Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974 and Office of Management and Budget ("OMB") Circular A-108, the Securities and Exchange Commission ("Commission" or "SEC") is proposing a modification to its system of records notice (SORN), SEC-06, SEC's Financial and Acquisition Management System ("SEC-06"). This proposed update introduces a new routine use to comply with Executive Order (E.O.) 14249, Protecting America's Bank Account Against Fraud, Waste, and Abuse. The change supports enhanced efforts to safeguard federal financial systems and ensure responsible stewardship of public funds. The modified SORN does not change the categories of individuals, the record collection process, the authorities, or the purpose of collection. It also does not affect individuals' rights to access or amend their records under the Privacy Act.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 244 (Tuesday, December 23, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 244 (Tuesday, December 23, 2025)]
[Notices]
[Pages 60165-60168]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-23771]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. PA-63; File No. S7-2025-05]


Privacy Act of 1974; System of Records

AGENCY: Securities and Exchange Commission.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974 and Office of 
Management and Budget (``OMB'') Circular A-108, the Securities and 
Exchange Commission (``Commission'' or ``SEC'') is proposing a 
modification to its system of records notice (SORN), SEC-06, SEC's 
Financial and Acquisition Management System (``SEC-06''). This proposed 
update introduces a new routine use to comply with Executive Order 
(E.O.) 14249, Protecting America's Bank Account Against Fraud, Waste, 
and Abuse. The change supports enhanced efforts to safeguard federal 
financial systems and ensure responsible stewardship of public funds. 
The modified SORN does not change the categories of individuals, the 
record collection process, the authorities, or the purpose of 
collection. It also does not affect individuals' rights to access or 
amend their records under the Privacy Act.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
effective upon publication, subject to a 30-day period in which to 
comment on the routine use, described below. Comments may be submitted 
on or before January 22, 2026.

ADDRESSES: Comments may be submitted by any of the following methods:

Electronic Comments

    <bullet> Use the SEC's internet comment form (<a href="http://www.sec.gov/rules/other.shtml">http://www.sec.gov/rules/other.shtml</a>); or
    <bullet> Send an email to <a href="/cdn-cgi/l/email-protection#483a3d242d652b2725252d263c3b083b2d2b662f273e"><span class="__cf_email__" data-cfemail="2052554c450d434f4d4d454e5453605345430e474f56">[email&#160;protected]</span></a>. Please include 
File Number S7-2025-05 on the subject line.

Paper Comments

    <bullet> Send paper comments to: Secretary, Securities and Exchange 
Commission, 100 F Street NE, Washington, DC 20549-1090.

    All submissions should refer to File Number S7-2025-05. This file 
number should be included on the subject line if email is used. To help 
the Commission process and review your comments more efficiently, 
please use only one method of submission. The Commission will post all 
comments on

[[Page 60166]]

the Commission's website (<a href="http://www.sec.gov/rules/other.shtml">http://www.sec.gov/rules/other.shtml</a>). Do not 
include personal identifiable information in submissions; you should 
submit only information that you wish to make available publicly. We 
may redact in part or withhold entirely from publication submitted 
material that is obscene or subject to copyright protection.

FOR FURTHER INFORMATION CONTACT: Ronnette McDaniel, Branch Chief, 
Privacy and Information Assurance Branch, 202-551-7200 or 
<a href="/cdn-cgi/l/email-protection#2656544f5047455f4e434a566655434508414950"><span class="__cf_email__" data-cfemail="d7a7a5bea1b6b4aebfb2bba797a4b2b4f9b0b8a1">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: On March 25, 2025, Executive Order 14249 was 
issued to modernize federal financial oversight, strengthen controls 
over U.S. General Fund transactions, and combat fraud, waste, and 
abuse. It consolidates payment systems, mandates electronic 
transactions, and enhances accountability in government financial 
operations. The E.O. requires federal agencies to overhaul their 
financial practices by modernizing payment systems, instituting robust 
pre-certification for all payment transactions, and increasing data 
sharing with the Department of Treasury (``Treasury'') to prevent fraud 
and improper payments. In support of this effort, OMB Memorandum M-25-
32 requires agencies to review and update their System of Records 
Notices (SORNs) under the Privacy Act, as relevant and necessary, to 
include a new routine use clause that allows for the sharing of records 
with the Treasury to review payment and award eligibility through the 
Do Not Pay Working System. To ensure compliance with the review and 
update requirements outlined in Executive Order 14249 and OMB 
Memorandum M-25-32, the Commission conducted a comprehensive review of 
its SORN inventory to identify and implement necessary modifications. 
The proposed modification to add a new routine use to the identified 
SORN, SEC-06, aligns with the Privacy Act and incorporates the new 
requirements introduced by OMB Memorandum M-25-32. Accordingly, the 
Commission is proposing to modify SEC-06 to add new routine use number 
14 as follows:
    ``To the U.S. Department of the Treasury when disclosure of the 
information is relevant to review payment and award eligibility through 
the Do Not Pay Working System for the purposes of identifying, 
preventing, or recouping improper payments to an applicant for, or 
recipient of, Federal funds, including funds disbursed by a state 
(meaning a state of the United States, the District of Columbia, a 
territory or possession of the United States, or a federally recognized 
Indian tribe) in a state-administered, federally funded program.''
    The remaining routine uses were previously published.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on the proposal to modify the system of records.

SYSTEM NAME AND NUMBER:
    SEC-06: SEC's Financial and Acquisition Management System.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    1. Securities and Exchange Commission, 100 F Street NE, Washington, 
DC 20549. Files may also be maintained in the Commission's Regional 
Offices.
    2. Federal Aviation Administration, Mike Monroney Aeronautical 
Center, AMZ-740, 6500 S. MacArthur Blvd., Headquarters Bldg. 1, 
Oklahoma City, OK 73169.

SYSTEM MANAGER(S):
    Chief Financial Officer, Office of Financial Management, Securities 
and Exchange Commission, 100 F Street NE, Washington, DC 20549-6041.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    31 U.S.C. 3501, et seq. and 31 U.S.C. 7701(c). Where the employee 
identification number is the social security number, collection of this 
information is authorized by Executive Order 9397.

PURPOSE(S) OF THE SYSTEM:
    Serves as the core financial system and integrates program, 
financial and budgetary information. Records are collected to ensure 
that all obligations and expenditures other than those in the pay and 
leave system are in conformance with laws, existing rules and 
regulations, and good business practice, and to maintain subsidiary 
records at the proper account and/or organizational level where 
responsibility for control of costs exists.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    SEC employees, contractors, vendors, interns, customers and members 
of the public.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Employee personnel information: Limited to SEC employees, and 
includes name, address, Social Security number (SSN); Business-related 
information: Limited to contractors/vendors and customers, and includes 
name of the company/agency, point of contact, telephone number, mailing 
address, email address, contract number, CAGE code, vendor number 
(system unique identifier), DUNS number, and TIN, which could be a SSN 
in the case of individuals set up as sole proprietors; and financial 
information, this includes financial institution name, lockbox number, 
routing transit number, deposit account number, account type, debts 
(e.g., unpaid bills/invoices, overpayments, etc.), and remittance 
address.

RECORD SOURCE CATEGORIES:
    The information maintained in Department of Transportation, (DOT)/
Enterprise Service Center (ESC): Purchase orders, vouchers, invoices, 
contracts, and electronic records; Department of Interior (DOI)/Federal 
Personnel Payroll System (FPPS): travel applications, disgorgement 
information, or other paper records submitted by employees, vendors, 
and other sources, including claims filed by witnesses in SEC actions; 
Delphi-Prism: Fed Traveler, Department of the Interior (DOI) Payroll 
System, Bureau of Public Debt, and EDGAR Financial Management System 
(EFMS).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the Commission as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (1) the SEC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) the SEC has determined that as a result of the suspected 
or confirmed breach there is a risk of harm to individuals, the SEC 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the SEC's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    2. To other federal, state, local, or foreign law enforcement 
agencies; securities self-regulatory organizations; and foreign 
financial regulatory authorities to assist in or coordinate 
regulatoryor law enforcement activities with the SEC.

[[Page 60167]]

    3. In any legal proceeding where the federal securities laws are in 
issue or in which the Commission, or past or present members of its 
staff, is a party or otherwise involved in an official capacity, and 
the SEC has determined that information from this system of records is 
relevant and necessary to the litigation and compatible with the 
purpose for which the records were collected.
    4. To a federal, state, local, tribal, foreign, or international 
agency, if necessary to obtain information relevant to the SEC's 
decision concerning the hiring or retention of an employee; the 
issuance of a security clearance; the letting of a contract; or the 
issuance of a license, grant, or other benefit.
    5. To produce summary descriptive statistics and analytical 
studies, as a data source for management information, in support of the 
function for which the records are collected and maintained or for 
related personnel management functions or manpower studies; may also be 
used to respond to general requests for statistical information 
(without personal identification of individuals) under the Freedom of 
Information Act.
    6. To any persons during the course of any inquiry, examination, or 
investigation conducted by the SEC's staff, or in connection with civil 
litigation, if the staff has reason to believe that the person to whom 
the record is disclosed may have further information about the matters 
related therein, and those matters appeared to be relevant at the time 
to the subject matter of the inquiry.
    7. To interns, grantees, experts, contractors, and others who have 
been engaged by the Commission to assist in the performance of a 
service related to this system of records and who need access to the 
records for the purpose of assisting the Commission in the efficient 
administration of its programs, including by performing clerical, 
stenographic, or data analysis functions, or by reproduction of records 
by electronic or other means. Recipients of these records must agree to 
comply with the provisions of the Privacy Act of 1974, as amended, 5 
U.S.C. 552a.
    8. To a Congressional office from the record of an individual in 
response to an inquiry from the Congressional office made at the 
request of that individual.
    9. To members of Congress or others charged with monitoring the 
work of the Commission or conducting records management inspections.
    10. To a commercial contractor in connection with benefit programs 
administered by the contractor on the Commission's behalf, including, 
but not limited to, supplemental health, dental, disability, life and 
other benefit programs.
    11. To the OMB in connection with the review of private relief 
legislation as set forth in OMB Circular A-19 at any stage of the 
legislative coordination and clearance process as set forth in that 
circular.
    12. To the Treasury or other appropriate agencies to provide 
appropriate audit documentation.
    13. To another Federal agency or Federal entity, when the SEC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    14. To the U.S. Department of the Treasury when disclosure of the 
information is relevant to review payment and award eligibility through 
the Do Not Pay Working System for the purposes of identifying, 
preventing, or recouping improper payments to an applicant for, or 
recipient of, Federal funds, including funds disbursed by a state 
(meaning a state of the United States, the District of Columbia, a 
territory or possession of the United States, or a federally recognized 
Indian tribe) in a state-administered, federally funded program.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in electronic and paper format. Electronic 
records and data are stored in electronic media via a configuration of 
government servers. Physical records are maintained in hard-copy, paper 
format in secure filing cabinets, office spaces, and storage locations, 
including Federal Records Centers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by a name of employee, social security 
number (SSN) for employees, SSN/Tax Identification Number (TIN) for 
vendors doing business with the SEC, Name for both employees and 
vendors, Central Index Key (CIK) (system unique) for both employees and 
vendors, DUNS/DUNS + 4.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    These records will be maintained until they become inactive, at 
which time they will be retired or destroyed in accordance with records 
schedules of the United States Securities and Exchange Commission and 
as approved by the National Archives and Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to SEC facilities, data centers, and information or 
information systems is limited to authorized personnel with official 
duties requiring access. SEC facilities are equipped with security 
cameras and 24-hour security guard service. The records are kept in 
limited access areas during duty hours and in locked file cabinets and/
or locked offices or file rooms at all other times. Computerized 
records are safeguarded in a secured environment. Security protocols 
meet the promulgating guidance as established by the National Institute 
of Standards and Technology (NIST) Security Standards from Access 
Control to Data Encryption and Security Assessment & Authorization 
(SA&A).
    Records are maintained in a secure, password-protected electronic 
system that will utilize commensurate safeguards that may include: 
firewalls, intrusion detection and prevention systems, and role-based 
access controls. Additional safeguards will vary by program. All 
records are protected from unauthorized access through appropriate 
administrative, operational, and technical safeguards. These safeguards 
include: restricting access to authorized personnel who have a ``need 
to know''; using locks; and password protection identification 
features. Contractors and other recipients providing services to the 
Commission shall be required to maintain equivalent safeguards.

RECORD ACCESS PROCEDURES:
    Persons wishing to obtain information on the procedures for gaining 
access to or contesting the contents of these records may submit a 
request online at <a href="http://www.sec.gov">www.sec.gov</a> or contact the FOIA/PA Officer, 
Securities and Exchange Commission, 100 F Street NE, Washington, DC 
20549-2736.

CONTESTING RECORD PROCEDURES:
    See Record Access Procedures above.

NOTIFICATION PROCEDURES:
    All requests to determine whether this system of records contains a 
record pertaining to the requesting individual may be requested online 
at <a href="http://www.sec.gov">www.sec.gov</a> or directed to the FOIA/PA Officer, Securities and 
Exchange Commission, 100 F Street NE, Washington, DC 20549-2736.

[[Page 60168]]

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This SORN was last published in full in the Federal Register at 40 
FR 39253 (August 27, 1975). Subsequent notices of revision can be found 
at the following citations:

--41 FR 5318 (February 5, 1976)
--41 FR 11631 (March 19, 1976)
--41 FR 41550 (September 22, 1976)
--42 FR 36333 (July 14, 1977)
--46 FR 63439 (December 31, 1981)
--59 FR 27626 (May 27, 1994)
--62 FR 47884 and 47885 (September 11, 1997)
--63 FR 11938 (March 11, 1998)
--77 FR 16569 (March 21, 2012)
--85 FR 85440 (January 27, 2021)


    By the Commission.

    Dated: December 19, 2025.
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2025-23771 Filed 12-22-25; 8:45 am]
BILLING CODE 8011-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>