Equifax’s Big Little Fine

A lot of money, and a lot left to do

Jul 24, 2019

SMITH BRAIN TRUST  “It’s a lot of money,” says Maryland Smith’s Clifford Rossi, of the nearly $700 million that credit reporting giant Equifax has agreed to pay over a massive data breach it disclosed two years ago.

But far more needs to be done, adds Rossi, Executive-in-Residence and Professor of the Practice at the University of Maryland’s Robert H. Smith School of Business.

“That’s a big number for a company the size of Equifax. That’s almost a bank-like settlement, so they got slapped on the wrist pretty hard,” he says.

Still, he adds, little appears to have changed at Equifax in the nearly two years since the company disclosed the catastrophic breach that exposed the names, addresses, social security numbers and other data of some 146 million consumers.

“Take a look at Equifax’s website, and look at their board and senior leadership. You still won’t see anyone with a title of risk anything,” says Rossi, who before coming to Smith served as chief risk officer for Citigroup’s Consumer Lending Group. There’s no chief risk officer, or CRO. Neither is there a chief information security officer, or CISO, “a standard position at all the big banks these days for exactly these reasons.”

The credit reporting giants – Equifax, Experian and TransUnion – are “universally important” to the financial services industry, he says, but still face little regulatory oversight. “And as a result, we are all at their mercy. We are taking for granted that they know what they’re doing. And there’s no guarantee, as we saw with that breach, that they have good practices in place to prevent what happened.”

Rossi has also been calling for a holistic review of government oversight of the financial sector and the non-bank entities, or shadow banks, growing up around it.

There are worries, he says. Facebook’s proposed Libra cybercurrency is among the newest. There’s also the ongoing proliferation of nonbank financial institutions now dominating the origination and servicing of the mortgage industry, the boom in financial technology, or fintech, companies. “There is a transformation that is going on in financial services that our regulatory frameworks are not well-suited to handle going forward. Banks are also not in as good a position to really compete effectively at this point. So I do see a lot of change happening fast and our regulatory environment and our laws are kind of behind the times.”

Rossi is not “a big regulation person.”

“But my perspective is that if you are a significant provider of services to the financial sector, or a digital currency, or a fintech company, or a nonbank that provides mortgage origination or servicing, you are going to have to agree to be regulated in a significant way,” Rossi says.

There was one encouraging sign, he says, included in the settlement released this week. It’s a requirement that Equifax research methods of identity verification that do not include Social Security numbers, perhaps relying instead on digital voice prints. It’s a recommendation that Rossi says is long overdue.



About the Expert(s)


Dr. Clifford Rossi is an Executive-in-Residence and Professor of the Practice at the Robert H. Smith School of Business, University of Maryland. Prior to entering academia, Rossi had nearly 25 years' experience in banking and government, having held senior executive roles in risk management at several of the largest financial services companies. His most recent position was Managing Director and Chief Risk Officer for Citigroup's Consumer Lending Group where he was responsible for overseeing the risk of a $300+B global portfolio of mortgage, home equity, student loans and auto loans with 700 employees under his direction. While there he was intimately involved in Citi's TARP and stress test activities. He also served as Chief Credit Officer at Washington Mutual (WaMu) and as Managing Director and Chief Risk Officer at Countrywide Bank.

More In


All the Other Warren Buffetts

'The Warren Buffett of Britain'? 'The Warren Buffett of India'? 'The Warren Buffett of technology'? If it seems like it's hard to keep up with all the Warren Buffetts, don't worry. Here's the secret.

Jan 06, 2020
10 Stocks To Watch in 2020

'As I learned some time ago, you cut your losses and let your winners run,' our expert says, updating his stocks to watch list.

Dec 11, 2019
Central Bank Landscape

Central banks around the world are once again lowering interest rates and looking to unconventional monetary policy tools, aimed at bolstering their economies. Is it working?

Nov 16, 2019