87 FR 218 pgs. 68153-68155 - Privacy Act of 1974; Narrative Statement & System of Records Notice
Type: NOTICEVolume: 87Number: 218Pages: 68153 - 68155
Pages: 68153, 68154, 68155FR document: [FR Doc. 2022-24726 Filed 11-10-22; 8:45 am]
Agency: Export-Import Bank
Official PDF Version: PDF Version
[top]
EXPORT IMPORT BANK
Privacy Act of 1974; Narrative Statement & System of Records Notice
AGENCY:
Export Import Bank of the United States.
ACTION:
Notice of new system of records.
SUMMARY:
Pursuant to the Privacy Act of 1974, the Export Import Bank of the United States ("EXIM Bank") is proposing a new system of records notice ("SORN"). EXIM Bank is proposing a new system of records-EXIM Bank Watch List ("Watch List"). This new SORN will include the authorities for maintenance of the system, the purposes of the system, and the categories of entities and individuals covered by the system.
DATES:
The modified system of records described herein will become applicable November 14, 2022.
ADDRESSES:
You may submit written comments to EXIM Bank by any of the following methods:
• Federal eRulemaking Portal: http://www.regulations.gov. Follow the website instructions for submitting comments.
• Email: reg.comments@exim.gov. Refer to SORN in the subject line.
[top] • Mail or Hand Delivery: Office of Information and Privacy, Export Import
Commenters are strongly encouraged to submit public comments electronically. EXIM Bank expects to have limited personnel available to process public comments that are submitted on paper through mail. Until further notice, any comments submitted on paper will be considered to the extent practicable.
All submissions must include the agency's name (Export Import Bank of the United States, or EXIM Bank) and reference this notice. Comments received will be posted without change to EXIM Bank's website, http://www.exim.gov, including any personal information provided. Do not submit comments that include any personally identifiable information or confidential business information. Copies of comments may also be obtained by writing to Office of Information and Privacy, Export Import Bank of the United States, 811 Vermont Avenue NW, Washington, DC 20571.
FOR FURTHER INFORMATION CONTACT:
Marina Braginskaya, Senior Counsel for Litigation, Fraud & Compliance, Export Import Bank of the United States, 811 Vermont Avenue NW, Washington, DC 20571, 202-235-4687. For access to any of the EXIM Bank's systems of records, contact Dana Jackson Jr., Office of the General Counsel, 811 Vermont Avenue NW, Washington DC, 20571, or by calling 202-565-3168, or go to Privacy Act System of Records Notice (exim.gov).
SUPPLEMENTARY INFORMATION:
Narrative Statement
1. What is the purpose for establishing EXIM Watch List?
EXIM Watch List will provide a central repository of names of parties that have given rise to concerns by EXIM Bank personnel with a purpose:
(1) to allow EXIM Bank to collect and maintain records of entities and individuals who participate in, or may be anticipated to participate in, EXIM Bank programs or activities who for one reason or another have given rise to reasonable concerns by EXIM Bank personnel;
(2) to communicate, across EXIM Bank Divisions, any concerns EXIM Bank personnel might have about any entities/individuals; and
(3) to address concerns by EXIM Bank and mitigate such concerns on a transaction-by-transaction basis.
2. What is the authority for maintaining EXIM Watch List?
Authority of the Export-Import Bank Act of 1945, as amended (12 U.S.C. 635 et seq. ), Executive Order 9397 as Amended by Executive Order 13478 signed by President George W. Bush on November 18, 2008, Relating to Federal Agency Use of Social Security Numbers.
3. What is the probable or potential effect of EXIM Watch List?
The probable or potential effect on the privacy of individuals is limited; access to records are restricted to individuals who have the appropriate clearance.
4. What steps will we take to minimize the risk of unauthorized access to EXIM Watch List?
EXIM Bank has established security and privacy protocols that meet the required security and privacy standards issued by the National Institute of Standards and Technology (NIST). Records are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intruder detection, and role-based access controls. EXIM Bank has adopted appropriate administrative, technical, and physical controls in accordance with EXIM Bank's security program to protect the confidentiality, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.
5. Are the routine uses for EXIM Watch List compatible with the purpose for which they are collected?
The routine uses for this system of records are compatible with the purpose for which these records are collected. The proposed routine use is necessary and proper for the efficient and effective conduct of the Federal Government and to protect EXIM interests.
6. Are there any OMB Control Numbers, expiration dates, and titles of any information collection requests ( e.g., forms, surveys, etc.) contained in EXIM Watch List and approved by OMB under the Paperwork Reduction Act?
None.
EXIM Bank is establishing a new system of records, the Watch List. The Watch List is a due diligence and risk mitigation tool which acts as a central repository of names of parties that have given rise to concerns by EXIM Bank personnel. Parties are added to the Watch List when there is a reasonable basis to believe that the party had engaged in, or is associated with persons that have engaged in, either criminal conduct or conduct that could affect EXIM Bank adversely. The Watch List will be imbedded into the EXIM Online application system ("EOL") and/or other application or screening systems. The Watch List is not an exclusion or debarment list.
SYSTEM NAME AND NUMBER:
EXIM Online (EOL)
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Export Import Bank of the United States, 811 Vermont Avenue NW, Washington, DC 20571. (Records may be kept at an additional location as backup for continuity of operations.)
SYSTEM MANAGER(S) AND ADDRESS:
Marina Braginskaya, Senior Counsel for Litigation, Fraud & Compliance, EXIM Bank, 811 Vermont Avenue NW, Washington, DC 20571.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
EXIM Bank requests the information in this application under the following authorizations:
Authority of the Export-Import Bank Act of 1945, as amended (12 U.S.C. 635 et seq. ), Executive Order 9397 as Amended by Executive Order 13478 signed by President George W. Bush on November 18, 2008, Relating to Federal Agency Use of Social Security Numbers.
PURPOSE(S) OF THE SYSTEM:
(1) To allow EXIM Bank to collect and maintain records of entities and individuals who participate in, or may be anticipated to participate in, EXIM Bank programs or activities who for one reason or another have given rise to reasonable concerns by EXIM Bank personnel;
(2) to communicate, across EXIM Bank Divisions, any concerns EXIM Bank personnel might have about any entities/individuals; and
(3) to address concerns by EXIM Bank and mitigate such concerns on a transaction-by-transaction basis.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Covered entities and individuals are:
• suspicious EXIM Bank applicants, or their owners, officers, directors or representatives,
• suspicious EXIM Bank participants, or their owners, officers, directors or representatives,
• those who raise reasonable suspicion that the party had engaged in, or is associated with persons that have engaged in, either criminal conduct or conduct that could affect EXIM Bank or the U.S. Government adversely.
CATEGORIES OF RECORDS IN THE SYSTEM:
Individual records in the Watch List include full name, company name, address.
RECORD SOURCE CATEGORIES:
[top] The primary source of information is from referrals by EXIM Bank personnel
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552 a(b), and:
1. General Routine Uses G1 through G14 apply to this system of records (see Prefatory Statement of General Routine Uses).
2. A record from this system may be disclosed to appropriate third-parties contracted by the Agency to facilitate mediation or other dispute resolution procedures or programs.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained manually in electronic form.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by any one or more of the following: individual name or business entity name.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained and destroyed in accordance with the National Archives and Record Administration's ("NARA") Basic Laws and Authorities (44 U.S.C. 3301, et seq. ) or an EXIM Bank records disposition schedule approved by NARA.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
EXIM Bank has established security and privacy protocols that meet the required security and privacy standards issued by the National Institute of Standards and Technology (NIST). Records are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intruder detection, and role-based access controls. EXIM Bank has adopted appropriate administrative, technical, and physical controls in accordance with EXIM Bank's security program to protect the confidentiality, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.
Electronic records are stored on computer networks, which may include cloud-based systems, and protected by controlled access with Personal Identity Verification (PIV) cards, assigning user accounts to individuals needing access to the records and by passwords set by authorized users that must be changed periodically.
Information will be stored in electronic format within EOL. EOL has configurable, layered data sharing and permissions features to ensure users have proper access. Access to EOL is restricted to EXIM Bank personnel who need it for their job. Authorized users are limited to the Office of the General Counsel staff and they have access to the data and functions required to perform their job functions. Based on user role assignment, it is determined whether a specific user is provided "view-only" or "read-write" access to the data. These privileges are managed via EOL's System Administration, user, and security functions.
RECORD ACCESS PROCEDURES:
Requests to access records under the Privacy Act must be submitted in writing and must be signed by the requestor. Requests should be addressed to the Freedom of Information and Privacy Office, Export Import Bank of the United States, 811 Vermont Ave. NW, Washington, DC 20571. The request must comply with the requirements of 12 CFR 404.14.
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest and/or amend records under the Privacy Act must submit a request in writing. The request must be signed by the requestor and should be addressed to the Freedom of Information and Privacy Office, Export Import Bank of the United States, 811 Vermont Ave. NW, Washington, DC 20571. The request must comply with the requirements of 12 CFR 404.14.
NOTIFICATION PROCEDURES:
Individuals seeking to be notified if this system contains a record pertaining to himself or herself must submit a request in writing. The request must be signed by the requestor and should be addressed to the Freedom of Information and Privacy Office, Export Import Bank of the United States, 811 Vermont Ave. NW, Washington, DC 20571. The request must comply with the requirements of 12 CFR 404.14.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Joyce B. Stone,
Assistant Corporate Secretary.
[FR Doc. 2022-24726 Filed 11-10-22; 8:45 am]
BILLING CODE 6690-01-P