Guest Analysis – Operation Choke Point: The Threats and Uncertainty Facing ISOs and the Payments Industry

Brandes Elitch and Edward A. Marshall

October 17, 2014 – Government scrutiny of the payments industry is not exactly new. But that scrutiny took on markedly increased vigor in early 2013, when the Department of Justice (“DOJ”), in collaboration with the Federal Trade Commission (“FTC”), the Federal Deposit Insurance Corporation (“FDIC”), the United States Postal Inspection Service (“USPIS”), and the FBI, ramped up an initiative ominously captioned “Operation Choke Point.”

The news here is not that the Government is targeting processors and ISOs that engage in deceptive conduct. That should be expected. Rather, the DOJ and the FTC are going after those in the payments industry for the allegedly bad behavior of merchants with which they do business.

The core idea animating the Government’s actions is that identifying and shutting down individual “bad apple” merchants is akin to a game of “whack-a-mole.” These merchants pop up, do their bad deeds, and then—when investigated—retreat into the underground from which they emerge in a slightly different form. By starving them of access to the banking and payments systems (i.e., “choking” off their oxygen) through pressure on the financial services industries, the Government hopes to deter consumer fraud. As part of this effort, authorities have identified a range of tools, from the Financial Institutions Reform, Recovery and Enforcement Act (“FIERRA”), to the Anti-Fraud Injunction Act, to the Telemarketing Sales Rule to pursue banks, processors, and ISOs that, in its view, maintained relationships with the allegedly bad actors while either knowing of merchant misdeeds or turning a “willfully” blind eye to such wrongdoing.

The reach of the “operation” is sweeping. Indeed, recently released documents reveal that the Government has initiated criminal investigations, issued subpoenas, and pursued civil litigation against scores of banks, processors, and ISOs. And, earlier this year, the FTC entered into seven-figure settlements with a bank and a payment processor for their perceived complicity in merchant wrongdoing. According to an internal DOJ memorandum, this is just the beginning. These early settlements are designed to send a message to the banking and payments community at large. Other investigations and enforcement actions are bound to follow, and they will be very expensive

Of course, few would disagree that the Governments’ goals are laudable. Apart from the “bad guys” perpetrating consumer fraud, no one wants to see consumers manipulated or deceived. But, despite it laudable goals, Operation Choke Point has an increasing number of critics. Attorneys have publicly questioned the legal underpinnings of the FTC’s Choke Point-related initiatives. Those within the industry have bemoaned the misunderstandings that seem to underlie the Operation. Affected merchants have initiated litigation pushing back against the Government’s efforts. And, most recently, the U.S. House of Representatives Oversight and Government Reform Committee put out a scathing report of perceived DOJ overreaching and lamented the effect Operation Choke Point is having on lawful businesses.

Although these critics have articulated diverse perspectives on the flaws associated with the program, two unifying themes have emerged.

The first is that Operation Choke Point suffers from some fundamental factual miscalculations. Among them, it identifies “bad merchants” and “willful blindness” to merchant misdeeds by focusing on chargebacks and return rates. The problem, of course, is that chargebacks and returns can arise for a variety of reasons—ranging from the simply innocuous (e.g., supplier issues, design flaws, confusion about the merchant name appearing on cardholder statements) to even consumer-initiated fraud.

Although there are undoubtedly instances in which a bank, processor, or ISO will, in fact, know of merchant fraud, such examples are rare. So long as Operation Choke Point equates high chargeback ratios and return rates with “willful blindness” to merchant misconduct, it rests on a fundamentally flawed premise. Maintaining relationships in the face of high chargebacks and returns may be justified, in some instances, and perhaps negligent in others. But that does not mean that banks, processors, and ISOs “consciously avoid knowing” about merchant misdeeds by failing to terminate merchant relationships in the face of these perceived “red flags.”

Second, by effectively conscripting banks, payment processors, and ISOs to ferret out untoward merchants—something the DOJ and the FTC have the regulatory and enforcement power to do directly—the Government has put thousands of perfectly legitimate businesses at risk of losing access to the payments ecosystem. There have already been reports of banks and processors simply cutting ties with merchants that are deemed to pose a “reputational risk”: firearms and ammunition sellers, short-term lenders, and businesses in the adult entertainment industry. And it is hardly surprising that a bank or processor wishing to avoid the burden associated with responding to government subpoenas, civil investigations, or criminal prosecution would simply chose to sever relationships with any merchant with the misfortune of being labeled “high risk,” whether based on its industry classification or chargeback rates. The crushing cost of responding to a Government subpoena—much less withstanding civil and criminal investigations—will often eclipse the potential upside of doing business with industries the DOJ and the FTC have deemed suspect, even when individual merchants within that “suspect class” are 100% legitimate. Operation Choke Point fundamentally alters the business calculus.

Internally, the DOJ has acknowledged this “side effect” of Operation Choke Point. Yet, it has taken the position that legitimate merchants will nevertheless be able to prove their legitimacy and gain access to the banking and payments systems. The problem, of course, is that a risk-adverse bank or processor might simply elect the safe path of avoiding “high risk” merchants all together. And, if an ISO maintains a portfolio containing such merchants, it, too, may simply be considered “too hot to handle.” It may no longer be sufficient for ISOs to show commercially reasonable efforts to manage their exposure to chargebacks by obtaining personal guarantees for merchant principals and setting up reserve accounts. And the FTC has taken aim at those reserve accounts, too, bringing legal action against processors who allow those accounts to be debited (ultimately, to compensate aggrieved consumers) after the Commission had obtained an “asset freeze” over funds belonging to suspect merchants (over objections that the reserves are not merchant “funds” to begin with).

So how are ISOs and processors to respond? Given the lingering murkiness surrounding Operation Choke Point, it is hard to say. Certainly, the ETA’s recently released Guidelines on Merchant and ISO Underwriting and Risk Monitoring provide invaluable guidance on normative underwriting and monitoring standards. Although non-binding, the Guidelines propose a high bar for processors and ISOs to meet to “help eliminate prohibited and undesirable merchants from entering into or remaining in the card acceptance ecosystem.” But just as non-compliance with the Guidelines does not equate to “willful blindness” to merchant misdeeds (or, for that matter, even negligent underwriting or monitoring), the DOJ and FTC have also not suggested that compliance with the Guidelines will be enough to safeguard against costly government inquiry and investigation (or worse). Until these areas of uncertainty get resolved, banks, processors, and ISOs have a series of difficult choices to make to determine what degree of risk averseness makes sense for them. Cutting ties with all “high risk” merchants, or those unfortunate enough to experience high chargeback or return rates, may be a safe bet. But excluding wide swaths of legitimate merchants from the payments ecosystem may be too unpalatable a stance for many to accept. And, while intensive merchant underwriting and monitoring may be desirable in the abstract, it is also costly, and, if implemented, its ripple effects will be felt in the form of increased expense passed down to merchants and, ultimately, consumers.

Simply put, the practical desirability of Operation Choke Point, and precisely who it is choking, remains to be seen.

Brandes Elitch is Director of Partner Acquisitions at CrossCheck, Inc. and Edward A. Marshall is a Partner at Arnall Golden Gregory LLP

[spacer height=3]

[divide] [spacer height=3] The views expressed in the posts and comments of this blog do not necessarily reflect those of ETA
.