Disclosure of Records and Information, 45372-45394 [2011-19038]

Download as PDF 45372 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations BUREAU OF CONSUMER FINANCIAL PROTECTION 12 CFR Part 1070 [Docket No. CFPB–2011–0003] RIN 3170–AA01 Disclosure of Records and Information Bureau of Consumer Financial Protection. ACTION: Interim final rule with request for public comment. AGENCY: This interim final rule establishes procedures for the public to obtain information from the Bureau of Consumer Financial Protection, under the Freedom of Information Act, the Privacy Act of 1974, and in legal proceedings. This interim final rule also establishes the CFPB’s rules regarding the confidential treatment of information obtained from persons in connection with the exercise of its authorities under federal consumer financial law. DATES: This interim final rule is effective July 28, 2011. Written comments must be submitted by September 26, 2011. ADDRESSES: You may submit comments, identified by Docket No. CFPB–2011– 0003, by any of the following methods: • Electronic: https:// www.regulations.gov. Follow the instructions for submitting comments. • Mail or Hand Delivery/Courier in Lieu of Mail: Monica Jackson, Office of the Executive Secretary, Consumer Financial Protection Bureau, 1801 L Street, NW., Washington, DC 20036. All submissions must include the agency name and docket number or Regulatory Information Number (RIN) for this rulemaking. In general, all comments received will be posted without change to https:// www.regulations.gov. In addition, comments will be available for public inspection and copying at 1801 L Street, NW., Washington, DC 20036, on official business days between the hours of 10 a.m. and 5 p.m. Eastern Time. You can make an appointment to inspect the documents by telephoning (202) 435– 7275. All comments, including attachments and other supporting materials, will become part of the public record and subject to public disclosure. Sensitive personal information, such as account numbers or Social Security numbers, should not be included. Comments will not be edited to remove any identifying or contact information. FOR FURTHER INFORMATION CONTACT: Monica Jackson, Office of the Executive rmajette on DSK89S0YB1PROD with RULES3 SUMMARY: VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 Secretary, Consumer Financial Protection Bureau, 1801 L Street, NW., Washington, DC 20036, 202–435–7275. SUPPLEMENTARY INFORMATION: I. Background On July 21, 2010, the President signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111–203). Title X of that law is the Consumer Financial Protection Act of 2010 (the ‘‘Act’’), which created the Bureau of Consumer Financial Protection (the ‘‘CFPB’’). Pursuant to the provisions of the Act, the CFPB will begin to exercise its authority to regulate the offering and provision of consumer financial products and services under the federal consumer financial laws on July 21, 2011.1 In order to establish procedures to facilitate public interaction with the CFPB, the CFPB is issuing this interim final rule. The CFPB invites public comment on all aspects of this interim final rule and will take those comments into account before publishing a final rule. II. Summary of Interim Final Rule This interim final rule establishes procedures for the CFPB that are necessary to implement the Freedom of Information Act, 5 U.S.C. 552 (the ‘‘FOIA’’) and the Privacy Act of 1974, 5 U.S.C. 552a (the ‘‘Privacy Act’’). Various provisions of these statutes either require or authorize federal agencies to promulgate implementing regulations. See 5 U.S.C. 552(a)(4)(A)(i); id. at 552(a)(6)(B)(iv); id. at 552(a)(6)(D)(1); id. at 552(a)(6)(E); id. at 552a(f); id. at 552(k). Pursuant to the Federal Housekeeping Statute, 5 U.S.C. 301 (as interpreted by United States ex rel. Touhy v. Ragen, 340 U.S. 462 (1951) and subsequent related case law) and/or the Federal Records Act, 44 U.S.C. ch. 30, the interim final rule also establishes a process by which parties may seek testimony or records from the CFPB for use in litigation and certain other proceedings. Finally, the interim final rule governs the CFPB’s treatment of confidential information pursuant to sections 1022 and 1052 of the Act. A. Summary of Subpart A: General Provisions Subpart A of part 1070 of the rules sets forth general provisions applicable to the remainder of the part. Section 1070.1 sets forth the CFPB’s authorities for issuing its rules, which include 1 Section 1066 of the Act grants the Secretary of the Treasury interim authority to perform certain functions of the CFPB. Pursuant to that authority, Treasury publishes this interim final rule on behalf of the CFPB. PO 00000 Frm 00002 Fmt 4701 Sfmt 4700 provisions of the Act that require or authorize the CFPB to disclose, share, or maintain the confidentiality of certain information that the CFPB obtains from others or generates itself. Section 1070.1 also identifies the purposes of the rules in part 1070. Section 1070.2 defines terms that are utilized elsewhere in part 1070 of the rules. Several of these terms warrant brief discussion. For example, we intend for our definition of the term ‘‘civil investigative demand material’’ in section 1070.2(e) to encompass all types of materials provided to the CFPB in response to a civil investigative demand that the CFPB issues in accordance with section 1052 of the Act. As stated in section 1052 and reiterated in section 1070.2(e) of these rules, civil investigative demand material includes documentary materials, such written reports and answers to questions, tangible things, oral testimony, or any combination thereof. As defined, the term ‘‘civil investigative demand material’’ also includes such materials to the extent that a person, through negotiations with the CFPB or otherwise, agrees to provide them to the CFPB voluntarily or in lieu of receiving a civil investigative demand. Section 1070.2(f) defines the term ‘‘confidential information.’’ Confidential information refers to three categories of non-public information—confidential consumer complaint information, confidential investigative information, and confidential supervisory information—that the CFPB shall protect from various types of disclosure in accordance with Consumer Financial Protection Act and other laws. The term also includes other CFPB information that is exempt from disclosure pursuant to one or more of the statutory exemptions to the FOIA. Section 1070.2(g) defines ‘‘confidential consumer complaint information’’ to mean information that the CFPB receives from the public or from other agencies or organizations, or which the CFPB generates through its own efforts pursuant to sections 1013 and 1034 of the Act, that comprises or documents consumer complaints or inquiries concerning financial institutions or consumer financial products and services. The term includes information, such as personally identifiable information, that is protected from public disclosure under the FOIA. Section 1070.2(h) defines ‘‘confidential investigative information’’ to include all manner of materials received, generated, or compiled by the CFPB in the course of its investigative activities, including materials received E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations rmajette on DSK89S0YB1PROD with RULES3 through the issuance of civil investigative demands. It also includes confidential supervisory information and confidential consumer complaint information to the extent that such materials serve as a basis for or are utilized for purposes of, an investigation. Lastly, the term includes materials that other federal and state agencies provide to the CFPB or create for its use in investigating a possible violation of federal consumer financial law. Section 1070.2(i) defines ‘‘confidential supervisory information’’ to include various materials that the CFPB generates or receives that relate to the examination of financial institutions. These materials include, first, examination, inspection, visitation, operating, condition, and compliance reports, and any information contained in, relating to, or derived from such reports. Second, the term includes documentary materials, including reports of examination, that the CFPB prepares or that are prepared by others for use by the CFPB in exercising its supervisory authority over financial institutions, as well as information derived from such documentary materials. Third, the term includes the CFPB’s communications with financial institutions and agencies to the extent that such communications relate to the exercise of the CFPB’s supervisory authority over financial institutions. Fourth, confidential supervisory information includes information that financial institutions provide to the CFPB to help it to evaluate the risks associated with consumer financial products and services and whether institutions should be deemed ‘‘covered persons,’’ as that term is defined by 12 U.S.C. 5481. Finally, the term includes other supervision-related information that is exempt from public disclosure under the FOIA pursuant to 5 U.S.C. 552(b)(8). B. Summary of Subpart B: Rules Implementing the Freedom of Information Act Subpart B contains the CFPB’s rules that implement the Freedom of Information Act, 5 U.S.C. 552. The FOIA grants the public an enforceable right to obtain access to or copies of federal agency records unless disclosure of those records, or information contained within them, is exempt from disclosure pursuant to one or more statutory exemptions and exclusions. The FOIA also requires federal agencies to routinely publish in the Federal Register, or make available to the public, certain information concerning their organizational structures, policies VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 and procedures, final opinions and orders, and records that have or are likely to become the objects of frequent FOIA requests. The regulations in this subpart implement the FOIA as required or authorized by various provisions of the statute. See 5 U.S.C. 552(a)(4)(A)(i); id. at 552(a)(6)(B)(iv); id. at 552(a)(6)(D)(1); id. at 552(a)(6)(E). The CFPB modeled its FOIA regulations upon regulations promulgated by the other federal agencies, including the Treasury Department. The CFPB sought the input of the Department of Justice and the National Archives and Records Administration’s Office of Government Information Services, which is responsible for promoting best practices among federal agencies as to their FOIA regulations and practices. Because most of the CFPB’s FOIA regulations track the statute itself and set forth requirements and procedures that are typical of most federal agencies, we do not deem it necessary to provide a detailed analysis of these regulations. C. Summary of Subpart C: Disclosure of CFPB Information in Connection With Legal Proceedings Subpart C of the rules sets forth procedures for serving the CFPB and its employees with copies of documents in connection with legal proceedings, such as summonses, complaints, subpoenas, and other litigation-related requests or demands for the CFPB’s records or official information. Subpart C also describes the CFPB’s procedures for considering such requests or demands for official information. These regulations (which are sometimes referred to as Touhy regulations) are modeled after similar regulations of other federal agencies. Below is a brief summary of these regulations. Sections 1070.31–1070.33 of these regulations provide that, except as otherwise required by law, the CFPB’s General Counsel is authorized to receive and accept service of process of, and the General Counsel is authorized to respond to, summonses and complaints in which the CFPB or its employees (in their official capacities) are sued, as well as subpoenas, court orders, and litigation demands and requests for the production of the CFPB’s records and official information that are directed to the CFPB or its employees. Section 1070.34 requires parties demanding the production of the CFPB’s documents or testimony, in legal proceedings in which the United States or the CFPB are not parties, to provide the CFPB with certain information about the demand or request, including the name and forum of the proceeding, a PO 00000 Frm 00003 Fmt 4701 Sfmt 4700 45373 detailed description of the nature of the information or testimony sought and its intended uses and relevance, a showing that the evidence sought through the production of the CFPB’s records or testimony is not available from other sources, and, as the General Counsel deems appropriate, a statement of the party’s plans to demand additional testimony or documents in the future. Unless and until a party provides this required information, the CFPB will not respond to a demand it receives. Section 1070.37 sets forth various factors that the General Counsel shall consider in deciding whether to comply with a demand or request for the production of the CFPB’s records or testimony. This section also lists factors that will normally cause the CFPB to refuse compliance with such a demand or request. These factors pertain to prudential considerations and discovery privileges established by federal statutes, rules, and case law. Finally, section 1070.38 prohibits CFPB employees or former employees from providing opinion or expert testimony based upon information (other than general expertise) which they acquired in the scope and performance of their official CFPB duties, except to the extent that they provide such testimony on behalf of the United States or a party represented by the CFPB or the Department of Justice. The General Counsel has discretion to waive this prohibition if the requestor demonstrates an exceptional need or unique circumstances and that the anticipated testimony will neither be adverse to the United States nor require the United States to pay the employee’s or former employee’s travel or other expenses associated with providing the requested testimony. D. Summary of Subpart D: Confidential Information Subpart D of the rules pertains to the protection and disclosure of confidential information that the CFPB generates and receives during the course of its work. Various provisions of the Act require the CFPB to promulgate regulations providing for the confidentiality of certain types of information and to protect such information from public disclosure. Other provisions of the Act, however, require or authorize the CFPB to share information, under certain circumstances, with other federal and state agencies to the extent that they share jurisdiction with the CFPB as to the supervision of financial institutions, the enforcement of consumer financial protection laws, or the investigation and resolution of consumer complaints E:\FR\FM\28JYR3.SGM 28JYR3 rmajette on DSK89S0YB1PROD with RULES3 45374 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations regarding financial institutions or consumer financial products and services. In implementing these provisions, the CFPB has sought to provide the maximum protection for confidential information, while ensuring its ability to share or disclose information to the extent necessary to achieve its mission. The CFPB recognizes that much of the information that it will generate and obtain during the course of its activities will be commercially, competitively, and personally sensitive in nature, and generally warrants heightened protection. The need for greater protection for these categories of information is reflected in the substantive law of privilege and in various statutes, including the FOIA and the Privacy Act, that provide for the protection of such information from disclosure. Notwithstanding these concerns, there are instances in which the disclosure of confidential information will be necessary or appropriate for the CFPB to accomplish its statutory mission, such as the investigation and resolution of consumer complaints or the enforcement of federal consumer financial law. Disclosures may also serve the public interest where federal and state agencies share elements of the CFPB’s mission and where, by sharing information, they can do their jobs more effectively. The regulations in this subpart balance these competing concerns by generally prohibiting the CFPB and its employees from disclosing confidential information to non-employees, and even in certain cases to its employees, except in limited circumstances. Even where the CFPB permits disclosures of confidential information, the CFPB imposes strict limits upon the further use and dissemination of disclosed information. Where appropriate, the CFPB has based the regulations in this subpart upon regulations of the other federal financial regulatory agencies that provide for the confidentiality and disclosure of certain information generated or received in the course of supervising, investigating, or pursuing enforcement actions against financial institutions. A summary of this subpart follows below. As a preliminary matter, section 1070.2 of the rules, which we discuss above, defines the term ‘‘confidential information’’ as well as the three categories of confidential information to which this subpart refers: Confidential consumer complaint information, confidential investigatory information, and confidential supervisory VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 information. In certain circumstances, the statute requires disparate treatment of these three categories of confidential information. Section 1070.41(a) generally prohibits the disclosure of confidential information by the CFPB’s employees, former employees, or other persons who possess the CFPB’s confidential information, to non-employees of the CFPB or to CFPB employees for whom such information is not relevant to the performance of their assigned duties. This prohibition includes disclosures made by any means (including written or oral communications) or in any format (including paper and electronic formats). Excluded from this general prohibition are disclosures of confidential information to consultants and contractors of the CFPB who agree, in writing, to protect the confidentiality of the information in accordance with federal law as well as any additional conditions or limitations that the CFPB may impose upon them. Section 1070.41(c) states that the CFPB is not precluded from disclosing materials that it derives from or creates using confidential information, provided that such materials do not identify, either directly or indirectly, any particular persons to whom the confidential information pertains. This paragraph clarifies that the CFPB may create and publish reports, analyses, and other materials derived from confidential information so long as the reports, analyses, or other materials do not identify the subject of such information or discuss the information in such a way that one could infer the identity of the person it concerns. For example, the CFPB is not precluded from publishing reports that contain aggregate data derived from confidential information, provided the report cannot be used in conjunction with other publicly available information to reidentify the source of the information. Section 1070.41(d) clarifies that nothing in subpart D requires or authorizes the CFPB to disclose confidential information that another agency has provided to the CFPB to the extent that such disclosure contravenes applicable law or the terms of any agreement that exists between the CFPB and the agency to govern the CFPB’s treatment of information that the agency provides to the CFPB. Section 1070.42(a) provides that the CFPB may, in its discretion, disclose confidential supervisory information, such as reports of examination, to supervised financial institutions to which the reports pertain. To the extent that the CFPB chooses to do so, section PO 00000 Frm 00004 Fmt 4701 Sfmt 4700 1070.42(b) prohibits institutions from further disseminating the confidential information it receives except in limited circumstances. Supervised financial institutions may share confidential supervisory information with their directors, officers, and employees, and with those of their parent companies, to the extent that the disclosure of such confidential supervisory information is relevant to the performance of such individuals’ assigned duties. Supervised financial institutions may also share confidential supervisory information with their (or their parent companies’) outside legal counsel, certified public accountants, and consultants, provided that the supervised financial institutions take reasonable steps to ensure that such legal counsel, accountants, or consultants do not utilize, make or retain copies of, or further disclose confidential information except as is necessary to provide advice to the supervised financial institutions, their parent companies, or to their respective directors, officers, or employees. Furthermore, the institutions must keep written records of their disclosures of confidential information to their legal counsel, accountants, and consultants, along with the steps they have taken to ensure that these accountants, legal counsel, and consultants do not improperly utilize, make or retain copies of, or disclose such information. Supervised financial institutions shall provide these written records to the CFPB, upon request or demand. Section 1070.43 sets forth circumstances under which the CFPB shall or may disclose various categories of confidential information to law enforcement agencies and to other government agencies. Section 1070.43(a)(1) implements sections 1022(c)(6)(C)(i) and 1025(e)(1)(C) of the Act, which require the CFPB to share with federal and state agencies having jurisdiction over supervised financial institutions, the CFPB’s reports of examination of those supervised financial institutions, including drafts thereof, final reports, and revisions to final reports, provided that the CFPB receives from the agency reasonable assurances as to the confidentiality of the information provided. Section 1070.43(a)(2) implements section 1013(b)(3)(D) of the Act, which requires the CFPB to share confidential consumer complaint information with federal and state agencies, provided that the agency first gives written assurance to the CFPB that it will maintain such information in a manner that conforms to the standards that apply to federal agencies for the protection of the E:\FR\FM\28JYR3.SGM 28JYR3 rmajette on DSK89S0YB1PROD with RULES3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations confidentiality of personally identifiable information and for data security and integrity. Section 1070.43(b)(1), meanwhile, authorizes the CFPB to make discretionary disclosures of confidential information to federal and state agencies under certain circumstances. For example, this provision implements section 1022(c)(6)(C)(ii) of the Act, which authorizes the CFPB, upon request, to share confidential supervisory information about supervised financial institutions (other than reports of examination) with federal and state agencies having jurisdiction over those institutions. Section 1070.43(b)(1) also authorizes the CFPB, upon request, to share confidential investigatory information about supervised financial institutions with federal and state agencies having jurisdiction over those institutions. Section 1070.43(b)(2) sets forth procedures for federal and state agencies to follow when requesting access to the CFPB’s confidential information as set forth in section 1070.43(b)(1). Requests must be submitted in writing by authorized officers or employees of the agencies to the CFPB’s General Counsel, who will act upon it in consultation with the CFPB’s Associate Director for Supervision and Enforcement or with other appropriate CFPB personnel. Requests should describe the nature of the confidential information and documents sought and the purposes for which it will be used. Requests should also identify the agency’s legal authority for requesting the documents and any provisions that restrict CFPB’s disclosure. Finally, the requests should state that the requesting agency will maintain the requested confidential information in accordance with these rules and in a manner that conforms to the standards that apply to federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity. Moreover, the requests should commit the agencies to adhere to any additional conditions or limitations that the CFPB, in its discretion, decides to impose. Section 1070.43(c) clarifies that requests by state agencies for information or records of the CFPB that do not constitute confidential information must be made in accordance with the CFPB’s FOIA regulations set forth in subpart B. Sections 1070.43(d) permit certain federal and state agencies to negotiate agreements that provide for standing requests for the exchange of confidential information. VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 Section 1070.44 states that nothing in this part limits the CFPB’s discretion to disclose confidential consumer complaint information, to the extent permitted by law, to the extent that such disclosure is necessary to investigate, resolve, or otherwise respond to consumer complaints or inquires regarding financial institutions or consumer financial products and services. Section 1070.45(a) permits the CFPB to affirmatively disclose confidential investigative information, such as civil investigative demand material and other confidential information that becomes part of the CFPB’s investigative files, during the course of the CFPB’s investigations and enforcement proceedings. Thus, the CFPB may disclose confidential information to its enforcement personnel and in investigational hearings and witness interviews, as is reasonably necessary, and to Congress upon request. The CFPB may also disclose confidential information in administrative or court proceedings to which the CFPB is a party. In the case of confidential investigatory material that contains any trade secret or privileged or confidential commercial or financial information, as claimed by designation by the submitter of such material, or confidential supervisory information, the submitter may seek an appropriate protective or in camera order prior to disclosure of such material in a proceeding. Furthermore, the CFPB may disclose confidential information to law enforcement and other government agencies in accordance with this subpart and as required under any other applicable law. Section 1070.46 provides that notwithstanding the other rules in subpart D that restrict the circumstances under which the CFPB may disclose confidential information, the Director may authorize other disclosures of confidential information to the extent permitted by law. The CFPB does not intend for this provision to eviscerate the prohibition in section 1070.41 on the disclosure of confidential information. The CFPB intends for this provision to account for circumstances in which there is an unforeseen and exigent need for the CFPB to disclose confidential information for purposes or in a manner not otherwise provided for in these regulations. To circumscribe the extent to which the CFPB utilizes this provision to disclose confidential information, this section provides that the disclosure of confidential information may occur only with the prior written authorization of the Director. The responsibility may not be PO 00000 Frm 00005 Fmt 4701 Sfmt 4700 45375 delegated by the Director, except that a person authorized by law to perform the functions of the Director may also exercise this responsibility. For example, pursuant to section 1066 of the Act, the Treasury Secretary may perform this function in the absence of a Director. Section 1070.46(b) requires the CFPB to provide prior written notice to the person to whom the confidential information pertains (to the extent that the CFPB deems such notice to be appropriate under the circumstances) that the CFPB intends to disclose its confidential information, in accordance with this section. We note that the other federal bank regulatory agencies retain similar discretion to disclose confidential information. Section 1070.47(a) declares the CFPB’s retained ownership of any confidential information it discloses to federal or state agencies, to supervised financial institutions, or to other persons as provided in subpart D. It prohibits further disclosures of such information without the CFPB’s prior written authorization. It directs recipients of confidential information who receive requests or demands for its further disclosure to refer such requests or demands to the CFPB, afford the CFPB an opportunity to respond or intervene, and to assert legal exemptions or privileges on the CFPB’s behalf if so requested. To the extent that requests for confidential information are made pursuant to the FOIA, the Privacy Act, or state law equivalents of those statutes, section 1070.47(a)(3) requires federal or state agency recipients to refer such requests to the CFPB for its response. As provided by section 1070.47(a)(4), nothing in this section precludes a recipient of confidential information under subpart D from disclosing such information pursuant to a valid federal court order or a request or demand from a duly authorized committee of the United States Congress. In such cases where disclosure is compulsory, the disclosing party shall use its best efforts to secure a protective order or agreement that maintains the confidentiality of the confidential information disclosed. Section 1070.47(b) permits the CFPB to impose any additional conditions or limitations that it deems prudent upon its disclosures of confidential information to other agencies or persons. Section 1070.47(c) clarifies that disclosures of confidential information pursuant to subpart D are not intended and should not be construed to constitute a waiver of any privileges that are otherwise available to the CFPB or E:\FR\FM\28JYR3.SGM 28JYR3 45376 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations rmajette on DSK89S0YB1PROD with RULES3 to any agency or person with respect to this confidential information. E. Summary of Subpart E: The Privacy Act Subpart E contains the CFPB’s rules that implement the Privacy Act of 1974, 5 U.S.C. 552a. The Privacy Act serves to balance the government’s need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy stemming from federal agencies’ collection, maintenance, use, and disclosure of personal information about them. The regulations in this subpart implement the Privacy Act, as required by 5 U.S.C. 552a(f), by establishing procedures by which the public may request access to information or records that the CFPB maintains about them, request amendment or correction of such information or records, and request an accounting of disclosures of their records by the CFPB. As with its FOIA regulations, the CFPB modeled its Privacy Act regulations upon regulations promulgated by the other federal agencies, including the Treasury Department. Because most of the CFPB’s Privacy Act regulations track the statute itself and set forth requirements and procedures that are typical of most federal agencies, we do not deem it necessary to provide a detailed analysis of these regulations. Nevertheless, we briefly summarize and discuss section 1070.60(a) of subpart E, which identifies three systems of records (CFPB.002 Depository Institution Supervision Database, CFPB.003 Non-Depository Institution Supervision Database, and CFPB.004 Enforcement Database) that, pursuant to 5 U.S.C. 552a(k)(2), the CFPB has exempted from requirements of the Privacy Act that otherwise grant the public access to the CFPB’s records contained within these systems of records, 5 U.S.C. 552a(d), require the CFPB to account for disclosures of records contained in the systems of records, id. at 552a(c)(3) require the CFPB to maintain in such systems only as much information about individuals as is relevant and necessary to accomplish the CFPB’s statutory mission, id. at 552(e)(1), and require the CFPB to publish certain information about these systems and how to access them. Id. at 552a(e)(1), (e)(4)(G)–(I), (f). The CFPB has exempted these three systems of records from the foregoing requirements of the Privacy Act because these systems of records will contain information relating to the CFPB’s supervision of financial institutions and VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 its investigations into violations of and its enforcement of the federal consumer financial laws. Because the CFPB’s supervision and enforcement activities may examine or target the conduct of individuals, granting such individuals access to the CFPB’s information about them and publishing accounts of the CFPB’s disclosure of such information could interfere with or undermine these activities. For example, granting individuals access to the CFPB’s examination and investigative records regarding them could reveal to the individuals that their conduct is of interest to the CFPB or is a target of its examinations or investigations, thereby leading such individuals to conceal, alter, destroy, or fabricate evidence. The exemption is also needed in order to encourage persons having knowledge of violations of the federal consumer financial laws to report such information, and to protect such sources from embarrassment or recrimination, as well as to protect their right to privacy. It is essential that the identities of all individuals who furnish information under an express promise of confidentiality be protected. III. Procedural Requirements The CFPB has determined that good cause exists, pursuant to 5 U.S.C. 553(b), to publish these regulations as an interim final rule. When the CFPB is authorized on July 21, 2011 to begin exercising various regulatory authorities, it will be necessary to promptly establish procedures to facilitate the CFPB’s interactions with the public. The CFPB’s failure to promptly establish such procedures will impair the public’s right to gain access to information about the CFPB and about themselves that the CFPB maintains. The absence of confidentiality regulations will also impair the confidentiality and privacy rights of those who submit sensitive information to the CFPB as well as the ability of the CFPB to use that information to carry out its statutory mission. Furthermore, the CFPB has consulted other federal financial regulatory agencies and the Office of Government Information Services about the interim final rule. Thus, the CFPB concludes that notice and public comment are unnecessary for these regulations and that delay will be contrary to the public interest. For the same reasons, the CFPB has determined that this interim rule should be issued without a delayed effective date pursuant to 5 U.S.C. 553(d)(3). The CFPB further concludes that subpart D of the interim final rule, which governs the disclosure of the PO 00000 Frm 00006 Fmt 4701 Sfmt 4700 CFPB’s confidential information, constitutes an agency rule of organization, procedure, or practice that is exempt from notice and public comment pursuant to 5 U.S.C. 553(b). Notwithstanding these conclusions, the CFPB invites public comment on this interim final rule. Because no notice of proposed rulemaking is required, the provisions of the Regulatory Flexibility Act (5 U.S.C. Chapter 6) do not apply. The regulations in this part do not contain any information collection requirement that requires the approval of OMB under the Paperwork Reduction Act, 44 U.S.C. 3501 et seq. The CFPB has conducted an analysis of benefits, costs, and impacts 2 and consulted with appropriate Federal agencies. In developing the interim final rule, the CFPB considered potential benefits and costs to consumers and covered persons, including the impact on access to consumer financial products and services. The CFPB concludes that the interim final rule will benefit consumers and covered persons by granting them access, as required by the Freedom of Information Act, 5 U.S.C. 552, and the Privacy Act of 1974, 5 U.S.C. 552a, to certain records and information of the CFPB. It will also benefit consumers and covered persons by protecting the confidentiality of sensitive information that pertains to them and which the CFPB receives or generates during the course of its work. The interim final rule will not impose any obligations on consumers or covered persons and it does not have any direct relevance to consumers’ access to consumer financial products and services. Although the interim final rule allows the CFPB to disclose confidential information outside of the CFPB in certain instances, such disclosures are largely required by the Act or are consistent with disclosure practices of the other federal financial regulatory agencies. Any costs that may ensue from such disclosures are likely to be minimal because the rule restricts the circumstances under which confidential information may be disclosed, the permissible recipients of such disclosed information, the further disclosure and dissemination of such information by its recipients, and in many instances, the rule requires prior 2 Section 1022(b)(2)(A) addresses the consideration of the potential benefits and costs of regulation to consumers and industry, including the potential reduction of access by consumers to consumer financial products or services; the impact of proposed rules on depository institutions and credit unions with $10 billion or less in total assets as described in Section 1026 of the Dodd-Frank Act; and the impact on consumers in rural areas. E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations notice of disclosure to affected persons. Moreover, the sharing of confidential information that the interim final rule contemplates is necessary for the CFPB—along with other federal and state agencies that share the CFPB’s responsibilities regarding the supervision of financial institutions and the enforcement of consumer financial laws—to fulfill these responsibilities effectively, efficiently, and to the overall benefit of consumers and covered persons alike. The CFPB has consulted with the prudential regulators and the Department of Housing and Urban Development, including with regard to the consistency of such rules with the prudential, market, or systemic objectives administered by such agencies. List of Subjects in 12 CFR Part 1070 Confidential business information, consumer protection, freedom of information, privacy. For the reasons set forth above, the Bureau of Consumer Financial Protection amends Chapter X in Title 12 of the Code of Federal Regulations by adding a new part 1070 to read as follows: TITLE 12—BANKS AND BANKING CHAPTER X—BUREAU OF CONSUMER FINANCIAL PROTECTION PART 1070—DISCLOSURE OF RECORDS AND INFORMATION rmajette on DSK89S0YB1PROD with RULES3 Subpart A—General Provisions and Definitions Sec. 1070.1 Authority, purpose and scope. 1070.2 General definitions. 1070.3 Custodian of records; certification; alternative authority. 1070.4 Records of the CFPB not to be otherwise disclosed. Subpart B—Freedom of Information Act 1070.10 General. 1070.11 Information made available; discretionary disclosures. 1070.12 Publication in the Federal Register. 1070.13 Public inspection and copying. 1070.14 Requests for CFPB records. 1070.15 Responsibility for responding to requests for CFPB records. 1070.16 Timing of responses to requests for CFPB records. 1070.17 Requests for expedited processing. 1070.18 Responses to requests for CFPB records. 1070.19 Classified information. 1070.20 Requests for business information provided to the CFPB. 1070.21 Administrative appeals. 1070.22 Fees for processing requests for CFPB records. VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 45377 1070.23 Authority and responsibilities of the Chief FOIA Officer. Subpart A—General Provisions and Definitions Subpart C—Disclosure of CFPB Information in Connection With Legal Proceedings § 1070.1 1070.30 Purpose and scope; definitions. 1070.31 Service of summonses and complaints. 1070.32 Service of subpoenas, court orders, and other demands for CFPB information or action. 1070.33 Testimony and production of documents prohibited unless approved by the General Counsel. 1070.34 Procedure when testimony or production of documents is sought; general. 1070.35 Procedure when response to demand is required prior to receiving instructions. 1070.36 Procedure in the event of an adverse ruling. 1070.37 Considerations in determining whether the CFPB will comply with a demand or request. 1070.38 Prohibition on providing expert or opinion testimony. Subpart D—Confidential Information 1070.40 Purpose and scope. 1070.41 Non-disclosure of confidential information. 1070.42 Disclosure of confidential supervisory information to and by supervised financial institutions. 1070.43 Disclosure of confidential information to law enforcement agencies and other government agencies. 1070.44 Disclosure of confidential consumer complaint information. 1070.45 Affirmative disclosure of confidential information. 1070.46 Other disclosures of confidential information. 1070.47 Other rules regarding the disclosure of confidential information. Subpart E—Privacy Act 1070.50 Purpose and scope; definitions. 1070.51 Authority and responsibilities of the Chief Privacy Officer. 1070.52 Fees. 1070.53 Request for access to records. 1070.54 CFPB procedures for responding to a request for access. 1070.55 Special procedures for medical records. 1070.56 Request for amendment of records. 1070.57 CFPB review of a request for amendment of records. 1070.58 Appeal of adverse determination of request for access or amendment. 1070.59 Restrictions on disclosure. 1070.60 Exempt records. 1070.61 Training; rules of conduct; penalties for non-compliance. 1070.62 Preservation of records. 1070.63 Use and collection of Social Security numbers. Authority: 12 U.S.C. 3401; 12 U.S.C. 5481 et seq.; 5 U.S.C. 552; 5 U.S.C. 552a; 18 U.S.C. 1905; 18 U.S.C. 641; 44 U.S.C. ch. 30; 5 U.S.C. 301. PO 00000 Frm 00007 Fmt 4701 Sfmt 4700 Authority, purpose, and scope. (a) Authority. (1) This part is issued by the Bureau of Consumer Financial Protection, an independent Bureau within the Federal Reserve System, pursuant to the Consumer Financial Protection Act of 2010, 12 U.S.C. 5481 et seq.; the Freedom of Information Act, 5 U.S.C. 552; the Privacy Act of 1974, 5 U.S.C. 552a; the Federal Records Act, 44 U.S.C. 3101; the Paperwork Reduction Act, 44 U.S.C. 3510; the Right to Financial Privacy Act of 1978, 12 U.S.C. 3401; the Trade Secrets Act, 18 U.S.C. 1905; 18 U.S.C. 641; and any other applicable law that establishes a basis for the exercise of governmental authority by the CFPB. (2) This part establishes mechanisms for carrying out the CFPB’s statutory responsibilities under the statutes in paragraph (a)(1) of this section to the extent those responsibilities require the disclosure, production, or withholding of information. In this regard, the CFPB has determined that the CFPB, and its delegates, may disclose information of the CFPB, in accordance with the procedures set forth in this part, whenever it is necessary or appropriate to do so in the exercise of any of the CFPB’s authority. The CFPB has determined that all such disclosures, made in accordance with the rules and procedures specified in this part, are authorized by law. (b) Purpose and scope. This part contains the CFPB’s rules relating to the disclosure of records and information generated by and obtained by the CFPB. (1) Subpart A contains general provisions and definitions used in this part. (2) Subpart B implements the Freedom of Information Act, 5 U.S.C. 552. (3) Subpart C sets forth the procedures with respect to subpoenas, orders, or other requests for CFPB information in connection with legal proceedings. (4) Subpart D provides for the protection of confidential information and procedures for sharing confidential information with supervised institutions, government agencies, and others in certain circumstances. (5) Subpart E implements the Privacy Act of 1974, 5 U.S.C. 552a. § 1070.2 General definitions. For purposes of this part: (a) Business day means any day except Saturday, Sunday or a legal federal holiday. (b) CFPB means the Bureau of Consumer Financial Protection. E:\FR\FM\28JYR3.SGM 28JYR3 rmajette on DSK89S0YB1PROD with RULES3 45378 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations (c) Chief FOIA Officer means the Chief Operating Officer of the CFPB, or any CFPB employee to whom the Chief Operating Officer has delegated authority to act under this part. (d) Chief Operating Officer means the Chief Operating Officer of the CFPB, or any CFPB employee to whom the Chief Operating Officer has delegated authority to act under this part. (e) Civil investigative demand material means any documentary material, written report, or answers to questions, tangible thing, or transcript of oral testimony received by the CFPB in any form or format pursuant to a civil investigative demand, as those terms are set forth in 12 U.S.C. 5562, or received by the CFPB voluntarily in lieu of a civil investigative demand. (f) Confidential information means confidential consumer complaint information, confidential investigative information, and confidential supervisory information, as well as any other CFPB information that may be exempt from disclosure under the Freedom of Information Act pursuant to 5 U.S.C. 552(b). Confidential information does not include information contained in records that have been made publicly available by the CFPB or information that has otherwise been publicly disclosed by an employee with the authority to do so. (g) Confidential consumer complaint information means information received or generated by the CFPB, pursuant to 12 U.S.C. 5493 and 5534, that comprises or documents consumer complaints or inquiries concerning financial institutions or consumer financial products and services and responses thereto, to the extent that such information is exempt from disclosure pursuant to 5 U.S.C. 552(b). (h) Confidential investigative information means: (1) Civil investigative demand material; and (2) Any documentary material prepared by, on behalf of, received by, or for the use by the CFPB or any other federal or state agency in the conduct of an investigation of or enforcement action against a person, and any information derived from such documents. (i)(1) Confidential supervisory information means: (i) Reports of examination, inspection and visitation, non-public operating, condition, and compliance reports, and any information contained in, derived from, or related to such reports; (ii) Any documents, including reports of examination, prepared by, or on behalf of, or for the use of the CFPB or any other federal, state, or foreign VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 government agency in the exercise of supervisory authority over a financial institution, and any information derived from such documents; (iii) any communications between the CFPB and a supervised financial institution or a federal, state, or foreign government agency related to the CFPB’s supervision of the institution; (iv) Any information provided to the CFPB by a financial institution to enable the CFPB to monitor for risks to consumers in the offering or provision of consumer financial products or services, or to assess whether an institution should be considered a covered person, as that term is defined by 12 U.S.C. 5481; and/or (v) Information that is exempt from disclosure pursuant to 5 U.S.C. 552(b)(8). (2) Confidential supervisory information does not include documents prepared by a financial institution for its own business purposes and that the CFPB does not possess. (j) Director means the Director of the CFPB or his or her designee, or a person authorized to perform the functions of the Director in accordance with law. (k) Employee means all current employees or officials of the CFPB, including employees of contractors and any other individuals who have been appointed by, or are subject to the supervision, jurisdiction, or control of the Director, as well as the Director. The procedures established within this part also apply to former employees where specifically noted. (l) Financial institution means any person involved in the offering or provision of a ‘‘financial product or service,’’ including a ‘‘covered person’’ or ‘‘service provider,’’ as those terms are defined by 12 U.S.C. 5481. (m) General Counsel means the General Counsel of the CFPB or any CFPB employee to whom the General Counsel has delegated authority to act under this part. (n) Person means an individual, partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity. (o) Report of examination means the report prepared by the CFPB concerning the examination or inspection of a supervised financial institution. (p) Supervised financial institution means a financial institution subject to the CFPB’s supervisory authority. § 1070.3 Custodian of records; certification; alternative authority. (a) Custodian of records. The Chief Operating Officer is the official PO 00000 Frm 00008 Fmt 4701 Sfmt 4700 custodian of all records of the CFPB, including records that are in the possession or control of the CFPB or any CFPB employee. (b) Certification of record. The Chief Operating Officer may certify the authenticity of any CFPB record or any copy of such record, for any purpose, and for or before any duly constituted federal or state court, tribunal, or agency. (c) Alternative authority. Any action or determination required or permitted to be done by the Chief Operating Officer may be done by any employee who has been duly designated for this purpose by the Chief Operating Officer. § 1070.4 Records of the CFPB not to be otherwise disclosed. Except as provided by this part, employees or former employees of the CFPB, or others in possession of a record of the CFPB that the CFPB has not already made public, are prohibited from disclosing such records, without authorization, to any person who is not an employee of the CFPB. Subpart B—Freedom of Information Act § 1070.10 General. This subpart contains the regulations of the CFPB implementing the Freedom of Information Act (the ‘‘FOIA’’), 5 U.S.C. 552, as amended. These regulations set forth procedures for requesting access to records maintained by the CFPB. These regulations should be read together with the FOIA, the 1987 Office of Management and Budget Guidelines for FOIA Fees, the CFPB’s Privacy Act regulations set forth in subpart E, and the FOIA webpage on the CFPB’s Web site, https:// www.consumerfinance.gov, which provide additional information about this topic. § 1070.11 Information made available; discretionary disclosures. (a) In general. The FOIA provides for public access to information and records developed or maintained by federal agencies. Generally, the FOIA divides agency information into three major categories and provides methods by which each category of information is to be made available to the public. The three major categories of information are as follows: (1) Information required to be published in the Federal Register (see section 1070.12 of this subpart); (2) Information required to be made available for public inspection and copying or, in the alternative, to be published and offered for sale (see section 1070.13 of this subpart); and E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations (3) Information required to be made available to any member of the public upon specific request (see sections 1070.14 through 1070.22 of this subpart). (b) Discretionary disclosures. Even though a FOIA exemption may apply to the information or records requested, the CFPB may, if not precluded by law, elect under the circumstances not to apply the exemption. The fact that the exemption is not applied by the CFPB in response to a particular request shall have no precedential significance in processing other requests, but is merely an indication that, in the processing of the particular request, the CFPB finds no necessity for applying the exemption. (c) Disclosures of records frequently requested. Subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall make publicly available, as provided by section 1070.13 of this subpart, all records regardless of form or format, which have been released previously to any person under 5 U.S.C. 552(a)(3) and sections 1070.14 through 1070.22 of this subpart, and which the CFPB determines have become or are likely to become the subject of subsequent requests for substantially the same records because they are clearly of interest to the public at large. When the CFPB receives three (3) or more requests for substantially the same records, then the CFPB shall also make the released records publicly available. rmajette on DSK89S0YB1PROD with RULES3 § 1070.12 Register. Publication in the Federal (a) Requirement. The CFPB shall separately state, publish and maintain current in the Federal Register for the guidance of the public the following information: (1) Descriptions of its central and field organization and the established place at which, the persons from whom, and the methods whereby, the public may obtain information, make submissions or requests, or obtain decisions; (2) Statements of the general course and method by which its functions are channeled and determined, including the nature and requirements of all formal and informal procedures available; (3) Rules of procedure, descriptions of forms available or the places at which forms may be obtained, and instructions as to the scope and contents of all papers, reports, or examinations; (4) Substantive rules of general applicability adopted as authorized by law, and statements of general policy or interpretations of general applicability VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 formulated and adopted by the CFPB; and (5) Each amendment, revision, or repeal of matters referred to in paragraphs (a)(1) through (4) of this section. (b) Exceptions. Publication of the information under clause (a) of this subpart shall be subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)) and the limitations provided in 5 U.S.C. 552(a)(1). § 1070.13 Public inspection and copying. (a) In general. Subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall, in conformance with 5 U.S.C. 552(a)(2), make available for public inspection and copying, including by posting on the CFPB’s Web site, https://www.consumerfinance.gov, or, in the alternative, promptly publish and offer for sale the following information: (1) Final opinions, including concurring and dissenting opinions, and orders made in the adjudication of cases; (2) Those statements of policy and interpretations which have been adopted by the CFPB but are not published in the Federal Register; (3) Its administrative staff manuals and instructions to staff that affect a member of the public; (4) Copies of all records made publicly available pursuant to section 1070.11 of this subpart; and (5) A general index of the records referred to in paragraph (a)(4) of this section. (b) Information made available online. For records required to be made available for public inspection and copying pursuant to 5 U.S.C. 552(a)(2) (paragraphs (a)(1) through (4) of this section), as soon as practicable, the CFPB shall make such records available on its e-FOIA Library, located at https://www.consumerfinance.gov. (c) Record availability at the on-site eFOIA Library. Any member of the public may, upon request, access the CFPB’s eFOIA Library via a computer terminal at 1801 L Street, NW., Washington, DC 20036. Such a request may be made by electronic means as set forth on the CFPB’s Web site, https:// www.consumerfinance.gov, or in writing, to the Chief FOIA Officer, Bureau of Consumer Financial Protection, 1801 L Street, NW., Washington, DC 20036. The request must indicate a preferred date and time for the requested access. The CFPB reserves the right to arrange a different PO 00000 Frm 00009 Fmt 4701 Sfmt 4700 45379 date and time with the requester, if necessary. (d) Redaction of identifying details. To prevent a clearly unwarranted invasion of personal privacy, the CFPB may redact identifying details contained in any matter described in paragraphs (a)(1) through (4) of this section before making such matters available for inspection or publication. The justification for the redaction shall be explained fully in writing, and the extent of such redaction shall be indicated on the portion of the record which is made available or published, unless including that indication would harm an interest protected by the exemption in 5 U.S.C. 552(b) under which the redaction is made. If technically feasible, the extent of the redaction shall be indicated at the place in the record where the redaction is made. § 1070.14 Requests for CFPB records. (a) In general. Subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall promptly make its records available to any person pursuant to a request that conforms to the rules and procedures of this section. (b) Form of request. A request for records of the CFPB shall be made in writing or by electronic means. (1) If a request is made in writing, it shall be addressed to the Chief FOIA Officer, Bureau of Consumer Financial Protection, 1801 L Street, NW., Washington, DC 20036. The request shall be labeled ‘‘Freedom of Information Act Request.’’ (2) If a request is made by electronic means, it shall be submitted as set forth on the CFPB’s Web site, https:// www.consumerfinance.gov. The request shall be labeled ‘‘Freedom of Information Act Request.’’ (c) Content of request. (1) In order to ensure the CFPB’s ability to respond in a timely manner, a FOIA request should describe the records that the requester seeks in sufficient detail to enable CFPB personnel to locate them with a reasonable amount of effort. Whenever possible, the request should include specific information about each record sought, such as the date, title or name, author, recipient, and subject matter of the record. If known, the requester should include any file designations or descriptions for the records requested. As a general rule, the more specific the requester is about the records or type of records requested, the more likely the CFPB will be able to locate those records in response to the request; (2) In order to ensure the CFPB’s ability to communicate effectively with E:\FR\FM\28JYR3.SGM 28JYR3 rmajette on DSK89S0YB1PROD with RULES3 45380 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations the requester, a request should include contact information for the requester, including, to the extent available, a mailing address, telephone number, and e-mail address at which the CFPB may contact the requester regarding the request; (3) The request should state whether the requester wishes to inspect the records or desires to receive an electronic copy or have a copy made and furnished without first inspecting the records; (4) For the purpose of determining any fees that may apply to processing a request, a requester should indicate in the request whether the requester is a commercial user, an educational institution, non-commercial scientific institution, representative of the news media, governmental entity, or ‘‘other’’ requester, as those terms are defined in section 1070.22(b) of this subpart, and the basis for claiming that fee category. Requesters may seek assistance in determining the appropriate fee category by contacting the CFPB’s FOIA Public Liaison at the telephone number listed on the CFPB’s Web site, https:// www.consumerfinance.gov. The CFPB will use any information provided to the FOIA Public Liaison solely for the purpose of determining the appropriate fee category that applies to the requester; (5) If a requester seeks a waiver or reduction of fees associated with processing a request, then the request shall include a statement to that effect as is required by section 1070.22(e) of this subpart. Any request that does not seek a waiver or reduction of fees constitutes an agreement of the requester to pay any and all fees (of up to $25) that may apply to the request, as otherwise set forth in section 1070.22 of this subpart, except that the requester may specify in the request an upper limit (of not less than $25) that the requester is willing to pay to process the request; and (6) If a requester seeks expedited processing of a request, then the request must include a statement to that effect as is required by section 1070.17 of this subpart. (d) Perfected requests; effect of request deficiencies. For purposes of computing its deadline to respond to a request, the CFPB will deem itself to have received a request only if, and on the date that, it receives a request that contains all of the information required by and that otherwise conforms with paragraphs (b) and (c) of this section. A request that another agency refers to the CFPB will be deemed to have been received by the CFPB on the date the request was received from the referring VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 agency. The CFPB need not accept a request, process a request, or be bound by any deadlines in this subpart for processing a request that fails to conform to the requirements of paragraphs (b) and (c) of this section. If a request is deficient in any material respect, then the CFPB may return it to the requester and advise the requester in what respect the request is deficient, and what additional information is needed to respond to the request. The requester may then amend or resubmit the request. A determination by the CFPB that a request is deficient in any respect is not a denial of a request for records and such determinations are not subject to appeal. If a requester fails to respond to a CFPB notification that a request is deficient within thirty (30) days of the CFPB’s notification, the CFPB will deem the request withdrawn. (e) Requests by an individual for CFPB records pertaining to that individual. An individual who wishes to inspect or obtain copies of records of the Bureau that pertain to that individual shall file a request in accordance with subpart E of these rules. (f) Requests for CFPB records pertaining to another individual. Where a request for records pertains to a third party, a requester may receive greater access by submitting either a notarized authorization signed by that individual or a declaration by that individual made in compliance with the requirements set forth in 28 U.S.C. 1746 authorizing disclosure of the records to the requester, or submits proof that the individual is deceased (e.g., a copy of a death certificate or an obituary). The CFPB may require a requester to supply additional information if necessary in order to verify that a particular individual has consented to disclosure. § 1070.15 Responsibility for responding to requests for CFPB records. (a) In general. In determining which records are responsive to a request, the CFPB ordinarily will include only records in its possession as of the date the CFPB begins its search for them. If any other date is used, the CFPB shall inform the requester of that date. (b) Authority to grant or deny requests. The Chief FOIA Officer shall be authorized to grant or deny any request for a record of the CFPB. (c) Consultations and referrals. (1) When a requested record has been created by an agency other than the CFPB, the CFPB shall refer the record to the originating agency for a direct response to the requester. (2) When a FOIA request is received for a record created by the CFPB that PO 00000 Frm 00010 Fmt 4701 Sfmt 4700 includes information originated by another agency, the CFPB shall consult the originating agency for review and recommendation on disclosure. The CFPB shall not release any such records without prior consultation with the originating agency. (d) Notice of referral. Whenever the CFPB refers all or any part of the responsibility for responding to a request to another agency, it will notify the requester of the referral and inform the requester of the name of each agency to which the request has been referred, in whole or in part. § 1070.16 Timing of responses to requests for CFPB records. (a) In general. Except as set forth in paragraphs (b) through (d) of this section, and § 1070.17 of this subpart, the CFPB shall respond to requests according to their order of receipt. (b) Multitrack processing. (1) The CFPB may establish separate tracks to process simple and complex requests. The CFPB may assign a request to the simple or complex track(s) based on the amount of work and/or time needed to process the request. The CFPB shall process requests in each track based on the date the request was perfected in accordance with section 1070.14(d). (2) The CFPB may provide a requester in its complex track with an opportunity to limit the scope of the request to qualify for faster processing within the specified limits of the simple track(s). (c) Time period for responding to requests for records. Ordinarily, the CFPB shall have twenty (20) business days from when a request is received by the CFPB to determine whether to grant or deny a request for records. The twenty (20) business day time period set forth in this paragraph shall not be tolled by the CFPB except that the CFPB may: (1) Make one reasonable demand to the requester for clarifying information about the request and toll the twenty (20) business day time period while it awaits the clarifying information; or (2) Toll the twenty (20) business day time period while it awaits clarification from or addresses any dispute with the requester regarding the assessment of fees. (d) Unusual circumstances. (1) Where the CFPB determines that due to unusual circumstances it cannot respond either to a request within the time period set forth in paragraph (c) of this section or to an appeal within the time period set forth in § 1070.21 of this subpart, the CFPB may extend the applicable time periods by informing the requester in writing of the unusual circumstances and of the date by which E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations the CFPB expects to complete its processing of the request or appeal. Any extension or extensions of time with respect to a request or an appeal shall not cumulatively total more than ten (10) business days. However, if the CFPB determines that it needs additional time beyond a ten (10) business day extension to process the request or appeal, then the CFPB shall notify the requester and provide the requester with an opportunity to limit the scope of the request or appeal or to arrange for an alternative time frame for processing the request or appeal or a modified request or appeal. The requester shall retain the right to define the desired scope of the request or appeal, as long as it meets the requirements contained in this subpart. (2) As used in this paragraph, unusual circumstances means: (i) The need to search for and collect the requested records from field facilities or other establishments that are separate from the office processing the request; (ii) The need to search for, collect, and appropriately examine a voluminous amount of separate and distinct records which are demanded in a single request; or (iii) The need for consultation, which shall be conducted with all practicable speed, with another agency having a substantial interest in the determination of the request, or among two or more CFPB offices having substantial subject matter interest therein. rmajette on DSK89S0YB1PROD with RULES3 § 1070.17 Requests for expedited processing. (a) In general. The CFPB shall process a request on an expedited basis whenever a requester demonstrates a compelling need for expedited processing in accordance with the requirements of this paragraph. (b) Form and content of a request for expedited processing. A request for expedited processing shall be made as follows: (1) A request for expedited processing shall be made in writing or by electronic means and submitted as part of a request for records in accordance with section 1070.14(b). When a request for records includes a request for expedited processing, the request shall be labeled ‘‘Expedited Processing Requested.’’ (2) A request for expedited processing shall contain a statement that demonstrates a compelling need for the requester to obtain expedited processing of the requested records. A compelling need is defined as follows: (i) Failure to obtain the requested records on an expedited basis could VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 reasonably be expected to pose an imminent threat to the life or physical safety of an individual. The requester shall fully explain the circumstances warranting such an expected threat so that the CFPB may make a reasoned determination that a delay in obtaining the requested records could pose such a threat; or (ii) With respect to a request made by a person primarily engaged in disseminating information, urgency to inform the public concerning actual or alleged federal government activity. A person ‘‘primarily engaged in disseminating information’’ does not include individuals who are engaged only incidentally in the dissemination of information. The standard of ‘‘urgency to inform’’ requires that the records requested pertain to a matter of current exigency to the American public and that delaying a response to a request for records would compromise a significant recognized interest to and throughout the American general public. The requester must adequately explain the matter or activity and why the records sought are necessary to be provided on an expedited basis. (3) The requester shall certify the written statement that purports to demonstrate a compelling need for expedited processing to be true and correct to the best of the requester’s knowledge and belief. The certification must be in the form prescribed by 28 U.S.C. 1746: ‘‘I declare under penalty of perjury that the foregoing is true and correct to the best of my knowledge and belief. Executed on [date].’’ The requester shall mail or submit electronically a copy of such written certification to the Chief FOIA Officer as set forth in Section 1070.14(b) of this subpart. The CFPB may waive this certification requirement in appropriate circumstances. (c) Determinations of requests for expedited processing. Within ten (10) calendar days of its receipt of a request for expedited processing, the CFPB shall decide whether to grant it and shall notify the requester of the determination in writing. (d) Effect of granting requests for expedited processing. If the CFPB grants a request for expedited processing, then the CFPB shall give the expedited request priority over non-expedited requests and shall process the expedited request as soon as practicable. The CFPB may assign expedited requests to their own simple and complex processing tracks based upon the amount of work and/or time needed to process them. Within each such track, an expedited request shall be processed in the order of its receipt. PO 00000 Frm 00011 Fmt 4701 Sfmt 4700 45381 (e) Appeals of denials of requests for expedited processing. If the CFPB denies a request for expedited processing, then the requester shall have the right to submit an appeal of the denial determination in accordance with section 1070.21 of this subpart. The CFPB shall communicate this appeal right as part of its written notification to the requester denying expedited processing. The requester shall label its appeal request ‘‘Appeal for Expedited Processing.’’ The CFPB shall act expeditiously upon an appeal of a denial of a request for expedited processing. § 1070.18 records. Responses to requests for CFPB (a) Acknowledgements of requests. Upon receipt of a perfected request, the CFPB will assign to the request a unique tracking number. The CFPB will send an acknowledgement letter to the requester by mail or email within ten (10) calendar days of receipt of the request. The acknowledgment letter will contain the following information: (1) The applicable request tracking number; (2) The date of receipt of the request, as determined in accordance with section 1070.14(d) of this subpart, as well as the date when the requester may expect a response; (3) A brief statement identifying the subject matter of the request; and (4) A confirmation, with respect to any fees that may apply to the request pursuant to section 1070.22 of this subpart, that the requester has sought a waiver or reduction in such fees, has agreed to pay any and all applicable fees, or has specified an upper limit (of not less than $25) that the requester is willing to pay in fees to process the request. (b) Initial determination to grant or deny a request. (1) The officer designated in section 1070.15(b) to this subpart, or his or her delegate, shall make initial determinations either to grant or to deny in whole or in part requests for records. (2) If the request is granted in full or in part, and if the requester requests a copy of the records requested, then a copy of the records shall be mailed or emailed to the requester in the requested format, to the extent the records are readily produceable in the requested format. The CFPB shall also send the requester a statement of the applicable fees, either at the time of the determination or shortly thereafter. (3) In the case of a request for inspection, the requester shall be notified in writing of the determination, when and where the requested records E:\FR\FM\28JYR3.SGM 28JYR3 45382 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations may be inspected, and of the fees incurred in complying with the request. The CFPB shall then promptly make the records available for inspection at the time and place stated, in a manner that will not interfere with CFPB’s operations and will not exclude other persons from making inspections. The requester shall not be permitted to remove the records from the room where inspection is made. If, after making inspection, the requester desires copies of all or a portion of the requested records, copies shall be furnished upon payment of the established fees prescribed by section 1070.22 of this subpart. Fees may be charged for search and review time as stated in section 1070.22 of this subpart. (4) If it is determined that the request for records should be denied in whole or in part, the requester shall be notified by mail or by email. The letter of notification shall: (i) State the exemptions relied upon in denying the request; (ii) If technically feasible, indicate the amount of information deleted and the exemptions under which the deletion is made at the place in the record where such deletion is made (unless providing such indication would harm an interest protected by the exemption relied upon to deny such material); (iii) Set forth the name and title or position of the responsible official; (iv) Advise the requester of the right to administrative appeal in accordance with § 1070.21 of this subpart; and (v) Specify the official or office to which such appeal shall be submitted. (5) If it is determined, after a reasonable search for records, that no responsive records have been found to exist, the requester shall be notified in writing or by email. The notification shall also advise the requester of the right to administratively appeal the CFPB’s determination that no responsive records exist (i.e., to challenge the adequacy of the CFPB’s search for responsive records) in accordance with section 1070.21 of this subpart. The response shall specify the official or office to which the appeal shall be submitted for review. rmajette on DSK89S0YB1PROD with RULES3 § 1070.19 Classified information. Whenever a request is made for a record containing information that another agency has classified, or which may be appropriate for classification by another agency under Executive Order 13526 or any other executive order concerning the classification of information, the CFPB shall refer the responsibility for responding to the request to the classifying or originating agency, as appropriate. VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 § 1070.20 Requests for business information provided to the CFPB. (a) In general. Business information provided to the CFPB by a business submitter shall not be disclosed pursuant to a FOIA request except in accordance with this section. (b) Definitions. For purposes of this section: (1) Business information. means commercial or financial information obtained by the CFPB from a submitter that may be protected from disclosure under Exemption 4 of the FOIA, 5 U.S.C. 552(b)(4). (2) Submitter. means any person from whom the CFPB obtains business information, directly or indirectly. The term includes, without limitation, corporations, state, local, and tribal governments, and foreign governments. (c) Designation of business information. A submitter of business information will use good-faith efforts to designate, by appropriate markings, either at the time of submission or at a reasonable time thereafter, any portions of its submission that it considers to be protected from disclosure under Exemption 4 of the FOIA. These designations will expire ten (10) years after the date of the submission unless the submitter requests otherwise and provides justification for, a longer designation period. (d) Notice to submitters. The CFPB shall provide a submitter with prompt written notice of receipt of a request or appeal encompassing its business information whenever required in accordance with paragraph (e) of this section. Such written notice shall either describe the exact nature of the business information requested or provide copies of the records or portions of records containing the business information. When notification of a voluminous number of submitters is required, notification may be made by posting or publishing the notice in a place reasonably likely to accomplish it. (e) When notice is required. (1) The CFPB shall provide a submitter with notice of receipt of a request or appeal whenever: (i) The information has been designated in good faith by the submitter as information considered protected from disclosure under Exemption 4; or (ii) The CFPB has reason to believe that the information may be protected from disclosure under Exemption 4. (2) The notice requirements of this subsection shall not apply if: (i) The CFPB determines that the information is exempt under the FOIA; PO 00000 Frm 00012 Fmt 4701 Sfmt 4700 (ii) The information lawfully has been published or otherwise made available to the public; (iii) Disclosure of the information is required by statute (other than the FOIA) or by a regulation issued in accordance with the requirements of Executive Order 12600 (3 CFR, 1988 Comp., p. 235); or (iv) The designation made by the submitter under paragraph (1)(i) appears obviously frivolous, except that, in such a case, the CFPB shall, within a reasonable time prior to a specified disclosure date, give the submitter written notice of any final decision to disclose the information. (f) Opportunity to object to disclosure. (1) Through the notice described in paragraph (d) of this section, the CFPB shall afford a submitter ten (10) business days from the date of the notice to provide the CFPB with a detailed statement of any objection to disclosure. Such statement shall specify all grounds for withholding any of the information under any exemption of the FOIA and, in the case of Exemption 4, shall demonstrate why the information is considered to be a trade secret or commercial or financial information that is privileged or confidential. In the event that a submitter fails to respond to the notice within the time specified in it, the submitter shall be considered to have no objection to disclosure of the information. Information provided by a submitter pursuant to this paragraph may itself be subject to disclosure under the FOIA. (2) When notice is given to a submitter under this section, the requester shall be advised that such notice has been given to the submitter. The requester shall be further advised that a delay in responding to the request may be considered a denial of access to records and that the requester may proceed with an administrative appeal or seek judicial review, if appropriate. However, the requester will be invited to agree to a voluntary extension of time so that the CFPB may review the submitter’s objection to disclose, if any. (g) Notice of intent to disclose. The CFPB shall consider carefully a submitter’s objections and specific grounds for nondisclosure prior to determining whether to disclose business information. Whenever the CFPB decides to disclose business information over the objection of a submitter, the CFPB shall forward to the submitter a written notice which shall include: (1) A statement of the reasons for which the submitter’s disclosure objections were not sustained; E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations (2) A description of the business information to be disclosed; and (3) A specified disclosure date which is not less than ten (10) business days after the notice of the final decision to release the requested information has been mailed to the submitter. Except as otherwise prohibited by law, a copy of the disclosure notice shall be forwarded to the requester at the same time. (h) Notice to submitter of FOIA lawsuit. Whenever a requester brings suit seeking to compel disclosure of business information, the CFPB shall promptly notify the submitter of that business information of the existence of the suit. (i) Notice to requester of business information. The CFPB shall notify a requester whenever it provides the submitter with notice and an opportunity to object to disclosure; whenever it notifies the submitter of its intent to disclose the requested information; and whenever a submitter files a lawsuit to prevent the disclosure of the information. rmajette on DSK89S0YB1PROD with RULES3 § 1070.21 Administrative appeals. (a) Grounds for administrative appeals. A requester may appeal an initial determination of the CFPB, including for the following reasons: (1) To deny access to records in whole or in part (as provided in section 1070.18(b) of this subpart); (2) To assign a particular fee category to the requestor (as provided in section 1070.22(b) of this subpart); (3) To deny a request for a reduction or waiver of fees (as provided in section 1070.22(e) of this subpart); (4) That no records exist that are responsive to the request (as provided in section 1070.18(b) of this subpart); or (5) To deny a request for expedited processing (as provided in section 1070.17(e) of this subpart). (b) Time limits for filing administrative appeals. An appeal, other than an appeal of a denial of expedited processing, must be postmarked or submitted electronically on a date that is within forty-five (45) calendar days of the date of the initial determination or the date of the letter transmitting the last records released, whichever is later. An appeal of a denial of expedited processing must be made within ten (10) days of the date of the initial determination letter to deny expedited processing (see section 1070.17 of this subpart). (c) Form and content of administrative appeals. In order to ensure a timely response to an appeal, the appeal shall be made in writing or by electronic means as follows: VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 (1) If appeal is made in writing, it shall be addressed to and submitted to the officer specified in paragraph (e) of this section at the address set forth in § 1070.14(b) of this subpart. The appeal shall be labeled ‘‘Freedom of Information Act Appeal.’’ (2) If an appeal is made by electronic means, it shall be addressed to the officer specified in paragraph (e) of this section and submitted as set forth on the CFPB’s Web site, https:// www.consumerfinance.gov. The appeal shall be labeled ‘‘Freedom of Information Act Appeal.’’ (3) The appeal shall set forth contact information for the requester, including, to the extent available, a mailing address, telephone number, or email address at which the CFPB may contact the requester regarding the appeal; and (4) The appeal shall specify the applicable request tracking number, the date of the initial request, and the date of the letter of initial determination, and, where possible, enclose a copy of the initial request and the initial determination being appealed. (d) Processing of administrative appeals. Appeals will be stamped with the date of their receipt by the FOIA response office, and will be processed in the order of their receipt. The receipt of the appeal will be acknowledged by the CFPB and the requester will be advised of the date the appeal was received, the appeal tracking number, and the expected date of response. (e) Determinations to grant or deny administrative appeals. The General Counsel is authorized to and shall decide whether to affirm the initial determination (in whole or in part) or to reverse the initial determination (in whole or in part) and shall notify the requester of this decision in writing within twenty (20) business days after the date of receipt of the appeal, unless extended pursuant to section 1070.16(d) of this subpart. (1) If it is decided that the appeal is to be denied (in whole or in part) the requester shall be: (i) Notified in writing of the denial; (ii) Notified of the reasons for the denial, including which of the FOIA exemptions were relied upon; (iii) Notified of the name and title or position of the official responsible for the determination on appeal; (iv) Provided with a statement that judicial review of the denial is available in the United States District Court for the judicial district in which the requester resides or has a principal place of business, the judicial district in which the requested records are located, or the District of Columbia in PO 00000 Frm 00013 Fmt 4701 Sfmt 4700 45383 accordance with 5 U.S.C. 552(a)(4)(B); and (v) Provided with notification that mediation services are available to the requester as a non-exclusive alternative to litigation through the Office of Government Information Services in accordance with 5 U.S.C. 552(h)(3). (2) If the initial determination is reversed on appeal, the requester shall be so notified and the request shall be processed promptly in accordance with the decision on appeal. (f) Adjudication of administrative appeals of requests in litigation. An appeal ordinarily will not be adjudicated if the request becomes a matter of FOIA litigation. § 1070.22 Fees for processing requests for CFPB records. (a) In general. The CFPB shall determine whether and to what extent to charge a requester fees for processing a FOIA request, for the services and in the amounts set forth in this paragraph, by determining an appropriate fee category for the requester (as set forth in paragraph (b) of this section) and then by charging the requester those fees applicable to the assigned category (as set forth in paragraph (c) of this section), unless circumstances exist (as described in paragraph (d) of this section) that render fees inapplicable or inadvisable or unless the requester has requested and the CFPB has granted a reduction in or waiver of fees (as set forth in paragraph (e) of this section). (1) The CFPB shall charge a requester fees for the cost of copying records at rates set forth on the CFPB’s Web site, https://www.consumerfinance.gov. (2) The CFPB shall charge a requester for all time spent by its employees searching for records that are responsive to a request. The CFPB shall charge the requester fees for search time as follows: (i) The CFPB shall charge for search time at the salary rate(s) (basic pay plus sixteen (16) percent) of the employee(s) who conduct the search. However, where a single class of employee is used exclusively (e.g., all administrative/ clerical, or all professional/executive), an average rate for the range of grades typically involved may be established. This charge shall include transportation of employees and records necessary to the search at actual cost. Fees may be charged for search time even if the search does not yield any responsive records, or if records are exempt from disclosure. (ii) The CFPB shall charge the requester for the actual direct cost of the search, including computer search time, runs, and the operator’s salary. The fee for computer output will be the actual E:\FR\FM\28JYR3.SGM 28JYR3 rmajette on DSK89S0YB1PROD with RULES3 45384 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations direct cost. For a requester in the ‘‘all other’’ category, when the cost of the search (including the operator time and the cost of operating the computer to process a request) equals the equivalent dollar amount of two hours of the salary of the person performing the search (i.e., the operator), the charge for the computer search will begin. (3) The CFPB shall charge a requester for time spent by its employees examining responsive records to determine whether any portions of such record are exempt from disclosure, pursuant to the FOIA exemptions of 5 U.S.C. 552(b). The CFPB shall also charge a requester for time spent by its employees redacting any such exempt information from a record and preparing a record for release to the requester. The CFPB shall charge a requester for time spent reviewing records at the salary rate(s) (i.e., basic pay plus sixteen (16) percent) of the employees who conduct the review. However, when a single class of employee is used exclusively (e.g., all administrative/clerical, or all professional/executive), an average rate for the range of grades typically involved may be established. Fees shall be charged for review time even if records ultimately are not disclosed. (4) Fees for all services provided shall be charged whether or not copies are made available to the requester for inspection. However, no fee shall be charged for monitoring a requester’s inspection of records. (5) Other services and materials requested which are not covered by this part nor required by the FOIA are chargeable at the actual cost to the CFPB. This includes, but is not limited to: (i) Certifying that records are true copies; or (ii) Sending records by special methods such as express mail, etc. (b) Categories of requesters. (1) For purposes of assessing fees as set forth in this section, each requester shall be assigned to one of the following categories: (i) Commercial user refers to one who seeks information for a use or purpose that furthers the commercial, trade, or profit interests of the requester or the person on whose behalf the request is made, which can include furthering those interests through litigation. The CFPB may determine from the use specified in the request that the requester is a commercial user. (ii) Educational institution refers to a preschool, a public or private elementary or secondary school, an institution of graduate higher education, an institution of undergraduate higher education, an institution of professional VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 education, and an institution of vocational education, which operates a program or programs of scholarly research. (iii) Non-commercial scientific institution refers to an institution that is not operated on a ‘‘commercial user’’ basis as that term is defined in paragraph (b)(2)(i) of this section, and which is operated solely for the purpose of conducting scientific research, the results of which are not intended to promote any particular product or industry. (iv) Representative of the news media refers to any person or entity that gathers information of potential interest to a segment of the public, uses its editorial skills to turn the raw materials into a distinct work, and distributes that work to an audience. In this subparagraph, the term ‘‘news’’ means information that is about current events or that would be of current interest to the public. Examples of news-media entities are television or radio stations broadcasting to the public at large and publishers of periodicals (but only if such entities qualify as disseminators of ‘‘news’’) who make their products available for purchase by or subscription by or free distribution to the general public. Other examples of news media entities include online publications and Web sites that regularly deliver news content to the public. These examples are not allinclusive. Moreover, as methods of news delivery evolve (for example, the adoption of the electronic dissemination of newspapers through telecommunications services), such alternative media shall be considered to be news-media entities. A freelance journalist shall be regarded as working for a news-media entity if the journalist can demonstrate a solid basis for expecting publication through that entity, whether or not the journalist is actually employed by the entity. A publication contract would present a solid basis for such an expectation; the CFPB may also consider the past publication record of the requester in making such a determination. (v) Other requester refers to a requester who does not fall within any of the previously described categories. (2) Within twenty (20) calendar days of its receipt of a request, the CFPB shall make a determination as to the proper fee category to apply to a requester. The CFPB shall inform the requester of the determination in the request acknowledgment letter, or if no such letter is required, in writing. The CFPB shall base its determination upon a review of the requester’s submission and the CFPB’s own records. Where the PO 00000 Frm 00014 Fmt 4701 Sfmt 4700 CFPB has reasonable cause to doubt the use to which a requester will put the records sought, or where that use is not clear from the request itself, the CFPB should seek additional clarification before assigning the request to a specific category. (3) If the CFPB assigns to a requester a fee category, then the requester shall have the right to submit an appeal of the CFPB’s determination in accordance with section 1070.21 of this subpart. The CFPB shall communicate this appeal right as part of its written notification to the requester of an adverse fee category determination. The requester shall label its appeal request ‘‘Appeal of Fee Category Determination.’’ (c) Fees applicable to each category of requester. The following fee schedule applies uniformly throughout the CFPB to requests processed under the FOIA. Specific levels of fees are prescribed for each category of requester defined in paragraph (b) of this section. (1) Commercial users shall be charged the full direct costs of searching for, reviewing, and duplicating the records they request. Moreover, when a request is received for disclosure that is primarily in the commercial interest of the requester, the CFPB is not required to consider a request for a waiver or reduction of fees based upon the assertion that disclosure would be in the public interest. The CFPB may recover the cost of searching for and reviewing records even if there is ultimately no disclosure of records or no records are located. (2) Educational and non-commercial scientific institution requesters shall be charged only for the cost of duplicating the records they request, except that the CFPB shall provide the first one hundred (100) pages of duplication free of charge. To be eligible, requesters must show that the request is made under the auspices of a qualifying institution and that the records are not sought for a commercial use, but are sought in furtherance of scholarly (if the request is from an educational institution) or scientific (if the request is from a non-commercial scientific institution) research. These categories do not include requesters who want records for use in meeting individual academic research or study requirements. (3) Representatives of the news media shall be charged only for the cost of duplicating the records they request, except that the CFPB shall provide them with the first one hundred (100) pages of duplication free of charge. (4) Other requesters who do not fit any of the categories described above E:\FR\FM\28JYR3.SGM 28JYR3 rmajette on DSK89S0YB1PROD with RULES3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations shall be charged the full direct cost of searching for and duplicating records that are responsive to the request, except that the CFPB shall provide the first one hundred (100) pages of duplication and the first two hours of search time free of charge. The CFPB may recover the cost of searching for records even if there is ultimately no disclosure of records, or no records are located. Requests from persons for records about themselves filed in the CFPB’s systems of records shall continue to be treated under the fee provisions of the Privacy Act of 1974, 5 U.S.C. 552a, which permit fees only for duplication, after the first one hundred (100) pages are furnished free of charge. (d) Other circumstances when fees are not charged. Notwithstanding paragraphs (b) and (c) of this section, the CFPB may not charge a requester a fee for processing a FOIA request if any of the following applies: (1) The cost of collecting a fee would be equal to or greater than the fee itself; (2) The fees were waived or reduced in accordance with paragraph (e) of this section; (3) If the CFPB fails to comply with any time limit under §§ 1070.16 or 1070.21 of this subpart, and no unusual circumstances (as that term is defined in § 1070.16(d)) or exceptional circumstances apply to the processing of the request, then the CFPB shall not assess search fees, or if the requester is an educational or noncommercial scientific institution, then the CFPB shall not assess duplication fees. The term exceptional circumstances does not include a delay that results from a predictable CFPB workload of requests, unless the CFPB demonstrates reasonable progress in reducing its backlog of pending requests; or (4) If the CFPB determines, as a matter of administrative discretion, that waiving or reducing the fees would serve the interest of the United States Government. (e) Waiver or reduction of fees. (1) A requester shall be entitled to receive from the CFPB a waiver or reduction in the fees otherwise applicable to a FOIA request whenever the requester: (i) Requests such waiver or reduction of fees in writing or by electronic means as part of the FOIA request; (ii) Labels the request for waiver or reduction of fees ‘‘Fee Waiver or Reduction Requested’’ on the FOIA request; and (iii) Demonstrates that the fee reduction or waiver request that a waiver or reduction of the fees is in the public interest because: (A) Furnishing the information is likely to contribute significantly to VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 public understanding of the operations or activities of the government; and (B) Furnishing the information is not primarily in the commercial interest of the requester. (2) To determine whether the requester has satisfied the requirements of paragraph (e)(1)(ii)(A), the CFPB shall consider the following factors: (i) The subject of the requested records must concern identifiable operations or activities of the federal government, with a connection that is direct and clear, and not remote or attenuated. (ii) The disclosable portions of the requested records must be meaningfully informative about government operations or activities in order to be ‘‘likely to contribute’’ to an increased public understanding of those operations or activities. The disclosure of information that already is in the public domain, in either a duplicative or a substantially similar form, is not as likely to contribute to the public’s understanding. (iii) The disclosure must contribute to the understanding of a reasonably broad audience of persons interested in the subject, as opposed to the individual understanding of the requester. A requester’s expertise in the subject area and ability and intention to effectively convey information to the public shall be considered. It shall be presumed that a representative of the news media will satisfy this consideration. (iv) The public’s understanding of the subject in question, as compared to the level of public understanding existing prior to the disclosure, must be enhanced by the disclosure to a significant extent. (3) To determine whether the requester has satisfied the requirements of paragraph (e)(1)(ii)(B), the CFPB shall consider the following factors: (i) The CFPB shall consider any commercial interest of the requester (with reference to the definition of commercial user in (b)(1)(i) of this section), or of any person on whose behalf the requester may be acting, that would be furthered by the requested disclosure. Requesters shall be given an opportunity in the administrative process to provide explanatory information regarding this consideration. (ii) A fee waiver or reduction is justified where the public interest standard is satisfied and that public interest is greater in magnitude than that of any identified commercial interest in disclosure. The CFPB ordinarily shall presume that where a news media requester has satisfied the public interest standard, the public interest PO 00000 Frm 00015 Fmt 4701 Sfmt 4700 45385 will be the interest primarily served by disclosure to that requester. Disclosure to data brokers or others who merely compile and market government information for direct economic return shall not be presumed to primarily serve the public interest. (4) Where only some of the records to be released satisfy the requirements for a waiver of fees, a waiver shall be granted for those records. (5) The CFPB shall decide whether to grant or deny a request to reduce or waive fees prior to processing a request. The CFPB shall notify the requester of the determination in writing. (6) If the CFPB denies a request to reduce or waive fees, then the CFPB shall advise the requester, in the denial notification letter, that the requester may incur fees if the CFPB proceeds to process the request. The notification letter shall also advise the requester that the CFPB will not proceed to process the request further unless the requester, in writing, directs the CFPB to do so and either agrees to pay any fees that may apply to processing the request or specifies an upper limit (of not less than $25) that the requester is willing to pay to process the request. If the CFPB does not receive this written direction and agreement/specification within thirty (30) calendar days of the date of the denial notification letter, then the CFPB shall deem the request to be withdrawn. (7) If the CFPB denies a request to reduce or waive fees, then the requester shall have the right to submit an appeal of the denial determination in accordance with section 1070.21 of this subpart. The CFPB shall communicate this appeal right as part of its written notification to the requester denying the fee reduction or waiver request. The requester should label its appeal request ‘‘Appeal for Fee Reduction/Waiver.’’ (f) Advance notice and prepayment of fees. (1) When the CFPB estimates the fees for processing a request to exceed the limit set by the requester, and that amount is less than $250, or the requester did not specify a limit and the amount is less than $250, the requester shall be notified of the estimated fees, and provided a breakdown of the fees attributable to search, review, and duplication, respectively. The requester must provide an agreement to pay the estimated fees; however, the requester shall also be given an opportunity to reformulate the request in an attempt to reduce fees. (2) If the requester has failed to state a limit and the fees are estimated to exceed $250, the requester shall be notified of the estimated fees and provided a breakdown of the fees attributable to search, review, and E:\FR\FM\28JYR3.SGM 28JYR3 rmajette on DSK89S0YB1PROD with RULES3 45386 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations duplication, respectively. The requester must pre-pay such amount prior to the processing of the request, or provide satisfactory assurance of full payment if the requester has a history of prompt payment of FOIA fees. The requester shall also be given an opportunity to reformulate the request in such a way as to lower the applicable fees. (3) The CFPB reserves the right to request prepayment after a request is processed and before documents are released. (4) If a requester has previously failed to pay a fee within thirty (30) calendar days of the date of the billing, the requester shall be required to pay the full amount owed plus any applicable interest and to make an advance payment of the full amount of the estimated fee before the CFPB begins to process a new request or the pending request. (5) When the CFPB acts under paragraphs (f)(1) through (4) of this section, the statutory time limits of twenty (20) days (excluding Saturdays, Sundays, and legal public holidays) from receipt of initial requests or appeals, plus extensions of these time limits, shall begin only after fees have been paid, a written agreement to pay fees has been provided, or a request has been reformulated. (g) Form of payment. Payment may be tendered as set forth on the CFPB’s Web site, https://www.consumerfinance.gov. (h) Charging interest. The CFPB may charge interest on any unpaid bill starting on the 31st day following the date of billing the requester. Interest charges will be assessed at the rate provided in 31 U.S.C. 3717 and will accrue from the date of the billing until payment is received by the CFPB. The CFPB will follow the provisions of the Debt Collection Act of 1982 (Public Law 97–365, 96 Stat. 1749), as amended, and its administrative procedures, including the use of consumer reporting agencies, collection agencies, and offset. (i) Aggregating requests. Where the CFPB reasonably believes that a requester or a group of requesters acting together is attempting to divide a request into a series of requests for the purpose of avoiding fees, the CFPB may aggregate those requests and charge accordingly. The CFPB may presume that multiple requests of this type made within a thirty (30) day period have been made in order to avoid fees. Where requests are separated by a longer period, the CFPB will aggregate them only where there exists a solid basis for determining that aggregation is warranted under all the circumstances involved. Multiple requests involving unrelated matters will not be aggregated. VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 § 1070.23 Authority and responsibilities of the Chief FOIA Officer. (a) Chief FOIA Officer. The Director authorizes the Chief FOIA Officer to act upon all requests for agency records, with the exception of determining appeals from the initial determinations of the Chief FOIA Officer, which will be decided by the General Counsel. The Chief FOIA officer shall, subject to the authority of the Director: (1) Have agency-wide responsibility for efficient and appropriate compliance with the FOIA; (2) Monitor implementation of the FOIA throughout the CFPB and keep the Director and the General Counsel, and the Attorney General appropriately informed of the CFPB’s performance in implementing the FOIA; (3) Recommend to the Director such adjustments to agency practices, policies, personnel and funding as may be necessary to improve the Chief FOIA Officer’s implementation of the FOIA; (4) Review and report to the Attorney General, through the Director, at such times and in such formats as the Attorney General may direct, on the CFPB’s performance in implementing the FOIA; (5) Facilitate public understanding of the purposes of the statutory exemptions of the FOIA by including concise descriptions of the exemptions in both the agency’s handbook and the agency’s annual report on the FOIA, and by providing an overview, where appropriate, of certain general categories of agency records to which those exemptions apply; and (6) Designate one or more FOIA Public Liaisons. (b) FOIA Public Liaisons. FOIA Public Liaisons shall report to the Chief FOIA Officer and shall serve as supervisory officials to whom a requester can raise concerns about the service the requester has received from the CFPB’s FOIA office, following an initial response from the FOIA office staff. FOIA Public Liaisons shall be responsible for assisting in reducing delays, increasing transparency and understanding of the status of requests, and assisting in the resolution of disputes. Subpart C—Disclosure of CFPB Information in Connection With Legal Proceedings § 1070.30 Purpose and scope; definitions. (a) This subpart sets forth the procedures to be followed with respect to: (1) Service of summonses and complaints directed to the CFPB, the Director, or to any CFPB employee in connection with federal or state PO 00000 Frm 00016 Fmt 4701 Sfmt 4700 litigation arising out of or involving the performance of official activities of the CFPB; and (2) Subpoenas, court orders, or other requests or demands for any CFPB information, whether contained in the files of the CFPB or acquired by a CFPB employee as part of the performance of that employee’s duties or by virtue of employee’s official status. (b) This subpart does not apply to requests for official information made pursuant to subparts B, D, and E of this part. (c) This subpart does not apply to requests for information made in the course of adjudicating any claims against the CFPB by CFPB employees (present or former), or applicants for CFPB employment, for which jurisdiction resides with the U.S. Equal Employment Opportunity Commission, the U.S. Merit Systems Protection Board, the Office of Special Counsel, the Federal Labor Relations Authority, or their successor agencies, or a labor arbitrator operating under a collective bargaining agreement between the CFPB and a labor organization representing CFPB employees, or their successor agencies. (d) This subpart is intended only to inform the public about CFPB procedures concerning the service of process and responses to subpoenas, summons, or other demands or requests for official information or action and is not intended to and does not create, and may not be relied upon to create any right or benefit, substantive or procedural, enforceable at law by a party against the CFPB or the United States. (e) For purposes of this subpart, and except as the CFPB may otherwise determine in a particular case: (1) Demand means a subpoena or order for official information, whether contained in CFPB records or through testimony, related to or for possible use in a legal proceeding. (2) Legal proceeding encompasses all pre-trial, trial, and post-trial stages of all judicial or administrative actions, hearings, investigations, or similar proceedings before courts, commissions, boards, grand juries, or other judicial or quasi-judicial bodies or tribunals, whether criminal, civil, or administrative in nature, and whether foreign or domestic. This phrase includes all stages of discovery as well as formal or informal requests by attorneys or others involved in legal proceedings. (3) Official Information means all information of any kind, however stored, that is in the custody and control of the CFPB or was acquired by CFPB E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations employees, or former employees as part of their official duties or because of their official status while such individuals were employed by or served on behalf of the CFPB. Official information also includes any information acquired by CFPB employees or former employees while such individuals were engaged in matters related to consumer financial protection functions prior to the employees’ transfer to the CFPB pursuant to Subtitle F of the Consumer Financial Protection Act of 2010. (4) Request means any request for official information in the form of testimony, affidavits, declarations, admissions, responses to interrogatories, document production, inspections, or formal or informal interviews, during the course of a legal proceeding, including pursuant to the Federal Rules of Civil Procedure, the Federal Rules of Criminal Procedure, or other applicable rules of procedure. (5) Testimony means a statement in any form, including personal appearances before a court or other legal tribunal, interviews, depositions, telephonic, televised, or videographed statements or any responses given during discovery or similar proceeding in the course of litigation. rmajette on DSK89S0YB1PROD with RULES3 § 1070.31 Service of summonses and complaints. (a) Only the General Counsel is authorized to receive and accept summonses or complaints sought to be served upon the CFPB or CFPB employees sued in their official capacity. Such documents should be delivered to the Office of the General Counsel, Bureau of Consumer Financial Protection, 1801 L Street, NW., Washington, DC 20036. This authorization for receipt shall in no way affect the requirements of service elsewhere provided in applicable rules and regulations. (b) If, notwithstanding paragraph (a) of this section, any summons or complaint described in that paragraph is delivered to an employee of the CFPB, the employee shall decline to accept the proffered service and may notify the person attempting to make service of the regulations set forth herein. If, notwithstanding this instruction, an employee accepts service of a document described in paragraph (a), the employee shall immediately notify and deliver a copy of the summons and complaint to the General Counsel. (c) When a CFPB employee is sued in an individual capacity for an act or omission occurring in connection with duties performed on behalf of the CFPB (whether or not the officer or employee is also sued in an official capacity), the VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 employee by law is to be served personally with process. See Fed. R. Civ. P. 4(i)(3). An employee sued in an individual capacity for an act or omission occurring in connection with duties performed on behalf of the CFPB shall immediately notify, and deliver a copy of the summons and complaint to, the General Counsel. (d) The CFPB will only accept service of process for an employee sued in his or her official capacity. Documents for which the General Counsel accepts service in official capacity shall be stamped ‘‘Service Accepted in Official Capacity Only.’’ Acceptance of service shall not constitute an admission or waiver with respect to jurisdiction, propriety of service, improper venue, or any other defense in law or equity available under applicable laws or rules. § 1070.32 Service of subpoenas, court orders, and other demands for CFPB information or action. (a) Except in cases in which the CFPB is represented by legal counsel who have entered an appearance or otherwise given notice of their representation, only the General Counsel is authorized to receive and accept subpoenas or other demands or requests directed to the CFPB or its employees, whether civil or criminal in nature, for: (1) Records of the CFPB; (2) Official information including, but not limited to, testimony, affidavits, declarations, admissions, responses to interrogatories, or informal statements, relating to material contained in the files of the CFPB or which any CFPB employee acquired in the course and scope of the performance of his or her official duties; (3) Garnishment or attachment of compensation of current or former employees; or (4) The performance or nonperformance of any official CFPB duty. (b) Documents described in paragraph (a) should be directed to the Office of the General Counsel, Bureau of Consumer Financial Protection, 1801 L Street, NW., Washington, DC 20036. This authorization for receipt shall in no way affect the requirements of service elsewhere provided in applicable rules and regulations. Acceptance of such documents by the General Counsel does not constitute a waiver of any defense that might otherwise exist with respect to service under the Federal Rules of Civil or Criminal Procedure or other applicable laws or regulations. (c) In the event that any demand or request described in paragraph (a) is sought to be delivered to a CFPB employee other than in the manner PO 00000 Frm 00017 Fmt 4701 Sfmt 4700 45387 prescribed in paragraph (b) of this section, such employee shall, after consultation with the General Counsel, decline service and direct the server of process to these regulations. If the demand or request is nonetheless delivered to the employee, the employee shall immediately notify, and deliver a copy of that document to, the General Counsel. (d) Except as otherwise provided in this subpart, the CFPB is not an agent for service, or otherwise authorized to accept on behalf of its employees, any subpoenas, orders, or other demands of federal or state courts, or requests from individuals or attorneys, which are not related to the employees’ official duties except upon the express, written authorization of the individual CFPB employee to whom such demand or request is directed. (e) Copies of any subpoenas, show cause orders, or other demands of federal or state courts, or requests from private individuals or attorneys that are directed to former employees of the CFPB in connection with legal proceedings arising out of the performance of official duties shall also be served upon General Counsel. The CFPB shall not, however, serve as an agent for service for the former employee, nor is the CFPB otherwise authorized to accept service on behalf of its former employees. If the demand involves their official duties as CFPB employees, former employees who receive subpoenas, show cause orders, or similar compulsory process of federal or state courts should also notify, and deliver a copy of the document to, the General Counsel. § 1070.33 Testimony and production of documents prohibited unless approved by the General Counsel. (a) Unless authorized by the General Counsel, no employee or former employee of the CFPB shall, in response to a demand or a request provide oral or written testimony by deposition, declaration, affidavit, or otherwise concerning any official information. (b) Unless authorized by the General Counsel, no employee or former employee shall, in response to a demand or request, produce any document or any material acquired as part of the performance of that employee’s duties or by virtue of that employee’s official status. § 1070.34 Procedure when testimony or production of documents is sought; general. (a) If, as part of a proceeding in which the United States or the CFPB is not a party, official information is sought E:\FR\FM\28JYR3.SGM 28JYR3 45388 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations through a demand for testimony, CFPB records, or other material, the party seeking such information must (except as otherwise required by federal law or authorized by the General Counsel) set forth in writing: (1) The title and forum of the proceeding, if applicable; (2) A detailed description of the nature and relevance of the official information sought; (3) A showing that other evidence reasonably suited to the requester’s needs is not available from any other source; and (4) If testimony is requested, the intended use of the testimony, a general summary of the desired testimony, and a showing that no document could be provided and used in lieu of testimony. (b) To the extent he or she deems necessary or appropriate, the General Counsel may also require from the party seeking such information a plan of all reasonably foreseeable demands, including but not limited to the names of all employees and former employees from whom discovery will be sought, areas of inquiry, expected duration of proceedings requiring oral testimony, identification of potentially relevant documents, or any other information deemed necessary to make a determination. The purpose of this requirement is to assist the General Counsel in making an informed decision regarding whether testimony or the production of documents or material should be authorized. (c) The General Counsel may consult or negotiate with an attorney for a party, or the party if not represented by an attorney, to refine or limit a request or demand so that compliance is less burdensome. (d) The General Counsel will notify the CFPB employee and such other persons as circumstances may warrant of his or her decision regarding compliance with the request or demand. rmajette on DSK89S0YB1PROD with RULES3 § 1070.35 Procedure when response to demand is required prior to receiving instructions. (a) If a response to a demand described in section 1070.34 of this subpart is required before the General Counsel renders a decision, the CFPB will request that the appropriate CFPB attorney or an attorney of the Department of Justice, as appropriate, take steps to stay, postpone, or obtain relief from the demand pending decision. If necessary, the attorney will: (1) Appear with the employee upon whom the demand has been made; (2) Furnish the court or other authority with a copy of the regulations contained in this subpart; VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 (3) Inform the court or other authority that the demand has been, or is being, as the case may be, referred for the prompt consideration of the appropriate CFPB official; and (4) Respectfully request the court or authority to stay the demand pending receipt of the requested instructions. (b) In the event that an immediate demand for production or disclosure is made in circumstances which would preclude the proper designation or appearance of an attorney of the CFPB or the Department of Justice on the employee’s behalf, the employee, if necessary, shall respectfully request from the demanding court or authority a reasonable stay of proceedings for the purpose of obtaining instructions from the General Counsel. § 1070.36 Procedure in the event of an adverse ruling. If a stay or, or other relief from, the effect of a demand made pursuant to sections 1070.34 and 1070.35 of this subpart is declined or not obtained, or if the court or other judicial or quasijudicial authority declines to stay the effect of the demand made pursuant to sections 1070.34 and 1070.35 of this subpart, or if the court or other authority rules that the demand must be complied with irrespective of the General Counsel’s instructions not to produce the material or disclose the information sought, the employee upon whom the demand has been made shall respectfully decline to comply with the demand citing this subpart and United States ex rel. Touhy v. Ragen, 340 U.S. 462 (1951). § 1070.37 Considerations in determining whether the CFPB will comply with a demand or request. (a) In deciding whether to comply with a demand or request, CFPB officials and attorneys shall consider, among other pertinent considerations: (1) Whether such compliance would be unduly burdensome or otherwise inappropriate under the applicable rules of discovery or the rules of procedure governing the case or matter in which the demand arose; (2) Whether the number of similar requests would have a cumulative effect on the expenditure of CFPB resources; (3) Whether compliance is appropriate under the relevant substantive law concerning privilege or disclosure of information; (4) The public interest; (5) The need to conserve the time of CFPB employees for the conduct of official business; (6) The need to avoid spending time and money of the United States for private purposes; PO 00000 Frm 00018 Fmt 4701 Sfmt 4700 (7) The need to maintain impartiality between private litigants in cases where a substantial government interest is not implicated; (8) Whether compliance would have an adverse effect on performance by the CFPB of its mission and duties; and (9) The need to avoid involving the CFPB in controversial issues not related to its mission. (b) Among those demands and requests in response to which compliance will not ordinarily be authorized are those with respect to which any of the following factors, inter alia, exist: (1) Compliance would violate a statute or applicable rule of procedure; (2) Compliance would violate a specific regulation or Executive order; (3) Compliance would reveal information properly classified in the interest of national security; (4) Compliance would reveal confidential or privileged commercial or financial information or trade secrets without the owner’s consent; (5) Compliance would compromise the integrity of the deliberative processes of the CFPB; (6) Compliance would not be appropriate or necessary under the relevant substantive law governing privilege; (7) Compliance would reveal confidential information; or (8) Compliance would interfere with ongoing investigations or enforcement proceedings, compromise constitutional rights, or reveal the identity of a confidential informant. (c) The CFPB may condition disclosure of official information pursuant to a request or demand on the entry of an appropriate protective order. § 1070.38 Prohibition on providing expert or opinion testimony. (a) Except as provided in this section, and subject to 5 CFR 2635.805, CFPB employees or former employees shall not provide opinion or expert testimony based upon information which they acquired in the scope and performance of their official CFPB duties, except on behalf of the CFPB or the United States or a party represented by the CFPB, or the Department of Justice, as appropriate. (b) Any expert or opinion testimony by a former employee of the CFPB shall be excepted from paragraph (a) of this section where the testimony involves only general expertise gained while employed at the CFPB. (c) Upon a showing by the requestor of exceptional need or unique circumstances and that the anticipated testimony will not be adverse to the E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations interests of the United States, the General Counsel may, consistent with 5 CFR 2635.805, exercise his or her discretion to grant special, written authorization for CFPB employees, or former employees, to appear and testify as expert witnesses at no expense to the United States. (d) If, despite the final determination of the General Counsel, a court of competent jurisdiction or other appropriate authority orders the appearance and expert or opinion testimony of a current or former CFPB employee, that person shall immediately inform the General Counsel of such order. If the General Counsel determines that no further legal review of or challenge to the court’s order will be made, the CFPB employee, or former employee, shall comply with the order. If so directed by the General Counsel, however, the employee, or former employee, shall respectfully decline to testify. (c) Disclosure of materials derived from confidential information. Nothing in this subpart shall limit the discretion of the CFPB to disclose materials that it derives from or creates using confidential information to the extent that such materials do not identify, either directly or indirectly, any particular person to whom the confidential information pertains. (d) Disclosability of confidential information provided to the CFPB by other agencies. Nothing in this subpart requires or authorizes the CFPB to disclose confidential information that another agency has provided to the CFPB to the extent that such disclosure contravenes applicable law or the terms of any agreement that exists between the CFPB and the agency to govern the CFPB’s treatment of information that the agency provides to the CFPB. Subpart D—Confidential Information (a) Discretionary disclosure of confidential supervisory information to supervised financial institutions. The CFPB may in its discretion, and to the extent consistent with applicable law, disclose confidential supervisory information concerning a supervised financial institution to that institution. (b) Disclosure of confidential supervisory information by supervised financial institution. (1) Any supervised financial institution lawfully in possession of confidential supervisory information of the CFPB pursuant to this section may disclose such information, or portions thereof, to its directors, officers, and employees, and to its parent company, if any, and its parent company’s directors, officers, and employees, to the extent that the disclosure of such confidential supervisory information is relevant to the performance of such individuals’ assigned duties. (2) Any supervised financial institution lawfully in possession of confidential supervisory information of the CFPB pursuant to this section may disclose such information, or portions thereof, to any certified public accountant, legal counsel, or consultant employed by the supervised financial institution or its parent company, if any, provided that the supervised financial institution shall: (i) Take reasonable steps to ensure that such certified public accountant, legal counsel, or consultant does not utilize, make or retain copies of, or disclose confidential supervisory information for any purpose, without the prior written approval of the CFPB’s General Counsel, except as is necessary § 1070.40 Purpose and scope. This subpart does not apply to requests for official information made pursuant to subparts B, C, or E of this part. rmajette on DSK89S0YB1PROD with RULES3 § 1070.41 Non-disclosure of confidential information. (a) Non-disclosure. Except as required by law or as provided in this part, no employee or former employee of the CFPB, or any other person in possession of confidential information, shall disclose such confidential information by any means (including written or oral communications) or in any format (including paper and electronic formats), to: (1) Any person who is not an employee of the CFPB; or (2) Any CFPB employee when the disclosure of such confidential information to that employee is not relevant to the performance of the employee’s assigned duties. (b) Disclosures to contractors and consultants. Nothing in this subpart shall limit the discretion of the CFPB to provide confidential information to consultants or contractors retained by the CFPB, provided that such consultants or contractors agree in writing to treat such confidential information in accordance with these rules, federal laws and regulations that apply to federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity, as well as any additional conditions or limitations that the CFPB may impose. VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 § 1070.42 Disclosure of confidential supervisory information to and by supervised financial institutions. PO 00000 Frm 00019 Fmt 4701 Sfmt 4700 45389 to provide advice to the supervised financial institution, its parent company, or the officers, directors, and employees of such supervised financial institution and parent company; and (ii) Maintain a written account of all disclosures of confidential supervisory information that the supervised financial institution makes to its certified public accountant, legal counsel, or consultant, as well as steps it has taken to comply with paragraph (b)(2)(i) of this section, and provide the CFPB with a copy of such written account upon request or demand of the CFPB. § 1070.43 Disclosure of confidential information to law enforcement agencies and other government agencies. (a) Required disclosure of confidential information to government agencies. The CFPB shall: (1) Disclose a draft of a report of examination of a supervised financial institution prior to its finalization, in accordance with 12 U.S.C. 5515(e)(1)(C), and disclose a final report of examination, including any and all revisions made to such a report, to a federal or state agency with jurisdiction over that supervised financial institution, provided that the CFPB receives from the agency reasonable assurances as to the confidentiality of the information disclosed; and (2) Disclose confidential consumer complaint information to a federal or state agency to facilitate preparation of reports to Congress required by 12 U.S.C. 5493(b)(3)(C) and to facilitate the CFPB’s supervision and enforcement activities and its monitoring of the market for consumer financial products and services, provided that the agency shall first give written assurance to the CFPB that it will maintain such information in a manner that conforms to the standards that apply to federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity. (b) Discretionary disclosure of confidential information to government agencies. (1) Upon receipt of a written request that contains the information required by paragraph (b)(2) of this paragraph, the CFPB may, in its sole discretion, disclose confidential information to a federal or state agency to the extent that disclosure of the information is relevant to the exercise of the agency’s statutory or regulatory authority or, with respect to the disclosure of confidential supervisory information, to a federal or state agency having jurisdiction over a supervised financial institution. E:\FR\FM\28JYR3.SGM 28JYR3 45390 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations (2) To obtain access to confidential information pursuant to paragraph (b)(1) of this section, an authorized officer or employee of the agency shall submit a written request to the General Counsel, who shall act upon the request in consultation with the CFPB’s Associate Director for Supervision and Enforcement or other appropriate CFPB personnel. The request shall include the following: (i) A description of the particular information, kinds of information, and where possible, the particular documents to which access is sought; (ii) A statement of the purpose for which the information will be used; (iii) A statement identifying the agency’s legal authority for requesting the documents; (iv) A statement as to whether the requested disclosure is permitted or restricted in any way by applicable law or regulation; and (v) A commitment that the agency will maintain the requested confidential information in a manner that conforms to the standards that apply to federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity, as well as any additional conditions or limitations that the CFPB may impose. (c) State requests for information other than confidential information. A request or demand by a state agency for information or records of the CFPB other than confidential information shall be made and considered in accordance with the rules set forth elsewhere in this part. (d) Negotiation of standing requests. The CFPB may negotiate terms governing the exchange of confidential information with federal or state agencies on a standing basis, as appropriate. § 1070.44 Disclosure of confidential consumer complaint information. rmajette on DSK89S0YB1PROD with RULES3 Nothing in this part shall limit the discretion of the CFPB, to the extent permitted by law, to disclose confidential consumer complaint information as it deems necessary to investigate, resolve, or otherwise respond to consumer complaints or inquiries concerning financial institutions or consumer financial products and services. (a) The CFPB may disclose confidential investigative information and other confidential information, in accordance with applicable law, as follows: 15:57 Jul 27, 2011 Jkt 223001 § 1070.46 Other disclosures of confidential information. (a) To the extent permitted by law and as authorized by the Director in writing, the CFPB may disclose confidential information other than as set forth in this subpart. (b) Prior to disclosing confidential information pursuant to paragraph (a) of this section, the CFPB may, as it deems appropriate under the circumstances, provide written notice to the person to whom the confidential information pertains that the CFPB intends to disclose its confidential information in accordance with this section. (c) The authority of the Director to disclosure confidential information pursuant to paragraph (a) shall not be delegated. However, a person authorized to perform the functions of the Director in accordance with law may exercise the authority of the Director as set forth in this section. § 1070.47 Other rules regarding the disclosure of confidential information. § 1070.45 Affirmative disclosure of confidential information. VerDate Mar<15>2010 (1) To a CFPB employee, as that term is defined in § 1070.2 of this part and in accordance with § 1070.41 of this subpart; (2) To either House of the Congress or to an appropriate committee or subcommittee of the Congress, as provided by 12 U.S.C. 5562(d)(2); (3) In investigational hearings and witness interviews, as is reasonably necessary, at the discretion of the CFPB; (4) In an administrative or court proceeding to which the CFPB is a party. In the case of confidential investigatory material that contains any trade secret or privileged or confidential commercial or financial information, as claimed by designation by the submitter of such material, or confidential supervisory information, the submitter may seek an appropriate protective or in camera order prior to disclosure of such material in a proceeding; (5) To law enforcement and other government agencies in accordance with this subpart; or (6) As required under any other applicable law. (a) Further disclosure prohibited. (1) All confidential information made available under this subpart shall remain the property of the CFPB, unless the General Counsel provides otherwise in writing. (2) Except as set forth in this section, no supervised financial institution, federal or state agency, any officer, director, employee or agent thereof, or any other person to whom the confidential information is made available under this subpart, may PO 00000 Frm 00020 Fmt 4701 Sfmt 4700 further disclose such confidential information without the prior written permission of the General Counsel. (3) A supervised financial institution, federal or state agency, any officer, director, employee or agent thereof, or any other person to whom the CFPB’s confidential information is made available under this subpart, that receives from a third party a legally enforceable demand or request for such confidential information (including but not limited to, a subpoena or discovery request or a request made pursuant to the Freedom of Information Act, 5 U.S.C. 552, the Privacy Act of 1974, 5 U.S.C. 552a, or any state analogue to such statutes) should: (i) Inform the General Counsel of such request or demand in writing and provide the General Counsel with a copy of such request or demand as soon as practicable after receiving it; (ii) In the case of a request made pursuant to the Freedom of Information Act, 5 U.S.C. 552, the Privacy Act, 5 U.S.C. 552a, or any state analogue to such statutes, advise the requester that: (A) The confidential information sought may not be disclosed insofar as it is the property of the CFPB; and (B) Any request for the disclosure of such confidential information is properly directed to the CFPB pursuant to its regulations set forth in this part. (iii) In the case of all other types of requests or demands, consult with the General Counsel before complying with the request or demand, and to the extent applicable: (A) Give the CFPB a reasonable opportunity to respond to the demand or request; (B) Assert all reasonable and appropriate legal exemptions or privileges that the CFPB may request be asserted on its behalf; and (C) Consent to a motion by the CFPB to intervene in any action for the purpose of asserting and preserving any claims of confidentiality with respect to any confidential information. (4) Nothing in this section shall prevent a supervised financial institution, federal or state agency, any officer, director, employee or agent thereof, or any other person to whom the information is made available under this subpart from complying with a legally valid and enforceable United States federal court order compelling production of the CFPB’s confidential information or, if compliance is deemed compulsory, with a request or demand from either House of the Congress or a duly authorized committee of the Congress. To the extent that compulsory disclosure of confidential information occurs as set forth in this paragraph, the E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations producing party shall use its best efforts to ensure that the requestor secures an appropriate protective order or, if the requestor is a legislative body, use its best efforts to obtain the commitment or agreement of the legislative body that it will maintain the confidentiality of the confidential information. (5) No person obtaining access to confidential information pursuant to this subpart may make a personal copy of any such information, and no person may remove confidential information from the premises of the institution or agency in possession of such information except as permitted by specific language in this regulation or by the CFPB. (b) Additional conditions and limitations. The CFPB may impose any additional conditions or limitations on disclosure or use under this subpart that it determines are necessary. (c) Non-waiver. The provision by the CFPB of any confidential information pursuant to this subpart does not constitute a waiver, or otherwise affect, any privilege any agency or person may claim with respect to such information under federal law. (5) Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voiceprint or a photograph; (6) Routine use means the disclosure of a record that is compatible with the purpose for which it was collected; (7) System of records means a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual; and (8) Statistical record means a record in a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making any determination about an identifiable individual, except as provided by 13 U.S.C. 8. Subpart E—The Privacy Act The Chief Privacy Officer is authorized to: (a) Respond to requests for access to, accounting of, or amendment of records contained in a system of records maintained by the CFPB; (b) Approve the publication of new systems of records and amend existing systems of record; and (c) File any necessary reports related to the Privacy Act. rmajette on DSK89S0YB1PROD with RULES3 § 1070.50 Purpose and scope; definitions. (a) This subpart implements the provisions of the Privacy Act of 1974, 5 U.S.C. 552a (the ‘‘Privacy Act’’). The regulations apply to all records maintained by the CFPB and which are retrieved by an individual’s name or personal identifier. The regulations set forth the procedures for requests for access to, or amendment of, records concerning individuals that are contained in systems of records maintained by the CFPB. These regulations should be read in conjunction with the Privacy Act, which provides additional information about this topic. (b) For purposes of this subpart, the following definitions apply: (1) The term Chief Privacy Officer means the Chief Information Officer of the CFPB or any CFPB employee to whom the Chief Information Officer has delegated authority to act under this part; (2) The term guardian means the parent of a minor, or the legal guardian of any individual who has been declared to be incompetent due to physical or mental incapacity or age by a court of competent jurisdiction; (3) Individual means a citizen of the United States or an alien lawfully admitted for permanent residence; (4) Maintain includes maintain, collect, use, or disseminate; VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 § 1070.51 Authority and responsibilities of the Chief Privacy Officer. § 1070.52 Fees. (a) Copies of records. The CFPB shall provide the requester with copies of records requested pursuant to section 1070.53 of this subpart at the same cost charged for duplication of records under § 1070.22 of this part. (b) No fee. The CFPB will not charge a fee if: (1) Total charges associated with a request are less than $5, or (2) The requester is a CFPB employee or former employee, or an applicant for employment with the CFPB, and request pertains to that employee, former employee, or applicant. § 1070.53 Request for access to records. (a) Procedures for making a request for access to records. An individual’s requests for access to records that pertain to that individual (or to the individual for whom the requester serves as guardian) may be submitted to the CFPB in writing or by electronic means. PO 00000 Frm 00021 Fmt 4701 Sfmt 4700 45391 (1) If submitted in writing, the request shall be labeled ‘‘Privacy Act Request’’ and shall be addressed to the Chief Privacy Officer, Bureau of Consumer Financial Protection, 1801 L Street, NW., Washington, DC 20036. (2) If submitted by electronic means, the request shall be labeled ‘‘Privacy Act Request’’ and the request shall be submitted as set forth at the CFPB’s Web site, https://www.consumerfinance.gov. (b) Content of a request for access to records. A request for access to records shall include: (1) A statement that the request is made pursuant to the Privacy Act; (2) The name of the system of records that the requester believes contains the record requested, or a description of the nature of the record sought in detail sufficient to enable CFPB personnel to locate the system of records containing the record with a reasonable amount of effort; (3) Whenever possible, a description of the nature of the record sought, the date of the record or the period in which the requester believes that the record was created, and any other information that might assist the CFPB in identifying the record sought (e.g., maiden name, dates of employment, account information, etc.). (4) Information necessary to verify the requester’s identity pursuant to paragraph (c) of this section; (5) The mailing or email address where the CFPB’s response or further correspondence should be sent. (c) Verification of identity. To obtain access to the CFPB’s records pertaining to a requester, the requester shall provide proof to the CFPB of the requester’s identity as provided below. (1) In general, the following will be considered adequate proof of a requester’s identity: (i) A photocopy of two forms of identification, including one form of identification that bears the requester’s photograph, and one form of identification that bears the requester’s signature; (ii) A photocopy of a single form of identification that bears both the requester’s photograph and signature; or (iii) A statement swearing or affirming the requester’s identity and to the fact that the requester understands the penalties provided in 5 U.S.C. 552a(i)(3). (2) Notwithstanding paragraph (c)(1) of this section, a designated official may require additional proof of the requester’s identity before action will be taken on any request, if such official determines that it is necessary to protect against unauthorized disclosure of information in a particular case. In E:\FR\FM\28JYR3.SGM 28JYR3 45392 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations addition, if a requester seeks records pertaining to an individual in the requester’s capacity as that individual’s guardian, the requester shall be required to provide adequate proof of the requester’s legal relationship before action will be taken on any request. (d) Request for accounting of previous disclosures. An individual may request an accounting of previous disclosures of records pertaining to that individual in a system of records as provided in 5 U.S.C. 552a(c). Such requests should conform to the procedures and form for requests for access to records set forth in subsection (a) and (b) of this section. § 1070.54 CFPB procedures for responding to a request for access. (a) Acknowledgment and response. The CFPB will provide written acknowledgement of the receipt of a request within twenty (20) business days from the receipt of the request and will, where practicable, respond to each request within that twenty (20) day period. When a full response is not practicable within the twenty (20) day period, the CFPB will respond as promptly as possible. (b) Disclosure. (1) When the CFPB discloses information in response to a request, the CFPB will make the information available for inspection and copying during regular business hours as provided in § 1070.13 of this part, or the CFPB will mail it or email it the requester, if feasible, upon request. (2) The requester may bring with him or her anyone whom the requester chooses to see the requested material. All visitors to the CFPB’s buildings must comply with the applicable security procedures. (c) Denial of a request. If the CFPB denies a request made pursuant to § 1070.53 of this subpart, it will inform the requester in writing of the reason(s) for denial and the procedures for appealing the denial. rmajette on DSK89S0YB1PROD with RULES3 § 1070.55 records. Special procedures for medical If an individual requests medical or psychological records pursuant to § 1070.53 of this subpart, the CFPB will disclose them directly to the requester unless the CFPB determines that such disclosure could have an adverse effect on the requester. If the CFPB makes that determination, the CFPB will provide the information to a licensed physician or other appropriate representative that the requester designates, who may disclose those records to the requester in a manner he or she deems appropriate. VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 § 1070.56 records. Request for amendment of (a) Procedures for making request. (1) If an individual wishes to amend a record that pertains to that individual in a system of records, that individual may submit a request in writing or by electronic means to the Chief Privacy Officer, as set forth in section 1070.53(a). The request shall be labeled ‘‘Privacy Act Amendment Request.’’ (2) A request for amendment of a record must: (i) Identify the system of records containing the record for which amendment is requested; (ii) Specify the portion of that record requested to be amended; and (iii) Describe the nature and reasons for each requested amendment. (3) When making a request for amendment of a record, the CFPB will require a requester to verify his or her identity under the procedures set forth in § 1070.53(c) of this subpart, unless the requester has already done so in a related request for access or amendment. (b) Burden of proof. A request for amendment of a record must explain why the requester believes the record is not accurate, relevant, timely, or complete. The requester has the burden of proof for demonstrating the appropriateness of the requested amendment, and the requester must provide relevant and convincing evidence in support of the request. § 1070.57 CFPB review of a request for amendment of records. (a) Time limits. The CFPB will acknowledge a request for amendment of records within ten (10) business days after it receives the request. In the acknowledgment, the CFPB may request additional information necessary for a determination on the request for amendment. The CFPB will make a determination on a request to amend a record promptly. (b) Contents of response to a request for amendment. When the CFPB responds to a request for amendment, the CFPB will inform the requester in writing whether the request is granted or denied, in whole or in part. If the CFPB grants the request, it will take the necessary steps to amend the record and, when appropriate and possible, notify prior recipients of the record of its action. If the CFPB denies the request, in whole or in part, it will inform the requester in writing: (1) Why the request (or portion of the request) was denied; (2) That the requester has a right to appeal; and (3) How to file an appeal. PO 00000 Frm 00022 Fmt 4701 Sfmt 4700 § 1070.58 Appeal of adverse determination of request for access or amendment. (a) Appeal. A requester may appeal a denial of a request made pursuant to §§ 1070.53 or 1070.56 of this subpart within ten (10) business days after the CFPB notifies the requester that it has denied the request. (b) Content of Appeal. A requester may submit an appeal in writing or by electronic means as set forth in section 1070.53(a). The appeal shall be addressed to the General Counsel and labeled ‘‘Privacy Act Appeal.’’ The appeal must also: (1) Specify the background of the request; and (2) Provide reasons why the requester believes the denial is in error. (c) Determination. The General Counsel will make a determination as to whether to grant or deny an appeal within thirty (30) business days from the date it is received, unless the General Counsel extends the time for good cause. (1) If the General Counsel grants an appeal regarding a request for amendment, he or she will take the necessary steps to amend the record and, when appropriate and possible, notify prior recipients of the record of its action. (2) If the General Counsel denies an appeal, he or she will inform the requester of such determination in writing, including the reasons for the denial, and the requester’s right to file a statement of disagreement and to have a court review its decision. (d) Statement of disagreement. (1) If the General Counsel denies an appeal regarding a request for amendment, a requester may file a concise statement of disagreement with the denial. The CFPB will maintain the requester’s statement with the record that the requester sought to amend and any disclosure of the record will include a copy of the requester’s statement of disagreement. (2) When practicable and appropriate, the CFPB will provide a copy of the statement of disagreement to any prior recipients of the record. § 1070.59 Restrictions on disclosure. The CFPB will not disclose any record about an individual contained in a system of records to any person or agency without the prior written consent of that individual unless the disclosure is authorized by 5 U.S.C. 552a(b). Disclosures authorized by 5 U.S.C. 552a(b) include disclosures that are compatible with one or more routine uses that are contained within the CFPB’s Systems of Records Notices, which are available on the CFPB’s Web E:\FR\FM\28JYR3.SGM 28JYR3 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations site, at https:// www.consumerfinance.gov. § 1070.60 Exempt records. (a) Exempt systems of records. Pursuant to 5 U.S.C. 552a(k)(2), the CFPB exempts the systems of records listed below from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G)–(H), and (f), and §§ 1070.53 through 1070.59 of this subpart, to the extent that such systems of records contain investigatory materials compiled for law enforcement purposes, provided, however, that if any individual is denied any right, privilege, or benefit to which he or she would otherwise be entitled under federal law, or for which he or she would otherwise be eligible as a result of the maintenance of such material, such material shall be disclosed to such individual, except to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the CFPB under an express promise that the identity of the source would be held in confidence: (1) CFPB.002 Depository Institution Supervision Database (2) CFPB.003 Non-Depository Institution Supervision Database (3) CFPB.004 Enforcement Database (b) Information compiled for civil actions or proceedings. This regulation does not permit an individual to have access to any information compiled in reasonable anticipation of a civil action or proceeding. rmajette on DSK89S0YB1PROD with RULES3 § 1070.61 Training; rules of conduct; penalties for non-compliance. (a) Training. The Chief Privacy Officer shall institute a training program to instruct CFPB employees and employees of Government contractors covered by 5 U.S.C. 552a(m), who are involved in the design, development, operation or maintenance of any CFPB system of records, on a continuing basis with respect to the duties and responsibilities imposed on them and the rights conferred on individuals by the Privacy Act, the regulations in this part, and any other related regulations. Such training shall provide suitable emphasis on the civil and criminal penalties imposed on the CFPB and the individual employees by the Privacy Act for non-compliance with specified requirements of the Act as implemented by the regulations in this subpart. (b) Rules of conduct. The following rules of conduct are applicable to employees of the CFPB (including, to the extent required by the contract or 5 U.S.C. 552a(m), Government contractors and employees of such contractors), who are involved in the design, development, operation or maintenance VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 of any system of records, or in maintain any records, for or on behalf of the CFPB. (1) The head of each office of the CFPB shall be responsible for assuring that employees subject to such official’s supervision are advised of the provisions of the Privacy Act, including the criminal penalties and civil liabilities provided therein, and the regulations in this subpart, and that such employees are made aware of their individual and collective responsibilities to protect the security of personal information, to assure its accuracy, relevance, timeliness and completeness, to avoid unauthorized disclosure either orally or in writing, and to insure that no system of records is maintained without public notice. (2) Employees of the CFPB involved in the design, development, operation, or maintenance of any system of records, or in maintaining any record shall: (i) Collect no information of a personal nature from individuals unless authorized to collect it to achieve a function or carry out a responsibility of the CFPB; (ii) Collect information, to the extent practicable, directly from the individual to whom it relates; (iii) Inform each individual asked to supply information, on the form used to collect the information or on a separate form that can be retained by the individual— (A) The authority (whether granted by statute, or by executive order of the President) which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary; (B) The principal purpose or purposes for which the information is intended to be used; (C) The routine uses which may be made of the information, as published pursuant to 5 U.S.C. 552a(e)(4)(D); and (D) The effects on the individual, if any, of not providing all or any part of the requested information. (iv) Not collect, maintain, use or disseminate information concerning an individual’s religious or political beliefs or activities or membership in associations or organizations, unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity; (v) Advise their supervisors of the existence or contemplated development of any record system which is capable of retrieving information about individuals by individual identifier; PO 00000 Frm 00023 Fmt 4701 Sfmt 4700 45393 (vi) Assure that no records maintained in a CFPB system of records are disseminated without the permission of the individual about whom the record pertains, except when authorized by 5 U.S.C. 552a(b); (vii) Maintain and process information concerning individuals with care in order to insure that no inadvertent disclosure of the information is made either within or without the CFPB; (viii) Prior to disseminating any record about an individual to any person other than an agency, unless the dissemination is made pursuant to 5 U.S.C. 552a(b)(2) of this section, make reasonable efforts to assure that such records are accurate, complete, timely, and relevant for agency purposes; and (ix) Assure that an accounting is kept in the prescribed form, of all dissemination of personal information outside the CFPB, whether made orally or in writing, unless disclosed under 5 U.S.C. 552 or subpart B of this part. (3) The head of each office of the CFPB shall, at least annually, review the record systems subject to their supervision to insure compliance with the provisions of the Privacy Act of 1974 and the regulations in this subpart. § 1070.62 Preservation of records. The CFPB will preserve all correspondence pertaining to the requests that it receives under this part, as well as copies of all requested records, until disposition or destruction is authorized by title 44 of the United States Code or the National Archives and Records Administration’s General Records Schedule 14. Records will not be disposed of while they are the subject of a pending request, appeal, proceeding, or lawsuit. § 1070.63 Use and collection of social security numbers. The CFPB will ensure that employees authorized to collect information are aware: (a) That individuals may not be denied any right, benefit, or privilege as a result of refusing to provide their social security numbers, unless the collection is authorized either by a statute or by a regulation issued prior to 1975; and (b) That individuals requested to provide their social security numbers must be informed of: (1) Whether providing social security numbers is mandatory or voluntary; (2) Any statutory or regulatory authority that authorizes the collection of social security numbers; and (3) The uses that will be made of the numbers. E:\FR\FM\28JYR3.SGM 28JYR3 45394 Federal Register / Vol. 76, No. 145 / Thursday, July 28, 2011 / Rules and Regulations Dated: July 22, 2011. Sam Valverde, Deputy Executive Secretary, Department of the Treasury. [FR Doc. 2011–19038 Filed 7–27–11; 8:45 am] rmajette on DSK89S0YB1PROD with RULES3 BILLING CODE 4810–25–P VerDate Mar<15>2010 15:57 Jul 27, 2011 Jkt 223001 PO 00000 Frm 00024 Fmt 4701 Sfmt 9990 E:\FR\FM\28JYR3.SGM 28JYR3

Agencies

[Federal Register Volume 76, Number 145 (Thursday, July 28, 2011)]
[Rules and Regulations]
[Pages 45372-45394]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-19038]



[[Page 45371]]

Vol. 76

Thursday,

No. 145

July 28, 2011

Part III





Bureau of Consumer Financial Protection





-----------------------------------------------------------------------





12 CFR Part 1070





 Disclosure of Records and Information; Final Rule

Federal Register / Vol. 76 , No. 145 / Thursday, July 28, 2011 / 
Rules and Regulations

[[Page 45372]]


-----------------------------------------------------------------------

BUREAU OF CONSUMER FINANCIAL PROTECTION

12 CFR Part 1070

[Docket No. CFPB-2011-0003]
RIN 3170-AA01


Disclosure of Records and Information

AGENCY: Bureau of Consumer Financial Protection.

ACTION: Interim final rule with request for public comment.

-----------------------------------------------------------------------

SUMMARY: This interim final rule establishes procedures for the public 
to obtain information from the Bureau of Consumer Financial Protection, 
under the Freedom of Information Act, the Privacy Act of 1974, and in 
legal proceedings. This interim final rule also establishes the CFPB's 
rules regarding the confidential treatment of information obtained from 
persons in connection with the exercise of its authorities under 
federal consumer financial law.

DATES: This interim final rule is effective July 28, 2011. Written 
comments must be submitted by September 26, 2011.

ADDRESSES: You may submit comments, identified by Docket No. CFPB-2011-
0003, by any of the following methods:
     Electronic: https://www.regulations.gov. Follow the 
instructions for submitting comments.
     Mail or Hand Delivery/Courier in Lieu of Mail: Monica 
Jackson, Office of the Executive Secretary, Consumer Financial 
Protection Bureau, 1801 L Street, NW., Washington, DC 20036.
    All submissions must include the agency name and docket number or 
Regulatory Information Number (RIN) for this rulemaking. In general, 
all comments received will be posted without change to https://www.regulations.gov. In addition, comments will be available for public 
inspection and copying at 1801 L Street, NW., Washington, DC 20036, on 
official business days between the hours of 10 a.m. and 5 p.m. Eastern 
Time. You can make an appointment to inspect the documents by 
telephoning (202) 435-7275.
    All comments, including attachments and other supporting materials, 
will become part of the public record and subject to public disclosure. 
Sensitive personal information, such as account numbers or Social 
Security numbers, should not be included. Comments will not be edited 
to remove any identifying or contact information.

FOR FURTHER INFORMATION CONTACT: Monica Jackson, Office of the 
Executive Secretary, Consumer Financial Protection Bureau, 1801 L 
Street, NW., Washington, DC 20036, 202-435-7275.

SUPPLEMENTARY INFORMATION: 

I. Background

    On July 21, 2010, the President signed into law the Dodd-Frank Wall 
Street Reform and Consumer Protection Act (Pub. L. 111-203). Title X of 
that law is the Consumer Financial Protection Act of 2010 (the 
``Act''), which created the Bureau of Consumer Financial Protection 
(the ``CFPB''). Pursuant to the provisions of the Act, the CFPB will 
begin to exercise its authority to regulate the offering and provision 
of consumer financial products and services under the federal consumer 
financial laws on July 21, 2011.\1\
---------------------------------------------------------------------------

    \1\ Section 1066 of the Act grants the Secretary of the Treasury 
interim authority to perform certain functions of the CFPB. Pursuant 
to that authority, Treasury publishes this interim final rule on 
behalf of the CFPB.
---------------------------------------------------------------------------

    In order to establish procedures to facilitate public interaction 
with the CFPB, the CFPB is issuing this interim final rule. The CFPB 
invites public comment on all aspects of this interim final rule and 
will take those comments into account before publishing a final rule.

II. Summary of Interim Final Rule

    This interim final rule establishes procedures for the CFPB that 
are necessary to implement the Freedom of Information Act, 5 U.S.C. 552 
(the ``FOIA'') and the Privacy Act of 1974, 5 U.S.C. 552a (the 
``Privacy Act''). Various provisions of these statutes either require 
or authorize federal agencies to promulgate implementing regulations. 
See 5 U.S.C. 552(a)(4)(A)(i); id. at 552(a)(6)(B)(iv); id. at 
552(a)(6)(D)(1); id. at 552(a)(6)(E); id. at 552a(f); id. at 552(k). 
Pursuant to the Federal Housekeeping Statute, 5 U.S.C. 301 (as 
interpreted by United States ex rel. Touhy v. Ragen, 340 U.S. 462 
(1951) and subsequent related case law) and/or the Federal Records Act, 
44 U.S.C. ch. 30, the interim final rule also establishes a process by 
which parties may seek testimony or records from the CFPB for use in 
litigation and certain other proceedings. Finally, the interim final 
rule governs the CFPB's treatment of confidential information pursuant 
to sections 1022 and 1052 of the Act.

A. Summary of Subpart A: General Provisions

    Subpart A of part 1070 of the rules sets forth general provisions 
applicable to the remainder of the part. Section 1070.1 sets forth the 
CFPB's authorities for issuing its rules, which include provisions of 
the Act that require or authorize the CFPB to disclose, share, or 
maintain the confidentiality of certain information that the CFPB 
obtains from others or generates itself. Section 1070.1 also identifies 
the purposes of the rules in part 1070.
    Section 1070.2 defines terms that are utilized elsewhere in part 
1070 of the rules. Several of these terms warrant brief discussion. For 
example, we intend for our definition of the term ``civil investigative 
demand material'' in section 1070.2(e) to encompass all types of 
materials provided to the CFPB in response to a civil investigative 
demand that the CFPB issues in accordance with section 1052 of the Act. 
As stated in section 1052 and reiterated in section 1070.2(e) of these 
rules, civil investigative demand material includes documentary 
materials, such written reports and answers to questions, tangible 
things, oral testimony, or any combination thereof. As defined, the 
term ``civil investigative demand material'' also includes such 
materials to the extent that a person, through negotiations with the 
CFPB or otherwise, agrees to provide them to the CFPB voluntarily or in 
lieu of receiving a civil investigative demand.
    Section 1070.2(f) defines the term ``confidential information.'' 
Confidential information refers to three categories of non-public 
information--confidential consumer complaint information, confidential 
investigative information, and confidential supervisory information--
that the CFPB shall protect from various types of disclosure in 
accordance with Consumer Financial Protection Act and other laws. The 
term also includes other CFPB information that is exempt from 
disclosure pursuant to one or more of the statutory exemptions to the 
FOIA.
    Section 1070.2(g) defines ``confidential consumer complaint 
information'' to mean information that the CFPB receives from the 
public or from other agencies or organizations, or which the CFPB 
generates through its own efforts pursuant to sections 1013 and 1034 of 
the Act, that comprises or documents consumer complaints or inquiries 
concerning financial institutions or consumer financial products and 
services. The term includes information, such as personally 
identifiable information, that is protected from public disclosure 
under the FOIA.
    Section 1070.2(h) defines ``confidential investigative 
information'' to include all manner of materials received, generated, 
or compiled by the CFPB in the course of its investigative activities, 
including materials received

[[Page 45373]]

through the issuance of civil investigative demands. It also includes 
confidential supervisory information and confidential consumer 
complaint information to the extent that such materials serve as a 
basis for or are utilized for purposes of, an investigation. Lastly, 
the term includes materials that other federal and state agencies 
provide to the CFPB or create for its use in investigating a possible 
violation of federal consumer financial law.
    Section 1070.2(i) defines ``confidential supervisory information'' 
to include various materials that the CFPB generates or receives that 
relate to the examination of financial institutions. These materials 
include, first, examination, inspection, visitation, operating, 
condition, and compliance reports, and any information contained in, 
relating to, or derived from such reports. Second, the term includes 
documentary materials, including reports of examination, that the CFPB 
prepares or that are prepared by others for use by the CFPB in 
exercising its supervisory authority over financial institutions, as 
well as information derived from such documentary materials. Third, the 
term includes the CFPB's communications with financial institutions and 
agencies to the extent that such communications relate to the exercise 
of the CFPB's supervisory authority over financial institutions. 
Fourth, confidential supervisory information includes information that 
financial institutions provide to the CFPB to help it to evaluate the 
risks associated with consumer financial products and services and 
whether institutions should be deemed ``covered persons,'' as that term 
is defined by 12 U.S.C. 5481. Finally, the term includes other 
supervision-related information that is exempt from public disclosure 
under the FOIA pursuant to 5 U.S.C. 552(b)(8).

B. Summary of Subpart B: Rules Implementing the Freedom of Information 
Act

    Subpart B contains the CFPB's rules that implement the Freedom of 
Information Act, 5 U.S.C. 552. The FOIA grants the public an 
enforceable right to obtain access to or copies of federal agency 
records unless disclosure of those records, or information contained 
within them, is exempt from disclosure pursuant to one or more 
statutory exemptions and exclusions. The FOIA also requires federal 
agencies to routinely publish in the Federal Register, or make 
available to the public, certain information concerning their 
organizational structures, policies and procedures, final opinions and 
orders, and records that have or are likely to become the objects of 
frequent FOIA requests. The regulations in this subpart implement the 
FOIA as required or authorized by various provisions of the statute. 
See 5 U.S.C. 552(a)(4)(A)(i); id. at 552(a)(6)(B)(iv); id. at 
552(a)(6)(D)(1); id. at 552(a)(6)(E).
    The CFPB modeled its FOIA regulations upon regulations promulgated 
by the other federal agencies, including the Treasury Department. The 
CFPB sought the input of the Department of Justice and the National 
Archives and Records Administration's Office of Government Information 
Services, which is responsible for promoting best practices among 
federal agencies as to their FOIA regulations and practices.
    Because most of the CFPB's FOIA regulations track the statute 
itself and set forth requirements and procedures that are typical of 
most federal agencies, we do not deem it necessary to provide a 
detailed analysis of these regulations.

C. Summary of Subpart C: Disclosure of CFPB Information in Connection 
With Legal Proceedings

    Subpart C of the rules sets forth procedures for serving the CFPB 
and its employees with copies of documents in connection with legal 
proceedings, such as summonses, complaints, subpoenas, and other 
litigation-related requests or demands for the CFPB's records or 
official information. Subpart C also describes the CFPB's procedures 
for considering such requests or demands for official information. 
These regulations (which are sometimes referred to as Touhy 
regulations) are modeled after similar regulations of other federal 
agencies. Below is a brief summary of these regulations.
    Sections 1070.31-1070.33 of these regulations provide that, except 
as otherwise required by law, the CFPB's General Counsel is authorized 
to receive and accept service of process of, and the General Counsel is 
authorized to respond to, summonses and complaints in which the CFPB or 
its employees (in their official capacities) are sued, as well as 
subpoenas, court orders, and litigation demands and requests for the 
production of the CFPB's records and official information that are 
directed to the CFPB or its employees.
    Section 1070.34 requires parties demanding the production of the 
CFPB's documents or testimony, in legal proceedings in which the United 
States or the CFPB are not parties, to provide the CFPB with certain 
information about the demand or request, including the name and forum 
of the proceeding, a detailed description of the nature of the 
information or testimony sought and its intended uses and relevance, a 
showing that the evidence sought through the production of the CFPB's 
records or testimony is not available from other sources, and, as the 
General Counsel deems appropriate, a statement of the party's plans to 
demand additional testimony or documents in the future. Unless and 
until a party provides this required information, the CFPB will not 
respond to a demand it receives.
    Section 1070.37 sets forth various factors that the General Counsel 
shall consider in deciding whether to comply with a demand or request 
for the production of the CFPB's records or testimony. This section 
also lists factors that will normally cause the CFPB to refuse 
compliance with such a demand or request. These factors pertain to 
prudential considerations and discovery privileges established by 
federal statutes, rules, and case law.
    Finally, section 1070.38 prohibits CFPB employees or former 
employees from providing opinion or expert testimony based upon 
information (other than general expertise) which they acquired in the 
scope and performance of their official CFPB duties, except to the 
extent that they provide such testimony on behalf of the United States 
or a party represented by the CFPB or the Department of Justice. The 
General Counsel has discretion to waive this prohibition if the 
requestor demonstrates an exceptional need or unique circumstances and 
that the anticipated testimony will neither be adverse to the United 
States nor require the United States to pay the employee's or former 
employee's travel or other expenses associated with providing the 
requested testimony.

D. Summary of Subpart D: Confidential Information

    Subpart D of the rules pertains to the protection and disclosure of 
confidential information that the CFPB generates and receives during 
the course of its work. Various provisions of the Act require the CFPB 
to promulgate regulations providing for the confidentiality of certain 
types of information and to protect such information from public 
disclosure. Other provisions of the Act, however, require or authorize 
the CFPB to share information, under certain circumstances, with other 
federal and state agencies to the extent that they share jurisdiction 
with the CFPB as to the supervision of financial institutions, the 
enforcement of consumer financial protection laws, or the investigation 
and resolution of consumer complaints

[[Page 45374]]

regarding financial institutions or consumer financial products and 
services. In implementing these provisions, the CFPB has sought to 
provide the maximum protection for confidential information, while 
ensuring its ability to share or disclose information to the extent 
necessary to achieve its mission.
    The CFPB recognizes that much of the information that it will 
generate and obtain during the course of its activities will be 
commercially, competitively, and personally sensitive in nature, and 
generally warrants heightened protection. The need for greater 
protection for these categories of information is reflected in the 
substantive law of privilege and in various statutes, including the 
FOIA and the Privacy Act, that provide for the protection of such 
information from disclosure.
    Notwithstanding these concerns, there are instances in which the 
disclosure of confidential information will be necessary or appropriate 
for the CFPB to accomplish its statutory mission, such as the 
investigation and resolution of consumer complaints or the enforcement 
of federal consumer financial law. Disclosures may also serve the 
public interest where federal and state agencies share elements of the 
CFPB's mission and where, by sharing information, they can do their 
jobs more effectively.
    The regulations in this subpart balance these competing concerns by 
generally prohibiting the CFPB and its employees from disclosing 
confidential information to non-employees, and even in certain cases to 
its employees, except in limited circumstances. Even where the CFPB 
permits disclosures of confidential information, the CFPB imposes 
strict limits upon the further use and dissemination of disclosed 
information.
    Where appropriate, the CFPB has based the regulations in this 
subpart upon regulations of the other federal financial regulatory 
agencies that provide for the confidentiality and disclosure of certain 
information generated or received in the course of supervising, 
investigating, or pursuing enforcement actions against financial 
institutions. A summary of this subpart follows below.
    As a preliminary matter, section 1070.2 of the rules, which we 
discuss above, defines the term ``confidential information'' as well as 
the three categories of confidential information to which this subpart 
refers: Confidential consumer complaint information, confidential 
investigatory information, and confidential supervisory information. In 
certain circumstances, the statute requires disparate treatment of 
these three categories of confidential information.
    Section 1070.41(a) generally prohibits the disclosure of 
confidential information by the CFPB's employees, former employees, or 
other persons who possess the CFPB's confidential information, to non-
employees of the CFPB or to CFPB employees for whom such information is 
not relevant to the performance of their assigned duties. This 
prohibition includes disclosures made by any means (including written 
or oral communications) or in any format (including paper and 
electronic formats).
    Excluded from this general prohibition are disclosures of 
confidential information to consultants and contractors of the CFPB who 
agree, in writing, to protect the confidentiality of the information in 
accordance with federal law as well as any additional conditions or 
limitations that the CFPB may impose upon them.
    Section 1070.41(c) states that the CFPB is not precluded from 
disclosing materials that it derives from or creates using confidential 
information, provided that such materials do not identify, either 
directly or indirectly, any particular persons to whom the confidential 
information pertains. This paragraph clarifies that the CFPB may create 
and publish reports, analyses, and other materials derived from 
confidential information so long as the reports, analyses, or other 
materials do not identify the subject of such information or discuss 
the information in such a way that one could infer the identity of the 
person it concerns. For example, the CFPB is not precluded from 
publishing reports that contain aggregate data derived from 
confidential information, provided the report cannot be used in 
conjunction with other publicly available information to re-identify 
the source of the information.
    Section 1070.41(d) clarifies that nothing in subpart D requires or 
authorizes the CFPB to disclose confidential information that another 
agency has provided to the CFPB to the extent that such disclosure 
contravenes applicable law or the terms of any agreement that exists 
between the CFPB and the agency to govern the CFPB's treatment of 
information that the agency provides to the CFPB.
    Section 1070.42(a) provides that the CFPB may, in its discretion, 
disclose confidential supervisory information, such as reports of 
examination, to supervised financial institutions to which the reports 
pertain. To the extent that the CFPB chooses to do so, section 
1070.42(b) prohibits institutions from further disseminating the 
confidential information it receives except in limited circumstances. 
Supervised financial institutions may share confidential supervisory 
information with their directors, officers, and employees, and with 
those of their parent companies, to the extent that the disclosure of 
such confidential supervisory information is relevant to the 
performance of such individuals' assigned duties. Supervised financial 
institutions may also share confidential supervisory information with 
their (or their parent companies') outside legal counsel, certified 
public accountants, and consultants, provided that the supervised 
financial institutions take reasonable steps to ensure that such legal 
counsel, accountants, or consultants do not utilize, make or retain 
copies of, or further disclose confidential information except as is 
necessary to provide advice to the supervised financial institutions, 
their parent companies, or to their respective directors, officers, or 
employees. Furthermore, the institutions must keep written records of 
their disclosures of confidential information to their legal counsel, 
accountants, and consultants, along with the steps they have taken to 
ensure that these accountants, legal counsel, and consultants do not 
improperly utilize, make or retain copies of, or disclose such 
information. Supervised financial institutions shall provide these 
written records to the CFPB, upon request or demand.
    Section 1070.43 sets forth circumstances under which the CFPB shall 
or may disclose various categories of confidential information to law 
enforcement agencies and to other government agencies.
    Section 1070.43(a)(1) implements sections 1022(c)(6)(C)(i) and 
1025(e)(1)(C) of the Act, which require the CFPB to share with federal 
and state agencies having jurisdiction over supervised financial 
institutions, the CFPB's reports of examination of those supervised 
financial institutions, including drafts thereof, final reports, and 
revisions to final reports, provided that the CFPB receives from the 
agency reasonable assurances as to the confidentiality of the 
information provided.
    Section 1070.43(a)(2) implements section 1013(b)(3)(D) of the Act, 
which requires the CFPB to share confidential consumer complaint 
information with federal and state agencies, provided that the agency 
first gives written assurance to the CFPB that it will maintain such 
information in a manner that conforms to the standards that apply to 
federal agencies for the protection of the

[[Page 45375]]

confidentiality of personally identifiable information and for data 
security and integrity.
    Section 1070.43(b)(1), meanwhile, authorizes the CFPB to make 
discretionary disclosures of confidential information to federal and 
state agencies under certain circumstances. For example, this provision 
implements section 1022(c)(6)(C)(ii) of the Act, which authorizes the 
CFPB, upon request, to share confidential supervisory information about 
supervised financial institutions (other than reports of examination) 
with federal and state agencies having jurisdiction over those 
institutions. Section 1070.43(b)(1) also authorizes the CFPB, upon 
request, to share confidential investigatory information about 
supervised financial institutions with federal and state agencies 
having jurisdiction over those institutions.
    Section 1070.43(b)(2) sets forth procedures for federal and state 
agencies to follow when requesting access to the CFPB's confidential 
information as set forth in section 1070.43(b)(1). Requests must be 
submitted in writing by authorized officers or employees of the 
agencies to the CFPB's General Counsel, who will act upon it in 
consultation with the CFPB's Associate Director for Supervision and 
Enforcement or with other appropriate CFPB personnel. Requests should 
describe the nature of the confidential information and documents 
sought and the purposes for which it will be used. Requests should also 
identify the agency's legal authority for requesting the documents and 
any provisions that restrict CFPB's disclosure. Finally, the requests 
should state that the requesting agency will maintain the requested 
confidential information in accordance with these rules and in a manner 
that conforms to the standards that apply to federal agencies for the 
protection of the confidentiality of personally identifiable 
information and for data security and integrity. Moreover, the requests 
should commit the agencies to adhere to any additional conditions or 
limitations that the CFPB, in its discretion, decides to impose.
    Section 1070.43(c) clarifies that requests by state agencies for 
information or records of the CFPB that do not constitute confidential 
information must be made in accordance with the CFPB's FOIA regulations 
set forth in subpart B.
    Sections 1070.43(d) permit certain federal and state agencies to 
negotiate agreements that provide for standing requests for the 
exchange of confidential information.
    Section 1070.44 states that nothing in this part limits the CFPB's 
discretion to disclose confidential consumer complaint information, to 
the extent permitted by law, to the extent that such disclosure is 
necessary to investigate, resolve, or otherwise respond to consumer 
complaints or inquires regarding financial institutions or consumer 
financial products and services.
    Section 1070.45(a) permits the CFPB to affirmatively disclose 
confidential investigative information, such as civil investigative 
demand material and other confidential information that becomes part of 
the CFPB's investigative files, during the course of the CFPB's 
investigations and enforcement proceedings. Thus, the CFPB may disclose 
confidential information to its enforcement personnel and in 
investigational hearings and witness interviews, as is reasonably 
necessary, and to Congress upon request. The CFPB may also disclose 
confidential information in administrative or court proceedings to 
which the CFPB is a party. In the case of confidential investigatory 
material that contains any trade secret or privileged or confidential 
commercial or financial information, as claimed by designation by the 
submitter of such material, or confidential supervisory information, 
the submitter may seek an appropriate protective or in camera order 
prior to disclosure of such material in a proceeding. Furthermore, the 
CFPB may disclose confidential information to law enforcement and other 
government agencies in accordance with this subpart and as required 
under any other applicable law.
    Section 1070.46 provides that notwithstanding the other rules in 
subpart D that restrict the circumstances under which the CFPB may 
disclose confidential information, the Director may authorize other 
disclosures of confidential information to the extent permitted by law. 
The CFPB does not intend for this provision to eviscerate the 
prohibition in section 1070.41 on the disclosure of confidential 
information. The CFPB intends for this provision to account for 
circumstances in which there is an unforeseen and exigent need for the 
CFPB to disclose confidential information for purposes or in a manner 
not otherwise provided for in these regulations. To circumscribe the 
extent to which the CFPB utilizes this provision to disclose 
confidential information, this section provides that the disclosure of 
confidential information may occur only with the prior written 
authorization of the Director. The responsibility may not be delegated 
by the Director, except that a person authorized by law to perform the 
functions of the Director may also exercise this responsibility. For 
example, pursuant to section 1066 of the Act, the Treasury Secretary 
may perform this function in the absence of a Director.
    Section 1070.46(b) requires the CFPB to provide prior written 
notice to the person to whom the confidential information pertains (to 
the extent that the CFPB deems such notice to be appropriate under the 
circumstances) that the CFPB intends to disclose its confidential 
information, in accordance with this section. We note that the other 
federal bank regulatory agencies retain similar discretion to disclose 
confidential information.
    Section 1070.47(a) declares the CFPB's retained ownership of any 
confidential information it discloses to federal or state agencies, to 
supervised financial institutions, or to other persons as provided in 
subpart D. It prohibits further disclosures of such information without 
the CFPB's prior written authorization. It directs recipients of 
confidential information who receive requests or demands for its 
further disclosure to refer such requests or demands to the CFPB, 
afford the CFPB an opportunity to respond or intervene, and to assert 
legal exemptions or privileges on the CFPB's behalf if so requested. To 
the extent that requests for confidential information are made pursuant 
to the FOIA, the Privacy Act, or state law equivalents of those 
statutes, section 1070.47(a)(3) requires federal or state agency 
recipients to refer such requests to the CFPB for its response. As 
provided by section 1070.47(a)(4), nothing in this section precludes a 
recipient of confidential information under subpart D from disclosing 
such information pursuant to a valid federal court order or a request 
or demand from a duly authorized committee of the United States 
Congress. In such cases where disclosure is compulsory, the disclosing 
party shall use its best efforts to secure a protective order or 
agreement that maintains the confidentiality of the confidential 
information disclosed.
    Section 1070.47(b) permits the CFPB to impose any additional 
conditions or limitations that it deems prudent upon its disclosures of 
confidential information to other agencies or persons.
    Section 1070.47(c) clarifies that disclosures of confidential 
information pursuant to subpart D are not intended and should not be 
construed to constitute a waiver of any privileges that are otherwise 
available to the CFPB or

[[Page 45376]]

to any agency or person with respect to this confidential information.

E. Summary of Subpart E: The Privacy Act

    Subpart E contains the CFPB's rules that implement the Privacy Act 
of 1974, 5 U.S.C. 552a. The Privacy Act serves to balance the 
government's need to maintain information about individuals with the 
rights of individuals to be protected against unwarranted invasions of 
their privacy stemming from federal agencies' collection, maintenance, 
use, and disclosure of personal information about them.
    The regulations in this subpart implement the Privacy Act, as 
required by 5 U.S.C. 552a(f), by establishing procedures by which the 
public may request access to information or records that the CFPB 
maintains about them, request amendment or correction of such 
information or records, and request an accounting of disclosures of 
their records by the CFPB.
    As with its FOIA regulations, the CFPB modeled its Privacy Act 
regulations upon regulations promulgated by the other federal agencies, 
including the Treasury Department. Because most of the CFPB's Privacy 
Act regulations track the statute itself and set forth requirements and 
procedures that are typical of most federal agencies, we do not deem it 
necessary to provide a detailed analysis of these regulations.
    Nevertheless, we briefly summarize and discuss section 1070.60(a) 
of subpart E, which identifies three systems of records (CFPB.002 
Depository Institution Supervision Database, CFPB.003 Non-Depository 
Institution Supervision Database, and CFPB.004 Enforcement Database) 
that, pursuant to 5 U.S.C. 552a(k)(2), the CFPB has exempted from 
requirements of the Privacy Act that otherwise grant the public access 
to the CFPB's records contained within these systems of records, 5 
U.S.C. 552a(d), require the CFPB to account for disclosures of records 
contained in the systems of records, id. at 552a(c)(3) require the CFPB 
to maintain in such systems only as much information about individuals 
as is relevant and necessary to accomplish the CFPB's statutory 
mission, id. at 552(e)(1), and require the CFPB to publish certain 
information about these systems and how to access them. Id. at 
552a(e)(1), (e)(4)(G)-(I), (f).
    The CFPB has exempted these three systems of records from the 
foregoing requirements of the Privacy Act because these systems of 
records will contain information relating to the CFPB's supervision of 
financial institutions and its investigations into violations of and 
its enforcement of the federal consumer financial laws. Because the 
CFPB's supervision and enforcement activities may examine or target the 
conduct of individuals, granting such individuals access to the CFPB's 
information about them and publishing accounts of the CFPB's disclosure 
of such information could interfere with or undermine these activities. 
For example, granting individuals access to the CFPB's examination and 
investigative records regarding them could reveal to the individuals 
that their conduct is of interest to the CFPB or is a target of its 
examinations or investigations, thereby leading such individuals to 
conceal, alter, destroy, or fabricate evidence.
    The exemption is also needed in order to encourage persons having 
knowledge of violations of the federal consumer financial laws to 
report such information, and to protect such sources from embarrassment 
or recrimination, as well as to protect their right to privacy. It is 
essential that the identities of all individuals who furnish 
information under an express promise of confidentiality be protected.

III. Procedural Requirements

    The CFPB has determined that good cause exists, pursuant to 5 
U.S.C. 553(b), to publish these regulations as an interim final rule. 
When the CFPB is authorized on July 21, 2011 to begin exercising 
various regulatory authorities, it will be necessary to promptly 
establish procedures to facilitate the CFPB's interactions with the 
public. The CFPB's failure to promptly establish such procedures will 
impair the public's right to gain access to information about the CFPB 
and about themselves that the CFPB maintains. The absence of 
confidentiality regulations will also impair the confidentiality and 
privacy rights of those who submit sensitive information to the CFPB as 
well as the ability of the CFPB to use that information to carry out 
its statutory mission. Furthermore, the CFPB has consulted other 
federal financial regulatory agencies and the Office of Government 
Information Services about the interim final rule. Thus, the CFPB 
concludes that notice and public comment are unnecessary for these 
regulations and that delay will be contrary to the public interest. For 
the same reasons, the CFPB has determined that this interim rule should 
be issued without a delayed effective date pursuant to 5 U.S.C. 
553(d)(3).
    The CFPB further concludes that subpart D of the interim final 
rule, which governs the disclosure of the CFPB's confidential 
information, constitutes an agency rule of organization, procedure, or 
practice that is exempt from notice and public comment pursuant to 5 
U.S.C. 553(b).
    Notwithstanding these conclusions, the CFPB invites public comment 
on this interim final rule.
    Because no notice of proposed rulemaking is required, the 
provisions of the Regulatory Flexibility Act (5 U.S.C. Chapter 6) do 
not apply.
    The regulations in this part do not contain any information 
collection requirement that requires the approval of OMB under the 
Paperwork Reduction Act, 44 U.S.C. 3501 et seq.
    The CFPB has conducted an analysis of benefits, costs, and impacts 
\2\ and consulted with appropriate Federal agencies. In developing the 
interim final rule, the CFPB considered potential benefits and costs to 
consumers and covered persons, including the impact on access to 
consumer financial products and services. The CFPB concludes that the 
interim final rule will benefit consumers and covered persons by 
granting them access, as required by the Freedom of Information Act, 5 
U.S.C. 552, and the Privacy Act of 1974, 5 U.S.C. 552a, to certain 
records and information of the CFPB. It will also benefit consumers and 
covered persons by protecting the confidentiality of sensitive 
information that pertains to them and which the CFPB receives or 
generates during the course of its work. The interim final rule will 
not impose any obligations on consumers or covered persons and it does 
not have any direct relevance to consumers' access to consumer 
financial products and services. Although the interim final rule allows 
the CFPB to disclose confidential information outside of the CFPB in 
certain instances, such disclosures are largely required by the Act or 
are consistent with disclosure practices of the other federal financial 
regulatory agencies. Any costs that may ensue from such disclosures are 
likely to be minimal because the rule restricts the circumstances under 
which confidential information may be disclosed, the permissible 
recipients of such disclosed information, the further disclosure and 
dissemination of such information by its recipients, and in many 
instances, the rule requires prior

[[Page 45377]]

notice of disclosure to affected persons. Moreover, the sharing of 
confidential information that the interim final rule contemplates is 
necessary for the CFPB--along with other federal and state agencies 
that share the CFPB's responsibilities regarding the supervision of 
financial institutions and the enforcement of consumer financial laws--
to fulfill these responsibilities effectively, efficiently, and to the 
overall benefit of consumers and covered persons alike.
---------------------------------------------------------------------------

    \2\ Section 1022(b)(2)(A) addresses the consideration of the 
potential benefits and costs of regulation to consumers and 
industry, including the potential reduction of access by consumers 
to consumer financial products or services; the impact of proposed 
rules on depository institutions and credit unions with $10 billion 
or less in total assets as described in Section 1026 of the Dodd-
Frank Act; and the impact on consumers in rural areas.
---------------------------------------------------------------------------

    The CFPB has consulted with the prudential regulators and the 
Department of Housing and Urban Development, including with regard to 
the consistency of such rules with the prudential, market, or systemic 
objectives administered by such agencies.

List of Subjects in 12 CFR Part 1070

    Confidential business information, consumer protection, freedom of 
information, privacy.
    For the reasons set forth above, the Bureau of Consumer Financial 
Protection amends Chapter X in Title 12 of the Code of Federal 
Regulations by adding a new part 1070 to read as follows:



TITLE 12--BANKS AND BANKING

CHAPTER X--BUREAU OF CONSUMER FINANCIAL PROTECTION

PART 1070--DISCLOSURE OF RECORDS AND INFORMATION

Subpart A--General Provisions and Definitions
Sec.
1070.1 Authority, purpose and scope.
1070.2 General definitions.
1070.3 Custodian of records; certification; alternative authority.
1070.4 Records of the CFPB not to be otherwise disclosed.
Subpart B--Freedom of Information Act
1070.10 General.
1070.11 Information made available; discretionary disclosures.
1070.12 Publication in the Federal Register.
1070.13 Public inspection and copying.
1070.14 Requests for CFPB records.
1070.15 Responsibility for responding to requests for CFPB records.
1070.16 Timing of responses to requests for CFPB records.
1070.17 Requests for expedited processing.
1070.18 Responses to requests for CFPB records.
1070.19 Classified information.
1070.20 Requests for business information provided to the CFPB.
1070.21 Administrative appeals.
1070.22 Fees for processing requests for CFPB records.
1070.23 Authority and responsibilities of the Chief FOIA Officer.
Subpart C--Disclosure of CFPB Information in Connection With Legal 
Proceedings
1070.30 Purpose and scope; definitions.
1070.31 Service of summonses and complaints.
1070.32 Service of subpoenas, court orders, and other demands for 
CFPB information or action.
1070.33 Testimony and production of documents prohibited unless 
approved by the General Counsel.
1070.34 Procedure when testimony or production of documents is 
sought; general.
1070.35 Procedure when response to demand is required prior to 
receiving instructions.
1070.36 Procedure in the event of an adverse ruling.
1070.37 Considerations in determining whether the CFPB will comply 
with a demand or request.
1070.38 Prohibition on providing expert or opinion testimony.
Subpart D--Confidential Information
1070.40 Purpose and scope.
1070.41 Non-disclosure of confidential information.
1070.42 Disclosure of confidential supervisory information to and by 
supervised financial institutions.
1070.43 Disclosure of confidential information to law enforcement 
agencies and other government agencies.
1070.44 Disclosure of confidential consumer complaint information.
1070.45 Affirmative disclosure of confidential information.
1070.46 Other disclosures of confidential information.
1070.47 Other rules regarding the disclosure of confidential 
information.
Subpart E--Privacy Act
1070.50 Purpose and scope; definitions.
1070.51 Authority and responsibilities of the Chief Privacy Officer.
1070.52 Fees.
1070.53 Request for access to records.
1070.54 CFPB procedures for responding to a request for access.
1070.55 Special procedures for medical records.
1070.56 Request for amendment of records.
1070.57 CFPB review of a request for amendment of records.
1070.58 Appeal of adverse determination of request for access or 
amendment.
1070.59 Restrictions on disclosure.
1070.60 Exempt records.
1070.61 Training; rules of conduct; penalties for non-compliance.
1070.62 Preservation of records.
1070.63 Use and collection of Social Security numbers.

    Authority:  12 U.S.C. 3401; 12 U.S.C. 5481 et seq.; 5 U.S.C. 
552; 5 U.S.C. 552a; 18 U.S.C. 1905; 18 U.S.C. 641; 44 U.S.C. ch. 30; 
5 U.S.C. 301.

Subpart A--General Provisions and Definitions


Sec.  1070.1  Authority, purpose, and scope.

    (a) Authority. (1) This part is issued by the Bureau of Consumer 
Financial Protection, an independent Bureau within the Federal Reserve 
System, pursuant to the Consumer Financial Protection Act of 2010, 12 
U.S.C. 5481 et seq.; the Freedom of Information Act, 5 U.S.C. 552; the 
Privacy Act of 1974, 5 U.S.C. 552a; the Federal Records Act, 44 U.S.C. 
3101; the Paperwork Reduction Act, 44 U.S.C. 3510; the Right to 
Financial Privacy Act of 1978, 12 U.S.C. 3401; the Trade Secrets Act, 
18 U.S.C. 1905; 18 U.S.C. 641; and any other applicable law that 
establishes a basis for the exercise of governmental authority by the 
CFPB.
    (2) This part establishes mechanisms for carrying out the CFPB's 
statutory responsibilities under the statutes in paragraph (a)(1) of 
this section to the extent those responsibilities require the 
disclosure, production, or withholding of information. In this regard, 
the CFPB has determined that the CFPB, and its delegates, may disclose 
information of the CFPB, in accordance with the procedures set forth in 
this part, whenever it is necessary or appropriate to do so in the 
exercise of any of the CFPB's authority. The CFPB has determined that 
all such disclosures, made in accordance with the rules and procedures 
specified in this part, are authorized by law.
    (b) Purpose and scope. This part contains the CFPB's rules relating 
to the disclosure of records and information generated by and obtained 
by the CFPB.
    (1) Subpart A contains general provisions and definitions used in 
this part.
    (2) Subpart B implements the Freedom of Information Act, 5 U.S.C. 
552.
    (3) Subpart C sets forth the procedures with respect to subpoenas, 
orders, or other requests for CFPB information in connection with legal 
proceedings.
    (4) Subpart D provides for the protection of confidential 
information and procedures for sharing confidential information with 
supervised institutions, government agencies, and others in certain 
circumstances.
    (5) Subpart E implements the Privacy Act of 1974, 5 U.S.C. 552a.


Sec.  1070.2  General definitions.

    For purposes of this part:
    (a) Business day means any day except Saturday, Sunday or a legal 
federal holiday.
    (b) CFPB means the Bureau of Consumer Financial Protection.

[[Page 45378]]

    (c) Chief FOIA Officer means the Chief Operating Officer of the 
CFPB, or any CFPB employee to whom the Chief Operating Officer has 
delegated authority to act under this part.
    (d) Chief Operating Officer means the Chief Operating Officer of 
the CFPB, or any CFPB employee to whom the Chief Operating Officer has 
delegated authority to act under this part.
    (e) Civil investigative demand material means any documentary 
material, written report, or answers to questions, tangible thing, or 
transcript of oral testimony received by the CFPB in any form or format 
pursuant to a civil investigative demand, as those terms are set forth 
in 12 U.S.C. 5562, or received by the CFPB voluntarily in lieu of a 
civil investigative demand.
    (f) Confidential information means confidential consumer complaint 
information, confidential investigative information, and confidential 
supervisory information, as well as any other CFPB information that may 
be exempt from disclosure under the Freedom of Information Act pursuant 
to 5 U.S.C. 552(b). Confidential information does not include 
information contained in records that have been made publicly available 
by the CFPB or information that has otherwise been publicly disclosed 
by an employee with the authority to do so.
    (g) Confidential consumer complaint information means information 
received or generated by the CFPB, pursuant to 12 U.S.C. 5493 and 5534, 
that comprises or documents consumer complaints or inquiries concerning 
financial institutions or consumer financial products and services and 
responses thereto, to the extent that such information is exempt from 
disclosure pursuant to 5 U.S.C. 552(b).
    (h) Confidential investigative information means:
    (1) Civil investigative demand material; and
    (2) Any documentary material prepared by, on behalf of, received 
by, or for the use by the CFPB or any other federal or state agency in 
the conduct of an investigation of or enforcement action against a 
person, and any information derived from such documents.
    (i)(1) Confidential supervisory information means:
    (i) Reports of examination, inspection and visitation, non-public 
operating, condition, and compliance reports, and any information 
contained in, derived from, or related to such reports;
    (ii) Any documents, including reports of examination, prepared by, 
or on behalf of, or for the use of the CFPB or any other federal, 
state, or foreign government agency in the exercise of supervisory 
authority over a financial institution, and any information derived 
from such documents;
    (iii) any communications between the CFPB and a supervised 
financial institution or a federal, state, or foreign government agency 
related to the CFPB's supervision of the institution;
    (iv) Any information provided to the CFPB by a financial 
institution to enable the CFPB to monitor for risks to consumers in the 
offering or provision of consumer financial products or services, or to 
assess whether an institution should be considered a covered person, as 
that term is defined by 12 U.S.C. 5481; and/or
    (v) Information that is exempt from disclosure pursuant to 5 U.S.C. 
552(b)(8).
    (2) Confidential supervisory information does not include documents 
prepared by a financial institution for its own business purposes and 
that the CFPB does not possess.
    (j) Director means the Director of the CFPB or his or her designee, 
or a person authorized to perform the functions of the Director in 
accordance with law.
    (k) Employee means all current employees or officials of the CFPB, 
including employees of contractors and any other individuals who have 
been appointed by, or are subject to the supervision, jurisdiction, or 
control of the Director, as well as the Director. The procedures 
established within this part also apply to former employees where 
specifically noted.
    (l) Financial institution means any person involved in the offering 
or provision of a ``financial product or service,'' including a 
``covered person'' or ``service provider,'' as those terms are defined 
by 12 U.S.C. 5481.
    (m) General Counsel means the General Counsel of the CFPB or any 
CFPB employee to whom the General Counsel has delegated authority to 
act under this part.
    (n) Person means an individual, partnership, company, corporation, 
association (incorporated or unincorporated), trust, estate, 
cooperative organization, or other entity.
    (o) Report of examination means the report prepared by the CFPB 
concerning the examination or inspection of a supervised financial 
institution.
    (p) Supervised financial institution means a financial institution 
subject to the CFPB's supervisory authority.


Sec.  1070.3  Custodian of records; certification; alternative 
authority.

    (a) Custodian of records. The Chief Operating Officer is the 
official custodian of all records of the CFPB, including records that 
are in the possession or control of the CFPB or any CFPB employee.
    (b) Certification of record. The Chief Operating Officer may 
certify the authenticity of any CFPB record or any copy of such record, 
for any purpose, and for or before any duly constituted federal or 
state court, tribunal, or agency.
    (c) Alternative authority. Any action or determination required or 
permitted to be done by the Chief Operating Officer may be done by any 
employee who has been duly designated for this purpose by the Chief 
Operating Officer.


Sec.  1070.4  Records of the CFPB not to be otherwise disclosed.

    Except as provided by this part, employees or former employees of 
the CFPB, or others in possession of a record of the CFPB that the CFPB 
has not already made public, are prohibited from disclosing such 
records, without authorization, to any person who is not an employee of 
the CFPB.

Subpart B--Freedom of Information Act


Sec.  1070.10  General.

    This subpart contains the regulations of the CFPB implementing the 
Freedom of Information Act (the ``FOIA''), 5 U.S.C. 552, as amended. 
These regulations set forth procedures for requesting access to records 
maintained by the CFPB. These regulations should be read together with 
the FOIA, the 1987 Office of Management and Budget Guidelines for FOIA 
Fees, the CFPB's Privacy Act regulations set forth in subpart E, and 
the FOIA webpage on the CFPB's Web site, https://www.consumerfinance.gov, which provide additional information about 
this topic.


Sec.  1070.11  Information made available; discretionary disclosures.

    (a) In general. The FOIA provides for public access to information 
and records developed or maintained by federal agencies. Generally, the 
FOIA divides agency information into three major categories and 
provides methods by which each category of information is to be made 
available to the public. The three major categories of information are 
as follows:
    (1) Information required to be published in the Federal Register 
(see section 1070.12 of this subpart);
    (2) Information required to be made available for public inspection 
and copying or, in the alternative, to be published and offered for 
sale (see section 1070.13 of this subpart); and

[[Page 45379]]

    (3) Information required to be made available to any member of the 
public upon specific request (see sections 1070.14 through 1070.22 of 
this subpart).
    (b) Discretionary disclosures. Even though a FOIA exemption may 
apply to the information or records requested, the CFPB may, if not 
precluded by law, elect under the circumstances not to apply the 
exemption. The fact that the exemption is not applied by the CFPB in 
response to a particular request shall have no precedential 
significance in processing other requests, but is merely an indication 
that, in the processing of the particular request, the CFPB finds no 
necessity for applying the exemption.
    (c) Disclosures of records frequently requested. Subject to the 
application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and 
(c)), the CFPB shall make publicly available, as provided by section 
1070.13 of this subpart, all records regardless of form or format, 
which have been released previously to any person under 5 U.S.C. 
552(a)(3) and sections 1070.14 through 1070.22 of this subpart, and 
which the CFPB determines have become or are likely to become the 
subject of subsequent requests for substantially the same records 
because they are clearly of interest to the public at large. When the 
CFPB receives three (3) or more requests for substantially the same 
records, then the CFPB shall also make the released records publicly 
available.


Sec.  1070.12  Publication in the Federal Register.

    (a) Requirement. The CFPB shall separately state, publish and 
maintain current in the Federal Register for the guidance of the public 
the following information:
    (1) Descriptions of its central and field organization and the 
established place at which, the persons from whom, and the methods 
whereby, the public may obtain information, make submissions or 
requests, or obtain decisions;
    (2) Statements of the general course and method by which its 
functions are channeled and determined, including the nature and 
requirements of all formal and informal procedures available;
    (3) Rules of procedure, descriptions of forms available or the 
places at which forms may be obtained, and instructions as to the scope 
and contents of all papers, reports, or examinations;
    (4) Substantive rules of general applicability adopted as 
authorized by law, and statements of general policy or interpretations 
of general applicability formulated and adopted by the CFPB; and
    (5) Each amendment, revision, or repeal of matters referred to in 
paragraphs (a)(1) through (4) of this section.
    (b) Exceptions. Publication of the information under clause (a) of 
this subpart shall be subject to the application of the FOIA exemptions 
and exclusions (5 U.S.C. 552(b) and (c)) and the limitations provided 
in 5 U.S.C. 552(a)(1).


Sec.  1070.13  Public inspection and copying.

    (a) In general. Subject to the application of the FOIA exemptions 
and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall, in 
conformance with 5 U.S.C. 552(a)(2), make available for public 
inspection and copying, including by posting on the CFPB's Web site, 
https://www.consumerfinance.gov, or, in the alternative, promptly 
publish and offer for sale the following information:
    (1) Final opinions, including concurring and dissenting opinions, 
and orders made in the adjudication of cases;
    (2) Those statements of policy and interpretations which have been 
adopted by the CFPB but are not published in the Federal Register;
    (3) Its administrative staff manuals and instructions to staff that 
affect a member of the public;
    (4) Copies of all records made publicly available pursuant to 
section 1070.11 of this subpart; and
    (5) A general index of the records referred to in paragraph (a)(4) 
of this section.
    (b) Information made available online. For records required to be 
made available for public inspection and copying pursuant to 5 U.S.C. 
552(a)(2) (paragraphs (a)(1) through (4) of this section), as soon as 
practicable, the CFPB shall make such records available on its e-FOIA 
Library, located at https://www.consumerfinance.gov.
    (c) Record availability at the on-site e-FOIA Library. Any member 
of the public may, upon request, access the CFPB's e-FOIA Library via a 
computer terminal at 1801 L Street, NW., Washington, DC 20036. Such a 
request may be made by electronic means as set forth on the CFPB's Web 
site, https://www.consumerfinance.gov, or in writing, to the Chief FOIA 
Officer, Bureau of Consumer Financial Protection, 1801 L Street, NW., 
Washington, DC 20036. The request must indicate a preferred date and 
time for the requested access. The CFPB reserves the right to arrange a 
different date and time with the requester, if necessary.
    (d) Redaction of identifying details. To prevent a clearly 
unwarranted invasion of personal privacy, the CFPB may redact 
identifying details contained in any matter described in paragraphs 
(a)(1) through (4) of this section before making such matters available 
for inspection or publication. The justification for the redaction 
shall be explained fully in writing, and the extent of such redaction 
shall be indicated on the portion of the record which is made available 
or published, unless including that indication would harm an interest 
protected by the exemption in 5 U.S.C. 552(b) under which the redaction 
is made. If technically feasible, the extent of the redaction shall be 
indicated at the place in the record where the redaction is made.


Sec.  1070.14  Requests for CFPB records.

    (a) In general. Subject to the application of the FOIA exemptions 
and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall promptly make 
its records available to any person pursuant to a request that conforms 
to the rules and procedures of this section.
    (b) Form of request. A request for records of the CFPB shall be 
made in writing or by electronic means.
    (1) If a request is made in writing, it shall be addressed to the 
Chief FOIA Officer, Bureau of Consumer Financial Protection, 1801 L 
Street, NW., Washington, DC 20036. The request shall be labeled 
``Freedom of Information Act Request.''
    (2) If a request is made by electronic means, it shall be submitted 
as set forth on the CFPB's Web site, https://www.consumerfinance.gov. 
The request shall be labeled ``Freedom of Information Act Request.''
    (c) Content of request. (1) In order to ensure the CFPB's ability 
to respond in a timely manner, a FOIA request should describe the 
records that the requester seeks in sufficient detail to enable CFPB 
personnel to locate them with a reasonable amount of effort. Whenever 
possible, the request should include specific information about each 
record sought, such as the date, title or name, author, recipient, and 
subject matter of the record. If known, the requester should include 
any file designations or descriptions for the records requested. As a 
general rule, the more specific the requester is about the records or 
type of records requested, the more likely the CFPB will be able to 
locate those records in response to the request;
    (2) In order to ensure the CFPB's ability to communicate 
effectively with

[[Page 45380]]

the requester, a request should include contact information for the 
requester, including, to the extent available, a mailing address, 
telephone number, and e-mail address at which the CFPB may contact the 
requester regarding the request;
    (3) The request should state whether the requester wishes to 
inspect the records or desires to receive an electronic copy or have a 
copy made and furnished without first inspecting the records;
    (4) For the purpose of determining any fees that may apply to 
processing a request, a requester should indicate in the request 
whether the requester is a commercial user, an educational institution, 
non-commercial scientific institution, representative of the news 
media, governmental entity, or ``other'' requester, as those terms are 
defined in section 1070.22(b) of this subpart, and the basis for 
claiming that fee category. Requesters may seek assistance in 
determining the appropriate fee category by contacting the CFPB's FOIA 
Public Liaison at the telephone number listed on the CFPB's Web site, 
https://www.consumerfinance.gov. The CFPB will use any information 
provided to the FOIA Public Liaison solely for the purpose of 
determining the appropriate fee category that applies to the requester;
    (5) If a requester seeks a waiver or reduction of fees associated 
with processing a request, then the request shall include a statement 
to that effect as is required by section 1070.22(e) of this subpart. 
Any request that does not seek a waiver or reduction of fees 
constitutes an agreement of the requester to pay any and all fees (of 
up to $25) that may apply to the request, as otherwise set forth in 
section 1070.22 of this subpart, except that the requester may specify 
in the request an upper limit (of not less than $25) that the requester 
is willing to pay to process the request; and
    (6) If a requester seeks expedited processing of a request, then 
the request must include a statement to that effect as is required by 
section 1070.17 of this subpart.
    (d) Perfected requests; effect of request deficiencies. For 
purposes of computing its deadline to respond to a request, the CFPB 
will deem itself to have received a request only if, and on the date 
that, it receives a request that contains all of the information 
required by and that otherwise conforms with paragraphs (b) and (c) of 
this section. A request that another agency refers to the CFPB will be 
deemed to have been received by the CFPB on the date the request was 
received from the referring agency. The CFPB need not accept a request, 
process a request, or be bound by any deadlines in this subpart for 
processing a request that fails to conform to the requirements of 
paragraphs (b) and (c) of this section. If a request is deficient in 
any material respect, then the CFPB may return it to the requester and 
advise the requester in what respect the request is deficient, and what 
additional information is needed to respond to the request. The 
requester may then amend or resubmit the request. A determination by 
the CFPB that a request is deficient in any respect is not a denial of 
a request for records and such determinations are not subject to 
appeal. If a requester fails to respond to a CFPB notification that a 
request is deficient within thirty (30) days of the CFPB's 
notification, the CFPB will deem the request withdrawn.
    (e) Requests by an individual for CFPB records pertaining to that 
individual. An individual who wishes to inspect or obtain copies of 
records of the Bureau that pertain to that individual shall file a 
request in accordance with subpart E of these rules.
    (f) Requests for CFPB records pertaining to another individual. 
Where a request for records pertains to a third party, a requester may 
receive greater access by submitting either a notarized authorization 
signed by that individual or a declaration by that individual made in 
compliance with the requirements set forth in 28 U.S.C. 1746 
authorizing disclosure of the records to the requester, or submits 
proof that the individual is deceased (e.g., a copy of a death 
certificate or an obituary). The CFPB may require a requester to supply 
additional information if necessary in order to verify that a 
particular individual has consented to disclosure.


Sec.  1070.15  Responsibility for responding to requests for CFPB 
records.

    (a) In general. In determining which records are responsive to a 
request, the CFPB ordinarily will include only records in its 
possession as of the date the CFPB begins its search for them. If any 
other date is used, the CFPB shall inform the requester of that date.
    (b) Authority to grant or deny requests. The Chief FOIA Officer 
shall be authorized to grant or deny any request for a record of the 
CFPB.
    (c) Consultations and referrals. (1) When a requested record has 
been created by an agency other than the CFPB, the CFPB shall refer the 
record to the originating agency for a direct response to the 
reque
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.