Download: docx | pdf

U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT

Initial Privacy Assessment

2502-0005

FHA Lender Approval, Annual Renewal, Periodic Updates and Required Reports

By FHA Approved Lenders

Office of Housing

February 24, 2016

INITIAL PRIVACY ASSESSMENT (IPA)

The Initial Privacy Assessment (IPA) is use to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002. The IPA is also used to determine if a System of Records Notice (SORN) is required under the Privacy Act of 1974.

The IPA is an administrative form created by the Privacy Branch to efficiently and effectively identify the use of Personally Identifiable Information (PII) across the Department. The IPA focuses on three areas of inquiry:

• Business data and business processes within each HUD program.

• Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.

HUD’s program and support offices should ensure that its respective IPA is completed and sent to the Privacy Branch for approval. If SSNs are to be used, the IPA specifically identifies the justification and authority for using SSNs. Upon receipt of the IPA, the Privacy Branch determines the applicability of other privacy compliance requirements including the PIA and SORN. The IPA is complete when the Privacy Branch signs it and sends the final copy back to the identified point of contact.

Please complete this form and send it to the HUD Privacy Branch staff.

Janice Noble

Acting, Branch Chief

Privacy Branch

U.S. Department of Housing and Urban Development

[email protected]

If a PIA or SORN is required, a copy of the Privacy Impact Assessment and System of Records Notice form is available on the HUD Privacy Branch website, http://hudatwork.hud.gov/HUD/cio/po/i/privacy, on HUD@Work or directly from the HUD Privacy Branch via email: [email protected] to complete and return.

INITIAL PRIVACY ASSESSMENT (IPA) SUMMARY INFORMATION

Date Submitted for Review: February 24, 2016

Name of System or Project: OMB Control Number 2502-0005

System Name in CSAM: P278

Name of Program Office: Office of Housing

Name of Project Manager or System Owner: John Higgins

Email for Project Manager or System Owner: [email protected]

Phone Number for Project Manager or System Owner: 202-402-6730

Type of Project:

☒ Information Technology and/or System

☐ A Notice of Proposed Rule Making or a Final Rule:

☒ Form or other Information Collection:

☐ Other:

SPECIFIC QUESTIONS

1. Describe the project and its purpose:

The Federal Housing Administration (FHA) of the Department of Housing and Urban Development approves entities to participate as FHA-approved lenders (Title I Lender or Title II Mortgagee). Specific information must be obtained and reviewed to determine if an entity meets the criteria to obtain the requested approval. FHA requires subsequent information in order for entities to renew and maintain their approval, make periodic updates to their approval, submit required reports to FHA and submit requests to voluntarily terminate their FHA approval. Criteria for approval to become a Title I Lender and/or Title II Mortgagee, as well as requirements to maintain that approval, are specified in 24 CFR 202 and HUD Handbook 4000.1, which became effective on September 14, 2015.

FHA’s Online Application for Lender Approval allows prospective FHA lenders to submit required information and attachments for FHA’s review. All data and attachments are captured and stored in the Lender Electronic Assessment Portal (LEAP). The Online Application includes an initial lender certification, which consists of a number of statements to which the lender must certify indicating that they meet the approval eligibility criteria specified in 24 CFR 202 and HUD Handbook 4000.1. Each lender must also submit its annual online certification via LEAP. This annual certification consists of a number of statements to which the lender must certify indicating that they continue to meet the approval eligibility criteria specified in 24 CFR 202 and HUD Handbook 4000.1.

2. Status of Project:

☐ This is a new development effort.

☒ This is an existing project.

Date first developed: Prior to 1999

Date last updated: December 2014

Although this is an existing project, a new certification statement is proposed for addition to the Online Application for Lender Approval and the Annual Certification for FHA-approved lenders and mortgagees, which is completed using the Lender Electronic Assessment Portal (LEAP). The new statement reads as follows:

5. I certify that, to the best of my knowledge and after conducting a reasonable investigation, during the Certification Period or the 3-year period preceding the first day of the Certification Period, neither the Mortgagee nor any officer, partner, director, principal, manager, supervisor, loan processor, loan underwriter, or loan originator employed or retained by the Mortgagee:

(a) Was convicted of, indicted for, or otherwise criminally or civilly charged by a governmental entity (federal, state or local) with commission of fraud or a criminal offense in connection with obtaining, attempting to obtain, or performing a public transaction or contract under a public transaction;

(b) Was convicted of, indicted for, or otherwise criminally or civilly charged by a governmental entity with violation of federal or state antitrust statutes or commission of embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements, or receiving stolen property;

(c) Had one or more public transactions terminated for cause or default;

except for those occurrences, if any, that the Mortgagee reported to HUD and for which the Mortgagee received explicit clearance from HUD to continue with the certification process.

Other language revisions to the certification statements in the Online Application for Lender Approval and the Annual Certification for FHA-approved lenders and mortgagees are detailed in documents submitted to OMB. These are technical in nature, including renumbering of statements, minor language changes for clarity and consistency between certification versions, and the removal of ambiguous terms that are not captured in requirements or other well-defined terms found in HUD Handbook 4000.1.

See also the IPA submitted and approved for the Lender Electronic Assessment Portal (LEAP-P278) on March 20, 2014 for changes implemented at that time.

3. From whom do you collect, process, or retain information on:

☐ HUD Employees

☐ Contractors working on behalf of HUD

☒ The Public

☐ The System does not contain any such information.

3. Do you use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs)

☐ No.

☒ Yes. Why does the program collect SSNs? Provide the function of the SSN and the legal authority to do so:

The system will collect and store name, addresses and SSN for key principals of HUD's lending business partners. Credit and background investigations are conducted which may result in the collection of PII. Resumes may be obtained. Authorization for collecting this data can be found in Title I and Title II of the National Housing Act; 12 U.S.C. 1703, 1709 and 1751b; 42 U.S.C. 1436(a) and 3535(d).

3. What information about individuals could be collected, generated or retained?

Name, address, employment history, Social Security Number, credit reports for individuals who have designated leadership roles are firms that are HUD’s business partners; Tax Identification Number and bank account numbers for firms that are HUD’s business partners.

31 U.S.C. § 7701, the Debt Collection Improvement Act of 1986, authorizes “the head of an agency administering an included Federal loan program” to collect taxpayer identifying numbers for “a lender or servicer in a Federal guaranteed or insured loan program administered by the agency.” Executive Order 9397, as amended by E.O. 13478, also authorizes federal departments and agencies to Social Security Numbers “as a system to organize and identify individual persons.”

6. If this project is a technology/system, does it relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?

☒ No. Please continue to the next question.

☐ Yes. Is there a log kept of communication traffic?

☐No. Please continue to the next question.

☐ Yes. What type of data is recorded in the log? (Please choose all that apply.)

☐ Header

☐ Payload Please describe the data that is logged.

6. Does the system connect, receive, or share Personally Identifiable Information with any other HUD systems?

☐ No.

☒ Yes. Please list the systems:

• GSC — Al5

• SFIS — A43

• CLAIMS — A43C

• SFNW — A8OW

• SFPCS-P — A80B

• SFPCS-U — A8OR

• SAMS — A8OS

• SFDW D64A

• CHUMS — F17

• FHA Connection — F17C

• SFDMS — F42D

• ARRTS — F51A

• CAIVRS — F57

• Title I Insurance and Claims — F72

• FHASL — P013

• NTHI-IQ — P16 (the Lender List functionality on the HUD.GOV portal)

Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)? No.

6. Does the system meet all of the following requirements?

There will be a group of records under the control of an agency that contains a personal identifier (such as a name, date of birth, SSN, Employee Number, fingerprint, etc.) of U.S. citizens and lawful permanent residents;

Contains at least one other item of personal data (such as home address, performance rating, blood type, etc.); and

The data about the subject individual IS retrieved by the name or unique identifier assigned to the individual.

☐ No.

☒ Yes.

If yes is there an existing System of Record Notice?

☐ No.

☒ Yes.

9. Is there an Authorization to Operate record within OCIO’s FISMA tracking system CSAM?

☐ Unknown

☐ No

☒ Yes. Please indicate the determinations for each of the following:

Confidentiality: ☐ Low ☒ Moderate ☐ High

Integrity: ☐ Low ☒ Moderate ☐ High

Availability: ☐ Low ☒ Moderate ☐ High

PRIVACY DETERMINATION

(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)

Date reviewed by the HUD Privacy Branch: <Insert Date.>

Name of the HUD Privacy Branch Reviewer: <Please enter name of reviewer.>

DESIGNATION

☐ This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable Information.

☐ This IS a Privacy Sensitive System

Category of System

☐ IT System

☐ Legacy System

☐ HR System

☐ Rule

☐ Other: ____________________________

Determination

☐ IPA sufficient at this time

☐ Privacy compliance documentation determination in progress

☐ PIA is not required at this time

☐ PIA is required

☐ System covered by existing PIA:

☐ New PIA is required

☐ PIA update is required

☐ SORN not required at this time

☐ SORN is required

☐ System covered by existing SORN:

☐ New SORN is required

HUD PRIVACY BRANCH COMMENTS:

DOCUMENT ENDORSMENT

DATE REVIEWED:

PRIVACY REVIEWING OFFICIALS NAME:

By signing below you attest that the content captured in this document is accurate and complete and meet the requirements of applicable federal regulations and HUD internal policies.

SYSTEM OWNER << INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
PROGRAM AREA MANAGER <<INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
CHIEF PRIVACY OFFICER <<INSERT NAME/TITLE>>		Date
OFFICE OF THE EXECUTIVE SECRETARIAT

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	h04105
File Modified	0000-00-00
File Created	2021-01-23