To kick the year off, we sat down with Dennis to hear his thoughts on the year passed. The big story, of course, was the Equifax breach, so you’ll hear how Government Relations responded, and see what issues might take center stage as 2018 progresses.
Can you give a summation of 2017 from a Government perspective?
The first year of a new Administration and new Congress is always action-packed and 2017 proved no different. Overall, regulatory reform was a major initiative in Washington with the House passing a bill proposing several changes to the Dodd-Frank Act. Late in 2017, the Senate Banking Committee passed a more modest regulatory relief package. Both of these bills have moved only slightly as Congress grappled with healthcare and tax reform, and overturned the arbitration rule put out by the CFPB. Adding to this regulatory relief debate, the Director of the CFPB, Richard Cordray, officially resigned in November 2017 to run for the governor of Ohio. Cordray named his own successor the night before he resigned, but the Trump Administration then named current Office of Management and Budget Director Mick Mulvaney as interim director. While an initial court ruling in December declared him the lawful director, lawsuits have followed. Hopefully the situation will be resolved once the Administration nominates and the Senate confirms a new, permanent director, which is expected to happen in 2018.
TransUnion, our trade association in Washington DC (the Consumer Data Industry Association), and several DC-based trade associations were advocating for specific, financial regulatory reforms, including changes to the Credit Repair Organization Act (CROA) and the Fair Credit Reporting Act (FCRA). For CROA, our industry sought to clarify credit bureaus were being improperly characterized as credit repair organizations, simply because they sold products to consumers designed to improve the consumers’ credit profile. For the FCRA, we led the push to bring its statutory penalties in line with all other federal consumer financial protection laws by seeking a cap on potential class action awards. We’ve seen FCRA-related class actions increase dramatically over the past few years, impacting not only consumer reporting agencies, but banks, credit unions, retailers and employers of all sorts. A strong coalition was lined up to support our FCRA Liability Harmonization Act, and on Sept. 7, 2017, a House Financial Services Subcommittee held a hearing where it was well received by most. Unfortunately, Equifax announced its data breach that afternoon and efforts to move this bill out of the Financial Services Committee were put on hold.
In sum, 2017 was divided into eight months of proactively advocating for sensible financial reforms and four months (post Equifax data breach) of educating Members of Congress and their staff, as well as state legislators and state regulators, on data security and the importance of information sharing for financial underwriting, risk management and fraud prevention.
How have legislators responded to the Equifax data breach?
Congressional reaction was quite intense. Other data breaches have been larger, but the data reported hacked (Social Security numbers and drivers’ license numbers to name two) caused many to believe they could become victims of identity theft. And, many in Congress and the media expressed concerns over how Equifax reported the breach and how they handled the subsequent consumer response. Several hearings in the House and Senate took place examining the breach from late September to December. But, Congress didn’t treat the Equifax breach solely as a data security incident. Some Members of Congress called for broader reforms to the credit reporting industry. On the state level, most legislatures had adjourned prior to the Sept. 7 announcement. However, we’ve seen proposed bills being filed in all state legislatures to be heard when they convene in early 2018 around data collection, data breaches, free file freezes, and data usage – which we’ll need to engage on with industry to manage as best we can.
How will things play out in 2018 in regard to the Equifax data breach?
The strategy is fairly straightforward. Now that we have the undivided attention of Congress, all stakeholders must educate Members, their staff and the public on how consumers and the economy benefit from information sharing – whether it’s for risk management, fraud prevention or identity verification. Stakeholders include those who furnish data to the nationwide consumer reporting agencies, as well as those who use the data. Data security education by those storing sensitive consumer data is also essential. In the short-term, it’s always difficult to predict what type of cybersecurity or credit reporting legislation can pass through Congress and reach the President’s desk for signature into law. The larger threat may be an indiscernible patchwork of state laws by the end of 2018.
Other than data security/breach issues, what are other major financial services issues on Congress’ agenda?
If Congress can advance regulatory relief and data security legislation to the President’s desk in the first part of 2018, we should expect attention to turn to housing finance reform, possible updates to the Bank Secrecy Act and anti-money laundering rules and issues related to FinTech. With 2018 being an election year, Congress typically conducts more oversight rather than legislating. Regardless, it will be another very interesting year in Washington.
Dennis Ambach leads TransUnion’s Government Relations function across the enterprise. He joined TransUnion in February 2014 and resides in Washington DC.