Today, the Defense Credit Union Council, DCUC, sent a letter to the Consumer Financial Protection Bureau (CFPB), outlining significant concerns regarding the finalized implementation of Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. DCUC emphasized that while the intent of the rule is to enhance consumer control over financial data, the implications for credit unions could be detrimental.
This CFPB regulation is mandated by the Dodd-Frank Act, which requires financial institutions, including credit unions, to make information available to consumers regarding their personal data and transaction history conducted with that institution.
DCUC provided its position that the 1033 rule adds another layer of regulatory compliance, increasing operational costs for credit unions and potentially leading to higher fees or reduced services for members.
In its letter, DCUC also highlighted how a breach at a third-party provider could damage a credit union's reputation without their control. Sharing sensitive data with third-party fintech companies raises privacy and cybersecurity concerns, which many credit unions aim to avoid when providing their members with secure banking and lending practices.
Jason Stverak, DCUC Chief Advocacy Officer, added several other points as to why DCUC finds the rule will invite additional risks and concerns to credit unions’ ability to best serve their members’ financial needs.
“The rule's promotion of third-party access risks undermining trust-based relationships and cooperative principles between credit unions and their members, potentially diverting them to competing services.”
Stverak continued, stating “The rule could shift focus away from the member-centric mission of credit unions, treating data as a commodity rather than a member asset. And once data is shared, credit unions lose control over its use, posing significant risks and potential liability for any negative outcomes from third-party actions.”
In addition to these risks, DCUC highlighted how the requirement to share data may expose credit unions to legal troubles related to third-party handling, compounding operational and financial burdens.
Stverak expressed DCUC’s willingness to collaborate with the CFPB to explore alternative approaches that balance consumer data portability with the security and integrity of financial services for military families. “Our commitment is to protect the financial well-being of the communities we serve, and we believe the CFPB must carefully consider the real-world impact this rule could have,” said Stverak.
“DCUC's longstanding vigilance on financial privacy is once again on display. We are always concerned when personal financial information is exchanged,” said Anthony Hernandez, DCUC President/CEO. “The last thing our military needs to worry about is a data compromise in addition to a flurry of sales ads when they are downrange or in a hazardous training environment. Plus, our member credit unions do not need another unfunded mandate in addition to holding the bag when financial harm is caused when third-party vendors sacrifice safety for larger profits.”
DCUC urges the CFPB to reconsider the rule and engage with stakeholders to develop a solution that ensures consumer protection without jeopardizing the mission of credit unions.
For more information on DCUC’s advocacy, please visit dcuc.org/advocacy and contact Jason Stverak, DCUC Chief Advocacy Officer at jstverak@dcuc.org.