Disclosure of Records and Information

Federal Register, Volume 78 Issue 32 (Friday, February 15, 2013)

Federal Register Volume 78, Number 32 (Friday, February 15, 2013)

Rules and Regulations

Pages 11483-11520

From the Federal Register Online via the Government Printing Office www.gpo.gov

FR Doc No: 2013-01737

Page 11483

Vol. 78

Friday,

No. 32

February 15, 2013

Part V

Bureau of Consumer Financial Protection

-----------------------------------------------------------------------

12 CFR Part 1070

Disclosure of Records and Information; Final Rule

Page 11484

-----------------------------------------------------------------------

BUREAU OF CONSUMER FINANCIAL PROTECTION

12 CFR Part 1070

Docket No. CFPB-2011-0003

RIN 3170-AA01

Disclosure of Records and Information

AGENCY: Bureau of Consumer Financial Protection.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This final rule establishes procedures for the public to obtain information from the Bureau of Consumer Financial Protection, under the Freedom of Information Act, the Privacy Act of 1974, and in legal proceedings. This final rule also establishes the Bureau's rule regarding the confidential treatment of information obtained from persons in connection with the exercise of its authorities under Federal consumer financial law.

DATES: This final rule is effective March 18, 2013.

FOR FURTHER INFORMATION CONTACT: Monica Jackson, Office of the Executive Secretary, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552, 202-435-7275.

SUPPLEMENTARY INFORMATION:

1. Background

   On July 21, 2010, the President signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203, codified at 12 U.S.C. 5301 et seq.) (the Dodd-Frank Act). Title X of the Dodd-Frank Act created the Bureau of Consumer Financial Protection (the Bureau or the CFPB). Pursuant to the provisions of the Dodd-Frank Act, the Bureau began to exercise its authority to regulate the offering and provision of consumer financial products and services under Federal consumer financial law on July 21, 2011.\1\

   ---------------------------------------------------------------------------

   \1\ Pursuant to section 1062 of the Dodd-Frank Act, 12 U.S.C. 5582, the Secretary of the Treasury designated July 21, 2011 as the ``transfer date'' on which various provisions of Title X of the Dodd-Frank Act became effective. 75 FR 57252.

   ---------------------------------------------------------------------------

   In order to establish procedures to facilitate public interaction with the Bureau, the Bureau published an interim final rule on July 28, 2011, 76 FR 45371 (Jul. 28, 2011), and solicited public comment on that rule. The Bureau is issuing this final rule in response to these comments as well as to clarify and correct certain aspects of the interim final rule.

2. Summary of the Final Rule

   The final rule consists of five subparts.

   Subpart A of the final rule consists largely of definitions of terms that are used throughout the remainder of the part.

   Subpart B of the final rule implements the Freedom of Information Act, 5 U.S.C. 552 (the FOIA). The FOIA grants the public an enforceable right to obtain access to or copies of Federal agency records unless disclosure of those records, or information contained within them, is exempt from disclosure pursuant to one or more statutory exemptions and exclusions. The FOIA also requires Federal agencies to routinely publish in the Federal Register, or make available to the public, certain information concerning their organizational structures, policies and procedures, final opinions and orders, and records that have or are likely to become the objects of frequent FOIA requests. The regulations in this subpart implement the FOIA as required or authorized by various provisions of the statute.

   The Bureau modeled its FOIA rule upon regulations promulgated by the other Federal agencies, including the U.S. Department of the Treasury. In drafting the rule, the Bureau sought the input of the Department of Justice and the National Archives and Records Administration's Office of Government Information Services, which is responsible for promoting best practices among Federal agencies as to their FOIA regulations and practices.

   Subpart C of the final rule sets forth procedures for serving the Bureau and its employees with copies of documents in connection with legal proceedings, such as summonses, complaints, subpoenas, and other litigation-related requests or demands for the Bureau's records or official information. Subpart C also describes the Bureau's procedures for considering such requests or demands for official information. These regulations (which are sometimes referred to as Touhy regulations) are modeled after similar regulations of other Federal agencies.

   Subpart D of the rule pertains to the protection and disclosure of confidential information that the Bureau generates and receives during the course of its work. Various provisions of the Dodd-Frank Act require the Bureau to promulgate regulations providing for the confidentiality of certain types of information and protecting such information from public disclosure. Other provisions of the Dodd-Frank Act, however, require or authorize the Bureau to share information, under certain circumstances, with other Federal and State agencies to the extent that they share jurisdiction with the Bureau as to the supervision of financial institutions, the enforcement of consumer financial protection laws, or the investigation and resolution of consumer complaints regarding financial institutions or consumer financial products and services. In implementing these provisions, the Bureau has sought to provide the maximum protection for confidential information, while ensuring its ability to share or disclose information to the extent necessary to achieve its mission.

   The Bureau recognizes that much of the information that it will generate and obtain during the course of its activities will be commercially, competitively, and personally sensitive in nature, and generally warrants heightened protection. The need for greater protection for these categories of information is reflected in the substantive law of privilege and in various statutes, including the FOIA and the Privacy Act of 1974, 5 U.S.C. 552a (the Privacy Act), that provide for the protection of such information from disclosure.

   Notwithstanding these concerns, there are instances in which the disclosure of confidential information will be necessary or appropriate for the Bureau to accomplish its statutory mission, such as the investigation and resolution of consumer complaints or the enforcement of Federal consumer financial laws. Disclosures may also serve the public interest where Federal and State agencies share elements of the Bureau's mission and where, by sharing information, they can do their jobs more effectively.

   The regulations in subpart D balance these competing concerns by generally prohibiting the Bureau and its employees from disclosing confidential information to non-employees, and even in certain cases to its employees, except in limited circumstances. Even where the Bureau permits disclosures of confidential information, the Bureau imposes strict limits upon the further use and dissemination of disclosed information.

   Where appropriate, the Bureau has based the regulations in this subpart upon regulations of the other Federal financial regulatory agencies that provide for the confidentiality and disclosure of certain information generated or received in the course of supervising, investigating, or pursuing enforcement actions against financial institutions.

   Page 11485

   Subpart E contains the Bureau's rule implementing the Privacy Act. The Privacy Act serves to balance the government's need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy stemming from Federal agencies' collection, maintenance, use, and disclosure of personal information about them.

   The regulations in this subpart establish procedures by which members of the public may request access to information or records that the Bureau maintains about them, request amendment or correction of such information or records, and request an accounting of disclosures of their records by the Bureau. As with its FOIA regulations, the Bureau modeled its Privacy Act regulations upon regulations promulgated by the other Federal agencies, including the Treasury Department.

3. Overview of Comments Received

   In response to the interim final rule, the Bureau received thirteen comment letters. Seven of these comment letters were submitted on behalf of financial institution trade associations. Three letters were submitted on behalf of individual financial institutions and two letters were submitted on behalf of public interest groups. The Bureau also received one comment letter from an individual that did not pertain to the interim final rule.

   Public interest groups, along with some of the financial services trade associations, wrote comments regarding subpart B of the Bureau's interim final rule, which implements the FOIA. Public interest group commenters propose minor modifications to the rule to facilitate public access to Bureau records. Several trade association commenters ask the Bureau to impose limitations on a rule that permits the Bureau to exercise its discretion to disclose information and records that are otherwise subject to FOIA exemptions.

   Most of the comments that the Bureau received from both financial services trade associations and financial institutions concern subpart D of the interim final rule. Commenters express concerns as to whether and to what extent the Dodd-Frank Act authorizes the Bureau to promulgate regulations that permit it to disclose confidential information that it obtains from covered persons and service providers. They also argue that subpart D is too permissive in its criteria for disclosing such confidential information to other agencies, and in particular, to State attorneys general. The commenters propose that the Bureau adopt stricter criteria that certain other Federal financial regulatory agencies apply when determining whether to share confidential information.

   The Bureau received no comments regarding subpart E of the interim final rule.

   The Bureau also received one public comment that pertains to the Bureau's general authority to promulgate the interim final rule. Rather than address this comment in Section IV, it does so here.

   The commenter argues that section 1066 of the Dodd-Frank Act did not authorize the Bureau to promulgate this interim final rule prior to the appointment of a director, at a time when, pursuant to section 1066 of the Dodd-Frank Act, the Treasury Secretary performed functions of the Bureau pending such an appointment.\2\ The commenter argues that even if the Treasury Secretary had general authority to do so, pursuant to 31 U.S.C. 321(b)(1), the Secretary was bound to promulgate a rule that was entirely consistent with corresponding rules of the other prudential regulators.

   ---------------------------------------------------------------------------

   \2\ 12 U.S.C. 5586.

   ---------------------------------------------------------------------------

   This comment is moot insofar as the President has appointed a director of the Bureau who has authority to issue the rule pursuant to the statutes listed in Sec. 1070.1 of this rule. Moreover, prior to this appointment, the Secretary of the Treasury had ample authority to issue the interim final rule under section 1066 of the Dodd-Frank Act as well as 31 U.S.C. 321. The Secretary was not obligated, when exercising such authority, to issue regulations related to confidential information that were identical to those issued by the prudential regulators.

   In section IV below, the Bureau provides a section-by-section summary of the other comments it received to the interim final rule and the Bureau's responses to these comments.

4. Section-by-Section Analysis

   Subpart A--General Provisions and Definitions

   Section 1070.01 Authority, Purpose, and Scope

   Section 1070.1 of the interim final rule sets forth the Bureau's authorities for issuing the rule in this part, including provisions of the Dodd-Frank Act that require or authorize the Bureau to disclose, share, or maintain the confidentiality of certain information that the Bureau obtains from others or generates itself. Section 1070.1 also identifies the various purposes of the rule. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.2 General Definitions

   Section 1070.2 defines terms that are utilized elsewhere in part 1070 of the rule. For example, Sec. 1070.2(e) of the interim final rule defines the term ``civil investigative demand material'' to encompass all types of materials provided to the Bureau in response to a civil investigative demand that the Bureau issues in accordance with section 1052 of the Dodd-Frank Act. The definition of this term also includes materials that a person provides to the Bureau voluntarily or in lieu of receiving a civil investigative demand.

   Section 1070.2(f) defines the term ``confidential information.'' Confidential information refers to three categories of non-public information--confidential consumer complaint information, confidential investigative information, and confidential supervisory information--

   that the Bureau, in subpart D, protects from various types of disclosure in accordance with the Dodd-Frank Act and other laws. The term also includes other Bureau information that is exempt from disclosure pursuant to one or more of the statutory exemptions to the FOIA.

   Section 1070.2(g) defines ``confidential consumer complaint information'' to mean information that the Bureau receives from the public or from other agencies or organizations, or which the Bureau generates through its own efforts pursuant to sections 1013 and 1034 of the Dodd-Frank Act, that comprises or documents consumer complaints or inquiries concerning financial institutions or consumer financial products and services. The term includes information, such as personally identifiable information, that is protected from public disclosure under the FOIA.

   Section 1070.2(h) defines ``confidential investigative information'' to include all manner of materials received, generated, or compiled by the Bureau in the course of its investigative activities, including materials received through the issuance of civil investigative demands. It also includes confidential supervisory information and confidential consumer complaint information to the extent that such materials serve as a basis for or are utilized for purposes of an investigation. Lastly, the term includes materials that other Federal and State agencies provide to the Bureau or create for its use in

   Page 11486

   investigating a possible violation of Federal consumer financial law.

   Section 1070.2(i) defines ``confidential supervisory information'' to include various materials that the Bureau generates or receives that relate to the examination of financial institutions. These materials include, first, examination, inspection, visitation, operating, condition, and compliance reports, and any information contained in, relating to, or derived from such reports. Second, the term includes documentary materials, including reports of examination, which the Bureau prepares or that are prepared by others for use by the Bureau in exercising its supervisory authority over financial institutions, as well as information derived from such documentary materials. Third, the term includes the Bureau's communications with financial institutions and agencies to the extent that such communications relate to the exercise of the Bureau's supervisory authority over financial institutions. Fourth, confidential supervisory information includes information that financial institutions provide to the Bureau to help it to evaluate the risks associated with consumer financial products and services and whether institutions should be deemed ``covered persons,'' as that term is defined by section 1002(6) of the Dodd-Frank Act. Finally, the term includes other supervision-related information that is also exempt from public disclosure under the FOIA pursuant to 5 U.S.C. 552(b)(8).

   The Bureau received no comments on the interim final rule. In the final rule, the Bureau adds a definition of the term ``State'' that incorporates the definition of that term set forth in section 1002(27) of the Dodd-Frank Act and which clarifies that the term also includes all political subdivisions of States. Furthermore, the Bureau modifies the definition of the term ``confidential supervisory information'' to clarify that it includes information provided to the CFPB by a financial institution to assess whether an institution is subject to the Bureau's supervisory authorities. The Bureau also modifies the definition of the term ``supervised financial institution'' to clarify that this term includes financial institutions that both are presently and may become subject to the Bureau's supervisory authority.

   Section 1070.3 Custodian of Records; Certification; Alternative Authority

   Section 1070.3 of the interim final rule designates the Chief Operating Officer of the Bureau to be the custodians of all Bureau records. Acting in this capacity, the Chief Operating Officer may certify the authenticity of any Bureau record or any copy of such record. The Chief Operating Officer may delegate his or her responsibilities as record custodian to other Bureau employees. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.4 Records of the CFPB Not To Be Otherwise Disclosed

   Section 1070.4 of the interim final rule states that except as provided in this part, employees or former employees of the Bureau, or others in possession of a record of the Bureau that the Bureau has not already made public, are prohibited from disclosing such records, without authorization, to any person who is not an employee of the Bureau. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Subpart B--Freedom of Information Act

   Section 1070.10 General

   Section 1070.10 introduces subpart B as consisting of regulations that implement the FOIA by setting forth procedures for requesting access to Bureau records. The rule also instructs the public to read subpart B together with the FOIA, the 1987 Office of Management and Budget Guidelines for FOIA Fees, the Bureau's Privacy Act regulations set forth in subpart E, and the FOIA page on the Bureau's Web site, http://www.consumerfinance.gov, because such materials offer important guidance on the topics that subpart B governs.

   A trade association commenter argues that the Bureau should amend Sec. 1070.10 to delete the phrase ``these regulations should be read together with,'' which immediately precedes ``the FOIA, the 1987 Office of Management and Budget Guidelines for FOIA Fees, the Bureau's Privacy Act regulations set forth in subpart * * *'' and the phrase ``which'' prior to ``provide additional information about this topic.'' The commenter argues that these phrases seemingly enable the Bureau to alter subpart B at will simply by specifying a contrary rule on its FOIA Web page. The commenter proposes that the rule simply state that the FOIA, the OMB Guidelines, the Privacy Act regulations, and the Bureau's FOIA Web page, provide additional information about this topic.

   The Bureau disagrees with the commenter that Sec. 1070.10 requires modification. As written, the rule makes clear that the public should consult the FOIA Web site, along with the other authorities cited, because they ``provide additional information on this topic.''

   The Bureau does not intend to utilize its FOIA Web page to effect substantive revisions to subpart B and it does not interpret Sec. 1070.10 to be a source of authority to do so. The FOIA Web page exists to summarize and provide public guidance as to the FOIA and the procedures set forth in the Bureau's regulations that implement the FOIA. In certain cases, such guidance may indicate how the Bureau interprets its FOIA regulations, but it will not alter or supplant such regulations.

   Section 1070.11 Information Made Available; Discretionary Disclosures

   Section 1070.11(a) of the interim final rule sets forth the three major categories of information that the FOIA requires the Bureau to publish or make accessible to the public. Paragraph (b) authorizes the Bureau, in response to a FOIA request, to make discretionary disclosures of information or records that are otherwise subject to non-mandatory FOIA exemptions. Paragraph (c) requires the Bureau to make publicly available all records that have become the subject of three or more requests or that are likely to become the subject of frequent requests because they are clearly of interest to the public at large.

   Several trade associations expressed concerns that Sec. 1070.11(b) does not specify who in the Bureau is responsible for making discretionary disclosures of Bureau records and what criteria this person will employ when doing so. One commenter argues that this provision should provide for notice and a means to contest a decision of the Bureau to make discretionary disclosures of information. Another commenter argues that this provision should clarify that the Bureau may not make discretionary disclosures of examination reports or confidential commercial information.

   Commenters differ in their reactions to Sec. 1071.11(c). Several commenters argue that the three-request publication threshold is too rigid and is easily manipulated to induce publication. One commenter argues that the Bureau should eliminate this provision in favor of a case-by-case approach to publishing frequently requested records. Another commenter suggests that the Bureau should publish records only when they are frequently and regularly requested by a broad range of requestors. Yet another commenter argues that the Bureau should revise the rule to allow for publication of frequently requested records regardless of whether they are ``clearly of interest to the public at large.''

   Page 11487

   The Bureau adopts Sec. 1070.11(b) of the interim final rule without modification. This provision, which permits the Chief FOIA Officer to disclose FOIA exempt information ``if not precluded by law,'' \3\ is a common provision that exists in the FOIA regulations of many Federal agencies.\4\ This provision merely permits the Chief FOIA Officer to exercise the Bureau's discretion--to the extent that such discretion exists under law--to disclose information notwithstanding the fact that the Bureau could withhold such information pursuant to one or more of the FOIA exemptions. However, this provision does not grant the Chief FOIA Officer discretion to disregard Federal laws that require the Bureau to withhold information from public disclosure.

   ---------------------------------------------------------------------------

   \3\ Section 1070.15(b) of these rules authorizes the Bureau's Chief FOIA Officer to grant or deny all FOIA requests for Bureau records. This authority includes the power to make discretionary disclosures of information or records that are subject to FOIA requests, as set forth in section 1070.11(b). The Chief FOIA Officer exercises this authority with the input and advice of the program offices that maintain the requested information. To the extent that a business submits trade secrets or confidential commercial information to the Bureau that later becomes subject to a FOIA request, section 1070.20 of these rules requires the Chief FOIA Officer, in most cases, to obtain the input of that business before the Chief FOIA Officer decides whether to disclose the information.

   \4\ See, e.g., 12 CFR 261.14(c) (Federal Reserve Board regulation providing for discretionary release of exempt information); 12 CFR 4.12(c) (Office of Comptroller of Currency regulation providing for the same discretionary release of exempt information).

   ---------------------------------------------------------------------------

   For example, Sec. 1070.11(b) permits the Chief FOIA Officer to make public information that is subject only to FOIA Exemption 5, 5 U.S.C. 552(b)(5), as long as no other Federal law prohibits the Bureau from disclosing such information. However, the Chief FOIA Officer lacks discretion to disclose a trade secret that is subject to FOIA Exemption 4, 5 U.S.C. 552(b)(4), to the extent that the Trade Secrets Act, 18 U.S.C. 1905, prohibits the Bureau from publicly disclosing the trade secret.\5\ In certain instances, the Privacy Act also precludes the Chief FOIA Officer from disclosing information about individuals that is subject to FOIA Exemptions 6 or 7(c), 5 U.S.C. 552(b)(6), (7)(C).

   ---------------------------------------------------------------------------

   \5\ The Trade Secrets Act prohibits agencies from disclosing trade secrets except where they are authorized by law to do so. See Chrysler Corp. v. Brown, 441 U.S. 281 (1979).

   ---------------------------------------------------------------------------

   To the extent that the Chief FOIA Officer has discretion to disclose confidential supervisory information that is otherwise subject to FOIA Exemption 8, 5 U.S.C. 552(b)(8), the Bureau's ``policy is to treat information obtained in the supervisory process as confidential and privileged'' and as ``exempt from disclosure under Exemption 8 of the Freedom of Information Act.'' CFPB Bulletin 12-01 (Jan. 4, 2012).

   The Bureau adopts Sec. 1070.11(c) of the interim final rule with minor modifications. Section 1070.11(c) implements the Electronic Freedom of Information Act amendments of 1996, codified at 5 U.S.C. 552(a)(2)(D), which require each agency to make ``available for public inspection and copying * * * copies of all records, regardless of form or format, which have been released to any person * * * and which, because of the nature of their subject matter, the agency determines have become or are likely to become the subject of subsequent requests for substantially the same records.'' The Department of Justice, in guidance it issued to Federal agencies in 2003, interprets section (a)(2)(D) of the FOIA to mean that agencies must publish records that are already or are likely to become the subject of three or more FOIA requests. See Department of Justice, Office of Information & Privacy, FOIA Post: ``FOIA Counselor Q&A: `Frequently Requested' Records'' (Jul. 25, 2003), at http://www.justice.gov/oip/foiapost/2003foiapost28.htm. Section 1070.11(c) is consistent with this guidance and with similar provisions in other agencies' FOIA regulations.\6\

   ---------------------------------------------------------------------------

   \6\ See, e.g., 12 CFR 261.11(4) (Federal Reserve Board rule providing for the publication of frequently requested records); 12 CFR 309.4(D) (Federal Deposit Insurance Corporation rule providing for the publication of frequently requested records).

   ---------------------------------------------------------------------------

   Nevertheless, the Bureau agrees to remove from Sec. 1070.11(c) the qualifying language ``clearly of interest to the public at large.'' Such language is not part of the FOIA or the Department of Justice's FOIA guidance. The Bureau concludes that this language does not serve the Bureau's interest in promoting transparency.

   Section 1070.12 Publication in the Federal Register

   Section 1070.12 implements section (a)(1) of the FOIA, 5 U.S.C. 552(a)(1). It requires the Bureau to publish in the Federal Register certain details of its organization, policies, procedures, and rules, subject to the FOIA exemptions. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.13 Public Inspection and Copying

   Section 1070.12(a) implements section (a)(2) of the FOIA, 5 U.S.C. 552(a)(2). Subject to the FOIA exemptions, it requires the Bureau to make available for public inspection and copying, including by posting on the Bureau's Web page, all of the Bureau's final opinions and orders, certain statements of its policies and administrative staff manuals, copies of all frequently requested records that it publishes pursuant to Sec. 1070.11(c), and an index of such records.

   Section 1070.12(b) requires the Bureau to establish an electronic FOIA reading room on its Web site to house the records that section 1070.12(a) requires it to publish. Section 1070.12(c) requires the Bureau to also make such records available at its headquarters in a physical reading room that is accessible to the public upon request.

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification, except that it updates the address of the reading room to reflect the new address of the Bureau: 1700 G Street NW., Washington, DC 20552.

   Section 1070.14 Requests for CFPB Records

   Section 1070.14 sets forth the basic procedural requirements for submitting a FOIA request to the Bureau.

   Paragraph (a) implements section (a)(3) of the FOIA, 5 U.S.C. 552(a)(3), which establishes the basic public right to obtain access to Federal agency records, upon request, and subject to the FOIA exemptions and exclusions.

   Paragraph (b) sets forth the acceptable formats for a Bureau FOIA request. It states that a FOIA request must be made in writing, labeled as such, and submitted to the Chief FOIA Officer in either paper or electronic formats.

   Paragraph (c) describes the required content of a Bureau FOIA request. This content includes a reasonably specific description of the records requested, contact information for the requester, a statement of whether the requester wants to inspect or obtain a copy of the records requested, an assertion of the requester's applicable fee category, an indication of whether the requester seeks an upper limit to or a waiver or reduction of applicable fees, and an indication of whether the requester seeks expedited processing of the request.

   Paragraph (d) states that the Bureau need not accept or process a FOIA request, or be bound by deadlines for responding to such a request, that does not conform to the requirements of paragraphs (b) and (c). If a request is materially deficient, then the Bureau may return it to the requester and advise the requester as to how to address the deficiency. If the requester does not

   Page 11488

   respond to notification of a material deficiency within thirty (30) days, then the Bureau will deem the deficient request to be withdrawn. A determination that a request is materially deficient does not constitute a denial of access and is not subject to appeal.

   Paragraphs (e) and (f) set forth the procedure by which a requester may obtain access to Bureau records about him or herself or about another individual when requesting records on behalf of that individual.

   One commenter believes that the Bureau should amend Sec. 1070.14(c)(5), which requires FOIA requesters to seek fee waivers at the time when they file their FOIA requests, to allow requesters to seek fee waivers at any time while FOIA requests are open.

   Another commenter argues that the Bureau should eliminate the portion of Sec. 1070.14(c)(5) which states that by submitting a FOIA request, the requester agrees to pay any and all fees associated with processing the request up to $25. The commenter argues that this requirement may deter individuals from seeking information pursuant to the FOIA. Instead, the commenter argues that requesters should be able to specify that they do not want the Bureau to process the request if doing so will exceed the two free search hours and 100 free pages of duplication to which the FOIA entitles them.

   Finally, one commenter argues that the Bureau should revise Sec. 1070.14(d) to state that the failure by a requester to adhere to all of these procedural requirements--including the requirements that requests must be labeled ``Freedom of Information Act Request'' and that requesters specify an applicable fee category--will not necessarily result in the Bureau rejecting a request. The commenter also argues that this provision should require the Bureau to inform requesters when they have deemed requests to be deficient.

   The Bureau modifies Sec. 1070.14(b) of the interim final rule to reflect the new mailing address of the Bureau: 1700 G Street NW., Washington, DC 20552. The Bureau also modifies Sec. 1070.14(c)(2) to require that a requester include his, her, or its name in addition to the other contact information that the Bureau requires a requester to provide. The Bureau imposes this change to ensure that it can make proper fee category determinations, impose fees upon the requester, and properly determine whether a request is a Privacy Act or a FOIA request.

   The Bureau adopts Sec. 1070.14(c)(5) without modification for the reasons that it discusses in the portion of the section-by-section analysis that pertains to Sec. 1070.22 of the rule.

   To address the commenter's concern that paragraph (d) authorizes the Bureau to reject requests on the basis of immaterial deficiencies, and does not require the Bureau to advise requesters as to how to correct deficiencies in their requests, the Bureau modifies Sec. 1070.14(d) to state that it will deem itself to have received a request when it contains ``substantially'' all of the information that the Bureau requires and that it need not accept or process a request that fails to conform in any ``material'' respect to the requirements of Sec. 1070.14.

   Section 1070.15 Responsibility For Responding to Requests for CFPB Records

   Section 1070.15(a) states that the Bureau will deem records to be responsive to a FOIA request only to the extent that it possesses them as of the date when the Bureau commences its records search.

   Paragraph (b) states that the Bureau's Chief FOIA Officer is authorized to make determinations on behalf of the Bureau as to whether and to what extent to grant FOIA requests.

   Paragraph (c) sets forth the Bureau's procedures for consulting with or referring to another agency a requested record that originated with or contains information that originated with that agency.

   Paragraph (d) states that the Bureau will notify a requester whenever it refers all or part of a request to another agency.

   One commenter urges the Bureau to amend Sec. 1070.15(c), which authorizes the Bureau to consult other agencies when responding to requests for Bureau records that comprise other agencies' information, to require the Bureau to obtain the affirmative consent of such agencies, rather than merely consulting them, prior to releasing the records.

   The Bureau adopts the interim final rule without modification. The interim final rule reflects the standard practice among Federal agencies for consultations. It represents sound practice in that it balances the interests of other agencies with the right of requesters to obtain requested records in a timely fashion.

   Section 1070.16 Timing of Responses to Requests for CFPB Records

   Section 1070.16 sets forth the order and timing of the Bureau's responses to FOIA requests.

   Paragraph (a) states that, except as set forth in paragraphs (b) through (d) of this section and Sec. 1070.17 of this subpart, the Bureau will respond to FOIA requests in the order of their receipt.

   Paragraph (b) authorizes the Bureau to establish separate tracks to process simple and complex requests in the order of their respective receipt. This multi-track process allows the Bureau to respond to simple requests more quickly than it could otherwise if the Bureau processed such simple requests in a single queue behind complex requests.

   Paragraph (c) establishes a twenty (20) business day deadline for the Bureau to respond to a FOIA request. The Bureau may toll this deadline once while it awaits a requester's response to a reasonable demand for clarification of a request. It may also toll the deadline while it is engaged in a dispute with a requester regarding the assessment of fees.

   Paragraph (d) permits the Bureau to unilaterally extend in writing the twenty (20) business day response deadline for responding to a FOIA request or appeal by up to an additional ten (10) business days if the Bureau determines that unusual circumstances exist that preclude the Bureau from meeting the twenty (20) business day deadline. If the Bureau determines that it needs more than an additional ten (10) business days to respond, then it must notify the requester and provide the requester with an opportunity to either narrow the scope of the request or appeal in such a way that the Bureau can respond by the deadline or arrange for an alternative time frame beyond the deadline to respond to the request or appeal.

   One commenter argues that Sec. 1070.16(c) impermissibly authorizes the Bureau to toll the twenty (20) day deadline for responding to FOIA requests while the Bureau awaits clarification from a requester as to subject matter of a request or while the Bureau resolves any dispute with the requester regarding fees. The commenter argues that the FOIA states that the request response deadline commences once a request or appeal has been received.

   The Bureau adopts the interim final rule without modification. The interim final rule implements section (a)(6)(A) of the FOIA, 5 U.S.C. 552(a)(6)(A), which provides that an agency may toll the response deadline once while awaiting the requester's response to a reasonable request of the agency for information about a FOIA request or as necessary while awaiting the requester's clarification of fee issues regarding the FOIA request.

   Page 11489

   Section 1070.17 Requests for Expedited Processing

   Section 1070.17 establishes a procedure by which FOIA requesters may seek and the criteria by which the Bureau will grant expedited processing of FOIA requests.

   Paragraph (a) states that the Bureau will grant expedited processing to requesters that demonstrate a ``compelling need'' for such processing in accordance with this section.

   Paragraph (b) sets forth the form and content of requests for expedited processing and defines the term ``compelling need'' generally and with respect to requests made by persons primarily engaged in disseminating information.

   Paragraph (c) requires the Bureau to respond to requests for expedited processing within ten (10) calendar dates of their receipt.

   Paragraph (d) states that if granted, expedited processing entitles requesters to priority over non-expedited requests and responses as soon as practicable. It further states that the Bureau may process expedited requests on a multi-track basis and within each track, in the order of their receipt.

   Paragraph (e) establishes the rights of requesters to appeal denials of requests for expedited processing in accordance with Sec. 1070.21 of this subpart.

   One commenter suggests that the Bureau should amend Sec. 1070.17 by expanding its criteria for granting expedited processing of FOIA requests to include, in addition to instances where the requester demonstrates a ``compelling need'' for expedited process, ``other cases determined by the agency,'' which section (a)(6)(E)(i)(II) of the FOIA, 5 U.S.C. (a)(6)(E)(i)(II), authorizes. The commenter asks that these ``other cases'' include instances in which expedited processing is necessary to avoid the loss of substantial due process rights or where there is widespread and exceptional media interest in information that raises concerns about the government's integrity.

   The Bureau agrees with the commenter that the FOIA grants agencies discretion to process requests on an expedited basis for reasons other than demonstration by a requester of a compelling need. The Bureau modifies the interim final rule by permitting the Bureau to process a request for expedited processing whenever a requester demonstrates a compelling need ``or in other cases that the CFPB deems appropriate.''

   Section 1070.18 Responses to Requests for CFPB Records

   Section 1070.18 sets forth the process by which the Bureau will acknowledge receipt of FOIA requests and communicate its initial determinations as to whether and to what extent to grant such requests. The rule also delineates information that the Bureau must include in notifications to requesters that acknowledge receipt of or determine whether and to what extent to grant FOIA requests. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.19 Classified Information

   Section 1070.19 sets forth a procedure for referring requests for classified information to the agency that originated or classified it. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.20 Requests for Business Information Provided to the CFPB

   Section 1070.20 requires the Bureau, under certain circumstances, to notify persons or entities that submit business information to the Bureau of its receipt of a FOIA request or appeal for such information, and to provide submitters with an opportunity to object to the Bureau's disclosure of such information on the basis of FOIA Exemption 4, 5 U.S.C. 552(b)(4). If the Bureau rejects such objections, then the rule requires the Bureau to wait a certain period of time before it discloses the information so as to afford submitters an opportunity to file suit in Federal district court to enjoin disclosure. The rule states that the Bureau will notify submitters of the receipt of FOIA requests or appeals for their information whenever the Bureau has reason to believe that the information may be subject to Exemption 4 or that submitters have marked the information as such in good faith. Notification is not required if the Bureau determines independently that the requested information is exempt from disclosure, that it is already in the public domain, that disclosure is required by statute or regulation, or the submitter's designation of the information as being subject to Exemption 4 is obviously frivolous.

   Several commenters argue that the Bureau should eliminate or amend Sec. 1070.20(c), which allows submitters of business information to designate such information as being subject to FOIA Exemption 4 for a period of ten years after the date of submission. Several commenters argue that the Bureau should double or otherwise increase the ten year time period applicable to designations of trade secrets and other confidential supervisory information.

   The Bureau adopts the interim final rule without modification. The ten-year length of the business information designation period is consistent with similar rules adopted by other Federal agencies. The Bureau notes that the rule grants it discretion, upon request and with sufficient justification, to extend the length of the designation period beyond ten years. As such, the Bureau sees no reason to eliminate or extend the default length of the designation period.

   Section 1070.21 Administrative Appeals

   Section 1070.21 discusses administrative appeals of initial Bureau determinations regarding FOIA requests.

   Paragraph (a) enumerates Bureau determinations that are subject to administrative appeal. These determinations include denial of access to records in whole or in part, assignment to the requester of a particular fee category, denial of a request for a reduction or waiver of fees, a determination that no records exist that are responsive to a request, and denial of a request for expedited processing.

   Paragraph (b) establishes a forty-five (45) calendar day time frame from the date of initial determination to file administrative FOIA appeals (except for appeals of denials of expedited processing, which must be filed within ten (10) days).

   Paragraph (c) sets forth the required form and content of administrative appeals.

   Paragraph (d) sets forth a procedure for acknowledging the receipt of administrative appeals.

   Paragraph (e) authorizes the General Counsel of the Bureau to decide whether to affirm or overturn initial determinations of the Bureau which are subject to administrative appeals. The rule requires the General Counsel to respond to appeals within twenty (20) business days after their receipt, unless that time period is extended pursuant to Sec. 1070.16(d) of this subpart. It requires the General Counsel to notify requesters in writing of appellate determinations and, if the appeals are denied, to inform requesters of their rights to seek redress in Federal district court.

   Paragraph (g) notes that an appeal ordinarily will not be adjudicated if a FOIA request becomes a matter of FOIA litigation.

   Page 11490

   One commenter suggests that the Bureau should amend Sec. 1070.21(b), which sets forth a 45-day time limit to file a FOIA appeal that runs from the later of the date of the Bureau's decision to deny or grant the request or the date of the letter transmitting the last records released to the requester. The commenter argues that this provision should state instead that this 45-day time period should run from the later of the date of the Bureau's initial determination or the date that the last records are received by (rather than mailed to) the requester.

   The Bureau declines to adopt the commenter's suggestion regarding paragraph (b) because the Bureau would have no way to know, for purposes of determining whether a requester has met the appellate filing deadline, when a requester actually receives the records it transmits. The Bureau believes that a more reliable basis for computing the appellate deadline is the date of the Bureau's transmission of such records.

   The Bureau modifies Sec. 1070.21 to add a new paragraph (e)(3) that authorizes the General Counsel, in deciding FOIA appeals, to remand FOIA requests to the Chief FOIA Officer for such further action as the General Counsel directs, including but not limited to new or modified record searches. Actions of the Chief FOIA Officer on remand will be treated once again as initial determinations of the Bureau that are subject to the regular procedures set forth in this subpart for the Bureau to process, decide, and respond to FOIA requests. For example, the Chief FOIA Officer must respond to a remanded request in accordance with the deadlines set forth in Sec. 1070.16, which will run from the date of the Bureau's transmission of the remand notification. If a requester disagrees with the actions of the Chief FOIA Officer on remand, then the requester may file an administrative appeal of those actions in accordance with Sec. 1070.21.

   Section 1070.22 Fees for Processing Requests for CFPB Records

   Section 1070.22 sets forth the criteria that the Bureau will use to determine whether and to what extent the Bureau may assess fees in connection with processing and responding to FOIA requests and appeals.

   Paragraph (a) generally describes the applicable procedure for determining whether and to what extent to assess fees to a FOIA request. It also identifies a schedule of fees assessable for time spent by Bureau employees searching for and reviewing requested records and for duplicating such records for production to a requester.

   Paragraph (b) describes the various categories that the Bureau will assign to each requester for the purpose of determining which types of fees apply to a request.

   Paragraph (c) describes the types of fees that apply to each of the categories of fee requesters set forth in paragraph (b).

   Paragraph (d) describes circumstances where the Bureau will not charge fees to requesters.

   Paragraph (e) sets forth the procedure by which FOIA requesters may seek, and the criteria that the Bureau will use to determine whether to grant requests for, waivers of or reductions in applicable fees.

   Paragraph (f) identifies circumstances in which the Bureau requires FOIA requesters to pre-pay fees associated with FOIA requests and in which the Bureau shall charge interest on and collect overdue fees.

   One comment argues that the Bureau's FOIA fee schedule, which the Bureau references in Sec. 1070.22(a)(1) and posts on its FOIA Web site, must go through the Administrative Procedure Act's notice and comment process.

   Another comment urges the Bureau to amend Sec. 1070.22(d)(3) to waive FOIA duplication fees for representatives of the news media in the event that the Bureau fails to comply with time limits applicable to FOIA requests.

   A commenter urges the Bureau to modify Sec. 1070.22(e) to permit requesters to seek waivers of or reductions in applicable fees at any time prior to the Bureau's response date.

   Finally, a comment suggests that the Bureau should limit the circumstances under which it requires prepayment of FOIA fees pursuant to Sec. 1070.22(f). This comment argues that requesters should not have to pay outstanding fees associated with their prior FOIA requests before the Bureau will process new requests that they submit because the FOIA entitles all requesters to a certain amount of free search time and duplication of records.

   The Bureau disagrees with the comment that the Bureau's schedule of FOIA fees, which the Bureau has published on its FOIA Web page since it promulgated the interim final rule, requires further notice and comment. This fee schedule, like the rest of the interim final rule, was subject to public comment, as the CPFB referenced the schedule in the rule. The Bureau received no public comments regarding this fee schedule.

   The Bureau modifies Sec. 1070.22(a) of the interim final rule so that it now states expressly--rather than merely referencing--the fee rates that the Bureau charges requesters to duplicate, search for, and review records. The Bureau also modifies this provision to clarify the circumstances under which the Bureau will charge fees when searching for electronic records.

   The Bureau modifies Sec. 1070.22(d)(3) of the interim final rule to provide, in accordance with section (a)(4)(a)(viii), that the Bureau shall not charge FOIA duplication fees for representatives of the news media in the event that the Bureau fails to comply with time limits applicable to FOIA requests.

   The Bureau declines to adopt the suggestion that it modify Sec. 1070.22(e) so that requesters may seek waivers of or reductions in applicable fees at any time prior to the dates of the Bureau's responses to requests. By requiring requesters to state, at the time when they file their FOIA requests, whether they seek waivers of or reductions in fees, the Bureau seeks to address and resolve fee disputes at the outset of the request process and before the Bureau expends its time, resources, and funds to respond to requests. This procedure ensures that the Bureau does not perform work that the requester cannot, or does not wish to pay for, if the Bureau denies a fee waiver request.

   The Bureau also declines to modify Sec. 1070.22(f) of the interim final rule. This provision, which sets forth circumstances for requiring prepayment of fees, is consistent with guidance issued by the Office of Management and Budget for FOIA fees. See OMB Guidelines for FOIA Fees (1987), available at http://www.whitehouse.gov/sites/default/files/omb/assets/omb/inforeg/foia_fee_schedule_1987.pdf.

   Section 1070.23 Authority and Responsibilities of the Chief FOIA Officer.

   Section 1070.23 sets forth the various authorities and responsibilities of the Chief FOIA Officer of the Bureau. One commenter argues that Sec. 1070.23 should include a provision that authorizes the Chief FOIA Officer to oversee the FOIA section of Bureau's Web site. The Bureau agrees with this comment and modifies the interim final rule to add a new paragraph (a)(7) that requires the Chief FOIA Officer to ``maintain and update, as necessary and in accordance with the requirements of this subpart, the CFPB's FOIA Web site, including its e-FOIA Library.''

   Page 11491

   Subpart C--Disclosure of CFPB Information in Connection With Legal Proceedings

   Section 1070.30 Purpose and Scope; Definitions

   Section 1070.30(a) outlines subpart C, which sets forth procedures for serving the Bureau and its employees with documents in legal proceedings, such as summonses, complaints, subpoenas, and other litigation-related requests or demands for records and information, as well as procedures and criteria for the Bureau to follow when responding to such materials. These regulations (which are sometimes referred to as Touhy regulations) are modeled after similar regulations of other Federal agencies.

   Paragraph (b) clarifies that these procedures for serving legal documents on the Bureau do not apply to persons who seek to file FOIA requests or Privacy Act requests with the Bureau or those agencies that seek access to confidential information of the Bureau.

   Paragraph (c) further clarifies that the procedures of subpart C do not apply to requests for information made in the course of adjudicating certain administrative employment actions brought by Bureau employees or applicants for employment.

   Paragraph (d) notes that subpart C is not intended to, does not create, and may not be relied upon to create, any right or benefit, substantive or procedural, against the Bureau or the United States.

   Paragraph (e) defines the terms ``demand,'' ``legal proceeding,'' ``official information,'' ``request,'' and ``testimony'' ``for purposes of this subpart C and except as the Bureau may otherwise determine in a particular case.''

   One commenter argues that Sec. 1070.30(e) is too malleable in that its definitions apply ``except as the Bureau may otherwise determine in a particular case.'' The commenter notes that this exception provides the Bureau with authority to redefine key terms as it sees fit to authorize disclosures of confidential information. The commenter suggests that the Bureau should eliminate this exception.

   To eliminate any ambiguity as to the meaning of the defined terms of Sec. 1070.30(e), the Bureau strikes the phrase ``except as the CFPB may otherwise determine in a particular case.'' The Final Rule also addresses several drafting errors and omissions.

   Section 1070.31 Service of Summonses and Complaints

   Section 1070.31 of the interim final rule states that only the Bureau's General Counsel is authorized to receive and accept service of process of summonses and complaints in which the Bureau or its employees (in their official capacities) are sued.

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule with the following modification to reflect the new mailing address of the Bureau: 1700 G Street NW., Washington, DC 20552.

   Section 1070.32 Service of Subpoenas, Court Orders, and Other Demands for CFPB Information or Action

   Section 1070.32 of the interim final rule states that, except where the Bureau is represented by legal counsel who have entered an appearance or otherwise given notice of their representation, only the Bureau's General Counsel is authorized to receive and accept service of subpoenas, court orders, and litigation demands and requests for the production of the Bureau's records and official information that are directed to the Bureau or its employees (in their official capacities).

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule with modifications that reflect the new mailing address of the Bureau: 1700 G Street NW., Washington, DC 20552. The final rule also clarifies certain service requirements. For example, paragraph (c) of the final rule eliminates the requirement that Bureau employees consult the General Counsel before declining to accept service of process on behalf of the Bureau. This modification simplifies the course of conduct for Bureau employees who are contacted by a process server and have no opportunity to consult with the General Counsel prior to deciding whether to decline to accept service. The final rule also corrects grammatical errors.

   Section 1070.33 Testimony and Production of Documents Prohibited Unless Approved by the General Counsel

   Section 1070.33 provides that no current or former Bureau employee shall provide oral or written testimony concerning any official information of the Bureau or produce any document or material acquired as part of or by virtue of his or her employment at the Bureau unless the Bureau's General Counsel authorizes the employee or former employee to do so. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.34 Procedure When Testimony or Production of Documents Is Sought; General

   Section 1070.34 requires parties demanding the production of the Bureau's documents or testimony, in legal proceedings in which the United States or the Bureau are not parties, to provide the Bureau with certain information about the demand or request, including the name and forum of the proceeding, a detailed description of the nature of the information or testimony sought and its intended uses and relevance, a showing that the evidence sought through the production of the Bureau's records or testimony is not available from other sources, and, as the General Counsel deems appropriate, a statement of the party's plans to demand additional testimony or documents in the future. Unless and until a party provides this required information, the Bureau will not respond to a demand it receives. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.35 Procedure When Response To Demand Is Required Prior to Receiving Instructions

   Section 1070.35 states that, whenever a response to a demand for testimony or the production of documents or materials described in Sec. 1070.34 is due before the General Counsel renders a decision, then the Bureau will seek an extension of time to respond. If no extension is available or granted, then the Bureau will request that the court or other applicable authority stay the proceedings until such time as the General Counsel is able to respond. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.36 Procedure in the Event of an Adverse Ruling

   Section 1070.36 states that, whenever a court or other applicable authority declines to stay proceedings until the General Counsel is able to respond to a demand for testimony or the production of documents or materials described in Sec. 1070.34, or the court or other authority rules that the Bureau must comply with the demand irrespective of the General Counsel's instructions otherwise, then the employee upon whom the demand has been made shall respectfully decline

   Page 11492

   to comply with the demand citing this subpart and United States ex rel. Touhy v. Ragen, 340 U.S. 462 (1951). The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.37 Considerations in Determining Whether the CFPB Will Comply With a Demand or Request

   Section 1070.37 sets forth various factors that the General Counsel shall consider in deciding whether to comply with a demand or request for the production of the Bureau's records or testimony. This section also lists factors that will normally cause the Bureau to refuse compliance with such a demand or request. These factors pertain to prudential considerations and discovery privileges established by Federal statutes, rules, and case law.

   Commenters argued generally that the provisions of subpart C do not do enough to protect confidential supervisory information from disclosure in a litigation context. Commenters note that the regulations of other Federal bank regulatory agencies contain provisions which state that normally, the agency will not release confidential supervisory information in response to a demand or request for such information.

   Section 1070.37 of the rule reflects the Bureau's intention to protect confidential supervisory information from disclosure in a litigation context. Paragraph (b) lists several factors that if found to exist would normally preclude the Bureau from granting a demand or request for confidential supervisory information. These factors include: (b)(4) ``compliance would reveal confidential or privileged commercial or financial information or trade secrets without the owner's consent''; (b)(6) ``compliance would not be appropriate or necessary under the relevant substantive law governing privilege''; and (b)(7) ``compliance would reveal confidential information.'' Paragraph (c) of this section also provides that the Bureau may condition disclosure of confidential supervisory information pursuant to a request or demand upon the entry of an appropriate protective order.

   Although the Bureau believes that these provisions adequately protect confidential supervisory information from disclosure, the Bureau nevertheless adds two new factors to paragraph (b) to bolster these protections further. The first new factor states that the Bureau will not normally grant a response to a request or demand for confidential supervisory information when doing so would compromise the Bureau's supervisory functions or programs or would undermine public confidence in supervised institutions. The second factor states that the Bureau will not normally grant a response when doing so would undermine the Bureau's ability to monitor for risks to consumers in the offering of consumer financial products or services.

   Section 1070.38 Prohibition on Providing Expert or Opinion Testimony

   Section 1070.38 prohibits Bureau employees or former employees from providing opinion or expert testimony based upon information (other than general expertise) which they acquired in the scope and performance of their official Bureau duties, except to the extent that they provide such testimony on behalf of the United States or a party represented by the Bureau or the Department of Justice. The General Counsel has discretion to waive this prohibition if the requestor demonstrates an exceptional need or unique circumstances and that the anticipated testimony will neither be adverse to the United States nor require the United States to pay the employee's or former employee's travel or other expenses associated with providing the requested testimony.

   A commenter argues that the Bureau should eliminate Sec. 1070.38(c), which permits Bureau employees to testify as expert witnesses under certain circumstances, because ``giving free expert testimony is not among the permissible Bureau disclosures of information.''

   The Bureau adopts the interim final rule without modification. Paragraph (c) is consistent with the rules of other Federal agencies and with Federal ethics regulations regarding the provision of expert testimony by Federal employees.

   Subpart D--Confidential Information

   Section 1070.40 Purpose and Scope

   Section 1070.40 clarifies that subpart D does not apply to FOIA or Privacy Act requests or requests or demands for official information made within the context of litigation. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.41 Non-Disclosure of Confidential Information

   Section 1070.41(a) generally prohibits the disclosure of confidential information by the Bureau's employees, former employees, or other persons who possess the Bureau's confidential information, to non-employees of the Bureau or to Bureau employees for whom such information is not relevant to the performance of their assigned duties. This prohibition includes disclosures made by any means (including written or oral communications) or in any format (including paper and electronic formats).

   Excluded from this general prohibition are disclosures of confidential information to consultants and contractors of the Bureau who agree, in writing, to protect the confidentiality of the information in accordance with Federal law as well as any additional conditions or limitations that the Bureau may impose upon them.

   Section 1070.41(c) states that the Bureau is not precluded from disclosing materials that it derives from or creates using confidential information, provided that such materials do not identify, either directly or indirectly, any particular persons to whom the confidential information pertains. This paragraph clarifies that the Bureau may create and publish reports, analyses, and other materials derived from confidential information so long as the reports, analyses, or other materials do not identify the subject of such information or discuss the information in such a way that one could infer the identity of the person it concerns. For example, the Bureau is not precluded from publishing reports that contain aggregate data derived from confidential information, provided the report cannot be used in conjunction with other publicly available information to re-identify the source of the information.

   Section 1070.41(d) clarifies that nothing in subpart D requires or authorizes the Bureau to disclose confidential information that another agency has provided to the Bureau to the extent that such disclosure contravenes applicable law or the terms of any agreement that exists between the Bureau and the agency to govern the Bureau's treatment of information that the agency provides to the Bureau.

   The Bureau received several comments on Sec. 1070.41. One commenter argues that Sec. 1070.41(a)(2), which limits the internal dissemination of confidential information to Bureau employees with a bona fide need to know the information to perform assigned duties, is incongruous with Sec. 1070.41(b), which permits disclosures of confidential information to the Bureau's contractors without qualification. The commenter argues that the Bureau should either eliminate any restriction on the internal dissemination in paragraph (a) or apply

   Page 11493

   it equally to contractors in Sec. 1070.41(b). To the extent that the Bureau chooses to do the latter, another commenter argues that the Bureau should amend Sec. 1070.41(b) to state that disclosures to contractors or consultants may occur only as necessary to, and solely for purposes of, providing services for or rendering advice to the Bureau.

   One commenter argues that the Bureau should delete Sec. 1070.41(c), which authorizes the Bureau to disclose materials derived from confidential information so long as such materials do not identify those to whom the confidential information pertains, because the Trade Secrets Act may prohibit certain of these disclosures. Another commenter also criticizes this provision because it fails to specify criteria for determining that materials derived from confidential information do not identify, either directly or indirectly, any particular person to whom the confidential information pertains.

   A commenter objects to Sec. 1070.41(d), which states that subpart D does not require or authorize the disclosure of confidential information otherwise prohibited by applicable law or by the terms of any agreements reached with other agencies. The commenter argues that the Bureau should delete the phrase ``or the terms of any agreement that exists between the CFPB and the agency to govern the CFPB's treatment of information that the agency provides to the CFPB'' because, according to the commenter, this provision allows the Bureau to withhold information, pursuant to agreement, that other laws, such as the Freedom of Information Act, require the Bureau to disclose.

   To address concerns that paragraphs (a) and (b) of Sec. 1070.41 set forth inconsistent criteria for disclosing confidential information to Bureau employees on one hand and to Bureau contractors or consultants on the other hand, the Bureau modifies these paragraphs to provide for consistent treatment. In making these modifications, the Bureau deems it appropriate to retain restrictions in paragraph (a) on the internal dissemination of confidential information. By prohibiting the disclosure of confidential information to employees, contractors, and consultants who have no business reason to see it, the Bureau reduces the risk that such persons will misuse or inadvertently disclose the information. Such restrictions also are consistent with regulations established by other Federal agencies to protect confidential information.

   The Bureau adopts paragraph (c) of the interim final rule without modification. The Bureau declines to adopt more specific or stringent standards for determining that materials it derives from confidential information do not identify any particular person to whom the information pertains. The interim final rule allows the Bureau to report on and discuss its work involving confidential information while providing reasonable assurance that when it does so, it protects the persons to whom confidential information pertains.

   The interim final rule protects persons to whom confidential information pertains by allowing the Bureau to publish materials it derives from such confidential information only if the materials do not identify ``directly or indirectly'' the persons to whom it pertains. This provision precludes the Bureau from publishing materials that identify such persons expressly or that a reader could combine with materials readily available from other sources to deduce the identity of such persons.

   The Bureau believes that the interim final rule strikes an appropriate balance between the need to maintain the confidentiality of proprietary or other sensitive information and the Bureau's obligations, under provisions of the Dodd-Frank Act such as sections 1021 and 1022, to inform the public about the functioning of the marketplace for consumer financial products and services.

   The Bureau also concludes that it is inappropriate to specify more detailed criteria for determining when materials derived from confidential information are sufficiently anonymized for disclosure. The applicable criteria will differ significantly depending upon the type of confidential information at issue and the context in which it exists. The interim final rule offers appropriate discretion to the Bureau to make determinations based upon the facts and circumstances of each set of materials it seeks to disclose.

   The Bureau adopts paragraph (d) of the interim final rule without modification. This paragraph does not authorize the Bureau, pursuant to the terms of its confidentiality agreements with other agencies, to withhold confidential information from disclosure when applicable laws, such as the FOIA, require its disclosure. Instead, this paragraph simply clarifies that subpart D does not permit or authorize the Bureau to voluntarily disclose confidential information that it obtains from other agencies, in violation of its confidentiality agreements with such agencies, where applicable law otherwise authorizes (but does not require) the Bureau to disclose the information. These agreements would not and could not preclude the disclosure of confidential information where applicable law requires the Bureau to disclose it. In this regard, the Bureau notes that Sec. 1070.41(a) of this subpart authorizes the Bureau to disclose confidential information ``as required by law'' and that Sec. 1070.40 states that the provisions of subpart D do not govern the Bureau's responses to FOIA requests. Finally, we note that none of the Bureau's confidentiality agreements purport to preclude the Bureau from disclosing confidential information where applicable law requires it do so.

   Section 1070.42 Disclosure of Confidential Supervisory Information to and by Supervised Financial Institutions

   Section 1070.42(a) of the interim final rule provides that the Bureau may, in its discretion, disclose confidential supervisory information, such as reports of examination, to supervised financial institutions to which the reports pertain. To the extent that the Bureau chooses to do so, Sec. 1070.42(b) prohibits institutions from further disseminating the confidential information they receive except in limited circumstances. Supervised financial institutions may share confidential supervisory information with their directors, officers, and employees, and with those of their parent companies, to the extent that the disclosure of such confidential supervisory information is relevant to the performance of such individuals' assigned duties. Supervised financial institutions may also share confidential supervisory information with their (or their parent companies') outside legal counsel, certified public accountants, and consultants, provided that the supervised financial institutions take reasonable steps to ensure that such legal counsel, accountants, or consultants do not utilize, make or retain copies of, or further disclose confidential information except as is necessary to provide advice to the supervised financial institutions, their parent companies, or to their respective directors, officers, or employees. Furthermore, the institutions must keep written records of their disclosures of confidential information to their legal counsel, accountants, and consultants, along with the steps they have taken to ensure that these accountants, legal counsel, and consultants do not improperly utilize, make or retain copies of, or disclose such information. Supervised financial institutions shall

   Page 11494

   provide these written records to the Bureau, upon request or demand.

   One commenter criticizes Sec. 1070.42(b) of the interim final rule, which prohibits financial institutions in receipt of confidential information from further disclosing such information, except to its officers, directors, parents, and certain of its employees, and to its outside accountants, legal counsel, and consultants. The commenter argues that this provision is unreasonably restrictive in that financial institutions may have legitimate reasons to share confidential information with affiliates and with any manner of third-

   party service providers acting on their behalf. Commenters also object to the requirement of Sec. 1070.42(b)(2)(ii) that financial institutions keep a written account of all of their disclosures of confidential information to third parties. The commenter argues that the Bureau has no authority to require such accounting to the extent that disclosures occur in a privileged context.

   The Bureau modifies paragraphs (a) and (b) of the interim final rule. The final rule permits the Bureau to disclose confidential supervisory information that concerns a supervised financial institution or its service providers (as section 1002(26) of the Dodd-

   Frank Act defines that term) to that supervised financial institution, to its directors, officers, trustees, members, general partners, or employees, as well as to its ``affiliates'' (as section 1002(1) of the Dodd-Frank Act defines that term) and the directors, officers, trustees, members, general partners, or employees of such affiliates. The final rule also permits a supervised financial institution to further disclose confidential supervisory information that it lawfully receives from the Bureau to its directors, officers, trustees, members, general partners, and employees and to its affiliates and its affiliate's directors, officers, trustees, members, general partners, or employees, to the extent that such disclosures are relevant to the performance of these individuals' assigned duties.

   Furthermore, the final rule now permits a supervised financial institution or its affiliate to further disclose confidential supervisory information that it lawfully receives from the Bureau to its certified public accountants, outside legal counsel, contractors, consultants, and service providers as well as, with the prior written authorization of the Associate Director for Supervision, Enforcement, and Fair Lending or his or her delegee, to other persons, provided that the supervised financial institution or its affiliate shall take reasonable steps to ensure that such recipients do not, without the prior written approval of the Associate Director for Supervision, Enforcement, and Fair Lending or his or her delegee, utilize, make or retain copies of, or disclose confidential supervisory information for any purpose, except as is necessary to provide advice or services to the supervised financial institution or its affiliate.

   In response to the comments discussed above, the final rule deletes the disclosure accounting requirements of paragraph (b)(2)(ii) of this section. The Bureau agrees with commenters that this accounting requirement is burdensome and that the restrictions of Sec. 1070.47 of this subpart are sufficient to protect confidential supervisory information against further disclosures.

   Section 1070.43 Disclosure of Confidential Information to Law Enforcement Agencies and Other Government Agencies

   Section 1070.43 sets forth circumstances under which the Bureau must or may disclose various categories of confidential information to other government agencies.

   Section 1070.43(a)(1) implements sections 1022(c)(6)(C)(i) and 1025(e)(1)(C) of the Dodd-Frank Act, which require the Bureau to share with Federal and State agencies having jurisdiction over supervised financial institutions, the Bureau's reports of examination of those supervised financial institutions, including drafts thereof, final reports, and revisions to final reports, provided that the Bureau receives from the agencies reasonable assurances that they will maintain the confidentiality of the information provided.

   Section 1070.43(a)(2) implements section 1013(b)(3)(D) of the Dodd-

   Frank Act, which requires the Bureau to share confidential consumer complaint information with Federal and State agencies, provided that the agencies first give written assurances to the Bureau that they will maintain such information in a manner that conforms to the standards that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity.

   Section 1070.43(b)(1) of the interim final rule authorizes the Bureau to make discretionary disclosures of confidential information to Federal and State agencies under certain circumstances. For example, this provision implements section 1022(c)(6)(C)(ii) of the Dodd-Frank Act, which authorizes the Bureau, upon request, to share examination reports as well as other reports and confidential supervisory information about supervised financial institutions with Federal and State agencies having jurisdiction over those institutions. Section 1070.43(b)(1) also authorizes the Bureau, upon request, to share confidential investigatory information about supervised financial institutions with Federal and State agencies having jurisdiction over those institutions.

   Section 1070.43(b)(2) sets forth procedures for Federal and State agencies to follow when requesting access to the Bureau's confidential information as set forth in section 1070.43(b)(1). The Bureau's General Counsel is responsible for acting upon such requests in consultation with the Bureau's Associate Director for Supervision, Enforcement, and Fair Lending or with other appropriate Bureau personnel. Requests must be submitted in writing by authorized officers or employees of the requesting agencies. Requests should describe the nature of the confidential information and documents sought and the purposes for which it will be used. Requests should also identify the agency's legal authority for requesting the documents and any provisions that restrict the Bureau's authority to disclose the information. Finally, the requests should certify that the requesting agency will maintain the requested confidential information in accordance with this rule and in a manner that conforms to the standards that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity. Moreover, the requests should certify that the agencies will adhere to any additional conditions or limitations that the Bureau, in its discretion, decides to impose.

   Section 1070.43(c) clarifies that requests by State agencies for information or records of the Bureau that do not constitute confidential information must be made in accordance with the Bureau's FOIA regulations set forth in subpart B.

   Sections 1070.43(d) permits the Bureau to enter into agreements with Federal and State agencies that provide for standing access to confidential information.

   The majority of the comments that the Bureau received in response to the interim final rule pertain to Sec. 1070.43.

   Several commenters argue that the Bureau lacks authority under the Dodd-Frank Act to make disclosures of confidential information either at all or to the extent provided by Sec. 1070.43.

   Page 11495

   One commenter asserts that the Dodd-Frank Act does not authorize the Bureau to disclose any confidential information to the State attorneys general or to private parties. This commenter argues that the Bureau promulgated Sec. 1070.43(b) of the interim final rule based upon a misinterpretation of section 1022(c)(6)(C)(ii) of the Dodd-Frank Act. Section 1022(c)(6)(C)(ii) of the Dodd-Frank Act provides that, ``in addition to the examination reports described in clause (i), the CFPB may, in its discretion, furnish to a prudential regulator or other agency having jurisdiction over a covered person or service provider any other report or other confidential supervisory information concerning such person examined by the CFPB under the authority of any other provision of Federal law.'' The commenter argues that this provision does not authorize the Bureau to disclose confidential supervisory information; rather, it authorizes the Bureau to withhold supervisory information. That is, the commenter believes that section 1022(c)(6)(C)(ii) means that the Bureau may decline to disclose confidential supervisory information to other agencies when a provision of Federal law other than section 1022(c)(6)(C)(i) authorizes the disclosure. This commenter also asserts that section 1022(c)(6)(C)(ii) of the Dodd-Frank Act permits discretionary disclosures only to a ``prudential regulatory or other agency'' and that these terms do not include State attorneys general or private parties.

   Other commenters argue that the Dodd-Frank Act does not authorize the Bureau to disclose confidential information to State attorneys general for purposes unrelated to the enforcement of consumer financial law or, as stated by one commenter, for purposes unrelated to the enforcement of Federal consumer financial law.

   Commenters furthermore argue that by authorizing the Bureau to share confidential information with State attorneys general in circumstances where they lack authority to enforce applicable law within the judicial process, Sec. 1070.43(b) expands State investigative powers beyond the limits set forth in section 1047 of the Dodd-Frank Act and the Supreme Court's decision in Cuomo v. Clearinghouse Ass'n, LLC, 557 U.S. 519 (2009). Section 1047 of the Dodd-Frank Act amends the National Bank Act (NBA) and the Home Owners Loan Act (HOLA) to confirm the Supreme Court's view in Cuomo that the NBA's references to visitorial authority of the Office of the Comptroller of the Currency do not limit or restrict the authority of State attorneys general to enforce applicable law against national banks or Federal savings associations or to seek relief as authorized by such law. According to the commenters, the Cuomo decision rejects a State attorney general's authority to obtain information directly from national banks when it does so outside of the context of a judicial proceeding where it is seeking to enforce applicable law. The commenters argue that in codifying the Cuomo decision in section 1047 of the Dodd-Frank Act, Congress could not have intended for State attorneys general to be able to obtain from the Bureau confidential information relating to national banks that these attorneys general could not obtain directly from such banks. These commenters propose that the Bureau limit its disclosure of confidential information to State attorneys general to circumstances where the attorneys general exercise their authority to enforce applicable law within a judicial process and such disclosure relates to the exercise of that authority by the State attorneys general.

   Other commenters argue that the Bureau should either prohibit outright the disclosure of confidential information to other agencies, and to State attorneys general in particular, or restrict the circumstances under which the Bureau may do so. Commenters present varied proposals for applicable disclosure standards.

   One commenter proposes that the Bureau limit the disclosure of confidential information to State attorneys general to circumstances where the attorneys general demonstrate that they seek such information for purposes of enforcing consumer financial protection laws. Other commenters propose that disclosures of confidential supervisory information should be limited to agencies with financial institution supervisory authority.

   Some commenters suggest that, consistent with disclosure standards promulgated by some other Federal bank regulatory agencies, the Bureau should permit discretionary disclosures of confidential supervisory information only if requesters demonstrate a substantial need for the information that outweighs the need to maintain confidentiality and only when requestors have no other means of acquiring the information directly from the financial institutions to which it pertains or otherwise.

   Commenters also propose that the Bureau impose additional procedural requirements for the discretionary disclosure of confidential information. Several commenters propose that requests for confidential information should be granted only when made by senior officials of or the heads of requesting agencies. Others suggest that the Bureau should require requesters of confidential information to represent that they have implemented and maintain comprehensive information security programs to protect the confidentiality and security of the information requested. They maintain that the Bureau should take steps to confirm such representations and audit requesters' systems for maintaining the confidentiality and security of information disclosed.

   Commenters furthermore argue that the Bureau should provide financial institutions with notice of third party requests for confidential information as well as opportunities to object to such disclosures unless the Bureau determines, in its discretion, that doing so would advantage or prejudice any of the parties in the matter at issue. Similarly, one commenter suggests that the Bureau should refer requests for confidential information to prudential regulators so that they can prohibit disclosure if a rational basis exists to conclude that disclosure would threaten the safety and soundness of the institutions concerned.

   Finally, one commenter asks the Bureau to clarify that Sec. 1070.43(a)(1), which requires the Bureau to disclose reports of examination to certain Federal and State agencies, pertains to examination reports of both depository and non-depository institutions.

   As a preliminary matter, the Bureau affirms its authority under the Dodd-Frank Act to promulgate a rule that provides for the disclosure of confidential information to Federal and State agencies, including State attorneys general.

   Section 1012 of the Dodd-Frank Act grants to the Director authority to establish rules for conducting the general business of the Bureau, to implement the Federal consumer financial laws through rules, and to perform such other functions as may be authorized or required by law. In addition, section 1022(b)(1) authorizes the Bureau to ``prescribe rules * * *, as may be necessary or appropriate to enable the Bureau to administer and carry out the purposes and objectives of the Federal consumer financial laws * * *.'' Finally, section 1022(c)(6)(A) of the Dodd-Frank Act authorizes the Bureau to ``prescribe rules regarding the confidential treatment of information obtained from persons in connection with the exercise of its authorities under Federal consumer financial law.'' These

   Page 11496

   and other provisions of the Dodd-Frank Act provide the Bureau with ample authority to prescribe rules that govern which of the information that it generates or obtains it will regard as ``confidential,'' what confidentiality means, and the terms and conditions under which the Bureau will share confidential information with other Federal or State agencies.

   Furthermore, Sec. 1070.43 implements several provisions of the Dodd-Frank Act that require or authorize the Bureau to share confidential information with Federal and State agencies.\7\

   ---------------------------------------------------------------------------

   \7\ Section 1070.43 of the rule comports with section 1022(c)(8) of the Dodd-Frank Act. Section 1022(c)(8) of the Dodd-Frank Act requires the Bureau to ``take steps to ensure that proprietary, personal, or confidential consumer information that is protected from public disclosure under section 552(b) or 552a of title 5, United States Code, or any other provision of law, is not made public under this title.'' The Bureau interprets this provision of the Dodd-Frank Act to require the Bureau to take steps to prevent ``public'' disclosures of this information; section 1022(c)(8) does not preclude the Bureau from sharing this information with other agencies as long as the Bureau takes steps to ensure that these agencies will not make the information available to the public. If the Bureau takes such steps, then its sharing of confidential information with other agencies is not tantamount to a public disclosure.

   The rule includes appropriate measures to ensure that information that the Bureau shares with other agencies will remain confidential once shared. Section 1070.43(a) requires the Bureau to share certain confidential information with State agencies only to the extent that these agencies provide assurances to the Bureau that they will maintain the information in confidence. Section 1070.43(b) authorizes the General Counsel to grant agency requests for access to confidential information only to the extent that the requesting agencies first commit to maintain the information in confidence. Furthermore, section 1070.47(a) of the rule prohibits agencies in receipt of confidential information from further disclosing such information to third parties without the prior written permission of the Bureau. Lastly, section 1070.47(c) preserves any applicable legal privileges when the Bureau shares confidential information with other agencies.

   ---------------------------------------------------------------------------

   For example, section 1013 of the Dodd-Frank Act expressly requires the Bureau to route consumer complaints to Federal and State agencies as well as to share consumer complaint information with prudential regulators, the Federal Trade Commission, other Federal agencies, and State agencies, provided that such agencies protect the confidentiality of personally identifiable information associated with such complaints. Section 1070.43(a)(2) of the rule implements this provision of the Dodd-Frank Act.

   Section 1022(c)(6)(C)(i) of the Dodd-Frank Act requires the Bureau to share with prudential regulators, State regulators, or any other Federal agencies having jurisdiction over a covered person or service provider ``any report of examination made by the Bureau with respect to such person, and to all revisions made to such report,'' provided that such regulators or agencies give the Bureau reasonable assurances that they will maintain the confidentiality of the information shared. Section 1070.43(a)(1) of the rule implements this provision of the Dodd-Frank Act.

   In addition to requiring the Bureau to share examination reports with other regulators and Federal agencies, section 1022(c)(6)(C)(ii) of the Dodd-Frank Act permits the Bureau, ``in its discretion, to furnish to a prudential regulator or other agency having jurisdiction over a covered person or service provider any other report or other confidential supervisory information concerning such person examined by the Bureau under the authority of any other provision of Federal law.'' The Bureau interprets this provision as permitting it to share examination reports as well as other reports and confidential supervisory information with all prudential regulators and all agencies--including State attorneys general--that have jurisdiction over the covered persons or service providers to which the shared information pertains. Section 1070.43(b) of the rule implements this provision of the Dodd-Frank Act.

   The Bureau disagrees with the commenter who argues that section 1022(c)(6)(C)(ii) of the Dodd-Frank Act should not be interpreted as a grant of discretionary authority to share confidential supervisory information with other agencies, and that it instead merely qualifies section 1022(c)(6)(C)(i) of the Dodd-Frank Act by authorizing the Bureau to withhold from other agencies reports or other confidential supervisory information that the Bureau generates or obtains pursuant to Federal laws other than the Dodd-Frank Act. The commenter's interpretation of section 1022(c)(6)(C)(ii) is contrary to what the Bureau concludes is the better meaning of the provision. Rather than use language which states or implies that section 1022(c)(6)(C)(ii) qualifies or limits the information sharing requirement of section 1022(c)(6)(C)(i), Congress began section 1022(c)(6)(C)(ii) with the language ``in addition to the reports described in clause (i), the Bureau may, in its discretion, furnish * * *.'' This language suggests that Congress intended for the information sharing authority it granted in clause (ii) to be a positive grant of authority that supplements the authority it granted in clause (i). Moreover, the last portion of section 1022(c)(6)(C)(ii)--``any other report or other confidential supervisory information concerning such person examined by the Bureau under the authority of any other provision of Federal law''--suggests that in addition to the examination reports that the Bureau must share with other agencies, the Bureau may also choose to share with other agencies other reports or confidential supervisory information that it creates or obtains through its exercise of examination powers other than those that Congress describes in section 1022(c)(6)(C) of the Dodd-Frank Act.

   The Bureau also disagrees with commenters that section 1022(c)(6)(C) of the Dodd-Frank Act does not permit the Bureau to share examination reports or confidential supervisory information with State attorneys general. In delineating the Bureau's responsibilities and authorities to share confidential supervisory information, section 1022(c)(6)(C) of the Dodd-Frank Act discusses sharing with a ``regulator''--a term that, when applied to the States, may include a State attorney general in certain circumstances--and sharing with an ``agency''--a broader term that, when applied to the States, encompasses State attorneys general in all circumstances. When section 1022(c)(6)(C)(i) provides that the Bureau must share examination reports with a ``prudential regulator, a State regulator, or any other Federal agency having jurisdiction over a covered person or service provider,'' the Bureau interprets the provision to require it to share such reports with State attorneys general to the extent that they regulate the covered persons or service providers to which the reports pertain, but not to require the Bureau to share these reports with State attorneys general that do not regulate such entities. Nevertheless, when section 1022(c)(6)(C)(ii) provides that the Bureau may share examination reports, as well as other reports or confidential supervisory information, with ``a prudential regulator or other agency having jurisdiction over a covered person or service provider,'' it permits the Bureau to share examination reports as well as other reports and confidential supervisory information with all Federal and State agencies, including State attorneys general, that both do and do not regulate the covered persons or service providers to which the information pertains (to the extent that such agencies have jurisdiction over such covered persons or service providers).

   Although the Bureau has legal authority under the Dodd-Frank Act to promulgate Sec. 1070.43, and to share its confidential information with other agencies, including with State attorneys general, the Bureau has made clear that it intends to exercise its discretion

   Page 11497

   carefully. The Bureau recently articulated the following policy for sharing confidential supervisory information with law enforcement agencies:

   The Bureau will not routinely share confidential supervisory information with agencies that are not engaged in supervision. Except where required by law, the Bureau's policy is to share confidential supervisory information with law enforcement agencies, including State Attorneys General, only in very limited circumstances and upon review of all of the relevant facts and considerations. The significance of the law enforcement interest at stake will be an important consideration in any such review. However, even the furtherance of a significant law enforcement interest will not always be sufficient, and the Bureau may still decline to share confidential supervisory information based upon other considerations, including the integrity of the supervisory process and the importance of preserving the confidentiality of the information. In these circumstances, the decision whether to provide confidential supervisory information to another agency will be made by the General Counsel, in consultation with appropriate Bureau personnel.

   CFPB Bulletin 12-01 (Jan. 4, 2012) (footnote and citation omitted). The Bureau intends to employ this policy when it decides whether, and to what extent, to share confidential supervisory information with State attorneys general.

   The Bureau also declines to incorporate into Sec. 1070.43(b) additional procedural requirements for sharing confidential information with other agencies. Section 1070.43(b) already requires agencies that request confidential information to make formal written requests through authorized officers or employees. Such requests must describe the information requested, the purposes for which it will be used, the requesting agency's legal authority for requesting the information, and any applicable restrictions on its authority to protect the requested information. Furthermore, the requests must certify the requester's commitment to maintain the confidentiality, security, and integrity of the requested information. The General Counsel also may require the requester to certify adherence to such additional terms and conditions as she sees fit to impose. The Bureau believes that these procedures, which are largely consistent with those of other Federal bank regulatory agencies, adequately ensure that the General Counsel shares confidential information only with appropriate agencies, for appropriate purposes, and only to the extent that such agencies are willing and able to protect the confidentiality, security, and integrity of the information disclosed.

   The Bureau does not deem it necessary or appropriate to impose the more stringent procedural requirements that commenters propose.

   For example, the Bureau declines to seek approval of prudential regulators prior to granting requests to share its confidential information with other agencies. There is no basis in the Dodd-Frank Act for requiring such approval and in any event, there are inter-

   agency agreements that govern the sharing of confidential information between Federal and State regulators.

   The Bureau also declines to require that only senior agency officials or agency heads may file requests for access to confidential information when it already requires that only authorized officials or employees may do so.

   Furthermore, the Bureau does not deem it necessary to undertake audits of the security systems of requesting agencies to determine whether these agencies are capable of adequately safeguarding confidential information. Prior to disclosing confidential information pursuant to Sec. 1070.43(b), the Bureau will take reasonable steps to ensure that requesting agencies are legally authorized to protect the confidentiality of the information and that they have systems in place to safeguard it from theft, loss, or unauthorized access or disclosure.

   The Bureau will not revise its rules to require it to notify financial institutions when it receives requests from other agencies for confidential information or to allow financial institutions to object to its determinations to grant such requests. The Bureau shares information with other agencies typically within the context of joint supervisory examinations and law enforcement investigations. Within this context, notification could reveal prematurely plans to investigate or examine financial institutions and might compromise these joint endeavors. Similarly, financial institutions could misuse a right to object to the Bureau's information sharing determinations to obstruct or stymie or joint investigations or examinations.

   Finally, the Bureau deems it unnecessary to modify Sec. 1070.43(a)(1) to clarify that the Bureau must share with certain other agencies reports of examination of both depository and non-depository financial institutions. The definition of the phrase ``financial institution'' in Sec. 1070.2(l) of the rule is broad and includes all manner of covered persons and service providers, including non-

   depository institutions.

   Although the Bureau declines to supplement the procedural requirements of Sec. 1070.43, the final rule modifies elements of that provision for purposes of clarification.

   First, the Bureau modifies Sec. 1070.43(a)(2) to clarify that the Bureau shall share confidential consumer complaint information with agencies to the extent that they provide written certifications to the Bureau that they will maintain the information in confidence, including by maintaining it in a manner that conforms to the standards that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity.

   Second, the Bureau modifies Sec. 1070.43(b)(2)(iv) of the interim final rule to clarify that the Bureau requires a requesting agency to identify its legal authority to protect the requested documents from public disclosure.

   Third, the Bureau modifies Sec. 1070.43(b)(2)(v) of the interim final rule to clarify that agencies seeking access to confidential information must certify that they will keep that information confidential in addition to safeguarding it ``in a manner that conforms to the standards that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity'' and complying with such additional conditions and limitations as the Bureau sees fit to impose. For purposes of both Sec. Sec. 1070.43(a)(2) and 1070.43(b)(2)(v), the Bureau interprets the phrase ``standards that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity'' to mean, at a minimum, that an agency shall store confidential information in a secure environment where access is limited only to those of its employees, contractors, and agents who have a bona fide need for the information to perform their official duties relating to the purpose for which the information was shared. Furthermore, the Bureau requires the agency to notify the Bureau immediately of any actual or suspected security breach involving confidential information, including any theft, loss, unauthorized disclosure, or misuse of any confidential information that consists of personally-identifiable information.

   Section 1070.44 Disclosure of Confidential Consumer Complaint Information.

   Section 1070.44 states that nothing in this part limits the Bureau's discretion

   Page 11498

   to disclose confidential consumer complaint information, to the extent permitted by law, to the extent that such disclosure is necessary to investigate, resolve, or otherwise respond to consumer complaints or inquiries regarding financial institutions or consumer financial products and services.

   One commenter argues that the Bureau should specify, in Sec. 1070.44, the circumstances in which it intends to disclose confidential consumer complaint information. The commenter suggests that the Bureau should keep consumer complaints confidential, especially to the extent that they are unsubstantiated, to avoid harming the reputations and financial performance of financial institutions. Even where substantiated, the commenter argues that the Bureau should address complaints privately or through enforcement actions, and not through public disclosure.

   The Bureau adopts the interim final rule without modification. On June 22, 2012, the Bureau published in the Federal Register its policy for publishing consumer complaints online. This policy addresses the commenter's concerns. See 77 FR 37558.

   Section 1070.45 Affirmative Disclosure of Confidential Information

   Section 1070.45(a) of the interim final rule permits the Bureau to affirmatively disclose confidential investigative information, such as civil investigative demand material and other confidential information that becomes part of the Bureau's investigative files, to Bureau employees, to law enforcement and other governmental agencies, in investigational hearings and witness interviews, and to either House of or a committee or subcommittee of the Congress, upon request. The Bureau may also disclose confidential information in administrative or court proceedings to which the Bureau is a party. In the case of confidential investigatory material that contains any trade secret or privileged or confidential commercial or financial information, as claimed by designation by the submitter of such material, or confidential supervisory information, the submitter may seek an appropriate protective or in camera order prior to disclosure of such material in a proceeding.

   The Bureau received several comments regarding Sec. 1070.45. One commenter argues that the Bureau should implement section 1052(d)(2) of the Dodd-Frank Act by amending Sec. 1070.45(a)(2) of the interim final rule to state that the Bureau shall provide financial institutions with prior notice of its disclosures of confidential information to the Congress. Furthermore, the commenter suggests that the rule should state that the Bureau will provide information to the Congress only to the extent that it is stripped of identifying information. Finally, the commenter argues that the rule should state that the Bureau will eliminate its authorization to provide confidential information to subcommittees of Congress.

   One commenter also expresses concern that Sec. 1070.45(a)(4) of the interim final rule unfairly places the burden on financial institutions to seek a protective or in camera order whenever the Bureau seeks to disclose confidential investigatory material in the course of an administrative or court proceeding to which the Bureau is a party. The commenter argues that, in accordance with the practice of other Federal bank regulatory agencies, the Bureau should assert all applicable privileges and seek a protective order when using confidential information during the course of an administrative or court proceeding.

   Another commenter proposes that the Bureau delete Sec. 1070.45(a)(5), which states that Bureau may affirmatively disclose confidential information ``to law enforcement and other government agencies in accordance with this subpart.'' The commenter notes that this provision seems duplicative of Sec. 1070.43 of the interim final rule, and to the extent it is not so, it permits the disclosure of confidential supervisory information without restriction.

   The Bureau implements section 1052(d)(2) of the Dodd-Frank Act by modifying section 1070.45(a)(2) of the interim final rule to state that upon receiving a request from the Congress for confidential information that a financial institution has submitted to the Bureau, the Bureau shall provide written notice to the financial institution of its receipt of the request, along with a copy of the request.

   However, the Bureau declines to modify this paragraph to exclude disclosures to Congress of personally identifiable information insofar as section 1052(d)(2) of the Dodd-Frank Act expressly states that no rule of the Bureau shall prevent disclosures to the Congress of information obtained by the Bureau.

   The Bureau also disagrees with the commenter that this paragraph should exclude disclosures of confidential information to Congressional subcommittees.

   The Bureau declines to modify Sec. 1070.45(a)(4) of the interim final rule to require the Bureau to assert all available objections to the disclosure of confidential information and to seek an appropriate protective or in camera order prior to such disclosure.

   The Bureau revises Sec. 1070.45(a)(5) of the interim final rule to clarify its intended meaning. As revised, this provision allows the Bureau, on its own initiative, to alert other agencies of its discovery of evidence that may indicate violations of laws that are subject to these agencies' jurisdiction and, to the extent the Bureau deems it necessary to alert agencies of such evidence, to summarize evidence that constitutes confidential information.

   The Bureau intends for Sec. 1070.45(a)(5) to be a precursor to but not a substitute for the procedure set forth in Sec. 1070.43(b) of this subpart by which agencies submit to the General Counsel requests for access to full written copies of the Bureau's confidential information. For example, a Bureau employee may call a counterpart in another agency to advise the agency that, during the course of a Bureau investigation into violations of laws subject to the Bureau's jurisdiction, the Bureau uncovered evidence of conduct that may also constitute a violation of laws subject to the agency's jurisdiction. To the extent the Bureau employee deems it necessary to alert the agency of the relevant conduct, the employee may summarize to the agency counterpart the Bureau's evidence that constitutes confidential information. The Bureau employee may not, however, share with the agency counterpart a full written copy of such confidential information. To obtain a complete written copy of the confidential information, the agency must submit a request for it in accordance with section 1070.43(b) of the rule. In response to such a request, the Bureau's General Counsel will decide whether or not to grant access to the requested confidential information as set forth in Sec. 1070.43(b) and in accordance with relevant Bureau guidance, including CFPB Bulletin 12-01.

   The Bureau also notes that an agency that receives confidential information in summary form pursuant to Sec. 1070.45(a)(5) is subject to the same Bureau prohibition against further disclosing that information that applies when it receives a complete written copy of that confidential information. See 12 CFR 1070.47.

   Section 1070.46 Other Disclosures of Confidential Information

   Section 1070.46 provides that notwithstanding the other provisions in subpart D that restrict the circumstances under which the CFPB may disclose

   Page 11499

   confidential information, the Director may authorize other disclosures of confidential information to the extent permitted by law.

   Section 1070.46(b) authorizes the CFPB to provide prior written notice to the person to whom the confidential information pertains--to the extent that the CFPB deems such notice to be appropriate under the circumstances--that the CFPB intends to disclose confidential information, in accordance with this section.

   Section 1070.46(c) clarifies that the authority to disclose confidential information pursuant to this section may be exercised only by the Director or by an individual acting in the capacity of the Director in the absence or unavailability of a Director, such as the Deputy Director (as set forth in section 1011(b)(5)(B) of the Dodd-

   Frank Act).

   Several commenters also expressed concern that Sec. 1070.46 renders meaningless the disclosure restrictions of subpart D by authorizing the Director to disclose confidential information without limitation. To address this concern, commenters propose either eliminating this provision entirely or imposing strict criteria on the Director's discretion. One commenter proposes permitting the Director to authorize discretionary disclosures only where such disclosures are expressly permitted under the Dodd-Frank Act and where there is an actual exigent need for such disclosure in order for the Bureau to perform a statutorily required duty under applicable law.

   The Bureau declines to eliminate or substantially modify Sec. 1070.46. As the CPFB noted when it published the interim final rule, the Bureau does not intend to utilize this provision routinely, or as a matter of convenience, to circumvent applicable laws or provisions of the rule that exist elsewhere in subpart D to prohibit or restrict its disclosure of confidential information. Instead, the Bureau intends to use this provision in the same way that other Federal agencies utilize similar catch-all provisions--to account for rare situations in which an unforeseen and exigent need exists to disclose confidential information for purposes or in a manner not otherwise provided for in the rule. To help ensure that the CPFB utilizes Sec. 1070.46 as described, the rule states that the Director must personally authorize in writing disclosures of confidential information that occur pursuant to Sec. 1070.46 and that he or she may not delegate this responsibility to subordinates.

   Section 1070.47 Other Rules Regarding the Disclosure of Confidential Information

   Section 1070.47(a) declares the Bureau's retained ownership of any confidential information it discloses to Federal or State agencies, to supervised financial institutions, or to other persons as provided in subpart D. It prohibits further disclosures of such information without the Bureau's prior written authorization. It directs recipients of confidential information who receive requests or demands for its further disclosure to refer such requests or demands to the Bureau, afford the Bureau an opportunity to respond or intervene, and to assert legal exemptions or privileges on the Bureau's behalf if so requested. To the extent that requests for confidential information are made pursuant to the FOIA, the Privacy Act, or State law equivalents of those statutes, Sec. 1070.47(a)(3) requires Federal or State agency recipients to refer such requests to the Bureau for its response. As provided by Sec. 1070.47(a)(4), nothing in this section precludes a recipient of confidential information under subpart D from disclosing such information pursuant to a valid Federal court order or a request or demand from a duly authorized committee of the United States Congress. In such cases where disclosure is compulsory, the disclosing party shall use its best efforts to secure a protective order or agreement that maintains the confidentiality of the confidential information disclosed.

   Section 1070.47(b) permits the Bureau to impose any additional conditions or limitations that it deems prudent upon the use or disclosure of confidential information by agencies or persons to whom such information has been disclosed pursuant to this subpart.

   After the publication of the interim final rule, the Bureau published a notice of proposed rulemaking that proposed an amendment to Sec. 1070.47(c). See 77 FR 15286 (Mar. 15, 2012). The amended version of this provision provides that the Bureau's provision of privileged information to another Federal or State agency does not waive any applicable privilege, whether the privilege belongs to the Bureau or any other person.

   The Bureau published its final rule on July 5, 2012. See 77 FR 39617. In its final rule, the Bureau addressed public comments that it received in response to the notice of proposed rulemaking. Please see that final rule for further information.

   The Bureau received several comments about this provision. One commenter argues that the Bureau does not have authority to enforce this regulation to the extent that it applies to confidential information provided to other agencies. To incentivize agencies to abide by this restriction, the commenter suggests that the rule should state that if a party to whom the Bureau provides confidential information leaks it intentionally or otherwise, the Bureau will stop providing confidential information to that party.

   Another commenter argues that the Bureau should require third party recipients of confidential information to comply with all applicable laws, including State laws.

   To address concerns regarding the enforceability of the interim final rule with respect to State agencies, the Bureau makes several modifications in the final rule.

   First, the final rule now requires, in subparagraph (a)(3)(ii), that recipients of confidential information must re-direct all third party requests for that information to the Bureau and not simply those requests filed under the FOIA, the Privacy Act, or State analogues to such laws.

   Second, the Bureau modifies subparagraph (a)(3)(ii) to clarify that recipients of confidential information must provide the aforementioned instruction to third party requesters of that information only to the extent that applicable law permits them to do so.

   Third, the Bureau modifies subparagraph (a)(4) of the interim final rule to state that nothing in this section precludes compliance with a legally valid and enforceable order of a court of competent jurisdiction rather than, more narrowly, an order of a United States Federal court. The Bureau makes this modification principally to clarify that if a final and enforceable order of a State court requires a recipient of confidential information to disclose that information to a third party, the rule does not preclude the recipient from complying with the order.

   Fourth, the Bureau modifies subparagraphs (a)(2) and (a)(5) to make them consistent with Sec. 1070.42 of the rule. Section 1070.42 allows financial institutions that receive copies of confidential supervisory information to further disclose that information to certain other entities and persons. Subparagraph (a)(2) of the interim final rule seemingly precludes such disclosures altogether while subparagraph (a)(5) precludes such disclosures to the extent that they involve removing confidential supervisory information from the premises of financial institutions. The final rule eliminates this unintended result by stating that, except as

   Page 11500

   otherwise permitted by subpart D--rather than by Sec. 1070.47 only--

   recipients of confidential information may not further disclose confidential information, including by making personal copies of such information and by removing it from the premises of financial institutions.

   Section 1070.48 Privileges Not Affected by Disclosure to the CFPB

   After the publication of the interim final rule, the Bureau published a notice of proposed rulemaking that proposed to add to the interim final rule a new Sec. 1070.48. See 77 FR 15286, 15286 (Mar. 15, 2012). This new section provides that the submission by any person of any information to the Bureau in the course of the Bureau's supervisory or regulatory processes will not waive or otherwise affect any privilege such person may claim with respect to such information under Federal or State law as to any other person or entity.

   The Bureau published its final rule on July 5, 2012. See 77 FR 39617. In its final rule, the Bureau addressed public comments that it received in response to the notice of proposed rulemaking. Please see that final rule for further information.

   Subpart E--The Privacy Act

   Section 1070.50 Purpose and Scope; Definitions

   Section 1070.50 of the interim final rule sets forth the purpose of subpart E, which is to implement the requirements of the Privacy Act of 1974, 5 U.S.C. 552a (the Privacy Act). Among other things, the Privacy Act requires Federal agencies to grant individuals access to records that agencies maintain about them in systems of records as well as the right to amend or correct such records. Section 1070.50 also defines certain terms that are used throughout subpart E. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.51 Authority and Responsibilities of the Chief Privacy Officer

   Section 1070.51 of the interim final rule authorizes the Chief Privacy Officer of the Bureau to respond to public requests made under the Privacy Act for access to, accounting of, or amendments to Bureau records contained in systems of records. It also authorizes the Chief Privacy Officer to approve the publication and amendment of systems of record notices. Finally, the interim final rule authorizes the Chief Privacy Officer to file any necessary reports required by the Privacy Act. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.52 Fees

   Section 1070.52 of the interim final rule identifies the fees that are associated with processing Privacy Act requests for copies of records submitted pursuant to this subpart. This provision also sets for circumstances in which the Bureau will not charge fees to process Privacy Act requests. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification except to correct a typographical error.

   Section 1070.53 Requests for Access to Records

   Section 1070.53(a) of the interim final rule describes how individuals may request access to Bureau records that pertain to them.

   Paragraph (a) states that requests that requests may be made electronically or in paper form and submitted to designated addresses.

   Paragraph (b) identifies the required content of Privacy Act requests. Such content must include, among other things, the name of the system of records that the requester believes contains the records requested, or a description of the records sought that is sufficiently specific to enable Bureau personnel to locate the applicable system of records with a reasonable amount of effort. Wherever possible, it should also contain a description of the record sought, including any information that might assist the Bureau in locating it.

   Paragraph (c) requires requesters to provide proof of their identity to obtain access to Privacy Act protected records. Such proof includes a photocopy of identification cards or forms that bear the requester's photograph and signature or a statement swearing or affirming the requester's identity. Additional proof may be required in certain circumstances. For example, if a requester seeks records pertaining to another individual in the requester's capacity as that individual's guardian, then the requester must provide proof of guardianship before the Bureau will process the request.

   Paragraph (d) states that an individual may request an accounting of previous disclosures of records pertaining to such individual.

   The Bureau received no comments on the interim final rule. The Bureau modifies the interim final rule to reflect the new mailing address of the Bureau: 1700 G Street NW., Washington, DC 20552.

   Section 1070.54 CFPB Procedures for Responding to a Request for Access

   Section 1070.54 of the interim final rule sets forth procedures for the Bureau to follow in responding to a Privacy Act request for records.

   Paragraph (a) provides that the Bureau will acknowledge and seek to respond to each request within twenty (20) business days of its receipt.

   Paragraph (b) identifies procedures for making requested records available for inspection and copying in the Bureau reading room or mailing or emailing the records directly to the requester.

   Paragraph (c) requires the Bureau to inform requesters in writing of its denials of requests. Such notification must include the reasons for denial and procedures for appealing the determination.

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.55 Special Procedures for Medical Records

   Section 1070.55 of the interim final rule sets forth special procedures for the Bureau to apply when responding to Privacy Act requests for medical or psychological records. The Bureau received no comments on the interim final rule. The Bureau modifies the interim final rule to clarify that a physician or other appropriate representative whom a requester designates to receive the Bureau's medical or psychological records that pertain to the requester shall--

   rather than may--disclose those records to the requester, but that physician or representative may disclose such records in a manner that he or she deems appropriate to prevent or mitigate adverse effects on the requester.

   Section 1070.56 Request for Amendment of Records

   Section 1070.56(a) of the interim final rule comprises procedures for individuals to follow when making requests for the amendment of Bureau records that concern them. Individuals seeking amendment to a record must submit the request in writing, along with proof of identity (unless such proof was already provided in a related access or amendment request), and submit it, either in paper or electronic form, to the Chief Privacy Officer. The request must identify the relevant system of records and the portion of the record to be amended. The request also must

   Page 11501

   describe the nature and reasons for each requested amendment.

   Paragraph (b) states that the requester bears the burden of proving, through relevant and convincing evidence, that the record should be amended because it is not accurate, relevant, timely or complete.

   The Bureau received no comments on the interim final rule. The Bureau modifies section 1070.56(b) of the interim final rule to adopt the ``preponderance of the evidence'' standard of proof that the Office of Management and Budget prescribed in its guidance to agencies on the implementation of the Privacy Act. See Office of Management and Budget, Privacy Act Implementation: Guidelines and Responsibilities, 40FR 28958-28959 (Jul. 9, 1975).

   Section 1070.57 CFPB Review of a Request for Amendment of Records

   Section 1070.57 of the interim final rule sets forth procedures for the Bureau to follow in reviewing and responding to a request to amend records pertaining to an individual.

   Paragraph (a) requires the Bureau to acknowledge such a request within ten (10) business days after its receipt. The Bureau must make its determination as to whether to grant an amendment request promptly.

   Paragraph (b) requires the Bureau to respond to a request for amendment in writing by informing the requester of its determination, and if granted, the steps that it will take to amend the record. If denied, the Bureau must inform the requester of the reasons for denial and of the requester's appeal rights.

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.58 Appeal of Adverse Determination of Request for Access or Amendment

   Section 1070.58 of the interim final rule sets forth procedures for filing appeals of Bureau denials of Privacy Act requests for access to or amendment of records.

   Paragraph (a) establishes a requester's right to file appeals of denials of requests for record access or amendment within ten (10) business days after the Bureau notifies the requester that it has denied such requests.

   Paragraph (b) requires appellants to file appeals in writing and to submit them, in paper or electronic form, to the General Counsel of the Bureau. Appeals must specify the background of the initial request and explain why the denial of access or amendment was in error.

   Paragraph (c) designates the General Counsel of the Bureau to decide appeals. The General Counsel must make his or her determination within thirty (30) business days from the date of his or her receipt of the appeal, unless the General Counsel extends the time for good cause. If the General Counsel denies the appeal, the General Counsel must inform the requester in writing. The denial notification must include the General Counsel's reasons for denying the appeal and describe the requester's right to file a statement of disagreement and to have a court review the appellate determination.

   Paragraph (d) sets forth the appellant's right to file a concise statement of disagreement with the General Counsel's denial of an appeal. The Bureau must maintain this statement of disagreement with the record that the requester sought to amend and any disclosure of the record must include a copy of the statement of disagreement. The Bureau also must, where practical and appropriate, provide a copy of the statement of disagreement to prior recipients of the record.

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.59 Restrictions on Disclosure

   Section 1070.59 of the interim final rule states that the Bureau will not disclose any record about an individual contained in a system of records to any person or agency without the prior written consent of that individual unless the Privacy Act authorizes it to do so. Authorized disclosures include those that are compatible with so-called ``routine uses'' that the Bureau publishes in the Federal Register as part of its System of Records Notices. Copies of the Bureau's System of Record Notices are available on the Bureau's Web site, at http://www.consumerfinance.gov. The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

   Section 1070.60 Exempt Records

   Section 1070.60 of the interim final rule lists certain Bureau systems of records that are exempt, pursuant to section (k)(2) of the Privacy Act, from the record access rights and certain other rights and obligations set forth in this subpart and in the Privacy Act itself. These systems of records are exempt insofar as they contain investigatory systems compiled for law enforcement purposes.

   After the publication of the interim final rule, the Bureau published a notice of proposed rulemaking that proposed to add to this section of the rule a new exempt system of records: CFPB .005--Consumer Response System. See 77 FR 64241 (Oct. 19, 2012).

   The Bureau received no comments on the interim final rule or on the notice of proposed rulemaking. The Bureau adopts the interim final rule and the proposed rule without modification except to correct a drafting error.

   Section 1070.61 Training; Rules of Conduct; Penalties for Non-

   Compliance

   Section 1070.61(a) of the interim final rule requires the Chief Privacy Officer to institute a training program to instruct Bureau employees and contractors as to their duties and responsibilities under the Privacy Act and the regulations of this subpart.

   Paragraph (b) sets forth standards of conduct applicable to Bureau employees and contractors regarding compliance with the Privacy Act and the regulations of this subpart.

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification except to correct drafting and typographical errors.

   Section 1070.62 Preservation of Records

   Section 1070.62 of the interim final rule requires the Bureau to preserve all correspondence relating to requests received under this part, as well as records responsive to such requests, until Federal records laws or record retention schedules approved by the National Archives and Records Administration authorizes the disposition or destruction of such records. The interim final rule also instructs Bureau employees not to dispose of such records while they are the subject of a pending request, appeal, proceeding, or lawsuit.

   One commenter suggests that the Bureau should modify Sec. 1070.62 of the interim final rule to provide that records will not be disposed of ``or destroyed'' while they are subject to a pending request, appeal, proceeding, or lawsuit.

   The Bureau agrees with the commenter that Bureau employees should be instructed to neither dispose of nor destroy correspondence that relates to or records that are responsive to requests that the Bureau receives under this subpart while they are subject to a pending request, appeal, proceeding, or lawsuit.

   Page 11502

   Section 1070.63 Use and Collection of Social Security Numbers

   Section 1070.63 of the interim final rule requires the Bureau to inform employees that in collecting information from individuals, employees may not deny such individuals any rights, benefits, or privileges arising from such individuals' refusals to disclose social security numbers to the Bureau unless the collection of such numbers is authorized by law.

   In requesting social security numbers from individuals, the Bureau must inform individuals whether the provision of such numbers is mandatory or voluntary, the legal authority that authorizes the collection of such numbers, and the uses that the Bureau will make of the numbers.

   The Bureau received no comments on the interim final rule. The Bureau adopts the interim final rule without modification.

5. Section 1022(b)(2)(A) of the Dodd-Frank Act

   In developing the final rule, the Bureau has considered potential benefits, costs, and impacts, and has consulted or offered to consult with the prudential regulators, including with regard to consistency with any prudential, market, or systemic objectives administered by such agencies.\8\

   ---------------------------------------------------------------------------

   \8\ Section 1022(b)(2)(A) of the Dodd-Frank Act addresses the consideration of the potential benefits and costs of regulation to consumers and covered persons, including the potential reduction of access by consumers to consumer financial products or services; the impact on depository institutions and credit unions with $10 billion or less in total assets as described in section 1026 of the Dodd-

   Frank Act; and the impact on consumers in rural areas. Section 1022(b)(2)(B) directs the Bureau to consult, before and during the rulemaking, with appropriate prudential regulators or other Federal agencies, regarding consistency with objectives those agencies administer. The manner and extent to which these provisions apply to a rulemaking of this kind that does not establish standards of conduct, and to regulatory provisions that are compelled by statutory changes, is unclear. Nevertheless, to inform this rulemaking more fully, the Bureau performed the described analyses and consultations.

   ---------------------------------------------------------------------------

   The analysis considers the benefits, costs, and impacts of the key provisions of the rule against a pre-statutory baseline; that is, the analysis evaluates the benefits, costs, and impacts of the relevant statutory provisions and the regulations combined.\9\

   ---------------------------------------------------------------------------

   \9\ The Bureau has discretion in any rulemaking to choose an appropriate scope of analysis with respect to potential benefits and costs and an appropriate baseline. The Bureau, as a matter of discretion, has chosen to describe a broader range of potential effects to more fully inform the rulemaking.

   ---------------------------------------------------------------------------

   Subpart C of the final rule sets forth procedures by which the public, including consumers and covered persons, may serve summons, complaints, subpoenas, and other legal process, demands, and requests upon the Bureau. The rule imposes special procedural requirements for those who seek to serve third party subpoenas upon the Bureau in accordance with United States ex rel. Touhy v. Ragen, 340 U.S. 462 (1951). These requirements may increase the time and burden associated with obtaining records of the Bureau in response to such subpoenas.

   Subpart D of the final rule, which restricts the circumstances under which the Bureau may disclose to the public or share with other agencies certain categories of confidential information, benefits consumers and covered persons to the extent that the confidential information that the rule protects is derived from or pertains to consumers or covered persons. For example, the rule protects consumers' privacy by restricting the Bureau's authority to disclose publicly personally-identifiable complaint information that consumers submit to the Bureau. The rule also protects the financial and reputational interests of covered persons by limiting the extent to which the Bureau may publicly disclose supervisory and law enforcement information about them.

   To the extent that the rule requires or authorizes the Bureau to share confidential information, the rule also has benefits for consumers and covered persons. Consumers may benefit when the Bureau shares complaint information to facilitate resolution of consumer complaints. They may also benefit when the Bureau shares supervisory information with other financial regulatory agencies to promote compliance by covered persons with consumer financial laws. Similarly, consumers may benefit when the Bureau shares its investigatory information with other law enforcement agencies to aid efforts to prevent and remedy harms to consumers caused by conduct that violates consumer financial law.

   There is a benefit to covered persons when the Bureau shares supervisory information with other regulatory agencies. Information exchange among regulatory agencies permits the Bureau and these agencies to conduct joint supervisory examinations of covered persons rather than separate examinations, thereby reducing regulatory burdens to covered persons.

   This rule may entail certain costs to covered persons. As one commenter to the interim final rule argues, the information sharing provisions of subpart D of the rule may increase the volume and costs of litigation for covered persons whose information the Bureau will share with other agencies and which such agencies may use as bases for administrative or judicial actions against covered persons. To the extent that such costs occur, the Bureau believes that in most cases, these costs would be associated with concomitant benefits to consumers from the prevention or remedy of harms associated with violations of law by covered persons.\10\

   ---------------------------------------------------------------------------

   \10\ The Bureau notes that it has taken steps since it issued the interim final rule to limit the circumstances in which it shares supervisory information with agencies that are not engaged in supervisory activities, including State attorneys general. In January 2012, the Bureau issued Bulletin 12-01, which states that the Bureau will not share confidential supervisory information routinely with such agencies and will only share such information after scrutinizing factors that include the significance of the law enforcement interest at stake and the impact on the integrity of the supervisory process. This Bulletin should limit litigation costs to covered persons that might otherwise arise from the final rule.

   ---------------------------------------------------------------------------

   One commenter also contends that the information sharing practices that the rule prescribes will result in a waiver of legal privileges that otherwise protect this information from disclosure to third parties, thereby rendering such information vulnerable to subpoenas and discovery requests. Although the Bureau believes that this concern is unwarranted, the Bureau has taken action since it issued the interim final rule to mitigate this potential cost. On July 5, 2012, the Bureau modified Sec. 1070.47(c) of the interim final rule and added a new Sec. 1070.48 to clarify that the provision by a covered person of confidential information to the Bureau and the Bureau's disclosure of such information to another agency does not waive legal privileges that otherwise protect such information from disclosure. See 77 FR 39617.

   One commenter suggests that Sec. 1070.46 of the rule imposes costs upon covered persons to the extent that it authorizes the Director of the Bureau to disclose their confidential information to the public notwithstanding other disclosure restrictions set forth in subpart D. To the extent that the Director exercises his authority under Sec. 1070.46 to disclose confidential information, costs may indeed ensue to affected covered persons. However, at most only very few covered persons might actually face such a cost, because the circumstances are limited in which the Director can and will exercise this authority. To ensure that the Bureau will resort to Sec. 1070.46 only in limited circumstances, the provision's disclosure authority is exercisable only by the Director himself. The Director does not intend to exercise his authority

   Page 11503

   under Sec. 1070.46 except in unforeseen and exigent circumstances. Moreover, Sec. 1070.46 states that the Bureau may notify covered persons of the Director's intentions to disclose confidential information pursuant to 1070.46; such notice would enable covered persons to seek appropriate relief if they believe that the Director's disclosure of confidential information would be contrary to law.

   The CFPB does not expect that the final rule will have an appreciable impact on consumers' access to consumer financial products or services. The final rule does not have a unique impact on rural consumers. The final rule also has no unique impact on insured depository institutions or insured credit unions with less than $10 billion in assets as described in section 1026(a) of the Dodd-Frank Act.

6. Procedural Requirements

   The Regulatory Flexibility Act, 5 U.S.C. 601 et seq., as amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (the RFA), requires each agency to consider the potential impact of its regulations on small entities, including small businesses, small governmental units, and small not-for-profit organizations, unless the head of the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities. The undersigned so certifies. The rule does not impose any obligations or standards of conduct for purposes of analysis under the RFA, and it therefore does not give rise to a regulatory compliance burden for small entities.

   Finally, the Bureau has determined that this final rule does not impose any new recordkeeping, reporting, or disclosure requirements on members of the public that would be collections of information requiring approval under the Paperwork Reduction Act, 44 U.S.C. 3501, et seq.

   List of Subjects in 12 CFR Part 1070

   Confidential business information, Consumer protection, Freedom of information, Privacy.

   Authority and Issuance

   For the reasons set forth in the preamble, the Bureau revises part 1070 to read as follows:

   PART 1070--DISCLOSURE OF RECORDS AND INFORMATION

   Subpart A--General Provisions and Definitions

   Sec.

   1070.1 Authority, purpose and scope.

   1070.2 General definitions.

   1070.3 Custodian of records; certification; alternative authority.

   1070.4 Records of the CFPB not to be otherwise disclosed.

   Subpart B--Freedom of Information Act

   Sec.

   1070.10 General.

   1070.11 Information made available; discretionary disclosures.

   1070.12 Publication in the Federal Register.

   1070.13 Public inspection and copying.

   1070.14 Requests for CFPB records.

   1070.15 Responsibility for responding to requests for CFPB records.

   1070.16 Timing of responses to requests for CFPB records.

   1070.17 Requests for expedited processing.

   1070.18 Responses to requests for CFPB records.

   1070.19 Classified information.

   1070.20 Requests for business information provided to the CFPB.

   1070.21 Administrative appeals.

   1070.22 Fees for processing requests for CFPB records.

   1070.23 Authority and responsibilities of the Chief FOIA Officer.

   Subpart C--Disclosure of CFPB Information in Connection With Legal Proceedings

   Sec.

   1070.30 Purpose and scope; definitions.

   1070.31 Service of summonses and complaints.

   1070.32 Service of subpoenas, court orders, and other demands for CFPB information or action.

   1070.33 Testimony and production of documents prohibited unless approved by the General Counsel.

   1070.34 Procedure when testimony or production of documents is sought; general.

   1070.35 Procedure when response to demand is required prior to receiving instructions.

   1070.36 Procedure in the event of an adverse ruling.

   1070.37 Considerations in determining whether the CFPB will comply with a demand or request.

   1070.38 Prohibition on providing expert or opinion testimony.

   Subpart D--Confidential Information

   Sec.

   1070.40 Purpose and scope.

   1070.41 Non-disclosure of confidential information.

   1070.42 Disclosure of confidential supervisory information to and by supervised financial institutions.

   1070.43 Disclosure of confidential information to law enforcement agencies and other government agencies.

   1070.44 Disclosure of confidential consumer complaint information.

   1070.45 Affirmative disclosure of confidential information.

   1070.46 Other disclosures of confidential information.

   1070.47 Other rules regarding the disclosure of confidential information.

   1070.48 Privileges not affected by disclosure to the CFPB.

   Subpart E--Privacy Act

   Sec.

   1070.50 Purpose and scope; definitions.

   1070.51 Authority and responsibilities of the Chief Privacy Officer.

   1070.52 Fees.

   1070.53 Request for access to records.

   1070.54 CFPB procedures for responding to a request for access.

   1070.55 Special procedures for medical records.

   1070.56 Request for amendment of records.

   1070.57 CFPB review of a request for amendment of records.

   1070.58 Appeal of adverse determination of request for access or amendment.

   1070.59 Restrictions on disclosure.

   1070.60 Exempt records.

   1070.61 Training; rules of conduct; penalties for non-compliance.

   1070.62 Preservation of records.

   1070.63 Use and collection of social security numbers.

   Authority: 12 U.S.C. 5481 et seq.; 5 U.S.C. 552; 5 U.S.C. 552a; 18 U.S.C. 1905; 18 U.S.C. 641; 44 U.S.C. ch. 30; 5 U.S.C. 301.

   Subpart A--General Provisions and Definitions

   Sec. 1070.1 Authority, purpose, and scope.

   (a) Authority. (1) This part is issued by the Bureau of Consumer Financial Protection, an independent Bureau within the Federal Reserve System, pursuant to the Consumer Financial Protection Act of 2010, 12 U.S.C. 5481 et seq.; the Freedom of Information Act, 5 U.S.C. 552; the Privacy Act of 1974, 5 U.S.C. 552a; the Federal Records Act, 44 U.S.C. 3101; the Paperwork Reduction Act, 44 U.S.C. 3501 et seq. the Right to Financial Privacy Act of 1978, 12 U.S.C. 3401; the Trade Secrets Act, 18 U.S.C. 1905; 18 U.S.C. 641; and any other applicable law that establishes a basis for the exercise of governmental authority by the CFPB.

   (2) This part establishes mechanisms for carrying out the CFPB's statutory responsibilities under the statutes in paragraph (a)(1) of this section to the extent those responsibilities require the disclosure, production, or withholding of information. In this regard, the CFPB has determined that the CFPB, and its delegates, may disclose information of the CFPB, in accordance with the procedures set forth in this part, whenever it is necessary or appropriate to do so in the exercise of any of the CFPB's authority. The CFPB has determined that all such disclosures, made in accordance with the rules and procedures specified in this part, are authorized by law.

   (b) Purpose and scope. This part contains the CFPB's rules relating to the disclosure of records and information generated by and obtained by the CFPB.

   Page 11504

   (1) Subpart A contains general provisions and definitions used in this part.

   (2) Subpart B implements the Freedom of Information Act, 5 U.S.C. 552.

   (3) Subpart C sets forth the procedures with respect to subpoenas, orders, or other requests for CFPB information in connection with legal proceedings.

   (4) Subpart D provides for the protection of confidential information and procedures for sharing confidential information with supervised institutions, government agencies, and others in certain circumstances.

   (5) Subpart E implements the Privacy Act of 1974, 5 U.S.C. 552a.

   Sec. 1070.2 General definitions.

   For purposes of this part:

   (a) Business day means any day except Saturday, Sunday or a legal Federal holiday.

   (b) CFPB means the Bureau of Consumer Financial Protection.

   (c) Chief FOIA Officer means the Chief Operating Officer of the CFPB, or any CFPB employee to whom the Chief Operating Officer has delegated authority to act under this part.

   (d) Chief Operating Officer means the Chief Operating Officer of the CFPB, or any CFPB employee to whom the Chief Operating Officer has delegated authority to act under this part.

   (e) Civil investigative demand material means any documentary material, written report, or answers to questions, tangible thing, or transcript of oral testimony received by the CFPB in any form or format pursuant to a civil investigative demand, as those terms are set forth in 12 U.S.C. 5562, or received by the CFPB voluntarily in lieu of a civil investigative demand.

   (f) Confidential information means confidential consumer complaint information, confidential investigative information, and confidential supervisory information, as well as any other CFPB information that may be exempt from disclosure under the Freedom of Information Act pursuant to 5 U.S.C. 552(b). Confidential information does not include information contained in records that have been made publicly available by the CFPB or information that has otherwise been publicly disclosed by an employee with the authority to do so.

   (g) Confidential consumer complaint information means information received or generated by the CFPB, pursuant to 12 U.S.C. 5493 and 5534, that comprises or documents consumer complaints or inquiries concerning financial institutions or consumer financial products and services and responses thereto, to the extent that such information is exempt from disclosure pursuant to 5 U.S.C. 552(b).

   (h) Confidential investigative information means:

   (1) Civil investigative demand material; and

   (2) Any documentary material prepared by, on behalf of, received by, or for the use by the CFPB or any other Federal or State agency in the conduct of an investigation of or enforcement action against a person, and any information derived from such documents.

   (i)(1) Confidential supervisory information means:

   (i) Reports of examination, inspection and visitation, non-public operating, condition, and compliance reports, and any information contained in, derived from, or related to such reports;

   (ii) Any documents, including reports of examination, prepared by, or on behalf of, or for the use of the CFPB or any other Federal, State, or foreign government agency in the exercise of supervisory authority over a financial institution, and any information derived from such documents;

   (iii) Any communications between the CFPB and a supervised financial institution or a Federal, State, or foreign government agency related to the CFPB's supervision of the institution;

   (iv) any information provided to the CFPB by a financial institution to enable the CFPB to monitor for risks to consumers in the offering or provision of consumer financial products or services, or to assess whether an institution should be considered a covered person, as that term is defined by 12 U.S.C. 5481, or is subject to the CFPB's supervisory authority; and/or

   (v) Information that is exempt from disclosure pursuant to 5 U.S.C. 552(b)(8).

   (2) Confidential supervisory information does not include documents prepared by a financial institution for its own business purposes and that the CFPB does not possess.

   (j) Director means the Director of the CFPB or his or her designee, or a person authorized to perform the functions of the Director in accordance with law.

   (k) Employee means all current employees or officials of the CFPB, including employees of contractors and any other individuals who have been appointed by, or are subject to the supervision, jurisdiction, or control of the Director, as well as the Director. The procedures established within this part also apply to former employees where specifically noted.

   (l) Financial institution means any person involved in the offering or provision of a ``financial product or service,'' including a ``covered person'' or ``service provider,'' as those terms are defined by 12 U.S.C. 5481.

   (m) General Counsel means the General Counsel of the CFPB or any CFPB employee to whom the General Counsel has delegated authority to act under this part.

   (n) Person means an individual, partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity.

   (o) Report of examination means the report prepared by the CFPB concerning the examination or inspection of a supervised financial institution.

   (p) State means any State, territory, or possession of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Commonwealth of the Northern Mariana Islands, Guam, American Samoa, or the United States Virgin Islands or any Federally recognized Indian tribe, as defined by the Secretary of the Interior under section 104(a) of the Federally Recognized Indian Tribe List Act of 1994 (25 U.S.C. 479a-1(a)), and includes any political subdivision thereof.

   (q) Supervised financial institution means a financial institution that is or that may become subject to the CFPB's supervisory authority.

   Sec. 1070.3 Custodian of records; certification; alternative authority.

   (a) Custodian of records. The Chief Operating Officer is the official custodian of all records of the CFPB, including records that are in the possession or control of the CFPB or any CFPB employee.

   (b) Certification of record. The Chief Operating Officer may certify the authenticity of any CFPB record or any copy of such record, for any purpose, and for or before any duly constituted Federal or State court, tribunal, or agency.

   (c) Alternative authority. Any action or determination required or permitted to be done by the Chief Operating Officer may be done by any employee who has been duly designated for this purpose by the Chief Operating Officer.

   Sec. 1070.4 Records of the CFPB not to be otherwise disclosed.

   Except as provided by this part, employees or former employees of the CFPB, or others in possession of a record of the CFPB that the CFPB has not already made public, are prohibited from disclosing such records, without

   Page 11505

   authorization, to any person who is not an employee of the CFPB.

   Subpart B--Freedom of Information Act

   Sec. 1070.10 General.

   This subpart contains the regulations of the CFPB implementing the Freedom of Information Act (the FOIA), 5 U.S.C. 552, as amended. These regulations set forth procedures for requesting access to records maintained by the CFPB. These regulations should be read together with the FOIA, the 1987 Office of Management and Budget Guidelines for FOIA Fees, the CFPB's Privacy Act regulations set forth in subpart E, and the FOIA Web page on the CFPB's Web site, http://www.consumerfinance.gov, which provide additional information about this topic.

   Sec. 1070.11 Information made available; discretionary disclosures.

   (a) In general. The FOIA provides for public access to information and records developed or maintained by Federal agencies. Generally, the FOIA divides agency information into three major categories and provides methods by which each category of information is to be made available to the public. The three major categories of information are as follows:

   (1) Information required to be published in the Federal Register (see Sec. 1070.12 of this subpart);

   (2) Information required to be made available for public inspection and copying or, in the alternative, to be published and offered for sale (see Sec. 1070.13 of this subpart); and

   (3) Information required to be made available to any member of the public upon specific request (see Sec. Sec. 1070.14 through 1070.22 of this subpart).

   (b) Discretionary disclosures. Even though a FOIA exemption may apply to the information or records requested, the CFPB may, if not precluded by law, elect under the circumstances not to apply the exemption. The fact that the exemption is not applied by the CFPB in response to a particular request shall have no precedential significance in processing other requests, but is merely an indication that, in the processing of the particular request, the CFPB finds no necessity for applying the exemption.

   (c) Disclosures of records frequently requested. Subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall make publicly available, as provided by Sec. 1070.13 of this subpart, all records regardless of form or format, which have been released previously to any person under 5 U.S.C. 552(a)(3) and Sec. Sec. 1070.14 through 1070.22 of this subpart, and which the CFPB determines have become or are likely to become the subject of subsequent requests for substantially the same records. When the CFPB receives three (3) or more requests for substantially the same records, then the CFPB shall also make the released records publicly available.

   Sec. 1070.12 Publication in the Federal Register.

   (a) Requirement. The CFPB shall separately state, publish and maintain current in the Federal Register for the guidance of the public the following information:

   (1) Descriptions of its central and field organization and the established place at which, the persons from whom, and the methods whereby, the public may obtain information, make submissions or requests, or obtain decisions;

   (2) Statements of the general course and method by which its functions are channeled and determined, including the nature and requirements of all formal and informal procedures available;

   (3) Rules of procedure, descriptions of forms available or the places at which forms may be obtained, and instructions as to the scope and contents of all papers, reports, or examinations;

   (4) Substantive rules of general applicability adopted as authorized by law, and statements of general policy or interpretations of general applicability formulated and adopted by the CFPB; and

   (5) Each amendment, revision, or repeal of matters referred to in paragraphs (a)(1) through (4) of this section.

   (b) Exceptions. Publication of the information under clause (a) of this subpart shall be subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)) and the limitations provided in 5 U.S.C. 552(a)(1).

   Sec. 1070.13 Public inspection and copying.

   (a) In general. Subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall, in conformance with 5 U.S.C. 552(a)(2), make available for public inspection and copying, including by posting on the CFPB's Web site, http://www.consumerfinance.gov, or, in the alternative, promptly publish and offer for sale the following information:

   (1) Final opinions, including concurring and dissenting opinions, and orders made in the adjudication of cases;

   (2) Those statements of policy and interpretations which have been adopted by the CFPB but are not published in the Federal Register;

   (3) Its administrative staff manuals and instructions to staff that affect a member of the public;

   (4) Copies of all records made publicly available pursuant to Sec. 1070.11 of this subpart; and

   (5) A general index of the records referred to in paragraph (a)(4) of this section.

   (b) Information made available online. For records required to be made available for public inspection and copying pursuant to 5 U.S.C. 552(a)(2) (paragraphs (a)(1) through (4) of this section), as soon as practicable, the CFPB shall make such records available on its e-FOIA Library, located at http://www.consumerfinance.gov.

   (c) Record availability at the on-site e-FOIA Library. Any member of the public may, upon request, access the CFPB's e-FOIA Library via a computer terminal at 1700 G Street NW., Washington, DC 20552. Such a request may be made by electronic means as set forth on the CFPB's Web site, http://www.consumerfinance.gov, or in writing, to the Chief FOIA Officer, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552. The request must indicate a preferred date and time for the requested access. The CFPB reserves the right to arrange a different date and time with the requester, if necessary.

   (d) Redaction of identifying details. To prevent a clearly unwarranted invasion of personal privacy, the CFPB may redact identifying details contained in any matter described in paragraphs (a)(1) through (4) of this section before making such matters available for inspection or publication. The justification for the redaction shall be explained fully in writing, and the extent of such redaction shall be indicated on the portion of the record which is made available or published, unless including that indication would harm an interest protected by the exemption in 5 U.S.C. 552(b) under which the redaction is made. If technically feasible, the extent of the redaction shall be indicated at the place in the record where the redaction is made.

   Sec. 1070.14 Requests for CFPB records.

   (a) In general. Subject to the application of the FOIA exemptions and exclusions (5 U.S.C. 552(b) and (c)), the CFPB shall promptly make its records available to any person pursuant to a request that conforms to the rules and procedures of this section.

   Page 11506

   (b) Form of request. A request for records of the CFPB shall be made in writing or by electronic means.

   (1) If a request is made in writing, it shall be addressed to the Chief FOIA Officer, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552. The request shall be labeled ``Freedom of Information Act Request.''

   (2) If a request is made by electronic means, it shall be submitted as set forth on the CFPB's Web site, http://www.consumerfinance.gov. The request shall be labeled ``Freedom of Information Act Request.''

   (c) Content of request. (1) In order to ensure the CFPB's ability to respond in a timely manner, a FOIA request should describe the records that the requester seeks in sufficient detail to enable CFPB personnel to locate them with a reasonable amount of effort. Whenever possible, the request should include specific information about each record sought, such as the date, title or name, author, recipient, and subject matter of the record. If known, the requester should include any file designations or descriptions for the records requested. As a general rule, the more specific the requester is about the records or type of records requested, the more likely the CFPB will be able to locate those records in response to the request;

   (2) In order to ensure the CFPB's ability to communicate effectively with the requester, a request should include contact information for the requester, including the name of the requester and, to the extent available, a mailing address, telephone number, and email address at which the CFPB may contact the requester regarding the request;

   (3) The request should state whether the requester wishes to inspect the records or desires to receive an electronic copy or have a copy made and furnished without first inspecting the records;

   (4) For the purpose of determining any fees that may apply to processing a request, a requester should indicate in the request whether the requester is a commercial user, an educational institution, non-commercial scientific institution, representative of the news media, governmental entity, or ``other'' requester, as those terms are defined in Sec. 1070.22(b) of this subpart, and the basis for claiming that fee category. Requesters may seek assistance in determining the appropriate fee category by contacting the CFPB's FOIA Public Liaison at the telephone number listed on the CFPB's Web site, http://www.consumerfinance.gov. The CFPB will use any information provided to the FOIA Public Liaison solely for the purpose of determining the appropriate fee category that applies to the requester;

   (5) If a requester seeks a waiver or reduction of fees associated with processing a request, then the request shall include a statement to that effect as is required by Sec. 1070.22(e) of this subpart. Any request that does not seek a waiver or reduction of fees constitutes an agreement of the requester to pay any and all fees (of up to $25) that may apply to the request, as otherwise set forth in Sec. 1070.22 of this subpart, except that the requester may specify in the request an upper limit (of not less than $25) that the requester is willing to pay to process the request; and

   (6) If a requester seeks expedited processing of a request, then the request must include a statement to that effect as is required by Sec. 1070.17 of this subpart.

   (d) Perfected requests; effect of request deficiencies. For purposes of computing its deadline to respond to a request, the CFPB will deem itself to have received a request only if, and on the date that, it receives a request that contains substantially all of the information required by and that otherwise conforms with paragraphs (b) and (c) of this section. The CFPB need not accept a request, process a request, or be bound by any deadlines in this subpart for processing a request that fails to conform, in any material respect, to the requirements of paragraphs (b) and (c) of this section. If a request is deficient in any material respect, then the CFPB may return it to the requester and if it does so, it shall advise the requester in what respect the request is deficient, and what additional information is needed to respond to the request. The requester may then amend or resubmit the request. A determination by the CFPB that a request is deficient in any respect is not a denial of a request for records and such determinations are not subject to appeal. If a requester fails to respond to a CFPB notification that a request is deficient within thirty (30) days of the CFPB's notification, the CFPB will deem the request withdrawn.

   (e) Requests by an individual for CFPB records pertaining to that individual. An individual who wishes to inspect or obtain copies of records of the Bureau that pertain to that individual shall file a request in accordance with subpart E of these rules.

   (f) Requests for CFPB records pertaining to another individual. Where a request for records pertains to a third party, a requester may receive greater access by submitting either a notarized authorization signed by that individual or a declaration by that individual made in compliance with the requirements set forth in 28 U.S.C. 1746 authorizing disclosure of the records to the requester, or submits proof that the individual is deceased (e.g., a copy of a death certificate or an obituary). The CFPB may require a requester to supply additional information if necessary in order to verify that a particular individual has consented to disclosure.

   Sec. 1070.15 Responsibility for responding to requests for CFPB records.

   (a) In general. In determining which records are responsive to a request, the CFPB ordinarily will include only records in its possession as of the date the CFPB begins its search for them. If any other date is used, the CFPB shall inform the requester of that date.

   (b) Authority to grant or deny requests. The Chief FOIA Officer shall be authorized to grant or deny any request for a record of the CFPB.

   (c) Consultations and referrals. (1) When a requested record has been created by an agency other than the CFPB, the CFPB shall refer the record to the originating agency for a direct response to the requester.

   (2) When a FOIA request is received for a record created by the CFPB that includes information originated by another agency, the CFPB shall consult the originating agency for review and recommendation on disclosure. The CFPB shall not release any such records without prior consultation with the originating agency.

   (d) Notice of referral. Whenever the CFPB refers all or any part of the responsibility for responding to a request to another agency, it will notify the requester of the referral and inform the requester of the name of each agency to which the request has been referred, in whole or in part.

   Sec. 1070.16 Timing of responses to requests for CFPB records.

   (a) In general. Except as set forth in paragraphs (b) through (d) of this section, and Sec. 1070.17 of this subpart, the CFPB shall respond to requests according to their order of receipt.

   (b) Multitrack processing. (1) The CFPB may establish separate tracks to process simple and complex requests. The CFPB may assign a request to the simple or complex track(s) based on the amount of work and/or time needed to process the request. The CFPB shall process requests in each track based on the date the request was perfected in accordance with Sec. 1070.14(d).

   (2) The CFPB may provide a requester in its complex track with an opportunity to limit the scope of the request to

   Page 11507

   qualify for faster processing within the specified limits of the simple track(s).

   (c) Time period for responding to requests for records. Ordinarily, the CFPB shall have twenty (20) business days from when a request is received by the CFPB to determine whether to grant or deny a request for records. The twenty (20) business day time period set forth in this paragraph shall not be tolled by the CFPB except that the CFPB may:

   (1) Make one reasonable demand to the requester for clarifying information about the request and toll the twenty (20) business day time period while it awaits the clarifying information; or

   (2) Toll the twenty (20) business day time period while it awaits clarification from or addresses any dispute with the requester regarding the assessment of fees.

   (d) Unusual circumstances. (1) Where the CFPB determines that due to unusual circumstances it cannot respond either to a request within the time period set forth in paragraph (c) of this section or to an appeal within the time period set forth in Sec. 1070.21 of this subpart, the CFPB may extend the applicable time periods by informing the requester in writing of the unusual circumstances and of the date by which the CFPB expects to complete its processing of the request or appeal. Any extension or extensions of time with respect to a request or an appeal shall not cumulatively total more than ten (10) business days. However, if the CFPB determines that it needs additional time beyond a ten (10) business day extension to process the request or appeal, then the CFPB shall notify the requester and provide the requester with an opportunity to limit the scope of the request or appeal or to arrange for an alternative time frame for processing the request or appeal or a modified request or appeal. The requester shall retain the right to define the desired scope of the request or appeal, as long as it meets the requirements contained in this subpart.

   (2) As used in this paragraph, ``unusual circumstances'' means:

   (i) The need to search for and collect the requested records from field facilities or other establishments that are separate from the office processing the request;

   (ii) The need to search for, collect, and appropriately examine a voluminous amount of separate and distinct records which are demanded in a single request; or

   (iii) The need for consultation, which shall be conducted with all practicable speed, with another agency having a substantial interest in the determination of the request, or among two or more CFPB offices having substantial subject matter interest therein.

   Sec. 1070.17 Requests for expedited processing.

   (a) In general. The CFPB shall process a request on an expedited basis whenever a requester demonstrates a compelling need for expedited processing in accordance with the requirements of this paragraph or in other cases that the CFPB deems appropriate.

   (b) Form and content of a request for expedited processing. A request for expedited processing shall be made as follows:

   (1) A request for expedited processing shall be made in writing or by electronic means and submitted as part of a request for records in accordance with section 1070.14(b). When a request for records includes a request for expedited processing, the request shall be labeled ``Expedited Processing Requested.''

   (2) A request for expedited processing shall contain a statement that demonstrates a compelling need for the requester to obtain expedited processing of the requested records. A ``compelling need'' is defined as follows:

   (i) Failure to obtain the requested records on an expedited basis could reasonably be expected to pose an imminent threat to the life or physical safety of an individual. The requester shall fully explain the circumstances warranting such an expected threat so that the CFPB may make a reasoned determination that a delay in obtaining the requested records could pose such a threat; or

   (ii) With respect to a request made by a person primarily engaged in disseminating information, urgency to inform the public concerning actual or alleged Federal government activity. A person ``primarily engaged in disseminating information'' does not include individuals who are engaged only incidentally in the dissemination of information. The standard of ``urgency to inform'' requires that the records requested pertain to a matter of current exigency to the American public and that delaying a response to a request for records would compromise a significant recognized interest to and throughout the American general public. The requester must adequately explain the matter or activity and why the records sought are necessary to be provided on an expedited basis.

   (3) The requester shall certify the written statement that purports to demonstrate a compelling need for expedited processing to be true and correct to the best of the requester's knowledge and belief. The certification must be in the form prescribed by 28 U.S.C. 1746: ``I declare under penalty of perjury that the foregoing is true and correct to the best of my knowledge and belief. Executed on date.'' The requester shall mail or submit electronically a copy of such written certification to the Chief FOIA Officer as set forth in Sec. 1070.14(b) of this subpart. The CFPB may waive this certification requirement in appropriate circumstances.

   (c) Determinations of requests for expedited processing. Within ten (10) calendar days of its receipt of a request for expedited processing, the CFPB shall decide whether to grant it and shall notify the requester of the determination in writing.

   (d) Effect of granting requests for expedited processing. If the CFPB grants a request for expedited processing, then the CFPB shall give the expedited request priority over non-expedited requests and shall process the expedited request as soon as practicable. The CFPB may assign expedited requests to their own simple and complex processing tracks based upon the amount of work and/or time needed to process them. Within each such track, an expedited request shall be processed in the order of its receipt.

   (e) Appeals of denials of requests for expedited processing. If the CFPB denies a request for expedited processing, then the requester shall have the right to submit an appeal of the denial determination in accordance with Sec. 1070.21 of this subpart. The CFPB shall communicate this appeal right as part of its written notification to the requester denying expedited processing. The requester shall label its appeal request ``Appeal for Expedited Processing.'' The CFPB shall act expeditiously upon an appeal of a denial of a request for expedited processing.

   Sec. 1070.18 Responses to requests for CFPB records.

   (a) Acknowledgements of requests. Upon receipt of a perfected request, the CFPB will assign to the request a unique tracking number. The CFPB will send an acknowledgement letter to the requester by mail or email within ten (10) calendar days of receipt of the request. The acknowledgment letter will contain the following information:

   (1) The applicable request tracking number;

   (2) The date of receipt of the request, as determined in accordance with section 1070.14(d) of this subpart, as well as the date when the requester may expect a response;

   Page 11508

   (3) A brief statement identifying the subject matter of the request; and

   (4) A confirmation, with respect to any fees that may apply to the request pursuant to Sec. 1070.22 of this subpart, that the requester has sought a waiver or reduction in such fees, has agreed to pay any and all applicable fees, or has specified an upper limit (of not less than $25) that the requester is willing to pay in fees to process the request.

   (b) Initial determination to grant or deny a request. (1) The officer designated in Sec. 1070.15(b) to this subpart, or his or her delegate, shall make initial determinations either to grant or to deny in whole or in part requests for records.

   (2) If the request is granted in full or in part, and if the requester requests a copy of the records requested, then a copy of the records shall be mailed or emailed to the requester in the requested format, to the extent the records are readily producible in the requested format. The CFPB shall also send the requester a statement of the applicable fees, either at the time of the determination or shortly thereafter.

   (3) In the case of a request for inspection, the requester shall be notified in writing of the determination, when and where the requested records may be inspected, and of the fees incurred in complying with the request. The CFPB shall then promptly make the records available for inspection at the time and place stated, in a manner that will not interfere with CFPB's operations and will not exclude other persons from making inspections. The requester shall not be permitted to remove the records from the room where inspection is made. If, after making inspection, the requester desires copies of all or a portion of the requested records, copies shall be furnished upon payment of the established fees prescribed by Sec. 1070.22 of this subpart. Fees may be charged for search and review time as stated in Sec. 1070.22 of this subpart.

   (4) If it is determined that the request for records should be denied in whole or in part, the requester shall be notified by mail or by email. The letter of notification shall:

   (i) State the exemptions relied upon in denying the request;

   (ii) If technically feasible, indicate the amount of information deleted and the exemptions under which the deletion is made at the place in the record where such deletion is made (unless providing such indication would harm an interest protected by the exemption relied upon to deny such material);

   (iii) Set forth the name and title or position of the responsible official;

   (iv) Advise the requester of the right to administrative appeal in accordance with Sec. 1070.21 of this subpart; and

   (v) Specify the official or office to which such appeal shall be submitted.

   (5) If it is determined, after a reasonable search for records, that no responsive records have been found to exist, the requester shall be notified in writing or by email. The notification shall also advise the requester of the right to administratively appeal the CFPB's determination that no responsive records exist (i.e., to challenge the adequacy of the CFPB's search for responsive records) in accordance with Sec. 1070.21 of this subpart. The response shall specify the official or office to which the appeal shall be submitted for review.

   Sec. 1070.19 Classified information.

   Whenever a request is made for a record containing information that another agency has classified, or which may be appropriate for classification by another agency under Executive Order 13526 or any other executive order concerning the classification of information, the CFPB shall refer the responsibility for responding to the request to the classifying or originating agency, as appropriate.

   Sec. 1070.20 Requests for business information provided to the CFPB.

   (a) In general. Business information provided to the CFPB by a business submitter shall not be disclosed pursuant to a FOIA request except in accordance with this section.

   (b) Definitions. For purposes of this section:

   (1) Business information means commercial or financial information obtained by the CFPB from a submitter that may be protected from disclosure under Exemption 4 of the FOIA, 5 U.S.C. 552(b)(4).

   (2) Submitter means any person from whom the CFPB obtains business information, directly or indirectly. The term includes, without limitation, corporations, State, local, and tribal governments, and foreign governments.

   (c) Designation of business information. A submitter of business information will use good-faith efforts to designate, by appropriate markings, either at the time of submission or at a reasonable time thereafter, any portions of its submission that it considers to be protected from disclosure under Exemption 4 of the FOIA. These designations will expire ten (10) years after the date of the submission unless the submitter requests otherwise and provides justification for, a longer designation period.

   (d) Notice to submitters. The CFPB shall provide a submitter with prompt written notice of receipt of a request or appeal encompassing its business information whenever required in accordance with paragraph (e) of this section. Such written notice shall either describe the exact nature of the business information requested or provide copies of the records or portions of records containing the business information. When notification of a voluminous number of submitters is required, notification may be made by posting or publishing the notice in a place reasonably likely to accomplish it.

   (e) When notice is required. (1) The CFPB shall provide a submitter with notice of receipt of a request or appeal whenever:

   (i) The information has been designated in good faith by the submitter as information considered protected from disclosure under Exemption 4; or

   (ii) The CFPB has reason to believe that the information may be protected from disclosure under Exemption 4.

   (2) The notice requirements of this paragraph shall not apply if:

   (i) The CFPB determines that the information is exempt under the FOIA;

   (ii) The information lawfully has been published or otherwise made available to the public;

   (iii) Disclosure of the information is required by statute (other than the FOIA) or by a regulation issued in accordance with the requirements of Executive Order 12600 (3 CFR, 1988 Comp., p. 235); or

   (iv) The designation made by the submitter under paragraph (e)(1)(i) of this section appears obviously frivolous, except that, in such a case, the CFPB shall, within a reasonable time prior to a specified disclosure date, give the submitter written notice of any final decision to disclose the information.

   (f) Opportunity to object to disclosure. (1) Through the notice described in paragraph (d) of this section, the CFPB shall afford a submitter ten (10) business days from the date of the notice to provide the CFPB with a detailed statement of any objection to disclosure. Such statement shall specify all grounds for withholding any of the information under any exemption of the FOIA and, in the case of Exemption 4, shall demonstrate why the information is considered to be a trade secret or commercial or financial information that is privileged or confidential. In the event that a submitter fails to respond to the notice within the time specified in it, the submitter shall be considered to have no objection to disclosure of the information. Information provided by a

   Page 11509

   submitter pursuant to this paragraph may itself be subject to disclosure under the FOIA.

   (2) When notice is given to a submitter under this section, the requester shall be advised that such notice has been given to the submitter. The requester shall be further advised that a delay in responding to the request may be considered a denial of access to records and that the requester may proceed with an administrative appeal or seek judicial review, if appropriate. However, the requester will be invited to agree to a voluntary extension of time so that the CFPB may review the submitter's objection to disclose, if any.

   (g) Notice of intent to disclose. The CFPB shall consider carefully a submitter's objections and specific grounds for nondisclosure prior to determining whether to disclose business information. Whenever the CFPB decides to disclose business information over the objection of a submitter, the CFPB shall forward to the submitter a written notice which shall include:

   (1) A statement of the reasons for which the submitter's disclosure objections were not sustained;

   (2) A description of the business information to be disclosed; and

   (3) A specified disclosure date which is not less than ten (10) business days after the notice of the final decision to release the requested information has been mailed to the submitter. Except as otherwise prohibited by law, a copy of the disclosure notice shall be forwarded to the requester at the same time.

   (h) Notice to submitter of FOIA lawsuit. Whenever a requester brings suit seeking to compel disclosure of business information, the CFPB shall promptly notify the submitter of that business information of the existence of the suit.

   (i) Notice to requester of business information. The CFPB shall notify a requester whenever it provides the submitter with notice and an opportunity to object to disclosure; whenever it notifies the submitter of its intent to disclose the requested information; and whenever a submitter files a lawsuit to prevent the disclosure of the information.

   Sec. 1070.21 Administrative appeals.

   (a) Grounds for administrative appeals. A requester may appeal an initial determination of the CFPB, including for the following reasons:

   (1) To deny access to records in whole or in part (as provided in Sec. 1070.18(b) of this subpart);

   (2) To assign a particular fee category to the requestor (as provided in Sec. 1070.22(b) of this subpart);

   (3) To deny a request for a reduction or waiver of fees (as provided in Sec. 1070.22(e) of this subpart);

   (4) That no records exist that are responsive to the request (as provided in Sec. 1070.18(b) of this subpart); or

   (5) To deny a request for expedited processing (as provided in Sec. 1070.17(e) of this subpart).

   (b) Time limits for filing administrative appeals. An appeal, other than an appeal of a denial of expedited processing, must be postmarked or submitted electronically on a date that is within forty-five (45) calendar days of the date of the initial determination or the date of the letter transmitting the last records released, whichever is later. An appeal of a denial of expedited processing must be made within ten (10) days of the date of the initial determination letter to deny expedited processing (see Sec. 1070.17 of this subpart).

   (c) Form and content of administrative appeals. In order to ensure a timely response to an appeal, the appeal shall be made in writing or by electronic means as follows:

   (1) If appeal is made in writing, it shall be addressed to and submitted to the officer specified in paragraph (e) of this section at the address set forth in Sec. 1070.14(b) of this subpart. The appeal shall be labeled ``Freedom of Information Act Appeal.''

   (2) If an appeal is made by electronic means, it shall be addressed to the officer specified in paragraph (e) of this section and submitted as set forth on the CFPB's Web site, http://www.consumerfinance.gov. The appeal shall be labeled ``Freedom of Information Act Appeal.''

   (3) The appeal shall set forth contact information for the requester, including, to the extent available, a mailing address, telephone number, or email address at which the CFPB may contact the requester regarding the appeal; and

   (4) The appeal shall specify the applicable request tracking number, the date of the initial request, and the date of the letter of initial determination, and, where possible, enclose a copy of the initial request and the initial determination being appealed.

   (d) Processing of administrative appeals. Appeals will be stamped with the date of their receipt by the FOIA response office, and will be processed in the order of their receipt. The receipt of the appeal will be acknowledged by the CFPB and the requester will be advised of the date the appeal was received, the appeal tracking number, and the expected date of response.

   (e) Determinations to grant or deny administrative appeals. The General Counsel is authorized to and shall decide whether to affirm the initial determination (in whole or in part) or to reverse the initial determination (in whole or in part) and shall notify the requester of this decision in writing within twenty (20) business days after the date of receipt of the appeal, unless extended pursuant to Sec. 1070.16(d) of this subpart.

   (1) If it is decided that the appeal is to be denied (in whole or in part) the requester shall be:

   (i) Notified in writing of the denial;

   (ii) Notified of the reasons for the denial, including which of the FOIA exemptions were relied upon;

   (iii) Notified of the name and title or position of the official responsible for the determination on appeal;

   (iv) Provided with a statement that judicial review of the denial is available in the United States District Court for the judicial district in which the requester resides or has a principal place of business, the judicial district in which the requested records are located, or the District of Columbia in accordance with 5 U.S.C. 552(a)(4)(B); and

   (v) Provided with notification that mediation services are available to the requester as a non-exclusive alternative to litigation through the Office of Government Information Services in accordance with 5 U.S.C. 552(h)(3).

   (2) If the initial determination is reversed on appeal, the requester shall be so notified and the request shall be processed promptly in accordance with the decision on appeal.

   (3) If the initial determination is remanded on appeal to the Chief FOIA Officer for further action, the requester shall be so notified and the request shall be processed in accordance with the decision on appeal. The remanded request shall be treated as a new request received by the CFPB as of the date when the General Counsel transmits the remand notification to the requester. The procedures and deadlines set forth in this subpart for processing, deciding, responding to, and filing administrative appeals of new FOIA requests shall apply to the remanded request.

   (f) Adjudication of administrative appeals of requests in litigation. An appeal ordinarily will not be adjudicated if the request becomes a matter of FOIA litigation.

   Page 11510

   Sec. 1070.22 Fees for processing requests for CFPB records.

   (a) In general. The CFPB shall determine whether and to what extent to charge a requester fees for processing a FOIA request, for the services and in the amounts set forth in this paragraph, by determining an appropriate fee category for the requester (as set forth in paragraph (b) of this section) and then by charging the requester those fees applicable to the assigned category (as set forth in paragraph (c) of this section), unless circumstances exist (as described in paragraph (d) of this section) that render fees inapplicable or inadvisable or unless the requester has requested and the CFPB has granted a reduction in or waiver of fees (as set forth in paragraph (e) of this section).

   (1) The CFPB shall charge a requester fees for the cost of copying or printing records at the rate of $0.10 per page.

   (2) The CFPB shall charge a requester for all time spent by its employees searching for records that are responsive to a request. The CFPB shall charge the requester fees for search time as follows:

   (i) The CFPB shall charge for search time at the salary rate(s) (basic pay plus sixteen (16) percent) of the employee(s) who conduct the search. However, the CFPB shall charge search fees at the rate of $9.00 per fifteen (15) minutes of search time whenever only administrative/clerical employees conduct a search and at the rate of $23.00 per fifteen (15) minutes of search time whenever only professional/executive employees conduct a search. Search charges shall also include transportation of employees and records necessary to the search at actual cost. Fees may be charged for search time even if the search does not yield any responsive records, or if records are exempt from disclosure.

   (ii) The CFPB shall charge the requester for the actual direct costs of conducting an electronic records search, including computer search time, runs, and output. The CFPB shall also charge for time spent by computer operators or programmers (at the rates set forth in paragraph (a)(2)(i) of this section) who conduct or assist in the conduct of an electronic records search.

   (3) The CFPB shall charge a requester for time spent by its employees examining responsive records to determine whether any portions of such record are exempt from disclosure, pursuant to the FOIA exemptions of 5 U.S.C. 552(b). The CFPB shall also charge a requester for time spent by its employees redacting any such exempt information from a record and preparing a record for release to the requester. The CFPB shall charge a requester for time spent reviewing records at the salary rate(s) (i.e., basic pay plus sixteen (16) percent) of the employees who conduct the review. However, the CFPB shall charge review fees at the rate of $9.00 per fifteen (15) minutes of search time whenever only administrative/clerical employees review records and at the rate of $23.00 per fifteen (15) minutes of search time whenever only professional/executive employees review records. Fees shall be charged for review time even if records ultimately are not disclosed.

   (4) Fees for all services provided shall be charged whether or not copies are made available to the requester for inspection. However, no fee shall be charged for monitoring a requester's inspection of records.

   (5) Other services and materials requested which are not covered by this part nor required by the FOIA are chargeable at the actual cost to the CFPB. This includes, but is not limited to:

   (i) Certifying that records are true copies; or

   (ii) Sending records by special methods such as express mail, etc.

   (b) Categories of requesters. (1) For purposes of assessing fees as set forth in this section, each requester shall be assigned to one of the following categories:

   (i) Commercial user refers to one who seeks information for a use or purpose that furthers the commercial, trade, or profit interests of the requester or the person on whose behalf the request is made, which can include furthering those interests through litigation. The CFPB may determine from the use specified in the request that the requester is a commercial user.

   (ii) Educational institution refers to a preschool, a public or private elementary or secondary school, an institution of graduate higher education, an institution of undergraduate higher education, an institution of professional education, and an institution of vocational education, which operates a program or programs of scholarly research.

   (iii) Non-commercial scientific institution refers to an institution that is not operated on a ``commercial user'' basis as that term is defined in paragraph (b)(2)(i) of this section, and which is operated solely for the purpose of conducting scientific research, the results of which are not intended to promote any particular product or industry.

   (iv) Representative of the news media refers to any person or entity that gathers information of potential interest to a segment of the public, uses its editorial skills to turn the raw materials into a distinct work, and distributes that work to an audience. In this paragraph, the term `news' means information that is about current events or that would be of current interest to the public. Examples of news-media entities are television or radio stations broadcasting to the public at large and publishers of periodicals (but only if such entities qualify as disseminators of `news') who make their products available for purchase by or subscription by or free distribution to the general public. Other examples of news media entities include online publications and Web sites that regularly deliver news content to the public. These examples are not all-inclusive. Moreover, as methods of news delivery evolve (for example, the adoption of the electronic dissemination of newspapers through telecommunications services), such alternative media shall be considered to be news-media entities. A freelance journalist shall be regarded as working for a news-media entity if the journalist can demonstrate a solid basis for expecting publication through that entity, whether or not the journalist is actually employed by the entity. A publication contract would present a solid basis for such an expectation; the CFPB may also consider the past publication record of the requester in making such a determination.

   (v) ``Other'' requester refers to a requester who does not fall within any of the previously described categories.

   (2) Within twenty (20) calendar days of its receipt of a request, the CFPB shall make a determination as to the proper fee category to apply to a requester. The CFPB shall inform the requester of the determination in the request acknowledgment letter, or if no such letter is required, in writing. The CFPB shall base its determination upon a review of the requester's submission and the CFPB's own records. Where the CFPB has reasonable cause to doubt the use to which a requester will put the records sought, or where that use is not clear from the request itself, the CFPB should seek additional clarification before assigning the request to a specific category.

   (3) If the CFPB assigns to a requester a fee category, then the requester shall have the right to submit an appeal of the CFPB's determination in accordance with Sec. 1070.21 of this subpart. The CFPB shall communicate this appeal right as part of its written notification to the requester of an adverse fee category determination. The requester shall label its appeal request ``Appeal of Fee Category Determination.''

   Page 11511

   (c) Fees applicable to each category of requester. The following fee schedule applies uniformly throughout the CFPB to requests processed under the FOIA. Specific levels of fees are prescribed for each category of requester defined in paragraph (b) of this section.

   (1) Commercial users shall be charged the full direct costs of searching for, reviewing, and duplicating the records they request. Moreover, when a request is received for disclosure that is primarily in the commercial interest of the requester, the CFPB is not required to consider a request for a waiver or reduction of fees based upon the assertion that disclosure would be in the public interest. The CFPB may recover the cost of searching for and reviewing records even if there is ultimately no disclosure of records or no records are located.

   (2) Educational and non-commercial scientific institution requesters shall be charged only for the cost of duplicating the records they request, except that the CFPB shall provide the first one hundred (100) pages of duplication free of charge. To be eligible, requesters must show that the request is made under the auspices of a qualifying institution and that the records are not sought for a commercial use, but are sought in furtherance of scholarly (if the request is from an educational institution) or scientific (if the request is from a non-commercial scientific institution) research. These categories do not include requesters who want records for use in meeting individual academic research or study requirements.

   (3) Representatives of the news media shall be charged only for the cost of duplicating the records they request, except that the CFPB shall provide them with the first one hundred (100) pages of duplication free of charge.

   (4) Other requesters who do not fit any of the categories described above shall be charged the full direct cost of searching for and duplicating records that are responsive to the request, except that the CFPB shall provide the first one hundred (100) pages of duplication and the first two hours of search time free of charge. The CFPB may recover the cost of searching for records even if there is ultimately no disclosure of records, or no records are located. Requests from persons for records about themselves filed in the CFPB's systems of records shall continue to be treated under the fee provisions of the Privacy Act of 1974, 5 U.S.C. 552a, which permit fees only for duplication, after the first one hundred (100) pages are furnished free of charge.

   (d) Other circumstances when fees are not charged. Notwithstanding paragraphs (b) and (c) of this section, the CFPB may not charge a requester a fee for processing a FOIA request if any of the following applies:

   (1) The cost of collecting a fee would be equal to or greater than the fee itself;

   (2) The fees were waived or reduced in accordance with paragraph (e) of this section;

   (3) If the CFPB fails to comply with any time limit under Sec. Sec. 1070.15 or 1070.21 of this subpart, and no unusual circumstances (as that term is defined in Sec. 1070.16(d)) or exceptional circumstances apply to the processing of the request, then the CFPB shall not assess search fees, or if the requester is a representative of the news media or an educational or noncommercial scientific institution, then the CFPB shall not assess duplication fees. The term ``exceptional circumstances'' does not include a delay that results from a predictable CFPB workload of requests, unless the CFPB demonstrates reasonable progress in reducing its backlog of pending requests; or

   (4) If the CFPB determines, as a matter of administrative discretion, that waiving or reducing the fees would serve the interest of the United States Government.

   (e) Waiver or reduction of fees. (1) A requester shall be entitled to receive from the CFPB a waiver or reduction in the fees otherwise applicable to a FOIA request whenever the requester:

   (i) Requests such waiver or reduction of fees in writing or by electronic means as part of the FOIA request;

   (ii) Labels the request for waiver or reduction of fees ``Fee Waiver or Reduction Requested'' on the FOIA request; and

   (iii) Demonstrates that the fee reduction or waiver request that a waiver or reduction of the fees is in the public interest because:

   (A) Furnishing the information is likely to contribute significantly to public understanding of the operations or activities of the government; and

   (B) Furnishing the information is not primarily in the commercial interest of the requester.

   (2) To determine whether the requester has satisfied the requirements of paragraph (e)(1)(ii)(A), the CFPB shall consider the following factors:

   (i) The subject of the requested records must concern identifiable operations or activities of the Federal government, with a connection that is direct and clear, and not remote or attenuated.

   (ii) The disclosable portions of the requested records must be meaningfully informative about government operations or activities in order to be ``likely to contribute'' to an increased public understanding of those operations or activities. The disclosure of information that already is in the public domain, in either a duplicative or a substantially similar form, is not as likely to contribute to the public's understanding.

   (iii) The disclosure must contribute to the understanding of a reasonably broad audience of persons interested in the subject, as opposed to the individual understanding of the requester. A requester's expertise in the subject area and ability and intention to effectively convey information to the public shall be considered. It shall be presumed that a representative of the news media will satisfy this consideration.

   (iv) The public's understanding of the subject in question, as compared to the level of public understanding existing prior to the disclosure, must be enhanced by the disclosure to a significant extent.

   (3) To determine whether the requester has satisfied the requirements of paragraph (e)(1)(ii)(B), the CFPB shall consider the following factors:

   (i) The CFPB shall consider any commercial interest of the requester (with reference to the definition of ``commercial user'' in (b)(1)(i) of this section), or of any person on whose behalf the requester may be acting, that would be furthered by the requested disclosure. Requesters shall be given an opportunity in the administrative process to provide explanatory information regarding this consideration.

   (ii) A fee waiver or reduction is justified where the public interest standard is satisfied and that public interest is greater in magnitude than that of any identified commercial interest in disclosure. The CFPB ordinarily shall presume that where a news media requester has satisfied the public interest standard, the public interest will be the interest primarily served by disclosure to that requester. Disclosure to data brokers or others who merely compile and market government information for direct economic return shall not be presumed to primarily serve the public interest.

   (4) Where only some of the records to be released satisfy the requirements for a waiver of fees, a waiver shall be granted for those records.

   (5) The CFPB shall decide whether to grant or deny a request to reduce or waive fees prior to processing a request. The CFPB shall notify the requester of the determination in writing.

   Page 11512

   (6) If the CFPB denies a request to reduce or waive fees, then the CFPB shall advise the requester, in the denial notification letter, that the requester may incur fees if the CFPB proceeds to process the request. The notification letter shall also advise the requester that the CFPB will not proceed to process the request further unless the requester, in writing, directs the CFPB to do so and either agrees to pay any fees that may apply to processing the request or specifies an upper limit (of not less than $25) that the requester is willing to pay to process the request. If the CFPB does not receive this written direction and agreement/specification within thirty (30) calendar days of the date of the denial notification letter, then the CFPB shall deem the request to be withdrawn.

   (7) If the CFPB denies a request to reduce or waive fees, then the requester shall have the right to submit an appeal of the denial determination in accordance with section 1070.21 of this subpart. The CFPB shall communicate this appeal right as part of its written notification to the requester denying the fee reduction or waiver request. The requester should label its appeal request ``Appeal for Fee Reduction/Waiver.''

   (f) Advance notice and prepayment of fees. (1) When the CFPB estimates the fees for processing a request to exceed the limit set by the requester, and that amount is less than $250, or the requester did not specify a limit and the amount is less than $250, the requester shall be notified of the estimated fees, and provided a breakdown of the fees attributable to search, review, and duplication, respectively. The requester must provide an agreement to pay the estimated fees; however, the requester shall also be given an opportunity to reformulate the request in an attempt to reduce fees.

   (2) If the requester has failed to state a limit and the fees are estimated to exceed $250, the requester shall be notified of the estimated fees and provided a breakdown of the fees attributable to search, review, and duplication, respectively. The requester must pre-

   pay such amount prior to the processing of the request, or provide satisfactory assurance of full payment if the requester has a history of prompt payment of FOIA fees. The requester shall also be given an opportunity to reformulate the request in such a way as to lower the applicable fees.

   (3) The CFPB reserves the right to request prepayment after a request is processed and before documents are released.

   (4) If a requester has previously failed to pay a fee within thirty (30) calendar days of the date of the billing, the requester shall be required to pay the full amount owed plus any applicable interest and to make an advance payment of the full amount of the estimated fee before the CFPB begins to process a new request or the pending request.

   (5) When the CFPB acts under paragraphs (f)(1) through (4) of this section, the statutory time limits of twenty (20) days (excluding Saturdays, Sundays, and legal public holidays) from receipt of initial requests or appeals, plus extensions of these time limits, shall begin only after fees have been paid, a written agreement to pay fees has been provided, or a request has been reformulated.

   (g) Form of payment. Payment may be tendered as set forth on the CFPB's Web site, http://www.consumerfinance.gov.

   (h) Charging interest. The CFPB may charge interest on any unpaid bill starting on the 31st day following the date of billing the requester. Interest charges will be assessed at the rate provided in 31 U.S.C. 3717 and will accrue from the date of the billing until payment is received by the CFPB. The CFPB will follow the provisions of the Debt Collection Act of 1982 (Pub. L. 97-365, 96 Stat. 1749), as amended, and its administrative procedures, including the use of consumer reporting agencies, collection agencies, and offset.

   (i) Aggregating requests. Where the CFPB reasonably believes that a requester or a group of requesters acting together is attempting to divide a request into a series of requests for the purpose of avoiding fees, the CFPB may aggregate those requests and charge accordingly. The CFPB may presume that multiple requests of this type made within a thirty (30) day period have been made in order to avoid fees. Where requests are separated by a longer period, the CFPB will aggregate them only where there exists a solid basis for determining that aggregation is warranted under all the circumstances involved. Multiple requests involving unrelated matters will not be aggregated.

   Sec. 1070.23 Authority and responsibilities of the Chief FOIA Officer.

   (a) Chief FOIA Officer. The Director authorizes the Chief FOIA Officer to act upon all requests for agency records, with the exception of determining appeals from the initial determinations of the Chief FOIA Officer, which will be decided by the General Counsel. The Chief FOIA officer shall, subject to the authority of the Director:

   (1) Have CFPB-wide responsibility for efficient and appropriate compliance with the FOIA;

   (2) Monitor implementation of the FOIA throughout the CFPB and keep the Director, the General Counsel, and the Attorney General appropriately informed of the CFPB's performance in implementing the FOIA;

   (3) Recommend to the Director such adjustments to agency practices, policies, personnel and funding as may be necessary to improve the Chief FOIA Officer's implementation of the FOIA;

   (4) Review and report to the Attorney General, through the Director, at such times and in such formats as the Attorney General may direct, on the CFPB's performance in implementing the FOIA;

   (5) Facilitate public understanding of the purposes of the statutory exemptions of the FOIA by including concise descriptions of the exemptions in both the CFPB's handbook and the CFPB's annual report on the FOIA, and by providing an overview, where appropriate, of certain general categories of CFPB records to which those exemptions apply;

   (6) Designate one or more FOIA Public Liaisons; and

   (7) Maintain and update, as necessary and in accordance with the requirements of this subpart, the CFPB's FOIA Web site, including its e-FOIA Library.

   (b) FOIA Public Liaisons. FOIA Public Liaisons shall report to the Chief FOIA Officer and shall serve as supervisory officials to whom a requester can raise concerns about the service the requester has received from the CFPB's FOIA office, following an initial response from the FOIA office staff. FOIA Public Liaisons shall be responsible for assisting in reducing delays, increasing transparency and understanding of the status of requests, and assisting in the resolution of disputes.

   Subpart C--Disclosure of CFPB Information in Connection With Legal Proceedings

   Sec. 1070.30 Purpose and scope; definitions.

   (a) This subpart sets forth the procedures to be followed with respect to:

   (1) Service of summonses and complaints directed to the CFPB, the Director, or to any CFPB employee in connection with Federal or State litigation arising out of or involving the performance of official activities of the CFPB; and

   (2) Subpoenas, court orders, or other requests or demands for any CFPB information, whether contained in the files of the CFPB or acquired by a CFPB employee as part of the performance of

   Page 11513

   that employee's duties or by virtue of employee's official status.

   (b) This subpart does not apply to requests for official information made pursuant to subparts B, D, and E of this part.

   (c) This subpart does not apply to requests for information made in the course of adjudicating claims against the CFPB by CFPB employees (present or former) or applicants for CFPB employment for which jurisdiction resides with the U.S. Equal Employment Opportunity Commission, the U.S. Merit Systems Protection Board, the Office of Special Counsel, the Federal Labor Relations Authority, or their successor agencies, or a labor arbitrator operating under a collective bargaining agreement between the CFPB and a labor organization representing CFPB employees.

   (d) This subpart is intended only to inform the public about CFPB procedures concerning the service of process and responses to subpoenas, summons, or other demands or requests for official information or action and is not intended to and does not create, and may not be relied upon to create any right or benefit, substantive or procedural, enforceable at law by a party against the CFPB or the United States.

   (e) For purposes of this subpart:

   (1) Demand means a subpoena or order for official information, whether contained in CFPB records or through testimony, related to or for possible use in a legal proceeding.

   (2) Legal proceeding encompasses all pre-trial, trial, and post-

   trial stages of all judicial or administrative actions, hearings, investigations, or similar proceedings before courts, commissions, boards, grand juries, arbitrators, or other judicial or quasi-judicial bodies or tribunals, whether criminal, civil, or administrative in nature, and whether foreign or domestic. This phrase includes all stages of discovery as well as formal or informal requests by attorneys or others involved in legal proceedings.

   (3) Official Information means all information of any kind, however stored, that is in the custody and control of the CFPB or was acquired by CFPB employees, or former employees as part of their official duties or because of their official status while such individuals were employed by or served on behalf of the CFPB. Official information also includes any information acquired by CFPB employees or former employees while such individuals were engaged in matters related to consumer financial protection functions prior to the employees' transfer to the CFPB pursuant to Subtitle F of the Consumer Financial Protection Act of 2010.

   (4) Request means any request for official information in the form of testimony, affidavits, declarations, admissions, responses to interrogatories, document production, inspections, or formal or informal interviews, during the course of a legal proceeding, including pursuant to the Federal Rules of Civil Procedure, the Federal Rules of Criminal Procedure, or other applicable rules of procedure.

   (5) Testimony means a statement in any form, including personal appearances before a court or other legal tribunal, interviews, depositions, telephonic, televised, or videographed statements or any responses given during discovery or similar proceeding in the course of litigation.

   Sec. 1070.31 Service of summonses and complaints.

   (a) Only the General Counsel is authorized to receive and accept summonses or complaints sought to be served upon the CFPB or CFPB employees sued in their official capacity. Such documents should be served upon the General Counsel, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552. This authorization for receipt shall in no way affect the requirements of service elsewhere provided in applicable rules and regulations.

   (b) If, notwithstanding paragraph (a) of this section, any summons or complaint described in that paragraph is delivered to an employee of the CFPB, the employee shall decline to accept the proffered service and may notify the person attempting to make service of the regulations set forth herein. If, notwithstanding this instruction, an employee accepts service of a document described in paragraph (a) of this section, the employee shall immediately notify and deliver a copy of the summons and complaint to the General Counsel.

   (c) When a CFPB employee is sued in an individual capacity for an act or omission occurring in connection with duties performed on behalf of the CFPB (whether or not the officer or employee is also sued in an official capacity), the employee by law is to be served personally with process. See Fed. R. Civ. P. 4(i)(3). An employee sued in an individual capacity for an act or omission occurring in connection with duties performed on behalf of the CFPB shall immediately notify, and deliver a copy of the summons and complaint to, the General Counsel.

   (d) The CFPB will only accept service of process for an employee sued in his or her official capacity. Documents for which the General Counsel accepts service in official capacity shall be stamped ``Service Accepted in Official Capacity Only.'' Acceptance of service shall not constitute an admission or waiver with respect to jurisdiction, propriety of service, improper venue, or any other defense in law or equity available under applicable laws or rules.

   Sec. 1070.32 Service of subpoenas, court orders, and other demands for CFPB information or action.

   (a) Except in cases in which the CFPB is represented by legal counsel who have entered an appearance or otherwise given notice of their representation, only the General Counsel is authorized to receive and accept subpoenas or other demands or requests directed to the CFPB or its employees, whether civil or criminal in nature, for:

   (1) Records of the CFPB;

   (2) Official information including, but not limited to, testimony, affidavits, declarations, admissions, responses to interrogatories, or informal statements, relating to material contained in the files of the CFPB or which any CFPB employee acquired in the course and scope of the performance of his or her official duties;

   (3) Garnishment or attachment of compensation of current or former employees; or

   (4) The performance or non-performance of any official CFPB duty.

   (b) Documents described in paragraph (a) of this section should be served upon the General Counsel, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552. Service must be effected as provided in applicable rules and regulations governing service in Federal judicial and administrative proceedings. Acceptance of such documents by the General Counsel does not constitute a waiver of any defense that might otherwise exist with respect to service under the Federal Rules of Civil or Criminal Procedure or other applicable laws or regulations.

   (c) In the event that any demand or request described in paragraph (a) of this section is sought to be delivered to a CFPB employee other than in the manner prescribed in paragraph (b) of this section, such employee shall decline service and direct the server of process to these regulations. If the demand or request is nonetheless delivered to the employee, the employee shall immediately notify, and deliver a copy of that document to, the General Counsel.

   Page 11514

   (d) Except as otherwise provided in this subpart, the CFPB is not an agent for service for, or otherwise authorized to accept on behalf of its employees, any subpoenas, orders, or other demands or requests, which are not related to the employees' official duties except upon the express, written authorization of the individual CFPB employee to whom such demand or request is directed.

   (e) Copies of any subpoenas, orders, or other demands or requests that are directed to former employees of the CFPB in connection with the performance of official CFPB duties shall also be served upon the General Counsel. The CFPB shall not, however, serve as an agent for service for the former employee, nor is the CFPB otherwise authorized to accept service on behalf of its former employees. If the demand involves their official duties as CFPB employees, former employees who receive subpoenas, orders, or similar compulsory process should also notify, and deliver a copy of the document to, the General Counsel.

   Sec. 1070.33 Testimony and production of documents prohibited unless approved by the General Counsel.

   (a) Unless authorized by the General Counsel, no employee or former employee of the CFPB shall, in response to a demand or a request provide oral or written testimony by deposition, declaration, affidavit, or otherwise concerning any official information.

   (b) Unless authorized by the General Counsel, no employee or former employee shall, in response to a demand or request, produce any document or any material acquired as part of the performance of that employee's duties or by virtue of that employee's official status.

   Sec. 1070.34 Procedure when testimony or production of documents is sought; general.

   (a) If, as part of a proceeding in which the United States or the CFPB is not a party, official information is sought through a demand for testimony, CFPB records, or other material, the party seeking such information must (except as otherwise required by Federal law or authorized by the General Counsel) set forth in writing:

   (1) The title and forum of the proceeding, if applicable;

   (2) A detailed description of the nature and relevance of the official information sought;

   (3) A showing that other evidence reasonably suited to the requester's needs is not available from any other source; and

   (4) If testimony is requested, the intended use of the testimony, a general summary of the desired testimony, and a showing that no document could be provided and used in lieu of testimony.

   (b) To the extent he or she deems necessary or appropriate, the General Counsel may also require from the party seeking such information a plan of all reasonably foreseeable demands, including but not limited to the names of all employees and former employees from whom discovery will be sought, areas of inquiry, expected duration of proceedings requiring oral testimony, identification of potentially relevant documents, or any other information deemed necessary to make a determination. The purpose of this requirement is to assist the General Counsel in making an informed decision regarding whether testimony or the production of documents or material should be authorized.

   (c) The General Counsel may consult or negotiate with an attorney for a party, or the party if not represented by an attorney, to refine or limit a request or demand so that compliance is less burdensome.

   (d) The General Counsel will notify the CFPB employee and such other persons as circumstances may warrant of his or her decision regarding compliance with the request or demand.

   Sec. 1070.35 Procedure when response to demand is required prior to receiving instructions.

   (a) If a response to a demand described in section 1070.34 of this subpart is required before the General Counsel renders a decision, the CFPB will request that the appropriate CFPB attorney or an attorney of the Department of Justice, as appropriate, take steps to stay, postpone, or obtain relief from the demand pending decision. If necessary, the attorney will:

   (1) Appear with the employee upon whom the demand has been made;

   (2) Furnish the court or other authority with a copy of the regulations contained in this subpart;

   (3) Inform the court or other authority that the demand has been, or is being, as the case may be, referred for the prompt consideration of the appropriate CFPB official; and

   (4) Respectfully request the court or authority to stay the demand pending receipt of the requested instructions.

   (b) In the event that an immediate demand for production or disclosure is made in circumstances which would preclude the proper designation or appearance of an attorney of the CFPB or the Department of Justice on the employee's behalf, the employee, if necessary, shall respectfully request from the demanding court or authority a reasonable stay of proceedings for the purpose of obtaining instructions from the General Counsel.

   Sec. 1070.36 Procedure in the event of an adverse ruling.

   If a stay or, or other relief from, the effect of a demand made pursuant to sections 1070.34 and 1070.35 of this subpart is declined or not obtained, or if the court or other judicial or quasi-judicial authority declines to stay the effect of the demand made pursuant to sections 1070.34 and 1070.35 of this subpart, or if the court or other authority rules that the demand must be complied with irrespective of the General Counsel's instructions not to produce the material or disclose the information sought, the employee upon whom the demand has been made shall respectfully decline to comply with the demand citing this subpart and United States ex rel. Touhy v. Ragen, 340 U.S. 462 (1951).

   Sec. 1070.37 Considerations in determining whether the CFPB will comply with a demand or request.

   (a) In deciding whether to comply with a demand or request, CFPB officials and attorneys shall consider, among other pertinent considerations:

   (1) Whether such compliance would be unduly burdensome or otherwise inappropriate under the applicable rules of discovery or the rules of procedure governing the case or matter in which the demand arose;

   (2) Whether the number of similar requests would have a cumulative effect on the expenditure of CFPB resources;

   (3) Whether compliance is appropriate under the relevant substantive law concerning privilege or disclosure of information;

   (4) The public interest;

   (5) The need to conserve the time of CFPB employees for the conduct of official business;

   (6) The need to avoid spending time and money of the United States for private purposes;

   (7) The need to maintain impartiality between private litigants in cases where a substantial government interest is not implicated;

   (8) Whether compliance would have an adverse effect on performance by the CFPB of its mission and duties;

   (9) The need to avoid involving the CFPB in controversial issues not related to its mission;

   (10) Compliance would interfere with supervisory examinations, compromise the CFPB's supervisory functions or programs, or undermine public confidence in supervised financial institutions; and

   Page 11515

   (11) Compliance would interfere with the CFPB's ability to monitor for risks to consumers in the offering or provision of consumer financial products and services.

   (b) Among those demands and requests in response to which compliance will not ordinarily be authorized are those with respect to which any of the following factors, inter alia, exist:

   (1) Compliance would violate a statute or applicable rule of procedure;

   (2) Compliance would violate a specific regulation or Executive order;

   (3) Compliance would reveal information properly classified in the interest of national security;

   (4) Compliance would reveal confidential or privileged commercial or financial information or trade secrets without the owner's consent;

   (5) Compliance would compromise the integrity of the deliberative processes of the CFPB;

   (6) Compliance would not be appropriate or necessary under the relevant substantive law governing privilege;

   (7) Compliance would reveal confidential information; or

   (8) Compliance would interfere with ongoing investigations or enforcement proceedings, compromise constitutional rights, or reveal the identity of a confidential informant.

   (c) The CFPB may condition disclosure of official information pursuant to a request or demand on the entry of an appropriate protective order.

   Sec. 1070.38 Prohibition on providing expert or opinion testimony.

   (a) Except as provided in this section, and subject to 5 CFR 2635.805, CFPB employees or former employees shall not provide opinion or expert testimony based upon information which they acquired in the scope and performance of their official CFPB duties, except on behalf of the CFPB or the United States or a party represented by the CFPB, or the Department of Justice, as appropriate.

   (b) Any expert or opinion testimony by a former employee of the CFPB shall be excepted from paragraph (a) of this section where the testimony involves only general expertise gained while employed at the CFPB.

   (c) Upon a showing by the requestor of exceptional need or unique circumstances and that the anticipated testimony will not be adverse to the interests of the United States, the General Counsel may, consistent with 5 CFR 2635.805, exercise his or her discretion to grant special, written authorization for CFPB employees, or former employees, to appear and testify as expert witnesses at no expense to the United States.

   (d) If, despite the final determination of the General Counsel, a court of competent jurisdiction or other appropriate authority orders the appearance and expert or opinion testimony of a current or former CFPB employee, that person shall immediately inform the General Counsel of such order. If the General Counsel determines that no further legal review of or challenge to the court's order will be made, the CFPB employee, or former employee, shall comply with the order. If so directed by the General Counsel, however, the employee, or former employee, shall respectfully decline to testify.

   Subpart D--Confidential Information

   Sec. 1070.40 Purpose and scope.

   This subpart does not apply to requests for official information made pursuant to subparts B, C, or E of this part.

   Sec. 1070.41 Non-disclosure of confidential information.

   (a) Non-disclosure. Except as required by law or as provided in this part, no current or former employee or contractor or consultant of the CFPB, or any other person in possession of confidential information, shall disclose such confidential information by any means (including written or oral communications) or in any format (including paper and electronic formats), to:

   (1) Any person who is not an employee, contractor, or consultant of the CFPB; or

   (2) Any CFPB employee, contractor, or consultant when the disclosure of such confidential information to that employee, contractor, or consultant is not relevant to the performance of the employee's, contractor's, or consultant's assigned duties.

   (b) Disclosures to contractors and consultants. CFPB contractors or consultants may receive confidential information only if such contractors or consultants certify in writing to treat such confidential information in accordance with these rules, Federal laws and regulations that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity, as well as any additional conditions or limitations that the CFPB may impose.

   (c) Disclosure of materials derived from confidential information. Nothing in this subpart shall limit the discretion of the CFPB to disclose materials that it derives from or creates using confidential information to the extent that such materials do not identify, either directly or indirectly, any particular person to whom the confidential information pertains.

   (d) Disclosability of confidential information provided to the CFPB by other agencies. Nothing in this subpart requires or authorizes the CFPB to disclose confidential information that another agency has provided to the CFPB to the extent that such disclosure contravenes applicable law or the terms of any agreement that exists between the CFPB and the agency to govern the CFPB's treatment of information that the agency provides to the CFPB.

   Sec. 1070.42 Disclosure of confidential supervisory information to supervised financial institutions and their affiliates and by supervised financial institutions and their affiliates to others.

   (a) Discretionary disclosure of confidential supervisory information to supervised financial institutions and their affiliates. The CFPB may, in its discretion, and to the extent consistent with applicable law, disclose confidential supervisory information concerning a supervised financial institution or its service providers to that supervised financial institution or to its affiliates.

   (b) Disclosure of confidential supervisory information by a supervised financial institution or its affiliates. Unless directed otherwise by the Associate Director for Supervision, Enforcement, and Fair Lending or by his or her delegee:

   (1) Any supervised financial institution lawfully in possession of confidential supervisory information of the CFPB pursuant to this section may disclose such information, or portions thereof, to its affiliates and to the following individuals to the extent that the disclosure of such confidential supervisory information is relevant to the performance of such individuals' assigned duties:

   (i) The directors, officers, trustees, members, general partners, or employees of the supervised financial institution; and

   (ii) The directors, officers, trustees, members, general partners, or employees of the affiliates of the supervised financial institution.

   (2) Any supervised financial institution or affiliate thereof that is lawfully in possession of confidential supervisory information of the CFPB pursuant to this section may disclose such information, or portions thereof, to:

   Page 11516

   (i) Its certified public accountant, legal counsel, contractor, consultant, or service provider; or

   (ii) Another person, with the prior written approval of the Associate Director for Supervision, Enforcement, and Fair Lending or his or her delegee.

   (3) Where a supervised financial institution or its affiliate discloses confidential supervisory information pursuant to this paragraph (b) of this section:

   (i) The recipient of such confidential supervisory information shall not, without the prior written approval of the Associate Director for Supervision, Enforcement, and Fair Lending or his or her delegee, utilize, make, or retain copies of, or disclose confidential supervisory information for any purpose, except as is necessary to provide advice or services to the supervised financial institution or its affiliate; and

   (ii) The supervised financial institution or affiliate disclosing the confidential supervisory information shall take reasonable steps to ensure that the recipient complies with paragraph (b)(3)(i) of this section.

   Sec. 1070.43 Disclosure of confidential information to law enforcement agencies and other government agencies.

   (a) Required disclosure of confidential information to government agencies. The CFPB shall:

   (1) Disclose a draft of a report of examination of a supervised financial institution prior to its finalization, in accordance with 12 U.S.C. 5515(e)(1)(C), and disclose a final report of examination, including any and all revisions made to such a report, to a Federal or State agency with jurisdiction over that supervised financial institution, provided that the CFPB receives from the agency reasonable assurances as to the confidentiality of the information disclosed; and

   (2) Disclose confidential consumer complaint information to a Federal or State agency to facilitate preparation of reports to Congress required by 12 U.S.C. 5493(b)(3)(C) and to facilitate the CFPB's supervision and enforcement activities and its monitoring of the market for consumer financial products and services, provided that the agency shall first give written assurance to the CFPB that it will maintain such information in confidence, including in a manner that conforms to the standards that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity.

   (b) Discretionary disclosure of confidential information to government agencies.

   (1) Upon receipt of a written request that contains the information required by paragraph (b)(2) of this section, the CFPB may, in its sole discretion, disclose confidential information to a Federal or State agency to the extent that the disclosure of the information is relevant to the exercise of the agency's statutory or regulatory authority or, with respect to the disclosure of confidential supervisory information, to a Federal or State agency having jurisdiction over a supervised financial institution.

   (2) To obtain access to confidential information pursuant to paragraph (b)(1) of this section, an authorized officer or employee of the agency shall submit a written request to the General Counsel, who shall act upon the request in consultation with the CFPB's Associate Director for Supervision, Enforcement, and Fair Lending or other appropriate CFPB personnel. The request shall include the following:

   (i) A description of the particular information, kinds of information, and where possible, the particular documents to which access is sought;

   (ii) A statement of the purpose for which the information will be used;

   (iii) A statement certifying and identifying the agency's legal authority for requesting the documents;

   (iv) A statement certifying and identifying the agency's legal authority for protecting the requested information from public disclosure; and

   (v) A certification that the agency will maintain the requested confidential information in confidence, including in a manner that conforms to the standards that apply to Federal agencies for the protection of the confidentiality of personally identifiable information and for data security and integrity, as well as any additional conditions or limitations that the CFPB may impose.

   (c) State requests for information other than confidential information. A request or demand by a State agency for information or records of the CFPB other than confidential information shall be made and considered in accordance with the rules set forth elsewhere in this part.

   (d) Negotiation of standing requests. The CFPB may negotiate terms governing the exchange of confidential information with Federal or State agencies on a standing basis, as appropriate.

   Sec. 1070.44 Disclosure of confidential consumer complaint information.

   Nothing in this part shall limit the discretion of the CFPB, to the extent permitted by law, to disclose confidential consumer complaint information as it deems necessary to investigate, resolve, or otherwise respond to consumer complaints or inquiries concerning financial institutions or consumer financial products and services.

   Sec. 1070.45 Affirmative disclosure of confidential information.

   (a) The CFPB may disclose confidential investigative information and other confidential information, in accordance with applicable law, as follows:

   (1) To a CFPB employee, as that term is defined in Sec. 1070.2 of this part and in accordance with Sec. 1070.41 of this subpart;

   (2) To either House of the Congress or to an appropriate committee or subcommittee of the Congress, as set forth in 12 U.S.C. 5562(d)(2), provided that, upon the receipt by the CFPB of a request from the Congress for confidential information that a financial institution submitted to the CFPB along with a claim that such information consists of a trade secret or privileged or confidential commercial or financial information, or confidential supervisory information, the CFPB shall notify the financial institution in writing of its receipt of the request and provide the institution with a copy of the request;

   (3) In investigational hearings and witness interviews, as is reasonably necessary, at the discretion of the CFPB;

   (4) In an administrative or court proceeding to which the CFPB is a party. In the case of confidential investigatory material that contains any trade secret or privileged or confidential commercial or financial information, as claimed by designation by the submitter of such material, or confidential supervisory information, the submitter may seek an appropriate protective or in camera order prior to disclosure of such material in a proceeding;

   (5) To law enforcement agencies and other government agencies in summary form to the extent necessary to notify such agencies of potential violations of laws subject to their jurisdiction; or

   (6) As required under any other applicable law.

   Sec. 1070.46 Other disclosures of confidential information.

   (a) To the extent permitted by law and as authorized by the Director in writing, the CFPB may disclose confidential information other than as set forth in this subpart.

   (b) Prior to disclosing confidential information pursuant to paragraph (a) of this section, the CFPB may, as it deems

   Page 11517

   appropriate under the circumstances, provide written notice to the person to whom the confidential information pertains that the CFPB intends to disclose its confidential information in accordance with this section.

   (c) The authority of the Director to disclose confidential information pursuant to paragraph (a) shall not be delegated. However, a person authorized to perform the functions of the Director in accordance with law may exercise the authority of the Director as set forth in this section.

   Sec. 1070.47 Other rules regarding the disclosure of confidential information.

   (a) Further disclosure prohibited. (1) All confidential information made available under this subpart shall remain the property of the CFPB, unless the General Counsel provides otherwise in writing.

   (2) Except as set forth in this subpart, no supervised financial institution, Federal or State agency, any officer, director, employee or agent thereof, or any other person to whom the confidential information is made available under this subpart, may further disclose such confidential information without the prior written permission of the General Counsel.

   (3) A supervised financial institution, Federal or State agency, any officer, director, employee or agent thereof, or any other person to whom the CFPB's confidential information is made available under this subpart, that receives from a third party a legally enforceable demand or request for such confidential information (including but not limited to, a subpoena or discovery request or a request made pursuant to the Freedom of Information Act, 5 U.S.C. 552, the Privacy Act of 1974, 5 U.S.C. 552a, or any State analogue to such statutes) should:

   (i) Inform the General Counsel of such request or demand in writing and provide the General Counsel with a copy of such request or demand as soon as practicable after receiving it;

   (ii) To the extent permitted by applicable law, advise the requester that:

   (A) The confidential information sought may not be disclosed insofar as it is the property of the CFPB; and

   (B) Any request for the disclosure of such confidential information is properly directed to the CFPB pursuant to its regulations set forth in this part.

   (iii) Consult with the General Counsel before complying with the request or demand, and to the extent applicable:

   (A) Give the CFPB a reasonable opportunity to respond to the demand or request;

   (B) Assert all reasonable and appropriate legal exemptions or privileges that the CFPB may request be asserted on its behalf; and

   (C) Consent to a motion by the CFPB to intervene in any action for the purpose of asserting and preserving any claims of confidentiality with respect to any confidential information.

   (4) Nothing in this section shall prevent a supervised financial institution, Federal or State agency, any officer, director, employee or agent thereof, or any other person to whom the information is made available under this subpart from complying with a legally valid and enforceable order of a court of competent jurisdiction compelling production of the CFPB's confidential information, or, if compliance is deemed compulsory, with a request or demand from either House of the Congress or a duly authorized committee of the Congress. To the extent that compulsory disclosure of confidential information occurs as set forth in this paragraph, the producing party shall use its best efforts to ensure that the requestor secures an appropriate protective order or, if the requestor is a legislative body, use its best efforts to obtain the commitment or agreement of the legislative body that it will maintain the confidentiality of the confidential information.

   (5) No person obtaining access to confidential information pursuant to this subpart may make a personal copy of any such information, and no person may remove confidential information from the premises of the institution or agency in possession of such information except as permitted under this subpart or by the CFPB.

   (b) Additional conditions and limitations. The CFPB may impose any additional conditions or limitations on disclosure or use under this subpart that it determines are necessary.

   (c) Non-waiver. (1) In General. The CFPB shall not be deemed to have waived any privilege applicable to any information by transferring that information to, or permitting that information to be used by, any Federal or State agency.

   (2) Rule of Construction. Paragraph (c)(1) of this section shall not be construed as implying that any person waives any privilege applicable to any information because paragraph (c)(1) of this section does not apply to the transfer or use of that information.

   Sec. 1070.48 Privileges not affected by disclosure to the CFPB.

   (a) In General. The submission by any person of any information to the CFPB for any purpose in the course of any supervisory or regulatory process of the CFPB shall not be construed as waiving, destroying, or otherwise affecting any privilege such person may claim with respect to such information under Federal or State law as to any person or entity other than the CFPB.

   (b) Rule of Construction. Paragraph (a) of this section shall not be construed as implying or establishing that--

   (1) Any person waives any privilege applicable to information that is submitted or transferred under circumstances to which paragraph (a) of this section does not apply; or

   (2) Any person would waive any privilege applicable to any information by submitting the information to the CFPB but for this section.

   Subpart E--The Privacy Act

   Sec. 1070.50 Purpose and scope; definitions.

   (a) This subpart implements the provisions of the Privacy Act of 1974, 5 U.S.C. 552a (the Privacy Act). The regulations apply to all records maintained by the CFPB and which are retrieved by an individual's name or personal identifier. The regulations set forth the procedures for requests for access to, or amendment of, records concerning individuals that are contained in systems of records maintained by the CFPB. These regulations should be read in conjunction with the Privacy Act, which provides additional information about this topic.

   (b) For purposes of this subpart, the following definitions apply:

   (1) The term Chief Privacy Officer means the Chief Information Officer of the CFPB or any CFPB employee to whom the Chief Information Officer has delegated authority to act under this part;

   (2) The term guardian means the parent of a minor, or the legal guardian of any individual who has been declared to be incompetent due to physical or mental incapacity or age by a court of competent jurisdiction;

   (3) Individual means a citizen of the United States or an alien lawfully admitted for permanent residence;

   (4) Maintain includes maintain, collect, use, or disseminate;

   (5) Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voiceprint or a photograph;

   Page 11518

   (6) Routine use means the disclosure of a record that is compatible with the purpose for which it was collected;

   (7) System of records means a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual; and

   (8) Statistical record means a record in a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making any determination about an identifiable individual, except as provided by 13 U.S.C. 8.

   Sec. 1070.51 Authority and responsibilities of the Chief Privacy Officer.

   The Chief Privacy Officer is authorized to:

   (a) Respond to requests for access to, accounting of, or amendment of records contained in a system of records maintained by the CFPB;

   (b) Approve the publication of new systems of records and amend existing systems of record; and

   (c) File any necessary reports related to the Privacy Act.

   Sec. 1070.52 Fees.

   (a) Copies of records. The CFPB shall provide the requester with copies of records requested pursuant to Sec. 1070.53 of this subpart at the same cost charged for duplication of records under Sec. 1070.22 of this part.

   (b) No fee. The CFPB will not charge a fee if:

   (1) Total charges associated with a request are less than $5, or

   (2) The requester is a CFPB employee or former employee, or an applicant for employment with the CFPB, and the request pertains to that employee, former employee, or applicant.

   Sec. 1070.53 Request for access to records.

   (a) Procedures for making a request for access to records. An individual's requests for access to records that pertain to that individual (or to the individual for whom the requester serves as guardian) may be submitted to the CFPB in writing or by electronic means.

   (1) If submitted in writing, the request shall be labeled ``Privacy Act Request'' and shall be addressed to the Chief Privacy Officer, Consumer Financial Protection Bureau, 1700 G Street NW., Washington, DC 20552.

   (2) If submitted by electronic means, the request shall be labeled ``Privacy Act Request'' and the request shall be submitted as set forth at the CFPB's Web site, http://www.consumerfinance.gov.

   (b) Content of a request for access to records. A request for access to records shall include:

   (1) A statement that the request is made pursuant to the Privacy Act;

   (2) The name of the system of records that the requester believes contains the record requested, or a description of the nature of the record sought in detail sufficient to enable CFPB personnel to locate the system of records containing the record with a reasonable amount of effort;

   (3) Whenever possible, a description of the nature of the record sought, the date of the record or the period in which the requester believes that the record was created, and any other information that might assist the CFPB in identifying the record sought (e.g., maiden name, dates of employment, account information, etc.).

   (4) Information necessary to verify the requester's identity pursuant to paragraph (c) of this section;

   (5) The mailing or email address where the CFPB's response or further correspondence should be sent.

   (c) Verification of identity. To obtain access to the CFPB's records pertaining to a requester, the requester shall provide proof to the CFPB of the requester's identity as provided below.

   (1) In general, the following will be considered adequate proof of a requester's identity:

   (i) A photocopy of two forms of identification, including one form of identification that bears the requester's photograph, and one form of identification that bears the requester's signature;

   (ii) A photocopy of a single form of identification that bears both the requester's photograph and signature; or

   (iii) A statement swearing or affirming the requester's identity and to the fact that the requester understands the penalties provided in 5 U.S.C. 552a(i)(3).

   (2) Notwithstanding paragraph (c)(1) of this section, a designated official may require additional proof of the requester's identity before action will be taken on any request, if such official determines that it is necessary to protect against unauthorized disclosure of information in a particular case. In addition, if a requester seeks records pertaining to an individual in the requester's capacity as that individual's guardian, the requester shall be required to provide adequate proof of the requester's legal relationship before action will be taken on any request.

   (d) Request for accounting of previous disclosures. An individual may request an accounting of previous disclosures of records pertaining to that individual in a system of records as provided in 5 U.S.C. 552a(c). Such requests should conform to the procedures and form for requests for access to records set forth in paragraphs (a) and (b) of this section.

   Sec. 1070.54 CFPB procedures for responding to a request for access.

   (a) Acknowledgment and response. The CFPB will provide written acknowledgement of the receipt of a request within twenty (20) business days from the receipt of the request and will, where practicable, respond to each request within that twenty (20) day period. When a full response is not practicable within the twenty (20) day period, the CFPB will respond as promptly as possible.

   (b) Disclosure. (1) When the CFPB discloses information in response to a request, the CFPB will make the information available for inspection and copying during regular business hours as provided in Sec. 1070.13 of this part, or the CFPB will mail it or email it the requester, if feasible, upon request.

   (2) The requester may bring with him or her anyone whom the requester chooses to see the requested material. All visitors to the CFPB's buildings must comply with the applicable security procedures.

   (c) Denial of a request. If the CFPB denies a request made pursuant to Sec. 1070.53 of this subpart, it will inform the requester in writing of the reason(s) for denial and the procedures for appealing the denial.

   Sec. 1070.55 Special procedures for medical records.

   If an individual requests medical or psychological records pursuant to Sec. 1070.53 of this subpart, the CFPB will disclose them directly to the requester unless the CFPB determines that such disclosure could have an adverse effect on the requester. If the CFPB makes that determination, the CFPB shall provide the information to a licensed physician or other appropriate representative that the requester designates, who shall disclose those records to the requester in a manner he or she deems appropriate.

   Sec. 1070.56 Request for amendment of records.

   (a) Procedures for making request. (1) If an individual wishes to amend a record that pertains to that individual in a system of records, that individual may submit a request in writing or by electronic means to the Chief Privacy Officer, as set forth in Sec. 1070.53(a). The request shall be labeled ``Privacy Act Amendment Request.''

   (2) A request for amendment of a record must:

   Page 11519

   (i) Identify the system of records containing the record for which amendment is requested;

   (ii) Specify the portion of that record requested to be amended; and

   (iii) Describe the nature and reasons for each requested amendment.

   (3) When making a request for amendment of a record, the CFPB will require a requester to verify his or her identity under the procedures set forth in Sec. 1070.53(c) of this subpart, unless the requester has already done so in a related request for access or amendment.

   (b) Burden of proof. In a request for amendment of a record, the requester bears the burden of proving by a preponderance of the evidence that the record is not accurate, relevant, timely, or complete.

   Sec. 1070.57 CFPB review of a request for amendment of records.

   (a) Time limits. The CFPB will acknowledge a request for amendment of records within ten (10) business days after it receives the request. In the acknowledgment, the CFPB may request additional information necessary for a determination on the request for amendment. The CFPB will make a determination on a request to amend a record promptly.

   (b) Contents of response to a request for amendment. When the CFPB responds to a request for amendment, the CFPB will inform the requester in writing whether the request is granted or denied, in whole or in part. If the CFPB grants the request, it will take the necessary steps to amend the record and, when appropriate and possible, notify prior recipients of the record of its action. If the CFPB denies the request, in whole or in part, it will inform the requester in writing:

   (1) Why the request (or portion of the request) was denied;

   (2) That the requester has a right to appeal; and

   (3) How to file an appeal.

   Sec. 1070.58 Appeal of adverse determination of request for access or amendment.

   (a) Appeal. A requester may appeal a denial of a request made pursuant to Sec. Sec. 1070.53 or 1070.56 of this subpart within ten (10) business days after the CFPB notifies the requester that it has denied the request.

   (b) Content of Appeal. A requester may submit an appeal in writing or by electronic means as set forth in Sec. 1070.53(a). The appeal shall be addressed to the General Counsel and labeled ``Privacy Act Appeal.'' The appeal must also:

   (1) Specify the background of the request; and

   (2) Provide reasons why the requester believes the denial is in error.

   (c) Determination. The General Counsel will make a determination as to whether to grant or deny an appeal within thirty (30) business days from the date it is received, unless the General Counsel extends the time for good cause.

   (1) If the General Counsel grants an appeal regarding a request for amendment, he or she will take the necessary steps to amend the record and, when appropriate and possible, notify prior recipients of the record of its action.

   (2) If the General Counsel denies an appeal, he or she will inform the requester of such determination in writing, including the reasons for the denial, and the requester's right to file a statement of disagreement and to have a court review its decision.

   (d) Statement of disagreement. (1) If the General Counsel denies an appeal regarding a request for amendment, a requester may file a concise statement of disagreement with the denial. The CFPB will maintain the requester's statement with the record that the requester sought to amend and any disclosure of the record will include a copy of the requester's statement of disagreement.

   (2) When practicable and appropriate, the CFPB will provide a copy of the statement of disagreement to any prior recipients of the record.

   Sec. 1070.59 Restrictions on disclosure.

   The CFPB will not disclose any record about an individual contained in a system of records to any person or agency without the prior written consent of that individual unless the disclosure is authorized by 5 U.S.C. 552a(b). Disclosures authorized by 5 U.S.C. 552a(b) include disclosures that are compatible with one or more routine uses that are contained within the CFPB's Systems of Records Notices, which are available on the CFPB's Web site, at http://www.consumerfinance.gov.

   Sec. 1070.60 Exempt records.

   (a) Exempt systems of records. Pursuant to 5 U.S.C. 552a(k)(2), the CFPB exempts the systems of records listed below from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G)-(H), and (f), and Sec. Sec. 1070.53 through 1070.59 of this subpart, to the extent that such systems of records contain investigatory materials compiled for law enforcement purposes, provided, however, that if any individual is denied any right, privilege, or benefit to which he or she would otherwise be entitled under Federal law, or for which he or she would otherwise be eligible as a result of the maintenance of such material, such material shall be disclosed to such individual, except to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the CFPB under an express promise that the identity of the source would be held in confidence:

   (1) CFPB.002 Depository Institution Supervision Database

   (2) CFPB.003 Non-Depository Institution Supervision Database

   (3) CFPB.004 Enforcement Database

   (4) CFPB.005 Consumer Response System

   (b) Information compiled for civil actions or proceedings. This subpart does not permit an individual to have access to any information compiled in reasonable anticipation of a civil action or proceeding.

   Sec. 1070.61 Training; rules of conduct; penalties for non-

   compliance.

   (a) Training. The Chief Privacy Officer shall institute a training program to instruct CFPB employees and employees of Government contractors covered by 5 U.S.C. 552a(m), who are involved in the design, development, operation, or maintenance of any CFPB system of records, on a continuing basis with respect to the duties and responsibilities imposed on them and the rights conferred on individuals by the Privacy Act, the regulations in this subpart, and any other related regulations. Such training shall provide suitable emphasis on the civil and criminal penalties imposed on the CFPB and the individual employees by the Privacy Act for non-compliance with specified requirements of the Act as implemented by the regulations in this subpart.

   (b) Rules of conduct. The following rules of conduct are applicable to employees of the CFPB (including, to the extent required by the contract or 5 U.S.C. 552a(m), Government contractors and employees of such contractors), who are involved in the design, development, operation or maintenance of any system of records, or in maintain any records, for or on behalf of the CFPB.

   (1) The head of each office of the CFPB shall be responsible for assuring that employees subject to such official's supervision are advised of the provisions of the Privacy Act, including the criminal penalties and civil liabilities provided therein, and the regulations in this subpart, and that such employees are made aware of their individual and collective responsibilities to protect the security of personal information, to assure its

   Page 11520

   accuracy, relevance, timeliness and completeness, to avoid unauthorized disclosure either orally or in writing, and to insure that no system of records is maintained without public notice.

   (2) Employees of the CFPB involved in the design, development, operation, or maintenance of any system of records, or in maintaining any record shall:

   (i) Collect no information of a personal nature from individuals unless authorized to collect it to achieve a function or carry out a responsibility of the CFPB;

   (ii) Collect information, to the extent practicable, directly from the individual to whom it relates;

   (iii) Inform each individual asked to supply information, on the form used to collect the information or on a separate form that can be retained by the individual of--

   (A) The authority (whether granted by statute, or by executive order of the President) which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary;

   (B) The principal purpose or purposes for which the information is intended to be used;

   (C) The routine uses which may be made of the information, as published pursuant to 5 U.S.C. 552a(e)(4)(D); and

   (D) The effects on the individual, if any, of not providing all or any part of the requested information.

   (iv) Not collect, maintain, use or disseminate information concerning an individual's religious or political beliefs or activities or membership in associations or organizations, unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity;

   (v) Advise their supervisors of the existence or contemplated development of any record system which is capable of retrieving information about individuals by individual identifier;

   (vi) Assure that no records maintained in a CFPB system of records are disseminated without the permission of the individual about whom the record pertains, except when authorized by 5 U.S.C. 552a(b);

   (vii) Maintain and process information concerning individuals with care in order to insure that no inadvertent disclosure of the information is made either within or without the CFPB;

   (viii) Prior to disseminating any record about an individual to any person other than an agency, unless the dissemination is made pursuant to 5 U.S.C. 552a(b)(2) of this section, make reasonable efforts to assure that such records are accurate, complete, timely, and relevant for agency purposes; and

   (ix) Assure that an accounting is kept in the prescribed form, of all dissemination of personal information outside the CFPB, whether made orally or in writing, unless disclosed under 5 U.S.C. 552 or subpart B of this part.

   (3) The head of each office of the CFPB shall, at least annually, review the record systems subject to their supervision to insure compliance with the provisions of the Privacy Act of 1974 and the regulations in this subpart.

   Sec. 1070.62 Preservation of records.

   The CFPB will preserve all correspondence pertaining to the requests that it receives under this part, as well as copies of all requested records, until disposition or destruction is authorized by title 44 of the United States Code or the National Archives and Records Administration's General Records Schedule 14. Records will not be disposed of or destroyed while they are the subject of a pending request, appeal, proceeding, or lawsuit.

   Sec. 1070.63 Use and collection of social security numbers.

   The CFPB will ensure that employees authorized to collect information are aware:

   (a) That individuals may not be denied any right, benefit, or privilege as a result of refusing to provide their social security numbers, unless the collection is authorized either by a statute or by a regulation issued prior to 1975; and

   (b) That individuals requested to provide their social security numbers must be informed of:

   (1) Whether providing social security numbers is mandatory or voluntary;

   (2) Any statutory or regulatory authority that authorizes the collection of social security numbers; and

   (3) The uses that will be made of the numbers.

   Dated: January 15, 2013.

   Richard Cordray,

   Director, Bureau of Consumer Financial Protection.

   FR Doc. 2013-01737 Filed 2-14-13; 8:45 am

   BILLING CODE 4810-AM-P