PRIVACY IMPACT ASSESSMENT

Similar documents
PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

How To Use The Fdic External Service For Mortgage Servicing Rights

How To Understand And Understand The Role Of Reverse Mortgage Solutions

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

The Bureau of the Fiscal Service. Privacy Impact Assessment

The Bureau of the Fiscal Service. Privacy Impact Assessment

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

Commodity Futures Trading Commission Privacy Impact Assessment

Privacy Impact Assessment. For Education s Central Automated Processing System (EDCAPS) Date: October 29, 2014

Privacy Impact Assessment

The Bureau of the Fiscal Service. Privacy Impact Assessment

Personal Information Collection and the Privacy Impact Assessment (PIA)

Privacy Impact Assessment. For. TeamMate Audit Management System (TeamMate) Date: July 9, Point of Contact: Hui Yang

Office of Audits Report No. AUD The FDIC s Privacy Program 2011

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

General Statement and Verification of Standards

PRIVACY IMPACT ASSESSMENT

Table of Contents Chapter 1 Introduction Goals & Objectives Required Review Applicability...

How To Make Money From A Loan

Privacy Impact Assessment For Central Processing System (CPS) Date: March 25, 2013

Our collection of information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Financial Management Service. Privacy Impact Assessment

Permit Power of Attorney (PoA) to establish an agreement on behalf of the taxpayer

Correspondent Seller Eligibility Policy

Iowa Student Loan Online Privacy Statement

A. SYSTEM DESCRIPTION

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

Bank Secrecy Act E-Filing. Privacy Impact Assessment (PIA) Bank Secrecy Act E-Filing. Version 1.5

A. SYSTEM DESCRIPTION

Marketing to the FDIC: Understanding the FDIC Service Categories. Understanding typical FDIC contractor service categories

Name of System/Application: Customer Service Center Telecommunication System (CSCTCS)

Crew Member Self Defense Training (CMSDT) Program

Privacy Impact Assessment of the Nationwide Mortgage Licensing System and Registry

Protecting your privacy

U.S. Securities and Exchange Commission. Integrated Workplace Management System (IWMS) PRIVACY IMPACT ASSESSMENT (PIA)

PII = Personally Identifiable Information

A. SYSTEM DESCRIPTION

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

A. SYSTEM DESCRIPTION

FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)

Selling Your USDA Loans To Coastal. First Quarter 2015

Non-Performing Loan Sales Seminar

Cloud 2 General Support System

Privacy Impact Assessment for the. E-Verify Self Check. March 4, 2011

Federal Trade Commission Privacy Impact Assessment

U.S. Securities and Exchange Commission. Mailroom Package Tracking System (MPTS) PRIVACY IMPACT ASSESSMENT (PIA)

How To Understand The System'S Purpose And Function

CITADEL BUSI ESS ACCOU T / BUSI ESS LOA APPLICATIO

The Bureau ofthe Fiscal Service. Debt Information Management System. Privacy Impact Assessment

Privacy Impact Assessment (PIA) Consular Data Information Transfer System (CDITS) Version Last Updated: April 15, 2014

United States Department of State Privacy Impact Assessment Risk Analysis and Management

Privacy Impact Assessment for the. E-Verify Self Check. DHS/USCIS/PIA-030(b) September 06, 2013

Solomon Hess SBA Management LLC 4301 North Fairfax Drive Arlington VA March 19, 2014

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

How To Get A Deposit From A Bank With A Liboration Program Account

How To Understand The System Of Records In The United States

Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Federal Trade Commission Privacy Impact Assessment. for the: Secure File Transfer System

LIMITED LIABILITY COMPANY INTEREST SALE AND ASSIGNMENT AGREEMENT

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

David Coble Internal Control Officer

INNOVATION FUND Loan Application

Chapter 50 General Accounting and Reporting Requirements

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

Central Oregon Community College. Identity Theft Prevention Program

A. SYSTEM DESCRIPTION

9/11 Heroes Stamp Act of 2001 File System

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment

Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Privacy Impact Assessment for the. Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS)

A. SYSTEM DESCRIPTION

Federal Trade Commission Privacy Impact Assessment. for the: Gilardi & Co., LLC Claims Management System and Online Claim Submission Website

A. SYSTEM DESCRIPTION

Name of System/Application: E8(a) Program Office: Government Contracting and Business Development

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

PII Personally Identifiable Information Training and Fraud Prevention

Department of Homeland Security Web Portals

Physical Access Control System

Chapter 5. How to Process VA Loans and Submit Them to VA Overview

MIS Privacy Statement. Our Privacy Commitments

Protecting your privacy

U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment

Transcription:

PRIVACY IMPACT ASSESSMENT Garnet Capital Advisors January 2011 FDIC External Service Table of Contents System Overview Personally Identifiable Information (PII) in GARNET Purpose & Use of Information in GARNET Sources of Information in GARNET Notice & Consent Access to Data in GARNET Data Sharing Data Accuracy in GARNET Data Security for GARNET System of Records Notice (SORN) Contact Us

System Overview When an FDIC-insured financial institution fails, the Federal Deposit Insurance Corporation (FDIC), in its receivership capacity, assumes the task of collecting and selling the assets (i.e. loans) of the failed financial institution and settling its debts, including claims of deposits in excess of the insured limit. The FDIC either sells the loans at the time of the financial institution s closing or retains the loans temporarily. Within FDIC, the Division of Resolutions and Receiverships (DRR) Asset Marketing Branch is responsible for conducting the sales of loans 1 that remain with the Receiver. DRR markets these loans through private Loan Sale Advisors, who are under contract to perform this service on behalf of the Receiver. FDIC is required to maximize 2 the price of resold assets following a bank failure. The use of Loan Sale Advisors helps FDIC obtain the highest return by tapping into a large pool of potential purchasers or bidders. To fulfill these functions, the FDIC has contracted with Garnet Capitol Advisors to value and sell assets acquired when a financial institution fails. The GARNET solution includes a secure, online Loan Trading Platform where assets may be viewed by authorized bidders. GARNET sales professionals perform pricing, underwriting, document preparation, imaging, marketing and closing services to execute orderly, timely and efficient asset sales. As part of the loan sale process, GARNET collects personally identifiable information (PII) from potential bidders who register to participate in the loan sale. Bidders typically are banks or private firms, but in some cases, are individual members of the public, who are required to meet strict eligibility requirements set forth by FDIC and GARNET. Due to the nature of loan sales in the secondary market, GARNET must provide potential bidders with all the documents necessary for bidders to conduct appropriate due diligence. These loan sale documents often contain sensitive information, including PII on individual loan customers. GARNET does not provide access to any loan sale documents containing PII data through its own web interface. Instead, all loan sales with PII data that is made available to bidders for review is hosted on a Virtual Data Room (VDR) 3 platform. Following a sale, the successful bidder is provided all data through the VDR. Data is removed from the VDR host web site within 30 days after the sale. GARNET archives a copy of the sale information and details with limited access. Backup tapes are encrypted and sent to a secure facility. All data is deleted, destroyed or expunged upon request from the FDIC. Personally Identifiable Information (PII) in GARNET GARNET maintains personal identifiable information (PII) relating to borrowers and customers of failed financial institutions, as well as prospective bidders. GARNET requires prospective bidders to complete the initial registration process on its website before they can access loan sale information containing PII. 1 Loan portfolios from failed banks usually contain a variety of performing and non-performing loan products including mortgage, commercial, and consumer loans. 2 FDIC s mandate is to maximize the price of sold assets following a financial institution failure. Experience has proven that valuations must be performed at the asset-level to validate prices received for assets. The quality and quantity of information available for investor review is critical to receiving the maximum value for the assets. 3 For more information, refer to the FDIC Virtual Data Room PIA at https://www.fdic.gov/about/privacy/assessments.html. 1

As part of the registration process, GARNET requires prospective bidders to provide the following information: name, title, company name and address, work email address, work phone number, work fax number, company background (years of incorporation, principal names, names of creditors for past portfolio purchases, number of employees, and company websites), and areas of interest for future loan sale announcements. In order to access detailed loan sale documents and participate in the bidding process, bidders may need to provide additional information via the GARNET website, including: Tax Identification Number (TIN) or Social Security Number (SSN), FDIC Bidder Registration Number, detailed company information(e.g., date of formation, names/addresses of company owners), financial information (e.g., Company s Revenue, Assets, Tangible Net Worth, etc.), proof of past loan purchase experience, professional references (banker, lawyer and accountant),electronic copies of Articles of Incorporation, Organization, Partnership or similar documentation, and an online FDIC Confidentiality Agreement. PII elements collected relating to the individuals and customers of the failed financial institution may include the following: name, home address, SSN, TIN, home telephone number, home email address, Date of birth (DOB), place of birth, Employee ID Number (EIN), personal bank account or financial information, (e.g., loan account number, account balance, and other credit information. Scanned data may include driver s license, tax returns, financial statements, previous and current credit reports, employment history or information, EIN, and any other data contained in the loan file at the time of the closing. The tax return may contain sensitive PII on the borrower s family as well (e.g. Social Security Number). Purpose & Use of Information in GARNET GARNET obtains data directly from the failed financial institution. The data maintained in GARNET is both relevant and necessary to value, market and sell assets acquired from closed financial institutions at the highest possible rate of return. Sources of Information in GARNET Data for the GARNET website is directly obtained from the asset data acquired at or following the closing of a financial institution. The DRR staff copies the information from the computer systems of the closed financial system and securely transmits the information to GARNET via Secure File Transfer Protocol (SFTP) or via encrypted digital media. Additionally, GARNET or its authorized subcontractors scans the contents of the loan files to support investor due diligence of all assets offered for sale. These files are delivered by a secure method of Garnet s authorized subcontractor for scanning. Once Garnet securely receives and uploads the loan/asset data, Garnet underwriters begin preparing the loans/loan pools for sale on the VDR s secure web platform. In preparing the loans/loan pools for sale, asset data is supplemented with a current credit report and an asset valuation in order to accurately place a value on each asset. DRR s Asset Management Group may obtain a current credit report on the borrower or guarantor from a credit reporting agency; credit reports are used to supplement the asset data and allow for the correct valuation of each asset. 2

Notice & Consent Individuals (i.e. failed bank loan customers) do not have the opportunity to opt out of providing their information to GARNET. Data is collected directly from the failed financial institution and not collected from the individuals. FDIC is required to sell all assets acquired from the failed financial institution for the maximum amount possible and as soon as possible or after the closing of the financial institution. Additionally, FDIC is required to receive the highest value possible, which is why the FDIC has employed GARNET to value and market these assets. These activities require the availability of all personal information on each asset, in order that bidders may have full access to file content for due diligence. Access to Data in GARNET Access to data in GARNET is limited to four main categories of users: FDIC users: Authorized DRR Asset Management (AM) staff, who are responsible for the expeditious sale of loans after the failure of a financial institution, have access to the information in GARNET. AM staff manage and monitor the data being sent to GARNET and the sales after data is loaded. Additionally, the FDIC Oversight Manager and Technical Monitor in DRR monitor the activities of the staff at GARNET. Users must request access from the contract Oversight Manager in DRR and access to the GARNET website requires FDIC management approval. Access to the data is limited to users with the operational need to access the information. GARNET users: Authorized GARNET Loan Sales Advisors have access to the data in GARNET for the purpose of updating data and conducting and monitoring sales of loans/loan pools; underwriters for the purpose of updating data and preparing the loans/loan pools for viewing by authorized bidders on the GARNET website; administrative staff for the purpose of uploading data to the appropriate portion of the secure website; and information security/technical staff for the purpose of administering the site and record retention/disposal activities. Additionally, authorized subcontractors of GARNET may have access to data for the purpose of providing image scanning, research and valuation support to the GARNET Loan Sale Advisors. Authorized users access the data on a need to know basis as part of the duties performed for their employer. All GARNET employees and authorized subcontractors with access must sign a Confidentiality Agreement and undergo a background investigation. Additionally, GARNET ensures that individuals are trained on data security and privacy risks, including proper handling of information associated with their activities, and of applicable laws, regulations, policies, and procedures. Authorized bidders/purchasers: Authorized bidders/purchasers have access to the data on the GARNET website for the purpose of reviewing the data in the loans/loan pools as part of the due diligence process and purchasing assets. Authorized bidders/purchasers request access online by registering and agreeing to the Terms of Access. Purchaser s access authorization is subject to requirements for access provided by the FDIC Oversight Manager and enforced by GARNET. Other federal government agency personnel: Federal government agency personnel may have access to data in GARNET on a need to know basis depending on the guarantor or participant to a loan. This may include the Small Business 3

Administration (SBA), the U.S. Department of Agriculture (USDA) and the Farm Service Agency (FSA). Access is granted to only those loans and sales applicable to the guarantor or participant for the purpose of reviewing the status of the sale. Additionally, authorized users must sign a Non-Disclosure Agreement to be granted to access to the data in GARNET. Data Sharing Other Systems that Share or Have Access to Data in the System: No other systems currently share or have access to data in the GARNET system. System Name System Description Type of Information Processed N/A N/A N/A Data Accuracy in GARNET Data is collected directly from the failed financial institutions. The FDIC inspects data for viruses and malicious code before forwarding it to GARNET. GARNET performs data validation, reviewing the loan file for completeness, verifying whether or not certain documents or data is missing, and, as feasible, updating this data prior to the sale of the loan/loan pool. Data Security for GARNET Within DRR, the FDIC Oversight Manager, Technical Monitors, and Program Manager have overall responsibility for protecting the privacy rights of the public. Within GARNET, the Information Assurance Manager and senior management have overall responsibility for ensuring the proper use of data by the GARNET personnel who have access to the data. GARNET employees are responsible for protecting PII in accordance with GARNET corporate policies, Non-Disclosure Agreements, and Confidentiality Agreements. During the closing process of a failed financial institution, the DRR Asset Management (AM) staff copies the data from the computer systems of the closed financial institution and securely transmits the data encrypted via secure protocols. GARNET and its subcontractors maintain audit trails of authorized users access to sales and assets. Audit trails include such information as the asset reviewed by a user, the date, and time. Additionally, the FDIC Oversight Manager and Technical Monitor in DRR monitor the activities of the staff at GARNET. Secured firewalls, Intrusion Detection Systems (IDS) and automatic session timeout are in use by GARNET to assure unauthorized monitoring does not occur. 4

System of Records Notice (SORN) GARNET operates under the applicable FDIC SORN: 30-64-0013, Insured Financial Institution Liquidation Records. Contact Us To learn more about the FDIC s Privacy Program, please visit: http://www.fdic.gov/about/privacy/. If you have a privacy-related question or request, email Privacy@fdic.gov or one of the FDIC Privacy Program Contacts. You may also mail your privacy question or request to the FDIC Privacy Program at the following address: 3501 Fairfax Drive, Arlington, VA 22226. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information