FDIC Modifies Privacy Act System of Records FDIC-012, Financial Information Management Records

Content

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended, the Federal Deposit Insurance Corporation (FDIC) is modifying an existing
system of records titled FDIC-012, “Financial Information Management Records.” The FDIC is updating this system of records
to modify numerous sections of the notice including the Authority for Maintenance of the System; Purpose(s) of the System;
Category of Individuals; Category of Records; Record Source Categories; Routine Uses; Policies and Practices for Storage,
Retention and Disposal of Records; and Record Access, Contesting Records, and Notification Procedures. Additionally, this
notice includes non-substantive changes to simplify the formatting, clarify the text of the previously published notice, and
improve consistency across FDIC system of records notices.

DATES:

This action will become effective on April 23, 2026. The routine uses in this action will become effective May 26, 2026, unless
the FDIC makes changes based on comments received. Written comments should be submitted on or before May 26, 2026.

ADDRESSES:

Interested parties are invited to submit written comments identified by Privacy Act System of Records (FDIC-012) by any of
the following methods:

• Agency website: https://www.fdic.gov/resources/regulations/federal-register-publications. Follow the instructions for submitting comments on the FDIC website.

• Email: comments@fdic.gov. Include “Comments-SORN (FDIC-012)” in the subject line of communication.

• Mail: Jennifer M. Jones, Deputy Executive Secretary, Attention: Comments SORN (FDIC-012), Legal Division, Office of the Executive
Secretary, Federal Deposit Insurance Corporation, 550 17th Street NW, Washington, DC 20429.

• Hand Delivery/Courier: Comments may be hand-delivered to the guard station at the rear of the 550 17th Street NW building (located on F Street NW)
on business days between 7:00 a.m. and 5:00 p.m.

Public Inspection: Comments received, including any personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. Commenters should submit only information that the commenter wishes to make available publicly. The FDIC may review, redact,
or refrain from posting all or any portion of any comment that it may deem to be

inappropriate for publication, such as irrelevant or obscene material. The FDIC may post only a single representative example
of identical or substantially identical comments and in such cases will generally identify the number of identical or substantially
identical comments represented by the posted example. All comments that have been redacted, as well as those that have not
been posted, that contain comments on the merits of this document will be retained in the public comment file and will be
considered as required under all applicable laws. All comments may be accessible under the Freedom of Information Act (FOIA).

FOR FURTHER INFORMATION CONTACT:

Shannon Dahn, Assistant Director, Privacy, 703-516-5500, privacy@fdic.gov.

SUPPLEMENTARY INFORMATION:

Pursuant to the Privacy Act of 1974, 5 U.S.C. 552a, FDIC is modifying an existing system of records, FDIC-012, Financial Information
Management Records. FDIC uses this system of records to manage and account for financial transactions and financial activities
of the FDIC in both its Corporate and Receivership capacities. This system of records notice (SORN) is being updated to modify
the Routine Uses, which authorizes disclosure of information from this system to individuals and entities outside of the FDIC,
and to make other substantive and clarifying changes to various sections of the notice.

This system of records contains FDIC financial transactions and activity records, including employee payroll, benefit and
disbursement-related records; travel expense and reimbursement records; accounts payable and receivable records; cash or in-kind
assistance or payments; and receivership payment and receipt records. The system supports FDIC's Corporate financial transactions
associated with FDIC's status as an employer (such as payroll, taxation, benefit, travel, and relocation), accounts payable
and receivable, asset and liability management, and FDIC's financial activities related to contracted goods and services.
The records also support similar or summarized financial transactions associated with FDIC resolution-related activity, including
appointment as receiver. The system also supports internal and external management reporting associated with the financial
operations of the FDIC.

The Routine Uses section is being modified to list FDIC's standard routine uses (routine uses 1-10) first and to propose three
new routine uses and two substantially modified routine uses. Proposed standard Routine Use 8 is new and supports the disclosure
of information from the system of records as may be required by Federal statute or treaty. Proposed standard Routine Use 9
is new and supports the disclosure of information as may be needed to support the comparison of FDIC's records to another
agency's system of records or to non-Federal records, in coordination with an Office of Inspector General in conducting an
audit, investigation, inspection, evaluation, or other review. Routine Use 13 (previously Routine Use 12) is being modified
to expand the recipients to include the entire Department of the Treasury, not just the Internal Revenue Service, and to include
the purposes for which information may be shared. Routine Use 14 is being modified to expand the recipients to include the
Department of Justice and other agencies, and to expand the purpose to include investigations related to surety bonds. Proposed
Routine Use 16 is new and would permit disclosures to the General Services Administration, other Federal agencies, and third
parties under contract to the Federal Government to provide travel administration, oversight, and assistance to FDIC employees
and other individuals who travel or relocate for FDIC. Previous Routine Uses 8 (records management inspections) and 11 (U.S.
Government Accountability Office) have been removed from the SORN as they are not needed. Note that other Routine Uses were
not substantially modified but may have been edited and renumbered.

The System Location section was updated to reflect that the records may be maintained at various FDIC locations, including
authorized cloud environments.

The Purpose section was changed to clarify the purpose of this system of records as it relates to FDIC's Corporate and Receivership
capacities. It was also modified to clarify that FDIC may use the data during the development or operation of information
technologies.

The Categories of Individuals and Categories of Records sections were updated to improve clarity and public understanding
of the individuals who are covered by this system of records and the data maintained about them.

The Sources of Records section was modified to add financial institutions as a source and otherwise edited for clarity.

The Storage of Records section was updated to clarify that electronic records may be stored locally on digital media or in
FDIC-owned or authorized vendor cloud environments.

The Retention and Disposal of Records section was modified to add retention and disposition policies for audio records related
to verification of payment transactions. It was also modified to update or clarify the retention and disposition policies
for financial records maintained in FDIC's primary financial system and for financial transaction records related to procuring
goods and/or services, making cash or in-kind assistance or payments, and collecting debts, including wage garnishments.

The Record Access, Contesting Records, and Notification Procedures sections were all updated to include the website address
for the FDIC FOIA Service Center.

This modified system of records will be included in FDIC's inventory of record systems.

SYSTEM NAME AND NUMBER:

Financial Information Management Records, FDIC-012.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The Federal Deposit Insurance Corporation (FDIC) located at 550 17th Street NW, Washington, DC 20429, and other FDIC office
locations. Information may also be stored within an appropriately authorized cloud environment or in other secure locations.

SYSTEM MANAGER(S):

Director, Division of Finance, FDIC, 3501 Fairfax Drive, Arlington, VA 22226. For records about FDIC employees concerning
garnishments, attachments, wage assignments and related records, the system manager is the Assistant General Counsel, Professional
Liability & Financial Crimes Section, Legal Division, FDIC, 3501 Fairfax Drive, Arlington, VA 22226.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Sections 9 and 10(a) of the Federal Deposit Insurance Act (12 U.S.C. 1819 and 1820(a)); Payment Integrity Information Act
of 2019 (PIIA); 12 U.S.C. 1822; 31 U.S.C. 3325(d) and 7701(c); 12 CFR 366; FAR 4.902(a) (48 CFR 4.902(a)) and (48 CFR 4.902(a)
FAR 32.905); E.O. 14249, Protecting America's Bank Account Against Fraud, Waste, and Abuse; and E.O. 9397.

PURPOSE(S) OF THE SYSTEM:

The records are used to manage and account for financial transactions and financial activities of the FDIC in both its Corporate
and Receivership

capacities. The system supports the FDIC's Corporate financial transactions associated with FDIC's status as an employer (such
as pay, taxation, benefit, travel, and relocation), accounts payable and receivable, asset and liability management, and FDIC's
financial activities related to contracted goods and services. The records also support similar or summarized financial transactions
associated with FDIC resolution-related activity, including appointment as receiver. Information in the system of records
may also be used to support the development and operation of current and future information technology to support the purposes
listed above.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current and former FDIC employees; individuals who provided goods and services to the FDIC as vendors or contractors; individuals
who engaged in travel or relocation paid for by the FDIC; individuals who owe money to the FDIC (referred to herein as customers);
and individuals who were depositors, claimants, payees, obligees, obligors, former employees, or affiliates of financial institutions
for which the FDIC was involved in resolution-related activity, including appointment as receiver.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains the following categories of records:

(1) Employee payroll, benefit, and disbursement-related records. The payroll and/or disbursement records contain information such as employee names, dates of birth, name changes, mailing
addresses and home addresses; email addresses (work and personal); telephone numbers (work, home, and mobile); spouse/domestic
partner names and work telephone numbers; dependents' names and dates of birth; financial institution account information;
Social Security numbers (SSN) and unique employee identification numbers; rates and amounts of pay; tax exemptions; tax deductions
for employee payments; and corporate payments information for tax reporting.

Other records maintained on employees include reimbursement claims for supplemental or incidental payment reimbursement and
relocation expenses consisting of authorizations, advances, vouchers of amounts claimed and amounts paid, and, as applicable,
supporting documentation, such as legal documents, records and notes necessary for assisting certain relocating employees
with residential transactions (e.g., home sales and purchases) (these records may include any of the aforementioned information about employees and their family
members, as well as names, SSNs, and other information about sellers/purchasers involved in said residential transactions);
reimbursement for educational expenses or professional membership dues and licensing fees and similar reimbursements; awards,
bonuses, and buyout payments; advances or other funds owed to the FDIC; and garnishments, attachments, wage assignments or
related records. Copies of receipts/invoices provided to the FDIC for reimbursement may contain credit card or other identifying
account information.

(2) Travel expense and reimbursement records. Records relating to claims for reimbursement of official travel expenses such as travel authorizations, vouchers showing amounts
claimed, medical certification and narratives with information about the traveler's medical or physical conditions, exceptions
taken as a result of audit, and amounts paid. Copies of receipts/invoices provided to the FDIC for reimbursement may contain
credit card or other identifying account information.

Note:

This system covers only travel expense and reimbursement records maintained by the FDIC. Associated travel records maintained
by the government travel and purchase card issuer and travel services provider are part of the following government-wide systems
of records: GSA/GOVT-3, Travel Charge Card Program; GSA/GOVT-4, Contracted Travel Services Program (E-TRAVEL); and GSA/GOVT-6,
GSA SmartPay Purchase Charge Card Program.

(3) Accounts payable records. Contractor and vendor invoices and other accounts payable records. These records consist of documents relating to the purchase
of goods and/or services from individuals, such as contracts, vendor invoice statements, and other supporting documentation
provided by the contractor/vendor. These documents may include information such as payee or vendor contact information (names,
email addresses, telephone numbers, mailing addresses); financial institution account information; amounts paid; audio recordings
verifying payment transactions; and identification numbers [e.g., vendor identification numbers, tax identification numbers (TINs), SSNs in the case of sole proprietors, and employer identification
numbers]. Documentation supporting payee status or vendor invoice statements may contain other identifying data not listed
here.

(4) Accounts receivable records. Documentation relating to monies owed to FDIC by individual customers, such as contractual documents or agreements, invoice
statements and supporting documents, and payment receipts. These documents contain information such as customer names, contact
information (email addresses, mailing addresses, telephone numbers), financial institution account information, TINs/SSNs,
and amounts owed. Supporting documentation may contain other identifying data not listed here.

(5) Receivership payment records. Records of payments to individuals, or their authorized representative, who were depositors, claimants, payees, obligees,
obligors, former employees, or affiliates of failed financial institutions for which the FDIC was involved in resolution-related
activity, including appointment as receiver. Payment records include name and mailing address; email address and telephone
numbers; bank account and routing numbers, payment amount; and audio recordings verifying payment transactions. TINs, SSNs
or foreign reference numbers are also included for depositors, claimants, or affiliates when an informational tax return must
be filed.

The records also include general ledger and detailed trial balances and supporting data. Additionally, the records may include
claim, asset, system-assigned, or other specialized identifying numbers.

RECORD SOURCE CATEGORIES:

Information contained in this system is obtained from the individual about whom the record is maintained or an authorized
representative; other government agencies; or financial institutions for which FDIC was involved in resolution-related activity,
including appointment as receiver. When an employee is subject to a tax lien, bankruptcy, an attachment, or a wage garnishment,
information also is obtained from the appropriate taxing or judicial authority.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records
or information contained in this system may be disclosed outside the FDIC as a routine use as follows:

(1) To appropriate Federal, State, local, tribal, territorial, and foreign agencies responsible for investigating or

prosecuting a violation of, or for enforcing or implementing a statute, rule, regulation, or order issued, when the information,
either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil,
criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation,
rule, or order issued pursuant thereto.

(2) To a court or adjudicative body before which the FDIC is authorized to appear when, (a) the FDIC or any component thereof;
or (b) any employee of the FDIC in his or her official capacity; or (c) any employee of the FDIC in his or her individual
capacity where the FDIC has agreed to represent the employee; or (d) the United States; where the FDIC determines that litigation
is likely to affect the FDIC or any of its components, is a party to litigation or has an interest in such litigation, and
the FDIC determines that use of such records is relevant and necessary to the litigation, provided, however, that in each
case, the FDIC determines that disclosure of the records is a use of the information contained in the records which is compatible
with the purpose for which the records were collected.

(3) To a congressional office in response to an inquiry made by the congressional office at the request of the individual
who is the subject of the record.

(4) To appropriate agencies, entities, and persons when (a) the FDIC suspects or has confirmed that there has been a breach
of the system of records; (b) the FDIC has determined that as a result of the suspected or confirmed breach there is a risk
of harm to individuals, the FDIC (including its information systems, programs, and operations), the Federal Government, or
national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in
connection with the FDIC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such
harm.

(5) To another Federal agency or Federal entity when the FDIC determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach; or (b) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems,
programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(6) To appropriate Federal, State, local, tribal, and territorial agencies in connection with hiring or retaining an individual;
conducting a background security or suitability investigation; adjudication of liability; or eligibility for a license, contract,
grant, or other benefit, to the extent that the information shared is relevant and necessary to the requesting agency's decision
on the matter.

(7) To contractors, grantees, experts, consultants, students, volunteers, and others performing or working on a contract,
service, grant, cooperative agreement, or project for the FDIC or the Office of Inspector General for use in carrying out
their obligations under such contract, grant, agreement or project.

(8) To such recipients and under such circumstances and procedures as are mandated by Federal statute, or treaty.

(9) To a Federal, State, local, tribal, or territorial agency for the purpose of comparing to the agency's system of records
or to non-Federal records, in coordination with an Office of Inspector General in conducting an audit, investigation, inspection,
evaluation, or other review as authorized by the Inspector General Act of 1978, as amended.

(10) To Federal agencies, and to those Federal employees designated by the President or Agency Heads pursuant to Executive
Order 14243, for the purposes of identifying and eliminating waste, fraud, and abuse, including the elimination of bureaucratic
duplication and inefficiency and the enhancement of the Government's ability to detect overpayments and fraud.

(11) To appropriate Federal, State, and local authorities, agencies, arbitrators, and other parties to the extent it is relevant
and necessary to process any personnel actions or conduct administrative hearings or corrective actions or grievances or appeals,
or it is relevant and necessary to the conduct of other authorized duties by the recipient.

(12) To officials of a labor organization when relevant and necessary to their duties of exclusive representation concerning
personnel policies, practices, and matters affecting working conditions.

(13) To the Department of the Treasury and its bureaus and other appropriate Federal, State, local, and foreign agencies to
carry out financial transactions and any debt- or tax-related reporting, withholding, collection, and/or processing activities
required or permitted by Federal law, regulation or policy.

(14) To the Department of Justice, the Department of the Treasury, other appropriate Federal agencies, state insurance regulators,
consumer reporting agencies, debt collection agencies, legal representatives for surety companies and bonding agencies, and
insurance investigators to provide information relevant to (1) investigations of an agent or bonding agency that posts surety
bonds, or (2) activities related to collection of unpaid monies owed to the FDIC.

(15) To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility
through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant
for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District
of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered,
federally funded program.

(16) To the General Services Administration, other Federal agencies, and third parties contracted by the Federal Government
to provide travel administration, oversight and assistance to FDIC employees and other individuals who travel or relocate
for FDIC.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored electronically or in paper format in secure facilities. Electronic records may be stored locally on digital
media, in FDIC-operated cloud environments, or in vendor cloud service offerings that are appropriately authorized and/or
certified.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by name, SSN/TIN, email address, foreign reference number, vendor identification number, employee identification
number, claim or asset identification number or other specialized identifying number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Except as otherwise noted below, records covered by FDIC-012 are primarily maintained in FDIC's New Financial Environment
(NFE) system and are maintained for the life of the system in accordance with the approved records retention schedule for
NFE. Financial transaction records related to procuring goods and/or services, making payments, collecting debts, garnishments,
attachments and wage assignments are maintained for six years

after final payment, and then dispositioned. Records and reports maintained outside of NFE are maintained for three (3) years
then destroyed. Records relating to banking transaction authorization forms are maintained three years after termination of
agreement and then dispositioned. Audio recordings of payees verifying wire or other payment transactions are maintained no
longer than one hundred and eighty (180) days and dispositioned. Records containing information about current and former FDIC
employees and vendors for processing and mailing recipients their 1099 and/or Supplemental W-2 tax-reporting statements are
maintained in a separate IT system and disposed after seven (7) years. Receivership accounting and receivership tax records
are generally maintained ten (10) years after termination of the receivership and dispositioned.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use through administrative, technical, and physical security measures.
Administrative safeguards include written guidelines on handling personal information including agency-wide procedures for
safeguarding personally identifiable information. In addition, all FDIC staff are required to take annual privacy and security
training. Additional safeguards include quarterly Business Owner Certification reviews of privileged system access, annual
Business Owner Certification reviews of all system access, and multiple approvals required for all system access above default.
Technical security measures within FDIC include restrictions on computer access to authorized individuals who have a legitimate
need to know the information; multi-factor authentication for remote access and access to many FDIC systems; strong passwords
when multi-factor authentication is not available; use of encryption for certain data types and transfers; firewalls and intrusion
detection applications; and regular review of security procedures and best practices to enhance security. Physical safeguards
include restrictions on building access to authorized individuals, security guard service, and maintenance of records in lockable
offices and filing cabinets.

RECORD ACCESS PROCEDURES:

Individuals requesting access to records about them in this system of records should submit their request online through the
FDIC FOIA Service Center at fdic.gov/foia. Alternatively, individuals can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington,
DC 20429, or email efoia@fdic.gov. Individuals will be required to provide a detailed description of the records they seek including time period when the records
were created and other supporting information where possible. Individuals will be required to provide proof of identity in
accordance with FDIC regulations at 12 CFR part 310.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of or requesting an amendment to their records in this system of records should submit
their request online through the FDIC FOIA Service Center at fdic.gov/foia. Alternatively, individuals can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington,
DC 20429, or email efoia@fdic.gov. The request should contain the individual's reason for requesting the amendment and a description of the record (including
the name of the appropriate designated system and category thereof) sufficient to enable the FDIC to identify the particular
record or portion thereof with respect to which amendment is sought. Requests must specify which information is being contested,
the reasons for contesting it, and the proposed amendment to such information in accordance with FDIC regulations at 12 CFR
part 310. Individuals will be required to provide proof of identity in accordance with FDIC regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:

Individuals seeking to know whether this system contains information about them should submit their request online through
the FDIC FOIA Service Center at fdic.gov/foia. Alternatively, individuals can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington,
DC 20429, or email efoia@fdic.gov. Individuals will be required to provide proof of identity in accordance with FDIC regulations at 12 CFR part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 66981 (Oct. 30, 2015); 84 FR 35184 (Jul. 22, 2019); 90 FR 51316 (Nov. 17, 2025).

Federal Deposit Insurance Corporation.

Dated at Washington, DC, on April 21, 2026. Jennifer M. Jones, Deputy Executive Secretary. [FR Doc. 2026-07923 Filed 4-22-26; 8:45 am] BILLING CODE 6714-01-P

Download File

Download