Lessons From AML Judgment For Robinhood

Crypto, GameStop, and AMC have been all the rage lately, attracting big institutions in addition to a swarm of retail investors. This overwhelming increase in investors has translated to big profits for exchanges by way of commissions, thereby leading to an explosion of fintech companies. One of the most notable companies born of this environment is Robinhood and Robinhood Crypto.

Robinhood is a platform that enables its users to dabble in the stock market for free. It makes money from earning interest on top of the money that sits idle in its customer’s accounts. The market makers also pay Robinhood fees for executing the orders placed by its customers.

To top the race in the emerging fintech companies, Robinhood had to cut corners where it shouldn’t have. They were careless in terms of customer sign-ups and background verification. They automated most of the process with inefficient bots, violating Anti-Money Laundering (AML) and cybersecurity regulations. This led them to trouble with regulators. In this article, we explore some of the key takeaways for other fintech start-ups regarding the maintenance of AML and cybersecurity laws.

Filing More Suspicious Activity Reports (SARs)

According to the New York State Department of Financial Services (NYDFS), during examinations by the regulator in 2019, it was found that only two SARs were filed. Low SARs reports attract a thorough and deeper search by the examiner.

Avoiding Arbitrary Thresholds

There is a threshold for transactions, over which exception reports are generated so further scrutiny can occur. In the case of Robinhood, a very high arbitrary number was assigned as the threshold amount without due process to arrive at said number. In a well-run, AML-regulated program, there is no room for such guesswork.

Documenting SARs Escalation

NYDFS found inadequacy in maintaining records for SARs escalation processes at Robinhood. There must ideally be proper documentation in case of escalations. The documentation should include information about the reason for escalation, documents supporting it, investigation standards, the process for due diligence and time frames for all the processes.

The Illusion of Authority

Although Robinhood Crypto relied on an affiliate organization for its compliance program, the Chief Officer for the same unit reported to the Product Operations Director rather than a Legal or Compliance Executive. The officer did not partake in any formal reporting to the Board of Directors or any independent audits. In other words, the compliance officer just had the illusion of authority, and the upper management gave no heed to the compliance unit. This illusion of authority presents a risk to AML officers.

Parent and Subsidiary Companies to Have Separate Tailored AML Programs

The monitoring system for Robinhood Crypto was mainly manual, and no automation was done for the same despite the large volumes of transactions. The lack of such regulatory actions serves as a reminder that the parent and subsidiary companies should have separate AML programs. Policies, procedures, monitoring systems, personnel, and escalations should be tailored to the organization’s specific needs despite being subsidiary to a larger one.

Takeaway

The Robinhood case study highlights all the necessary lessons to form an effective compliance and regulatory function within an organization. The heads of software development, customer service, cybersecurity, sales and marketing — and, yes, compliance, all need consensus on handling bots, or else these bots will end up controlling you.