It sure is. In The Reddit thread on wallstreetbets someone already submitted an official complaint because you get a commission!

I have no idea if SEC guidelines limit the amount of unsecured buying power offered to consumers but it does not follow from any such stipulated guideline that a bug in an order entry system shifts liability to RH from its customers. All applications – including other order entry systems – have bugs like these.

Most regulatory organizations such as SEC enforce "means", rather than "results". In simple terms: You will not have problems if a bug happens, as long as you can show that you had a reasonable, best of your knowledge, process to avoid bugs (code review, staging changes, fallback plans, regular analysis/checks, etc).

This does not seem to be the case for RH unfortunately. They will have to explain why the detection / escalation failed for this issue, why no statements were provided, why it was not spotted by internal analytics/checks, why the pre-trade checks let these trades go, etc. They will probably end up with a huge fine.

Disclaimer: I work in a hedge fund that is SFC regulated. I expect the SEC to have pretty much the same policies.

According to some random person on the subreddit who probably isn't a good source, the SEC limit for leverage for normal people is 2:1.

2:1 is correct. Or 1:1, depending on your definition of "normal people". The relevant rule is called Reg T and it's not a limit set by the SEC, but by the Federal Reserve.

I was taught that some aspects of that rule go back to the stock market crash of ‘29. There were few limits on leverage then, either.

This correct. My knowledge comes from +15 years working in finance. I dont know the individual limit on leverage, bit its fairly low. Institutionally is another story.

I was working at a fairly large hedge fund through the 2008 collapse that saw a huge loss due to a 40:1 leverage. Nearly bankrupted the firm. Through September and October, the lot of us working there thought we were doomed and were awaiting the layoffs that never came. As a result, the firm put in a self imposed leverage limit of 10:1 amd divested itself of less liquid assets like bank loans. We held around $20B USD in bank debt that was toxic and couldnt find a market for. No bailout, but something like 60% of $24B USD evaporated in a month. It was all made back in about 18-24 months, though. Crazy times...

Is your full story written up somewhere?

No need to increase premiums unless RH has a claim that's covered by their policy. "lol we give away money to whoever asks for it" might well be excluded.