Newsroom
CFPB reaffirms that nonbank fintechs must maintain adequate data security safeguards
The CFPB reaffirmed in a circular on Thursday that nonbank entities may violate the Consumer Financial Protection Act’s (CFPA) prohibition on unfair, deceptive, or abusive acts and practices (UDAAP) if they fail to maintain adequate data security safeguards.
The CFPB stated that “In addition to other federal laws governing data security for financial institutions, including the Safeguards Rules issued under the Gramm-Leach-Bliley Act (GLBA), ‘covered persons’ and ‘service providers’ must comply with the prohibition on unfair acts or practices in the CFPA.”
In its white paper on Data Privacy and Security, NAFCU says that “there is no reason that a small credit union should be subject to more stringent requirements than an organization like Equifax, or that an organization like Facebook should not be subject to any requirements. Similar data security requirements should be imposed for fintech companies, retailers, and other entities that handle personal and financial information.”
NAFCU supports holding nonbank fintech companies to the same data security standards that apply to credit unions to create competitive equality. However, the broad applicability of the circular to “covered persons” and “service providers” means that the extension of UDAAP-related liability for inadequate data security practices could potentially impact credit unions.
Under the GLBA, the NCUA is responsible for administering the law’s data safeguard provisions for federally-insured credit unions. NAFCU will continue to engage the bureau to emphasize the NCUA’s role as the primary functional regulator for examining credit union data security.
Share This
Related Resources
Add to Calendar 2024-03-26 09:00:00 2024-03-26 09:00:00 Ensuring Safety and Soundness with AI Listen On: Key Takeaways: [03:48] The regulators are very focused on fairness in lending especially when it comes to using AI and outside models. The industry is moving very fast. [08:25] Articulating a business use case and how partnering with a Fintech can support it is the first step in having a successful conversation with your board. [10:30] Talk to your account executive at your Fintech and have them help you overcome objections. [15:01] Plan for oversight. It is not set and forget it. Your regulators are going to want to know how you are overseeing that from a 3rd party risk management standpoint. [15:47] Have a handle on your reserves and capacity for lending and start small and grow slowly. Web NAFCU digital@nafcu.org America/New_York public
Ensuring Safety and Soundness with AI
preferred partner
Upstart
Podcast
Help Ease Your Members' Loan Payment Concerns
Planning, Auto Loans, Research
preferred partner
TruStage
Blog Post
The Value of Risk Management in Cybersecurity
preferred partner
DefenseStorm
Video
Add to Calendar 2024-03-13 14:00:00 2024-03-13 14:00:00 Digital Assets in Credit Unions: What Are the AML Risks? The digital asset boom is upon us. Like it or not, you have to deal with it effectively with your members, credit unions are on the frontlines of crypto adoption. Even the NCUA has been providing more and more guidance on different aspects of digital assets. You need to be prepared. How? By understanding the core basics of digital assets (specifically cryptocurrencies) the risks that it poses to credit unions and how you can be better prepared to handle issues when they arise. In this webinar, Understanding the Digital Assets Boom, you’ll focus on the basics of digital assets, a background of cryptocurrencies and types, the regulations that are established and the proposals that are being considered and how to position yourself to understand all of these components and include them in your day-to-day roles. Key Takeaways Comprehend the basics of digital assets including cryptocurrencies Understand currently established regulations and what the future has in store, specifically in 2024 Identify and remediate issues that arise in your credit union Register Now $295 Members | $395 Nonmembers(Additional $50 for USB)One registration gives your entire team access to the live webinar and on-demand recording until March 13, 2025Go to the Online Training Center to access the webinar after purchase » Who Should Attend NCCOs NCRMs Compliance and risk titles Education Credits NCCOs will receive 1.0 CEUs for participating in this webinar NCRMs will recieve 1.0 CEUs for participating in this webinar Web NAFCU digital@nafcu.org America/New_York public
Digital Assets in Credit Unions: What Are the AML Risks?
Credits: NCCO, NCRM
Webinar
Get daily updates.
Subscribe to NAFCU today.