Updated: Aug 16, 2022
On August 8, 2002, The New York State Department of Financial Services (NYDFS) fined a $30 million penalty against Robinhood's crypto division for major anti-money laundering (AML) Compliance failure and cybersecurity program deficiencies.
This is NYDFS’s first crypto enforcement action by the regulator claiming Robinhood Crypto violated its Bank Secrecy Act and Anti-Money Laundering Program (BSA/AML Program) and Cybersecurity Program.
According to Superintendent Harris, “As its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance—a failure that resulted in significant violations of the Department’s anti-money laundering and cybersecurity regulations,”
These deficiencies resulted from “significant shortcomings” in how the firm managed and oversaw its compliance programs with inadequate compliance culture and resources allocated.
BSA/AML Compliance Program
Robinhood Crypto’s compliance meltdown resulted to a number of violations such as Department’s Virtual Currency Regulation, Money Transmitter Regulation, Transaction Monitoring Regulation, and Cybersecurity Regulation. The lack of a proper robust compliance oversight and management was due to a weak BSA/AML program in place which lead to failures such as:
· An inadequate AML Compliance structure
· Inefficient BSA/AML Compliance and Transaction Monitoring
· Risk Assessments
Robinhood Crypto did not have adequate resources and compliance support and mostly relied on manual transaction monitoring throughout 2019 and 2020 on top of its many cybersecurity program deficiencies.
Unfortunately, some FinTechs and Crypto firms still neglect the importance of a strong and robust BSA/AML compliance program consistent with implementation of appropriate regulatory technology to mitigate ongoing financial crime risks while satisfying all compliance requirements and regulatory expectations for a BitLicense holder.
According to the New York State Department of Financial Services (DFS),
“All virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies. DFS will continue to investigate and take action when any licensee violates the law or the Department’s regulations, which are critical to protecting consumers and ensuring the safety and soundness of the institutions.”
FinTechs need a robust BSA/Compliance Program with a special risk-based approach as they provide businesses and consumers with platform technology and innovative products. Failure to implement a comprehensive AML Compliance program and prepare effectively a compliance roadmap and culture can expose FinTechs to not only regulatory scrutiny but also to any potential civil or criminal liability.
Five Pillars of BSA/AML Compliance
The AML Compliance program must be developed around the five pillars of BSA/AML compliance:
1. System of internal controls
2. Designated BSA compliance officer or individual responsible for day-to-day compliance
3. Appropriate personnel training
4. Independent testing
5. Appropriate risk-based procedures for conducting ongoing customer due diligence – CDD rule
Need help with your AML Program?
Here at UGR, we are established compliance professionals that have helped more than 30 FinTechs navigate with success regulations, compliance and AML/KYC requirements needed in their growth journey. We have some of the finest industry experts covering multiple jurisdictions and work with the best digital asset compliance solutions in the industry to meet all your requirements. Our Compliance As a Service (CaaS) allows you to plan, prioritize, and execute against strategic compliance projects and technology initiatives while matching your budget and pay as you need.