The Federal Trade Commission (“FTC”) and Federal Communications Commission (“FCC”) have announced they will host a joint policy forum (“Forum”) in Washington, D.C. on March 23 titled, “Fighting the Scourge of Illegal Robocalls.” The Forum will cover recent policy changes and enforcement actions as well as the agencies’ efforts to encourage private sector technological solutions. We believe the event will be of interest to clients who launch legitimate account management or marketing campaigns from autodialers as well as those whose names have been misappropriated by fraudulent telemarketers.

The agenda will be posted on the event page when it becomes available. The FCC will likely use the venue to announce a “Second Further Notice of Proposed Rulemaking” on reducing unwanted calls to reassigned phone numbers, which is scheduled for a vote during the agency’s March 22 meeting.  According to the FCC, the notice would:

  • Propose to ensure that one or more databases are available to provide callers with the comprehensive and timely information they need to avoid calling reassigned numbers.
  • Seek comment on the information that callers who choose to use a reassigned numbers database need from such a database.
  • Seek comment on the best way for service providers to report that information and for callers to access that information, including the following three alternatives:
    • requiring service providers to report reassigned number information to a single, FCC-designated database;
    • requiring service providers to report that information to one or more commercial data aggregators; or
    • allowing service providers to report that information to commercial data aggregators on a voluntary basis.
  • Seek comment on whether, and if so how, the FCC should adopt a safe harbor from liability under the Telephone Consumer Protection Act for those callers that choose to use a reassigned numbers database.

This follows rules that became effective last month permitting voice service providers to proactively block calls from certain numbers that are suspected to be fraudulent. (You can read our summary of the FCC’s Report and Order adopting these rules here.)

A central theme of the Forum is likely to be collaboration between the FTC and FCC as well as between the agencies and the private sector. Such collaboration helps the agencies prevent and target illegal robocall scams, such as the spoofing scheme that made nearly 100 million robocalls and illegitimately invoked the names of major hotel and travel brands to sell vacation packages, resulting in a $120 million forfeiture order by the FCC in June 2017. Spoofing, which is a common tool used in robocall scam campaigns, involves altering or manipulating caller ID information to hide or falsify the identity or number of the calling party.

On April 23 (one month after the Forum), the agencies will host a “Stop Illegal Robocalls Expo” for consumers. Companies that offer technologies, devices and applications to minimize or eliminate illegal robocalls may request to exhibit at the Expo by contacting the FCC staff listed here by midnight on March 23.

According to its newly-released Consumer Sentinel Network Data Book, the FTC received complaints from 2.68 million consumers in 2017, a decrease from 2016 when 2.98 million consumers submitted complaints.  The annual report, which does not include do-not-call complaints, provides national and state-by-state data on consumer complaints received by the FTC.  While the number of complaints declined, consumers reported losing a total of $905 million to fraud in 2017, which was $63 million more than in 2016.

Despite the use of the term “complaints” in the FTC’s press release and numerous references to “complaints” in the new annual report, the new report states that it refers to “consumer reports” rather than “complaints” because “[o]ften, people make these reports after they have experienced something problematic in the marketplace, avoided a loss, and decided to alert others.”

Debt collection was the most-reported category in 2017.  Identity theft was the second-most reported category in 2017, with credit card fraud the most common type of identity theft reported and tax fraud the second most common type.  Imposter scam reports, which the FTC describes as reports about someone pretending to be a trusted person to get consumers to send money or give personal information, was the third-most reported category in 2017.

The other two “top-five” report categories in 2017 were telephone and mobile services (fourth) and banks and lenders (fifth).  For military consumers, identity theft was the top report category in 2017.

The Consumer Sentinel Network is an online database of consumer complaints maintained by the FTC.  Other federal and state law enforcement agencies contribute to the database, including the CFPB and the offices of 20 state attorneys general (who are listed on page 86 of the report).  Private-sector organizations contributing data include the Council of Better Business Bureaus, which consists of all North American Better Business Bureaus.

Any federal, state, or local law enforcement agency can obtain access to the database by entering into a confidentiality and data security agreement with the FTC. Certain international law enforcement authorities are also allowed access.

While the data only reflect ”unverified reports filed by consumers,” regardless of merit, the report nevertheless could significantly affect the industries targeted by the complaints. The FTC and state attorneys general have long used consumer complaints to identify victims and potential targets for investigations, and Mick Mulvaney, President Trump’s appointee as CFPB Acting Director has indicated that the CFPB will continue to use complaints in setting its priorities.

Because industries receiving a large number of complaints are more likely to draw a regulator’s attention, minimizing the number of consumers who complain to the FTC, CFPB, or other consumer watchdogs is an essential first step to reducing potential exposure.  To accomplish this, it is important for companies to establish their own systems to track and resolve complaints. CFPB examination procedures specifically instruct examiners to assess the quality of a company’s complaints system.

The FTC has filed a lawsuit in a California federal district court against three interrelated student loan debt relief companies and the individual who is their majority owner for alleged violations of Section 5 of the FTC Act and the Telemarketing Sales Rule (TSR).  The TSR implements the Telemarketing and Consumer Fraud and Abuse Act.  While the CFPB appears to be embarking on a new strategic path in 2018 that will result in less aggressive enforcement, the lawsuit demonstrates that the FTC is continuing to target the debt relief industry for compliance with consumer protection statutes.  According to the FTC’s press release, the lawsuit represents the eighth action the FTC has taken in “Operation Game of Loans,” the FTC’s enforcement initiative targeting deceptive student loan debt relief scams.

The FTC alleges that the defendants violated Section 5 and the TSR by engaging in conduct that included the following:

  • Sending mailers to consumers representing they were eligible for federal programs that would permanently reduce their loan payments to a fixed, lower amount or result in total loan forgiveness.  The FTC alleges these representations were deceptive in violation of Section 5 and material misrepresentations in violation of the TSR because while the Department of Education and state government agencies administer loan forgiveness and discharge programs, none of those programs guarantee a fixed, reduced monthly payment for more than one year, and most consumers are not eligible because of the programs’ strict eligibility requirements.
  • Representing that consumers’ monthly payments were being applied to their loan balances.  The FTC alleges that this representation was deceptive in violation of Section 5 and a material misrepresentation in violation of the TSR because the defendants were charging consumers a monthly fee unrelated to their student loans that purportedly gave consumers access to various discounts and other benefits.
  • Charging an advance fee for enrollment in a “financial education” program.  The FTC alleges that this fee violated the TSR advance fee prohibition.

The FTC’s complaint seeks consumer redress and injunctive relief.

Equifax announced on September 7, 2017 a massive data breach affecting an estimated 143 million consumers.  Richard Cordray, the then Director of the CFPB, shortly thereafter authorized an investigation according to several media reports.  Reuters reported yesterday that the investigation sputtered since then, according to several government and industry sources.  That is not surprising since there is substantial doubt as to whether the CFPB has enforcement jurisdiction over data breaches.  See our March 3, 2016 blog about the one and only data security enforcement action taken by the CFPB.  Professor Jeff Sovern acknowledged yesterday in the Consumer Law and Policy Blog that “the CFPB has very limited jurisdiction over the Equifax data breach, if it has any jurisdiction anyway….”

Equifax is reportedly being investigated by every state attorney general and the FTC and is facing an onslaught of class actions.  So even though the CFPB appears not to be involved in the Equifax matter, this has not stopped the FTC and the state attorneys general from aggressively pursuing their own investigations.  This underscores the point we will be emphasizing during our webinar tomorrow entitled:  “Who Will Fill the Void Left Behind by the CFPB?”  It is not too late to register here.

On January 25, the White House announced that President Trump had sent the nominations of four individuals to the Senate to serve as FTC commissioners.  Three of the nominations, those of Joseph Simons, Rohit Chopra, and Noah Phillips had been announced last fall, at which time President Trump had indicated that he planned to name Mr. Simons FTC Chairman upon his confirmation by the Senate.

The nominees consist of the following individuals:

  • Joseph Simons.  Mr. Simons, a Republican, is currently an attorney in private practice in Washington, D.C., and formerly served as a head FTC antitrust lawyer.  He is nominated for a term of seven years from September 26, 2017, the date on which term of FTC Commissioner Terrell McSweeny expired.  (Despite the expiration of her term, Ms. McSweeny, a Democrat, continues to serve as an FTC Commissioner, reportedly in accordance with a long-standing FTC practice of commissioners remaining in their positions until a replacement is confirmed.)
  • Rohit Chopra.  Mr. Chopra, a Democrat, currently serves as a senior fellow at the Consumer Federation of America, formerly served as the CFPB’s Student Loan Ombudsman.  Mr. Chopra is nominated to fill the unexpired term of seven years from September 26, 2012 of Joshua Wright who resigned.
  • Noah Phillips.  Mr. Phillips, a Republican, currently serves as Chief Counsel to Senator John Cornyn, the Republican Whip.  Prior to his service in the Senate, Mr. Phillips worked as an attorney in private practice in New York City and Washington, D.C.  Mr. Phillips is nominated for a term of seven years from September 26, 2016, the date on which the term of former FTC Commissioner Julie Brill expired.
  • Christine Wilson.  Ms. Wilson, a Republican, currently serves as Senior Vice President for Regulatory & International Affairs at Delta Air Lines.  She previously was an attorney in private practice in  Washington, D.C.  Ms. Wilson is nominated for a term of seven years from September 26, 2011, the date on which the term of FTC Commissioner Maureen Ohlhausen expires, and is thereafter reappointed for a term of seven years (from September 26, 2018).  (Ms. Ohlhausen, who has been serving as Acting FTC Chair, was recently appointed by President Trump to serve as a judge on the U.S. Court of Federal Claims.)



The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues.  In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television manufacturer), Blue Global (lead generator), Upromise (college rewards program), ACDI Group (an alleged debt buyer), TaxSlayer (tax preparation service), and D-Link (wireless routers and Internet cameras).  In addition, the FTC also brought its first actions to enforce the EU-US Privacy Shield in 2017.  The FTC report also described its activities relating to international enforcement, children’s privacy, and Do-Not-Call.

The FTC also highlighted its advocacy efforts, workshops, and publications, many of which focus on what are likely future areas of FTC enforcement, such as privacy and security concerns with IoT devices, payment systems, artificial intelligence and blockchain technologies, connected cars, and student privacy.  One of the FTC’s new publications of note is its Stick with Security blog series, which offers periodic insights into key takeaways from recent law enforcement actions, closed investigations, and experiences of companies.  The FTC report also demonstrated that the agency is attempting to be flexible in light of the changing nature of identity theft, informational injuries, and modern technologies while remaining vigilant in its mission to protect consumers.  Companies should similarly remain cognizant of the FTC’s role as “one of the most active privacy and data security enforcers in the world.”

On Thursday, December 14, the Federal Communications Commission voted 3-2 to reverse its 2015 order classifying the provision of broadband internet access services as a “telecommunication service” subject to Title II of the Communications Act of 1934, and restoring the classification of broadband internet access services as an “information service” under Title I of the Communications Act.  This reclassification moves the provision of broadband internet services from treatment as a utility (with greater governmental oversight over the provision of the utility’s services) to treatment as another offering by a telecommunications service provider.

The December 14 Order consequentially rescinds the rules prohibiting blocking of lawful internet content and applications, throttling or degrading lawful internet traffic, and paid prioritization of certain internet traffic.  These three prohibitions form the core of the “net neutrality” rules – essentially, the rules that required all internet traffic to be treated equally.

The FCC reversal on net neutrality could impact consumer payments in a couple of ways.  First, fintech companies (generally speaking, young companies with fewer resources whose business models are supported by fast, cheap internet access) which find their internet speeds either throttled or more costly may be outcompeted by larger, more established businesses which can more easily pay for higher internet speeds.  This may result in fewer fintech companies bringing new ideas and products to market.

A more direct impact may be felt in peer to peer payment platforms.  One could imagine two or three reasonably similar mobile device based payment applications, which have purchased (or can afford) varying degrees of internet access.  If one P2P platform takes 1-2 seconds to transact, while another takes 10-15, from a user experience perspective it is reasonable to assume the slower platform will quickly be abandoned in favor of the quicker platform.  Again, this favors providers with either larger margins or deeper pockets that can afford to pay for faster internet access, or a model that introduces tiered pricing for speeds.  One can imagine P2P platforms offering free and premium versions of their platform, with a premium version introducing higher access and settlement speeds.

Relatedly, the FCC and the Federal Trade Commission signed a memorandum of understanding on December 14 in which the FTC agreed to monitor the broadband market, and investigate and take enforcement actions against internet service providers for unfair or deceptive acts or practices (using the FTC’s authority under Section 5 of the FTC Act).  While the FTC is focused on UDAP issues with respect to the provision of internet services, might the CFPB look at internet speeds (and their disclosure) in connection with consumer financial services and identify potential issues for purposes of its authority to prohibit unfair, deceptive, or abusive acts or practices?  For example, would banks or platform providers need to disclose their internet speed, and could they face a UDAAP challenge if their transactions failed to meet such speeds?

Following the FCC’s vote, New York Attorney General Eric Schneiderman announced his plans to “lead a multistate lawsuit to stop the rollback of net neutrality.”  According to media reports, nearly 20 states, including Massachusetts, Mississippi, Hawaii, Maine, Vermont, and Illinois, have indicated that they intend to participate in Mr. Schneiderman’s lawsuit.

Richard Moseley Sr., the operator of a group of interrelated payday lenders, was convicted by a federal jury on all criminal counts in an indictment filed by the Department of Justice, including violating the Racketeer Influenced and Corrupt Organizations Act (RICO) and the Truth in Lending Act (TILA).  The criminal case is reported to have resulted from a referral to the DOJ by the CFPB. The conviction is part of an aggressive attack by the DOJ, CFPB, and FTC on high-rate loan programs.

In 2014, the CFPB and FTC sued Mr. Mosley, together with various companies and other individuals.  The companies sued by the CFPB and FTC included entities that were directly involved in making payday loans to consumers and entities that provided loan servicing and processing for such loans.  The CFPB alleged that the defendants had engaged in deceptive and unfair acts or practices in violation of the Consumer Financial Protection Act (CFPA) as well as violations of TILA and the Electronic Fund Transfer Act (EFTA).  According to the CFPB’s complaint, the defendants’ unlawful actions included providing TILA disclosures that did not reflect the loans’ automatic renewal feature and conditioning the loans on the consumer’s repayment through preauthorized electronic funds transfers.

In its complaint, the FTC also alleged that the defendants’ conduct violated the TILA and EFTA.  However, instead of alleging that such conduct violated the CFPA, the FTC alleged that it constituted deceptive or unfair acts or practices in violation of Section 5 of the FTC Act.  A receiver was subsequently appointed for the companies.

In November 2016, the receiver filed a lawsuit against the law firm that assisted in drafting the loan documents used by the companies.  The lawsuit alleges that although the payday lending was initially done through entities incorporated in Nevis and subsequently done through entities incorporated in New Zealand, the law firm committed malpractice and breached its fiduciary obligations to the companies by failing to advise them that because of the U.S. locations of the servicing and processing entities, the lenders’ documents had to comply with the TILA and EFTA.  A motion to dismiss the lawsuit filed by the law firm was denied.

In its indictment of Mr. Moseley, the DOJ claimed that the loans made by the lenders controlled by Mr. Moseley violated the usury laws of various states that effectively prohibit payday lending and also violated the usury laws of other states that permit payday lending by licensed (but not unlicensed) lenders.  The indictment charged that Mr. Moseley was part of a criminal organization under RICO engaged in crimes that included the collection of unlawful debts.

In addition to aggravated identity theft, the indictment charged Mr. Moseley with wire fraud and conspiracy to commit wire fraud by making loans to consumers who had not authorized such loans and thereafter withdrawing payments from the consumers’ accounts without their authorization.  Mr. Moseley was also charged with committing a criminal violation of TILA by “willfully and knowingly” giving false and inaccurate information and failing to provide information required to be disclosed under TILA.  The DOJ’s TILA count is particularly noteworthy because criminal prosecutions for alleged TILA violations are very rare.

This is not the only recent prosecution of payday lenders and their principals. The DOJ has launched at least three other criminal payday lending prosecutions since June 2015, including one against the same individual operator of several payday lenders against whom the FTC obtained a $1.3 billion judgment.   It remains to be seen whether the DOJ will limit prosecutions to cases where it perceives fraud and not just a good-faith disclosure violation or disagreement on the legality of the lending model.  Certainly, the offenses charged by the DOJ were not limited to fraud.

The FTC has entered a proposed consent order with Victory Media, Inc. (VMI) to settle the FTC’s charges that VMI violated Section 5 of the FTC Act by engaging in deceptive acts or practices in connection with its promotion of post-secondary schools to military veterans and servicemembers.

According to the FTC’s complaint, VMI creates advertising, marketing, and promotional content for schools that VMI disseminates through various media, such as magazines, and that targets veterans and servicemembers seeking new education and employment opportunities.  VMI also operates several websites directed at military consumers on which it posts articles and other information on educational topics and schools and describes itself as an advisor to such consumers on social media sites.  In addition, on one of its websites, VMI operates a search tool for military consumers seeking to identify schools in their fields of interest.

The FTC claimed that the following conduct by VMI constituted false, misleading or deceptive acts or practices in violation of Section 5:

  • Representing that its search tool only searched schools that met VMI’s “military friendly” criteria.  According to the FTC, the tool actually searched any schools that paid to be included, whether or not VMI had designated them as “military friendly.”  As a result, the tool’s search results included schools that VMI had not designated as “military friendly.”
  • Endorsing specific schools in articles, emails and social media.  According to the FTC, although they were paid advertising, VMI represented in such communications, expressly or by implication, that such endorsements were independent sources of information and not paid advertising.
  • Representing, expressly or by implication, in articles, emails and social media that it recommended specific schools.  According to the FTC, VMI failed to disclose or disclose adequately that many of such schools had paid VMI to be recommended.

In addition to reporting and recordkeeping and requirements, the terms of the proposed consent order include the following:

  • In connection with paid promotional content, VMI is prohibited from making any misrepresentations, expressly or by implication, (1) regarding the scope of any search tool, including whether the tool only searches “military friendly” schools, (2) about material connections between VMI and any schools, or (3) that paid commercial advertising is independent content.
  • In connection with any endorsement of a school (or third-party endorsement VMI prepares), VMI must clearly and conspicuously disclose, in close proximity to the endorsement, any payments or other material connections between VMI or the other endorser and the school.  For purposes of this requirement, an endorsement is any advertising message that consumers are likely to believe reflects the beliefs of a party other than the school.

Last Friday, as expected, the FTC announced the launch of a coordinated federal-state law enforcement initiative targeting deceptive student loan debt relief companies.  According to the FTC, 11 states and the District of Columbia are participating in the initiative, which is being called “Operation Game of Loans.”  The participating states are Colorado, Florida, Illinois, Kansas, Maryland, North Carolina, North Dakota, Oregon, Pennsylvania, Texas, and Washington,

The initiative includes seven FTC actions, including an action filed by the FTC earlier this month in Florida federal court, and 29 actions by state AGs.