Equifax data breach has major FinReg consequences

Complimentary Access Pill
Enjoy complimentary access to top ideas and insights — selected by our editors.

The only newsletter that scans and analyzes the full breadth of regulatory developments every day. Written and curated by Rob Garver for SourceMedia.

9.11.17 - Top executives at Equifax may be the only people in Atlanta right now who have more than just the imminent arrival of Hurricane Irma on their minds. As the massive storm ravages Florida and begins its churn northward, the credit reporting company is confronting a different type of devastation, one resulting from a data breach that exposed detailed personal information about 143 million consumers.

Outside of the potential harm done to individual consumers, there are two major impact zones resulting from the hack of Equifax’s systems. The first and most obvious is focused on the company’s own business and reputation. The second is on the financial industry as a whole, which had been benefiting from a strong deregulatory push in Congress, something that is now likely to be severely weakened.

In terms of Equifax’s own reputational problems, well, the company’s response to the data breach may well become a business school case study in how not to respond to a crisis.

The initial reports last week were bad enough. They included ill-informed call center workers and a practically inaccessible online resource center for victims and people trying to figure out if they were victims, both piled on top of the extraordinary delay in revealing the breach. (There was also the embarrassing revelation that top executives sold $1.8 million in company stock after the breach was discovered, but before it was made public. The company insists the executives were unaware of the breach at the time.)

As time went on, though, the company’s response began to look even worse.

Over the weekend, for example, victims of the breach told the New York Times that when they signed up for the Equifax assistance program, in addition to being asked for the same sort of information that had already been stolen, they were issued a PIN number. Observant victims noted that the “secure” PINs were apparently generated by an algorithm that used the date and time of the request to created the number.

“The whole point of a 10-digit PIN is that it’s supposed to be hard to guess,” one victim complained to the paper. “And then, they have this totally transparent algorithm for assigning them.”

The company also demanded that people signing up for its Trusted ID program first agree to an arbitration clause waiving their rights to take legal action against Equifax over any problems with the service (not, as some outlets mistakenly suggested, for the effects of the breach as a whole.)

This leads into the second disaster zone resulting from the hack.

As American Banker’s Ian McKendry reports, the requirement struck a nerve with lawmakers who were already dubious about Congressional efforts to roll back regulatory efforts on mandatory arbitration agreements.

“The massive breach at Equifax is likely to hurt — and may ultimately doom — efforts by Republicans to overturn the Consumer Financial Protection Bureau’s rule banning mandatory arbitration clauses,” he writes.

“The Equifax revelations come at exactly the wrong time for Republicans, who had been hoping as late as Thursday to rapidly push ahead next week on a vote to overturn the rule,” he writes. “Under the Congressional Review Act, Republicans just need a majority vote to repeal a rule within 60 legislative days.”

In addition, the Wall Street Journal reports, prior to the announcement of the breach, Congress was in the midst of debating an effort to roll back rules that put penalties in place for credit reporting firms that harm customers by disseminating incorrect information about their credit histories.

“The bill would cap potential damages that consumers could win against credit-reporting firms in a lawsuit, and eliminate punitive damages against them entirely,” the paper notes.

However, in the wake of the data breach, and Equifax’s less-than-consumer-friendly response, lawmakers might find their sympathy for the plight of credit bureaus waning then next time the issue comes up for discussion.

Like what you've just read? Get it in your inbox first-thing every morning.

Today’s Key Reads

Overdraft fee revenue helped, not hurt, by better disclosures
American Banker -Overdraft fees are a much-maligned practice, but they continue to be a growing source of revenue for many banks, according to new data from the Federal Deposit Insurance Corp. Each of the 15 largest retail banks posted overdraft revenue growth starting in the first quarter of 2015 — when the FDIC first required certain banks to provide a breakout — through the second quarter of this year.

CU trades speak out after Equifax breach
Credit Union Journal - Following this weeks’ news of the massive data breach at Equifax, credit union trade associations are once again calling for a congressional solution to a problem that has plagued consumers for years. “The massive breach at Equifax, and the report that they had known about it for weeks without notifying consumers, is yet another demonstration of the need for a legislative solution," said Dan Berger, president and CEO of the National Association of Federally-Insured Credit Unions.

Only 12 credit unions will be fined for late Q1 call reports: NCUA
Credit Union Journal - Bucking recent trends, only 12 federally insured credit unions paid civil monetary penalties for filing late call reports in the first quarter of 2017, according to a report from the National Credit Union Administration.

Breach at Alaska health agency puts protected information at risk
Health Data Management - The Alaska Department of Health and Social Services is notifying more than 500 individuals of two breaches of their protected health information on July 5 and 8 after it was hit with malware attacks. Two of the agency’s computers were infected with a Trojan horse virus, which is malware disguised as legitimate software. The malware apparently was launched after an employee opened an email that was also believed to be legitimate.

Fiduciary rule’s opponents seek elusive knockout blow
Financial Planning - Fresh off a victory in securing an 18-month delay for the fiduciary rule's remaining provisions, the regulation's opponents are redoubling efforts to nix it for good. Rescinding the rule in its entirety, however, has proven difficult in part because of the slowness of the rule-making process and the support the rule enjoys among consumer advocates as well as many within the industry.

Should the SEC regulate the ‘advisor’ title?
Financial Planning - Fee-only advisors often struggle to impress upon investors the fundamental differences between their fiduciary business model and that of, say, a commission-driven brokerage shop operating under the suitability standard. But what if regulators stepped in to help clear things up?

Extra Credit

Irma May Force Florida Insurers to Turn to Deeper Pockets
The New York Times - The massive, rolling disaster that is Hurricane Irma is going to severely strain the home insurance market in Florida. In recent years, large national insurance companies have pulled out of the market, meaning that claims will be concentrated on a state-run insurance fund and a handful of second-tier local insurers without the deep pockets of their larger rivals.

ECB Has Seen Very Little Price Pressure in Recovery-Mersch
Reuters - The mystery of the missing inflation is being replayed in Europe, as regulators at the European Central Bank have little evidence of rising prices, even as they plan to begin raising interest rates. ECB Executive Board member Yves Mersch told Reuters on Monday, "The main driver of inflation is normally wages. We see that the evolution of wages in most countries is not what it usually is in a recovery, which is that they rise very strongly.”

China Is Striving to Contain Its Once-Diving, Now-Thriving Yuan
Wall Street Journal - China came in for a lot of unjustified criticism over its management of its currency during the US presidential election last year, with then-nominee Donald Trump falsely claiming that the government was keeping the value of the yuan artificially low. Now, however, alarmed by the currency’s growing strength, Beijing is removing some support mechanisms.

Low Inflation Gives Fed Pause on Raising Rates Again This Year
Wall Street Journal - Will they or won’t they? The Federal Reserve Board’s Open Market Committee had been expected to keep slowly and steadily raising interest rates this year and on into the indefinite future. But that no longer looks to be a sure thing, as persistently low inflation scrambles board members’ calculations.

Investment banks to clash over Mifid II rules on free research
Financial Times - Among the multiple compliance issues that financial services firms are struggling with as the EU’s second Markets in Financial Instrument Directive (Mifid II) takes effect next year will be the distribution of free research on economic trends and fixed income investments. There is currently a major division between investment banks on how the rule will work in practice.

For reprint and licensing requests for this article, click here.
Cyber security Hacking Equifax
MORE FROM AMERICAN BANKER