What Bank Regulators Can Do Now About Equifax — And to Whom
In all the coverage of Equifax’s cataclysmic cyber-breach, much has been said about the relatively unregulated nature of credit bureaus and the extent to which the FTC and/or CFPB could fill this void. In this report, clients are advised that the Bank Service Company Act has been successfully read by the federal agencies as covering any third-party vendor with which an insured depository has as little as a contractual relationship. When a regulator chooses to apply the terms of this Act to such relationships, the third party is subject to regulation and examination as if it were a bank.

VENDOR7.pdf