CFPB SUES SPRINT FOR UDAAP VIOLATIONS INVOLVING UNAUTHORIZED THIRD-PARTY CHARGES

The Consumer Financial Protection Bureau “CFPB” and Federal Trade Commission “FTC” filed suit against the Sprint Corporation in the United States District Court Southern District of New York on December 17, 2014 alleging that Sprint illegally charged its wireless customers millions of dollars in unauthorized third-party text message fees from 2004 to December of 2013. The lawsuit Consumer Financial Protection Bureau v. Sprint Corporation can be viewed here.

Third party vendor management oversight and the Unfair Deceptive or Abusive Acts or Practices Act “UDAAP” are critical issues in this lawsuit which merit attention by any and all companies subject to the jurisdiction of the CFPB.

The CFPB/FTC complaint alleges that Sprint “unfairly charged its customers by creating a billing and payment-processing system that gave third parties virtually unfettered access to its customers’ accounts. This access allowed third parties to ‘cram’ unauthorized charges onto wireless bills.”

The lawsuits states that Sprint automatically enrolled its wireless customers in its third party billing system without the consumers knowledge or consent and in many cases the consumers were unaware of the unauthorized charges. “Sprint continued to operate its flawed system despite numerous red flags, such as high refund rates and complaints from customers, law-enforcement agencies, and consumer groups.”

The Bureau and FTC said that Sprint profited from this system because it shifted risks to its customers, who had to pay third-party charges under the company’s Terms and Conditions of Service (“Terms & Conditions”). Sprints customers suffered losses but Sprint retained 40% of the gross revenue it collected for third-party charges which totaled hundreds of millions of dollars.

The CFPB said that because Sprint extends credit to, and processes payments for, consumers in connection with goods and services that Sprint does not directly sell or that consumers do not directly purchase from Sprint that Sprint meets the definition of a “covered person” under the CFPA.

Some of the major takeaways from this lawsuit are the importance of third party vendor management oversight and UDAAP:
1. “Outsourcing compliance and billing functions to billing aggregators without adequate oversight.”
2. Sprint’s consumer complaint resolution process was unresponsive.
3. All consumer charges must be authorized by the consumer.
4. Third parties should not have access to Sprints customers and billing systems without implementing adequate compliance controls.
5. Companies should actively monitor its third parties from engaging in deceptive practices.
6. Companies should actively monitor third party advertisements and marketing techniques involving consumers.
7. Companies should have agreements in place with third parties that contain consumer protection provisions.
8. Companies must have a consumer complaint tracking management system in place.
9. The CFPB once again utilized statistical data (in this case consumer refund rates) when analyzing UDAAP and other violations.
10. Companies should not outsource their compliance or fraud-prevention functions.

Edward Wyatt a reporter with the New York Times “Agencies Investigate Unauthorized Customer Billings at Sprint” on Dec. 17, 2014 provided a good overview of the lawsuit.

Alan Zibel and Gautham Nagesh with The Wall Street Journal “U.S. Consumer Finance Regulator Sues Sprint Over Mobile-Phone Charges” on Dec. 17, 2014 also add additional information including information about a possible settlement between the FTC and Sprint over similar practices in the amount of $105 million dollars.