The Justice Department’s Operation Choke Point threatens to harm legitimate businesses while reducing the welfare of their customers. Imposition of such new burdens by long-established agencies also appears to be inefficient if not inappropriate, since a new specialized agency, the Consumer Financial Protection Bureau, has been established precisely to deal with the problem of financial fraud. OCP should be reoriented to focus instead on objective empirical evidence of the likelihood of fraudulent conduct. It should eschew arbitrary classifications of “suspect” industries and avoid placing excessive burdens on financial intermediaries to act as government agents in the detection of fraud. Adoption by federal regulators of recommendations along these lines would protect consumers from financial fraud without hobbling legitimate business interests and depriving consumers of full access to the legal products and services they desire.
Misapplication of a U.S. Department of Justice (DOJ) program known as Operation Choke Point (OCP) threatens to impose substantial costs on fully legal but government-disfavored categories of businesses, according to a May 29, 2014, report from the House Committee on Oversight and Government Reform. As outlined in the House Report, OCP is implemented through DOJ investigations that have induced some banks to end their business relationships with entirely law-abiding merchants that the government characterizes as “high risk.” Additionally, other important U.S. government agencies that deal with bank and non-bank financial institution payment systems also may, through their participation in OCP, chill legitimate business behavior.
In short, misapplication of OCP to legitimate commercial conduct would harm the economy and be an affront to the rule of law. In implementing OCP, the U.S. government should stick to pursuing truly fraudulent and deceptive activity and not “stretch” its statutory authority by targeting legal industries of which it disapproves.
OCP and DOJ: Attacking Disfavored Consumer Finance Firms
Starting in 2013, DOJ instituted a broad investigation of banks and financial payment processors, informally dubbed OCP. It did this through subpoenas issued under Section 951 of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA), which authorizes the Attorney General to seek civil monetary penalties against entities that commit mail or wire fraud “affecting a federally insured financial institution.”
Although DOJ has stated that the goal of OCP is to combat unlawful mass market consumer fraud—a laudable objective—documents cited in the House report indicate that a primary OCP target may be the lawful short-term lending industry. In helping to launch OCP, the Consumer Protection Working Group of the DOJ-led interagency Financial Fraud Enforcement Task Force (comprised of large numbers of government agencies) stated that, in addition to fraudulent activities, it would examine payday lending (the provision of small short-term unsecured loans typically due on the borrower’s next pay day) and payment processing (the handling of credit card and other third-party payments for businesses), both of which are legal financial practices.
Subsequent DOJ documents cited payday lending as the primary target of OCP, and internal records of DOJ settlement negotiations with subpoenaed banks included DOJ proposals regarding bans on doing business with specific types of lawful financial services, including payday lending, debt relief companies, foreclosure rescue companies, and credit repair companies. Consistent with those documents, a trade association of money service businesses and lenders submitted multiple account termination letters in which the banks attributed the terminations to OCP. Indeed, an internal DOJ status report deemed it a “significant accomplishment” that “many banks decided to stop processing transactions in support of Internet pay lenders” and added that its investigative plans should not be altered despite “the possibility that banks may have therefore decided to stop doing businesses with legitimate lenders[.]”
In short, FIRREA enforcement tools specifically designed for attacking businesses engaged in fraud are being applied by DOJ to attack non-fraudulent purveyors of financial services that operate in disfavored market segments. This seemingly involves application of a statute to parties not within its intended scope (here, merchants involved in legal but government-disfavored enterprises), raising serious rule of law concerns.
The implicit coercion of third-party financial institutions (who fear government investigations) into achieving a dubious government end by “cutting off” disfavored merchants is particularly insidious: It effectively precludes the ultimate victims from directly challenging the government’s authority to act. Moreover, this policy works as an implicit tax on disfavored but lawful industry sectors (for example, payday lenders) by reducing their access to third-party financial intermediaries and requiring them to accept costlier, less desired business alternatives. This raises the overall price and availability of these lawful services, ultimately harming consumers.
OCP and the FDIC: Going After Non-Financial Firms
OCP has also been extended to banks’ relationships with legitimate but disfavored non-financial firms. Prior to OCP, in 2011, the Federal Deposit Insurance Corporation (FDIC), a U.S. government corporation that insures bank deposits and engages in certain bank supervisory activities, as well as being an active participant in the DOJ-led Financial Fraud Task Force, posted a motley list of 30 legal and illegal business categories “associated with high risk activity,” including, for example, ammunition sales, cable box descramblers, coin dealers, credit repair services, dating services, pharmaceutical sales, drug paraphernalia, Ponzi schemes, and racist materials. The FDIC provided no explanation either as to why particular types of merchants were deemed “high risk” or as to why such legitimate businesses as coin dealers and firearm sales were lumped in with illegal or offensive activities such as Ponzi schemes and racist materials.
Subsequently, in 2012, the FDIC issued revised guidelines regarding FDIC-supervised depository institutions’ relationships with payment processors. This guidance identified various categories of businesses that posed “elevated…legal, reputational, and compliance risks” to depository institutions. These included credit card companies, debt consolidation and forgiveness programs, online gambling–related operations, government grant or will-writing kits, payday or subprime loans, pornography, online tobacco or firearms sales, pharmaceutical sales, sweepstakes, and magazine subscriptions.
According to the House report, the rollout of OCP in 2013 (with its implicit threat of federal investigations) may have caused FDIC-supervised financial institutions to heed the FDIC’s warnings about doing business with companies in “high risk” sectors. The report notes that a bank terminated its relationship with a firearms seller because its “line of business [wa]s not commensurate with the industries we work with.” The report also cites documents indicating that FDIC attorneys have been assigned to work with DOJ in investigations of banks and bank processing.
By promulgating a long list of legitimate industries that banks may wish to avoid, the FDIC’s actions actually may have a broader impact than DOJ’s initiatives in undermining the rule of law. Apart from the obvious economic harm to the disfavored sectors and the consumers who are their clients, such actions facially single out for scrutiny presumably law-abiding commercial enterprises on the basis of subjective animus (disdain for the industry in which they operate) that is not directly linked to the risk of fraud. An analogous government action might be special police surveillance directed at members of ethnic groups that are deemed to have “shady” reputations.
OCP and the Federal Trade Commission
The U.S. Federal Trade Commission (FTC), which investigates and sanctions unfair and deceptive practices that harm consumers, is reported to be deeply involved in implementing OCP. According to a May 2014 study by the Electronic Transactions Association, the FTC recently has targeted non-bank firms within the financial payment systems industry in order to reach the allegedly deceptive trade practices of their merchants.
First, in 2013, the FTC sued payment processors and independent sales organizations (ISOs) in federal district court for their role in facilitating payment card transactions of merchants allegedly engaged in deceptive conduct. The FTC takes the position that a processor or ISO has reason to know of unusually high chargeback rates, high returns, and publicly accessible consumer complaints associated with merchants with which it deals. The FTC views payment processors that “turn a blind eye” to such “red flag” indications of consumer fraud by their business customers as providing “substantial assistance or support” to deceptive marketing practices by those businesses in violation of the FTC’s Telemarketing Sales Rule.
Second, the FTC has brought contempt sanctions in federal district court against processors that continue to honor consumer-requested chargebacks after a court freezes a merchant’s funds. Relatedly, it has argued that processors that honor chargeback requests by debiting reserve accounts linked to the culpable merchants should be liable for relinquishing the accounts to FTC-appointed receivers. The FTC’s position is that processors that continue to do business with merchants who show indicia of possibly illegal conduct should bear the risk for any ensuing chargebacks.
Although actions of this sort arguably fall within the scope of the FTC’s authority under an aggressive legal interpretation of the Telemarketing Rule, they raise a number of serious rule of law and economic policy problems. Most profoundly, these FTC actions smack of a government effort to shift the cost of law enforcement and, in particular, the cost of undertaking investigations onto private parties. The FTC’s initiatives effectively make third-party financial intermediaries (here, payment processors) consumer fraud “watchdogs” subject to vague and ill-defined standards of culpability. For example, when does the percentage of sales resulting in chargebacks reach the point that it is a red flag for merchant deception rather than a mere indicator of innocuous non-fraud-related consumer frustration?
More generally, the FTC’s approach creates a serious line-drawing problem: Just how many allegedly fraudulent transactions are required for a financial intermediary to conclude that a business is illegitimate? This uncertainty in application of the law may cause payment processors to be overzealous in reporting on or ending relationships with legitimate businesses, curbing efficient financial activity and harming the prospects of legitimate enterprises that are cut off. Furthermore, risk-averse processors may elect to avoid entering into commercial arrangements with legitimate businesses from markets that are deemed “high risk” by the FTC. This could exclude legitimate companies from the payment card market or lead them to migrate to other payment vehicles that are costlier to consumers.
In short, payment processors, legitimate businesses that deal with them, and consumers of those businesses all stand to be harmed if these recent FTC legal initiatives continue.
The FTC nevertheless might contend that its new prosecution policy will incentivize heretofore ignorant processors to uncover more fraud and thereby prevent harm to consumers. Such an argument, however, would miss the mark on both legal and economic grounds.
The FTC’s core consumer protection authority arises from the prohibition of “deception” and “unfairness.” The FTC defines “deception” as involving “a representation, omission or practice that is likely to mislead the consumer acting reasonably in the circumstances, to the consumer’s detriment.” Assigning liability to payment processors not based on their acts, but merely based on potentially deceptive actions by their business clients (which the processors are asked to ferret out) is at least one step removed from this limitation on the FTC’s pursuit of deception.
Alternatively, if the FTC sought to treat processors’ failures to police merchants as “unfair,” it would be required statutorily to identify “an act or practice [that] causes or is likely to cause substantial injury to consumers which is not reasonably avoided by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.” This necessarily calls for cost-benefit analysis, but even if processors’ alleged failure to police merchants constituted an act that indirectly harmed consumers (due to the merchants’, not the processors’, fraud), the cost-benefit component of unfairness would not appear to be satisfied.
As already discussed, the vigorous targeting and prosecution of third-party processors raises costs to consumers and harms merchants and processors, thereby undermining effective competition. Thus, avoidance of such targeting by the FTC would eliminate these harms and create substantial “countervailing benefits” for both consumers and competition. There is strong reason to believe that such benefits would more than outweigh whatever gains in consumer fraud avoidance were achieved, particularly since culpable merchants could still be prosecuted directly for fraud, as could the payment processors if it could be proven that they were actively in cahoots with the fraudster merchant.
Finally, the Electronic Transactions Association, a global trade association that represents the payments industry, published in April 2014 a set of guidelines embodying best practices “to help eliminate prohibited and undesirable merchants from entering into or remaining in the card acceptance ecosystem.” Those guidelines suggest underwriting and monitoring standards and other policies that processors may wish to employ in dealing with ISOs and merchants—in particular, “high risk” merchants. The FTC should allow time for this self-regulatory approach to be tried before embarking on aggressive investigations and prosecutions that may reduce the economic efficiency of the payments system and impose unwarranted costs on business.
In short, FTC prosecution of payment processors who knowingly participate in merchants’ frauds is appropriate, but a publicly announced FTC decision to eschew prosecuting payment processors who are not knowing participants in such frauds (perhaps based on a policy statement noting limits on the invocation of “deception” and “unfairness” authority and stressing the value of deference to industry self-regulation whenever reasonable) could have broader beneficial policy implications. Because the FDIC has adopted and applies FTC definitions of unfair or deceptive practices in its financial examination practices, such an FTC action might prompt the FDIC to rethink its posture of pressuring banks to avoid business relationships with “pariah” industries.
Moreover, such a rethinking of FTC enforcement policy could influence the other federal banking agencies (Federal Reserve Board, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision) as well, since they too enforce the FTC’s deception and unfairness authority with regard to the institutions they supervise. The Consumer Financial Protection Bureau might also benefit by adopting legally and economically sound approaches to deception and unfairness in shaping its policy toward financial intermediaries.
What Needs to Be Done
Combating financial fraud undoubtedly is an important government function, and enforcement agency cooperation to target fraudulent conduct more effectively is fully justifiable. Unfortunately, however, implementation of Operation Choke Point by the DOJ, the FDIC, and the FTC appears to have strayed far from sound enforcement policy. There are indications that it has involved pressuring financial institutions to avoid doing business with legal yet disfavored industries without regard to a showing of fraud.
In its implementation, OCP appears to have departed from neutral application of the law. It also threatens to seriously harm legitimate businesses while reducing the welfare of their customers. In addition, imposition of such new burdens by long-established agencies appears to be inefficient if not inappropriate, since a new specialized agency, the Consumer Financial Protection Bureau, has been established precisely to deal with the problem of financial fraud.
OCP should be reoriented to focus instead on objective empirical evidence of the likelihood of fraudulent conduct. It should eschew arbitrary classifications of “suspect” industries and avoid placing excessive burdens on financial intermediaries to act as government agents in the detection of fraud. Specifically:
- DOJ and all Financial Fraud Enforcement Task Force agencies (federal regulators) should inform the bank and non-bank financial intermediaries they regulate that they are rescinding all lists of “problematic” industries engaging in lawful activities (for example, legal gun sellers) that may trigger federal enforcement concern.
- In implementing OCP, the federal regulators should state publicly that they oppose all discrimination against companies on grounds that are not directly related to a proven propensity for engaging in fraud or other serious illegal conduct.
- In implementing OCP, if backed by empirical evidence, federal regulators should issue very specific red-flag indicia of fraud by merchants which, if discovered by financial intermediaries, may justify termination of the intermediaries’ relationships with those merchants, as well as informing the appropriate regulatory agencies. This guidance should clarify that the onus is not being placed on the intermediaries to uncover the indicia and that the intermediaries will not be subject to federal investigation or sanction if fraud by the merchants subsequently is revealed so long as the merchants acted with reasonable prudence, consistent with sound business practices.
- The FTC should issue a policy statement providing that it will not sue payment processors based on alleged fraud by merchants unless there is evidence that the processors knowingly participated in fraud. Further, the statement should express a preference for deferring in the first place and whenever reasonable to industry self-regulation.
Adoption by federal regulators of recommendations along these lines would protect consumers from financial fraud without hobbling legitimate business interests and depriving consumers of full access to the legal products and services they desire.
—Alden F. Abbott is Deputy Director of the Edwin Meese III Center for Legal and Judicial Studies and John, Barbara, and Victoria Rumpel Senior Legal Fellow at The Heritage Foundation.