On June 27, 2023, the CFPB issued an order against ACI Worldwide and one of its subsidiaries, ACI Payments, for improperly initiating approximately $2.3 billion in unlawful mortgage payment transactions. According to the CFPB, ACI’s data handling practices negatively impacted nearly 500,000 homeowners with mortgages serviced by Mr. Cooper (formerly known as Nationstar).
ACI is a publicly traded firm that offers payment processing services across a wide range of industries including utilities, student loan servicing, healthcare, education, insurance, telecommunications, and mortgage servicing. Mr. Cooper was one of ACI’s largest mortgage servicing customers that services the mortgages of more than four million borrowers and collects their monthly mortgage payments. In many cases, Mr. Cooper's customers made their monthly mortgage payments using ACI's Speedpay product, which transferred payments directly from their bank accounts to Mr. Cooper's account. However, on April 23, 2021, ACI conducted tests of its electronic payments platform where it improperly used actual consumer data including names, bank account numbers, bank routing numbers, and amounts to be debited or credited. This resulted in approximately $2.3 billion in unauthorized electronic mortgage payment transactions from homeowners’ accounts.
The CFPB found that ACI’s actions violated the Consumer Financial Protection Act and the Electronic Fund Transfer Act and harmed homeowners by illegally initiating withdrawals from borrower bank accounts and improperly handling sensitive consumer data. Thus, the CFPB has issued a consent order that requires ACI to:
Stop its unlawful practices by implementing reasonable information security practices; and
Pay $25 million in penalties which will be deposited into the CFPB’s victims relief fund.
Read the CFPB’s press release here.
The consent order can be found here.