As interest in cryptocurrencies (“crypto”) continues to rise, businesses and investors are left wondering what regulations they must follow. While a broad regulatory framework is still nonexistent for the crypto industry, the New York State Department of Financial Services (“DFS”) recently imposed a $30 million fine on Robinhood Crypto, LLC (“Robinhood”), a wholly-owned crypto trading unit of Robinhood Markets Incorporated, for failing to comply with New York anti-money laundering (“AML”) and cybersecurity regulations. This is the first time DFS has taken enforcement action against a crypto company. In making the announcement, the Superintendent of DFS, Adrienne Harris, stated, “[a]ll virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies.” Superintendent Harris made it clear that while this may be the first such action against a crypto company, it will not be the last. DFS expects crypto companies to invest in compliance programs like traditional financial institutions.
In the DFS Consent Order, DFS took issue with several aspects of Robinhood’s compliance program Specifically, Robinhood failed to devote sufficient funds and resources to its compliance program, its Chief Compliance Officer lacked “commensurate experience to oversee a compliance program such as [Robinhood’s]” and did not participate adequately in the implementation of Robinhood’s automate software compliance program,  and Robinhood overly relied on the compliance program of its parent and affiliate despite those compliance programs were not compliant with New York State’s regulations. Moreover, Robinhood failed to adequately evaluate “potentially suspicious transactions in order to determine whether a [Suspicious Activity Report] should be filed.” DFS noted that as of October 26, 2020, Robinhood had a backlog of 4,378 potentially suspicious transaction alerts.
While Robinhood may have had a compliance program on paper, DFS made it clear that it is focused on the execution of such programs. One thing is clear: the DFS Consent Order indicates that regulatory and enforcement agencies are starting to take action against the crypto industry. Common sense, sound legal advice, and diligence will help any business or investor navigate this market as state and federal agencies begin to enforce traditional financial services regulations on the industry.
 In the Matter of Robinhood Crypto, LLC, Dep’t of Fin. Servs. (Aug. 1, 2022), https://www.dfs.ny.gov/system/files/documents/2022/08/ea20220801_robinhood.pdf.
 DFS Superintendent Harris Announces $30 Million Penalty on Robinhood Crypto for Significant Anti-Money Laundering, Cybersecurity & Consumer Protection Violations, Dep’t of Fin. Servs., https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202208021 (last visited Sept. 19, 2022).
 Id. at ¶¶ 36-41.
 Id. at ¶ 36.
 Id. at ¶ 6.
 Id. at ¶ 37.
Tags: Banking, cryptocurrency, Digital Assets, Joseph Pastore, Tyler Rutherford
SEC Proposes Change to Cybersecurity Reporting Requirements for Public Companies
Will Delaware Order Elon Musk to Perform?