Tag Archives: consumer protection act

Can Trump Make ‘the Cyber’ Secure?

I have to admit that when now-President Donald Trump uttered the phrase “The Cyber” during the first presidential debate, I was right there with the tech community in the eye-rolling that followed. “The Cyber” memes were born, along with real concern about the then-candidate’s grasp on cybersecurity, and, with the announcement of former New York City Mayor Rudy Giuliani as the cyber czar, those concerns multiplied.

The seeming “misunderestimation” — or possibly anti-comprehension — regarding something so crucial to national security may not on the surface seem like a consumer issue, but it is.

Our nation’s approach to cybersecurity at this juncture — beset by hostile state-sponsored attacks on our electoral process; expertise and secret information grabs from major industries and the federal government; and ransomware attacks — is a matter of the utmost urgency, and the now-president has said as much, to his credit.

But Trump’s response can’t be just a marketing move or a branding opportunity — things he gets. There must not be merely the appearance of change, with commissions talking and debating endlessly but with little to show for it. There must be actual boots-on-the-ground solutions — now.

Unfortunately, I don’t think that’s what will happen.

Consumer protection at risk

The Consumer Financial Protection Bureau specifically comes to mind if Trump does as many are predicting he will do and makes it yet another piece of President Obama’s dismantled legacy.

The CFPB was an important accomplishment of the Dodd-Frank Wall Street Reform and the Consumer Protection Act of 2010. The agency is charged with protecting consumers from the predatory financial practices that brought about the economic meltdown of 2007-08 and watching out for signs of future trouble. The CFPB has the power to ban financial products deemed “deceptive, unfair or abusive” and to impose penalties on companies that take advantage of consumers.

Barring a judicial miracle, current CFPB Director Richard Cordray is almost certainly going to receive one of Trump’s signature “you’re fired” communiqués. Worse, an anti-CFPB former Texas representative, Randy Neugebauer, appears to be the leading candidate to get the job.

See also: Election Elevates Cyber Issues for 2017  

Among other things, Neugebauer thinks that payday lenders are too roughly treated by the CFPB and that all business contracts should contain mandatory arbitration clauses (barring class action suits). He also thinks the CFPB should be headed not by a single director, but by a commission of people from both sides of the aisle. Those of us who support the CFPB believe that this would diminish the agency’s ability to go after dangerous practices that harm consumers in a timely and effective way.

The Trump transition team did not respond to a request for comment regarding its plans for the CFPB or Cordray.

This is about appointing the right people

It was reported that the cybersecurity czar role in the Trump administration will fall to the president’s close associate and campaign stalwart: Giuliani.

There is a connection here between what appears to be afoot at the CFPB and the next administration’s approach to cybersecurity. Both represent bad decisions based on a basic incomprehension of what is at stake and of what needs to happen next. The CFPB works — specifically, the single-director approach. Instead of hiring an opponent of the agency to presumably dismantle it, we should be using it as a model to create a single-director federal agency that emulates the CFPB to oversee cybersecurity.

As it stands, Giuliani will be bringing together experts working on cybersecurity solutions and business leaders who are targeted by hackers from the energy, financial and transportation sectors. The next step that is missing here is a government agency that can fine entities that do not meet the threshold for cybersecurity best practices — mandated employee education, maintaining technology and tools, hiring experts — that the agency would determine and set as a standard. (You can learn more about how to protect yourself from cyber threats like identity theft here and can monitor two of your free credit scores for signs of foul play every 14 days on Credit.com.)

In a recent interview, Giuliani said of the Trump, “He’s going to elevate this to a very large priority for the government — and I think, by doing this, he’s trying to elevate this as a priority for the private sector.”

Depending on private sector

As the Christian Science Monitor’s Passcode noted, quoting the former NYC mayor, the idea here is pretty simple: Trump will go straight to the public to “educate people on how important (cybersecurity) is, even to the point of their own personal protection.”

That is a fantastic idea that everyone should applaud. Whether the user is in the Pentagon or logging onto a free Wi-Fi network, our cybersecurity too often comes down to an individual clicking or not clicking on a malware-laden link or falling prey to some other security pratfall.

That said, any agency dedicated to cybersecurity would need to work closely with the military and intelligence communities and would also have to focus its resources on real solutions to the dangers we face, many of them extinction-level threats. The person running it would have to be at the cutting edge of cybersecurity best practices.

See also: Insurance Industry Can Solve Cyber  

When the news came down of Giuliani’s cyber czar role, experts almost immediately hit Twitter with reasons why this was a bad idea. (Trump’s team also didn’t respond to requests for comment regarding this choice. Giuliani was not readily available for comment, either.) As it happens, the cybersecurity community took a look at the website of Giuiliani’s cybersecurity company, giulianisecurity.com. They found serious problems, including expired SSL, no https and an exposed CMS login — just to name a few. You don’t need to know what these things are, but the cyber czar sure does. There can be no “oops” in his or her record.

Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

This article originally appeared on ThirdCertainty.

The FIO Report on Insurance Regulation

The December 2013 issuance of the Federal Insurance Office (FIO) report, How to Modernize and Improve the System of Insurance Regulation in the United States, may in hindsight be regarded as more momentous an occasion for the industry and its regulation than the muted initial reaction might suggest. History’s verdict most likely will depend on the effectiveness of the follow-up to the report by both the executive and legislative branches, but current trends in financial services regulation may serve to increase the importance and influence over time of the FIO even in the face of inaction in Washington.

Insurance regulation has traditionally been the near-exclusive province of the states, a right jealously guarded by the states and secured by Congress in 1945 after the Supreme Court ruled insurance could be regulated by the federal government under the Commerce Clause of the Constitution.

Any fear that the FIO report would call for an end to state regulation proved unfounded, but industry members might be well-advised to prepare for the eventualities that may result as the FIO uses both the soft power of the bully pulpit and the harder power of the federal government to achieve its aims. As the designated U.S. insurance representative in international forums that more and more mold financial services regulation, and as an arbiter of standards that could be imposed on the states, the FIO and this report should not be ignored.

Having met with the FIO’s leadership team, we believe there are concerns that uniformity at the state level cannot be achieved without federal involvement. We further believe the FIO plans to work to translate its potential into an actual impact in the near future, making a clear-eyed understanding of the report and what it may herald for insurers a prudent and necessary step in regulatory risk management.

The concerns

The biggest surprise about the FIO report may well have been that there were no surprises. There were no strident calls for a wholesale revamp of the regulatory system, and praise for the state regulatory system was liberally mingled among the criticisms.

The lack of any real blockbusters in the details of the FIO report may seem to lend implicit support to those who foresee a continuation of the status quo in insurance regulation. But, taken as a whole, this report and the regulatory atmosphere in which it has been released should be considered a subtle warning of changes that may yet come.

The report may quietly help to usher in an acceleration of the current evolution of insurance regulation. The result could be a regulatory climate that offers more consistency and clarity for insurers and reduces the cost of regulation. The result could also be a regulatory climate that offers more stringent regulatory requirements and increases both the cost of compliance and capital requirements. Most likely, the result could be a hybrid of both.

Either way, preparing to influence and cope with any possible changes portended in the report would be preferable to ignoring the portents.

Part of the disconnect between the short-term reception and the long-term impact of this report may be because of the implicit FIO recognition in the report of the lack of political will needed to enforce any real changes in current U.S. insurance regulation, most especially any that would require increased expenditures or personnel at the federal level. In our current economic and political environment, plugging gaps in state regulation by using measures that would require federal dollars may quite reasonably be construed to be off the table.

But the difference between identified problems and feasible solutions may offer an opportunity. States, industry and other stakeholders could act together to bring needed reform to the insurance regulatory system in a way that adds uniform national standards to regulation, reduces the possibility of regulatory arbitrage and maintains the national system of state-based regulation, all while recognizing the industry’s strengths and needs and not burdening the industry with unnecessary, onerous regulation.

There is much to praise in the current state regulatory system. A generally complimentary federal report on the insurance industry and the fiscal crisis of the past decade noted, “The effects of the financial crisis on insurers and policyholders were generally limited, with a few exceptions…The crisis had a generally minor effect on policyholders…Actions by state and federal regulators and the National Association of Insurance Commissioners (NAIC), among other factors, helped limit the effects of the crisis.”

While the financial crisis demonstrated the effectiveness of the current insurance regulation in the U.S., it is also evident that, as in any enterprise, there are areas for improvement. There are niches within the industry – financial guaranty, title and mortgage insurance come to mind – where regulatory standards and practices have proven less than optimal.

There are also national concerns that affect the industry. The lack of consistent disciplinary and enforcement standards across the states for agents, brokers, insurers and reinsurers is one obvious concern. Similarly, the inconsistent use of permitted practices and other solvency-related regulatory options could lead to regulatory arbitrage. At a time when insurance regulators in the U.S. call for a level playing field with rivals internationally, these regulatory differences represent an example of possible unlevel playing fields at home that deserve regulatory attention and correction.

A Bloomberg News story in January 2014, for example, quoted one insurer as planning to switch its legal domicile from one state to another because the change would allow, according to a spokeswoman for the company, a level playing field with rivals related to reserves, accounting and reinsurance rules.

For insurers operating within the national system of state-based regulation, one would hope that that level playing field would cross domiciles, and no insurer would be disadvantaged because of its domicile in any of the 56 jurisdictions.

But perhaps one of the greatest challenges to the state-based system of regulation is the added cost of that regulation, partly engendered by duplicative requests for information and regulatory structures that have not been harmonized among states. How to respond to that may represent the biggest gap in the FIO report. It may also be the biggest opportunity for both insurers and regulators to rationalize the current regulatory system and ensure the future of state-based regulation.

Cost

The FIO report notes that the cost per dollar of premium of the state-based insurance regulatory system “is approximately 6.8 times greater for an insurer operating in the United States than for an insurer operating in the United Kingdom.” It quotes research estimating that our state-based system increases costs for property-casualty insurers by $7.2 billion annually and for life insurers by $5.7 billion annually.

According to the report, “regulation at the federal level would improve uniformity, efficiency and consistency, and it would address concerns with uniform supervision of insurance firms with national and global activities.”

Yet the report does not recommend the replacement of state-based regulation with federal regulation, but with a hybrid system of regulation that may remain primarily state-based, but does include some federal involvement.

At least one rationale for this is clearly admitted in the report. As it says, “establishing a new federal agency to regulate all or part of the $7.3 trillion insurance sector would be a significant undertaking … (that) would, of necessity, require an unequivocal commitment from the legislative and executive branches of the U.S. government.”

The result of that limitation is a significant difference between diagnosis and prescription in the FIO report. Having diagnosed the cost of the state-based regulatory system as an unnecessary $13 billion burden on policyholders, the FIO's policy recommendations may possibly be characterized as, for the most part, the policy equivalent of “take two aspirin and call me in the morning.”

Still, as the Dodd-Frank Act showed, even Congress can muster the will to impose regulatory solutions if a crisis becomes acute enough and broad enough. Unlikely as that may now seem, the threat of federal radical surgery should not be what is required for states to move toward addressing the recommendations of the FIO report.

Indeed, actions of the NAIC over the past few years have addressed much of what is in the FIO report. Now the NAIC, industry and other stakeholders can take the opportunity provided by the report to work to resolve some of the issues identified in it. The possible outcome of an even greater federal reluctance to become involved in insurance regulation would only be a side benefit. The real goal should be a regulatory system that is more streamlined, less duplicative, more responsive, more cost-efficient and more supportive of innovation.

Kevin Bingham has shared this article on behalf of the authors of the white paper on which it is based: Gary Shaw, George Hanley, Howard Mills, Richard Godfrey, Steve Foster, Tim Cercelle, Andrew N. Mais and David Sherwood. They can reached through him. The white paper can be downloaded here