Auto lender First Investors Financial Services Group Inc. recently got slapped with a $2.75 million fine by the Consumer Financial Protection Bureau (CFPB) for failing to correct inaccurate information it provided to credit reporting agencies from a system supplied to the company by an outside vendor.
Texas-based First Investors was charged by the CFPB with violating the Fair Credit Reporting Act, the Consumer Protection Act and consumer protection provisions of Dodd-Frank. According to the CFPB, the company reported the inaccuracies to its vendor but did not ensure that the problem was remedied, thus opening itself up to further regulatory consequences.
The increased prevalence of hacking and cybersecurity threats that have breached large corporations make scrutiny of third party supplier relationships especially critical for financial services firms.
Earlier this year, Comptroller of the Currency Thomas Curry noted that the OCC is especially concerned about security risks for financial institutions that rely on third party vendors for critical business services, especially overseas-based vendors.
In June, four key banking regulatory agencies, including the OCC, the CFPB, the FDIC and the Federal Reserve, released new rules requiring financial institutions to step up their oversight of third party vendors deemed to be critical to operations. These rules require lenders to, among other things, score critical vendors according to potential risk, conduct on-site visits to their vendors, establish monitoring processes and be meticulous in creating service contracts and agreements.
According to the recent IBM-sponsored Cost of Data Breach Study, the average cost of a corporate data breach is $3.5 million, up 15 percent in the past year. And that figure can increase substantially if a company becomes embroiled in litigation.
Although a majority of courts have dismissed individual common law claims arising from data breaches on lack of damages or lack of standing, there is emerging precedent from some courts — including a California District Court in Claridge v. RockYou — that have found there is an ascertainable value in consumers’ personal information.
The attorneys at Glass & Goldberg in California provide high quality, cost-effective legal services and advice for clients in all aspects of commercial compliance, business litigation and transactional law. Call us at (818) 888-2220, send an email inquiry to email@example.com or visit us online at glassgoldberg.com to learn more about the firm and to sign up for future newsletters.