CUNA called on the Consumer Financial Protection Bureau (CFPB) to ensure all users of consumer financial data comply with consumer data protection requirements in a letter sent Thursday. CUNA sent comments in response to an Advance Notice of Proposed Rulemaking to solicit comments in developing a regulation on access to consumer financial records, as stated in section 1033 of the Dodd-Frank Act.

“We support consumers’ ability to access pertinent account information in a timely and straightforward manner. We agree that section 1033 requires financial institutions to provide consumers with certain account information upon request,” the letter reads. “However, we do not interpret section 1033 to require a financial institution to provide a third-party with cost-free and direct access to a consumer’s account—regardless of whether the consumer has authorized the third-party to do so.”

CUNA notes that any consideration of data sharing regulation must balance the regards of sharing with the risks, risks that include:

• Cybersecurity: Any data sharing rulemaking must consider the necessity of everyone safeguarding consumer information;
• Unfair allocation of costs: CUNA urges the CFPB to place “leveling the playing field” high on its list of regulatory objectives with regard to a potential rulemaking;
• Free-rider risk: CUNA is concerned about the cost of market failures if a rule develops that requires credit unions to give free access to its financial data or other proprietary intellectual property; and
• Consumer confusion: Credit unions are concerned that consumers will encounter businesses offering financial services similar to a credit union or bank without realizing that these non-regulated entities do not provide the same data security, privacy, and consumer protections as regulated financial institutions.

CUNA’s letter also provides the CFPB with answers on several specific questions relating to costs and benefits, cost reduction, access-related agreements, and privacy concerns.