactor 
authentication, which is more reliable and difficult to compromise than 
single factor authentication. Through this final rule, Treasury will 
have the flexibility to introduce additional methods of authentication 
for TreasuryDirect users to ensure that their accounts remain secure.
    In addition, Treasury is strengthening its ability to respond to 
attempted fraud

[[Page 30978]]

and abuse of TreasuryDirect. Treasury has the authority to refuse to 
open an account, to close any existing account, to suspend transactions 
in an account or any security held in an account, and to take any other 
action with regard to an account that we deem necessary, if it is not 
inconsistent with existing law and rights. This rule clarifies 
Treasury's authority to close an account, by specifically including the 
authority to liquidate securities held in an account to be closed and 
pay the proceeds to the person entitled.
    This final rule also clarifies certain terms that we have used in 
the past. We have used the term ``authentication service'' to refer to 
the verification of the identity of the account owner at account 
establishment through a verification service; we have used the term 
``authentication'' to refer to the confirmation of the identity of an 
account owner when accessing his or her account. We will now use the 
term ``verification'' to refer to confirmation of the identity of the 
account owner at account establishment; we will use the term 
``authentication'' to refer to confirmation of the identity of the 
account owner when accessing his or her account after account 
establishment.
    Because it provides multifactor authentication for transactions in 
TreasuryDirect accounts, this authentication enhancement has 
significant benefits for both investors and the government. Increasing 
from single to multifactor authentication will help protect investors 
from losses in their TreasuryDirect accounts due to identity theft and 
fraud. This rule will benefit the government by increasing investor 
confidence in the security of online transactions in the TreasuryDirect 
system.

Procedural Requirements

    This final rule does not meet the criteria for a ``significant 
regulatory action'' as defined in Executive Order 12866. Therefore, a 
regulatory assessment is not required.
    Because this final rule relates to matters of public contract and 
procedures for United States securities, notice and public procedure 
and delayed effective date requirements are inapplicable, pursuant to 5 
U.S.C. 553(a)(2).
    As no notice of proposed rulemaking is required, the Regulatory 
Flexibility Act (5 U.S.C. 601 et seq.) does not apply.
    We ask for no new collections of information in this final rule. 
Therefore, the Paperwork Reduction Act (44 U.S.C. 3507) does not apply.

List of Subjects in 31 CFR Part 363

    Bonds, Electronic funds transfer, Federal Reserve system, 
Government securities, Securities.

0
Accordingly, for the reasons set out in the preamble, 31 CFR Chapter 
II, Subchapter B, is amended as follows:

PART 363--REGULATIONS GOVERNING SECURITIES HELD IN TREASURYDIRECT

0
1. The authority citation for part 363 continues to read as follows:

    Authority: 5 U.S.C. 301; 12 U.S.C. 391; 31 U.S.C. 3102, et seq.; 
31 U.S.C. 3121, et seq.


0
2. Amend Sec.  363.6 by:
0
a. Removing the definition of ``Authentication service'';
0
b. adding the definitions of ``Authentication,'' ``Verification,'' and 
``Verification service'' to read in alphabetical order as follows:


Sec.  363.6  What special terms do I need to know to understand this 
part?

    Authentication means confirming that the person accessing a 
TreasuryDirect account is the same person whose identity was initially 
verified at account establishment.
* * * * *
    Verification means confirming the identity of an online applicant 
for a TreasuryDirect account at account establishment using a 
verification service.
    Verification service means a public or private service that 
confirms the identity of an online applicant for a TreasuryDirect 
account at account establishment using information provided by the 
applicant.
* * * * *

0
3. Amend Sec.  363.13 by revising the final sentence and adding a 
sentence at the end of the section, to read as follows:


Sec.  363.13  How can I open a TreasuryDirect [supreg] account?

    * * * We will verify your identity and send your account number to 
you by e-mail when your account application is approved. In addition to 
your password, we may require you to use any other form(s) of 
authentication that we consider necessary for the protection of your 
account.


0
4. Revise Sec.  363.14 to read as follows:


Sec.  363.14  How will you verify my identity?

    We may use a verification service to verify your identity using 
information you provide about yourself on the online application. At 
our option, we may require offline verification.


0
5. Amend Sec.  363.15 by revising the heading and the first sentence to 
read as follows:


Sec.  363.15  What is the procedure for offline verification?

    In the event we require offline verification, we will provide a 
printable verification form. * * *


0
6. Revise Sec.  363.16 to read as follows:


Sec.  363.16  How do I access my account?

    You may access your account online using your account number, 
password, and any other form(s) of authentication that we may require.


0
7. Revise Sec.  363.17 to read as follows:


Sec.  363.17  Who is liable if someone else accesses my TreasuryDirect 
[reg] account using my password?

    You are solely responsible for the confidentiality and use of your 
account number, password, and any other form(s) of authentication we 
may require. We will treat any transactions conducted using your 
password as having been authorized by you. We are not liable for any 
loss, liability, cost, or expense that you may incur as a result of 
transactions made using your password.


0
8. Revise Sec.  363.19 to read as follows:


Sec.  363.19  What should I do if I become aware that my password or 
other form of authentication has become compromised?

    If you become aware that your password has become compromised, that 
any other form of authentication has been compromised, lost, stolen, or 
misused, or that there have been any unauthorized transactions in your 
account, you may place a hold on your account so that it cannot be 
accessed by anyone, and you should notify us immediately by e-mail or 
telephone. Contact information is available on the TreasuryDirect Web 
site.


0
9. Amend Sec.  363.29 by revising paragraph (b) to read as follows:


Sec.  363.29  May Treasury close an account, suspend transactions in an 
account, or refuse to open an account?

* * * * *
    (b) Close any existing account, redeem, sell, or liquidate the 
securities held in the account, and pay the proceeds to the person 
entitled;
* * * * *

Kenneth E. Carfine,
Fiscal Assistant Secretary.
[FR Doc. 07-2744 Filed 6-4-07; 8:45 am]
BILLING CODE 4810-39-P