Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974, as amended, the Federal Deposit Insurance Corporation (FDIC) is modifying an existing system of records titled FDIC-004, "Changes in Financial Institution Control Ownership Records." The information in this system of records is used in support of the FDIC's regulatory and supervisory functions. This modified system of records notice combines FDIC-004 with FDIC-008, "Chain Banking Organizations Identification Records" and rescinds FDIC-008. The FDIC is updating this system of records to retitle it as "Financial Institution Ownership Records," to modify several sections of this notice, and to seek public comment on four proposed routine uses. Additionally, this notice includes non-substantive changes to simplify the formatting and text of the previously published notice and improve consistency across system of records notices.

Full Text

<html>
<head>
<title>Federal Register, Volume 91 Issue 69 (Friday, April 10, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 69 (Friday, April 10, 2026)]
[Notices]
[Pages 18456-18459]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-06904]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Federal Deposit Insurance Corporation (FDIC) is modifying an existing 
system of records titled FDIC-004, ``Changes in Financial Institution 
Control Ownership Records.'' The information in this system of records 
is used in support of the FDIC's regulatory and supervisory functions. 
This modified system of records notice combines FDIC-004 with FDIC-008, 
``Chain Banking Organizations Identification Records'' and rescinds 
FDIC-008. The FDIC is updating this system of records to retitle it as 
``Financial Institution Ownership Records,'' to modify several sections 
of this notice, and to seek public comment on four proposed routine 
uses. Additionally, this notice includes non-substantive changes to 
simplify the formatting and text of the previously published notice and 
improve consistency across system of records notices.

DATES: This action will become effective on April 10, 2026. The routine 
uses in this action will become effective May 11, 2026, unless the FDIC 
makes changes based on comments received. Written comments should be 
submitted on or before May 11, 2026.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records (FDIC-004) by any of the 
following methods:
    <bullet> Agency Website: <a href="https://www.fdic.gov/resources/regulations/federal-register-publications/">https://www.fdic.gov/resources/regulations/federal-register-publications/</a>. Follow the instructions for 
submitting comments on the FDIC website.
    <bullet> Email: <a href="/cdn-cgi/l/email-protection#294a4644444c475d5a694f4d404a074e465f"><span class="__cf_email__" data-cfemail="32515d5f5f575c46417254565b511c555d44">[email&#160;protected]</span></a>. Include ``Comments-SORN (FDIC-
004)'' in the subject line of communication.
    <bullet> Mail: Jennifer M. Jones, Deputy Executive Secretary, 
Attention: Comments SORN (FDIC-004), Legal Division, Office of the 
Executive

[[Page 18457]]

Secretary, Federal Deposit Insurance Corporation, 550 17th Street NW, 
Washington, DC 20429.
    <bullet> Hand Delivery/Courier: Comments may be hand-delivered to 
the guard station at the rear of the 550 17th Street NW building 
(located on F Street NW) on business days between 7:00 a.m. and 5:00 
p.m.
    Public Inspection: Comments received, including any personal 
information provided, may be posted without change to <a href="https://www.fdic.gov/resources/regulations/federal-register-publications/">https://www.fdic.gov/resources/regulations/federal-register-publications/</a>. 
Commenters should submit only information that the commenter wishes to 
make available publicly. The FDIC may review, redact, or refrain from 
posting all or any portion of any comment that it may deem to be 
inappropriate for publication, such as irrelevant or obscene material. 
The FDIC may post only a single representative example of identical or 
substantially identical comments and in such cases will generally 
identify the number of identical or substantially identical comments 
represented by the posted example. All comments that have been 
redacted, as well as those that have not been posted, that contain 
comments on the merits of this document will be retained in the public 
comment file and will be considered as required under all applicable 
laws. All comments may be accessible under the Freedom of Information 
Act (FOIA).

FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Assistant Director, 
Privacy, 703-516-5500, <a href="/cdn-cgi/l/email-protection#6e1e1c07180f0d172e080a070d40090118"><span class="__cf_email__" data-cfemail="09797b607f686a70496f6d606a276e667f">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974, 5 
U.S.C. 552a, FDIC is modifying an existing system of records, FDIC-004, 
``Changes in Financial Institution Control Ownership Records.'' This 
modification combines and renames two existing systems of records 
notices (SORNs), FDIC-004, ``Changes in Financial Institution Control 
Ownership Records'' and FDIC-008, ``Chain Banking Organizations 
Identification Records'' into a single SORN titled FDIC-004, 
``Financial Institution Ownership Records'' and rescinds FDIC-008. Both 
systems of records rely on the same authority, cover the same 
individuals, and have similar purposes of tracking ownership of 
financial institutions. As modified, FDIC-004 maintains information 
about (1) individuals who acquire or dispose of ownership stakes in a 
FDIC-insured financial institution and (2) individuals who have 
ownership stakes in more than one financial institution or bank holding 
companies which, due to their common ownership, present a concentration 
of resources that could be susceptible to common risks. The FDIC uses 
information in this system of records to support its regulatory and 
supervisory functions.
    In this notice, the FDIC proposes to update various sections of the 
SORN to, among other things, cover all individuals who have ownership 
stakes in financial institutions. The System Title section is being 
updated to better reflect the types of records covered. The System 
Location section is updated to reflect that the records may be 
maintained at various FDIC locations including authorized cloud 
environments. The Purpose(s) of the System section is being modified to 
combine the purposes of FDIC-004 and FDIC-008 and to clarify existing 
language.
    The Routine Uses section is being renumbered and modified to list 
FDIC's standard routine uses (routine uses 1-10) first and to propose 
four new routine uses. Proposed standard Routine Use 2 supports 
disclosures as it relates to litigation. Proposed standard routine use 
8 supports the disclosure of information from the system of records as 
may be required by Federal statute or treaty. Proposed standard routine 
use 9 supports the disclosure of information as may be needed to 
support the comparison of FDIC's records to another agency's system of 
records or to non-Federal records, in coordination with an Office of 
Inspector General in conducting an audit, investigation, inspection, 
evaluation, or other review. Proposed routine use 11 will permit 
sharing with other Federal or State financial institution supervisory 
authorities.
    The FDIC is modifying the Policies and Practices for Storage, and 
Retention and Disposal sections to provide detail on the storage of 
electronic records and to include language on the disposal of records 
in accordance with approved FDIC record retention schedules. The FDIC 
is also modifying the Administrative, Technical, and Physical 
Safeguards section to provide additional detail on the safeguards used 
to protect this information. The FDIC is also modifying the sections 
containing the Procedures for Notification, Access, Contesting Records 
to improve the clarity of the instructions to the public and to direct 
the public to the appropriate FDIC website for information on how to 
request notification of, access to, or to contest the contents of 
records in FDIC-004.
    This modified system will be included in FDIC's inventory of record 
systems.

SYSTEM NAME AND NUMBER:
    Financial Institution Ownership Records, FDIC-004.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The Federal Deposit Insurance Corporation (FDIC) located at 550 
17th Street NW, Washington, DC 20429, and other FDIC office locations. 
Information may also be stored within an appropriately authorized cloud 
environments or in other secure locations.

SYSTEM MANAGER(S):
    Chief, Risk Management Applications, Division of Risk Management 
Supervision, FDIC, 550 17th Street NW, Washington, DC 20429.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 7(j) and 9 of the Federal Deposit Insurance Act (12 U.S.C. 
1817(j) and 1819).

PURPOSE(S) OF THE SYSTEM:
    This system:
    (1) collects, tracks, and assesses information about individuals 
who have direct or indirect ownership stakes in an FDIC-insured 
financial institution, and
    (2) tracks ownership of possible linked financial institutions and 
bank holding companies which present a concentration of resources that 
could be susceptible to common risks, otherwise known as chain banking. 
Chain banking organizations generally involve a group of financial 
institutions or holding companies that are controlled by one individual 
or company. The FDIC is responsible for maintaining a record system for 
chain banking organizations and for developing an overall supervisory 
strategy for these organizations. The information in this system is 
used to support the FDIC's regulatory and supervisory functions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    (1) Individuals who acquire or dispose of voting stock in an FDIC-
insured financial institution; and
    (2) Individuals who directly, indirectly, or in concert with 
others, own or control two or more financial institutions and bank 
holding companies.

CATEGORIES OF RECORDS IN THE SYSTEM:
    For individuals identified in the paragraph (1) above, records 
include the name of the individual who is the proposed acquirer and 
their statement of assets and liabilities; statement of income and 
sources of income; name

[[Page 18458]]

and location of the financial institution; number of shares to be 
acquired and outstanding; dates ownership forms were filed; name and 
location of the newspaper in which the notice was published and date of 
publication. For disposal transactions, names of sellers/transferors; 
names of purchasers/transferees and number of shares owned after 
transaction; date of transaction on financial institution's books, 
number of shares acquired and outstanding. If stock of a bank holding 
company is involved, the name and location of the bank holding company 
and the institution(s) it controls.
    For individuals identified in the paragraph (2) above, records 
include the names of and contact information for individuals who, 
either alone or in concert with others, own or control two or more 
financial institutions, the names of those financial institutions, 
locations, stock certificate numbers, total asset size, and percentage 
of outstanding stock owned by the controlling individual or group of 
individuals; charter types and, if applicable, name of intermediate 
bank holding entity and percentage of bank holding company held by 
controlling individual or group.

RECORD SOURCE CATEGORIES:
    Information contained in this system is obtained from individuals 
listed in the Categories of Individuals; the financial institution or 
bank holding company in which control changed; filed ownership forms; 
federal and state financial institution supervisory authorities; 
examination reports and related materials; and regulatory filings.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FDIC 
as a routine use as follows:
    (1) To appropriate Federal, State, local, tribal, territorial, and 
foreign agencies responsible for investigating or prosecuting a 
violation of, or for enforcing or implementing a statute, rule, 
regulation, or order issued, when the information, either alone or in 
conjunction with other information, indicates a violation or potential 
violation of law, whether civil, criminal, or regulatory in nature, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto.
    (2) To a court or adjudicative body before which the FDIC is 
authorized to appear when, (a) the FDIC or any component thereof; or 
(b) any employee of the FDIC in his or her official capacity; or (c) 
any employee of the FDIC in his or her individual capacity where the 
FDIC has agreed to represent the employee; or (d) the United States; 
where the FDIC determines that litigation is likely to affect the FDIC 
or any of its components, is a party to litigation or has an interest 
in such litigation, and the FDIC determines that use of such records is 
relevant and necessary to the litigation, provided, however, that in 
each case, the FDIC determines that disclosure of the records is a use 
of the information contained in the records which is compatible with 
the purpose for which the records were collected.
    (3) To a congressional office in response to an inquiry made by the 
congressional office at the request of the individual who is the 
subject of the record.
    (4) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; and (c) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the FDIC's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (5) To another Federal agency or Federal entity when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach; or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (6) To appropriate Federal, State, local, tribal, and territorial 
agencies in connection with hiring or retaining an individual; 
conducting a background security or suitability investigation; 
adjudication of liability; or eligibility for a license, contract, 
grant, or other benefit, to the extent that the information shared is 
relevant and necessary to the requesting agency's decision on the 
matter.
    (7) To contractors, grantees, experts, consultants, students, 
volunteers, and others performing or working on a contract, service, 
grant, cooperative agreement, or project for the FDIC or the Office of 
Inspector General for use in carrying out their obligations under such 
contract, grant, agreement or project.
    (8) To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.
    (9) To a Federal, State, local, tribal, or territorial agency for 
the purpose of comparing to the agency's system of records or to non-
Federal records, in coordination with an Office of Inspector General in 
conducting an audit, investigation, inspection, evaluation, or other 
review as authorized by the Inspector General Act of 1978, as amended.
    (10) To Federal agencies, and to those Federal employees designated 
by the President or Agency Heads pursuant to Executive Order 14243, for 
the purposes of identifying and eliminating waste, fraud, and abuse, 
including the elimination of bureaucratic duplication and inefficiency 
and the enhancement of the Government's ability to detect overpayments 
and fraud.
    (11) To other Federal or State financial institution supervisory 
authorities for: (a) coordination of examining resources when the chain 
banking organization is composed of financial institutions subject to 
multiple supervisory jurisdictions; (b) coordination of evaluations and 
analysis of the condition of the consolidated chain organization; and 
(c) coordination of supervisory, corrective or enforcement actions.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored electronically or in paper format in secure 
facilities. Electronic records may be stored locally on digital media, 
in FDIC-owned cloud environments, or in vendor cloud service offerings 
that are appropriately authorized and/or certified.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by: Individual name or Financial Institution

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Financial institution ownership records are maintained for 10 years 
and then dispositioned in accordance with approved records retention 
schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and

[[Page 18459]]

physical security measures. Administrative safeguards include written 
guidelines on handling personal information including agency-wide 
procedures for safeguarding personally identifiable information. In 
addition, all FDIC staff are required to take annual privacy and 
security training. Technical security measures within FDIC include 
restrictions on computer access to authorized individuals who have a 
legitimate need to know the information; multi-factor authentication 
for remote access and access to many FDIC systems; strong passwords 
when multi-factor authentication is not available; use of encryption 
for certain data types and transfers; firewalls and intrusion detection 
applications; and regular review of security procedures and best 
practices to enhance security. Physical safeguards include restrictions 
on building access to authorized individuals, security guard service, 
and maintenance of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals requesting access to records about them in this system 
of records should submit their request online through the FDIC FOIA 
Service Center at <a href="http://fdic.gov/foia">fdic.gov/foia</a>. Alternatively, individuals can send a 
request in writing to the FDIC FOIA & Privacy Act Group, 550 17th 
Street NW, Washington, DC 20429, or email <a href="/cdn-cgi/l/email-protection#5530333a3c341533313c367b323a23"><span class="__cf_email__" data-cfemail="583d3e373139183e3c313b763f372e">[email&#160;protected]</span></a>. Individuals 
will be required to provide a detailed description of the records they 
seek including time period when the records were created and other 
supporting information where possible. Individuals will be required to 
provide proof of identity in accordance with FDIC regulations at 12 CFR 
part 310.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of or requesting an amendment to 
their records in this system of records should submit their request 
online through the FDIC FOIA Service Center at <a href="http://fdic.gov/foia">fdic.gov/foia</a>. 
Alternatively, individuals can send a request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email <a href="/cdn-cgi/l/email-protection#187d7e777179587e7c717b367f776e"><span class="__cf_email__" data-cfemail="cbaeada4a2aa8badafa2a8e5aca4bd">[email&#160;protected]</span></a>. The request should contain the individual's 
reason for requesting the amendment and a description of the record 
(including the name of the appropriate designated system and category 
thereof) sufficient to enable the FDIC to identify the particular 
record or portion thereof with respect to which amendment is sought. 
Requests must specify which information is being contested, the reasons 
for contesting it, and the proposed amendment to such information in 
accordance with FDIC regulations at 12 CFR part 310. Individuals will 
be required to provide proof of identity in accordance with FDIC 
regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals seeking to know whether this system contains 
information about them should submit their request online through the 
FDIC FOIA Service Center at <a href="http://fdic.gov/foia">fdic.gov/foia</a>. Alternatively, individuals 
can send a request in writing to the FDIC FOIA & Privacy Act Group, 550 
17th Street NW, Washington, DC 20429, or email <a href="/cdn-cgi/l/email-protection#791c1f161018391f1d101a571e160f"><span class="__cf_email__" data-cfemail="afcac9c0c6ceefc9cbc6cc81c8c0d9">[email&#160;protected]</span></a>. 
Individuals will be required to provide proof of identity in accordance 
with FDIC regulations at 12 CFR part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    90 FR 51316 (Nov 17, 2025)

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on April 7, 2026.
Jennifer M. Jones,
Deputy Executive Secretary.
[FR Doc. 2026-06904 Filed 4-9-26; 8:45 am]
BILLING CODE 6714-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>