The only newsletter that scans and analyzes the full breadth of regulatory developments every day. Written and curated by Rob Garver for SourceMedia.

10.11.17 - In addition to knowing all sorts of things about your financial life, up to and including account numbers and payment history, hackers who stole information on millions of consumers when they breached the credit reporting agency Equifax reportedly also have access to information of a far more personal nature. As the Wall Street Journal reports today, they made off with driver’s license information for more than 10 million people.

Though the information contained in a driver’s license varies somewhat from state to state, it typically includes a photograph and a physical description of the individual -- adding a whole new set of data points that potential identity thieves can add to their arsenal of information designed to fool gatekeepers at financial institutions.

(The same Journal story notes that the company has copped to having even more consumer data being stolen, this time records about customers in the UK. But at this point, what’s a few hundred thousand new victims, more or less?)

As the Equifax disaster continues to unfold, US officials are beginning to grapple with the fact that the three main credit bureaus all exist in a sort of regulatory dead zone. Compared to banks and insurance companies, data security practices at Equifax, TransUnion, and Experian receive little oversight, considering the degree to which their activities impact both individual consumers and the global economy.

At least one regulatory agency is raising its hand to take on the challenge of reining in the credit bureaus’ data security operations, but as American Banker’s Kate Berry observes, the identity of that agency -- and of its director in particular -- is likely to create fierce resistance in Congress.

Consumer Financial Protection Bureau Director Richard Cordray said in a recent interview that he believes the credit bureaus should not only be overseen by his agency, but that the regulation should be just as intrusive as that applied to banks, with resident examiners on the premises of the businesses.

"We are going to have to work with Congress to put in place a better framework on data security," Cordray said in a recent interview on CNBC. "It's not enough to have enforcement come after the fact. There has to be preventive supervision authority in place and there has to be more robust standards to be met by these companies."

Pressed on the question of whether he was calling for resident examiners to be put in place, he said, "That is exactly what I'm suggesting has to be the case, and the companies should welcome it."

He added, "We are going to have to have monitoring in place that's preventive," Cordray said. "It's going to have to be a different regime than they're used to. If they are going to restore public confidence in this marketplace, and if they're going to create the kind of reforms necessary, they are going to have to recognize that the old days of just doing what they want, and being subject to a lawsuit now and then, are over."

Berry reports that the pushback from the financial service industry’s network of supportive lawyers and lobbyists in Washington was instant. And even without it, the odds of getting Congress to sign off on such a change are, at present, infinitesimal.

Cordray himself is in the crosshairs of Republican lawmakers, who have been attacking him over his management of the CFPB for years. His expected departure to run for governor in Ohio has, if anything, only ramped up efforts to damage his reputation in public hearings.

So for now, whether or not his call for expanding the CFPB’s role in overseeing the credit bureaus has any merit, it’s not likely to go anywhere.

Like what you've just read? Get it in your inbox first-thing every morning.

Today’s Key Reads

Anti-Fraud Collaboration issues case study
Accounting Today - The Anti-Fraud Collaboration between the Center for Audit Quality, Financial Executives International, the Institute of Internal Auditors and the National Association of Corporate Directors has released the fourth in a series of case studies highlighting ways to deter financial fraud.

IRS warns e-Services users of new phishing scam
Accounting Today - The Internal Revenue Service issued a new warning Tuesday to users of its online e-Services cautioning them to beware of a new phishing scam that attempts to trick tax professionals into “signing” a new e-Services user agreement.

Should CFPB have more power over credit reporting agencies?
American Banker - While Republicans have argued that the Consumer Financial Protection Bureau's oversight is too broad and needs to be dialed back, Director Richard Cordray is using the Equifax data breach to float the idea of expanded agency authority over the credit reporting bureaus.

Fannie, Freddie 'not impacted' by Deloitte breach, GSEs say
Credit Union Journal - Fannie Mae and Freddie Mac were not impacted by a hacking incident in September against the accounting giant Deloitte, the companies said Tuesday, after a British newspaper alleged a server containing emails from government agencies was compromised.

New annuities sparked by fiduciary rule 'disruption'
Financial Planning - The fiduciary rule has helped drive a slump in annuity sales, but products emerging in its wake could reverse the downward trend, experts say. The space has seen big changes. In the third quarter, sales dropped to their lowest level since 2001, according to the LIMRA Secure Retirement Institute. Fixed sales outpaced those of variable annuities for the sixth straight quarter — the longest streak in 25 years, the industry research organization says.

SEC’s new Form ADV demands will trip up unprepared RIAs
Financial Planning - RIAs who try to file a routine, but required, amendment to their SEC Form ADV will quickly discover it’s no simple task anymore. On Oct. 1 the SEC stopped accepting any amendments in most instances until firms complete the much more onerous job of filling out its new Form ADV, which includes up to hundreds of new disclosures depending on the size of the firm.

Russian bank fraud scheme combines physical, cyber elements
Payments Source - An organized crime ring in Eastern Europe has orchestrated sophisticated cyber and physical attacks that have drained millions of dollars from banks in Russia, and banks in other countries could be targeted next.

Extra Credit

For Republicans, ‘Failure Is Not an Option’ on Tax Cuts
New York Times - With little to show after 10 months in total control of Washington, Republicans in Congress are increasingly looking at their push to pass a tax bill as essential to their prospects for holding on to power.

Equifax Hack Disclosed Driver’s License Data for More Than 10 Million Americans
Wall Street Journal - It keeps getting worse. The Equifax data breach, the Journal reports, included data on nearly 11 million consumers’ driver’s license data -- information that often includes a physical description of the license holder, making identity theft that much easier to accomplish.

The Federal Reserve treads a fine line on monetary tightening
Financial Times - The FT’s Martin Wolf maps the pitfalls the global economy must avoid in the months ahead and argues for Janet Yellen to remain at the helm of the Federal Reserve. “Donald Trump would only choose one of the [other candidates] if he were as determined to destroy the Fed as he is to ruin the state department and other agencies,” he writes.

Bob Corker Is Just the Beginning of Trump’s Tax-Cut Problems
Bloomberg - President Trump’s very public spat with Tennessee Sen. Bob Corker is only one example of the obstacles the White House faces trying to get a tax bill through the Senate, writes Bloomberg’s Sahil Kapur.

Rob Garver

Rob Garver has been covering the intersection of public policy and the private sector for more than 20 years.