FTC

Subscribe to FTC

The FTC recently issued a paper outlining key takeaways from its December 2017 workshop examining injuries consumers may suffer from privacy and data security incidents.  

The paper indicates that the FTC convened the workshop to better understand consumer injury for the following two purposes:

  • To allow the FTC to effectively weigh the benefits of governmental intervention against its costs when making policy determinations 
  • To identify acts or practices that “cause or are likely to cause substantial injury” for purposes of bringing an enforcement action under the FTC Act for an “unfair” act or practice 

The paper discusses the examples of informational injuries given by participants.  These examples involve injuries that may result from medical identity theft, doxing (i.e. the deliberate and targeted release of private information about an individual with the intent to harass or injure), exposure of personal information, and erosion of trust (i.e. consumers’ loss of trust in the ability of businesses to protect their data).  The paper also reports that “there was some discussion of whether the definition of injury should include risk of injury [from certain practices]” and shares opposing arguments made by participants.  

The issue of whether informational injuries that may result from alleged statutory violations are sufficient to provide a consumer in a private action with Article III standing under the U.S. Supreme Court’s Spokeo standard continues to be litigated.  In Spokeo, the Supreme Court indicated that, to satisfy the “injury-in-fact” requirement for Article III standing, a plaintiff must show that he or she suffered “an invasion of a legally protected interest” that is both “concrete” and “particularized.”  To be particularized, an injury must affect the plaintiff “in a personal and individual way.”  To be concrete, an injury must “actually exist;” it must be “real.”  However, the Supreme Court also acknowledged that intangible injuries can satisfy the concrete injury standard and that in some cases an injury-in-fact can exist by virtue of a statutory violation.  (The Spokeo standard does not apply to government enforcement actions.)

 

 

On July 26, 2018, the FTC testified before two subcommittees of the U.S. House Committee on Oversight and Government Reform regarding the FTC’s continued focus on payment processors. Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection testified before the House Subcommittees on National Security and Government Operations about the FTC’s anti-fraud program and the 25 actions taken by the FTC against payment processors since 1996. 15 of the 25 cases were filed in the last 10 years.

While lawsuits against payment processors represent a small number of the total cases filed by the FTC, the FTC testified that it views the payment processor’s role as “an integral part” of the agency’s anti-fraud program because their services may facilitate fraudulent schemes. Specifically, the FTC explained that on multiple occasions, the payment processor was identified as an enforcement target because it provided services for multiple entities that were parties to other FTC, SEC or state actions.

The FTC relies on two key legal theories in bringing claims against payment processors. The first theory is that the payment processor allegedly engages in unfair conduct under Section 15(n) of the FTC Act, 15 U.S.C. § 45(n), by allegedly facilitating fraud. The second theory is that the payment processor allegedly violates the FTC’s Telemarketing Sales Rule in two ways. First, the FTC may allege that the payment processor was “assisting and facilitating” a violation of the Rule by providing services to another entity that the processor knows or consciously avoids knowing is violating the Rule. Second, the FTC may allege that the payment processor has engaged in “credit card laundering” by submitting a credit card transaction to the credit card network when the transaction is not between the cardholder and the actual merchant, such as when a shell company is used to hide the identity of the true merchant.

The FTC is not alone in attempting to pursue payment processors for allegedly facilitating consumer fraud. In 2015, the CFPB filed suit against alleged “phantom debt” collectors and various companies alleged to have provided services to the debt collectors, including payment processors. The CFPB claimed that the payment processors facilitated the alleged scheme by enabling the debt collectors to accept credit and debit card payments by engaging in deficient underwriting and failing to appropriately monitor the debt collectors’ accounts, such as by ignoring signs of fraud, such as high chargeback volumes. Last year, the court dismissed the CFPB’s claims against the payment processors as a discovery sanction for failure to produce a knowledgeable witness for deposition, although the case remains pending against the other parties.

The FTC’s testimony indicates that payment processors will continue to remain a potential target in the FTC’s ongoing anti-fraud program. In particular, any payment processor that provides services to a merchant (or multiple merchants) alleged by the FTC, SEC, or other federal or state regulator to have engaged in consumer fraud could itself come under scrutiny by the FTC.

Politico has reported that on July 19, the Senate Banking Committee will hold a hearing on President Trump’s nomination of Kathy Kraninger to serve as CFPB Director.  While we find this surprising, we continue to believe that she will not be confirmed by the full Senate until after the mid-term elections.

Politico also reported that on July 12, the Senate Banking Committee will hold a hearing on credit reporting agencies at which the witnesses will include Peggy Twohig, CFPB Assistant Director for Nonbank Supervision, and Maneesha Mithal, an Associate Director in the FTC’s Bureau of Consumer Protection.

The FTC has announced that beginning in September 2018, it will hold a series of 15 to 20 public hearings “on whether broad-based changes in the economy, evolving business practices, new technologies, or international developments might require adjustments to competition and consumer protection enforcement law, enforcement priorities, and policy.”

In advance of the start of the hearings, the FTC is seeking public comment on 11 topics that include:

  • The state of antitrust and consumer protection law and enforcement, and its development since the FTC’s 1995 “Global Competition and Innovation Hearings”
  • Competition and consumer protection issues in communication, information, and media technology networks
  • The  intersection between privacy, big data, and competition
  • The FTC’s remedial authority to deter unfair and deceptive conduct in privacy and data security matters
  • The consumer welfare implications associated with the use of algorithmic decision tools, artificial intelligence, and predictive analytics
  • The interpretation and harmonization of state and federal statutes and regulations that prohibit unfair and deceptive acts and practices
  • The FTC’s investigation, enforcement, and remedial processes

The FTC will accept comments on the 11 topics through August 20, 2018.  Comments can address one or more of the 11 topics generally, or can address them with respect to a specific industry.  The FTC will also invite comments on the topic of each hearing.  It plans to issue a news release before each hearing with information about the agenda, date, and location, and with instructions on submitting comments.  In addition, it plans to invite public comment after the entire series of hearings is completed.

Among the purposes of the hearings and public comment process is to “stimulate thoughtful internal and external evaluation of the FTC’s near- and long-term law enforcement and policy agenda.”  The FTC has indicated that the hearings “may identify areas for enforcement and policy guidance, including improvements to the agency’s investigation and law enforcement processes, as well as areas that warrant additional study.”

 

As readers of this blog already know, Professor Jeff Sovern and I come at most issues from different sides of the street.  Over the years, through our respective blogs and at various programs, we have engaged in spirited but respectful debate about many consumer finance issues.  For that reason, I was particularly disappointed to read Jeff’s blog post about Andrew Smith’s appointment as Director of the FTC’s Bureau of Consumer Protection.

Despite his comment that he does not “mean that Mr. Smith is a thief,” Jeff’s characterization of Andrew as a “Payday Lender Lawyer” in the title of his blog post coupled with his use of the quote “set a thief to catch a thief,” seems intended to raise questions about Andrew’s integrity based solely on his past representation of payday lenders.  Although we strongly disagree with Jeff’s support for the CFPB’s payday lending rule and his criticism of the payday lending industry, those matters are certainly fair game for debate.  However, Andrew has had an unblemished ethical record as an attorney in private practice and as a government attorney in his previous tenure with the FTC.  Indeed, Andrew is considered to be among the country’s most prominent consumer financial services lawyers, as evidenced by his position as Chair of the American Bar Association Consumer Financial Services Committee, his appointment long ago as a fellow of the American College of Consumer Financial Services Lawyers, and his ranking by Chambers USA which evaluates America’s leading lawyers for business.

We also strongly reject the inference that payday lending is a form of theft and observe that, regardless of how an attorney’s clients are viewed, it is bad policy for a lawyer’s qualifications for government appointment to depend on his or her clients’ reputations.  If that were the standard, white collar criminal lawyers would never qualify for government service.

I am confident that in his new leadership role at the FTC, Andrew will continue to adhere to the highest ethical standards.

I was pleased to see the announcement yesterday afternoon by FTC Chairman Joseph Simons that the FTC has approved the appointment of Andrew Smith to serve as Director of the agency’s Bureau of Consumer Protection, beginning next week.

As I indicated in my prior blog post, I have known Andrew for many years going back to his tenure at the FTC earlier in his career and have always felt that Andrew was a very fair-minded attorney who studiously called the shots as he saw them.  In addition to bringing his excellent lawyering skills to the FTC, I am confident that Andrew will continue to take an even-handed approach in his new leadership role.

Andrew’s appointment was approved by a 3-2 vote, with both Democratic commissioners, Rohit Chopra and Rebecca Slaughter, voting against his appointment.

 

According to media reports, the FTC is expected to appoint Andrew Smith, an attorney in private practice in Washington, D.C. who currently represents many industry clients, to lead the FTC’s Consumer Protection Bureau.  His expected appointment has reportedly met with criticism from two Democratic Senators.

Before entering private practice, Andrew was an attorney with the FTC.  He currently chairs the American Bar Association’s Consumer Financial Services Committee.

I have known Andrew for many years going back to his tenure at the FTC where he served in senior supervisory and policy-making positions.  I always felt that Andrew was a very fair-minded attorney who studiously called the shots as he saw them.  As a leader of the ABA Consumer Financial Services Committee, including in his current position as Committee Chair, he has been very even-handed, always ensuring that the voices of consumer advocates are heard.  The ABA represents all of it members, not just lawyers who work for or represent the consumer financial services industry.

The knee-jerk criticism of Andrew by two Democratic Senators based on his prior legal work for clients and his need to recuse himself from FTC investigations involving those clients is completely unfounded.  If anything, it demonstrates that Andrew is an excellent lawyer and that his services are in high demand.  Indeed, the BTI Consulting Group recently named Andrew to its 2018 “Client Service All-Stars” list, which recognizes “the leaders in superior client service.”  Andrew is one of only three consumer financial services lawyers in the country named to this list.  My partner, Scott Pearson, also received this rare honor.

Last Thursday, the Senate confirmed five individuals—three Republicans and two Democrats—nominated by President Trump to serve as FTC commissioners.  The change to Republican control can be expected to impact the FTC’s future regulatory and enforcement priorities and initiatives.

The confirmed nominees consist of the following individuals:

  • Joseph Simons.  Mr. Simons, a Republican, most recently worked as an attorney in private practice in Washington, D.C., and formerly served as a head FTC antitrust lawyer.
  • Noah Phillips.  Mr. Phillips, a Republican, most recently served as Chief Counsel to Senator John Cornyn, the Republican Whip.
  • Christine Wilson.  Ms. Wilson, a Republican, most recently served as Senior Vice President for Regulatory & International Affairs at Delta Air Lines.
  • Rohit Chopra.  Mr. Chopra, a Democrat, most recently served as a senior fellow at the Consumer Federation of America, formerly served as the CFPB’s Student Loan Ombudsman.
  • Rebecca Slaughter.  Ms. Slaughter, a Democrat, most recently served as Chief Counsel to Senator Chuck Schumer, the Senate Minority Leader.

The FTC has been operating with just two commissioners consisting of Acting Chairman Maureen Ohlhausen and Commissioner Terrell McSweeny.  Ms. Ohlhausen, a Republican whose term expires in September 2018, has been appointed by President Trump to serve as a judge on the U.S. Court of Federal Claims.  Since Ms. Wilson was appointed to fill Ms. Ohlhausen’s seat and the Senate has not yet confirmed Ms. Ohlhausen as a federal judge, it is uncertain when Ms. Wilson will be sworn in as an FTC commissioner.

Although the term of Ms. McSweeny, a Democrat, expired in September 2017, she continued to serve as an FTC Commissioner, reportedly pursuant to an FTC practice that allows a commissioner to remain in his or her position until a replacement is confirmed.  She has resigned effective April 28.

 

 

The FTC has filed comments on the CFPB’s Request for Information regarding its civil investigative demands and investigational hearings.

In the RFI, the CFPB requested feedback on various aspects of the CFPB’s processes and requirements for issuing CIDs, responding to CIDs, and conducting investigational hearing.  The FTC’s comments primarily describe the FTC’s comparable processes and requirements and highlights changes made in 2017 to the CID process used by the FTC’s Bureau of Consumer Protection (BCP).  Those changes included (1) adding more detail about the scope and purpose of investigations to give companies a better understanding of the information sought, (2) limiting the relevant time periods to minimize undue burden on companies and focus the FTC’s resources on investigating harms that have an immediate impact on consumers, (3) shortening and simplifying the instructions for providing electronically stored data, and (4) increasing response times for CIDs, where appropriate.

In addition to describing its own processes and requirements, the FTC makes several specific suggestions for the CFPB to consider including the following:

  • The FTC suggests that the CFPB may wish to consider applying an approach to opening and closing investigations that is similar to the FTC’s approach while remaining consistent with the CFPB’s structure, management, workload, and other relevant considerations.  At the FTC, the BCP Director is responsible for implementing the Commission’s enforcement agenda and meets regularly with the FTC Chairman and the other FTC Commissioners to obtain views about investigations and possible investigations to accomplish that agenda.  On a day-to-day basis, the BCP Director is responsible for ensuring that other BCP managers make opening and closing decisions in conformity with the FTC’s enforcement priorities and objectives.  The BCP Director has regular and frequent communications with other BCP managers, including regular discussions about specific divisional or regional office work, including matters currently under investigation and those as to which an investigation is contemplated.  Other BCP managers check with the BCP Director before opening, continuing, or closing an investigation that might not be in line with FTC priorities and objectives or that might present other challenging or sensitive issues.
  • The FTC observes that its procedures for CID issuance appear to be significantly different from those of the CFPB.  When a BCP staff member believes issuance of a CID is appropriate, he or she drafts the CID along with a supporting recommendation and, once approved  by the BCP Director, he or she submits the proposed CID and recommendation memo to the FTC.  Since any Commissioner is permitted to issue a CID relating to any matter under investigation, a single Commissioner generally reviews the proposed CID and recommendation memo to determine whether to approve, modify, or reject a proposed CID.  The FTC believes that because approval is sought for hundreds of proposed CIDs each year, it is more efficient and less burdensome to have a single Commissioner rather than the full FTC review each CID.  Also, Commissioner-approval ensures that there will be an independent assessment of a CID’s costs and benefits by someone who is not conducting the investigation.  In contrast, at the CFPB, not only the Director but also the Assistant Director and the Deputy Assistant Directors of the Office of Enforcement have authority to issue CIDs.  In addition, it is generally a CFPB Deputy Assistant Director who authorizes the issuance of a CID and that individual may be involved in direct oversight of investigations in a way that an FTC Commissioner is not.  The FTC suggests that because its approach has allowed the FTC to successfully balance the need to obtain information without imposing unnecessary or undue burdens, the CFPB may wish to consider the FTC’s experience, including revising its delegation of authority to one or more senior officials who are not directly involved in an investigation.
  • The FTC suggests that the CFPB may want to consider adopting requirements for processing requests for extending the dates and manner of compliance with CIDs that are similar to the FTC’s requirements.  To ensure that the meet-and-confer process is productive, the FTC requires CID recipients to make available persons who are familiar with the recipient’s information management system and the requested materials.  BCP staff conducts the meet-and-confer sessions, which are usually held telephonically.  After having the meet-and-confer, the appropriate BCP manager with the delegated authority can extend the compliance date if the CID recipient “has demonstrated satisfactory progress toward compliance,” and can also modify the terms of compliance with the CID.  The FTC believes that this combination of the meet-and-confer requirement and the delegated authority to modify the time and manner upon a demonstration of satisfactory progress toward compliance allows the FTC to reduce unnecessary and undue burden while at the same time advancing the purposes of the investigation.
  • The FTC observes that the BCP’s current guidelines for submission of electronically stored information (ESI) appear to be significantly shorter and less complex than the most recently available CFPB production requirements.  As streamlined in 2017, the BCP’s production requirements for submission of ESI in response to a CID are less complex, require the processing and production of fewer fields, and no longer require that each field meet exacting requirements for specialized eDiscovery applications.  By providing ESI in the new streamlined format, data can be used in any subsequent proceedings, obviating the need for the recipient to reproduce the data at a later time.

 

 

 

According to its newly-released Consumer Sentinel Network Data Book, the FTC received complaints from 2.68 million consumers in 2017, a decrease from 2016 when 2.98 million consumers submitted complaints.  The annual report, which does not include do-not-call complaints, provides national and state-by-state data on consumer complaints received by the FTC.  While the number of complaints declined, consumers reported losing a total of $905 million to fraud in 2017, which was $63 million more than in 2016.

Despite the use of the term “complaints” in the FTC’s press release and numerous references to “complaints” in the new annual report, the new report states that it refers to “consumer reports” rather than “complaints” because “[o]ften, people make these reports after they have experienced something problematic in the marketplace, avoided a loss, and decided to alert others.”

Debt collection was the most-reported category in 2017.  Identity theft was the second-most reported category in 2017, with credit card fraud the most common type of identity theft reported and tax fraud the second most common type.  Imposter scam reports, which the FTC describes as reports about someone pretending to be a trusted person to get consumers to send money or give personal information, was the third-most reported category in 2017.

The other two “top-five” report categories in 2017 were telephone and mobile services (fourth) and banks and lenders (fifth).  For military consumers, identity theft was the top report category in 2017.

The Consumer Sentinel Network is an online database of consumer complaints maintained by the FTC.  Other federal and state law enforcement agencies contribute to the database, including the CFPB and the offices of 20 state attorneys general (who are listed on page 86 of the report).  Private-sector organizations contributing data include the Council of Better Business Bureaus, which consists of all North American Better Business Bureaus.

Any federal, state, or local law enforcement agency can obtain access to the database by entering into a confidentiality and data security agreement with the FTC. Certain international law enforcement authorities are also allowed access.

While the data only reflect ”unverified reports filed by consumers,” regardless of merit, the report nevertheless could significantly affect the industries targeted by the complaints. The FTC and state attorneys general have long used consumer complaints to identify victims and potential targets for investigations, and Mick Mulvaney, President Trump’s appointee as CFPB Acting Director has indicated that the CFPB will continue to use complaints in setting its priorities.

Because industries receiving a large number of complaints are more likely to draw a regulator’s attention, minimizing the number of consumers who complain to the FTC, CFPB, or other consumer watchdogs is an essential first step to reducing potential exposure.  To accomplish this, it is important for companies to establish their own systems to track and resolve complaints. CFPB examination procedures specifically instruct examiners to assess the quality of a company’s complaints system.