Skip to main content
OCC Flag

An official website of the United States government

Privacy Policy

The Privacy Act of 1974 establishes certain controls over any personal information collected by the Office of the Comptroller of the Currency (OCC) and how it is used. For additional information on your rights under the Privacy Act and the Freedom of Information Act (FOIA), please see Your Right To Federal Records - Questions and Answers on the Freedom of Information Act and Privacy Act (PDF).

The OCC respects your privacy. We do not collect or store information about members of the public who call or write the agency or visit our website, unless you identify yourself so that we can respond to an inquiry or request from you.

  • We use your personal identifying information only for the purpose for which it is originally collected.
  • We maintain your personal identifying information in secure computer systems and limit employee access to those with a business reason to see it.
  • We do not disclose your information to anyone outside the OCC, except when compelled by law or in connection with a criminal investigation (as explained below).

Thank you for visiting the OCC website and reviewing our privacy policy. We remind you that if you link to a site outside the OCC, you are subject to the policies of the new site.

When visiting the OCC website: If you visit our site to read or download information, we do not collect information about you, but we do collect and store information about your Internet connection and the date and time of your visit. Specifically, we record:

  • The name of the domain from which you access the Internet (for example,, if you are connecting from an Microsoft account, or, if you are connecting from Princeton University's domain).
  • The IP (internet protocol) address from which you access our site. An IP address is a number automatically assigned to your computer whenever you are connected to the world wide web.
  • The internet address of the website from which you linked directly to our site, if any (for example,, if you are following a link from the FDIC website, or, if you find us using the Google search engine).
  • The type of web browsing software you are using to view our site.
  • Your computer's operating system.
  • The search terms you enter into our site search application.
  • The links you click on pages on our website.
  • The date and time you access our site.
  • The pages you visit.
  • The action you tried to perform or the item you requested from the OCC website (for example, download a document) and whether or not you were successful. When we examine this data, it is presented in an aggregate form.


"Persistent cookies" collect personal information to recognize your computer in the future. The OCC does not use persistent cookies or other technology to collect personally identifiable information (PII) about visitors to our website.

"Temporary" or "session" cookies are used on the web pages to support voluntary customer surveys and to help us accurately analyze how visitors navigate through our website at an aggregated level. These cookies are stored in memory and are only available during an active browser session. They do not collect personal information on visitors, and they are erased as soon as you close your web browser. No PII about you is maintained as a result of a temporary or session cookie. uses Google Analytics Premium to track web traffic. Please refer to the following policies on Google's website for more information:

We use this information to help us make our site more useful to visitors. We learn what users like and need; what kind of technology they are using; how often they visit; and other valuable information that helps us offer our visitors the best site possible.

If you are sending electronic mail to the OCC, we want to remind you that email is not necessarily secure against interception. If your information is very sensitive or includes personal or confidential information—such as your bank account, charge card, or social security number—you may want to send it by postal mail to the following addresses.

Formal written complaint to the OCC about a national bank or its operating subsidiary:
Customer Assistance Group
P.O. Box 53570
Houston, TX 77052.

Freedom of Information Act (FOIA) request:
Comptroller of the Currency
Disclosure Officer
Suite 3E-218
Mail Stop 6W-11
Washington, DC 20219
Fax requests: (202) 649-6160

To request electronically, use our online FOIA website

Building and General Correspondence Address:
Office of the Comptroller of the Currency
400 7th Street SW, Suite 3E-218
Washington, D.C. 20219

When making an inquiry, request, or complaint that requires follow-up: If you are making an inquiry or request or filing a complaint that warrants supervisory or other attention, we may need to share your information with others.

  • We may need to bring your correspondence to the attention of our attorneys, examiners, or other staff members as appropriate.
  • If necessary to address the issue, we may need to share your correspondence with other federal, state, or local agencies responsible for administering or enforcing laws, rules, or regulations, or for investigating known or suspected violations of laws, rules, or regulations, such as the Justice Department or state bank regulators.
  • Under limited circumstances, such as a request from Congress or a private individual acting with appropriate legal authority, we may be required by law to disclose information you submit.
  • If you file a complaint about a national bank or its affiliate, we typically provide your customer identification information along with the complaint to the affected bank. This information is usually necessary for the bank to be able to investigate and correct a problem. In turn, a bank sometimes provides the OCC with additional information about you when it responds to our inquiry. All this information is securely retained in OCC records.

The Office of the Comptroller of the Currency conducts a Privacy Impact Assessment (PIA) on information systems that collect personally identifiable information from the public. We prepare PIAs to

  • ensure that information handling conforms to applicable legal, regulatory, and policy requirements regarding privacy;
  • determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and
  • examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.

Also, PIAs confirm that we use the information for the purpose intended, that the information remains timely and accurate, that it is protected while we have it, and that we hold it only as long as we need it.

System of Records Notices (SORNs)

A System of Records is a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifier assigned to the individual. The Privacy Act requires each agency to publish notice of its systems of records in the Federal Register.

What Is a SORN?

A SORN is a formal notice to the public published in the Federal Register that identifies the purpose for which PII is collected, from whom and what type of PII is collected, how the PII is shared externally (routine uses), and how to access and correct any PII maintained by the department.

When Is a SORN required?

A SORN is required when the department has a system of records as defined above. In some instances, the Department may have an existing SORN that covers a collection of systems or programs. During the Privacy Threshold Analysis and Privacy Impact Assessment processes, our office, in coordination with the bureau privacy officer, will help determine whether a new SORN is required.

Office of the Comptroller of the Currency (OCC)

81 Fed. Reg. 2945 (PDF)

Table of Contents

  • CC .100—Enforcement Action Report System
  • CC .110—Reports of Suspicious Activities
  • CC .120—Bank Fraud Information System
  • CC .200—Chain Banking Organizations System
  • CC .210—Bank Securities Dealers System
  • CC .220—Notices of Proposed Changes in Employees, Officers and Directors Tracking System
  • CC .340—Access Control System
  • CC .341—Mass Communication System
  • CC .500—Chief Counsel's Management Information System
  • CC .510—Litigation Information System
  • CC .600—Consumer Complaint and Inquiry Information System
  • CC .700—Correspondence Tracking System
  • CC .701—Retiree Billing System
  • CC .800—Office of Inspector General Investigations System
  • OTS .003—OTS Consumer Complaint Files

A request for records maintained by the Office of the Comptroller of the Currency (OCC) about yourself or another individual constitutes a Privacy Act request. Privacy Act requests cannot be submitted through this web page, by email, or by telephone. This type of request must be submitted by the U.S. Postal Service or commercial delivery with proof of identity to the following address:

Freedom of Information Act Officer
Disclosure Services, Communications Division
Office of the Comptroller of the Currency
400 7th St. SW,
Suite 3E-218
Washington, DC 20219

What you need to know and include with a Privacy Act Request:

The OCC does not maintain bank records, account statements, loan documents, promissory notes, or bond information. These records are maintained by the individual financial institution or lender.

Your signed request must include your name, address, contact number, email, and a description of the requested records, including assigned case numbers. Proof of identity is required to protect your privacy and information about you from unauthorized disclosure. The proof of identity must be clear and original.

An acceptable Privacy Act request includes:

  • a signed request with a notarized statement swearing or affirming your identity and acknowledging that you understand the Privacy Act penalties for requesting or obtaining access to records under false pretenses; or
  • a signed request with a copy of your valid driver's license or another form of identification containing your signature; or
  • a signed request with an unsworn declaration subscribed to as true under penalty of perjury in accordance with 28 USC 1746. The following is an example of an unsworn declaration.

This statement verifies that I am the individual who is the subject of the records requested and that my address is ________________________________________.

I understand the penalties contained in 5 USC 552a(i)(3) for requesting or obtaining access to records under false pretenses. I certify under penalty of perjury pursuant to 28 USC 1746 that this statement is true and correct.

Signature: _________________________________ Date: ________________

Requests for information about other individuals:

If you are requesting personal information about or for another individual, you must provide proof of identity about that individual, and you must provide a signed, original authorization from that individual granting you third-party access to the information. The authorization must acknowledge that you understand the penalties for obtaining information under false pretenses. The authorizations and proof of identity must be clear and original. Please note: The OCC does not accept faxed or emailed authorizations or proof of identity.

If you are seeking records about yourself or your minor children (under age 18), you must select declaration to your identity: "I declare under penalty of perjury that I am (Name) and that the statements contained in this document are true and correct."

If you have any questions call (202) 649-6700.

Subscribers to OCC email updates should review the GovDelivery Subscriber Privacy Policy.

Privacy Program Office
400 7th St. SW
RM 3W-408
Washington, DC 20219

The Senior Agency Official for Privacy (SAOP) is designated as the OCC's Chief Information Officer (CIO).

Privacy Program Office
400 7th St. SW
RM 3W-408
Washington, DC 20219


Privacy Policy Last Reviewed: November 2021