President-elect Donald Trump hasn't been clear about his plans for ensuring the cybersecurity of the nation's critical infrastructure, including the financial services sector.
See Also: Managing Identity, Security and Device Compliance in an IT World
But Trump's transition team has made it very clear the new administration wants Congress to dismantle the Dodd-Frank Wall Street Reform and Consumer Protection Act, which was signed into law by President Barack Obama in 2010.
Dodd-Frank, drafted in response to the 2008 financial crisis, called for, among other things, establishing the Consumer Financial Protection Bureau, a government agency responsible for protecting consumers from unfair, deceptive and fraudulent business practices.
Although Trump stated during the campaign that he would work to repeal Dodd-Frank, his specific views on dismantling CFPB are not known, USA Today reports. And CFPB's structure makes it even harder to dismantle than Obamacare, so complete elimination is unlikely, one consumer advocate told the publication.
Some fraud-prevention experts and former regulators, however, surmise that dismantling Dodd-Frank would greatly reduce the powers of the CFPB - the agency that in September led the charge to fine the country's third-largest bank, Wells Fargo, $185 million for identity theft and violating the privacy of bank customers (see Regulators Slam Wells Fargo for Identity Theft).
This week, Sen. Elizabeth Warren, D-Mass., who served as special adviser for the CFPB from 2010 to 2011, said a hard-fought battle to defend Dodd-Frank reform is likely on the horizon, Politico reports.
Dodd-Frank Law Criticized
In an August 2011 interview with Information Security Media Group, William Isaac, former head of the Federal Deposit Insurance Corp., called Dodd-Frank "the worst piece of financial legislation in history." He added: "I can tell you, if I were president, one of the first things I would do is I would send up to the Hill legislation to basically start over again on financial reform and do it right."
Isaac claimed Dodd-Frank "politicized the bank regulatory system," by keeping it "fragmented, with different people looking at different parts of things."
Some banks and credit unions have questioned the CFPB's role within the Federal Financial Institutions Examination Council. While the other FFIEC agencies oversee specific banks or credit unions, the CFPB is a watchdog over all institutions and other financial businesses, and acts more as an independent agency (see CFPB: What is New Regulator's Role?).
Michael Fryzel, former chairman of the National Credit Union Administration, says he hopes CFPB Director Richard Cordray will step down, "accepting the fact that the new president is entitled to name his own team to run the government.
"Once that takes place, I am confident President Trump will then appoint an individual to oversee a complete review of what the agency has done since its inception, what changes need to be made to make it more efficient and responsive, and conduct a comprehensive review on what regulations that are in effect or proposed need to be changed or eliminated," Fryzel adds. "The burden of excessive government and unnecessary regulation will end."
But What About Consumer Protections?
One former FDIC examiner and cyberfraud specialist, who asked not to be named, tells ISMG that the CFPB will likely be underfunded and, thus, provide limited oversight of banks. The CFPB is funded by the Federal Reserve, not Congress. But under a new administration, that built-in funding protection could be undermined, the former examiner says.
"Regulators will be ordered to ignore most of Dodd-Frank," the former examiner says. "The Fed ignored parts of Dodd-Frank already, i.e., the Durbin Amendment."
The CFPB will not be dissolved, but will linger with much less power, the former examiner predicts.
Al Pascual, head of fraud and security at Javelin Strategy & Research, says defunding the CFPB could affect how much banks scrutinize their internal practices for new account opening, which was the issue that got Wells Fargo into trouble. Wells was accused of allowing employees to access customers' personal information - and in some cases forge data - to subscribe customers to products, such as credit cards, that generated revenue for the bank and commissions for employees. Some 2 million ghost deposit and credit card accounts were opened without customers' knowledge, or through misrepresentation, according to prosecutors.
"If the threat of a similar enforcement action or settlement by regulators for unauthorized account opening was off the table, financial institutions' efforts to examine and redesign their sales-incentive and related risk-oversight programs would likely come to a standstill," Pascual says.
The CFPB could decide to slow down its reviews and investigations as a way to brace for change expected from the new administration, says cybersecurity attorney Chris Pierson, general counsel and CISO for invoicing and payments provider Viewpost.
Cybersecurity Issues
Although it seems clear the next president will support some deregulation of financial institutions, Trump's views on cybersecurity strategies are far less clear.
"As it relates to cybersecurity and privacy, the path forward is less clear because the understanding of President-elect Trump in these areas is uncertain," Pierson says. "But there are some statements or references to privacy that are more concerning regarding encryption, the Apple case and other timely topics. Similarly, responses on cybersecurity have not been too illustrative of a candidate with a solid grasp on cybersecurity or its import in 2017, and certainly remarks condoning the illegal access to private documents or other sensitive materials is reckless."