Consumer Complaint and Inquiry Records System Modification

Content

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended, the Federal Deposit Insurance Corporation (FDIC) is modifying an existing
system of records titled FDIC-005, “Consumer Complaint and Inquiry Records.” This system of records supports the FDIC's regulatory
and supervisory functions. It permits the FDIC to receive, investigate, and respond to complaints and inquiries from individuals
concerning the activities or practices of the FDIC; FDIC-insured depository institutions; and persons/entities engaged in
misuses of the FDIC's name or logo or misrepresentations about deposit insurance. The system helps the FDIC and other FDIC
stakeholders to scope examinations and take appropriate supervisory actions. The FDIC is updating this system of records to
rename it as FDIC-005, “Consumer Complaint and Public Inquiry Records,” to modify several sections of this notice, and to
seek public comment on four proposed routine uses. Additionally, this notice includes non-substantive changes to simplify
the formatting and text of the previously published notice and improve consistency across FDIC system of records notices.

DATES:

This action will become effective on April 2, 2026. The routine uses in this action will become effective May 4, 2026, unless
the FDIC makes changes based on comments received. Written comments should be submitted on or before May 4, 2026.

ADDRESSES:

Interested parties are invited to submit written comments identified by Privacy Act Systems of Records (FDIC-005) by any of
the following methods:

• Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for submitting comments on the FDIC website.

• Email: comments@fdic.gov. Include “Comments-SORN (FDIC-005)” in the subject line of communication.

• Mail: Jennifer M. Jones, Deputy Executive Secretary, Attention: Comments SORN (FDIC-005), Legal Division, Office of the Executive
Secretary, Federal Deposit Insurance Corporation, 550 17th Street NW, Washington, DC 20429.

• Hand Delivery/Courier: Comments may be hand-delivered to the guard station at the rear of the 550 17th Street NW building (located on F Street NW)
on business days between 7:00 a.m. and 5:00 p.m.

Public Inspection: Comments received, including any personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. Commenters should submit only information that the commenter wishes to make available publicly. The FDIC may review, redact,
or refrain from posting all or any portion of any comment that it may deem to be inappropriate for publication, such as irrelevant
or obscene material. The FDIC may post only a single representative example of identical or substantially identical comments
and in such cases will generally identify the number of identical or substantially identical comments represented by the posted
example. All comments that have been redacted, as well as those that have not been posted, that contain comments on the merits
of this document will be retained in the public comment file and will be considered as required under all applicable laws.
All comments may be accessible under the Freedom of Information Act (FOIA).

FOR FURTHER INFORMATION CONTACT:

Shannon Dahn, Assistant Director, Privacy, 703-516-5500, privacy@fdic.gov.

SUPPLEMENTARY INFORMATION:

Pursuant to the Privacy Act of 1974, 5 U.S.C. 552a, FDIC is modifying an existing system of records, FDIC-005, “Consumer Complaint
and Inquiry Records” to rename it FDIC-005, “Consumer Complaint and Public Inquiry Records.” In this notice, the FDIC proposes
to update various sections of the system of records notice (SORN) that include, among other things, FDIC's intake of complaints
and inquiries by individuals concerning the activities or practices of the FDIC, FDIC-insured depository institutions, and
persons/entities engaged in misuses of the FDIC's name or logo or misrepresentations about deposit insurance. The System Title
is being updated to better reflect the types of records covered. The System Location section is updated to reflect that the
records may be maintained at various FDIC locations including authorized cloud environments. The System Manager section is
being modified to add additional system managers. The Authority for Maintenance of the System section is expanded to include
appropriate authorities for the collection. The Purpose(s) of the System section is expanded to include intake of complaints
and inquiries about the activities or practices of the FDIC and persons/entities engaged in misuses of FDIC's name or logo
or misrepresentations about deposit insurance. The Categories of Individuals section is being expanded to include specific
individuals like appraisers; individuals who have been referred from another agency; or individuals who need to be referred
to another agency.

The Routine Uses section is being renumbered and modified to list FDIC's standard routine uses (routine uses 1-10) first and
to propose four new routine uses. Proposed standard Routine Use 8 supports the disclosure of information from the system of
records as may be required by Federal statute, treaty, or other international agreement. Proposed standard Routine Use 9 supports
the disclosure of information as may be needed to support the comparison of FDIC's records to another agency's system of records
or to non-Federal records, in coordination with an Office of Inspector General in conducting an audit, investigation, inspection,
evaluation, or other review. Proposed Routine Use 11 would merge two previous routine uses to permit the release of information
to FDIC-insured depository institutions and other parties that may have information useful to the FDIC's review of the complaint
or inquiry. Proposed Routine Use 12 has been modified and proposes to allow for disclosures to any agency with direct regulatory
or supervisory authority over the FDIC-insured depository institution to obtain information relevant to the matter or enable
that agency to investigate the matter. Previous Routine Uses 8 (records management inspections) and 10 (to labor organizations)
have been removed from the SORN as they are not needed.

The FDIC is modifying the Policies and Practices for Storage, Retention and Disposal sections to provide detail on the storage
of electronic records and to include language on the disposal of records in accordance with approved FDIC record retention
schedules. The FDIC is also modifying the Administrative, Technical, and Physical Safeguards section to provide additional
detail on the safeguards used to protect this information. Finally, the FDIC is modifying the sections containing the Procedures
for Notification, Access, and Contesting Records to improve the clarity of the instructions to the public and to direct the
public to the appropriate FDIC website for information on how to request

  notification of, access to, or to contest the contents of records in FDIC-005.

This modified system will be updated in FDIC's inventory of record systems.

SYSTEM NAME AND NUMBER:

Consumer Complaint and Public Inquiry Records, FDIC-005.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The Federal Deposit Insurance Corporation (FDIC) located at 550 17th Street NW, Washington, DC 20429.

SYSTEM MANAGER(S):

Assistant Director, National Center for Consumer and Depositor Assistance, Division of Depositor and Consumer Protection,
FDIC, 1100 Walnut St., Ste. 2100, Kansas City, MO 64106.

Ombudsman, Office of the Ombudsman, 3501 Fairfax Dr., Arlington, VA 22226.

Program Manager, Data Strategy Section, Division of Insurance and Research, 3501 Fairfax Dr., Arlington, VA 22226.

Senior Counsel, Consumer Protection & Compliance Unit, Legal Division, 550 17th St. NW, Washington, DC 20429.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Sections 9 and 18(a)(4) of the Federal Deposit Insurance Act (12 U.S.C. 1819 and 1828(a)(4)); the Federal Financial Institutions
Reform, Recovery, and Enforcement Act (12 U.S.C. 1835 and 3351(i)); Section 202(f) of Title II of the Federal Trade Improvement
Act (15 U.S.C. 57a(f)); and Section 309 of the Riegle Community Development and Regulatory Improvement Act of 1994 (12 U.S.C.
4806).

PURPOSE(S) OF THE SYSTEM:

The information in this system supports the FDIC regulatory and supervisory functions through the intake of complaints or
inquiries concerning (1) the activities or practices of the FDIC, (2) the activities or practices of FDIC-insured depository
institutions, and (3) misuses of FDIC's name or logo or misrepresentations about deposit insurance. The information is used
to identify concerns, manage correspondence, and respond to complaints, inquiries, and concerns expressed by individuals.
The system supports the FDIC's receipt and handling of complaints and inquiries for information or assistance from bank customers
and other consumers, bankers, small business owners, researchers, appraisers, and other members of the public. The FDIC uses
information in this system of records to identify the nature of the complaint or inquiry and to track, manage, and respond
to complaints and inquiries. The information in the system of records may also be used to support the development and operation
of current and future information technology to support the objectives of identifying patterns of consumer harm at FDIC-insured
depository institutions, which further helps FDIC examination staff and other FDIC stakeholders to scope examinations and
take appropriate supervisory actions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who have submitted a complaint or inquiry; individuals who have been referred from another agency; or individuals
who need to be referred to another agency.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains correspondence and records of other communications between the FDIC and the individual, such as copies
of supporting documents and contact information including name, email address, home address, phone number, online identity
verification information, financial account information, and any other information voluntarily supplied by the individual.
The system may also contain other information gathered by the FDIC as necessary to process the complaint or inquiry, and the
FDIC's response to the individual. The exact nature of the information may vary depending on the complaint or inquiry. This
system may also contain regulatory and supervisory communications between the FDIC and the FDIC-insured depository institution
in question and/or intra-agency or inter-agency memoranda or correspondence relevant to the complaint or inquiry.

Note: This system of records does not cover FDIC investigative or enforcement records that are related to or created in response
to a complaint or inquiry covered by this system. Such investigative and enforcement records are covered by a separate FDIC
system of records titled FDIC-002, Financial Institution Investigative and Enforcement Records.

RECORD SOURCE CATEGORIES:

The individual on whom the record is maintained; FDIC-insured depository institutions or persons/entities that are the subject
of the complaint or inquiry or have information that may be useful to the FDIC in responding to the complaint or inquiry;
the appropriate Federal or State agency with regulatory or supervisory authority over the institution; congressional offices
that may be involved in the complaint or inquiry; and other parties providing information to the FDIC in an attempt to resolve
the complaint or inquiry.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records
or information contained in this system may be disclosed outside the FDIC as a routine use as follows:

(1) To appropriate Federal, State, local, tribal, territorial, and foreign agencies responsible for investigating or prosecuting
a violation of, or for enforcing or implementing a statute, rule, regulation, or order issued, when the information, either
alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal,
or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or
order issued pursuant thereto.

(2) To a court or adjudicative body before which the FDIC is authorized to appear when, (a) the FDIC or any component thereof;
or (b) any employee of the FDIC in his or her official capacity; or (c) any employee of the FDIC in his or her individual
capacity where the FDIC has agreed to represent the employee; or (d) the United States; where the FDIC determines that litigation
is likely to affect the FDIC or any of its components, is a party to litigation or has an interest in such litigation, and
the FDIC determines that use of such records is relevant and necessary to the litigation, provided, however, that in each
case, the FDIC determines that disclosure of the records is a use of the information contained in the records which is compatible
with the purpose for which the records were collected.

(3) To a congressional office in response to an inquiry made by the congressional office at the request of the individual
who is the subject of the record.

(4) To appropriate agencies, entities, and persons when (a) the FDIC suspects or has confirmed that there has been a breach
of the system of records; (b) the FDIC has determined that as a result of the suspected or confirmed breach there is a risk
of harm to individuals, the FDIC (including its information systems, programs, and operations), the Federal Government, or
national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in

  connection with the FDIC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such
  harm.

(5) To another Federal agency or Federal entity when the FDIC determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach; or (b) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems,
programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(6) To appropriate Federal, State, local, tribal, and territorial agencies in connection with hiring or retaining an individual,
conducting a background security or suitability investigation; adjudication of liability; or eligibility for a license, contract,
grant, or other benefit to the extent that the information shared is relevant and necessary to the requesting agency's decision
on the matter.

(7) To contractors, grantees, experts, consultants, students, volunteers, and others performing or working on a contract,
service, grant, cooperative agreement, or project for the FDIC or the Office of Inspector General for use in carrying out
their obligations under such contract, service, grant, agreement, or project.

(8) To such recipients and under such circumstances and procedures as are mandated by Federal statute or treaty.

(9) To a Federal, State, local, tribal, or territorial agency for the purpose of comparing to the agency's system of records
or to non-Federal records, in coordination with an Office of Inspector General in conducting an audit, investigation, inspection,
evaluation, or other review as authorized by the Inspector General Act of 1978, as amended.

(10) To Federal agencies, and to those Federal employees designated by the President or Agency Heads pursuant to Executive
Order 14243, for the purposes of identifying and eliminating waste, fraud, and abuse, including the elimination of bureaucratic
duplication and inefficiency and the enhancement of the Government's ability to detect overpayments and fraud.

(11) To the FDIC-insured depository institution or other person/entity that is the subject of the complaint or inquiry and
to other parties that may have information useful to FDIC's review of the complaint or inquiry in order to obtain information
relevant to the matter.

(12) To the Federal or State agency that has direct regulatory or supervisory authority over the FDIC-insured depository institution
or other person/entity that is the subject of the complaint or inquiry to obtain information relevant to the matter or to
enable that authority to investigate the matter.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

These records are stored in compliance with internal FDIC policies. Records are stored and centrally managed in official FDIC
recordkeeping systems, maintained in usable and retrievable formats for the duration of the retention period, and conform
to accessibility requirements.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by unique identification number which may be cross-referenced to the name, telephone number, and email
address of complainant or inquirer.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

In accordance with the applicable records retention schedule, these records are maintained seven years after close or resolution
of the complaint or inquiry and then deleted/destroyed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use through administrative, technical, and physical security measures.
Administrative safeguards include written guidelines on handling personal information including agency-wide procedures for
safeguarding personally identifiable information. In addition, all FDIC staff are required to take annual privacy and security
training. Technical security measures within FDIC include restrictions on computer access to authorized individuals who have
a legitimate need to know the information; multi-factor authentication for remote access and access to many FDIC systems;
strong passwords when multi-factor authentication is not available; use of encryption for certain data types and transfers;
firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security.
Physical safeguards include restrictions on building access to authorized individuals, security guard service, and maintenance
of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:

Individuals requesting access to records about them in this system of records should submit their request online through the
FDIC FOIA Service Center at fdic.gov/foia. Alternatively, individuals can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington,
DC 20429, or email efoia@fdic.gov. Individuals will be required to provide a detailed description of the records they seek including the time period when the
records were created and other supporting information where possible. Individuals will be required to provide proof of identity
in accordance with FDIC regulations at 12 CFR part 310.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of or requesting an amendment to their records in this system of records should submit
their request online through the FDIC FOIA Service Center at fdic.gov/foia. Alternatively, individuals can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington,
DC 20429, or email efoia@fdic.gov. The request should contain the individual's reason for requesting the amendment and a description of the record (including
the name of the appropriate designated system and category thereof) sufficient to enable the FDIC to identify the particular
record or portion thereof with respect to which amendment is sought. Requests must specify which information is being contested,
the reasons for contesting it, and the proposed amendment to such information in accordance with FDIC regulations at 12 CFR
part 310. Individuals will be required to provide proof of identity in accordance with FDIC regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:

Individuals seeking to know whether this system contains information about them should submit their request online through
the FDIC FOIA Service Center at fdic.gov/foia. Alternatively, individuals can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington,
DC 20429, or email efoia@fdic.gov. Individuals will be required to provide proof of identity in accordance with FDIC regulations at 12 CFR part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

76 FR 77626 (December 18, 2011); 78 FR 63320 (October 23, 2013); 80 FR

  66981 (October 30, 2015); 84 FR 35184 (July 22, 2019); 90 FR 51316 (Nov 17, 2025).

Federal Deposit Insurance Corporation.

Dated at Washington, DC, on March 31, 2026. Jennifer M. Jones, Deputy Executive Secretary. [FR Doc. 2026-06428 Filed 4-1-26; 8:45 am] BILLING CODE 6714-01-P

Download File

Download