State financial regulators and attorneys general levy a combined $20 million in fines for data misuse that impacted 480,000 consumers nationwide 

Washington, D.C.— Forty-four state agencies have reached settlements with ACI Payments, Inc., for erroneously initiating electronic transactions totaling $2.3 billion from the accounts of 480,000 mortgage-holders serviced by Mr. Cooper (formerly known as Nationstar Mortgage, LLC). State regulators levied $10 million in fines through a multistate enforcement action led by regulators from Arkansas, Connecticut, Maryland and Texas with support from the Conference of State Bank Supervisors. Additionally, 50 state attorneys general levied $10 million in fines to ACI Payments, in coordination with state regulators.  

ACI Payments, Inc., a subsidiary of ACI Worldwide Corp., is a state-regulated money services business with licenses in nearly all states (NMLS ID 936777). Mr. Cooper offered ACI Payments’ Speedpay product for its customers to schedule their monthly mortgage payments, enabling automatic transfers of authorized mortgage payments from their personal bank accounts to Mr. Cooper. The violations occurred when ACI Payments erroneously used live customer data in a test of its Speedpay platform, causing unexpected and sometimes multiple mortgage payments from customer accounts. In some cases, these transactions exposed consumers to overdraft or insufficient funds fees. 

“In today’s digital world, mistakes that happen at this scale can be devastating for consumers. Unfortunately, in this case, consumers paid the price for this company’s lack of internal controls,” said Maryland Commissioner of Financial Regulation and CSBS Non-depository Supervisory Committee Vice-chair Antonio P. Salazar. “Now that consumers have been made whole, state regulators are penalizing ACI Payments and sending a message to other companies that mishandling customer data will lead to stiff penalties.”   

Upon notification of the incident from ACI Payments, state regulators commenced a multistate money transmission investigation reviewing all aspects of the event, including investigating the facts and circumstances surrounding the erroneous transactions, evaluating consumer impact, analyzing the root cause of the incident and evaluating the remedial steps taken by the company. 

This enforcement action orders the following of ACI Payments: 

• Risk and Compliance Programs – Maintain a comprehensive Enterprise Risk Management Program and a Third-Party Risk Management Program tailored to the nature, size, complexity, and risk profile of ACI. 
• Agreement Monitoring – Regular reporting (for two years) to a state regulator monitoring committee to ensure both the adequacy of the risk management programs and compliance with the order. 
• Administrative Costs and Penalties – Payment of $10 million in fines for administrative costs and penalties. 

“State regulators have a clear mission to protect consumers and support a safe and efficient financial services market,” said North Dakota Department of Financial Institutions Commissioner and CSBS Chair Lise Kruse. “This case is a fair warning to ACI Payments and other companies to use customer data with care. State financial regulators support innovation and diversity in the nonbank space but we will not tolerate any actions or practices that jeopardize consumers’ safety or prosperity.”  

State financial regulators license and supervise more than 33,000 nonbank financial services companies through the Nationwide Multistate Licensing System (NMLS), including mortgage companies, money services businesses, consumer finance providers and debt collectors. Consumers can submit complaints about nonbank financial services companies by contacting their state financial regulator. Consumers can also verify that a company is licensed to do business in their state, and view past enforcement actions, by visiting NMLS Consumer Access. 

Click HERE for the enforcement action which includes the list of participating states.  

Media Contact: Susanna Barnett, (202) 407-7156, [email protected]  

Twitter: @CSBSNews

The Conference of State Bank Supervisors (CSBS) is the national organization of bank regulators from all 50 states, American Samoa, District of Columbia, Guam, Puerto Rico and U.S. Virgin Islands. State regulators supervise roughly three-quarters of all U.S. banks and a variety of non-depository financial services. CSBS, on behalf of state regulators, also operates the Nationwide Multistate Licensing System to license and register non-depository financial service providers in the mortgage, money services businesses, consumer finance and debt industries.