Newsroom

NAFCU Regulatory Affairs Counsel Ann Kossachev told CFPB Tuesday of the association's support for the bureau's privacy notice changes but noted credit unions' concerns over the removal of the alternative notice delivery method and the proposed 60-day notification requirement.

As urged by NAFCU, CFPB last month proposed a rule change to codify last year's Gramm-Leach-Bliley Act revisions on privacy notice requirements. The GLBA revisions were signed into law by President Barack Obama last December as part of a transportation authorization bill. The law clarified that consumers will receive privacy notices after opening a new account and when their providers' privacy policies change – a change from the previous annual-notice requirement.

Kossachev wrote that NAFCU and its member credit unions "applaud the CFPB's efforts to implement the changes to GLBA, but recognize that some concerns have surfaced."

She wrote in yesterday's letter that some credit unions have indicated that they use the alternative delivery method because their members prefer to have electronic access to annual privacy notices. "Removing a credit union's ability to deliver their annual privacy notice and any revised privacy notices through their website, and instead requiring the notices be mailed to members, may impose a significant cost burden," Kossachev noted.

Kossachev also stated credit unions' concerns with the 60-day notification period to alert their members to a revised privacy notice and urged that the time frame be extended to 90 days.

"With 90 days to comply and deliver a revised annual notice to its members, a credit union could deliver the revised notice with its next quarterly newsletter as a way to minimize mailing expenses," she explained. "If the alternative delivery method is eliminated, the CFPB should consider extending the compliance date to at least 90 days to relieve some of the burden this amendment may impose on credit unions."