Earlier this year, the CFPB filed a complaint in Atlanta federal district court targeting an alleged debt collection scam in which not only were the debt collectors named as defendants (Debt Collectors) but three companies involved in providing payment processing services to the Debt Collectors were also named as defendants.  One of those companies processed payments for the debt collectors and the other two companies were independent sales organizations (ISO) that marketed the processor’s services to merchants and were responsible for screening and underwriting merchants.

In its complaint, the CFPB charged the processor and ISOs (collectively, the Processors) with providing “substantial assistance” to the Debt Collectors’ unfair and deceptive conduct in violation of 12 U.S.C. Section 5536(a)(3).  This section of the Consumer Financial Protection Act (CFPA) makes it unlawful for “any person to knowingly or recklessly provide substantial assistance to a covered person or service provider in violation of the provisions of section 5531 [which prohibit unfair, deceptive or abusive acts or practices]…and notwithstanding any provision of this title, the provider of such substantial assistance shall be deemed to be in violation of that section to the same extent as the person to whom such assistance is provided.”

The court recently issued an opinion denying a motion to dismiss filed by the Processors.  In their motion, the Processors argued that the substantial assistance claim should be dismissed because the CFPB had not adequately alleged that they acted knowingly or recklessly.  According to the Processors, in interpreting the CFPA provision, courts should look to case law interpreting Section 20(e) of the Securities and Exchange Act of 1934 which establishes liability for “any person that knowingly or recklessly provides substantial assistance to another person in violation of [securities laws].”  Such case law requires the SEC to show that a defendant acted with a level of recklessness that qualifies as “severe recklessness.”  To qualify, there must be “highly unreasonable omissions or misrepresentations [by the defendant] that involve not merely simple or even inexcusable negligence, but an extreme departure from the standards of ordinary care, and that present a danger of misleading buyers or sellers which is either known to the defendant or is so obvious that the defendant must be aware of it.”

The CFPB argued that the lower standard of recklessness found in the Restatement (Third) of Torts should apply under which a person acts recklessly if he or she “knows of the risk of harm created by the conduct or knows facts that make the risk obvious to another in the person’s situation” and “the precautions that would eliminate or reduce the risk involves burdens that are so slight relative to the magnitude of the risk as to render the person’s failure to adopt the precaution a demonstration of the person’s indifference to the risk.”

Noting the absence of case law interpreting the CFPA  substantial assistance provision, the court agreed with the Processors that a “severe recklessness” standard should apply.  However, the court found that the CFPB had alleged facts that satisfied the higher standard.  According to the court, the CFPB’s allegations regarding numerous warning signs of fraudulent debt collection activity ignored by the Processors plausibly alleged that they had acted with severe recklessness.

The court also found that such allegations supported a finding that the Processors provided substantial assistance to the Debt Collectors.  It rejected the Processors’ argument that even if they acted knowingly or recklessly, they still did not provide substantial assistance under the allegations in the complaint because they did not establish that the Processors’ conduct was the proximate cause of consumer harm or even a substantial causal connection.  The court ruled that while proximate cause is relevant to establishing a substantial assistance claim, it is not required.

In its complaint, the CFPB also alleged that the Processors were independently liable under the CFPA provision that makes it unlawful for any covered person or service provider to engage in unfair, deceptive or abusive acts or practices.  The Processors argued that the UDAAP claim should be dismissed because they were not covered persons.  Additionally, the ISOs argued that they were not service providers.  (The payment processor did not dispute that it was a service provider.)

With regard to their status as covered persons, the court cited the CFPA’s definition of “covered person” which is “any person that “engages in offering or providing a consumer financial product or service” and affiliates of such a person that acts as such person’s service provider.  It also cited the CFPA’s definition of “consumer financial product or service,” which “list[s] eleven categories of services, one of which is ‘providing payments or other financial data processing products or services to a consumer by any technological means, including …through any payments system or network used for processing payments data.'” (emphasis supplied).  The court then observed that the CFPB had not alleged that the Processors provided financial services to consumers and instead had only alleged they provided services to the Debt Collectors.

However, the court also observed that even if the Processors were not covered persons, they could still be subject to UDAAP liability as service providers.  It then ruled that the ISOs were service providers because they provided material services to the Debt Collectors by processing their applications and assisting them in obtaining accounts with the payment processor.  As further grounds for dismissal of the UDAAP claim, the Processors’ argued that the CFPB had not shown that the Processors had engaged in acts or practices that caused harm to consumers as required by the CFPA’s definition of an unfair act or practice or that they had entered into a transaction with a consumer.  The court also rejected these arguments, finding that the CFPB had adequately alleged that the Processors had engaged in acts that proximately caused consumer harm and that a service provider need not engage directly with a consumer to commit a UDAAP violation.