America’s Credit Unions today submitted a comment letter to the CFPB as the agency seeks to significantly revise its Personal Financial Data Rights (PFDR) Rule. The association warned that, the previously finalized rule would impose disproportionate costs on community-based financial institutions, create unfair competitive advantages for large technology firms, and heighten risks for consumers’ personal financial data.
“We are encouraged by the CFPB’s attention to rectifying flawed assumptions in the PFDR Rule, which have contributed to an untenable expansion of section 1033. Safe and interoperable data exchange standards can help credit unions improve consumer experiences, but to achieve this outcome the CFPB must reexamine its prohibition on fees, the allocation of risk management responsibilities placed on data providers, and the guardrails needed to ensure strong data security and privacy protections for consumers,” wrote Andrew Morris, America’s Credit Unions director of innovation and technology.
The letter emphasizes that credit unions—long trusted as member-owned stewards of consumer data—face heavy new technical and compliance burdens under the proposal, particularly smaller institutions. America’s Credit Unions calls on the CFPB to provide a more balanced framework that:
- Clarifies third-party accountability for data breaches or misuse;
- Allows reasonable cost recovery through access fees;
- Withdraws overly granular API and data-format specifications;
- Limits covered data categories to exclude pending or incomplete transactions; and
- Establishes a safe-harbor framework for institutions that rely on certified third-party security representations.
The association also recommends that the CFPB develop a centralized accreditation and whitelisting system for data aggregators to streamline oversight and ensure only vetted entities access consumer information. Such steps, coupled with extended compliance timelines for smaller credit unions, would support innovation while preserving strong data protection standards
America’s Credit Unions reaffirmed that any final rule should align with the Administration’s Executive Order 14267, which cautions regulators against policies that predetermine economic “winners and losers.”