Newsroom

Today, the CFPB's Credit Union Advisory Council (CUAC), alongside the Community Bank Advisory Council (CBAC), will hold a joint meeting to discuss supervision over non-bank fintechs, implementation of the Section 1033 data collection rule, and peer-to-peer (P2P) payment services.

Earlier this week, the CFPB announced it will continue to seek feedback for its request for comment (RFC) on big tech payment and their P2P platforms to learn more about the business and data collection practices of large tech companies.

NAFCU has long urged the CFPB to create a level playing field between credit unions and fintechs as well as buy now pay later (BNPL) providers, calling for the same fair lending requirements, disclosures rules, and other necessary regulations to apply to non-depository institutions. 

The CFPB in April announced that it would begin exercising a largely unused, NAFCU-sought legal provision of the Dodd-Frank Act to examine nonbank financial companies that pose risks to consumers. The bureau simultaneously published a procedure to give the CFPB a means to release final orders and decisions from risk determinations, which NAFCU also supported. The association has also called on the agency to initiate a rulemaking and exercise authority over fintechs using its “larger participant” authority, in order to foster a competitive environment, one that promotes responsible innovation.

Attendees of the joint meeting will also discuss the implementation of section 1033 of the Dodd-Frank Act, which aims to provide a formal mechanism for making consumer data portable. The CFPB recently announced an outline of proposals to implement section 1033 – marking the next step in the process of issuing a financial data rights rule – which would impact both depository and non-depository financial institutions and would “require firms to make a consumer’s financial information available to them or to a third party at that consumer's direction.”

NAFCU warned against an overly prescriptive implementation of section 1033, advising the bureau to "avoid implementing section 1033 in a way that impairs a credit union's ability to protect its members' data from the risk of theft or abuse." The association instead recommends the CFPB preserve credit unions’ ability to define the scope of third-party data privileges and explore the value of minimum data and privacy safeguards for non-supervised entities seeking consumer data without relying upon agreements. 

Of note, the group will also review Regulation E responsibilities and efforts to mitigate and resolve for unauthorized electronic fund transfers (EFTs). The CFPB has indicated in recent reports that it plans to issue new interpretative guidance to Reg E that would expand liability to further encompass fraudulently induced transfers initiated by a consumer.

NAFCU has voiced opposition to any expansion to Reg E liability, cautioning that it would magnify exposure to fraud for financial institutions, creating a burdensome and unfair regulatory environment between credit unions and fintechs. Instead, the association has urged the bureau to direct its focus to investigating technologies and solutions that prevent fraud and ways to better educate and protect consumers. 

NAFCU will share any key insights discussed at today’s meeting via NAFCU Today.