"Robinhood Crypto Penalized $30M for Violating NY Cybersecurity Regulations"

The cryptocurrency division of Robinhood has been handed a $30 million penalty by New York's Department of Financial Services for significant violations of cybersecurity and money laundering regulations. The $30 million penalty adds to many problems at Robinhood, ranging from security breaches to ongoing layoffs to a massive crash in its public market valuation. According to the Department of Financial Services in New York, Robinhood Crypto "failed to invest the proper resources and attention to develop and maintain a culture of compliance – a failure that resulted in significant violations of the Department's anti-money laundering and cybersecurity regulations." The department found critical failures in Robinhood Crypto's cybersecurity program. The department noted that the program did not fully address RHC's operational risks, and specific policies within the program were not in full compliance with several provisions of the Department's Cybersecurity and Virtual Currency Regulations. The department also found "significant deficiencies" in Robinhood's compliance program and transaction monitoring system, noting that they were inadequately staffed and did not have sufficient resources to adequately address risks specific to Robinhood Crypto. Robinhood Crypto was also criticized for improperly certifying to the New York authorities that its transaction-monitoring and cybersecurity regulations were in compliance despite the violations and deficiencies. The Robinhood Crypto also did not publicly provide a dedicated phone number to field customer complaints, which violates the rules. In addition to the $30 million penalty, the company will also be required to retain an independent consultant for a comprehensive evaluation of Robinhood Crypto's compliance with the regulations and fixing the identified deficiencies and violations as part of the settlement. In September 2021, Robinhood suffered a data security breach that exposed the names and email addresses of millions of users of its stock trading platform.

SecurityWeek reports: "Robinhood Crypto Penalized $30M for Violating NY Cybersecurity Regulations"