Over 25 years ago, C.K. Prahalad and Gary Hamel coined the term “core competencies,” which consists of the “collective learning” in an organization. Prahalad and Hamel contended that by identifying this intellectual core, businesses could obtain a competitive advantage by focusing on their unique strengths; firms could separate the wheat from the chaff, allocating resources away from nonessential things and towards core activities that provide substantial value to consumers.
As the acting director of the Federal Trade Commission’s Bureau of Consumer Protection, I have the privilege of managing part of an agency that has over 100 years’ worth of collective learning. That history has allowed the FTC to develop some extraordinarily effective tools to combat harmful conduct. The FTC’s core competency with regard to financial services is now civil law enforcement, with business guidance, consumer education, and research and policy development activities supporting and furthering such enforcement.
Yet even “old dogs” like the FTC need to learn new tricks. As Acting Chairman Maureen Ohlhausen observed, the FTC must evolve so that its law enforcement and other financial services work still serve the interests of consumers in a rapidly changing world. The fundamental question for the FTC is how to apply its core law-enforcement competency in light of on-going changes in law, technology, and markets. The FTC and the Bureau of Consumer Protection in the past identified some financial markets on which the agency was focusing its work. This article addresses the broader question of how, under the new leadership of Acting Chairman Ohlhausen, the FTC is likely to apply its core law-enforcement competency in light of on-going changes in law, technology, and markets. This article provides some initial thoughts on an overall FTC approach to consumer financial services enforcement. For purposes of this article, “financial services” does not include privacy and data security, which are topics best addressed separately and comprehensively.
Combating Financial Fraud
As part of her positive consumer-protection agenda, Acting Chairman Ohlhausen has emphasized generally that she will “re-focus the agency on our bread-and-butter fraud enforcement mission.” As she explained, “[t]hese cases may not forge new legal ground or prompt huge headlines, but such actions defend consumers harmed by an unscrupulous con artist and assist the legitimate business owner who loses business to the cheat. These obvious benefits explain why such efforts have long had broad bipartisan support both at the FTC and in Congress.” Fighting fraud, in short, is good policy and good politics. When it comes to allocating its scarce resources, stopping fraudulent schemes allows the FTC to get the most consumer-protection bang for its buck.
The FTC’s general refocusing on fraud enforcement applies to the financial-services context as well. Under the leadership of Acting Chairman Ohlhausen, the FTC will direct its enforcement work even more at preventing, deterring, and remedying fraudulent practices in financial services. In particular, the FTC will focus on fraud that causes harm to financially distressed consumers. Fighting fraud will be the centerpiece of the FTC’s financial-services enforcement agenda.
The FTC has a strong record of bringing cases to halt serious misconduct by providers of financial services. It has long brought actions to protect consumers from abusive debt collectors (such as “phantom” debt collectors), unscrupulous payday lenders, and fraudulent debt-relief operations. For example, the FTC recently brought an action against S&H Financial Group and its officers, alleging that they masqueraded as a law firm and used unlawful intimidation tactics in collecting debts, even going so far as to make phony claims that people would be arrested or imprisoned if a debt was not paid. In another recent action, Strategic Student Solutions, the FTC alleged that a student loan debt-relief operation bilked millions of dollars from consumers by falsely promising to reduce or eliminate the consumers’ student loan debt and offering nonexistent credit-repair services.
The FTC will continue strong and sustained enforcement against bad actors that harm consumers of financial services; however, FTC enforcement will also target entities that support the ecosystem of fraud. These include money-transfer companies, payment processors and platforms, loan lead generators, and others that directly participate in another’s fraud or provide substantial support while ignoring obvious warning signs of another’s illegal activity. For example, the FTC recently announced a $586 million settlement against Western Union for failing to maintain appropriate safeguards against fraud-induced money transfers and continuing to employ corrupt Western Union agents who were complicit in such fraud. In addition, in its action against AT&T, the FTC recently refunded the company’s customers more than $88 million in allegedly unauthorized charges for third-party subscriptions to text message services for horoscopes, celebrity gossip, and other items. When companies directly participate in another’s fraud or they provide substantial support to another while ignoring their fraud, they make large-scale financial fraud possible. Focusing FTC law enforcement even more against these actors allocates the agency’s limited resources to maximize the prevention, deterrence, and remediation of fraud.
Financial fraud is not static. Some financial frauds are of course the same frauds that the FTC has fought for many years. Scammers, however, are not only resilient, but also cunning. Fraud artists are adept at developing new schemes and locating new and vulnerable victims. What the next generation of financial frauds will look like is unclear. What is clear is that the FTC’s core competency in law enforcement, its experience in prosecuting financial fraud, and its tracking of technological changes, as discussed below, mean that the FTC is as prepared as an agency can be to combat future financial frauds, whatever they prove to be.
A critical caveat is necessary: the FTC will still bring cases against those who are not engaged in financial fraud but otherwise violate laws the FTC enforces. Some of these will be traditional cases challenging the conduct of financial service providers as unfair or deceptive in violation of Section 5 of the FTC Act, for example, challenging false or misleading claims that nonbank mortgage lenders make for their loans. Others will be traditional cases challenging the conduct of financial service providers as violating various financial services statutes and regulations the FTC enforces, such as violating the Fair Credit Reporting Act and its implementing Regulation V or the Children Online Privacy Protection Act and its implementing Children’s Online Privacy Protection Act Rule. Providers of financial services should not misinterpret the FTC’s refocusing on financial fraud as a license to violate other laws the FTC enforces.
Selection of Enforcement Targets
As the D.C. Circuit noted 30 years ago, we live in “an age of overlapping and concurring regulatory jurisdiction.” Thompson Med. Co. v. FTC, 253 U.S. App. D.C. 18, 791 F.2d 189, 192 (D.C. Cir. 1986). Such regulatory and law-enforcement overlap, which the FTC shares with agencies such as the Consumer Financial Protection Bureau, the Federal Communication Commission, the Food and Drug Administration, and the Securities and Exchange Commission, does provide advantages. For example, knowing another agency also has jurisdiction can allow an agency to focus on, and therefore gain expertise in, certain complex areas and ensure there are no enforcement gaps between agencies’ statutory boundaries.
Nonetheless, such overlap also can lead to enforcement inefficiencies and inconsistencies. To mitigate the risk of these disadvantages to regulatory and law-enforcement overlap, agencies should define their clear priorities so that sister agencies know when to act. At the same time, however, agencies should not abdicate their responsibilities in areas that may not be a priority but still fit within their statutory boundaries.
The FTC is doing just that with financial services enforcement. Although the FTC will be refocusing its enforcement on fraudulent conduct, the agency generally will be careful to select targets for which Congress has made the FTC the main federal agency enforcer or in which the FTC has extensive enforcement experience. In addition, where the FTC and another agency have concurrent enforcement authority, the Commission generally will focus on targets that are not subject to another agency’s extensive supervision, examination, or other oversight. Careful FTC target selection is instrumental in ensuring that FTC law enforcement is both efficient and effective.
The FTC will make it a priority to engage in significant enforcement where Congress intended it to be the main enforcer among federal agencies. For example, the FTC is the leading federal agency enforcer under Section 5 of the FTC Act and other financial services statutes for many auto dealers—generally dealers that routinely assign financing to unaffiliated, third-party financing institutions. Other examples include the Credit Repair Organizations Act for providers of credit-repair services and the Telemarketing and Consumer Fraud and Abuse Prevention Act and its implementing Telemarketing Sales Rule for telemarketers. Given the leading role Congress assigned to the FTC under these laws to protect consumers, the agency will remain vigilant in monitoring, investigating, and prosecuting those who violate these laws.
Even where Congress has not made the FTC the primary federal agency enforcer, the FTC still may have developed substantial expertise through many years of enforcement experience. For example, over the course of 40 years, the FTC has brought numerous actions against debt collectors for violating the Fair Debt Collection Practices Act. The FTC also has extensive experience in bringing actions against debt-relief operations for violating Section 5 of the FTC Act and the Telemarketing Sales Rule as well as against mortgage-relief firms for violating Section 5 of the FTC Act and Regulation O. The FTC’s substantial expertise with regard to these types of entities assists the agency in targeting potential wrongdoers for investigation and prosecution. It also assists the FTC in fashioning relief that is effective in remedying law violations and preventing and deterring future law violations, yet not imposing unnecessary or undue burdens on industry. Given the clear advantages of making use of its accumulated expertise, the FTC will continue to be an active enforcer over these types of entities.
Although the FTC has had concurrent enforcement with other agencies for many years in connection with a variety of financial services statutes and regulations, the Dodd-Frank Act in 2010 fundamentally reworked these schemes. In particular, under the Dodd-Frank Act, the FTC and the CFPB have concurrent enforcement authority over many nonbank financial service providers under many statutes and regulations. When faced with such concurrent enforcement authority, the FTC and the CFPB must be careful to avoid duplication and the imposition of conflicting standards. As directed by Congress, the two agencies entered into a Memorandum of Understanding (MOU) in 2012 and renewed it in 2015 to address these concerns to some extent. These MOUs fundamentally create a process by which the FTC and the CFPB can coordinate. They do not allocate financial service providers between the FTC and the CFPB where the two agencies have concurrent enforcement authority.
Nevertheless, to ensure that it allocates its enforcement resources wisely, the FTC considers the nature and scope of the CFPB’s activities. For instance, the FTC generally would not expend its limited enforcement resources to focus on types of targets where the CFPB is already devoting substantial resources or has particular expertise that could be brought to bear on a specific matter. Debt-collection enforcement is a useful illustration. For larger market participants in the debt-collection market, the CFPB not only can bring enforcement actions, but also can subject firms to on-going, extensive, and burdensome supervision and examination. Given its comparative advantage in tools relative to the FTC relating to larger participants in debt-collection markets, the CFPB in many cases will be in a better position to address the consumer protection problems those debt collectors cause, although that does not necessarily mean that the enforcement actions it may bring are necessary or appropriate. Nevertheless, there still may be circumstances in which the FTC might bring law-enforcement actions against larger market participants in the debt-collection markets. Among other things, it would be appropriate for the FTC to bring an enforcement action if: (1) the FTC is investigating a group of related firms, one of which is a larger market participant; (2) a collector is close to the larger participant threshold; or (3) the action furthers other FTC priorities, as was the case with GC Services Limited Partnership.
In contrast, for debt collectors that are not larger participants, the CFPB and the FTC both can bring law-enforcement actions, but neither can subject these debt collectors to supervision and examination. For these collectors, the FTC certainly is in a good position to address the consumer protection problems they cause, given its strong record of accomplishment in bringing cases involving these debt collectors, and the FTC will continue to bring cases against these collectors where appropriate.
Responding to Fintech
Refocusing on financial fraud and on targets where FTC enforcement will capitalize on its authority and experience is a sound approach for today, but what about tomorrow? To be effective, FTC financial services law enforcement must be flexible enough to adapt quickly to changes in markets and technology, especially so-called Fintech.
Fintech has certainly arrived. A myriad of technological developments has and will continue to rapidly transform the financial services sector to make it much more efficient. Fintech development implicates many financial products and services, such as credit scoring, peer-to-peer lending, blockchain transaction recording, smartphone payments, etc. A financial services enforcement agenda must account and prepare for the impact of Fintech on consumers of financial goods and services.
Fortunately, the FTC has vast experience in assessing technological and market developments that are likely to affect consumers, and of changing course to ensure its tools (especially law enforcement) to protect consumers remain effective. Since Congress gave it the authority in 1937 to prevent unfair and deceptive acts and practices, the FTC has applied these concepts successfully to business conduct involving a plethora of new technologies, such as communication technologies like television, faxes, cell phones, e-mail, text messages, social media, etc. The FTC has done so through combining research and policy development, business guidance, consumer education, and enforcement.
Consistent with past practice and prudence, the FTC is engaged in extensive research and dialogue with stakeholders relating to Fintech to assess how to protect consumers in connection with Fintech, while avoiding policies and enforcement that would chill or hinder Fintech or impose unnecessary or undue burdens on Fintech firms. For example, the FTC has held three forums on several Fintech topics, such as marketplace lending, crowdfunding, peer-to-peer payment systems, artificial intelligence, and blockchain. The FTC also recently announced its Debt Collection Fintech Initiative. As part of this initiative, the FTC is engaging in outreach with industry and consumer groups, conducting research, and taking other steps to continue building expertise on the use of existing and emerging technologies in debt collection. The agency will be exploring the costs and benefits to consumers and businesses of such technologies, including whether it can combat fraud and other harmful conduct, e.g., phantom debt collection.
The FTC has made institutional changes to ensure that the agency has the required expertise to consider carefully and consistently the benefits and costs of technology, including Fintech. Not only does the FTC have a chief technologist, it also has an Office of Technology Research and Investigation staffed with technologists who have the technical expertise to assess the benefits and costs of conduct relating to Fintech, and who conduct research and analysis, including a recent analysis of the online practices of large crowdfunding platforms. Maintaining this vigorous and extensive program of research and outreach to distinguish between helpful and harmful conduct is particularly valuable in Fintech because of the FTC’s broad enforcement jurisdiction over nonbank market participants (including retailers and technology companies).
The FTC’s commitment to obtaining a comprehensive understanding of Fintech to inform its work does not mean that the agency will not act where appropriate to protect consumers. The FTC’s recent work involving emerging billing mechanisms and technologies aptly illustrates the agency’s law-enforcement commitment. The FTC has brought a number of cases ensuring that basic consumer protections apply no matter what billing platform or method a company uses to do business. For example, a U.S. district court recently ordered Amazon to refund up to $70 million in unauthorized charges incurred by children in kids’ gaming apps. Although the technology was relatively new, the principle enforced in that case—that companies may not charge consumers for unauthorized purchases—is well established and straightforward.
A settlement involving Apple, Inc. further demonstrates the value of the FTC seeking and imposing order provisions that allow for technological innovation. In that case, the FTC alleged that Apple had violated the FTC Act by billing for charges that children incurred through in-app purchases without the express informed consent of their parents. To resolve this allegation, the FTC’s settlement with Apple required that the company obtain parental consent, but it did not specify what particular manner Apple needed to use (e.g., password entry) to obtain that consent. Apple, therefore, was later able to use the newer technology of fingerprint authentication to obtain parental consent in compliance with its order. When the FTC brings law-enforcement actions that involve Fintech and other rapidly developing technologies, the public interest is best served if the agency seeks or imposes order provisions that confer adequate protection on consumers without unduly or unnecessarily hindering or chilling the use of new technologies.
Conclusion
FTC financial services enforcement is beginning to change under the direction of Acting Chairman Ohlhausen. The agency will be refocusing on investigating and prosecuting fraud in consumer financial markets, building on the FTC’s strong anti-fraud program. The FTC will direct its attention to entities over which Congress has made it the leading federal agency enforcer or with which the FTC has significant long-term experience, as well as to entities where it has a comparative advantage compared to other enforcers with concurrent enforcement authority. The agency will engage in extensive research and policy development to understand Fintech developments and its impact on consumers. The FTC will apply core consumer-protection principles to providers of Fintech goods and services, with a keen recognition of the dynamic nature of Fintech and markets in crafting orders to protect consumers without stifling technological innovation.
The views expressed in this article are those of the author and do not necessarily represent the views of the FTC or any individual commissioner.
