Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974, as amended, the Federal Deposit Insurance Corporation (FDIC) is modifying an existing system of records titled FDIC-005, "Consumer Complaint and Inquiry Records." This system of records supports the FDIC's regulatory and supervisory functions. It permits the FDIC to receive, investigate, and respond to complaints and inquiries from individuals concerning the activities or practices of the FDIC; FDIC-insured depository institutions; and persons/entities engaged in misuses of the FDIC's name or logo or misrepresentations about deposit insurance. The system helps the FDIC and other FDIC stakeholders to scope examinations and take appropriate supervisory actions. The FDIC is updating this system of records to rename it as FDIC-005, "Consumer Complaint and Public Inquiry Records," to modify several sections of this notice, and to seek public comment on four proposed routine uses. Additionally, this notice includes non-substantive changes to simplify the formatting and text of the previously published notice and improve consistency across FDIC system of records notices.

Full Text

<html>
<head>
<title>Federal Register, Volume 91 Issue 63 (Thursday, April 2, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 63 (Thursday, April 2, 2026)]
[Notices]
[Pages 16710-16713]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-06428]



[[Page 16710]]

=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Federal Deposit Insurance Corporation (FDIC) is modifying an existing 
system of records titled FDIC-005, ``Consumer Complaint and Inquiry 
Records.'' This system of records supports the FDIC's regulatory and 
supervisory functions. It permits the FDIC to receive, investigate, and 
respond to complaints and inquiries from individuals concerning the 
activities or practices of the FDIC; FDIC-insured depository 
institutions; and persons/entities engaged in misuses of the FDIC's 
name or logo or misrepresentations about deposit insurance. The system 
helps the FDIC and other FDIC stakeholders to scope examinations and 
take appropriate supervisory actions. The FDIC is updating this system 
of records to rename it as FDIC-005, ``Consumer Complaint and Public 
Inquiry Records,'' to modify several sections of this notice, and to 
seek public comment on four proposed routine uses. Additionally, this 
notice includes non-substantive changes to simplify the formatting and 
text of the previously published notice and improve consistency across 
FDIC system of records notices.

DATES: This action will become effective on April 2, 2026. The routine 
uses in this action will become effective May 4, 2026, unless the FDIC 
makes changes based on comments received. Written comments should be 
submitted on or before May 4, 2026.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records (FDIC-005) by any of the 
following methods:
    <bullet> Agency Website: <a href="https://www.fdic.gov/resources/regulations/federal-register-publications/">https://www.fdic.gov/resources/regulations/federal-register-publications/</a>. Follow the instructions for 
submitting comments on the FDIC website.
    <bullet> Email: <a href="/cdn-cgi/l/email-protection#7e1d1113131b100a0d3e181a171d50191108"><span class="__cf_email__" data-cfemail="6e0d0103030b001a1d2e080a070d40090118">[email&#160;protected]</span></a>. Include ``Comments-SORN (FDIC-
005)'' in the subject line of communication.
    <bullet> Mail: Jennifer M. Jones, Deputy Executive Secretary, 
Attention: Comments SORN (FDIC-005), Legal Division, Office of the 
Executive Secretary, Federal Deposit Insurance Corporation, 550 17th 
Street NW, Washington, DC 20429.
    <bullet> Hand Delivery/Courier: Comments may be hand-delivered to 
the guard station at the rear of the 550 17th Street NW building 
(located on F Street NW) on business days between 7:00 a.m. and 5:00 
p.m.
    Public Inspection: Comments received, including any personal 
information provided, may be posted without change to <a href="https://www.fdic.gov/resources/regulations/federal-register-publications/">https://www.fdic.gov/resources/regulations/federal-register-publications/</a>. 
Commenters should submit only information that the commenter wishes to 
make available publicly. The FDIC may review, redact, or refrain from 
posting all or any portion of any comment that it may deem to be 
inappropriate for publication, such as irrelevant or obscene material. 
The FDIC may post only a single representative example of identical or 
substantially identical comments and in such cases will generally 
identify the number of identical or substantially identical comments 
represented by the posted example. All comments that have been 
redacted, as well as those that have not been posted, that contain 
comments on the merits of this document will be retained in the public 
comment file and will be considered as required under all applicable 
laws. All comments may be accessible under the Freedom of Information 
Act (FOIA).

FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Assistant Director, 
Privacy, 703-516-5500, <a href="/cdn-cgi/l/email-protection#304042594651534970565459531e575f46"><span class="__cf_email__" data-cfemail="9eeeecf7e8fffde7def8faf7fdb0f9f1e8">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974, 5 
U.S.C. 552a, FDIC is modifying an existing system of records, FDIC-005, 
``Consumer Complaint and Inquiry Records'' to rename it FDIC-005, 
``Consumer Complaint and Public Inquiry Records.'' In this notice, the 
FDIC proposes to update various sections of the system of records 
notice (SORN) that include, among other things, FDIC's intake of 
complaints and inquiries by individuals concerning the activities or 
practices of the FDIC, FDIC-insured depository institutions, and 
persons/entities engaged in misuses of the FDIC's name or logo or 
misrepresentations about deposit insurance. The System Title is being 
updated to better reflect the types of records covered. The System 
Location section is updated to reflect that the records may be 
maintained at various FDIC locations including authorized cloud 
environments. The System Manager section is being modified to add 
additional system managers. The Authority for Maintenance of the System 
section is expanded to include appropriate authorities for the 
collection. The Purpose(s) of the System section is expanded to include 
intake of complaints and inquiries about the activities or practices of 
the FDIC and persons/entities engaged in misuses of FDIC's name or logo 
or misrepresentations about deposit insurance. The Categories of 
Individuals section is being expanded to include specific individuals 
like appraisers; individuals who have been referred from another 
agency; or individuals who need to be referred to another agency.
    The Routine Uses section is being renumbered and modified to list 
FDIC's standard routine uses (routine uses 1-10) first and to propose 
four new routine uses. Proposed standard Routine Use 8 supports the 
disclosure of information from the system of records as may be required 
by Federal statute, treaty, or other international agreement. Proposed 
standard Routine Use 9 supports the disclosure of information as may be 
needed to support the comparison of FDIC's records to another agency's 
system of records or to non-Federal records, in coordination with an 
Office of Inspector General in conducting an audit, investigation, 
inspection, evaluation, or other review. Proposed Routine Use 11 would 
merge two previous routine uses to permit the release of information to 
FDIC-insured depository institutions and other parties that may have 
information useful to the FDIC's review of the complaint or inquiry. 
Proposed Routine Use 12 has been modified and proposes to allow for 
disclosures to any agency with direct regulatory or supervisory 
authority over the FDIC-insured depository institution to obtain 
information relevant to the matter or enable that agency to investigate 
the matter. Previous Routine Uses 8 (records management inspections) 
and 10 (to labor organizations) have been removed from the SORN as they 
are not needed.
    The FDIC is modifying the Policies and Practices for Storage, 
Retention and Disposal sections to provide detail on the storage of 
electronic records and to include language on the disposal of records 
in accordance with approved FDIC record retention schedules. The FDIC 
is also modifying the Administrative, Technical, and Physical 
Safeguards section to provide additional detail on the safeguards used 
to protect this information. Finally, the FDIC is modifying the 
sections containing the Procedures for Notification, Access, and 
Contesting Records to improve the clarity of the instructions to the 
public and to direct the public to the appropriate FDIC website for 
information on how to request

[[Page 16711]]

notification of, access to, or to contest the contents of records in 
FDIC-005.
    This modified system will be updated in FDIC's inventory of record 
systems.

SYSTEM NAME AND NUMBER:
    Consumer Complaint and Public Inquiry Records, FDIC-005.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The Federal Deposit Insurance Corporation (FDIC) located at 550 
17th Street NW, Washington, DC 20429.

SYSTEM MANAGER(S):
    Assistant Director, National Center for Consumer and Depositor 
Assistance, Division of Depositor and Consumer Protection, FDIC, 1100 
Walnut St., Ste. 2100, Kansas City, MO 64106.
    Ombudsman, Office of the Ombudsman, 3501 Fairfax Dr., Arlington, VA 
22226.
    Program Manager, Data Strategy Section, Division of Insurance and 
Research, 3501 Fairfax Dr., Arlington, VA 22226.
    Senior Counsel, Consumer Protection & Compliance Unit, Legal 
Division, 550 17th St. NW, Washington, DC 20429.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 9 and 18(a)(4) of the Federal Deposit Insurance Act (12 
U.S.C. 1819 and 1828(a)(4)); the Federal Financial Institutions Reform, 
Recovery, and Enforcement Act (12 U.S.C. 1835 and 3351(i)); Section 
202(f) of Title II of the Federal Trade Improvement Act (15 U.S.C. 
57a(f)); and Section 309 of the Riegle Community Development and 
Regulatory Improvement Act of 1994 (12 U.S.C. 4806).

PURPOSE(S) OF THE SYSTEM:
    The information in this system supports the FDIC regulatory and 
supervisory functions through the intake of complaints or inquiries 
concerning (1) the activities or practices of the FDIC, (2) the 
activities or practices of FDIC-insured depository institutions, and 
(3) misuses of FDIC's name or logo or misrepresentations about deposit 
insurance. The information is used to identify concerns, manage 
correspondence, and respond to complaints, inquiries, and concerns 
expressed by individuals. The system supports the FDIC's receipt and 
handling of complaints and inquiries for information or assistance from 
bank customers and other consumers, bankers, small business owners, 
researchers, appraisers, and other members of the public. The FDIC uses 
information in this system of records to identify the nature of the 
complaint or inquiry and to track, manage, and respond to complaints 
and inquiries. The information in the system of records may also be 
used to support the development and operation of current and future 
information technology to support the objectives of identifying 
patterns of consumer harm at FDIC-insured depository institutions, 
which further helps FDIC examination staff and other FDIC stakeholders 
to scope examinations and take appropriate supervisory actions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who have submitted a complaint or inquiry; individuals 
who have been referred from another agency; or individuals who need to 
be referred to another agency.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains correspondence and records of other 
communications between the FDIC and the individual, such as copies of 
supporting documents and contact information including name, email 
address, home address, phone number, online identity verification 
information, financial account information, and any other information 
voluntarily supplied by the individual. The system may also contain 
other information gathered by the FDIC as necessary to process the 
complaint or inquiry, and the FDIC's response to the individual. The 
exact nature of the information may vary depending on the complaint or 
inquiry. This system may also contain regulatory and supervisory 
communications between the FDIC and the FDIC-insured depository 
institution in question and/or intra-agency or inter-agency memoranda 
or correspondence relevant to the complaint or inquiry.
    Note: This system of records does not cover FDIC investigative or 
enforcement records that are related to or created in response to a 
complaint or inquiry covered by this system. Such investigative and 
enforcement records are covered by a separate FDIC system of records 
titled FDIC-002, Financial Institution Investigative and Enforcement 
Records.

RECORD SOURCE CATEGORIES:
    The individual on whom the record is maintained; FDIC-insured 
depository institutions or persons/entities that are the subject of the 
complaint or inquiry or have information that may be useful to the FDIC 
in responding to the complaint or inquiry; the appropriate Federal or 
State agency with regulatory or supervisory authority over the 
institution; congressional offices that may be involved in the 
complaint or inquiry; and other parties providing information to the 
FDIC in an attempt to resolve the complaint or inquiry.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FDIC 
as a routine use as follows:
    (1) To appropriate Federal, State, local, tribal, territorial, and 
foreign agencies responsible for investigating or prosecuting a 
violation of, or for enforcing or implementing a statute, rule, 
regulation, or order issued, when the information, either alone or in 
conjunction with other information, indicates a violation or potential 
violation of law, whether civil, criminal, or regulatory in nature, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto.
    (2) To a court or adjudicative body before which the FDIC is 
authorized to appear when, (a) the FDIC or any component thereof; or 
(b) any employee of the FDIC in his or her official capacity; or (c) 
any employee of the FDIC in his or her individual capacity where the 
FDIC has agreed to represent the employee; or (d) the United States; 
where the FDIC determines that litigation is likely to affect the FDIC 
or any of its components, is a party to litigation or has an interest 
in such litigation, and the FDIC determines that use of such records is 
relevant and necessary to the litigation, provided, however, that in 
each case, the FDIC determines that disclosure of the records is a use 
of the information contained in the records which is compatible with 
the purpose for which the records were collected.
    (3) To a congressional office in response to an inquiry made by the 
congressional office at the request of the individual who is the 
subject of the record.
    (4) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; and (c) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in

[[Page 16712]]

connection with the FDIC's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    (5) To another Federal agency or Federal entity when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach; or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (6) To appropriate Federal, State, local, tribal, and territorial 
agencies in connection with hiring or retaining an individual, 
conducting a background security or suitability investigation; 
adjudication of liability; or eligibility for a license, contract, 
grant, or other benefit to the extent that the information shared is 
relevant and necessary to the requesting agency's decision on the 
matter.
    (7) To contractors, grantees, experts, consultants, students, 
volunteers, and others performing or working on a contract, service, 
grant, cooperative agreement, or project for the FDIC or the Office of 
Inspector General for use in carrying out their obligations under such 
contract, service, grant, agreement, or project.
    (8) To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.
    (9) To a Federal, State, local, tribal, or territorial agency for 
the purpose of comparing to the agency's system of records or to non-
Federal records, in coordination with an Office of Inspector General in 
conducting an audit, investigation, inspection, evaluation, or other 
review as authorized by the Inspector General Act of 1978, as amended.
    (10) To Federal agencies, and to those Federal employees designated 
by the President or Agency Heads pursuant to Executive Order 14243, for 
the purposes of identifying and eliminating waste, fraud, and abuse, 
including the elimination of bureaucratic duplication and inefficiency 
and the enhancement of the Government's ability to detect overpayments 
and fraud.
    (11) To the FDIC-insured depository institution or other person/
entity that is the subject of the complaint or inquiry and to other 
parties that may have information useful to FDIC's review of the 
complaint or inquiry in order to obtain information relevant to the 
matter.
    (12) To the Federal or State agency that has direct regulatory or 
supervisory authority over the FDIC-insured depository institution or 
other person/entity that is the subject of the complaint or inquiry to 
obtain information relevant to the matter or to enable that authority 
to investigate the matter.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    These records are stored in compliance with internal FDIC policies. 
Records are stored and centrally managed in official FDIC recordkeeping 
systems, maintained in usable and retrievable formats for the duration 
of the retention period, and conform to accessibility requirements.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by unique identification number which may be 
cross-referenced to the name, telephone number, and email address of 
complainant or inquirer.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with the applicable records retention schedule, these 
records are maintained seven years after close or resolution of the 
complaint or inquiry and then deleted/destroyed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Administrative safeguards include written guidelines on handling 
personal information including agency-wide procedures for safeguarding 
personally identifiable information. In addition, all FDIC staff are 
required to take annual privacy and security training. Technical 
security measures within FDIC include restrictions on computer access 
to authorized individuals who have a legitimate need to know the 
information; multi-factor authentication for remote access and access 
to many FDIC systems; strong passwords when multi-factor authentication 
is not available; use of encryption for certain data types and 
transfers; firewalls and intrusion detection applications; and regular 
review of security procedures and best practices to enhance security. 
Physical safeguards include restrictions on building access to 
authorized individuals, security guard service, and maintenance of 
records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals requesting access to records about them in this system 
of records should submit their request online through the FDIC FOIA 
Service Center at <a href="http://fdic.gov/foia">fdic.gov/foia</a>. Alternatively, individuals can send a 
request in writing to the FDIC FOIA & Privacy Act Group, 550 17th 
Street NW, Washington, DC 20429, or email <a href="/cdn-cgi/l/email-protection#cbaeada4a2aa8badafa2a8e5aca4bd"><span class="__cf_email__" data-cfemail="bbdeddd4d2dafbdddfd2d895dcd4cd">[email&#160;protected]</span></a>. Individuals 
will be required to provide a detailed description of the records they 
seek including the time period when the records were created and other 
supporting information where possible. Individuals will be required to 
provide proof of identity in accordance with FDIC regulations at 12 CFR 
part 310.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of or requesting an amendment to 
their records in this system of records should submit their request 
online through the FDIC FOIA Service Center at <a href="http://fdic.gov/foia">fdic.gov/foia</a>. 
Alternatively, individuals can send a request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email <a href="/cdn-cgi/l/email-protection#1b7e7d74727a5b7d7f7278357c746d"><span class="__cf_email__" data-cfemail="dabfbcb5b3bb9abcbeb3b9f4bdb5ac">[email&#160;protected]</span></a>. The request should contain the individual's 
reason for requesting the amendment and a description of the record 
(including the name of the appropriate designated system and category 
thereof) sufficient to enable the FDIC to identify the particular 
record or portion thereof with respect to which amendment is sought. 
Requests must specify which information is being contested, the reasons 
for contesting it, and the proposed amendment to such information in 
accordance with FDIC regulations at 12 CFR part 310. Individuals will 
be required to provide proof of identity in accordance with FDIC 
regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals seeking to know whether this system contains 
information about them should submit their request online through the 
FDIC FOIA Service Center at <a href="http://fdic.gov/foia">fdic.gov/foia</a>. Alternatively, individuals 
can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 
17th Street NW, Washington, DC 20429, or email <a href="/cdn-cgi/l/email-protection#6d080b02040c2d0b09040e430a021b"><span class="__cf_email__" data-cfemail="bbdeddd4d2dafbdddfd2d895dcd4cd">[email&#160;protected]</span></a>. 
Individuals will be required to provide proof of identity in accordance 
with FDIC regulations at 12 CFR part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    76 FR 77626 (December 18, 2011); 78 FR 63320 (October 23, 2013); 80 
FR

[[Page 16713]]

66981 (October 30, 2015); 84 FR 35184 (July 22, 2019); 90 FR 51316 (Nov 
17, 2025).

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on March 31, 2026.
Jennifer M. Jones,
Deputy Executive Secretary.
[FR Doc. 2026-06428 Filed 4-1-26; 8:45 am]
BILLING CODE 6714-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>