AGENCY:

Commodity Futures Trading Commission.

ACTION:

Notice of a new system of records.

SUMMARY:

The Commodity Futures Trading Commission (CFTC or Commission) is establishing a new system of records, CFTC–56, Office of the Inspector General Audit Files, to account for information maintained about individuals that is included in Office of the Inspector General (OIG) audit files.

DATES:

Comments must be received on or before May 5, 2023. Routine uses will go into effect on May 5, 2023.

ADDRESSES:

You may submit comments by any of the following methods:

• CFTC Comments Portal: https://comments.cftc.gov. Select the “Submit Comments” link for this notice and follow the instructions on the Public Comment Form.

• Mail: Send to Christopher Kirkpatrick, Secretary of the Commission, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

• Hand Delivery/Courier: Follow the same instructions as for Mail, above. Please submit your comments using only one of these methods. Submissions through the CFTC Comments Portal are encouraged.

All comments must be submitted in English, or if not, be accompanied by an English translation. Comments will be posted as received to comments.cftc.gov. You should submit only information that you wish to make available publicly.

The Commission reserves the right, but shall have no obligation, to review, pre-screen, filter, redact, refuse, or remove any or all of a submission from comments.cftc.gov that it may deem to be inappropriate for publication, such as obscene language. All submissions that have been redacted or removed that contain comments on the merits of this notice will be retained in the comment file and will be considered as required under all applicable laws, and may be accessible under the Freedom of Information Act.

FOR FURTHER INFORMATION CONTACT:

Marcela Souaya, (202) 418–5137, privacy@cftc.gov, Office of the General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

SUPPLEMENTARY INFORMATION:

Background information is not applicable since this is a new SORN.

SYSTEM NAME AND NUMBER:

Office of the Inspector General Audit Files; CFTC–56.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of the Inspector General, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street, NW, Washington, DC 20581. The system will be hosted on a cloud and data center computing infrastructure. Duplicate versions of some or all system information may be at satellite locations where the CFTC has granted direct access to support CFTC operations, system backup, emergency preparedness, and/or continuity of operations. Start Printed Page 20145

SYSTEM MANAGER(S):

Inspector General, Office of the Inspector General, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. Email is oig@cftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Commodity Exchange Act, 7 U.S.C. 1 et seq., and regulations, rules or orders issued thereunder; Inspector General Act of 1978, as amended, Public Law 95–452, 5 U.S.C. Appx. 3.

PURPOSE(S) OF THE SYSTEM:

The purpose of this system is to maintain a management information system for CFTC OIG audit projects (such as financial statement audits, performance audits, and other audit projects relating to the programs and operations of the CFTC); and OIG personnel (such as staff training records and conflict of interest certifications necessary for peer review purposes); and to assist in the accurate and timely conduct of audits and audit projects.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered consist of: (1) CFTC program participants and CFTC employees and contractors who are associated with an activity that is performed by the CFTC OIG Office of Audit as an audit or audit product included under Generally Accepted Government Auditing Standards (such as a financial audit, an attestation engagement, a review engagement, an agreed-upon procedures engagement, or a review of financial statements); (2) requesters of an OIG audit or other activity (such as a member of Congress, Congressional staff, or a CFTC Chairperson or Commissioner); and (3) persons and entities performing some other role of significance to the OIG Office of Audit efforts (such as potential witnesses, or persons who represent legal entities that are connected to an OIG audit or other activity). The system also tracks information pertaining to OIG staff handling the audit or other activity, and may contain names of relevant staff in other agencies or private sector entities.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records consist of materials compiled and/or generated in connection with audits and other activities performed by OIG staff. These materials include work papers and information regarding the planning, conduct, and resolution of audits and reviews of CFTC programs and participants in those programs, internal legal assistance requests, information requests, responses to such requests, and reports of findings. The information consists of audit work papers and reports.

RECORD SOURCE CATEGORIES:

Information in the system is obtained from the CFTC, other federal agencies and entities, the Government Accountability Office, contractors, program participants including individuals and business entities, subject individuals, complainants, witnesses, other nongovernmental sources and open source intelligence, including web-based communities, user-generated content, social-networking sites, wikis, blogs and news sources maintained on the Surface, Deep, and Dark web. The Surface Web is what users access in their regular day-to-day activity. It is available to the general public using standard search engines and can be accessed using standard web browsers that do not require any special configuration. The Deep Web is the portion of the web that is not indexed or searchable by ordinary search engines. The Dark Web is a less accessible subset of the Deep Web that relies on connections made between trusted peers and requires specialized software, tools, or equipment to access.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Routine uses for the Office of the Inspector General Audit Files record systems are set forth below:

1. The information may be given or shown to any person or entity during the course of an Office of the Inspector General (OIG) audit or audit activity (audit) if there is reason to believe that disclosure to the person or entity will further the audit.

2. Information may be disclosed to the Department of Justice or other federal entity, the Merit Systems Protection Board, the Office of Special Counsel, or in a proceeding before a court, adjudicative body, or other administrative body before which the agency is authorized to appear, or in the course of civil discovery, litigation, or settlement negotiations, in actions authorized under the Commodity Exchange Act and otherwise authorized, when:

a. The agency, or any component thereof; or

b. Any employee of the agency in their official capacity; or

c. Any employee of the agency in their personal capacity where the Department of Justice or the agency has agreed to represent the employee; or

d. The United States, when the litigation is likely to affect the CFTC or any of its components; is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or the agency is deemed to be relevant and necessary to the litigation.

3. In any case in which records in the system, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, whether arising by general statute or particular program statute, or by regulation, rule or order issued pursuant thereto, the relevant records may be referred to the appropriate agency, whether Federal, foreign, State or local, charged with enforcing or implementing the statute, regulation, rule or order. This includes a state or federal bar association, state accountancy board, or other federal, state, local, or foreign licensing or oversight authority; or professional association or self-regulatory authority to the extent that it performs similar functions (including the Public Company Accounting Oversight Board) for investigations or possible disciplinary action, including suspension and debarment.

4. Information may be disclosed to the National Archives and Records Administration to the extent necessary to fulfill its responsibilities under the law relating to these records.

5. Information may be disclosed to private and public entities, contractors, grantees, volunteers, experts, students, and others performing or working on a contract, service, grant, cooperative agreement, or job that facilitate or are necessary to accomplish an OIG audit, or to collate, aggregate or otherwise refine or dispose of data collected in the system of records. Each private or public entity, contractor, grantee, volunteer, expert, student, or other shall be required to maintain Privacy Act safeguards with respect to such information.

6. To appropriate agencies, entities, and persons when (1) CFTC's OIG suspects or has confirmed that there has been a breach of the system of records, (2) CFTC's OIG has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, CFTC's OIG (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with CFTC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. Start Printed Page 20146

7. To another Federal agency or Federal entity, when CFTC's OIG determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

8. A record from the system of records may be disclosed to a grand jury agent pursuant either to a Federal or State grand jury subpoena, or to a prosecution request that such record be released for the purpose of its introduction to a grand jury, provided that the grand jury channels its request through the cognizant U.S. Attorney, that the U.S. Attorney has been delegated the authority to make such requests by the Attorney General, and that the U.S. Attorney actually signs the letter specifying both the information sought and the law enforcement purpose served. In the case of a State grand jury subpoena, the State equivalent of the U.S. Attorney and Attorney General shall be substituted.

9. A record from the system of records may be disclosed in response to a subpoena issued by a Federal agency having the power to subpoena records of other Federal agencies, provided the subpoena is channeled through the head of the issuing agency, if the OIG determines that: (a) The head of the issuing agency signed the subpoena; (b) the subpoena specifies the information sought and the law enforcement purpose served; (c) the records are both relevant and necessary to the proceeding; and (d) such release is compatible with the purpose for which the records were collected.

10. A record from the system of records may be disclosed to the Department of Justice for the purpose of obtaining its advice on an OIG audit, or other related inquiry, including Freedom of Information or Privacy Act matters relating to information in this record system.

11. A record may be disclosed to any official charged with the responsibility to conduct investigations, qualitative assessment reviews, or peer reviews of audit operations within the Office of the Inspector General. This disclosure category includes members of the Council of the Inspectors General on Integrity and Efficiency or any successor entity and officials, designees, and administrative staff within their chain of command, as well as authorized officials of the Department of Justice and the Federal Bureau of Investigation.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored electronically or on paper in secure facilities.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information in the system generally can be retrieved by OIG personnel in headquarters and working remotely. Information is generally retrieved by audit assignment number and can be retrieved by using alphanumeric queries and personal identifiers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records are retained and disposed of in compliance with CFTC record disposition authorities, approved by the National Archives and Records Administration. The OIG Audit Files are destroyed 10 years after the audit is completed, unless the audit is deemed of significance sufficient to justify permanent retention. The OIG staff training and related records are destroyed six years after cut off.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Administrative safeguards include restricting access to the OIG work area, and restricting relevant audit tasks to only those competent or qualified to perform the work. Technical security measures within CFTC include restrictions on computer access to authorized individuals who have a legitimate need to know the information; use of encryption for certain data types and transfers; firewalls and intrusion detection applications (set and maintained by the CFTC); and regular review of security procedures and best practices to enhance security (performed by the CFTC). Physical safeguards include restrictions on building access to authorized individuals, 24-hour security guard service, and maintenance of records in lockable offices, desks, and filing cabinets.

RECORD ACCESS PROCEDURES:

Individuals seeking to determine whether this system of records contains information about themselves or seeking access to records about themselves in this system of records should address written inquiries to the Office of the General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in a Privacy Act access request.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of records about themselves contained in this system of records should address written inquiries to the Office of the General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.8 for full details on what to include in a Privacy Act amendment request.

NOTIFICATION PROCEDURES:

Individuals seeking notification of any records about themselves contained in this system of records should address written inquiries to the Office of the General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in a Privacy Act notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.