Recent letters from both the Credit Union National Association and the National Association of Federally-Insured Credit Unions raise industry concerns surrounding data collection policies at the Consumer Financial Protection Bureau.
Both groups sent letters to the bureau during the final week of 2018 calling out what CUNA referred to as “overly broad, redundant or duplicative collections of consumers’ financial data, especially regarding data that could be used in ways not intended by the Dodd-Frank Act.”
Letters from the two organizations echoed concerns from a 2018 audit of the bureau by the Office of the Inspector General that cited issues related to personally identifiable information. CUNA and NAFCU contend any information the CFPB collects must be adequately secured to protect consumer privacy.
NAFCU also urged the bureau to limit its public disclosure of Home Mortgage Disclosure Act-related data to “mitigate privacy risks to credit union members” since HMDA reports include a credit union’s name, mortgage amount, transaction year and census tract of the property. NAFCU claims this data could make individual borrowers residing in rural areas vulnerable to reidentification.
“NAFCU remains concerned with the OIG’s observation that access to one of the bureau’s internal collaboration tools, which contains sensitive, personally identifiable information regarding consumers, was not restricted to individuals with a need to know,” NAFCU officials wrote.
With cybersecurity concerns paramount among credit unions the two groups also called on the bureau to implement OIG recommendations to protect members from fraud, as well as calling on the CFPB to scale back its existing data collections because of uncertainty surrounding how the bureau secures and stores PII.
CUNA also recommended the CFPB adopt a concrete standard for its data evaluation methods within the consumer financial service sector. The trade group raised concerns of scale – particularly with what it called the bureau’s past “one-size-fits-all approach” – where the CFPB previously looked into data concerning big banks to draft regulatory legislation for the financial circuit at large. CUNA argued in its letter that the one-size-fits-all approach negatively impacts the consumer.
Lastly, NAFCU urged the bureau to hold off on publishing individual consumer complaint narratives in its public database, “as there is no shortage of alternative channels through which consumers can publicly comment on and rate the conduct of individual financial institutions.”