SEC-29 System of Records Notice

SYSTEM NAME AND NUMBER:
SEC-29: Tips, Complaints, and Referrals (TCR) Records
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Securities and Exchange Commission, 100 F Street, NE, Washington, DC 20549. Files may
also be maintained in the Commission’s Regional Offices that conducted an investigation or
litigation.
SYSTEM MANAGER(S):
Deputy Director, Division of Risk, Strategy, and Financial Innovation, U.S. Securities and
Exchange Commission, 100 F Street, NE, Washington, DC 20549.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
15 U.S.C. 77a et seq., 78a et seq., 80a-1 et seq., 80b-1 et seq., and 5 U.S.C. 302.
PURPOSE(S) OF THE SYSTEM:
For use by authorized SEC personnel in receiving, recording, assigning, tracking, and taking
action on tips, complaints, and referrals received from individuals and entities related to actual
or potential violations of the federal securities laws; investor harm; or conduct of public
companies, securities professionals, regulated entities and associated persons.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
(1) Individuals that submit tips, complaints, or related information about actual or potential
violations of the federal securities laws; investor harm; conduct of public companies,
securities professionals, regulated entities, and associated persons; and internal and external
referrals of misconduct; (2) Individuals that are the subjects of a tip or complaint related to an

actual or potential securities law violation; (3) Attorneys or other related individuals; and (4)
SEC personnel or contractors assigned to handle such tips, complaints, and referrals.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records may include individual names, dates of birth, social security numbers, addresses,
telephone numbers, tip, complaint, and referral information including allegation descriptions,
dates, and supporting details; supporting documentation; web forms; e-mails; criminal history;
working papers of the staff; and other documents and records relating to the matter.
RECORD SOURCE CATEGORIES:
Information in these records may be supplied by investors and the general public,
Commission- regulated entities including broker-dealers, investment advisers, self-regulatory
organizations, other government agencies, and foreign regulators.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act,
these records or information contained therein may specifically be disclosed outside the
Commission as a routine use pursuant to 5 U.S.C. 552 a(b)(3) as follows:
1.To appropriate agencies, entities, and persons when (1) the SEC suspects or has confirmed
that there has been a breach of the system of records,· (2) the SEC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, the SEC
(including its information systems, programs, and operations), the Federal Government, or
national security; and (3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the SEC’s efforts to respond to the suspected
or confirmed breach or to prevent, minimize, or remedy such harm.
2

2. To other federal, state, local, or foreign law enforcement agencies; securities self-regulatory
organizations; and foreign financial regulatory authorities to assist in or coordinate regulatory
or law enforcement activities with the SEC.
3. To national securities exchanges and national securities associations that are registered with
the SEC, the Municipal Securities Rulemaking Board; the Securities Investor Protection
Corporation; the Public Company Accounting Oversight Board; the federal banking
authorities, including, but not limited to, the Board of Governors of the Federal Reserve
System, the Comptroller of the Currency, and the Federal Deposit Insurance Corporation;
state securities regulatory agencies or organizations; or regulatory authorities of a foreign
government in connection with their regulatory or enforcement responsibilities.
4. By SEC personnel for purposes of investigating possible violations of, or to conduct
investigations authorized by, the federal securities laws.
5. In any proceeding where the federal securities laws are in issue or in which the
Commission, or past or present members of its staff, is a party or otherwise involved in an
official capacity.
6. In connection with proceedings by the Commission pursuant to Rule 102(e) of its Rules of
Practice, 17 CFR 201.102(e).
7. To a bar association, state accountancy board, or other federal, state, local, or foreign
licensing or oversight authority; or professional association or self-regulatory authority to the
extent that it performs similar functions (including the Public Company Accounting Oversight
Board) for investigations or possible disciplinary action.
8. To a federal, state, local, tribal, foreign, or international agency, if necessary to obtain
information relevant to the SEC’s decision concerning the hiring or retention of an employee;
3

the issuance of a security clearance; the letting of a contract; or the issuance of a license,
grant, or other benefit.
9. To a federal, state, local, tribal, foreign, or international agency in response to its request for
information concerning the hiring or retention of an employee; the issuance of a security
clearance; the reporting of an investigation of an employee; the letting of a contract; or the
issuance of a license, grant, or other benefit by the requesting agency, to the extent that the
information is relevant and necessary to the requesting agency's decision on the matter.
10. To produce summary descriptive statistics and analytical studies, as a data source for
management information, in support of the function for which the records are collected and
maintained or for related personnel management functions or manpower studies; may also be
used to respond to general requests for statistical information (without personal identification
of individuals) under the Freedom of Information Act.
11. To any trustee, receiver, master, special counsel, or other individual or entity that is
appointed by a court of competent jurisdiction, or as a result of an agreement between the
parties in connection with litigation or administrative proceedings involving allegations of
violations of the federal securities laws (as defined in section 3(a)(47) of the Securities
Exchange Act of 1934, 15 U.S.C. 78c(a)(47)) or pursuant to the Commission’s Rules of
Practice, 17 CFR 201.100 – 900 or the Commission’s Rules of Fair Fund and Disgorgement
Plans, 17 CFR 201.1100-1106, or otherwise, where such trustee, receiver, master, special
counsel, or other individual or entity is specifically designated to perform particular functions
with respect to, or as a result of, the pending action or proceeding or in connection with the
administration and enforcement by the Commission of the federal securities laws or the
Commission’s Rules of Practice or the Rules of Fair Fund and Disgorgement Plans.
4

12. To any persons during the course of any inquiry, examination, or investigation conducted
by the SEC’s staff, or in connection with civil litigation, if the staff has reason to believe that
the person to whom the record is disclosed may have further information about the matters
related therein, and those matters appeared to be relevant at the time to the subject matter of
the inquiry.
13. To interns, grantees, experts, contractors, and others who have been engaged by the
Commission to assist in the performance of a service related to this system of records and who
need access to the records for the purpose of assisting the Commission in the efficient
administration of its programs, including by performing clerical, stenographic, or data analysis
functions, or by reproduction of records by electronic or other means. Recipients of these
records shall be required to comply with the requirements of the Privacy Act of 1974, as
amended, 5 U.S.C. 552a.
14. In reports published by the Commission pursuant to authority granted in the federal
securities laws (as such term is defined in section 3(a)(47) of the Securities Exchange Act of
1934, 15 U.S.C. 78c(a)(47)), which authority shall include, but not be limited to, section 21(a)
of the Securities Exchange Act of 1934, 15 U.S.C. 78u(a)).
15. To members of advisory committees that are created by the Commission or by Congress to
render advice and recommendations to the Commission or to Congress, to be used solely in
connection with their official designated functions.
16. To any person who is or has agreed to be subject to the Commission’s Rules of Conduct,
17 CFR 200.735-1 to 200.735-18, and who assists in the investigation by the Commission of
possible violations of the federal securities laws (as such term is defined in section 3(a)(47) of
the Securities Exchange Act of 1934, 15 U.S.C. 78c(a)(47)), in the preparation or conduct of
5

enforcement actions brought by the Commission for such violations, or otherwise in
connection with the Commission’s enforcement or regulatory functions under the federal
securities laws.
17. To a Congressional office from the record of an individual in response to an inquiry from
the Congressional office made at the request of that individual.
18. To members of Congress, the press, and the public in response to inquiries relating to
particular Registrants and their activities, and other matters under the Commission’s
jurisdiction.
19. To prepare and publish information relating to violations of the federal securities laws as
provided in 15 U.S.C. 78c(a)(47)), as amended.
20. To respond to subpoenas in any litigation or other proceeding.
21. To a trustee in bankruptcy.
22. To members of Congress, the General Accountability Office, or others charged with
monitoring the work of the Commission or conducting records management inspections.
23. To another Federal agency or Federal entity, when the SEC determines that information
from this system of records is reasonably necessary to assist the recipient agency or entity in
(1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or entity (including its
information systems, programs, and operations), the Federal Government, or national security,
resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in electronic and paper format. Electronic records are stored in
computerized databases, magnetic disc, tape and/or digital media. Paper records and records
6

on computer disc are stored in locked file rooms and/or file cabinets.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by an individual’s or entity’s name, receipt date, subject matter,
keywords that may include personal information, and/or other personal identifier. The system
will also enable authorized SEC personnel to search for and retrieve records using
conventional methods including but not limited to the use of unique record identifiers,
keyword searches, geographic data (e.g. zip code), date and time searches, and sorts and
filters.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
These records will be maintained until they become inactive, at which time they will be retired
or destroyed in accordance with records schedules of the United States Securities and
Exchange Commission and as approved by the National Archives and Records
Administration.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to SEC facilities, data centers, and information or information systems is limited to
authorized personnel with official duties requiring access. SEC facilities are equipped with
security cameras and 24-hour security guard service. The records are kept in limited access
areas during duty hours and in locked file cabinets and/or locked offices or file rooms at all
other times. Computerized records are safeguarded in a secured environment. Security
protocols meet the promulgating guidance as established by the National Institute of Standards
and Technology (NIST) Security Standards from Access Control to Data Encryption and
Security Assessment & Authorization (SA&A).
Records are maintained in a secure, password-protected electronic system that will utilize
7

commensurate safeguards that may include: firewalls, intrusion detection and prevention
systems, and role-based access controls. Additional safeguards will vary by program. All
records are protected from unauthorized access through appropriate administrative,
operational, and technical safeguards. These safeguards include: restricting access to
authorized personnel who have a “need to know”; using locks; and password protection
identification features. Contractors and other recipients providing services to the Commission
shall be required to maintain equivalent safeguards.
RECORD ACCESS PROCEDURES:
Persons wishing to obtain information on the procedures for gaining access to or contesting
the contents of these records may contact the FOIA/PA Officer, Securities and Exchange
Commission, 100 F Street, NE, Washington, DC 20549-2376.
CONTESTING RECORD PROCEDURES:
See Record Access Procedures above.
NOTIFICATION PROCEDURES:
All requests to determine whether this system of records contains a record pertaining to
the requesting individual may be directed to the FOIA/PA Officer, Securities and
Exchange Commission, 100 F Street, NE, Washington, DC 20549-2376.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Under 5 U.S.C. 552a(k)(2), this system of records is exempted from the following
provisions of the Privacy Act, 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I),
and (f) and 17 CFR 200.303, 200.304, and 200.306, insofar as it contains investigatory

8

materials compiled for law enforcement purposes. This exemption is contained in 17
CFR 200.312(a)(1).
HISTORY:
This SORN was last published in full in the Federal Register at 76 FR 30213 (May 24,
2011). Subsequent notices of revision can be found at the following citations:
− 76 FR 57636 (September 16, 2011)
By the Commission.
Brent J. Fields
Secretary

Date:

9