WASHINGTON–America’s Credit Unions has submitted a comment letter to the CFPB as it seeks to significantly revise its Personal Financial Data Rights (PFDR) Rule.
In the letter, America’s Credit Unions argued that the previously finalized rule would impose disproportionate costs on community-based financial institutions, create unfair competitive advantages for large technology firms, and heighten risks for consumers’ personal financial data.
“We are encouraged by the CFPB’s attention to rectifying flawed assumptions in the PFDR Rule, which have contributed to an untenable expansion of section 1033,” states the letter, which was signed by Director of Innovation and Technology Andrew Morris. “Safe and interoperable data exchange standards can help credit unions improve consumer experiences, but to achieve this outcome the CFPB must reexamine its prohibition on fees, the allocation of risk management responsibilities placed on data providers, and the guardrails needed to ensure strong data security and privacy protections for consumers.”
America’s Credit Unions said the letter emphasizes that credit unions—”long trusted as member-owned stewards of consumer data—face heavy new technical and compliance burdens under the proposal, particularly smaller institutions.”
The Recommendations
The trade group is calling on the CFPB to provide a more balanced framework that:
- Clarifies third-party accountability for data breaches or misuse
- Allows reasonable cost recovery through access fees
- Withdraws overly granular API and data-format specifications
- Limits covered data categories to exclude pending or incomplete transactions
- Establishes a safe-harbor framework for institutions that rely on certified third-party security representations.
Additional Recommendations
America’s Credit Unions also recommends that the CFPB develop a centralized accreditation and whitelisting system for data aggregators to streamline oversight and ensure only vetted entities access consumer information. Such steps, coupled with extended compliance timelines for smaller credit unions, would support innovation while preserving strong data protection standards
America’s Credit Unions said it further reaffirmed that any final rule should align with the Administration’s Executive Order 14267, which cautions regulators against policies that predetermine economic “winners and losers.”
