November 30, 2022

Volume XII, Number 334

Advertisement

November 30, 2022

Subscribe to Latest Legal News and Analysis

November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

A ‘Parts’ Failure Leads to Penalties and Is ‘Unfair,’ Says the CFPB

Pushing the limits of its already broad and undefined consumer protection authority, the Consumer Financial Protection Bureau (CFPB) issued a Consent Order stating that MasterCard and UniRush, a prepaid card issuer, have engaged in “unfair acts or practices” by failing to conduct adequate testing and preparation for the conversion of UniRush’s RushCard prepaid card onto the Mastercard Payment Transaction Services (MPTS) platform. The CFPB has required the two respondents to pay $10 million in consumer restitution and $3 million in civil penalties, and to create a plan to avoid such problems in the future.

According to the consent settlement reached by MasterCard and UniRush, when technical problems arose during the transfer of RushCard’s operating platform to the MPTS platform in October 2015, many consumers who rely on RushCard for services such as direct deposit of their payroll were unable to access funds in a timely manner. In announcing the action, CFPB Director Richard Cordray stated that this failed systems conversion falls under the CFPB’s authority to penalize unfair, deceptive, and abusive acts and practices (UDAAP) under operative provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). The CFPB press release announcing the action put the matter prosaically, saying, among other things, that the respondents “botched the processing of deposits and payments” during the conversion.

The Dodd-Frank Act says that an act or practice is “unfair” when (i) it causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers; and (ii) the substantial injury is not outweighed by countervailing benefits to consumers or to competition. The term “unfair,” however, is not further—or meaningfully—defined in rules promulgated by the CFPB’s unitary director, although it is generally addressed in opaque Guidance on debt collection practices issued by the CFPB in 2013. This Guidance, however, sheds little actionable light for businesses subject to the CFPB’s authority.

Takeaways

What the CFPB has done by taking this action is to convert a simple systems conversion failure into an actionable violation of the Dodd-Frank Act. Taking the CFPB’s Consent Order allegation as true, what emerges is a tale of a payment processing conversion afflicted by a serious case of Murphy’s Law, but certainly there were no indications of intentional or willful misconduct or misrepresentation by the respondents. In turn, it bodes ill for the technology-dependent financial services industry if events of this nature can be bootstrapped into UDAAP violations.

In addition, while the CFPB’s consumer protection authority is broader than that of the Federal Trade Commission and many other agencies, including state attorneys general, a large number of federal and state agencies share an “unfairness” authority in common. If, as here, “unfairness” applies to a misbegotten technology transfer, it may apply to many other situations within the jurisdiction of those agencies. In turn, one can expect complaints to those agencies and private civil actions under state consumer protection statutes for similar technology failures in the face of presumed competence.

Making a one-time technology mistake into a UDAAP enforcement action, complete with civil penalties and a strongly worded press release—rather than a less formal supervisory resolution—also risks sending the signal to the industry that there is literally no room for error in handling customer accounts. While in keeping with the CFPB’s aggressive positions in other areas, that message could lead to the unfortunate outcome of companies hiding or refusing to admit errors, rather than disclosing and resolving them voluntarily.

Given the inherent complexities of developing and using financial technology, avoiding regulatory actions for technology failures has now become more difficult for financial services firms. While this particular technology failure, as alleged, was unfortunate, it is fair to ask whether the CFPB’s use of its UDAAP authority in this case is really what the drafters of the Dodd-Frank Act had in mind.

Copyright © 2022 by Morgan, Lewis & Bockius LLP. All Rights Reserved.National Law Review, Volume VII, Number 34
Advertisement
Advertisement
Advertisement

About this Author

Nicholas Gess, Government and regulatory attorney, Morgan Lewis
Of Counsel

Nicholas M. Gess counsels on state and federal government enforcement and regulatory actions and their impact on business. He advises corporate clients on how to achieve results with governmental agencies and how to manage the risks of government action, particularly in the current environment where state enforcement authorities conduct parallel investigations with federal authorities such as the CFPB, DOJ, and FTC.

202-373-6218
Charles Horn, financial services attorney, Morgan Lewis
Partner

Charles M. Horn is a partner in Morgan Lewis's Investment Management and Securities Industry Practice. Mr. Horn focuses his practice on regulatory and transactional matters, primarily in the areas of banking and financial services. He works on behalf of domestic and global financial institutions of all sizes on regulatory, supervisory, enforcement and compliance matters before all major federal financial institutions regulatory agencies, and leading state financial regulatory agencies.

202-739-5951
Timothy Shea, Morgan Lewis, Litigation Attorney
Principal, Of Counsel

Timothy J. Shea counsels clients on the impact of state and federal law enforcement actions on business, advising corporate clients about how to manage the risks of state government action, particularly when it occurs in the context of complex civil litigation, class action law suits, federal criminal inquiries, federal regulatory reviews, and Congressional oversight. He provides counsel to companies facing litigation, regulation, inquiries, and other activities by the states, particularly multistate investigations by State Attorneys General.

617-951-8806
David Monteiro, Morgan Lewis, litigation attorney
Partner

David Monteiro focuses his practice on counseling companies facing government investigations and enforcement litigation. A former enforcement attorney with the Federal Trade Commission’s Bureau of Consumer Protection, Division of Financial Practices, David guides financial institutions and other companies in complying with state and federal consumer protection laws and regulations, responding to examinations and investigations, and defending litigation against the government.

214-466-4133
Advertisement
Advertisement
Advertisement