Overview
Webster’s Dictionary states two definitions for the word “delphic:”
(i) of or relating to the ancient Greek oracle at Delphi,[1] and (ii) a pronouncement that is obscure or ambiguous. Both definitions
are apropos in relation to legal underpinnings of the complaint filed
by the CFPB on June 6, 2016 against Intercept Corp, which calls into question
what type of conduct constitutes the offering or provision “for
use” of a consumer financial product or service, hence triggering
application of the UDAAP provisions of the Consumer Financial Protection
Act (CFPA).[2]
Facts of the Intercept Complaint
Intercept is a third-party payment processor that conducts electronic funds
transfers through the Automated Clearing House (ACH) network on behalf
of business customers. No services are offered directly by Intercept to
consumers. Business customers include consumer lenders such as payday
lenders, auto title lenders, sales finance lenders and debt collectors.[3] Intercept receives requests to either credit or debit an individual’s
or business’s bank account and conveys those requests to an Originating
Depository Financial Institution (ODFI). The ODFI then processes the requests
through the ACH network and remits the funds collected to Intercept. Lastly,
Intercept transfers the applicable amounts to its customers, deducting
a fee for its services.[4]
The CFPB’s complaint asserts that Intercept and its individual owners
(collectively, the “Defendants”) are each a “covered
person” for purposes of the CFPA on the basis that Intercept “provides
payment or other financial data processing products to consumers by technological
means, including through a payments system or network used for processing
data.”[5] In addition, the complaint asserts that Intercept is a “service
provider” to other covered persons such as payday lenders, debt
collectors and auto title lenders, because it processes payments relating
to consumer financial products and services.”[6]
According to the complaint, the Defendants ignored repeated warnings from
ODFIs and consumers that some clients were likely engaging in illegal
conduct or that requested debits were not authorized by consumers.[7] The complaint also contends that Defendants failed to monitor and respond
to the “enormously high rates at which consumers and consumers’
banks refused Defendant’s clients’ attempts to withdraw payments,”[8] ignored law enforcement activity relating to its clients,[9] and failed to investigate red flags during the application process.[10] Based on the foregoing facts, the CFPB’s complaint alleges the Defendants
committed multiple violations of the CFPA by engaging in unfair acts or
practices.[11]
Can A Payment Processor with No Consumer Customers Be Deemed A “Covered
Person?”
If the CFPB’s factual allegations are assumed to be valid, the Defendants
actions and inactions clearly contributed to unfair, substantial harm
suffered by consumers. The “delphic” aspect of the CFPB’s
complaint lies in the CFPB’s failure to articulate its rationale
for asserting that the Defendants are covered parties for purposes of the CFPA.
Given that Intercept’s services are only offered to business entities,
and not to consumers, the Defendants did not provide a consumer financial
product or service. One conceivable basis for the CFPB’s position
is that Intercept’s payment services were “provided for use
by consumers,” albeit, indirectly through Intercept’s business
customers. The obvious flaw in this interpretation is that it rests on
a reading of the CFPA, which a reasonable actor may not anticipate.[12] In this regard, however, the UDAAP narrative section of the CFPB’s
Supervision and Examination Manual highlights a Consent Order issued by
the OCC in 2008 that involved closely similar facts. Specifically, Wachovia
National Bank was alleged to have engaged in unfair acts or practices
in connection with certain payment processor customers by ignoring complaints
about those customers’ high volumes of returned payments and other
indicia of fraudulent activity. As with Intercept, Wachovia neither offered
the underlying products or services for which payments were made, nor
originated those payments. Rather, the OCC’s stated rationale for
finding that Wachovia engaged in unfair acts or practices in violation
of Section 5 of the FTC Act rested on its conclusion that Wachovia “failed
to take quick action to terminate these [payment provider] account relationships
or otherwise correct the problem.”[13] Given the strong factual similarities between the Defendants’ alleged
conduct and the conduct considered in the Wachovia Consent Order, one
could argue that the CFPB’s assertion of the Defendants’ covered
person status was not unforeseeable; albeit, the precise basis for its
statutory interpretation is left to speculation.
Are There Implications for Other Payment Processors?
It is impossible to gauge accurately the implications of the CFPB’s
Intercept allegations for other entities that provide payment processing
servicing to business clients, particularly where those clients offer
products and services to consumers that are not financial in nature.[14] It can be concluded from the complaint, however, that turning a blind
eye to apparent fraudulent activities by a party to whom services are
being provided may result in CFPB enforcement action if consumers incur
harm. In addition, notwithstanding its public statements to the contrary,
the CFPB appears to treat past UDAP/UDAAP consent orders, including those
issued by other agencies, as binding precedent.
[1] Oracle utterances were often inscrutable absent interpretation by special
priests and were meant to shape the future conduct of the person who solicited
and received them. The validity of the Oracle’s pronouncements was
subsequently confirmed by the consequences to the lives of such persons.
See Fotenrose, Joseph (1981), "Delphic Oracle: Its Responses and
Operations" (University of Calif. Press).
[11] Complaint ¶¶ 126-134.
[12] In
FTC v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. 2015), the Third Circuit Court of Appeals opined
that: “Fair notice [that Section 5 of the FTC Act might apply] is
satisfied so long as the company can reasonably foresee that a court could
construe its conduct as falling within the meaning of the statute.”
Id. at 255.
[13] http://www.occ.gov/news-issuances/news-releases/2008/nr-occ-2008-48.html
[14] In such cases the payment services provider would not be a service provider
to a covered party.