Key Takeaways

  • Starting July 1, 2025, any person or entity engaged in a “digital financial asset business activity” within California or with a California resident will be required to obtain a license from the California Department of Financial Protection and Innovation, with certain exceptions.
  • Licensees will be required to comply with disclosure and annual reporting requirements.
  • The Digital Financial Assets Law does not apply to cryptocurrencies that the SEC has previously indicated are securities (e.g., BNB (BNB), Binance USD (BUSD), and Solana (SOL)).
  • Bitcoin and Ethereum fall within the scope of the Digital Financial Assets Law.

California Governor Gavin Newsom on October 13, 2023, signed Assembly Bill Number 39 (AB 39) into law, thereby establishing the Digital Financial Assets Law (DFAL).1 This new law, set to take effect on July 1, 2025, represents a shift from the existing California Money Transmission Act. To date, the California Department of Financial Protection and Innovation (Department) has generally declined to extend the licensure requirements of California’s Money Transmission Act to digital asset activities.2 The DFAL mandates that any person or entity engaging in or purporting to engage in digital financial asset business activity with or on behalf of a California resident must meet certain criteria, including obtaining a license from the Department. The DFAL also introduces specific provisions for exemptions, enforcement measures, record-keeping requirements, mandatory disclosures and the establishment of security programs. The new law bears similarities to New York’s BitLicense regulations in certain aspects, as highlighted below.

Applicability

The DFAL has far reaching implications for any person that wants to engage in a “digital financial asset business activity” with one of the largest markets in the country – as it applies to any person or entity engaging in a “digital financial asset business activity” from within California or with a California resident (Resident),3 with certain exceptions.4

The law identifies various activities that constitute “digital financial asset business activities,” including exchanging, transferring or storing digital financial assets, or engaging in digital financial asset administration, and issuing shares or certificates representing interests in precious metals (Activities). The law also provides criteria to determine whether a person is conducting activity within California. Parties that are not physically present in California but engage in or hold themselves out as engaging in the Activities must comply with the DFAL, unless explicitly exempt. The Commissioner of the Department (Commissioner) has the authority to exempt any person or transaction from the law if it is in the public interest and if regulation is not necessary. The Commissioner is also required to post a list of all exemptions on their website.

The DFAL defines a “digital financial asset” as a “digital representation of value that is used as a medium of exchange, unit of account, or store of value, and that is not legal tender, whether or not denominated in legal tender.” Securities registered with the Securities and Exchange Commission and securities that are exempt from SEC registration are not considered “digital financial assets” under the new law. Additionally, the new law would not apply to digital tokens that the SEC deems to be securities.5

Licensure

Starting July 1, 2025, a person cannot engage in digital financial asset business activity unless they are licensed in the state, have submitted an application for licensure on or before July 1, 2025, or are exempt from licensure.6 The application for a license must meet several requirements, including providing detailed information about the applicant, their business, any legal proceedings the applicant has been involved in and the applicant’s financial status. Upon receipt of a completed application, the Department will investigate the applicant’s financial condition, competence, experience, character and compliance with relevant regulations. Licensees must maintain a surety bond or trust account and capital and liquidity sufficient to ensure their financial integrity and ongoing operations within requirements set by the Department.

Application requirements under DFAL are substantially similar to New York BitLicense application requirements, including the requirements to have an anti-money laundering program and an information security program.7 However, the DFAL also requires applicants to disclose the number of Residents “with whom the applicant engaged in digital business activity in the month preceding” application submission and requires the applicant to have additional policies and procedures to address, among other things, business continuity and disaster recovery.

The Department will issue a license if the application criteria are satisfied as laid out in the DFAL. Following issuance, licensees must submit an annual report disclosing certain required information to the Department. The Department can suspend or revoke the license of any licensee that fails to comply. Additionally, licensees must adhere to privacy and confidentiality requirements prescribed in the law.

Examination and Enforcement

The Department has the authority to conduct examinations and institute enforcement measures against licensees.8 Licensees must report to the Department any material changes in their application information or business, changes in executive officers or changes in control of the licensee within 15 days. Licensees must maintain records of all digital financial asset business activity for five years following the activity.

Disclosures and Protections

The DFAL further outlines disclosure requirements for licensees. Covered persons (i.e., persons required to obtain licenses under the DFAL) must provide Residents with certain disclosures before engaging in digital financial asset business activity. These disclosures include a schedule of fees and charges, insurance coverage details, the irrevocability of a transfer or exchange, liability for unauthorized or mistaken transfers, the resident’s right to stop a preauthorized payment and the resident’s right to receive a receipt or other evidence of the transfer or exchange. A covered exchange (i.e., a covered person that exchanges or holds itself out as being able to exchange a digital financial asset for a resident) must certify that they have taken certain steps before listing or offering a digital financial asset that they can exchange on behalf of a resident.9 Covered exchanges must make every effort to execute a Resident’s request to exchange a digital financial asset fully and promptly. Covered persons must prominently display a toll-free telephone number on their website for customer service issues and operate the line 10 hours per day, Monday through Friday, excluding federal holidays.

BitLicense disclosure requirements diverge from DFAL requirements with respect to disclosure of material risks. BitLicense holders are required to disclose a specified list of material risks as part of establishing a relationship with a party.

Stablecoins

Covered persons are prohibited from exchanging, transferring or storing a digital financial asset, or engaging in digital financial asset administration, if that digital financial asset is a stablecoin, unless the issuer of the stablecoin is licensed or is a bank, trust company or national association authorized to engage in a trust banking business. The issuer of the stablecoin must at all times own eligible securities having a market value of not less than the aggregate amount of all of its outstanding stablecoins issued or sold. A covered person may exchange, transfer or store a digital financial asset, or engage in digital financial asset administration, if that digital financial asset is a stablecoin approved by the Commissioner. The Commissioner may impose additional requirements, restrictions or prohibitions on the activities of the issuer of the stablecoin or the covered person exchanging, transferring or storing the stablecoin. The Commissioner can revoke an approval if the issuer of the stablecoin markets the stablecoin in a manner that may create a reasonable expectation or belief among the general public that the stablecoin poses no more risk to a holder or user of the stablecoin than the risks posed to the holder or user of bank credit or a stored value product issued by a licensed person.

Conclusion

The DFAL represents a significant shift in the regulatory landscape for digital financial assets in California. It introduces new requirements and responsibilities for those involved in digital financial asset business activities. Firms operating in the digital asset space in California must begin to prepare for the DFAL licensing and post-licensing requirements.