# Privacy Act of 1974; System of Records
**AGENCY:**
Securities and Exchange Commission.
**ACTION:**
Notice of a modified system of records.
**SUMMARY:**
In accordance with the Privacy Act of 1974 and Office of Management and Budget (“OMB”) Circular A-108, the Securities and Exchange Commission (“Commission” or “SEC”) is proposing a modification to its system of records notice (SORN), SEC-06, SEC's Financial and Acquisition Management System (“SEC-06”). This proposed update introduces a new routine use to comply with Executive Order (E.O.) 14249, Protecting America's Bank Account Against Fraud, Waste, and Abuse. The change supports enhanced efforts to safeguard federal financial systems and ensure responsible stewardship of public funds. The modified SORN does not change the categories of individuals, the record collection process, the authorities, or the purpose of collection. It also does not affect individuals' rights to access or amend their records under the Privacy Act.
**DATES:**
In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is effective upon publication, subject to a 30-day period in which to comment on the routine use, described below. Comments may be submitted on or before January 22, 2026.
**ADDRESSES:**
Comments may be submitted by any of the following methods:
**Electronic Comments**
• Use the SEC's internet comment form ( *http://www.sec.gov/rules/other.shtml* ); or
• Send an email to *[email protected].* Please include File Number S7-2025-05 on the subject line.
**Paper Comments**
• Send paper comments to: Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.
All submissions should refer to File Number S7-2025-05. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method of submission. The Commission will post all comments on the Commission's website ( *http://www.sec.gov/rules/other.shtml* ). Do not include personal identifiable information in submissions; you should submit only information that you wish to make available publicly. We may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection.
**FOR FURTHER INFORMATION CONTACT:**
Ronnette McDaniel, Branch Chief, Privacy and Information Assurance Branch, 202-551-7200 or *[email protected].*
**SUPPLEMENTARY INFORMATION:**
On March 25, 2025, Executive Order 14249 was issued to modernize federal financial oversight, strengthen controls over U.S. General Fund transactions, and combat fraud, waste, and abuse. It consolidates payment systems, mandates electronic transactions, and enhances accountability in government financial operations. The E.O. requires federal agencies to overhaul their financial practices by modernizing payment systems, instituting robust pre-certification for all payment transactions, and increasing data sharing with the Department of Treasury (“Treasury”) to prevent fraud and improper payments. In support of this effort, OMB Memorandum M-25-32 requires agencies to review and update their System of Records Notices (SORNs) under the Privacy Act, as relevant and necessary, to include a new routine use clause that allows for the sharing of records with the Treasury to review payment and award eligibility through the Do Not Pay Working System. To ensure compliance with the review and update requirements outlined in Executive Order 14249 and OMB Memorandum M-25-32, the Commission conducted a comprehensive review of its SORN inventory to identify and implement necessary modifications. The proposed modification to add a new routine use to the identified SORN, SEC-06, aligns with the Privacy Act and incorporates the new requirements introduced by OMB Memorandum M-25-32. Accordingly, the Commission is proposing to modify SEC-06 to add new routine use number 14 as follows:
“To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.”
The remaining routine uses were previously published.
In accordance with 5 U.S.C. 552a(r), we have provided a report to OMB and Congress on the proposal to modify the system of records.
**SYSTEM NAME AND NUMBER:**
SEC-06: SEC's Financial and Acquisition Management System.
**SECURITY CLASSIFICATION:**
Unclassified.
**SYSTEM LOCATION:**
1. Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549. Files may also be maintained in the Commission's Regional Offices.
2. Federal Aviation Administration, Mike Monroney Aeronautical Center, AMZ-740, 6500 S. MacArthur Blvd., Headquarters Bldg. 1, Oklahoma City, OK 73169.
**SYSTEM MANAGER(S):**
Chief Financial Officer, Office of Financial Management, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-6041.
**AUTHORITY FOR MAINTENANCE OF THE SYSTEM:**
31 U.S.C. 3501, *et seq.* and 31 U.S.C. 7701(c). Where the employee identification number is the social security number, collection of this information is authorized by Executive Order 9397.
**PURPOSE(S) OF THE SYSTEM:**
Serves as the core financial system and integrates program, financial and budgetary information. Records are collected to ensure that all obligations and expenditures other than those in the pay and leave system are in conformance with laws, existing rules and regulations, and good business practice, and to maintain subsidiary records at the proper account and/or organizational level where responsibility for control of costs exists.
**CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:**
SEC employees, contractors, vendors, interns, customers and members of the public.
**CATEGORIES OF RECORDS IN THE SYSTEM:**
Employee personnel information: Limited to SEC employees, and includes name, address, Social Security number (SSN); Business-related information: Limited to contractors/vendors and customers, and includes name of the company/agency, point of contact, telephone number, mailing address, email address, contract number, CAGE code, vendor number (system unique identifier), DUNS number, and TIN, which could be a SSN in the case of individuals set up as sole proprietors; and financial information, this includes financial institution name, lockbox number, routing transit number, deposit account number, account type, debts ( *e.g.,* unpaid bills/invoices, overpayments, etc.), and remittance address.
**RECORD SOURCE CATEGORIES:**
The information maintained in Department of Transportation, (DOT)/Enterprise Service Center (ESC): Purchase orders, vouchers, invoices, contracts, and electronic records; Department of Interior (DOI)/Federal Personnel Payroll System (FPPS): travel applications, disgorgement information, or other paper records submitted by employees, vendors, and other sources, including claims filed by witnesses in SEC actions; Delphi-Prism: Fed Traveler, Department of the Interior (DOI) Payroll System, Bureau of Public Debt, and EDGAR Financial Management System (EFMS).
**ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:**
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the Commission as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when (1) the SEC suspects or has confirmed that there has been a breach of the system of records; (2) the SEC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the SEC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the SEC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
2. To other federal, state, local, or foreign law enforcement agencies; securities self-regulatory organizations; and foreign financial regulatory authorities to assist in or coordinate regulatory or law enforcement activities with the SEC.
3. In any legal proceeding where the federal securities laws are in issue or in which the Commission, or past or present members of its staff, is a party or otherwise involved in an official capacity, and the SEC has determined that information from this system of records is relevant and necessary to the litigation and compatible with the purpose for which the records were collected.
4. To a federal, state, local, tribal, foreign, or international agency, if necessary to obtain information relevant to the SEC's decision concerning the hiring or retention of an employee; the issuance of a security clearance; the letting of a contract; or the issuance of a license, grant, or other benefit.
5. To produce summary descriptive statistics and analytical studies, as a data source for management information, in support of the function for which the records are collected and maintained or for related personnel management functions or manpower studies; may also be used to respond to general requests for statistical information (without personal identification of individuals) under the Freedom of Information Act.
6. To any persons during the course of any inquiry, examination, or investigation conducted by the SEC's staff, or in connection with civil litigation, if the staff has reason to believe that the person to whom the record is disclosed may have further information about the matters related therein, and those matters appeared to be relevant at the time to the subject matter of the inquiry.
7. To interns, grantees, experts, contractors, and others who have been engaged by the Commission to assist in the performance of a service related to this system of records and who need access to the records for the purpose of assisting the Commission in the efficient administration of its programs, including by performing clerical, stenographic, or data analysis functions, or by reproduction of records by electronic or other means. Recipients of these records must agree to comply with the provisions of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
8. To a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual.
9. To members of Congress or others charged with monitoring the work of the Commission or conducting records management inspections.
10. To a commercial contractor in connection with benefit programs administered by the contractor on the Commission's behalf, including, but not limited to, supplemental health, dental, disability, life and other benefit programs.
11. To the OMB in connection with the review of private relief legislation as set forth in OMB Circular A-19 at any stage of the legislative coordination and clearance process as set forth in that circular.
12. To the Treasury or other appropriate agencies to provide appropriate audit documentation.
13. To another Federal agency or Federal entity, when the SEC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
14. To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.
**POLICIES AND PRACTICES FOR STORAGE OF RECORDS:**
Records are maintained in electronic and paper format. Electronic records and data are stored in electronic media via a configuration of government servers. Physical records are maintained in hard-copy, paper format in secure filing cabinets, office spaces, and storage locations, including Federal Records Centers.
**POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:**
Records may be retrieved by a name of employee, social security number (SSN) for employees, SSN/Tax Identification Number (TIN) for vendors doing business with the SEC, Name for both employees and vendors, Central Index Key (CIK) (system unique) for both employees and vendors, DUNS/DUNS + 4.
**POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:**
These records will be maintained until they become inactive, at which time they will be retired or destroyed in accordance with records schedules of the United States Securities and Exchange Commission and as approved by the National Archives and Records Administration.
**ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:**
Access to SEC facilities, data centers, and information or information systems is limited to authorized personnel with official duties requiring access. SEC facilities are equipped with security cameras and 24-hour security guard service. The records are kept in limited access areas during duty hours and in locked file cabinets and/or locked offices or file rooms at all other times. Computerized records are safeguarded in a secured environment. Security protocols meet the promulgating guidance as established by the National Institute of Standards and Technology (NIST) Security Standards from Access Control to Data Encryption and Security Assessment & Authorization (SA&A).
Records are maintained in a secure, password-protected electronic system that will utilize commensurate safeguards that may include: firewalls, intrusion detection and prevention systems, and role-based access controls. Additional safeguards will vary by program. All records are protected from unauthorized access through appropriate administrative, operational, and technical safeguards. These safeguards include: restricting access to authorized personnel who have a “need to know”; using locks; and password protection identification features. Contractors and other recipients providing services to the Commission shall be required to maintain equivalent safeguards.
**RECORD ACCESS PROCEDURES:**
Persons wishing to obtain information on the procedures for gaining access to or contesting the contents of these records may submit a request online at *www.sec.gov* or contact the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-2736.
**CONTESTING RECORD PROCEDURES:**
See Record Access Procedures above.
**NOTIFICATION PROCEDURES:**
All requests to determine whether this system of records contains a record pertaining to the requesting individual may be requested online at *www.sec.gov* or directed to the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-2736.
**EXEMPTIONS PROMULGATED FOR THE SYSTEM:**
None.
**HISTORY:**
This SORN was last published in full in the *Federal Register* at 40 FR 39253 (August 27, 1975). Subsequent notices of revision can be found at the following citations:
—41 FR 5318 (February 5, 1976)
—41 FR 11631 (March 19, 1976)
—41 FR 41550 (September 22, 1976)
—42 FR 36333 (July 14, 1977)
—46 FR 63439 (December 31, 1981)
—59 FR 27626 (May 27, 1994)
—62 FR 47884 and 47885 (September 11, 1997)
—63 FR 11938 (March 11, 1998)
—77 FR 16569 (March 21, 2012)
—85 FR 85440 (January 27, 2021)
By the Commission.
Dated: December 19, 2025.
Sherry R. Haywood,
Assistant Secretary.