CFPB Hits Pause On Equifax Investigation

Interim director Mick Mulvaney may not be able to completely shutdown the government agency he currently runs — but he is surely working overtime to make sure that the CFPB does as little as humanly imaginable while he is at its helm.

In his latest effort to scale back when and where the Consumer Financial Protection Bureau intercedes, Mulvaney has decided to put a pin in the full-scale probe of how Equifax Inc failed to protect the personal data of millions of consumers, according to Reuters reports.

Equifax admitted in September that it had lost the data of 143 million Americans (nearly every American adult), promoting then-director Richard Cordray to authorize a full scale investigation. But Cordray stepped down in November and was replaced by Mulvaney (legal challenges to the side), under whom the investigation has slowed to a nearly non-existent crawl.

“The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these,” said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation, despite having the tools.

Three sources say that Mulvaney has neither ordered subpoenas against Equifax nor sought sworn testimony from executives. The CFPB has also shelved plans for on-the-ground tests of how Equifax protects data.

According to reports, the CFPB also recently rebuffed bank regulators at the Federal Reserve, Federal Deposit Insurance Corp and Office of the Comptroller of the Currency when they offered to help with on-site exams of credit bureaus.

Equifax is currently facing investigations from every state AG — by its own reporting — and faces around 240 class action law suits.

The Federal Trade Commission is examining the breach, and the company may face financial penalties. This would be their second dance with the FTC — Equifax faced a $393,000 settlement in 2012.  It’ll probably be more this time.

In contrast, the CFPB fined credit bureaus more than $25 million just last year for over-marketing its monitoring services, which generated monthly fees.

The FTC confirmed in September it was investigating Equifax, but a spokesman declined further comment. The CFPB and FTC had agreed to jointly investigate the matter — only the FTC has issued a subpoena.

TransUnion has argued that the CFPB has no authority to examine the company over cybersecurity concerns.

“We believe that it is clear that the CFPB was not given legal authority to supervise any financial institutions with respect to cybersecurity,” the company said in a statement.