Robinhood Crypto, LLC (RHC) entered a consent order on August 1, 2022 with the New York State Department of Financial Services (DFS). The consent order obligated RHC to pay a $30 million in fines for various anti-money-laundering regulatory violations. Attorneys at Steptoe have written an excellent summary of the order and its takeaways.
The consent order acknowledged that RHC had violated New York's virtual currency regulatory regime known as the BitLicense by failing to have an adequate Bank Secrecy Act / Anti-money laundering (BSA/AML) compliance program.
The consent order imposes a new Supervisory Agreement between RHC and DFS, subjects RHC to AML requirements as a "money transmitter" and related requirements related to transaction monitoring, filtering, and cybersecurity.
The consent order, which is DFS's first enforcement action under the BitLicense regime or against a digital currency business, offers several important takeaways for blockchain companies operating or seeking to operate in New York.
The Steptoe article concludes that the key takeaways are (1) the importance of scaling up compliance processes commensurate with business growth, (2) the risks of relying on compliance programs of affiliated entities, (3) the importance of well-developed reporting lines in compliance programs, and (4) the consequences of filing "improper" certifications under DFS's transaction monitoring and cybersecurity rules."
Many FinTech start-ups are unaware of the potential that their business model constitutes a "money transmitting business," both for state and federal regulatory purposes. FinCEN's "money service business" regulations require entities in that space to register themselves with FinCEN and to implement BSA/AML compliance programs. These compliance programs can be expensive for swiftly-growing companies to afford, but the expense of a regulatory violation can also be extreme.