* CFPB chief calls for more powers to oversee data security
* Says credit reporting firms should have bank-style examiners (Recasts throughout, adds TransUnion comment)
Sept 27 (Reuters) - The top U.S. consumer watchdog called on Wednesday for tougher monitoring of credit reporting firms, including installing onsite examiners, following the massive Equifax data breach.
Richard Cordray told CNBC the Consumer Financial Protection Bureau's (CFPB) current powers for supervising credit reporting firms were inadequate and only allow the regulator to punish companies after they have committed wrongdoing. "The old days of just doing what they (credit reporting firms) want and being subject to lawsuits now and then are over," Cordray said.
"There has to be a scheme of preventive monitoring in place. They are going to have to accept that. They are going to have to welcome it. They are going to have to be very forthcoming."
The Equifax hack disclosed earlier this month compromised the personal data of up to 143 million Americans and has prompted a number of investigations by regulators and lawmakers, including the New York Department of Financial Services (DFS), which recently issued a subpoena to Equifax demanding more information about the breach.
It is one of the big three U.S. credit reporting firms, along with Experian and TransUnion.
Federal laws give the CFPB the power to supervise and examine large credit reporting firms to ensure the quality of credit information they provide. In January, the CFPB fined TransUnion and Equifax $5.5 million in total for deceiving customers about the usefulness and cost of their credit scores.
In his comments to CNBC, Cordray called for expanded powers to cover data security to prevent breaches, and suggested the placement of monitors inside credit reporting firms, borrowing a tactic from the regulatory regime for banks.
The CFPB is working with the Federal Trade Commission and New York's DFS on a new regulatory framework, Cordray said. He added that work with Congress would also be needed to tighten credit reporting company oversight.
Equifax and Experian were not immediately available for comment but TransUnion said in a statement that it had "long been subject to regulatory oversight from state and federal regulators including the CFPB."
Cordray added that the big banks, which are major customers of the credit reporting firms, should also be "very worried" about the Equifax hack.
"They cant necessarily control what goes on at these credit reporting companies, but theyre going to hold the bag at the end for the fraud and abuse of consumers that results from this information being criminally hacked," he said. (Reporting by John McCrank in New York; additional reporting by Lisa Lambert in Washington; Writing by Michelle Price; Editing by Tom Brown)