When it comes to financial information, security is always a top concern. Data breaches – like the recent Equifax hack, which exposed sensitive data from more than 140 million Americans – have become daily news, driving consumers to worry about their privacy and financial safety. Now a government bureaucracy called the Consumer Financial Protection Bureau is poised to put millions more American consumers' personal financial information at risk.
The CFPB, established under the Dodd-Frank Wall Street Reform and Consumer Protection Act, is supposed to be looking out for consumers and preventing the next financial collapse by monitoring the activities of big banks. But now the CFPB is targeting Main Street businesses, especially the short-term loan industry, and its customers, who had nothing to do with the 2008 downturn.
In the coming weeks, the CFPB will issue a series of new rules aimed at curtailing payday, vehicle title, and certain high-cost installment loans that will cut nearly 30 million customers off from critical forms of credit. Even more significant, however, is that it will begin mandating the collection of huge volumes of unnecessary financial information, and in the process expose people who use these products to a potential hack.
Under the new rule, customers applying for a small-dollar loan – the average being a mere $350 – will be required to submit extensive personal financial information in support of their applications. Lenders will determine a customer's ability to repay the loan, but they will also be required to share this financial information with numerous credit reporting agencies (CRAs) registered with the Bureau. Before the recent Equifax breach, the CFPB boasted that the new rule would prescribe "requirements for furnishing loan information to and obtaining consumer reports from those registered information systems," as if such reporting benefited consumers.
These CRAs will, in effect, serve as a collective database for customer's personal financial data, and they will be required to communicate with one another about an individual's borrowing activity. The net effect is that a huge amount of personal financial information will be shared between institutions – and in a way that puts consumers at risk.
This mandate is a large overstep by the CFPB, but it's not the first time they've acted so aggressively. Recently, the CFPB conducted large-scale data collections in the name of monitoring the markets for abuse. The House Financial Services Committee found that the CFPB collected data on 87 percent of the credit card market in 2015, with a goal of capturing up to 95 percent. But there was no good argument – let alone evidence – that gathering all this highly sensitive, personal financial information does anything to make our financial system more secure. Recent examples show just the opposite.
The committee concluded that the CFPB actually needed to collect data on a mere 1 percent of the market to fulfill its mission under the Dodd-Frank Wall Street Reform and Consumer Protection Act. And to add insult to injury, the HFSC found CFPB failed to keep all this data secure. The committee revealed that the CFPB was "deficient in multiple areas," including in its ability to keep this personal information secure and anonymous, even when it was widely circulated.
In this age of hacking, data breaches have become commonplace. Massive cyberattacks on Equifax, Target, and Wells Fargo – as well as smaller breaches at companies like Deloitte – have put many consumers at risk. And a recent cyberattack at the Securities and Exchange Commission demonstrates our government agencies also remain a target. Who doesn't remember the massive breach at the Office of Personnel Management? The big difference, of course, is that consumers affected by the Equifax breach can take legal recourse against the company – the same cannot be said for consumers should a breach occur against this unaccountable agency.
Democratic lawmakers like Sen. Mark Warner, D-Va., a member of the Senate Banking Committee, claim hacks like these represent "a real threat to the economic security of Americans." And Sen. Elizabeth Warren, D-Mass. – a strong advocate for the CFPB – lambasted Equifax for failing "to safeguard data." Yet the irony was missed by both, as the CFPB continues to move full-steam ahead with plans to collect its own treasure trove of information, consequently putting millions of Americans at risk for identity theft and other financial crimes.
Whatever support for the Small-Dollar Loan rule existed before the Equifax hack ought to have been quelled by the harsh reality of the potential for such a massive data breach. The CFPB not only has a history of over-collecting, but also of disregarding the safety and security of the information it gathers.
And what's to say the CFPB and the agencies it is relying on to collect and exchange this information will be any better at it than Equifax, the SEC, OPM, and Deloitte? It's time to stop CFPB before the privacy and financial security of millions of Americans are irreversibly harmed.
Edward D'Alessio is Executive Director of the Financial Service Centers of America (FiSCA).
If you would like to write an op-ed for the Washington Examiner, please read our guidelines on submissions.