The Federal Trade Commission (FTC) is the nation’s chief of consumer protection agencies. In fulfilling its “dual mission to protect consumers and promote competition,” the FTC conducts targeted investigations on unfair or deceptive acts of consumer fraud and market practices. It also enforces the federal antitrust laws and administers and enforces dozens of other federal statutes and legal regulatory compliance programs.
The FTC has been extremely active in its Federal Trade Commission Act in recent years. It initiates dozens of enforcement actions each month—some involving administrative proceedings and some involving civil or criminal charges. The targets of its enforcement efforts range from large, publicly traded corporations accused of anti-trust violations to small businesses suspected of engaging in efforts to mislead or defraud consumers. The specific allegations targeted in its enforcement actions are similarly broad, ranging from greenwashing to engaging in “horizontal” licensing transactions that limit competition.
Recent FTC Enforcement Priorities
The FTC has identified several enforcement priorities in recent years—doing so through its rulemaking authority and its authority to enforce compliance in administrative, civil, and criminal proceedings. Here are some of the more recent examples:
Making it Difficult to Cancel Subscriptions
In October 2024, the FTC announced a new “Click-to-Cancel” rule to make it easier for consumers to cancel their subscriptions. The FTC has been targeting companies’ cancellation practices for a while. In its announcement, the FTC notes that it receives dozens of daily complaints from consumers who have trouble canceling subscriptions ranging from online streaming services to gym memberships.
The rule is set to take effect in 2025, though it will almost certainly face judicial challenges before that date. However, even without specific applicable legal regulations, companies can still face enforcement action if they engage in unfair practices designed to force consumers to pay for services or memberships they no longer want.
Extended Warranty Scams
Also, in October 2024, the FTC announced that it was sending $449,000 to consumers harmed by a telemarketing extended warranty scam. This is just one example of several recent enforcement actions targeting similar practices. In this case, the FTC alleged that the defendant company “made illegal sales calls in which it pretended to represent car dealers and manufacturers, and made false claims that its products offered ‘bumper to bumper’ protection.” The FTC often pays particular attention to scams that target vulnerable segments of the population; and, in these cases, it often seeks to impose substantial penalties to deter similar scams in the future.
Data Security Failures
Data security is a top concern for the FTC and several other state and federal administrative agencies. The FTC is the primary regulator responsible for enforcing companies’ data security obligations at the federal level. While the United States does not have an overarching federal data security statute, several federal laws and regulations establish requirements and expectations for companies in varying industries.
Recently, we have seen the FTC take action to both encourage and enforce data security compliance. In one recent case, the FTC required Marriott and Starwood Hotels to implement “a robust information security program” as part of a settlement arising from allegations that their “lax” security protocols facilitated three separate data breaches.
Emergency Scams and Price Gouging
Emergency-related scams and price gouging were some of the unfair or deceptive practices during the COVID-19 pandemic, and they have become a major concern once again in the wake of Hurricanes Helene and Milton. With forecasters predicting a steady increase in disastrous weather events in the years to come, this will likely remain a priority for the FTC.
Again, these are just examples. The FTC has numerous additional enforcement priorities, and it routinely targets companies of all sizes for all types of violations falling within its enforcement jurisdiction.
Facing an FTC Investigation
Regardless of a company’s size and the nature of the allegations against it, facing an FTC investigation is not a matter to be taken lightly. Investigations can lead to a broad range of charges, with penalties ranging from injunctive relief and civil monetary penalties (CMP) to criminal fines and imprisonment. Receiving a civil investigative demand (CID) or subpoena is many companies’ first indication that they are being targeted. However, by the time the FTC decides to issue a CID or subpoena, it has usually already gathered a substantial body of evidence, and it is necessary to respond promptly and strategically to avoid unnecessary consequences.
1. CIDs vs. Subpoenas
Civil investigative demands (CIDs) and subpoenas are very different investigative tools. While subpoenas tend to raise more alarm, the FTC has much more discretion and authority when issuing CIDs, and it can use CIDs to collect extraordinary amounts of data with only very limited judicial oversight.
A CID is considered a form of administrative subpoena. Only a handful of federal agencies have the authority to issue CIDs, of which the FTC is one. As an “administrative” tool, the FTC can issue a CID directly—unlike issuing a judicial subpoena, which requires court approval (the FTC also has the authority to require compliance with “Commission-issued” subpoenas, which fall somewhere between CIDs and judicial subpoenas).
Subpoenas can serve many of the same purposes as CIDs, and the FTC strategically uses subpoenas in appropriate circumstances. Additionally, noncompliance with CIDs and subpoenas presents similar risks, including the potential for additional enforcement action and the possibility of being held in contempt. Withholding or misrepresenting information in response to an FTC CID or subpoena can also lead to criminal charges under 18 U.S.C. Section 1001 in some cases.
In short, while CIDs and subpoenas are very different investigative tools, both require the same measured and tactful approach. Although there are grounds for challenging CIDS and judicial subpoenas during FTC investigations, these grounds are limited. FTC regulations require targets to “meet and confer” with agency personnel before filing a motion to quash; and, typically, the most companies can hope to achieve through the “meet and confer” process is to limit the scope of the demand based on relevance or information already being in the FTC’s possession.
2. Understanding the Allegations
When responding to a CID or subpoena, it is essential to have a clear understanding of the allegations at issue in the FTC’s investigation. This will inform any potential relevance-based challenges and allow for informed decision-making throughout the response process.
As noted above, due to the breadth of the FTC’s enforcement authority, the agency’s investigations can target an extremely broad range of allegations—many of which will require entirely distinct and unique defense strategies, which FTC defense lawyers can do. For example, examples of potential allegations in FTC investigations include (but are by no means limited to):
• Anti-competitive mergers and acquisitions
• Consumer credit and financing fraud
• Data security and privacy failures
• Emergency relief scams and price gouging
• False or misleading advertising claims (i.e. claiming or implying that a product has a certain quality or characteristic that it does not)
• Greenwashing, investment fraud, and other types of misrepresentations
• Unfair business practices (i.e. making it difficult to cancel subscriptions)
• Unsubstantiated advertising claims (i.e. making scientific claims of effectiveness without conducting a scientific study)
• Misuse of consumer data (including improperly collecting or selling consumer data)
• Price fixing, horizontal licensing and pricing restraints, and other antitrust violations
• Reporting and disclosure violations
3. Internally Assessing Risks
Once the FTC’s investigation's scope has been determined, the next step in defending against the inquiry is to conduct an internal assessment. What (if anything) is the FTC going to find? This is an answer you need to know, and you need to know it before the FTC has the opportunity to make an independent decision regarding potential liability without your involvement.
Generally, an internal risk assessment can be undertaken in conjunction with collecting files and records in response to an FTC subpoena or CID. In fact, as a practical matter, it will often be necessary to conduct these two tasks in tandem. However, additional steps are also involved in conducting an internal risk assessment. For example, it may be necessary to interview certain personnel, and it may be necessary to review files or records that fall outside of the scope of the FTC’s demand. In any case, the internal risk assessment should be overseen by outside law firm, as this will not only prevent bias and ensure that the assessment is sufficiently comprehensive but will also ensure that the attorney-client privilege protects the assessment.
4. Keeping the Investigation Administrative or Civil
Knowing the scope of, and risks implicated by, the FTC’s investigation, efforts to defend against the investigation can begin. A key aspect of defending against an FTC investigation involves keeping the investigation either administrative or civil in nature. Administrative FTC proceedings generally involve the least risk (although administrative penalties can still be substantial); and, in judicial cases, avoiding criminal charges ensures that prison time is off of the table.
Initiating a criminal investigation also opens up more options for the FTC. However, it presents the risk of being forced to respond to grand jury subpoenas and provide grand jury testimony to fend off an indictment. Taking a proactive approach during the investigative process can often be avoided, and it should generally be a priority.
5. Fending Off Federal Charges
Regardless of the nature of an FTC investigation, avoiding charges allows the target of the investigation to retain control over the outcome. In many cases—including cases involving serious and substantial allegations—a pre-charge resolution that protects the target entity against business-threatening liability will be possible. However, negotiating with the FTC requires a careful and strategic approach and due consideration of the potential implications of voluntarily disclosing (or withholding) information when communicating with federal agents.
Defending Against FTC Lawsuits
Sometimes, an FTC lawsuit cannot be avoided, and settling the FTC’s allegations may not be in the target’s best interests. When an FTC investigation leads to charges, this requires a shift in the targeted entity’s defense strategy.
Here, too, the nature of the FTC’s enforcement efforts matters. Defending against administrative charges is very different from executing a defense in federal district court proceedings, and, of course, defending against civil and criminal charges is entirely different.
“Defending against an FTC lawsuit requires careful consideration of several different factors. A clear understanding of the allegations at hand is essential, and companies must tailor their defense strategies to the specific nature of the proceedings. While litigation involving the FTC can present substantial risk exposure, a strategic defense can substantially mitigate—if not eliminate—the risks involved.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.
Due to the scope of the FTC act, as a practical matter, defending against FTC lawsuits will often involve demonstrating that the agency’s allegations are misguided. This differs from many other types of federal litigation, where the focus is generally on demonstrating that prosecutors cannot meet their burden of proof (although this will also be a viable and necessary defense strategy in many FTC cases). For example, in a case involving alleged anti-competitive mergers and acquisitions, the FTC will generally have all the evidence it needs to build a successful case. As a result, rather than attempting to poke holes, it will be necessary to demonstrate that the transaction complies with federal law affirmatively.
With that said, similar to voluntarily disclosing information during an FTC compliance investigation, presenting an “innocence” defense in response to an FTC lawsuit also presents unique risks and challenges. As a result, it is necessary to prepare a well-thought-out defense strategy meticulously, and the defense must be presented so that it does not increase the risk of liability if it ultimately proves unsuccessful.
Facing an FTC investigation or lawsuit requires a strategic, methodical, and proactive defense. This is true regardless of the substance of the allegations at issue and whether the inquiry is administrative, civil, or criminal in nature. For companies that are facing FTC scrutiny, it is important to engage an experienced FTC defense lawyer promptly and immediately begin making informed decisions with the company’s overall best interests in mind.
