ISO Marketing Ensnares Sponsor Bank in Litigation: The Importance of Third-Party Compliance Monitoring

A recent federal court decision highlights the need for financial institutions and payments companies to implement strong compliance programs that include third party policies, procedures, and audits. In the case, the plaintiff filed a putative class action against an ISO and a sponsor bank. The complaint alleged that in late November 2015, the plaintiff and others similarly situated received an unsolicited fax advertisement from the ISO on behalf of the sponsor bank. The plaintiff, a podiatrist who allegedly did not have a business relationship with the ISO or the sponsor bank, argued that the fax advertisement (oftentimes known as a junk fax) violated the Telephone Consumer Protection Act (“TCPA”). The cover page of the fax indicated that it was sent by an account manager for “Merchant Services.” The sender identified itself as a bank member of the sponsor bank.

After the complaint was filed, the defendants filed a motion to dismiss, arguing lack of standing and mootness, and asserting that the plaintiff failed to state a claim. Among other grounds for dismissal, the sponsor bank argued that the plaintiff raised insufficient factual allegations in the complaint—specifically, that the content of the fax itself did not support an agency theory of liability. In particular, the sponsor bank contended that “[i]f mere references to a sponsor bank on the merchant application attached to a fax were sufficient to allege a TCPA claim against the bank, that would mean that every time a third party faxed a merchant application, the sponsoring bank would potentially be on the hook for TCPA liability merely for being identified as the processing bank associated with the underlying transaction. That would be absurd.” The ISO made a similar argument that the fax likewise did not indicate that the senders were associated with the company.

On March 16, 2017, a federal judge in Illinois denied the defendants’ motions, thus allowing the case to move forward. The court found that the fact that the ISO’s letterhead and phone number appeared on the fax together with an email address that had the same domain name as the ISO’s website and a statement that the sender was a member of the sponsor bank’s ISO/MSP network raised sufficient support for the allegation that the ISO sent the fax to survive a motion to dismiss. To the extent that the ISO wished to allege that it did not send the fax, the court found that issue to be one that could only be answered after discovery.

As to the sponsor bank, the court acknowledged that the allegations within the complaint were sparse and that the words “agency” and “agent” did not appear anywhere in the complaint, but the court did not find these factors to be dispositive. The court noted that the sponsor bank’s name appeared on the fax and pointed out that the fax advertised services performed by the sponsor bank. Further, the court noted that the fax contained a contract for services to which the sponsor bank was a necessary party. Additionally, the court explained that “the fax plainly indicates a contractual relationship” between the sponsor bank and the ISO pursuant to which the ISO may solicit and service merchant business processed by the sponsoring bank. The court rejected the sponsoring bank’s argument that references to a sponsor bank on the merchant application attached to a fax could potentially keep the sponsoring bank on the hook for TCPA liability. The court found no unfairness in a sponsoring bank being “on the hook” if a third party ISO/MSP “solicits merchant business on its behalf and fails to follow the law.” The court explained: “This is not to say that bank liability is automatic under the circumstances. The ‘on-whose-behalf’ inquiry is [a] complicated one, and is better suited to resolution at the summary judgment stage than at the pleading stage.”

At the end of the day, the court’s denial of the motion to dismiss in this case underscores the importance that financial institutions and payments companies have solid compliance programs in place, and that these programs specifically include third party policies, procedures, and audits. Whether or not the sponsor bank and the ISO eventually prevail, their failure to prevent a potentially illegal solicitation on their behalf has dragged them into protracted and expensive litigation. Indeed, the decision showcases that financial institutions and payments companies should adopt a proactive approach to avoid situations like this.