Skip links

Robinhood’s crypto unit hit with $30m fine over security, anti-crime misses

Robinhood’s cryptocurrency operations has been fined $30 million for violating New York’s anti-money-laundering and cybersecurity regulations.

According to the US state’s Department of Financial Services, Robinhood Crypto didn’t hire sufficient staff and invest in other resources for its anti-money-laundering and cybersecurity compliance programs. A subsequent investigation found Robinhood’s transaction monitoring system had “significant deficiencies,” and it didn’t sufficiently train its employees, the watchdog noted.

Despite these failings, the financial firm “improperly certified compliance” with New York’s transaction monitoring and cybersecurity rules, according to the department. 

Robinhood also, it is said, failed to comply with some consumer protection requirements by not maintaining a dedicated phone number on its website and violated some reporting requirements.

“As its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance — a failure that resulted in significant violations of the Department’s anti-money laundering and cybersecurity regulations,” New York’s Superintendent of Financial Services Adrienne Harris said. 

“All virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies,” she added. 

In addition to paying the $30 million penalty to end the matter and avoid further action, Robinhood Crypto also agreed to hire an independent consultant to evaluate its compliance with the state’s regulations, according to a settlement [PDF] publicized today.

“We are pleased the settlement in principle reached last year and previously disclosed in our public filings is now final,” Cheryl Crumpton, associate general counsel of litigation and regulatory enforcement at Robinhood Markets, said in an emailed statement to The Register.

Crumpton is referring to a filing with the US Securities and Exchange Commission from last year, in which Robinhood disclosed the multi-million-dollar fine before the company went public. 

“We have made significant progress building industry-leading legal, compliance, and cybersecurity programs, and will continue to prioritize this work to best serve our customers,” Crumpton continued.

“We remain proud to offer a more accessible, lower-cost platform to buy and sell crypto and are excited to continue to grow our business in a responsible manner with new products and services that our customers want.” 

The $30 million fine comes a little more than a year after another watchdog hit Robinhood with a $70 million bill for causing investors to lose millions of dollars due to misleading financial information and system outages.

In June 2021, the US Financial Industry Regulatory Authority ordered the biz to cough up $57 million in fines plus pay back $12.6 million to customers to cover their losses with interest. That year, Robinhood recorded $1.8 billion in revenues, up 89 percent in 2020, which it managed to turn into a $3.7 billion net loss. ®