No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Your Company May Be a Likely Target of State Attorneys General. You May Not See It Coming.

Tips on How to Minimize Exposure to Enforcement from State Attorneys General

by Ashley Taylor and Chris Carlson
February 15, 2022
in Compliance, Risk
3d render of a rhino charging a closed door before which a man stands on a call

Risk and compliance teams are familiar with potential enforcement from federal regulators. But action from state attorneys general (acting alone or in coalition) can take the unsuspecting business completely by surprise. And in recent years, those actions have grown more frequent, and the penalties more severe.

State attorneys general (state AGs) have broad authority to influence a company’s operations as they operate under an undefined statutory mandate to stop “unfair or deceptive practices.” In recent years, state AGs have utilized the breadth of this authority to address perceived consumer harms on the national level against a variety of industries—many of which were focused on federal regulation, but unconcerned about regulators at the state level. Now, companies in highly regulated industries with frequent or high-impact consumer interactions must evaluate the role that state AGs play and their potential business impact. 

Predicting areas of enforcement ripe for state AGs remains difficult because each of the 56 state and territory attorneys general has different policy priorities. Companies should be wary, as handling even a single AG investigation is costly and requires substantial time, energy and legal resources. Multistate investigations only make matters more complex and challenging.

Any such strategy must include implementing a comprehensive and robust compliance program. As explained below, that strategy starts with knowing how each AG views the relevant laws, continues with conforming compliance strategies and business changes to those interpretations—including as they change—and ends with actively addressing and thoughtfully resolving consumer complaints before they snowball into an enforcement action. 

Industries Scrutinized by State AGs 

Over the past decade, state AGs have increasingly exercised their power as regulators (at the state and national level), leading the charge in regulating consumer harms. They have, individually and collectively, established industry-wide initiatives, filed lawsuits and obtained settlements to exert significant pressure on businesses and industries. Through these efforts, state AGs have consistently scrutinized the financial services, automobile, data privacy and tobacco industries. 

In the absence of comprehensive federal regulations, state AGs are also likely to continue to regulate social media, environmental justice, cannabis and virtual currency-related products. Once state AGs commit resources to regulate an industry, they are determined to continue enforcement despite federal regulators increasing their focus. Sometimes even when a federal regulator acts, state AGs often take independent action because federal enforcement is viewed as seemingly insufficient, i.e., issuing penalties that are too low and offering little consumer redress. This results in companies often facing simultaneous investigations from both the state and federal government. 

However, predicting areas of enforcement ripe for state AGs remains difficult because each of the 56 state and territory attorneys general has different policy priorities. Companies should be wary, as handling even a single AG investigation is costly and requires substantial time, energy and legal resources. Multistate investigations only make matters more complex and challenging. 

State AGs and UDAPs

Although many federal and state statutes give state AGs the power to regulate companies, state AGs are most known for enforcing their states’ unfair or deceptive acts or practices laws (UDAPs). These laws often carry significant penalties, including restitution and injunctive relief, even though they do not precisely define what constitutes an unfair or deceptive act or practice. 

This presents challenges for companies because state AGs have used this ambiguity to push a broad view of what constitutes an unfair or deceptive trade practice, often attempting to patch what they perceive as holes in state and federal law. For instance, the North Carolina Attorney General has consistently taken the position that marketing and selling e-cigarette products designed to appeal to youth violates North Carolina’s consumer protection law. Similarly, the Massachusetts Attorney General asserted that lending to consumers without conducting an ability-to-pay analysis is an unfair and deceptive practice under Massachusetts law.  

Today’s settlement with Juul is a major win in the fight against teen vaping and nicotine addiction. pic.twitter.com/gCcCNJaaGL

— Josh Stein (@JoshStein_) June 28, 2021

Proactive Efforts to Mitigate an AG Enforcement Action

Companies in the spotlight must remain hyper-vigilant about their compliance strategies to stave off AG scrutiny and ensure their products and services are not perceived as potentially unfair, deceptive, misleading or even confusing. Companies can do that by: 

  1. Knowing the law and its application: Companies should evaluate each state’s approach to consumer protection and how its state AG reads the statute, based upon prior enforcement actions (cease and desist letters, lawsuits and settlements) and public statements (press releases, etc.).
  2. Establishing compliance strategies based on the state AG’s approach: After considering the enforcement actions and public statements mentioned above, companies should evaluate their current practices to ensure compliance with applicable laws.
  3. Anticipating possible changes: Companies should evaluate potential business changes according to how state AGs will view them—through their impact on consumers—and hypothesize future scenarios to anticipate risks and opportunities.
  4. Maintaining comprehensive yet adaptable compliance measures: To keep pace with the changes in the legal environment, companies should actively monitor the legal landscape, review their compliance measures and respond to changes in real-time to ensure continual compliance with all laws. 
  5. Addressing and resolving consumer complaints: Companies should track, review and thoughtfully respond to complaints submitted to state AGs and the Better Business Bureau (BBB). State AGs often create hotlines to crowdsource consumer complaints and discover potential UDAP violations. For example, when the California Consumer Privacy Act (CCPA) was enacted, the California Attorney General advised consumers to “exercise [their] rights under the CCPA” by launching a new online Consumer Privacy Tool that allows consumers to directly notify businesses about CCPA violations, which the California AG’s office used to assist “in investigating and enforcing” the CCPA. 

Although a proactive compliance strategy is helpful to identify potential enforcement actions, no company can predict all potential state AG enforcement actions. State AG priorities and policies can shift at any time, sometimes resulting in a “first-of-its-kind” enforcement action. Historically, such actions involving novel readings of state consumer laws are usually taken against companies operating in industries that state AGs believe are particularly harmful to consumers. 

While no regulatory strategy is foolproof, a proactive one helps demonstrate to regulators that a company has made a good faith effort to conclude that its actions comply with state law. This also allows companies to negate any assertions that they willfully violated any laws. This is crucial for two reasons. First, many statutes only allow AGs to seek civil penalties if they can demonstrate a company’s conduct reached the willful standard. Second, even if the law does not expressly require a willful violation, both AGs and courts are likely to temper their demands if they believe a company made a good faith effort to comply with the statutory law. 

Conclusion

State AG investigations are burdensome for companies, as they require significant time, energy, and resources that could be spent elsewhere. By having proper safeguards already in place, companies can avoid being caught off guard by such regulatory scrutiny.

The authors would like to thank additional members of Troutman Pepper’s State Attorneys General Practice Group for contributing to this article: Ketan Bhirud, Barry Boise, Siran Faulders, Bonnie Gill, Namrata Kang, Tim McHugh, Harold Melton, Rachel Miklaszewski, Charles Peeler, Stephen Piepgrass, Avi Schick, Ryan Strasser, Abbey Thornhill, Daniel Waltz, and John West.


Tags: CannabisCryptocurrency
Previous Post

If Your Suit Is Stuck, These Best Practices Can Ensure a Strong Partnership with Litigation Counsel

Next Post

How ESG Alignment Can Spur Employee Retention and Attract Future Talent

Ashley Taylor and Chris Carlson

Ashley Taylor and Chris Carlson

TaylorAshley Taylor is a partner at Troutman Pepper in the Consumer Financial Services practice with a primary focus on federal and state government regulatory and enforcement matters involving state attorneys general, the Consumer Financial Protection Bureau and the Federal Trade Commission. He can be reached at ashley.taylor@troutman.com.
CarlsonChris Carlson represents clients in regulatory, civil and criminal investigations and litigation at Troutman Pepper. He employs his prior regulatory experience to benefit clients who are interacting with and being investigated by state attorneys general. He can be reached at chris.carlson@troutman.com.

Related Posts

ftx arena miami

2023: The Year of Crypto Compliance

by Ben Richmond
January 11, 2023

The November collapses of FTX and BlockFi, two of the world’s biggest cryptocurrency exchanges, were shocking — and devastating for...

The North Korean Crypto Threat_f

The North Korean Crypto Threat

by Corporate Compliance Insights
October 20, 2022

How to challenge North Korea's entry into the crypto field of play Facing the Latest Challenge to the Crypto Ecosystem...

unpacking crypto eo

Unpacking Biden’s Crypto Executive Order

by Harriet Christie
July 27, 2022

Rather than an exhaustive dossier of rules and regulations providing next steps for crypto firms, President Joe Biden’s March 9...

crypto security risks

Where the Money Is: Cryptocurrency Industry Grapples With Rising Cybersecurity Risks

by FTI Consulting
July 6, 2022

Notorious bank robber Willie Sutton famously said “because that’s where the money is” in response to why he robbed banks....

Next Post
a young woman has flowers growing out of her glasses

How ESG Alignment Can Spur Employee Retention and Attract Future Talent

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT