On March 3, 2021, the CFPB filed a lawsuit in the U.S. District Court for the Northern District of Illinois against BrightSpeed Solutions, Inc., a third-party payment processor, and Kevin Howard, BrightSpeed’s founder and former chief executive officer. In its complaint, the CFPB alleges that between 2016 and 2018, Howard and BrightSpeed knew or should have known that it provided payment processing services for clients “who purported to provide virus software and technical-support services, but actually scammed consumers into purchasing unnecessary and expensive computer software” in violation of the Consumer Financial Protection Act of 2010 and the Telemarketing Sales Rule. The CFPB alleges that BrightSpeed intentionally served “high risk” clients who often could not obtain payment-processing services from other processors because of the risk of fraud associated with their businesses. These allegations suggest that BrightSpeed and Howard failed to implement or otherwise enforce policies intended to weed out potential fraud.
While this enforcement action may seem harsh, as it seeks to hold a company responsible for the actions of its clients, it should come as no surprise to those tracking the CFPB’s trend toward increased scrutiny of financial services companies generally. Acting Director David Uejio announced on January 28, 2021, that the CFPB will spend its first weeks “reversing policies of the last administration that weakened enforcement and supervision.” Uejio also announced that the CFPB is planning to rescind public statements “conveying a relaxed approach to enforcement of the laws in [the Bureau’s] care.” This latest enforcement action against BrightSpeed makes good on those promises. President Biden nominated Rohit Chopra to serve as the next full-time director of the CFPB and, assuming Chopra is confirmed, it seems likely that the CFPB will further reposition itself as more aggressive and less business friendly. The CFPB under Chopra will very likely look and feel much like the CFPB did under prior Director Richard Cordray.
This latest suit by the CFPB serves as a stark reminder that payment processors — and potentially other financial services intermediaries — could be on the hook for the alleged fraudulent acts of their customers. It is now more important than ever for financial services companies to review their policies and procedures to ensure that their clients are not creating unexpected liabilities that could provoke CFPB scrutiny down the road.