Friday, August 19, 2022

Robinhood crypto unit expects $10m fine from New York regulators over cyber, anti-money laundering breaches


The cryptocurrency brokerage of Robinhood Markets Inc. expects to pay New York regulators a penalty of at least $10 million for allegedly violating state rules on cybersecurity and anti-money-laundering practices, the company said in filings last week.

The unit, Robinhood Crypto LLC, has reached a settlement in principle over a New York State Department of Financial Services investigation, the mobile investing firm said in the filing.

- Advertisement -

The eventual penalty could exceed $15 million, the company said in paperwork filed Thursday for its initial public offering. Any deal would also require the unit to engage an independent monitor, the company added.

NYDFS declined to comment on the talks, citing a continuing inquiry. Robinhood also declined to comment.

The disclosure comes as cybersecurity experts and U.S. regulators warn that criminal hacking groups could increasingly target critical infrastructure, including financial services firms, and hold computer systems hostage for ransoms in cryptocurrency. After recent hacks of Colonial Pipeline Co. and meatpacker JBS SA disrupted U.S. supply chains, the Biden administration said it would examine cryptocurrency’s role in fueling the ransomware economy.

- Advertisement -

New York regulators direct financial firms to maintain anti-money-laundering programs that include verifying customer information, responding to law enforcement requests and monitoring transactions for risks like violating sanctions. State rules also require such companies to build out cyber defenses and contingency plans to help limit the fallout of attacks.

NYDFS in March informed Robinhood’s crypto subsidiary of alleged violations of the rules, the company said in its regulatory filing with the Securities and Exchange Commission. The cyber notification highlighted “certain deficiencies in our policies and procedures regarding risk assessment, lack of an adequate incident response and business continuity plan, and deficiencies in our application development security,” the company said.

Robinhood warned investors last week that cyberattacks could hurt its bottom line. Last year, the company said some user accounts were compromised, with Bloomberg News putting the number at 2,000. Some users claimed in a class-action lawsuit in the U.S. District Court for the Northern District of California that attackers stole millions of dollars from their accounts. Robinhood moved to dismiss the suit, which is ongoing, and has said it will reimburse customers for money stolen in any hacks.

The SEC, the Financial Industry Regulatory Authority and New York state have since opened inquiries into account takeovers. It wasn’t clear if last year’s incident is tied to the proposed settlement in New York.

- Advertisement -

Robinhood has drawn the attention of regulators in recent months as retail investors have thrown cash into markets, sometimes speculating on so-called meme stocks of firms like GameStop Corp. and AMC Entertainment Holdings Inc. Last week, Finra said Robinhood had agreed to pay $70 million to resolve allegations that it misled customers, approved ineligible traders and failed to properly supervise its technology. The total comprised a $57 million fine and $12.6 million in compensation to customers.

The ongoing New York investigation isn’t the only state-level look into Robinhood Crypto. In April, the company said, the California attorney general’s office issued a subpoena of documents and information on the subsidiary’s trading platform and operations.

The attorney general’s office didn’t immediately respond to a request for comment. Robinhood said in SEC filings for its IPO that its crypto brokerage is cooperating with that investigation.

“We cannot predict the outcome of the investigation or any consequences that might result from it,” Robinhood said.


Get our daily notification on the latest financial crimes news around the World



This Week