Privacy Act of 1974; System of Records

Issuing agencies

Abstract

This notice informs the public of the National Credit Union Administration's (NCUA's) proposal to modify system of records notice NCUA-19. This system of records serves as the core financial and acquisition system and integrates NCUA's program, financial, and budgetary information.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 242 (Friday, December 19, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 242 (Friday, December 19, 2025)]
[Notices]
[Pages 59591-59593]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-23364]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974; System of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: This notice informs the public of the National Credit Union 
Administration's (NCUA's) proposal to modify system of records notice 
NCUA-19. This system of records serves as the core financial and 
acquisition system and integrates NCUA's program, financial, and 
budgetary information.

DATES: Submit comments on or before January 20, 2026. This modification 
will be effective immediately, and new routine uses will be effective 
on January 20, 2026.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
    <bullet> Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, VA 22314-3428.
    <bullet> Email: Comments may be sent to <a href="/cdn-cgi/l/email-protection#7626041f0017150f361815031758111900"><span class="__cf_email__" data-cfemail="7c2c0e150a1d1f053c121f091d521b130a">[email&#160;protected]</span></a>.

FOR FURTHER INFORMATION CONTACT: Chief Financial Officer, Office of the 
Chief Financial Officer, NCUA, 1775 Duke Street, Alexandria, VA 22314 
or Jennifer Harrison, Office of General Counsel, National Credit Union 
Administration, 1775 Duke Street, Alexandria, VA 22314 or by phone at 
(703) 518-6540.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974, the 
NCUA proposes modifying NCUA-19 to provide new routine uses in 
accordance with Office of Management and Budget (OMB) Memorandums M-17-
12 and M-25-32 and to update the format in accordance with OMB Circular 
A-108.
    Additionally, the NCUA is making substantive changes to the 
following sections of the system of records notice:
    1. NCUA has updated the Routine Uses of Records Maintained in the 
System to include four new routine uses and to include a full list of 
relevant routine uses and remove references to ``standard routine 
uses''; Routine Use 16 allows for the sharing for the purpose of 
collecting or assisting in the collection of delinquent debts and 
Routine Uses 1, 14, and 15 are being published in accordance with M-17-
12 and M-25-32.
    2. NCUA has updated Policies and Practices for Storage of Records 
to reflect updated storage processes.
    3. NCUA has updated Administrative, Technical, and Physical 
Safeguards to accurately reflect how these records are protected.
    4. NCUA has updated Record Access, Contesting Record, and 
Notification Procedures to accurately reflect the NCUA procedures as 
detailed in 12 CFR 792.55.
    The NCUA is making non-substantive modifications to the following 
sections of the system of records notice: Security Classification, 
System Location, Authority for Maintenance of the System, Purpose(s) of 
the System, Categories of Individuals Covered by the System, Categories 
of Records in the System, Record Source Categories, Policies and 
Practices for Retrieval of Records, Policies and Practices for 
Retention and Disposal of Records, and History.
    Non-substantive modifications have also been made to ensure that 
the format of NCUA-19 aligns with the guidance set forth in Office of 
Management and Budget Circular A-108.

    By the National Credit Union Administration Board on December 
16, 2025.
Melane Conyers-Ausbrooks,
Secretary of the Board.
SYSTEM NAME AND NUMBER:
    NCUA Financial and Acquisition Management System, NCUA-19.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    (1) Enterprise Services Center, 6500 South MacArthur Blvd., 
Oklahoma City, OK 73169 and (2) Office of the Chief Financial Officer 
(OCFO), National Credit Union Administration (NCUA), 1775 Duke Street, 
Alexandria, VA 22314.

SYSTEM MANAGER(S):
    Chief Financial Officer, Office of the Chief Financial Officer, 
NCUA, 1775 Duke Street, Alexandria, VA 22314.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1751, et seq.; 31 U.S.C. 3501, et seq.; and 31 U.S.C. 
7701(c). Where the employee identification number is the Social 
Security number, collection of this information is authorized by 
Executive Order 9397.

PURPOSE(S) OF THE SYSTEM:
    This system serves as the core financial and acquisition system and 
integrates program, financial, and budgetary information. Records are 
collected to ensure that all obligations and expenditures are in 
conformance with laws, existing rules and regulations, and good 
business practices, and to maintain subsidiary records at the proper 
account and/or organizational level where responsibility for control of 
costs exists.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system of records includes information about individuals who 
may be current and former NCUA employees and interns; current and 
former contractors, suppliers or vendors; and current and former 
customers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system of records includes (1) individual NCUA employees' 
names, addresses, and Social Security numbers (SSNs); (2) individual 
contractors, vendors, customers, individual names of companies, points 
of contact, telephone numbers, mailing addresses, email addresses, 
contract numbers, vendor numbers including Data Universal Numbering 
System (DUNS) and Tax Identification Number (TIN) numbers, which can be 
an SSN in the case of individuals set up as sole proprietors and; (3) 
financial information includes an individual's financial institution 
name, lockbox number, routing transit number, deposit account number, 
account type, debts (e.g., unpaid bills/invoices, overpayments, etc.), 
and remittance addresses.

RECORD SOURCE CATEGORIES:
    The sources of records for this system are the individual upon whom 
the record is maintained; other government agencies; contractors, 
vendors; or from another NCUA office maintaining the records in the 
performance of their duties. Information maintained in Department of 
Transportation, (DOT)/Enterprise Service Center (ESC) systems includes 
purchase orders, contracts, vouchers, invoices, contracts, 
disbursements, receipts/collections, Pay.Gov transactions, and related 
records; U.S. General Services Administration (GSA) Federal personnel 
payroll system (for payroll disbursement postings): Concur (for travel 
disbursements); JPMorgan Chase (for charge card payments); travel 
advance applications; other records submitted by individuals, 
employees, and vendors.

[[Page 59592]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. To the U.S. Department of the Treasury when disclosure of the 
information is relevant to review payment and award eligibility through 
the Do Not Pay Working System for the purposes of identifying, 
preventing, or recouping improper payments to an applicant for, or 
recipient of, Federal funds, including funds disbursed by a state 
(meaning a state of the United States, the District of Columbia, a 
territory or possession of the United States, or a federally recognized 
Indian tribe) in a state-administered, federally funded program.
    2. Records may be shared with a vendor that NCUA is doing business 
with if a dispute about payments or amounts due arises. In such a 
situation, only the minimum amount of information needed to resolve the 
dispute will be shared with the vendor.
    3. If a record in this system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether federal, state, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto.
    4. A record from this system of records may be disclosed as a 
routine use to a federal, state, or local agency which maintains civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary, to obtain 
information relevant to an agency decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    5. A record from this system of records may be disclosed as a 
routine use to a federal agency, in response to its request, for a 
matter concerning the hiring or retention of an employee, the issuance 
of a security clearance, the reporting of an investigation of an 
employee, the letting of a contract, or the issuance of a license, 
grant, or other benefit by the requesting agency, to the extent that 
the information is relevant and necessary to the requesting agency's 
decision in the matter.
    6. A record from this system of records may be disclosed as a 
routine use to an authorized appeal grievance examiner, formal 
complaints examiner, equal employment opportunity investigator, 
arbitrator or other duly authorized official engaged in investigation 
or settlement of a grievance, complaint, or appeal filed by an 
employee. Further, a record from this system of records may be 
disclosed as a routine use to the Office of Personnel Management in 
accordance with the agency's responsibility for evaluation and 
oversight of federal personnel management.
    7. A record from this system of records may be disclosed as a 
routine use to officers and employees of a federal agency for purposes 
of audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity.
    8. A record from this system of records may be disclosed as a 
routine use to a member of Congress or to a congressional staff member 
in response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained.
    9. A record from this system of records may be disclosed as a 
routine use to the officers and employees of the General Services 
Administration (GSA) in connection with administrative services 
provided to this Agency under agreement with GSA.
    10. Records in this system of records may be disclosed as a routine 
use to the Department of Justice, when: (a) NCUA, or any of its 
components or employees acting in their official capacities, is a party 
to litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation, provided, 
however, that in each case, NCUA determines that disclosure of the 
records to the Department of Justice is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    11. Records in this system of records may be disclosed as a routine 
use in a proceeding before a court or adjudicative body before which 
NCUA is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation, 
provided, however, NCUA determines that disclosure of the records to 
the Department of Justice is a use of the information contained in the 
records that is compatible with the purpose for which the records were 
collected.
    12. To contractors, experts, consultants, and the agents thereof, 
and others performing or working on a contract, service, cooperative 
agreement, or other assignment for the NCUA when necessary to 
accomplish an agency function or administer an employee benefit 
program.
    13. A record from this system of records may be shared with the 
Office of Management and Budget (OMB) in connection with the review of 
private relief legislation as set forth in OMB Circular A-19 at any 
stage of the legislative coordination and clearance process as set 
forth in that circular.
    14. To appropriate agencies, entities, and persons when (1) the 
NCUA suspects or has confirmed that there has been a breach of the 
system of records; (2) the NCUA has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the NCUA (including its information systems, programs, and operations), 
the Federal Government, or national security; and (3) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the NCUA's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    15. To another Federal agency or Federal entity, when the NCUA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

[[Page 59593]]

    16. To the Department of the Treasury, federal debt collection 
centers, other appropriate federal agencies, and private collection 
contractors or other third parties authorized by law, for the purpose 
of collecting or assisting in the collection of delinquent debts owed 
to NCUA.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in paper and/or electronic form. Paper 
records are stored in locked file rooms and/or file cabinets. 
Electronic records and backups are stored on secure servers, approved 
by NCUA's Office of the Chief Information Officer, within a FedRAMP-
authorized commercial Cloud Service Provider's Software-as-a-Service 
solution hosting environment and accessed only by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by an employee's name; vendor or contractor 
name; employee ID; Social Security number (SSN); SSN/Tax Identification 
Number (TIN) for contractors and vendors doing business with the NCUA; 
supplier number (system unique) for both employees and vendors; DUNS 
and DUNS with the last four numbers of an SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed of in accordance with the 
General Records Retention Schedules issued by the National Archives and 
Records Administration (NARA).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited only to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable Federal laws 
and regulations, including Office of Management and Budget Circular A-
130 and NIST Special Publication 800-37. Paper records are maintained 
in locked file rooms and/or file cabinets accessible only by authorized 
personnel.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314 or submit a request through email to 
<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2656544f5047455f664845534708414950">[email&#160;protected]</a>. The following information must be provided: (1) Full 
name; (2) Any available information regarding the type of record 
involved; (3) The address to which the record information should be 
sent; and (4) Verification of identity. Individuals requesting access 
must comply with NCUA's Privacy Act regulations regarding verification 
of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314 or submit a request 
through email to <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e595978c9384869ca58b869084cb828a93">[email&#160;protected]</a>. The following information must be 
provided: (1) Full name; (2) Any available information regarding the 
type of record involved; (3) The address to which the record 
information should be sent; and (4) Verification of identity. 
Individuals must comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

NOTIFICATION PROCEDURES:
    Individuals requesting access must also comply with NCUA's Privacy 
Act regulations regarding verification of identity and access to 
records (12 CFR 792.55). An individual may inquire as to whether the 
system contains information pertaining to the individual by submitting 
a written request to the Senior Agency Official for Privacy, NCUA, 1775 
Duke Street, Alexandria, VA 22314 or submitting a request through email 
to <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bbcbc9d2cddad8c2fbd5d8ceda95dcd4cd">[email&#160;protected]</a>. The following information must be provided: (1) 
Full name; (2) Any available information regarding the type of record 
involved; (3) The address to which the record information should be 
sent; and (4) Verification of identity. Individuals must comply with 
NCUA's Privacy Act regulations regarding verification of identity and 
access to records (12 CFR 792.55). If there is no information on the 
individual, the individual will be so advised.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    81 FR 83281 (November 21, 2016).

[FR Doc. 2025-23364 Filed 12-18-25; 8:45 am]
BILLING CODE 7535-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>