Online stock trading platform and broker-dealer Robinhood Financial agreed to pay a $7.5 million fine as part of a settlement with the Commonwealth of Massachusetts addressing claims related to “gamification” of its platform and cybersecurity issues that lent to a 2021 data breach.
The agreement, announced Thursday, resolves administrative complaints filed against Robinhood in 2020 and 2021. The company began facing a surge of scrutiny regarding its practices early on during the Covid-19 pandemic, when the platform’s popularity increased.
The details: Massachusetts securities regulators took issue with game-like features on the Robinhood platform to encourage engagement, including the use of confetti animations, digital scratch tickets, and free stock rewards. It faulted the company for not implementing procedures reasonably designed to supervise the features in a manner necessary to protect customers.
In response to the complaint, Robinhood ceased use of many of the features, according to the commonwealth.
The second complaint alleged cybersecurity issues at Robinhood identified following a November 2021 data breach that affected approximately 117,000 customers in Massachusetts. It criticized the company’s internal controls for preventing a Robinhood agent from being able to report the breach in a timely manner.
Compliance considerations: The settlement requires Robinhood to overhaul its digital engagement practices. It must retain an independent compliance consultant to review its changes, along with the company’s cybersecurity policies and procedures.
Company response: A Robinhood spokesperson rejected the notion features on the app were “gamified” and said the company has made improvements to its related supervisory controls. The spokesperson also said the company enhanced its internal security controls, training, and threat detection capabilities in response to the 2021 breach.
“This settlement resolves historical matters dating back to 2021 that do not reflect Robinhood today,” said Lucas Moskowitz, deputy general counsel and head of government affairs at Robinhood Markets, in an emailed statement. “We’ve invested heavily in strengthening how we supervise our technology and system controls, ensuring platform stability, and enhancing cybersecurity policies and practices. We are pleased to put this matter behind us and move forward steadfast in our commitment to providing access to the markets for our Massachusetts customers.”