Bill Text: CA SB97 | 2025-2026 | Regular Session | Chaptered


Bill Title: Digital financial assets: stablecoins.

Sponsorship: Partisan Bill (Democrat 1)

Status: (Passed) 2026-06-30 - Chaptered by Secretary of State. Chapter 52, Statutes of 2026. [SB97 Detail]

Download: California-2025-SB97-Chaptered.html

Senate Bill No. 97
CHAPTER 52

An act to amend Sections 3102, 3103, 3201, 3205, 3211, 3307, 3501, 3505, and 3701 of, and to repeal Chapter 6 (commencing with Section 3601) of Division 1.25 of, the Financial Code, relating to financial regulation, and declaring the urgency thereof, to take effect immediately.

[ Approved by Governor  June 30, 2026. Filed with Secretary of State  June 30, 2026. ]

LEGISLATIVE COUNSEL'S DIGEST


SB 97, Grayson. Digital financial assets: stablecoins.
(1) Existing law, the Digital Financial Assets Law, prohibits a person, on or after July 1, 2026, from engaging in digital financial asset business activity, or holding itself out as being able to engage in digital financial asset business activity, with, or on behalf of, a resident, unless any of certain criteria are met, including that the person is licensed with the Department of Financial Protection and Innovation, as prescribed, or the person submits an application on or before July 1, 2026, and is awaiting approval or denial of that application.
This bill would revise the above-described latter criterion to specify that the person submits a completed application, as provided.
The Digital Financial Assets Law authorizes the Commissioner of Financial Protection and Innovation to issue a conditional license to an applicant who holds or maintains a license to conduct virtual currency business activity in the State of New York, as specified, provided the license was issued or approved no later than January 1, 2023.
This bill would revise the above-described authorization to require that the license be issued or approved no later than January 1, 2025.
(2) The Digital Financial Assets Law defines “digital financial asset business activity” to mean any of specified activities, including, among others, exchanging, transferring, or storing a digital financial asset, as specified, or exchanging one or more digital representations of value used within one or more online games, game platforms, or family of games, as provided.
This bill would remove exchanging one or more digital representations of value used within one or more online games, game platforms, or family of games from the definition of “digital financial business activity.” The bill would specify that a “digital financial asset” does not include, among other things, a transaction in which a merchant grants digital representations of value that primarily relate to an affinity or rewards program, as provided, or a digital representation of value issued by or on behalf of a publisher and used primarily within online games or game platforms and that is not otherwise a digital financial asset.
The Digital Financial Assets Law declares that its provisions do not apply to specified activity, including by a person who does not receive compensation for providing digital financial asset products or services or for conducting financial asset business activity or that is engaged in testing products or services with the person’s own funds.
This bill would specify that the above-described exclusion includes a person who merely retains the ability to terminate, suspend, or interrupt a digital financial transaction solely to prevent unauthorized or fraudulent activity and who is not compensated for that service.
The Digital Financial Assets Law prohibits a covered person from exchanging, transferring, or storing a digital financial asset that is a stablecoin or engaging in digital financial asset administration of a stablecoin, as specified, unless certain conditions are met. However, existing law authorizes a covered person to exchange, transfer, or store a stablecoin or engage in digital financial asset administration of that stablecoin, as specified, if the stablecoin is approved by the commissioner and complies with certain requirements, restrictions, or prohibitions established by the commissioner.
This bill would repeal the above-described provisions related to stablecoins.
(3) The Digital Financial Assets Law requires a licensee to submit an annual report, as provided, containing specified information, including a description of any data security breach or cybersecurity event of the licensee. Existing law requires a licensee to file with the department, as applicable, a report of, among other things, a change in the licensee’s business for the conduct of its digital financial asset business activity with, or on behalf of, a resident that meets one of specified criteria, including that the proposed change might raise safety and soundness or operational concerns.
This bill would revise the above-described annual report to instead include a description of any material data security breach or cybersecurity event of the licensee. The bill would revise the specified criteria in the requirement to file the above-described report of a change in the licensee’s business to instead include that the proposed change might raise material safety and soundness or operational concerns.
Before engaging in digital financial asset business activity with a resident, the Digital Financial Assets Law requires a covered person, defined as a person required to obtain a license pursuant to that law, to disclose, as provided, certain information, including the resident’s right to at least 14 days’ prior notice of specified changes that have a material impact on digital financial asset business activity with the resident, or the policies applicable to the resident’s account. Existing law requires a covered exchange, as provided, to certify on a form provided by the department that the covered exchange has taken specified actions, except for any digital financial asset approved for listing on or before January 1, 2023. In a transaction for or with a resident, existing law prohibits the covered exchange from interjecting a third party between the covered exchange and the best market for the digital financial asset in a manner inconsistent with specified requirements.
This bill would prohibit the 14-day notice requirement from applying to changes in terms, conditions, or policies that are reasonably necessary to address a risk of loss to the resident or covered person, to the extent that the change does not relate to the fee schedule. The bill would instead exclude from the above-described certification requirement a digital financial asset approved for listing on or before January 1, 2025. The bill would require a covered person to provide and make available an up-to-date description of the order execution practices of the covered person, as specified. The bill would exempt a transaction in which a resident receives stablecoin, as defined, in exchange for legal tender or bank or credit union credit from the above-described prohibition against interjecting a third party.
The Digital Financial Assets Law requires an applicant, as provided, to create, and during licensure, maintain in a record specified policies and procedures. Existing law requires these policies and procedures be disclosed separately from other disclosures made available to a resident, as specified, except for, among other things, an adopted information security program or an operational security program.
This bill would instead exclude from the above-described requirement to disclose separately from other disclosures programs with information that is sensitive to potential security risks, as specified.
This bill would declare that it is to take effect immediately as an urgency statute.
Vote: 2/3   Appropriation: NO   Fiscal Committee: YES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 3102 of the Financial Code is amended to read:

3102.
 For purposes of this division:
(a) “Applicant” means a person that applies for a license under this division.
(b) “Bank” means a bank, savings bank, savings and loan association, savings association, or industrial loan company chartered under the laws of this state or any other state or under the laws of the United States.
(c) “Control” means both of the following:
(1) When used in reference to a transaction or relationship involving a digital financial asset, power to execute unilaterally or prevent indefinitely a digital financial asset transaction, unless the power to prevent indefinitely is limited to the ability to terminate, suspend, or interrupt a transaction solely in response to unauthorized or fraudulent activity.
(2) When used in reference to a person, the direct or indirect power to do either of the following:
(A) Vote 25 percent or more of any class of the voting securities issued by a person.
(B) Direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract, other than a commercial contract for goods or nonmanagement services, or otherwise, if no individual is deemed to control a person solely on account of being a director, officer, or employee of such person.
(d) “Covered person” means a person required to obtain a license pursuant to this division.
(e) “Credit union” means a credit union licensed under the laws of this state, or any other state, or a federal credit union chartered under the laws of the United States.
(f) “Department” means the Department of Financial Protection and Innovation.
(g) (1) “Digital financial asset” means a digital representation of value that is used as a medium of exchange, unit of account, or store of value, and that is not legal tender, whether or not denominated in legal tender.
(2) “Digital financial asset” does not include any of the following:
(A) A transaction in which a merchant grants, as part of an affinity or rewards program, digital representations of value that primarily relate to the affinity or rewards program and cannot be taken from or exchanged with the merchant for legal tender, bank or credit union credit, or a digital financial asset.
(B) A digital representation of value issued by or on behalf of a publisher and used primarily within online games or game platforms and that is not otherwise a digital financial asset.
(C) A security registered with or exempt from registration with the United States Securities and Exchange Commission or a security qualified with or exempt from qualifications with the department.
(D) A digital record of ownership, or equivalent thereto, of tangible or intangible goods, including, but not limited to, any of the following:
(i) Works of art, musical compositions, literary works, and similar intellectual property.
(ii) Collectibles, merchandise, virtual land, and in-game assets.
(iii) Digital affinity, loyalty, or rewards points granted by a merchant or a network of participating merchants if all of the following are true:
(I) The points cannot be redeemed with a participating merchant in exchange for legal tender, bank or credit union credit, or a digital financial asset.
(II) The points can only be redeemed by participating merchants as part of the purchase of goods or services, which does not include digital financial assets.
(III) The points are granted or redeemed by participating merchants pursuant to a formal loyalty program intended to reward frequent customers.
(iv) Licenses, tickets, and similar rights to attend events or participate in activities.
(h) “Digital financial asset business activity” means either of the following:
(1) Exchanging, transferring, or storing a digital financial asset.
(2) Holding electronic precious metals or electronic certificates representing interests in precious metals on behalf of another person or issuing shares or electronic certificates representing interests in precious metals.
(i) “Exchange,” when used as a verb, means to assume control of a digital financial asset from, or on behalf of, a resident, at least momentarily, to sell, trade, or convert either of the following:
(1) A digital financial asset for legal tender, bank or credit union credit, or one or more forms of digital financial assets.
(2) Legal tender or bank or credit union credit for one or more forms of digital financial assets.
(j)  “Executive officer” includes, but is not limited to, an individual who is a director, officer, manager, managing member, partner, or trustee of a person that is not an individual, or any other person who performs similar policymaking or policy implementation functions.
(k) “Insolvent” means any of the following:
(1) Having generally ceased to pay debts in the ordinary course of business other than as a result of a bona fide dispute.
(2) Being unable to pay debts as they become due.
(3) Being insolvent within the meaning of federal bankruptcy law.
(l) “Legal tender” means a medium of exchange or unit of value, including the coin or paper money of the United States, issued by the United States or by another government.
(m) “Licensee” means a person licensed or conditionally licensed under this division.
(n) (1) “Person” means an individual, partnership, estate, business or nonprofit entity, or other legal entity.
(2) “Person” does not include a government-sponsored enterprise, government, or governmental subdivision, agency, or instrumentality.
(o) “Record” means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.
(p) (1) “Resident” means any of the following:
(A) A person who is domiciled in this state.
(B) A person who is physically located in this state for more than 183 days of the previous 365 days.
(C) A person who has a place of business in this state.
(D) A legal representative of a person that is domiciled in this state.
(2) Notwithstanding paragraph (1), “resident” does not include a licensee or an affiliate, as defined in subdivision (a) of Section 90005, of a licensee.
(q) “Responsible individual” means an individual who has direct control over, or significant management policy and decisionmaking authority with respect to, a licensee’s digital financial asset business activity in this state.
(r) “SAFE Act” means the federal Secure and Fair Enforcement for Mortgage Licensing Act of 2008 (Public Law 110-289).
(s) “Sign” means, with present intent to authenticate or adopt a record, either of the following:
(1) To execute or adopt a tangible symbol.
(2) To attach to, or logically associate with, the record an electronic symbol, sound, or process.
(t) “State” means a state of the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, or any territory or insular possession subject to the jurisdiction of the United States.
(u) “Store,” except in the phrase “store of value,” means to maintain control of a digital financial asset on behalf of a resident by a person other than the resident. “Storage” and “storing” have corresponding meanings.
(v) “Transfer” means to assume control of a digital financial asset from, or on behalf of, a resident and to subsequently do any of the following:
(1) Credit the digital financial asset to the account of another person.
(2) Move the digital financial asset from one account of a resident to another account of the same resident.
(3) Relinquish control of a digital financial asset to another person.
(w) “United States dollar equivalent of digital financial assets” means the equivalent value of a particular digital financial asset in United States dollars shown on a digital financial asset exchange based in the United States for a particular date or period specified in this division.

SEC. 2.

 Section 3103 of the Financial Code is amended to read:

3103.
 (a) Except as otherwise provided in subdivision (b), this division governs the digital financial asset business activity of a person doing business in this state or, wherever located, who engages in or holds itself out as engaging in the activity with, or on behalf of, a resident.
(b) This division does not apply to activity by any of the following:
(1) The United States, a state, political subdivision of a state, agency, or instrumentality of federal, state, or local government, or a foreign government or a subdivision, department, agency, or instrumentality of a foreign government.
(2) A bank that is one of the following:
(A) A commercial bank or industrial bank, the deposits of which are insured by the Federal Deposit Insurance Corporation or its successor.
(B) A foreign (other nation) bank that is licensed under Chapter 20 (commencing with Section 1750) of Division 1.1 or that is authorized under federal law to maintain a federal agency or federal branch office in this state.
(C) An association or federal association, as defined in Section 5102, the deposits of which are insured by the Federal Deposit Insurance Corporation or its successor.
(3) A trust company licensed pursuant to Section 1042 or a national association authorized under federal law to engage in a trust banking business.
(4) A federally chartered or state-chartered credit union, with an office in California, the member accounts of which are insured or guaranteed as provided in Section 14858.
(5) A person whose participation in a payment system is limited to providing processing, clearing, or performing settlement services solely for transactions between or among persons that are exempt from the licensing requirements of this division.
(6) A person engaged in the business of dealing in foreign exchange to the extent the person’s activity meets the definition in Section 1010.605(f)(1)(iv) of Title 31 of the Code of Federal Regulations.
(7) A person that is any of the following:
(A) A person that contributes only connectivity software or computing power to securing a network that records digital financial asset transactions or to a protocol governing transfer of the digital representation of value.
(B) A person that provides only data storage or security services for a business engaged in digital financial asset business activity and does not otherwise engage in digital financial asset business activity on behalf of another person.
(C) A person that provides only to a person otherwise exempt from this division a digital financial asset as one or more enterprise solutions used solely among each other and that does not have an agreement or a relationship with a resident that is an end user of a digital financial asset.
(8) A person using a digital financial asset, including creating, investing, buying or selling, or obtaining a digital financial asset as payment for the purchase or sale of goods or services, solely on the person’s own behalf for personal, family, or household purposes or for academic purposes.
(9) A person whose digital financial asset business activity with, or on behalf of, residents is reasonably expected to be valued, in the aggregate, on an annual basis at fifty thousand dollars ($50,000) or less, measured by the United States dollar equivalent of digital financial assets.
(10) An attorney to the extent of providing escrow services to a resident.
(11) A title insurance company to the extent of providing escrow services to a resident.
(12) A secured creditor under Division 9 (commencing with Section 9101) of the Commercial Code or a creditor with a judicial lien, or lien arising by operation of law, on collateral that is a digital financial asset, if the digital financial asset business activity of the creditor is limited to enforcement of the security interest in compliance with Division 9 (commencing with Section 9101) of the Commercial Code or lien in compliance with the law applicable to the lien.
(13) A person that does not receive compensation, either directly or indirectly, for providing digital financial asset products or services or for conducting digital financial asset business activity, including a person who merely retains the ability to terminate, suspend, or interrupt a digital financial transaction solely to prevent unauthorized or fraudulent activity and who is not compensated for that service, or that is engaged in testing products or services with the person’s own funds.
(14) Any entity or futures commission merchant, swap dealer, or introducing broker registered under the federal Commodity Exchange Act (7 U.S.C. Sec. 1, et seq.) to the extent those activities are conducted under authority of that act, are actually regulated by the Commodity Futures Trading Commission, and are entitled to preemption.
(15) A person registered as a securities broker-dealer under federal or state securities laws to the extent of its operation as a broker-dealer.
(16) A person that provides clearance or settlement services pursuant to a registration as a clearing agency or an exemption from registration granted under the federal securities laws to the extent of its operation as such a provider.
(17) A merchant that accepts a digital financial asset as payment for the purchase or sale of goods or services, which does not include digital financial assets.
(c) (1) The commissioner may, by regulation or order, either unconditionally or upon specified terms and conditions or for specified periods, exempt from all or part of this division any person or transaction, or class of persons or transactions, if the commissioner finds such action to be in the public interest and that the regulation of such persons or transactions is not necessary for the purposes of this division.
(2) The commissioner shall post on the commissioner’s internet website a list of all persons, transactions, or classes of person or transactions exempt pursuant to this section, and the part or parts of this division from which they are exempt.
(3) The commissioner may, by regulation or order, amend or rescind any exemption made pursuant to this subdivision.

SEC. 3.

 Section 3201 of the Financial Code is amended to read:

3201.
 On or after July 1, 2026, a person shall not engage in digital financial asset business activity, or hold itself out as being able to engage in digital financial asset business activity, with or on behalf of a resident unless any of the following is true:
(a) The person is licensed in this state by the department under Section 3203.
(b) The person submits a completed application on or before July 1, 2026, and is awaiting approval or denial of that application.
(c) The person is exempt from licensure under this division pursuant to Section 3103.

SEC. 4.

 Section 3205 of the Financial Code is amended to read:

3205.
 (a) The commissioner may issue a conditional license to an applicant who holds or maintains a license to conduct virtual currency business activity in the State of New York pursuant to Part 200 of Title 23 of the New York Code of Rules and Regulations or a charter as a New York State limited purpose trust company with approval to conduct a virtual currency business under New York law, provided the license was issued or approved no later than January 1, 2025, and the applicant pays all appropriate fees and complies with the requirements of this division.
(b) The commissioner may issue a conditional license to an applicant pending compliance with the requirements of Section 3219 if all of the following conditions are met:
(1) The applicant has supplied all fingerprints required under Section 3219.
(2) The applicant meets all other requirements for licensure.
(3) Notwithstanding the commissioner’s reasonable efforts, the commissioner has been unable to complete the criminal history investigations required by Section 3219 with reasonable speed.
(c) A conditional license issued pursuant to this section shall expire at the earliest of the following:
(1) Upon issuance of an unconditional license.
(2) Upon denial of a license application.
(3) Upon revocation of a license issued pursuant to Part 200 of Title 23 of the New York Code of Rules and Regulations or disapproval or revocation of a charter as a New York State limited purpose trust company with approval to conduct a virtual currency business under New York law.

SEC. 5.

 Section 3211 of the Financial Code is amended to read:

3211.
 (a) Subject to subdivision (h), between October 1 and November 1 of each year, a licensee shall submit to the department an annual report under subdivision (b).
(b) The annual report required by subdivision (a) shall be submitted in a form and medium prescribed by the department. The report shall contain all of the following:
(1) Either a copy of the licensee’s most recent reviewed annual financial statement, if the gross revenue generated by the licensee’s digital financial asset business activity in this state was not more than two million dollars ($2,000,000) for the fiscal year ending before the anniversary date of issuance of its license under this division, or a copy of the licensee’s most recent audited annual financial statement, if the licensee’s digital financial asset business activity in this state amounted to more than two million dollars ($2,000,000), for the fiscal year ending before the anniversary date.
(2) If a person other than an individual has control of the licensee, a copy of either of the following:
(A) The person’s most recent reviewed annual financial statement, if the person’s gross revenue was not more than two million dollars ($2,000,000) in the previous fiscal year measured as of the anniversary date of issuance of its license under this division.
(B) The person’s most recent audited consolidated annual financial statement, if the person’s gross revenue was more than two million dollars ($2,000,000) in the previous fiscal year measured as of the anniversary date of issuance of its license under this division.
(3) A description of any of the following:
(A) Any material change in the financial condition of the licensee.
(B) Any material litigation related to the licensee’s digital financial asset business activity and involving the licensee or an executive officer or responsible individual of the licensee.
(C) Any international, federal, state, or local investigation of the licensee, where permitted by applicable law.
(D) (i) Any material data security breach or cybersecurity event of the licensee.
(ii) A description of a data security breach pursuant to this subparagraph does not constitute disclosure or notification of a security breach for purposes of Section 1798.82 of the Civil Code.
(4) Information or records required by Section 3307 that the licensee has not reported to the department.
(5) The number of digital financial asset business activity transactions with, or on behalf of, residents for the period since, subject to subdivision (h), the later of the date the license was issued or the date the last annual report was submitted.
(6) (A) The amount of United States dollar equivalent of digital financial asset in the control of the licensee at, subject to subdivision (h), the end of the last month that ends not later than 30 days before the date of the annual report.
(B) The total number of residents for whom the licensee had control of United States dollar equivalent of digital financial assets on that date.
(7) Evidence that the licensee is in compliance with Section 3503.
(8) Evidence that the licensee is in compliance with Section 3205.
(9) A list of all locations where the licensee engages in its digital financial asset business activity.
(10) The number of residents with whom, or on behalf of, the licensee engaged in digital financial asset business activity between September 30 of the preceding year and October 1 of the year in which the licensee is submitting the annual report.
(11) Any other information the department requires by rule.
(c) (1) On or before February 28 of each year, a licensee and an applicant operating under this division without a license pursuant to subdivision (b) of Section 3201 shall pay its pro rata cost share of all costs and expenses reasonably incurred in the administration of this division, as estimated by the commissioner, for the ensuing year and any deficit actually incurred or anticipated in the administration of the program in both the year in which the assessment is made and the preceding year.
(2) The pro rata cost share described in paragraph (1) shall be the proportion of residents with whom, or on behalf of, a licensee or an applicant operating under this division without a license pursuant to subdivision (b) of Section 3201 engages in digital financial asset business activity bears to the aggregate residents with whom, or on behalf of, all licensees and applicants operating under this division without a license pursuant to subdivision (b) of Section 3201 engage in digital financial asset business activity, as determined by the commissioner, for the costs and expenses reasonably incurred in the administration of this division, not including any costs covered by the fees or cost recoveries under Section 3203 or cost recoveries under Section 3301.
(3) On or before January 31 of each year, the commissioner shall notify each licensee and applicant operating under this division without a license pursuant to subdivision (b) of Section 3201 of the amount assessed and levied against it.
(4) The commissioner may use funds obtained by the commissioner through the enforcement of this division, including, but not limited to, moneys received through fines, penalties, settlements, or judgements, for the administration of this division, which shall offset amounts assessed and levied against pursuant to this subdivision.
(5) The department may adopt rules that change the calculation of the pro rata cost share and the dates on which assessment notifications and payments are due pursuant to this subdivision, except that the amount of the pro rata cost share shall not exceed the costs and expenses reasonably incurred in the administration of this division.
(d) (1) Following at least five business days’ notice to the licensee, the commissioner may by order summarily suspend or revoke the license of any licensee that fails to comply with subdivisions (a) to (c), inclusive, by March 31 of the year in which an assessment is made pursuant to subdivision (c).
(2) The licensee may request a hearing on the order within 30 days of receipt of the notice.
(3) If the licensee timely requests a hearing on the order and a hearing is not held within 60 days of that request, the order shall be deemed rescinded as of the effective date of the order.
(e) If the department suspends or revokes a license under this division for noncompliance with subdivisions (a) to (c), inclusive, the department may end the suspension or rescind the revocation and notify the licensee of the action if, subject to subdivision (h), not later than 20 days after the license was suspended or revoked, the licensee files an annual report required by subdivision (a), a pro rata cost share required by subdivision (c), and pays any penalty assessed under Section 3407.
(f) The department shall give prompt notice to a licensee of the lifting of a suspension or rescission of a revocation after the licensee complies with subdivision (e).
(g) Suspension or revocation of a license under this section does not invalidate a transfer or exchange of digital financial assets for, or on behalf of, a resident made during the suspension or revocation and does not insulate the licensee from liability under this division.
(h) The department may extend a period under this section.

SEC. 6.

 Section 3307 of the Financial Code is amended to read:

3307.
 (a) A licensee shall file with the department a report of the following, as may be applicable:
(1) A material change in information in the application for a license under this division or the most recent annual report of the licensee under this division.
(2) A change in the licensee’s business for the conduct of its digital financial asset business activity with, or on behalf of, a resident that meets one of the following criteria:
(A) The change may raise a legal or regulatory issue about the permissibility of the licensee’s digital financial business activity.
(B) The proposed change might raise material safety and soundness or operational concerns.
(C) The proposed change is to digital financial business activity that may cause such activity to be materially different from that previously listed on the application for licensing by the commissioner.
(3) A change of an executive officer, responsible individual, or person in control of the licensee.
(b) A report required by this section shall be filed not later than 15 days after the change described in subdivision (a).

SEC. 7.

 Section 3501 of the Financial Code is amended to read:

3501.
 (a) When engaging in digital financial business activity with a resident, a covered person shall provide to a resident the disclosures required by subdivision (b) and any additional disclosure the department by rule determines reasonably necessary for the protection of residents. The department shall determine by rule the time and form required for disclosure. A disclosure required by this section shall be made separately from any other information provided by the covered person and in a clear and conspicuous manner in a record the resident may keep. A covered person may propose, for the department’s approval, alternate disclosures as more appropriate for its digital financial asset business activity with, or on behalf of, residents.
(b) Before engaging in digital financial asset business activity with a resident, a covered person shall disclose, to the extent applicable to the digital financial asset business activity the covered person will undertake with the resident, all of the following:
(1) A schedule of fees and charges the covered person may assess, the manner by which fees and charges will be calculated if they are not set in advance and disclosed, and the timing of the fees and charges.
(2) Whether the product or service provided by the covered person is covered by either of the following:
(A) A form of insurance or other guarantee against loss by an agency of the United States as follows:
(i) Up to the full United States dollar equivalent of digital financial assets placed under the control of, or purchased from, the covered person as of the date of the placement or purchase, including the maximum amount provided by insurance under the Federal Deposit Insurance Corporation, National Credit Union Share Insurance Fund, or otherwise available from the Securities Investor Protection Corporation.
(ii) If not provided at the full United States dollar equivalent of the digital financial asset placed under the control of or purchased from the covered person, the maximum amount of coverage for each resident expressed in the United States dollar equivalent of the digital financial asset.
(B) (i) Private insurance against theft or loss, including cybertheft or theft by other means.
(ii) Upon request of a resident with whom a covered person engages in digital financial asset business activity, a covered person shall disclose the terms of the insurance policy to the resident in a manner that allows the resident to understand the specific insured risks that may result in partial coverage of the resident’s assets.
(3) The irrevocability of a transfer or exchange and any exception to irrevocability.
(4) A description of all of the following:
(A) The covered person’s liability for an unauthorized, mistaken, or accidental transfer or exchange.
(B) The resident’s responsibility to provide notice to the covered person of an unauthorized, mistaken, or accidental transfer or exchange.
(C) The basis for any recovery by the resident from the covered person in case of an unauthorized, mistaken, or accidental transfer or exchange.
(D) General error resolution rights applicable to an unauthorized, mistaken, or accidental transfer or exchange.
(E) The method for the resident to update the resident’s contact information with the covered person.
(5) That the date or time when the transfer or exchange is made and the resident’s account is debited may differ from the date or time when the resident initiates the instruction to make the transfer or exchange.
(6) Whether the resident has a right to stop a preauthorized payment or revoke authorization for a transfer and the procedure to initiate a stop-payment order or revoke authorization for a subsequent transfer.
(7) The resident’s right to receive a receipt, trade ticket, or other evidence of the transfer or exchange.
(8) The resident’s right to at least 14 days’ prior notice of a change in the covered person’s fee schedule, other terms and conditions that have a material impact on digital financial asset business activity with the resident, or the policies applicable to the resident’s account. The 14-day notice requirement shall not apply to changes in terms and conditions or policies that are reasonably necessary to address a risk of loss to the resident or the covered person, to the extent that the change does not relate to the covered person’s fee schedule.
(9) That no digital financial asset is currently recognized as legal tender by California or the United States.
(10) (A) A list of instances in the past 12 months when the covered person’s service was unavailable to 10,000 or more customers seeking to engage in digital financial asset business activity due to a service outage on the part of the covered person and the causes of each identified service outage.
(B) As part of the disclosure required by this paragraph, the covered person may list any steps the covered person has taken to resolve underlying causes for those outages.
(c) Except as otherwise provided in subdivision (d), at the conclusion of a digital financial asset transaction with, or on behalf of, a resident, a covered person shall provide the resident a confirmation in a record which contains all of the following:
(1) The name and contact information of the covered person, including the toll-free telephone number required under Section 3507.
(2) The type, value, date, precise time, and amount of the transaction.
(3) The fee charged for the transaction, including any charge for conversion of a digital financial asset to legal tender, bank credit, or other digital financial asset, as well as any indirect charges.
(d) If a covered person discloses that it will provide a daily confirmation in the initial disclosure under subdivision (c), the covered person may elect to provide a single, daily confirmation for all transactions with, or on behalf of, a resident on that day instead of a per transaction confirmation.

SEC. 8.

 Section 3505 of the Financial Code is amended to read:

3505.
 (a) (1) Except as provided for under paragraph (2), a covered exchange, prior to listing or offering a digital financial asset that the covered exchange can exchange on behalf of a resident, shall certify on a form provided by the department that the covered exchange has done the following:
(A) Identified the likelihood that the digital financial asset would be deemed a security by federal or California regulators.
(B) Provided, in writing, full and fair disclosure of all material facts relating to conflicts of interest that are associated with the covered exchange and the digital financial asset.
(C) Conducted a comprehensive risk assessment designed to ensure consumers are adequately protected from cybersecurity risk, risk of malfeasance, including theft, risks related to code or protocol defects, or market-related risks, including price manipulation and fraud.
(D) Established policies and procedures to reevaluate the appropriateness of the continued listing or offering of the digital financial asset, including an evaluation of whether material changes have occurred.
(E) Established policies and procedures to cease listing or offering the digital financial asset, including notification to affected consumers and counterparties.
(2) Certification by a covered exchange shall not be required for any digital financial asset approved for listing on or before January 1, 2025, by the New York Department of Financial Services pursuant to Part 200 of Title 23 of the New York Code of Rules and Regulations.
(3) The department, after a finding that a covered exchange has listed or offered a digital financial asset without appropriate certification or after a finding that material misrepresentations were made in the certification process, shall require the covered exchange to cease offering or listing the digital financial asset and may assess the civil penalty of up to twenty thousand dollars ($20,000) per day the violation has occurred.
(b) (1) A covered exchange shall make every effort to execute a resident’s request to exchange a digital financial asset that the covered exchange receives fully and promptly.
(2) (A) A covered exchange shall use reasonable diligence to ensure that the outcome to the resident is as favorable as possible under prevailing market conditions. Compliance with this paragraph shall be determined by factors, including, but not limited to, all of the following:
(i) The character of the market for the digital financial asset, including price and volatility.
(ii) The size and type of transaction.
(iii) The number of markets checked.
(iv) Accessibility of appropriate pricing.
(B) At least once every six months, a covered exchange shall review aggregated trading records of residents against benchmarks to determine execution quality, shall investigate the causes of any variance, and shall promptly take action to remedy issues identified in that review.
(3) (A) In a transaction for or with a resident, the covered exchange shall not interject a third party between the covered exchange and the best market for the digital financial asset in a manner inconsistent with this subdivision.
(B) This paragraph does not apply to a transaction in which a resident receives stablecoin in exchange for legal tender or bank or credit union credit. For purposes of this subparagraph, “stablecoin” has the same meaning as “payment stablecoin,” as defined in Section 5901 of Title 12 of the United States Code.
(4) If a covered exchange cannot execute directly with a market and employs other means in order to ensure an execution advantageous to the resident, the burden of showing the acceptable circumstances for doing so is on the covered exchange.
(5) A covered exchange shall provide and make available to a resident an up-to-date description of the order execution practices of the covered exchange, which shall include a description of how the covered exchange receives and achieves the order preferences of a resident.
(6) Nothing in this subdivision shall be construed to authorize the department to impose, by rule, specific trade routing rules.
(c) For purposes of this section:
(1) “Conflict of interest” means an interest that might incline a covered exchange or a natural person who is an associated person of a covered exchange to make a recommendation that is not disinterested.
(2) “Covered exchange” means a covered person that exchanges or holds itself out as being able to exchange a digital financial asset for a resident.
(d) Failure of a particular policy or procedure adopted under this section to meet its goals in a particular instance is not a ground for liability of the licensee if the policy or procedure was created, implemented, and monitored properly. Repeated failures of a policy or procedure are evidence that the policy or procedure was not created or implemented properly.

SEC. 9.

 Chapter 6 (commencing with Section 3601) of Division 1.25 of the Financial Code is repealed.

SEC. 10.

 Section 3701 of the Financial Code is amended to read:

3701.
 (a) An applicant, before submitting an application, shall create and, during licensure, maintain in a record policies and procedures for all of the following:
(1) An information security program and an operational security program.
(2) A business continuity program.
(3) A disaster recovery program.
(4) An antifraud program.
(5) A program to prevent money laundering.
(6) A program to prevent funding of terrorist activity.
(7) (A) A program designed to ensure compliance with this division and other laws of this state or federal laws applicable to the digital financial asset business activity contemplated by the licensee with, or on behalf of, residents and to assist the licensee in achieving the purposes of other state laws and federal laws if violation of those laws has a remedy under this division.
(B) The program described by this paragraph shall specify detailed policies and procedures that the licensee undertakes to minimize the probability that the licensee facilitates the exchange of unregistered securities.
(b) A policy required by subdivision (a) shall be in a record and designed to be adequate for a licensee’s contemplated digital financial asset business activity with, or on behalf of, residents, considering the circumstances of all participants and the safe operation of the activity. Any policy and implementing procedure shall be compatible with other policies and the procedures implementing them and not conflict with policies or procedures applicable to the licensee under other state law. A policy and implementing procedure may be one in existence in the licensee’s digital financial asset business activity with, or on behalf of, residents.
(c) A licensee’s policy for detecting fraud shall include all of the following:
(1) Identification and assessment of the material risks of its digital financial asset business activity related to fraud, which shall include any form of market manipulation and insider trading by the licensee, its employees, or its customers.
(2) Protection against any material risk related to fraud identified by the department or the licensee.
(3) Periodic evaluation and revision of the antifraud procedure.
(d) A licensee’s policy for preventing money laundering and financing of terrorist activity shall include all of the following:
(1) Identification and assessment of the material risks of its digital financial asset business activity related to money laundering and financing of terrorist activity.
(2) Procedures, in accordance with federal law or guidance published by federal agencies responsible for enforcing federal law, pertaining to money laundering and financing of terrorist activity.
(3) Filing reports under the Bank Secrecy Act (31 U.S.C. Sec. 5311 et seq.) or Chapter X of Title 31 of the Code of Federal Regulations and other federal or state law pertaining to the prevention or detection of money laundering or financing of terrorist activity.
(e) A licensee’s information security and operational security policy shall include reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of any nonpublic personal information or digital financial asset it receives, maintains, or transmits.
(f) A licensee shall file with the department a copy of a report it makes to a federal authority.
(g) A licensee’s protection policy under subdivision (e) for residents shall include all of the following:
(1) Any action or system of records required to comply with this division and other state law applicable to the licensee with respect to digital financial asset business activity with, or on behalf of, a resident.
(2) A procedure for resolving disputes between the licensee and a resident.
(3) A procedure for a resident to report an unauthorized, mistaken, or accidental digital financial asset business activity transaction.
(4) A procedure for a resident to file a complaint with the licensee and for the resolution of the complaint in a fair and timely manner with notice to the resident as soon as reasonably practical of the resolution and the reasons for the resolution.
(h) After the policies and procedures required under this section are created by the licensee, the licensee shall engage a responsible individual with adequate authority and experience to monitor each policy and procedure, publicize it as appropriate, recommend changes as desirable, and enforce it.
(i) A licensee may request advice from the department as to compliance with this section and, with the department’s approval, outsource functions, other than compliance, required under this section, and may request a determination from the department that a policy or procedure is not subject to the disclosure requirement described in subdivision (k) due to potential security risks.
(j) Failure of a particular policy or procedure adopted under this section to meet its goals in a particular instance is not a ground for liability of the licensee if the policy or procedure was created, implemented, and monitored properly. Repeated failures of a policy or procedure are evidence that the policy or procedure was not created or implemented properly.
(k) (1) Except as provided in paragraph (2), policies and procedures adopted under this section shall be disclosed separately from other disclosures made available to a resident, in a clear and conspicuous manner and in the medium through which the resident contacted the licensee.
(2) This subdivision does not apply to either of the following:
(A) Programs with information that is sensitive to potential security risks, including those programs described in paragraphs (1) to (6), inclusive, of subdivision (a).
(B) Any policy or procedure the department previously determined is not subject to this subdivision due to potential security risks.

SEC. 11.

 This act is an urgency statute necessary for the immediate preservation of the public peace, health, or safety within the meaning of Article IV of the California Constitution and shall go into immediate effect. The facts constituting the necessity are:
The Digital Financial Assets Law is set to become operative on July 1, 2026, and the changes proposed by this act are necessary to update the law prior to the operative date.