Guest Post: Pushing Back Against Operation Choke Point: Litigation Wins Are Cause for Cautious Optimism
Edward A. Marshall and Megan P. Mitchell
Operation Choke Point continues to cast an ominous cloud over the payments industry. Regulatory enforcement actions against payment processors, spearheaded principally by the FTC and the CFPB, have sought draconian sanctions against defendants that allegedly ignored “red flags” suggesting that the merchants they serve were engaged in consumer fraud. Indeed, citing high transaction reversals, consumer complaints, and concerns articulated by financial institutions or the card brands, government agencies have filed lawsuits that attempt to recoup the entire monetary value of transactions conducted by “bad” merchants from payment processors and ISOs (i.e., not “only” disgorgement of processing fees). Given that degree of exposure, coupled with the specter of invasive injunctive relief, most defendants have opted to settle rather than fight. The downside risk of doing battle with the government is, perhaps understandably, just too great.
Two recent court decisions, however, suggest that the traditional litigation calculus may be shifting.
The first glimmer of hope came in mid-2016, when the U.S. Court of Appeals for the Eleventh Circuit called into question a lower court decision holding that a processor should be held jointly liable with its merchant for the entirety of the merchant’s transactions. FTC v. HES Merchant Servs. Co., No. , No. 15-11500, 2016 WL 3254652, at *1 (11th Cir. June 14, 2016). Without rejecting the idea outright, it said that without establishing that the processor was in a “common enterprise” with its merchant, there was no “obviously appropriate” justification for such extensive relief. Although the lower court reinstated its award on remand, the processor recently sought a second appeal before the Eleventh Circuit. Given the reasoning previously articulated by the Court of Appeals, the viability of that reinstated award is open to serious debate. And, were the Eleventh Circuit to reject the “joint and several equitable disgorgement” measure of damages endorsed by the lower court, and instead conclude that actual “disgorgement” (i.e., the paying over of all gross revenue associated with the merchant) is the proper measure of damages, then the threat of disproportionate monetary liability may begin to recede. Although such a holding would still leave processors and ISOs exposed to significant financial liability (as disgorgement typically does not permit the subtraction of expenses associated with generating gross revenue), it could pave the way for future litigants to negotiate or litigate with the government without the specter of catastrophic financial liability overshadowing the process.
More recently, a federal court in March 2017 outright dismissed a lawsuit against a payment processor brought by the CFPB, in which the Bureau made a full frontal attack on the processor’s allegedly lax underwriting and risk monitoring practices. In Consumer Financial Protection Bureau v. Intercept Corporation, d/b/a InterceptEFT, et al., No. 3:16-cv-00144-RRE-ARS (D.N.D. filed June 6, 2016), the CFPB alleged that Intercept Corporation, a third party ACH processor, its president and its CEO (the “Intercept Defendants”), violated the Consumer Financial Protection Act by engaging in unfair acts and practices. Specifically, it contended that the Intercept Defendants “processed payments for many clients even in the face of numerous indicators that those clients were engaged in fraudulent or illegal transactions” and “ignored red flags,” including:
- concerns from Originating Depository Financial Institutions (“ODFI”) about the lawfulness of the transactions Intercept was processing,
- complaints from customers,
- high return rates, and
- law enforcement actions against its clients.
As an example, the CFPB alleged that “an ODFI complained to the Defendants that one of its clients, an auto title lender . . . [,] was debiting varying amounts from consumers’ accounts multiple times” without “the contractual right or proper consumer authorization to do so[.]”
In response, the Intercept Defendants argued (among other things) that the CFPB had failed to put it on notice of the elements of its unfairness claim because the “Complaint fails to provide even the most basic information regarding its theory.” In particular, according to the Intercept Defendants, the Complaint failed to answer basic and essential questions, such as:
- Who are each of the merchants on whose behalf Intercept allegedly processed payments without conducting adequate due diligence?
- Were the merchants’ products and services offered to consumers for “personal, family, or household purposes”?
- How were the merchants’ products and services “illegal and fraudulent” such that they injured consumers?
The Court ultimately agreed with the Intercept Defendants, holding that “the complaint does not contain sufficient factual allegations to back up its conclusory statements regarding Intercept’s allegedly unlawful acts or omissions.” It went on to reason that, “[w]hile the complaint indicates that Intercept was required to follow certain industry standards, it fails to sufficiently allege facts tending to show that those standards were violated.” For example, the CFPB failed to “sufficiently identify particular clients whose actions provided ‘red flags’ to Intercept or how Intercept’s failure to act upon those ‘red flags’ caused harm or was likely to cause harm to any identified consumer or group of consumers.” Based on these pleading deficiencies, the Court dismissed the CFPB’s complaint without prejudice.
While the Intercept case was decided based on pleading defects, and not factual findings exonerating the Intercept Defendants, the holding gives processors (both in the ACH and payment card space) grounds for cautious optimism. Among other things, it suggests that the government will not be able to attack processors and ISOs for failing to adhere to “industry standards” without defining precisely what those standards are and how the defendants’ conduct departed from those norms. At a bare minimum, holding the government to such pleading standards will require the articulation of where the FTC and CFPB observe the relevant “lines” to be—at least giving processors and ISOs the benefit of advance insight into where merchant metrics, such as chargeback ratios or return rates, allegedly cross the transom from concerning to unlawful.
Of course, even combined, the Hess Merchant Services and Intercept cases do not suggest that processors should abandon efforts to continue enhancing their underwriting and risk monitoring policies. Bad merchants are doing very real harm to vulnerable consumers, and the legal risks of enforcement actions remain enormous. That said, the industry may be seeing burgeoning judicial resistance to the idea that processors—whose primary function is merely to provide the rails on which the modern payment system moves—should face existential regulatory threats simply because they missed what, in hindsight, were arguable warning signs of deceptive merchant activity.
Edward A. Marshall is a Partner and Megan P. Mitchell is an Associate at Arnall Golden Gregory LLP.