Equifax, other credit rating firms should prepare for 'new regime,' Washington regulator warns
One of Washington's top consumer watchdogs warned on Wednesday that credit rating agencies should prepare for tougher supervision in the wake of a massive hack at Equifax that exposed sensitive data on 143 million people.
"We're going to have monitoring in place that's preventive," Richard Cordray, the head of the Consumer Financial Protection Bureau, said in an interview with CNBC. "It's going to be a different regime than we're used to. In the past they dealt with these problems on their own. That's not good enough."
The big three credit bureaus — Equifax, TransUnion and Experian — collect information on 200 million consumers but have traditionally only been federally regulated by the Federal Trade Commission. In 2010's financial reform legislation, the Dodd-Frank Act, the CFPB gained the power to supervise the companies on a day-to-day basis.
In the interview, Cordray indicated that the agency would be accelerating that effort following the Equifax hack, which has also sparked investigations by the FBI and other regulators. Congress could grant the agency additional powers to supervise the industry's efforts on data security, he said.
"If they're going to restore public confidence in this marketplace and if they're going to create the kind of reforms necessary, they're going to have to recognize the old days of just doing what they want, being subject to lawsuits now and then, are over."
It is unclear how specifically Cordray wants to increase supervision of the industry. In January, the agency fined Equifax and TransUnion for deceiving consumers about the usefulness and cost of credit scores they them. And in a March report, the CFPB said it receives thousands of complaints a year about the industry, including about the accuracy of the reports they produce on consumers and the difficulty of having false information corrected.
"I am glad to see the CFPB is going to push their authority and do this," said Chi Chi Wu, a staff attorney with the National Consumer Law Center. "That is perhaps the best way to make sure this doesn't happen again."
Spokespeople from Equifax, TransUnion and Experian didn't immediately respond to a request for comment.
This comes as Equifax scrambles to address growing concerns among lawmakers about the hack, which potentially revealed the Social Security numbers and other personal information of about 40 percent of the U.S. population. On Tuesday, the company's chief executive and chairman, Richard Smith, stepped down. Equifax's board of directors has launched an independent investigation into the leak.
So "retiring" @Equifax CEO will get $18.4 MILLION pension.— Ali Velshi (@AliVelshi) September 26, 2017
The company, which has already seen its stock price decline nearly 30 percent, has repeatedly apologized and said it moved as quickly as it could once it understood the severity of the problem.
Congress has grown increasingly agitated about the leak and the company's bungled response.
"I question whether Equifax has the right to even continue providing these services with the level of sloppiness and lack of attention to cybersecurity," Sen. Mark Warner, D-Va., said on Tuesday.
Rep. Maxine Waters, D-Calif., ranking member of the House Committee on Financial Services, has called for an overhaul of the nation's credit reporting system. Sen. Elizabeth Warren, D-Mass., has introduced what she has called the Freedom from Equifax Exploitation Act, or FREE Act. The FREE Act allows every consumer to freeze and unfreeze their credit file for free. If a person's credit report is frozen, no one can access your data to open a new credit card or take a loan. Better Markets, an advocacy group, is calling for the Securities and Exchange Commission to require companies to "promptly" disclose a hack unless it's insignificant. (Equifax notified the public six weeks after it discovered the breach.)
The industry's fate likely depends on whether efforts to reform the industry can gain Republican support. Republicans in both chambers have expressed outrage about the breach and Rep. Jeb Hensarling, R-Texas, the head of the Financial Services Committee, has called for hearing on the breach, but it unclear whether he would support legislative changes.