Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Rules

Robinhood settles with Mass. regulator over its ‘gamification’ features

Image of a phone showing the Robinhood app.
Photo: Smith Collection/Gado/Getty Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Robinhood will overhaul its practices to resolve allegations that it encouraged inexperienced investors to place risky trades.

Online brokerage Robinhood has agreed to pay a $7.5m fine and retool its practices to resolve allegations by Massachusetts’ securities regulators that it encouraged everyday investors to place risky trades.

Massachusetts Secretary of State Bill Galvin filed an enforcement action in 2020 alleging Robinhood’s app-based service used gamification strategies that treated trading like a video game to lure young and inexperienced customers into placing risky trades.

The conduct described in the state’s complaint occurred between December 1, 2017 and the order date of January 18, 2024.

Robinhood customer, median age 31

The consent order states that the median age of a Robinhood customer was approximately 31 years (at the time the state’s complaint was drafted) and the order says: “Robinhood’s advertising attracted younger individuals, many of whom had limited or no investment experience.” About half of Robinhood’s customers were first time investors, and the median customer account size at Robinhood was approximately $240.

The attraction for younger and less experienced investors was only compounded by the fact that Robinhood is a broker-dealer offering commission-free trading of stocks, exchange-traded funds and options.

These strategies included having images of confetti rain down on the screen following the placement of a first trade and push notifications in certain instances to attract the user’s attention.

Digital engagement features

Robinhood developed digital engagement features and prompts, but did not implement procedures reasonably designed to supervise these features and prompts in a manner necessary to protect customers in Massachusetts, the securities division said.

Some of those features included:

  • push notifications sent to certain customers regarding specific changes in the value of stocks held in their accounts;
  • a one-time push sent to some customers after funding an account that included a flexing bicep emoji and, upon clicking the push notification, a redirection to a “top movers” list;
  • a one-time push notification sent to some customers after funding an account that directed them to a “100 Most Popular” list after clicking on the push;
  • a pretend scratch-off ticket image feature that mimicked the motion of “scratching off” a lottery ticket to reveal what was called a possible free stock in a profitable, large company (when there was low probability of receiving shares in those companies);
  • the ability for customers to improve their positions on an early-access waitlist by “tapping” a digital representation of a debit card displayed in the app up to 1,000 times a day.

The securities division noted that Robinhood stopped using these features in either 2021 or 2022, depending on the feature.

Inexperienced traders

Galvin’s office highlighted how many inexperienced investors use the platform to execute trades – and to do so frequently. As described in its complaint, the state said:

  • over 200 Robinhood customers with no self-reported investment experience averaged at least five trades per day on Robinhood’s trading platform;
  • at least 25 of these inexperienced customers made at least 15 trades per day, with at least 10 making an average of 25 trades a day; and
  • some of the 25 inexperienced customers noted above averaged 58 to 92 trades per day, with those 25 combining to make 125,790 trades during the relevant time period in the complaint.

Technology infrastructure

Galvin’s office also noted in its consent order that Robinhood experienced several outages or disruptions on its trading platform from January 1, 2020, through November 30, 2020.

These disruptions affected the ability of Robinhood customers to access their accounts and purchase and sell securities and indicated that the company’s trading platform “was not sufficient to support the rapidly increasing trading volume” taking place in the market at various points in that time period, the order states.

Some of the 25 inexperienced customers averaged 58 to 92 trades per day, with those 25 combining to make 125,790 trades during the relevant time period in the complaint.

It also notes how an unauthorized third party was able to obtain a bulk file containing the names, email addresses and/or telephone numbers for at least 117,763 individuals who had previously given Robinhood a Massachusetts address. (This occurred by means of a social engineering attack involving “caller ID spoofing” – in this instance, calling a Robinhood agent’s personal phone and purporting to be a Robinhood human resources employee.)

The consent order notes how the agent had not yet completed annual security training which included topics specifically designed to protect against social engineering tactics.

Fiduciary duty

In March 2020, Massachusetts implemented a fiduciary duty rule that raised the investment-advice standard for brokers operating in the state. Galvin’s office filed the first enforcement action under a state fiduciary duty rule against Robinhood – the case at issue here.

Robinhood denied wrongdoing and went to court to challenge the fiduciary duty rule, losing in two rounds.

It’s last judicial resort would have been an appeal to the US Supreme Court. But it chose to settle, as outlined here.

Resolution

Robinhood has already removed the engagement features noted above and has agreed to add disclosures on its platform based on Robinhood data and not related to overall market data.

And it agreed to engage an independent compliance consultant to help review its platforms’ customer-facing features, sufficiency of disclosures, accuracy of educational materials and policies and procedures around its digital engagement practices, particularly as it pertains to customers who self-identify as having limited to no prior trading experience.

With regard to information security, among other things, the company must review the sufficiency of user-access controls – especially those controls on user ability to download third-party software – and review the sufficiency of the process for employees to report breaches.

Within 90 days of the entry of the consent order, Robinhood must submit a report to the securities division containing the findings of its comprehensive review and recommendations for changes.

Lucas Moskowitz, Deputy General Counsel and Head of Government Affairs at Robinhood Markets, Inc., said Thursday in a statement that the settlement “resolves historical matters dating back to 2021 that do not reflect Robinhood today. We’ve invested heavily in strengthening how we supervise our technology and system controls, ensuring platform stability, and enhancing cybersecurity policies and practices.”

And Secretary Galvin said: “While I’m happy that this case with Robinhood has finally been resolved, I’m most grateful that after being thoroughly tested in court, the Massachusetts Fiduciary Rule remains the law of the land.”

, , ,

You may also like