Robinhood settles with Massachusetts regulator over gamification and cybersecurity issues, agreeing to a $7.5M fine & more. Robinhood Financial, LLC, has reached a settlement with Secretary of the Commonwealth William F. Galvin over a case filed in 2020 regarding the online trading platform’s use of gamification strategies. As part of the settlement, Robinhood will pay a $7.5 million administrative fine and undertake a comprehensive overhaul of its digital engagement practices.
The consent order, filed with Galvin’s Securities Division, resolves administrative complaints filed in 2020 and 2021. It also addresses issues stemming from an additional investigation into a 2021 data security breach affecting Massachusetts customers.
Galvin’s office has raised objections to the gamification tactics employed by Robinhood to attract and manipulate customers on its platform. The consent order specifies that Robinhood has utilized features like confetti animation, digital scratch tickets, free stock rewards, and other game-like elements to encourage user interaction. Additionally, the platform employed push notifications and “most popular” lists to promote frequent trading.
Robinhood Settles 2020 Case with Massachusetts Regulator
Despite Robinhood discontinuing many gamification tactics following complaints by the Securities Division, the settlement ensures that, for Massachusetts customer accounts, the platform will refrain from using celebratory imagery tied to trading frequency, push notifications highlighting specific lists, and features resembling games of chance. Robinhood must also incorporate disclosures into its lists and enlist an independent compliance consultant to assess remaining digital engagement practices.
A noteworthy aspect of the consent order addressed serious cybersecurity concerns arising from a November 2021 data security breach affecting approximately 117,000 Massachusetts customers. The breach occurred due to an unauthorized third party exploiting a voice phishing scam, leading an agent to download and run third-party remote access software on a Robinhood-issued laptop. Robinhood devices failed to prevent the installation of such unauthorized software.
Compounding the issue, the agent, lacking proper guidance on reporting critical breaches, struggled to contact Robinhood for nearly an hour. After repeated attempts, the agent encountered silence, automated messages, and even an internal bot named “Halp.” Robinhood, admitting to the facts outlined in the consent order, has agreed to an independent review of its cybersecurity policies.
The consent order filing precedes Robinhood’s deadline to appeal the Massachusetts Supreme Judicial Court’s August 2023 decision. However, as part of the settlement, Robinhood has agreed not to seek an appeal and will dismiss, with prejudice, the litigation pending in Suffolk Superior Court.
Also, stay updated with the Latest Broker News.