WASHINGTON—In a meeting with members of Congress and in a letter to legislators, NAFCU is urging expanded regulation and tighter security standards.
The role of fintech companies in today's financial marketplace and why any company that engages in core banking functions should be regulated the same way as credit unions was discussed by NAFCU President and CEO Dan Berger as part of a panel before Democratic members of the House Financial Services Committee.
Also on the panel this week were the CEOs of the American Bankers Association and Independent Community Bankers of America.
NAFCU said it agrees that fintech produces real benefits to consumers, including increased speed, convenience and new product offerings that make it easier for them to manage their financial lives.
“Fintech also offers the possibility of bringing banking and financial products to underserved communities and the underbanked. However, flexibility within a regulatory regime must be tempered with concern for overall sector stability and competitive equality,” the trade association said.
NAFCU noted it has outlined three principles that it believes should guide regulators as they assess fintech participation in the financial marketplace, including:
- Data and cybersecurity concerns – fintech companies should be held to the same standards that apply to credit unions
- Fair competition – fintechs must compete with regulated financial institutions on a level playing field
- Consumer protection – fintechs should comply with the same consumer protections laws that apply to credit unions and banks
Separately, NAFCU’s VP-Legislative Affairs Brad Thaler, in a letter to the House Financial Services Committee, Subcommittee on Financial Institutions and Consumer Credit, shared the association's data security principles.
In addition, Thaler said the increasing number of data breaches demonstrates the need for a national data security standard for all entities that hold or collect consumers' personal financial information – similar standards to those upheld by financial institutions.
NAFCU's data security principles include:
- Requiring entities to be accountable for related costs of data breaches that occur on their end, especially if the breach is caused by that entity's negligence
- Requiring all entities that store consumer data to meet standards similar to those imposed on depository institutions under the Gramm-Leach-Bliley Act (GLBA)
- Requiring merchants to post their data security policies at the point of sale if they take sensitive financial data
- Informing financial institutions of any compromised personally identifiable information when associated accounts are involved
- Disclosing names of the companies and merchants whose data systems have been violated so consumers are aware of those that place their personal information at risk
- Enforcing violations of existing agreements and law by those who retain payment card information electronically
- Having the evidentiary burden of proving a lack of fault rests with the negligent entity that incurred the data breach