Proponents of ESG investing often argue that responsible companies are more mindful about regulations, which decreases the risk that they will face fines or reputational backlash. The recent Equifax hack is a case in point.
Just over a year before last week’s cyberattack, Equifax was dealt a different kind of blow: a downgrade in its ESG rating. “[I]n August 2016, MSCI ESG Research downgraded Equifax to CCC – our lowest possible rating,” MSCI said in an emailed statement. The company’s rating has not changed since then.
According to a recent factsheet prepared by the ratings firm, Equifax’s security and privacy measures had proven “insufficient in mitigating data breach events.” It cited the exposure of tax and salary data of 431,000 people employed by grocery chain Kroger’s, its key client, in 2016.
“The company’s data and privacy policies are limited in scope and Equifax shows no evidence of data breach plans or regular audits of its information security policies and systems,” the factsheet said.
An ESG-rating report the firm published in April also cited Equifax’s vulnerability to “reputational damage, loss of customers, litigation, and possibly regulatory action” given its involvement in credit reporting. “Credit reporting services represent all of Equifax's revenues, generated predominantly in the US and UK markets, [where] increasingly stringent data protection laws apply,” MSCI said in the report.
In terms of privacy and data security, one of the key issues for service companies rated through the MSCI ESG Ratings methodology, Equifax was assigned a zero out of 10.
The Equifax factsheet cited a couple of other ESG issues. The company was fined US$3.8 million by the US Consumer Financial Protection Bureau (CFPB) earlier this year in relation to misleading marketing of its credit-score products. Also noted was an ongoing issue in CEO pay; the company’s total summary pay in 2015 was reportedly five times the median for executive officers.
For more of Wealth Professional's latest industry news, click here.
Here's what clients can learn from massive data breach
Expect increased focus on cybersecurity in 2017
More market talk: