The fine is due to an alleged violation of cybersecurity and anti-money laundering regulations.
According to the regulator, the Bank Secrecy Act and anti-money-laundering compliance programs at Robinhood were “insufficiently staffed.”
Adrienne A. Harris, the Superintendent of Financial Services, said:
As its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance—a failure that resulted in significant violations of the Department’s anti-money laundering and cybersecurity regulations
The NYDFS stated there were critical failures in the company’s cybersecurity program that failed to address its “operational risks” fully.
Specific policies within the program were not in full compliance with several provisions of the Department’s Cybersecurity and Virtual Currency Regulations.
Meanwhile, Robinhood is also alleged to have failed in compliance with consumer protection requirements as it did not have a dedicated phone number on its website for consumer complaints and violated reporting requirements.
Besides the $30 million fine, the company will also have to hire an independent consultant to evaluate its compliance with NYDFS regulations. In addition, the consultant will determine if the company’s remedies to the “identified deficiencies and violations” are sufficient.
In 2021, Robinhood revealed that it expected a $30 million fine from the Department after investigations in 2020 showed that the company grossly violated regulatory requirements.
The company has paid regulators $100 million in fines in the last two years. In 2021, Financial Industry Regulatory Authority (FINRA) fined it $70 million for lack of consumer protection.