CFPB.030—Nonbank Registry

Privacy Act of 1974; System of Records

Dates

Comments must be received no later than August 23, 2024. The new system of records will be effective August 23, 2024 unless the comments received result in a contrary determination.

Supplementary Information

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the CFPB is establishing a new system of records titled, "CFPB.030, Nonbank Registry." On June 3, 2024, the CFPB published the Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders Final Rule (Orders Rule) pursuant to sections 1022 and 1024 of the Consumer Financial Protection Act (CFPA) of 2010. The Orders Rule imposes specific requirements on "covered nonbanks," as that term is defined in section 1092.201(d) of the Orders Rule. Covered nonbanks are generally required to register "covered orders," as that term is defined in section 1092.201(e) of the Orders Rule, that remain in or take effect on or after the Orders Rule's effective date.

The CFPB's exercise of its nonbank registration rulemaking authority expands the category of individuals and records collected and maintained on nonbanks to include those required to register with the CFPB to enable the Bureau to monitor and reduce the risks to consumers posed by these institutions more effectively. The registry also allows the Bureau to monitor trends in enforcement and more effectively utilize Bureau resources. To this end, the CFPB has created the Nonbank Registry portal to facilitate the registration process and information collection maintained in the Nonbank Registry system of records for nonbanks that are required to register with the CFPB in accordance with current or subsequent CFPB regulations. Finally, the CFPB may publish certain information collected and maintained in the Nonbank Registry system of records as is in the public interest and in accordance with CFPB regulations.

SYSTEM NAME AND NUMBER:

CFPB.030-Nonbank Registry.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552.

SYSTEM MANAGER(S):

Program Director, Systems and Registrations Team, Office of Supervision, Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Public Law 111-203, title X, sections 1022 and 1024, codified at 12 U.S.C. 5512 and 5514.

PURPOSE(S) OF THE SYSTEM:

The purposes of the Nonbank Registry are: (1) To effectively monitor and understand financial markets related to nonbanks or nonbank institutions; (2) To monitor for risks to consumers in the offering or provision of consumer financial products or services; (3) To facilitate the CFPB's risk-based nonbank supervision program; (4) To ensure that registered nonbanks subject to the CFPB's supervisory authority are legitimate entities and are able to perform their obligations to consumers, including their obligations under Federal consumer financial law; and (5) To maintain a central public registry of information on nonbanks to facilitate public awareness and oversight.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The CFPB collects and maintains information on the following individuals:

• Authorized representatives acting on behalf of nonbanks who are authorized to submit information to the Nonbank Registry portal;
• Attesting executives;

• Individuals ( e.g., consenting party, defendant) listed or included in a covered order and related public records, such as court or agency documents, or other documents provided to the registry;

• Individuals, including authorized representatives who submit a question via the Nonbank Registry portal about related regulations or that require technical assistance with the Nonbank Registry; and
• CFPB staff assigned to maintain the Nonbank Registry, including system developers, system administrators, and similar system stakeholders who support the Nonbank Registry and program operations.

CATEGORIES OF RECORDS IN THE SYSTEM:

Categories of records maintained in this Nonbank Registry include:

• Full names and business contact information ( e.g., business title, email address, and phone number) for authorized representatives and attesting executives provided during the registration process;

• Information related to individuals associated with nonbanks found in submitted documents, such as covered orders and related public records, such as court or agency documents, or other documents provided to the Nonbank Registry;
• Annual written statements signed by an attesting executive (or executives) and notification/confirmation of non-registration;

• Names and contact information ( e.g., phone number, email address) of individuals, along with question submitted about related regulations or that require technical assistance with the Nonbank Registry; and

• Access records to CFPB computers and networks ( e.g., external facing portals) containing usernames and passwords and first and last names of CFPB staff and external users authorized to access the Nonbank Registry, and other audit-related information, such as date and time stamps of submissions via the Nonbank Registry portal, and information regarding reconciliation or correction of errors.

RECORD SOURCE CATEGORIES:

The information in the Nonbank Registry system of records is collected directly from covered nonbanks and the authorized representatives and executives acting on behalf of the covered nonbanks; CFPB staff; and from individuals that submit questions via the Nonbank Registry portal about related regulations or that require technical assistance.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, and consistent with the CFPB's Disclosure of Records and Information Rules, promulgated at 12 CFR part 1070, all or a portion of the records or information contained in this system may be disclosed outside the CFPB as a routine use to:

(1) Appropriate agencies, entities, and persons when (a) the Bureau suspects or has confirmed that there has been a breach of the system of records; (b) the Bureau has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Bureau (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Bureau's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(2) Another Federal agency or entity, when the Bureau determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal government, or national security, resulting from a suspected or confirmed breach.

(3) Another Federal or State agency to (a) permit a decision as to access, amendment, or correction of records to be made in consultation with or by that agency, or (b) verify the identity of an individual or the accuracy of information submitted by an individual who has requested access to or amendment or correction of records.

(4) The Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf.

(5) Congressional offices in response to an inquiry made at the request of the individual to whom the record pertains.

(6) Contractors, agents, or other authorized individuals performing work on a contract, service, cooperative agreement, job, or other activity on behalf of the Bureau or the U.S. Government and who have a need to access the information in the performance of their mission, including duties or activities.

(7) The Department of Justice (DOJ) for its use in providing legal advice to the Bureau or in representing the Bureau in a proceeding before a court, adjudicative body, or other administrative body, where the use of such information by the DOJ is deemed by the Bureau to be relevant and necessary to the advice or proceeding, and such proceeding names as a party in interest:

(a) The CFPB;

(b) Any employee of the Bureau in their official capacity;

(c) Any employee of the Bureau in their individual capacity where DOJ has agreed to represent the employee; or

(d) The United States, where the CFPB determines that litigation is likely to affect the Bureau or any of its components.

(8) Appropriate Federal, State, local, foreign, Tribal, or self-regulatory organizations or agencies responsible for investigating, prosecuting, enforcing, implementing, issuing, or carrying out a statute, rule, regulation, order, policy, or license if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order, policy, or license.

(9) To the National Archives and Records Administration (NARA) or other Federal Government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

(10) A grand jury pursuant either to a Federal or State grand jury subpoena, or to a prosecution request that such record be released for the purpose of its introduction to a grand jury, where the subpoena or request has been specifically approved by a court. In those cases where the Federal Government is not a party to the proceeding, records may be disclosed if a subpoena has been signed by a judge.

(11) A court, magistrate, or administrative tribunal in the course of an administrative proceeding or judicial proceeding, including disclosures to opposing counsel or witnesses (including expert witnesses) in the course of discovery or other pre-hearing exchanges of information, litigation, or settlement negotiations, where relevant or potentially relevant to a proceeding, or in connection with criminal law proceedings.

(12) To members of the public as is in the public interest in accordance with 12 CFR part 1092. Such disclosure would be limited to the names and titles of attesting executives and individuals listed or included in a covered order and related public records, such as court or agency documents, or other documents provided to the registry.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The records are maintained in electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records maintained in this system of records are retrievable using a personal identifier, including an individual's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records contained within the Nonbank Registry system of records are considered unscheduled and will be maintained as permanent until there is an approved records schedule for the Nonbank Registry.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

External access to the Nonbank Registry via the portal for nonbank user accounts is limited to the nonbank that created the account with the CFPB. Nonbanks will login with a username and password using multi-factor authentication. Internal access to electronic records is restricted to authorized CFPB staff based on role-based access controls using multi-factor authentication.

RECORD ACCESS PROCEDURES:

Individuals seeking access to any record contained in this system of records may inquire in writing in accordance with instructions in 12 CFR 1070.50 et seq. Address such requests to: Chief Privacy Officer, Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552. Instructions are also provided on the Bureau website: https://www.consumerfinance.gov/foia-requests/submit-request/.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest the content of any record contained in this system of records may inquire in writing in accordance with instructions in 12 CFR 1070.50 et seq. Address such requests to: Chief Privacy Officer, Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552. Instructions are also provided on the Bureau website: https://www.consumerfinance.gov/privacy/amending-and-correcting-records-under-privacy-act/.

NOTIFICATION PROCEDURES:

See "Record Access Procedures" above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

This is a new system of records.

[FR Doc. 2024-16245 Filed 7-23-24; 8:45 am]

BILLING CODE 4810-AM-P