In the year On August 2, 2022, the New York State Department of Financial Services (“DFS”) announced that Robinhood Crypto LLC (“RHC”), which allows customers to trade cryptocurrencies, has agreed to pay a $30 million fine. Settlement of “significant” deficiencies in compliance with New York State anti-money laundering and cybersecurity regulations. In addition to the penalty, the contract requires RHC to hire an independent consultant to review the company’s improvement efforts and compliance with DFS regulations. The RHC did not believe the allegations contained in the consent order.
As described in the DFS Consent Order, New York State law requires financial institutions to maintain an effective anti-money laundering (“AML”) program and to design and implement reasonably designed systems to detect and report suspicious activity and block illegal transactions. It works for entities working in cryptocurrency. 23 NYCRR § 200.15 (b), (d) Under 3 NYCRR § 417.2, “licensed money transmitters” are required to establish, implement, and maintain effective AML programs, including: internal policies, procedures, and controls reasonably designed to prevent money laundering; and Accurate, complete, and timely reports of suspicious activity. 3 NYCRR § 417.2. Finally, according to DFS, the Transaction Control Rule requires certain DFS-regulated entities to have appropriately designed transaction monitoring and sanctions screening programs, based on the entity’s risk assessment, to be able to monitor the entity’s transactions for BSA/s. Reporting AML violations and suspicious activity and terminating transactions prohibited by the US Treasury’s Office of Financial Assets Supervision. 23 NYCRR § 504.3(a), (b).
The DFS allegations against RHC stemmed from a 2020 regulatory investigation and subsequent investigation that led DFS to discover “significant deficiencies” in the trading platform’s crypto AML program, such as inadequate staffing, inadequate resources and a manual trading control system that was not suitable for the fast-growing trading platform. Crypto trading volume. Specifically, DFS alleges that RHC’s crypto business “did not have sufficient BSA/AML personnel” with the appropriate skill level to support the company’s AML program, as evidenced by its “significant backlog.” . . Reviewing potentially suspicious transactions. As of September 30, 2019, the company said it averaged “106,000 transactions” as of September 30, 2019. Regarding the platform’s cyber security program, such as lack of in-house staff and insufficient coverage of the company’s various operations, among others. The DFS said in the consent order, however, that the RHC had taken some corrective measures after the investigation concluded in 2020.
This is DFS’s first settlement with an entity operating in the cryptocurrency market and, along with other recent decisions, suggests regulators are interested in bringing “first-time” enforcement action in this space. As the regulatory landscape surrounding cryptocurrency continues to emerge and sharpen, companies operating in cryptocurrency must carefully monitor these settlements and evaluate their own compliance programs accordingly.