By
Rob Collins
October 4, 2017 at 5:00 am ET
Equifax, the company that monitors the credit of Americans so that families can get a mortgage, a loan, even a credit card, recently had a massive data breach. The personal data of 145.5 million Americans was breached. After it was disclosed that company executives made stock trades before the breach was made public, there is now a fast-acting political firestorm for the company.
There are multiple congressional committees holding hearings this week and a bipartisan group of senators requesting investigations. While it will take months to assess the scope of what happened, Equifax’s testimony this week is an important test in response effectiveness and provides an opportunity to reset the story.
Here are some best practices for when a company gets called to testify before Congress during a crisis.
Understand the seriousness of the threat: To gauge how much trouble Equifax is in, understand that a Republican House committee chairman has already said the Equifax breach “may” result in new regulations. This is one of many signs that Congress, focused on deregulation, is angry and looking for a real remedy — one that Equifax has so far failed to suggest.
It is true that this Congress will be inclined to move cautiously with any new legislation and will be suspicious of any company-proposed fix. However, the ongoing political fallout in any crisis gives individual members of Congress the opportunity to try the issue in the court of public opinion.
Own your mistake: When preparing to testify before Congress, too many lawyers and consultants stage-manage executives to the point that their message appears robotic and uncaring.
The recent posterchild for blowing his testimony before Congress was Wells Fargo’s then-CEO John Stumpf. Stumpf’s non-answers and blame-shifting to the hourly workers of the bank were considered so bad that Stumpf resigned and the third-largest bank in America heard calls from congressional investigators to break them up.
The initial response by Equifax’s Chairman and CEO Richard F. Smith, who abruptly stepped down last week, included a video to explain what happened and the remedies Equifax was offering. The video apology was a refreshing use of technology but has been widely criticized as tone deaf and unresponsive to the severity of the crisis. The video’s overly lawyered language and corporate speak won’t cut it before angry policymakers and the media.
CEOs have often been told to treat congressional investigators warily. This advice holds that that too much candor will hurt the company in future litigation, damage its brand or assumes that the company can simply afford to wait for Congress to move on to the next outrage. This strategy is wrong — CEOs must represent their entire company, stockholders and board in making things right.
While it is always incumbent upon an executive to choose words prudently, especially in a crisis, you have to convey a sincerity to make this problem right. Taking ownership for the data breach and offering clear, concrete and believable remediation is critical.
Get ahead of the story: This is a standard piece of advice in any crisis, and it bears repeating after what happened with Equifax. The company knew about the hack for some time before it was disclosed, as well as an unrelated hack in March. After this delayed disclosure of the breach, Equifax took no measures to prepare a specialized customer service operation, nor did it have an explanation for why it did not.
Defensively, Smith made a point of saying in his video statement that Equifax has “made significant investments in cybersecurity.” The narrow message, which was the first and best opportunity for Equifax to diffuse the crisis, lacked any remorse or understanding of how deep the problem was for the victims and the types of steps that would be needed to move forward, all of which are necessary for getting ahead of the story.
Know the room: When called to testify before a congressional committee, learn as much as possible about the members who will be grilling you. Where appropriate, Equifax should have reached out to committees and senators, previewed the company’s public message and found out any questions or concerns that Equifax could address beforehand.
As Smith appears before Congress, Equifax should look for a remedy that both makes sense and includes some corporate pain. Congress won’t want such a harsh remedy that puts Equifax out of business, but members also will have a jaundiced eye on a fix that doesn’t go far enough. Remember, Equifax denies Republicans and Democrats alike their dream homes, so there won’t be a lot of downside to politically beating the stuffing out of Equifax.
Review congressional history: There are roadmaps on how to testify before Congress. Equifax should study good and bad examples of CEOs who have been called to testify for corporate screw-ups.
If legal considerations require total message discipline, make sure that message is contrite, consistent, and concise. When United Airlines CEO Henry Munoz was called to testify before the House Transportation and Infrastructure Committee after a passenger was forcibly removed, the takeaway in most reports of the hearing was that while he was grilled, he acknowledged that what happened was a “horrible failure” and that the company was treating it as a “turning point.”
In the end, there is a future. Every major sector of the economy has been grilled before Congress. Equifax should take this seriously, own its mistake and offer the American people a clear and honest remediation. Testifying before Congress provides a reset opportunity and an opening for Equifax to get ahead of the regulatory fallout.
This week’s hearings put Smith in direct communication with representatives of the people Equifax harmed, with the media closely watching. While Congress’ job is to ensure it protects the American people, most members of Congress want our companies to succeed, so they will in the end be reasonable if Equifax comes prepared to work with them.
Rob Collins is partner at S-3 Public Affairs and was the former executive director of the National Republican Senatorial Committee.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.