Credit unions are regulated by a number of federal agencies, including the National Credit Union Administration (NCUA), the Federal Reserve, the Consumer Financial Protection Bureau (CFPB) and the Federal Deposit Insurance Corporation (FDIC), as well as a host of state agencies. The NCUA regulates, charters and supervises federal credit unions and insures deposits for some 135 million members nationwide, playing a substantial part in the industry’s competitive and regulatory landscape while protecting member interests.
The agency’s supervisory guidance is nonbinding, but it sets the agenda for what credit unions can expect in terms of regulatory compliance. Among the NCUA’s 2023 priorities are consumer financial protection, information security and fraud prevention and detection. These priorities are shared across agencies and represent the many regulatory shifts coming toward CUs.
One of the CFPB’s key areas of focus has been illegal junk fees and their impact on consumers, with a report revealing many types of violations by financial institutions (FIs) in this area. These violations include unfair fees for bank overdrafts or insufficient funds and overly aggressive late charges on auto and student loans and mortgages. Some of the violations involved vehicles that were illegally repossessed even though customers had already made payment agreements.
Many offending organizations have already addressed the issues, while those that refused will face further CFPB investigation and possible enforcement actions. The report comes at a time when President Joe Biden called for a junk-fee crackdown during his State of the Union address. When the CFPB issued guidance on surprise bank overdraft fees, 20 of the largest banks in the U.S. eliminated the charges. Some $30 million was refunded to 170,000 fee-stricken account holders, the CFPB found.
The CFPB has also worked to move financial services toward open banking, or providing access to consumer banking data by third-party financial services firms to develop new products and services. When implemented, its Open Banking Rule could be one of the most important data privacy laws issued by a federal agency. The proposed rule would enable consumers to control and share their financial data with banks and nonbank FIs via application programming interfaces (APIs).
The rule would require “data providers” — including banks, credit unions, card issuers and other entities — to “make available” consumer financial information in six different categories, from periodic statement and transaction information to consumer identity information. FIs, meanwhile, are not granted any discretion to refuse consumer information requests. The CFPB is considering proposals that address third-party data collection and security. After additional input from small businesses, the CFPB will finalize and implement rules next year.
The proposed Open Banking Rule is meant to stimulate market competition by enabling consumers to leave their FIs and take their financial data to new providers. The National Association of Federally-Insured Credit Unions (NAFCU), however, said the rule could have the opposite impact. Because API adoption has been cost-prohibitive for many smaller organizations, the NAFCU contended that the proposed Open Banking Rule rewards larger and more technologically advanced FIs at the expense of CUs and community banks.
Further, CUs would face major expenditures and operational challenges under the CFPB’s proposed requirement that data providers fund and construct a portal to their core banking systems for access by third parties such as FinTechs. In addition, a provision to eliminate screen scraping would put CUs and small banks at a competitive disadvantage during their transition to APIs. Industry groups are favoring an incremental approach to open banking that would strike more of a competitive balance. These kinds of details regarding the CFPB’s proposed rule are sure to create compliance challenges. Those CUs that are proactive in their response will be best prepared for change.