U.S. Markets open in 8 hrs 52 mins
  • S&P Futures

    +5.25 (+0.15%)
  • Dow Futures

    +44.00 (+0.16%)
  • Nasdaq Futures

    +10.00 (+0.09%)
  • Russell 2000 Futures

    +4.10 (+0.26%)
  • Crude Oil

    +0.19 (+0.49%)
  • Gold

    +4.10 (+0.22%)
  • Silver

    +0.16 (+0.63%)

    +0.0015 (+0.1301%)
  • 10-Yr Bond

    0.0000 (0.00%)
  • Vix

    +4.91 (+17.82%)

    +0.0016 (+0.1225%)

    -0.1040 (-0.0992%)

    +3.32 (+0.03%)
  • CMC Crypto 200

    -2.16 (-0.82%)
  • FTSE 100

    -68.27 (-1.16%)
  • Nikkei 225

    -101.00 (-0.43%)

Why Robinhood’s lack of urgency over hacked accounts remains problematic for users

Robinhood users who experienced theft from their accounts are looking for help from the company to restore their finances. Amy Lynch, FrontLine Compliance Founder and President joins Yahoo Finance’s On The Move panel to discuss.

Video Transcript

JULIE HYMAN: 2020 has meant the rise of the Robinhood trader. And there's been a lot of discussion about the effect of these traders on the overall market. There's also been discussion about the toll it has taken on some of those traders' finances. And then late last week, there was a report from Bloomberg which spoke to five Robinhood customers who said they had money looted from their accounts. They found the company response to be somewhat lacking or slow in some cases.

We are joined now to talk more about this by Amy Lynch. She is FrontLine Compliance founder and president. She's joining us from Washington. And talk to us about what recourse perhaps people have when they find themselves in this position. They are not sure how their accounts have been accessed, but they have. And they say that whoever is administering the accounts, Robinhood in this case, is not being responsive enough.

AMY LYNCH: Hi, Julie. Thank you for having me on the show today. So you're right. The first thing someone is going to want to do when they find out that their account has been compromised is they're going to want to reach out to the firm. And in this case with Robinhood, the big failure has been the lack of response and that there really is no live customer support for customers of Robinhood.

So if you have a Robinhood account, you can go online. You can send an email to support. You can call a phone number even, but when you call that phone number, it's just a recording pointing you back to the website, where all you have is an email. And that email is not manned 24/7 apparently. And when someone does get a response to their email, they were being told that it could be up to two weeks before they can get a response. And here they are having their accounts being liquidated without their knowledge, and it appears that they really do have no recourse.

ADAM SHAPIRO: Amy, you know, for an institution, whether it's Robinhood or even some of the larger institutions that we use for our investments, there's a whole litany of compliance that has to be in place, whether it be with state law or with federal law, to-- some of us think protect us. Are we protected, and what does that look like? This is your key specialty, isn't it?

AMY LYNCH: So, right. FrontLine is a regulatory compliance consulting firm. We're not IT specialists, but we look at the firms from the regulatory requirements perspective. And we do help them to create their cybersecurity policies. And there are very few regulations out there that are specific to cybersecurity.

So a few states have passed specific legislation that requires firms that operate in their state to have those written policies. The only regulator that really has that requirement right now is the NFA, the National Futures Association. So for member firms there, they have to have a written information security policy in place. But the SEC has approached this more by a regulation-by-enforcement approach, and then as of right now they do not have an actual rule requirement for firms to have these written policies and procedures.

However, they have been focusing very strongly on this area via their examination program. In the past five years they have conducted several targeted sweeps of the industry looking in this very area. And I suspect they've been doing this because they know that very soon they're going to have to develop a rule specific to cybersecurity in the industry.

JULIA LA ROCHE: Amy, it's Julia La Roche. I was just looking on Robinhood's website on the section on how you're protected. They say that your securities and cash are protected by the SIPC-- members of SIPC, which protects securities customers of its members up to $500,000, including $250,000 for claims for cash. They said an explanatory brochure is available at this link.

I guess what are the questions that someone, just a regular person who might want to open an account, need to be asking. And in this case, would there-- are they protected for the accounts that have been looted here? Is there some recourse where they will receive some sort of protection for the funds that were taken?

AMY LYNCH: Well, the insurance programs that exist, both the FDIC and the SIPC that you mentioned, are really-- they really exist as insurance to the firm as well as to the customer in that if the firm should become insolvent, that those accounts will be made good via these government-funded programs. So they were never created or intended to be utilized in the event of a cyber hack. That really is not why they exist. It's for the protection of the firm, the protection of the customer in the event of a liquidation event, a huge market event like the crash of '29 or other financial crisis.