Stephen Gandel is a Bloomberg Gadfly columnist covering equity markets. He was previously a deputy digital editor for Fortune and an economics blogger at Time. He has also covered finance and the housing market.

(Updated )

Here's the likely consequence of presiding over one of the largest hacks in history: a $7.6 million bonus.

Equifax announced on Tuesday that CEO Richard Smith was stepping down in the wake of a hack that exposed the personal financial data of 143 million Americans. But like other CEOs who have left in disgrace, he will leave with a full bank account and most likely a multimillion-dollar bonus, payable early next year, as part of a long-term incentive plan that the company said was supposed to align executives with shareholders.

It doesn't appear to have worked out that way. Equifax's shares plunged as much as 34 percent since the hack was announced, costing shareholders $5 billion, before rebounding somewhat. They are now down 26 percent since the disclosure as of Tuesday's close.

Hacked Away
Equifax's stock has plunged in the wake of its disclosure that it may have exposed the personal financial data of millions of Americans
Source: Bloomberg

Equifax said Smith would not receive any annual bonus specifically for 2017. Nevertheless, he is in line to receive a 73,392-share bonus early next year as part of the long-term incentive plan the company put in place back in 2008. That's on top of the $52 million he will walk away with in stock and other retirement benefits that he accrued as part of his nearly 12-year run as CEO. That doesn't even include the nearly $13 million he received in salary and cash bonuses for the past three years alone. He also may be entitled to lifetime health insurance and $60,000 worth of financial planning and tax advice. What's worse, Equifax's very limited clawback policy, which the company has called "rigorous," applies only to financial restatements. That means Smith will have to return almost none of this tens of millions of dollars of pay, even if the company eventually finds that the hack has was his fault.

The kicker: Smith is in line to receive as much as another $11 million stock bonus at the end of next year.

Equifax declined to comment for this story, but a company spokesperson confirmed that Smith is in line to receive his long-term incentive bonus at the end of 2017 and 2018. 

Smith's exit pay, and particularly the looming bonus payments, follows an unfortunately well-worn pattern: Something egregious happens at a company. Someone has to take the inevitable hit, normally the CEO, who then walks into the sunset with millions of dollars.

Last year, Wells Fargo, under extreme pressure, eventually decided to claw back as much as $136 million from its former CEO John Stumpf and former executive Carrie Tolstedt, who ran the division at the center of that bank's fake accounts scandal. The bank was originally planning to pay both executives in full. But that is one of the handful of cases in which companies have instituted a clawback. 

Equifax says the company's board is reviewing the hack, as well as Smith's role in it. As for now, the company is calling Smith's exit a retirement. That means Smith's multimillion-dollar long-term stock bonus payments are safe. But the company said that is could reclassify his exit as a "termination with cause" if the board finds that Smith was at fault. In other similar instances, that rarely happens, and with Smith already out, it seems unlikely the board would go back and revisit his exit. The two other executives who also left the company in the wake of the hack were also allowed to retire.

No Claws
A 2015 study found that absent a restatement of past financial results most corporate executives were not subject to clawback provisions
Source: Frederic W. Cook & Co.

The biggest problem with Equifax's long-term compensation plan is that in order for executives to receive it, the company didn't have to meet any company-specific performance goals, like increasing revenue or sales. Instead, the plan is based solely on the performance of the company's stock for the past three years compared with the S&P 500. What's more, the plan included a calculation that was supposed to protect the executives against any sudden drops in the company's stock at the end of the three-year period. That is in part why Smith is still eligible for such a big payout, despite Equifax's recent stock plunge. Before the hack, the company's shares were up nearly 75 percent in the previous two and a half years.

The other problem with Equifax's compensation plan is its limited clawback policy. Like many other companies, Equifax says it will only seek to claw back past pay from executives in instances in which the company is forced to make a material restatement of its past results. If, however, they do something that destroys the company's reputation, subjects it to investigations and likely impacts the company's prospects for years to come, their past pay, the many millions of it, is in the clear.

As long as executive pay in America is full of carrots, and absent of sticks, corporate scandals, like Equifax's, are likely to continue.

This column does not necessarily reflect the opinion of Bloomberg LP and its owners.

(Updates stock price in the third paragraph.)

To contact the author of this story:
Stephen Gandel in New York at

To contact the editor responsible for this story:
Daniel Niemi at