The Consumer Financial Protection Bureau fined payment processing company ACI Worldwide and subsidiary ACI Payments $25 million for improperly initiating roughly $2.3 billion in illegal mortgage payment transactions.
The fine was announced in a June 27 press release, and came after the company improperly sent several large files of customer data on roughly 500,000 customers of mortgage company Mr. Cooper — bank account numbers, routing numbers, names and amounts to be credited or debited — into the automated clearing house network during April 2021 testing of ACI’s Speedpay payment platform system.
According to the CFPB, ACI failed to “establish and enforce reasonable information security practices that would have prevented” the incident. “The CFPB’s investigation found that ACI perpetrated the 2021 Mr. Cooper mortgage fiasco that impacted homeowners across the country,” said Director Rohit Chopra. “While borrower accounts have now been fixed, we are penalizing ACI for its unlawful actions that created headaches for hundreds of thousands of borrowers.”
The CFPB barred ACI from using sensitive consumer financial information to either develop software or for testing purposes without obtaining consumer consent and documenting a sufficient business reason.
Elkhorn, Neb.-based ACI offers payment processing services for mortgages, utilities, student loan servicing, education, insurance, health care and telecommunications. The company counts more than 6,000 companies as customers, and says it processes more than 225 billion consumer transactions on an annual basis. ACI reported $1.42 billion in revenue last year.
In a press release following the fine, ACI Worldwide called the incident an inadvertent transmission. “ACI consented to the issuance of the Consent Order without admitting any wrongdoing to avoid the expense and distraction of litigation,” the company stated. “The company believes the prompt conclusion of the matter is the best path forward and is in the interest of its employees, shareholders and customers.”