Robinhood has agreed to pay $45 million to resolve multiple charges brought by the U.S. Securities and Exchange Commission (SEC) involving its brokerage operations.

According to the SEC’s findings, Robinhood Securities and Robinhood Financial failed to investigate suspicious transactions promptly and lacked adequate procedures to protect customers from identity theft. Additionally, the firms did not address a significant cybersecurity vulnerability, which led to the unauthorized download of millions of remote-access customer accounts, exposing users to heightened security risks.

Further violations included Robinhood’s failure to comply with federal recordkeeping laws by not preserving electronic communications and core operational databases in a manner that prevented deletion or modification for legally required timeframes. The SEC also cited failures in accurately reporting trading activity, complying with short sale regulations, and submitting timely suspicious activity reports. Acting SEC Division of Enforcement Director Sanjay Wadhwa emphasized that broker-dealers must fulfill their legal obligations to safeguard market integrity and investor protection, noting that Robinhood’s systemic regulatory shortcomings compromised these principles.

The settlement does not mark the end of Robinhood’s regulatory challenges. In May 2024, the firm received a Wells notice from SEC staff recommending enforcement action against its cryptocurrency business, signaling continued scrutiny of its operations. The latest penalties highlight the critical need for robust compliance measures as the brokerage industry navigates evolving regulatory landscapes.