CFPB's Complaint Against Intercept Spotlights the Delphic Nature of Its UDAAP Interpretations

Overview

Webster’s Dictionary states two definitions for the word “delphic:” (i) of or relating to the ancient Greek oracle at Delphi,[1] and (ii) a pronouncement that is obscure or ambiguous. Both definitions are apropos in relation to legal underpinnings of the complaint filed by the CFPB on June 6, 2016 against Intercept Corp, which calls into question what type of conduct constitutes the offering or provision “for use” of a consumer financial product or service, hence triggering application of the UDAAP provisions of the Consumer Financial Protection Act (CFPA).[2]

Facts of the Intercept Complaint

Intercept is a third-party payment processor that conducts electronic funds transfers through the Automated Clearing House (ACH) network on behalf of business customers. No services are offered directly by Intercept to consumers. Business customers include consumer lenders such as payday lenders, auto title lenders, sales finance lenders and debt collectors.[3] Intercept receives requests to either credit or debit an individual’s or business’s bank account and conveys those requests to an Originating Depository Financial Institution (ODFI). The ODFI then processes the requests through the ACH network and remits the funds collected to Intercept. Lastly, Intercept transfers the applicable amounts to its customers, deducting a fee for its services.[4]

The CFPB’s complaint asserts that Intercept and its individual owners (collectively, the “Defendants”) are each a “covered person” for purposes of the CFPA on the basis that Intercept “provides payment or other financial data processing products to consumers by technological means, including through a payments system or network used for processing data.”[5] In addition, the complaint asserts that Intercept is a “service provider” to other covered persons such as payday lenders, debt collectors and auto title lenders, because it processes payments relating to consumer financial products and services.”[6]

According to the complaint, the Defendants ignored repeated warnings from ODFIs and consumers that some clients were likely engaging in illegal conduct or that requested debits were not authorized by consumers.[7] The complaint also contends that Defendants failed to monitor and respond to the “enormously high rates at which consumers and consumers’ banks refused Defendant’s clients’ attempts to withdraw payments,”[8] ignored law enforcement activity relating to its clients,[9] and failed to investigate red flags during the application process.[10] Based on the foregoing facts, the CFPB’s complaint alleges the Defendants committed multiple violations of the CFPA by engaging in unfair acts or practices.[11]

Can A Payment Processor with No Consumer Customers Be Deemed A “Covered Person?”

If the CFPB’s factual allegations are assumed to be valid, the Defendants actions and inactions clearly contributed to unfair, substantial harm suffered by consumers. The “delphic” aspect of the CFPB’s complaint lies in the CFPB’s failure to articulate its rationale for asserting that the Defendants are covered parties for purposes of the CFPA.

Given that Intercept’s services are only offered to business entities, and not to consumers, the Defendants did not provide a consumer financial product or service. One conceivable basis for the CFPB’s position is that Intercept’s payment services were “provided for use by consumers,” albeit, indirectly through Intercept’s business customers. The obvious flaw in this interpretation is that it rests on a reading of the CFPA, which a reasonable actor may not anticipate.[12] In this regard, however, the UDAAP narrative section of the CFPB’s Supervision and Examination Manual highlights a Consent Order issued by the OCC in 2008 that involved closely similar facts. Specifically, Wachovia National Bank was alleged to have engaged in unfair acts or practices in connection with certain payment processor customers by ignoring complaints about those customers’ high volumes of returned payments and other indicia of fraudulent activity. As with Intercept, Wachovia neither offered the underlying products or services for which payments were made, nor originated those payments. Rather, the OCC’s stated rationale for finding that Wachovia engaged in unfair acts or practices in violation of Section 5 of the FTC Act rested on its conclusion that Wachovia “failed to take quick action to terminate these [payment provider] account relationships or otherwise correct the problem.”[13] Given the strong factual similarities between the Defendants’ alleged conduct and the conduct considered in the Wachovia Consent Order, one could argue that the CFPB’s assertion of the Defendants’ covered person status was not unforeseeable; albeit, the precise basis for its statutory interpretation is left to speculation.

Are There Implications for Other Payment Processors?

It is impossible to gauge accurately the implications of the CFPB’s Intercept allegations for other entities that provide payment processing servicing to business clients, particularly where those clients offer products and services to consumers that are not financial in nature.[14] It can be concluded from the complaint, however, that turning a blind eye to apparent fraudulent activities by a party to whom services are being provided may result in CFPB enforcement action if consumers incur harm. In addition, notwithstanding its public statements to the contrary, the CFPB appears to treat past UDAP/UDAAP consent orders, including those issued by other agencies, as binding precedent.