Download: docx | pdf

PRIVACY OF CONSUMER FINANCIAL INFORMATION

(REGULATION P)

(OMB CONTROL NUMBER: 3170-0010)

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.

Regulation P implements the requirements of Gramm-Leach-Bliley Act (GLBA) to provide consumers with financial institutions’ privacy policies and practices, as well as describing when the consumer’s information may be shared with nonaffiliated third parties and provides a method for consumers to prevent disclosure of their information to non-affiliated third parties by “opting out” of that disclosure. Regulation P details the specifics of how GLBA should be implemented, which companies and situations this applies to, and the method of delivering the information to consumers.

Regulation P includes model forms that can be used to comply with the disclosure requirements of the GLBA and Regulation P, although use of the model forms is not required.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

Consumers use the privacy notice to determine whether they want personal information disclosed to third parties that are not affiliated with the institution. Further, consumers use the opt-out notice mechanism to advise the institution of their wishes regarding disclosure of their personal information. Institutions use the opt-out information to determine the wishes of their consumers and to act in accordance with their customers’ instructions.

The Bureau, the Federal Trade Commission (FTC), and the other Prudential Regulators all enforce against the requirements of Regulation P to ensure privacy notices are being mailed out and that consumers’ preferences are being followed with respect to opting out of information- sharing.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also, describe any consideration of using information technology to reduce burden.

The information collections are disclosures, filings from consumers, and internal institution records. Institutions are not prohibited from using any technology that facilitates consumer understanding and response, and that permits review, as appropriate, by examiners.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item A.2 above.

The collections of information are unique and cover the institution’s particular circumstances. No duplication exists with any other federal information collection or program.

5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.

The information collection requirements of the regulation do not impose any significant burden beyond that required by statute. Additionally, as directed by section 728 of the “Financial Services Regulatory Relief Act of 2006”¹, Section 1016.2 and Appendix A provide a model form for the disclosures, which may be used at the option of the financial institution. Use of the model form should minimize the burden of this collection. Further, in 2014, the Bureau issued a rule Published October 28, 2014², to allow financial institutions to use an alternative delivery method to provide annual privacy notices through posting the annual notices on their Web sites if they meet certain conditions. Use of the alternative delivery method should also minimize the burden of this collection.

6. Describe the consequence to federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

The information collection requirements closely follow the GLBA which requires institutions to provide an annual notice of their privacy policies and practices to their customers and to permit customers to opt-out of the disclosure of their personal information. There is no flexibility under the GLBA to collect the information less frequently.

7. Explain any special circumstances that would cause an information collection to be conducted in a manner:

• requiring respondents to report information to the agency more often than quarterly;

• requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;

• requiring respondents to submit more than an original and two copies of any document;

• requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;

• in connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;

• requiring the use of statistical data classification that has not been reviewed and approved by OMB;

• that includes a pledge of confidentially that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or

• requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentially to the extent permitted by law.

The collections of information in these rules are consistent with the applicable guidelines contained in 5 CFR 1320.5(d)(2).

8. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d), soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.

Consultation with representatives of those from whom information is to be obtained or those who must compile records should occur at least once every 3 years -- even if the collection-of-information activity is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.

In accordance with 5 CFR §1320.8(d)(1), the Bureau has published a notice in Federal Register that provides the public 60 calendar days to comment on the extension of reporting requirements contained within OMB Control No. 3170-0013.³ No comments were received.

Also, in accordance with 5 CFR §1320.5(a)(1)(iv), the Bureau has also published a notice in the Federal Register providing the public 30 days to comment on reporting requirements contained within this information collection request.⁴

9. Explain any decision to provide any payments or gifts to respondents, other than remuneration of contractors or grantees.

No payments or gifts are provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

Some recordkeeping requirements contain private information about credit applicants. Such information is protected by the Right to Financial Privacy Act, 12 U.S.C. 3401 et seq. There is no part Regulation B that mandates information collection by the Bureau, and this information is used exclusively to ensure compliance with ECOA and that creditors are not discriminating against applicants.

To the extent that information covered by a recordkeeping requirement is “confidential information” pursuant to 12 CFR 1070.2(f), the confidentiality provisions of the Bureau’s rules on Disclosure of Records and Information, 12 CFR Part 1070, would apply.

11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.

Regulation P requires institutions to ascertain whether consumers want to opt out of third-party information sharing, which can constitute a collection of sensitive information. This requirement is necessary to ensure consumers are given an option about what is done with their personal financial information and is used for consumers’ protection and privacy.

12. Provide estimates of the hour burden of the collection of information.

Collection of Information	All Bureau Respondents (DI and Non-DI)					CFPB Burden
	Number of Respondents	Frequency	Number of Responses	Response Time (Hours)	Annual Burden (Hours)	Annual Responses	Annual Burden Hours
Initial Notice 12 CFR 1016.4(a)	29,544	0.07125	2,105	14.5	30,523	1,055	15,298
Annual and Revised Notices and Opt-Out Notices 12 CFR 1016.5(d), 12 CFR 1016.7, and 1016.8	29,544	1	29,544	5.293	156,376	14,844	104,264
Consumer Opt-Out Notice 12 CFR 1016.7	433,216	1	433,216	0.25	108,304	433,216	108,304
Changes to Privacy Policies and Disclosures (Ongoing) 12 CFR 1016.8	29,544	0.0142	420	10	4,200	210	2,100
Creating Disclosure Documents	29,544	0.071080	2,100	3	6,300	1,050	3,150
Reviewing Internal GLBA Policies (Initial)	29,544	0.071080	2,100	20	42,000	1,050	21,000
Reviewing Internal GLBA Policies (Ongoing)	29,544	0.99512591	29,400	4	117,600	14,700	58,800
TOTAL	462,7605		498,885		465,298	466,125	312,916

For Paperwork Reduction Act (PRA) burden calculation purposes, the Bureau assumes all burden for depository institutions with more than $10 billion in assets as well as their affiliates, for which Bureau has primary enforcement authority with respect to regulation P. Additionally, the Bureau and FTC share enforcement authority for those non-depository institutions subject to the Bureau’s regulation P.

Associated Labor Costs: $13,355,255

The Bureau used an overall hourly average wage of $42.68 for the burden associated with these information collections, which multiplied by the Bureau burden hours amounts to $13,355,255 in labor costs. Specifically, the Bureau estimates on average each hour requires 20% administration at $19.08/hour, 45% management at $44.71/hour, 20% senior management at $47.59/hour, and 15% legal at $61.54/hour.⁶

13. Provide an estimate of the total annual cost burden to respondents or record keepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14).

There are no additional materials costs for this regulation.

14. Provide estimates of the annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing, and support staff), any other expense that would not have been incurred without this collection of information. Agencies also may aggregate cost estimates from Items 12, 13, and 14 into a single table.

As the Bureau does not collect any information, there are no additional costs to the Federal Government.

15. Explain the reasons for any program changes or adjustments.

The Bureau is making no program changes to this information collection.

ICR Summary of Burden
	Requested	Program Change Due to New Statute	Program Change Due to Agency Discretion	Change Due to Adjustment in Agency Estimate	Previously Approved
Annual Number of Responses	466,125	0	0	0	466,125
Annual Time Burden (Hours)	312,916	0	0	0	312,916
Annual Cost Burden ($)	0	0	0	0	0

16. For collections of information whose results will be published, outline plans for tabulations, and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.

There are no plans to provide any publications based on the information collection of this regulation.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

The OMB control number and expiration date associated with this Paperwork Reduction Act (PRA) submission will be displayed on the Federal government’s electronic PRA docket at www.reginfo.gov, as well as on the relevant information collection instruments.

18. Explain each exception to the certification statement.

The Bureau certifies that this collection of information is consistent with the requirements of 5 CFR 1320.9, and the related provisions of 5 CFR 1320.8(b)(3) and is not seeking an exemption to these certification requirements.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Kulaev, Sergey (CFPB)
File Modified	0000-00-00
File Created	2022-08-19