Credit Unions, Community Bankers Agree: CFPB Data Rule Needs Work

Credit unions and community banks haven’t seen eye-to-eye on much in recent days, but trade groups representing the two financial sectors agreed on this much late last week: the CFPB’s proposed rule allowing consumers to have easy and free access to their financial data could cause major problems for financial institutions and consumers.

CUNA Stance

“We are concerned with this proposal, particularly that it would require credit unions to create, maintain, and service interfaces for third parties to access member data, but prohibit charging a fee for services provided,” CUNA President/CEO Jim Nussle said, following the plan’s unveiling.

In releasing the proposal, the CFPB said the easy access would encourage competition in the financial services industry because consumers could readily transfer their accounts to another credit union or bank if they were unhappy.

But Nussle said that credit unions are being hit with increasing costs just to serve their communities, adding that the proposal would divert time and resources away from member services to subsidize and provide free services to third-party competing businesses.

CUNA said the rule, as proposed, does not include safeguards to protect consumers from “bad actors” by requiring only baseline level of identity information without any supervision.

NAFCU in Agreement

A NAFCU official agreed.

“This rule has the potential to invite rapid expansion of nonbank access to sensitive consumer account information,” said Ann Petros, the association’s vice president of regulatory affairs.

She added that the rule could pose more systemic risks to the banking sector and “facilitate rapid and unpredictable movements of deposits, expand data security and data privacy concerns, and drive further consolidation within the credit union industry through extraordinary compliance costs and the obligation to provide—at no charge—data to third parties.”

Community Bankers Worried

Rebeca Romero Rainey, president/CEO of the Independent Community Bankers of America (ICBA), was on the same page as the credit union groups.

“ICBA has profound concerns that nonbank entities—which access customer information and store bank login credentials—do not take the same care in protecting consumer privacy and data that community banks do, which should be the focus of the CFPB’s proposal,” she said.

Those nonbank entities, she added, must be held responsible for ensuring the security of any consumer data they access and must be held liable for any data breaches.

ABA Applauds Approach

The American Bankers Association (ABA), on the other hand, was supportive of the bureau’s plan.

“Today’s long-awaited proposed rule brings us one step closer to achieving our common goal of enhancing consumers’ access to their financial data and allowing them to share it safely with companies of their own choosing, whether that sharing is from bank to bank, bank to fintech, or fintech to bank,” ABA President/CEO Rob Nichols said. “The principles-based approach taken by the CFPB to date has allowed for market-led efforts to innovate and standardize secure data access, and we hope this proposal will continue to support this progress.”

Nichols added that the CFPB should “right-size the scope of the rule pertaining to the types of accounts involved and the information data providers are required to share, as well as addressing the question of liability if something goes wrong.”

He also noted his trade group is concerned about the implementation costs of the plan.