Courtesy of Naked Capitalism. This is an extensive takedown of the systemic problems with the entire credit reporting infrastructure. I will only hit the highlights. Yves Smith quotes The N.Y. Times:
[T]he Federal Trade Commission . . . lacks the authority to impose big fines.
Last month, the commission punished TaxSlayer, a tax preparation website, for a weak security system that allowed hackers to gain access to nearly 9,000 customer accounts. TaxSlayer agreed to strengthen its systems and undergo compliance audits. But it paid no financial penalty, because the commission has no power to levy fines for first-time violations of certain rules.
“Both in terms of resources and authority, what the F.T.C. can do clearly doesn’t measure up to the scale of the problem,” said William McGeveran, a professor at the University of Minnesota Law School who specializes in privacy law.
The essay points out N.Y. Times bullshittery:
“You cannot fire the three credit bureaus,” said Rohit Chopra, a former assistant director at the Consumer Financial Protection Bureau and now a senior fellow at the Consumer Federation of America. “Credit reporting agencies are the plumbing of our financial system but are much less regulated than many banks.” (emphasis added)
Yves Smith corrects the record (original includes multiple links):
This is not correct. Credit bureaus are not “too critical to fail” institutions. And it’s disingenuous to promote this impression, since if this security breach results in large-scale identity theft, Equifax could become an Arthur Andersen, done in by legal liability. It has a net worth of roughly $3 billion. It is exposed to private and government suits. Class action lawyers are already discussing multi-billion dollar litigation, although a complicating factor is that the best causes of action are likely to be under state law.
On the government side, one example is that Equifax violated some states’ data breach notification laws. Vermont, a small state, is contemplating suing on behalf of more than 240,000 citizens, with penalties of up to $10,000 per violation
A summary of pending legal action:
Reuters gives an update:
More than 30 lawsuits have been filed in the United States against Equifax Inc after the credit reporting company said thieves may have stolen personal information for 143 million Americans in one of the largest hackings ever.
At least 25 lawsuits had been filed in federal courts by Sunday, including at least one accusing the company of securities fraud, court records show.
Several more lawsuits were filed against Equifax on Monday. Many of those raising similar claims will likely be combined into a single, nationwide case….
On insurance liability:
And insurance won’t do much to help Equifax. Bloomberg reported over the weekend that Equifax’s policies would cover a mere $100 to $150 million in losses.
While it is true that that it would be extremely disruptive to try to get rid of the credit bureaus quickly, it would be entirely possible to reduce their importance over time. Banks would need to take up activities that they’ve outsourced to the credit bureaus.
Key points in the remainder of the essay:
How US Regulators Promoted Credit Unions Without Making Them Accountable
Bhide explains how regulators promoted the use of FICO scores, and with it, the role of credit bureaus:
Fannie and Freddie jumped on the FICO bandwagon. Bhide again:
Government Sponsored Entities (GSEs), notably Fannie Mae and Freddie Mac, that guarantee over 60% of new residential mortgages in the US.
And why has Bhide chosen to question the role of FICO? He concludes that standardized scoring was a boon for the growth of securitization in the US:
Equifax is a tiny example of the many problems with our financial system that were papered over rather than fixed. So if were it to fail under the weight of litigation, that might force some overdue changes.
I have just scratched the surface of a lengthy and wonkish essay. Read the full story here: