Privacy Act of 1974: Systems of Records, 43152-43155 [2023-14274]

Download as PDF 43152 Federal Register / Vol. 88, No. 128 / Thursday, July 6, 2023 / Notices previous four quarters available when the Board approves the budget. The NCUA combines operating fee and capitalization deposit adjustments into a single invoice normally due in April. As required by the FCU Act, the NCUA will deposit the collected fees in the United States Treasury.25 lotter on DSK11XQN23PROD with NOTICES1 IV. Change to Operating Fee Methodology and Request for Comment The Board seeks comment on a change to the exemption level below which FCUs are not charged an operating fee and invites comment on other aspects of the operating fee methodology, as described below. 1. Threshold for Exemption From Paying an Operating Fee Currently, FCUs reporting average assets of $1,000,000 or less during the preceding four calendar quarters are exempt from paying an operating fee, because the Board considered and determined that such credit unions do not have the ability to pay the fee. The $1,000,000 average asset exemption level has been in place since 2012 and has not been adjusted since that time. In the intervening 11 years, average assets across FCUs have approximately doubled. To account for this growth in the size of the credit union system, the Board is proposing to raise the average asset exemption level for FCUs to $2,000,000 and to adjust the exemption threshold annually in future years by the computed rate of asset growth in the credit union system. This inflationary adjustment would be included in the operating fee calculation presented in the annual draft NCUA budget published by the Chief Financial Officer pursuant to 12 U.S.C. 1789(b). The NCUA would adjust the exemption threshold by the percentage by which average quarterly assets reported for the credit union system for the most-current four quarters have increased compared to the previous four quarters, using the Call report data available at the time the NCUA budget is published. For example, when the Board approved the 2023–2024 operating budget in December 2022, the average credit union system assets for the four mostcurrent quarters (i.e., the third and fourth quarters of 2021 and the first two quarters of 2022) were 8.5 percent higher than the previous four quarters (i.e., the third and fourth quarter of 2020 and the first two quarters of 2021). This increase in assets can be expressed as an inflation multiplier (1.085 in the 25 12 U.S.C. 1755(d); https://www.ncua.gov/files/ agenda-items/AG20191212Item1b.pdf, pages 57 to 64. VerDate Sep<11>2014 17:07 Jul 05, 2023 Jkt 259001 example given) and applied to the exemption threshold to determine the adjusted level. The Board believes that this change would appropriately maintain its current policy of exempting the smallest natural person credit unions from paying the operating fee based on those institutions’ inability to pay such a fee. 2. Other Aspects of the Operating Fee Methodology The Board has not substantially modified the current three-tier operating fee schedule since 1993. The current operating fee schedule is regressive; that is, credit unions with a larger amount of total assets pay a lower marginal rate on those assets above the threshold levels for the lower tiers. Given growth and consolidation in the credit union system, the Board is interested in whether such an approach is an equitable method for allocating the operating fee. There is a potentially wide range of approaches for assessing the operating fee. For example, the Board could adopt a single, flat-rate operating fee for all credit unions with total assets that exceed a standard exemption threshold. Overall, a flat-rate operating fee would shift fees away from relatively smaller credit unions to relatively larger ones, making the operating fee schedule less regressive. The Board could also make the operating fee schedule less regressive by increasing the rates for the second and third tiers on the schedule. Alternatively, adjusting the rates upward for the first and second tiers of the current operating fee would create a more regressive schedule. The Board is interested in receiving public comments on whether or how it should consider modifying the operating fee schedule and what specific aspects and conditions of the credit union system it should evaluate when making such decisions. The Board is also interested in specific suggestions that would increase the equitable distribution of the operating fee across FCUs. Because the operating fee methodology allocates the non-OTR portion of the NCUA budget to all FCUs subject to it, changes to the methodology do not lower total operating fee collections but instead shift the fees to those FCUs required to pay it. The Board is interested in understanding how any proposals to change the methodology can be justified as fair and equitable not only for those FCUs whose operating fee would decrease, but also for those FCUs whose operating fees would increase and therefore bear a greater fee burden compared to the current methodology. PO 00000 Frm 00074 Fmt 4703 Sfmt 4703 Authority: 12 U.S.C. 1755. By the National Credit Union Administration Board on June 29, 2023. Melane Conyers-Ausbrooks, Secretary of the Board. [FR Doc. 2023–14201 Filed 7–5–23; 8:45 am] BILLING CODE 7535–01–P NATIONAL CREDIT UNION ADMINISTRATION Privacy Act of 1974: Systems of Records National Credit Union Administration (NCUA). ACTION: Notice of a modified system of records. AGENCY: Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a proposed modified Privacy Act system of records titled NCUA–11, ‘‘Office of Inspector General (OIG) Investigative Records.’’ The OIG Investigative Records system of records documents the investigative work of the OIG, including complaints received through the OIG Hotline, OIG mail, and otherwise, enabling the OIG to secure and maintain necessary investigative information and to coordinate with other law enforcement agencies as appropriate. SUMMARY: Submit comments on or before August 7, 2023. This modification will be effective immediately, and new routine uses will be effective on August 7, 2023. ADDRESSES: You may submit comments by any of the following methods, but please send comments by one method only: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • NCUA website: https:// www.ncua.gov/ RegulationsOpinionsLaws/proposed_ regs/proposed_regs.html. Follow the instructions for submitting comments. • Fax: (703) 518–6319. Use the subject line described above for email. • Mail: Address to Melane ConyersAusbrooks, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. • Hand Delivery/Courier: Same as mail address. FOR FURTHER INFORMATION CONTACT: Marta Erceg, Counsel to the Inspector General/Assistant Inspector General, Office of the Inspector General, (703) 518–6350, or Jennifer Harrison, Attorney-Advisor, Office of General DATES: E:\FR\FM\06JYN1.SGM 06JYN1 lotter on DSK11XQN23PROD with NOTICES1 Federal Register / Vol. 88, No. 128 / Thursday, July 6, 2023 / Notices Counsel, (703) 518–6540, 1775 Duke Street, Alexandria, VA 22314. SUPPLEMENTARY INFORMATION: The NCUA has made the following substantive changes to this System of Records Notice: 1. NCUA has updated the Purpose(s) of the System to provide additional details of why records are being collected. 2. NCUA has updated the Categories of Records in the System to provide additional details of what types of records are being collected. 3. NCUA has updated its Routine Uses. NCUA has added a routine use relating to obtaining legal advice from the Department of Justice and other prosecutors. NCUA has added a routine use to entities responsible for the oversight of Federal funds. NCUA has added a routine use for disclosure records relating to suspension and debarment actions. NCUA has added a routine use for disclosure of records to the Council of the Inspectors General for Integrity and Efficiency. NCUA has added a routine use to allow the OIG to disclose records to a complainant’s employer who at the time of the alleged reprisal was an NCUA contractor, subcontractor, grantee, or subgrantee, without requiring the complainant’s consent, to comply with the requirements of 41 U.S.C. 4712(b)(1). NCUA has also added text of the routine uses that had been previously contained in the agency’s ‘‘Standard Routine Uses.’’ Finally, NCUA has added two routine uses relating to the disclosure of records in the event of a suspected or actual privacy breach. 4. NCUA has updated Policies and Practices for Storage of Records to reflect that records are electronically maintained. 5. NCUA has updated Policies and Practices for Retention and Disposal of Records to reflect that NCUA uses National Archives and Records Administration-approved records schedules. 6. NCUA has updated Administrative, Technical, and Physical Safeguards to accurately reflect how these records are protected. 7. NCUA has updated Record Access, Contesting Record, and Notification Procedures to accurately reflect the NCUA procedures as detailed in 12 CFR 792.55. 8. NCUA has updated History to accurately reflect the SORN’s publication history. Non-substantive modifications have also been made to ensure that the format NCUA–11 aligns with the guidance set forth in Office of Management and Budget Circular A– 108. VerDate Sep<11>2014 17:07 Jul 05, 2023 Jkt 259001 By the National Credit Union Administration Board on June 30, 2023. Melane Conyers-Ausbrooks, Secretary of the Board. SYSTEM NAME AND NUMBER: NCUA–11, Office of Inspector General (OIG) Investigative Records. SECURITY CLASSIFICATION: 43153 reporting requirements of the Inspector General Act, 5 U.S.C. 401–424; 8. Reporting on OIG activities to the Council of Inspectors General for Integrity and Efficiency (CIGIE); and 9. Participating in CIGIE’s investigative qualitative assessment review process. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Unclassified. Office of Inspector General, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314– 3428. Subjects of investigation, complainants, and witnesses referred to in complaints or investigative cases, reports, accompanying documents, and correspondence prepared by, compiled by, or referred to the OIG. SYSTEM MANAGER(S): CATEGORIES OF RECORDS IN THE SYSTEM: Counsel to the Inspector General/ Assistant Inspector General for Investigations, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. The system is comprised of OIG investigation files and complaint files. These files include reports of investigations with related exhibits, statements, affidavits, or other pertinent documents. Files may contain memoranda; computer-generated background information; location information; payroll, time sheets, and travel records; correspondence, including call, text, and email records; and reports from or to other law enforcement bodies pertaining to violations or potential violations of criminal laws, fraud, or abuse with respect to administration of NCUA programs and operations, and violations of employee and contractor standards of conduct. Records in this system may contain personally identifiable information such as names, Social Security numbers, dates of birth, and addresses. This system may also contain such information as employment history, bank account information, driver’s licenses, vehicle registration, educational records, criminal history, photographs, voice recordings, and other information of a personal nature provided or obtained in connection with an investigation. SYSTEM LOCATION: AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Federal Credit Union Act, 12 U.S.C. 1751, et seq., and the Inspector General Act of 1978, 5 U.S.C. 401, et seq. PURPOSE(S) OF THE SYSTEM: This system is maintained for the purposes of: 1. Conducting and documenting investigations by the OIG or other investigative agencies regarding NCUA programs, operations, personnel, and contractors, and reporting the results of investigations to NCUA management, other Federal agencies, and other public authorities or professional organizations that have the authority to bring criminal prosecutions or civil or administrative actions, or to impose disciplinary sanctions; 2. Documenting the outcome of OIG investigations; 3. Maintaining a record of the activities that were the subject of investigations; 4. Reporting investigative findings for use in operating and evaluating NCUA programs or operations and in the imposition of sanctions; 5. Maintaining a record of complaints and allegations received regarding NCUA programs, operations, and personnel, and documenting the outcome of OIG reviews and disposition of those complaints and allegations; 6. Coordinating relationships with other Federal agencies, State and local governmental agencies, and nongovernmental entities in matters relating to the statutory responsibilities of the OIG and reporting to such entities on government-wide efforts pursuant to the oversight of Federal funds; 7. Acting as a repository and source for information necessary to fulfill the PO 00000 Frm 00075 Fmt 4703 Sfmt 4703 ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: 1. If a record in a system of records indicates a violation or potential violation of civil or criminal law or a regulation, and whether arising by general statute or particular program statute, or by regulation, rule, or order, the relevant records in the system of records may be disclosed as a routine use to the appropriate agency, whether E:\FR\FM\06JYN1.SGM 06JYN1 lotter on DSK11XQN23PROD with NOTICES1 43154 Federal Register / Vol. 88, No. 128 / Thursday, July 6, 2023 / Notices Federal, State, local, or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, rule, regulation, or order issued pursuant thereto; 2. A record in a system of records may be disclosed as a routine use to a member of Congress or to a congressional staff member in response to an inquiry from the congressional office made at the request of the individual about whom the record is maintained; 3. A record in a system of records may be disclosed as a routine use to the Department of Justice, when: (a) NCUA, or any of its components or employees acting in their official capacities, is a party to litigation; or (b) Any employee of NCUA in his or her individual capacity is a party to litigation and where the Department of Justice has agreed to represent the employee; or (c) The United States is a party in litigation, where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation; 4. A record in a system of records may be disclosed as a routine use in a proceeding before a court or adjudicative body before which NCUA is authorized to appear (a) when NCUA or any of its components or employees are acting in their official capacities; (b) where NCUA or any employee of NCUA in his or her individual capacity has agreed to represent the employee; or (c) where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation; 5. A record from a system of records may be disclosed as a routine use to contractors, experts, consultants, and the agents thereof, and others performing or working on a contract, service, cooperative agreement, or other assignment for NCUA when necessary to accomplish an agency function or administer an employee benefit program. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to NCUA employees; 6. A record from a system of records may be disclosed as a routine use to the Department of Justice, including its U.S. Attorney’s Offices, and State and local prosecutors, to the extent necessary to VerDate Sep<11>2014 17:07 Jul 05, 2023 Jkt 259001 obtain legal advice on any matter relevant to an OIG investigation, audit, inspection, or other inquiry related to the responsibilities of the OIG; 7. A record from a system of records may be disclosed as a routine use to any Federal agency, entity, or board responsible for coordinating and conducting oversight of Federal funds, in order to prevent fraud, waste, and abuse related to Federal funds, or for assisting in the enforcement, investigation, prosecution, or oversight of violations of administrative, civil, or criminal law or regulation, if that information is relevant to any enforcement, regulatory, investigative, prosecutorial, or oversight responsibility of the NCUA or of the receiving entity; 8. A record from a system of records may be disclosed as a routine use to another Federal agency considering suspension or debarment action if the information is relevant to the suspension or debarment action. The OIG also may disclose information to another agency to gain information in support of the NCUA’s own debarment and suspension actions; 9. A record from a system of records may be disclosed as a routine use to the Council of the Inspectors General on Integrity and Efficiency (CIGIE) to assist in its preparation of reports, analysis, surveys, coordination of investigations, and other CIGIE activities; 10. A record from a system of records may be disclosed as a routine use to other Federal entities, such as other Offices of Inspector General, to the Government Accountability Office, or to a private party with which the OIG or the NCUA has contracted or with which it contemplates contracting, for the purpose of auditing or reviewing the performance or internal management of the OIG’s audit or investigative programs. 11. A record from a system of records may be disclosed as a routine use to a complainant alleging whistleblower reprisal and the complainant’s employer (current or former) that at the time of the alleged reprisal was a grantee, subgrantee, contractor, or subcontractor of the NCUA, to fulfill the whistleblower reprisal investigation reporting requirements of 41 U.S.C. 4712(b)(1) or any other whistleblower reprisal law requiring a disclosure to a complainant or an entity that employs or employed the complainant; 12. A record from a system of records may be disclosed to appropriate agencies, entities, and persons when (1) NCUA suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) NCUA has PO 00000 Frm 00076 Fmt 4703 Sfmt 4703 determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by NCUA or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NCUA’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm; and 13. A record from a system of records may be disclosed to another Federal agency or Federal entity, when the NCUA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Electronic records and backups are stored on secure servers, approved by NCUA’s Office of the Chief Information Officer (OCIO), within a FedRAMPauthorized commercial Cloud Service Provider’s (CSP) Software-as-a-Service solution hosting environment and accessed only by authorized personnel. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Information is retrieved by case number, general subject matter, or name of the subject of investigation. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records are maintained and disposed in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA) or an NCUA records disposition schedule approved by NARA. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: NCUA and the Cloud Service Provider have implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Public Law 113–283, S. 2521, and NCUA’s information security policies to protect the confidentiality, integrity, and availability of the E:\FR\FM\06JYN1.SGM 06JYN1 Federal Register / Vol. 88, No. 128 / Thursday, July 6, 2023 / Notices information system and the information contained therein. Access is limited only to individuals authorized through NIST-compliant Identity, Credential, and Access Management policies and procedures. The records are maintained behind a layered defensive posture consistent with all applicable Federal laws and regulations, including OMB Circular A–130 and NIST Special Publication 800–37. RECORD ACCESS PROCEDURES: Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). CONTESTING RECORD PROCEDURES: Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. A statement specifying the changes to be made in the records and the justification therefore. 4. The address to which the response should be sent. 5. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. lotter on DSK11XQN23PROD with NOTICES1 NOTIFICATION PROCEDURES: Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. VerDate Sep<11>2014 17:07 Jul 05, 2023 Jkt 259001 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). EXEMPTIONS PROMULGATED FOR THE SYSTEM: Pursuant to 5 U.S.C. 552a(j)(2), this system of records is exempt from subsections (c)(3) and (4), (d), (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8), (f) and (g) of the Act. This exemption applies to information in the system that relates to criminal law enforcement and meets the criteria of the (j)(2) exemption. Pursuant to 5 U.S.C. 552a(k)(2), to the extent that the system contains investigative material compiled for law enforcement purposes, other than material within the scope of subsection (j)(2), this system of records is exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f). The exemption rule is contained in 12 CFR 792.66 of the NCUA regulations. HISTORY: This SORN was published originally as NCUA–20, ‘‘Investigation Files,’’ at 53 FR 37372 (Sept. 26, 1988); renamed to ‘‘Office of Inspector General Investigative Records’’ at 60 FR 18149 (April 10, 1995); and renumbered as NCUA–11 at 65 FR 3486 (Feb. 20, 2000). Subsequent modifications were published at 71 FR 77807 (Dec. 27, 2006) and 75 FR 41539 (July 16, 2010). [FR Doc. 2023–14274 Filed 7–5–23; 8:45 am] BILLING CODE 7535–01–P NUCLEAR REGULATORY COMMISSION [NRC–2022–0217] Information Collection: NRC Form 974 Privacy Act Complaint Form Nuclear Regulatory Commission. ACTION: Notice of submission to the Office of Management and Budget; request for comment. AGENCY: The U.S. Nuclear Regulatory Commission (NRC) has recently submitted a proposed collection of information to the Office of Management and Budget (OMB) for review. The information collection is entitled, NRC Form 974 ‘‘Privacy Act Complaint Form.’’ SUMMARY: PO 00000 Frm 00077 Fmt 4703 Sfmt 4703 43155 Submit comments by August 7, 2023. Comments received after this date will be considered if it is practical to do so, but the Commission is able to ensure consideration only for comments received on or before this date. ADDRESSES: Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to https://www.reginfo.gov/ public/do/PRAMain. Find this particular information collection by selecting ‘‘Currently under Review— Open for Public Comments’’ or by using the search function. FOR FURTHER INFORMATION CONTACT: David Cullison, NRC Clearance Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001; telephone: 301–415–2084; email: Infocollects.Resource@nrc.gov. SUPPLEMENTARY INFORMATION: DATES: I. Obtaining Information and Submitting Comments A. Obtaining Information Please refer to Docket ID NRC–2022– 0217 when contacting the NRC about the availability of information for this action. You may obtain publicly available information related to this action by any of the following methods: • Federal Rulemaking website: Go to https://www.regulations.gov and search for Docket ID NRC–2022–0217. • NRC’s Agencywide Documents Access and Management System (ADAMS): You may obtain publicly available documents online in the ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/ adams.html. To begin the search, select ‘‘Begin Web-based ADAMS Search.’’ For problems with ADAMS, please contact the NRC’s Public Document Room (PDR) reference staff at 1–800–397–4209, 301– 415–4737, or by email to PDR.Resource@nrc.gov. A copy of the collection of information and related instructions may be obtained without charge by accessing ADAMS Accession No. ML23089A290. The supporting statement is available in ADAMS under Accession No. ML23081A464. • NRC’s PDR: The PDR, where you may examine and order copies of publicly available documents, is open by appointment. To make an appointment to visit the PDR, please send an email to PDR.Resource@nrc.gov or call 1–800–397–4209 or 301–415– 4737, between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, except Federal holidays. • NRC’s Clearance Officer: A copy of the collection of information and related instructions may be obtained without E:\FR\FM\06JYN1.SGM 06JYN1

Agencies

[Federal Register Volume 88, Number 128 (Thursday, July 6, 2023)]
[Notices]
[Pages 43152-43155]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-14274]


-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a proposed modified Privacy Act 
system of records titled NCUA-11, ``Office of Inspector General (OIG) 
Investigative Records.'' The OIG Investigative Records system of 
records documents the investigative work of the OIG, including 
complaints received through the OIG Hotline, OIG mail, and otherwise, 
enabling the OIG to secure and maintain necessary investigative 
information and to coordinate with other law enforcement agencies as 
appropriate.

DATES: Submit comments on or before August 7, 2023. This modification 
will be effective immediately, and new routine uses will be effective 
on August 7, 2023.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA website: https://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Marta Erceg, Counsel to the Inspector 
General/Assistant Inspector General, Office of the Inspector General, 
(703) 518-6350, or Jennifer Harrison, Attorney-Advisor, Office of 
General

[[Page 43153]]

Counsel, (703) 518-6540, 1775 Duke Street, Alexandria, VA 22314.

SUPPLEMENTARY INFORMATION: The NCUA has made the following substantive 
changes to this System of Records Notice:
    1. NCUA has updated the Purpose(s) of the System to provide 
additional details of why records are being collected.
    2. NCUA has updated the Categories of Records in the System to 
provide additional details of what types of records are being 
collected.
    3. NCUA has updated its Routine Uses. NCUA has added a routine use 
relating to obtaining legal advice from the Department of Justice and 
other prosecutors. NCUA has added a routine use to entities responsible 
for the oversight of Federal funds. NCUA has added a routine use for 
disclosure records relating to suspension and debarment actions. NCUA 
has added a routine use for disclosure of records to the Council of the 
Inspectors General for Integrity and Efficiency. NCUA has added a 
routine use to allow the OIG to disclose records to a complainant's 
employer who at the time of the alleged reprisal was an NCUA 
contractor, subcontractor, grantee, or subgrantee, without requiring 
the complainant's consent, to comply with the requirements of 41 U.S.C. 
4712(b)(1). NCUA has also added text of the routine uses that had been 
previously contained in the agency's ``Standard Routine Uses.'' 
Finally, NCUA has added two routine uses relating to the disclosure of 
records in the event of a suspected or actual privacy breach.
    4. NCUA has updated Policies and Practices for Storage of Records 
to reflect that records are electronically maintained.
    5. NCUA has updated Policies and Practices for Retention and 
Disposal of Records to reflect that NCUA uses National Archives and 
Records Administration-approved records schedules.
    6. NCUA has updated Administrative, Technical, and Physical 
Safeguards to accurately reflect how these records are protected.
    7. NCUA has updated Record Access, Contesting Record, and 
Notification Procedures to accurately reflect the NCUA procedures as 
detailed in 12 CFR 792.55.
    8. NCUA has updated History to accurately reflect the SORN's 
publication history. Non-substantive modifications have also been made 
to ensure that the format NCUA-11 aligns with the guidance set forth in 
Office of Management and Budget Circular A-108.

    By the National Credit Union Administration Board on June 30, 
2023.
Melane Conyers-Ausbrooks,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    NCUA-11, Office of Inspector General (OIG) Investigative Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Inspector General, National Credit Union Administration, 
1775 Duke Street, Alexandria, VA 22314-3428.

SYSTEM MANAGER(S):
    Counsel to the Inspector General/Assistant Inspector General for 
Investigations, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Federal Credit Union Act, 12 U.S.C. 1751, et seq., and the 
Inspector General Act of 1978, 5 U.S.C. 401, et seq.

PURPOSE(S) OF THE SYSTEM:
    This system is maintained for the purposes of:
    1. Conducting and documenting investigations by the OIG or other 
investigative agencies regarding NCUA programs, operations, personnel, 
and contractors, and reporting the results of investigations to NCUA 
management, other Federal agencies, and other public authorities or 
professional organizations that have the authority to bring criminal 
prosecutions or civil or administrative actions, or to impose 
disciplinary sanctions;
    2. Documenting the outcome of OIG investigations;
    3. Maintaining a record of the activities that were the subject of 
investigations;
    4. Reporting investigative findings for use in operating and 
evaluating NCUA programs or operations and in the imposition of 
sanctions;
    5. Maintaining a record of complaints and allegations received 
regarding NCUA programs, operations, and personnel, and documenting the 
outcome of OIG reviews and disposition of those complaints and 
allegations;
    6. Coordinating relationships with other Federal agencies, State 
and local governmental agencies, and nongovernmental entities in 
matters relating to the statutory responsibilities of the OIG and 
reporting to such entities on government-wide efforts pursuant to the 
oversight of Federal funds;
    7. Acting as a repository and source for information necessary to 
fulfill the reporting requirements of the Inspector General Act, 5 
U.S.C. 401-424;
    8. Reporting on OIG activities to the Council of Inspectors General 
for Integrity and Efficiency (CIGIE); and
    9. Participating in CIGIE's investigative qualitative assessment 
review process.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Subjects of investigation, complainants, and witnesses referred to 
in complaints or investigative cases, reports, accompanying documents, 
and correspondence prepared by, compiled by, or referred to the OIG.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system is comprised of OIG investigation files and complaint 
files. These files include reports of investigations with related 
exhibits, statements, affidavits, or other pertinent documents. Files 
may contain memoranda; computer-generated background information; 
location information; payroll, time sheets, and travel records; 
correspondence, including call, text, and email records; and reports 
from or to other law enforcement bodies pertaining to violations or 
potential violations of criminal laws, fraud, or abuse with respect to 
administration of NCUA programs and operations, and violations of 
employee and contractor standards of conduct. Records in this system 
may contain personally identifiable information such as names, Social 
Security numbers, dates of birth, and addresses. This system may also 
contain such information as employment history, bank account 
information, driver's licenses, vehicle registration, educational 
records, criminal history, photographs, voice recordings, and other 
information of a personal nature provided or obtained in connection 
with an investigation.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system of 
records may be disclosed as a routine use to the appropriate agency, 
whether

[[Page 43154]]

Federal, State, local, or foreign, charged with the responsibility of 
investigating or prosecuting such violation or charged with enforcing 
or implementing the statute, rule, regulation, or order issued pursuant 
thereto;
    2. A record in a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained;
    3. A record in a system of records may be disclosed as a routine 
use to the Department of Justice, when: (a) NCUA, or any of its 
components or employees acting in their official capacities, is a party 
to litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation;
    4. A record in a system of records may be disclosed as a routine 
use in a proceeding before a court or adjudicative body before which 
NCUA is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation;
    5. A record from a system of records may be disclosed as a routine 
use to contractors, experts, consultants, and the agents thereof, and 
others performing or working on a contract, service, cooperative 
agreement, or other assignment for NCUA when necessary to accomplish an 
agency function or administer an employee benefit program. Individuals 
provided information under this routine use are subject to the same 
Privacy Act requirements and limitations on disclosure as are 
applicable to NCUA employees;
    6. A record from a system of records may be disclosed as a routine 
use to the Department of Justice, including its U.S. Attorney's 
Offices, and State and local prosecutors, to the extent necessary to 
obtain legal advice on any matter relevant to an OIG investigation, 
audit, inspection, or other inquiry related to the responsibilities of 
the OIG;
    7. A record from a system of records may be disclosed as a routine 
use to any Federal agency, entity, or board responsible for 
coordinating and conducting oversight of Federal funds, in order to 
prevent fraud, waste, and abuse related to Federal funds, or for 
assisting in the enforcement, investigation, prosecution, or oversight 
of violations of administrative, civil, or criminal law or regulation, 
if that information is relevant to any enforcement, regulatory, 
investigative, prosecutorial, or oversight responsibility of the NCUA 
or of the receiving entity;
    8. A record from a system of records may be disclosed as a routine 
use to another Federal agency considering suspension or debarment 
action if the information is relevant to the suspension or debarment 
action. The OIG also may disclose information to another agency to gain 
information in support of the NCUA's own debarment and suspension 
actions;
    9. A record from a system of records may be disclosed as a routine 
use to the Council of the Inspectors General on Integrity and 
Efficiency (CIGIE) to assist in its preparation of reports, analysis, 
surveys, coordination of investigations, and other CIGIE activities;
    10. A record from a system of records may be disclosed as a routine 
use to other Federal entities, such as other Offices of Inspector 
General, to the Government Accountability Office, or to a private party 
with which the OIG or the NCUA has contracted or with which it 
contemplates contracting, for the purpose of auditing or reviewing the 
performance or internal management of the OIG's audit or investigative 
programs.
    11. A record from a system of records may be disclosed as a routine 
use to a complainant alleging whistleblower reprisal and the 
complainant's employer (current or former) that at the time of the 
alleged reprisal was a grantee, subgrantee, contractor, or 
subcontractor of the NCUA, to fulfill the whistleblower reprisal 
investigation reporting requirements of 41 U.S.C. 4712(b)(1) or any 
other whistleblower reprisal law requiring a disclosure to a 
complainant or an entity that employs or employed the complainant;
    12. A record from a system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) NCUA suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) NCUA has determined 
that as a result of the suspected or confirmed compromise there is a 
risk of harm to economic or property interests, identity theft or 
fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by NCUA or another agency or 
entity) that rely upon the compromised information; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with NCUA's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm; and
    13. A record from a system of records may be disclosed to another 
Federal agency or Federal entity, when the NCUA determines that 
information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers, 
approved by NCUA's Office of the Chief Information Officer (OCIO), 
within a FedRAMP-authorized commercial Cloud Service Provider's (CSP) 
Software-as-a-Service solution hosting environment and accessed only by 
authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information is retrieved by case number, general subject matter, or 
name of the subject of investigation.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed in accordance with the General 
Records Retention Schedules issued by the National Archives and Records 
Administration (NARA) or an NCUA records disposition schedule approved 
by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    NCUA and the Cloud Service Provider have implemented the 
appropriate administrative, technical, and physical controls in 
accordance with the Federal Information Security Modernization Act of 
2014, Public Law 113-283, S. 2521, and NCUA's information security 
policies to protect the confidentiality, integrity, and availability of 
the

[[Page 43155]]

information system and the information contained therein. Access is 
limited only to individuals authorized through NIST-compliant Identity, 
Credential, and Access Management policies and procedures. The records 
are maintained behind a layered defensive posture consistent with all 
applicable Federal laws and regulations, including OMB Circular A-130 
and NIST Special Publication 800-37.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Pursuant to 5 U.S.C. 552a(j)(2), this system of records is exempt 
from subsections (c)(3) and (4), (d), (e)(1), (e)(2), (e)(3), 
(e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8), (f) and (g) of the 
Act. This exemption applies to information in the system that relates 
to criminal law enforcement and meets the criteria of the (j)(2) 
exemption. Pursuant to 5 U.S.C. 552a(k)(2), to the extent that the 
system contains investigative material compiled for law enforcement 
purposes, other than material within the scope of subsection (j)(2), 
this system of records is exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), 
(e)(4)(G), (H), and (I), and (f). The exemption rule is contained in 12 
CFR 792.66 of the NCUA regulations.

HISTORY:
    This SORN was published originally as NCUA-20, ``Investigation 
Files,'' at 53 FR 37372 (Sept. 26, 1988); renamed to ``Office of 
Inspector General Investigative Records'' at 60 FR 18149 (April 10, 
1995); and renumbered as NCUA-11 at 65 FR 3486 (Feb. 20, 2000). 
Subsequent modifications were published at 71 FR 77807 (Dec. 27, 2006) 
and 75 FR 41539 (July 16, 2010).

[FR Doc. 2023-14274 Filed 7-5-23; 8:45 am]
BILLING CODE 7535-01-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.