Robinhood's crypto unit hit with $30m fine over security, anti-crime misses
And just lays off about a quarter of staff
Updated Robinhood's cryptocurrency operations has been formally fined $30 million for violating New York's anti-money-laundering and cybersecurity regulations.
According to the US state's Department of Financial Services on Monday, Robinhood Crypto didn't hire sufficient staff and didn't invest in other resources for its anti-money-laundering and cybersecurity compliance programs. A subsequent investigation found Robinhood's transaction monitoring system had "significant deficiencies," and it didn't sufficiently train its employees, the watchdog noted.
Despite these failings, the financial firm "improperly certified compliance" with New York's transaction monitoring and cybersecurity rules, according to the department.
Robinhood also, it is said, failed to comply with some consumer protection requirements by not maintaining a dedicated phone number on its website and violated some reporting requirements.
"As its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance — a failure that resulted in significant violations of the Department's anti-money laundering and cybersecurity regulations," New York's Superintendent of Financial Services Adrienne Harris said.
"All virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies," she added.
In addition to paying the $30 million penalty to end the matter and avoid further action, Robinhood Crypto also agreed to hire an independent consultant to evaluate its compliance with the state's regulations, according to a settlement [PDF] publicized today.
- Robinhood hit with record $70m bill by financial watchdog for outages, misleading investors
- Investment app Robinhood: Extortionist tricked our support desk and made off with customer information
- Lawsuit accusing Robinhood and Citadel Securities of colluding to stop GameStop shares from skyrocketing thrown out by judge
- Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks
"We are pleased the settlement in principle reached last year and previously disclosed in our public filings is now final," Cheryl Crumpton, associate general counsel of litigation and regulatory enforcement at Robinhood Markets, said in an emailed statement to The Register.
Crumpton is referring to a filing with the US Securities and Exchange Commission from last year, in which Robinhood disclosed the multi-million-dollar fine before the company went public.
"We have made significant progress building industry-leading legal, compliance, and cybersecurity programs, and will continue to prioritize this work to best serve our customers," Crumpton continued.
"We remain proud to offer a more accessible, lower-cost platform to buy and sell crypto and are excited to continue to grow our business in a responsible manner with new products and services that our customers want."
The $30 million fine comes a little more than a year after another watchdog hit Robinhood with a $70 million bill for causing investors to lose millions of dollars due to misleading financial information and system outages.
In June 2021, the US Financial Industry Regulatory Authority ordered the biz to cough up $57 million in fines plus pay back $12.6 million to customers to cover their losses with interest. That year, Robinhood recorded $1.8 billion in revenues, up 89 percent in 2020, which it managed to turn into a $3.7 billion net loss. ®
Updated to add
Soon after this story was published, Robinhood CEO Vlad Tenev announced he was cutting staff by 23 percent, or about 900 people.
"While employees from all functions will be impacted, the changes are particularly concentrated in our operations, marketing, and program management functions," he said.
The biz axed nine percent of its workforce earlier this year. "This did not go far enough," Tenev said.
"Since that time, we have seen additional deterioration of the macro environment, with inflation at 40-year highs accompanied by a broad crypto market crash. This has further reduced customer trading activity and assets under custody."
And as such, with this downturn in transactions and holdings, fewer workers are needed than expected, hence today's layoffs.
Robinhood also announced its second-quarter [PDF] financial results today. Revenue for the three months was down 44 percent year on year to $318 million, and up six percent sequentially. This turned into a net loss of $295 million, better than the year-ago's half-billion-dollar loss.
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Remote Access Trojan
- RSA Conference
- Trusted Platform Module
- Zero trust