Equifax’s Big Little Fine

A lot of money, and a lot left to do

Jul 24, 2019
Finance

SMITH BRAIN TRUST  “It’s a lot of money,” says Maryland Smith’s Clifford Rossi, of the nearly $700 million that credit reporting giant Equifax has agreed to pay over a massive data breach it disclosed two years ago.

But far more needs to be done, adds Rossi, Executive-in-Residence and Professor of the Practice at the University of Maryland’s Robert H. Smith School of Business.

“That’s a big number for a company the size of Equifax. That’s almost a bank-like settlement, so they got slapped on the wrist pretty hard,” he says.

Still, he adds, little appears to have changed at Equifax in the nearly two years since the company disclosed the catastrophic breach that exposed the names, addresses, social security numbers and other data of some 146 million consumers.

“Take a look at Equifax’s website, and look at their board and senior leadership. You still won’t see anyone with a title of risk anything,” says Rossi, who before coming to Smith served as chief risk officer for Citigroup’s Consumer Lending Group. There’s no chief risk officer, or CRO. Neither is there a chief information security officer, or CISO, “a standard position at all the big banks these days for exactly these reasons.”

The credit reporting giants – Equifax, Experian and TransUnion – are “universally important” to the financial services industry, he says, but still face little regulatory oversight. “And as a result, we are all at their mercy. We are taking for granted that they know what they’re doing. And there’s no guarantee, as we saw with that breach, that they have good practices in place to prevent what happened.”

Rossi has also been calling for a holistic review of government oversight of the financial sector and the non-bank entities, or shadow banks, growing up around it.

There are worries, he says. Facebook’s proposed Libra cybercurrency is among the newest. There’s also the ongoing proliferation of nonbank financial institutions now dominating the origination and servicing of the mortgage industry, the boom in financial technology, or fintech, companies. “There is a transformation that is going on in financial services that our regulatory frameworks are not well-suited to handle going forward. Banks are also not in as good a position to really compete effectively at this point. So I do see a lot of change happening fast and our regulatory environment and our laws are kind of behind the times.”

Rossi is not “a big regulation person.”

“But my perspective is that if you are a significant provider of services to the financial sector, or a digital currency, or a fintech company, or a nonbank that provides mortgage origination or servicing, you are going to have to agree to be regulated in a significant way,” Rossi says.

There was one encouraging sign, he says, included in the settlement released this week. It’s a requirement that Equifax research methods of identity verification that do not include Social Security numbers, perhaps relying instead on digital voice prints. It’s a recommendation that Rossi says is long overdue.

GET SMITH BRAIN TRUST DELIVERED
TO YOUR INBOX EVERY WEEK

SUBSCRIBE NOW

About the Expert(s)

RossiCliff

Dr. Clifford Rossi is an Executive-in-Residence and Professor of the Practice at the Robert H. Smith School of Business, University of Maryland. Prior to entering academia, Rossi had nearly 25 years' experience in banking and government, having held senior executive roles in risk management at several of the largest financial services companies. His most recent position was Managing Director and Chief Risk Officer for Citigroup's Consumer Lending Group where he was responsible for overseeing the risk of a $300+B global portfolio of mortgage, home equity, student loans and auto loans with 700 employees under his direction. While there he was intimately involved in Citi's TARP and stress test activities. He also served as Chief Credit Officer at Washington Mutual (WaMu) and as Managing Director and Chief Risk Officer at Countrywide Bank.

More In

Finance

The Non-Terrible IPOs of 2019

It’s been a big year for IPOs, but it hasn’t been a kind one. But for all the flops and failures, there have been some highlights. Here are three.

Oct 01, 2019
Banks Are Flirting With Bonds That Burned Them Before

Big U.S. banks have begun cozying up to the business of building and selling mortgage bonds, the very securities that helped plunge them into financial crisis a decade ago. Is it time to worry?

Sep 24, 2019
Should the World’s Central Banks Think Green?

In various corners of the world, central bankers increasingly are paying attention to weather events, carbon emissions and environmentally driven finance efforts.

Sep 11, 2019