California’s new Digital Financial Asset Law (“DFAL”) will impose a variety of regulatory requirements on digital asset companies and cryptocurrency exchanges. Governor Newsom is expected to sign the DFAL into law, and new licensing requirements will spring into effect on January 1, 2025. The DFAL will prohibit a person from engaging in digital financial asset business activity without a license from the California Department of Financial Protection and Innovation (“Department”). Under the proposed law, “digital financial asset activity” will include exchanging, transferring or storing a digital financial asset, or engaging in digital financial asset administration both directly or through a vendor. It will also include holding electronic precious metals and related activities as well as online gaming assets tied to legal tender or the original value. “Digital financial assets” will be defined as a digital representation of value that is used as a medium of exchange, unit of account, or store of value and that is not already legal tender. The DFAL will apply to any person (including an individual, business, or any other legal entity) conducting digital financial asset business activity “with or on behalf of” a resident of California, as defined in the DFAL. The license application will require extensive background information.
A primary goal of the DFAL is to reduce consumer risk. The sponsor stated that DFAL indicates the legislature understands “that a healthy cryptocurrency market can only exist if simple guardrails are established.” The bill fashions these guardrails in the form of licensing and other compliance requirements for businesses and extensive oversight opportunities for the Department. To date, the Department has taken a relatively light-touch approach with respect to some digital asset companies, including cryptocurrency exchanges, issuing a number of no-action letters in which it held that these companies were not subject to existing California money transmission licensing and compliance requirements. However, pursuant to the new DFAL, licensing requirements and several other strictures will be imposed on digital asset businesses.
Among other requirements, licensees will be required to maintain records of all California client activity for at least five years (a requirement that may sit uneasily with technologies focused on the preservation of anonymity). Licensees must also maintain a monthly ledger that outlines all assets, liabilities, capital income, and expenses of the licensee. Prior to engaging a California resident as a customer or client, each business will be required to make disclosures about fee totals, fee timing, and fee calculation. Licensees will be required to create and staff a 24-hour, toll-free helpline with live customer assistance. Licensees will also be required to create and maintain a set of security and other policies and procedures, including information security, business continuity, disaster recovery, anti-fraud, and AML and OFAC compliance programs.
The DFAL will also grant the Department broad oversight and enforcement authority. The DFAL will allow the Department to conduct examinations of licensees and take enforcement measures against both licensed and unlicensed operators. Examinations can be undertaken at any time without notice to the business and at the business’ expense. Enforcement measures include judicial actions and fines of up to $20,000 per day for licensees—and $100,000 per day for unlicensed businesses.
In practice, the proposed California law is similar to New York’s “BitLicense” regulation. But unlike the BitLicense, the California law includes a “stablecoin” prohibition which bars a licensee from engaging in certain digital financial asset activity where the asset is a stablecoin unless (i) the issuer is a bank or licensee and (ii) the issuer owns eligible securities with the aggregate market value of not less than all outstanding stablecoins issued or sold in the United States. This provision will become inoperative on January 1, 2028.
The DFAL was presented to the governor on September 12, 2022.
The intersection of state regulatory regimes like California’s with federal law will bear close attention for digital currency businesses and those considering investments in them. This includes paying particular attention to federal treatment of digital assets that are or may be securities, and contemplating SEC and CFTC treatment of cryptocurrencies and other digital assets under a new and more comprehensive regulatory regime. Both of the major pieces of proposed legislation currently being considered by Congress to regulate digital assets (the Lummis-Gillibrand and Stabenow-Boozman bills) provide for federal preemption of at least some aspects of state regulation of digital assets. But if the DFAL is adopted in California and is not preempted by a comprehensive federal regime, the requirements of the DFAL described above may emerge as de facto national standards.