Privacy Act of 1974: Systems of Records, 22486-22488 [2023-07846]

Agencies

• National Credit Union Administration

[Federal Register Volume 88, Number 71 (Thursday, April 13, 2023)]
[Notices]
[Pages 22486-22488]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-07846]


-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a new Privacy Act system of 
records. The new system is NCUA-26, Prospective Official Application 
Records. The Federal Credit Union Act requires that the NCUA 
investigate the general character and fitness of the management and 
officials of a proposed federal credit union or proposed federally 
insured state-chartered credit union. This system will include 
information that the NCUA collects and maintains to meet these 
requirements of the Federal Credit Union Act. Information is collected 
directly from the individual with their consent.

DATES: Submit comments on or before May 15, 2023. This system will be 
effective immediately, and routine uses will be effective on May 15, 
2023.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA Website: https://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Jennifer Chemel, Attorney-Advisor, 
Office of General Counsel, the National Credit Union Administration, 
1775 Duke Street, Alexandria, Virginia 22314.

SUPPLEMENTARY INFORMATION: This notice informs the public of the NCUA's 
proposal to establish and maintain a new system of records in 
accordance with the Privacy Act of 1974. The proposed system of records 
covers the NCUA's collection and maintenance of records on applications 
for proposed federal and federally insured state-chartered credit union 
officials and employees. The Federal Credit Union Act requires that the 
NCUA investigate the general character and fitness of officials and 
senior management of proposed federal credit unions and proposed 
federally insured state-chartered credit unions. The Federal Credit 
Union Act defines management of a federal credit union as the proposed 
credit union's board of directors, credit committee, and supervisory 
committee. Senior management official is defined as a chief executive 
officer, an assistant chief executive officer, a chief financial 
officer, and any other senior executive officer. NCUA's Office of 
Credit Union Resources and Expansion (CURE) manages the credit union 
charter process and performs these general investigations with the 
assistance of the NCUA's Office of Continuity and Security Management.
    The format of NCUA-26 aligns with the guidance set forth in Office 
of

[[Page 22487]]

Management and Budget (OMB) Circular A-108.

    By the National Credit Union Administration Board on April 10, 
2023.
Melane Conyers-Ausbrooks,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    NCUA-26, Prospective Official Application Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    National Credit Union Administration, 1775 Duke Street, Alexandria, 
VA 22314-3428.

SYSTEM MANAGER(S):
    Director, Office of Credit Union Resources and Expansion, National 
Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 
22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1754 and 12 CFR part 701.

PURPOSE(S) OF THE SYSTEM:
    The NCUA uses information maintained in this system to carry out 
its statutory and other regulatory responsibilities, including 
evaluating the general character and fitness of prospective officials 
and employees of proposed federal credit unions and proposed federally 
insured state-chartered credit unions, and evaluating that applicants 
have requisite skills and commitment to dedicate time and effort to 
operate a successful credit union.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals, such as prospective officials and employees, or other 
persons who are subject to background checks designed to evaluate the 
general character and fitness bearing on the individual's fitness to be 
an official or employee of a proposed federal credit union or a 
proposed federally insured state-chartered credit union.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system include name, contact information, date of 
birth, and Social Security numbers of individuals proposed as either 
officials or management employees of proposed federal credit unions or 
proposed federally insured state-chartered credit unions. Records may 
also include interagency or intra-agency correspondence or memoranda; 
suspicious activity reports; federal, state, or local criminal law 
enforcement agency investigatory reports, indictments and/or arrest and 
conviction information; reporting agency credit reports; adverse credit 
records (e.g., bankruptcies, liens, judgments); administrative 
enforcement orders or agreements. Records also include actions taken by 
the NCUA in connection with these proposals.

RECORD SOURCE CATEGORIES:
    The information in the system is obtained from individuals named in 
notices filed pursuant to 12 CFR 701 Appendix B, federal or state 
financial regulatory agencies, criminal law enforcement authorities, 
credit bureaus, and NCUA personnel.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. A record from a system of records may be disclosed as a routine 
use to third parties to the extent necessary to obtain information that 
is relevant to an investigation of an individual's general character 
and fitness;
    2. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether federal, state, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto;
    3. A record from a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained;
    4. Records in a system of records may be disclosed as a routine use 
to the Department of Justice, when: (a) NCUA, or any of its components 
or employees acting in their official capacities, is a party to 
litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation;
    5. Records in a system of records may be disclosed as a routine use 
in a proceeding before a court or adjudicative body before which NCUA 
is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation;
    6. A record from a system of records may be disclosed as a routine 
use to contractors, experts, consultants, and the agents thereof, and 
others performing or working on a contract, service, cooperative 
agreement, or other assignment for NCUA when necessary to accomplish an 
agency function or administer an employee benefit program. Individuals 
provided information under this routine use are subject to the same 
Privacy Act requirements and limitations on disclosure as are 
applicable to NCUA employees;
    7. A record from a system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) NCUA suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) NCUA has determined 
that as a result of the suspected or confirmed compromise there is a 
risk of harm to economic or property interests, identity theft or 
fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by NCUA or another agency or 
entity) that rely upon the compromised information; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with NCUA's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm; and
    8. To another Federal agency or Federal entity, when the NCUA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the

[[Page 22488]]

recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers, 
approved by NCUA's Office of the Chief Information Officer (OCIO), 
within a FedRAMP-authorized commercial Cloud Service Provider's (CSP) 
Software-as-a-Service solution hosting environment and accessed only by 
authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by the name of an individual covered by 
the system.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed in accordance with the General 
Records Retention Schedules issued by the National Archives and Records 
Administration (NARA) or an NCUA records disposition schedule approved 
by NARA.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited only to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable federal laws 
and regulations, including OMB Circular A-130 and NIST Special 
Publication 800-37.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Federal criminal law enforcement investigatory reports maintained 
as part of this system may be subject of exemptions imposed by the 
originating agency pursuant to 5 U.S.C. 552a(j)(2).

HISTORY:
    This is a new system.

[FR Doc. 2023-07846 Filed 4-12-23; 8:45 am]
BILLING CODE 7535-01-P