August 4, 2014 | Legal Memorandum on Legal Issues
The Justice Department’s Operation Choke Point threatens to harm legitimate businesses while reducing the welfare of their customers. Imposition of such new burdens by long-established agencies also appears to be inefficient if not inappropriate, since a new specialized agency, the Consumer Financial Protection Bureau, has been established precisely to deal with the problem of financial fraud. OCP should be reoriented to focus instead on objective empirical evidence of the likelihood of fraudulent conduct. It should eschew arbitrary classifications of “suspect” industries and avoid placing excessive burdens on financial intermediaries to act as government agents in the detection of fraud. Adoption by federal regulators of recommendations along these lines would protect consumers from financial fraud without hobbling legitimate business interests and depriving consumers of full access to the legal products and services they desire.
Misapplication of a U.S. Department of Justice (DOJ) program known as Operation Choke Point (OCP) threatens to impose substantial costs on fully legal but government-disfavored categories of businesses, according to a May 29, 2014, report from the House Committee on Oversight and Government Reform. As outlined in the House Report, OCP is implemented through DOJ investigations that have induced some banks to end their business relationships with entirely law-abiding merchants that the government characterizes as “high risk.” Additionally, other important U.S. government agencies that deal with bank and non-bank financial institution payment systems also may, through their participation in OCP, chill legitimate business behavior.
In short, misapplication of OCP to legitimate commercial conduct would harm the economy and be an affront to the rule of law. In implementing OCP, the U.S. government should stick to pursuing truly fraudulent and deceptive activity and not “stretch” its statutory authority by targeting legal industries of which it disapproves.
Starting in 2013, DOJ instituted a broad investigation of banks and financial payment processors, informally dubbed OCP. It did this through subpoenas issued under Section 951 of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA), which authorizes the Attorney General to seek civil monetary penalties against entities that commit mail or wire fraud “affecting a federally insured financial institution.”
Although DOJ has stated that the goal of OCP is to combat unlawful mass market consumer fraud—a laudable objective—documents cited in the House report indicate that a primary OCP target may be the lawful short-term lending industry. In helping to launch OCP, the Consumer Protection Working Group of the DOJ-led interagency Financial Fraud Enforcement Task Force (comprised of large numbers of government agencies) stated that, in addition to fraudulent activities, it would examine payday lending (the provision of small short-term unsecured loans typically due on the borrower’s next pay day) and payment processing (the handling of credit card and other third-party payments for businesses), both of which are legal financial practices.
Subsequent DOJ documents cited payday lending as the primary target of OCP, and internal records of DOJ settlement negotiations with subpoenaed banks included DOJ proposals regarding bans on doing business with specific types of lawful financial services, including payday lending, debt relief companies, foreclosure rescue companies, and credit repair companies. Consistent with those documents, a trade association of money service businesses and lenders submitted multiple account termination letters in which the banks attributed the terminations to OCP. Indeed, an internal DOJ status report deemed it a “significant accomplishment” that “many banks decided to stop processing transactions in support of Internet pay lenders” and added that its investigative plans should not be altered despite “the possibility that banks may have therefore decided to stop doing businesses with legitimate lenders[.]”
In short, FIRREA enforcement tools specifically designed for attacking businesses engaged in fraud are being applied by DOJ to attack non-fraudulent purveyors of financial services that operate in disfavored market segments. This seemingly involves application of a statute to parties not within its intended scope (here, merchants involved in legal but government-disfavored enterprises), raising serious rule of law concerns.
The implicit coercion of third-party financial institutions (who fear government investigations) into achieving a dubious government end by “cutting off” disfavored merchants is particularly insidious: It effectively precludes the ultimate victims from directly challenging the government’s authority to act. Moreover, this policy works as an implicit tax on disfavored but lawful industry sectors (for example, payday lenders) by reducing their access to third-party financial intermediaries and requiring them to accept costlier, less desired business alternatives. This raises the overall price and availability of these lawful services, ultimately harming consumers.
OCP has also been extended to banks’ relationships with legitimate but disfavored non-financial firms. Prior to OCP, in 2011, the Federal Deposit Insurance Corporation (FDIC), a U.S. government corporation that insures bank deposits and engages in certain bank supervisory activities, as well as being an active participant in the DOJ-led Financial Fraud Task Force, posted a motley list of 30 legal and illegal business categories “associated with high risk activity,” including, for example, ammunition sales, cable box descramblers, coin dealers, credit repair services, dating services, pharmaceutical sales, drug paraphernalia, Ponzi schemes, and racist materials. The FDIC provided no explanation either as to why particular types of merchants were deemed “high risk” or as to why such legitimate businesses as coin dealers and firearm sales were lumped in with illegal or offensive activities such as Ponzi schemes and racist materials.
Subsequently, in 2012, the FDIC issued revised guidelines regarding FDIC-supervised depository institutions’ relationships with payment processors. This guidance identified various categories of businesses that posed “elevated…legal, reputational, and compliance risks” to depository institutions. These included credit card companies, debt consolidation and forgiveness programs, online gambling–related operations, government grant or will-writing kits, payday or subprime loans, pornography, online tobacco or firearms sales, pharmaceutical sales, sweepstakes, and magazine subscriptions.
According to the House report, the rollout of OCP in 2013 (with its implicit threat of federal investigations) may have caused FDIC-supervised financial institutions to heed the FDIC’s warnings about doing business with companies in “high risk” sectors. The report notes that a bank terminated its relationship with a firearms seller because its “line of business [wa]s not commensurate with the industries we work with.” The report also cites documents indicating that FDIC attorneys have been assigned to work with DOJ in investigations of banks and bank processing.
By promulgating a long list of legitimate industries that banks may wish to avoid, the FDIC’s actions actually may have a broader impact than DOJ’s initiatives in undermining the rule of law. Apart from the obvious economic harm to the disfavored sectors and the consumers who are their clients, such actions facially single out for scrutiny presumably law-abiding commercial enterprises on the basis of subjective animus (disdain for the industry in which they operate) that is not directly linked to the risk of fraud. An analogous government action might be special police surveillance directed at members of ethnic groups that are deemed to have “shady” reputations.
The U.S. Federal Trade Commission (FTC), which investigates and sanctions unfair and deceptive practices that harm consumers, is reported to be deeply involved in implementing OCP. According to a May 2014 study by the Electronic Transactions Association, the FTC recently has targeted non-bank firms within the financial payment systems industry in order to reach the allegedly deceptive trade practices of their merchants.
First, in 2013, the FTC sued payment processors and independent sales organizations (ISOs) in federal district court for their role in facilitating payment card transactions of merchants allegedly engaged in deceptive conduct. The FTC takes the position that a processor or ISO has reason to know of unusually high chargeback rates, high returns, and publicly accessible consumer complaints associated with merchants with which it deals. The FTC views payment processors that “turn a blind eye” to such “red flag” indications of consumer fraud by their business customers as providing “substantial assistance or support” to deceptive marketing practices by those businesses in violation of the FTC’s Telemarketing Sales Rule.
Second, the FTC has brought contempt sanctions in federal district court against processors that continue to honor consumer-requested chargebacks after a court freezes a merchant’s funds. Relatedly, it has argued that processors that honor chargeback requests by debiting reserve accounts linked to the culpable merchants should be liable for relinquishing the accounts to FTC-appointed receivers. The FTC’s position is that processors that continue to do business with merchants who show indicia of possibly illegal conduct should bear the risk for any ensuing chargebacks.
Although actions of this sort arguably fall within the scope of the FTC’s authority under an aggressive legal interpretation of the Telemarketing Rule, they raise a number of serious rule of law and economic policy problems. Most profoundly, these FTC actions smack of a government effort to shift the cost of law enforcement and, in particular, the cost of undertaking investigations onto private parties. The FTC’s initiatives effectively make third-party financial intermediaries (here, payment processors) consumer fraud “watchdogs” subject to vague and ill-defined standards of culpability. For example, when does the percentage of sales resulting in chargebacks reach the point that it is a red flag for merchant deception rather than a mere indicator of innocuous non-fraud-related consumer frustration?
More generally, the FTC’s approach creates a serious line-drawing problem: Just how many allegedly fraudulent transactions are required for a financial intermediary to conclude that a business is illegitimate? This uncertainty in application of the law may cause payment processors to be overzealous in reporting on or ending relationships with legitimate businesses, curbing efficient financial activity and harming the prospects of legitimate enterprises that are cut off. Furthermore, risk-averse processors may elect to avoid entering into commercial arrangements with legitimate businesses from markets that are deemed “high risk” by the FTC. This could exclude legitimate companies from the payment card market or lead them to migrate to other payment vehicles that are costlier to consumers.
In short, payment processors, legitimate businesses that deal with them, and consumers of those businesses all stand to be harmed if these recent FTC legal initiatives continue.
The FTC nevertheless might contend that its new prosecution policy will incentivize heretofore ignorant processors to uncover more fraud and thereby prevent harm to consumers. Such an argument, however, would miss the mark on both legal and economic grounds.
The FTC’s core consumer protection authority arises from the prohibition of “deception” and “unfairness.” The FTC defines “deception” as involving “a representation, omission or practice that is likely to mislead the consumer acting reasonably in the circumstances, to the consumer’s detriment.” Assigning liability to payment processors not based on their acts, but merely based on potentially deceptive actions by their business clients (which the processors are asked to ferret out) is at least one step removed from this limitation on the FTC’s pursuit of deception.
Alternatively, if the FTC sought to treat processors’ failures to police merchants as “unfair,” it would be required statutorily to identify “an act or practice [that] causes or is likely to cause substantial injury to consumers which is not reasonably avoided by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.” This necessarily calls for cost-benefit analysis, but even if processors’ alleged failure to police merchants constituted an act that indirectly harmed consumers (due to the merchants’, not the processors’, fraud), the cost-benefit component of unfairness would not appear to be satisfied.
As already discussed, the vigorous targeting and prosecution of third-party processors raises costs to consumers and harms merchants and processors, thereby undermining effective competition. Thus, avoidance of such targeting by the FTC would eliminate these harms and create substantial “countervailing benefits” for both consumers and competition. There is strong reason to believe that such benefits would more than outweigh whatever gains in consumer fraud avoidance were achieved, particularly since culpable merchants could still be prosecuted directly for fraud, as could the payment processors if it could be proven that they were actively in cahoots with the fraudster merchant.
Finally, the Electronic Transactions Association, a global trade association that represents the payments industry, published in April 2014 a set of guidelines embodying best practices “to help eliminate prohibited and undesirable merchants from entering into or remaining in the card acceptance ecosystem.” Those guidelines suggest underwriting and monitoring standards and other policies that processors may wish to employ in dealing with ISOs and merchants—in particular, “high risk” merchants. The FTC should allow time for this self-regulatory approach to be tried before embarking on aggressive investigations and prosecutions that may reduce the economic efficiency of the payments system and impose unwarranted costs on business.
In short, FTC prosecution of payment processors who knowingly participate in merchants’ frauds is appropriate, but a publicly announced FTC decision to eschew prosecuting payment processors who are not knowing participants in such frauds (perhaps based on a policy statement noting limits on the invocation of “deception” and “unfairness” authority and stressing the value of deference to industry self-regulation whenever reasonable) could have broader beneficial policy implications. Because the FDIC has adopted and applies FTC definitions of unfair or deceptive practices in its financial examination practices, such an FTC action might prompt the FDIC to rethink its posture of pressuring banks to avoid business relationships with “pariah” industries.
Moreover, such a rethinking of FTC enforcement policy could influence the other federal banking agencies (Federal Reserve Board, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision) as well, since they too enforce the FTC’s deception and unfairness authority with regard to the institutions they supervise. The Consumer Financial Protection Bureau might also benefit by adopting legally and economically sound approaches to deception and unfairness in shaping its policy toward financial intermediaries.
Combating financial fraud undoubtedly is an important government function, and enforcement agency cooperation to target fraudulent conduct more effectively is fully justifiable. Unfortunately, however, implementation of Operation Choke Point by the DOJ, the FDIC, and the FTC appears to have strayed far from sound enforcement policy. There are indications that it has involved pressuring financial institutions to avoid doing business with legal yet disfavored industries without regard to a showing of fraud.
In its implementation, OCP appears to have departed from neutral application of the law. It also threatens to seriously harm legitimate businesses while reducing the welfare of their customers. In addition, imposition of such new burdens by long-established agencies appears to be inefficient if not inappropriate, since a new specialized agency, the Consumer Financial Protection Bureau, has been established precisely to deal with the problem of financial fraud.
OCP should be reoriented to focus instead on objective empirical evidence of the likelihood of fraudulent conduct. It should eschew arbitrary classifications of “suspect” industries and avoid placing excessive burdens on financial intermediaries to act as government agents in the detection of fraud. Specifically:
Adoption by federal regulators of recommendations along these lines would protect consumers from financial fraud without hobbling legitimate business interests and depriving consumers of full access to the legal products and services they desire.—Alden F. Abbott is Deputy Director of the Edwin Meese III Center for Legal and Judicial Studies and John, Barbara, and Victoria Rumpel Senior Legal Fellow at The Heritage Foundation.
 Staff of H.R. Comm. on Oversight and Government Reform, 113th Cong., Rep. on The Department of Justice’s “Operation Choke Point”: Illegally Choking Off Legitimate Businesses? (2014), available at http://oversight.house.gov/wp-content/uploads/2014/05/Staff-Report-Operation-Choke-Point1.pdf.
 This Legal Memorandum focuses on three agencies whose involvement in implementing OCP has been widely reported: DOJ, the Federal Deposit Insurance Corporation, and the Federal Trade Commission. The concerns about OCP-motivated legal overreach raised herein (and proposed remedies discussed later) may also apply to the actions of other government agencies that have received less attention.
 The Consumer Protection Working Group includes representatives from DOJ, the Federal Trade Commission, and the Consumer Financial Protection Bureau. See About the Financial Fraud Enforcement Task Force Leadership, StopFraud.gov, http://www.stopfraud.gov/leadership.html (last visited July 21, 2014), http://www.stopfraud.gov/leadership.html. The Consumer Financial Protection Bureau, established pursuant to the Dodd–Frank Wall Street Reform and Consumer Protection Act, Publ. L. No. 111-203, 124 Stat. 1376 (2010), has broad authority to regulate consumer financial services. About Us, Consumer Financial Protection Bureau, http://www.consumerfinance.gov/the-bureau/ (last visited July 21, 2014).
 What Is a Payday Loan, Consumer Financial Protection Bureau (Nov. 16, 2013), http://www.consumerfinance.gov/askcfpb/1567/what-payday-loan.html. Although payday loan companies, like firms in any industry, may engage in abusive and fraudulent practices, they provide valuable services to consumers who have difficulty accessing traditional banking and credit services. Payday loans may “bridge unexpected financial short-falls between paychecks, receipt of benefits, or other sources of income.” Consumer Financial Protection Bureau Payday Loans and Deposit Advance Products: A White Paper of Initial Data Findings 6. Thus, the payday lending industry performs a valuable social function. See generally Todd J. Zywicki and Astrid Arca, The Case Against New Restrictions on Payday Lending, 64 Mercatus on Policy (Jan. 2010), available at http://mercatus.org/sites/default/files/publication/MOP64_FMWG_Payday%20Lending_web.pdf; Robert L. Clarke and Todd J. Zywicki, Payday Lending, Bank Overdraft Protection, and Fair Competition at the Consumer Financial Protection Bureau, 33 Review of Banking & Financial Law 235 (2013–2014). Accordingly, efforts to cripple the payday lending industry are harmful to consumer welfare. It follows that payday lenders, like other legal businesses, should be treated neutrally and dispassionately under the rule of law, with normal legitimate conduct left to flourish while fraudulent practices are prosecuted.
 “Nonbank or third-party payment processors (processors) are bank customers that provide payment-processing services to merchants and other business entities. Traditionally, processors contracted primarily with retailers that had physical locations in order to process the retailers’ transactions. These merchant transactions primarily included credit card payments but also covered automated clearing house (ACH) transactions, remotely created checks (RCC), and debit and prepaid cards transactions. With the expansion of the Internet, retail borders have been eliminated. Processors now provide services to a variety of merchant accounts, including conventional retail and Internet-based establishments, prepaid travel, telemarketers, and Internet gaming enterprises.” Third Party Payment Processors—Overview, Bank Secrecy Act/Anti-Money Laundering InfoBase, available at http://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_063.htm (last visited July 21, 2014).
 House Report, supra note 1, at 7, notes 31–32 (citing HOGR-3PPP000333 and HOGR-3PPP000335).
 See, e.g., FTC v. Standard Oil Co., 449 U.S. 232, 245 (1980), for example of refusing to permit judicial review of an agency’s filing of an administrative complaint on the ground that the complaint is not final agency action.
 House Report, supra note 1, at 8.
 Id. at 7–8.
 The statutes enforced by the FTC are set forth and described at the FTC’s website. Statutes Enforced or Administered by the Commission, Fed. Trade Comm’n, http://www.ftc.gov/enforcement/statutes (last visited July 21, 2014). The FTC’s authority to combat unfair or deceptive acts or practices is set forth in Section 5(a)(1) of the Fed. Trade Comm’n Act, 15 U.S.C. § 45(a)(1).
 Edward A. Marshall, Operation “Choke Point”: An Aggressive FTC and the Response of the Payment Systems Industry, Electronic Transactions Association (May 8, 2014), http://www.electran.org/ocp/. The following discussion of FTC initiatives is derived from this article.
 “The payment card industry defines an ISO as an organization or individual that is not an Association member (meaning not a Visa or MasterCard member bank), but which has a bank card relationship with an actual Association member. Such a relationship can involve various things, such as acquiring or issuing functions, soliciting new customers, arranging for terminal purchases or leases, providing customer service, soliciting cardholders, etc.” What Is an Independent Sales Organization (ISO)? UniBul Credit Card Blog (April 21, 2010), http://blog.unibulmerchantservices.com/what-is-an-independent-sales-organization-iso/. Subsequent references to payment processors also should be deemed to cover ISOs.
 The Telemarketing Sales Rule, 16 C.F.R. § 310. In particular, the FTC has relied on regulatory language that this rule is violated when “a person provides substantial assistance or support to any seller or telemarketer when that person knows or consciously avoids knowing that the seller or telemarketer is engaged in any [fraudulent] act or practice that violates…this Rule[.],” 16 C.F.R. § 310.3(b).
 The DOJ and FDIC activities summarized above are even more egregious off-loadings of law enforcement responsibilities because they effectively involve the “blacklisting” of entire lawful industry sectors without regard to whether enforcement “red flags” are present.
 According to the FTC, “[a] chargeback occurs when a consumer disputes a charge to a credit card and the charge is reversed. The average chargeback rate in the United States is well below one percent, meaning fewer than one out of every 100 credit card transactions is reversed as a result of a chargeback.” Press Release, Fed. Trade Comm’n, FTC Sues Payment Processor for Assisting Credit Card Debt Relief Scam (June 5, 2013), http://www.ftc.gov/news-events/press-releases/2013/06/ftc-sues-payment-processor-assisting-credit-card-debt-relief-scam.
 Chargebacks may arise for a variety of reasons, many of which are innocuous. See Edward Marshall, FTC’s “Crackdown” on Processors and ISOs Misconstrues Chargebacks, PaymentsSource (Dec. 10, 2013), http://www.paymentssource.com/news/ftc-crackdown-on-processors-and-isos-misconstrues-chargebacks-3016245-1.html?zkPrintable=1&nopagination=1.
 The FTC would be justified, of course, in prosecuting payment processors who had knowingly and deliberately participated in fraudulent schemes with merchants.
 The Telemarketing Sales Rule, which the FTC has invoked in its recent actions against processors, is authorized under 15 U.S.C. § 6102(a)(1), which empowers the FTC to “prescribe rules prohibiting deceptive telemarketing acts or practices and other abusive telemarketing acts or practices.” The references to “deceptive” and “abusive” conduct clearly “sound in,” and should be read in light of, the FTC’s general statutory authority to prohibit unfair or deceptive practices.
 FTC Policy Statement on Deception, Oct. 14, 1983, appended to Clifford Associates, Inc., 103 F.T.C. 110, 174 (1984), http://www.ftc.gov/ftc-policy-statement-on-deception.
 15 U.S.C. §45(n).
 See, e.g., J. Howard Beales III, Director, Bureau of Consumer Protection, Fed. Trade Comm’n, The FTC’s Use of Unfairness Authority: Its Rise, Fall, and Resurrection, Address before the Marketing and Public Policy Conference (May 30, 2003), available at http://www.ftc.gov/public-statements/2003/05/ftcs-use-unfairness-authority-its-rise-fall-and-resurrection. Current FTC Commissioner Josh Wright also has stressed the importance of cost-benefit analysis. See, e.g., Joshua D. Wright, Commissioner, Fed. Trade Comm’n, The Economics of Access to Civil Justice: Consumer Law, Mass Torts, and Class Actions, Remarks to the George Mason University Law & Economics Center and Alliance of California Judges (March 16, 2014), available at http://www.ftc.gov/system/files/documents/public_statements/293621/140316civiljustice-wright.pdf.
 See Marshall, Operation “Choke Point,” supra note 16, for the brief discussion of the guidelines.
 A policy statement could invoke legal and economic analysis as a basis for such an exercise of prosecutorial discretion. It could also clarify that the concern is not pursuing processors who adopt reasonable business practices. Furthermore, it might provide that processors who take extraordinary steps to remain “willfully blind” to merchants’ frauds will not be shielded from prosecution. The FTC has a long history of releasing enforcement policy statements. See Search Results, Fed. Trade Comm’n, http://www.ftc.gov/search/site/%22policy%20statements%22 (last visited July 22, 2014), for a listing of FTC policy statements.
 See Fed. Deposit Insurance Corporation, Compliance Manual Ch. VII (Jan. 2014), http://www.fdic.gov/regulations/compliance/manual/pdf/VII-1.1.pdf.