Privacy Act of 1974; System of Records

Issuing agencies

Abstract

The U.S. International Development Finance Corporation (DFC) proposes modifications to its systems of records for DFC/01, DFC/02 and DFC/03 under the Privacy Act of 1974. The modifications include: Updating the contact information for the current Chief Information Officer and adding a new routine use allowing disclosure to the Department of the Treasury when reviewing payment and award eligibility through the Do Not Pay Working System to identify, prevent, or recoup improper payments, in compliance with M-25-32 and E.O. 14249.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 177 (Tuesday, September 16, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 177 (Tuesday, September 16, 2025)]
[Notices]
[Pages 44649-44650]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-17853]


=======================================================================
-----------------------------------------------------------------------

U.S. INTERNATIONAL DEVELOPMENT FINANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: U.S. International Development Finance Corporation (DFC).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. International Development Finance Corporation (DFC) 
proposes modifications to its systems of records for DFC/01, DFC/02 and 
DFC/03 under the Privacy Act of 1974. The modifications include: 
Updating the contact information for the current Chief Information 
Officer and adding a new routine use allowing disclosure to the 
Department of the Treasury when reviewing payment and award eligibility 
through the Do Not Pay Working System to identify, prevent, or recoup 
improper payments, in compliance with M-25-32 and E.O. 14249.

DATES: Submit comments on or before October 16, 2025. The new routine 
use will be effective October 16, 2025 unless modified in response to 
public comment.

ADDRESSES: You may submit comments by any of the following methods:
    Mail: Willie Williams, Chief Information Officer, Office of the 
Chief Information Officer, U.S. International Development Finance 
Corporation, 1100 New York Avenue NW, Washington, DC 20527.
    Email: <a href="/cdn-cgi/l/email-protection#a5c3c0c1d7c0c2e5c1c3c68bc2cad3"><span class="__cf_email__" data-cfemail="85e3e0e1f7e0e2c5e1e3e6abe2eaf3">[email&#160;protected]</span></a>.
    All submissions should include the system name and number (DFC/01, 
DFC/02 and DFC/03).
    Please note that all written comments received in response to this 
notice will be considered public records.

FOR FURTHER INFORMATION CONTACT: Willie Williams, Chief Information 
Officer, (202) 336-8404.

SUPPLEMENTARY INFORMATION: DFC last published its comprehensive SORN 
update on 85 FR 43210 (July 16, 2020), which incorporated systems 
transferred under the BUILD Act of 2018. This proposed modification:
    1. Updates the CIO contact information (previously Mark Rein) to 
Willie Williams.
    2. Adds a new routine use for the Do Not Pay Working System 
consistent with M-25-32 Appendix I. The addition of this routine use 
ensures DFC's compliance with statutory requirements under the Payment 
Integrity Information Act of 2019 and E.O. 14249, enhancing the 
Agency's ability to prevent improper payments while protecting privacy.

SYSTEM NAME AND NUMBER:
    DFC/01--Oracle E-Business Suite (EBS).
    DFC/02--Salesforce Customer Relationship Management System 
(``Insight'').
    DFC/03--Payroll, Time and Attendance, Retirement, and Leave 
Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    U.S. International Development Finance Corporation, 1100 New York 
Avenue NW, Washington, DC 20527.
    For DFC/01: Data is hosted within secure Oracle EBS environments 
operated in accordance with Federal security standards.
    For DFC/02: The system is located in an Enterprise Government Cloud 
Service environment. The system is hosted at secured Salesforce General 
Services Administration (GSA) data centers (NA-21) in Washington, DC, 
and Chicago, IL; one site acts as the active host and the other serves 
as the disaster recovery location operating under near-real-time 
replication protocol.
    For DFC/03: Records are maintained in secured facility storage and 
electronic systems with NIST-compliant controls.

SYSTEM MANAGER(S):
    Chief Information Officer: Willie Williams, U.S. International 
Development Finance Corporation, 1100 New York Avenue NW, Washington, 
DC 20527; Phone: (202) 336-8404.
    DFC/01--Oracle E-Business Suite (EBS).
    Chief Information Officer: Willie Williams, U.S. International 
Development Finance Corporation, 1100 New York Avenue NW, Washington, 
DC 20527; Phone: (202) 336-8404.
    Business System Owner: Managing Director, Financial Management 
Division.
    Technical System Owner: Business Information Systems Director.
    DFC/02--Salesforce Customer Relationship Management System 
(``Insight'').
    Business System Owner: Managing Director for Finance Program 
Systems and Procedures, U.S. International Development Finance 
Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: 
(202) 336-8400.
    Technical System Owner: Business Information Systems Director, U.S. 
International Development Finance Corporation, 1100 New York Avenue NW, 
Washington, DC 20527; Phone: (202) 336-8400.
    DFC/03--Payroll, Time and Attendance, Retirement, and Leave 
Records.
    Business System Owner: Vice President and Chief Administrative 
Officer, U.S. International Development Finance Corporation, 1100 New 
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.

[[Page 44650]]

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    DFC/01: Federal Acquisition Regulation (FAR) 52.232-25; Chief 
Financial Officers Act of 1990, Pub. L. 101-576; Federal Financial 
Management Improvement Act of 1996, Pub. L. 104-208; Office of 
Management and Budget (OMB) Circular A-123, Management's Responsibility 
for Internal Control; and the Better Utilization of Investments Leading 
to Development (BUILD) Act of 2018, 22 U.S.C. Sec.  9601 et seq.
    DFC/02: Better Utilization of Investments Leading to Development 
(BUILD) Act of 2018, 22 U.S.C. Sec.  9601 et seq.; and 44 U.S.C. Sec.  
3101 et seq., Records Management by Agency Heads.
    DFC/03: General authority for agency records management is provided 
by 5 U.S.C. 301, Departmental Regulations, and 44 U.S.C. 3101, Records 
Management by Agency Heads.

PURPOSE(S) OF THE SYSTEM:
    DFC/01: To operate as the agency's official financial management 
system of record, used for administrative business accounting, 
obligation and expenditure tracking, disbursement and collection 
processing, working capital budget execution, and other financial 
management activities necessary to support DFC's programs and statutory 
mission.
    DFC/02: To manage the full lifecycle of DFC project and client 
relationship information from intake through closeout, including 
tracking and administration of project data, client contact 
information, and the status (but not results) of Know Your Customer 
(KYC) due diligence. Data are also used for evaluating and improving 
DFC's products and programs, and to support related business processes 
such as payment commitments and reporting.
    DFC/03: To maintain and administer records related to DFC 
employees' pay, work hours, leave, and retirement in order to carry out 
the agency's human resources and payroll functions in accordance with 
applicable Federal laws, regulations, and policies. This includes 
supporting payroll processing, tracking time and attendance, managing 
leave balances, and administering retirement benefits for current and 
former employees, contractors, and other covered personnel.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Includes current and former employees, contractors, PSCs, 
applicants, award recipients, vendors, and foreign and domestic 
individuals engaged in business with the Agency.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Refer to 85 FR 43210 for full details. Includes PII such as names, 
contact info, SSNs/TINs, financial account data, building access 
records, security clearance data, and emergency contact information.

RECORD SOURCE CATEGORIES:
    Data is collected directly from individuals, from federal systems 
such as <a href="http://SAM.gov">SAM.gov</a>, and from internal operational systems including 
Salesforce ``Insight'' and Oracle EBS.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), the following routine use is added to both DFC/01, DFC/02 and 
DFC/03:
    New Routine Use (M-25-32):
    To the U.S. Department of the Treasury when disclosure of the 
information is relevant to review payment and award eligibility through 
the Do Not Pay Working System for the purposes of identifying, 
preventing, or recouping improper payments to an applicant for, or 
recipient of, Federal funds, including funds disbursed by a state 
(meaning a state of the United States, the District of Columbia, a 
territory or possession of the United States, or a federally recognized 
Indian tribe) in a state-administered, federally funded program.
    Existing routine uses published in 85 FR 43210 remain in effect for 
each system.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper and electronic formats; secured cabinets; encrypted 
databases.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    By name, ID, or other personal identifiers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Per NARA GRS schedules; electronic data destroyed via degaussing/
erasure, paper via shredding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Controlled access, NIST-based IT security standards, password 
authentication, encryption, logging, and staff training on records and 
privacy requirements.

RECORD ACCESS PROCEDURES:
    Requests under the Privacy Act should be submitted to the System 
Manager per 22 CFR 707.21-707.23.

CONTESTING RECORD PROCEDURES:
    Requests under the Privacy Act should be submitted to the System 
Manager per 22 CFR 707.21-707.23.

NOTIFICATION PROCEDURES:
    Requests under the Privacy Act should be submitted to the System 
Manager per 22 CFR 707.21-707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    85 FR 43210 (July 16, 2020).
    Key Compliance Notes:
    OMB Circular A-108 formatting and section requirements are met.
    Compliance steps outlined in M-25-32 Section 3(d)(i)-(iii) have 
been followed: system identification, applicability determination, and 
inclusion of standardized routine use language.
    This notice will be published in the Federal Register at least 30 
days before the effective date, as required by 5 U.S.C. 552a(e)(11) and 
OMB Circular A-108 Sec.  6(k).

Lisa Wischkaemper,
Administrative Counsel, Office of the General Counsel.
[FR Doc. 2025-17853 Filed 9-15-25; 8:45 am]
BILLING CODE 3210-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>