Help me understand what is interesting about this bug that makes unauthorized margin trading RH's responsibility rather than the customer's? I thought I understood what was happening from the WSB thread, but since so many people here seem to think this is sui generis and clearly bad for RH, there must be something I'm missing.
To me, it looks like a bunch of people on Reddit found a bug and then, extremely ill-advisedly, exploited it flagrantly in real-money accounts they controlled. Based on my understanding of the situation, which may be weak, I'd be a lot more worried to be one of these customers than I would to be RH at this point.
First, the user exploits the bug to build up a massive pool of margin. Roughly, this is equivalent to taking out a $50,000 loan from Robinhood
Second, the user buys $50,000 of soon to expire options. Roughly, this is equivalent to pairing with another (innocent) trader, each putting up $50,000, and flipping a coin for the pot.
If the user wins the coin toss, then Robinhood is fine: the user pays back the $50,000 he borrowed, keeps the $50,000 he won, and Robinhood nets some small amount of interest for their loan. However, if the user loses, Robinhood never gets back their $50,000 dollars. That money is now in the possession of the random trader who was on the other side of the coin toss, and there's no way to get it back because that trader legally won it. The user who ran the scam owes Robinhood $50,000 but that debt is close to worthless.
It doesn't really matter who is responsible. Even if Robinhood prosecutes everyone who perpetuates this scheme and sends them to jail, they'll still never see their money again.
RH probably won't be repaid, but they have incentives to recover here.
Every state is different, but e.g., in California the median wage is about $20 / hour, and you can garnish 25% of the income above the state minimum wage of $12 / hour. That's about $4,000 / year. It's probably not worth it for RH to sue for this, but they might get back $10–15 k from a debt collection agency, which are designed to recoup debts over a period of years, all the while collecting hefty interest payments.
Either they have a working portfolio valuation model, and they missed this rather obvious case of linking a written call to its underlying, or they don't have a proper valuation model at all. If they actually do portfolio valuation by simply valuing each line and adding them, then it's not just wrong but gross incompetence. It would not be the first broker to blow up due to mispricing clients derivatives portfolios. The idea that a startup is letting millenials trade derivatives like this is absurd in the first place.
It doesn't seem, from the descriptions, to be possible to exploit this bug without knowing that you're doing it. It's not like they simply don't enforce margin limits; in fact, it looks like you have to apply the bug iteratively to do anything interesting with it. That being the case, it doesn't appear to me like the people exploiting it will have any way of talking their way out of the intentionality of their actions, at least not to a "reasonable person" standard that would be applied in civil court. It looks like cut-and-dried fraud. Am I wrong about that?
Oh, in that case it's definitely fraud because, as you pointed out, it's clearly intentional (you have to repeat the trick many times).
But the $8 billion question is: are we talking about an obscure bug, a missed case in an otherwise perfectly sound valuation and risk management model, or is it actually a case of dodgy valuation and risk modelling? Which implies that many well-meaning clients are also seeing the wrong portfolio value, and trading with invalid margins?
Again, I don't have the details so I don't want to speculate too much, but apparently they've had similar "bugs", so it's possible that their entire valuation and risk model is dodgy. It has happened to more reputable organizations.
It's hard to think of a bug or vulnerability that you couldn't compose an argument like this for. Does it matter? They left the back door unlocked; you'd still get in trouble for letting yourself inside.
They clearly don't take the issue very seriously, as they allow margin trading to continue. That is not normal. They're exposing customers to more risk than they should be, and that's a very serious no-no.
I don't think small bugs in high quality shops would fall under this argument.
What's a "small bug"? What's a "high quality shop"? I've spent years doing software security assessments for much larger financial service firms than Robin Hood, and found far worse things than this.
The broker/dealer I work for stops trading on bugs causing much smaller (even $0) material impact.
For brokers in particular, they are highly regulated and I can't imagine them not ending up with a nasty investigation+large fine from regulators over this.
Good point. Generally, most people should not be trading derivatives.
I was pointing out millenials in particular because it's the population targeted by those startups, whose business models is more or less implicitly: millenials have no clue about money and finance. Which is true, but also unethical.
They're both responsible, the difference is Robinhood has to settle the trade in a day, and then they have to try to collect from someone who likely doesn't have any assets to give them. And if they do, they will still likely have to take them to court. So it costs Robinhood time and money even if they get their money back, which is doubtful.
To me, it looks like a bunch of people on Reddit found a bug and then, extremely ill-advisedly, exploited it flagrantly in real-money accounts they controlled. Based on my understanding of the situation, which may be weak, I'd be a lot more worried to be one of these customers than I would to be RH at this point.