The Federal Trade Commission (FTC) plays a significant role in regulating consumer financial services providers and vendors, including advertisers and marketers. A recent webinar from the Consumer Financial Services Committee of the American Bar Association featured an interview with Andrew Smith, director of the FTC's Bureau of Consumer Protection (BCP). Mr. Smith, who was confirmed in May 2018, shared his personal views of his role at the FTC, the FTC's development, and enforcement trends and focus in the consumer financial services sector. Below we highlight the main areas of focus that Mr. Smith touched upon that in our view are relevant to the consumer financial services sector.
Because of the nature of the webinar, this summary is not intended to be a complete transcript, does not reflect the views of the FTC, and does not necessarily reflect the views of Mr. Smith or any individual at the FTC.
Role as BCP Director and Direction of the FTC
Mr. Smith stated that his role as BCP director is to ensure the smooth functioning of the bureau, which essentially operates as a law enforcement agency, and to ensure all of the commissioners' concerns are reflected in the operations and policy direction of the CPB. Mr. Smith indicated that there is little interest among the commissioners in rethinking the FTC's law enforcement mission. Practitioners who were expecting a different FTC under the current administration may be surprised at how serious the FTC remains regarding its law enforcement mission.
Maximizing Enforcement Action Remedies
According to Mr. Smith, there has been increased pressure from the commissioners to maximize money relief obtained from enforcement actions. Mr. Smith cited recent statements from Chairman Joseph Simons and Commissioner Rebecca Kelly Slaughter regarding the FTC's recently formed remedies task force as an indication that the FTC is rethinking and focusing on forms of remedies it may pursue. The task force is a cross-divisional group organized to consider the proper remedy across various cases. Mr. Smith observed that the FTC has formed a remedies task force approximately once every 10 years.
According to Mr. Smith, one of the challenges of pursuing remedies is that relevant case law has largely developed in the context of fraud cases. The common law definition of fraud is quite unforgiving of defendants and tends to favor the FTC, but many cases brought do not necessarily meet the common law definition of fraud. Nevertheless, Mr. Smith has observed that courts have routinely and consistently ruled that the FTC is entitled to recover all revenue minus any refund provided to customers in cases where there's deception or fraud in the selling of a product.
Mr. Smith referred to a recent Ninth Circuit case, FTC v. Publishers Business Services, to illustrate that courts tend to award remedies in favor of the FTC. In Publishers, the Ninth Circuit rejected the claim that the FTC could not obtain disgorgement, and individual reliance need not be proved, as long as the representation was likely to mislead a reasonable customer.
Mr. Smith posted the following questions for consideration:
For cases where the company's activities are not thoroughly fraudulent, whether pursuit of a certain remedy is just and in the public interest, and is an efficient use of FTC resources.
Whether cases should be brought before an administrative law judge or the courts.
Whether there should be individual liability.
Whether notice to customers should be required where there was deceptive advertising (e.g., a dietary supplement that was shown not to work).
Whether FTC orders should include findings of liability.
For additional information, Mr. Smith recently presented remarks to the NAD 2018 Conference that provide some additional insight the FTC's national advertising priorities.
FinTech and Consumer Protection
When asked about his perception of "fintech," Mr. Smith stated he thinks of offering financial services to consumers over the internet or a mobile device (e.g., online lending). According to Mr. Smith, online lending is beneficial for consumers because it expands access, reduces costs, and makes transactions more convenient. While the FTC supports online lending, it must also uphold its mission of protecting consumers, without inhibiting competition.
In particular, Mr. Smith highlighted the rapidly developing areas of cryptocurrency and artificial intelligence (AI). He noted that the FTC has recently brought many cases against companies selling crypto-mining machines, and highlighted a particular case of "crypto-jacking" in which a phone app downloaded by consumers would utilize the phone's computing power to mine for cryptocurrencies without the customer's knowledge, resulting on a drain on the consumer's data and battery and causing the phone to perform slowly.
Mr. Smith also posed considerations for the increased use of AI origination and underwriting of loans, but did not propose solutions or offer his personal views on these issues.
The provision of key disclosures when an AI system is utilizing credit report information.
Issues of tainted data when third-party data is being used.
Fair lending concerns under the Equal Credit Opportunity Act, such as machine learning resulting in the creation of a disparate impact.
Whether machine learning would qualify as empirically derived, demonstrably sound, and replicable.
In line with these trends, we have previously discussed the FTC's emerging role as an enforcer in fintech. And, in 2016, the FTC hosted a forum series exploring emerging financial technology and its implications for consumers, including with regard to marketplace lending. For a quick refresher, we have also created a primer for marketplace lenders on potentially relevant federal and state consumer protection law.
Privacy and Data Security
Mr. Smith observed that historically, other federal agencies, Congress, consumers, and states have looked to the FTC as an agency that regulates privacy and data security. To date, the FTC has brought at least 60 data security cases, but fewer privacy cases. In particular, he discussed the importance of the General Data Protection Regulation, which is a European Union regulation that prohibits the transfer of data from any jurisdiction that does not provide adequate protection for information, such as the United States. The privacy shield allows companies to volunteer certain privacy protections so they can transfer data from the EU to the U.S. The FTC is the sole enforcer of the privacy shield against companies that have promised to follow the framework. Mr. Smith noted that hundreds of jobs rely on the successful renewal of the privacy shield, and that its enforcement demonstrates to the broader international community the U.S. commitment to addressing privacy and data protection.
According to Mr. Smith, there are also federal-state law preemption issues to watch in the privacy sphere. In particular, there have been calls for a more comprehensive federal privacy law in order to counter or provide a basis of preemption for a sweeping California privacy law that is set to go into effect in 2020.
Finally, Mr. Smith gave his thoughts on the impact of the recent LabMD v. FTC case on future FTC orders. Mr. Smith expressed disagreement with the Eleventh Circuit's ruling that the FTC order in that case was unenforceable because the references to "reasonable data practice" were not defined. In his view, the order contained specific requirements and directives that the company could monitor for and implement. The FTC relies on the reasonable construct to simultaneously provide flexibility and a measure of predictability for adherents. Mr. Smith opined that future FTC orders may contain more precise language in light of this finding, but was uncertain whether such orders will be preferred by companies against which they are issued, because specificity is "hard to nail down" in the ever evolving data security space.
* * * * * *
For more information about consumer financial services and related industry topics, see www.Venable.com/cfpb/publications.