California’s new Digital Financial Asset Law (“DFAL”) will place a variety of regulatory requirements on digital asset companies and cryptocurrency exchanges. Governor Newsom is expected to sign the DFAL into law and new licensing requirements will take effect on January 1, 2025. The DFAL will prohibit any person from engaging in any business activity involving digital financial assets without a license from the California Department of Treasury Innovation (“Division”). Under the proposed law, “digital financial asset activity” includes the exchange, transfer or storage of a digital financial asset, or engagement in the management of digital financial assets, both directly and through a provider. It will also include the holding of electronic bullion and related activities, as well as online gaming assets tied to legal tender or original value. “Digital financial assets” are defined as digital representations of value used as a medium of exchange, unit of account, or store of value that are not already legal tender. The DFAL applies to any person (including an individual, corporation, or other entity) conducting business activities related to digital financial assets “with or on behalf of” a California resident, as defined in the DFAL. The license application requires extensive background information.
A primary goal of the DFAL is to reduce consumer risk. The sponsor stated that DFAL indicates that lawmakers understand “that a healthy cryptocurrency market can only exist when simple guard rails are established.” The bill articulates these guardrails in the form of licensing and other compliance requirements for companies and extensive oversight capabilities for the department. To date, the department has taken a relatively loose approach regarding some digital asset companies, including cryptocurrency exchanges, issuing a series of cease and desist letters noting that these companies are not subject to existing California money-transmission licensing and compliance requirements. However, under the new DFAL, companies with digital assets will be subject to licensing requirements and several other restrictions.
Among other requirements, licensees must retain records of all California customer activity for a minimum of five years (a requirement that may be uncomfortable with technology designed to maintain anonymity). Licensees are also required to maintain a monthly ledger detailing all of Licensee’s assets, liabilities, capital income and expenses. Prior to engaging a California resident customer as a customer or client, each business must make disclosures regarding total charges, charge times, and charge calculations. Licensees must establish and maintain a 24-hour toll-free hotline with live customer support. Licensees are also required to establish and maintain a variety of security and other policies and procedures, including information security, business continuity, disaster recovery, anti-fraud, and AML and OFAC compliance programs.
The DFAL will also give the department far-reaching supervisory and enforcement powers. The DFAL allows the Department to review licensees and take enforcement action against licensed and unlicensed operators. Audits may be conducted at any time without notice and at the Company’s expense. Enforcement actions include lawsuits and fines of up to $20,000 per day for licensees and $100,000 per day for unlicensed businesses.
In practice, the proposed California law is similar to New York’s “BitLicense” regulation. But unlike the BitLicense, California law contains a “stablecoin” ban that prevents a licensee from engaging in certain digital financial asset activities when the asset is a stablecoin, unless (i) the issuer is a bank or licensee; and (ii) the issuer owns eligible securities with a total market value of not less than all outstanding stablecoins issued or sold in the United States. This provision will expire on January 1, 2028.
The DFAL was presented to the Governor on September 12, 2022.
The intersection of state regulatory regimes like California’s with federal laws will draw significant attention to digital currency companies and those considering investing in them. This includes paying special attention to the federal treatment of digital assets that are or may be securities, and considering the SEC and CFTC treatment of cryptocurrencies and other digital assets under a new and broader regulatory regime. The two major legislative proposals currently under consideration by Congress regulating digital assets (the Lummis-Gillibrand and Stabenow-Boozman Acts) provide for federal preemption of at least some aspects of state regulation of digital assets. But if DFAL is adopted in California and is not anticipated by a comprehensive federal regime, the DFAL requirements described above may become de facto national standards.