On October 13, California Governor Gavin Newsom (D) signed Assembly Bill 39 (Digital Financial Assets Law). This new law broadly empowers the California Department of Financial Protection and Innovation (DFPI) to govern “digital financial asset business activity” and prohibits entities from engaging in such activity with California residents without obtaining a license from the DFPI, among other criteria.

The Digital Financial Assets Law is slated to become effective on July 1, 2025. Interestingly, it would only become operational if Senate Bill 401, which seeks to prohibit digital asset ATMs from accepting or dispensing more than $1,000 in a single day to a customer, becomes effective on or before January 1, 2024. Like the Digital Financial Assets Law, Newsom approved Senate Bill 401 on October 13.

The Digital Financial Assets Law has seven sections, each of which we discuss below: (1) definitions; (2) licensure; (3) examination; (4) enforcement; (5) disclosures and protections; (6) stablecoins; and (7) policies and procedures.

General Provisions. At the heart of the bill is its broad characterization of “digital financial asset business activity,” which is defined, in relevant part, as:

(1) (a) Exchanging, (b) transferring, or (c) storing a digital financial asset;

(2) Holding, or issuing shares of, electronic precious metals or electronic certificates representing interests in precious metals; and

(3) Exchanging one or more digital representations of value used in an online game for either (a) a digital financial asset or (b) legal tender.

The phrase “digital representation of value” is not a defined term, but it is encompassed within the bill’s definition of “digital financial asset,” which is “a digital representation of value that is used as a (i) medium of exchange, (ii) unit of account, or (iii) store of value, and is not legal tender, whether or not denominated in legal tender.” Notably, the bill excludes from this definition, among other things, a security registered with, or exempted from registration with, the Securities and Exchange Commission .

Licensure. The bill’s licensure requirement becomes effective on July 1, 2025. Therefore, after this date lapses, any nonexempt entity will be prohibited from engaging in digital financial asset business activity with residents of California unless the entity either has already obtained a license from the DFPI or has applied for licensure prior to July 1, 2025. Entities including, but not limited to, FDIC-insured banks, trust companies, and federally and state-chartered credit unions are exempt from the licensure requirements of the bill. Interestingly, the bill allows the DFPI commissioner to issue “conditional licenses” to applicants who have either obtained the elusive New York Department of Financial Services (NYDFS) “BitLicense” or have obtained a “limited purpose trust charter” from the NYDFS.

Supervisory Authority. The DFPI’s supervisory authority only applies to licensees and their agents, and it does not apply to non-licensees (discussed below). Without prior notice to any licensee, the DFPI may examine the business of any licensee or its agent to determine “whether the business is being conducted in a lawful manner and whether all digital financial asset business activity is properly accounted for.” Among other things, licensees are required to maintain records related to all digital financial asset business activity with a California resident for five years after the date of the activity.

Enforcement Authority. The DFPI’s enforcement authority not only applies to licensees and their agents, but it also applies to non-licensees, which the bill defines as any person that has “engaged, is engaging in, or is about to engage in digital financial asset business activity with, or on behalf of, a resident.” Licensees and non-licensees will be subject to “enforcement measures” in circumstances that include, but are not limited to: (1) material violations of the bill, any rule or order issued under the bill, or any California law that applies to digital financial asset business activity of the violator; (2) failure to cooperate substantially with an examination or investigation by the DFPI, failure to pay a fee, or failure to submit a report or documentation; and (3) engaging in unsafe or unsound acts or practices, engaging in unfair or deceptive acts or practices, engaging in fraud or intentional misrepresentation, or misappropriation of assets of residents. To enforce its provisions, the bill affords the DFPI civil money penalty authority up to $100,000 per day for non-licensees and up to $20,000 per day for licensees when either party is in violation of the bill.

Disclosure. Licensees are required to make certain pre-transaction disclosures and post-transaction disclosures to residents, including, but not limited to: (1) a schedule of fees and charges that may be assessed to a resident; (2) whether the offered product or service is insured; and (3) the name and contact information of the licensee. Resembling the Truth in Lending Act, the bill requires licensees to make disclosures “separately from any other information provided by the [licensee] and in a clear and conspicuous manner in a record the resident may keep.”

Stablecoins. The bill prohibits any entity required to obtain a license from exchanging, transferring, or storing a “stablecoin” unless the issuer of the stablecoin itself is either (1) an applicant, is licensed, is a bank, or a trust company; and (2) the issuer of the stablecoin must always maintain reserves (in the form of securities) that exceed the aggregate amount of its outstanding stablecoins issued or sold. Therefore, it seems that residents of California will only be able to utilize stablecoins that have been approved by the DFPI.

The bill’s definition of “stablecoin” is also very interesting. It attempts to carve out a “reasonable consumer” standard as it defines “stablecoin” as “a digital financial asset that is pegged to the U.S. dollar or another national currency, and is marketed in a manner that intends to establish a reasonable expectation or belief among the general public that the instrument will retain a nominal value that is so stable as to render the nominal value effectively fixed.”

Policies and Procedures. Before applying for a license, an applicant must create certain policies, procedures, and programs related to, among other things, the prevention of money laundering, prevention of terrorist financing, and the minimization of the likelihood that the licensee conducts business activity with unregistered securities. Moreover, the bill incorporates the Bank Secrecy Act by reference, and requires a licensee’s AML/CFT policy to include filing BSA-related reports like currency transaction reports and suspicious activity reports.

Our Take. On May 4, 2022, Newsom issued Executive Order N-9-22, which empowered the DFPI to seek public comment regarding its oversight of digital asset-related activity in California. A year later, the DFPI now has a comprehensive regulatory framework upon which it can devise rules, supervise industry participants, and commence enforcement actions. Although the Digital Financial Assets Law is all-encompassing, we anticipate that AML/CFT programs will be a major point of inspection for the DFPI considering the bill’s prerequisite that covered persons have robust AML/CFT programs in place before applying for licensure.