Credit Unions Back House Financial Privacy Bill

Lawmakers are considering an update to the Gramm-Leach-Bliley Act (GLBA), which says institutions must protect nonpublic personal information, such as transaction histories, balances and payment activity.

In a letter last month to the House Financial Services Committee, industry group America’s Credit Unions argued that credit unions need to have clear rules that let them meet their customers’ needs as the law evolves.

“This includes a data privacy standard that not only protects their members but also allows credit unions to evolve in how they serve their members,” the letter said.

Greg Mesack, senior vice president of advocacy for America’s Credit Unions, wrote in the letter that the proposal contains “important relief.”

These include exceptions designed to preserve operational flexibility around data retention, recognition of small financial institution compliance costs, and a major provision tied to the preemption of state laws.

However, “credit unions are concerned that expansion of the GLBA’s obligations for financial institutions when undertaken alone will contribute to greater burden without the benefit of consistent federal safeguards applying across the wider economy,” he added.

As covered here last month, a hearing on the legislation featured differing views from witnesses on how the system should be governed.

As Rep. Bryan Steil, (R-Wis.) said, the financial services landscape is considerably different than it was when GLBA became law during the Clinton administration.

Nathan Taylor, partner at Morrison Foerster, argued that the Act is sufficiently “technology neutral,” and added that, in reference to definitions of various providers, aggregators are financial institutions, for example, and therefore covered under the legislation. His testimony also covered the limits of applying larger-scale privacy rights to financial data.

“It can be far harder to craft a workable and meaningful privacy right … with respect to, for example, a consumer’s 30-year mortgage,” he said.

In other credit union news, PYMNTS spoke recently with Elizabeth Wadsworth, vice president of Decision Intelligence and Transformation at Velera, about how the credit union space is rethinking how identity is verified and how fraud detection systems function.

She said the industry is shifting into an environment where identity verification cannot depend solely on traditional signals.

Fraud is no longer focused on one part of the member journey, as credit unions are seeing fraud attempts during account creation, login authentication and transaction activity, Wadsworth said.

“We’re in a space where it’s hitting all sides,” she said, adding that financial institutions need to shore up defenses across each point of interaction.