SUPPORTING STATEMENT
PROCEDURES FOR MONITORING BANK PROTECTION ACT COMPLIANCE
(OMB No. 3064‑0095)
INTRODUCTION
The FDIC is requesting OMB approval of a three‑year revision of the collection of information entitled “Procedures for Monitoring Bank Protection Act Compliance” (OMB No. 3064-0095). The FDIC intends to incorporate the Paperwork Reduction Act (PRA) burden estimate from the collection of information entitled “Procedures for Monitoring Bank Secrecy Act Compliance” (OMB No. 3064-0087). Upon approval of this revision, the FDIC will discontinue OMB No. 3064-0087.
This collection is imposed on insured non-member banks by 12 CFR Part 326, subpart A and 12 C.F.R. § 326.8. The current clearance for this collection expires on May 31, 2025; the current clearance for OMB No. 3064-0087 is October 31, 2026.
A. JUSTIFICATION
Circumstances that make the collection necessary:
The Bank Protection Act of 1968 (12 USC 1881‑1884) requires each Federal supervisory agency to promulgate rules establishing minimum standards for security devices and procedures to discourage financial crime and to assist in the identification of persons who commit such crimes.
To avoid the necessity of constantly updating a technology‑based regulation, the FDIC takes a flexible approach to implementing this statute. It requires each insured non-member bank to designate a security officer who will administer a written security program. The security program shall: (1) establish procedures for opening and closing for business and for safekeeping valuables; (2) establish procedures that will assist in identifying persons committing crimes against the bank; (3) provide for initial and periodic training of employees in their responsibilities under the security program; and (4) provide for selecting, testing, operating and maintaining security devices as prescribed in the regulation. In addition, the FDIC requires the security officer to report at least annually to the bank's board of directors on the effectiveness of the security program.
Section 8(s) of the Federal Deposit Insurance Act (12 U.S.C. § 1818(s)), the FDIC’s 12 C.F.R. § 326.8(b) (1) and (c), require all insured nonmember banks to establish and maintain procedures designed to assure and monitor their compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311 et seq.) and the Treasury’s implementing regulations at 31 C.F.R. Chapter X.
An institution's compliance program must be reduced to writing, approved by the institution's board of directors and noted in the minutes of the board meeting. The compliance program must consist of a system of internal controls to assure ongoing compliance and provide for independent testing for compliance to be conducted by bank personnel or by an outside party. The bank must also designate an individual or individuals responsible for compliance, and provide for the training of appropriate personnel.
2. Use of Information Collected:
The information is used by FDIC bank examiners to assure that insured nonmember banks comply with 12 CFR 326 and 12 CFR 326.8, which implements the Bank Protection Act of 1968 (BPA), and the Bank Secrecy Act (BSA), respectively.
3. Consideration of the use of improved information technology:
The FDIC has created an interactive Website, FDICconnect, between FDIC insured institutions and the FDIC. All PRA collections are reviewed to determine if converting to electronic collection is cost beneficial. In this case, however, updates to the written security program and training materials are not required to be submitted to the FDIC. Institutions need only maintain the records for review during on-site examinations and, therefore, may use technology to the extent deemed feasible and appropriate to maintain and update the required documents.
4. Efforts to Identify Duplication:
The information is collected from insured non-member banks and does not duplicate information available within other government agencies nor in other FDIC collections.
5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:
The establishment of a written security program and developing training materials are one‑time requirements. Updating and maintaining the program and training materials should not involve more than a minimal burden. Further, all banks are subject to the same requirement to prepare and maintain written procedures as part of this program to assure and monitor compliance with the Bank Secrecy Act and the Treasury’s implementing regulations at 31 C.F.R. Chapter X. The burden in preparing and maintaining written security program is proportionate to the size and complexity of the bank’s operations.
6. Consequences of Less Frequent Collection:
Banks are expected to collect relevant information as frequently as is necessary to comply with the Bank Protection Act and the Bank Secrecy Act. Non-compliance with these requirements exposes banks to statutory penalties, fines and sanctions. Less frequent collection of this information would create a risk of inadequate security systems in insured non-member banks and hinder the agency’s ability to assess the safety and soundness of FDIC-supervised institutions.
7. Special circumstances necessitating collection inconsistent with 5 CFR Part 1320.5(d)(2):
None. The information is collected in a manner consistent with 5 CFR 1320.5(d)(2)
8. Consultation with Persons Outside the FDIC:
A 60-day notice seeking public comment on the FDIC’s renewal of the information collection was published on March 25, 2025 (90 FR 13600). No comments were received.
9. Payment or Gift to Respondents:
Not applicable.
Any Assurance of Confidentiality:
All information required by this recordkeeping is retained by the bank for review by FDIC bank examiners. The information will be kept private to the extent provided by law.
11. Justification for Questions of a Sensitive Nature:
No information of a sensitive nature is collected.
12. Estimate of Hour Burden Including Annualized Hourly Costs:
Summary of Estimated Annual Burden (OMB No. 3064-0095) |
|||||
Information Collection (IC) (Obligation to Respond) |
Type
of Burden |
Number of Respondents |
Number of Responses per Respondent |
Average Time per Response (HH:MM) |
Annual Burden (Hours) |
1.
Bank Protection Act Compliance Program – Implementation, |
Recordkeeping |
9 |
1 |
16:00 |
144 |
2.
Bank Protection Act Compliance Program – Ongoing, |
Recordkeeping |
2882 |
1 |
6:00 |
17,292 |
3.
Procedures for monitoring Bank Secrecy Act compliance –
Implementation, |
Recordkeeping |
9 |
1 |
32:00 |
288 |
4.
Procedures for monitoring Bank Secrecy Act compliance –
Ongoing, |
Recordkeeping |
2882 |
1 |
8:00 |
23,056 |
Total Annual Burden (Hours): |
40,780 |
||||
Source: FDIC. |
|||||
Summary of Hourly Burden Cost Estimate (OMB No. 3064-0095) |
|
||||||||
Information Collection (IC) (Obligation to Respond) |
Hourly
Weight |
Percentage
Shares of Hours Spent by and |
Estimated Hourly Compensation Rate |
|
|||||
|
|||||||||
Exec. & Mgr. ($146.13) |
Lawyer ($182.07) |
Compl. Ofc. ($77.07) |
IT ($110.91) |
Fin. Anlst. ($100.28) |
Clerical ($39.39) |
|
|||
|
|||||||||
1.
Bank Protection Act Compliance Program – Implementation, |
0.35 |
1 |
2 |
2 |
0 |
0 |
95 |
$44.06 |
|
2.
Bank Protection Act Compliance Program – Ongoing, |
42.40 |
1 |
2 |
2 |
0 |
0 |
95 |
$44.06 |
|
3.
Procedures for monitoring Bank Secrecy Act compliance –
Implementation, |
0.71 |
1 |
2 |
2 |
0 |
0 |
95 |
$44.06 |
|
4.
Procedures for monitoring Bank Secrecy Act compliance –
Ongoing, |
56.54 |
1 |
2 |
2 |
0 |
0 |
95 |
$44.06 |
|
Weighted Average Hourly Compensation Rate: |
$44.06 |
|
|||||||
Source: Bureau of Labor Statistics: 'National Industry-Specific Occupational Employment and Wage Estimates: Industry: Credit Intermediation and Related Activities (5221 And 5223 only)' (May 2023), Employer Cost of Employee Compensation (March 2023), and Employment Cost Index (March 2023 and September 2024). Standard Occupational Classification (SOC) Codes: Exec. And Mgr = 11-0000 Management Occupations; Lawyer = 23-0000 Legal Occupations; Compl. Ofc. = 13-1040 Compliance Officers; IT = 15-0000 Computer and Mathematical Occupations; Fin. Anlst. = 13-2051 Financial and Investment Analysts; Clerical = 43-0000 Office and Administrative Support Occupations. |
|
||||||||
|
|||||||||
|
|||||||||
|
|||||||||
Total Estimated Cost Burden (OMB No. 3064-0095) |
|||
Information Collection Request |
Annual Burden (Hours) |
Weighted Average Hourly Compensation Rate |
Annual Respondent Cost |
Procedures for Monitoring Bank Protection Act and Bank Secrecy Act Compliance |
40,780 |
$44.06 |
$1,796,767 |
Total Annual Respondent Cost: |
$1,796,767 |
||
Source: FDIC. |
|||
13. Capital, Start-up, Operating, and Maintenance Estimate of Start-up Costs to Respondents:
None.
14. Estimated Annual Cost to the Federal Government:
None.
15. Analysis of Change in Burden:
IC1 covers the implementation burden imposed by Part 326, subpart A and is only incurred by respondents who must develop a written security program to comply with the BPA. IC1 represents the burden previously contained in the ICs titled “Bank Protection Act Compliance Program – Small Institutions,” “Bank Protection Act Compliance – Medium Institutions,” and “Bank Protection Act Compliance – Large Institutions” from the 2022 ICR. The change in burden is explained by an estimated decline in respondents.
IC2 covers the ongoing burden imposed by Part 326, subpart A on all FDIC-supervised institutions who must continually maintain a BPA-compliant security program. IC2 represents the burden previously contained in the ICs titled “Bank Protection Act Compliance – Routine Revisions” and “Bank Protection Act Compliance – Significant Revisions” from the 2022 ICR. The decline in burden for IC2 is due to the decline in the number of FDIC-supervised institutions.
IC3 covers the implementation burden imposed by sections 326.8(b)(1) and (c) on FDIC-supervised IDIs. The information collections in the 2023 ICR (OMB No. 3064-0087) did not distinguish between implementation burden and ongoing burden and counted all FDIC-supervised IDIs as respondents, so there is no comparable burden estimate from the 2023 ICR.
IC4 covers ongoing burden imposed by sections 326.8(b)(1) and (c) on FDIC-supervised institutions. IC3 represents the burden previously contained in the ICs titled Procedures for Monitoring BSA Compliance Small Institutions,” “Procedures for Monitoring BSA Compliance Medium Institutions,” and “Procedures for Monitoring BSA Compliance Large Institutions” from the 2023 ICR. The decline in burden for IC4 is due to the decline in the number of FDIC-supervised institutions.
16. Information regarding collections whose results are planned to be published for statistical use:
The information is retained at the bank for review by FDIC examiners to verify compliance with regulatory requirements. No publication is made of the records.
17. Display of Expiration Date:
Not applicable.
18. Exceptions to Certification
None.
B. STATISTICAL METHODS
Not applicable.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Gofney, Rashida K. |
| File Modified | 0000-00-00 |
| File Created | 2025-05-28 |