Weakening CFPB will strengthen ID protection providers

Editor’s Note: This post originally appeared in slightly different form on Javelin Strategy & Research’s blog.

Generating nearly $4 billion in annual revenue, identity protection is a big business — one that has consistently drawn the attention and ire of regulators. But regulatory pressure that once alienated the largest resellers may soon ease and the identity protection industry could become even bigger — fast. With policymakers considering steps to curb the powers of the Consumer Financial Protection Bureau and other agencies, we estimate the market could become $5 billion or more practically overnight.

In years past, the Federal Trade Commission had the sole purview of the identity protection space. But the newest regulator, the CFPB, has since taken up the mantle of de facto identity protection industry regulator. Since 2012, regulators — most notably the CFPB — have levied $1.6 billion in fines and settlements related to identity protection and similar products primarily sold through U.S. financial institutions.

In moves that some considered emblematic of regulatory overreach, federal and state regulators have punished a number of companies, citing what they considered to be dubious marketing and sales practices. LifeLock Inc., for instance, agreed in 2015 to pay $11 million to the FTC and $1 million to a group of state attorneys general to settle charges related to marketing claims around its identity theft protection services. That same year, the CFPB took action against Affinion Group Holdings and Interactions Inc. for the way in which the companies charged consumers for credit card add-on benefits that the agency said consumers never received.

With each new fine or settlement, banks backed away from offering these products to their customers. As a result, far fewer major financial institutions continue to sell these products, despite the fact that identity fraud has hit a record high.

Furthermore, banks that still sell the service no longer rely on the identity protection providers to do the grunt work. These days, it’s more likely the service will be bank branded and with greater bank oversight when it comes to sales and marketing practices than they once were.

However, a new U.S. president and emboldened Congress may effectively change the dynamic that drove so many financial institutions from the identity protection space.

The CFPB is under attack. The agency is not only facing court challenges, but it is also under threat of defunding from legislators. A defanged CFPB would mean less risk for financial institutions that choose to return to the identity protection reseller market.

As the practices that once put providers and financial institutions in regulatory crosshairs have become less of an issue, financial institutions would have one less obstacle to get back into the game. The real question then becomes: Which identity protection provider should banks trust with customers' identities?