CFPB headquarters. (Source: Shutterstock)
A 10-page letter filed Tuesday from eight financial trade groups, including CUNA, NAFCU and the American Bankers Association, officially petitioned the CFPB to strengthen its rulemaking concerning the privacy and security of consumer data held by fintech organizations.
The groups have asked the CFPB to better define "larger participants" that will be subject to CFPB supervision under section 553(e) of the Administrative Procedure Act.
Recommended For You
According to the bureau, officials there are currently engaged in a rulemaking regarding section 1033 of the Dodd-Frank Act, which establishes standards for the sharing of consumer financial data.
"We believe the CFPB should ensure that data aggregators and data users that are larger participants in the aggregation services market – not just banks and credit unions – are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information," the letter stated.
According to a statement from NAFCU, the CFPB has avidly monitored the aggregation services market and has since identified the main participants as consumers, data holders, data users and data aggregators. "The bureau acknowledged that while the use of consumer financial data by these participants could lead to improved and innovative consumer financial products, there are still several data privacy and security concerns to consider," NAFCU stated.
While credit unions and banks are targeted as holders of consumer data and subject to CFPB supervision, the trade groups stated that fintechs and many other non-depository institutions are not and this creates a "supervisory imbalance."
"By the nature of their business, data aggregators hold a tremendous amount of consumer financial data. It is estimated that data aggregators hold the consumer log-in credentials for tens of millions of customers. While consumers may consent to the sharing of their financial data, many of these same consumers are unaware of the activities in which these intermediaries engage, how the information is being collected and how the data may be used or shared," the letter stated.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Michael Ogden
Editor-in-Chief at CU Times. To connect, email at [email protected]. As Editor-in-Chief of CU Times since 2016, Michael Ogden has led the editorial team in all aspects of content strategy and execution, including the creation of the publication’s exclusive and proprietary research database of the credit union industry’s economic landscape. Under Michael’s leadership, CU Times has successfully shifted to an all-digital editorial product with new focuses on the payments, fraud, lending and regulatory beats. Most recently, he introduced a data-focused editorial product for subscribers that breaks down credit union issues into hard data, allowing for a deeper and more factual narrative for readers. In 2024, he launched the "Shared Accounts With CU Times" podcast, which offers a fresh, inside-the-newsroom perspective through interviews with leaders from the credit union industry and the regulatory world. He dives into pressing credit union issues, while revealing the personalities working behind-the-scenes to push the credit union world forward. His background includes years as a radio and TV anchor/reporter and a public relations and digital/social media manager, where he covered the food and music industries, as well as cooperatives and credit unions. Over the years, he has launched numerous exclusive video and podcast series, including a successful series of interactive backstage interviews with musicians at music festivals, showcasing his social media and live streaming production skills.
