Why Regulation Won’t Fix Credit Reporting Agencies

Some of the most memorable television commercials of the 1970s and 1980s were those promoting E. F. Hutton’s brokerage services. When its tagline, “When E. F. Hutton talks, people listen,” was spoken in those commercials, everyone in the room stopped, turned to look and listened with rapt attention to the person who uttered those words.

The person speaking never revealed what E. F. Hutton told them, but the implication was that it must have been awesome, since the people in the commercials looked pretty well-heeled. Here’s a funny example that sets up an exchange between two business executives on an airplane.

Thirty years later, I find their tagline a rather fitting metaphor for the Equifax data breach and the flurry of headlines made by everyone who now wants to take them — and their two credit reporting agency compadres, Experian and TransUnion — out to the regulatory woodshed.

Nowhere is this outrage more deafening than the halls of Congress, where member after member now demands that executive heads at Equifax be placed on chopping blocks and massive regulatory changes across the credit reporting industry be made. Senator Elizabeth Warren (D – Mass.) has strongly hinted that the agency she birthed in 2008 and opened for business in 2011 — the Consumer Financial Protection Bureau (CFPB) — should be given the authority to do even more. The credit bureaus were included in the CFPB’s scope of oversight in 2012, and she’s asked the agency to let her know what additional power it might need to better regulate the credit reporting agencies going forward.

I’m sure they are quite busy making their list and checking it twice.

But why now, just this week, is everyone so outraged and so willing to talk tough about the credit reporting agencies in the name of consumer harm?

Here’s a theory.

Consumers have been complaining bitterly about credit reporting agency practices for decades. More recently, their complaints have been made more transparent, thanks to the CFPB’s consumer complaint database. But as consumer complaints about those agencies have escalated over the years, policymakers have seemed happy to let The Big Three run fast and loose. Government agencies, like the FHA, Fannie Mae and Freddie Mac require a minimum FICO score to qualify for a loan, and 90 percent of mortgage lenders use FICO scores to do the same. FICO scores are based on a credit scoring model using data from one of The Big Three agencies — Equifax, TransUnion and Experian.

As a consequence, we have three credit reporting agencies operating today, who are largely free to do whatever they want with the data they have — consumer complaint database be damned.

The Big Three sell that data to anyone who’ll pay for it, adding to their multibillion-dollar annual revenue streams.

They keep how they collect all the data they have on consumers a secret, locked inside an opaque black box that consumers have to pay to open if they want to see inside more than once a year.

And, in the case of Equifax, they make that consumer data vulnerable to compromise — an egregious lapse in security for a company that is, above all, an information and data repository.

All of this happened because The Big Three operate in an environment with political barriers to entry so steep — given the many agency requirements to use a FICO score and how reliant most lenders are on using it — that it’s largely impossible for viable competition to emerge, challenge them and get scale.

There aren’t many markets where consumers actually have little to no other choice, but this is one of them.

So, only after almost every single adult in the U.S. now has their information available for purchase on the Dark Web — using bitcoin, of course — do we have policymakers screaming loudly, championing change, vowing to help the consumer who’s been telling them — and the CFPB — for years there’s something really, really, really rotten in the land of credit reporting.

The Credit Score

Establishing creditworthiness — and having a reliable way to validate it — is the bedrock of any thriving economy. The notion of a credit bureau — a place where a consumer’s financial information could be housed and accessed by lenders — started in the U.S. in 1899. That year, two grocery store owners opened a small business to help merchants trade financial information that would make it easier for all of them to access that information and make lending decisions.

That business was called The Retail Credit Corporation.

It would take 71 years for Congress to listen to the complaints of consumers about the information that credit reporting agencies collected about them and pass the Fair Credit Reporting Act (FCRA) in 1970.

Until that time, employees of those agencies — and there was really only one, since TransUnion wasn’t founded until 1968 — were given free rein to collect a wide range of information on consumers. Consumer credit reports back then included information about marital and medical status, sexual orientation, political affiliation, drinking habits and other details completely outside what was necessary to make a decision about an individual’s ability to repay a debt.

The Retail Credit Corporation was also free to sell that data to anyone willing to pay for it, and many did.

In the 1960s, consumer advocates claimed that these highly personal “credit” reports were interfering with a consumer’s ability to access a variety of services that had nothing to do with getting credit, including employment. The FCRA that was passed in 1970 gave the Federal Trade Commission (FTC) power to regulate access to that data, assure its accuracy and establish parameters for what data was collected and to whom it was reported.

Five year later, in 1975, The Retail Credit Corporation would change its name to Equifax to rebuild its image after its shady information collection practices had been exposed.

It would take another three decades — 2001 — for the FCRA to be amended further to give consumers direct access to their credit reports for a “fair and reasonable” fee. Since then, subsequent amendments to the FCRA gave consumers the right to get their credit report for free once a year, to remove inaccurate and certain derogatory information and to limit who can access their data.

The credit score itself, the FICO score, was an innovation brought to market in 1989 by the Fair Isaac Corporation. Their software models created each score based on the data that the credit reporting agencies reported to them. Credit reporting agencies got their data from lenders. FICO’s innovation was to use software and algorithms to create a standard and consistently calculated measure of creditworthiness so that lenders could more reliably make decisions about the creditworthiness of each potential borrower.

So, What’s the Problem?

Given the changes in regulatory oversight, in theory, one might think that consumers should all be living happily ever after today.

They are not.

Since 2012, the CFPB’s consumer complaint database has collected 1.1 million complaints across a wide variety of financial services issues. Its February 2017 report, posted on its website, highlighted credit reporting complaints.

That report noted that of the 1.1 million complaints it’s received, 185,717 of them were about credit reporting agency practices — about 18 percent of all consumer complaints. Another 12 percent of complaints had to do with debt collection agency practices.

Maybe you think that doesn’t sound so bad. Not even 20 percent of consumers have a beef with The Big Three. Peeling back that onion tells a different story, however.

The CFPB reported that the average number of monthly complaints received about credit reporting issues was 3,523. In February 2017, that number was up 24 percent to 4,620. Only complaints about mortgages (4,193) and debt collectors (6,904) topped it that month. They also reported that complaints about credit reporting agencies and debt collectors were consistently ranked in the top three, month after month.

The CFPB’s complaint database also tracked the companies with the highest number of complaints. The February report showed Wells Fargo in the lead, followed by Equifax, TransUnion and Experian in that order. Equifax and the other credit reporting agencies were consistently among the top five.

Roughly 143,000 of the consumer complaints about the credit reporting agencies — or 77 percent — were about inaccurate data showing up on their credit reports. That inaccurate data ran the gamut from data that was wrong, wasn’t expunged, corrected or updated as requested; data about other consumers that wasn’t supposed to be on their reports and requests to access their credit reports from companies they didn’t recognize.

The rest of the complaints were related to customer service issues, including excessive wait times to speak with a customer service representative, not having updated information corrected in a timely fashion and difficulty understanding what was needed to correct an error on their report that the agencies had made.

Listening with Only Half an Ear

In January of 2017, the CFPB fined TransUnion and Equifax $23 million over marketing schemes that lured consumers into paying monthly subscription fees for access to their credit reports. In Equifax’s case, that included giving consumers “free” access to their data only after they watched an ad (for which Equifax was being paid money by an advertiser). The fine was mostly consumer restitution, with a small piece paid in penalties to the CFPB.

In March of 2013, Experian was fined $3 million for a variation on that same theme.

All fines levied and all of the complaints logged were over practices that the FCRA prohibited The Big Three from doing: making it hard for consumers to access their credit reports and making it difficult for consumers to correct information that the credit reporting agencies had wrong.

Not getting that information right has consequences that are far greater to consumers than the fines the credit reporting agencies have to pay. Bad data can make getting credit impossible or extremely costly for consumers. An FTC study reports that one in five consumers has an error on her report, and those errors will cost one in 20 of those consumers in the form of higher interest and carrying costs on their loans.

Meanwhile, The Big Three credit reporting agencies have little incentive to care.

Why should they work hard to satisfy the consumer when they have a virtual lock on the data that stands between a consumer and her loan, as long as a FICO score is required to get it? Why make their process transparent to consumers or bust a gut to get things corrected when there’s no competitor operating at or near scale nipping at their heels to force them to step up their game?

And, it’s a drop in the bucket for these multibillion-dollar monopolists to get a superficial slap on the wrist and microscopic fines when there’s no existential reason for them to change their business practices.

The great irony here is that consumers have been complaining about credit reporting agencies for decades.

It was their complaints 50-plus years ago that led to the creation of the FCRA in 1970 — after ten years of consumer advocates raising alarm bells. And it’s been transparent to policymakers since 2012, when there became a source of truth called the CFPB consumer complaint database, that credit reporting agencies are one of the top three places that consumers say they consistently feel the most pain.

Instead, policymakers have doubled down on advocating wholesale changes in how prepaid cards, payday lending and arbitration rules work today — topics that are consistently lower on the list of consumer pain points.

While consumer complaints with credit reporting agencies averaged 3,523 each month, the CFPB reported that monthly complaints about credit cards, payday loans, prepaid cards and money transfers averaged 1,692, 421, 212 and 166 respectively. Complaints about credit reporting were more than two times that of credit card complaints, about nine times that of payday loan complaints, more than 12 times that of prepaid card complaints and 20 times that of money transfer complaints.

The CFPB also reported that complaints about payday loans have shown the greatest percentage of decline — at 26 percent — across all categories they monitored.

The other great irony is that policymakers also seem determined to pick fights with tech companies over a variety of alleged wrongdoings. The same tech companies on their target list that also consistently top the consumer’s list of most beloved, trusted brands, and whose apps and services are among the most used by consumers: Apple, Google, Facebook and Amazon, to name but a few.

Kinda makes you wonder why.

The Catalyst for Change?

I went to Equifax’s website this morning, and on their home page was a headline for their KYC (Know Your Customer) and AML (Anti-Money Laundering) services that said this: What’s Keeping Your Compliance Team Up At Night?

I think we all know the answer to that question now.

It’s probably fair to say that the Equifax hack is to consumer authentication what Target was to EMV at the physical point of sale: a catalyst for change. Companies who come in contact with consumers in the name of commerce, payments, retail or other financial services are now moving digital identity verification to the top of their lists to protect themselves and their consumers from the inevitable wave of digital identity fraud that’s about to hit them — and could crush them if they don’t.

And just like the shift to EMV, the ecosystem of payments and financial services companies will come together to meet this challenge — in this case, with a running head start of tools and technologies and innovators and platforms prepared to help meet this challenge head on. And since data and risk modeling is no longer the domain of three players and a credit score, innovators are building businesses around the notion of honest finance and complete consumer transparency into how credit decisions are made and how much credit will cost them — and slowly gaining traction with consumers and retailers.

But here we are — the most horrific breach of highly sensitive consumer data ever recorded in the U.S., the OPM hack notwithstanding — with policymakers focused on how to regulate these three monopolists within an inch of their lives instead of focusing on the much bigger problem.

We don’t need more regulation. After all, The Big Three were regulated by the CFPB and the FTC, and look where that got us.

What we need is competition.

Figuring out how to make credit reporting competitive — where consumers actually have a voice to discipline credit reporting agencies that provide bad service, no innovation and risky behavior — and giving lenders options that would foster a more dynamic marketplace won’t be easy, but that’s what policymakers, and others, should be working to solve.

We have the pieces and players in place to create a competitive playing field; we just need policymakers to let them play.