NCUA’s Current SORNs

NCUA-1

System Name: Personnel Access and Security System (PASS)

System Location: Office of Continuity and Security Management, National Credit Union Administration, 1775 Duke Street, Alexandria, VA. 22314-3428.

Authority for Maintenance of the System: Government Organization and Employees (5 U.S.C. 301); 5 U.S.C. Chapter 73 (Suitability, Security, and Conduct); 5 U.S.C. 7531-33 (National Security); Federal Information Security Management Act of 2002 (44 U.S.C. 3541); E-Government Act of 2002 (44 U.S.C. 101); Paperwork Reduction Act of 1995 (44 U.S.C. 3501); Executive Order 10450 (Security requirements for government employment); Executive Order 13526 and its predecessor orders (National Security Information); Executive Order 12968 (Access to Classified Information); Executive Order 13857 (Security of Classified Networks and Information); Homeland Security Presidential Directive 12 (HSPD-12), August 27, 2004); 12 U.S.C § 1785 and NCUA Rules and Regulations 701.14; Section 212 of the Federal Credit Union Act (12 U.S.C § 1790a).

Purpose(s): The collected information enables NCUA OCSM to identify and review allegations of misconduct or negligence in employment and other security information relevant to making HSPD-12 PIV card issuance determinations, and personnel suitability, fitness, and/or national security determinations. It also improves the handling of sensitive personal information and facilitates NCUA’s ability to identify potential insider threats or potential systemic security concerns.

Categories of Individuals Covered by the System: The system will collect and maintain information on individuals who require short- or long-term access as required by their position to NCUA-controlled facilities and information technology systems, including NCUA employees, appointees, interns, contractors, students, volunteers, and other non-federal employees either presently or formerly in any of these positions; applicants for NCUA employment or for work on NCUA contracts; applicants, appointees, employees, interns or contractors for whom an Office of Personnel Management (OPM) suitability, fitness or national security clearance investigation has been initiated and/or conducted; officials from troubled or newly chartered credit unions; visitors to NCUA facilities and their security clearance information; foreign national visitors.

Categories of Records in the System: Incident and investigative material relating to any category of individual described above, including case files containing information such as full name, date of birth, gender, photograph, social security number, place of birth, citizenship; work and home telephone numbers and addresses; identification documentation (such as passports, work visas, driver’s licenses); security screening information (such as resume, employer address, applications for employment, fingerprints, credit checks); legal case pleadings and files; employment information (NCUA employment status, former employment letters of reference, former employment letters of termination or resignation); information obtained during security inquires (such as letters of inquiry; other agency database checks and reports; suspicious activity reports and notifications from other agencies and employees; network audit records, email, chat conversations, text messages sent using NCUA devices; social media account findings for individuals undergoing security investigations); self-reported security-related information (such as foreign travel notifications, changes in financial status, changes in marital status, arrests); security violation files; security evaluations and clearances; NCUA security screening status (permanent or provisional); personnel identity verification (PIV) information (such as card status, PIV card number, PIN number).

For visitors, information collected can include names, date of birth, citizenship, identification type, temporary pass number, host name, office symbol, room number, telephone number.

Record Source Categories: Information is provided by the individual to whom the record pertains; references supplied by the individual such as current and/or former employers and associates; public records such as court documents, news media, social media and other publications; intra-agency records; and investigative and other record material compiled in the course of investigation or furnished by other government agencies.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses: NCUA OCSM uses these records to document the outcome of adjudicative determinations for the issuance of the HSPD-12 PIV card or the local agency access badge, and to document the outcome of adjudicative determinations for suitability, fitness, and/or national security clearances. Contact information is used for communication and authentication purposes. In addition with those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of records in this system may be disclosed to authorized federal or state entities as it is determined to be relevant and necessary.

Policies and Practice for Storage of Records: Records are stored electronically and physically.

Policies and Practice for Retrievability of Records: Records are retrieved by individual identifiers such as name, social security number, or an individual identifier with non-individually identifiable information.

Policies and Practice for Retention and Disposal of Records: Records are maintained until they become inactive. Records become inactive when they are no longer useful for their collected purpose. Records are disposed in accordance with NCUA record retention schedules and consistent with destruction methods appropriate to the type of information.

Physical, Procedural, and Administrative Safeguards: Information in the system is safeguarded in accordance with the applicable laws, rules and policies governing the operation of federal information systems. Access to privacy-related information within the system is password protected and restricted to authorized personnel. Physical records in paper format are safeguarded in accordance with the applicable laws, rules and policies governing privacy-related information. All records in paper format are stored under the requisite double-lock. Access to privacy-related information in paper format is restricted to authorized personnel.

System Manager(s): Deputy Director, Office of Continuity and Security Management, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428.

Record Access Procedures: Upon verification that an individual has a record in the system, as determined by the notification procedure below, the system manager will provide the procedure for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be submitted in writing to the system manager listed above in accordance with NCUA regulations at 12 CFR Part 792, Subpart E. Requesters must reasonably identify the record, specify the information being contested, state the corrective action sought and the reasons for the correction along with supporting justification showing why the record is not accurate, timely, relevant, or complete.

Notification Procedure: An individual can determine if this system contains a record pertaining to the individual by addressing a request in writing to the system manager listed above in accordance with NCUA regulations at 12 CFR Part 792, Subpart E. The individual must provide his/her full name and identify the date he/she was associated with NCUA as well as contact information for a response. If there is no record on the individual, the individual will be so advised.

Exemptions Promulgated for the System: In addition to any exemption to which this system is subject by Notices published by or regulations promulgated by OPM or the Director of National Intelligence, the system is subject to a specific exemption pursuant to 5 U.S.C. 552a (k)(5) to the extent that disclosures would reveal a source who furnished information under an express promise of confidentiality.

NCUA-2

System Name: Grievance Records.

System Location: Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Categories of Individuals Covered by the System: Current or former Federal employees who have submitted grievances with NCUA in accordance with part 771 of the OPM's regulations. These case files contain all documents related to the grievance, including statements of witnesses, reports of interviews and hearings, examiners' findings and recommendations, a copy of the original and final decision with related correspondence and exhibits.

Authority for Maintenance of the System: 5 U.S.C. 1302, 3301, and 3302, E.O. 10577, 3 CFR 1954-1958 Comp., p. 218; E.O. 10987; 3 CFR 1959-1963 Comp., p. 519.

Purpose: The information in this system is used in the Agency’s formal grievance process.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. Information is used by the appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order where the disclosing agency becomes aware of an indication of a violation or potential violation of civil or criminal law or regulations.
  2. Information is used by any source from which additional information is requested in the course of processing a grievance to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, and identify the type of information requested.
  3. Information is used by a Federal agency in response to its request in connection with the hiring or retention of an employee, the issuance of a security clearance, the conducting of a security or suitability investigation of an individual, the classifying of jobs, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.
  4. Information is used by the congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of that individual.
  5. Information is used by another Federal agency or by a court when the government is party to a judicial proceeding before the court.
  6. Information is used by the National Archives and Records Administration (General Services Administration) in records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
  7. Information is used by NCUA in the production of summary descriptive statistics and analytical studies in support of the function for which the records are collected and maintained, or for related work force studies. While published statistics and studies do not contain individual identifiers, in some instances, the selection of elements of data included in the study may be structured in such a way as to make the data individually identifiable by inference.
  8. Information is used by officials of the Office of Personnel Management, the Merit Systems Protection Board, including the Office of the Special Counsel, the Federal Labor Relations Authority and its General Counsel, or the Equal Employment Opportunity Commission when requested in performance of their authorized duties.
  9. Information (that is relevant to the subject matter involved in a pending judicial or administrative proceeding) is used to respond to a request for discovery or for appearance of a witness.
  10. Information is used by officials of labor organizations reorganized under the Civil Service Reform Act when relevant and necessary to their duties of exclusive representation concerning personnel policies, practices, and matters affecting work conditions.
  11. Standard routine uses as set forth in appendix A.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage: Records are maintained in file folders.

Retrievability: Records are retrievable by the names of the individuals on whom they are maintained.

Safeguards: Records are maintained in lockable metal filing cabinets to which only authorized personnel have access.

Retention and Disposal: Records are disposed of three (3) years after closing of the case. Disposal is by shredding or burning.

System Manager(s) and Address: Director, Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Request to amend or correct a record should be directed to the system manager listed above.

Record Source Categories: Individual on whom the record is maintained; testimony of witness; agency officials; related correspondence from organization or persons.

NCUA-3

System Name: Payroll Records System

System Location: Office of the Chief Financial Officer, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428. NCUA also has an interagency agreement with the General Services Administration, Region VI, Kansas City, Missouri to provide and maintain payroll and related services and systems involving NCUA employees. For administrative purposes, supporting documents in hard copy form may exist within NCUA at the duty station of each employee.

Categories of Individuals Covered by the System: Employees of NCUA.

Categories of Records in the System: Salary and related payroll data, including time and attendance information.

Authority for Maintenance of the System: 5 U.S.C. 703; 44 U.S.C. 3301.

Purpose: This system documents time and attendance and ensures that employees receive proper compensation and that NCUA’s financial reports properly reflect employee salary and benefit payments. It is also used to allow the agency to budget employee pay and benefits.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. Information is used to ensure proper compensation to all NCUA employees and to formulate financial reports and plans used within the agency, or is sent to the General Services Administration (GSA).
  2. Information is used to document time worked and provide a record of attendance to support payment of salaries and use of annual, sick, and nonpaid leave.
  3. Users of the time and attendance information include the employee's supervisor, the office's timekeeper, the payroll officer, staff involved in the budget process, accountants responsible for the proper recording of payroll results, and the GSA National Payroll Center in Kansas City, Missouri.
  4. Further information in this system is used to make reports to state and local taxing authorities.
  5. The names, social security numbers, home addresses, dates of birth, dates of hire, quarterly earnings, employer identifying information, and State of hire of employees may be disclosed to the Office of Child Support Enforcement, Administration for Children and Families, Department of Health and Human Services for the purpose of locating individuals to establish paternity, establish or modify orders of child support, identify sources of income and for other child support enforcement actions as required by the Personal Responsibility and Work Opportunity Reconciliation Act (Welfare Reform Law, Pub. L. 104-193).
  6. Standard routine uses as set forth in appendix A.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage: Records are maintained in electronic media or in paper format.

Retrievability: Records are retrieved by name or social security number.

Safeguards: Records are maintained in secured offices, accessible by written authorization only.

Retention and Disposal: Records are retained and disposed of in accordance with GSA policy.

System Manager(s) and Address: Primary: Payroll Officer, Office of the Chief Financial Officer, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Secondary: Office Timekeepers, National Credit Union Administration, Central Office (1775 Duke Street, Alexandria, Virginia 22314-3428) and Regional Offices (see appendix B for Regional Offices' addresses).

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above.

Record Source Categories: Information is primarily obtained from the individual whom the record concerns, the Office of Personnel Management, and the GSA. Also, time and attendance information is prepared and submitted by the timekeeper in a given employee's office.

NCUA-4

System Name: Travel Advance and Voucher Information System.

System Location: Office of the Chief Financial Officer, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Categories of Individuals Covered by the System: All NCUA employees who have traveled or relocated in the course of performing their duty and who have been reimbursed for the expense of such travel.

Categories of Records in the System: This system contains information from the following forms: Travel Vouchers (NCUA 1012), Relocation Travel Order (NCUA 1617) Application for Travel Advance (NCUA 1371), and Travel Voucher Cover Sheet (NCUA 1364), Agreement to Remain in Federal Service (NCUA 1030), Statement of Difference (NCUA 1310), Repayment of Travel Advance (NCUA 1372), Direct Deposit Form (SF-1199A).

Authority for Maintenance of the System: 5 U.S.C. 5701-5752; Executive Order 11609 (July 22, 1971); Executive Order 11012 (March 27, 1962); 5 U.S.C. 4101-4118; Federal Travel Regulations, FPMR 101-7, Chapter 2, Section 6.3.

Purpose: The purpose of this system is to allow for the management and storage of employee-related master data, properly account for employee-related reimbursements and provide documentary support for reimbursements to employees.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. Records are used to provide documentary support for reimbursements to employees for on-the-job and relocation travel expenses.
  2. Users of the information include first and second line supervisors, NCUA accounting staff, and budgeting staff.
  3. Standard routine uses as set forth in appendix A.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage: Records are stored in paper hard copy form and in a computer system.

Retrievabilty: Records are retrievable by social security number and name.

Safeguards: The paper hard copy records are maintained in secured offices. The computer disc and accounting system is located in a secured office and its access is limited to only those employees who need the information to process travel-related transactions.

Retention and Disposal: Records are maintained in the Division of Financial Control until the annual financial audit is completed. After the audit, the paper records are stored in a Federal Records Center for a minimum of three years and the computer disc is purged. The accounting system is archived as necessary.

System Manager(s) and Address: Director, Division of Financial Control, Office of the Chief Financial Officer, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above.

Record Source Categories: Records are prepared by the individual whom the record concerns.

NCUA-6

System Name: Emergency Information (Employee) File.

System Location: For employees of a regional office, the system is located at the regional office where the employee is assigned, National Credit Union Administration, (See appendix B for addresses of Regional Offices). For employees of the central office, the system is located at the assigned office, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314-3428.

Categories of Individuals Covered by the System: NCUA employees; individuals designated by employees as emergency contacts; family members of employees.

Categories of Records in the System: This system contains personal information about NCUA employees, such as height, weight, hair color, eye color, current address, and telephone number, and in some locations may also have a personal cell telephone number and personal email address. Also, this system identifies the individual to contact in case of an emergency involving the employee.

Authority for Maintenance of the System: 5 U.S.C. 301.

Purpose: The information in this system is used to maintain employee identification information in case of emergency.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. The information on the individual to contact in cases of emergency may be disclosed in case of emergency to any federal, state or local authority responding to the emergency.
  2. In the event of an emergency, the information may be disclosed to the individual listed as a contact in case of emergency, or other person identified as a family member of the employee. This list is updated as necessary. The listed information is used to contact the employee if there is a national emergency.
  3. Standard routine uses as set forth in appendix A.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage: Records are stored on paper hard copy and may also be stored electronically.

Retrievability: Records are indexed alphabetically by name and, where stored electronically as part of a computer system, are subject to electronic safeguards.

Safeguards: Records are maintained in locked file drawers or stored electronically as part of a computer database.

Retention and Disposal: Records are disposed of after an employee is separated from the agency.

System Manager(s) and Address: (1) For employees of an NCUA regional office, the system manager is the regional director of the regional office where the employee is assigned (See appendix B for addresses of Regional Offices). For employees of the central office, the system manager is the Office Director of the assigned office, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314-3428.

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the appropriate system manager listed above. If there is no record on the individual, the individual will be so advised

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the appropriate system manager listed above.

Record Source Categories: Individual on whom the record is maintained.

NCUA-7

System Name: Employee Injury File

System Location: Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Categories of Individuals Covered by the System: Any employee who has sustained a job-related injury or disease.

Categories of Records in the System: Copies of reports submitted by an individual who has sustained a job-related injury or disease. Copies of any further claims made regarding the same injury or disease or any other material required for documenting and adjudicating the claim.

Authority For Maintenance of the System: Occupational Safety and Health Act of 1970, 29 CFR part 1960.

Purpose: This information is maintained to provide data to the Department of Labor, when needed, for adjudication of a claim, and to prepare reports as required by the Department of Labor.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. Information is disclosed to the Department of Labor.
  2. Standard routine uses as set forth in appendix A.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System: Storage: Records are stored on paper in file cabinets.

Retrievability: Records are retrieved by date of injury and employee name.

Safeguards: Records are maintained in a locked file drawer.

Retention and Disposal: Records are disposed five years after the year to which they relate.

System Manager(s) and Address: Director, Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above.

Record Source Categories: Individual on whom the record is maintained; superiors of individual; individual's physician; hospital attending individual; Department of Labor.

NCUA-8

System Name: Investigative Reports Involving Any Crime, Suspected Crime or Suspicious Activity Against A Credit Union

System Location: Office of General Counsel, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428. Computerized records of Suspicious Activity Reports (SAR), with status updates, are managed by the Financial Crimes Enforcement Network (FinCEN), Department of the Treasury, pursuant to a contractual agreement, and are stored in Detroit, Michigan. Authorized personnel at NCUA's Central Office and regional offices have on-line access to the computerized database managed by FinCEN through individual work stations linked to the database central computer.

Categories of Individuals Covered by the System: Directors, officers, committee members, employees, agents, and persons participating in the conduct of the affairs of federally insured credit unions who are reported to be involved in suspected criminal activity or suspicious financial transactions and are referred to law enforcement officials; and other individuals who have been involved in irregularities, violations of law, or unsafe or unsound practices referenced in documents received by the NCUA in the course of exercising its supervisory functions.

Categories of Records in the System: Inter- and intra-agency correspondence, memoranda, and reports. The SAR contains information identifying the credit union involved, the suspected person, the type of suspicious activity involved, and any witnesses.

Authority for Maintenance of the System: 12 U.S.C. 1786 and 1789.

Purpose(s): The overall system serves as an NCUA repository for investigatory or enforcement information related to its responsibility to examine and supervise federally insured credit unions. The system maintained by FinCEN serves as the database for the cooperative storage, retrieval, analysis, and use of information relating to Suspicious Activity Reports made to or by the NCUA Board, the Federal Reserve Board, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, (collectively, the federal financial regulatory agencies), and FinCEN to various law enforcement agencies for possible criminal, civil, or administrative proceedings based on known or suspected violations affecting or involving persons, financial institutions, or other entities under the supervision or jurisdiction of such federal financial regulatory agencies.

Routine Uses of Records Maintained in the System, Including Categories of Users, and the Purposes of Such Uses: Information in these records may be used to:

  1. Determine if any further agency action should be taken.
  2. Provide the federal financial regulatory agencies and FinCEN with information relevant to their operations;
  3. Disclose information to third parties during the course of an investigation to the extent necessary to obtain information pertinent to the investigation;
  4. With regard to formal or informal enforcement actions; release information pursuant to 12 U.S.C. 1786(s), which requires the NCUA Board to publish and make available to the public final orders and written agreements, and modifications thereto; and
  5. Standard routine uses as set forth in appendix A.

Policies and Practices for Strong, Retrieving, Accessing, Retaining, and Disposing of Records in the System: Storage: The records will be maintained in electronic data processing systems and paper files.

Retrievability: Computer output and file folders are retrievable by indexes of data fields, including name of the credit union, NCUA Region, and individuals' names.

Safeguards: Paper records and word processing discs are stored at the NCUA in lockable metal file cabinets. The database maintained by FinCEN complies with applicable security requirements of the Department of the Treasury. On-line access to the information in the database is limited to authorized individuals who have been designated by each federal financial regulatory agency and FinCEN, and each such individual has been issued a nontransferable identifier or password.

Retention and Disposal: Records are maintained indefinitely.

System Manager(s) and Address: General Counsel, NCUA, 1775 Duke Street, Alexandria, VA 22314-3428.

Notification Procedure: Inquiries should be sent to the System Manager as noted above.

Record Access Procedures: Same as “Notification procedure” above.

Contesting Records Procedures: Same as “Notification procedure” above.

Record Source Categories: Information received by the NCUA Board from various sources, including, but not limited to law enforcement and other agency personnel involved in sending inquiries to the NCUA Board, NCUA examiners, credit union officials, employees, and members. The information maintained by FinCEN is compiled from SAR and related historical and updating forms compiled by financial institutions, the NCUA Board, and the other federal financial regulatory agencies for law enforcement purposes.

System Exempted From Certain Provisions of the Act: This system is exempt from 5 U.S.C. 552a(c)(3), (d)(1), (d)(2), (d)(3), (d)(4), (e)(1), (e)(4) (G),(H) and (I), and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2).

NCUA-9

System Name: Freedom of Information and Privacy Act Requests and Invoices

System Location: (1) Office of General Counsel, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428. (2) Office of Inspector GeneralNational Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428. (3) For requests prior to 2006 processed by a regional office, the system is located at the regional office (See appendix B for a list of addresses of the regional offices.) (4) For requests prior to 2006 processed by the Asset Management and Assistance Center, the system is located at AMAC, 4807 Spicewood Springs Road, Suite 5100, Austin, Texas 78759-8490.

Categories of Individuals Covered by the System: This system of records includes information pertaining to any Freedom of Information Act (FOIA) or Privacy Act requester.

Categories of Records in the System: The system may contain the requester’s name, company name or organization, address, date of request, invoice number, amount due, phone number, social security or tax identification number, description of information requested and documents located or result of search for documents.

Authority for Maintenance of the System: 12 U.S.C. 1789, 5 U.S.C. 552, 5 U.S.C. 552a.

Purpose: Records in this system are used to process requests received. These records may be used by the NCUA for collection of the amount due, as well as to identify subsequent requests made by the same individuals.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. The information may be disclosed to a consumer reporting agency. The information disclosed to a consumer reporting agency is limited to:
    1. Information necessary to establish the identity of the individual, including name, address, and social security or taxpayer identification number;
    2. the amount, status, and history of the claim; and
    3. the agency or program under which the claim arose.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:Storage: Records are maintained in paper and electronic form.

Retrievability: Records in this system are retrievable by requester’s name, company name or organization, date of request, category of requester, request number, invoice number, or key words.

Safeguards: Physical security consists of storing records on a password protected computer database and a hard copy secured in a metal file cabinet which is accessible only to those individuals responsible for processing requests and collecting outstanding payments.

Retention and Disposal: Records are retained for various periods depending on the determination made on the request, but normally no greater than six years following the year in which the request was processed.

System Manager(s) and Address: (1) Freedom of Information Act Officer, Office of General Counsel, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428. (2) For requests processed by the Office of Inspector General, Inspector General, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above.

Record Source Categories: The sources of records for this system of records are the FOIA and Privacy Act request files.

NCUA-10

System Name: Liquidating Credit Union Records System

System Location: Information within this system of records is located at the Asset and Management Assistance Center (AMAC) 4807 Spicewood Springs Road, Suite 5100, Austin, Texas 78759.

Categories of Individuals Covered by the System: Members, employees and creditors of liquidating federally-insured credit unions.

Categories of Records in the System: Share and account records; personal data regarding income and debts; payment or employment history; accounts payable records.

Authority for Maintenance of the System: 12 U.S.C. 1787.

Purpose: The information in this system is used to determine insurance, collect loan amounts due and for all purposes necessary to close out the affairs of the liquidated credit union.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. Information is used for payment of insurance claims to shareholders in liquidating federally-insured credit unions.
  2. Information is used in the collection of outstanding loans, which may include referral of information to third party service providers or potential purchasers of the loans.
  3. Information is used for all purposes necessary to close out the affairs of the liquidated credit union and carry out all appropriate liquidation-related functions of NCUA.
  4. Information may be disclosed to address locators or a surety company in pursuit of a fidelity bond claim.
  5. Information on unclaimed insured shares is included in a database on the NCUA web site after other efforts to locate account holders have failed.
  6. Information may be disclosed to the appropriate federal, state or local government agency, such as the Internal Revenue Service, if required by law or regulation or upon appropriate request.
  7. Standard routine uses as set forth in appendix A.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System: Storage: This information is maintained on computer databases and hard copy. Copies of share and loan documents, incoming payments, and loan portfolios may also be maintained on microfilm copy.

Retrievability: Information is indexed by name of individual and by name of closed insured credit union.

Safeguards: Information is maintained in secured offices and in password protected computer databases.

Retention and Disposal: Information is maintained for six years following the appointment of the NCUA Board as liquidating agent of an insured credit union unless the NCUA’s Record Management Policy requires a different time period or does not require the information to be maintained. After the retention period is completed, the system manager may destroy any records that the system manager determines are unnecessary unless directed not to do so by a court of competent jurisdiction or governmental agency or prohibited by law.

System Manager(s) and Address: President, AMAC, 4807 Spicewood Springs Road, Suite 5100, Austin, Texas 78759-8490.

Notification Procedure: An individual may inquire as to whether the system contains information pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no information on the individual, the individual will be so advised. Written inquiries should include name of inquirer, name of closed insured credit union of which inquirer was a member, and share and loan account numbers, if known.

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available information.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above.

Record Source Categories: Information is obtained from outside address locators; share and loan account files of the liquidating credit union of which the individual was a member; third party service providers; and credit bureaus.

NCUA-11

System Name: Office of Inspector General (OIG) Investigative Records

System Location: Office of Inspector General, NCUA, 1775 Duke Street, Alexandria, VA 22314-3428.

Categories of Individuals Covered by the System: Subjects of investigation, complainants, and witnesses referred to in complaints or actual investigative cases, reports, accompanying documents, and correspondence prepared by, compiled by, or referred to the OIG.

Categories of Records in the System: The system is comprised of paper files of all OIG and some predecessor Office of Internal Auditor reports, correspondence, cases, matters, cross-indices, memoranda, materials, legal papers, evidence, exhibits, data, and workpapers pertaining to all closed and pending investigations and inspections.

Authority for Maintenance of the System: The Inspector General Act of 1978, as amended, 5 USC App.3; 12 USC 1766.

Purpose: Records in this system document the investigative work of the Office of Inspector General.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses: The National Credit Union Administration Office of Inspector General (OIG) may disclose information contained in a record in this system of records without the consent of the individual if the disclosure is compatible with the purpose for which the record was collected, under the following routine uses:

  1. The OIG may disclose information from this system of records as a routine use to any public or private source, including a federal, state, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, but only to the extent necessary for the OIG to obtain information from those sources relevant to an OIG investigation, audit, inspection, or other inquiry.
  2. The OIG may disclose information from this system of records as a routine use to the Department of Justice to the extent necessary to obtain its legal advice on any matter relevant to an OIG investigation, audit, inspection, or other inquiry related to the responsibilities of the OIG.
  3. The OIG may disclose information to other federal entities, such as other Offices of Inspector General, to the General Accounting Office, or to a private party with which the OIG or the NCUA has contracted or with which it contemplates contracting, for the purpose of auditing or reviewing the performance or internal management of the OIG’s investigative program, or for performing any other functions or analyses that facilitate or are relevant to an OIG investigation, audit, inspection or other inquiry. Such contractor or private firm shall be required to maintain Privacy Act safeguards with respect to such information.
  4. The OIG may disclose information from this system of records to any federal, state, local, or foreign agency maintaining civil, criminal, or other relevant enforcement or other pertinent records, or to another public authority or professional organization, if necessary to obtain information relevant to an OIG decision concerning the retention of an employee or other personnel action (other than hiring), the retention of a security clearance, the letting of a contract, or the issuance or retention of a grant or other benefit.
  5. The OIG may disclose information in this system to federal, state, local or professional licensing boards or Boards of Medical Examiners, when such records reflect on the qualifications of a licensed individual or an individual seeking to be licensed.
  6. The OIG may disclose information from this system of records for the purposes set forth in appendix A.

Policies and Practices for Storing, Retrieving , Accessing, Retaining, and Disposing of Records in the System:Storage: Information contained in this system is stored manually in files.

Retrievability: Information is retrieved in files by case number, general subject matter, or name of the subject of investigation.

Safeguards: Case reports and workpapers are maintained in approved security containers and locked filing cabinets in a locked room. Associated paper records are stored in locked metal filing cabinets, safes, or similar secure facilities.

Retention and Disposal: Investigative Case Files 1. Case files are normally destroyed when they are 5 years old. 2. Significant cases (those that result in national media attention, congressional investigation, or substantive changes in agency policy or procedures)--To be determined by the National Archives and Records Administration on a case-by-case basis.

System Manager(s) and Address: Inspector General, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428.

Notification Procedure: This System of Records is generally exempt from the notice, access, and amendment requirements of the Privacy Act. However, the NCUA will entertain written requests to the systems manager on a case by case basis for notification regarding whether this system of records contains information about an individual. Requests should be marked “Privacy Act request,” and should state the name and address of the requester, and provide a notarized statement, or other documentation, e.g., copy of a driver's license, attesting to the individual's identity. Requests submitted on behalf of other persons must include their written authorizations. Such requests in the form prescribed may also be presented in person at the Office of Inspector General, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428. Simultaneously with requesting notification of inclusion in this system of records, the individual may request record access as described in this section.

Record Access Procedures: Same as “Notification procedure.”

Contesting Record Procedures: Same as “Notification procedure.”

Record Source Categories: The OIG collects information from many sources, including the subject individuals, employees of the NCUA, other government employees, and witnesses and informants, and non-governmental sources.

Systems Exempted From Certain Provisions of the Act: Pursuant to 5 USC 552a(j)(2), this system of records is exempt from subsections (c)(3) and (4), (d), (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8), (f) and (g) of the Act. This exemption applies to information in the system that relates to criminal law enforcement and meets the criteria of the (j)(2) exemption. Pursuant to 5 USC 552(k)(2), to the extent that the system contains investigative material compiled for law enforcement purposes, other than material within the scope of subsection (j)(2), this system of records is exempt from 5 USC 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f). The exemption rule is contained in 12 CFR 792.66 of the NCUA regulations.

NCUA-12

System Name and Number: Consumer Complaints Against Federal Credit Unions – NCUA-12

Security Classification: None.

System Location: NCUA Consumer Assistance Center, Office of Consumer Financial Protection, National Credit Union Administration, 1775 Duke Street, Alexandria, VA. 22314-3428. Third party service provider, Salesforce.com, Inc. The Landmark at One Market, Suite 300, San Francisco, CA 94105.

System Manager(s): Division of Consumer Affairs Director, Office of Consumer Financial Protection, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Authority for Maintenance of the System: 12 U.S.C. 1752a, 12 U.S.C. 1766, 12 U.S.C. 1784(a), and 12 U.S.C. 1789.

Purpose(s) of the System: The system supports the NCUA’s supervisory oversight and enforcement responsibilities to intake and respond to consumer inquiries, complaints and other communications from the general public, credit unions and other state and federal government banking and law enforcement agencies regarding federal consumer financial protection laws, regulations and credit union activity.

Categories of Individuals Covered by the System: Individuals who are members of the public that contact the NCUA’s Consumer Assistance Center by telephone, written correspondence and web search, including both general inquiries and complaints concerning federal financial consumer protection matters within credit unions.

Categories of Records in the System: This system contains correspondence and records of other communications between the NCUA and the individual submitting a complaint or making an inquiry, including copies of supporting documents and contact information supplied by the individual. This system may also contain regulatory and supervisory communications between the NCUA and the NCUA-insured credit union in question and/or intra-agency or inter-agency memoranda or correspondence relevant to the complaint or inquiry.

Record Source Categories: Information is provided by the individual complainant, and his or her representative such as, a member of Congress or an attorney. Information is also provided by federal credit union officials and employees. Information is provided by the individual to whom the record pertains, internal agency records, and investigative and other record material compiled in the course of an investigation, or furnished by other state and federal financial regulatory and law enforcement government agencies.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses: The NCUA’s Consumer Assistance Center uses these records to document the submission of and responses to consumer inquiries, complaints and other communications from the general public regarding federal consumer financial protection laws, regulations and credit union activity.

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside the NCUA as a routine use as follows:

(1) Information may be disclosed to officials of federal credit unions and other persons mentioned in a complaint or identified during an investigation.

(2) Disclosures may be made to the Federal Reserve Board, other federal financial regulatory agencies, the Federal Financial Institutions Examination Council, the White House Office of Consumer Affairs, and the Congress, or any of its authorized committees in fulfilling reporting requirements or assessing implementation of applicable laws and regulations. (Such disclosures will be made in a non-identifiable manner when feasible and appropriate.)

(3) Referrals may also be made to other federal and nonfederal supervisory or regulatory authorities when the subject matter is a complaint or inquiry which is more properly within such agency's jurisdiction.

(4) NCUA’s Standard Routine Uses apply to this system of records.

Policies and Practices for Storage of Records: Records are stored electronically and physically.

Policies and Practices for Retrievability of Records: Records are retrieved by individual identifiers such as individual complainant’s name.

Policies and Practices for Retention and Disposal of Records: All records, including audio records, are retained in a secure and encrypted cloud-based storage system for a period of seven years consistent with the National Archives and Records Administration records retention schedule.

Administrative, Technical and Physical Safeguards: Information in the system is safeguarded in accordance with the applicable laws, rules and policies governing the operation of federal information systems.

Record Access Procedures: Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full Name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

Contesting Record Procedures: Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. A statement specifying the changes to be made in the records and the justification therefore.
  4. The address to which the response should be sent.
  5. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

Notification Procedures: Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

History: This system of records notice was originally published in 65 FR 3486 (January 21, 2000). It was republished (but not substantively changed in 75 FR 41539 (July 16, 2010), and 71 FR 77807 (December 27, 2006).

NCUA-13

System Name: Litigation Case Files

System Location: Office of General Counsel, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Categories of Individuals Covered by the System: Records are maintained in files by the case name of individuals who are: the subject of NCUA investigations made in contemplation of legal action; involved in civil litigation with NCUA or involved in administrative proceedings; involved in litigation of interest to NCUA; or pursuing tort claims.

Categories of Records in the System: Records in case files include: Investigative reports relating to possible felonies or violations of the Federal Credit Union Act; transcripts of testimony or affidavits; documents and other evidentiary matters, pleadings and other documents filed in court; orders filed or issued in civil, administrative or criminal proceedings; correspondence relating to investigatory or litigation matters; information provided by the individual under investigation or from a federal credit union; and other memoranda gathered and prepared by staff in performance of their duties.

Authority for Maintenance of the System: 12 U.S.C. 1766, 1786, 1787, and 1789; 28 U.S.C. 2671-2680.

Purpose: This system documents the preparation and progress of legal proceedings and investigations conducted by the Office of General Counsel.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. The staff of the Office of General Counsel may use such records to render legal advice concerning investigations or courses of legal action; to represent NCUA in all judicial and administrative proceedings in which NCUA or any of its employees who, within the scope of employment and in an official capacity, is a party; or to intervene as an amicus curiae.
  2. The information in this system may be disclosed to federal, state, local or professional licensing boards or Boards of Medical Examiners, when such records reflect on the qualifications or fitness of a licensed individual or an individual seeking to be licensed
  3. Standard routine uses set forth in appendix A.

System Manager(s) and Address: General Counsel, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

Record Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above.

Record Source Categories: Record source categories vary depending upon the legal issue but generally are obtained from the following: NCUA staff and internal agency memoranda; federal employees and private parties involved in torts; contracts; federal credit union files or officials; general law texts and sources; law enforcement officers; witnesses and others; administrative and court pleadings, transcripts or judicial orders/decisions; evidence gathered in connection with the matter involved; and from individuals to whom the records relate.

Systems Exempted From Certain Provisions of the Act: This system is subject to the specific exemption provided by 5 U.S.C. 552a(k)(2), as the system of records is investigatory material compiled for law enforcement purposes.

NCUA-14

System Name: PaymentNet J.P.Morgan Chase Bank PaymentNet

System Location: J.P.Morgan Chase Bank, N.A. Commercial Card Solutions (Elgin, IL)

Categories of Individuals Covered by the System: Employees of NCUA with individually billed government travel cards and/or centrally billed government travel cards.

Categories of Records in the System: NCUA employee credit card data, including name and address, and past and present charges to account.

Authority for Maintenance of the System: Federal Travel Regulations, Travel and Transportation Reform Act of 1998 (Public Law 105-264).

Purpose: The purpose of this system is for the Office of the Chief Financial Officer (OCFO) to monitor the usage of the government travel card by NCUA employees and to assure timely payments of accounts.

Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses: The system can be used by individual cardholders to access their own account information to monitor charges, payments, change their address, etc. It is also used by OCFO to provide oversight of the travel card program by monitoring card usage in order to reduce card misuse, abuse, and delinquencies.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:Storage: Records are maintained in a database that is accessible by internet over a 128-bit encryption secure connection.

Retrievability: Records are retrieved by name or account number.

Safeguards: Records are maintained in a secure database that can only be accessed with a username and password provided by Bank of America after receipt of an application submitted by the OCFO. Only authorized staff in OCFO can access multiple employee records, all other employees can only access their own account information within the PaymentNet system.

Retention and Disposal: All account activity (charges, payments, credits, etc.) is retained in the PaymentNet system for 36 months. All information on closed accounts (name, address, activity) is retained for 36 months before it is permanently removed from the PaymentNet system.

System Manager(s) and Address: Deputy Financial Officer, Office of the Chief Financial Officer, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Notification Procedure: An individual may inquire about his/her personal account information by accessing the PaymentNet system with a username and password provided to them by Bank of America or by written request to OCFO.

Record Access Procedures: Upon approval of the cardholder application and issuance of the government travel card by BOA, a username and password is also submitted to the cardholder for access to their account information in PaymentNet.

Contesting Record Procedures: Requests to amend or correct a record should be submitted online through the PaymentNet system or submitted in writing to OCFO.

Record Source Categories: Records are prepared by the individual whom the record concerns by submission of an application to J.P.Morgan Chase Bank and by the subsequent activity to the individual’s account.

NCUA-15

System Name: Contract Employee Pay and Leave Records

ysstem Location: Information within this system of records is located at the Asset Management and Assistance Center (AMAC) 4807 Spicewood Springs Road, Suite 5100, Austin TX 78759-8490, and the payroll processor, Paychex of San Antonio, Texas.

Categories of Individuals Covered by the System: Contract employees hired by the Agent for the Liquidating Agent for work on liquidation cases.

Categories of Records in the System: Wages and related payroll data, including leave records.

Authority for Maintenance of the System: Fair Labor Standards Act.

Purpose: This system documents employee information and ensures that employees receive proper compensation.

Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses: Information is used to document time worked and provide a record of attendance to support payment of wages and use of leave. Users of the system include the payroll officer (financial analyst), the employee’s supervisor, and Paychex.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage: Records are maintained in file folders.

Retrievability: Records are retrieved by name.

Safeguards: Records are maintained in a secured file cabinet, accessible only to the payroll officer and division manager.

Retention and Disposal: Records are retained and disposed of in accordance with the Fair Labor Standards Act.

System Manager(s) and Address: Primary: Financial Analyst, Asset Management and Assistance Center (4807 Spicewood Springs Road, Suite 5100, Austin TX 78759-8490). Secondary: Division of Accounting Service Director, Asset Management and Assistance Center (4807 Spicewood Springs Road, Suite 5100, Austin TX 78759-8490)

Notification Procedure: An individual may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

NCUA-16

System Name: Leave Transfer Program Case Files

System Location: Office of Human Resources, 1775 Duke Street, Alexandria, VA 22314-3428

Categories of Individuals Covered by the System: NCUA employees who submitted applications to become leave recipients under the provisions of the Leave Transfer program.

Categories of Records in the System: Leave transfer program applications, leave requests, and medical documentation.

Authority for Maintenance of the System: 5 CFR 630.913.

Purpose: To administer the NCUA leave transfer program.

Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses: These records are used to administer the NCUA leave transfer program.

Policies and Practice for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System: Storage: These records are maintained in file folders and filed in metal file cabinets.

Retrievability: The records are retrieved by the names of the employee.

Safeguards: These files are kept in a locked room and are available only to authorized personnel whose duties require access.

Retention and Disposal: These records are maintained in accordance with NARA General Records Schedules 1 (Civilian Personnel Records). Disposal of manual records is by shredding.

System Manager(s) and Address: Director, Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428.

Notification Procedure: An individual or an individual’s authorized representative may inquire as to whether the system contains a record pertaining to the individual by addressing a request in person or by mail to the system manager listed above. If there is no record on the individual, the individual will be so advised.

NCUA-17

System Name: Personal Identity Verification Files

System Location: Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428

Categories of Individuals Covered by the System: Individuals who require regular, ongoing access to federal facilities, information technology systems, or information classified in the interest of national security, including applicants for employment or contracts, federal employees, contractors, students, interns, volunteers, affiliates, individuals authorized to perform or use services provided in NCUA facilities and individuals formerly in any of these positions. The system also includes individuals accused of security violations or found in violation.

Categories of Records in the System: Name, former names, birth date, birth place, Social Security number, home address, phone numbers, employment history, residential history, education and degrees earned, names of associates and references and their contact information, citizenship, names of relatives, birthdates and places of relatives, citizenship of relatives, names of relatives who work for the federal government, criminal history, mental health history, drug use, financial information, fingerprints, summary report of investigation, results of suitability decisions, level of security clearance, date of issuance of security clearance, requests for appeal, witness statements, investigator’s notes, tax return information, credit reports, security violations, circumstances of violation, and agency action taken. Copies of background investigation forms such as the SF-85, SF-85P, SF-86, or SF-87 may also be included in this file.

Authority for Maintenance of the System: Executive orders 10450, 10865, 12333, and 12356; sections 3301 and 9101 of title 5, U.S. Code; sections 2165 and 2201 of title 42, U.S. Code; sections 781 to 887 of title 50, U.S. Code; parts 5, 732, and 736 of title 5, Code of Federal Regulations; and Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004.

Purpose(s): The records in this system of records are used to document and support decisions regarding clearance for access to classified information, the suitability, eligibility, and fitness for service of applicants for federal employment and contract positions, including students, interns, or volunteers to the extent their duties require access to federal facilities, information, systems, or applications. The records may be used to document security violations, employee access and attendance, and supervisory actions taken.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

  1. The information maintained in this system is collected from PIV Applicants, the individuals to whom a PIV card is issued. The PIV Applicant may be a current or prospective Federal hire, a Federal employee or a contractor. The information is used in each step of the PIV Process for example, conducting a background investigation, completing the identity proofing and registration process, creating an employee record in the Comprehensive Human Resources Integrated System (CHRIS), issuing a PIV card and the determination of physical and logical access. Additionally, the information such as card expiration date, PIV Registrar Approval, etc. is maintained in this file and is used to assist in the production of the PIV card.
  2. The information in this system may be disclosed to the United States Office of Personnel Management, the Merit Systems Protection Board, the Office of Special Counsel, the Equal Employment Opportunity Commission, the Federal Labor Relations Authority, the General Services Administration or an arbitrator or agent to the extent the disclosure is needed to carry out the government-wide personnel management, investigatory, adjudicatory and appellate functions within their respective jurisdictions, or to obtain information.
  3. The information in this system may be disclosed to federal, state, local or professional licensing boards or boards of Medical Examiners, when such records reflect on the qualifications of a licensed individual or individual seeking to be licensed.
  4. Standard routine uses as set forth in Appendix A.

Policies and Practice for Storing, Retrieving, Accessing, Retaining and Disposing of Records in the System:

Storage: Records are stored on paper and electronically in a secure location.

Retrievability: Files are retrieved by name or Social Security number (SSN), employee name, and employee identification number.

Safeguards: For paper records: Comprehensive paper records are kept in a secure room at NCUA Central Office, Office of Human Resources. Limited paper records may be kept at NCUA regional offices in locked file cabinets in locked rooms. Access to the records is limited to those employees who have a need for them in the performance of their official duties.

For electronic records: Comprehensive electronic records are kept at the NCUA Central Office, Office of Human Resources. Access to the records is restricted to those with a specific role in the PIV process that requires access to information to perform their duties, and who have been given a password to access that part of the system. Controls are in place to identify unauthorized access. Persons given roles in the PIV process must complete training specific to their roles to ensure they are knowledgeable about how to protect individually identifiable information. Electronic records of security badge and parking pass usage for access to the Central Office and access to parking are accessible by selected staff in the Division of Procurement and Facilities Management.

Retention and Disposal: Records are destroyed upon notification of death or not later than five years after separation or transfer of employee to another agency, whichever is applicable.

System Manager(s) and Address: Security Officer, Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428.

Notification Procedure: An individual can determine if this system contains a record pertaining to the individual by addressing a request in writing to the system manager listed above. If there is no record on the individual, the individual will be so advised. When requesting notification of or access to records covered by this system, an individual should provide at a minimum his/her full name, date of birth, office and duty location in order to establish identity.

Records Access Procedures: Upon request, the system manager will set forth the procedures for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above. Requesters should also reasonably identify the record, specify the information they are contesting, state the corrective action sought and the reasons for the correction along with supporting justification showing why the record is not accurate, timely, relevant, or complete.

Record Source Categories: Information is obtained from a variety of sources including the employee, contractor, or applicant via use of the SF-85, SF-85P, or SF-86 and personal interviews; employers’ and former employers’ records; FBI criminal history records and other databases; financial institutions and credit reports; medical records and health care providers; educational institutions; interviews of witnesses such as neighbors, friends, co-workers, business associates, teachers, landlords, or family members; tax records; and other public records. Security violation information is obtained from a variety of sources, such as witnesses or supervisor’s reports. Electronic records are created based on use of security badges and parking passes at readers at entrances and exits to parking at the Central Office, building entrances, and building elevators.

NCUA-18

System Name: Credit Union Service Organization (CUSO) Registry System

Security Classification: Unclassified

System Location: Office of Examination and Insurance, National Credit Union Administration, 1775 Duke Street, Alexandria, VA. 22314-3428.

Categories of Individuals Covered by This System: Individuals responsible for the content and submission of information to the CUSO Registry System and individuals with an ownership interest in the CUSO.

Categories of Records in the System: Information used to identify and contact individuals covered by the system including name, address, and telephone number.

Authority for Maintenance of the System: 12 U.S.C. 1756, 1757(5)(D) and (7)(I), 1766, 1781(b)(9), 1782, 1784, 1785, 1786 and 1789(11).; 12 CFR parts 712 and 741.

Purpose(s): The collected information enables NCUA to identify concentrations and interdependencies between CUSOs and across supervised credit unions. It also improves the consistency and transparency of CUSO information and facilitates NCUA's ability to identify any potential systemic safety and soundness concerns stemming from relationships between credit unions and CUSOs.

Disclosure to Consumer Reporting Agencies: None.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses: NCUA may share information in this system with appropriate federal or state financial supervision authorities. Contact information is used for communication and authentication purposes. A registered CUSO may authorize other users, such as owner credit unions or affiliated CUSOs or individuals, to access its record.

Policies and Practice for Storing, Retrieving, Accessing, Retaining and Disposing of Records in the System: Storage: Records are stored electronically.

Retrievability: Records are retrieved by individual business identifiers such as business name, system-assigned registry number, unique user identification, or by an individual identifier with non-individually identifiable information.

Safeguards: Information in the system is safeguarded in accordance with the applicable laws, rules and policies governing the operation of federal information systems. Information in the system that is available to the general public does not include any privacy-related information. Access to privacy-related information is password protected and restricted to authorized personnel.

Retention and Disposal: Records are maintained until they become inactive. Records are disposed in accordance with NCUA record retention schedules and consistent with destruction methods appropriate to the type of information.

System Manager(s) and Address: CUSO Program Officer, Office of Examination and Insurance, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428.

Notification Procedure: An individual can determine if this system contains a record pertaining to the individual by addressing a request in writing to the system manager listed above. If there is no record on the individual, the individual will be so advised. The individual must provide his/her full name and identify the CUSO he/she is associated with as well as contact information for a response.

Record Access Procedures: Upon verification that an individual has a record in the system, as determined by the notification procedure above, the system manager will provide the procedure for gaining access to available records.

Contesting Record Procedures: Requests to amend or correct a record should be directed to the system manager listed above. Requesters should also reasonably identify the record, specify the information they are contesting, state the corrective action sought and the reasons for the correction along with supporting justification showing why the record is not accurate, timely, relevant, or complete.

Record Source Categories: Information is provided by the individual to whom the record pertains or by a representative of the associated CUSO.

Exemptions Claimed for the System: None.

NCU​A-19

System Name and Number: NCUA Financial and Acquisition Management System, NCUA-19

Security Classification: None.

System Location: Enterprise Services Center, 6500 South MacArthur Blvd., Oklahoma City, OK 73169; NCUA, 1775 Duke Street, Alexandria, VA 22314.

System Manager(s): Chief Financial Officer, Office of the Chief Financial Officer, NCUA, 1775 Duke Street, Alexandria, VA 22314.

Authority for Maintenance of the System: 12 USC 1751; 31 U.S.C. 3501, et seq. and 31 U.S.C. 7701(c). Where the employee identification number is the social security number, collection of this information is authorized by Executive Order 9397.

Purpose(s) of the System: This system serves as the core financial and acquisition system and integrates program, financial, and budgetary information. Records are collected to ensure that all obligations and expenditures (other than those in the pay and leave system) are in conformance with laws, existing rules and regulations, and good business practices, and to maintain subsidiary records at the proper account and/or organizational level where responsibility for control of costs exists.

Categories of Individuals Covered by the System: A employees, contractors, suppliers, vendors, interns, and customers.

Categories of Records in the System: Employee personnel information: Limited to current and former NCUA employees, and includes name, address, Social Security number (SSN). Business-related information: Limited to contractors/vendors, customers, and credit unions (but not their members), and includes name of the company/agency, point of contact, telephone number, mailing address, email address, contract number, vendor number (system unique identifier), DUNS number, and TIN, which could be a SSN in the case of individuals set up as sole proprietors, and total assets and insured shares. Financial information: Includes financial institution name, lockbox number, routing transit number, deposit account number, account type, debts (e.g., unpaid bills/invoices, overpayments, etc.), and remittance address.

Record Source Categories: The information maintained in Department of Transportation, (DOT)/Enterprise Service Center (ESC) systems including: Purchase orders, contracts, vouchers, invoices, contracts, disbursements, receipts/collections, Pay.Gov transactions, and related records; U.S. General Services Administration (GSA) Federal personnel payroll system (for payroll disbursement postings): Concur (for travel disbursements); JPMorgan Chase (for charge card payments; travel advance applications; other records submitted by individuals, employees, vendors, and other sources.

Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

  1. ​NCUA’s Standard Routine Uses​ apply to this system of records.
  2. Records may be shared with a vendor that NCUA is doing business with if a dispute about payments or amounts due arises. In such a situation, only the minimum amount of information need to resolve the dispute will be shared with the vendor.

Policies and Practices for Storage of Records:: Records are maintained in paper and/or electronic form. Records are also maintained on NCUA’s network back-up tapes. Electronic records are stored in computerized databases. Records are stored in locked file rooms and/or file cabinets.

Policies and Practices for Retrievability of Records: Records are retrieved by any one or more of the following: Records may be retrieved by a name of employee, employee ID, employee NCUA email address, social security number (SSN) for employees, SSN/Tax Identification Number (TIN) for vendors doing business with the NCUA, name for both employees and vendors, supplier number (system unique) for both employees and vendors, DUNS and DUNS + 4.

Policices and Practices for Retention and Disposal of Records: Records are maintained in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA) or a NCUA records disposition schedule approved by NARA.

Records existing on paper are destroyed beyond recognition. Records existing on computer storage media are destroyed according to the applicable NCUA media sanitization practice.

Administrative, Technical, and Physical Safeguards: NCUA has adopted appropriate administrative, technical, and physical controls in accordance with NCUA’s information security policies to protect the security, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.

Records are safeguarded in a secured environment. Buildings where records are stored have security cameras and 24 hour security guard service. The records are kept in limited access areas during duty hours and in locked file cabinets and/or locked offices or file rooms at all other times. Access is limited to those personnel whose official duties require access. Computerized records are safeguarded through use of access codes and information technology security. Contractors and other recipients providing supplies and/or services to the NCUA are contractually obligated to maintain equivalent safeguards.

Record Access Procedures: Individuals should submit a written request to the Privacy Officer, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. ​F​ull name.
  2. Any available information regarding the type of record involved, and the name of the system containing the record.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

Contesting Record Procedures: Individuals wishing to request an amendment to their records should submit a written request to the Privacy Officer, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. A statement specifying the changes to be made in the records and the justification therefor.
  4. The address to which the response should be sent.
  5. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

Notification Procedure: Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Privacy Officer, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. ​Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

Exemptions Promulgated for the System: None.

NCUA-20

System Name and Number: Small Credit Union Learning Center – NCUA 20

Security Classification: None.

System Location: NCUA, 1775 Duke Street, Alexandria, VA 22314; Powertrain, 8201 Corporate Drive, Suite 580, Landover, MD 20785; OPM, 1900 E Street, NW, Suite 4439-AB, Washington, DC 20415

System Manager(s): Deputy director, office of small credit union initiatives, NCUA, 1775 Duke Street, Alexandria, VA 22314.

Authority for Maintenance of the System: 12 U.S.C. 1751.

Purpose(s) of the System: To provide and manage online training courses for credit union elected officials and employees.

Categories of Individuals Covered by the System: Credit union elected officials and employees who complete the training course(s).

Categories of Records in the System: Training records, which may include name, email address, username, password, credit union name, charter number, course name, and date of completion of the training course(s).

Record Source Categories: Individuals who complete the training course(s).

Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the privacy act, these records or information contained therein may specifically be disclosed outside NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows, and:

  1. NCUA’s standard routine uses​ apply to this system of records.
  2. At the request of a specific credit union, records pertaining to individuals associated with the requesting credit union may be shared with that credit union.

Policies and Practices for Storage of Records: Records are maintained in electronic form.

Policies and Practices for Retrievability of Records: Records are retrieved by any one or more of the following: Name, username, email address, credit union name, charter number, course name, and month or year of completion of a training course.

Policies and Practices for Retention and Disposal of Records: Records are maintained in accordance with the general records retention schedules issued by the National Archives and Records Administration (NARA) or a NCUA records disposition schedule approved by NARA.

Records existing on computer storage media are destroyed according to the applicable NCUA media sanitization practice.

Administrative, Technical, and Physical Safeguards: NCUA has adopted appropriate administrative, technical, and physical controls in accordance with NCUA’s information security policies to protect the security, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.

Record Access Procedures: Individuals wishing access to their records should submit a written request to the privacy officer, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s privacy act regulations regarding verification of identity and access to records (12 CFR 792.55).

Contesting Record Procedures: Individuals wishing to request an amendment to their records should submit a written request to the privacy officer, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. A statement specifying the changes to be made in the records and the justification therefor.
  4. The address to which the response should be sent.
  5. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

Notification Procedure: individuals wishing to learn whether this system of records contains information about them should submit a written request to the privacy officer, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s privacy act regulations regarding verification of identity and access to records (12 CFR 792.55).

Exemptions Promulgated for the System: None.

NCUA-21

System Name and Number:  NCUA Connect, NCUA-21

Security Classification:  Unclassified.

System Location:  The system is operated and maintained in part by NCUA staff, and in part by third-party vendors.  Please contact the system managers (below) for more information.

System Manager(s):  Director of the Office of Business Innovation, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Authority for Maintenance of the System:  12 U.S.C. 1751, et. seq.

Purposes of the System:  This system of records is maintained for the purpose of carrying out the NCUA’s statutorily mandated examination and supervision activities.  Specifically, this system is the interface through which authorized users access NCUA’s other major examination, supervision, and reporting related systems.  It is designed to provide a one-stop entry point for internal and external users, which should enhance user experience, while also streamlining security activities.

Categories of Individuals Covered by the System:  Individuals covered by this system are (1) Current and former directors, officers, employees, and agents of credit unions; (2) Current and former credit union service organization representatives; (3) Other individuals engaged in business with the NCUA for a specific purpose (such as outside counsel); and (4) NCUA employees and contractors, and State Supervisory Authority staff.

Categories of Records in the System:  Records in the system contain basic log-in information, including username, password, email address, and role.  The system also contains log-in/access records.

Record Source Categories:  The sources of information in the system are the individual users, or someone acting on their behalf (such as an administrator in their organization, or an NCUA employee or contractor).

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:  In addition to those disclosures generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

  1. NCUA’s Standard Routine Uses apply to this system of records.

Policies and Practices for Storage of Records:  Electronic records and backups are stored on dedicated secure instance, approved by NCUA’s Office of the Chief Information Officer (OCIO), within a FedRAMP-authorized commercial Cloud Service Provider’s (CSP) Infrastructure as a Service (IaaS) hosting environment and accessed only by authorized personnel. No paper files are maintained.

Policies and Practices for Retrieval of Records:  Records are retrieved by name, username, affiliated organization, email, role, or date.

Policies and Practices for Retention and Disposal of Records:  Records are maintained in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA) or a NCUA records disposition schedule approved by NARA.  Records existing on computer storage media are destroyed according to the applicable NIST-compliant media sanitization policy.

Administrative, Technical and Physical Safeguards:  NCUA has implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Pub.L. 113-283, S. 2521, and NCUA’s information security policies to protect the confidentiality, integrity, and availability of the information system and the information contained therein.  Access is limited to individuals authorized through NIST-compliant Identity, Credential, and Access Management policies and procedures.  The records are maintained behind a layered defensive posture consistent with all applicable federal laws and regulations, including OMB Circular A-130 and NIST Special Publications 800-37.

Record Access Procedures:  Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.  Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

Contesting Record Procedures:  Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. A statement specifying the changes to be made in the records and the justification therefore.
  4. The address to which the response should be sent.
  5. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

Notification Procedures:  Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.  Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

Exemptions Promulgated for the System:  None.

History:  This is a new system.

NCUA-22

System Name and Number:  Examination and Supervision System (ESS) – NCUA-22

Security Classification:  Unclassified.

System Location:  The system is operated and maintained in part by NCUA staff, and in part by third-party vendors.  Please contact the system managers (below) for more information.

System Manager(s):  Director of the Office of Business Innovation and the Director of the Office of Examination and Insurance, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

Authority for Maintenance of the System:  12 U.S.C. 1751, et. seq.

Purpose(s) of the System:  This system of records is maintained for the purpose of  carrying out the NCUA’s statutorily mandated examination and supervision activities, including the coordination and conduct of examinations, supervisory evaluations and analyses, enforcement actions and actions in Federal court.  NCUA may coordinate with other financial regulatory agencies on matters related to the safety and soundness of credit unions.  The information collected in this system will also support the conduct of investigations or other supervisory or legal actions by the NCUA or other supervisory or law enforcement agencies.  This may result in criminal referrals, referrals to Offices of Inspectors General, or the initiation of administrative or Federal court actions.  This system will track and store examination and supervision documents created during the performance of the NCUA’s statutory duties.  The information also will be used for administrative purposes such as quality control, performance metrics, and improvements to examination and supervision processes.

Categories of Individuals Covered by the System:  Individuals covered by this system are (1) Current and former directors, officers, employees, and agents of credit unions; (2) Current and former members who are or have been serviced by credit unions; (3) Current and former credit union service organization representatives; (4) Other individuals engaged in business with the NCUA for a specific purpose (such as outside counsel); and (5) NCUA employees and contractors, and State Supervisory Authority staff.

Categories of Records in the System:  Records in the system may contain (1) Contact information about credit union officials (such as members of the Board of Directors, Audit Committee Chair, Chief Executive Officer, Chief Compliance Officer, Internal Auditor, and Independent Auditor), such as name, address, phone number, and e-mail address; (2) Demographic and financial information about individual credit union members, such as name, address, Social Security number, account information, loan and share information, and publicly available information; (3) Information about NCUA employees assigned to credit union examination and supervision tasks, such as name, work phone number, work e-mail address, and other employment information; (4) User information, such as name, email address, and role about other users of the system (such as contractors, credit union representatives, State Supervisory Authority staff, and Credit Union Service Organization representatives (CUSOs).

Record Source Categories:  The information in the system about credit union officials and individual credit union members is generally provided by credit unions and CUSOs. NCUA employees and contractors, and State Supervisory Authorities may add additional information to the system as part of their assigned supervision and examination activities (including analytics/business intelligence activities).  Some of the information may be from third parties with relevant information about covered persons or service providers, or existing databases maintained by other Federal and state regulatory associations, law enforcement agencies, and related entities.  Whenever practicable, the NCUA collects information about an individual directly from that individual.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:  In addition to those disclosures generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

  1. NCUA’s Standard Routine Uses apply to this system of records.
  2. To a financial institution affected by enforcement activities or reported criminal activities;
  3. To the Internal Revenue Service and appropriate State and local taxing authorities;
  4. To another federal or state agency to: (a) permit a decision as to access, amendment or correction of records to be made in consultation with or by that agency, or (b) verify the identity of an individual or the accuracy of information submitted by an individual who has requested access to or amendment or correction of records;
  5. To a grand jury pursuant either to a federal or state grand jury subpoena, or to a prosecution request that such record be released for the purpose of its introduction to a grand jury, where the subpoena or request has been specifically approved by a court;
  6. To a court, magistrate, or administrative tribunal in the course of an administrative proceeding or judicial proceeding, including disclosures to opposing counsel or witnesses (including expert witnesses) in the course of discovery or other pre-hearing exchanges of information, litigation, or settlement negotiations, where relevant or potentially relevant to a proceeding related to the NCUA’s mission of providing a safe and sound credit union system.
  7. To appropriate agencies, entities, and persons, including but not limited to potential expert witnesses, witnesses, or translators, in the course of supervision or enforcement related investigation;
  8. To appropriate federal, state, local, foreign, tribal, or self-regulatory organizations or agencies responsible for investigating, prosecuting, enforcing, implementing, issuing, or carrying out a statute, rule, regulation, order, policy, or license if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order, policy, or license; and
  9. To an entity or person that is the subject of supervision or enforcement activities including examinations, investigations, administrative proceedings, and litigation, and the attorney or non-attorney representative for that entity or person.

Policies and Practices for Storage of Records:  Electronic records and backups are stored on dedicated secure servers, approved by NCUA’s Office of the Chief Information Officer (OCIO), within a FedRAMP-authorized commercial Cloud Service Provider’s (CSP) Infrastructure as a Service (IaaS) hosting environment and accessed only by authorized personnel.  No paper files are maintained.

Policies and Practices for Retrieval of Records:  Records pertaining to individual credit union members are not generally retrieved outside of a scheduled examination or supervision contact.  However, such records can be retrieved by credit union name, charter number, credit union member’s name or other record in the system.  The system includes advanced search features that function essentially as a full-text search tool.

Policies and Practices for Retention and Disposal of Records:  Records are maintained in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA) or a NCUA records disposition schedule approved by NARA.  Records existing on computer storage media are destroyed according to the applicable NIST-compliant media sanitization policy.

Administrative, Technical and Physical Safeguards:  NCUA has implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Pub.L. 113-283, S. 2521, and NCUA’s information security policies to protect the confidentiality, integrity, and availability of the information system and the information contained therein.  Access is limited to individuals authorized through NIST-compliant Identity, Credential, and Access Management policies and procedures.  The records are maintained behind a layered defensive posture consistent with all applicable federal laws and regulations, including OMB Circular A-130 and NIST Special Publications 800-37 and 800-53.

Record Access Procedures:  Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.  Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

Contesting Record Procedures:  Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. A statement specifying the changes to be made in the records and the justification therefore.
  4. The address to which the response should be sent.
  5. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

Notification Procedures:  Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

  1. Full name.
  2. Any available information regarding the type of record involved.
  3. The address to which the record information should be sent.
  4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.  Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

Exemptions Promulgated for the System:  Federal criminal law enforcement investigatory reports maintained as part of this system may be the subject of exemptions imposed by the originating agency pursuant to 5 U.S.C. 552a(j)(2).

History:  This is a new system.

Last modified on
09/26/19