California Moves to Regulate Digital Asset Exchanges and Cryptocurrency Companies

California's new Digital Financial Asset Law ("DFAL") would have imposed a variety of regulatory requirements on digital asset companies and cryptocurrency exchanges. Governor Newsom was expected to sign the DFAL into law, but vetoed the bill late last week. In his veto message, the governor stated that he shared the legislature's intent to protect Californians from financial harm while providing clear rules for crypto businesses operating in the state. But the proposed licensing requirement was "premature" and "[a] more flexible approach was needed" at this time.

The DFAL would have prohibited a person from engaging in digital financial asset business activity without a license from the California Department of Financial Protection and Innovation ("Department"). Under the proposed law, "digital financial asset activity" would have included exchanging, transferring or storing a digital financial asset, or engaging in digital financial asset administration both directly or through a vendor. It would have also included holding electronic precious metals and related activities as well as online gaming assets tied to legal tender or the original value. "Digital financial assets" would have been defined as a digital representation of value that is used as a medium of exchange, unit of account, or store of value and that is not already legal tender. The DFAL would have applied to any person (including an individual, business, or any other legal entity) conducting digital financial asset business activity "with or on behalf of" a resident of California, as defined in the DFAL. The license application would have required extensive background information.

A primary goal of the DFAL was to reduce consumer risk. The sponsor stated that DFAL indicated the legislature understands "that a healthy cryptocurrency market can only exist if simple guardrails are established." The bill fashioned these guardrails in the form of licensing and other compliance requirements for businesses and extensive oversight opportunities for the Department. To date, the Department has taken a relatively light-touch approach with respect to some digital asset companies, including cryptocurrency exchanges, issuing a number of no-action letters in which it held that these companies were not subject to existing California money transmission licensing and compliance requirements. However, pursuant to the new DFAL, licensing requirements and several other strictures would have been imposed on digital asset businesses.

Among other requirements, licensees would have been required to maintain records of all California client activity for at least five years (a requirement that may sit uneasily with technologies focused on the preservation of anonymity). Licensees would have also been required to maintain a monthly ledger that outlined all assets, liabilities, capital income, and expenses of the licensee. Prior to engaging a California resident as a customer or client, each business would have been required to make disclosures about fee totals, fee timing, and fee calculation. Licensees would have been required to create and staff a 24-hour, toll-free helpline with live customer assistance. Licensees would also have been required to create and maintain a set of security and other policies and procedures, including information security, business continuity, disaster recovery, antifraud, and AML and OFAC compliance programs.

The DFAL would also have granted the Department broad oversight and enforcement authority. The DFAL would have allowed the Department to conduct examinations of licensees and take enforcement measures against both licensed and unlicensed operators. Examinations would have been permissible at any time without notice to the business and at the business' expense. Possible enforcement measures included judicial actions and fines of up to $20,000 per day for licensees—and $100,000 per day for unlicensed businesses.

In practice, the proposed California law would have been similar to New York's "BitLicense" regulation. But unlike the BitLicense, the California law included a "stablecoin" prohibition which barred a licensee from engaging in certain digital financial asset activity where the asset was a stablecoin unless (i) the issuer was a bank or licensee and (ii) the issuer owned eligible securities with the aggregate market value of not less than all outstanding stablecoins issued or sold in the United States. This provision was to become inoperative on January 1, 2028. 

The intersection of state regulatory regimes like California's with federal law will bear close attention for digital currency businesses and those considering investments in them. This includes paying particular attention to federal treatment of digital assets that are or may be securities, and contemplating SEC and CFTC treatment of cryptocurrencies and other digital assets under a new and more comprehensive regulatory regime. Both of the major pieces of proposed legislation currently being considered by Congress to regulate digital assets (the Lummis-Gillibrand and Stabenow-Boozman bills) provide for federal preemption of at least some aspects of state regulation of digital assets. But if the DFAL were adopted in California and not preempted by a comprehensive federal regime, the requirements of the DFAL described could have emerged as de facto national standards.