The New York State Department of Financial Services alleges that Robinhood violated anti-money-laundering and cybersecurity regulations
Robinhood first publicly disclosed the investigation and settlement with the NYDFS a year ago in the paperwork filed with the Securities and Exchange Commission.
The New York State Department of Financial Services imposed a $30 million fine on the cryptocurrency trading unit of online brokerage Robinhood Markets Inc. for alleged violations of anti-money-laundering and cybersecurity regulations, in the department’s first crypto enforcement action.
The New York State financial regulator said Tuesday that Robinhood Crypto LLC failed to maintain and certify compliant anti-money-laundering and cybersecurity programs. As part of the consent order, Robinhood also will be required to retain an independent consultant to evaluate its compliance with NYDFS’s regulations and its remediation efforts.
NYDFS said it found significant failures through a supervisory exam and through a subsequent enforcement investigation of Robinhood. The failures, the regulator said, resulted from shortcomings in the company’s management and oversight of its compliance programs. These include failures to foster and maintain a culture of compliance and to allocate adequate resources to the programs, particularly as the company grew quickly, which exacerbated the issues.
Robinhood, which said in its latest quarterly filing that it had about 15.9 million monthly active users as of the end of March, first publicly disclosed the investigation and settlement with the NYDFS a year ago in the paperwork filed with the Securities and Exchange Commission. The company initially expected a monetary penalty of at least $10 million and later increased it to $30 million.
NYDFS said Robinhood’s Bank Secrecy Act and anti-money-laundering compliance program was insufficiently staffed and failed to transition in a timely manner from a manual transaction monitoring system that was appropriate for the company’s size, transaction volumes, and customer profiles. Robinhood’s cybersecurity program also failed to address the company’s operational risks, and its policies weren’t in compliance with the regulator’s cybersecurity and virtual currency regulations, NYDFS said.
Robinhood also failed to comply with certain consumer-protection requirements by not having a dedicated phone number on its website to receive consumer complaints, NYDFS said.
The settlement with Robinhood was the first cryptocurrency-sector enforcement action by NYDFS, which given New York’s role as a financial center plays an outsize role in financial regulation and enforcement. It also comes as its new superintendent, Adrienne A. Harris, looks to provide more guidance for the crypto industry and to expand the regulator’s team on virtual currency.
“DFS will continue to investigate and take action when any licensee violates the law or the Department’s regulations, which are critical to protecting consumers and ensuring the safety and soundness of the institutions,” Ms. Harris said in a statement.
The settlement was the latest headache for the mobile investing firm, which achieved mass popularity during the Covid-19 pandemic. Robinhood’s monthly active user count dropped 25% in the first quarter from last year’s quarterly peak, while its revenue dropped 47%. The company has shifted its focus from rapid growth to cost-cutting, laying off 9% of its staff earlier this year.
Robinhood also has found itself on a collision course with regulators after SEC Chairman Gary Gensler in June outlined a revamp of trading rules that could threaten part of its business model.
