New York Nabs $30M From Robinhood Crypto in Regulatory FineTrading Platform Had Poor Cybersecurity and Anti-Money Laundering Controls
Smartphone investing app Robinhood Markets will pay New York financial regulators $30 million to settle findings that its cryptocurrency trading division had poor cybersecurity and failed to monitor for illegal transactions.
The New York Department of Financial Services says an audit conducted during most of 2019 of Robinhood Crypto revealed an understaffed cybersecurity operation that lacked adequate risk assessment procedures. The company's incident response plan lacked a process for notifying regulators and law enforcement in the event of an incident, the state reveals in the consent order ending the matter.
Regulators say the trading platform throughout 2020 also had a substantial backlog in evaluating suspicious transactions for potential fraud or money laundering. By late October, the pile of unevaluated transactions climbed up to nearly 4,400.
As part of the settlement agreement, Robinhood will engage an independent consultant for the next year and a half to monitor remediation efforts. Robinhood is publicly traded; it's most recent quarterly filing shows 15.9 million monthly active users and $19.7 billion in cryptocurrency assets under custody.
"Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance," says Adrienne Harris, New York superintendent of financial services. All virtual currency companies licensed in New York are subject to the same anti-money laundering, consumer protection and cybersecurity regulations as traditional financial services companies, she says.
In a statement, Robinhood associate general counsel Cheryl Crumpton says the company has made significant progress in building out its compliance programs. "We remain proud to offer a more accessible, lower-cost platform to buy and sell crypto," she says.