SUPPLEMENTARY INFORMATION:

HUD updates the system of records notice (SORN) for the Financial Data Mart (FDM) to reflect the following substantive changes:

• Routine Uses: Updated and reordered existing routine uses to align with HUD standard language. No substantive changes were made to existing routine uses.
• New Routine Uses: Added three new Routine Uses as follows:

○ Routine Use (8) Authorizes disclosure to support statistical analysis and research with the purpose of the system.

○ Routine Use (11) Authorizes disclosure to the Department of the Treasury pursuant to E.O. 14249 and OMB Memorandum M-25-32 for identifying, preventing, or recouping fraud and improper payments, as permitted by law.

○ Routine Use (12) Authorizes disclosure necessary to support the disbursement of funds.

• Policies and Practices for Retention and Disposal of Records Section: Updated this section to clarify language; no changes were made to the approved records schedule or retention periods.

SYSTEM NAME AND NUMBER:

Financial Data Mart (FDM), HUD/OCFO-04.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

HUD Headquarters, 451 7th Street SW, Washington, DC 20410-1000 and National Center for Critical Information Processing and Storage (NCCIPS), Stennis Space Center, MS 39529-6000. The backup data center is at Mid-Atlantic Data Center in Clarksville, VA 23927-3201.

SYSTEM MANAGER(S):

Kate Darling, Assistant Chief Financial Officer for Systems, Office of the Chief Financial Officer, U.S. Department of Housing and Urban Development, 451 7th Street SW, Room ( printed page 22847) 3100, Washington, DC 20410-0001; telephone (202) 402-3912.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

31 U.S.C. 3511; The Chief Financial Officers Act of 1990 (31 U.S.C. 901, et seq.); Executive Order 9397, as amended by Executive Order 13478; Housing and Community Development Act of 1987, 42 U.S.C. 3543.

PURPOSES OF THE SYSTEM:

Financial Data Mart (FDM) is a centralized repository of data extracted from a variety of HUD's financial systems, supported by query tools to enhance financial and program data reporting. FDM is designed to facilitate viewing, understanding, and reporting of financial data. FDM serves as the primary tool for generating internal ad-hoc reports, scheduled event-driven reports, and queries.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Members of the public, federal employees, contractors, third-party vendors, and recipients of grants, subsidies, or loans.

CATEGORIES OF RECORDS IN THE SYSTEM:

Names, Social Security Numbers (SSNs), Taxpayer-IDs (which may include SSNs for sole-proprietors), Home/business addresses, Financial Information ( e.g., bank account, and routing numbers), Email addresses, Salaries, and User IDs.

RECORD SOURCE CATEGORIES:

FDM receives records from other HUD information systems such as HUD Central Accounting and Program Systems (HUDCAPS), Loan Accounting System (LAS), Line of Credit Control System (LOCCS), HUD Integrated Human Resources and Training System (HIHRTS), Geocoding Service Center (GSC), Office 365 Multi-Tenant Software, and non-Personally Identifiable Information (non-PII) from Integrated Real Estate Management System (IREMS). FDM also receives records from external sources, such as the General Services Administration, System for Award Management (SAM) and the Department of Treasury, Administrative Resource Center (ARC)'s Oracle Federal Financials.

ROUTINE USES MAINTINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSEs OF SUCH USES:

(1) To a congressional office from the record of an individual, in response to an inquiry from the congressional office made at the request of that individual.

(2) To appropriate agencies, entities, and persons when: (1) HUD suspects or has confirmed that there has been a breach of the system of records; (2) HUD has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HUD (including its information systems, programs, and operations), the Federal Government, or national security; and (3) The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HUD's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(3) To another Federal agency or Federal entity, when HUD determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(4) To a court, magistrate, administrative tribunal, or arbitrator in the course of presenting evidence, including disclosures to opposing counsel or witnesses or jurors in the course of civil discovery, litigation, mediation, or settlement negotiations; or in connection with criminal law proceedings; when HUD determines that use of such records is relevant and necessary to the litigation and when any of the following is a party to the litigation or have an interest in such litigation: (1) HUD, or any component thereof; or (2) any HUD employee in his or her official capacity; or (3) any HUD employee in his or her individual capacity where HUD has agreed to represent the employee; or (4) the United States, or any agency thereof, where HUD determines that litigation is likely to affect HUD or any of its components.

(5) To any component of the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when HUD determines that the use of such records is relevant and necessary to the litigation and when any of the following is a party to the litigation or have an interest in such litigation: (1) HUD, or any component thereof; or (2) any HUD employee in his or her official capacity; or (3) any HUD employee in his or her individual capacity where the Department of Justice or agency conducting the litigation has agreed to represent the employee; or (4) the United States, or any agency thereof, where HUD determines that litigation is likely to affect HUD or any of its components.

(6) To appropriate Federal, State, local, tribal, or other governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where HUD determines that the information would assist in the enforcement of civil or criminal laws when such records, either alone or in conjunction with other information, indicate a violation or potential violation of law.

(7) To Federal agencies, non-Federal entities, their employees, and agents (including contractors, their agents or employees; employees or contractors of the agents or designated agents); or contractors, their employees or agents with whom HUD has a contract, service agreement, grant, cooperative agreement, computer matching agreement, or other agreement for the purpose of: (I) Detection, prevention, and recovery of improper payments; (II) detection and prevention of fraud, waste, and abuse in major Federal programs administered by a Federal agency or non-Federal entity; (III) for the purpose of establishing or verifying the eligibility of, or continuing compliance with statutory and regulatory requirements by, applicants for, recipients or beneficiaries of, participants in, or providers of services with respect to, cash or in-kind assistance or payments under Federal benefits programs or recouping payments or delinquent debts under such Federal benefits programs; (IV) detection of fraud, waste, and abuse by individuals in their operations and programs. Records under this routine use may be disclosed only to the extent that the information shared is necessary and relevant to verify pre-award and prepayment requirements prior to the release of Federal funds or to prevent and recover improper payments for services rendered under programs of HUD or of those Federal agencies and non-Federal entities to which HUD provides information under this routine use.

(8) To contractors, grantees, experts, consultants, Federal agencies, and non-Federal entities, including, but not limited to, State and local governments and other research institutions or their parties, and entities and their agents with whom HUD has a contract, service agreement, grant, cooperative agreement, or other agreement for the purposes of statistical analysis and ( printed page 22848) research in support of program operations, management, performance monitoring, evaluation, risk management, and policy development, or to otherwise support the Department's mission. Records under this routine use may not be used in whole or in part to make decisions that affect the rights, benefits, or privileges of specific individuals. The entity receiving information under this routine use may not further disclose the records in an identifiable form.

(9) To contractors, grantees, experts, consultants and their agents, or others performing or working under a contract, service, grant, cooperative agreement, or other agreement with HUD, when necessary to accomplish an agency function related to a system of records. Disclosure requirements are limited to only those data elements considered relevant to accomplishing an agency function.

(10) To the National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures and compliance with the Freedom of Information Act (FOIA), and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.

(11) To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant for,or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.

(12) To the U.S. Treasury for transactions such as disbursements of funds and related adjustments.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic only.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Name, Social Security Number, Taxpayer ID, Email Address, and User-ID.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

General Records Schedule 1:1; Financial Management and Reporting Records. Destroy 6 years after final payment or cancellation, but longer retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

All HUD employees have undergone background investigations. HUD buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures. Access is restricted to authorized personnel or contractors whose responsibilities require access. System users must take the mandatory security awareness training annually as mandated by the Federal Information Security Management Act (FISMA). Users must also sign a Rules of Behavior form certifying that they agree to comply with the requirements before they are granted access to the system. FDM resides in the HUD Office of Chief Information Officer (OCIO) Local Area Network (LAN). The HUD OCIO Infrastructure and Operations Office (IOO) secure the Data Centers where the LAN resides. FDM sends and receives data through HUD SFTP (Security File Transfer Protocol), which encrypts the data in the database. All users authenticate to the HUD LAN with PIV cards before they can access FDM. OCFO limits access to records that contain PII data on a need-to-know basis, user recertification is performed, audit logs are reviewed, security assessments are performed, and background checks are performed prior to granting access to privileged roles. Not all employees and contractors have access to the vendor table that includes the PII. Supervisors determine and authorize FDM access for their employees, and OCFO checks their suitability. The majority of FDM users are read-only and cannot enter data into FDM. A system user recertification is conducted to ensure each FDM user requires access to the system.

RECORD ACCESS PROCEDURES:

Individuals requesting records of themselves should address written inquiries to the Department of Housing Urban and Development 451 7th Street SW, Washington, DC 20410-0001. For verification, individuals should provide their full name, current address, and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made under 24 CFR 16.4.

CONTESTING RECORD PROCEDURES:

The HUD rule for contesting the content of any record pertaining to the individual by the individual concerned is published in 24 CFR 16.8 or may be obtained from the system manager.

NOTIFICATION PROCEDURES:

Individuals requesting notification of records of themselves should address written inquiries to the Department of Housing Urban Development, 451 7th Street SW, Washington, DC 20410-0001. For verification purposes, individuals should provide their full name, office or organization where assigned, if applicable, and current address and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made under 24 CFR 16.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

Docket No. FR-7104-N-08, 90 FR 36176, August 1, 2025.

91 FR 22846