Issue #4: How does the merchant exemption work, and has it been implicated before?

Over the last 11 years, the Bureau has slowly been developing a legal position through enforcement actions regarding the inapplicability of the merchant exemption.⁴ However, last month’s case represents how the Bureau is doubling down on the position in an expansive way.

As noted above, the Bureau appears to be conflating both business lines – ACTIVE’s event registration service and discount membership club – with the operation of its parent company when it comes to authority to act to prevent or punish UDAAP.

This imprecision bleeds over to the merchant exemption, which is a second, independent carveout for retailers in the CFPA. The merchant exemption provides that the Bureau may not exercise “any enforcement or other authority under [the CFPA] with respect to a person who is a merchant, retailer, or seller of any nonfinancial good or service and is engaged in the sale or brokerage of such nonfinancial good or service, except to the extent that such person is engaged in offering or providing any consumer financial product or service, or is otherwise subject to any enumerated consumer law.”⁵ At first glance, ACTIVE’s event registration service and discount membership club both appear to qualify for the merchant exemption. Neither line of business is selling financial goods or services, as discussed above.

But the analysis does not end there. The merchant exemption itself has two carveouts (“exceptions to the exemption,” thanks Congress) that put the seller back under the Bureau’s enforcement authority: (1) if the seller offers or provides any consumer financial product or service, or (2) if the seller is otherwise subject to any enumerated consumer law.

Pursuant to the CFPA, there are 18 enumerated consumer laws giving rise to Bureau enforcement authority, including the Electronic Fund Transfer Act (EFTA). Paragraph 78 of the Complaint shows that the EFTA claim hinges upon allegations involving only the discount membership club. Specifically, the Complaint alleges that ACTIVE violated EFTA because it “increased consumers’ Active Advantage membership fee and failed to send the consumer written notice of the amount and date of the transfer at least 10 days before initiating a transfer of an amount varying from the amount of the previous transfer under the same authorization or from the preauthorized amount.”

Based on the EFTA allegations, it appears that the merchant exemption would not apply to ACTIVE’s discount membership club and that the Bureau may exercise enforcement authority over that line of business. But does the Bureau believe that its enforcement authority over a single line of business necessarily gives rise to authority over the company as a whole? Does the Bureau believe that its authority to punish an EFTA violation (or violation of any enumerated consumer law) necessarily allows the Bureau to open the door to pursue UDAAP violations based on unrelated conduct?

It appears the answer is: yes, and yes. The Bureau approach is also arguably supported in part by Congress’s wording in the CFPA – meaning that the text of the merchant exemption does not explicitly limit the scope of enforcement solely to the line of business that is the alleged source of an EFTA violation (or enumerated law violation). This is consequential because it demonstrates potentially that no retailer who commits a routine EFTA or enumerated law violation is safe from the Bureau’s UDAAP enforcement authority, which often implicates greater penalties. Strategically, to deflect a company’s effort to claim the merchant exemption, all the Bureau needs to allege is that the company violated an enumerated consumer law, such as EFTA or one of the other 17 laws. However, one silver lining in this ordeal is that even if the merchant exemption were not available, the seller may still have at its disposal the argument that it is not a covered person under the CFPA (see Issue #2).

The reason for the complexity is Congress’s drafting of the CFPA, which was far from straightforward.

Finally, one may wonder, why is this even happening at the Bureau? Isn’t their plate full with financial services company matters? The gravamen of the Bureau’s Complaint against ACTIVE is the concern that consumers are being deceived or treated abusively with respect to the purchase of goods that have little value for the price paid.

At its heart, this is a sales dispute, not a consumer finance dispute. Nevertheless, the Bureau is utilizing the opacity or obscurity of the two concessions to retailers in the CFPA to surge ahead in its pursuit of merchants and retailers on the basis of the business’s nexus to payment processing, no matter how attenuated the link may be.

Issue #5: How should we think about this matter within the larger context of the regulation of financial services and Big Tech?

On October 21, 2021, the Bureau ordered large technology and peer-to-peer platforms that operate payment services to provide information about their business practices. Obviously, the Bureau is interested in exercising its oversight authority over the Big Tech industry. Looking ahead, the ACTIVE Network LLC matter provides a blueprint for how the Bureau can assert that it has jurisdiction over technology companies.

We list some of the key takeaways for the counsel, risk management professionals, or compliance specialists who are grappling with the CFPB:

(1) Just as ACTIVE Network’s registration and discount club services were retail products, many large technology companies are selling retail goods and services. Based on the strategy utilized in ACTIVE, if it gets good traction in the courts, the Bureau can use alleged EFTA or other enumerated consumer law violations as a springboard to exert authority over nonfinancial products and services offered by companies, especially when distinct products are offered in a bundled package online or on a mobile device in a single checkout page, or even when they are not.

(2) The Bureau’s effort to build its case against ACTIVE Network is the proverbial “camel’s nose under the tent” with respect to the likely approach the Bureau will take against large technology companies as well as any retailer or seller of nonfinancial goods. The complexity of the merchant exemption could distract business leaders and cause them to miss opportunities available under the “covered person” definition. A company or market actor may not be a “covered person” with respect to UDAAP. But the Bureau is interested in unfairness, deception, or abusiveness to consumers that may arise in connection with nonfinancial goods. To the extent that the same entity is also offering a payment product or credit card product, the Bureau can use the CFPA to pry open the door to regulate nonfinancial products on the basis of the ancillary service offerings of the company.

(3) Many state legislatures are enacting new provisions to protect consumers with respect to automatic renewals and subscription-based services or rundles. In addition, the rules enforced by the Treasury Department’s FinCEN have a long-standing exemption for payment processing if the processing is merely incidental to the provision of a different core business. In either case, there are examples of lawmakers or agencies writing “rules of the road” by way of new rules deliberated over in the legislative assembly or through advisory opinions by career agency staff interacting with industry. The CFPB, however, takes a different approach. The ACTIVE Network LLC matter shows that the Bureau is perceiving an important policy problem (i.e., how to protect consumers who are being billed on a recurring basis for products that the Bureau believes have little value), and addressing it through an enforcement action and a lawsuit. As the saying goes, when you are a hammer, everything looks like a nail.

(4) It is crucial for companies to avoid litigation because, based on the federal rules of civil procedure, a defendant may need to wait (and cover the defense costs) until at least the summary judgment stage before introducing undisputed facts (or wait even longer (trial) to introduce disputed facts). Because the list of enumerated consumer laws is so long, the Bureau has multiple avenues through which it can seek to exert authority over business practices – even those business practices that have nothing to do with consumer finance or the alleged enumerated consumer law violation. Ultimately, the Bureau controls its decision of which allegations to include in a federal complaint.

Conclusion

The Bureau’s press release denounces “online trickery” and “digital dark patterns,” as we and our clients would. The Bureau enforcement division’s powers, however, are defined explicitly in the enabling statute, albeit in a less colorful tone than in the press release. In the sober light of morning, it is not possible to delete from the CFPA either the retailers’ exception (from the “covered person definition”) or the merchant exemption (from the limitations of Bureau authority section).

However, one of the ways the Bureau can dilute the safeguards imposed by Congress in the CFPA is by establishing litigation precedents and judge-made rulings interpreting these definitions. It is our view that the ACTIVE Network LLC matter is a harbinger for how the Bureau prefers to proceed against other businesses and operators with similar consumer offerings. This is a defining issue of Bureau jurisprudence and will remain so for the foreseeable future.

For companies in this space, there is a need for concrete strategies and solutions that can be effectuated today. Whether the statutory language bars enforcement against the company overall, a subsidiary, or a business line within the subsidiary, there are effective paths forward. Unless businesses are equipped with the tools to counter Bureau efforts in enforcement inquiries, there is a risk that companies will miss opportunities available to it under the CFPA to resolve matters and avoid significant business disruptions. We regularly execute on solutions for such issues on behalf of clients. Please feel free to contact us if you wish to discuss the merchant exemption or the retailers’ exception to covered persons.

What about the unconstitutionality of the Bureau’s funding structure? Can’t the Fifth Circuit ruling provide an avenue to stay all Bureau efforts to oversee retailers and tech companies? There are interesting appellate arguments and strategies, none of which are likely to provide immediate and conclusive relief for businesses currently being investigated.

1. 12 U.S.C. section 5511(c)(4); 12 U.S.C. section 5531(a). The Bureau can also certainly act against “service providers” of covered persons, but that is not within the scope of this piece.
2. 12 U.S.C. section 5481(6).
3. 12 U.S.C. section 5481(15)(A)(vii) (emphasis added).
4. CFPB Takes Action to Obtain $120 Million in Redress from Sprint and Verizon for Illegal Mobile Cramming (May 12, 2015); CFPB and Arkansas Attorney General Settle with Home-Alarm Company for Using Consumers’ Credit Scores Without Proper Notice (Dec. 11, 2020); CFPB Settles Claims with Sterling Jewelers, Inc. (Jan. 16, 2019); CFPB Action Against Nexus Services, Inc., Libre by Nexus, Inc., Micheal Donovan, Richard Moore, and Evan Ajin (Feb. 22, 2021).
5. 12 U.S.C. section 5517(a)(1) (emphasis added).

In-depth 2022-374