Equifax’s Big Little Fine

A lot of money, and a lot left to do

Jul 24, 2019

SMITH BRAIN TRUST  “It’s a lot of money,” says Maryland Smith’s Clifford Rossi, of the nearly $700 million that credit reporting giant Equifax has agreed to pay over a massive data breach it disclosed two years ago.

But far more needs to be done, adds Rossi, Executive-in-Residence and Professor of the Practice at the University of Maryland’s Robert H. Smith School of Business.

“That’s a big number for a company the size of Equifax. That’s almost a bank-like settlement, so they got slapped on the wrist pretty hard,” he says.

Still, he adds, little appears to have changed at Equifax in the nearly two years since the company disclosed the catastrophic breach that exposed the names, addresses, social security numbers and other data of some 146 million consumers.

“Take a look at Equifax’s website, and look at their board and senior leadership. You still won’t see anyone with a title of risk anything,” says Rossi, who before coming to Smith served as chief risk officer for Citigroup’s Consumer Lending Group. There’s no chief risk officer, or CRO. Neither is there a chief information security officer, or CISO, “a standard position at all the big banks these days for exactly these reasons.”

The credit reporting giants – Equifax, Experian and TransUnion – are “universally important” to the financial services industry, he says, but still face little regulatory oversight. “And as a result, we are all at their mercy. We are taking for granted that they know what they’re doing. And there’s no guarantee, as we saw with that breach, that they have good practices in place to prevent what happened.”

Rossi has also been calling for a holistic review of government oversight of the financial sector and the non-bank entities, or shadow banks, growing up around it.

There are worries, he says. Facebook’s proposed Libra cybercurrency is among the newest. There’s also the ongoing proliferation of nonbank financial institutions now dominating the origination and servicing of the mortgage industry, the boom in financial technology, or fintech, companies. “There is a transformation that is going on in financial services that our regulatory frameworks are not well-suited to handle going forward. Banks are also not in as good a position to really compete effectively at this point. So I do see a lot of change happening fast and our regulatory environment and our laws are kind of behind the times.”

Rossi is not “a big regulation person.”

“But my perspective is that if you are a significant provider of services to the financial sector, or a digital currency, or a fintech company, or a nonbank that provides mortgage origination or servicing, you are going to have to agree to be regulated in a significant way,” Rossi says.

There was one encouraging sign, he says, included in the settlement released this week. It’s a requirement that Equifax research methods of identity verification that do not include Social Security numbers, perhaps relying instead on digital voice prints. It’s a recommendation that Rossi says is long overdue.



About the Expert(s)


Dr. Clifford Rossi is an Executive-in-Residence and Professor of the Practice at the Robert H. Smith School of Business, University of Maryland. Prior to entering academia, Rossi had nearly 25 years' experience in banking and government, having held senior executive roles in risk management at several of the largest financial services companies. His most recent position was Managing Director and Chief Risk Officer for Citigroup's Consumer Lending Group where he was responsible for overseeing the risk of a $300+B global portfolio of mortgage, home equity, student loans and auto loans with 700 employees under his direction. While there he was intimately involved in Citi's TARP and stress test activities. He also served as Chief Credit Officer at Washington Mutual (WaMu) and as Managing Director and Chief Risk Officer at Countrywide Bank.

More In


The Coronavirus Recession

For the U.S. economy, these are dark days. Social distancing steps aimed at stemming a pandemic's spread have people and businesses closing their doors. Uncertainties and worries are high. Here is our expert's outlook.

Mar 25, 2020
Is the ETF Boom Stoking Market Volatility?

Do ETFs contribute to market volatility? New research may hold the answer.

Mar 18, 2020
What’s Your Personal VaR?

Managing your own investment risk like a bank can provide a way to quantify your appetite for risk under a wide range of outcomes in a consistent and easily understood manner.

Mar 17, 2020