loan programs

FTC investigation: how to react

The Federal Trade Commission (FTC) is a federal agency responsible for promoting and enforcing consumer protection laws as well as fair competition in the markets. When they suspect an individual or organization has violated a federal regulation under their jurisdiction, they will initiate an FTC investigation to determine if civil or criminal charges are appropriate.

Finding out that the FTC has opened an investigation can cause panic. Their regulations are incredibly complex. Without in-depth knowledge of how these investigations are conducted, how to limit their scope, available defenses and what is at stake, being informed of an ongoing investigation can unsettle even the most vulnerable companies. more efficient and better intentioned.

So any party subject to FTC regulations should take the time to understand the process and what they can do to protect themselves and their business. You can consult the FTC’s good defense attorneys for a better understanding, but below is a discussion of the FTC’s investigative process and what subjects of an investigation can do to increase their chances of effectively resolve the investigation as quickly as possible without further scrutiny. from the investigators.

Understand the Nature of the FTC’s Investigation

FTC investigations usually begin informally. This is usually triggered by a complaint from an unhappy customer or former employee.

In some cases, another federal agency, such as the Federal Bureau of Investigation (FBI), passes information to the FTC, triggering an investigation. However, in recent years, the organization has begun to take a closer look at certain industries. So, in some cases, they may open an informal investigation just because an organization operates in a particular industry.

During an informal investigation, the FTC reviews publicly available information. An investigator can contact a company directly through a letter of access, requesting voluntary cooperation.

Letters of Access are not enforceable; however, by denying their request for information, the FTC may have no choice but to initiate a formal investigation. On the other hand, if they are satisfied with what the company offers, that may be the end of the process. In most cases, however, the FTC will find something potentially concerning and initiate a formal investigation.

In an official FTC investigation, they use target letters, civil investigative requests, and subpoenas to obtain business and financial records. Here are some examples of the types of information they may request as part of a formal investigation:

They can also ask to speak to certain people in the company who are familiar with its data security practices.

In some cases, the FTC will contact third parties such as the target company’s suppliers, banks, competitors, or customers, asking for their assistance in an investigation.

One of the main means used by the FTC to obtain this information is the request for civil inquiry (CDI). It is a “legal document enforceable in court that requests documents or other information related to an FTC investigation.”

Since CIDs are used for administrative enforcement, they are not subject to court approval and there are very few ways to challenge a CID. Thus, those who receive a CID are often placed in the unenviable position of being required to provide an extraordinary amount of information without having any knowledge of the underlying investigation.

The FTC is not required to notify a company of the nature of the investigation or that an investigation has been initiated. However, although they are tasked with investigating an enormous number of potential violations and there is no way of knowing the specific regulations a company is alleged to have violated, most FTC investigations involve the following:

  • Unfair, deceptive and fraudulent commercial practices,

  • identity theft,

  • Privacy and security of consumer data,

  • Anticompetitive mergers and acquisitions, and

  • Antitrust Violations

Whether a company receives a Letter of Access or a CID, the first step is to determine what they are looking for and whether compliance is mandatory. It is important to remember that just because an organization receives a Letter of Access or CID does not necessarily mean that it is suspected of wrongdoing; the FTC may simply seek information relating to another unrelated investigation. That said, even in these situations, a company’s response is critical, as one misstep could expose the company to additional regulatory scrutiny.

If the FTC issues a CID alleging that the receiving company has violated a federal regulation, the CID will contain information about the nature of the violation. The FTC encourages companies to contact them with any questions about a CID; however, it is usually the safer alternative to first speak with an experienced civil investigation attorney about the nature of CID and its requirements.

Preparing a response to the FTC

When the FTC issues a CID, it asks the recipient to provide investigators with certain information about the company’s operations. The CID will often indicate that the recipient must schedule what it calls a “meet and conference” within 14 days.

A “meet and conference” can take place over the phone or in person, and the choice is left to the company receiving the CID.

Upon receipt of a CID, an organization must retain all data and documents potentially covered by it. Thus, companies under investigation by the FTC should issue a litigation hold and contact the organization’s IT department to temporarily suspend any system maintenance that might purge important information.

In limited situations, an organization can challenge the CID. This is formally called “cancellation”. However, there are strict limits on deposit disputes.

Challenges are initially considered at the agency level, and given the FTC’s broad investigative authority, federal courts respect agency-level decisions regarding CID ownership. So, although rare, cancellation may be an option in some situations.

In the event that a CID has been correctly issued, compliance is mandatory. However, the FTC allows an organization to have an attorney present at the “meet and conference.” In fact, some compliance and defense attorneys will attend the “meet and confer” on behalf of an organization, eliminating the need for anyone in the organization to actually attend the meeting.

During the “meet and talk,” the FTC will answer all questions and explain how all required documents must be submitted. They will consider any concerns that attorney-client privilege protects some of the information covered by the CID. However, when they issue a CID, it does not necessarily know exactly what they are looking for. Thus, the demands are often extremely broad, and the “meet and confer” is the first opportunity to limit the scope of an investigation to make compliance more manageable.

Once the scope of the CID is known, the next step is to identify and prepare the documents that will be submitted to the FTC. Businesses should review every document they provide to them, ensuring that submission is required. The last thing any company wants is to provide unnecessary information to FTC investigators that could lead to further questions.

On the other hand, withholding any information covered by the CID will also raise questions. Organizations should take note of the language contained in the CID, particularly if the CID requires “all” documents or documents that are “sufficient” to respond to the FTC’s investigation.

Choosing how to proceed after receiving a CID is a critical decision. Dr. Nick Oberheiden explains:

An organization that receives a Civil Investigation Request issued by the Federal Trade Commission should proceed with caution. At the same time, companies need to remember that they have options. Perhaps the CID was issued outside of the FTC’s investigative authority? Or maybe the FTC is willing to revise the CID to make compliance less burdensome? Responding to the FTC CID is more of an art than a science, and organizations receiving a CID should not assume that they must turn over everything in their possession to the FTC without first considering all alternatives. .

Businesses that are unsure how to respond to a CID should consider contacting an FTC defense attorney to discuss how to respond or whether the CID can be challenged. Failure to comply with a valid CID may result in public liability—sometimes in the millions of dollars—as well as the possibility of criminal liability.

For many companies, few investigations are as significant as an FTC investigation, and organizations must be prepared either to challenge the CID or to best comply with its requirements.

Oberheiden PC © 2022 National Law Review, Volume XI, Number 54