$30M fine levied against Robinhood Crypto for AML and cybersecurity violations

The New York State Department of Financial Services (NYDFS) fined Robinhood Crypto (RHC) $30 million for "significant failures" in its cybersecurity and Bank Secrecy Act/anti-money laundering (BSA/AML) compliance programs.

The NYDFS stated on Tuesday that over a number of years, Robinhood's BSA/AML program was understaffed, failed to upgrade from a manual transaction monitoring system unsuitable for the firm's size, customer profiles, and volume of transactions, and did not allocate enough funds to addressing risks specific to the business.


Similar to this, Robinhood's cybersecurity program fell short of meeting all requirements set forth by the NYDFS and failed to adequately address the risks associated with a potential breach.


According to a consent order, Robinhood must pay the fine and retain an impartial consultant for 18 months to evaluate its BSA/AML and cybersecurity compliance programs. In accordance with the order, the consultant "will review, report on, and assist RHC regarding its efforts to remedy these deficiencies in RHC’s compliance programs" and submit a report to the NYDFS detailing the company's progress in resolving the problems.

When the company certified to the department that it was fully compliant with the agency's BSA/AML cybersecurity regulations, the NYDFS claimed that Robinhood Crypto also broke the law in 2019.


According to a press release from the NYDFS, Superintendent Adrienne Harris, "as its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance—a failure that resulted in significant violations of the department’s anti-money laundering and cybersecurity regulations." TAll virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies. DFS will continue to investigate and take action when any licensee violates the law or the department’s regulations, which are critical to protecting consumers and ensuring the safety and soundness of the institutions."


When the business neglected to keep a "distinct, dedicated phone number on its website for the receipt of consumer complaints," the NYDFS regulation relating to consumer protection was broken, the agency added.


An impending fine from the NYDFS for compliance failures was previously disclosed to investors by Robinhood Crypto in July 2021, with the company estimating it would be "at least" $10 million.


The NYDFS order was the third time a Robinhood Markets subsidiary had to pay a fine and hire a third party consultant to fix problems with its compliance program.


In June 2021, Robinhood Financial paid a $70 million fine to the Financial Industry Regulatory Authority for failing to properly oversee FINRA rule compliance. To oversee the remediation, a separate consultant had to be hired.


The Securities and Exchange Commission (SEC) fined Robinhood Financial $65 million in December 2020 for deceiving customers about how it generates revenue and failing to negotiate the best possible prices. The SEC mandated that Robinhood retain an unbiased consultant to examine its customer communications policies and practices.


According to a spokesperson for Robinhood Markets, the business is happy that the dispute has been resolved.


Cheryl Crumpton, associate general counsel of litigation and regulatory enforcement for Robinhood Markets, stated via email, "we have made significant progress building industry-leading legal, compliance, and cybersecurity programs and will continue to prioritize this work to best serve our customers,” said Cheryl Crumpton, associate general counsel of litigation and regulatory enforcement for Robinhood Markets, in an emailed statement."

By fLEXI tEAM