Court Explores the Bounds of UDAAP in Dismissing CFPB v. Intercept Corp. Complaint

4 min

The Consumer Financial Protection Bureau's (CFPB or Bureau) enforcement actions pursuant to the prohibition of unfair, deceptive, or abusive acts or practices (UDAAP) are often broad but not, it seems, boundless. On March 17, 2017, the Eastern District of North Dakota dismissed without prejudice under Rule 12(b)(6) the Bureau's complaint against Intercept Corp. (and two executives), a payments processor that allegedly caused consumers harm by ignoring certain red flags and alleged activities by its merchant partners in violation of the Consumer Financial Protection Act (CFPA).

What prompted the court to dismiss the case? The Bureau brought an action against Intercept last June, alleging the company turned a blind eye to large numbers of returned payments due to "unauthorized withdrawals, insufficient funds, or invalid or closed accounts." The complaint also alleged that Intercept ignored complaints and warnings from banks and consumers, including warnings that certain merchants were offering payday loans in states where the business model is not allowed by law. According to the complaint, one Intercept bank partner allegedly informed the company that its merchants used the ACH system to make withdrawals from consumers' accounts without the required authorization or notice.

The complaint against Intercept represents a "choke-point"-style effort to hold a payments company responsible for the conduct of its customers. CFPB Director Richard Cordray asserted that "[c]ompanies cannot turn a blind eye to wrongdoing when they process payments from consumer banking accounts on behalf of clients that are breaking the law." But the district court's order granting dismissal on Friday showed that it did not share the Director's enthusiasm for "squeezing out" illegal merchant activity through payment processors—at least without clearer and closer ties between the payment processor's conduct and alleged consumer harm.

The court dismissed the action for failure to state a claim, asserting that the complaint "never plead[ed] facts sufficient to support the legal conclusion that consumers were injured or likely to be injured," as required under the CFPA:

The complaint simply does not sufficiently identify particular clients whose actions provided "red flags" to Intercept or how Intercept's failure to act upon those "red flags" caused harm or was likely to cause harm to any identified consumer or group of consumers. . . . [T]he complaint does not provide the court with sufficient information or factual detail to analyze whether it is sufficient to state a claim for relief.

Why is the Intercept dismissal significant? The court order has important implications on a number of grounds.

First, the order demonstrates the court's reluctance to find that Intercept's actions (or non-actions) actually harmed consumers. While the company's passive support of its merchants' practices indirectly caused consumers harm, the court stated that the Bureau could not allege the payments processor was involved in causing redressable consumer injury.

Second, the court stated that the complaint failed to show that any potential injury was not counterbalanced by benefits to the consumers, another element of the "unfairness" prong of UDAAP.

Third, by dismissing the case for failure to state a claim, the court has established a precedent for the CFPB to put more definitive parameters around the term "abusive" in "unfair, deceptive or abusive acts and practices." The term "abusive" was a Dodd-Frank addition to traditional claims for unfair or deceptive acts against consumers, and the Bureau has sometimes attempted to use the term as a catch-all for actions not covered by "unfair" or "deceptive."

Finally, the points above apply not only to the CFPB's enforcement actions, but also may influence state attorneys general, who also have the authority to bring UDAAP actions. The court's ruling may raise the bar for payment processor and other choke point-style complaints, as well as for complaints asserting "abusive" conduct.

Have we heard the last of CFPB v. Intercept Corp.? The court dismissed the action without prejudice, leaving the Bureau the ability to refile its complaint with more comprehensive allegations. The CFPB must now either refile its complaint with a more developed theory of liability under the "unfairness" and "abusive" prongs of UDAAP and a showing of consumer harm, or abandon the case.

* * * * * * * * * *

We have previously indicated that enforcement against payment processors providing services to bad-actor merchants will not subside, and we have provided a compliance roadmap for payment processors for this year and years to come. Venable works to help companies stay up to date with developments in the payments processing industry.