The crypto division of Robinhood Markets, Inc. has been ordered to pay US$30 million to resolve allegations that it violated banking laws in New York stemming from failures in its anti-money laundering (AML) procedures and cyber defences.

New York’s Department of Financial Services (DFS) issued an order settling allegations with Robinhood Crypto LLC. In addition to the monetary penalty, the firm was ordered to hire an independent consultant to review its compliance remediation efforts.

Following a supervisory exam and an investigation, the DFS found that the firm’s AML compliance program had “significant deficiencies.” These included inadequate staffing, using a transaction monitoring system that was insufficient for its size and transaction volumes, and failing to devote the resources needed to address compliance risks.

The department also found critical failures in the firm’s cybersecurity program: it didn’t fully address its operational risks, the DFS said, and didn’t fully comply with DFS regulations in this area.

“All of these deficiencies resulted from what the department found were significant shortcomings in the management and oversight of [the firm’s] compliance programs, including a failure to foster and maintain an adequate culture of compliance,” it said.

“As its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance — a failure that resulted in significant violations of the department’s anti-money laundering and cybersecurity regulations,” said Adrienne Harris, the state’s superintendent of financial services, in a release.

Cheryl Crumpton, associate general counsel for Robinhood Markets Inc., said in a statement, “We are pleased the settlement in principle reached last year and previously disclosed in our public filings is now final. We have made significant progress building industry-leading legal, compliance, and cybersecurity programs, and will continue to prioritize this work to best serve our customers.”