The down-is-up world of the Trump administration grew even battier Monday amid reports that the Consumer Financial Protection Bureau is scaling back its investigation into credit agency Equifax, which allowed hackers to access the personal information of more than 145 million Americans.
Because, you know, why would you want the nation’s top consumer watchdog aggressively looking into one of the worst data breaches in the country’s history?
When I first heard the news, I felt a little like Alice trying to adjust to the impossible happening. “One can’t believe impossible things,” she laments.
To which the White Queen replies: “I daresay you haven’t had much practice. … Why, sometimes I’ve believed as many as six impossible things before breakfast.”
Reuters, citing “government and industry sources,” said the bureau’s interim director, White House budget chief Mick Mulvaney, has taken us through the looking glass by deciding not to issue subpoenas or seek sworn testimony from Equifax execs.
The CFPB also “has shelved plans for on-the-ground tests of how Equifax protects data,” Reuters said.
The agency declined to comment directly on the report. It said in a statement that “the bureau is looking into Equifax’s data breach and response. Reports to the contrary are incorrect.”
But consumer advocates wasted no time in ringing alarm bells about what would be only the latest in a series of recent moves by Mulvaney to cripple the CFPB’s regulatory role over the financial services industry.
Christine Hines, legislative director for the National Assn. of Consumer Advocates, told me Monday’s news was “yet another recent tragic case of the agency going the wrong way on consumer financial protection.”
Yana Miles, senior legislative counsel for the Center for Responsible Lending, said Mulvaney “is finding new ways to sabotage the consumer bureau.”
“The administration should recognize the severe harm Mulvaney is doing to the public and nominate a director who has people’s interest at heart,” she said.
Now that would be a wonder.
President Trump, our businessman-in-chief, has made no secret of his disdain for the CFPB, which has returned about $12 billion to aggrieved consumers since opening its doors in 2011.
His appointee, Mulvaney, previously referred to the agency as a “sick, sad joke,” and has wasted no time in making clear that his idea of consumer protection includes protecting business interests as well.
The bureau announced last month that it will “reconsider” the first federal rules providing oversight of payday and car title loans — protections put in place by former President Obama’s appointee to oversee the CFPB, Richard Cordray, who stepped down in November.
The bureau also announced it was dropping a lawsuit against a group of payday lenders that allegedly duped customers by failing to reveal annual interest rates of nearly 1,000%.
Mulvaney has invited businesses to submit “constructive feedback” about further changes they’d like to see, which is widely interpreted as an opening for banks, credit card issuers and other lenders to compile a list of regulations they’d prefer to be dumped in the wastebasket.
Perhaps no move spells out the Trump administration’s intentions more clearly than Mulvaney’s budget request for the current quarter. Under its previous management, the CFPB requested $217 million to fund three months of investigations and enforcement actions.
Under the current management, the bureau requested bupkis.
Seriously. No money whatsoever. Mulvaney said the agency would make do with whatever it had on hand.
So it’s not very difficult to believe the impossible: that he’d now hand Equifax a get-out-of-jail-free card for breathtakingly lax data security, which resulted in the names, addresses and Social Security numbers of millions of people being released into the wild.
“Only the consumer bureau has the tools and powers needed to investigate and hold the powerful financial gatekeeper Equifax accountable,” noted Ed Mierzwinski, federal consumer program director for the U.S. Public Interest Research Group.
The data breach has resulted in dozens of lawsuits and investigations by state attorneys general. But the CFPB is uniquely positioned to hold Equifax accountable at the federal level and send a strong message not just to other credit agencies, but to all financial firms.
A go-slow — or, worse, a no-go — policy under Mulvaney would be a clear signal that cracking down on data breaches isn’t much of a concern for the Trump administration.
That, in turn, would be welcome news to businesses, which routinely complain that privacy rules make it too hard for them to profit from consumers’ personal information.
As I reported last month, Republican lawmakers blocked all privacy-related bills introduced by Democrats in the wake of the Equifax breach. Some of those bills would have required relatively innocuous measures, such as credit agencies providing free credit freezes after a database is hacked.
Contrast this with what’s happening in Europe, where a new law, the General Data Protection Regulation, will take effect in May. Among other things, it requires companies to obtain consent from customers before using or sharing their personal information.
It also requires that customers be notified of any security breach within 72 hours.
Mulvaney, meanwhile, is twiddling his thumbs.
“Refusing to investigate a data breach that put 145 million Americans at risk is malpractice,” Sen. Sherrod Brown, an Ohio Democrat and ranking member of the U.S. Senate Committee on Banking, Housing and Urban Affairs, said in a statement.
“Once again, Mr. Mulvaney has made clear he will always side with special interests over the consumers who count on CFPB for help,” he said.
Which is, of course, madness.
Then again, the Mad Hatter noted that when it comes to being nuts, “the best people usually are,” which sounds disturbingly like something Trump might say.
2:15 p.m.: This column was updated with a response from the Consumer Financial Protection Bureau.
This column was originally published as 1:05 p.m.