Why Your CU Needs a Chief Data Officer

One of the first things we learn about the wonders of nature is that even the smallest insect plays a critical role in the ecosystem that is our natural environment. What we don’t emphasize to kids, but we learn as adults, is that while the smallest animal may be crucial to our survival, it almost always ends up dead, swallowed up by a bigger inhabitant of the neighborhood.

Business works in much the same way, which is why employing a Chief Data Officer (CDO) is increasingly important. Their leadership in tracking and understanding the credit union’s data, maximizing its value and ensuring that it is collected and held consistent with legal and regulatory obligations is quickly becoming a must-have.

As I think about the most significant issues facing credit unions in the coming months and years, I would say the single biggest question, irrespective of a credit union’s size, is this: Where it will stand on the information food chain? Is your credit union going to be reduced to nothing more than a repository of financial data used by other bigger banks and credit unions, as well as fintechs, to use for their benefit and profit? Or will it protect its members’ data, glean information from its insights and use it to create a loyal foundation of members?

Assuming your credit union wants to accomplish the latter, it has to recognize that virtually every aspect of the information ecosystem has legal and operational implications. The stronger you build your data foundation now, the more prepared you will be to help your credit union grow in the future. A CDO would strategically corral all that information for myriad uses, from compliance to highly refined growth metrics.

The CDO would start a credit union’s data food chain at its most basic level with the data your credit union holds for its members. Instinctually, credit unions take pride in knowing their members, and as I have gotten to know more credit union people over the years, I am amazed by just how true that is. You do more than maintain an account for the neighbor down the street; you know she is planning on retiring, that her son is struggling to get by, that her husband started a successful business 10 years ago, and that the kids’ first car was a Honda Civic they bought with a loan from you. This is precisely the kind of information that computer-based algorithms find so valuable because, from it, we can predict what your members want and need at a given stage of their lives.

Whose Data Is It Anyway?

Unfortunately, there is no precise legal definition of data and who owns it. The result is that contracts negotiated between huge and small corporations provide a definition on an ad hoc basis. We have already seen where this ends up. Corporations like Fiserv dispute who owns what information anytime a credit union has the audacity to switch vendors.

For example, one of the reasons the 4,000-member Bessemer Credit Union sued Fiserv after no longer using its core processor is because Fiserv refused to return records the credit union believed it was entitled to under the Master Agreement (Bessemer Sys. Fed. Credit Union v. Fiserv Sols., LLC, 472 F. Supp. 3d 142, 182 (W.D. Pa. 2020)).  Unsurprisingly, Fiserv argued that the information belonged to Fiserv. This case was ultimately settled, but this is not an argument that credit unions should have to have. A CDO, along with good lawyering, could help avoid these costly and time-consuming legal battles.

What’s a Credit Union to Do?

First, recognize what data is and who controls it. Second, the industry should be pushing for federal regulations to create a uniform definition of data.

Let’s go further up the food chain and assume we all know what data is. While we all have a pretty good understanding of the need to protect personally identifiable information, a CDO would help to adequately protect the value of that data as a company asset.

For instance, do our contracts effectively restrict the use of our data by third-party vendors to the purposes for which we contracted? Or, are they flexible enough that vendors can utilize their credit unions’ information to grow their bottom line without any compensation to the credit union?

Recently, a group of congressmen sent a letter to the CFPB arguing that its proposed open banking regulations gave vendors too little flexibility to use the information they obtain. As currently drafted, they argued the proposal would stunt the ability to innovate with data. While this argument has a certain facial appeal, its end result would be to further accelerate a trend in which fintechs offer our members all the cool stuff, and we are nothing more than the holders of our members’ information.

The Problem With Open Banking

First, it is absolutely crucial that the industry understand the importance of the CFPB’s open banking proposal and that it advocates for a final rule that balances data portability against the need to be appropriately compensated for the cost of holding member information and the potential value it holds to third-party vendors. Second, it’s critical that all institutions, not just credit unions, begin to demand that they be adequately compensated for their services, which is also where a CDO comes into play.

The late, great Judge Richard Posner of the 7th Circuit Court of Appeals suggested several years ago that one of the most effective ways of fostering a truly fair information economy was to ensure that consumers understood the value of their information and were given the opportunity not only to keep it from businesses but also to sell it if they chose. We need the same approach for small businesses, including credit unions and community banks.

Last but not least, let’s assume we have a clear definition of data and contracts that adequately compensate institutions of all sizes for the value of their information. How is your credit union going to provide the services your member needs?

Obviously, you are going to work with third-party vendors, demonstrating the crucial need for a CDO. Once again, the contract is critical. Is the credit union going to be protected against lawsuits claiming that the vendor technology you are using violates some obscure patent? What happens to the technology you are using if your vendor goes bankrupt? And are you prepared to deal with the reputational risk that comes with a poorly performing product or ransomware attack? These are all questions I know credit unions are already dealing with. Still, they are all questions made even more important once we understand they are crucial to benefiting from the information ecosystem.

If this sounds like a lot of work, that is because it is. Just as technology has made it essential that every credit union has someone responsible for IT, it is becoming increasingly necessary for every credit union to employ a CDO. This individual will be responsible for tracking and understanding all the information the credit union holds, maximizing its value, and ensuring that it is collected and held in a manner consistent with legal and regulatory obligations.

Henry Meier is the former General Counsel of the New York Credit Union Association, where he authored the popular New York State of Mind blog. He now provides legal advice to credit unions on a broad range of legal, regulatory and legislative issues. He can be reached at (518) 223-5126 or via email at henrymeieresq@outlook.com.