Your Purpose. Our Passion.

An introductory note from Sean Gross: The following commentary is authored by Dr. Bob Eisenbeis, Vice Chairman and Chief Monetary Economist at Cumberland Advisors (www.cumber.com). Dr. Eisenbeis’ commentary, reprinted with permission, offers a detailed and helpful analysis of the crisis of confidence following recent revelations of sophisticated credit and debit card hacking scams, perpetrated by criminals through the electronic payment systems of large retailers. Please feel free to contact us directly with any questions: Info@TelosWealth.com.

The recent disclosures by Target and Neiman Marcus of the theft of millions of customers’ credit and debit card information and related personal information raise many public policy issues, stretching far beyond the immediate incidents that need to be addressed. At their core is the need to ensure the integrity of the nation’s payment system in the digital age, when not only financial institutions but also retail and other businesses are electronically intertwined and potentially exploitable via the internet.

Unfortunately, most of the legal and regulatory structure in this area is geared to the 1960s version of how people made payments. Credit card transactions were essentially paper-based, as were checks. Merchants cleared and settled credit card transactions through processors and the credit card companies (large batch files were then delivered to banks), and paper checks were cleared between banks in local clearinghouses or through the Federal Reserve. Now paper checks are on the decline, and there are essentially no substantive differences between how credit card and debit card transactions are initiated (transactions take place at the same point-of-sale terminals), accepted or processed, except for minor differences such as requiring a pin number in some cases for a debit card transaction. Additionally, now that checks are being truncated at the point of sale or being digitized as part of the clearing process, they too become electronically based and potentially hackable. As a consequence, virtually all transactions are now electronically based or are quickly converted from paper into electronic form. Consumer transactions at the point of sale are typically authorized in real time; holds are placed on accounts at banks; and merchants and businesses accumulate the actual transactions data throughout the day, which are then bulk transferred electronically to the bank or intermediate processor.

Despite the functional and technical similarities between credit and debit cards, there are in fact different customer liability rules for each because they evolved separately and historically were processed in different ways. For credit cards, consumers are liable for only the first $50 of unauthorized transactions, and there is no liability if the transaction takes place over the internet. In the internet credit card transaction no physical card is presented to the seller and the collected information is very much like that taken from Target.  It is already clear that some of the information stolen from Target has been used on the internet. Perpetrators first make a small transaction, which, if successful, is quickly followed with attempts at larger purchases.

In contrast to credit cards, there is a sliding liability scale for debit cards, depending upon how quickly a consumer notifies his or her bank of a lost card. There is no liability if the bank is notified immediately and no unauthorized transactions have taken place; there is a $50 liability if the customer notifies the bank within two business days; there is a $500 liability if the bank is notified after two days but within 60 days, and unlimited liability thereafter. Despite the legal differences between credit and debit cards, some banks have waived some or all of these provisions; but in the Target case, only a few banks have reissued cards and deactivated en masse the accounts that had been compromised. Note that the customer’s legal liability is based upon what the customer does or does not do if a card is lost. Liability typically stops once the card loss is reported to the bank.

In the Target and Neiman Marcus situations, cards weren’t lost; customers didn’t know that their identities and card information had been breached, so they clearly face no liability for unauthorized transactions. As such, the main consumer issues in this case center on the prospective problems that result from stolen key identity information, not on liability for unauthorized transactions. Consumers will surely incur the inconvenience costs of closely monitoring their accounts, reporting unauthorized transactions, and dealing the uncertainty of when and how the stolen information may be used, if not immediately, then perhaps sometime in the future.

When such thefts occur, the current applicable legal and investigatory responsibilities are fragmented. At the federal level, the investigatory authority lies with the Secret Service, which is responsible for counterfeiting, financial fraud, and internet fraud, although the FBI sometimes gets involved as well. Prosecutory decisions, however, are decentralized and lie with the various US states attorneys general; and because of resource constraints, few cases are actually brought to a grand jury. This problem alone means that the risks that perpetrators incur by engaging in such activity are relatively low, even if the perpetrators are caught.

In addition to the Secret Service, local authorities can also be involved. The classic example was the 2004 theft of data from ChoicePoint, a Georgia company that provided data aggregation of confidential personal information that was then sold to businesses. In September 2004 the company discovered the theft of data in Southern California. The company reported the theft to local authorities, as it was required to do under California state law; but ChoicePoint did not disclose the theft to the individuals whose data had been taken. In fact, local law enforcement officials told ChoicePoint not to notify customers because of its ongoing investigation. It wasn’t until February 2005 that notification began, and the initial notifications were expanded significantly in response to public outrage. The total number of accounts was small by today’s standards, amounting to about 135,000.   

What should have been clear is that the ChoicePoint theft raised broader concerns than those perceived by local Southern California law officials. Moreover, the crime was not one in which local law enforcement officials had particular expertise. Finally, since ChoicePoint was a Georgia company and operated across state lines, the breach was also investigated by the FTC, the SEC, and several US states attorneys general. What presented itself was a situation involving multiple overlapping legal authorities, some with little expertise in payments or problems related to identity theft, few resources for enforcement, and no overarching law governing what was clearly a national incident because of the scope of the loss exposure. Consumers were left to their own devices not only with regard to becoming informed but also with regard to re-establishing their identities.

More recently, firms involved in the payments processing business have even begun to purchase insurance against such breaches. However, sometimes insurance can cover only a small portion of the losses. In the case of the 2012 data breach experienced by Global Payments, Inc., the theft of data for somewhere between 1 million and 7 million cards has already cost the company $93 million; and as of January 2013, Global Payments expected to incur another $25 to $35 million in costs through 2013. Insurance covered only about $28 million of the losses. If the Global Payments breach in fact involved 7 million cards, then by analogy the losses in the Target case might reach 10 times or more the amount incurred by Global Payments.

The potential for mega fraud losses has escalated sharply with the recent explosion of the internet, which now provides a potential window into the data of millions and millions of citizens’ personal information. Such remote access can enable anyone – even far removed from the United States – to obtain credit and other pertinent information and use that information to steal funds. The experience of Target shows that, when such information is compromised, consumers will quickly stop transacting business at that enterprise and request cancellation and reissuance of their credit and debit cards – another form of a run on the payments system.

Consumer reactions can not only undermine the integrity of the payment medium but also create additional costs, not only to firms like Target but to the financial institutions that must deal with the losses, sort out consumer identity problems, and reissue millions of cards. Indeed, because of the data linkages between nonfinancial and financial institutions, a data theft and subsequent exploitation holds the potential to threaten the solvency of a financial institution if the resulting unauthorized transactions are large and concentrated. To date, these vulnerabilities have not been the focus of bank examiners or of those concerned with systemic risk. These recent thefts point to the vulnerability of the present system and to the systemic linkages that exist across both non-bank financial institutions and banks.      

When such breaches occur, the allocation of losses becomes critical. Presently, loss allocation is confusing and only imperfectly defined as far as consumers are concerned and is not defined at all for non-financial businesses like they are for banks and credit card companies under current law or federal regulations. Indeed, while the Consumer Financial Protection Bureau has wide regulatory responsibility for consumer credit cards, it has no similar authority over business cards.

In terms of losses to businesses from data breaches, there may or may not be agreements between counterparties, but the already publicized disputes between Target and banks suggest there were not. To protect their business models, many banks are covering all consumer losses, even though they are not required to do so by law, in an attempt to insure the integrity of payments. But how much of the banks’ losses will ultimately be forced on Target or Neiman Marcus is uncertain. Already there are contentious disagreements over who owes whom for what and one can envision a raft of class action suits by customers and financial institutions alike. Some have already been filed. For investors, this situation represents a heretofore unappreciated risk, seemingly unrelated to the core business of the enterprise. Financial institutions that incurred losses must now turn to the courts for redress (unless existing contracts had anticipated such problems), which is a lengthy and costly process.     

The points of vulnerability are many, especially since many institutions have outsourced the actual processing and warehousing of data, and this trend is accelerating as more and more businesses move their computing into the cloud. Indeed, there are many potential weak links, beginning with the consumer at his or her desktop and extending to large businesses and merchants who collect and aggregate transactions data for deferred processing and maintain customer information, to payments intermediaries like Paypal, to specialized exchanges and automated clearinghouses for data, and finally, to banks themselves. Indeed, the littered trail along which people have left payments information covers a wide range of business from retailers, to airlines to online stores to car rental companies – the list is very large. So, while banks at the end of the chain may have very sophisticated methods to identify fraudulent transactions, there are still many points of entry through which potential damage can be done; thus the vulnerabilities are great. 

The Target breach raises many policy issues that extend far beyond this specific incident. The risk is that Congress – which has already indicated it will hold hearings on the breach – will rush to judgment and pass legislation to protect consumers without full appreciation or consideration of the broader issues. Indeed, the most significant issues are not related to consumers at this point. Consumers are essentially protected from loss, although not from inconvenience due to uncertainty, loss of ability to use their cards, and concern about other unauthorized use of their information. 

The overarching issues concern threats to the payment system itself and the risks that breached information will be used to commit wholesale electronic theft that might threaten the solvency of a major financial institution, be it a bank, investment bank, insurance company, etc. Additionally, such insolvency could have systemic implications for the financial system as a whole. The systemic risks are further amplified by the complex interrelationships among traditional business firms, operators of the private-sector payments-transfer infrastructure, and financial firms. A hack of customer data held by a nonfinancial firm or payments processor could result in losses that can quickly bleed over into the financial system if data are compromised and transactions are initiated and consummated before the breach is discovered or reported. While this scenario may sound farfetched to some, major US corporations accumulate and store huge volumes of transactions and personal information; and it is not clear that they have the same kinds of fraud detection and protections as major financial institutions do. Additionally, these firms engage in significant cash management activities that involve the financing of short-term holdings of assets that are rolled over frequently. If those rollovers were disrupted or suddenly diverted by an outside compromise of the company’s computer resources, those flows could generate significant risks for financial institutions involved in those financings. It goes without saying that small community and regional banks are likely to be even more vulnerable since they can’t afford the sophisticated systems that large institutions have installed. Perhaps even more fundamental is the risk that, should their data be compromised, the public will lose confidence in the electronic payment systems, which would represent a huge shock to the financial system. Lastly, we can’t minimize the threat that terrorists or a rogue foreign government might intentionally breach a financial or nonfinancial institution’s systems and cause its collapse.           

Given the magnitude of the potential damage that data breaches could visit on the US financial infrastructure, the question is, what should be done? Obviously, before any legislative actions are taken, the issues and risks need to be clearly identified. One logical step toward that end would be to convene another fact-finding and study commission along the lines of the 1970s Hunt Commission (Electronic Funds Commission) to gauge the dimensions of the problem. The commission should be charged with identifying potential risks, recommending changes in security measures that financial and nonfinancial firms should make, considering what role the Federal Reserve should play (because of its current involvement in electronic payments and large scale funds transfer systems like Fed Wire), proposing loss-sharing rules to eliminate uncertainty and costly litigation, reviewing and making recommendations to modernize federal rules regarding debt and credit transactions, and considering what efforts should be undertaken internationally to curb unscrupulous use of the internet. In fact, given that there is already more than one internet, the commission should consider the feasibility of creating a separate commercial internet with limited and supervised access, like a restricted access toll road. The commission should be broadly representative and include participants from a wide range of banks, retailers, internet-reliant companies, including the large players like Amazon, Google, Apple, etc., and perhaps even representatives from the NSA (an agency that certainly knows how to penetrate and hack systems). The issues are many, deep, and far-reaching and can only be suggested here. But as a nation we should be proactive and seize the opportunity to address the issues now in order to reduce potentially grave vulnerabilities.           

From the perspective of investors, as mentioned previously, the Target episode certainly will result in losses, and lawsuits have already been filed. Target’s stock price dropped 4 points after the true scope and nature of the data breaches were revealed. Processors and data partners of Target will surely also face similar litigation and losses. The event highlights a risk that clearly has not been on investors’ minds. Such uncertainty implies more volatility, especially for the more vulnerable segments of the payments process and infrastructure.

Bob Eisenbeis, Vice Chairman & Chief Monetary Economist

###

Sean Gross, CFP®, AIF® | Co-Founder & CEO

The government shutdown has gotten most of the press coverage so far, but there is a related and bigger issue pending in the next couple of weeks: the debt ceiling. Although the federal government has partially shut down, it continues to spend money on many items. Normal government financing requires regular additional borrowing, as we typically spend more than we take in.

A closer look at the debt ceiling

The U.S. government operates subject to a legal limit—the debt ceiling—on how much overall debt can be issued. In order to increase the limit, Congress must authorize the raise. Until 2011, this was regularly done, albeit with a certain amount of protest and commentary. In 2011, for the first time, Congress refused to authorize raising the limit until after the Treasury had hit it, causing fear that the government would actually run out of cash. Ultimately, of course, Congress did approve an increase, but not until the stock market and economic confidence had taken a hit.

Since hitting the debt ceiling in May, the government has been using the “usual extraordinary measures”—such as giving IOUs to government-employee retirement funds—to find money to pay the bills. These measures are expected to run out in mid-October, leaving insufficient cash to fulfill all of the government’s obligations and forcing the Treasury to choose who gets paid and who doesn’t.

The key points

There are two critical points to keep in mind here. First, all obligations will ultimately be paid. This is a political crisis, not an economic or fiscal one, and the real risk associated with U.S. government obligations remains the same as always—essentially zero. There’s a reason U.S. Treasury interest rates are treated as the “risk-free rate.”

Second, even though obligations will ultimately be paid, the short-term uncertainty created by the debt ceiling debate has made that risk-free rate materially less risk-free than before—at least in the eyes of markets. Short-term interest rates on Treasury bills have spiked, although they remain at low absolute levels. Default swaps on U.S. debt have increased materially in price. No one expects the U.S. to default, but investors aren’t quite as confident as they have been.

What does this mean for portfolios?

On a long-term basis, the effects should be limited to slightly higher longer-term interest rates and slower growth. From a long-term perspective, this will be a negative, but no more so than other factors, requiring more adjustment of our expectations than of our portfolios.

On a shorter-term basis, the effects could be more marked. In 2011, the last time we came close to hitting the debt ceiling, the S&P 500 dropped about 16 percent. We have seen some downward movements in the market that suggest worry is starting to affect trading, and the potential for a market correction as we move closer to the debt ceiling cannot be ignored. For anyone really worried about the impact, it may be appropriate to reexamine your portfolio as a whole and reduce your overall risk. At the same time, it’s possible that any correction could actually be a buying opportunity, assuming underlying economic fundamentals do not deteriorate.

The debt ceiling debate is an example of an event that could have significant short-term effects, with relatively little effect in the long term. With that in mind, we recommend riding out any short-term turbulence and sticking to a disciplined investment strategy.

If you have questions or concerns, please don’t hesitate to contact us at 509-664-8844 or at Info@TelosWealth.com.

All indices are unmanaged, and investors cannot invest directly in an index. Past performance is no guarantee of future results. The S&P 500 is based on the average performance of the 500 industrial stocks monitored by Standard & Poor’s. Asset allocation programs do not assure a profit or protect against loss in declining markets. No program can guarantee that any objective or goal will be achieved. 

Sean Gross, CFP®, AIF® is the Co-Founder and CEO of Telos Wealth Management, LLC, a Registered Investment Adviser located at 656 North Miller St., Wenatchee, WA. Sean can be reached at 509-664-8844 or at Info@TelosWealth.com.

Sean Gross, CFP®, AIF® | Co-Founder & CEO

The true theory of our Constitution is surely the wisest and best, that the States are independent as to everything within themselves, and united as to everything respecting foreign nations. Let the general government be reduced to foreign concerns only, and let our affairs be disentangled from those of all other nations, except as to commerce, which the merchants will manage the better the more they are left free to manage for themselves, and our general government may be reduced to a very simple organization and a very unexpensive one…” — Letter from Thomas Jefferson to Gideon Granger, August 13, 1800.

Current Market Environment

Our Market Environment Indicator (MEI) remains "bullish" (i.e., risk-on). As a result, in accounts employing our Market Leaders Model Portfolio (MLMP) investment strategy, we’re currently overweight equities and underweight bonds and cash. In spite of our rather pessimistic economic outlook, the market may have additional upside left: we are currently in the early stage of the historically best-performing period of market performance, October through April. While we do think there is another correction on the near to intermediate-term horizon, we are not yet “bearish”, and will continue to rely upon the MEI to signal when it’s time to position accounts employing our MLMP strategy more conservatively.

Unfortunately, we remain of the opinion that any near-term positive market performance is not likely to be based upon broad improvement in the macroeconomic picture, but rather upon expectations that “QE3” will be successful in inflating capital asset prices. Central bank activism can only postpone—not avoid—the ultimate day of reckoning for an economy trapped in a debt deleveraging cycle. Case in point: the Japanese central bank recently embarked on their eighth round of quantitative easing since 2000. In order to determine how effective their "QE" programs have been, one only need look at the Japanese stock market as measured by the Nikkei index: it was at 13,500 at the end of 2000 and it’s at 8,947 today—over 33% lower!

The path to higher risk-adjusted returns, and the ability to avoid large losses, is particularly difficult in the current market environment where zero-percent interest rates are grossly distorting the value of capital assets. Intermediate and longer-term risks will remain high until there is a fundamental change in how global governments and central banks deal with the unprecedented debt crisis they are facing. In the meantime, we believe there will continue to be cyclical investment opportunities which can be taken advantage of through both risk-on/risk-off and absolute return investment strategies.

Unintended Consequences?

We recently received this email from a business owner: “…last week I found our medical insurance rates will rise 50-75% next year to account for the changes required by the “Affordable Care Act.” My personal rate went up almost 100% this year as insurance companies are shifting policies in anticipation of losing younger participants. Furthermore, I heard from my Uncle and he found the “Affordable Care Act” has caused him to lose his Medicare Advantage coverage and will result in an additional $250 a month in costs.”

Whether or not you are a business owner, the broader financial impact of this real-life example should not be ignored. It goes without saying that if businesses have to spend more on health insurance it will have a negative impact on their revenue. If revenues go down, the amount of money companies have to pay for wages and other benefits will go down, as well, possibly putting further pressure on the unemployment rate.

While the unemployment rate recently fell to 7.8%, it is still almost 3% higher than what is typical for an economy heading into its fourth year of recovery—a recovery built primarily on unprecedented fiscal and monetary stimulus.  On the fiscal stimulus side of the ledger, the objective of our government has been to replace private sector spending—which is depressed due to the stubbornly high unemployment rate—with public spending. On the monetary stimulus side of the ledger, the objective of our Central Bank has been to make money less expensive to borrow. However, there is little evidence to suggest that this type of stimulus and spending have been effective over longer periods.^[i]

The Fiscal Cliff

There are multiple components to the so-called “fiscal cliff” which, combined together, present a very serious economic and political problem for the U.S. To help illustrate the personal income tax components of this complex issue, we have attached a fiscal cliff graphic summary provided by Principal Funds (also available here: https://secure02.principal.com/publicvsupply/GetFile?fm=MM5925&ty=VOP&EXT=.VOP). From a purely income tax standpoint, if Congress allows the Bush-era tax cuts to expire, personal income tax rates are scheduled to increase from 10 to 35% in 2013. For investors, capital gains rates are scheduled to increase from 15 to 20%. With this in mind, we strongly encourage you to discuss your personal situation with your tax professional and financial advisor.

U.S. Elections

I recently spoke to a young man who said to me, “I’m so fed-up with the bitterness of the presidential election that I’m not going to vote.” My encouragement to this young man was the same as I will humbly offer you, dear readers: “I completely understand your frustration, but elections have been like this since—at least—the presidential election of 1800 between John Adams and Thomas Jefferson^[ii]. So, please don’t forfeit your right to freely vote, which was secured by the blood and toil of those who have gone before us.”

When it comes to actually predicting the winner of the election, we’re not sure that the often quoted polling data can be trusted. A better gauge may come from the Michigan Consumer Sentiment Index, which measures the attitudes of consumers (http://www.conference-board.org/). According to Bloomberg^[iii], since the days of Richard Nixon every incumbent enjoying average reading of 95 or above have always been re-elected. Meanwhile, those with readings below 95 have never been re-elected. The Index now stands at 72.2, the highest since February 2008, and up from 68.4 in September.

Hurricane Sandy

This letter was completed just prior to the news regarding the devastating impact of Hurricane Sandy on the Eastern and Mid-Atlantic regions of U.S. We will address the potential economic impact of this disaster in a future letter. In the meantime, we are thankful that more lives were not lost, and we continue to pray for those who have been affected by this catastrophe.             

[i] John H. Makin, The Limits of Monetary and Fiscal Policy http://www.aei.org/article/economics/fiscal-policy/the-limits-of-monetary-and-fiscal-policy/)

[ii] Richard J. Behn, The Election of 1800-1801 (http://www.lehrmaninstitute.org/history/1800.html#intro).

[iii] Michelle Jamrisko, Obama Second Term Would Defy Confidence Measure: BGOV Barometer  

(http://www.bloomberg.com/news/2012-08-30/obama-second-term-would-defy-confidence-measure-bgov-barometer.html)

To help pay for the cost of universal health care, a new federal tax will be imposed on most net investment income for those with higher incomes. Starting in 2013, higher-income taxpayers will be subject to an additional 3.80 percent tax on most net investment income. This new tax impacts taxpayers with wages or net earnings above $200,000 (single), $250,000 (married filing jointly), or $125,000 (married filing separately). The exceptions to the surtax are distributions from retirement accounts, including pensions, 401(k)s and IRAs, and income generated from municipal bonds.

Click to read more ...

Steve’s “Restylement”

For the last 4 years, my colleague Steve Bogen and I have been making preparations for his eventual retirement—that is, “restylement” (see below)—in order to ensure there was a plan in place for his clients to continue being served by TWM after his departure. That time has now come: Steve will be retiring from wealth management on 3/30/12 and restyling his life around a new vocation.

If you know Steve’s work ethic, you’ll rightly assume that he will not be retiring to an easy chair (read more…)

Also in this post: Uncharted Waters, Market Environment Indicator, Obamacare goes to Supreme Court, and Celebrating 5 years

Click to read more ...