GLBA Final Rule Dodd-Frank SupportingStatement Final update (12-2011)(2) (3)

GLBA Final Rule Dodd-Frank SupportingStatement Final update (12-2011)(2) (3).docx

Privacy of Consumer Financial Information

OMB: 3038-0055

Document [docx]
Download: docx | pdf

SUPPORTING STATEMENT FOR NEW AND REVISED INFORMATION COLLECTIONS


Privacy of Consumer Financial Information


OMB CONTROL NUMBER -3038 -0055


Justification


1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.


Section 124 of the Commodity Futures Modernization Act of 2000 (“CFMA”) amended the Commodity Exchange Act (the “Act”) and added a new Section 5g to the Act to make the Commission a Federal functional regulator for purposes of applying the provisions of Title V, Subtitle A of the Gramm-Leach-Bliley Act (“GLB Act”) addressing consumer privacy to futures commission merchant (“FCM”), commodity trading advisor (“CTA”), commodity pool operator (“CPO”) or introducing broker (“IB”) that is subject to the Commission’s jurisdiction with respect to any financial activity. In general, Title V requires financial institutions to provide notice to consumers about the institution’s privacy policies and practices, to restrict the ability of a financial institution to share nonpublic personal information about consumers to nonaffiliated third parties, and to permit consumers to prevent the institution from disclosing nonpublic personal information about them to certain non-affiliated third parties by “opting out” of that disclosure. Part 160 of the Commission’s regulations implement the mandates of Section 124 and Title V of the GLB Act.


The passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), Pub. L. No. 111-203, 124 Stat. 1376 (2010), broadened the Commission’s regulatory authority under the GLB Act to cover two new entities: swap dealers and major swap participants. Specifically, amendments to the GLB Act found in section 1093 of the Dodd-Frank Act, reaffirmed the Commission’s authority to promulgate regulations to require entities that are subject to the Commission’s jurisdiction to provide certain privacy protections for consumer financial information.


The Commission’s privacy rules—Part 160—require those subject to the regulations to adopt appropriate policies and procedures to safeguard customer records and information, by providing initial and annual privacy notices to customers, and by providing opt-out provisions to the extent that those subject to the regulations wish to share such records and information with non-affiliates. Accordingly, in compliance with the Dodd-Frank Act’s mandate to add swap dealers and major swap participants to the Commission’s regulatory authority, this collection has been amended to reflect the registration of these entities. Adding these entities will increase the burden hours accordingly.


2. Indicate how, by whom, and for what purpose the date would be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.


The financial institutions covered by these regulations must prepare and provide the initial privacy notice to all current and all new customers at the time of establishing a customer relationship. Subsequently, an annual notice must be provided to all customers at least once during a 12–month period during the continuation of the customer relationship. The initial notice and opt out notice must be provided to a consumer prior to disclosing nonpublic personal information to certain nonaffiliated third parties.


3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g. permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.


The required privacy notices may be distributed to consumers electronically upon the consumer’s consent. Therefore, a financial institution may reasonably expect that a customer who uses the institution’s website to obtain financial products and services will receive actual notice of the annual privacy notice if the customer has agreed to accept notices at the institution’s website and the institution continuously posts a current notice of its privacy policies and practices in a clear and conspicuous manner on the website. In addition, the regulations provide that an institution may provide an electronic mail address as a reasonable means for the consumer to opt out of the institutions’ information sharing practices with non-affiliated third parties.


4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item 2 above.


The type of information required to be collected under the regulation is not currently collected nor is the information available for public disclosure through any other source.


5. If the collection of information involves small business or other small entities (Item 5 of OMB From 83-I), describe the methods used to minimize burden.


The requirements of these regulations are mandated by the GLB Act and the CFMA and, therefore, the Commission does not grant any exceptions to small entities from the requirements at this time. The regulations provide substantial flexibility, however, that financial institutions may tailor their practices to their individual needs, such as financial institutions providing joint notices if the notice applies to all institutions covered by the notice.


6. Describe the consequence to the Federal Program or policy activities if the collection were conducted less frequently as well as any technical or legal obstacles to reducing burden.


The GLB Act mandates that initial and annual privacy notices must be provided by financial institutions to consumers with whom the financial institution has a customer relationship.


7. Explain any special circumstances that require the collection to be conducted in a manner:


- requiring respondents to report information to the agency more often than quarterly;


Notices required by these proposed regulations are not required to be submitted to the Commission.


- requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it:


This does not apply.


- requiring respondents to submit more that an original and two copies of any document;


This does not apply.


- requiring respondents to retain records other than health, medical, government contract, grant-in-aid, or tax records, for more than three years;


Financial institutions are required to retain information regarding a consumer’s decision to opt out after the financial institution’s customer relationship with the financial institution terminates.


- in connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;


The proposed regulations do not involve a statistical survey.


- requiring the use of a statistical data classification that has not been reviewed and approved by OMB;


The proposed regulations do not involve the use of statistical data.


- that includes a pledge of confidentiality that is not supported by authority established in statue or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or


This does not apply.


- requiring respondents to submit proprietary trade secrets, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentiality to the extent permitted by law.


This does not apply.


8. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice required by 5 C.F.R. 1320.8(d), soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.


A copy of the proposed rule has been submitted to the Federal Register for publication and public comment. The proposed rule was published in the Federal Register on October 27, 2010 ‑‑ 75 FR 66014.


Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping disclosure, or reporting format (if any, and on the data elements to be recorded, disclosed, or reported.


The Commission consulted the National Futures Association when the Part 160 regulations were initially published to determine the availability of data, frequency of collection and the clarity of instructions and recordkeeping disclosure and on the data elements to be recorded, disclosed, or reported.


In response to the Commission’s request in the notice of proposed rulemaking for comments on any potential paperwork burden associated with this regulation, only one commenter provided a substantive comment addressing the merits of the Commission’s proposed PRA calculations. In particular, SIFMA proposed that the burden estimate should be refined to reflect anticipated additional burden hours associated with monitoring the privacy and opt-out notice process, addressing consumer issues, and adjusting records to comport with consumer requests.


Based on this comment, the Commission estimates that the approximately 300 SDs and MSPs may incur additional burden hours. Consequently, it is anticipated the 300 SDs and MSPs may incur an additional aggregate of 1440 burden hours than what was stated in the Proposal, monitoring an average of 20 notices per year, with an average monitoring time of .24 hours per notice.


Consultation with representatives of those from whom information is to be obtained or those who must compile records should occur at least once every three years—even if the collection of information activity is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.


This question does not apply.


9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.

This question does not apply.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulations, or agency policy.

In general, the Commission provides assurances of confidentiality as provided by the Commission’s Freedom of Information Act regulations found at 17 CFR Part 145. The Commission has not, however, provided assurances to respondents with respect to the proposed regulations.


11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.


The proposed regulations do not require the giving of sensitive information, as that term is used in Question 11.


12. Provide estimates of the hour burden of the collection of information. The Statement should:


- Indicate the number of respondents, frequency of response, annual hour burden and an explanation of how the burden was estimated. Unless directed to do so, agencies should not conduct special surveys to obtain information on which to base hour burden estimates. Consultation with a sample (fewer than ten) of potential respondents is desirable. If the hour burden on respondents is expected to vary widely because of differences in activity, size or complexity, show the range of estimated hour burden, and explain the reasons for the variance. Generally, estimates should not include burden hours for customary and usual business practices.


- If the request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burdens in Item 13 of OMB Form 83-I.


- Provide estimates of annualized cost to respondents for the hours burdens for collections of information, identifying and using appropriate wage rate categories. The cost of contracting our or paying outside parties for information collection activities should not be included here. Instead, this cost should be included in Item 13.


See Attachment A.


13. Provide an estimate of the total annual cost burden to respondents or recordkeepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14).


- The cost estimate should be split into two components; (a) a total capital and start-up cost component (annualized over its expected useful life) and (b) a total operation and maintenance and purchase of services component. The estimates should take into account costs associated with generating, maintaining, and disclosing or providing the information. Include descriptions of methods used to estimate major costs factors including system and technology acquisition, expected useful life of capital equipment, the discount rate(s), and the time period over which costs will be incurred. Capital and start-up costs include, among other items, preparations for collecting information such as purchasing computers and software, monitoring, sampling, drilling and testing equipment, and record storage facilities.


- If cost estimates are expected to vary widely, agencies should present ranges of cost burdens and explain the reasons for the variance. The cost of purchasing or contracting out information collection services should be a part of this cost burden estimate, agencies may consult with a sample of respondents (fewer than ten), utilize the 60-day pre-OMB submission public comment process and use existing economic or regulatory impact analysis associated with the rulemaking containing the information collection, as appropriate.


- Generally, estimates should not include purchases of equipment or services, or portions thereof, made: (1) prior to October 1, 1995, (2) to achieve regulatory compliance with requirements not associated with the information collection, (3) for reasons other than to provide information or keep records for the government or (4) as part of customary and usual business or private practices.


The proposed regulations covered by this collection require no new start-up or operations and maintenance costs.


14. Provide estimates of the annualized costs to the Federal Government. Also provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing and support staff), and any other expense that would not have been incurred without this collection of information. Agencies may also aggregate cost estimates from Items 12, 13, and 14 in a single table.


Financial institutions are not required to provide copies of privacy notices to the Commission, and the Commission is not required to review each institution’s privacy policies. Consequently, the annualized cost to the Commission should be minimal, except in cases where the Commission initiates an enforcement proceeding against an institution for non-compliance with the rule.


15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.


The passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), Pub. L. No. 111-203, 124 Stat. 1376 (2010), broadened the Commission’s regulatory authority under the GLB Act to cover two new entities: swap dealers and major swap participants. Specifically, amendments to the GLB Act found in section 1093 of the Dodd-Frank Act, reaffirmed the Commission’s authority to promulgate regulations to require entities that are subject to the Commission’s jurisdiction to provide certain privacy protections for consumer financial information.


16. For collection of information whose results are planned to be published for statistical use, outline plans for tabulation, statistical analysis, and publication. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.


This question does not apply.


17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

This question does not apply.


18. Explain each exception to the certification statement identified in Item 19, "Certification for Paperwork Reduction Act Submissions," of OMB Form 83-I.


This question does not apply.


Attachment A




Part 160

Privacy of Consumer Financial Information



Estimated # of Responses to be Provided

Reports Annually by Each Respondent

Total Annual Responses

Estimated Average Number of Hours Per Response

Estimated Total Number of Hours of Annual Burden in a Fiscal Year

300 (annually)

20

6,000

.24

1,440



364,135*



Total: 300

20

370,135


1,440**




* This number reflects the previously approved number of responses for the collection approved by OMB. With the addition of approximately 300 swap dealers and major swap participants who would be required to provide notices under Part 160 on an initial and then on an annual basis, this number will increase to approximately 370,135. However, the total responses will likely change once additional data is received regarding the actual number of accounts associated with swap dealers and major swap participants.



**As a result of public comments to the Proposal, this number should be increased by an additional aggregate of 1440 burden hours to reflect monitoring an average of 20 notices per year by the 300 SDs and MSPs, with an average monitoring time of .24 hours per notice.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File Titledomestic options paperwork red. act [WP]
Authorcftc
File Modified0000-00-00
File Created2021-01-31

© 2024 OMB.report | Privacy Policy