In this episode of the COMPLY Podcast, we’re joined by Sandhya Brown, Assistant Director in the Division of Financial Practices at the Federal Trade Commission as she shares her perspective on what the Commission has been up to and what financial service providers should keep in mind in terms of compliance and consumer protection.
Discussion points include:
- The two-sided risk of AI and compliance
- Her insights on a couple of FTC cases involving lead generation
- Updates on FTC rulemaking and new guides
Show Notes:
- Marketing Compliance and Enforcement Actions Quarterly Review: https://content.performline.com/marketing-compliance-enforcement-action-quarterly-review-gate
- Insights from Marketing Compliance Enforcement Actions in Q1 2024: https://performline.com/blog-post/insights-from-marketing-compliance-enforcement-actions-q1-2024/
- Sandhya Brown of the FTC on Dark Patterns: https://performline.com/blog-post/episode-27-sandhya-brown-of-the-ftc/
Subscribe to COMPLY: The Marketing Compliance Podcast
About COMPLY: The Marketing Compliance Podcast
The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY Podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level.
Episode Transcript:
Rhonda:
Hey there COMPLY Podcast listeners and welcome to this week’s episode. This week we’re going to hear from Sandhya Brown, Assistant Director in the Division of Financial Protections at the FTC. Sandhya is one of our most requested speakers at our client workshops and was this years keynote speaker where she shared her perspective on what’s been happening at the FTC, as well as some of her thoughts on considerations that compliance professionals in the financial marketplace should keep in mind as it applies to consumer protection. Listen as she discusses the two-sided risk of AI, her insights on a couple of FTC cases involving lead generation and updates on FTC rule-making and guides. So, without any further delay, let’s get into this week’s COMPLY Podcast!
Sandhya Brown:
Hello, everyone. My name is Sandy Brown, and I’m an Assistant Director in the Division of Financial Practices at the FTC. I work on and supervise a range of consumer protection matters in the financial services space. I’m looking forward to sharing my perspective on what the FTC has been up to and what lenders and others in the financial marketplace should keep in mind in terms of compliance and consumer protection. Before getting into the substance, I want to note that everything I say today reflects only my own thoughts and opinions. I’m not speaking on behalf of the Commission or any individual commissioner or the Bureau of Consumer Protection.
I plan to focus my discussion today on a few specific items. First, I’ll talk about AI and the two-sided risk it presents when it comes to compliance. Second, I’ll get into a couple of interesting FTC cases in the lead generation space. Finally, I’ll give you an update on some relevant FTC rulemakings and guides.
First, the two sides of the AI coin. What are the two sides? On one side are the risks of falsely touting AI features of products and services. On the other side are the risks of using AI in ways that could harm consumers. Starting with the first side, FinTech companies, like those across the commercial spectrum, seem eager to show off that they’re leveraging AI technology to innovate. For example, claiming to offer AI-tailored products or better customer service tools guided by AI. It’s all well and good if it’s true, but when the AI features being touted are non-existent and the company is just riding a wave of hype around AI with nothing to back up its claims, then it’s a problem. Our recent complaint allegations against an online cash advance company, Float Me, involve this as well as some other unlawful practices that I’m about to describe.
Float Me operates a mobile app for very small short-term cash advances called floats. In exchange for a $1.99 monthly subscription fee, customers can get a cash float that would be automatically debited from their bank account on their next payday. Float Me advertised that consumers could “get up to $50 instantly” when they subscribed and that they could “cancel anytime.” But what we allege in our case against Float Me was that almost no one got the promised $50. In fact, the complaint notes that only 5% of Float Me customers even got more than $20. When customers contacted Float Me to request a larger cash advance, the company would tell them that their advance limit could be increased by an algorithm over time, but we charged that there was no algorithm. In fact, one company supervisor admitted in an internal email that the claim was a lie. Instead of an algorithm, the float limit could only be changed through a complicated series of steps that required manual intervention that rarely happened. The case also involved dark patterns, which I discussed with you last year, and we allege that the company employed dark patterns to prevent people from canceling. We ultimately charged the company with violations of the FTC Act, ROSCA, and ECOA for illegal discrimination. But on the AI piece, one of the main takeaways here is to steer clear of hype around AI or any technology innovation unless you are actually deploying it the way you claim.
That leads me to the flip side of the coin: using AI to commit potential law violations. I mentioned ECOA a moment ago. That’s the Equal Credit Opportunity Act, and in the context of ECOA, there’s a use of AI to be particularly cautious about in the lending space specifically, and that’s the use of AI in creditworthiness determinations, which could implicate both ECOA and the FTC Act. For any FinTechs out there that want to deploy AI as part of your lending funnel, carefully consider the algorithmic inputs and outputs. If a model incorporates factors related to race or ethnicity or potential proxies for race or ethnicity, it could be a problem under ECOA. It’s also important to test any algorithmic models both before use and after to make sure creditworthiness determinations don’t result in unlawful discriminatory outcomes.
The last point I’ll make on AI is its potential to harm consumers, particularly through the use of dark patterns that violate the law, a topic I spoke to you all about last year. This could happen in any number of ways. For example, one anticipated widespread use of AI is for coding. AI could fast-track the creation of a variety of web interfaces and allow for easy experimentation and ultimately possibly reliance on web design features that trick, confuse, or trap people into unwanted transactions. AI could also be used to quickly and easily create content geared towards specific groups of consumers or even individual consumers. For example, AI might be used to create ads that make false claims tailored to individual consumer searches, or to make fake user profiles, fake posts, or fake reviews. Companies may use AI to generate chatbot responses, and those responses may include false or misleading information or thwart consumers’ attempts to cancel services. Hitting on a topic that’s been prominent in the news of late, the FTC has issued multiple warnings about potential misuses of AI, including around voice cloning. The bottom line is that it’s important to evaluate the risks on both sides of the coin and ensure compliance when either touting or deploying AI.
The second topic I wanted to talk about is misconduct through partners in the lead generation ecosystem. The FTC has reminded companies time and again that creating complex partner relationships to draw in consumers and generate leads will not shield anyone from liability, whether you’re the lead generator, the seller, or anyone in between. Everyone in the lead generation pipeline is responsible for compliance. There are a couple of FTC cases I want to talk about on this topic. First, the FTC won summary judgment in our litigation against lead generator Day Pacer, which also went by the name EduTrek. Day Pacer is a lead generator and telemarketer. The court found that it made calls to consumers on the Do Not Call registry to pitch for-profit schools but did not obtain consent for those calls. The court also found the company liable for assisting in facilitating its partner’s calls to consumers on the Do Not Call list.
The Telemarketing Sales Rule (TSR) prohibits calls to consumers on the Do Not Call list unless there is either an existing business relationship or consent to be called on behalf of the specific seller of the product or service. Whenever a company is making calls to consumers or using a lead generator to make calls, it should make sure to be compliant with the TSR. In this case, Day Pacer got its leads from sites claiming to provide jobs, unemployment benefits, and public assistance. Consumers would type in their personal details for additional information about those things and instead get calls from telemarketers for schools. We just obtained a $28 million civil penalty judgment against the defendants in that case. The lesson here is that the FTC is focused on anyone in the lead generation pipeline where there is deceptive or otherwise unlawful conduct going on.
That’s also the lesson in the next set of cases I’m going to talk about: cases we brought against Benefit and Simple Health. We allege that a company called Benefit (B-E-N-E-F-Y-T-T) targeted consumers looking for health insurance by touting the Affordable Care Act and Obamacare in their marketing materials but then duped people into buying their substandard medical discount plans instead of actual health insurance. Many consumers didn’t learn they’d been duped until they needed health insurance coverage and didn’t have it. We allege that Benefit and its executives knew for years that their lead generators’ references to ACA or Obamacare consistently confused consumers about what they were selling. For example, a Benefit compliance executive noted that the company’s top issue across distributors was that people wrongly thought this was Obamacare. An internal email showed a Benefit sales manager questioning the use of leads from www.obamacareplans.com and similar sites and warned that it was very misleading.
One of Benefit’s largest distributors was a company called Simple Health. We alleged in the case against Benefit that its vice president not only knew about Simple Health’s deceptive telemarketing scripts but that she helped make the scripts more confusing by shortening and burying information about what types of medical plans consumers were actually getting. We alleged that at one point, when another compliance executive at Benefit told Simple Health that Benefit would begin conducting more compliance checks, the Benefit vice president ran interference to prevent any real compliance oversight from happening. Benefit made so much money off of this operation that it paid Simple Health $187 million in commissions and performance bonuses. It also paid Simple Health’s legal fees related to at least one state regulatory investigation. That relationship between Benefit and its distributor Simple Health continued until the FTC sued Simple Health. We later also sued Benefit and its executives for violations of the FTC Act, TSR, and ROSCA. Ultimately, we obtained $100 million in redress for victims and an order that requires Benefit to monitor their distributors, specifically to review websites, call scripts, and call recordings, to promptly investigate complaints, and to promptly terminate and stop paying anyone who violates the requirements of the order. The lesson from these cases is you can’t turn a blind eye to your partner’s misconduct, and you should vet and monitor the groups you work with.
Finally, I want to give you the latest on some of the FTC’s rules and guides. I’m going to talk about the impersonation rule that was recently finalized, our updated endorsement guides, and two proposed rulemakings that are underway: one on junk fees and the other known as click-to-cancel. First, the impersonation rule, which was finalized earlier this year. This rule prohibits using government seals or business logos when communicating with consumers by mail or online. It prohibits spoofing government and business emails and web addresses, including spoofing .gov email addresses or using lookalike email addresses or websites that rely on misspellings of a company’s name. It prohibits falsely implying government or business affiliation by using terms that are known to be affiliated with a government agency or business. For example, stating “I’m calling from the clerk’s office” to falsely imply affiliation with a court of law. These
types of practices have unfortunately been in heavy use among unscrupulous lead generators and marketers, and while they’ve always been unlawful, with this new rule in place, violators will be subject to monetary penalties and redress for victims.
Second, I want to note that we updated our endorsement guides. This is our guidance for how to stay on the right side of the line when marketing through influencers or other third parties that appear to the public to be independent, including consumers. The revised endorsement guides include a lot of updates that I highly recommend checking out directly. For example, the guides address suppressing, boosting, or editing consumer reviews. They address incentivized reviews, reviews by employees, and fake negative reviews of competitors. They address virtual influencers and tags on social media. They define what it means for a disclosure to be clear and conspicuous, and they highlight the special concerns around endorsements in the context of child-directed advertising. The FTC has put together a number of really useful publications to walk you through the details when it comes to endorsements, all of which are available on our website. There are answers to frequently asked questions. There’s a Disclosure 101 for social media influencers and another publication called Soliciting and Paying for Online Reviews. Please check these out if this is a component of your marketing.
Third, I want to talk about the proposed junk fees rule. As proposed, the rule would prohibit two types of fees that are pervasive across industries. First, it would prohibit hidden fees, where businesses advertise lower prices and then add on mandatory fees that can significantly inflate the price that consumers have to pay at checkout. Second, it would also prohibit misleading and bogus fees that don’t inform consumers about what they’re paying for exactly or leave consumers to believe they’re paying for something other than what the fees are actually for. I want to say a little more about the proposed hidden fee prohibition. This is meant to address the practice of burying fees entirely or “drip pricing.” That’s where fees are disclosed only late in a transaction after the consumer has invested time in the selection and price comparison process. The proposed rule would prohibit displaying a teaser price without also clearly and conspicuously disclosing the total price. The total price must include all mandatory charges; only government charges and shipping can be excluded. The total price must be displayed more prominently than any other pricing information. The comment period on this proposed rule closed last year, and we just recently held an open public hearing in the wake of receiving comments, so stay tuned for a possible final rule.
Lastly, I want to flag the proposed click-to-cancel rule. This one is aimed at rescuing consumers from the seemingly never-ending struggle to cancel unwanted subscriptions. It would prohibit designing cancellation as a sort of maze or endless loop to steer consumers away from what they’re trying to do. The gist of the proposed rule is that there has to be a simple cancellation mechanism for consumers to immediately halt recurring charges. The mechanism has to be at least as simple as the one used to sign up for the service, and it has to be through the same medium that the consumer used to sign up, whether that’s through the internet, telephone, mail, in person, or something else. For the internet, the mechanism must be accessible on the same website or app that was used for signup, and for the phone, all calls have to be answered during normal business hours. The comment period for this one also closed last year, and it too had an open public hearing in the wake of comments. So again, stay tuned for a potential final rule there as well.
That concludes my remarks for today. I appreciate you giving me your time. Thank you.
Rhonda:
I hope that you enjoy hearing this weeks podcast and took away some great insights that you can put into action to safeguard your organization. As always, you can always find the latest content on all things marketing compliance by heading over to performline.com/resources. And for the most up-to-date pieces of industry news, events, and content be sure to follow PerformLine on LinkedIn. Thanks again for listening, and we look forward to seeing you next time!
Gianna Kennedy 
