Privacy Act of 1974; System of Records

<NOTICE> CONSUMER FINANCIAL PROTECTION BUREAU <DEPDOC>[Docket No: CFPB-2025-0053]</DEPDOC> <SUBJECT>Privacy Act of 1974; System of Records</SUBJECT> <HD SOURCE="HED">AGENCY:</HD> Consumer Financial Protection Bureau. <HD SOURCE="HED">ACTION:</HD> Notice of a modified system of records. <SUM> <HD SOURCE="HED">SUMMARY:</HD> In accordance with the Privacy Act of 1974, the Consumer Financial Protection Bureau (CFPB or Bureau) proposes to modify a current Privacy Act System of Records titled, “CFPB.025 Civil Penalty Fund and Bureau-Administered Redress Program Records.” This system of records enables the CFPB to manage the distribution of the Civil Penalty Fund and redress monies to consumers. </SUM> <DATES> <HD SOURCE="HED">DATES:</HD> Comments must be received no later than January 21, 2026. The new system of records will be effective January 21, 2026 unless the comments received result in a contrary determination. </DATES> <HD SOURCE="HED">ADDRESSES:</HD> You may submit comments, identified by the title and docket number ( <E T="03">see</E> above Docket No. CFPB-2025-0053), by any of the following methods: • <E T="03">Federal eRulemaking Portal: http://www.regulations.gov.</E> Follow the instructions for submitting comments. A brief summary of this document will be available at <E T="03">https://www.regulations.gov/docket/CFPB-2025-0053.</E> • <E T="03">Email: privacy@cfpb.gov.</E> Include Docket No. CFPB-2025-0053 in the subject line of the email. • <E T="03">Mail/Hand Delivery/Courier:</E> Kathryn Fong, Chief Privacy Officer, Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552, (202) 435-7058. Because paper mail in the Washington, DC area and at CFPB is subject to delay, commenters are encouraged to submit comments electronically. All submissions must include the agency name and docket number for this notice. In general, all comments received will be posted without change to <E T="03">http://www.regulations.gov.</E> All comments, including attachments and other supporting materials, will become part of the public record and subject to public disclosure. You should submit only information that you wish to make available publicly. Sensitive personal information, such as account numbers or Social Security numbers, should not be included. <FURINF> <HD SOURCE="HED">FOR FURTHER INFORMATION CONTACT:</HD> Kathryn Fong, Chief Privacy Officer, Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552; (202) 435-7058. If you require this document in an alternative electronic format, please contact <E T="03">CFPB_Accessibility@cfpb.gov.</E> Please do not submit comments to this email box. </FURINF> <SUPLINF> <HD SOURCE="HED">SUPPLEMENTARY INFORMATION:</HD> In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the CFPB is modifying a system of records titled, “CFPB.025 Civil Penalty Fund and Bureau-Administered Redress Program Records”. This modified system of records includes a new routine use to enable disclosure of records to the Department of Treasury, pursuant to Executive Order 14249, <E T="03">Protecting America's Bank Account Against Fraud, Waste, and Abuse</E> and Office of Management and Budget (OMB) Memorandum M-25-32, <E T="03">Preventing Improper Payments and Protecting Privacy Through Do Not Pay.</E> Additionally, CFPB is modifying the purpose to clarify that records may be used to prevent improper payment of funds. Finally, CFPB is updating the policies and practices for retention and disposal of records to include the National Archives and Records Administration (NARA)-approved records retention schedule. The CFPB is also making non-substantive revisions to this SORN to align with the Office of Management and Budget's recommended model in Circular A-108, Appendix II. The report of the revised system of records has been submitted to the Committee on Oversight and Government Reform of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Office of Management and Budget, pursuant to Circular A-108, “Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act” (Dec. 2016) and the Privacy Act of 1974, 5 U.S.C. 552a(r). <HD SOURCE="HD2">SYSTEM NAME AND NUMBER:</HD> CFPB.025—Civil Penalty and Bureau-Administered Redress Program Records. <HD SOURCE="HD2">SECURITY CLASSIFICATION:</HD> Unclassified. <HD SOURCE="HD2">SYSTEM LOCATION:</HD> Consumer Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552. <HD SOURCE="HD2">SYSTEM MANAGER(S):</HD> Consumer Financial Protection Bureau, Chief Financial Officer, 1700 G Street NW, Washington, DC 20552. <HD SOURCE="HD2">AUTHORITY FOR MAINTENANCE OF THE SYSTEM:</HD> Public Law 111-203, Title X, Sections 1017(d), 1055(a), codified at 12 U.S.C. 5497(d), 5565(a). <HD SOURCE="HD2">PURPOSE(S) OF THE SYSTEM:</HD> The system enables the CFPB to manage the distribution of Civil Penalty Fund and redress monies to consumers, including: (1) tracking the collection, allocation, and distribution of funds in the Civil Penalty Fund and redress monies; (2) identifying and locating victims who may receive payments from the Civil Penalty Fund and/or redress payments; (3) determining the amounts of the Civil Penalty Fund payments and redress payments that the Bureau will make to victims; (4) maintaining accounting and financial information associated with such payments; and (5) developing reports to applicable Federal, State, and local taxing officials of taxable income, and reports necessary to meet other reporting requirements. The information will also be used for administrative purposes to ensure quality control, performance, and improving management processes, and to prevent improper payment of funds. <HD SOURCE="HD2">CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:</HD> Individuals covered by this system include, without limitation: (1) Individuals identified as victims or potential victims who may receive payments from the Civil Penalty Fund or through Bureau-Administered Redress, including but not limited to current, former, and prospective consumers who are or have been customers or prospective customers of entities ordered to pay a civil penalty or redress to the CFPB as a result of a Bureau enforcement action; (2) individuals associated with entities and individuals that have been ordered to pay a civil penalty or redress to the Bureau as a result of a Bureau enforcement action; and (3) others, including CFPB employees, with information relevant to, or otherwise associated with, a Bureau enforcement action that has resulted in an order to pay civil penalties or redress to the CFPB. <HD SOURCE="HD2">CATEGORIES OF RECORDS IN THE SYSTEM:</HD> Records in this system may contain identifiable information about individuals including, without limitation: (1) Name, address, email address, phone number and other contact information; (2) Social Security number (SSN), age, date of birth, marital status, records of consumer financial transactions, financial account information, and internal identification number assigned to identified victims; (3) accounting and financial information relevant to making payment; and (4) accounting and financial information relevant to determining when and in what amounts victims have claimed funds. Additionally, non-identifying information in the system may include the dates the Bureau authorized, instituted, settled, and/or otherwise obtained a final judgement in a judicial or administrative action; an internal case tracking number; the date the judicial or administrative order was entered; the date the judicial or administrative order became a “final order” as defined by the Consumer Financial Civil Penalty Fund Rule, 12 CFR part 1075; the amount of civil penalties or redress ordered; the due date for payments of civil penalties and redress funds; the date and amount of payments made; the status of debt collection efforts; and the balances of the Bureau's accounts as payments are made. <HD SOURCE="HD2">RECORD SOURCE CATEGORIES:</HD> Information in this system is provided by (1) individuals identified as victims or potential victims who may receive payments from the Civil Penalty fund or through Bureau-Administered Redress, including but not limited to current, former, and prospective consumers who are or have been customers or prospective customers of entities ordered to pay a civil penalty or redress to the CFPB as a result of a Bureau enforcement action; (2) entities and individuals associated with entities and individuals that have been ordered to pay a civil penalty or redress to the CFPB as a result of a Bureau enforcement action; and (3) others, including CFPB employees, with information relevant to, or otherwise associated with, a Bureau enforcement action that has resulted in an order to pay civil penalties or redress to the CFPB. <HD SOURCE="HD2">ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:</HD> In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, and consistent with the CFPB's Disclosure of Records and Information Rules, promulgated at 12 CFR part 1070, all or a portion of the records or information contained in this system may be disclosed outside the CFPB as a routine use to: (1) Appropriate agencies, entities, and persons when (a) the Bureau suspects or has confirmed that there has been a breach of the system of records; (b) the Bureau has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Bureau (including its information systems, programs, and operations), the Federal government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Preview showing 10k of 18k characters. Full document text is stored and available for version comparison. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━