U.S. Securities and Exchange Commission fines two Robinhood broker-dealers USD 45 million for reporting, recordkeeping, cybersecurity and Regulation SHO breaches

The U.S. Securities and Exchange Commission (SEC) issued an order finding that Robinhood Securities LLC and Robinhood Financial LLC violated more than 10 provisions of federal securities laws and agreed to pay USD 45 million in combined civil penalties to settle the charges. The settlement includes censure, admissions of certain findings, a required internal audit focused on off-channel communications compliance, and a remediation certification by Robinhood Securities tied to Regulation SHO deficiencies. The order cites failures spanning suspicious activity reporting (January 2020 to March 2022), identity theft protections (April 2019 to July 2022), and addressing a known remote-access cybersecurity vulnerability (June 2021 to November 2021) that preceded unauthorized access in November 2021 and the download of information relating to millions of individuals. It also identifies longstanding recordkeeping and data retention shortcomings, including failures to preserve electronic communications, retain core operational databases in a way that protected required records from deletion or modification, and maintain certain customer communications (2020 to 2021). Separately, Robinhood Securities was found to have provided incomplete or inaccurate electronic blue sheet data for more than five years and to have violated Regulation SHO in connection with stock lending and fractional share trading programs (May 2019 to December 2023), including close-out, order-marking, and locate requirements; it agreed to pay USD 33.5 million, while Robinhood Financial agreed to pay USD 11.5 million. Both firms must conduct an internal audit on off-channel communications compliance, and Robinhood Securities must certify remediation of the deficiencies that caused the Regulation SHO violations.