Financial institutions should be excluded from ‘data broker’ definition

CUNA filed comments with the Consumer Financial Protection Bureau (CFPB) on its request for information on data brokers. CUNA notes that the inherent sensitivity of consumer financial data highlights the need to ensure it is handled appropriately and securely.

“Credit unions utilize consumer information and third-party relationships to confirm applicants and account holders to prevent synthetic identity fraud,” the letter reads. “Information gained from third-party relationships is critical for credit unions preventing money laundering, the financing of terrorism, and carrying out bank secrecy act compliance including customer identification and beneficial ownership requirements.

“Our members’ ability to utilize consumer information to carry out these functions is essential and required by law,” it adds. “As the Bureau considers any potential rulemaking following this RFI, it must recognize the stringent regulation, supervision, and examination that governs financial institutions’ critical use of consumer data to execute core operations and member services.

The CFPB should:

• Explicitly exclude financial institutions from the definition of data brokers, as the use of this definition in the future would cause significant harm and confusion.
• Clearly differentiate participation in a data sharing regime under Dodd-Frank’s section 1033 from qualification as a data broker under any future rulemaking.
• Ensure a data broker rulemaking does not interfere with financial institutions’ core operations and member service.