The crypto arm of trading and investment app Robinhood (RHC) has been fined $30 million by New York authorities after it failed to properly invest in its workforce, processes, and resources, leading to “significant violations of anti-money laundering and cybersecurity regulations.”
According to a press release issued by the New York State Department of Financial Services, RHC’s compliance program was inadequately staffed, the company was too slow in moving away from a manual transaction monitoring system, and it didn’t do enough to address risks identified by the regulator.
All of this added up to severe breaches of the Bank Secrecy Act and anti-money-laundering rules.
As stated in the department’s consent order: “RHC did not timely transition its manual system to an automated transaction monitoring system, which was unacceptable for a program that, as of September 30, 2019, averaged 106,000 transactions daily, totaling $5.3 million,” (our emphasis).
The order also details how in late 2019, an outside consultant working with RHC described its manual AML processes as having “minimal value.” Despite this warning, RHC didn’t roll out its automated system until April 2021.
Among the other shortcomings or issues highlighted by the department’s investigation were an abnormally high $250,000 threshold before unusual transactions were reported, inadequate escalation processes for tackling suspicious activity, and an overreliance on outside agencies when it came to cybersecurity.
The consent order also called into question RHC’s entire compliance culture. According to investigators, the company was not only overly reliant on its parent company’s compliance framework (which was also not in line with state regulations), its Chief Compliance Officer (CCO) reported to RHC’s director of product operations instead of a legal or compliance executive.
This, according to regulators, meant the CCO “played no meaningful role in compliance efforts at the entity level.”
Finally, the regulator criticized RHC’s overall approach to working with it, stating that cooperation levels were “less than what is expected of a licensee that enjoys the privilege of conducting business in the State of New York.”
The report specifically cited delayed or insufficient information and multiple failures to disclose investigations of RHC affiliates.
In addition to paying the $30 million fine, RHC must also enlist an independent consultant to monitor compliance going forward.
It’s not Robinhood’s biggest fine
The hefty punishment is by no means the first financial penalty handed down to Robinhood.
In June last year, the app was ordered to pay around $70 million in penalties by the Financial Industry Regulatory Authority (FINRA) following widespread system outages and what it called “misleading communication and trading practices.”
The authority said that Robinhood gave users false information on issues including whether they could place trades on margin, how much cash was in their accounts, buying power or “negative buying power,” the risks they faced in certain options transactions, and whether they faced margin calls.
Tragically, one Robinhood customer who had turned margin “off,” took his own life in June 2020. In a note, he said he was confused about how he could have used margin to purchase securities.
Thousands of other Robinhood customers lost somewhere in the region of $7 million due to the company’s misleading statements.