Newsroom

In response to the CFPB's advance notice of proposed rulemaking (ANPR) on section 1033 of the Dodd-Frank Act, NAFCU's Andrew Morris detailed the association's concerns and advised the bureau to "avoid implementing section 1033 in a way that impairs a credit union's ability to protect its members' data from the risk of theft or abuse."

Section 1033 provides for consumer rights to access financial records; the ANPR was issued in October 2020.

Morris, NAFCU's senior counsel for research and policy, noted that "the bureau must ensure that access to consumer financial records is predicated upon a fair distribution of costs, data security and data privacy responsibilities that does not overburden credit unions who already face competitive pressure and reduced bargaining power when interacting with larger technology companies."

NAFCU has previously recommended that the CFPB explore questions around permissioned data access by focusing on the security of consumers' information and should not create new data-collection burdens and costs for credit unions. The association's Cybersecurity and Payments Committee also met in December to discuss activity related to the ANPR.

The association will continue to engage with the bureau in an effort to balance consumer protections while ensuring a reasonable regulatory environment for credit unions.