WASHINGTON — Nearly a half-million homeowners were hurt by the mortgage practices of one company that has been ordered to pay a $25 million fine by the Consumer Financial Protection Bureau.
The CFPB has issued an order against ACI Worldwide and one of its subsidiaries, ACI Payments, for improperly initiating approximately $2.3 billion in unlawful mortgage payment transactions.
“ACI’s data handling practices negatively impacted nearly 500,000 homeowners with mortgages serviced by Mr. Cooper (formerly known as Nationstar),” according to the CFPB. “By unlawfully processing erroneous and unauthorized transactions, ACI opened homeowners to overdraft and insufficient funds fees from their financial institutions.”
The order requires ACI, among other things, to pay a $25 million civil money penalty.
hundreds of thousands of borrowers.”
ACI is a publicly traded firm headquartered in Elkhorn, Neb. The Bureau said the company offers payment processing services across a wide range of industries including utilities, student loan servicing, healthcare, education, insurance, telecommunications, and mortgage servicing.
More Than 4 Million Borrowers
“Mr. Cooper was one of ACI’s largest mortgage servicing customers until at least 2021,” the Bureau stated. “Mr. Cooper services the mortgages of more than four-million borrowers and collects their monthly mortgage payments. Many homeowners with mortgages serviced through Mr. Cooper chose to schedule their monthly mortgage payments using ACI’s Speedpay product, which allowed the company to automatically transfer homeowners’ authorized mortgage payments from their personal bank accounts to Mr. Cooper.
“On Friday, April 23, 2021, ACI conducted tests of its electronic payments platform. But instead of using deidentified or dummy data in its tests, ACI used actual consumer data it had received from Mr. Cooper, which included names, bank account numbers, bank routing numbers, and amounts to be debited or credited,” the CFPB continued in announcing its action. “During its performance testing, ACI improperly sent several large files filled with Mr. Cooper’s customer data into the ACH network, unlawfully initiating approximately $2.3 billion in electronic mortgage payment transactions from homeowners’ accounts. None of the nearly 500,000 impacted borrowers anticipated, authorized, or were aware of these transactions until after they had been processed by their respective banks.”
An Overnight Reduction
According to the Bureau, on April 24, 2021, impacted account holders began noticing inaccuracies in their account balances. Immediately, people began experiencing negative financial consequences.
“At one bank, for example, more than 60,000 accounts experienced more than $330 million in combined unlawful debits by that morning,” the CFPB said. “Among these account holders, approximately 7,300 had their available balances reduced by more than $10,000—overnight.”
The Allegations
The CFPB said it found that ACI’s actions violated federal consumer financial protection laws, including the Consumer Financial Protection Act and the Electronic Fund Transfer Act and its implementing rule, Regulation E. Specifically, the company harmed homeowners by:
- Illegally initiating withdrawals from borrower bank accounts. ACI initiated approximately 1.4 million ACH withdrawals on behalf of Mr. Cooper from homeowners’ accounts on April 23, 2021, without a valid written authorization. “This included initiating electronic fund transfers on days when they were not scheduled and initiating multiple transfers from the same accounts on the same day,” the CFPB said.
- Improperly handling sensitive consumer data. “As one of the largest global providers of payment services, ACI handles sensitive financial data of millions of homeowners and other consumers,” the CFPB said. “The unlawful transactions, and the subsequent harm they caused, occurred as a direct result of the company’s inappropriate use of consumer data in its testing process. Specifically, the company failed to establish and enforce reasonable information security practices that would have prevented files created for testing purposes from ever being able to enter the ACH network.”
What’s Being Required
According to the CFPB, theorder requires ACI to:
- Stop its unlawful practices. ACI must adopt and enforce reasonable information security practices, and is prohibited from processing payments without obtaining proper authorization. It is also prohibited from using sensitive consumer financial information for software development or testing purposes without documenting a compelling business reason and obtaining consumer consent
- Pay $25 million in penalties. ACI is required to pay a $25 million penalty to the CFPB, which will be deposited into the CFPB’s victims relief fund
The order can be found here.
You Can Now Get CUToday.info’s Daily News Headlines in Your Mailbox at the Low, Low Price of Free
Are you missing out on the latest news in credit unions? Missing the trends and developments you need to be aware of? We can help. Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
And it’s free!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com.