Digital Financial Assets Law: California’s New Legislation and Its Implications for AML Compliance


Disclaimer: The contents of this article are intended to provide a general understanding of the subject matter. However, this article is not intended to provide legal or other professional advice, and should not be relied on as such.




Until now, cryptocurrency companies have been able to operate in California without a license. However, that will change effective July 1, 2025, under the state’s new Digital Financial Assets Law (DFAL), which was signed by Governor Newsom this past October. This law makes California the third state to introduce a licensing regime for cryptocurrency activity, following New York and Louisiana.


Along with rigorous business oversight, California’s law establishes a comprehensive licensing framework and appears to be the most stringent virtual currency licensing law enacted to date. The law’s provisions cover licensure, disclosures, customer protections, stablecoins, exchange-specific sections, policies and procedures, and robust enforcement powers. The law could also apply to gaming publishers in certain situations.


The DFAL is expected to have a profound impact on the cryptocurrency industry. An overview of the new legislation, along with its requirements, and the potential implications for the digital assets industry more broadly, are outlined below.




Overview of DFAL

The DFAL applies broadly to any person or entity that engages in, or holds itself out as engaging in, “digital financial assets business activity” with, or on behalf of, a California resident.


Under the DFAL, unless exempted, such person or entity must first obtain a license from the California Department of Financial Protection and Innovation (DFPI) and comply with various prudential requirements, recordkeeping rules, and disclosure requirements. Issuing a digital asset does not in itself require licensure, unless the asset is redeemable for legal tender, bank credit, or another digital asset.


With few exceptions, California’s law largely resembles New York’s BitLicense regulation, and like New York’s law, the DFAL’s definitions are key to understanding its scope.


Furthermore, some of DFAL’s requirements are similar to existing money transmitter licensing requirements (i.e., the laws under which most states regulate digital asset activity). There are, however, several notable provisions that specifically apply to digital assets.




In order to get a better understanding of this legislation it is important to understand the definitions of the terms used in the legislation:


  • An applicant is a person who applies for a license pursuant to the DFAL.
  • A covered person is a person required to obtain a license under the DFAL.
  • A digital financial asset is defined as digital mediums of exchange, units of account, or stores of value.
  • Digital financial asset business activity refers to those activities that trigger the licensing requirement, and include the following:
    • Exchanging, transferring, or storing a digital financial asset or engaging in digital financial asset administration, whether directly or through an agreement with a digital financial asset control services vendor.
    • Holding electronic precious metals or electronic certificates representing interests in precious metals on behalf of another person or issuing shares or electronic certificates representing interests in precious metals.
    • Exchanging one or more digital representations of value used within one or more online games, game platforms, or family of games for either of the following:
    • A digital financial asset offered by or on behalf of the same publisher from which the original digital representation of value was received; or
    • Legal tender or bank or credit union credit outside of the online game, game platform, or family of games offered by or on behalf of the same publisher from which the original digital representation of value was received. (This seems to suggest that if in-game tokens are redeemable for a digital financial asset or cash, they may be within the scope of the licensing requirement).
  • A digital financial asset control services vendor is a person who has control of a digital financial asset solely under an agreement with a person that, on behalf of another person, assumes control of the digital financial asset.
  • A licensee means a person who has obtained a license or a conditional license.




The DFAL explicitly exempts several categories of individuals and entities from its requirements, including banks, certain credit unions, trust companies, payment processors, registered broker-dealers, entities regulated by the Commodity Futures Trading Commission (CFTC), government agencies, and clearing agencies registered or exempted pursuant to federal securities laws.


Also exempt are providers of connectivity software or computing power to secure a network, providers of data storage or security services, and activities related to in-game tokens that cannot be exchanged for legal tender outside of the relevant game, cryptocurrency mining, and rewards points.


The DFAL also does not apply to persons or entities not receiving compensation for their digital asset activities or with annual digital financial assets business activity of $50,000 or less.


There is also a public interest exemption whereby the DFPI may exempt certain individuals, entities, or transactions from the scope of all or part of the DFAL. Moreover, the DFPI has the flexibility to provide a regulatory supervision framework for novel or experimental products and services.



License Requirement

Effective July 1, 2025, covered persons must be licensed or have submitted a licensing application.


The application requirements for a license under the DFAL, although generally similar to those for a traditional money transmitter license, contain numerous customer protections, such as providing security for customers’ assets, and imposing additional obligations.


Besides standard requirements such as maintaining records and disclosing fees and risks, other obligations under the DFAL include maintaining an anti-money laundering program, an anti-fraud program, an information security program, and a general compliance program. Applicants are also required to maintain internal controls and policies and procedures to address things such as business continuity and disaster recovery. Furthermore, DFAL imposes specific insurance obligations.



Requirements for All Licensees

The DFAL subjects licensees to strict capital and reserve requirements as well as extensive customer disclosure requirements.



Capital and Reserve Requirements

All licensees must maintain a surety bond or trust account for the protection of California residents with whom licensees engage in digital asset business activities.


Licensees must also maintain sufficiently liquid capital “to ensure the financial integrity of the licensee and its ongoing operations based on an assessment of the specific risks applicable to the licensee.”


Additionally, licensees must maintain a reserve of each type of digital asset equal to the aggregate entitlements of the holders of such digital assets.


Moreover, the DFAL contains provisions that seek to insulate customers’ digital assets from creditor claims in the event of a licensee’s bankruptcy.



Customer Disclosure Requirements

The DFAL lists several customer disclosures that a licensee must make before engaging in digital financial asset activity with a customer. These disclosures include things such as the calculation of applicable fees and related notices; which products or services are covered by insurance; revocability of transfers, exchanges, and accompanying payments; notifications regarding errors, mistakes, and accidental transfers; and several others.


The law also requires additional disclosures to customers on a transaction-by-transaction basis.


In addition to the above requirements, licensees must pay an annual license fee in the amount of their pro rata share of the cost that DFPI incurred in administering the DFAL.



Requirements for Exchanges

The DFAL also outlines specific obligations pertaining to covered exchanges, including listing requirements, disclosures, and best execution requirements. The law also includes a safe harbor provision.



Listing Requirements

The DFAL requires exchanges to make certain certifications to the DFPI prior to listing any digital asset.


Among these certifications, is that the exchange has assessed whether the listed digital financial asset would be deemed a security by federal or California regulators. The exchange must also provide written disclosure of all conflicts of interest relating to the covered exchange and the applicable digital asset.


An exchange that lists a digital asset without first providing the appropriate certifications to the DFPI may be made to cease its listing.


Furthermore, the DFPI may also impose fines of up to $20,000 for each day of violation.



Best Execution Requirements

The DFAL requires that exchanges comply with requirements similar to those imposed on broker-dealers under securities laws and regulations. These include the requirement to make every effort to fully and promptly execute customer requests for exchanges of digital assets and to ensure that exchange rates between assets are as “favorable as possible” to consumers.


Exchanges are also required to conduct thorough risk assessments of their digital assets to ensure consumers are protected from risks relating to things such as cybersecurity, protocol defects, price manipulation and fraud.


Best execution policies must be reviewed at least once every six months.



Safe Harbor Provision

The DFAL provides a safe harbor provision for cases where an exchange has failed to achieve best execution for a given transaction if it has properly put such policies and procedures in place. However, the law notes that repeated failures to achieve best execution indicate that the exchange has not properly created or implemented the required policies and procedures.



Requirements for Stablecoins

The DFAL addresses stablecoins separately, including their issuance, use, and storage.


More specifically, the law prohibits covered persons from exchanging, transferring, or storing a stablecoin unless the issuer of the stablecoin is licensed under the DFAL (or has a pending application), or is exempt under the law. The commissioner of the DFPI must also approve any stablecoin before the covered person engages in exchanging, transferring, or storing the stablecoin.



Applicability to Gaming Publishers

The DFAL’s definition of digital financial asset business activity includes exchanging one or more digital representations of value used within one or more online games, game platforms, or family of games for either a digital financial asset offered by the same game publisher, or for legal tender or bank or credit union credit outside the online game, game platform, or family of games.


However, the DFAL’s definition of a digital financial asset explicitly excludes a digital representation of value issued by or on behalf of a publisher that is used solely within a game sold by the same publisher or offered on the same game platform. Therefore, publishers that issue in-game tokens that can be exchanged for digital assets or legal tender may fall within the DFAL’s licensure requirement.




Also notable is the extensive enforcement authority the DFAL grants the DFPI. This includes the authority to bring enforcement proceedings against an entity that has engaged, is engaging, or is about to engage in digital financial asset business activity in violation of the DFAL.



What to Expect Next

Governor Newsom acknowledged that certain aspects of the legislation are ambiguous, and that further clarification should be forthcoming from the DFPI. In the meantime, industry participants should evaluate their compliance with the DFAL as currently written but should also look out for refinements to the law, or at least guidance on how to comply with the regulations, in the coming 18 months.


Although the law does not take full effect until 2025, those potentially impacted by it would benefit by using the lead time to develop appropriate compliance measures. Companies with activities in the state that fall within the scope of the DFAL should begin preparations to apply for a license and come into compliance with the law’s numerous requirements.


It is likely that more states will introduce their own laws around digital assets, including laws that require licensure and/or impose strict compliance requirements. So even companies not currently in the scope of the DFAL may want to contemplate the potential impact that future digital assets legislation may have on their business.


Although we haven’t yet seen much formal rulemaking focusing on digital assets at the federal level, there has been significant engagement by federal agencies including the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), the Federal Trade Commission (FTC), the Department of the Treasury, the Internal Revenue Service (IRS), the Office of the Comptroller of the Currency (OCC), and the Financial Crimes Enforcement Network (FinCEN).


Outside of the U.S., jurisdictions such as the UK, EU, Australia, and Singapore, have already developed clear regulatory frameworks for digital assets. It is likely only a matter of time before the U.S. follows suit.


Therefore, as cryptocurrencies continue to make their way into the mainstream, we should anticipate new laws aimed at protecting consumers and investors in the virtual currency space, including greater supervision over the digital assets market, a strong regulatory framework, and integration of digital assets into existing tax and banking laws.




The developing nature of the digital assets industry and changing regulatory requirements highlight the need for compliance programs to be consistently evaluated and updated. Implementing a crypto compliance solution can streamline your compliance program and equip your compliance team with the tools to adapt and meet AML regulations.


Alessa’s integrated AML platform offers a variety of solutions that can help your business comply with evolving regulations as well as streamline and automate compliance. For more information on how Alessa can assist your compliance team, contact one of our representatives today. To learn how much Alessa can save your organization, view our compliance software ROI calculator.






California State Assembly Bill 39

Schedule a free demo

See how Alessa can help your organization

100% Commitment Free

Schedule a free demo

See how Alessa can help your organization

100% Commitment Free

Recent Posts

AML False Positive Rate Analysis

How to Reduce AML False Positives

Learn how to reduce AML false positives in your compliance programs and streamline your screening procedures to increase efficiency.

Please fill out the form to access the webinar: