July was a hot month for crypto enforcement, but August is off to a hot start in its own right. On August 2, 2022, the New York State Department of Financial Services (the “Department”) issued a Consent Order with Robinhood’s crypto division for failing to comply with state regulations governing money laundering and cybersecurity. As a result, Robinhood Crypto will pay a $30 million penalty.
The NYSDFS Consent Order indicates that as a result of “a safety and soundness examination,” serious deficiencies were discovered, prompting an enforcement investigation into the various compliance failures related to anti-money laundering, cybersecurity, and virtual currency regulations. As Superintendent of Financial Services, Adrienne A. Harris, described it in announcing the penalty, “Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance—a failure that resulted in significant violations of the Department’s anti-money laundering and cybersecurity regulations.”
The Department claimed that two broad categories of Robinhood's crypto compliance regimen were lacking: (1) an effective BSA/AML program with adequate transaction monitoring systems; and (2) compliance with the Department’s Cybersecurity Regulations. As the Consent Order puts it, the deficiencies were “exacerbated by a lack of prominence” for Robinhood Crypto compliance within the broader organization, and Robinhood Crypto played no meaningful role in compliance efforts at the entity level.” Simply put, the Department viewed Robinhood Crypto’s compliance regimen as lagging way behind the growth of the company.
This news comes on the heels of a recent SEC Complaint alleging that a former Coinbase employee engaged in an insider trading scheme involving nine cryptocurrency tokens listed on Coinbase. The SEC Complaint was a significant enforcement event in the crypto space because it was the first time the agency classified cryptocurrencies as securities. It is yet to be seen what the SEC Complaint means for those cryptocurrency issuers and the exchanges that list those tokens for sale.
Although the SEC Complaint grabbed may be the story of the summer, the Consent Order involving Robinhood Crypto is a great reminder that compliance matters.
Robinhood Crypto, LLC (“RHC”) will pay a $30 million penalty to New York State for significant failures in the areas of bank secrecy act/anti-money laundering (“BSA/AML”) obligations