February 21, 2017

NAFCU to CFPB: Financial records access must be safe, fair

NAFCU's Andrew Morris told the CFPB Tuesday that access to consumer data to power better personal finance products should focus on ensuring the security of consumers' data and should not create new data-collection burdens and costs for credit unions.

"The CFPB's paramount concern should not be evangelizing new financial management software, but ensuring that the costs associated with data aggregation are not foisted upon financial institutions to the detriment of consumers," wrote Morris, NAFCU's regulatory affairs counsel.

In November, the CFPB asked for stakeholder input into how consumer financial records can be shared safely with third parties, such as personal budgeting apps and tools. NAFCU is supportive of the CFPB's efforts to promote consumer access to new technologies and financial services, but "does not think that financial aggregators and so-called fintechs should be able to take advantage of their special status to shift the burdens of data collection onto account providers like credit unions," Morris added.

Morris further explained that "in the absence of clear agreements specifying terms and conditions governing information use, ad-hoc access to consumer accounts by external parties may compromise credit union services and data security."

For consumers' financial information to be safely shared with third parties without adversely impacting credit unions, Morris said:

  • the burden of data security should fall on the record-seeking party;
  • credit unions should be exempt from any bureau-developed standard for electronic data formats;
  • customer control of third-party access must be a prerequisite for data sharing;
  • information relating to any transaction should be construed narrowly; and
  • the CFPB must consult with the NCUA before issuing any proposal governing access to consumer financial records.