2016-12858

Federal Register, Volume 81 Issue 105 (Wednesday, June 1, 2016)

[Federal Register Volume 81, Number 105 (Wednesday, June 1, 2016)]

[Notices]

[Pages 35001-35003]

From the Federal Register Online via the Government Publishing Office [www.gpo.gov]

[FR Doc No: 2016-12858]

=======================================================================

-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION

Agency Information Collection Activities: Notice of Intent To

Renew Collection 3038-0067, Part 162 Subpart C--Identify Theft Red

Flags

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Commodity Futures Trading Commission (``CFTC'' or

``Commission'') is announcing an opportunity for public comment on the

proposed renewal of a collection of certain information by the agency.

Under the Paperwork Reduction Act (``PRA''), Federal agencies are

required to publish notice in the Federal Register concerning each

proposed collection of information, including each proposed extension

of an existing collection of information, and to allow 60 days for

public comment. This notice solicits comments on the duties of CFTC

registrants to design, develop and implement reasonable policies and

procedures to identify relevant red flags (the ``Identity Theft Red

Flags Rules''), and potentially to notify cardholders of identity theft

risks. Regulations in part 162 subpart C--Identify Theft Red Flags,

including the information collection requirements thereunder, are

designed to better protect investors from the risks of identity theft,

and, in the case of entities that issue credit or debit cards, to

assess the validity of, and communicate with cardholders regarding,

address changes.

DATES: Comments must be submitted on or before August 1, 2016.

ADDRESSES: You may submit comments, identified by ``Part 162 Subpart

C--Identify Theft Red Flags; OMB Control No. 3038-0067,'' by any of the

following methods:

The Agency's Web site, at http://comments.cftc.gov/.

Follow the instructions for submitting comments through the Web site.

Mail: Christopher Kirkpatrick, Secretary of the

Commission, Commodity Futures Trading Commission, Three Lafayette

Centre, 1155 21st Street NW., Washington, DC 20581.

Hand Delivery/Courier: Same as Mail above.

Federal eRulemaking Portal: http://www.regulations.gov/.

Follow the instructions for submitting comments through the Portal.

Please submit your comments using only one method.

All comments must be submitted in English, or if not, accompanied

by an English translation. Comments will be posted as received to

http://www.cftc.gov.

FOR FURTHER INFORMATION CONTACT: Sue McDonough, Office of General

Counsel, Commodity Futures Trading Commission, 1155 21st Street NW.,

Washington, DC 20581; (202) 418-5132, email: [email protected].

SUPPLEMENTARY INFORMATION: Under the PRA, Federal agencies must obtain

approval from the Office of Management and Budget (OMB) for each

collection of information they conduct or sponsor. ``Collection of

Information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3 and

includes agency requests or requirements that members of the public

submit reports, keep records, or provide information to a third party.

Section 3506(c)(2)(A) of the PRA, 44 U.S.C. 3506(c)(2)(A), requires

Federal agencies to provide a 60-day notice in the Federal Register

concerning each proposed collection of information before submitting

the collection to OMB for approval. To comply with this requirement,

the CFTC is publishing notice of the proposed collection of information

listed below.

Title: Part 162 Subpart C--Identify Theft Red Flags (OMB Control

No. 3038-0067). This is a request for extension of a currently approved

information collection.

Abstract: This collection of information is needed because under

part 162 subpart C--Identify Theft, CFTC-regulated entities are

required to develop and implement reasonable policies and procedures to

identify,

[[Page 35002]]

detect, and respond to relevant red flags (the Identity Theft Red Flags

Rules) and, in the case of entities that issue credit or debit cards,

to assess the validity of, and communicate with cardholders regarding,

address changes. Section 162.30 includes the following information

collection requirements for each CFTC-regulated entity that qualifies

as a ``financial institution'' or ``creditor'' under and that offers or

maintains covered accounts: (i) Creation and periodic updating of an

identity theft prevention program (``Program'') that is approved by the

board of directors, an appropriate committee thereof, or a designated

senior management employee; (ii) periodic staff reporting to the board

of directors on compliance with the Identity Theft Red Flags Rules and

related guidelines; and (iii) training of staff to implement the

Program. Section 162.32 includes the following information collection

requirements for each CFTC-regulated entity that is a credit or debit

card issuer: (i) Establishment of policies and procedures that assess

the validity of a change of address notification if a request for an

additional or replacement card on the account follows soon after the

address change; and (ii) notification of a cardholder, before issuance

of an additional or replacement card, at the previous address or

through some other previously agreed-upon form of communication, or

alternatively, assessment of the validity of the address change request

through the entity's established policies and procedures. The

Commission uses the collection of information to discharge its

regulatory responsibilities to protect investors from the risks of

identity theft.

With respect to the collection of information, the CFTC invites

comments on:

Whether the proposed collection of information is

necessary for the proper performance of the functions of the CFTC,

including whether the information will have a practical use;

The accuracy of the CFTC's estimate of the burden of the

proposed collection of information, including the validity of the

methodology and assumptions used;

Ways to enhance the quality, usefulness, and clarity of

the information to be collected; and

Ways to minimize the burden of collection of information

on those who are to respond, including through the use of appropriate

automated electronic, mechanical, or other technological collection

techniques or other forms of information technology; e.g., permitting

electronic submission of responses.

You should submit only information that you wish to make available

publicly. If you wish the CFTC to consider information that you believe

is exempt from disclosure under the Freedom of Information Act, a

petition for confidential treatment of the exempt information may be

submitted according to the procedures established in Sec. 145.9 of the

CFTC's regulations.\1\

---------------------------------------------------------------------------

\1\ 17 CFR 145.9.

---------------------------------------------------------------------------

The CFTC reserves the right, but shall have no obligation, to

review, pre-screen, filter, redact, refuse or remove any or all of your

submission from http://www.cftc.gov that it may deem to be

inappropriate for publication, such as obscene language. All

submissions that have been redacted or removed that contain comments on

the merits of the ICR will be retained in the public comment file and

will be considered as required under the Administrative Procedure Act

and other applicable laws, and may be accessible under the Freedom of

Information Act.

Burden Statement: CFTC staff estimates of the hour burdens

associated with section 162.30 include the one-time burden of complying

with this section for newly-formed CFTC-regulated entities, as well as

the ongoing costs of compliance for all CFTC-regulated entities. With

respect to the one-time burden hours, staff estimates that each newly-

formed financial institution or creditor would incur a burden of 2

hours to conduct an initial assessment of covered accounts. Staff

estimates that approximately 572 CFTC-regulated financial institutions

and creditors are newly formed each year, and the total estimated one-

time burden to initially assess covered accounts is therefore 1,144

hours. Staff also estimates that each financial institution or creditor

that maintains covered accounts would incur an additional initial

burden of 29 hours to develop and obtain board approval of a Program

and hours to train the staff of the financial institution or creditor.

Staff estimates that approximately 47 \2\ CFTC-regulated financial

institutions and creditors that maintain covered accounts are newly

formed each year, and thus the total estimated one-time burden to

develop and obtain board approval of a Program and train staff is 1,363

hours. Thus, the total initial estimated burden for all newly-formed

CFTC-regulated entities is 2,507 hours (1,144 hours + 1,363 hours).

---------------------------------------------------------------------------

\2\ Based on a review of new registrations typically filed with

the CFTC each year, CFTC staff estimates that approximately 6

futures commission merchants (``FCMs''), 83 introducing brokers

(``IBs''), 282 commodity trading advisors (``CTAs''), 198 commodity

pool operators (``CPOs''), and 3 swap dealers (``SDs'') are newly

formed each year, for a total of 572 entities. CFTC staff also has

observed that approximately 50 percent of all CPOs are dually

registered as CTAs, thus half of the 198 CPOs or 99 CPOs are

excluded from the calculation. With respect to retail forex dealers

(``RFEDs''), CFTC staff has observed that all entities registering

as RFEDs also register as FCMs. Based on these observation, CFTC has

determined that the total number of newly-formed financial

institutions and creditors is 473 (572-99 CPOs that are also

registered as CTAs). There were no newly registered RFEDs or MSPs.

Each of these 473 financial institutions or creditors would bear the

initial one-time burden of compliance.

Of the total 473 newly-formed entities, staff estimates that all

of the FCMs are likely to carry covered accounts, 10 percent of CTAs

and CPOs are likely to carry covered accounts, and none of the IBs

are likely to carry covered accounts, for a total of 44 newly-formed

financial institutions or creditors (6 FCMs, 38 CPOS and CTAs, and 3

SDs) carrying covered accounts that would be required to conduct an

initial one-time burden of compliance with subpart C of part 162.

---------------------------------------------------------------------------

With respect to ongoing annual burden hours, CFTC staff estimates

that each financial institution or creditor would incur a burden of 2

hours to periodically assess whether it offers or maintains covered

accounts. Staff estimates that there are approximately 3,956 CFTC-

regulated entities that are either financial institutions or creditors,

and the total estimated annual burden to periodically assess covered

accounts is therefore 7,912 hours. Staff also estimates that each

financial institution or creditor that maintains covered accounts would

incur an additional annual burden of 4 hours to prepare and present an

annual report to the board and 2 hours to periodically review and

update the Program. Staff estimates that there are approximately 47

CFTC-regulated entities that are financial institutions or creditors

that offer or maintain covered accounts, and thus the total estimated

additional annual burden for these entities is 282 hours. Thus, the

total ongoing annual estimated burden for all CFTC-regulated entities

is 8,194 hours (7912 hours + 282 hours).

The collections of information required by section 162.32 will

apply only to CFTC-regulated entities that issue credit or debit cards.

CFTC staff understands that CFTC-regulated entities generally do not

issue credit or debit cards, but instead may partner with other

entities, such as banks, that issue cards on their behalf. These other

entities, which are not regulated by the CFTC, are already subject to

substantially similar change of address obligations pursuant to other

federal regulators' identity theft red flags rules. Therefore, staff

does not expect that any CFTC-regulated entities will be subject to the

information collection requirements of section 163.32, and

[[Page 35003]]

accordingly, staff estimates that there is no hour burden related to

section 162.32 for CFTC-regulated entities.

In total, CFTC staff estimates that the aggregate annual

information collection burden of part 162 subpart C--Identity Theft is

10,701 hours (2,507 hours + 8,194 hours). Compliance with part 162

subpart C--Identity Theft, including compliance with the information

collection requirements thereunder, is mandatory for each CFTC

regulated entity that qualifies as a ``financial institution'' or

``creditor'' under Part 162 Subpart C--Identity Theft (as discussed

above, certain collections of information under Part 162 Subpart C--

Identity Theft are mandatory only for financial institutions or

creditors that offer or maintain covered accounts).

Frequency of collection: Ongoing. There are no capital costs or

operating and maintenance costs associated with this collection.

Authority: 44 U.S.C. 3501 et seq.

Dated: May 26, 2016.

Robert N. Sidman,

Deputy Secretary of the Commission.

[FR Doc. 2016-12858 Filed 5-31-16; 8:45 am]

BILLING CODE 6351-01-P

 

Last Updated: June 1, 2016