Newsroom

A recent statutory change on privacy notice requirements should be backed up with a statement or interim rule from CFPB to ensure clarity in regulatory guidance, NAFCU President and CEO Dan Berger said in a letter Friday to CFPB Director Richard Cordray.

"The new statutory exemption to the annual privacy notice requirements will provide a significant number of credit unions with regulatory relief by allowing them to avoid expending the costs and resources associated with distributing redundant annual notices," Berger wrote. "In addition, the elimination of duplicative annual notices will reduce the likelihood of consumer confusion."

The change on privacy notices is in a transportation bill that was passed by Congress and signed by the president last month. Sought by NAFCU, the new statutory language only requires privacy notices after consumers after they open new accounts and when their providers' privacy policies change.

CFPB rules do not yet reflect this change. In their current form, they provide that a depository institution must provide annual privacy notices unless both the following apply: the institution provides non-public personal information only in accordance with Gramm-Leach-Bliley Act exemptions allowing it; and the institution has not changed its policies and practices on disclosure since that last notice sent.