AGENCY:

Postal Service®.

ACTION:

Notice of modified system of records.

SUMMARY:

The United States Postal Service® (USPS) is proposing to revise a Customer Privacy Act System of Records (SOR). The proposed modifications will provide additional transparency into the collection and use of records for the USPS to administer and comply with Bank Secrecy Act (BSA), Anti-Money Laundering (AML) and Office of Foreign Assets Control (OFAC) requirements.

The Postal Service is focused on continuous improvement efforts that increase effectiveness and efficiency, such as enhancements to functionality and processing capabilities that support ongoing administrative and compliance activities.

DATES:

These revisions will become effective without further notice on February 3, 2023, unless responses to comments received on or before that date result in a contrary determination.

ADDRESSES:

Comments may be submitted via email to the Privacy and Records Management Office, United States Postal Service Headquarters ( uspsprivacyfedregnotice@usps.gov). To facilitate public inspection, arrangements to view copies of any written comments received will be made upon request.

FOR FURTHER INFORMATION CONTACT:

Janine Castorina, Chief Privacy and Records Management Officer, Privacy and Records Management Office, at 202-268-3069 or uspsprivacyfedregnotice@usps.gov.

SUPPLEMENTARY INFORMATION:

This notice is in accordance with the Privacy Act requirement that agencies publish their systems of records in the Federal Register when there is a revision, change, or addition, or when the agency establishes a new system of records. The Postal Service has determined that Customer Privacy Act System of Records, USPS SOR 860.000, Financial Transactions, should be revised to promote transparency and support ongoing administrative and compliance activities to meet BSA, AML and OFAC requirements.

I. Background

The Postal Service is defined as a money services business (MSB) under the BSA ^[1] as it is a provider of money orders, gift cards, international wire transfer services and limited check cashing services to customers throughout the United States. Moreover, the Postal Service is the only entity specifically mentioned in the BSA as being covered by the BSA and therefore has a legal mandate to detect and deter suspicious activities; train those who sell postal financial instruments or services and those who supervise them; and meet federal recordkeeping and reporting requirements.

The Postal Service must also ensure that it is complying with the OFAC requirements and must perform screening for Specially Designated Nationals and Blocked Persons List (SDNs), as defined and mandated by the OFAC. Through strategic monitoring and reporting of financial transactions, the USPS Bank Secrecy Act and Anti-Money Laundering Compliance Program helps the federal government detect and prevent money laundering, terrorist financing, and other illegal activities.

II. Rationale for Changes to USPS Privacy Act Systems of Records

The Postal Service continuously seeks to improve processes to support BSA, AML and OFAC compliance. In the spirit of continuous improvement, planned enhancements to functionality and processing capabilities will be made to support data entry, analysis, queries, and reporting of data, related to potential violations of the BSA, OFAC and AML statutes, regulations, and requirements.

III. Description of the Modified System of Records

The Postal Service is proposing modifications to USPS SOR 860.000, Financial Transactions, in the summary of changes listed below:

• Updated SYSTEM LOCATION to include the BSA and AML Compliance group
• Updated PURPOSE #3 to include the BSA, AML and OFAC requirements
• Updated CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM #3, #4, and #5 with the broader “financial instruments” term
• Updated CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM #6 to include Specially Designated Nationals and Blocked Persons List (SDNs) as defined and mandated by the OFAC
• Added two new CATEGORIES OF RECORDS IN THE SYSTEM as #8 and #9 to include information collected on the Funds Transaction Report (FTR), Postal Service (PS) Form 8105-A, and Suspicious Transaction Report (STR), PS Form 8105-B
• Updated Special Routine Use a. to include BSA and OFAC requirements
• Added Specially Designated Nationals and Blocked Persons List (SDNs) as defined and mandated by the OFAC to POLICIES AND PRACTICES FOR RETRIEVAL OF RECORD
• Revised #4 and #5 to POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS for new 5-year and one-month retention period
• Updated administrative information in NOTIFICATION PROCEDURES

Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit written data, views, or arguments on this proposal. A report of the proposed revisions has been sent to Congress and to the Office of Management and Budget (OMB) for their evaluations. The Postal Service does not expect this amended system of records to have any adverse effect on individual privacy rights. USPS SOR 860.000, Financial Transactions is provided below in its entirety:

SYSTEM NAME AND NUMBER:

USPS 860.000 Financial Transactions.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

USPS Headquarters; Integrated Business Solutions Services Centers; Accounting Service Centers; Bank Secrecy Act (BSA) Anti-Money Laundering (AML) Compliance group; and contractor sites.

SYSTEM MANAGER(S):

Chief Financial Officer and Executive Vice President, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

39 U.S.C. 401, 403, and 404; 31 U.S.C. 5318, 5325, 5331, and 7701.

PURPOSE(S) OF THE SYSTEM:

1. To provide financial products and services.

2. To respond to inquiries and claims related to financial products and services.

3. To fulfill requirements of BSA, AML statutes and regulations and Office of Foreign Assets Control (OFAC). Start Printed Page 375

4. To support investigations related to law enforcement for fraudulent financial transactions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

1. Customers who use online payment or funds transfer services.

2. Customers who file claims or make inquiries related to online payment services, funds transfers, money orders, and stored-value cards.

3. Customers who purchase financial instruments in an amount of $3000 or more per day. Financial instruments are limited to money orders, gift cards and international wire transfer service.

4. Customers who purchase or redeem financial instruments in a manner requiring collection of information as potential suspicious activities under anti-money laundering requirements.

5. Beneficiaries from financial instruments totaling more than $10,000 in 1 day.

6. Specially Designated Nationals and Blocked Persons List (SDNs) as defined and mandated by the OFAC.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. Customer information: Name, customer ID(s), mail and email address, telephone number, occupation, type of business, and customer history.

2. Identity verification information: Date of birth, username and/or ID, password, Social Security Number (SSN) or tax ID number, and driver's license number (or other type of ID if driver's license is not available, such as Alien Registration Number, Passport Number, Military ID, Tax ID Number). ( Note: For online payment services, SSNs are collected, but not retained, in order to verify ID.)

3. Billers registered for online payment services: Biller name and contact information, bill detail, and bill summaries.

4. Transaction information: Name, address, and phone number of purchaser, payee, and biller; amount, date, and location; credit and/or debit card number, type, and expiration; sales, refunds, and fees; type of service selected and status; sender and recipient bank account and routing number; bill detail and summaries; transaction number, serial number, and/or reference number or other identifying number, pay out agent name and address; type of payment, currency, and exchange rate; Post Office information such as location, phone number, and terminal; employee ID numbers, license number and state, and employee comments.

5. Information to determine credit-worthiness: Period at current residence, previous address, and period of time with same phone number.

6. Information related to claims and inquiries: Name, address, phone number, signature, SSN, location where product was purchased, date of issue, amount, serial number, and claim number.

7. Online user information: Internet Protocol (IP) address, domain name, operating system version, browser version, date and time of connection, and geographic location.

8. Funds Transaction Report (FTR) Postal Service (PS) Form 8105-A:

a. Type of Transaction (completed by customer): on behalf of self, on behalf of another individual, on behalf of a business/organization, law enforcement agent or government representative on behalf of an agency, private courier on behalf of individual, private courier on behalf of a business/organization, armored car service on behalf of a business/individual.

b. Customer Information (completed by customer): last name/first name, address (number, street, box, suite/apt no.), city, state, ZIP Code^TM, country, date of birth (MM/DD/YYYY), SSN, telephone number (include area code); Photo ID: driver's license no. (U.S. only—must indicate state), resident alien/permanent resident ID no., other ID (U.S./state government-issued IDs, including tribal, and Mexican matricular consular), state ID no. (U.S. only—must indicate state), military ID no. (U.S. only), passport no. (must indicate country); Describe other ID: ID number, issuing state, issuing country (passport), occupation (be as specific as possible); (Completed by Postal Service^TM employee): round date stamp.

c. Other Person/Business/Organization on Whose Behalf Transaction Is Being Conducted (completed by customer): last name/first name or business name or organization name (no acronyms), SSN or employer ID number (EIN), North American Industry Classification System (NAICS) (if business), type of business/organization/occupation, address (number, street, box, suite/apt no.), city, state, ZIP Code^TM, country, date of birth (MM/DD/YYYY), telephone number (include area code), ID type, ID number, issuing state;

d. Completed by Postal Service  ^TMEmployee: type of transaction (check one)—purchased ($3,000.00 or more) or redeemed/cashed (over $10,000.00), total face value (excluding fee), transaction date (MM/DD/YYYY), beginning serial no. thru ending serial no. money order ranges 1-2, number of money orders sold, number of money orders redeemed/cashed, number of gift cards sold (provide numbers in section on back of form), funds transfer 1 Sure Money^TM /Dinero Seguro, signature of USPS® employee, Post Office^TM ZIP Code^TM;

e. Law Enforcement Agent of Government Representative on Behalf of an Agency (completed by customer): last name/first name, date of birth (MM/DD/YYYY), work telephone number (include area code), law enforcement agent/government representative photo ID number (if photo ID does not have a number please use agent/representative driver's license number), type of ID: law enforcement ID, government representative ID, driver's license number (must note state if using driver's license), state, agency name (no acronyms), address (number, street, box, suite/apt. no.), city, state, ZIP Code^TM, occupation, agency EIN, NAICS;

f. Armored Car Service Information (completed by customer): armored car business name (no acronyms), EIN, telephone number (include area code), address (number, street, box, suite/apt no.), city, state, ZIP Code^TM; and

g. Completed by Postal Service Employee (Continued): type of transaction (check one)—purchased ($3,000.00 or more) or redeemed/cashed (over $10,000.00), additional transaction numbers for money orders, funds transfer Sure Money^TM /Dinero Seguro, and gift cards—beginning serial no. thru ending serial no. money order ranges 3-6, Sure Money^TM /Dinero Seguro 2-5, and gift card numbers 1-4.

9. Suspicious Transaction Report (STR) PS Form 8105-B (completed by Postal Service^TMemployee): activity type—purchased, redeemed/cashed, other (describe in comments section), begin serial no. thru end serial no. money order ranges 1-3, transaction amount, transaction date, transaction time, recorded by camera, check box if a debit/credit card was used in the transaction (do not include any information from the debit/credit card on this form), description of customer(s) 1-4—sex (M/F), approximate age, height, weight, ethnicity, round date stamp, Post Office^TM ZIP Code^TM, comments (check all that apply), vehicle description (if available)—make, type, color, license number, license state, comments, money order ranges 4-5, gift cards 1-2, funds transfer Sure Money®/Dinero Seguro® 1-2, business name/customer last name, first name, address (number, street, box, suite/apt. no.), city, state, ZIP Code^TM, country, type of business, date of birth (MM/DD/YYYY), SSN, driver's license no., state, other ID no., type of other ID, mailpiece information (if available)—mailpiece number, mailpiece type, additional comments. Start Printed Page 376

RECORD SOURCE CATEGORIES:

Customers, recipients, financial institutions, and USPS employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Standard routine uses 1. through 7., 10., and 11. apply. In addition;

a. Legally required disclosures to agencies for law enforcement purposes include disclosures of information relating to money orders, funds transfers, and stored-value cards as required by BSA, OFAC and anti-money laundering statutes, regulations and requirements.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Automated database, computer storage media, microfiche, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

For online payment and funds transfer services, information is retrieved by customer name, customer ID(s), transaction number, or address.

Claim information is retrieved by name of purchaser or payee, claim number, serial number, transaction number, check number, customer ID(s), or ZIP Code.

Information related to BSA, OFAC and AML is retrieved by customer name; SSN; alien registration, passport, or driver's license number; serial number; transaction number; ZIP Code; transaction date; data entry operator number; and employee comments, and individuals that appear on the Specially Designated Nationals and Blocked Persons List (SDNs) as defined and mandated by the OFAC.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

1. Summary records, including bill due date, bill amount, biller information, biller representation of account number, and the various status indicators, are retained 2 years from the date of processing.

2. For funds transfers, transaction records are retained 3 years.

3. Records related to claims are retained up to 3 years from date of final action on the claim.

4. Forms related to fulfillment of BSA, anti-money laundering requirements are retained for a 5-year and one-month period.

5. Related automated records are retained the same 5-year and one-month period and purged from the system quarterly after the date of creation.

6. Enrollment records related to online payment services are retained 7 years after the subscriber's account ceases to be active or the service is cancelled.

7. Account banking records, including payment history, Demand Deposit Account (DDA) number, and routing number, are retained 7 years from the date of processing.

8. Online user information may be retained for 6 months.

9. Records existing on paper are destroyed by burning, pulping, or shredding. Records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Paper records, computers, and computer storage media are located in controlled-access areas under supervision of program personnel. Access to these areas is limited to authorized personnel, who must be identified with a badge.

Access to records is limited to individuals whose official duties require such access. Contractors and licensees are subject to contract controls and unannounced on-site audits and inspections.

Computers are protected by mechanical locks, card key systems, or other physical access control methods. The use of computer systems is regulated with installed security software, computer logon identifications, and operating system controls including access controls, terminal and transaction logging, and file management software. Online data transmissions are protected by encryption.

RECORD ACCESS PROCEDURES:

Requests for access must be made in accordance with the Notification Procedure above and USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:

See Notification Procedure below and Record Access Procedures above.

NOTIFICATION PROCEDURES:

For online payment services, funds transfers, and stored-value cards, individuals wanting to know if information about them is maintained in this system must address inquiries in writing to the Chief Marketing Officer and Executive Vice President. Inquiries must contain name, address, and other identifying information, as well as the transaction number for funds transfers.

For money order claims, or BSA, OFAC and anti-money laundering documentation, inquiries should be addressed to the Chief Financial Officer and Executive Vice President. Inquiries must include name, address, or other identifying information of the purchaser (such as driver's license, Alien Registration Number, Passport Number, etc.), and serial or transaction number. Information collected for anti-money laundering purposes will only be provided in accordance with Federal BSA, OFAC, anti-money laundering laws, regulations and requirements.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Systems Exempted From Certain Provisions of the Act:

USPS has established regulations at 39 CFR 266.9 that exempt information contained in this system of records from various provisions of the Privacy Act in order to conform to the prohibition in the Bank Secrecy Act, 31 U.S.C. 5318(g)(2), against notification of the individual that a suspicious transaction has been reported.

HISTORY:

May 8, 2008, 73 FR 26155; April 29, 2005, 70 FR 22516.

Footnotes