Robinhood Markets disclosed in a regulatory filing its cryptocurrency platform might face a penalty of “at least” $10 million from the New York State Department of Financial Services (NYDFS) for anti-money laundering (AML) and cyber-security failures.

In July 2020, the NYDFS issued an examination report of Robinhood Crypto (RHC), in which it cited a number of “matters requiring attention” regarding AML and cyber-security, the online stock-trading platform stated in a July 1 filing. The matter was subsequently referred to the NYDFS’s Consumer Protection and Financial Enforcement Division.

In March, the NYDFS informed RHC of certain alleged violations of applicable AML and New York banking law requirements, “including the failure to maintain and certify a compliant anti-money laundering program, notification provisions under RHC’s Supervisory Agreement with NYDFS, and cybersecurity and virtual currency requirements, including certain deficiencies in our policies and procedures regarding risk assessment, lack of an adequate incident response and business continuity plan, and deficiencies in our application development security,” Robinhood stated.

The NYDFS indicated to RHC it would seek to appoint an independent consultant in addition to the potential monetary penalty. RHC is cooperating with the regulator.

Robinhood added it “cannot predict … whether these discussions will result in a resolution of this matter.” Last week, the firm was hit with a record-breaking $70 million in penalties by the Financial Industry Regulatory Authority regarding supervisory failures.