CFPB Takes Action Against ACI Worldwide for Unlawful Mortgage Payments Processing
The Consumer Financial Protection Bureau (CFPB) has issued an order against ACI Worldwide and its subsidiary, ACI Payments, for unlawfully initiating approximately $2.3 billion in mortgage payments without authorization. These improper data handling practices negatively impacted nearly 500,000 homeowners whose mortgages were serviced by Mr. Cooper. As a result, affected homeowners faced overdraft fees and insufficient funds charges from their financial institutions. ACI Worldwide will pay a $25 million civil money penalty as part of the enforcement action.
Addressing the Mortgage Payment Fiasco
ACI Worldwide, a payment processing firm based in Elkhorn, Nebraska, serves various industries, including mortgage servicing. The company processed mortgage payments for Mr. Cooper, a major mortgage servicer. However, on April 23, 2021, during tests of its electronic payments platform, ACI mistakenly used actual consumer data obtained from Mr. Cooper instead of dummy data. Consequently, the company initiated approximately $2.3 billion in unauthorized electronic mortgage payment transactions, impacting nearly 500,000 borrowers. These transactions were processed without the knowledge or consent of the affected homeowners.
Financial Consequences and Violations of Consumer Protection Laws
Once homeowners discovered the inaccuracies in their account balances on April 24, 2021, they experienced immediate financial hardships. Some accounts saw significant debits, with more than $330 million in combined unauthorized withdrawals reported by one bank. Approximately 7,300 account holders had their available balances reduced by more than $10,000 overnight. The CFPB’s investigation determined that ACI’s actions violated federal consumer financial protection laws, including the Consumer Financial Protection Act and the Electronic Fund Transfer Act.
Unlawful Withdrawals and Mishandling of Consumer Data
ACI unlawfully initiated approximately 1.4 million Automated Clearing House (ACH) withdrawals from homeowners’ bank accounts on behalf of Mr. Cooper without valid written authorization. The company initiated transfers on unscheduled days and processed multiple transfers from the same accounts on the same day. Additionally, ACI mishandled sensitive consumer data, as its inappropriate use of actual consumer data during testing led to unauthorized transactions. ACI failed to establish and enforce reasonable information security practices, allowing the testing files to enter the ACH network.
Enforcement Actions and Compliance Requirements
The CFPB, with its authority to address violations of consumer financial protection laws, has ordered ACI to cease its unlawful practices. ACI is required to implement and enforce reasonable information security practices and obtain proper authorization before processing payments. The company is also prohibited from using sensitive consumer financial information for software development or testing without compelling business reasons and consumer consent. Furthermore, ACI must pay a $25 million civil money penalty to the CFPB, with the funds deposited into the CFPB’s victims’ relief fund.
Preventing Future Harm and Ensuring Consumer Protection
The CFPB’s enforcement action against ACI Worldwide highlights the importance of safeguarding consumer data and ensuring compliance with financial protection laws. This case specifically addresses the mishandling of mortgage payments, emphasizing the potential financial hardships faced by homeowners due to unauthorized transactions. By holding ACI accountable, the CFPB aims to prevent similar incidents in the future and protect consumers from detrimental data handling practices.
