New York regulator fines Robinhood $30 million for AML and cybersecurity lapses

Diving brief:

  • robinhood the crypto unit will pay a $30 million fine to settle a New York financial services department (NYDFS) is investigating “significant” anti-money laundering and cybersecurity deficiencies, the state regulator said on Tuesday.
  • robinhood The Bank Secrecy Act and Anti-Money Laundering Compliance Program was understaffed and failed to transition in a timely manner from a manual transaction monitoring system that was inadequate for the size of company, customer profiles and trading volumes, the regulator said.
  • The company also failed to comply with consumer protection requirements by not listing a phone number on its website to handle consumer complaints, the regulator said.

Overview of the dive:

The penalty comes as no surprise to Robinhood. The company warned in a Securities and Exchange Commission (SEC) filing more than a year ago that it had set aside $15 million to account for “probable losses” in connection with a NYDFS investigation into anti-money laundering and cybersecurity issues.

“We have made significant progress in building industry-leading legal, compliance and cybersecurity programs, and we will continue to prioritize this work to better serve our clients,” said Cheryl Crumpton. , Robinhood’s associate general counsel for litigation and enforcement, to The Wall Street Journal. a statement on Tuesday.

Tuesday’s consent order marks NYDFS’ first crypto enforcement action.

“As its business has grown, Robinhood Crypto has not invested the appropriate resources and attention to develop and maintain a culture of compliance,” the regulator’s Superintendent Adrienne Harris said Tuesday. “DFS will continue to investigate and take action when a licensee violates the law or Department regulations, which are essential to protecting consumers and keeping institutions safe and sound.”

As part of the settlement, Robinhood must retain the services of an independent consultant to assess its compliance with state regulations and remediation efforts.

The NYDFS findings stem from a supervisory review and subsequent enforcement investigation, the regulator said. The agency deemed “unacceptable” the manual system used by Robinhood in September 2019 to review more than 106,000 transactions per day worth $5.3 million, according to the consent order.

NYDFS also said Robinhood incorrectly certified that it complied with the agency’s transaction monitoring and cybersecurity regulations.

Tuesday’s penalty also marks the end of a tumultuous year since Robinhood went public on Nasdaq in late July 2021. Robinhood’s monthly active user count fell 25% in the first quarter of 2022 from its peak. ‘last year. During this time, its turnover fell by 47% and the company reduced its workforce by 9%. Robinhood is expected to announce its second-quarter results on Wednesday.

The crisis is a sharp turnaround from the start of 2021, when the company saw a surge in users amid the meme stock mania.

Its popularity with the public has not translated to regulators. Last summer, the Financial Industry Regulatory Authority (FINRA) ordered Robinhood to pay nearly $70 million to settle allegations that the company misled customers, approved ineligible merchants for risky types of transactions and failed to adequately oversee technology that left customers locked out of the platform during high demand periods.

About six months earlier, Robinhood had agreed to pay $65 million after the SEC found that the company had not disclosed its order flow payment business model until 2018.

Michael J. Birnbaum