The Consumer Financial Protection Bureau (CFPB) has issued an order against ACI Worldwide and one of its subsidiaries, ACI Payments, for improperly initiating approximately $2.3 billion in unlawful mortgage payment transactions. ACI’s data handling practices negatively impacted nearly 500,000 homeowners with mortgages serviced by Mr. Cooper (formerly known as Nationstar).
By unlawfully processing erroneous and unauthorized transactions, ACI opened homeowners to overdraft and insufficient funds fees from their financial institutions. The order requires ACI, among other things, to pay a $25 million civil money penalty to be deposited into the CFPB’s victim’s relief fund.
“While borrower accounts have now been fixed, we are penalizing ACI for its unlawful actions that created headaches for hundreds of thousands of borrowers,” says CFPB Director Rohit Chopra.
A publicly traded firm headquartered in Elkhorn, Neb., ACI claims to process more than 225 billion consumer transactions annually from more than 6,000 firms. It processes mortgage payments through the Automated Clearing House (ACH) network. For 2022, ACI reported revenue of $1.422 billion and net income of $142 million.
One of ACI’s largest mortgage servicing customers, until at least 2021, Mr. Cooper scheduled the monthly mortgage payments of many homeowners with ACI’s Speedpay, a product that allowed the company to automatically transfer homeowners’ authorized mortgage payments from their personal bank accounts to Mr. Cooper.
In 2021, while testing its electronic payments platform, ACI, instead of using dummy data, used actual consumer data it had received from Mr. Cooper, which included names, bank account numbers, routing numbers and amounts to be debited or credited.
During its testing, ACI improperly sent customer data into the ACH network and unlawfully initiated approximately $2.3 billion in electronic mortgage payment transactions from homeowners’ accounts. Nearly 500,000 borrowers were impacted, experiencing negative financial consequences almost immediately. At one bank, for example, more than 60,000 accounts experienced more than $330 million in combined unlawful debits by that morning.
The CFPB found that ACI’s actions violated federal consumer financial protection laws. Specifically, the company harmed homeowners by illegally initiating withdrawals from borrower bank accounts and improperly handling sensitive consumer data.
This is the CFPB’s first action addressing unlawful information handling practices in processing mortgage payments. In addition to the $25 million penalty, ACI is required to adopt and enforce reasonable information security practices and is prohibited from processing payments without obtaining proper authorization. It is also prohibited from using sensitive consumer financial information for software development or testing purposes without documenting a compelling business reason and obtaining consumer consent.
Image by kues1 on Freepik
