2016-12858
Federal Register, Volume 81 Issue 105 (Wednesday, June 1, 2016)
[Federal Register Volume 81, Number 105 (Wednesday, June 1, 2016)]
[Notices]
[Pages 35001-35003]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-12858]
=======================================================================
-----------------------------------------------------------------------
COMMODITY FUTURES TRADING COMMISSION
Agency Information Collection Activities: Notice of Intent To
Renew Collection 3038-0067, Part 162 Subpart C--Identify Theft Red
Flags
AGENCY: Commodity Futures Trading Commission.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Commodity Futures Trading Commission (``CFTC'' or
``Commission'') is announcing an opportunity for public comment on the
proposed renewal of a collection of certain information by the agency.
Under the Paperwork Reduction Act (``PRA''), Federal agencies are
required to publish notice in the Federal Register concerning each
proposed collection of information, including each proposed extension
of an existing collection of information, and to allow 60 days for
public comment. This notice solicits comments on the duties of CFTC
registrants to design, develop and implement reasonable policies and
procedures to identify relevant red flags (the ``Identity Theft Red
Flags Rules''), and potentially to notify cardholders of identity theft
risks. Regulations in part 162 subpart C--Identify Theft Red Flags,
including the information collection requirements thereunder, are
designed to better protect investors from the risks of identity theft,
and, in the case of entities that issue credit or debit cards, to
assess the validity of, and communicate with cardholders regarding,
address changes.
DATES: Comments must be submitted on or before August 1, 2016.
ADDRESSES: You may submit comments, identified by ``Part 162 Subpart
C--Identify Theft Red Flags; OMB Control No. 3038-0067,'' by any of the
following methods:
The Agency's Web site, at http://comments.cftc.gov/.
Follow the instructions for submitting comments through the Web site.
Mail: Christopher Kirkpatrick, Secretary of the
Commission, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW., Washington, DC 20581.
Hand Delivery/Courier: Same as Mail above.
Federal eRulemaking Portal: http://www.regulations.gov/.
Follow the instructions for submitting comments through the Portal.
Please submit your comments using only one method.
All comments must be submitted in English, or if not, accompanied
by an English translation. Comments will be posted as received to
http://www.cftc.gov.
FOR FURTHER INFORMATION CONTACT: Sue McDonough, Office of General
Counsel, Commodity Futures Trading Commission, 1155 21st Street NW.,
Washington, DC 20581; (202) 418-5132, email: [email protected].
SUPPLEMENTARY INFORMATION: Under the PRA, Federal agencies must obtain
approval from the Office of Management and Budget (OMB) for each
collection of information they conduct or sponsor. ``Collection of
Information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3 and
includes agency requests or requirements that members of the public
submit reports, keep records, or provide information to a third party.
Section 3506(c)(2)(A) of the PRA, 44 U.S.C. 3506(c)(2)(A), requires
Federal agencies to provide a 60-day notice in the Federal Register
concerning each proposed collection of information before submitting
the collection to OMB for approval. To comply with this requirement,
the CFTC is publishing notice of the proposed collection of information
listed below.
Title: Part 162 Subpart C--Identify Theft Red Flags (OMB Control
No. 3038-0067). This is a request for extension of a currently approved
information collection.
Abstract: This collection of information is needed because under
part 162 subpart C--Identify Theft, CFTC-regulated entities are
required to develop and implement reasonable policies and procedures to
identify,
[[Page 35002]]
detect, and respond to relevant red flags (the Identity Theft Red Flags
Rules) and, in the case of entities that issue credit or debit cards,
to assess the validity of, and communicate with cardholders regarding,
address changes. Section 162.30 includes the following information
collection requirements for each CFTC-regulated entity that qualifies
as a ``financial institution'' or ``creditor'' under and that offers or
maintains covered accounts: (i) Creation and periodic updating of an
identity theft prevention program (``Program'') that is approved by the
board of directors, an appropriate committee thereof, or a designated
senior management employee; (ii) periodic staff reporting to the board
of directors on compliance with the Identity Theft Red Flags Rules and
related guidelines; and (iii) training of staff to implement the
Program. Section 162.32 includes the following information collection
requirements for each CFTC-regulated entity that is a credit or debit
card issuer: (i) Establishment of policies and procedures that assess
the validity of a change of address notification if a request for an
additional or replacement card on the account follows soon after the
address change; and (ii) notification of a cardholder, before issuance
of an additional or replacement card, at the previous address or
through some other previously agreed-upon form of communication, or
alternatively, assessment of the validity of the address change request
through the entity's established policies and procedures. The
Commission uses the collection of information to discharge its
regulatory responsibilities to protect investors from the risks of
identity theft.
With respect to the collection of information, the CFTC invites
comments on:
Whether the proposed collection of information is
necessary for the proper performance of the functions of the CFTC,
including whether the information will have a practical use;
The accuracy of the CFTC's estimate of the burden of the
proposed collection of information, including the validity of the
methodology and assumptions used;
Ways to enhance the quality, usefulness, and clarity of
the information to be collected; and
Ways to minimize the burden of collection of information
on those who are to respond, including through the use of appropriate
automated electronic, mechanical, or other technological collection
techniques or other forms of information technology; e.g., permitting
electronic submission of responses.
You should submit only information that you wish to make available
publicly. If you wish the CFTC to consider information that you believe
is exempt from disclosure under the Freedom of Information Act, a
petition for confidential treatment of the exempt information may be
submitted according to the procedures established in Sec. 145.9 of the
CFTC's regulations.\1\
---------------------------------------------------------------------------
\1\ 17 CFR 145.9.
---------------------------------------------------------------------------
The CFTC reserves the right, but shall have no obligation, to
review, pre-screen, filter, redact, refuse or remove any or all of your
submission from http://www.cftc.gov that it may deem to be
inappropriate for publication, such as obscene language. All
submissions that have been redacted or removed that contain comments on
the merits of the ICR will be retained in the public comment file and
will be considered as required under the Administrative Procedure Act
and other applicable laws, and may be accessible under the Freedom of
Information Act.
Burden Statement: CFTC staff estimates of the hour burdens
associated with section 162.30 include the one-time burden of complying
with this section for newly-formed CFTC-regulated entities, as well as
the ongoing costs of compliance for all CFTC-regulated entities. With
respect to the one-time burden hours, staff estimates that each newly-
formed financial institution or creditor would incur a burden of 2
hours to conduct an initial assessment of covered accounts. Staff
estimates that approximately 572 CFTC-regulated financial institutions
and creditors are newly formed each year, and the total estimated one-
time burden to initially assess covered accounts is therefore 1,144
hours. Staff also estimates that each financial institution or creditor
that maintains covered accounts would incur an additional initial
burden of 29 hours to develop and obtain board approval of a Program
and hours to train the staff of the financial institution or creditor.
Staff estimates that approximately 47 \2\ CFTC-regulated financial
institutions and creditors that maintain covered accounts are newly
formed each year, and thus the total estimated one-time burden to
develop and obtain board approval of a Program and train staff is 1,363
hours. Thus, the total initial estimated burden for all newly-formed
CFTC-regulated entities is 2,507 hours (1,144 hours + 1,363 hours).
---------------------------------------------------------------------------
\2\ Based on a review of new registrations typically filed with
the CFTC each year, CFTC staff estimates that approximately 6
futures commission merchants (``FCMs''), 83 introducing brokers
(``IBs''), 282 commodity trading advisors (``CTAs''), 198 commodity
pool operators (``CPOs''), and 3 swap dealers (``SDs'') are newly
formed each year, for a total of 572 entities. CFTC staff also has
observed that approximately 50 percent of all CPOs are dually
registered as CTAs, thus half of the 198 CPOs or 99 CPOs are
excluded from the calculation. With respect to retail forex dealers
(``RFEDs''), CFTC staff has observed that all entities registering
as RFEDs also register as FCMs. Based on these observation, CFTC has
determined that the total number of newly-formed financial
institutions and creditors is 473 (572-99 CPOs that are also
registered as CTAs). There were no newly registered RFEDs or MSPs.
Each of these 473 financial institutions or creditors would bear the
initial one-time burden of compliance.
Of the total 473 newly-formed entities, staff estimates that all
of the FCMs are likely to carry covered accounts, 10 percent of CTAs
and CPOs are likely to carry covered accounts, and none of the IBs
are likely to carry covered accounts, for a total of 44 newly-formed
financial institutions or creditors (6 FCMs, 38 CPOS and CTAs, and 3
SDs) carrying covered accounts that would be required to conduct an
initial one-time burden of compliance with subpart C of part 162.
---------------------------------------------------------------------------
With respect to ongoing annual burden hours, CFTC staff estimates
that each financial institution or creditor would incur a burden of 2
hours to periodically assess whether it offers or maintains covered
accounts. Staff estimates that there are approximately 3,956 CFTC-
regulated entities that are either financial institutions or creditors,
and the total estimated annual burden to periodically assess covered
accounts is therefore 7,912 hours. Staff also estimates that each
financial institution or creditor that maintains covered accounts would
incur an additional annual burden of 4 hours to prepare and present an
annual report to the board and 2 hours to periodically review and
update the Program. Staff estimates that there are approximately 47
CFTC-regulated entities that are financial institutions or creditors
that offer or maintain covered accounts, and thus the total estimated
additional annual burden for these entities is 282 hours. Thus, the
total ongoing annual estimated burden for all CFTC-regulated entities
is 8,194 hours (7912 hours + 282 hours).
The collections of information required by section 162.32 will
apply only to CFTC-regulated entities that issue credit or debit cards.
CFTC staff understands that CFTC-regulated entities generally do not
issue credit or debit cards, but instead may partner with other
entities, such as banks, that issue cards on their behalf. These other
entities, which are not regulated by the CFTC, are already subject to
substantially similar change of address obligations pursuant to other
federal regulators' identity theft red flags rules. Therefore, staff
does not expect that any CFTC-regulated entities will be subject to the
information collection requirements of section 163.32, and
[[Page 35003]]
accordingly, staff estimates that there is no hour burden related to
section 162.32 for CFTC-regulated entities.
In total, CFTC staff estimates that the aggregate annual
information collection burden of part 162 subpart C--Identity Theft is
10,701 hours (2,507 hours + 8,194 hours). Compliance with part 162
subpart C--Identity Theft, including compliance with the information
collection requirements thereunder, is mandatory for each CFTC
regulated entity that qualifies as a ``financial institution'' or
``creditor'' under Part 162 Subpart C--Identity Theft (as discussed
above, certain collections of information under Part 162 Subpart C--
Identity Theft are mandatory only for financial institutions or
creditors that offer or maintain covered accounts).
Frequency of collection: Ongoing. There are no capital costs or
operating and maintenance costs associated with this collection.
Authority: 44 U.S.C. 3501 et seq.
Dated: May 26, 2016.
Robert N. Sidman,
Deputy Secretary of the Commission.
[FR Doc. 2016-12858 Filed 5-31-16; 8:45 am]
BILLING CODE 6351-01-P
Last Updated: June 1, 2016