CFA News

CFAnews Update – December 14, 2017

Corday Departure from CFPB Triggers Dispute over Agency Leadership

When Richard Cordray, Director of the Consumer Financial Protection Bureau (CFPB), stepped down from his position in mid-November, it triggered a dispute over who would lead the agency until the President names and the Senate confirms a permanent replacement. Cordray named Leandra English as Acting Director, while the White House appointed Director of the Office of Management and Budget Mick Mulvaney, an outspoken critic of the agency, to fill the position.

English took the dispute to court, but in late-November a U.S. District Court judge in Washington sided with the Trump administration and refused to grant a temporary restraining order blocking Mulvaney from assuming the position. English is expected to continue her legal challenge until a permanent replacement is confirmed, while Mulvaney has directed agency staff to ignore her instructions. Mulvaney, meanwhile, has issued a 30-day moratorium on hiring and new actions.

“The CFPB is an effective agency that has successfully worked to ensure a fair financial marketplace for consumers,” said CFA Legislative Director and General Counsel Rachel Weintraub. “The agency’s work on behalf of consumers must continue and vigorous enforcement of the law to hold bad actors accountable cannot be interrupted,” she added. “The President must now nominate a permanent Director who is confirmed by the Senate. Any credible nominee must uphold the independence of the CFPB, must work full time to ensure a fair financial marketplace for consumers, and must have a proven track record of working for American consumers.”

Meanwhile, the Senate Committee on Appropriations released the Financial Services and General Government Appropriations bill last month that would change the funding mechanism of the CFPB placing it within the politicized appropriations process, unlike other agencies with regulatory authority over the banking sector. Rather than holding hearings and gathering feedback from experts, the committee slipped the “poison pill rider” into this budget bill, CFA stated in a press release.

“For generations, banking regulators have been insulated from Congressional politics by ensuring they have independent funding. The Consumer Financial Protection Bureau’s work to bring in $12 billion in refunds to 30 million Americans shows that law enforcement is working. Congress should resist the lobbying efforts of special interests and wipe out this dangerous fine print from the budget bill,” Weintraub said.

DOL Acts to Strip Protections from Retirement Savers

With critical provisions of the Department of Labor’s conflict of interest (or fiduciary) rule due to take effect in January, the Department issued a final rule last month that calls into question whether retirement savers will ever receive the rule’s full protections against conflicted investment advice.

Core provisions of the conflict rule went into effect in June, requiring all financial professionals to act in their customers’ best interests, charge only reasonable fees, and make no misleading statements when providing retirement investment advice. But other provisions – including those that require firms to place concrete limits on conflicts of interest and that provide IRA investors with needed tools to hold financial professionals accountable for violations – were not due to take effect until January 1. They have now been put on hold for 18 months while the Department considers additional revisions to the rule.

The Department, meanwhile, has signaled that it has no plans to get tough on enforcement during this “transition” period. It has said it will only bring enforcement actions where firms fail to make good faith efforts at compliance, but it appears to be turning a blind eye to evidence of non-compliance that falls short of that good faith standard, said CFA Director of Investor Protection Barbara Roper. “As long as financial firms remain free to encourage and reward advice that is not in customers’ best interests, there are likely to be widespread violations of the best interest standard, and investors will have no way to hold firms and advisers accountable when that occurs,” she added.

There are serious flaws with the DOL’s analysis in its 18-month stay of the rule, said CFA Financial Services Counsel Micah Hauptman. “The DOL ignored its previous findings and analysis in some very troubling ways, including its conclusion that it was necessary for the full protections of the rule to become applicable without undue delay, as well as that it was critical to have in place an effective enforcement mechanism in order to ensure compliance and accountability,” Hauptman said. “In addition, the DOL didn’t even attempt to figure out how much retirement savers will be harmed by this regulatory action. If they did, it would clearly show that the costs to retirement savers substantially outweigh any benefits to the industry from deferred compliance costs and therefore can’t be justified economically,” he added.

In the wake of the DOL action, Securities and Exchange Commission Chairman Jay Clayton reiterated his intention to adopt a rule under the securities laws and stressed his intention to develop a rule that investors would support. “We look forward to working with Chairman Clayton to develop a strong, pro-investor rule to ensure that brokers and advisers alike deliver the best interest advice that investors expect and deserve,” Roper said.

Credit Reporting Companies Urged to Explain Profits in Wake of Equifax Data Breach

Just two months after Equifax disclosed its massive breach, which exposed the personal information of over 143 million Americans, consumer advocates are questioning the CEOs of Experian, TransUnion, and Equifax to obtain information on whether they are inappropriately profiting off of the data breach.

CFA, the National Consumer Law Center, Americans for Financial Reform, US PIRG, and other nonprofit advocacy groups wrote to TransUnion CEO Jim Peck, Experian North America CEO Craig Boundy, and Equifax Interim CEO Paulino Barros asking for detailed information on how the data breach might be leading to higher revenues in credit freeze fees and credit monitoring services.

TransUnion boasted of “very strong quarterly performance” with revenue up 13.8 percent, beating the expectations of Wall Street analysts.  Even Equifax reported its second-best quarter ever, with sales rising and earnings of $835 million in the same quarter in which the company finally came clean on its massive data breach.

The credit reporting companies often require consumers to pay to freeze their accounts, even when the industry itself is responsible for the data breach. The industry also markets credit monitoring and identify theft services, bringing in billions in revenue. Consumer advocates are asking the credit reporting agency CEOs for information about how their revenues from freezes, credit monitoring services, and identity theft services compare to last year’s revenues in order to determine if the massive Equifax data breach has had a positive impact on their profits.

“Consumers should be able to freeze their credit reports for free, even if they aren’t breach victims, to proactively protect themselves from some common types of identity fraud,” said Susan Grant, CFA Director of Consumer Protection and Privacy. “If there is a breach, those affected should be provided with the appropriate assistance, at no charge, to resolve any problems that may result.”

IKEA and CPSC Reissue Recall of MALM Dresser Due to Tip-Over Hazard

In the wake of yet another child’s death, the U.S. Consumer Product Safety Commission (CPSC) and IKEA re-announced the recall of MALM and other dressers last month. The dressers had previously been recalled in June of 2016. In their press release announcing the reissue of the recall, the CPSC urged consumers to obtain a refund or a repair for these dressers.

“Sadly, we know the tragic consequences of inadequate communication about this recall of unstable dressers due to the eighth death that was recently publicized,” stated CFA’s Legislative Director and General Counsel Rachel Weintraub. “We urge IKEA to more robustly communicate this recall to its consumers. We urge consumers to remove these unsafe dressers from their homes and obtain a refund. We urge the CPSC to take stronger action to protect consumers from these potentially deadly dressers.”

The CPSC has stated that IKEA has received 186 reports of tip-over incidents involving the MALM chests and dressers, including 91 reports of injuries to children. In addition, IKEA has received 113 reports of tip-overs with other recalled IKEA chests and dressers, including 53 reports of injuries to children.

“It is imperative that safety messages focused on anchoring dressers to the wall not be substituted for clear messages urging consumers to remove the unstable MALM dressers and obtain a refund from IKEA,” stated Weintraub.

Uber Data Breach Shows Need for Consumer Privacy Protection Act

Policymakers were presented with new evidence last month that security for consumers’ personal information must be improved, when it was revealed that ride-hailing company Uber experienced a major data breach in October 2016 and not only kept it secret from the customers and drivers who were affected but even paid the hackers to hush it up.

“While we already have state data breach notice laws, and I am confident that state authorities will act on any violations that occurred here, there should be requirements for safeguarding our personal information to deter theft, identify breaches quickly, and take the appropriate action,” said CFA Director of Consumer Protection and Privacy Susan Grant. “Furthermore, there must be strong penalties to hold companies such as Uber accountable,” she added.

S. 2124, the Consumer Privacy Protection Act of 2017, which was recently introduced by Senator Patrick Leahy, would require companies to implement privacy and security programs to protect the sensitive personally identifiable information that they access, collect, use, transmit or store, such as driver’s license numbers, and to notify affected individuals without undue delay if that data has been breached. Companies must also provide breach victims with the appropriate identity theft prevention and mitigation services. The Act would empower the Federal Trade Commission to issue regulations, provide for federal and state enforcement, and impose civil penalties for violations. The bill would also make it a crime to conceal a security breach under certain circumstances.

“It is time for action to be taken to ensure that companies take data security seriously. This isn’t the first data breach at Uber, but it should be the last,” said Grant.