[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]




 
  THE FEDERAL TRADE COMMISSION'S ENFORCEMENT OF OPERATION CHOKEPOINT	
                           RELATED BUSINESSES

=======================================================================

                             JOINT HEARING

                               BEFORE THE

                   SUBCOMMITTEE ON NATIONAL SECURITY

                                AND THE

                            SUBCOMMITTEE ON
                         GOVERNMENT OPERATIONS

                                 OF THE

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             JULY 26, 2018

                               __________

                           Serial No. 115-99

                               __________

Printed for the use of the Committee on Oversight and Government Reform





[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




        Available via the World Wide Web: http://www.govinfo.gov
                       http://oversight.house.gov
                       
                       
                       
                        _________ 

               U.S. GOVERNMENT PUBLISHING OFFICE
                   
 31-425 PDF            WASHINGTON : 2018                            
                       
                       
                       
                       
                       
                       
              Committee on Oversight and Government Reform

                  Trey Gowdy, South Carolina, Chairman
John J. Duncan, Jr., Tennessee       Elijah E. Cummings, Maryland, 
Darrell E. Issa, California              Ranking Minority Member
Jim Jordan, Ohio                     Carolyn B. Maloney, New York
Mark Sanford, South Carolina         Eleanor Holmes Norton, District of 
Justin Amash, Michigan                   Columbia
Paul A. Gosar, Arizona               Wm. Lacy Clay, Missouri
Scott DesJarlais, Tennessee          Stephen F. Lynch, Massachusetts
Virginia Foxx, North Carolina        Jim Cooper, Tennessee
Thomas Massie, Kentucky              Gerald E. Connolly, Virginia
Mark Meadows, North Carolina         Robin L. Kelly, Illinois
Ron DeSantis, Florida                Brenda L. Lawrence, Michigan
Dennis A. Ross, Florida              Bonnie Watson Coleman, New Jersey
Mark Walker, North Carolina          Raja Krishnamoorthi, Illinois
Rod Blum, Iowa                       Jamie Raskin, Maryland
Jody B. Hice, Georgia                Jimmy Gomez, Maryland
Steve Russell, Oklahoma              Peter Welch, Vermont
Glenn Grothman, Wisconsin            Matt Cartwright, Pennsylvania
Will Hurd, Texas                     Mark DeSaulnier, California
Gary J. Palmer, Alabama              Stacey E. Plaskett, Virgin Islands
James Comer, Kentucky                John P. Sarbanes, Maryland
Paul Mitchell, Michigan
Greg Gianforte, Montana
Michael Cloud, Texas

                     Sheria Clarke, Staff Director
                    William McKenna, General Counsel
     Sharon Eshelman, National Security Subcommittee Staff Director
     Julie Dunne, Government Operations Subcommittee Staff Director
                    Sharon Casey, Deputy Chief Clerk
                 David Rapallo, Minority Staff Director
                   Subcommittee on National Security

                    Ron DeSantis, Florida, Chairman
Steve Russell, Oklahoma, Vice Chair  Stephen F. Lynch, Massachusetts, 
John J. Duncan, Jr., Tennessee           Ranking Minority Member
Justin Amash, Michigan               Peter Welch, Vermont
Paul A. Gosar, Arizona               Mark DeSaulnier, California
Virginia Foxx, North Carolina        Jimmy Gomez, California
Jody B. Hice, Georgia                John P. Sarbanes, Maryland
James Comer, Kentucky                Vacancy
                                     Vacancy
                                 ------                                

                 Subcommittee on Government Operations

                 Mark Meadows, North Carolina, Chairman
Jody B. Hice, Georgia, Vice Chair    Gerald E. Connolly, Virginia, 
Jim Jordan, Ohio                         Ranking Minority Member
Mark Sanford, South Carolina         Carolyn B. Maloney, New York
Thomas Massie, Kentucky              Eleanor Holmes Norton, District of 
Ron DeSantis, Florida                    Columbia
Dennis A. Ross, Florida              Wm. Lacy Clay, Missouri
Rod Blum, Iowa                       Brenda L. Lawrence, Michigan
                                     Bonnie Watson Coleman, New Jersey
                                     
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on July 26, 2018....................................     1

                               WITNESSES

Mr. Andrew Smith, Director of the Bureau of Consumer Protection, 
  U.S. Federal Trade Commission
    Oral Statement...............................................     4
    Written Statement............................................     6
Mr. Jason Oxman, Chief Executive Officer, Electronic Transactions 
  Association
    Oral Statement...............................................    18
    Written Statement............................................    21
Ms. Lauren Saunders, Associate Director, National Consumer Law 
  Center
    Oral Statement...............................................    38
    Written Statement............................................    40


  THE FEDERAL TRADE COMMISSION'S ENFORCEMENT OF OPERATION CHOKEPOINT-
                           RELATED BUSINESSES

                              ----------                              


                        Thursday, July 26, 2018

                  House of Representatives,
 Subcommittee on National Security, joint with the 
             Subcommittee on Government Operations,
              Committee on Oversight and Government Reform,
                                                   Washington, D.C.
    The subcommittees met, pursuant to call, at 10:30 a.m., in 
Room 2154, Rayburn House Office Building, Hon. Ron DeSantis 
[chairman of the Subcommittee on National Security] presiding.
    Present from the Subcommittee on National Security: 
Representatives DeSantis, Amash, Foxx, Comer, Lynch, and Welch.
    Present from the Subcommittee on Government Operations: 
Representatives Meadows, Hice, Massie, Connolly, and Maloney.
    Mr. DeSantis. The Subcommittees on Government Operations 
and National Security will come to order.
    Without objection, the presiding member is authorized to 
declare a recess at any time.
    Mr. Meadows is not here yet. He does have an opening 
statement. I think he is on his way. So if he wants to give it, 
we will obviously do that.
    I am second seat here, so I don't have one. So what I will 
do is I will recognize the ranking member.
    Mr. Connolly is not coming, right?
    Mr. Lynch. I know he is around, but I know we have a lot 
going on this morning.
    Mr. DeSantis. Okay. So I will recognize the ranking member 
on my subcommittee, Mr. Lynch, and I will let him do his 
opening statement.
    Mr. Lynch. Thank you very much. Mr. Chairman. I appreciate 
the courtesy. I want to thank you for holding this hearing, and 
I also want to thank the witnesses for helping us with our 
work.
    This hearing is to examine the anti-consumer-fraud efforts 
undertaken by the Federal Trade Commission following the end of 
Operation Chokepoint. I would also like to thank all of the 
staff on both sides for preparing this hearing.
    The Consumer Protection Branch at the Department of Justice 
initiated the investigative and enforcement program known as 
Operation Chokepoint in November of 2012. This operation 
examined efforts of fraudulent practices perpetrated through 
the U.S. banking system against bank customers by unscrupulous 
merchants, financial institutions, and intermediaries referred 
to as third-party payment processors.
    As reported by the Department of Justice, fraudulent online 
merchants would typically unlawfully direct their payment 
processors to initiate debit transactions against consumer 
accounts and transmit the money back to them.
    In the most egregious cases, the payment processors had 
full knowledge that merchant clients were committing those 
fraudulent transactions and illegally siphoned money from 
customer accounts anyway as some banks simply looked the other 
way.
    In furtherance of Operation Chokepoint, the Department of 
Justice issued 60 administrative subpoenas from February 2013 
through August 2013 to entities that are believed to have 
evidence pertaining to consumer fraud schemes.
    One of the most recent settlements that arose out of this 
operation occurred in March of 2015 when the Department of 
Justice announced that it had reached a $4.9 million settlement 
with CommerceWest Bank of California.
    The civil complaint in the case alleged that the bank had 
ignored a series of red flags and facilitated consumer fraud by 
permitting Las Vegas payment processors to make millions of 
dollars in unauthorized withdrawals from consumer bank accounts 
on behalf of fraudulent merchants.
    The warning signs included an extremely high rate of 
rejected debit transactions that were returned by customers and 
their banks as well as inquiries that CommerceWest received 
from other financial institutions about suspicious illegal 
activity involving its payment processor.
    I understand that some Members of Congress expressed 
concern that the Department of Justice, in cooperation with the 
financial regulators such as the Federal Deposit Insurance 
Corporation, was unlawfully targeting certain categories of 
legitimately operating businesses. In response, the House 
Financial Services Committee, the House Judiciary Committee, 
and this committee all conducted extensive investigations of 
Operation Chokepoint, beginning back in the 113th Congress.
    In December of last year, the House also passed H.R. 2706, 
the Financial Institution Consumer Protection Act, by a 
bipartisan vote of 395 to 2. I voted in favor of this 
legislation, which seeks to address concerns stemming from the 
facts surrounding Operation Chokepoint by prohibiting the FDIC 
and other financial regulators from terminating their 
relationship with specific customers without a valid and 
written justification.
    As underscored in a letter to Congress sent to the 
Department of Justice in August of 2017, quote, ``All of the 
Department's bank investigations conducted as part of Operation 
Chokepoint are now over. The initiative is no longer in effect, 
and it will not be undertaken again,'' close quote.
    It is my understanding that the purpose of today's hearing 
is to examine whether Operation Chokepoint has nevertheless 
continued at the Federal Trade Commission despite its official 
termination.
    I greatly appreciate the willingness of our witnesses to 
testify on this topic today. However, as ranking member of the 
Subcommittee on National Security, it is my sincere hope that 
during the remainder of the 115th Congress we will work 
together on a bipartisan basis to conduct meaningful oversight 
on those issues that are most pressing to the safety and 
security of the American people, our dedicated military and 
civilian personnel deployed overseas and our returning 
veterans.
    It simply does not serve the interest of national security 
when the principal oversight committee in the House has held 
more hearings on shark finning, believe it or not, shark 
finning, and red snapper fishing in the Gulf of Mexico than it 
has on the ongoing civil war in Syria--can you believe that?--
which is now entering its eighth year.
    We currently have more than 2,000 American troops deployed 
in a destabilized country that just witnessed a massive 
offensive undertaken by the forces of Syrian President Bashar 
al-Assad to recapture the southwestern city of Daraa. The 
operation caused catastrophic damage to the city and displaced 
more than 300,000 Syrians to the Syrian-Jordanian border in the 
Golan Heights frontier. And just yesterday, Islamic State 
militants launched a series of coordinated suicide bombings 
across Sweida in southern Syria, killing more than 200 people.
    So this committee has not held a single hearing on our 
national security policy toward North Korea either. This issue 
demands robust oversight following the statement of principles 
on nuclear nonproliferation signed by President Trump and North 
Korean President Kim Jong-un at their Singapore summit in June 
and the initiation of diplomatic talks led by Secretary Pompeo.
    We have held zero hearings on the state of our 
counterterrorism operations in Africa, believe it or not. Our 
American Green Berets, U.S. Navy SEALs, and other commandos are 
currently on the ground in Africa under so-called section 127e 
special ops authority. These units are undertaking perilous 
counterterrorism raids with African partner forces in Nigeria, 
Somalia, Libya, Tunisia, Kenya, and other nations, and their 
safety necessitates rigorous oversight by this Subcommittee on 
National Security.
    And, of course, our ongoing military and counterterrorism 
operation in Iraq and Afghanistan, where we still have an 
estimated 6,000 and 15,000 American troops deployed, 
respectively, should command our regular attention. While Iraqi 
Prime Minister Haider al-Abadi declared final victory over the 
Islamic State last December, the terrorist group is reemerging 
across Kirkuk, Diyala, and Saladin provinces through a wave of 
insurgent attacks and kidnapping.
    The security environment in Afghanistan also continues to 
deteriorate. This week alone, a suicide bomber carried out an 
attack near Kabul Airport, killing 14 and wounding more than 50 
individuals. Earlier this morning, a Taliban suicide bomber 
attacked a security convoy of the Afghan National Intelligence 
Agency.
    So, Mr. Chairman, I respectfully request that we begin to 
work on those issues and conduct oversight of those issues and 
other critical national security issues going forward.
    And, with that, I will yield the balance of my time. Thank 
you.
    Mr. DeSantis. The gentleman yields back.
    I am pleased to introduce the witnesses. We have Mr. Andrew 
Smith, the Director of the Bureau of Consumer Protection at the 
FTC; Jason Oxman, chief executive officer of the Electronic 
Transactions Association; and Ms. Lauren Saunders, associate 
director of the National Consumer Law Center.
    Welcome to you all.
    Pursuant to committee rules, all witnesses will be sworn in 
before they testify, so if you guys can please stand and raise 
your right hand.
    Do you solemnly swear or affirm the testimony you about to 
give is the truth, the whole truth, and nothing but the truth, 
so help you God?
    All right. Please be seated.
    All witnesses answered in the affirmative.
    In order to allow time for discussion, please limit your 
testimony to 5 minutes. Your entire written statement will be 
made part of the record. As a reminder, the clock in front of 
you shows the remaining time during your opening statement. The 
light will turn yellow when you have 30 seconds left and red 
when your time is up. Please also remember to press the button 
to turn your microphone on before speaking.
    And, with that, Mr. Smith, you are recognized.

                       WITNESS STATEMENTS

                   STATEMENT OF ANDREW SMITH

    Mr. Smith. Thank you, Mr. Chairman and Ranking Member 
Lynch. My name is Andrew Smith, and I am the Director of the 
Bureau of Consumer Protection at the Federal Trade Commission.
    My written statement submitted for the record represents 
the views of the Commission, but this opening statement 
represents my views alone and not necessarily the views of the 
Commission or of any individual commissioner.
    The FTC is the Nation's primary consumer protection agency. 
We are a bipartisan and independent agency governed by five 
commissioners, and we are dedicated to pursuing law enforcement 
actions to stop unlawful practices, including fraud against 
consumers.
    In the last 10 years alone, the FTC has brought more than 
600 cases in Federal court against companies and individuals 
who engage in unfair and deceptive conduct, including countless 
cases challenging fraudulent telemarketers and online scammers. 
The FTC has returned hundreds of millions of dollars to 
American consumers while obtaining strong injunctive relief to 
protect consumers going forward.
    When we bring a case against a fraudster, we routinely look 
for others who knowingly facilitated the fraud, whether it be a 
telemarketing boiler room, a robocalling platform, a lead 
generator, or a payment processor who actively participated in 
the fraudulent scheme.
    In only 15 of these hundreds of fraud cases that we have 
brought since 2008--in only 15 of these cases have we seen fit 
to bring an enforcement action against a culpable payment 
processor. And these 15 instances weren't the product of the 
FTC staff acting on its own whim. The bipartisan Commission, 
both Republicans and Democrats, approved each of these matters 
by a unanimous and a public vote.
    As these numbers demonstrate, the FTC doesn't take action 
against payment processors lightly, and the 15 cases that we 
have brought were not even remotely close calls. In each case, 
we had specific evidence that these payment processors were 
knowingly facilitating the misconduct of their merchants by 
actively evading the antifraud protections of the national 
payment system.
    For example, we have sued payment processors who have 
opened multiple, sometimes hundreds, of dummy merchant accounts 
to hide fraudulent transactions, dilute consumer complaints and 
charge-backs, and subvert the critical systems established by 
banks and the card networks to monitor for illegal activity.
    We also have seen payment processors that deliberately lie 
to banks and the payment networks about the line of business of 
their merchants, as well as payment processors engaging with 
merchants in a high volume of sham payment transactions to 
paper over the real but fraudulent transactions that resulted 
in consumer charge-backs.
    And I should note that the frauds perpetrated by the 
merchants in these 15 cases were of the most egregious sort, 
causing hundreds of millions of dollars of injury to consumers. 
These constituted sham business opportunities, credit card 
interest rate reduction scams, fraudulent online discount clubs 
in which consumers never enrolled, and ``grandparent scams'' 
harming older Americans.
    The FTC doesn't intend to impose on payment processors the 
responsibility to police their customers, but we do expect 
payment processors to follow the well-established rules of 
their industry, and they must abide by the law. So when we see 
evidence that a payment processor is knowingly facilitating a 
fraudulent scheme, we will not hesitate to act to protect 
consumers.
    As the law enforcement numbers show, this isn't a game of 
``gotcha'' for us at the FTC. We sue payment processors 
sparingly and only where we have powerful evidence of their 
complicity in the underlying fraud.
    Thank you for the opportunity to testify. I welcome your 
questions.
    [Prepared statement of Mr. Smith follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    Mr. DeSantis. I thank the gentleman.
    Mr. Oxman, you are up for 5 minutes.

                    STATEMENT OF JASON OXMAN

    Mr. Oxman. Thank you, Mr. Chairman.
    I am here representing ETA, the Electronic Transactions 
Association. We are the trade association for the payments 
industry, representing over 500 companies that offer electronic 
transaction processing products and services to merchants.
    ETA supports the enforcement of existing laws and 
regulations by Federal agencies, including the Federal Trade 
Commission, to stop fraud. But what we are deeply troubled 
about is the FTC's use of Operation Chokepoint-style tactics to 
hold payment processors responsible for fraud committed by bad 
merchants.
    The Department of Justice ended Operation Chokepoint in 
2017 following congressional scrutiny and criticism. That 
scrutiny demonstrated that holding payment processors liable 
for merchant fraud has serious adverse consequences, including 
processors abandoning lawful categories of merchants disfavored 
by the government as well as higher prices for consumers.
    Now, again, the payments industry is dedicated to fighting 
fraud and ensuring that consumers have access to safe, 
convenient, and affordable payment services. Consumers choose 
electronic payments, indeed, because they have zero liability 
for fraud.
    ETA has worked hard as an industry representative to 
develop guidelines on merchant and ISO underwriting and risk 
monitoring. These guidelines provide more than 100 pages of 
best practices to detect and halt fraudulent actors. ETA has 
shared these draft guidelines with the Federal Trade 
Commission, which has encouraged us to strengthen anti-fraud 
efforts.
    The FTC's targeting of the payments industry actually 
predates Operation Chokepoint and, indeed, exceeded the 
Department of Justice's efforts in scope but somehow has 
managed to fly under the radar until today.
    Many of our member companies receive what are called civil 
investigative demands, CIDs, from the FTC asking for dozens of 
categories of information about dozens of different merchants. 
Many of our payment processor members receive multiple CIDs a 
year, often part of a broader fishing expedition around a 
particular industry.
    Now, even though processors do their part to fight fraud 
through robust underwriting and monitoring, payment processors 
simply are not law enforcement. The fact is that sometimes 
processors miss red flags or make unintentional mistakes. But 
it is a big leap to suggest that a processor was intentionally 
aiding and abetting a merchant in fraud and should be left to 
cover the total cost of consumer injury caused by the merchant. 
And that is exactly what the Federal Trade Commission does.
    Specifically, the FTC seeks to hold payment processors and 
even individual owners and employees financially responsible 
for the total volume of sales transactions processed for a bad 
merchant, even where the processor made just a penny on the 
dollar for such transactions.
    Emboldened by a recent but misguided decision in the 11th 
Circuit entitled ``Universal Processing,'' the FTC's aggressive 
use of joint and several liability threatens to put targeted 
processors out of business or even to bankrupt individuals 
based on the conduct of a single bad merchant out of a 
processor's entire portfolio.
    It is important to understand that the FTC uses the same 
aggressive tactics in all cases, even where a processor 
cooperates with the FTC to assist law enforcement activities. 
The FTC's insistence on joint and several liability for payment 
processors makes it financially impossible for a processor to 
try to defend itself in court. A small processor that earns a 
few thousand dollars processing for a merchant can't take the 
risk of litigating a case where the FTC seeks to hold the 
processor liable for millions of dollars.
    When the FTC sends a CID to a processor regarding a 
merchant, it tells the processor to maintain confidentiality 
and to continue processing for the merchant. But then the FTC 
inevitably turns on the processor and seeks to hold it 
financially liable for all of the volume processed and all of 
the merchant's sales, including those after the CID was issued.
    Similarly, where a court appoints a receiver to manage a 
merchant's assets, the FTC pressures the receiver to take 
possession of a processor's reserves for the merchant, even 
though those reserve accounts belong to the processor, not the 
merchant. The processor is then forced to cover consumer 
charge-backs out of its own funds.
    The FTC refuses to discuss settlement of a case against a 
processor until the processor or its individual owner provides 
financial information.
    The FTC also engages in aggressive prosecution of 
individual officers and employees for assisting and 
facilitating the conduct of a merchant employee, even where 
they had no control over that conduct.
    And the FTC regularly uses its CID process to request 
information from third parties, when that information is 
regularly available to the FTC itself.
    The results of this enforcement approach is that payment 
processors will have no choice but to increase prices for 
services to merchants and, even worse, restrict access to 
payment systems to certain categories of merchants to avoid 
exposure for liability.
    There is, however, a better path forward. Congress should 
encourage the FTC to review and reconsider its overly 
aggressive use of CIDs and questionable discovery and 
enforcement tactics. Former FTC Chairman Ohlhausen in 2017 
announced just such an effort. That effort should continue.
    Congress should include a provision in the FTC's budget 
authority limiting the FTC's ability to seek joint and several 
liability against payment processors except where the processor 
is actually an active part of a common enterprise with 
merchants.
    Congress should direct the FTC to halt enforcement actions 
against processors until they engage in a public discussion of 
Operation Chokepoint.
    And Congress should support the FTC to encourage additional 
industry self-regulation.
    Thank you for the opportunity to appear here before you 
today, and I look forward to your questions.
    [Prepared statement of Mr. Oxman follows:]
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   
    
    
    Mr. Meadows. [Presiding.] Thank you, Mr. Oxman.
    Ms. Saunders, you are recognized for 5 minutes.

                  STATEMENT OF LAUREN SAUNDERS

    Ms. Saunders. Thank you.
    Chairman DeSantis, Ranking Member Lynch, Chairman Meadows, 
Ranking Member Connolly, and members of the subcommittees, 
thank you for inviting me to testify today. I am Lauren 
Saunders, associate director of the National Consumer Law 
Center, which works for economic justice for low-income and 
other vulnerable consumers across the United States.
    Fraud takes billions of dollars from people every year, 
often from seniors and other vulnerable communities. Fraud also 
imposes costs on businesses and many other people in the 
country.
    Fraudsters often do not act alone. Many fraudsters rely on 
payment processors to take money out of consumers' accounts. 
Responsible payment processors can stop fraud or make it more 
difficult. Unfortunately, a very few outliers sometimes 
willingly enable fraud.
    The FTC's cases against payment processors are part of its 
traditional bipartisan law enforcement work, unanimously 
supported by both Republican and Democratic chairs and 
commissioners. These cases go back over two decades and are 
independent at the Department of Justice's former Operation 
Chokepoint.
    For example, in 1996, under Chairman Steiger, who was 
appointed by the first President Bush, the FTC sued Windward 
Marketing, which used remotely created checks to help a 
magazine subscription scam bilk consumers of over $12 million.
    In 2007, under Chairman Majoras, appointed by the second 
President Bush, the FTC sued Your Money Access, which processed 
more than $200 million on behalf of numerous fraudulent 
telemarketers and internet-based merchants, accepting merchants 
with facially false sales scripts and ignoring extremely high 
return rates.
    More recently, last year the FTC sued the payment processor 
iStream Financial Services for processing discount club 
transactions despite numerous fraud indicators, including 
recommendations from the iStream's sister bank, independent 
compliance auditors, and iStream's own compliance and risk 
officers that the processing relationship be terminated due to 
the high return rates and likelihood of fraud.
    The FTC's work has been approved by courts, as in the 
recent case against WV Universal Management, the credit card 
processor for a fraudulent credit card interest rate reduction 
scheme. The processor's president had personally approved 
merchant accounts despite several glaring red flags, including 
charge-backs so high that they came to the attention of 
Mastercard, which noted the potential fraud risk.
    The 11th Circuit Court of Appeals affirmed a position of 
joint and several liability on the defendants but only after 
observing that it was undisputed that Universal had violated 
the telemarketing sales rule by providing substantial 
assistance to the scammers despite knowing or consciously 
avoiding knowing about the fraud.
    The testimony from the Electronic Transaction Association 
today criticizes the FTC's use of joint and several liability 
but does not attempt to defend the conduct of the processor in 
the Universal case.
    And, indeed, as Mr. Smith pointed out, I haven't heard 
anybody criticizing the cases they have brought. These are not 
close cases. There is extensive evidence of complicity of the 
payment processors in the very few cases that they bring.
    The FTC targets bad apples and provides incentives for the 
industry to police itself, spurring efforts like those of the 
Electronic Transaction Association to help its members prevent 
fraud and make enforcement unnecessary in most cases.
    Vague and unsubstantiated claims have been made that the 
FTC may be targeting entire classes of legal businesses, but 
the evidence is that the FTC targets fraudulent activity, plain 
and simple.
    While I disagree with the characterizations of DOJ's 
Operation Chokepoint, there is a key difference between that 
operation and the FTC, and that is the FTC starts with the 
scammer and then, like any good investigator, follows the 
money.
    Most of FTC's 600 fraud cases do not have a companion case 
against a payment processor. But if the FTC finds evidence that 
a payment processor was a willing participant and enabler, it 
brings an enforcement action, which is especially important 
because consumers cannot do this kind of investigation on their 
own, and they rely on government to prevent this type of fraud.
    The FTC's fraud work is especially important today, with 
growing problems of identity theft, data breaches, and online 
scams. Everyone, from individual consumers to legitimate 
businesses benefits, when fraudsters and their collaborators 
are held accountable.
    Thank you for inviting me to testify today. I would be 
happy to answer your questions.
    [Prepared statement of Ms. Saunders follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
   
    
    Mr. Meadows. Thank you all for your testimony.
    And the chair recognizes the gentleman from the 11th 
District of Virginia, my good friend, Mr. Connolly, for his 
opening statement.
    Mr. Connolly. I thank the chair, and I thank our witnesses 
for coming here today. I am a little late today because we had 
a vote, and we are going to have some more votes very shortly.
    Two days ago, during a full committee hearing on election 
security in this very room, I made a motion for the Oversight 
and Government Reform Committee to subpoena the Office of the 
Director of National Intelligence to inform the committee and 
the public about the extent of the Russian threat to our 
country. That subpoena unfortunately was tabled by a vote of 17 
to 15.
    This morning, two Oversight and Government Reform 
subcommittees are teaming up to discuss the urgent problem of 
Operation Chokepoint, a program that no longer exists and a 
program that the full committee conducted extensive oversight 
of 4 years and two chairmen ago.
    What is, one wonders, the urgent need for this hearing now, 
when the administration is under legal compulsion to reunite 
children that have been separated from their parents as part of 
a zero tolerance policy at the border; when the deaths of 
perhaps as many as 4,600 U.S. citizens in Puerto Rico have been 
attributed to Hurricane Maria and the Federal Government's 
inadequate response to it; when the Secretary of Commerce 
apparently misled this committee on why a divisive question on 
citizenship was hastily added to the 2020 census; when a member 
of this committee, full committee, forthrightly wrote an op-ed 
in The New York Times saying that the President of the United 
States has been manipulated by Vladimir Putin?
    These are all worthy of committee examination and open 
hearings. So what could possibly be the reason for this hearing 
today?
    Congress conducted lengthy oversight of Operation 
Chokepoint in 2013 and 2014. Congressional Republicans then 
alleged that DOJ and the FDIC intentionally conspired--
intentionally--to mislead Congress about their partnership and 
inappropriately targeted a list of high-risk merchants and 
industries to conduct Operation Chokepoint.
    The Committees on Financial Services and Judiciary also 
held oversight hearings. The Oversight and Government Reform 
Committee conducted an investigation under then-Chairman 
Darrell Issa that produced not one but two staff reports.
    Republicans got what they wanted. The two principal 
agencies involved in Chokepoint, the DOJ and the FDIC, have 
both ended their work on the operation. The FDIC ended its 
involvement in Operation Chokepoint in January of 2015.
    The DOJ issued a letter to the chairman of the House 
Judiciary Committee in August that stated, and I quote, ``All 
of the Department's bank investigations conducted as part of 
Operation Chokepoint are now over. The initiative is no longer 
in effect, and it will not be undertaken again,'' unquote. 
Pretty definitive.
    Yet here we are questioning the Federal Trade Commission, 
an agency that played no role in Operation Chokepoint. And here 
we are because the FTC has a broad mandate to protect consumers 
from unfair, deceptive, or fraudulent practices in the 
marketplace.
    Some have concluded that this must mean a continuation of 
Operation Chokepoint. That, it seems to me, is not the case. As 
part of its work to protect consumers, the FTC works to stop 
payment fraud, including taking action against payment 
processors that knowingly or recklessly facilitate fraud. That 
is their job. The FTC's cases against payment processors goes 
back two decades and is not related to Operation Chokepoint, 
which started much later and, as we have heard, no longer 
exists.
    Enforcement action against payment processors who knowingly 
participate in fraudulent schemes or willfully ignore signs of 
illegal activity has historically received bipartisan support. 
These schemes often prey on vulnerable populations, such as 
seniors, immigrants with limit English language, or families of 
Active Duty military.
    According to a survey by True Link, a company that provides 
account monitoring software for elders and families, projected 
that financial elder abuse costs families more than $36 billion 
a year, of which $17 billion is linked to exploitation and 
scams such as work-from-home schemes, misleading financial 
advice, or reverse mortgages.
    I can't speak for my colleagues, but I have to say: We 
ought to be having hearings, it seems to me, about some of the 
pressing issues of the day. And we could start with the list of 
subpoena requests the Democrats have submitted to the full 
committee and the full chairman. I think there are now 62 of 
them outstanding. That would be some work worthy of our 
enterprise.
    I thank my friend from North Carolina for letting me have 
this time for my opening statement and will try my best to 
participate before we call votes.
    Mr. Meadows. I thank the gentleman from Virginia. And, as 
he well knows, on some of those items I am willing to advocate 
in a bipartisan fashion to deal with some of those.
    I would like to ask unanimous consent that my opening 
statement be made part of the record without doing it. Any 
objection?
    Mr. Connolly. No objection.
    Mr. Meadows. All right. So ordered.
    Mr. Meadows. Also, I would like to recognize Charlie Kirk, 
who is here.
    Thank you for being here. You have done some work on this 
particular issue, and we appreciate your work.
    And so, with that, I will recognize the gentleman from 
Florida, Chairman DeSantis.
    Mr. DeSantis. Thank you, Mr. Chairman.
    Thanks to the witnesses. I appreciate the work that you 
guys do.
    Mr. Smith, fraud is just a cottage industry, particularly 
in my State of Florida. You know, you have seniors. And I think 
we are by far, I think, the number-one State for complaints. So 
I think it is very, very important. And the issues you site 
where people are knowingly involved in fraud, I think that is a 
no-brainer.
    How would you respond to Mr. Oxman? Because there seems to 
be a discrepancy here about how innocent processors are treated 
by the FTC. Because I would say, if the people who are 
committing fraud, that's where you would want to do the 
government action. If people are simply processing this stuff 
without being a part of it, then putting some of these 
investigative demands on them raises the cost of doing 
business, and that hurts consumers, too, because people don't 
have access, the ability to do that.
    So how would you respond to some of the things Mr. Oxman 
pointed out?
    Mr. Smith. Right. So in the 15 cases that we have brought, 
I don't think there is any disagreement about complicity by the 
payment processor. So there are issues raised by Mr. Oxman 
about what I understand to be compulsory process issued by the 
FTC to payment processors as a part of a broader investigation.
    So we do this kind of third-party discovery, like any 
litigant does and like any law enforcement agency does. We do 
it routinely. We send third-party CIDs, civil investigative 
demands, to telephone companies, to banks, to payment 
processors, to internet registrars in order to gather 
information for our investigations of----
    Mr. DeSantis. Is there a threshold that is required before 
you initiate that?
    Mr. Smith. So any CID that we issue, whether it is to a 
target or to a third party, has to be approved by a 
commissioner and it has to articulate specific allegations of a 
law violation in order for us to issue the CID. So we can't do 
fishing expeditions to, you know, we want to investigate the 
business opportunity industry and so this CID, we are sending 
it to 100 companies as a part of that. We don't do that, 
because we are not permitted to do that under our rules of 
practice and our statute.
    So we do send third-party process, though. All law 
enforcement agencies do. And we are sensitive to the fact that 
it is expensive to respond, and we appreciate that. And, as Mr. 
Oxman noted, in 2017 the FTC undertook an effort to streamline 
its CID processes to make them more manageable for businesses.
    But the fact remains that we really need to get this 
information from third parties. We frequently can't get it 
anyplace else, either because the investigation is confidential 
and we don't want to tip the target or because we get better 
information from third parties than we get from the target. We 
have frequently found instances where--remember, we are talking 
about fraudsters here--where they have given us bad responses 
to our CIDs and we have gotten better information from third 
parties.
    But we understand and respect that that presents an expense 
for legitimate businesses, and we appreciate that and try to 
factor that in to our targeting.
    Mr. DeSantis. The idea of holding the person processing the 
transaction responsible for the entire amount of the 
transaction, unless there is evidence that they knowingly were 
participating in the fraud, that would not be something that 
you would support?
    Mr. Smith. Right. So, in the 11th Circuit case that was 
mentioned by Ms. Saunders, the court held that--and there are a 
couple of other court decisions that have similar holdings--
that, in order to impose joint and several liability on a 
payment processor, the FTC has to show that they knew of the 
fraudulent scheme or they consciously avoided knowing it and 
they actively facilitated the fraudulent scheme.
    So, in that 11th Circuit case, what happened was that the 
company president was complicit in sort of fast-tracking these 
fraudulent transactions through, circumventing the underwriting 
process and the monitoring process. And the company essentially 
admitted liability. The question was, was there enough 
knowledge, was there enough intent, in order to satisfy that 
joint and several standard? And the court held that there was.
    Mr. DeSantis. So, Mr. Oxman, how would you respond? Because 
I think that, you know, Mr. Smith is saying, hey, there are 
rare instances where there is active participation. And, look, 
I mean, that is a totally different issue, if they are actively 
engaged in fraud. You are raising concerns about kind of just 
the normal course of business and having, you know, government 
action really hurt the industry. So how would you respond to 
what Mr. Smith has said?
    Mr. Oxman. That is exactly right. And I think the reason 
that both Mr. Smith and Ms. Saunders focus on those 15 cases is 
we have no dispute with those cases, and we are not here to 
discuss that.
    What we are here to discuss and what we are raising 
concerns about is what is happening at the FTC in all the cases 
we don't know about.
    So our member companies are telling us that there are an 
unrelenting number of CIDs coming out of the FTC in cases where 
the Commission appears to be looking--I call it a fishing 
expedition--at particular merchant categories. They are sending 
these CIDs out, sometimes dozens at a time, looking blanketly 
across multiple industries and using the information gathered 
to build cases.
    And, as Mr. Smith noted, those CIDs don't need the approval 
of the entire Commission. They need one commissioner. And what 
we are looking for is a process where, as in those 15 cases, 
the entire Commission is making sure that these actions are 
justified and that the burden is not placed on processors to 
take these actions in support of law enforcement where they are 
legitimately going against bad merchants. That is the concern 
that we have.
    Mr. DeSantis. Great.
    I am out of time, so I will yield back.
    Mr. Meadows. The chair recognizes the gentleman from 
Virginia, Mr. Connolly.
    Mr. Connolly. Thank you, Mr. Chairman.
    At this time, I would defer to my colleague, the brilliant 
gentlelady from New York.
    Mrs. Maloney. Thank you so much, Ranking Member and 
Chairman, for holding this important hearing on consumers and 
protection for them.
    I want to commend and thank Ms. Saunders and the 
organization she represents, the National Consumer Law Center, 
for the initiatives that you have taken to protect 
disadvantaged people, poor people, and, particularly, elderly 
people from financial scams.
    So, first, I would like to ask you, in your own words, at 
the NCLC, what types of financial scams targeting the poor, the 
elderly, or other vulnerable people have you seen and come 
across?
    Ms. Saunders. You know, the variation is really incredible.
    We see a lot of ``grandparent scams.'' In fact, my own 
father was subject to one of these that the FTC actually did a 
little profile blog on. Somebody called up--and my father, who 
is very competent, 88 years old, but he got a call, you know, 
``Hi, this is Ben, and I've been arrested, and I need some 
money to get out on bail.'' And even my own father, who, you 
know, thought it didn't sound like his voice, you know, called 
me up and said, ``Where is Ben?'' And, you know, I mean, he was 
very scared, and the scammer wanted him to go and send the 
money.
    Mrs. Maloney. Wow.
    Ms. Saunders. We see romance scams. We see lottery scams. 
We see fake interest credit card reduction scams. And often 
these scams do target seniors and people with limited English 
proficiency and other--IRS scams. I get these calls all the 
time, you know, ``I'm the IRS, I'm going to arrest you.'' Now, 
I don't owe the IRS, so I'm not too scared when I get those 
calls, but there are, you know, people who have trouble with 
their back taxes, don't realize it is not the IRS on the other 
end.
    There are all sorts of scams. And a lot of these scams 
require a method to take the money from consumers, to take the 
money out of their pockets. And most payment processors, you 
know, do their best to stop being willing participants, but 
those who do are appropriately subject to enforcement. And the 
FTC needs to investigate to figure out who is culpable and who 
is not.
    Mrs. Maloney. Okay. You have given some examples of people. 
Could you give some examples of how the FTC is important in 
protecting consumers against predatory third-party payor 
processors, which Mr. Oxman seems to feel are being unfairly 
targeted?
    Ms. Saunders. Right. Well, you know, I mentioned the 
iStream Financial Services case. This is a case where people 
were signed up for discount clubs that they really didn't want 
and money was taken out of their bank account. And----
    Mrs. Maloney. They signed them up without their knowledge 
and then took the money out of their account?
    Ms. Saunders. Exactly.
    Mrs. Maloney. How in the world can you do that? Isn't the 
bank there to--how could they get into their accounts?
    Ms. Saunders. Because people often provide their 
information because they think they are signing up for 
something else. They may think they are signing up for a payday 
loan. They may think that they are getting a one-time, you 
know, purchase of something. But once they have their bank 
account information, they can use that. Maybe sometimes in the 
fine print, in deceptive terms, you know, they sign them up for 
something else.
    Mrs. Maloney. Is this usual, that payment processors 
participate in scams like this?
    Ms. Saunders. Payment processors are often essential to 
move the money, in order to take a credit card, a debit card, 
to do an electronic payment. Now, again, they aren't all 
complicit, but they are often a key part of how the scam works 
and how the money gets from the consumer to the scammer.
    Mrs. Maloney. Now, what would happen if consumers were 
helpless, if there was no FTC there to help them in payment 
scams or other scams?
    I talked to some of the prosecutors in New York, and they 
say a lot of their work in the district attorney's office is 
just trying to protect people from scams all the time.
    Ms. Saunders. Right. Absolutely.
    Mrs. Maloney. So, if you didn't have the FTC, would there 
be any protection for consumers in this area?
    Ms. Saunders. You know, consumers do have some protection 
against unauthorized charges, and they can go to their bank if 
they can show that the charge is unauthorized.
    And it actually imposes costs on banks, as well, especially 
small banks. They are the ones who end up having to deal with 
these things, and it costs them money to have to deal with the 
consumer and reverse the charge. And sometimes they can't get 
them reversed.
    Mrs. Maloney. Now, I want to get to some of the other 
witnesses.
    Mr. Smith, how many enforcement actions has the FTC pursued 
since 1996? And how many of these enforcement actions have 
involved a third-party processing payment system?
    Mr. Smith. Right. So we looked back 10 years to 2008, and 
we counted up 639 enforcement actions. We decided just to focus 
on the last 10 years because it would have taken us a long time 
to count up until 1996. But in that 10 years, we have 639 
enforcement actions generally and 15 against payment 
processors.
    And one quick thing I wanted to add is that we are focusing 
a lot on the complicit payment processors, but the payment 
processing industry--trillions of dollars of transactions 
happen without event, right? So consumers should feel safe that 
the payment processing industry is looking after their best 
interests. It is just in these very few cases where we found a 
need to drill down and hold the payment processor responsible.
    Mrs. Maloney. Uh-huh.
    May I just, Mr. Chairman, ask a question related to what he 
just said?
    Mr. Meadows. Very succinctly.
    Mrs. Maloney. Okay.
    So what is the estimated amount of financial harm consumers 
have suffered in these 639 cases and 15 with--so we get a sense 
of what is the economic impact on people and the economy.
    Mr. Smith. Right.
    Mr. Meadows. So you can answer briefly. The gentlewoman's 
time has expired.
    Mr. Smith. Okay. In the 15 cases, we had $700 million of 
harm and we recovered $620 million for consumers.
    Mrs. Maloney. Wow.
    Mr. Meadows. Okay.
    Mrs. Maloney. Uh-huh.
    Mr. Meadows. The chair recognizes the gentleman from 
Georgia.
    Mr. Hice. Thank you, Mr. Chairman.
    Mr. Smith, what was the role of the FTC in developing 
Operation Chokepoint?
    Mr. Smith. So I wasn't at the Commission at the time, but I 
have spent a lot of time reviewing the OGR prior 
investigations, and I have also spent a lot of time talking to 
staff. And the FTC was a part of the Financial Fraud 
Enforcement Task Force established by President Obama, along 
with something like 30 other agencies--Securities and Exchange 
Commission, the IRS, et cetera.
    We also were a leader of the Consumer Protection Working 
Group of that FFETF. And as the Nation's primary consumer 
protection agency, that would only make sense. And there were 
maybe another dozen agencies on the Consumer Protection Working 
Group. So we communicated with DOJ and all of our law 
enforcement partners regularly about fraud cases.
    In terms of specific Operation Chokepoint activity, the 
FTC, as I understand it, wasn't involved in that. It wasn't 
involved in targeting, to the extent that there was any, of 
particular industries. But I don't want to say that there 
wasn't information being exchanged by the FTC with its law 
enforcement partners, because we do that all the time pursuant 
to our rules and approval by our general counsel.
    Mr. Hice. Right. According to the memos about Chokepoint, 
as I understand it, the FTC provided the DOJ with potential 
leads for Operation Chokepoint investigations.
    Mr. Smith. Don't--well, we provided the DOJ with names of 
banks.
    Mr. Hice. Right.
    Mr. Smith. Don't know if that was for Chokepoint or for 
something else.
    One thing that is important to remember is that the FTC 
doesn't have any jurisdiction over banks. That is specifically 
carved out from our statute. DOJ does. So, to the extent that 
there might be banks that have information or that may be 
problematic, then that is a DOJ----
    Mr. Hice. But as you came up with suspicious information, 
that information was passed on as a potential lead, according 
to memos, as I understand it.
    So my question from that would be: How would the FTC 
determine a particular companyor institution, whether or not 
they should be investigated? What are they looking for?
    Mr. Smith. So a particular company, we were looking for 
strong evidence of fraud, and we would investigate the 
merchant, right? So we would investigate the business 
opportunity scam or the robocalling scam.
    And in the course of that investigation, as Ms. Saunders 
said, we follow the money, as all investigators do. So you go 
to the payment processor, you go to the acquiring bank, you go 
also to other third parties, like the telephone company and the 
internet registrar, to gather up information.
    And so, in the course of those investigations, there is a 
process between the FTC and other law enforcers to share 
information that we get----
    Mr. Hice. So did the FTC actually participate in Operation 
Chokepoint?
    Mr. Smith. No, not as far as I know. I mean, there was--so 
if you think of Chokepoint as the--it was defined earlier in 
the hearing as these 60 subpoenas that were sent out, that is 
not us.
    Mr. Hice. All right.
    Now, before your appointment to the FTC, you worked for a 
law firm that represented companies against Operation 
Chokepoint. Is that correct?
    Mr. Smith. Yes.
    Mr. Hice. Okay. I am curious of some of your experiences 
with that. Did any of your clients have assets seized as a 
result of Operation Chokepoint?
    Mr. Smith. So my involvement with Operation Chokepoint--and 
this is a matter of public record. I was a partner at the law 
firm of Covington & Burling, and I represented a trade 
association for online lenders who were impacted negatively by 
Operation Chokepoint.
    So the work was primarily on a policy level, working with 
the agencies to determine how we can resolve Operation 
Chokepoint. Because the problem was that legitimate companies 
were losing their banking relationship----
    Mr. Hice. Right. That is what I am aware of.
    Mr. Smith. Right.
    Mr. Hice. So, with that--and that was the whole problem 
with this. So I take it that you did represent some companies 
that had some assets seized. What----
    Mr. Smith. No, not so much companies, but more this trade 
association. So I don't know----
    Mr. Hice. Okay. Were the seizures justified?
    Mr. Smith. I don't know of any asset seizures for Operation 
Chokepoint. The problem was the loss of the banking 
relationship.
    Mr. Hice. You don't know of any seizures as a result? 
Because I certainly do.
    Mr. Smith. Of Operation Chokepoint? No. I mean, I know that 
the FTC--and, I mean, in the course of our law enforcement, we 
will seize assets in order to return money to consumers. As far 
as Operation Chokepoint is concerned--so at the top of the 
hearing, it was defined as these 60 subpoenas, resulting in 3 
actions against banks. And as far as asset seizures, that I 
don't know. I think the banks were exposed to penalties, 
perhaps for anti-money-laundering issues, but I don't know.
    Mr. Hice. Well, so were companies.
    And, unfortunately, my time has expired, Mr. Chairman, so I 
will yield back.
    Mr. Meadows. I thank the gentleman from Georgia.
    The gentleman from Virginia is recognized.
    Mr. Connolly. Thank you.
    Ms. Saunders, I understand from your testimony you 
certainly believe, in this context, consumers need some 
protection.
    Ms. Saunders. Absolutely.
    Mr. Connolly. You need to speak closer to that microphone. 
You can move it to you.
    Ms. Saunders. Okay. Yes, absolutely. I think fraud would be 
far, far worse if we didn't have the FTC and other law 
enforcement agencies, you know, looking at this fraud and 
finding everybody who is culpable.
    Mr. Connolly. Right.
    Now, one of the practices that has concerned me for a long 
time: Certain payday lenders, for example, not all but some, 
prey on vulnerable families of Active Duty military, especially 
those who kind of ship overseas and their families are left 
behind. They tend to be lower-income folks, and making ends 
meet can be a real challenge.
    Is that a problem, in your experience?
    Ms. Saunders. Well, the Military Lending Act today does 
prohibit high-cost loans to servicemembers. Certainly, payday 
loans have been a problem with servicemembers and their 
families and loved ones.
    You know, that is not anything related at all to, you know, 
the FTC's enforcement work against payment processors, but, 
separately, we have pushed for protections for servicemembers 
and all families against predatory lending, and payday lenders 
are a big problem.
    Mr. Connolly. Yeah. I guess the point I was just trying to 
make is that, when we look at, sort of, financial predation, it 
covers all kinds of classes of people--seniors, ordinary 
consumers, and even our Active Duty military families who can 
be taken advantage of in times of need. And they all need 
someplace to go for protection.
    Ms. Saunders. Right. Absolutely. And, certainly, 
servicemembers and veterans are targets of fraud, you know, 
like any other American, and they need the vigorous work of 
government to stop those kinds of scams and to cut off these 
scammers from the ability to take the money, as long as we, you 
know, are going after the payment processors who are willing 
participants.
    Mr. Connolly. Right.
    Now, you gave the example of your dad.
    Ms. Saunders. Uh-huh. Who's a veteran.
    Mr. Connolly. I'm sorry?
    Ms. Saunders. Who is a veteran.
    Mr. Connolly. Who is a veteran. Served this country.
    I think all of us know the stories of sort of the unwitting 
compliance--unwitting in that people are sometimes too trusting 
or don't have their guards up. And none of us want to sort of 
become, you know, jaundiced and cynical as a society, but, on 
the other hand, trying to help folks who maybe are more 
vulnerable to those kinds of schemes and threats and 
manipulation.
    And I mentioned that the best estimate we had was that 
elder crime in this kind of category was $36 billion a year. 
Sound right to you?
    Ms. Saunders. I have heard that number, yes.
    Mr. Connolly. So do you want to expand just a little bit in 
terms of why senior citizens are maybe more vulnerable than 
some others in society and more susceptible to this kind of 
consumer fraud?
    Ms. Saunders. Right. Well, seniors, you know, are often 
more trusting. You know, those of us here in Washington tend to 
be very cynical, but they do tend to be more trusting----
    Mr. Connolly. Not on this committee, Ms. Saunders.
    Ms. Saunders. Okay.
    Mr. Connolly. Yeah.
    Ms. Saunders. They are often lonely, and somebody who calls 
them on the phone and is friendly and talks to them, you know, 
can be very persuasive.
    I have an uncle who was subject to a romance scam, and I 
could not convince him that this woman, who--he was so lonely, 
and this younger woman befriended him. I could not convince him 
that, even after he wrote $30,000 worth of checks to her, that 
she was a scammer. I could not convince him to go to the 
police. He was later subject to identity theft as part of the 
same, you know, problem.
    Mr. Connolly. Yeah.
    Ms. Saunders. And, you know, I had to go to a number of 
banks who were innocent, you know, who had fraudulent accounts 
created there, but I had to enlist their help.
    Mr. Connolly. To what extent are some of these fraudsters 
offshore, overseas? And does that complicate our ability to 
regulate that?
    Ms. Saunders. It does. I mean, they are often in boiler 
rooms offshore, and sometimes the money is moved offshore. That 
is why our anti-money-laundering laws and know-your-customer 
rules are especially important, to stop this kind of fraud and 
other movements of money overseas.
    Mr. Connolly. Yeah. I think that is really important to 
note, as well. Because I know of one, in particular, 
headquartered in the Caribbean, and that scheme was to call you 
up and say, you've won the lottery, the Jamaican lottery or 
whatever lottery, and all you have to do is send us, you know, 
your credit card number and $200 for processing and you're 
going to be rich. And I couldn't believe how many people, 
unfortunately, were prey to that scheme. So that is a whole 
different dimension.
    Thank you, Mr. Chairman.
    Mr. Meadows. The gentleman from Kentucky is recognized, Mr. 
Massie.
    Mr. Massie. Thank you, Mr. Chairman.
    Mr. Smith, in 2011, FDIC Quarterly Journal published a list 
of 30 merchant categories that were high-risk endeavors. Among 
these categories included what I consider to be very legitimate 
commerce: ammunition sales, firearms sales, pharmaceutical 
sales, surveillance equipment, and tobacco sales.
    Does the FTC use this list or does the FTC have their own 
list of high-risk categories? And is that publicly available?
    Mr. Smith. We don't target our--we don't have a list of 
high-risk merchants. We don't target our enforcement activity 
based on high-risk merchants.
    I will tell you, in all of the cases that we have brought 
that we outlined here, the fraud cases where there have been 
payment processors involved, involved telemarketing boiler 
rooms essentially, you know, real hardened scams, situations 
where merchants were debiting consumers' accounts without even 
any authorization.
    Mr. Massie. Okay. I just want to make sure you weren't 
targeting firearms sales, ammunition sales, pharmaceutical 
sales----
    Mr. Smith. No. None of our cases have been brought 
against----
    Mr. Massie. I am not talking about cases that have been 
brought but the things that are initiated in the way you look 
for cases.
    Mr. Smith. Right. We don't--okay. So, in terms of case 
targeting, we look at things like consumer complaints, 
consumers who have been defrauded. We conduct consumer surveys 
to determine whether or not there are companies that are 
engaged essentially in deceptive conduct.
    Mr. Massie. Okay.
    Mr. Smith. So that's our guide.
    Mr. Massie. So when you think you've found it, do you have 
a standard formula to fine or penalize the processing 
companies, or do you just sort of ad hoc make it up as you go?
    Mr. Smith. Well, we are looking for complicit--evidence 
that these processors were complicit in the underlying fraud. 
And, typically, what we--well, in fact, in every case that I 
reviewed in preparing for this testimony, every case, we have a 
situation where the payment processor was actively hiding the 
misconduct from its banking partner and----
    Mr. Massie. Right, right. But I'm assuming you've found 
somebody who's guilty of something. Do you have a standard 
formula for the penalty?
    Mr. Smith. So, with respect to the underlying merchant, we 
look for unfair----
    Mr. Massie. Or the processor.
    Mr. Smith. Okay. So our cases, we start with the underlying 
merchant, and we typically, you know, prove up or allege fraud, 
get a settlement sometimes with that merchant. So real fraud, 
deceptive conduct that hurts consumers.
    And then we follow the money. And in those couple of cases 
where we've thought that the payment processor went, sort of, 
beyond the pale--I mean, we're not pushing the envelope here. 
We're talking about really bad conduct by payment processors. 
In those cases, we've brought action.
    Mr. Massie. But my question is, is there a standard policy 
that guides when you're going to do that or what the penalty is 
going to be?
    Mr. Smith. We don't have a written----
    Mr. Massie. Okay.
    Mr. Smith. --policy for when we bring an action.
    Mr. Massie. My next question is, I heard you say, I think--
and this is encouraging--that you acknowledge that the civil 
investigative demands are a burden on the merchant. Is that----
    Mr. Smith. On all third-party recipients. So the payment 
processors aren't unique in this regard or uniquely burdened. 
But any company, we routinely in the course of our 
investigations--and this is true for all law enforcement 
agencies, State, Federal, local--we will have to seek 
information from third parties unconnected from the fraud. And 
responding to that compulsory process is going to be expensive, 
and we understand that and appreciate it and do our best to----
    Mr. Massie. So it's almost like a tax, this added 
regulatory compliance. So, given that, I think it's important 
to know how many of these CIDs have been initiated. Can you 
tell us--I think Mr. Oxman has alluded to an increased amount 
or activity of CIDs. Can you give us the number of CIDs?
    Mr. Smith. I don't have the number of third-party CIDs that 
we've----
    Mr. Massie. Are they going up or down or----
    Mr. Smith. My guess is that they're going to be flat, 
because I think that our enforcement activity is generally, you 
know, a fairly steady pace. So, as an example, if you just look 
at cases----
    Mr. Massie. Instead of guessing, could you just give us 
those numbers, like, how many CIDs? Could you give us that 
later? I'm not asking for it today.
    Mr. Smith. Yes. I'll ask the staff if we can get those 
numbers.
    Mr. Massie. Thank you.
    I've got one last question in the last 30 seconds. I'm glad 
to hear that you recovered money for people who have been 
defrauded. But can you guarantee us that all the assets that 
are seized by the FTC go to victims or consumers, that none of 
it gets diverted to other things?
    Mr. Smith. Well, there are severe legal limitations on our 
ability to divert money. There's a----
    Mr. Massie. So it never happens?
    Mr. Smith. So there are cases where are administering a 
redress program and there is money left over. And, in those 
cases, sometimes----
    Mr. Massie. So you've remunerated all of the victims and 
they've all become whole and you've got money left over?
    Mr. Smith. Sometimes, because not every victim----
    Mr. Massie. Every victim has always been compensated?
    Mr. Smith. We can't always find every victim. But what I'm 
talking about here is a small amount of money, typically, in 
the tens of thousands, and we disgorge that to the Treasury 
Department.
    Mr. Massie. So you can----
    Mr. Smith. Because it's very difficult----
    Mr. Massie. Do you know what they do with it? Just goes 
back into the general----
    Mr. Smith. It goes into the general fund.
    Mr. Massie. So it's not diverted to any type of projects or 
anything?
    Mr. Smith. We're prohibited from that. I think it's called 
the Miscellaneous Receipts Act. And we're prohibited from using 
money that we recover for consumers for our own purposes.
    Mr. Massie. All right.
    My time has expired. Thank you, Mr. Chairman.
    Mr. Meadows. I thank the gentleman for his insightful 
questions.
    The gentleman from Kentucky, Mr. Comer, is recognized.
    Mr. Comer. Thank you, Mr. Chairman.
    I have two questions for Mr. Smith.
    First of all, has the Federal Trade Commission performed 
any studies or research on whether holding processors 
responsible for all alleged harm caused by a merchant will 
result in higher processing costs for merchants and ultimately 
consumers?
    Mr. Smith. Well, so, first, I disagree with the premise 
that we're holding all processors liable for all fraud. We're 
bringing, as we said a couple of times, very few cases here. 
But in answer to your question, no, we haven't conduct a study.
    Mr. Comer. Does the FTC have a standard approach to 
settlements?
    Mr. Smith. To settlement with payment processors?
    Mr. Comer. To settlements.
    Mr. Smith. To settlement.
    Mr. Comer. Yes.
    Mr. Smith. So most of the cases that we bring we settle, 
particularly in the fraud area. In some cases, the bad guys 
don't show up for court, and so we get a default judgment. And 
in the course of following the money to try to return money to 
consumers, if we go to a payment processor, then most of those 
cases are settled too. Of the however many that I mentioned, I 
think four have been litigated.
    Mr. Comer. What are ways in which the FTC can improve its 
tactics to be less burdensome to law-abiding and legitimate 
businesses?
    Mr. Smith. Well, last year, the Commission undertook an 
effort to streamline its CID process, and we've heard back from 
industry that that's helpful. Of course, more always needs to 
be done, and we are, you know, open to additional suggestions 
about how to streamline the process.
    Then the other aspect of that would just be to send fewer 
third-party CIDs and try to get information from the targets 
themselves. We sometimes have difficulty doing that because the 
investigation is confidential or because the targets aren't 
forthcoming, so we have to go to third parties. But we 
appreciate that this imposes a burden on businesses, and we are 
always looking for ways to lessen that burden.
    Having said that, we badly need this information for our 
law enforcement program. We badly need information from third 
parties, whether it's payment processors, banks, telephone 
companies, internet registrars, other folks who provide 
services to the companies that are defrauding consumers.
    Mr. Comer. Thank you, Mr. Chairman. I yield back.
    Mr. Meadows. I thank the gentleman.
    The chair recognizes himself for a series of questions.
    Ms. Saunders, listen, I think all of us up here want to 
make sure that consumers are protected. And the horrible 
stories you hear--actually, I've been one that--you know, it's 
interesting because occasionally I get these phone calls where 
I've won unbelievable amounts of money, and they just want me 
to call back, and so I do. And it's very interesting when we 
have these dialogues with a Member of Congress. And so I've 
called the FTC. So we want to protect it. And so I want to say 
thank you for being an advocate for those consumers.
    But there is an equal protection that has a concern, as a 
business guy, as a small-business guy. And, Mr. Smith, you've 
talked about only bringing a few small actions. But is it not 
true that you many times will freeze assets and force companies 
to settle without ever bringing them to trial?
    Mr. Smith. So I think you're talking here about the issue--
--
    Mr. Meadows. Well, you cast a wide net--so you get a 
complaint. You cast a very wide net. And, literally, you freeze 
their assets, so they don't have the ability to actually endure 
long-term. Because you don't bring the case--actually, you 
don't ever bring the case, but they holler, ``Olly, olly, oxen 
free, please let me go''----
    Mr. Smith. Right.
    Mr. Meadows. --and so they settle the case.
    Mr. Smith. We don't have the ability to freeze assets 
without a court order. So here is how an asset freeze would 
work. And typically we would----
    Mr. Meadows. Yeah, but the power of the FTC is well-known. 
And so you get a court order, and you cast a very wide net. Do 
you not cast a wide net?
    Mr. Smith. So we get a court order against a bad guy----
    Mr. Meadows. Right.
    Mr. Smith. --a temporary restraining order----
    Mr. Meadows. And everybody that touches the bad guy.
    Mr. Smith. --and a receiver-appointed--no. The money of the 
bad guy, right? So we find the bad guy's accounts--or, more 
appropriately, the receiver finds the bad guy's accounts and 
freezes them. It is the receiver's job, who is appointed by the 
court.
    And within those accounts, when those accounts are held by 
other people, then what the law says is that a constructive 
trust is established over that money because it's money that is 
being held for the merchant by its service providers. And so 
the receiver may reach out to those other accounts that are 
being held on behalf of the merchant by others.
    Mr. Meadows. So, Mr. Oxman, maybe help clarify my question, 
so Mr. Smith can understand it a little bit better.
    Mr. Oxman. Yeah. Thanks, Mr. Chairman.
    So this enforcement strategy that Mr. Smith calls ``follow 
the money,'' here's how it works. So they'll go after a 
legitimate fraudster. And, as you noted, Mr. Chairman, it's 
very important that they do so. It's an important law 
enforcement function.
    Once they've established a case against the fraudster or 
bad merchant, they then turn their sights on the payment 
processor and say: Okay, you processed $40 million in 
transactions for this merchant. They were bad, so we're going 
to go after $40 million of your money.
    And the processor says: Well, wait a minute, I only made 
$5,000 off that, you know, less than a penny on the dollar from 
that transaction.
    And the FTC says: Well, no, you processed that money for 
them, and you have a reserve account--which, by the way, is a 
reserve account----
    Mr. Meadows. To pay this.
    Mr. Oxman. --to pay consumers.
    Mr. Meadows. Right.
    Mr. Oxman. ``Charge-backs'' they're called.
    Mr. Meadows. Right.
    Mr. Oxman. And instead of allowing the processor to take 
those funds and reimburse consumers, the FTC says or directs a 
receiver to say: No, we're going seize that money, we're going 
to use it.
    That is the ``follow the money'' strategy. And, as you've 
noted, Mr. Chairman, that strategy punishes processors who 
weren't even implicated in the process at all. It's like 
holding a cash register responsible for taking money and going 
after the manufacturer of the cash register, or holding AT&T 
responsible if you and I have a phone call plotting a crime.
    Going after the processor might seem easy because that's 
where the money is. But when you're following the money to a 
party that had nothing to do with the fraud, that's where the 
problem comes. And that's where the issue of payment 
processors, you know, having to shut off merchants unfairly, 
having to raise their prices because of this FTC enforcement 
strategy.
    So what we would like to see the FTC do is follow the money 
to the fraudster, don't bring in innocent parties like payment 
processors and hold them financially responsible essentially as 
an insurer for bad merchant behavior.
    Mr. Smith. This is not----
    Ms. Saunders. Could I respond?
    Mr. Smith. --an issue of holding payment processors liable 
for the full amount of the fraud. This is an issue of 
marshaling the assets of the fraudster and freezing them. So 
these reserve accounts are----
    Mr. Meadows. So you're saying what he just said, freezing 
the $40 million in his example----
    Mr. Smith. We're not freezing $40 million.
    Mr. Meadows. Well, hold on.
    Mr. Smith. Reserve accounts don't have the full amount of 
the fraud in them. The reserve accounts have whatever the 
payments that the merchants or the processors----
    Mr. Meadows. So are you saying there's not enough money in 
the reserve accounts to pay the consumers? Is that your sworn 
testimony here today?
    Mr. Smith. What I'm saying is----
    Mr. Meadows. No, I--yes or no, is there enough money in the 
reserve accounts, like Mr. Oxman said, if you had the reserve 
account, that would actually go to her father or whomever if it 
was done improperly, is there enough money in the reserve 
accounts----
    Mr. Smith. There's never enough money in the reserve 
accounts because it represents a fraction of the fraud. It's 
just whatever money the payment processor is holding back for 
the last 60, 90, 180 days, whatever the contract is between the 
payment processor and the merchant.
    Mr. Meadows. Okay. So why, then, if it's frozen, why would 
you freeze that?
    Mr. Smith. We would freeze it----
    Mr. Meadows. Freeze the reserves.
    Mr. Smith. We would freeze the reserve account so that we 
can marshal all of the assets of the fraudster and make as 
close to full recompense as we can to all of the customers.
    Mr. Meadows. So let's assume that you're following the 
money and the FTC follows the money and you freeze the assets. 
What happens when they're innocent?
    Mr. Smith. Well, we're not freezing the assets of anyone 
who's innocent. We're freezing the assets of the fraudster that 
are being held----
    Mr. Meadows. So how do you know that they're guilty?
    Mr. Smith. I'm sorry?
    Mr. Meadows. How do you know that they're guilty?
    Mr. Smith. Because a court has entered a temporary 
restraining order----
    Mr. Meadows. You've got a court order. That's different 
than having an actual case.
    Mr. Smith. Well, no, we have to make a strong showing to 
the court--look, a TRO, an asset freeze----
    Mr. Meadows. Right. Okay.
    Mr. Smith. --the appointment of a receiver, these are 
extraordinary remedies, and courts don't enter them lightly. We 
go into court without giving an opportunity for the other side 
to respond because the fear is that, if we do, the money, the 
evidence, the people will be----
    Mr. Meadows. Gotcha. Okay. That makes sense. That makes 
sense.
    So here's what I would ask of you, Mr. Smith, because 
you've got a long career not just in your new job but at the 
FTC, and, actually, I have found the people of the FTC to be 
very capable Federal servants. I mean, they actually are a 
great group. I actually, when I was a freshman, had a hearing 
with the FTC and found the engagement to be delightful.
    Here is the concern that we're hearing. So, just as awful 
as some of those stories that Ms. Saunders has shared with us, 
we're hearing some stories from people who believe that they've 
had a disproportionate amount of attention based on through no 
fault of their own. And so it'd be like me processing 
something, and all of a sudden I find that I processed, through 
millions of different people, I had one bad actor, and then all 
of a sudden my entire business operation gets constrained. And 
we've got to find a way to deal with that too.
    Because what happens--and whether it's additional reserves, 
whether it's actually looking at a more targeted approach. 
Because if we're not dealing with that, Mr. Smith, what we're 
doing is we're having a chilling effect on a number of 
different small businesses. And as a small-business guy, that's 
something that I'm not going to stand for.
    And so I can tell by the way you're nodding that you're 
willing to help us work through this. This is not my issue. 
This is not one that, honestly, when I heard about it 
originally, I said, well, how could that be going on? If you're 
willing to come in and brief, you know, our staff or me 
personally, I am willing to look at that.
    And I think, as a small-business guy, hopefully what I can 
do is help mediate the distance between Mr. Oxman, Ms. 
Saunders, and you, Mr. Smith, where we can come together and 
say, well, this is some good policy that we can change, and 
figure out what part is legislative and what part of it is 
administrative. Does that sound fair?
    Mr. Smith. Yes.
    And I would add that, in most instances where we're talking 
about reserve accounts, that there is some sort of an 
accommodation that's agreed to by the parties. The ultimate 
issue over whether the receiver owns the reserve accounts is 
one for the court, but it doesn't usually get there, and we're 
able to reach some sort of an accommodation.
    Mr. Meadows. So let me tell you what you may be getting a 
little bit of side benefit. Obviously, Operation Chokepoint was 
an issue that had a political agenda in some shape or fashion. 
The other part that you're getting from me is seeing the FDIC 
do similar things when it comes to banking regulations and what 
they do. And so you may be getting a little bit of spillover, 
because I have seen the long arm of the FDIC, at times, do 
things that have an unbelievable chilling effect, that make 
absolutely no business sense whatsoever, in the name of 
protecting consumers.
    And so I want to be fair to you. And so if--I see some of 
your staff nodding that they're willing to come in, so I assume 
that you're willing to bring your staff in to help, where we 
can work through that.
    And, Mr. Oxman, I would ask you to give me a few more 
examples.
    Ms. Saunders, if you will do the same from a consumer 
standpoint.
    Hopefully, we can come together and we can fix this without 
another hearing. How about that? Does that sound good?
    Mr. Smith. We'd be happy to work with your staff.
    Mr. Meadows. All right.
    So, with that, I'd like to thank all of you for appearing 
today.
    I think they're--well, they did call votes, and so 
hopefully I'll make it.
    The hearing record will remain open for the next 2 weeks 
for any member who wants to submit an opening statement or 
questions.
    So you may get followup questions from some of the those 
members.
    Mr. Meadows. And if there's no further business before the 
subcommittee, it stands adjourned.
    [Whereupon, at 11:39 a.m., the subcommittees were 
adjourned.]