CUNA Comment Letter

Financial Literacy and Privacy

June 21, 2002

Ms. Ann Bistay
Secretary of the Consumer Advisory Council
Division of Consumer and Community Affairs
Board of Governors of the
Federal Reserve System
20th Street and Constitution Avenue, NW
Washington, DC 20551

Re: Financial Literacy and Privacy

Dear Ms. Bistay:

the credit union national association (cuna) appreciates the opportunity to comment on the topics of financial literacy and the privacy, two topics that will be the subject of discussion during meetings this week of the federal reserve board’s (fed’s) consumer advisory council (cac). Cuna represents more than 90 percent of our nation’s 10,500 state and federal credit unions.

Summary of CUNA’s Position

Financial Literacy

Fed Governor Mark Olson recently remarked that financial literacy is an important means to protect vulnerable consumers from predatory lenders. We could not agree more with this statement. Providing financial education to members to help them achieve financial literacy has always been an important mission of the credit union movement.

As member-owned, not for profit institutions, credit unions work hard to provide members with financial services at the lowest possible cost. In addition to this important service, credit unions are also dedicated to providing their members, as well as their communities, with a variety of financial education opportunities so that they may make wise financial decisions.

In recent years, CUNA and credit unions have undertaken a number of initiatives to support financial literacy. CUNA has been a partner with NEFE to develop and provide financial education for our nation’s high school students. The materials that are developed provide a basic introduction to personal financial planning, covering the impact of career and work factors on earnings potential, spending and saving money, using and managing credit effectively, protecting assets, and the time value of money. Students are also taught how to develop their own personal spending and savings plan. NEFE has reached over 72,000 students over the course of the 2001-2002 school year.

CUNA has also devoted an area of its website to issues related to financial education and literacy. This includes NEFE materials and Savingteen Magazine, a periodical that provides a wealth of financial information for high school students.

CUNA is also pleased to be a part of the United States Department of Treasury’s “Bank on Your Schools-- initiative. This initiative is a partnership between schools and financial institutions to promote financial education in low and moderate-income areas. This will encourage financial institutions to open student-run branches in high schools, or give students a chance to work in the institutions themselves. Students will get hands-on experience and they will learn about the importance of saving and managing money.

Currently, nearly 80 credit unions oversee more than 250 in-school branches and we are eager to work with the Department of Treasury to expand this even further. We would also welcome the opportunity to work with the Fed on any initiatives that it may develop in this area.

Privacy

Credit unions are very concerned about the privacy of their members’ information and have complied in good faith with the GLBA rules. Compliance with the GLBA rules has helped both credit unions and their members focus on and achieve the mutual goal of protecting this information to the extent possible. However, as outlined below, CUNA is very concerned about current and new state laws that may be more restrictive than the GLBA, as well as possible revisions to the GLBA rules themselves.

Congress Should Preempt More Restrictive State Privacy Laws

We believe current privacy laws are adequate and we also believe that the GLBA provisions should preempt state privacy laws that are more restrictive. Currently, the GLBA permits states to enact more restrictive privacy laws. Although fewer states are considering such laws this year, as opposed to last year, there is still the potential that a patchwork of state privacy laws will be developed eventually.

The costs of complying with the GLBA privacy rules has already been high and very burdensome for smaller financial institutions, such as credit unions. For banks and thrifts, which were the primary beneficiaries of the new powers and other benefits conferred by GLBA, perhaps these costs were a worthwhile price to pay for increased operating flexibility in other areas. Credit unions, however, which did not oppose new powers for banks and thrifts, received only new burdens from this legislation.

The costs of complying with additional state laws will increase this burden even further. Credit unions will be required to bear the costs of complying with various state laws, but also will have to monitor which of their members reside in a state with a more restrictive privacy law. Even if a credit union does not currently have members that reside in one of these states, the credit union will still have to monitor and comply if a member later moves to one of these states. As member-owned, not-for-profit cooperatives, the additional costs are borne by the members, either in the form of higher loan rates or lower rates on share deposit accounts.

Not only will the compliance costs be high, but it will be very difficult to train credit union staff on the specifics of each state law. We also believe that credit union members will be confused in understanding their privacy rights if a number of states enact privacy laws that vary from the GLBA privacy rules. Most credit unions are small financial institutions and often do not have the resources to employ more staff to monitor these additional requirements. Also, the regulatory burden on credit unions has already increased substantially this year. This includes several new rules that will be issued this year as a result of the USA Patriot Act of 2001, as well as new requirements that have recently been added to the Fed’s Regulation C, the Home Mortgage Disclosure Act.

If faced with a patchwork of state privacy laws that are more restrictive than the GLBA rules, it would be helpful if there was a repository of these laws maintained at a federal agency, such as Treasury or the Fed. This would provide financial institutions with one location in which they could receive information about state privacy laws, rather than having to constantly monitor the laws of all the states in which the institution conducts business. This would be of particular benefit to smaller financial institutions, such as credit unions, that may not have sufficient legal or compliance staff to assist them in these efforts.

Current GLBA Rules Adequately Balance Privacy Rights and the Need to Share Information

As stated above, CUNA strongly believes that existing laws adequately protect consumer privacy. When the privacy provisions of the GLBA were being drafted, Congress heard from those who supported strong privacy rights, as well as from those who opposed additional privacy protections out of concern that reduced information sharing would disrupt or increase the costs of products and service for consumers. Congress carefully considered these opposing viewpoints and drafted privacy provisions that carefully balance the need for additional privacy protections with the need to allow for continued information sharing to ensure that consumers receive products and services in a cost-efficient manner.

We also believe that current credit union privacy notices are designed to help consumers and that further revisions are unnecessary. The GLBA has now been in effect for two years and credit unions are now in the process of issuing the second of the annual privacy notices that are required to be distributed. As with other types of financial institutions, credit unions struggled in developing the initial privacy notices in early 2000. The difficulty in drafting these notices was the result of the need to comply with these new and complex rules, as well as the uncertainty as to what the regulators’ expectations were with regard to these new privacy notices.

Although the process was difficult and costly, credit unions were very successful in developing privacy notices that were in compliance with the new rules and were relatively short and easy to understand. Credit unions were successful because they want their members to understand how their information is used and because credit unions do not share information to the same extent as other types of financial institutions. The information sharing is not as extensive because as member-owned, not-for-profit cooperatives, credit unions do not focus on marketing products and services to increase profits as may be the case with other financial institutions.

We believe credit unions’ success with regard to privacy notices can be measured by the low rate in which members have opted out of information sharing when given this choice and by the lack of objection with regard to information that is shared without providing members with the ability to opt out. Credit union members have the ultimate vote with regard to the privacy of their personal information. Because credit unions are democratically controlled and member owned, if they are not pleased with how their information is shared, they can work with their credit union to change its practices.

Because credit unions have successfully developed privacy notices in compliance with the relatively new GLBA privacy requirements, at high cost and great effort, we at this time strongly oppose any changes that would result in a need to re-draft these notices. More time is needed to determine if these efforts have been successful in balancing the privacy rights of consumers with the need to share information for the purpose of providing products and services in a cost-efficient manner.

At the same time, we recognize that other types of financial institutions have developed notices that have been very complex and difficult to understand. In recognition of that, we would support an effort by the financial institutions industry and government to work together to develop voluntary guidelines and sample notices. CUNA would be pleased to participate in this effort and to share credit unions’ experiences in developing these notices.

We recognize that there are proposals in Congress and in certain states that would require an “opt in-- approach for certain information in which the information is not shared, unless the consumer affirmatively agrees to allow for such sharing. We strongly oppose a scenario in which certain information would be subject to an “opt in-- system and other information subject to an “opt out-- system. This would be very difficult for credit unions to administer and members would be confused as to how they can control their personal information. Such a scenario would also result in more complex privacy notices for all types of financial institutions, including credit unions, which would conflict with the goal of simplifying the current notices.

CUNA would also strongly oppose any change that would alter the current exception in the privacy rules that allow for the sharing of information under the joint marketing agreements without providing consumers with the right to opt out. This exception allows smaller financial institutions to achieve the benefits of information sharing that are afforded to larger institutions that are permitted to share information with multiple affiliates without providing this opt out right.

CUNA was actively involved in the GLBA legislative process to ensure that credit unions would not find themselves at a competitive disadvantage to the new financial conglomerates that will be formed in the future as a result of the GLBA. (Of course, GLBA conferred direct benefits on banks and thrifts, but offered none to credit unions.) Congress specifically recognized the legitimate concerns raised by CUNA and others on behalf of smaller financial institutions and the federal regulators were directed, as part of the rulemaking process, to take into account any adverse competitive effects that may occur. CUNA also wanted to ensure that these provisions provided the necessary flexibility to allow credit unions to disclose financial information that is necessary for legitimate business purposes so that members may continue to receive high quality service and products in an efficient manner. We believe that the GLBA privacy provisions that facilitate the sharing of information under joint marketing agreements have helped to accomplish this goal.

Future Efforts Should be Focused on Industry Guidelines and Standards that Address Fraud and Security.

With regard to privacy, we believe there are two issues that have been of concern to consumers. One has been the desire for more information and choices about how personal information is shared. The other has been the concern that such information will be used for fraudulent purposes, with identity theft being the primary concern in this area.

We believe that future efforts with regard to privacy must now focus on fraud and identity theft. One factor accounting for the increased escalation of these crimes has been the evolution of technology, especially the Internet. Although such technology has been of great benefit to consumers with regard to facilitating financial transactions, an unfortunate side effect has been the ease in which criminals can use this technology to compromise the security of personal information and to use it fraudulently.

The GLBA rules addressed this issue by requiring financial institutions to implement security programs to safeguard consumer information. The industry has also taken the lead in establishing industry guidelines in this area that take into account the rapid changes in technology. CUNA is a member of the Banking Industry Technology Secretariat (BITS), which has been working with the financial institutions industry to develop guidelines and standards to protect personal information, while taking into account the latest advances in technology.

One such effort that CUNA has been actively involved in has been the recent guidelines with regard to information technology (IT) service providers. These guidelines should be especially helpful for credit unions because they are likely to rely on outside IT vendors to a greater extent than larger financial institutions. We believe that by working with groups such as BITS, the industry can work cooperatively with government regulators and law enforcement authorities to address the problems of fraud and identity theft in a rapidly changing technological environment. In such an environment, both the industry and government must respond to rapid changes by implementing the best security procedures that are currently available and to be able to change these procedures as circumstances warrant. We believe that industry-developed guidelines would be preferable under these circumstances, as opposed to additional government regulations that may not be able to keep pace with the rapid changes in technology.

Thank you for the opportunity to comment on the issues of financial literacy and privacy. If you or other Board staff have questions about our comments, please give me, Associate General Counsel Mary Dunn or Assistant General Counsel Jeffrey Bloch a call at (202) 638-5777.

Sincerely,

Daniel A. Mica
President and CEO