Robinhood Faces First Virtual Currency Business Enforcement Action

In what’s the New York Division of Monetary Companies’ (NYDFS) first enforcement motion towards a NYDFS-licensed “digital forex enterprise,” on August 1, 2022, the company announced $30 million settlement with cryptocurrency investing platform Robinhood Crypto, LLC (“RHC”).  The settlement addressed  fees stemming from what the NYDFS cited as numerous deficiencies throughout 2019-20 of RHC’s Financial institution Secrecy Act (BSA) and anti-money laundering (AML) program and RHS’ cybersecurity obligations beneath the company’s Digital Foreign money “BitLicense” regulation (23 NYCRR Half 200) and Cybersecurity Regulation (23 NYCRR Half 500), amongst different issues

NYDFS has been energetic in crypto regulation for a few years. In 2015, New York was the primary state to promulgate a complete framework for regulating digital currency-related companies. The keystones of the BitLicense laws are shopper safety, anti-money laundering compliance and cybersecurity guidelines which can be meant to put applicable “guardrails” across the trade whereas permitting innovation. As well as, NYDFS’s Cybersecurity Regulation went into impact in March 2017 and usually requires all lined entities, together with licensed digital forex companies, to ascertain and keep a cybersecurity program designed to guard the confidentiality, integrity, and availability of its info techniques. Licensed digital forex corporations are topic to the identical AML and cybersecurity laws as conventional monetary providers corporations.

In 2019 the NYDFS granted RHC’s application for a BitLicense. The BitLicense, together with a New York state cash transmitter license additionally granted on the time, approved Robinhood Crypto to supply providers for purchasing, promoting and storing numerous cryptocurrencies to New York residents. Total, NYDFS acknowledged that after conducting a supervisory examination and investigation, it discovered that RHC had “shortcomings within the firm’s administration and oversight of its compliance packages” and that insufficient staffing and assets have been dedicated to BSA/AML, transaction monitoring and cybersecurity compliance commensurate with its progress.  As such, the company discovered that RHC’s packages didn’t totally deal with RHC’s operational dangers, significantly these related to working a cryptocurrency buying and selling platform, and that particular insurance policies throughout the program weren’t in full compliance with NYDFS’s Cybersecurity and Digital Foreign money Rules.  Underneath the settlement, past the $30 million penalty, RHC might be required to retain an unbiased advisor to carry out a complete analysis of the RHC’s remediation and compliance efforts.

That is an energetic summer season at NYDFS for crypto developments.  The RHC settlement follows on the heels of final month’s release of a stablecoin guidance meant to set foundational standards for USD-backed stablecoins issued by DFS-regulated entities on the problems of redeemability, belongings reserves and attestations about such reserves.

Jonathan Mollod additionally contributed to this text.