The Consumer Financial Protection Bureau (“CFPB” or “Bureau”) or other agencies are faced with a choice: either pursue alleged violators one-by-one on the basis of their own acts, or impact hundreds or thousands of entities in a single action by pursuing the payment processor (or other service provider) upon which those other companies rely. The latter is the concept behind a chokepoint-style investigation. The legal basis is a statutory provision that would cause an ancillary or B2B business (i.e., processors) to be deemed liable for the conduct of the consumer-facing companies (i.e., the primary alleged violators). (Think of the latter as the rim and the former as the hub of a bicycle wheel.) In pursuing chokepoint-style matters, the CFPB or other agencies are able to dramatically expand its reach and pursue more market-changing enforcement actions, as opposed to going after the primary alleged violators in single cases. The concept here is that the processors enabled, or “facilitated and assisted,” the acts of the other.
The CFPB has pursued chokepoint-style investigations against payment processors since at least 2013. About three weeks ago, under the Biden administration, CFPB has filed its first public lawsuit of this type against BrightSpeed Solutions, Inc., and its founder/COO, Kevin Howard, in a matter involving a specified pattern of conduct by sellers and telemarketers of anti-virus software and tech support.
Hold on. How is an anti-virus software or IT service a consumer financial product or service? It’s not! But there are two aspects of the activity in question that triggered Bureau jurisdiction. First, the processing of payments (for the telemarketers) qualifies as a consumer financial product. (See Compl. para. 6.) Second, the Telemarketing Sales Rule (“TSR”) (which the CFPB has authority to enforce) applies to the telemarketing activities of the anti-virus software/IT services businesses. The TSR contains a provision that establishes “substantial assistance”-based liability. In the lawsuit, Consumer Financial Protection Bureau v. Brightspeed Solutions, Inc. et al., (N.D. Ill.), the Bureau alleged that BrightSpeed (the payment processor) provided (1) substantial assistance or support to the telemarketers and (2) knew or consciously avoided knowing” that the telemarketers were violating the TSR.
The Bureau continues to seek to hold executives or founders personally liable in enforcement actions for the conduct undertaken through the corporate entity, so long as there is close involvement by the individual in the entity’s operations that are the subject of the action.
Here are five key questions and their answers:
(1) What was the underlying conduct of the telemarketers that was alleged to have violated the TSR?
The TSR prohibits telemarketers or sellers from creating a remotely created payment order (remote checks) as payment for goods or services offered or sold through telemarketing. The Bureau alleged that the clients of BrightSpeed had done just that.
(2) Is the approach to payment processors used in this case unique to the CFPB?
No. Since 1996, the Federal Trade Commission has pursued payment processors (who served the needs of merchants) through the TSR or through the “unfair acts” prohibition in the UDAP authority of Section 5 of the Federal Trade Commission Act.
(3) Why are you using the words, “Operation Chokepoint,” when that term was specifically for payday lending cases and a line of DOJ matters?
Well, it’s true that “Operation Chokepoint” was the name of the 2013 DOJ (and DFS/FDIC) initiative to investigate financial institutions for their role in processing payments for small-dollar lenders (this received widespread media attention back in the day). In reality, though, the concept of a chokepoint-style investigation is not limited to that single DOJ matter. Moreover, the U.S. House of Representatives Committee on Oversight and Government Reform had also used the term “Operation Chokepoint” — five years after the DOJ matters — in connection with obtaining Congressional testimony regarding the FTC’s historic work involving payment processors under the UDAP authority.
(4). Other than BrightSpeed the entity, on what basis did the CFPB pursue the individual founder of BrightSpeed?
In the Complaint, the Bureau asserted that Mr. Howard had been “deeply involved” in the company’s day-to-day operations, was himself a covered person by virtue of his own conduct in providing payment processing services, and was also a “related person” because he owned BrightSpeed and had managerial responsibility for the company’s affairs. (See Compl. paras. 7-8).
This case indicates that under the Biden administration, the CFPB is continuing down the path (used under both the Obama and Trump administrations) of holding executives or founders personally liable in enforcement actions for the conduct of the corporate entity, so long as there is a basis on which to determine that the executives or founders had a sufficiently close level of involvement in the entity’s operations that are the subject of the action.
(5) Was there another path for “substantial assistance” liability available to the Bureau, besides the avenue it took? Is it a novel and newly aggressive thing to pursue that avenue?
While this was not mentioned in the Complaint, yes, besides the TSR provision, there is another provision in federal consumer financial law that allows for “substantial assistance”-based liability. This is Section 1036(a)(3) of the Dodd-Frank Act. This particular provision is much broader than the TSR equivalent, because it is a hook for which processors can be deemed liable for primary violators’ commission of any kind of UDAAP at all, not just for violations of the TSR in particular.
No, it is not novel and new under this administration. In fact, under the Trump administration, the CFPB used the Dodd-Frank provision to hold one party liable for the alleged harm caused by another party. This has been done in a novel manner beginning in the early years of the Bureau, and not just in payment processor enforcement actions. For example, in the Bluestem matter, which I previously addressed here, the Bureau found that Bluestem (a retailer) assisted debt buyers who engaged in misleading debt-collection activities. Similarly, in the Chase matter, brought during the Obama administration, the Bureau found that Chase bank had assisted debt buyers in committing misconduct, when Chase did not adequately confirm the amounts or existence of credit card debts before the debt sale transactions occurred.
What we see from the BrightSpeed enforcement action is that the CFPB is engaged in litigation activity against both corporate entities and individuals and continuing to build upon “substantial assistance” or “facilitating and assisting” precedents, creating greater potential market impact than through an approach pursuing telemarketers one-by-one.
Thanks for indulging me in departing from the Libre series to address the significant developments in BrightSpeed. More to come.