For our webinar last Thursday, “Consumer Protection: What’s Happening at the FTC,” we were joined by special guest speakers Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, and Malini Mithal, Associate Director of the FTC’s Division of Financial Practices.  Chris Willis, Practice Leader of Consumer Financial Services Litigation at Ballard Spahr, also participated in the webinar, and Alan Kaplinsky, Practice Leader of the firm’s Consumer Financial Services Group, moderated the webinar.  The webinar’s overall takeaway was to dispel any misconception that under the Trump Administration, the FTC has retreated from its role in enforcing consumer financial laws.  Our guests made clear that the FTC has been pursuing an aggressive enforcement agenda under the Trump Administration and plans to continue to engage in robust enforcement going forward and to seek substantial remedies in appropriate cases.

Highlights of the webinar include the following:

• COVID-19 pandemic response.  The FTC’s focus has been on protecting consumers from COVID-related scams.  With regard to scams, Andrew Smith indicated that the FTC has so far sent about 200 warning letters to companies alleged to be making false or misleading advertising claims about their services related to available government financial assistance or about the benefits of health or other products.
• Artificial intelligence.  Andrew discussed his April 2020 blog post, “Using Artificial Intelligence and Algorithms,” which addressed how companies can manage the consumer protection risks of AI and algorithms.  Andrew indicated that the blog post resulted from his conversations with European regulators about their efforts to apply the principles of transparency, explaining decisions, fairness, and accountability to the use of AI.  He wrote the blog post to address what these principles mean in the context of laws enforced by the FTC, specifically the ECOA, FCRA, and FTC Act Section 5 (UDAP).  With regard to accountability, Andrew noted that there is increasing attention to privacy issues arising from the use of AI and algorithms.  In his blog post, Andrew indicated that a company should consider both inputs to its AI models and outcomes.  In response to Chris Willis’ question asking whether Andrew was suggesting that companies have a legal obligation to test outputs, Andrew indicated that he did not intend to suggest the existence of such a legal obligation or any other new legal obligations.  He confirmed that a company only has a legal obligation to use AI tools that are empirically derived and demonstrably and statistically sound.  He also commented that proxy-based self-testing of AI outcomes is a way that companies can manage the consumer protection risks arising from the use of AI and algorithmic models.
• Small business lending.  Malini Mithal indicated that the FTC is looking closely at small business financing, with a particular focus on merchant cash advances.  As a general matter, the FTC is concerned about whether companies are engaging in deceptive conduct, providing clear pricing/fee disclosures, and giving attention to customer complaints.  With regard to merchant cash advances, she indicated that abusive collection practices is a priority issue for the FTC.
• Fintech.  Malini indicated that the FTC has used the telemarketing sales rule to challenge the activities of online lenders in handling payments and, in addition to payments issues, will continue to focus on deception and attention to consumer complaints.
• Data security.  Andrew indicated that the FTC brought 9 data security enforcement actions in 2019.  He highlighted that such actions, in addition to targeting companies with direct consumer relationships, were brought against service providers (i.e., a company that maintained customer and employee data for marketing companies and a company that held consumer financial information for auto dealers.)  Andrew indicated that service providers will continue to be an area of FTC interest.  He also indicated that data security actions in 2020 are likely to be against companies where the company has employed a vendor that failed to adequately protect consumer data and has not adequately monitored the vendor or taken other steps to prevent consumer harm.  Andrew reported that the FTC plans to hold a virtual workshop in July 2020 regarding its efforts to update the GLBA safeguards rule.
• Lead generation.  Malini indicated that the FTC’s focus is not limited to the activities of lead generators but extends to intermediary lead buyers as well as lead buyers who use the leads to solicit consumers.  She noted that in a recent enforcement action against a lead buyer, the FTC sought to impose liability on the buyer for the lead generator’s unlawful practices where the buyer allegedly failed to review the lead generator’s marketing materials and scripts and ignored consumer complaints.
• Payment processing.  Andrew indicated that the FTC has a number of pending cases dealing with payment processors and is committing significant resources to this area.  Recent cases have involved claims that payment processors used “dummy accounts” to facilitate fraud by merchants and ignored red flags such as high numbers of chargebacks.
• Credit reporting.  Andrew indicated that more FTC enforcement actions involving background and tenant screening companies should be expected and that such actions are likely to involve issues relating to accuracy of information.
• Privacy.  Andrew indicated that the Children’s Online Privacy Protection Act will be an FTC enforcement priority and developing a COPPA rule proposal will be a regulatory priority.  He also indicated that the FTC expects to continue to take action against companies that misrepresent their privacy practices and companies that misrepresent their adherence to the E.U./U.S. privacy shield