By Jason Stverak
The recent reversal of the Consumer Financial Protection Bureau’s Section 1033 rule by the Trump Administration is a significant and welcome step forward for credit unions—especially those serving America’s military.
While the rule was designed to expand consumer access to their financial data, its implementation would have imposed substantial risks on credit union members and the institutions that serve them. The rollback is a victory for member privacy, institutional stability, and regulatory balance.
At the Defense Credit Union Council (DCUC), we represent credit unions that serve millions of service members, veterans, and their families across the globe. These institutions manage more than $500 billion in assets and operate on military installations from Alaska to Okinawa. We know firsthand how critical secure and reliable financial services are for our nation’s defense community—and why this rule was a step in the wrong direction.
What Was Section 1033?
Section 1033 of the Dodd-Frank Act was initially proposed to give consumers greater control over their personal financial data. But the CFPB’s rule went further—requiring financial institutions to provide third-party fintech firms with direct access to sensitive account information. The theory was that this would promote competition and innovation. In practice, it opened the door to severe risks, especially for military families and smaller credit unions.
A Threat To Member Privacy And Security
At the heart of this debate is member data. The 1033 rule would have forced credit unions to share member information—balances, transactions, personal details—with fintechs that are often unregulated or subject to limited oversight. For active-duty military personnel, whose lives are uniquely dependent on secure financial systems, this could have had dangerous consequences.
A delayed paycheck or data breach doesn’t just affect financial health—it can affect mission readiness, housing stability, and even deployment. Unlike fintech companies, defense credit unions are bound by strict compliance standards and are deeply embedded in the communities they serve. Requiring them to hand over control to unknown third parties risks weakening the trust that members place in their credit union—trust built over decades.
Undermining The Credit Union Model
Credit unions operate under a cooperative, not-for-profit model. They serve people, not shareholders. Their strength comes from deep relationships with members and a mission-oriented approach to financial wellness. But the 1033 rule would have eroded this model by forcing credit unions to open their systems to for-profit companies that may not share those values—or priorities.
Moreover, the costs of complying with the rule would have been substantial. Building secure APIs, managing third-party relationships, and protecting member data would have required expensive technology and labor—resources that smaller institutions simply do not have. Many defense credit unions already operate with thin margins. Adding new, costly, and risky mandates would only push more institutions to consolidate or close—reducing options for members and weakening local financial ecosystems.
Military Families Deserve Better
The military community already faces financial pressures that few civilians understand: frequent relocations, limited access to traditional banking services overseas, and the challenges of navigating deployments or VA benefits. Defense credit unions fill this gap with tailored services, financial education, and a deep understanding of military life.
The 1033 rule would have made it harder—not easier—for credit unions to serve this community. By weakening their autonomy and introducing unknown actors into the service relationship, it would have created confusion and risk, not empowerment. Fintech partnerships must be built thoughtfully and voluntarily, not imposed through sweeping mandates from Washington.
Regulatory Rollback Done Right
The Trump administration’s reversal of this rule reflects a broader—and correct—view of regulation: that innovation and consumer protection must be balanced against institutional capability and systemic risk. This is not about opposing fintech. It’s about ensuring credit unions and their members aren’t put at risk in the name of progress.
Many defense credit unions already work with trusted fintech partners to enhance services. But those partnerships are developed with care and aligned to mission—not forced by regulation. The reversal gives credit unions the flexibility to continue serving their members with the privacy, care, and security they expect.
Moving Forward: A Smarter Approach
DCUC urges policymakers to craft data-sharing frameworks that truly respect consumer choice, uphold strong data protections, and account for the unique nature of not-for-profit financial institutions. Credit unions want to innovate—but they need the freedom to do so on their own terms, with their members’ trust intact.
The rollback of the 1033 rule wasn’t about protecting institutions from competition. It was about protecting consumers—especially those who wear the uniform—from unintended harm. The CFPB made the right call. Now let’s work together to build a smarter, safer, and more inclusive future for financial data sharing.
Jason Stverak is Chief Advocacy Officer for the Defense Credit Union Council, which represents credit unions serving military installations and defense communities worldwide. Learn more at www.dcuc.org.