WASHINGTON—Both credit union trade groups have responded to the CFPB’s outline of proposals to implement section 1033 of the Dodd-Frank Act, which aims to provide a formal mechanism for making consumer data portable.
The set of proposals marks the agency’s next step in issuing a financial data rights rule. CUNA and NAFCU have each sent letters to the Bureau offering their input.
Currently, the proposals under consideration present significant challenges, both technical and competitive in nature, noted NAFCU. In the association’s letter, Senior Counsel for Research and Policy Andrew Morris stated that the CFPB must avoid implementing section 1033 in a way that will “unfairly burden credit unions with enormous compliance costs and ultimately distort the financial sector’s competitive landscape.”
To mitigate the risks associated with the CFPB’s outline of proposals, Morris said NAFCU supports an approach that issues “appropriate exemptive relief, scales back the technically prescriptive aspects of the Outline and allows credit unions to exercise appropriate judgment before granting third parties access to member data.”
‘Principles of Transparency’
Morris further wrote that granting access to consumer financial data, including for third-party data recipients, must be “governed by principles of transparency, security, and fairness, and which allow consumers to exercise control over the use and retention of their data.”
“In general, when exercising section 1033 rights, consumers should know exactly what data a third party will be requesting on their behalf," wrote Morris. “Ultimately, the obligation to ensure that consumer data sharing preferences are honored should fall upon the third party recipient rather than the data provider.”
CUNA: ‘Safe, Secure, Accurate’
In CUNA’s comment letter, the trade association stated that “dedication to credit union members includes ensuring their members maintain the rights of access to their personal financial data and that the information remains safe, secure, accurate, and private. With this in mind, we ask the Bureau to consider the recommendations delineated below when designing the rules to foster innovation and improve the lives of consumers.”
In its letter, CUNA encouraged the CFPB to:
- Take ownership of authenticating third parties on behalf of covered data providers, including credit unions
- Provide a database of authenticated third parties for access request verification and specify reliance on the database should be a safe harbor from agency action or litigation relating to the authentication of the third-party requester
- Require the authorization disclosure to clearly and precisely describe the information being access, the duration and frequency of access, the identity of intended third parties, and the purpose of access
- Propose covered data providers take ownership of acquiring consumer consent for third party access requests
- Limit secondary uses of consumer data
- Pare back the categories of information required to be made available by covered data providers
- Allow for an extended implementation timeline
- Unambiguously shift liability from a covered data provider to a third party once the data leaves the provider’s system
Still Free in ’23! The Freshest CU Headlines. Right to Your Inbox.
The biggest, best and freshest news reporting in credit unions remains free in ’23! Each morning CUToday.info delivers its daily update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com.