On 13 January 2025, the United States Securities and Exchange Commission (US SEC) published order instituting administrative and cease-and-desist proceedings, pursuant to sections 15(b) and 21c of the United States Securities Exchange Act of 1934, making findings, and imposing remedial sanctions and a cease-and-desist order civil penalties totalling US$45 million against Robinhood Securities LLC and Robinhood Financial LLC for multiple violations of federal securities laws. This enforcement action addresses lapses in their brokerage operations, including trading activity reporting, regulatory compliance, recordkeeping, and safeguarding customer information.
The US SEC’s investigation revealed a series of violations by Robinhood firms between 2018 and 2024, including delays in filing suspicious activity reports, inadequate identity theft prevention measures, improper handling of off-channel communications, and deficiencies in cybersecurity safeguards. Robinhood Securities was specifically penalised for breaches related to electronic blue sheet data, fractional share trading, and non-compliance with Regulation SHO, rules designed to prevent abusive short selling practices.
From January 2020 to March 2022, Robinhood failed to promptly investigate and report potentially suspicious activities flagged in its systems. Moreover, a cybersecurity vulnerability exploited in November 2021 resulted in unauthorised access to sensitive customer information, impacting millions of individuals. The firms also failed to preserve required brokerage data, including communications and customer notifications, due to operational deficiencies.
The US SEC order also detailed that Robinhood Securities submitted over 11,849 incomplete or inaccurate electronic blue sheets, misreporting data for 392 million transactions over five years. Additionally, Robinhood violated order-marking and close-out requirements for short sales under Regulation SHO, mislabelling millions of transactions and failing to maintain compliance systems.
In response to the US SEC’s findings, Robinhood Securities agreed to pay $33.5 million in penalties, while Robinhood Financial consented to $11.5 million fine. Both firms admitted to certain violations and agreed to undertake comprehensive internal audits to address deficiencies in compliance with communication, data retention, and cybersecurity standards. Robinhood Securities is also required to certify its remediation of Regulation SHO-related shortcomings.
These penalties were imposed following an extensive investigation by US SEC offices in New York and San Francisco, with assistance from the Financial Industry Regulatory Authority (FINRA). The penalties come more than a decade after Robinhood’s launch as a disruptive trading platform.
(Source: https://www.sec.gov/files/litigation/admin/2025/34-102170.pdf, https://www.sec.gov/newsroom/press-releases/2025-5)
