WASHINGTON — U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) joined a group of 41 Senators in a letter to Consumer Financial Protection Bureau (CFPB) Acting Director Leandra English and Office of Management and Budget (OMB) Director Mick Mulvaney urging them to end any efforts to undermine and repeal the CFPB’s payday lending rule. The rule represents an important step in reining in predatory business practices by payday lenders nationwide that are designed to exploit the financial hardships facing millions of hardworking families.

“We understand that the CFPB is delaying the rule by granting waivers to companies who would otherwise be taking steps to begin complying with the rule, and that the Bureau may be offering the payday loan industry an opportunity to undermine the rule entirely. We view these actions as further efforts to undermine the implementation of this important consumer protection rule,” the Senators wrote.    

Congress created the CFPB to protect Americans from unfair, deceptive and abusive lending practices. Predatory lenders often target hardworking borrowers who find themselves in need of quick cash—often for things like necessary car repairs or medical emergencies—by charging them excessive interest rates and hidden fees that trap them in long-term cycles of debt. Nearly 12 million Americans use payday loans each year, incurring more than $9 billion annually in fees. The CFPB developed the payday lending rule over the course of five years and reviewed more than 1 million public comments. 

“The CFPB’s role in serving as a watchdog for American consumers while making our financial markets safe, fair, and transparent continues to be of critical importance. To this end, we urge you to end any efforts to undermine and repeal this critical consumer protection,” the Senators continued.

The letter also called into question efforts at the CFPB to dismiss ongoing enforcement actions against predatory lenders, calling such actions antithetical to the CFPB’s mission of serving as a watchdog for American consumers. 

Other Senators joining Sens. Warner and Kaine in signing the letter include U.S. Sens. Dick Durbin (D-IL), Jeff Merkley (D-OR), Sherrod Brown (D-OH), Kamala Harris (D-CA), Elizabeth Warren (D-MA), Chris Van Hollen (D-MD), Ed Markey (D-MA), Mazie Hirono (D-HI), Dianne Feinstein (D-CA), Catherine Cortez Masto (D-NV), Jeanne Shaheen (D-NH), Kirsten Gillibrand (D-NY), Ron Wyden (D-OR), Brian Schatz (D-HI), Martin Heinrich (D-NM), Tina Smith (D-MN), Ben Cardin (D-MD), Tammy Duckworth (D-IL), Bernie Sanders (I-VT), Patty Murray (D-WA), Maggie Hassan (D-NH), Cory Booker (D-NJ), Tom Udall (D-NM), Chris Coons (D-DE), Sheldon Whitehouse (D-RI), Angus King (I-ME), Patrick Leahy (D-VT), Tom Carper (D-DE), Gary Peters (D-MI), Debbie Stabenow (D-MI), Chris Murphy (D-CT), Amy Klobuchar (D-MN), Tammy Baldwin (D-WI), Joe Donnelly(D-IN), Michael Bennet (D-CO), Doug Jones (D-AL), Jack Reed (D-RI), Maria Cantwell (D-WA), Bob Casey (D-PA), and Bill Nelson (D-FL).

Full text of the letter is available here and below: 

Leandra English
Acting Director, Consumer Financial Protection Bureau
1700 G Street N.W.
Washington, D.C., 20552

Mick Mulvaney
Director, Office of Management and Budget
725 17th Street N.W.
Washington, D.C., 20503

Dear Ms. English and Mr. Mulvaney:

We write to express concern regarding the announcement that the Consumer Financial Protection Bureau (CFPB) will begin the process of reconsidering and eventually repealing the Bureau’s recently finalized Payday, Vehicle Title, and Certain High-Cost Installment Loans rule, also known as the “payday lending rule.”  We view this action as well as the dismissal of ongoing enforcement actions against predatory lenders as antithetical to the CFPB’s mission.

Research has shown that short-term payday loans trap consumers in high-interest debt for long periods of time and can result in serious financial harm, including increased likelihood of bankruptcy. Nearly 12 million Americans use payday loans each year, incurring more than $9 billion in fees. While short-term loans may help families facing unexpected expenses, predatory short-term loans with interest rates exceeding 300 percent often leave consumers with a difficult decision: defaulting on the loan or repeated borrowing. According to the CFPB, nearly 80 percent of payday loans are renewed within 14 days, and at least 27 percent of borrowers will default on their first loan. The CFPB also found that nearly 20 percent of title loan borrowers have had their vehicles seized by the lender when they are unable to repay this debt. The majority of all payday loans are renewed so many times that borrowers end up paying more in fees than the amount they originally borrowed.  This predatory business model exploits the financial hardships facing hard working families, trapping them into long-term debt cycles. 

The recent financial crisis, during which Americans lost more than $19 trillion in household wealth demonstrated clearly the need for a federal agency whose sole mission is to protect American consumers in the financial marketplace.  Congress created the CFPB, granting it the authority to crack down on these types of predatory lending practices. 

After conducting a five-year study and reviewing more than 1 million public comments, the CFPB used this vested authority to issue a rule in October 2017 requiring payday and car title lenders to ensure that consumers have the ability to repay each loan and still manage to meet their basic living needs and major financial obligations without needing to borrow again over the next 30-day period. This commonsense requirement is coupled with protections that provide consumers with reasonable repayment options common with other types of credit. 

We stand with a majority of our constituents in supporting the final rule and oppose efforts to repeal or undermine the final rule, which protects consumers from predatory payday, title loan, and high-cost installment lenders.  Bipartisan polling shows that the CFPB’s action to curb predatory lending reflects the will of the vast majority of Americans. According to a 2017 survey, 73 percent of Americans support the CFPB’s rule requiring payday lenders to make sure that consumers have the ability to repay before extending a loan.

We understand that the CFPB is delaying the rule by granting waivers to companies who would otherwise be taking steps to begin complying with the rule, and that the Bureau may be offering the payday loan industry an opportunity to undermine the rule entirely. We view these actions as further efforts to undermine the implementation of this important consumer protection rule.  

We are also troubled by the CFPB’s recent enforcement actions related to payday lending.  The CFPB recently decided to drop a lawsuit filed by the Bureau in 2017 against four payday lending companies in Kansas. These companies were being sued for flouting state laws by running illegal payday lending operations, including charging interest rates between 440 percent and 950 percent. The CFPB also is reportedly halting, without any explanation, a nearly four-year CFPB investigation into allegations that a South Carolina-based payday loan company engaged in deceptive lending practices. 

The CFPB’s role in serving as a watchdog for American consumers while making our financial markets safe, fair, and transparent continues to be of critical importance. To this end, we urge you to end any efforts to undermine and repeal this critical consumer protection. 

Sincerely,

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Banking Committee, released the following statement after the Senate voted 67-31 to pass S. 2155, the Economic Growth, Regulatory Relief, and Consumer Protection Act:  

“The bipartisan Economic Growth, Regulatory Relief and Consumer Protection Act that the Senate passed today will provide meaningful relief to Main Street. It will roll back unnecessary and burdensome regulations on credit unions and small community banks while ensuring that larger banks remain subject to the rules I helped put in place after the financial crisis. This bill is the result of years of tough negotiations between Democrats and Republicans and will help small lenders provide mortgages and other credit to hardworking Virginians and small businesses. While this bill does not include everything Democrats wanted nor everything Republicans wanted, I’m proud of my colleagues for putting differences aside, finding common ground, and passing this bipartisan legislation. The House of Representatives should move swiftly to take up and pass this sensible, bipartisan bill.”

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement in response to the Federal Election Commission (FEC)’s announcement that commissioners have approved a Draft Notice of Proposed Rulemaking on two proposals dealing with disclosure rules for online political advertisements:

“While I applaud the FEC for moving forward today, my hope was that the simple and overdue act of strengthening these disclaimer rules would have been completed by now. The Commission’s current plan, which contemplates yet another round of comments, means rules concerning online political ads remain woefully behind the commonsense standards we apply to political ads on TV and other media – just as the country begins the primary season for the upcoming 2018 mid-term elections.

“Congress must recognize that our current laws are simply not adequate to deal with the national security threats we face from foreign adversaries like Russia, and other bad actors. While no one law alone will completely protect our democracy, updating our election laws is a simple and important start. Bipartisan legislation like the Honest Ads Act is needed to bring true parity between digital political ads and ads running on broadcast, satellite, and cable services.”

Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. However, Americans had no way of knowing who was behind the ads, because, unlike radio and television ads, the FEC has exempted large swathes of online ads from general requirements to include disclaimers about who is responsible for the content.

In November 2017, Senator Warner led a number of his colleagues in calling on the FEC to take immediate action to improve transparency for political advertisements online. That effort followed Senator Warner’s introduction in October 2017 of the Honest Ads Act, bipartisan legislation that would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.

According to the FEC, the public will now have 60 days to provide comments on two alternative proposals, one Republican-sponsored and one Democrat-sponsored, to amend FEC regulations concerning disclaimers on public communications on the internet that contain express advocacy, solicit contributions, or are made by political committees.

###

WASHINGTON – On Net Neutrality National Day of Action, U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) joined a group of Senate and House Democrats in introducing a Congressional Review Act (CRA) resolution to overturn the Federal Communications Commission’s (FCC) partisan decision on net neutrality. The Senate CRA resolution of disapproval stands at 50 supporters, including Republican Sen. Susan Collins (R-ME). The House resolution currently has 150 co-sponsors.

The FCC’s Open Internet Order prohibited internet service providers from blocking, slowing down, or discriminating against content online. Repealing these net neutrality rules could lead to higher prices for consumers, slower internet traffic, and even blocked websites. A recent poll showed that 83 percent of Americans do not approve of the FCC’s action to repeal net neutrality rules.

“From the start, the FCC’s process to determine whether to keep previously established rules that guarantee a free and open internet was marred by partisan fights and troubling irregularities in the public comment system,” said the Senators. “By repealing these open internet principles, we believe the agency greenlighted potential anti-competitive practices that could negatively impact consumers. We will continue urging our colleagues on both sides of the aisle to stand together to protect the integrity of our nation’s most crucial information network.”

Last week, the FCC’s rule repealing net neutrality was published in the Federal Register, leaving 60 legislative days to seek a vote on the Senate floor on the CRA resolutions. In order to force a vote on the Senate resolution, the Senators will submit a discharge petition, which requires a minimum of 30 Senators’ signatures. Once the discharge petition is filed, Senate Democrats will demand a vote on the resolution. A simple majority of 51 votes is needed to pass a CRA resolution in the Senate. 

A copy of the CRA resolution can be found here.

###

WASHINGTON — U.S. Sen. Mark R. Warner, a member of the Senate Banking Committee, and Sen. Tim Kaine (both D-VA) joined a group of 40 Senate Democrats in standing up for the Consumer Financial Protection Bureau’s (CFPB) independence and power to obtain justice for consumers who have been wronged by large financial institutions. 

In a letter today, the Senators urged Senate leaders Mitch McConnell and Chuck Schumer to preserve the agency’s independent funding stream and protect the CFPB from political interference. The Consumer Financial Protection Bureau’s independent funding structure has been key to its success, which in just six years has returned nearly $12 billion to more than 29 million impacted consumers.

“The administration has already undermined the effectiveness of the CFPB by appointing Office of Management and Budget Director Mick Mulvaney as part-time Director of the Bureau,” the Senators wrote in a letter. “Altering the funding stream of the Consumer Financial Protection Bureau would further jeopardize the agency and its ability to conduct independent investigations into financial wrongdoing. The Dodd-Frank Wall Street Reform and Consumer Protection Act established the CFPB as an independent agency to protect it from political interference by Congress or the Executive Branch.”

In addition to Warner and Kaine, the letter was signed by Sens. Jeff Merkley (D-OR), Sherrod Brown (D-OH), Elizabeth Warren (D-MA), Catherine Cortez Masto (D-NV), Bernie Sanders (I-VT), Kirsten Gillibrand (D-NY), Edward J. Markey (D-MA), Mazie K. Hirono (D-HI), Jack Reed (D-RI), Sheldon Whitehouse (D-RI), Bob Menendez (D-NJ), Maggie Hassan (D-NH), Tammy Baldwin (D-WI), Richard Blumenthal (D-CT), Debbie Stabenow (D-MI), Cory Booker (D-NJ), Chris Van Hollen (D-MD), Bob Casey (D-PA), Gary Peters (D-MI), Tammy Duckworth (D-IL), Ben Cardin (D-MD), Maria Cantwell (D-WA), Dianne Feinstein (D-CA), Bill Nelson (D-FL), Ron Wyden (D-OR), Michael Bennet (D-CO), Brian Schatz (D-HI), Patty Murray (D-WA), Kamala Harris (D-CA), Tom Udall (D-NM), Dick Durbin (D-IL), Chris Murphy (D-CT), Tina Smith (D-MN), Tom Carper (D-DE), Jeanne Shaheen (D-NH), Martin Heinrich (D-NM), Joe Donnelly (D-IN), and Amy Klobuchar (D-MN).

Sens. Warner and Kaine have urged President Trump to swiftly nominate a permanent director of the CFPB who will put working families ahead of Wall Street.

The full text of the letter is available here and below.

January 17, 2018 

Dear Majority Leader McConnell and Minority Leader Schumer,

As Congress works to finalize the Fiscal Year 2018 Appropriations bill, we respectfully request that you reject any language that alters the funding stream of the Consumer Financial Protection Bureau (CFPB). Independent funding for the CFPB is critical for the agency to continue vigorously enforcing consumer protection laws without any political interference. We write to highlight the importance of excluding any such language because the recommendation and explanatory statement for the FY2018 Financial Services and General Government Appropriations bill regrettably included language to do just that. 

The administration has already undermined the effectiveness of the CFPB by appointing Office of Management and Budget Director Mick Mulvaney as part-time Director of the Bureau. Altering the funding stream of the Consumer Financial Protection Bureau would further jeopardize the agency and its ability to conduct independent investigations into financial wrongdoing. The Dodd-Frank Wall Street Reform and Consumer Protection Act established the CFPB as an independent agency to protect it from political interference by Congress or the Executive Branch. To ensure its independence, the CFPB receives its funding from the Federal Reserve, rather than from the Congressional appropriations process. 

The CFPB was designed with an independent Director and an independent funding stream and has successfully advocated on behalf of hardworking Americans. The CFPB’s funding should not be treated any differently from the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), the National Credit Union Administration (NCUA), or the Federal Reserve. Subjecting any banking regulator, including the CFPB, to the appropriations process would jeopardize the ability of that agency to fulfill its mission and hold bad actors accountable. 

The CFPB has done its job well and there is no basis for dramatically altering its funding source and undermining its ability to protect consumers.  In just six years, the CFPB has returned $11.9 billion to over 29 million cheated American consumers. From when it opened its doors in 2011 through 2016, the CFPB brought a total 164 enforcement cases. Comparatively, during the height of predatory lending crisis from 2000 to 2008, the five federal financial regulators, including the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), the now defunct Office of Thrift Supervision (OTS), the Federal Reserve Board, and the Federal Trade Commission (FTC), brought a total of only 79 consumer enforcement actions – despite the rampant consumer abuses and frauds that occurred in the build up to the 2008 financial crisis. 

The CFPB has fought against Wall Street abuses, including its record-breaking settlement in the Wells Fargo fake-accounts matter. The agency worked alongside the Office of City Attorney for Los Angeles and the OCC to uncover the bank’s illegal practices that led to millions of Americans having accounts opened in their names without their knowledge. Most recently, the CFPB returned more than $100 million to consumers in response to the credit repair company Morgan Drexen charging illegal fees. 

We appreciate your consideration of our request to preserve the independent funding stream of the CFPB and look forward to working with you on this important matter for all American consumers.

Sincerely,

###

WASHINGTON — U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) joined 44 Senators in a letter urging President Trump to follow the law and swiftly nominate a permanent director of the Consumer Financial Protection Bureau (CFPB) who will put working families ahead of Wall Street.

In their letter, the senators cited the CFPB’s much-needed “aggressive enforcement and supervision,” which has resulted in $12 billion in relief to 29 million American consumers who were cheated by financial companies.

The senators also expressed serious concerns with the White House installing Budget Director Mick Mulvaney as part-time acting director on November 24^th. Mulvaney has a clear record opposing the CFPB, calling it a “sick joke,” and has sought to abolish it.

In his first act as part-time acting director, Mulvaney moved to freeze the payments to working Americans who’ve been cheated.

“Assigning leadership of the CFPB to someone who already has a full-time job reporting to the White House and who does not believe in the CFPB’s mission jeopardizes the agency’s independence and effectiveness,” the senators wrote.  “We urge you to nominate a CFPB Director who will bring to the job both bipartisan support and a track record of being tough on Wall Street. Following the Dodd-Frank succession provision and nominating a Director who will fight for consumers allows the CFPB to continue its work without political interference.”

The full text of the letter is below and available here.

The Honorable Donald J. Trump

President

The White House

1600 Pennsylvania Avenue NW

Washington, D.C. 20500

Dear President Trump,

After the 2008 financial crisis wiped out trillions of dollars of wealth and the jobs of millions of Americans, Congress passed important financial reforms and created the Consumer Financial Protection Bureau (CFPB), an independent watchdog to protect people from financial scams.[1]

Through aggressive enforcement and supervision, CFPB actions have resulted in $12 billion in relief for more than 29 million American consumers who were cheated by financial companies.[2] The CFPB has taken almost 200 enforcement actions: against mortgage schemes that rip off struggling borrowers, against predatory financial firms that set up shop next to military bases to target servicemembers, against scam for-profit schools that take advantage of veterans’ benefits, and against companies that train their employees to trap consumers in debt.[3]

These are the enforcement results that the National Fraternal Order of Police and a bipartisan group of state attorneys general expected when they endorsed Rich Cordray’s nomination and said he would be “an effective partner in combating fraud and other illegal schemes[.]”[4]

His nomination passed the Senate with 66 votes, including 12 Republicans.[5]

In a 2016 campaign speech, you said “…[T]his election is a choice between taking our government back from the special interests, or surrendering our last scrap of independence to their total and complete control.”[6] Polling shows that the vast majority of Americans agree that the CFPB has been doing great work holding special interests accountable. 74% of Americans -- Republicans and Democrats -- approve of the CFPB’s mission and 55% of Republicans who voted for you believe that the CFPB should be left alone to do its work or even be given expanded authority to do more.[7]

Assigning leadership of the CFPB to someone who already has a full-time job reporting to the White House and who does not believe in the CFPB’s mission jeopardizes the agency’s independence and effectiveness. We urge you to nominate a CFPB Director who will bring to the job both bipartisan support and a track record of being tough on big banks and other financial firms that rip off consumers. Following the Dodd-Frank succession provision and nominating a Director who will fight for consumers allows the CFPB to continue its work without political interference.

Please stand up for American military service members and veterans, students, seniors and workers.

Sincerely, 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Ranking Member of the Senate Banking Subcommittee on Securities, Insurance and Investment, today pressed Uber CEO Dara Khosrowshahi on the company’s recent disclosure that hackers accessed the personal information of 57 million users last year.  Uber paid the hackers $100,000 to pledge to destroy the data – which included the names and driver’s license numbers of 600,000 drivers, and names, phone numbers, and email addresses of millions of riders – and did not disclose the hack to regulators or users until last week.

Warner posed the following questions to Khosrowshahi: 

1. According to reports, Uber’s systems were breached after the attackers discovered log-in credentials to an AWS account used to handle payments. Why weren’t more robust access management mechanisms, including strong multi-factor authentication, enabled to prevent unauthorized access to passenger and driver data?
2. Who conducted the initial investigation for Uber that successfully identified the hackers? What “assurances” were provided by the hackers to prove they did, in fact, delete the compromised data? 
3. Unlike ransomware payments, in which payment is made to recover or regain access to inaccessible data or systems, it appears the motivation behind this payment was principally to prevent the public or authorities from learning of the breach. What rationale was provided by senior executives for covering up this breach?
4. Uber has alleged that it was required to provide information relating to the breach and subsequent cover-up to prospective investors. Can you explain why Uber chose not to disclose the breach to drivers and users prior to, or at least at the same time as, a prospective investor?
5. Reports indicate that Uber successfully “tracked down the hackers and pushed them to sign nondisclosure agreements.” While some information necessary to accomplish this could certainly have been gleaned from traditional digital forensic tools, these reports – combined with Uber’s past pattern of conduct – raise serious questions about how Uber was able to track down the criminals who breached Uber’s systems and blackmailed the company, and whether these actions might have constituted violations of the Computer Fraud and Abuse Act. As you know, no private right exists for companies to “hack back” those who compromise their systems. In the process of tracking down these hackers, did Uber or any authorized party acting on its behalf engage in unauthorized access of third party systems?
6. Uber’s decision to identify the responsible parties and commit them to a non-disclosure agreement thwarts law enforcement’s ability to bring criminal hackers to justice. To the extent Uber had lawfully acquired information enabling it to identify the hackers who had compromised its systems, ensure they would abide by agreements to delete the data and not to disclose the breach, and transfer them $100,000, it conceivably had enough information at hand to assist law enforcement in the apprehension of these criminals. Why did Uber choose not to provide relevant forensic information to law enforcement and has this information been provided to law enforcement in the last week?

Sen. Warner is a former technology executive and the co-founder of the Senate’s bipartisan Cybersecurity Caucus. Sen. Warner is working to finalize bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard, requiring timelier consumer notification for breaches of financial data and other sensitive information, and setting national data-protection standards for companies handling sensitive personal information. 

A PDF of the signed letter is available here.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Banking Committee, today joined Republicans and Democrats, including Senate Banking Committee Chairman Mike Crapo (R-ID) and Sen. Tim Kaine (D-VA), to introduce the Economic Growth, Regulatory Relief and Consumer Protection Act, bipartisan legislation to reduce regulatory burdens on community banks and credit unions and provide new protections to consumers.

The legislation is the result of bipartisan negotiations among Warner, Crapo, and Banking Committee members Sens. Joe Donnelly (D-IN), Heidi Heitkamp (D-ND) and Jon Tester (D-MT).

“This bipartisan bill is the result of years of tough negotiations among Democrats and Republicans,” said Sen. Warner. “The goal is simple: to help Main Street by rolling back unnecessary and burdensome regulations on credit unions and small community banks while ensuring that larger banks remain subject to the rules I helped put in place after the financial crisis to prevent another meltdown on Wall Street. This proposal makes targeted, commonsense fixes that will provide tangible relief to the community banks that are lifelines for smaller and rural communities. It also strengthens protections for veterans, the elderly and other consumers, and encourages community-based lending to boost economic growth and create jobs.”

“A strong and vibrant economy is important for American consumers, businesses, and the stability of the financial sector,” said Chairman Crapo. “The bipartisan proposals on which we have agreed will significantly improve our financial regulatory framework and foster economic growth by right-sizing regulation, particularly for smaller financial institutions and community banks.”

Following the 2008 financial meltdown, Sen. Warner helped write and pass into law the Dodd-Frank Wall Street Reform and Consumer Protection Act, and he continues to support the important reforms included in the law. The legislation introduced today is carefully written to provide needed regulatory relief to main street—community banks and credit unions—which were inadvertently burdened by rules and regulations intended to hold Wall Street accountable. This bill will promote economic growth by making commonsense reforms to increase consumer lending, while protecting consumers.

Among provisions in the regulatory relief package are several proposals to protect and deliver relief to Virginia consumers:

• Community Banks and Credit Unions: This package includes a number of provisions related to community banks and credit unions that would increase their ability to extend credit to Virginia small businesses and families, while maintaining important consumer protections.
• Free Annual Credit Freeze for Consumers: This provision would require credit bureaus to include one free credit freeze and a free credit unfreeze per year, which would help protect consumers after the massive Equifax data breach that may have compromised the personal information of approximately 145 million Americans.
• Protecting Veterans Credit: This provision would protect the credit ratings of veterans wrongly penalized by medical bill payment delays by the Department of Veterans Affairs (VA). This measure would prohibit medical debt from services received through the Choice Program and other VA community care programs from being reported to credit reporting agencies for one year. In addition it would establish a dispute process for veterans seeking to remove adverse actions already on their reports.

Full bill text is available here. A section-by-section can be accessed here.

“I thank Virginia's Congressional Delegation for their support of this legislation. Virginia's more than 725,000 veterans have served and sacrificed for our Nation and our Commonwealth. This service can sometimes lead to wounds and injuries that require ongoing care - which is not always fully covered by their veterans benefits. When they must incur out of pocket expenses for themselves and their families’ medical care, we must ensure that this does not also come with a bad credit score that could affect them for years to come. This bill will help our veterans in addressing credit issues or preventing a small credit problem from escalating,” said Virginia Secretary of Veterans and Defense Affairs Carlos Hopkins.

Virginia Bankers Association (VBA) President and CEO Bruce Whitehurst stated, “This package represents an important first step toward better tailoring of regulation to allow banks to serve their customers and communities more effectively and efficiently, much to their benefit. This bipartisan compromise also underscores the fact that the Dodd-Frank Act of 2010 took the regulatory pendulum too far and created unintended consequences for borrowers. It is great to see movement toward a more balanced approach to financial regulation and we appreciate the leadership of Senators Warner and Kaine.”

“This is a major step forward. Our community bankers are eager to do more to build their local economies, but over-regulation holds them back. The best provisions in this bill make getting a mortgage less complicated and more possible, and other good provisions simplify rules and reports, freeing bankers to do more good work with their customers and their communities,” said Virginia Association of Community Banks (VACB) President Steve Yeakel. “In particular, we want to acknowledge the leadership of both Senator Warner, who helped to forge the compromise, and Senator Kaine, whose early support gives the bill a strong foundation and a real chance at success on the Senate floor.”

“ICBA strongly supports the bipartisan regulatory relief package announced today and thanks Senate Banking Committee Chairman Mike Crapo and Sens. Joe Donnelly, Heidi Heitkamp, Jon Tester and Mark Warner for driving this agreement,” Independent Community Bankers of America (ICBA) President and CEO Camden R. Fine said. “Community bank regulatory relief is needed to improve lending and strengthen economic growth at the local level. We are pleased to see many provisions of ICBA’s Plan for Prosperity included in the agreement and thank all senators from both sides of the aisle who have contributed to this important initiative.”

“NAFCU thanks Chairman Crapo and his Democratic partners in the Senate for including provisions in this package that would lead to regulatory relief for credit unions,” said National Association of Federally-Insured Credit Unions (NAFCU) President and CEO Dan Berger. “We look forward to working with members of the Senate Banking Committee, their staff and other senators as this package moves through the legislative process. This bill is a step in the right direction, and we will continue to push for more relief for the industry and its 110 million member-owners.”

“This bill includes credit union-specific provisions that provide meaningful regulatory relief, a sign that policymakers are paying close attention to the needs of credit union members,” Credit Union National Association (CUNA) President/CEO Jim Nussle said. “We thank Sen. Crapo and his colleagues for working across party lines to advance regulatory relief legislation, and we look forward to continuing to work closely with them as the bill moves through the legislative process.”

In addition to Sens. Warner and Kaine, the bill was introduced by Democratic Sens. Joe Donnelly (D-IN), Heidi Heitkamp (D-ND), Jon Tester (D-MT), Joe Manchin (D-WV), Claire McCaskill (D-MO), Gary Peters (D-MI) and Michael Bennet (D-CO). Republican sponsors of the bill are Sens. Mike Crapo (R-ID), Bob Corker (R-TN), Tim Scott (R-SC), Tom Cotton (R-AR), Mike Rounds (R-SD), David Perdue (R-GA), Thom Tillis (R-NC), John Kennedy (R-LA), Jerry Moran (R-KS) and Jim Risch (R-ID). The bipartisan bill was also sponsored by Sen. Angus King (I-ME).

###

WASHINGTON – U.S. Sens. Mark R.  Warner (D-VA), Dean Heller (R-NV), Tim Kaine (D-VA) and Cory Gardner (R-CO) introduced bipartisan legislation to help students make smarter decisions in the financing of their higher education. The Empowering Students Through Enhanced Financial Counseling Act would promote financial literacy by providing students who are recipients of federal financial aid with comprehensive counseling services. Nationwide, Americans owe more than $1.45 trillion in student loan debt, outstripping credit cards and auto loans as the country’s leading source of non-housing debt. 

“More than 60% of Virginia’s college students will graduate with some form of student loan debt, and average debt in the Commonwealth tops $29,000 per graduate. I would not have had the opportunity to be so successful in business had I graduated with such a financial burden,” said Sen. Warner. “We should be empowering students to make smarter choices about their financial future. This legislation aims to provide a full picture on the loans they are receiving, allowing them to take full advantage of the opportunities available to them.”

“This legislation empowers Nevada's students and Americans throughout the country with the tools needed to make well-informed, sound financial decisions related to their college education," said Sen. Heller. “It's a positive step toward addressing student debt and preparing young students for a successful future, and I encourage my colleagues to support it." 

“Too many families in Virginia are weighed down by massive student loan debt, sometimes because they lacked services and information that could’ve helped them make a better-informed decision on a loan,” said Sen. Kaine. “I’m proud to once again join Senators Warner, Gardner and Heller on this simple but important bill that makes it easier for students and families to access financial counseling.”

“Access to financial counseling will help students who receive federal financial aid better understand the process before undertaking massive student loan debt,” said Sen. Gardner. “A high quality education provides students with the tools they need to succeed, and financial literacy is an essential component to achieving that success. This bipartisan proposal will help tens of thousands of students better plan for their future.”

A survey of current students and recent graduates with a high level of student loan debt found that more than 40 percent could not recall having received financial counseling, even though counseling is already required before students can receive their first federal loan. Further, no counseling is provided to students who receive only a Pell Grant or to parents who take out federal loans to help pay for their children’s education. As a result, many students graduate unable to manage the loans they used to finance their education, leading to significant hardship for borrowers and greater risk for taxpayers.

To help students make smart decisions about financing their higher education, the Empowering Students Through Enhanced Financial Counseling Act will promote financial literacy through enhanced counseling for all recipients of federal financial aid.

In addition, the bill: 

• Ensures borrowers—both students and parents—who participate in the federal loan program receive interactive counseling each year that reflects their individual borrowing situation.
• Provides awareness about the financial obligations students and parents are accumulating by requiring borrowers to consent each year before receiving federal student loans.
• Informs low-income students about the terms and conditions of the Pell Grant program through annual counseling that will be provided to all grant recipients.
• Directs the Secretary of Education to maintain and disseminate a consumer-tested, online counseling tool that institutions can use to provide annual loan counseling, exit counseling, and annual Pell Grant counseling.

The need for the legislation became clear at a roundtable discussion on college affordability and student debt hosted by Sens. Warner and Kaine last year with student government presidents from 20 Virginia colleges and universities. During the meeting, students urged more transparency and flexibility in navigating the confusing maze of loan and repayment programs available to college students, as well as more accountability for colleges to hold down costs. 

In the Senate, Sen. Warner has introduced several bills to improve transparency, accountability and affordability in higher education, and help borrowers better manage their student loan debts. The Dynamic Student Loan Repayment Act would make income-based repayment the default option for borrowers. The Employer Participation in Repayment Act would allow employers to apply pre-tax income to help their employees with student loan payments. 

Sen. Warner is currently working with Sen. Ron Wyden (D-OR) to reintroduce The Student Right to Know Before You Go Act, which would provide college-bound students powerful new tools for comparing colleges and universities on measures such as total cost, likelihood of graduating, and potential earnings by program. 

The Empowering Students Through Enhanced Financial Counseling Act was previously introduced in the 114^th Congress. A companion bill passed the House of Representatives last year by voice vote, and has been reintroduced this year.  

A copy of the legislative text is available here. A one-page summary and answers to frequently asked questions are available here.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Banking, Budget and Finance committees and cofounder of the bipartisan Senate Cybersecurity Caucus, today asked the Federal Trade Commission to examine the recent cyber hack of credit reporting agency Equifax. Last week, Equifax publically disclosed a breach which exposed sensitive personal information of 143 million Americans.

Sen. Warner requested an FTC investigation into the lapse in Equifax cybersecurity practices, and questioned the company’s widely-panned response to consumers potentially impacted by the breach. His letter asks the FTC to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.” 

Sen. Warner has been a leader in calling for better consumer protections from data theft. In the aftermath of the Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner in 2014 chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.

Sen. Warner has been working to develop bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information. 

The text of the letter is below and can be found here. 

September 13, 2017

The Honorable Maureen K. Ohlhausen

Acting Chairwoman

Federal Trade Commission

600 Pennsylvania Avenue, NW

Washington, D.C. 20580

Dear Acting Chairwoman Ohlhausen,

I write you in the wake of reports that one of the nation’s three major credit reporting agencies has suffered one of the largest, and potentially most impactful, breaches in recent history. According to reports, Equifax in May of this year experienced a breach affecting as many as 143 million consumers, with highly sensitive information such as Social Security numbers, driver’s license records, birthdates, addresses, and credit histories potentially at risk. This information – critical to opening a new bank account or taking out a loan – will expose Americans to identity theft, tax fraud, extortion, and other risks.

By streamlining and routinizing the collection of consumer reports and credit history, the Fair Credit Reporting Act in part enshrined the nation’s major credit reporting agencies’ role as arbiters of Americans’ access to credit, and even employment and residential opportunities. At the same time, Congress sought to ensure that these firms “exercise their grave responsibilities” with a “respect for the consumer’s right to privacy,” including through “reasonable procedures…with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information[.]”  And Congress directed the Federal Trade Commission (“Commission” or “FTC”) to enforce key aspects of the law, including by treating violations of the FCRA as unfair or deceptive practices under the Commission’s Section 5 authority. 

Today’s digital economy, in which data increasingly represents a key input, has only amplified the reach of these firms, and provided them with incentives to collect and centralize ever-growing amounts of sensitive personal information, and to commercialize this data in opaque ways. The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize. 

As someone who has worked for several years with stakeholders and a bipartisan group of lawmakers on legislation to establish a comprehensive, nationwide and uniform data breach standard, I recognize Congress’s unfinished work in this area. I am hopeful that this recent development will help galvanize action among my colleagues in Congress to safeguard American consumers and our nation’s economic security.

At the same time, aspects of this breach raise questions about the data security practices of Equifax that implicate the Federal Trade Commission’s existing authority. In particular, press reports and cybersecurity experts have identified a number of security lapses, including in the days following Equifax’s disclosure of the breach, that potentially indicate a pattern of security failings.

While the precise details of the “website application vulnerability” exploited in the Equifax breach are not yet known, experts have pointed to a wide range of other lapses by Equifax – including in the wake of the breach – that indicate exceptionally poor cybersecurity practices. For instance, experts have pointed to an exceedingly broad attack surface, with thousands of domains and subdomains managed by Equifax across hundreds of network hosts. And security experts have identified a range of antiquated, unpatched, or otherwise vulnerable systems maintained by Equifax.

Equifax’s post-breach actions also raise serious concerns about the company’s data security practices. For instance, Equifax chose to register a new domain, Equifaxsecurity2017.com – but not in its own name. Reports also catalogued a litany of security mistakes, including use of potentially insecure content management software and improperly configured web encryption.  These, and other lapses, resulted in a range of popular web browsers flagging Equifax’s site as a potential phishing or scam site. 

Equally alarming have been Equifax’s procedures for handling customer inquiries. In order for a concerned consumer to determine if they may have been impacted, Equifax requires the consumer to submit their last name and six digits of their Social Security number. The security of this procedure is as questionable as its efficacy: researchers noted that entering the last name “Test” and the Social Security numbers “123456” returned a confirmed breach.

Similarly alarming, when concerned consumers elect to place a credit freeze with Equifax – something the Commission encourages them to do – the PIN that Equifax assigns to that consumer is a simple, non-unique timestamp (formatted as, for instance, “0910170930” for a user that submitted a request at 9:30AM on the 10th of September). Separately, experts have noted that Equifax’s central website, where American consumers go to set up credit account monitoring, features cross-site scripting vulnerabilities that would enable an attacker to execute malicious code to, for instance, redirect submitted form data (such as the Social Security number the Equifax site requests) to an attacker. 

Taken as a whole, and given past breaches by other major credit bureaus, these lapses may potentially represent a systemic failure by firms currently incentivized to collect and store highly sensitive identification and financial data for Americans. The volume and sensitivity of the data involved – information critical to identity management and access to consumer credit – distinguishes this breach from many other breaches of consumer data. And in contrast to other breaches, where consumers might respond to the perceived lack of data security by taking their business elsewhere, those affected by last week’s breach in most cases do not have a direct consumer relationship with Equifax.

The implications of a breach of this magnitude are sobering, as this identifying data forms the basis for consumer credit and other financial transactions. Congress foresaw this threat in 1970, noting that failures of this industry could “undermine the public confidence which is essential to the continued functioning of the banking system.”  In ways similar to the financial service industry’s systemic risk designation, I fear that firms like Equifax may illustrate a set of institutions whose activities, left unchecked, can significantly threaten the economic security of Americans.

I respectfully request that you respond to the following questions:

1. 1.      Equifax is currently under a consent decree with the Commission for violations of the Fair Credit Reporting Act related to improper handling of consumer information.  Does that consent decree provide the Commission with additional remedies in the context of Equifax’s data security practices? 

1. 2.      Given the current inability of consumers to cease doing business with a credit reporting agency which displays an arguably cavalier attitude toward cybersecurity, should the Fair Credit Reporting Act be amended to provide the Commission authority to issue rules requiring credit reporting agencies to establish a way for consumers to “opt out” of having their information stored by a particular credit reporting agency? 

1. 3.      In many cases, Equifax collects and maintains sensitive information about consumers as a service to other businesses. Under state data breach notification statutes, a breached service provider need only inform the business it provides service to about the breaches it suffers, and has no obligation to provide public notice that it incurred the breach. In recent breach incidents involving third-party service providers, some companies (e.g., Heartland, Experian, Anthem, etc.) have provided public notice that their breach affected consumers. Would the FTC support legislation that requires all entities suffering a breach of security that creates a significant risk of financial harm, to make public notice of that breach in order to ensure a more timely and effective form of notice? 

1. 4.      Do you interpret the Fair Credit Reporting Act to include heightened data security standards and/or requirements, given Congress’s unique concern about the “confidentiality, accuracy…and proper utilization” of this highly sensitive data? 

1. 5.      The Commission has suggested that consumers place a credit freeze with the three major credit bureaus.  Does the Commission consider a timestamp to be a sufficiently strong PIN for unfreezing a consumer’s account?

1. a.      Has the Commission issued guidance to credit reporting agencies on adequate security and data protection measures associated with credit freezes? 
2. b.      Should this guidance be updated in light of security concerns with the site Equifax maintains to process credit monitoring and freeze requests?

1. 6.      Should Congress limit the ability of credit reporting agencies to sell data outside specific contexts, such as credit, banking, and employment inquiries?

1. 7.      Does the Commission hold lapses in data security practices in response to a breach to a higher standard than data security practices related to the breach itself?

1. 8.      Do adequate incentives to use reasonable data security practices, or penalties to deter unreasonable data security practices, exist to counter-balance the profit incentives to collect, centralize, and maintain large quantities of highly sensitive personal information of American consumers?

The American people deserve to know that their government is serious about learning from and responding to this truly concerning incident, and that it is taking all appropriate steps to help ensure it cannot happen again. Your response will be critical to this process, and I look forward to receiving that within the next two weeks. If you should have any questions or concerns, please contact my office.

As always, I appreciate your service in this important role. Thank you for your timely consideration of this matter.

Sincerely,

MARK R. WARNER

United States Senator 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a former technology executive, Vice Chairman of the Senate Intelligence Committee, member of the Senate Banking Committee, and cofounder of the bipartisan Senate Cybersecurity Caucus, released the following statement on today’s announcement from credit reporting firm Equifax that a data breach could have potentially affected 143 million consumers in the United States:

“The recent news that one of the largest credit reporting agencies and data brokers in the U.S. suffered a breach involving over 143 million Americans is profoundly troubling. While many have perhaps become accustomed to hearing of a new data breach every few weeks, the scope of this breach – involving Social Security Numbers, birth dates, addresses, and credit card numbers of nearly half the U.S. population – raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans. It is no exaggeration to suggest that a breach such as this – exposing highly sensitive personal and financial information central for identity management and access to credit– represents a real threat to the economic security of Americans.”

Sen. Warner has been a leader in calling for better consumer protections from data theft. In the aftermath of the Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner in 2014 chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.

Sen. Warner has been working to develop bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.

###