Privacy Act of 1974; Narrative Statement & System of Records Notice

Issuing agencies

Abstract

Pursuant to the Privacy Act of 1974, the Export Import Bank of the United States ("EXIM Bank") is proposing a new system of records notice ("SORN"). EXIM Bank is proposing a new system of records--EXIM Bank Watch List ("Watch List"). This new SORN will include the authorities for maintenance of the system, the purposes of the system, and the categories of entities and individuals covered by the system.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 218 (Monday, November 14, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 218 (Monday, November 14, 2022)]
[Notices]
[Pages 68153-68155]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-24726]


=======================================================================
-----------------------------------------------------------------------

EXPORT IMPORT BANK


Privacy Act of 1974; Narrative Statement & System of Records 
Notice

AGENCY: Export Import Bank of the United States.

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the Export Import Bank of 
the United States (``EXIM Bank'') is proposing a new system of records 
notice (``SORN''). EXIM Bank is proposing a new system of records--EXIM 
Bank Watch List (``Watch List''). This new SORN will include the 
authorities for maintenance of the system, the purposes of the system, 
and the categories of entities and individuals covered by the system.

DATES: The modified system of records described herein will become 
applicable November 14, 2022.

ADDRESSES: You may submit written comments to EXIM Bank by any of the 
following methods:
    <bullet> Federal eRulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. 
Follow the website instructions for submitting comments.
    <bullet> Email: <a href="/cdn-cgi/l/email-protection#651700024b060a0808000b1116255904450d17000358" http: exim.gov">exim.gov</a>">reg.comments@<a href="http://exim.gov">exim.gov</a></a>. Refer to SORN in the subject 
line.
    <bullet> Mail or Hand Delivery: Office of Information and Privacy, 
Export Import

[[Page 68154]]

Bank of the United States, 811 Vermont Avenue NW, Washington, DC 20571.
    Commenters are strongly encouraged to submit public comments 
electronically. EXIM Bank expects to have limited personnel available 
to process public comments that are submitted on paper through mail. 
Until further notice, any comments submitted on paper will be 
considered to the extent practicable.
    All submissions must include the agency's name (Export Import Bank 
of the United States, or EXIM Bank) and reference this notice. Comments 
received will be posted without change to EXIM Bank's website, <a href="http://www.exim.gov">http://www.exim.gov</a>, including any personal information provided. Do not 
submit comments that include any personally identifiable information or 
confidential business information. Copies of comments may also be 
obtained by writing to Office of Information and Privacy, Export Import 
Bank of the United States, 811 Vermont Avenue NW, Washington, DC 20571.

FOR FURTHER INFORMATION CONTACT: Marina Braginskaya, Senior Counsel for 
Litigation, Fraud & Compliance, Export Import Bank of the United 
States, 811 Vermont Avenue NW, Washington, DC 20571, 202-235-4687. For 
access to any of the EXIM Bank's systems of records, contact Dana 
Jackson Jr., Office of the General Counsel, 811 Vermont Avenue NW, 
Washington DC, 20571, or by calling 202-565-3168, or go to Privacy Act 
System of Records Notice (<a href="http://exim.gov">exim.gov</a>).

SUPPLEMENTARY INFORMATION:

Narrative Statement

    1. What is the purpose for establishing EXIM Watch List?
    EXIM Watch List will provide a central repository of names of 
parties that have given rise to concerns by EXIM Bank personnel with a 
purpose:
    (1) to allow EXIM Bank to collect and maintain records of entities 
and individuals who participate in, or may be anticipated to 
participate in, EXIM Bank programs or activities who for one reason or 
another have given rise to reasonable concerns by EXIM Bank personnel;
    (2) to communicate, across EXIM Bank Divisions, any concerns EXIM 
Bank personnel might have about any entities/individuals; and
    (3) to address concerns by EXIM Bank and mitigate such concerns on 
a transaction-by-transaction basis.
    2. What is the authority for maintaining EXIM Watch List?
    Authority of the Export-Import Bank Act of 1945, as amended (12 
U.S.C. 635 et seq.), Executive Order 9397 as Amended by Executive Order 
13478 signed by President George W. Bush on November 18, 2008, Relating 
to Federal Agency Use of Social Security Numbers.
    3. What is the probable or potential effect of EXIM Watch List?
    The probable or potential effect on the privacy of individuals is 
limited; access to records are restricted to individuals who have the 
appropriate clearance.
    4. What steps will we take to minimize the risk of unauthorized 
access to EXIM Watch List?
    EXIM Bank has established security and privacy protocols that meet 
the required security and privacy standards issued by the National 
Institute of Standards and Technology (NIST). Records are maintained in 
a secure, password protected electronic system that utilizes security 
hardware and software to include multiple firewalls, active intruder 
detection, and role-based access controls. EXIM Bank has adopted 
appropriate administrative, technical, and physical controls in 
accordance with EXIM Bank's security program to protect the 
confidentiality, integrity, and availability of the information, and to 
ensure that records are not disclosed to or accessed by unauthorized 
individuals.
    5. Are the routine uses for EXIM Watch List compatible with the 
purpose for which they are collected?
    The routine uses for this system of records are compatible with the 
purpose for which these records are collected. The proposed routine use 
is necessary and proper for the efficient and effective conduct of the 
Federal Government and to protect EXIM interests.
    6. Are there any OMB Control Numbers, expiration dates, and titles 
of any information collection requests (e.g., forms, surveys, etc.) 
contained in EXIM Watch List and approved by OMB under the Paperwork 
Reduction Act?
    None.
    EXIM Bank is establishing a new system of records, the Watch List. 
The Watch List is a due diligence and risk mitigation tool which acts 
as a central repository of names of parties that have given rise to 
concerns by EXIM Bank personnel. Parties are added to the Watch List 
when there is a reasonable basis to believe that the party had engaged 
in, or is associated with persons that have engaged in, either criminal 
conduct or conduct that could affect EXIM Bank adversely. The Watch 
List will be imbedded into the EXIM Online application system (``EOL'') 
and/or other application or screening systems. The Watch List is not an 
exclusion or debarment list.

SYSTEM NAME AND NUMBER:
    EXIM Online (EOL)

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Export Import Bank of the United States, 811 Vermont Avenue NW, 
Washington, DC 20571. (Records may be kept at an additional location as 
backup for continuity of operations.)

SYSTEM MANAGER(S) AND ADDRESS:
    Marina Braginskaya, Senior Counsel for Litigation, Fraud & 
Compliance, EXIM Bank, 811 Vermont Avenue NW, Washington, DC 20571.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    EXIM Bank requests the information in this application under the 
following authorizations:
    Authority of the Export-Import Bank Act of 1945, as amended (12 
U.S.C. 635 et seq.), Executive Order 9397 as Amended by Executive Order 
13478 signed by President George W. Bush on November 18, 2008, Relating 
to Federal Agency Use of Social Security Numbers.

PURPOSE(S) OF THE SYSTEM:
    (1) To allow EXIM Bank to collect and maintain records of entities 
and individuals who participate in, or may be anticipated to 
participate in, EXIM Bank programs or activities who for one reason or 
another have given rise to reasonable concerns by EXIM Bank personnel;
    (2) to communicate, across EXIM Bank Divisions, any concerns EXIM 
Bank personnel might have about any entities/individuals; and
    (3) to address concerns by EXIM Bank and mitigate such concerns on 
a transaction-by-transaction basis.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Covered entities and individuals are:
    <bullet> suspicious EXIM Bank applicants, or their owners, 
officers, directors or representatives,
    <bullet> suspicious EXIM Bank participants, or their owners, 
officers, directors or representatives,
    <bullet> those who raise reasonable suspicion that the party had 
engaged in, or is associated with persons that have engaged in, either 
criminal conduct or conduct that could affect EXIM Bank or the U.S. 
Government adversely.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Individual records in the Watch List include full name, company 
name, address.

RECORD SOURCE CATEGORIES:
    The primary source of information is from referrals by EXIM Bank 
personnel

[[Page 68155]]

and EXIM Bank's Office of Inspector General.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
    1. General Routine Uses G1 through G14 apply to this system of 
records (see Prefatory Statement of General Routine Uses).
    2. A record from this system may be disclosed to appropriate third-
parties contracted by the Agency to facilitate mediation or other 
dispute resolution procedures or programs.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained manually in electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by any one or more of the following: 
individual name or business entity name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and destroyed in accordance with the 
National Archives and Record Administration's (``NARA'') Basic Laws and 
Authorities (44 U.S.C. 3301, et seq.) or an EXIM Bank records 
disposition schedule approved by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    EXIM Bank has established security and privacy protocols that meet 
the required security and privacy standards issued by the National 
Institute of Standards and Technology (NIST). Records are maintained in 
a secure, password protected electronic system that utilizes security 
hardware and software to include multiple firewalls, active intruder 
detection, and role-based access controls. EXIM Bank has adopted 
appropriate administrative, technical, and physical controls in 
accordance with EXIM Bank's security program to protect the 
confidentiality, integrity, and availability of the information, and to 
ensure that records are not disclosed to or accessed by unauthorized 
individuals.
    Electronic records are stored on computer networks, which may 
include cloud-based systems, and protected by controlled access with 
Personal Identity Verification (PIV) cards, assigning user accounts to 
individuals needing access to the records and by passwords set by 
authorized users that must be changed periodically.
    Information will be stored in electronic format within EOL. EOL has 
configurable, layered data sharing and permissions features to ensure 
users have proper access. Access to EOL is restricted to EXIM Bank 
personnel who need it for their job. Authorized users are limited to 
the Office of the General Counsel staff and they have access to the 
data and functions required to perform their job functions. Based on 
user role assignment, it is determined whether a specific user is 
provided ``view-only'' or ``read-write'' access to the data. These 
privileges are managed via EOL's System Administration, user, and 
security functions.

RECORD ACCESS PROCEDURES:
    Requests to access records under the Privacy Act must be submitted 
in writing and must be signed by the requestor. Requests should be 
addressed to the Freedom of Information and Privacy Office, Export 
Import Bank of the United States, 811 Vermont Ave. NW, Washington, DC 
20571. The request must comply with the requirements of 12 CFR 404.14.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest and/or amend records under the 
Privacy Act must submit a request in writing. The request must be 
signed by the requestor and should be addressed to the Freedom of 
Information and Privacy Office, Export Import Bank of the United 
States, 811 Vermont Ave. NW, Washington, DC 20571. The request must 
comply with the requirements of 12 CFR 404.14.

NOTIFICATION PROCEDURES:
    Individuals seeking to be notified if this system contains a record 
pertaining to himself or herself must submit a request in writing. The 
request must be signed by the requestor and should be addressed to the 
Freedom of Information and Privacy Office, Export Import Bank of the 
United States, 811 Vermont Ave. NW, Washington, DC 20571. The request 
must comply with the requirements of 12 CFR 404.14.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Joyce B. Stone,
Assistant Corporate Secretary.
[FR Doc. 2022-24726 Filed 11-10-22; 8:45 am]
BILLING CODE 6690-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>