On October 13, 2023, California Governor Gavin Newsom signed into law California Assembly Bill 39, California’s Digital Financial Assets Law (DFAL). DFAL will regulate “digital financial assets” and require companies engaged in a “digital financial asset business activity” to obtain licenses from the California Department of Financial Protection and Innovation (DFPI), subject to certain exceptions, similar to New York’s BitLicense. With the DFAL, California becomes the third state following New York’s lead, after Louisiana, in establishing a licensing regime specific to crypto assets. DFAL goes into effect on July 1, 2025, but some of the obligations arising from this new law will not be clear until a forthcoming rulemaking process is complete.
Covered Activity
DFAL applies to persons doing business in California, or engaging in a digital financial asset business activity with a California resident (individuals and businesses). A “digital financial asset” is a digital representation of value that may be used as a medium of exchange and is not legal tender. In short, DFAL regulates certain crypto asset transactions. Subject to some important exemptions, as discussed further below, there are three covered “digital financial asset business activit[ies]” that would require licensure:
Licensing Obligations
Given the current scope of “digital financial business activity,” crypto asset platforms, stablecoin issuers, and gaming platforms that offer in-game tokens that may be “cashed-out” may be subject to DFAL’s licensing requirement. To obtain a license, an applicant must file an application with the DFPI and disclose information about the applicant itself and its officers and owners, implement a host of policies and procedures, including an “information security program and an operational security program,” and meet capital and liquidity requirements. Applicants who already hold a license to conduct virtual currency business activity under the New York BitLicense regulations may have a smoother path to licensure. The DFAL provides that applicants holding a license under New York BitLicense regulations may be issued a conditional license, provided the New York license was issued or approved no later than January 1, 2023.
Some of the licensure exemptions include: i) banks; ii) national and California trust companies; iii) persons whose digital financial business activity is expected to be valued at $50,000 or less in aggregate on an annual basis; iv) merchants who accept digital assets as payment for goods or services; v) persons who do not receive compensation for providing digital financial asset products or services; and vi) persons who use or obtain digital financial assets on their own behalf primarily for “personal, family, or household purposes or for academic purposes.”
Before listing or offering a digital financial asset, a covered exchange (a covered person that exchanges or holds itself out as being able to exchange a digital financial asset for a California resident) must certify to the DFPI that it has, among other things, evaluated the likelihood that a listed digital financial asset would be deemed a security under federal or California law. The certification is not required for any digital financial asset approved for listing on or before January 1, 2023, under the New York BitLicense regulations.
DFAL does not preempt federal or state securities laws. If a covered exchange sells digital financial assets that it determines are likely to be securities, it will need to consider its obligations under the securities laws, including, among other things, whether, based on the transactions it facilitates, it would be deemed a statutory underwriter for purposes of the U.S. Securities Act of 1933 and/or be required to register as a broker-dealer, alternative trading system, or exchange under the U.S. Securities Exchange Act of 1934. Similarly, if assets traded on the exchange that may be securities have not been issued in compliance with the securities laws, the exchange could also be deemed to facilitate an illegal distribution of securities.
Disclosure Requirements
DFAL includes robust disclosure requirements, including: i) fees and charges assessed; ii) whether any form of insurance covers the product or service offered by the licensee; iii) whether the transaction is irrevocable; iv) liability and error resolution; and v) a confirmation of the transaction. The disclosures must be presented separately from any other information provided by the licensee and in a manner in which the California resident may retain.
Reporting and Recordkeeping
DFAL also establishes reporting and recordkeeping requirements. Licensees will be required to submit annual reports to the DFPI between October 1 and November 1 of each year. Some of the information that must be included in the annual reports include: i) financial statements; ii) descriptions of any material changes to the licensee’s business; iii) litigation and regulatory investigations involving the licensee; iv) transactional information; and v) evidence of compliance with DFAL.
Licensees will also be required to maintain records of, among other information: i) individualized transactions, including the identity of the California resident, amount, date and account number, and aggregate transactional information; ii) a general ledger, maintained at least monthly; iii) business call reports; iv) bank statements; and v) dispute records. Licensees must maintain the appropriate records for five years from the date of the activity. The DFPI may examine any licensee, or its agents, for compliance with the DFAL.
Looking Forward
As part of signing DFAL, Governor Newsom noted that “ambiguity of certain terms and the scope of [DFAL] will require further refinement in both the regulatory process and in statute to provide clarity to both consumers, regulators and businesses subject to this new licensure framework.” Hopefully, the DFPI, through rulemaking, will help clarify the ambiguities. The DFPI has 18 months to adopt a regulatory framework before the DFAL becomes effective on July 1, 2025.
Given the affirmative obligations DFAL creates for the crypto asset industry, companies that are conducting a digital financial asset business activity in California or that have customers in California should assess whether their activities are within the scope of DFAL, create a project plan to meet the licensing requirements, and maintain high alert for future DFPI rulemakings and guidance.
For more information on California’s DFAL or crypto assets more generally, please reach out to any member of Wilson Sonsini’s national security practice or fintech and financial services practice.