[Federal Register Volume 87, Number 140 (Friday, July 22, 2022)]
[Pages 43797-43798]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-15698]



Agency Information Collection Activities: Notice of Intent To 
Renew Collection Number 3038-0067, Part 162--Protection of Consumer 
Information Under the Fair Credit Reporting Act

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice.


SUMMARY: The Commodity Futures Trading Commission (``Commission'') is 
announcing an opportunity for public comment on the proposed renewal of 
a collection of certain information by the agency. Under the Paperwork 
Reduction Act (``PRA''), Federal agencies are required to publish 
notice in the Federal Register concerning each proposed collection of 
information, including each proposed extension of an existing 
collection of information, and to allow 60 days for public comment. 
This notice solicits comments on the collections of information 
mandated by Part 162 of the Commission's regulations (Protection of 
Consumer Information under the Fair Credit Reporting Act).

DATES: Comments must be submitted on or before September 20, 2022.

ADDRESSES: You may submit comments, identified by ``OMB Control Number 
3038-0067,'' by any of the following methods:
     The Agency's website, at https://comments.cftc.gov/. 
Follow the instructions for submitting comments through the website.
     Mail: Christopher Kirkpatrick, Secretary of the 
Commission, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW, Washington, DC 20581.
     Hand Delivery/Courier: Same as Mail above.
    Please submit your comments using only one method. All comments 
must be submitted in English, or if not, accompanied by an English 
translation. Comments will be posted as received to https://www.cftc.gov.

FOR FURTHER INFORMATION CONTACT: Andrew Chapin, Associate Chief 
Counsel, Market Participants Division, Commodity Futures Trading 
Commission, (202) 418-5465, email: [email protected]

SUPPLEMENTARY INFORMATION: Under the PRA,\1\ Federal agencies must 
obtain approval from the Office of Management and Budget (``OMB'') for 
each collection of information they conduct or sponsor. ``Collection of 
Information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3 and 
includes agency requests or requirements that members of the public 
submit reports, keep records, or provide information to a third party. 
Section 3506(c)(2)(A) of the PRA, 44 U.S.C. 3506(c)(2)(A), requires 
Federal agencies to provide a 60-day notice in the Federal Register 
concerning each proposed collection of information, including each 
proposed extension of an existing collection of information, before 
submitting the collection to OMB for approval. To comply with this 
requirement, the Commission is publishing notice of the proposed 
collection of information listed below.

    \1\ 44 U.S.C. 3501 et seq.

    Title: Part 162--Protection of Consumer Information under the Fair 
Credit Reporting Act (OMB Control No. 3038-0067). This is a request for 
an extension of currently approved information collection.
    Abstract: On July 21, 2010, the President signed into law the Dodd-
Frank Wall Street Reform and Consumer Protection Act (``Dodd-Frank 
Act'').\2\ Title X of the Dodd-Frank Act, which is titled the Consumer 
Financial Protection Act of 2010 (``CFP Act''), amends a number of 
federal consumer protection laws enacted prior to the Dodd-Frank Act 
including, in relevant part, the Fair Credit Reporting Act (``FCRA'') 
\3\ and the Fair and Accurate Credit Transactions Act of 2003 (``FACT 
Act'').\4\ Specifically, Section 1088 of the CFP Act sets out certain 
amendments to the FCRA and the FACT Act directing the Commission to 
promulgate regulations that are intended to provide privacy protections 
to certain consumer information held by an entity that is subject to 
the jurisdiction of the Commission.

    \2\ Public Law 111-203, 124 Stat. 1376 (2010).
    \3\ 15 U.S.C. 1681-1681x.
    \4\ Public Law 108-159, 117 Stat. 1952, 1980 (2003).

    Section 1088 amends section 214(b) of the FACT Act--which added 
section 624 to the FCRA in 2003--and directs the Commission to 
implement the provisions of section 624 of the FCRA with respect to 
persons that are subject to the Commission's enforcement jurisdiction. 
Section 624 of the FCRA gives a consumer the right to block affiliates 
of an entity subject to the Commission's jurisdiction from using 
certain information obtained from such entity to make solicitations to 
that consumer (hereinafter referred to as the ``affiliate marketing 
rules'').\5\ Under the affiliate marketing rules, the entities covered 
by the regulations are expected to prepare and provide clear, 
conspicuous and concise opt-out notices to any consumers with whom such 
entities have a pre-existing business relationship. A covered entity 
only has to provide an opt-out notice to the extent that an affiliate 
of the covered entity plans to make a solicitation to any of the 
covered entity's consumers. The purpose of the opt-out notice is to 
provide consumers with the ability to prohibit marketing solicitations 
from affiliate businesses that do not have a pre-existing business 
relationship with the consumers, but that do have access to such 
consumers' nonpublic, personal information. A covered entity is 
required to send opt-out notices at the maximum of once every five 

    \5\ The affiliate marketing rules are found in Part 162, Subpart 
A (Business Affiliate Marketing Rules) of the CFTC's regulations. 17 
CFR part 162, subpart A.

    Section 1088 of the CFP Act also amends section 628 of the FCRA and 
mandates that the Commission implement regulations requiring persons 
subject to the Commission's jurisdiction who possess or maintain 
consumer report information in connection with their business 
activities to properly dispose of that information (hereinafter 
referred to as the ``disposal

[[Page 43798]]

rules'').\6\ Under the disposal rules, the entities covered by the 
regulations are expected to develop and implement a written disposal 
plan with respect to any consumer information within such entities' 
possession. The regulations provide that a covered entity develop a 
written disposal plan that is tailored to the size and complexity of 
such entity's business. The purpose of the written disposal plan is to 
establish a formal plan for the disposal of nonpublic, consumer 
information, which otherwise could be illegally confiscated and used by 
unauthorized third parties. Under the rules, a covered entity is 
required to develop a written disposal plan only once, but may 
subsequently amend such plan from time to time.

    \6\ The disposal rules are found in Part 162, Subpart B 
(Disposal Rules) of the CFTC's regulations. 17 CFR part 162, subpart 

    In addition, Section 1088 of the CFP Act amended the FCRA by adding 
the CFTC and the Securities and Exchange Commission (``SEC,'' together 
with the CFTC, the ``Commissions'') to the list of federal agencies 
required to jointly prescribe and enforce identity theft red flags 
rules and guidelines and card issuer rules. Thus, the Dodd-Frank Act 
provides for the transfer of rulemaking responsibility and enforcement 
authority to the CFTC and SEC with respect to the entities under their 
respective jurisdiction. Accordingly, the Commissions have issued final 
rules and guidelines (hereinafter referred to as the ``identity theft 
rules'') \7\ to implement new statutory provisions enacted by the CFP 
Act that amend section 615(e) of the FCRA and direct the Commissions to 
prescribe rules requiring entities that are subject to the Commissions' 
jurisdiction to address identity theft. Under the identity theft rules, 
entities covered by the regulation are required to develop and 
implement reasonable policies and procedures to identify, detect, and 
respond to relevant red flags for identity theft that are appropriate 
to the size and complexity of such entity's business and, in the case 
of entities that issue credit or debit cards, to assess the validity 
of, and communicate with cardholders regarding, address changes.\8\ 
They are also required to provide for the continued administration of 
identity theft policies and procedures.

    \7\ The CFTC's identity theft rules are found in Part 162, 
Subpart C (Identity Theft Red Flags) of the CFTC's regulations. 17 
CFR part 162, subpart C.
    \8\ The CFTC understands that CFTC-regulated entities generally 
do not issue credit or debit cards, but instead may partner with 
other entities, such as banks, that issue cards on their behalf. 
These other entities, which are not regulated by the CFTC, are 
already subject to substantially similar change of address 
obligations pursuant to other federal regulators' identity theft red 
flags rules. Therefore, the CFTC does not expect that any CFTC-
regulated entities will be subject to the related information 
collection requirements under the CFTC's identity theft rules.

    With respect to the collection of information, the Commission 
invites comments on:
     Whether the proposed collection of information is 
necessary for the proper performance of the functions of the 
Commission, including whether the information will have a practical 
     The accuracy of the Commission's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
     Ways to enhance the quality,usefulness, and clarity of the 
information to be collected; and
     Ways to minimize the burden of collection of information 
on those whoare to respond, including through the use of appropriate 
automated electronic, mechanical, or other technological collection 
techniques or other forms of information technology; e.g., permitting 
electronic submission of responses.
    You should submit only information that you wish to make available 
publicly. If you wish the Commission to consider information that you 
believe is exempt from disclosure under the Freedom of Information Act, 
a petition for confidential treatment of the exempt information may be 
submitted according to the procedures established in Sec.  145.9 of the 
Commission's regulations.\9\

    \9\ 17 CFR 145.9.

    The Commission reserves the right, but shall have no obligation, to 
review, pre-screen, filter, redact, refuse or remove any or all of your 
submission from https://www.cftc.gov that it may deem to be 
inappropriate for publication, such as obscene language. All 
submissions that have been redacted or removed that contain comments on 
the merits of the information collection request will be retained in 
the public comment file and will be considered as required under the 
Administrative Procedure Act and other applicable laws, and may be 
accessible under the Freedom of Information Act.
    Burden Statement: The Commission is revising its burden estimate 
for this collection to reflect its estimate of the current number of 
CFTC registrants subject to the requirements of Part 162 regulations. 
The respondent burden for this collection is estimated to be as 
    Estimated Number of Respondents: 4,420.
    Estimated Total Annual Burden Hours: 58,090.
    Frequency of Collection: As applicable.
    There are no capital costs or operating and maintenance costs 
associated with this collection.

(Authority: 44 U.S.C. 3501 et seq.)

    Dated: July 19, 2022.
Robert Sidman,
Deputy Secretary of the Commission.
[FR Doc. 2022-15698 Filed 7-21-22; 8:45 am]