Agency Information Collection Activities; Submission for OMB Review; Comment Request; Extension, 42303-42307 [E9-20141]
Download as PDF
<![CDATA[
Federal Register / Vol. 74, No. 161 / Friday, August 21, 2009 / Notices
includes whether the acquisition of the
nonbanking company complies with the
standards in section 4 of the BHC Act
(12 U.S.C. 1843). Unless otherwise
noted, nonbanking activities will be
conducted throughout the United States.
Additional information on all bank
holding companies may be obtained
from the National Information Center
website at www.ffiec.gov/nic/.
Unless otherwise noted, comments
regarding each of these applications
must be received at the Reserve Bank
indicated or the offices of the Board of
Governors not later than September 17,
2009.
A. Federal Reserve Bank of Kansas
City (Todd Offenbacker, Assistant Vice
President) 1 Memorial Drive, Kansas
City, Missouri 64198–0001:
1. Bern Bancshares, Inc., Bern,
Kansas; to acquire up to an additional
1.57 percent, for a total of 6.48 percent,
of the voting shares of UBT Bancshares,
Inc., and thereby indirectly acquire
additional voting shares of United Bank
& Trust, both in Marysville, Kansas.
Board of Governors of the Federal Reserve
System, August 18, 2009.
Robert deV. Frierson,
Deputy Secretary of the Board.
[FR Doc. E9–20110 Filed 8–20–09; 8:45 am]
BILLING CODE 6210–01–S
FEDERAL TRADE COMMISSION
Agency Information Collection
Activities; Submission for OMB
Review; Comment Request; Extension
AGENCY: Federal Trade Commission
(‘‘FTC’’ or ‘‘Commission’’).
ACTION: Notice.
srobinson on DSKHWCL6B1PROD with NOTICES
SUMMARY: The information collection
requirements described below will be
submitted to the Office of Management
and Budget (‘‘OMB’’) for review, as
required by the Paperwork Reduction
Act (‘‘PRA’’). The FTC is seeking public
comments on its proposal to extend
through September 30, 2012, the current
PRA clearance requirements contained
in the FTC Red Flags/Card Issuers/
Address Discrepancies Rules (‘‘Red
Flags Rule’’ or ‘‘Rule’’). The current
clearance expires on September 30,
2009.
DATES: Comments must be submitted on
or before September 21, 2009.
ADDRESSES: Interested parties are
invited to submit written comments
electronically or in paper form.
Comments should refer to ‘‘Red Flags
Rule, PRA Comment, P095406’’ to
facilitate the organization of comments.
Please note that comments—including
VerDate Nov<24>2008
16:22 Aug 20, 2009
Jkt 217001
your name and your state—will be
placed on the public record of this
proceeding—including on the publicly
accessible FTC website, at (https://
www.ftc.gov/os/publiccoments/shtm).
Because comments will be made
public, they should not include any
sensitive personal information, such as
an individual’s Social Security number;
date of birth; driver’s license number or
other state identification number, or
foreign country equivalent; passport
number; financial account number; or
credit or debit card number. Comments
also should not include any sensitive
health information, such as medical
records or other individually
identifiable health information. In
addition, comments should not include
any ‘‘[t]rade secrets and commercial or
financial information obtained from a
person and privileged or confidential
. . .,’’ as provided in section 6(f) of the
Federal Trade Commission Act (‘‘FTC
Act’’), 15 U.S.C. 46(f), and FTC Rule
4.10(a)(2), 16 CFR 4.10(a)(2). Comments
containing material for which
confidential treatment is requested must
be filed in paper form, must be clearly
labeled ‘‘Confidential,’’ and must
comply with FTC Rule 4.9(c), 16 CFR
4.9(c).1
Because paper mail addressed to the
FTC is subject to delay due to
heightened security screening, please
consider submitting your comments in
electronic form. Comments filed in
electronic form should be submitted by
using the following weblink: (https://
secure.commentworks.com/ftcRedFlagsPRA) (and following the
instructions on the web-based form). To
ensure that the Commission considers
an electronic comment, you must file it
on the web-based form at the weblink
(https://secure.commentworks.com/ftcRedFlagsPRA). If this Notice appears at
(https://www.regulations.gov/search/
index.jsp), you may also file an
electronic comment through that
website. The Commission will consider
all comments that regulations.gov
forwards to it. You may also visit the
FTC website at https://www.ftc.gov to
read the Notice and the news release
describing it.
A comment filed in paper form
should include the ‘‘Red Flags Rule,
PRA Comment, P095406’’ reference both
in the text and on the envelope, and
1 The comment must be accompanied by an
explicit request for confidential treatment,
including the factual and legal basis for the request,
and must identify the specific portions of the
comment to be withheld from the public record.
The request will be granted or denied by the
Commission’s General Counsel, consistent with
applicable law and the public interest. See FTC
Rule 4.9(c), 16 CFR 4.9(c).
PO 00000
Frm 00079
Fmt 4703
Sfmt 4703
42303
should be mailed or delivered to the
following address: Federal Trade
Commission, Office of the Secretary,
Room H-135 (Annex J), 600
Pennsylvania Avenue, NW, Washington,
DC 20580. The FTC is requesting that
any comment filed in paper form be sent
by courier or overnight service, if
possible, because U.S. postal mail in the
Washington area and at the Commission
is subject to delay due to heightened
security precautions.
The FTC Act and other laws the
Commission administers permit the
collection of public comments to
consider and use in this proceeding as
appropriate. The Commission will
consider all timely and responsive
public comments that it receives,
whether filed in paper or electronic
form. Comments received will be
available to the public on the FTC
website, to the extent practicable, at
(https://www.ftc.gov/os/
publiccoments.shtm). As a matter of
discretion, the Commission makes every
effort to remove home contact
information for individuals from the
public comments it receives before
placing those comments on the FTC
website. More information, including
routine uses permitted by the Privacy
Act, may be found in the FTC’s privacy
policy, at (https://www.ftc.gov/ftc/
privacy.shtm).
All comments should additionally be
submitted to: Office of Information and
Regulatory Affairs, Office of
Management and Budget, Attention:
Desk Officer for Federal Trade
Commission. Comments should be
submitted via facsimile to (202) 3955167 because U.S. postal mail at the
OMB is subject to delays due to
heightened security precautions.
FOR FURTHER INFORMATION CONTACT:
Steven Toporoff, Attorney, Bureau of
Consumer Protection, (202) 326-2252,
Federal Trade Commission, 600
Pennsylvania Avenue, NW, Washington,
DC 20580.
SUPPLEMENTARY INFORMATION: On April
24 2009, the FTC sought comment on
the information collection requirements
associated with the Red Flags Rule, 16
CFR Part 681 (Control Number: 30840137). 74 FR 18709. No comments were
received. Pursuant to the OMB
regulations, 5 CFR Part 1320, that
implement the PRA, 44 U.S.C. 35013521, the FTC is providing this second
opportunity for public comment while
seeking OMB approval to extend the
existing paperwork clearance for the
Rule. All comments should be filed as
prescribed in the ADDRESSES section
above, and must be received on or
before September 21, 2009.
E:\FR\FM\21AUN1.SGM
21AUN1
42304
Federal Register / Vol. 74, No. 161 / Friday, August 21, 2009 / Notices
I. Overview of the Rule
The Rule implements sections 114
and 315 of the Fair and Accurate Credit
Transactions Act of 2003 (‘‘FACT Act’’).
These sections amend the Fair Credit
Reporting Act of 1970 (‘‘FCRA’’), 15
U.S.C. 1681 et seq., to require
businesses to undertake measures to
prevent identity theft and to increase
the accuracy of consumer reports.
Specifically, section 114 amends
section 615 of the FCRA to require
creditors and financial institutions to
develop and implement written Identity
Theft Prevention Programs. Section 114
also mandates specific regulations that
require credit and debit card issuers to
assess the validity of notifications of
changes of address under certain
circumstances. Section 315 of FACT Act
adds section 605(h) to the FCRA and
requires regulations that provide
guidance on what users of consumer
reports must do when they receive a
notice of address discrepancy from a
nationwide consumer reporting agency
(‘‘CRA’’).
srobinson on DSKHWCL6B1PROD with NOTICES
II. Description of Collections of
Information
A. Section 114
The Rule requires financial
institutions and creditors to develop
and implement a written Identity Theft
Prevention Program (‘‘Program’’) to
detect, prevent, and mitigate identity
theft in connection with existing
accounts or the opening of new
accounts. Under the Rule, creditors and
financial institutions must conduct a
periodic risk assessment to determine if
they maintain ‘‘covered accounts.’’ The
Rule defines that term as either (1) a
consumer account that is designed to
permit multiple payments or
transactions, or (2) any other account for
which there is a reasonably foreseeable
risk of identity theft. Each financial
institution and creditor that has covered
accounts must create a written Program
that contains reasonable policies and
procedures to identify relevant
indicators of the possible existence of
identity theft (‘‘Red Flags’’); detect Red
Flags that have been incorporated into
the Program; respond appropriately to
any Red Flags that are detected to
prevent and mitigate identity theft; and
update the Program periodically to
ensure it reflects changes in risks to
customers.
The Rule also requires financial
institutions and creditors to: (1) obtain
approval of the initial written Program
by the board of directors, a committee
thereof or, if there is no board, an
appropriate senior employee; (2) ensure
oversight of the development,
VerDate Nov<24>2008
16:22 Aug 20, 2009
Jkt 217001
implementation, and administration of
the Program; (3) train staff, as needed,
to implement the Program; and (4)
exercise appropriate and effective
oversight of service provider
arrangements. In addition, the Rule
implements the section 114 requirement
that financial institutions or creditors
that issue debit or credit cards (‘‘card
issuers’’) generally must assess the
validity of change of address
notifications. Specifically, if the card
issuer receives a notice of change of
address for an existing account and,
within a short period of time (during at
least the first 30 days), receives a
request for an additional or replacement
card for the same account, the issuer
must follow reasonable policies and
procedures to assess the validity of the
change of address through one of three
methods.
B. Section 315
The Rule also implements section 315
of the FACT Act and requires each user
of consumer reports to have reasonable
policies and procedures in place to
employ when the user receives a notice
of address discrepancy from a CRA.
Specifically, each user of consumer
reports must develop and implement
reasonable policies and procedures to:
(1) enable the user to form a reasonable
belief that a consumer report relates to
the consumer about whom it has
requested the report, when the user
receives a notice of address discrepancy;
and (2) furnish an address for the
consumer that the user has reasonably
confirmed is accurate to the CRA from
which it received a notice of address
discrepancy if certain conditions are
met.
III. Burden Estimates
Rounded to the nearest thousand,
overall estimated burden hours for
sections 114 and 315, combined, total
6,151,000 and the associated estimated
labor cost is $169,000,000. Staff assumes
that affected entities will already have
in place, independent of the Rule,
equipment and supplies necessary to
carry out the tasks necessary to comply
with it.
A. Section 114
1. Estimated Hours Burden - Red Flags
Rule
As noted above, the Rule requires
financial institutions and creditors with
covered accounts to develop and
implement a written Program. Under the
Rule, a ‘‘financial institution’’ is ‘‘a State
or National bank, a State or Federal
savings and loan association, a mutual
savings bank, a State or Federal credit
PO 00000
Frm 00080
Fmt 4703
Sfmt 4703
union, or any other person that, directly
or indirectly, holds a transaction
account (as defined in section 19(b) of
the Federal Reserve Act) belonging to a
consumer.’’2 Under the Rule, ‘‘creditor’’
has the same meaning as in section 702
of the Equal Credit Opportunity Act
(ECOA). Section 702 defines ‘‘creditor’’
as any person who ‘‘regularly extends,
renews or continues credit; any person
who regularly arranges for the
extension, renewal, or continuation of
credit; or any assignee of any original
creditor who participates in the decision
to extend, renew, of continue credit.’’
‘‘Credit’’ means an arrangement by
which you defer payment of debts or
accept deferred payment for the
purchase of property or services.3
Given the broad scope of entities
covered, it is difficult to determine
precisely the number of financial
institutions and creditors that are
subject to the FTC’s jurisdiction. There
are numerous small businesses under
the FTC’s jurisdiction, and there is no
formal way to track them; moreover, as
a whole, the entities under the FTC’s
jurisdiction are so varied that there are
no general sources that provide a record
of their existence.
Nonetheless, FTC staff estimates that
the Rule’s requirement to have a written
Program affects over 57,000 financial
institutions4 and almost 2 million
creditors.5 This is a revised estimate of
the number of covered financial
institutions within the FTC’s
jurisdiction. In the PRA burden
2 The Rule refers to the definition of ‘‘financial
institution’’ that is found in the FCRA, 15 U.S.C.
§ 1681a(t).
3 The Rule defines ‘‘credit’’ and ‘‘creditor’’ by
referring to the definition found in the FCRA, 15
U.S.C. § 1681a(r)(5) which, in turn, refers to section
702 of the ECOA.
4 As of December 31, 2005, there were 3,302 statechartered federally-insured credit unions and 362
state-chartered nonfederally insured credit unions.
See (www.ncua.gov/news/quick_facts/
quick_facts.html) and ‘‘Disclosures for NonFederally Insured Depository Institutions under the
Federal Deposit Insurance Corporation
Improvement Act (FDICIA),’’ 70 FR 12823 (Ma. 16,
2005). As of 2007, there were 3,913 property,
casualty and life, and health insurance companies.
See Insurance Department Resources Report 2007,
published by the National Association of Insurance
Commissioners (NAIC). As of September 2007,
there were 4,733 registered investment companies.
See Securities and Exchange Commission, Proposed
Regulation S-P, at 13709 (March 13, 2008). As of
December 31, 2007, there were 5,561 broker-dealers.
See Securities and Exchange Commission,
Amendments to Regulation SHO, Release No. 3458773, at 45 (Oct. 14, 2008) (available at
www.sec.gov/rules/final/2008/34-58773.pdf). As of
November 2008, there were 39,408 money service
businesses. See Department of the Treasury
Financial Crimes Enforcement Network MSB
Registration List (available at (www.msb.gov/pdf/
msb_registration_list.pdf)).
5 See infra notes 7 and 8 accounting for this sum
total.
E:\FR\FM\21AUN1.SGM
21AUN1
Federal Register / Vol. 74, No. 161 / Friday, August 21, 2009 / Notices
estimates set forth in the preamble to
the Final Rule, the Commission stated
that there were 3,664 financial
institutions within the FTC’s
jurisdiction, namely 3,664 statechartered credit unions. See 72 FR
63718, 63741 n.61 and accompanying
text (Nov. 9, 2007). This estimate
misstated the scope of the FTC’s
jurisdiction. Under the FCRA, the
financial institutions over which the
FTC has jurisdiction include not only
state-chartered credit unions, but other
entities that hold consumer transaction
accounts, excluding banks, savings and
loan associations, and federal credit
unions, which are subject to oversight
by the federal bank regulatory agencies
and the National Credit Union
Administration. In fact, the financial
institutions within the FTC’s
jurisdiction include, but are not limited
to, certain insurance companies,
investment companies, broker-dealers,
and money service businesses.
To estimate burden hours for the Red
Flags Rule under section 114, FTC staff
divided affected entities into three
categories, based on the nature of their
businesses: (1) entities that are subject
to a high risk of identity theft; (2)
entities that are subject to a low risk of
identity theft, but have covered
accounts that will require them to have
a written Program; and (3) entities that
are subject to a low risk of identity theft,
but do not have covered accounts.6
a. High-Risk Entities
srobinson on DSKHWCL6B1PROD with NOTICES
FTC staff estimates that high-risk
entities will each require 25 hours to
create and implement a written
Program, with an annual recurring
burden of one hour. FTC staff
anticipates that these entities will
incorporate into their Programs policies
and procedures that they likely already
have in place. Further, FTC staff
estimates that preparation of an annual
report will require each high-risk entity
four hours initially, with an annual
recurring burden of one hour. Finally,
FTC staff believes that many of the highrisk entities, as part of their usual and
customary business practices, already
take steps to minimize losses due to
fraud, including conducting employee
training. Accordingly, only relevant staff
need be trained to implement the
Program: for example, staff already
6 In general, high-risk entities may provide
consumer financial services or other goods or
services of value to identity thieves such as
telecommunication services or goods that are easily
convertible to cash, whereas low-risk entities may
do business primarily with other businesses or
provide non-financial services or goods that are not
easily convertible in cash, such as healthcare
providers.
VerDate Nov<24>2008
16:22 Aug 20, 2009
Jkt 217001
trained as part of a covered entity’s antifraud prevention efforts do not need to
be re-trained except as incrementally
needed. FTC staff estimates that training
in connection with the implementation
of a Program of a high-risk entity will
require four hours, and recurring annual
training thereafter will require one hour.
Thus, estimated hours burden for
high-risk entities is as follows:
∑320,217 high-risk entities7 subject to
the FTC’s jurisdiction at an average
annual burden of 13 hours per entity
[average annual burden over 3-year
clearance period for creation and
implementation of Program ((25+1+1)/
3), plus average annual burden over 3year clearance period for staff training
((4+1+1)/3), plus average annual burden
over 3-year clearance period for
preparing annual report ((4+1+1)/3)], for
a total of 4,162,821 hours.
b. Low-Risk Entities
Entities that have a minimal risk of
identity theft, but that have covered
accounts, must develop a Program;
however, they likely will only need a
streamlined Program. FTC staff
estimates that such entities will require
one hour to create such a Program, with
an annual recurring burden of five
minutes. Training staff of low-risk
entities to be attentive to future risks of
identity theft should require no more
than 10 minutes in an initial year, with
an annual recurring burden of five
minutes. FTC staff further estimates that
these entities will require, initially, 10
minutes to prepare an annual report,
with an annual recurring burden of five
minutes.
The Rule does not require entities that
determine that they do not have any
covered accounts to create a written
Program. Thus, such entities will not
incur PRA burden.
Thus, the estimated hours burden for
low-risk entities is as follows:
∑1,622,029 low-risk entities8 that have
covered accounts subject to the FTC’s
jurisdiction at an average annual burden
of approximately 37 minutes per entity
[average annual burden over 3-year
7 This is the number of high-risk entities
implementing section 114 as previously reported
(266,602) in the preamble to the Rule, 72 FR at
63742, increased by the additional institutions
(including insurance and investment companies,
broker-dealers, and money service businesses)
accounted for herein at note 4 and the
accompanying text.
8 This figure is derived from an analysis of a
database of U.S. businesses based on NAICS codes
for businesses that market goods or services to
consumers or other businesses, reduced to the
number of creditors subject to the FTC’s jurisdiction
(10,813,525), and reduced further by an estimated
subset of which comprise anticipated low-risk
entities not having covered accounts under the final
rule (9,191,496).
PO 00000
Frm 00081
Fmt 4703
Sfmt 4703
42305
clearance period for creation and
implementation of streamlined Program
((60+5+5)/3), plus average annual
burden over 3-year clearance period for
staff training ((10+5+5)/3), plus average
annual burden over 3-year clearance
period for preparing annual report
((10+5+5)/3)], for a total of 1,000,251
hours.
2. Estimated Hours Burden - Card
Issuers Rule
As noted above, section 114 also
requires financial institutions and
creditors that issue credit or debit cards
to establish policies and procedures to
assess the validity of a change of
address request, including notifying the
cardholder or using another means of
assessing the validity of the change of
address. FTC staff estimates that the
Rule affects as many as 52,914 card
issuers. This is a revised estimate of the
number of card issuers within the FTC’s
jurisdiction. In the PRA burden
estimates set forth in the preamble to
the Final Rule, the Commission stated
that there were as many as 3,764 card
issuers (consisting of state-chartered
credit unions and retailers) within the
FTC’s jurisdiction. See 72 FR at 63742.
This estimate understated the scope of
the FTC’s jurisdiction. The FTC has
jurisdiction over additional categories of
card issuers, including certain
universities, money service businesses,
and telecommunication companies.9
-FTC staff believes that most of these
card issuers already have automated the
process of notifying the cardholder or
are using another means to assess the
validity of the change of address, such
that implementation will pose no
further burden. Nevertheless, taking a
conservative approach, FTC staff
estimates that it will take each card
issuer 4 hours to develop and
implement policy and procedures to
assess the validity of a change of
address request for a total burden of
211,656 hours.
9 In addition to the 3,664 state-chartered credit
unions and 100 retailers under the FTC’s
jurisdiction, as of 2007, there were 4,314 colleges
and universities. See Digest of Education Statistics
published by the National Center for Education
Statistics (available at (https://nces.ed.gov/programs/
digest/d07/tables/dt07_255.asp)). As of November
2008, there were 39,408 money service businesses.
See Department of the Treasury Financial Crimes
Enforcement Network MSB Registration List
(available at (https://www.msb.gov/pdf/
msb_registration_list.pdf)). Finally, as of November
2006, there were 5,428 telecommunication
companies. See Federal Communications
Commission, Industry Analysis and Technology
Division, Wireline Competition Bureau, Trends in
Telephone Service, August 2008, Table 5.3
(available at (https://hraunfoss.fcc.gov/edocs_public/
attachmatch/DOC-284932A1.pdf)).
E:\FR\FM\21AUN1.SGM
21AUN1
42306
Federal Register / Vol. 74, No. 161 / Friday, August 21, 2009 / Notices
Thus, the total average annual
estimated burden for Section 114 is
5,377,328 hours.
3. Estimated Cost Burden - Red Flags
and Card Issuers Rules
FTC staff estimates labor costs by
applying appropriate estimated hourly
cost figures to the burden hours
described above. It is difficult to
calculate with precision the labor costs
associated with compliance with the
Rule, as they entail varying
compensation levels of management
(e.g., administrative services, computer
and information systems, training and
development) and/or technical staff
(e.g., computer support specialists,
systems analysts, network and computer
systems administrators) among
companies of different sizes. FTC staff
assumes that for all entities,
professional technical personnel and/or
management personnel will create and
implement the Program, prepare the
annual report, and train employees, at
an hourly rate of $35.00.10
Based on the above estimates and
assumptions, the total annual labor cost
for all categories of covered entities
under the Red Flags and Card Issuers
Rules for Section 114 is $156,615,480
[4,162,821 hours + 1,000,251 hours +
211,656 hours) x $35.00)].
srobinson on DSKHWCL6B1PROD with NOTICES
B. Section 315 - The Address
Discrepancy Rule
As discussed above, the Rule’s
implementation of section 315 provides
guidance on reasonable policies and
procedures that a user of consumer
reports must employ when a user
receives a notice of address discrepancy
from a CRA. Given the broad scope of
users of consumer reports, it is difficult
to determine with precision the number
of users of consumer reports that are
subject to the FTC’s jurisdiction. As
noted above, there are numerous small
businesses under the FTC’s jurisdiction,
and there is no formal way to track
them; moreover, as a whole, the entities
under the FTC’s jurisdiction are so
varied that there are no general sources
that provide a record of their existence.
Nonetheless, FTC staff estimates that the
Rule’s implementation of section 315
affects approximately 1.66 million users
of consumer reports subject to the FTC’s
jurisdiction.11 Approximately 10,000 of
10 This estimate is based on (https://www.bls.gov/
ncs/ncswage2007.htm) (National Compensation
Survey: Occupational Earnings in the United States
2007, US Department of Labor released August
2008, Bulletin 2704, Table 3 (‘‘Full-time civilian
workers,’’ mean and median hourly wages) for the
various managerial and technical staff support
exemplified above.
11 This estimate is derived from an analysis of a
database of U.S. businesses based on NAICS codes
VerDate Nov<24>2008
16:22 Aug 20, 2009
Jkt 217001
these users will, in the course of their
usual and customary business practices,
have to furnish to CRAs an address
confirmation upon notice of a
discrepancy.12
FTC staff estimates that the average
annual information collection burden
during the three-year period for which
OMB clearance is sought will be
776,334 hours. The estimated burden is
$12,421,344.
1. Estimated Hours Burden
Although section 315 created a new
obligation for CRAs to provide a notice
of address discrepancy to users of
consumer reports, prior to the FACT Act
enactment, users of consumer reports
could compare the address on the
consumer report to the address provided
by the consumer and discern for
themselves any discrepancy. As a result,
FTC staff believes that many users of
consumer reports have developed
methods of reconciling address
discrepancies, and the following
estimates represent the incremental
amount of time users of consumer
reports may require to develop and
comply with the policies and
procedures for when they receive a
notice of address discrepancy.
Due to the varied nature of the entities
under the FTC’s jurisdiction, it is
difficult to determine precisely the
appropriate burden estimates.
Nonetheless, FTC staff estimates that it
would require an infrequent user of
consumer reports no more than 16
minutes to develop and comply with the
policies and procedures that it will
employ when it receives a notice of
address discrepancy, while a frequent
user might require one hour. Similarly,
FTC staff estimates that, during the
remaining two years of clearance, it may
take an infrequent user no more than
one minute to comply with the policies
and procedures it will employ when it
receives a notice of address discrepancy,
while a frequent user might require 45
minutes. Taking into account these
extremes, FTC staff estimates that,
during the first year, it will take users
of consumer reports under the
jurisdiction of the FTC an average of 38
minutes [the midrange between 16
minutes and 60 minutes] to develop and
comply with the policies and
procedures that they will employ when
for businesses in industries that typically use
consumer reports from CRAs described in the Rule,
which total 1,658,758 users of consumer reports
subject to the FTC’s jurisdiction.
12 Report to Congress Under Sections 318 and 319
of the Fair and Accurate Credit Transactions of
2003, Federal Trade Commission, 80 (Dec. 2004)
available at (https://www.ftc.gov/reports/facta/
041209factarpt.pdf).
PO 00000
Frm 00082
Fmt 4703
Sfmt 4703
they receive a notice of address
discrepancy. FTC staff also estimates
that the average recurring burden for
users of consumer reports to comply
with the Rule will be 23 minutes [the
midrange between one minute and 45
minutes].
Thus, for these 1.66 million entities,
the average annual burden for each of
them to perform these collective tasks
will be 28 minutes [(38 + 23 + 23) ÷ 3];
cumulatively, 774,667 hours.
For the estimated 10,000 users of
consumer reports that will additionally
have to furnish to CRAs an address
confirmation upon notice of a
discrepancy, staff estimates that these
entities will require 30 minutes to
develop related policies and procedures.
But, these 10,000 affected entities13
likely will have automated the process
of furnishing the correct address in the
first year of a three-year PRA clearance
cycle. Thus, allowing for 30 minutes in
the first year, with no annual recurring
burden in the second and third years of
clearance, yields an average annual
burden of 10 minutes per entity to
furnish a correct address to a CRA, for
a total of 1,667 hours.
2. Estimated Cost Burden
FTC staff assumes that the policies
and procedures for compliance with the
address discrepancy part of the Rule
will be set up by administrative support
personnel at an hourly rate of $16.14
Based on the above estimates and
assumptions, the total annual labor cost
for the two categories of burden under
section 315 is $12,421,344 [(774,667
hours + 1,667 hours) x $16.00].
C. Burden Totals for Sections 114 and
315
Cumulatively, then, estimated burden
is 6,151,062 hours (5,374,728 hours for
section 114 and 776,334 hours for
section 315) and $169,036,824
13 Staff further assumes that this estimate is
representative of new entrants in any given threeyear PRA clearance cycle.
14 Based generally on the National Compensation
Survey: Occupational Earnings in the United States,
2007, U.S. Department of Labor, Bureau of Labor
Statistics released August 2008, Bulletin 2704,
Table 3 (‘‘Full-time civilian workers,’’ mean and
median hourly wages), available at (https://
www.bls.gov/ncs/ocs/sp/nctb0300.pdf). Clerical
estimates are derived from the above source data,
applying roughly a mid-range of mean hourly rates
for potentially applicable clerical types, e.g.,
computer operators, data entry and information
processing workers.
E:\FR\FM\21AUN1.SGM
21AUN1
Federal Register / Vol. 74, No. 161 / Friday, August 21, 2009 / Notices
($156,615,480 and $12,421,344,
respectively)15 in associated labor cost.
Willard Tom
General Counsel.
[FR Doc. E9–20141 Filed 8–20–09: 8:45 am]
BILLING CODE 6750–01–S
DEPARTMENT OF DEFENSE
SUPPLEMENTARY INFORMATION:
GENERAL SERVICES
ADMINISTRATION
A. Purpose
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
[OMB Control No. 9000–0080]
Federal Acquisition Regulation;
Submission for OMB Review; Integrity
of Unit Prices
AGENCY: Department of Defense (DOD),
General Services Administration (GSA),
and National Aeronautics and Space
Administration (NASA).
ACTION: Notice of reinstatement request
for an information collection
requirement regarding an existing OMB
clearance.
Under the provisions of the
Paperwork Reduction Act of 1995 (44
U.S.C. Chapter 35), the Federal
Acquisition Regulation, Regulatory
Secretariat (VPR) will be submitting to
the Office of Management and Budget
(OMB) a request to reinstate a
previously approved information
collection requirement concerning
Integrity of Unit Prices.
Public comments are particularly
invited on: Whether this collection of
information is necessary; whether it will
have practical utility; whether our
estimate of the public burden of this
collection of information is accurate,
and based on valid assumptions and
methodology; ways to enhance the
quality, utility, and clarity of the
information to be collected; and ways in
which we can minimize the burden of
the collection of information on those
who are to respond, through the use of
appropriate technological collection
techniques or other forms of information
technology.
DATES: Submit comments on or before
September 21, 2009.
ADDRESSES: Submit comments regarding
this burden estimate or any other aspect
of this collection of information,
including suggestions for reducing this
burden, to: FAR Desk Officer, OMB,
Room 10102, NEOB, Washington, DC
srobinson on DSKHWCL6B1PROD with NOTICES
SUMMARY:
15 These figures correct mathematical errors that
appeared in the related preceding Federal Register
notice. 74 FR at 18712.
VerDate Nov<24>2008
20:17 Aug 20, 2009
20503 and a copy to the General
Services Administration, Regulatory
Secretariat (VPR), 1800 F Street NW.,
Room 4041, Washington, DC 20405.
FOR FURTHER INFORMATION CONTACT: Mr.
Edward Chambers, Procurement
Analyst, Contract Policy Division, GSA,
(202) 501–3221 or e-mail
Edward.chambers@gsa.gov.
Jkt 217001
FAR 15.408(f) and the clause at FAR
52.215–14, Integrity of Unit Prices,
require offerors and contractors under
Federal contracts that are to be awarded
without adequate price competition to
identify in their proposals those
supplies which they will not
manufacture or to which they will not
contribute significant value. The
policies included in the FAR are
required by section 501 of Public Law
98–577 (for the civilian agencies) and
section 927 of Public Law 99–500 (for
DOD and NASA). The rule contains no
reporting requirements on contracts
with commercial items.
B. Annual Reporting Burden
Respondents: 1,000.
Responses per Respondent: 10.
Annual Responses: 10,000.
Hours per Response: 1 hour.
Total Burden Hours: 10,000.
Obtaining Copies of Proposals:
Requesters may obtain a copy of the
information collection documents from
the General Services Administration,
Regulatory Secretariat (VPR), 1800 F St.,
NW., Room 4041, Washington, DC
20405, telephone (202) 501–4755. Please
cite OMB Control No. 9000–0080,
Integrity of Unit Prices.
Dated: August 14, 2009.
Al Matera,
Director, Office of Acquisition Policy.
[FR Doc. E9–20174 Filed 8–20–09; 8:45 am]
BILLING CODE 6820–EP–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Medicare & Medicaid
Services
[Document Identifier: CMS–10174, CMS–
10287 and CMS–R–305]
Agency Information Collection
Activities: Submission for OMB
Review; Comment Request
AGENCY: Centers for Medicare &
Medicaid Services.
In compliance with the requirement
of section 3506(c)(2)(A) of the
PO 00000
Frm 00083
Fmt 4703
Sfmt 4703
42307
Paperwork Reduction Act of 1995, the
Centers for Medicare & Medicaid
Services (CMS), Department of Health
and Human Services, is publishing the
following summary of proposed
collections for public comment.
Interested persons are invited to send
comments regarding this burden
estimate or any other aspect of this
collection of information, including any
of the following subjects: (1) The
necessity and utility of the proposed
information collection for the proper
performance of the Agency’s function;
(2) the accuracy of the estimated
burden; (3) ways to enhance the quality,
utility, and clarity of the information to
be collected; and (4) the use of
automated collection techniques or
other forms of information technology to
minimize the information collection
burden.
1. Type of Information Collection
Request: Revision of the currently
approved collection.
Title of Information Collection:
Collection of Drug Event Data From
Contracted Part D Providers for
Payment.
Use: In December 2003, Congress
enacted the Medicare Prescription Drug,
Improvement, and Modernization Act of
2003 referred to as the Medicare
Modernization Act (MMA). The
Medicare Prescription Drug Benefit
program (Part D) was established by
section 101 of the MMA and is codified
in section 1860D–1 through 1860 D–41
of the Social Security Act. Effective
January 1, 2006, the Part D program
establishes an optional prescription
drug benefit for individuals who are
entitled to Medicare Part A and/or
enrolled in Part B. Part D plans have
flexibility in terms of benefit design.
This flexibility includes, but is not
limited to, authority to establish a
formulary that limits coverage to
specific drugs within each therapeutic
class of drugs, and the ability to have a
cost-sharing structure other than the
statutorily defined structure (subject to
certain actuarial tests). Coverage under
the new prescription drug benefit is
provided predominately through private
at-risk prescription drug plans that offer
drug-only coverage (PDPs), Medicare
Advantage (MA) plans that offer
integrated prescription drug and health
care coverage (MA–PD plans) or through
Cost Plans that offer prescription drug
benefits.
The transmission of the data will be
in an electronic format. The information
users will be Pharmacy Benefit
Managers (PBM), third party
administrators and pharmacies and the
PDPs, MA–PDs, Fallbacks and other
plans that offer coverage of outpatient
E:\FR\FM\21AUN1.SGM
21AUN1
]]>Agencies
[Federal Register Volume 74, Number 161 (Friday, August 21, 2009)]
[Notices]
[Pages 42303-42307]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-20141]
=======================================================================
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Agency Information Collection Activities; Submission for OMB
Review; Comment Request; Extension
AGENCY: Federal Trade Commission (``FTC'' or ``Commission'').
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The information collection requirements described below will
be submitted to the Office of Management and Budget (``OMB'') for
review, as required by the Paperwork Reduction Act (``PRA''). The FTC
is seeking public comments on its proposal to extend through September
30, 2012, the current PRA clearance requirements contained in the FTC
Red Flags/Card Issuers/Address Discrepancies Rules (``Red Flags Rule''
or ``Rule''). The current clearance expires on September 30, 2009.
DATES: Comments must be submitted on or before September 21, 2009.
ADDRESSES: Interested parties are invited to submit written comments
electronically or in paper form. Comments should refer to ``Red Flags
Rule, PRA Comment, P095406'' to facilitate the organization of
comments. Please note that comments--including your name and your
state--will be placed on the public record of this proceeding--
including on the publicly accessible FTC website, at (https://www.ftc.gov/os/publiccoments/shtm).
Because comments will be made public, they should not include any
sensitive personal information, such as an individual's Social Security
number; date of birth; driver's license number or other state
identification number, or foreign country equivalent; passport number;
financial account number; or credit or debit card number. Comments also
should not include any sensitive health information, such as medical
records or other individually identifiable health information. In
addition, comments should not include any ``[t]rade secrets and
commercial or financial information obtained from a person and
privileged or confidential . . .,'' as provided in section 6(f) of the
Federal Trade Commission Act (``FTC Act''), 15 U.S.C. 46(f), and FTC
Rule 4.10(a)(2), 16 CFR 4.10(a)(2). Comments containing material for
which confidential treatment is requested must be filed in paper form,
must be clearly labeled ``Confidential,'' and must comply with FTC Rule
4.9(c), 16 CFR 4.9(c).\1\
---------------------------------------------------------------------------
\1\ The comment must be accompanied by an explicit request for
confidential treatment, including the factual and legal basis for
the request, and must identify the specific portions of the comment
to be withheld from the public record. The request will be granted
or denied by the Commission's General Counsel, consistent with
applicable law and the public interest. See FTC Rule 4.9(c), 16 CFR
4.9(c).
---------------------------------------------------------------------------
Because paper mail addressed to the FTC is subject to delay due to
heightened security screening, please consider submitting your comments
in electronic form. Comments filed in electronic form should be
submitted by using the following weblink: (https://secure.commentworks.com/ftc-RedFlagsPRA) (and following the
instructions on the web-based form). To ensure that the Commission
considers an electronic comment, you must file it on the web-based form
at the weblink (https://secure.commentworks.com/ftc-RedFlagsPRA). If
this Notice appears at (https://www.regulations.gov/search/index.jsp),
you may also file an electronic comment through that website. The
Commission will consider all comments that regulations.gov forwards to
it. You may also visit the FTC website at https://www.ftc.gov to read
the Notice and the news release describing it.
A comment filed in paper form should include the ``Red Flags Rule,
PRA Comment, P095406'' reference both in the text and on the envelope,
and should be mailed or delivered to the following address: Federal
Trade Commission, Office of the Secretary, Room H-135 (Annex J), 600
Pennsylvania Avenue, NW, Washington, DC 20580. The FTC is requesting
that any comment filed in paper form be sent by courier or overnight
service, if possible, because U.S. postal mail in the Washington area
and at the Commission is subject to delay due to heightened security
precautions.
The FTC Act and other laws the Commission administers permit the
collection of public comments to consider and use in this proceeding as
appropriate. The Commission will consider all timely and responsive
public comments that it receives, whether filed in paper or electronic
form. Comments received will be available to the public on the FTC
website, to the extent practicable, at (https://www.ftc.gov/os/publiccoments.shtm). As a matter of discretion, the Commission makes
every effort to remove home contact information for individuals from
the public comments it receives before placing those comments on the
FTC website. More information, including routine uses permitted by the
Privacy Act, may be found in the FTC's privacy policy, at (https://www.ftc.gov/ftc/privacy.shtm).
All comments should additionally be submitted to: Office of
Information and Regulatory Affairs, Office of Management and Budget,
Attention: Desk Officer for Federal Trade Commission. Comments should
be submitted via facsimile to (202) 395-5167 because U.S. postal mail
at the OMB is subject to delays due to heightened security precautions.
FOR FURTHER INFORMATION CONTACT: Steven Toporoff, Attorney, Bureau of
Consumer Protection, (202) 326-2252, Federal Trade Commission, 600
Pennsylvania Avenue, NW, Washington, DC 20580.
SUPPLEMENTARY INFORMATION: On April 24 2009, the FTC sought comment on
the information collection requirements associated with the Red Flags
Rule, 16 CFR Part 681 (Control Number: 3084-0137). 74 FR 18709. No
comments were received. Pursuant to the OMB regulations, 5 CFR Part
1320, that implement the PRA, 44 U.S.C. 3501-3521, the FTC is providing
this second opportunity for public comment while seeking OMB approval
to extend the existing paperwork clearance for the Rule. All comments
should be filed as prescribed in the ADDRESSES section above, and must
be received on or before September 21, 2009.
[[Page 42304]]
I. Overview of the Rule
The Rule implements sections 114 and 315 of the Fair and Accurate
Credit Transactions Act of 2003 (``FACT Act''). These sections amend
the Fair Credit Reporting Act of 1970 (``FCRA''), 15 U.S.C. 1681 et
seq., to require businesses to undertake measures to prevent identity
theft and to increase the accuracy of consumer reports.
Specifically, section 114 amends section 615 of the FCRA to require
creditors and financial institutions to develop and implement written
Identity Theft Prevention Programs. Section 114 also mandates specific
regulations that require credit and debit card issuers to assess the
validity of notifications of changes of address under certain
circumstances. Section 315 of FACT Act adds section 605(h) to the FCRA
and requires regulations that provide guidance on what users of
consumer reports must do when they receive a notice of address
discrepancy from a nationwide consumer reporting agency (``CRA'').
II. Description of Collections of Information
A. Section 114
The Rule requires financial institutions and creditors to develop
and implement a written Identity Theft Prevention Program (``Program'')
to detect, prevent, and mitigate identity theft in connection with
existing accounts or the opening of new accounts. Under the Rule,
creditors and financial institutions must conduct a periodic risk
assessment to determine if they maintain ``covered accounts.'' The Rule
defines that term as either (1) a consumer account that is designed to
permit multiple payments or transactions, or (2) any other account for
which there is a reasonably foreseeable risk of identity theft. Each
financial institution and creditor that has covered accounts must
create a written Program that contains reasonable policies and
procedures to identify relevant indicators of the possible existence of
identity theft (``Red Flags''); detect Red Flags that have been
incorporated into the Program; respond appropriately to any Red Flags
that are detected to prevent and mitigate identity theft; and update
the Program periodically to ensure it reflects changes in risks to
customers.
The Rule also requires financial institutions and creditors to: (1)
obtain approval of the initial written Program by the board of
directors, a committee thereof or, if there is no board, an appropriate
senior employee; (2) ensure oversight of the development,
implementation, and administration of the Program; (3) train staff, as
needed, to implement the Program; and (4) exercise appropriate and
effective oversight of service provider arrangements. In addition, the
Rule implements the section 114 requirement that financial institutions
or creditors that issue debit or credit cards (``card issuers'')
generally must assess the validity of change of address notifications.
Specifically, if the card issuer receives a notice of change of address
for an existing account and, within a short period of time (during at
least the first 30 days), receives a request for an additional or
replacement card for the same account, the issuer must follow
reasonable policies and procedures to assess the validity of the change
of address through one of three methods.
B. Section 315
The Rule also implements section 315 of the FACT Act and requires
each user of consumer reports to have reasonable policies and
procedures in place to employ when the user receives a notice of
address discrepancy from a CRA. Specifically, each user of consumer
reports must develop and implement reasonable policies and procedures
to: (1) enable the user to form a reasonable belief that a consumer
report relates to the consumer about whom it has requested the report,
when the user receives a notice of address discrepancy; and (2) furnish
an address for the consumer that the user has reasonably confirmed is
accurate to the CRA from which it received a notice of address
discrepancy if certain conditions are met.
III. Burden Estimates
Rounded to the nearest thousand, overall estimated burden hours for
sections 114 and 315, combined, total 6,151,000 and the associated
estimated labor cost is $169,000,000. Staff assumes that affected
entities will already have in place, independent of the Rule, equipment
and supplies necessary to carry out the tasks necessary to comply with
it.
A. Section 114
1. Estimated Hours Burden - Red Flags Rule
As noted above, the Rule requires financial institutions and
creditors with covered accounts to develop and implement a written
Program. Under the Rule, a ``financial institution'' is ``a State or
National bank, a State or Federal savings and loan association, a
mutual savings bank, a State or Federal credit union, or any other
person that, directly or indirectly, holds a transaction account (as
defined in section 19(b) of the Federal Reserve Act) belonging to a
consumer.''\2\ Under the Rule, ``creditor'' has the same meaning as in
section 702 of the Equal Credit Opportunity Act (ECOA). Section 702
defines ``creditor'' as any person who ``regularly extends, renews or
continues credit; any person who regularly arranges for the extension,
renewal, or continuation of credit; or any assignee of any original
creditor who participates in the decision to extend, renew, of continue
credit.'' ``Credit'' means an arrangement by which you defer payment of
debts or accept deferred payment for the purchase of property or
services.\3\
---------------------------------------------------------------------------
\2\ The Rule refers to the definition of ``financial
institution'' that is found in the FCRA, 15 U.S.C. Sec. 1681a(t).
\3\ The Rule defines ``credit'' and ``creditor'' by referring to
the definition found in the FCRA, 15 U.S.C. Sec. 1681a(r)(5) which,
in turn, refers to section 702 of the ECOA.
---------------------------------------------------------------------------
Given the broad scope of entities covered, it is difficult to
determine precisely the number of financial institutions and creditors
that are subject to the FTC's jurisdiction. There are numerous small
businesses under the FTC's jurisdiction, and there is no formal way to
track them; moreover, as a whole, the entities under the FTC's
jurisdiction are so varied that there are no general sources that
provide a record of their existence.
Nonetheless, FTC staff estimates that the Rule's requirement to
have a written Program affects over 57,000 financial institutions\4\
and almost 2 million creditors.\5\ This is a revised estimate of the
number of covered financial institutions within the FTC's jurisdiction.
In the PRA burden
[[Page 42305]]
estimates set forth in the preamble to the Final Rule, the Commission
stated that there were 3,664 financial institutions within the FTC's
jurisdiction, namely 3,664 state-chartered credit unions. See 72 FR
63718, 63741 n.61 and accompanying text (Nov. 9, 2007). This estimate
misstated the scope of the FTC's jurisdiction. Under the FCRA, the
financial institutions over which the FTC has jurisdiction include not
only state-chartered credit unions, but other entities that hold
consumer transaction accounts, excluding banks, savings and loan
associations, and federal credit unions, which are subject to oversight
by the federal bank regulatory agencies and the National Credit Union
Administration. In fact, the financial institutions within the FTC's
jurisdiction include, but are not limited to, certain insurance
companies, investment companies, broker-dealers, and money service
businesses.
---------------------------------------------------------------------------
\4\ As of December 31, 2005, there were 3,302 state-chartered
federally-insured credit unions and 362 state-chartered nonfederally
insured credit unions. See (www.ncua.gov/news/quick_facts/quick_facts.html) and ``Disclosures for Non-Federally Insured Depository
Institutions under the Federal Deposit Insurance Corporation
Improvement Act (FDICIA),'' 70 FR 12823 (Ma. 16, 2005). As of 2007,
there were 3,913 property, casualty and life, and health insurance
companies. See Insurance Department Resources Report 2007, published
by the National Association of Insurance Commissioners (NAIC). As of
September 2007, there were 4,733 registered investment companies.
See Securities and Exchange Commission, Proposed Regulation S-P, at
13709 (March 13, 2008). As of December 31, 2007, there were 5,561
broker-dealers. See Securities and Exchange Commission, Amendments
to Regulation SHO, Release No. 34-58773, at 45 (Oct. 14, 2008)
(available at www.sec.gov/rules/final/2008/34-58773.pdf). As of
November 2008, there were 39,408 money service businesses. See
Department of the Treasury Financial Crimes Enforcement Network MSB
Registration List (available at (www.msb.gov/pdf/msb_registration_list.pdf)).
\5\ See infra notes 7 and 8 accounting for this sum total.
---------------------------------------------------------------------------
To estimate burden hours for the Red Flags Rule under section 114,
FTC staff divided affected entities into three categories, based on the
nature of their businesses: (1) entities that are subject to a high
risk of identity theft; (2) entities that are subject to a low risk of
identity theft, but have covered accounts that will require them to
have a written Program; and (3) entities that are subject to a low risk
of identity theft, but do not have covered accounts.\6\
---------------------------------------------------------------------------
\6\ In general, high-risk entities may provide consumer
financial services or other goods or services of value to identity
thieves such as telecommunication services or goods that are easily
convertible to cash, whereas low-risk entities may do business
primarily with other businesses or provide non-financial services or
goods that are not easily convertible in cash, such as healthcare
providers.
---------------------------------------------------------------------------
a. High-Risk Entities
FTC staff estimates that high-risk entities will each require 25
hours to create and implement a written Program, with an annual
recurring burden of one hour. FTC staff anticipates that these entities
will incorporate into their Programs policies and procedures that they
likely already have in place. Further, FTC staff estimates that
preparation of an annual report will require each high-risk entity four
hours initially, with an annual recurring burden of one hour. Finally,
FTC staff believes that many of the high-risk entities, as part of
their usual and customary business practices, already take steps to
minimize losses due to fraud, including conducting employee training.
Accordingly, only relevant staff need be trained to implement the
Program: for example, staff already trained as part of a covered
entity's anti-fraud prevention efforts do not need to be re-trained
except as incrementally needed. FTC staff estimates that training in
connection with the implementation of a Program of a high-risk entity
will require four hours, and recurring annual training thereafter will
require one hour.
Thus, estimated hours burden for high-risk entities is as follows:
320,217 high-risk entities\7\ subject to the FTC's
jurisdiction at an average annual burden of 13 hours per entity
[average annual burden over 3-year clearance period for creation and
implementation of Program ((25+1+1)/3), plus average annual burden over
3-year clearance period for staff training ((4+1+1)/3), plus average
annual burden over 3-year clearance period for preparing annual report
((4+1+1)/3)], for a total of 4,162,821 hours.
---------------------------------------------------------------------------
\7\ This is the number of high-risk entities implementing
section 114 as previously reported (266,602) in the preamble to the
Rule, 72 FR at 63742, increased by the additional institutions
(including insurance and investment companies, broker-dealers, and
money service businesses) accounted for herein at note 4 and the
accompanying text.
---------------------------------------------------------------------------
b. Low-Risk Entities
Entities that have a minimal risk of identity theft, but that have
covered accounts, must develop a Program; however, they likely will
only need a streamlined Program. FTC staff estimates that such entities
will require one hour to create such a Program, with an annual
recurring burden of five minutes. Training staff of low-risk entities
to be attentive to future risks of identity theft should require no
more than 10 minutes in an initial year, with an annual recurring
burden of five minutes. FTC staff further estimates that these entities
will require, initially, 10 minutes to prepare an annual report, with
an annual recurring burden of five minutes.
The Rule does not require entities that determine that they do not
have any covered accounts to create a written Program. Thus, such
entities will not incur PRA burden.
Thus, the estimated hours burden for low-risk entities is as
follows:
1,622,029 low-risk entities\8\ that have covered accounts
subject to the FTC's jurisdiction at an average annual burden of
approximately 37 minutes per entity [average annual burden over 3-year
clearance period for creation and implementation of streamlined Program
((60+5+5)/3), plus average annual burden over 3-year clearance period
for staff training ((10+5+5)/3), plus average annual burden over 3-year
clearance period for preparing annual report ((10+5+5)/3)], for a total
of 1,000,251 hours.
---------------------------------------------------------------------------
\8\ This figure is derived from an analysis of a database of
U.S. businesses based on NAICS codes for businesses that market
goods or services to consumers or other businesses, reduced to the
number of creditors subject to the FTC's jurisdiction (10,813,525),
and reduced further by an estimated subset of which comprise
anticipated low-risk entities not having covered accounts under the
final rule (9,191,496).
---------------------------------------------------------------------------
2. Estimated Hours Burden - Card Issuers Rule
As noted above, section 114 also requires financial institutions
and creditors that issue credit or debit cards to establish policies
and procedures to assess the validity of a change of address request,
including notifying the cardholder or using another means of assessing
the validity of the change of address. FTC staff estimates that the
Rule affects as many as 52,914 card issuers. This is a revised estimate
of the number of card issuers within the FTC's jurisdiction. In the PRA
burden estimates set forth in the preamble to the Final Rule, the
Commission stated that there were as many as 3,764 card issuers
(consisting of state-chartered credit unions and retailers) within the
FTC's jurisdiction. See 72 FR at 63742. This estimate understated the
scope of the FTC's jurisdiction. The FTC has jurisdiction over
additional categories of card issuers, including certain universities,
money service businesses, and telecommunication companies.\9\ -FTC
staff believes that most of these card issuers already have automated
the process of notifying the cardholder or are using another means to
assess the validity of the change of address, such that implementation
will pose no further burden. Nevertheless, taking a conservative
approach, FTC staff estimates that it will take each card issuer 4
hours to develop and implement policy and procedures to assess the
validity of a change of address request for a total burden of 211,656
hours.
---------------------------------------------------------------------------
\9\ In addition to the 3,664 state-chartered credit unions and
100 retailers under the FTC's jurisdiction, as of 2007, there were
4,314 colleges and universities. See Digest of Education Statistics
published by the National Center for Education Statistics (available
at (https://nces.ed.gov/programs/digest/d07/tables/dt07_255.asp)).
As of November 2008, there were 39,408 money service businesses. See
Department of the Treasury Financial Crimes Enforcement Network MSB
Registration List (available at (https://www.msb.gov/pdf/msb_registration_list.pdf)). Finally, as of November 2006, there were
5,428 telecommunication companies. See Federal Communications
Commission, Industry Analysis and Technology Division, Wireline
Competition Bureau, Trends in Telephone Service, August 2008, Table
5.3 (available at (https://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-284932A1.pdf)).
---------------------------------------------------------------------------
[[Page 42306]]
Thus, the total average annual estimated burden for Section 114 is
5,377,328 hours.
3. Estimated Cost Burden - Red Flags and Card Issuers Rules
FTC staff estimates labor costs by applying appropriate estimated
hourly cost figures to the burden hours described above. It is
difficult to calculate with precision the labor costs associated with
compliance with the Rule, as they entail varying compensation levels of
management (e.g., administrative services, computer and information
systems, training and development) and/or technical staff (e.g.,
computer support specialists, systems analysts, network and computer
systems administrators) among companies of different sizes. FTC staff
assumes that for all entities, professional technical personnel and/or
management personnel will create and implement the Program, prepare the
annual report, and train employees, at an hourly rate of $35.00.\10\
---------------------------------------------------------------------------
\10\ This estimate is based on (https://www.bls.gov/ncs/ncswage2007.htm) (National Compensation Survey: Occupational
Earnings in the United States 2007, US Department of Labor released
August 2008, Bulletin 2704, Table 3 (``Full-time civilian workers,''
mean and median hourly wages) for the various managerial and
technical staff support exemplified above.
---------------------------------------------------------------------------
Based on the above estimates and assumptions, the total annual
labor cost for all categories of covered entities under the Red Flags
and Card Issuers Rules for Section 114 is $156,615,480 [4,162,821 hours
+ 1,000,251 hours + 211,656 hours) x $35.00)].
B. Section 315 - The Address Discrepancy Rule
As discussed above, the Rule's implementation of section 315
provides guidance on reasonable policies and procedures that a user of
consumer reports must employ when a user receives a notice of address
discrepancy from a CRA. Given the broad scope of users of consumer
reports, it is difficult to determine with precision the number of
users of consumer reports that are subject to the FTC's jurisdiction.
As noted above, there are numerous small businesses under the FTC's
jurisdiction, and there is no formal way to track them; moreover, as a
whole, the entities under the FTC's jurisdiction are so varied that
there are no general sources that provide a record of their existence.
Nonetheless, FTC staff estimates that the Rule's implementation of
section 315 affects approximately 1.66 million users of consumer
reports subject to the FTC's jurisdiction.\11\ Approximately 10,000 of
these users will, in the course of their usual and customary business
practices, have to furnish to CRAs an address confirmation upon notice
of a discrepancy.\12\
---------------------------------------------------------------------------
\11\ This estimate is derived from an analysis of a database of
U.S. businesses based on NAICS codes for businesses in industries
that typically use consumer reports from CRAs described in the Rule,
which total 1,658,758 users of consumer reports subject to the FTC's
jurisdiction.
\12\ Report to Congress Under Sections 318 and 319 of the Fair
and Accurate Credit Transactions of 2003, Federal Trade Commission,
80 (Dec. 2004) available at (https://www.ftc.gov/reports/facta/041209factarpt.pdf).
---------------------------------------------------------------------------
FTC staff estimates that the average annual information collection
burden during the three-year period for which OMB clearance is sought
will be 776,334 hours. The estimated burden is $12,421,344.
1. Estimated Hours Burden
Although section 315 created a new obligation for CRAs to provide a
notice of address discrepancy to users of consumer reports, prior to
the FACT Act enactment, users of consumer reports could compare the
address on the consumer report to the address provided by the consumer
and discern for themselves any discrepancy. As a result, FTC staff
believes that many users of consumer reports have developed methods of
reconciling address discrepancies, and the following estimates
represent the incremental amount of time users of consumer reports may
require to develop and comply with the policies and procedures for when
they receive a notice of address discrepancy.
Due to the varied nature of the entities under the FTC's
jurisdiction, it is difficult to determine precisely the appropriate
burden estimates. Nonetheless, FTC staff estimates that it would
require an infrequent user of consumer reports no more than 16 minutes
to develop and comply with the policies and procedures that it will
employ when it receives a notice of address discrepancy, while a
frequent user might require one hour. Similarly, FTC staff estimates
that, during the remaining two years of clearance, it may take an
infrequent user no more than one minute to comply with the policies and
procedures it will employ when it receives a notice of address
discrepancy, while a frequent user might require 45 minutes. Taking
into account these extremes, FTC staff estimates that, during the first
year, it will take users of consumer reports under the jurisdiction of
the FTC an average of 38 minutes [the midrange between 16 minutes and
60 minutes] to develop and comply with the policies and procedures that
they will employ when they receive a notice of address discrepancy. FTC
staff also estimates that the average recurring burden for users of
consumer reports to comply with the Rule will be 23 minutes [the
midrange between one minute and 45 minutes].
Thus, for these 1.66 million entities, the average annual burden
for each of them to perform these collective tasks will be 28 minutes
[(38 + 23 + 23) / 3]; cumulatively, 774,667 hours.
For the estimated 10,000 users of consumer reports that will
additionally have to furnish to CRAs an address confirmation upon
notice of a discrepancy, staff estimates that these entities will
require 30 minutes to develop related policies and procedures. But,
these 10,000 affected entities\13\ likely will have automated the
process of furnishing the correct address in the first year of a three-
year PRA clearance cycle. Thus, allowing for 30 minutes in the first
year, with no annual recurring burden in the second and third years of
clearance, yields an average annual burden of 10 minutes per entity to
furnish a correct address to a CRA, for a total of 1,667 hours.
---------------------------------------------------------------------------
\13\ Staff further assumes that this estimate is representative
of new entrants in any given three-year PRA clearance cycle.
---------------------------------------------------------------------------
2. Estimated Cost Burden
FTC staff assumes that the policies and procedures for compliance
with the address discrepancy part of the Rule will be set up by
administrative support personnel at an hourly rate of $16.\14\ Based on
the above estimates and assumptions, the total annual labor cost for
the two categories of burden under section 315 is $12,421,344 [(774,667
hours + 1,667 hours) x $16.00].
---------------------------------------------------------------------------
\14\ Based generally on the National Compensation Survey:
Occupational Earnings in the United States, 2007, U.S. Department of
Labor, Bureau of Labor Statistics released August 2008, Bulletin
2704, Table 3 (``Full-time civilian workers,'' mean and median
hourly wages), available at (https://www.bls.gov/ncs/ocs/sp/nctb0300.pdf). Clerical estimates are derived from the above source
data, applying roughly a mid-range of mean hourly rates for
potentially applicable clerical types, e.g., computer operators,
data entry and information processing workers.
---------------------------------------------------------------------------
C. Burden Totals for Sections 114 and 315
Cumulatively, then, estimated burden is 6,151,062 hours (5,374,728
hours for section 114 and 776,334 hours for section 315) and
$169,036,824
[[Page 42307]]
($156,615,480 and $12,421,344, respectively)\15\ in associated labor
cost.
---------------------------------------------------------------------------
\15\ These figures correct mathematical errors that appeared in
the related preceding Federal Register notice. 74 FR at 18712.
Willard Tom
General Counsel.
[FR Doc. E9-20141 Filed 8-20-09: 8:45 am]
BILLING CODE 6750-01-S
