Consumer protection division: transition to the Department of Law addresses some audit findings

Follow-Up Review Report No. 18-01

October 2018

Georgia Department of Audits and Accounts
Performance Audit Division
Greg S. Griffin, State Auditor Leslie McGuire, Director

Why we did this review
This report is a follow-up review of a performance audit published in August 2015 (Report #13-18).
The original audit examined enforcement functions administered by the former Governor's Office of Consumer Protection (now the Consumer Protection Division within the Department of Law). The audit sought to determine whether it had processes in place to ensure the effectiveness of criminal and civil investigations. The report determined that there was a lack of formalized management controls necessary to ensure business processes related to civil and criminal investigations resulted in an efficient and effective use of resources and desired outcomes.
About the Consumer
Protection Division
Consumer protection functions administered by the former Governor's Office of Consumer Protection were transferred to the Department of Law in July 2015. Now, the Consumer Protection Division (CPD) administers the provisions of the Fair Business Practices Act and other consumer protection laws that protect consumers from unfair or deceptive practices in consumer transactions. It also investigates consumer issues, monitors the marketplace to promote fair and honest competition, takes enforcement action against violators, and publishes consumer education materials and alert warnings.

Follow-Up Review
Consumer Protection Division
Transition to the Department of Law
addresses some audit findings
What we found The transfer of consumer protection functions to the Department of Law in July 2015 led to process changes, primarily to align with the department's other practice areas. Through changes such as the planned migration to a new case management system, integration of criminal investigations into other departmental units, and centralized tracking of penalty payments, some action has been taken to address our audit recommendations. Recommendations aimed at establishing additional performance measures to supplement existing metrics and other internal management information were not addressed, though the new case management system could be used to compile and track additional performance data to report on its efforts to enforce the Fair Business Practices Act.
Like the department's other divisions, the Consumer Protection Division (CPD) is scheduled to transition to a new case management system. While it will not be operational until the end of fiscal year 2019, the system is expected to create efficiencies in CPD's work processes. And, if the department chooses to add data analytics functionality, it will enhance both CPD and department management's ability to manage cases.
The transfer to the Department of Law has also led to some process changes. In the original audit, we noted a lack of documented case selection procedures for criminal investigations and systematic evaluation of case outcomes to assist in detecting areas for process improvements. At the time of this follow-up review, criminal investigations were being coordinated through the former Special Prosecutions Unit (or SPU, which had responsibility for prosecuting all of the department's cases) to select cases and

270 Washington Street, SW, Suite 1-156

Atlanta, Georgia 30334

Phone: (404)656-2180

www.audits.ga.gov

Consumer Protection - Enforcement

2

During the original audit, consumer protection functions were conducted by the former Governor's Office of Consumer Protection (OCP). In July 2015, these functions were transferred to the Department of Law's Consumer
Protection Unit (CPU). As of October 1, 2018, civil enforcement functions are performed by the department's Consumer Protection Division (CPD) and criminal enforcement functions are conducted by the Prosecution Division. In this report, references to CPD include functions previously administered by the former OCP and CPU.
conduct criminal investigative work. SPU also recommended cases initially considered for criminal investigation be closed or transferred for civil investigation. This level of coordination potentially improved the likelihood that criminal cases would result in an enforcement action or prosecution. Though civil case selection and investigative processes have not procedurally changed, multiple additional oversight activities (regular meetings, memos, and status reports between CPD attorneys and department management) and CPD attorneys' authority to execute legal documents such as subpoenas and civil investigative demands potentially enhance the civil investigations process.
At the time of the original audit, we reported that documentation of the factors considered in civil penalty assessments for each case was not being maintained. Such information could be used to ensure penalties were consistently applied across similar types of cases (for similarly sized businesses) and ensure that CPD and the Department of Law had protection against accusations of unfair treatment. Since the transfer to the Department of Law, the Attorney General is the final decision point for any penalty assessments. As a result, when making penalty recommendations, staff provide the Attorney General a detailed memo on each case outlining all the factors taken into account.
To ensure penalties resulting from civil and criminal investigations are monitored and paid in full by businesses that violated the Fair Business Practices Act, a more centralized method of documenting the terms of settlement agreements (particularly penalty assessments) and tracking compliance has been established. Previously, we had noted that the decentralized and manual recordkeeping process in place did not allow management to centrally track the status of all cases being monitored for compliance with the terms of their agreement and ensure that all amounts due had actually been paid.
CPD continues to track about 20 data points that are useful for assessing trends related to restitution payments and penalties assessed, number of investigations ongoing, and new matters opened. However, as noted in the original report, it lacks a set of productivity, timeliness, and case outcome measures (e.g., cases opened and closed, cases per investigator/attorney, cost per case, and days to case closure) that allow it to more fully assess its civil and criminal investigative processes and report on its efforts to enforce the Fair Business Practices Act over a period of time. Some of the information needed to support these additional metrics is currently being collected across multiple internal management reports or accessible through the existing information system. According to department management, because case outcomes depend on the facts of each individual case, timeliness and outcome standards or expectations would be meaningless.
Department of Law's Response: The Department of Law did not state its agreement or disagreement with the current status of the findings as presented, but did provide points of clarification and technical corrections that were incorporated in the final report. The Department noted that "[t]he Attorney General, exercising his constitutional and statutory authority, supervises and directs the activities of the [CPD], as he does for all divisions within the Department." Furthermore, "[d]ecisions involving, among other things, the investigations pursued by the [CPD], the manner in which they are handled, and the settlements negotiated and entered into are based on the exercise of legal judgement of attorneys." As a result, the Department believes "many of the comments and suggestions contained in the Draft report are not applicable in the context of the practice of law."
Auditor's Response: As clarification, the report's focus was on the processes in place for internally managing investigations and enforcement actions. The report does not call into question any legal decisions.
The following table summarizes the findings and recommendations in our 2015 report and actions taken to address them. A copy of the 2015 performance audit report (#13-18) may be accessed at http://www.audits.ga.gov/rsaAudits.

Consumer Protection Division

3

Consumer Protection Division Follow-Up Review, October 2018

Original Findings/Recommendations
Performance measures could be expanded to be more comprehensive in nature and fully cover all aspects of the investigative process.
We recommended that additional internal performance measures, along with meaningful and realistic targets, be developed to assist in managing its investigative activities.

Current Status
Not Addressed CPD management continues to internally monitor its efforts to enforce the Fair Business Practices Act through a combination of performance metrics, summary and ad hoc reports, and status updates. In addition, CPD management now provides monthly status reports on specific cases to the Attorney General. However, CPD has not expanded performance measures to supplement its existing management information as recommended. Used in combination with existing metrics, such measures would promote more systematic and comprehensive internal monitoring of CPD's efforts to enforce the Act and serve as the basis for performance reporting.
CPD tracks about 20 different data points covering activities such as restitution collected and civil penalties assessed, new matters opened, number of investigations in progress, and phone calls and website hits, which can be used to assess trends in those activities over time. Similar to the way it monitors and tracks these activities, CPD could develop additional measures to cover the range of enforcement activities it is engaged in. For example, cases opened and closed, cases per investigator/attorney, cost per case, and days to case closure are measures that, when reviewed over a period of time, are indicators of staff efficiency and productivity. And, from an outcomes perspective, measures that track the results of cases (e.g., percentage that lead to conviction and/or settlement) allow management to assess the strength of internal processes, including case selection and investigation processes.
Much of the information that would be needed to support additional performance measures is being captured through CPD's multiple existing management reports and its case information system, which CPD management indicated is used to generate regular and ad hoc reports. The new case management system which CPD will transition to in 2019 is an opportunity for CPD to expand its data collection efforts if it chooses to pursue a more comprehensive view of its performance and impact. The case management system is discussed in detail below.
Department of Law's Response: "This office is dedicated to gathering critical data to assure that the [CPD] functions in an efficient and effective manner. Like the Federal Trade Commission (FTC), we consider savings and benefits obtained for consumers to be a "key" evaluator of a consumer protection unit's effectiveness. During the three fiscal years that the [CPD] has been a part of the Department of Law, the legal and investigative divisions alone have been responsible for over $56.5 million dollars in savings and benefits for consumers. During that same period, their efforts also resulted in millions of dollars of direct benefit to the state."

CPD's existing information system is not effective for managing investigations.
We recommended that the existing information system (IQ) be evaluated to determine the feasibility of addressing its

Partially Addressed Though CPD is still using the data system in place at the time of our original audit, the Department of Law is transitioning all of its legal practice areas, including CPD, to an enhanced case management system. The system is expected to enhance CPD's data management capabilities and

Consumer Protection Division

4

Consumer Protection Division Follow-Up Review, October 2018

Original Findings/Recommendations limitations through modifications or the potential to replace it with a new case management system. A modified IQ system or new case management system would aid CPD in improving and automating key business processes.

Current Status its overall management of civil and criminal investigative functions.
CPD's migration to a new case management system is planned to occur by the end of fiscal year 2019. According to the department's IT staff, the system will simplify tasks and document management, as well as provide a single location for all case-related information. The system should also improve the visibility of information about each case, such as the parties involved and, because it is a workflow system, tasks to be performed. IT staff anticipate customizing the system to meet CPD's needs.

To ensure investigations are conducted effectively and efficiently, CPD should work to improve management controls over both its civil and criminal investigation processes.
We recommended that the process for selecting civil cases be evaluated. For criminal investigations, we recommended formal criteria for deciding which cases to investigate criminally and more comprehensive procedures to guide criminal investigations be established.

Partially Addressed The transfer of consumer protection functions to the Department of Law has changed the way criminal cases are handled, which CPD management believes improves the efficiency and outcomes of cases. Procedurally, CPD's civil case selection process has not changed, but multiple additional layers of review of cases and the additional responsibilities granted CPD attorneys (as assistant attorney generals) have potentially enhanced the civil investigative process.
Criminal Case Selection and Investigation At the time of this follow-up review, staff within the former Special Prosecutions Unit (SPU) were routinely involved in the selection and investigation of criminal cases according to CPD management. As reported by management, SPU attorneys guided CPD investigators through the process to ensure they pursued information necessary to support criminal prosecution, advised when cases should be closed or transferred for civil investigation, and reviewed and identified criminal cases for prosecution. Because of the transfer, criminal cases would be prosecuted through the Attorney General, thus eliminating the need to pursue prosecution with local and federal prosecutors and, according to CPD management, helping criminal cases progress at a faster pace. As of October 1, 2018, criminal enforcement and investigative functions were transferred to the department's Prosecution Division, which will be responsible for investigating and prosecuting consumer protection cases. However, it is too early to assess the impact of this change.
Civil Case Selection and Investigation At the time of our original review, procedures for determining whether a civil matter should be selected for preliminary investigation had been established, but similar guidance for deciding if matters should move forward for full investigation did not exist. We thought that this was potentially impacting its ability to pursue the best cases, as evidenced by how long it took to close cases for such reasons as lack of jurisdiction, findings of no violation, or insufficient evidence. Management indicated there are no current plans to change its process. However, according to management, the increased oversight over CPD's cases through regular meetings and internal reports, status reports, memos, etc., flowing

Consumer Protection Division

5

Consumer Protection Division Follow-Up Review, October 2018

Original Findings/Recommendations

Current Status between assistant attorney generals and the CPD Deputy, and from CPD to the Chief Deputy and Attorney General resulting from its transfer to the Department of Law is a significant change from the way it previously operated. In addition, as assistant attorney generals, CPD attorneys can now execute legal documents (e.g., subpoenas and civil investigative demands) to ensure investigators obtain needed evidence, which potentially improves the pace of investigations. Prior to CPD's transfer, it had to rely on Department of Law attorneys to execute these documents.
It should be noted that management believed the length of time to close cases documented in our original review was impacted by its failure to administratively close case files. As management and staff begin working with IT staff to configure and customize the new case management system, they should ensure the system has the functionality to trigger timely case closure.

CPD should document the basis for decisions related to penalty assessments to minimize risk.
To ensure penalties assessed to violating businesses are in accordance with state law, are consistently applied, and serve as an effective deterrent for future offenses, we recommended that the basis for the assessments be documented. We also thought this would also be beneficial in the event of accusations of unequal treatment or favoritism. At a minimum, this would consist of a note added to the case file that would generally address the factors that played a role in deciding the penalty amount.

Fully Addressed Due to its transfer to the Department of Law, CPD now documents the factors considered in assessing penalties as part of a detailed memo prepared on every case.
According to CPD management, the Attorney General is provided a detailed memo that lays out an analysis of the evidence and the rationale behind penalty recommendations on each case. These memos, which vary in length depending on case complexity, include such information as business name, explanation of the nature of the case and the types of violations committed, steps already taken by the business to discontinue any unfair practices, and any remedies that have been provided to affected consumers. Upon review of the memo, the Attorney General exercises his legal judgement and either accepts or declines the recommended penalty amount.

Formal procedures to ensure businesses comply with settlement agreements are needed.
To ensure management can adequately monitor the payment status of its cases and determine if all amounts due had been paid, we recommended that they establish a single method to formally document civil penalties imposed and track payments against those amounts in a central location. In addition, we recommended that they formally document its guidance for investigators regarding an acceptable level of documentation businesses must provide to ensure consumers are accurately compensated for their losses. We also recommended that case files be periodically reviewed to ensure documentation requirements are consistently implemented among investigators.

Partially Addressed CPD has established a process for investigators to centrally track businesses' compliance with penalty assessments. However, it has not formally documented the acceptable forms of evidence that businesses must provide for restitution payments.
Civil Penalties In 2015, a standard electronic form documenting the penalties imposed in each settlement agreement and track payments was developed. A form is created for each case, and it specifies the due date, amount, and the sum of all payments the business is responsible for making. The form also indicates whether the hammer clause is in effect for the case (which requires full payment of the settlement amount in the event of non-compliance). Investigators and/or attorneys are responsible for using the form to record payments as they are received and management can access and review the information as needed to monitor compliance and ensure penalties are paid as expected.

Consumer Protection Division

6

Consumer Protection Division Follow-Up Review, October 2018

Original Findings/Recommendations

Current Status According to the department's IT staff, the new case management system will provide management another method for tracking penalty assessments and payments. The benefit of maintaining this information in the case management system is that management could run reports to determine the overall status of penalty assessments during a specific time period, including total assessed, total payments made, and total balance due.
Consumer Restitution The type of documentation businesses should provide as proof of restitution payments has not been formally documented. During the original audit, management told us that documentation could include cancelled checks or documentation of charge-backs to consumers' credit cards, but its expectations related to recordkeeping had not been formally documented, such as in the civil investigations procedures manual. Without documented guidance, investigators, who are responsible for tracking cases during the monitoring phase, had devised their own documentation requirements.
Department of Law's Response: "The comments regarding standardized proof of restitution do not take into account the need to exercise legal judgment in structuring restitution provisions. The type of documentation sufficient to prove that restitution has been paid will vary, depending on the type of case." The department cited several examples, including "if restitution is paid by check, copies of cancelled checks might be required as proof that payments have been made." Also, it stated that "[r]efunds of monies that were originally paid by credit card could take the form of a credit back to the account or, in some instances, be evidenced by a chargeback..." It added that "[b]ecause the type of proof needs to be appropriate to the facts, attorneys must exercise legal judgement in each case to decide the form that proof of restitution should take. A list containing the "acceptable forms of evidence that businesses must provide" precludes needed flexibility in the exercise of that legal judgement"."
Auditor's Response: As clarification, we are not recommending standardized proof but, rather, formalized guidance to ensure a consistent understanding among investigators (and any others responsible for receiving documentation and recording payments) of the forms of proof appropriate for certain types of cases. The description provided above is the type of guidance we recommend be formalized.

5 Findings

1 Fully Addressed 3 Partially Addressed 1 Not Addressed

The Performance Audit Division was established in 1971 to conduct in-depth reviews of state-funded programs. Our reviews determine if programs are meeting goals and objectives; measure program results and effectiveness; identify alternate methods to meet goals; evaluate efficiency of resource allocation; assess compliance with laws and regulations; and provide credible management information to decision makers. For more information, contact
us at (404)656-2180 or visit our website at www.audits.ga.gov.