Oct. 18, 2023
Salem – The Oregon Division of Financial Regulation (DFR) joined 43 other state financial agencies in reaching a settlement with ACI Payments Inc. (ACI), for erroneously initiating electronic transactions totaling $2.3 billion from the accounts of 480,000 mortgage-holders nationwide.
State regulators levied $10 million in fines through a multistate enforcement action. In Oregon, there were over 13,000 erroneous ACH entries affecting nearly 5,000 accounts. The dollar value of transaction in Oregon alone was over $23 million. Additionally, 50 state attorneys general, including the Oregon Attorney General Ellen Rosenblum, levied an additional $10 million in fines to ACI, in coordination with state regulators.
Before the settlement, the erroneous charges were corrected by ACI.
ACI Payments, a subsidiary of ACI Worldwide Corp., is a state-regulated money transmission business licensed in Oregon and nearly all other U.S. states (Nationwide Mortgage Licensing System ID 936777). ACI acts as a vendor for mortgage servicing companies by processing borrowers' mortgage payments through its Speedpay platform. State regulators determined that ACI erroneously used live customer data in a test of its Speedpay platform, causing unauthorized mortgage payments to be processed from customer accounts. State regulators commenced a multistate money transmission investigation reviewing all aspects of the event. The state regulators believe the error was due to defects in ACI's privacy and data security procedures and technical infrastructure.
“DFR will use its enforcement authority against companies that fail to have sufficient data security and internal controls in place to protect Oregon consumers," DFR Administrator TK Keen said. “This settlement demonstrates how state regulators and state attorneys general can work together to hold companies accountable, and to ensure consumers can confidently and securely pay their loans online without fear of unauthorized payments being made on their behalf."
This enforcement action orders the following of ACI Payments Inc.:
- Risk and compliance programs – Maintain a comprehensive enterprise risk management program and a third-party risk management program tailored to the nature, size, complexity, and risk profile of ACI.
- Agreement monitoring – Regular reporting (for two years) to a state regulator monitoring committee to ensure both the adequacy of the risk management programs and compliance with the order.
- Administrative costs and penalties – Payment of $10 million in fines for administrative costs and penalties.
Here is the settlement agreement and order:
About Oregon DFR: The Division of Financial Regulation is part of the Department of Consumer and Business Services, Oregon's largest business regulatory and consumer protection agency. Visit