In this episode, Ethan Ostroff and Addison Morgan discuss California's Digital Financial Assets Law (DFAL), set to take effect on July 1, 2025.
In this episode of The Crypto Exchange, Troutman Pepper Partner Ethan Ostroff welcomes his colleague Addison Morgan to discuss California's Digital Financial Assets Law (DFAL), set to take effect on July 1, 2025. The DFAL provides a comprehensive framework for licensing and overseeing businesses that engage in digital financial business activities with residents of California.
Ethan and Addison delve into key provisions of the DFAL, including the definitions of digital financial asset, digital financial asset business activity, and resident. They also explore the DFAL's broad definition of digital financial asset, which includes all tradable digital assets but excludes certain asset classes, like tokenized real-world assets. Ethan and Addison also examine the DFAL's licensing regime, supervisory and enforcement powers, and requirements for consumer disclosures.
To conclude their discussion, Ethan and Addison analyze the DFAL's provisions related to stablecoins, which are digital financial assets pegged to the U.S. dollar or another national currency. The DFAL mandates that stablecoin issuers be licensed, maintain a one-to-one ratio of reserves to issued stablecoins, and provide for a repository of DFPI-approved stablecoins.
The Crypto Exchange: Unraveling the Crypto Code: California's New DFAL Explained
Host: Ethan Ostroff
Guest: Addison Morgan
Ethan Ostroff:
Welcome to another episode of The Crypto Exchange, a Troutman Pepper Podcast focusing on the world of digital assets. As longtime leaders in the intersecting worlds of law, business and government regulations, our lawyers can go beyond the buzzwords and headlines to make sense of the emerging legal and regulatory frameworks for operating in the digital asset industry.
I'm Ethan Ostroff, the host of the podcast, and a partner at Troutman Pepper. Before we jump into today's episode, let me remind our listeners to visit and subscribe to our blogs, to consumerfinancialserviceslawmonitor.com and troutmanpepperfinancialservices.com. Don't forget to check out our other podcasts on troutman.com/podcast. We have episodes that focus on trends that drive the payments industry, consumer financial services. Generally, the Fair Credit Reporting Act and more. Make sure to subscribe to hear the latest episodes.
Today I'm joined by my colleague Addison Morgan to discuss California's recently enacted digital financial assets law or DFAL, which will take effect on July 1, 2025. DFAL establishes a comprehensive framework for the licensing and oversight of businesses that engage in digital financial asset business activities, with or on behalf of California residents. Addison, I'm looking forward to our discussion today and really appreciate you joining me.
So, just by way of background, October 13th of last year, Governor Newsom of California signed Assembly Bill 39, the digital financial assets law. It becomes effective July 1, 2025. And as of that date, like New York, California will have in place a comprehensive regulatory framework for entities who want to engage in digital asset-related activities with residents of California. The DFAL contains plenty of defined terms, each of which are important. But I thought we might begin our discussion of this new law by highlighting the key provisions that industry stakeholders need to be aware of.
Addison Morgan:
Sure. In that case, I think we should begin by discussing three defined terms. Digital financial asset, digital financial asset business activity, and the term resident. Because if you think about it, the crux of the DFAL is that as of July 1, 2025, like you stated earlier, persons that have not obtained a DFAL license will be prohibited from engaging in digital financial asset business activity with residents of California.
Ethan Ostroff:
So, before a person determines whether it's engaging in digital financial asset business activity with California residents, it's first to figure out whether its business activity involves a digital asset at all right? I mean, how does the law in California define that term?
Addison Morgan:
Exactly right. So, the DFAL defines this term pretty broadly. The term digital financial asset means a digital representation of value that is used as either a medium of exchange, unit of account, or store value and that is not legal tender, whether or not denominated in legal tender. Here, I think there's a ton to unpack.
First, this term seems to encompass all tradable digital assets. If you think about it, if I can sell a digital asset on an exchange, in that setting, it's functioning as a medium of exchange. Additionally, industry stakeholders generally describe Bitcoin as a store of value akin to physical gold, due to his deflationary properties. So, because none of these assets are legal tender, at least not yet, because they are not recognized by US law to settle private debts, I think those assets would fall within the scope of the definition, digital financial asset.
But on the flip side, I don't think this term would apply to asset classes like tokenize intellectual property, for example. So, if a company were to convert its ownership right of a patent into a digital token, maintained on the blockchain, I don't think that this digital representation of the patent would constitute a digital financial asset within the meaning of the law. Now, if the company were to sell this tokenized patent, and then it likely will become a medium of exchange, and would be subject to DFAL, but simply tokenizing, kind of static IP rights does not seem to fall within the scope of that definition.
Ethan Ostroff:
So, there's the potential for tokenized real-world assets to fall outside of the definition of digital asset. Is that sort of how you view it?
Addison Morgan:
That's my take. And it's only because they add those parameters, medium of exchange, store value, unit of account. If I think about like, static documents, like a title, or a car title, legal title to a home, et cetera, these analog documents that can be tokenized, but don't necessarily have any meaningful value on their own. I think those would fall outside the scope of the definition.
Ethan Ostroff:
Interesting. So, in, I guess the use of legal tender there also is tied to the definition of legal tender under California state law. Is that right?
Addison Morgan:
Yes.
Ethan Ostroff:
And my recollection is like legal tender are sort of subject to state law and defined differently in different state laws. And there's some states who've actually taken steps to try to broaden the definition of legal tender to encompass digital assets. Right?
Addison Morgan:
Agreed.
Ethan Ostroff:
So, it's an interesting dynamic that's happening, that they're including that legal tender aspect of the definition. But some states are taking steps to bring digital assets within the meaning of legal tender.
So, my recollection as well, is that there are these asset classes excluded from the definition, specifically in the law. How would you describe those asset classes that are excluded?
Addison Morgan:
I'll do that. But for just a brief clarification, just for our listeners, if a person’s business activity revolves around an asset class that falls outside the scope of the term digital financial asset, then the person does not need to be licensed under DFAL. We'll get into more of that later. But I thought it was appropriate just to mention that small caveat here.
But I think we can place these excluded asset classes into three categories. First, there seems to be a merchant exclusion. So, if a merchant has some rewards program with its consumer base, where it has some proprietary digitized reward that cannot be taken from, or exchanged with the merchant for legal tender, there goes that term, again. Legal tender bank, or credit union credit, or a digital financial asset, that particular digitized reward does not constitute a digital financial asset.
We now move on to the online game publisher exclusion, and these exclusions that I'm using or the names I'm using, they're not actually in the law. I just kind of made them up to make it easier for our listeners. But the second one is the online game publisher exclusion. And so, if an online game publisher creates a digitized reward, again, or digital reputation value, and it remains solely within that online game, meaning that the users of this game cannot take that digitized reward and exchange it for legal tender bank or credit union outside of the game itself, then that asset does not constitute a digital financial asset within the scope of the law.
Then, we have a final exclusion, and I'm referring to this as the SEC's exclusion. So, any security registered with or exempt for registration with the SEC is not a digital financial asset. I thought this was an interesting occlusion only because, and I'm going to go back to the topic of tokenization. If equities are tokenized in the future, then that would mean that all exchanges and stock exchanges would be exempt from this law, because they're all issuing, or presumably so, they're all issuing securities that have already been registered with the SEC.
Ethan Ostroff:
Well, the exemption for things that don't have to be registered with the SEC is sort of like the exception that can swallow the rule, right?
Addison Morgan:
Yes.
Ethan Ostroff:
That seems to be one of the major issues here that we're going to have coming down the pipeline is that people certainly take the position that certain types of digital assets are exempt from the registration requirements of the SEC, and so they would take the same position with California under DFAL, right?
Addison Morgan:
Yes. Very good point.
Ethan Ostroff:
So, you mentioned earlier digital financial asset business activity. How does this law define that term, and assuming a person's business involves a digital financial asset as defined by DFAL, what are the implications of that term?
Addison Morgan:
This is the DFAL's most important definition. Industry stakeholders must keenly review it to determine whether their business models fall within the scope of one of the three categories that the DFAL characterizes as digital financial asset business activity.
Exchanging, transferring, or storing a digital financial asset. The DFAL actually defines those three subterms, exchanging, transferring, and storing. So, we should discuss them now. exchange refers to the selling, trading, or conversion of a digital financial asset to legal tender, or another digital financial asset, or vice versa, converting legal tender to a digital financial asset.
Transferring refers to the assumption of control of a digital financial asset on behalf of a resident to do any of the following. So you can credit the digital financial asset to the account of another person on behalf of the resident, move the digital financial asset from one account of a resident to another account of the same resident, or relinquish control of a digital financial asset.
And then lastly, the term storing refers to controlling a digital financial asset on behalf of a resident by someone other than the resident. that's just the beginning of that first category. There's a back end to that first category as well, where it says Exchanging transferring or storing a digital financial asset or engaging in digital financial asset administration.
Another defined term, whether directly or through an agreement with a digital financial asset control services vendor. And so in that first category, we not only have exchanging, transferring or storing as defined terms. We also have Digital Financial Asset Administration, which refers to those entities that issue digital financial assets.
And then we also have Digital Financial Asset Control Services Vendor, which are those entities who provide custodial services in the digital financial asset industry. The second category under this term. Seems to apply to entities who issue tokenized precious metals. And so the full definition reads holding electronic precious metals or electronic certificates representing interest in precious metals on behalf of another person or issuing shares of electronic certificates.
representing interest in precious metals. And so like I stated, that category seems to apply to the kind of forward-thinking entities in the digital financial asset market today who have taken the reins on providing tokenized precious metals, whether that be gold or silver, to the general marketplace.
And then the last category under this definition applies to video game publishers. If a video game publisher exchanges, and there goes that defined term again, one or more digital representations of value, which presumably could be the publisher's own proprietary in game digital reward. if they provide this in game reward, within one or more online games, for either a digital financial asset also offered by the game publisher, Or legal tender offered by the game publisher, then the video game publisher is engaging in digital financial asset business activity.
And so it is important to note that it is okay for video game publishers to offer in game rewards to their customer base. So long as the video game publisher does not provide the customer base with an avenue to exchange the in-game rewards for either digital financial assets or legal tender.
Ethan Ostroff:
So, if you have my private key, then you're conducting digital financial asset business activity?
Addison Morgan:
Exactly.
Ethan Ostroff:
If I'm a California resident, and I hire you to custody, and you have my private key, then you're engaging in digital financial asset business activity.
Addison Morgan:
Exactly. Yes. So, you don't necessarily have to be a digital financial asset exchange, or any of the typical digital asset-related entities who we think about. You can simply be a custodian and still have to comply with the ledger requirements of DFAL.
Ethan Ostroff:
Yes, it's interesting. This is going to potentially encompass a lot of various players in this space who perform various types of third-party vendor functions, right?
Addison Morgan:
Yes. And if you think about it, I just want to clarify, even if, because there’s an “or” here. So, even if you don't engage in the exchanging, transferring, and storing of digital financial assets, if you just simply engage a custodian, you still have to obtain a license. It says, “Or engaging in digital financial asset administration, whether directly or through an agreement.”
So, some companies, they might have, for example, access to consumer’s digital financial assets, but instead of acting as a custodian themselves, they delegate that role to another organization who specializes in securing digital financial assets. So, in that instance, company A, the company delegating the role to the custodian, will still have to obtain a license. So, to your point, I do believe that this law is all-encompassing, and we will see – there will be some interesting issues that arise, just due to the breadth of definitions included.
Ethan Ostroff:
You mentioned the term resident earlier, too. Is that a critical defined term as well? And why is that?
Addison Morgan:
So, the law only prohibits licensed entities from engaging in digital financial asset business activity with residents of California. In other words, the DFPI cannot seek recourse against an unlicensed person for engaging in digital financial asset business activity with residents of Florida. Because their regulatory authority does not extend that far. So, the law defines the term resident as a person domiciled in California, a person who is physically located in California for more than 183 days of the previous year, a person who has a place of business in California, and a legal representative of a person that is domiciled in California.
Ethan Ostroff:
It creates some very difficult issues for companies to identify whether or not their customers actually qualify as a resident, right? I mean, they do KYC presently, and someone lives in Florida. But last year, they spent 183 days in California, right?
Addison Morgan:
Right.
Ethan Ostroff:
It's kind of an interesting scenario for how companies are going to try to figure out whether or not their customers fall within the definition of a California resident. So, just sort of summarizing, if your business model involves exchanging, storing, or transferring of digital financial asset or otherwise, engaging a digital financial asset control services vendor to custody digital financial services assets from half, you would be subject to the DFAL’s licensure requirement.
So, now that we have sort of a decent sense of which activities implicate the licensure requirements under DFAL, thinking maybe we can talk a little bit about the ins and outs of the licensing regime. What are some of the few notable requirements of the DFAL license application that listeners might want to be aware of?
Addison Morgan:
Sure. I think many of the requirements relate to whether the licensee currently holds any financial regulatory licenses and if the applicant or licensee is required to register with FinCEN as a money services business. I think also, the requirements relate to documentation demonstrating that the applicant has capital and liquidity requirements as required by DFAL, and the plans under which the applicant will meet its obligations to institute policies, procedures, required by DFAL, included but not limited to anti-money laundering programs, customer protection policy programs, and the like.
Ethan Ostroff:
So, the DFPI gets a company's completed application. What does it do next?
Addison Morgan:
After receiving an applicant's completed application, the DFPI will, among other things, investigate whether the applicant has sound financial condition, competence, and responsibility. And the applicant has relevant financial and business experience, good character, and general fitness. So, after completing its investigation, the DFPI will either, one, approve, two, conditionally approve, or three, deny the application. After the DFPI notifies an applicant of his decision, the applicant must accept the conditions specified in the decision notice within 31 days of receipt. Failure to do so will result in withdrawal of the applicant’s application.
Ethan Ostroff:
Gotcha. So then, this also distinguishes covered persons and persons, right? So, covered persons refers to entities that are required to obtain a DFAL license, and persons generally refer to individuals or legal entities. Which persons are exempt from licensure, because they're not covered persons?
Addison Morgan:
Very good question. So, the law exempts several traditional finance activities from licensure. So, the way it's structured, it doesn't necessarily carve out explicit exemptions for specified entities. But what it does do is it carves out exempted activities, which certain entities may customarily engage in. So, for example, the law exempts FDIC-insured banks, federally chartered, or state-chartered credit unions, persons solely providing processing clearing or settlement services within a payment systems, and then dealers and foreign exchange as defined by applicable federal regulations, to name a few.
What’s interesting about the exemption section is that it also contains more nuance or exempts more nuanced activity from licensure. So, for example, the law asserts that a person that contributes only connectivity software or computing power to securing a network that records digital financial asset transactions, or to a protocol governing transfer of digital representation of value, is not required to obtain a DFAL license.
That previous summary, in my view, it seems to reference the activity of mining. In a proof of work system, or validating in a proof of stake blockchain system, where this particular exemption is speaking to individuals or entities that assist in securing the network and adding transactions to an existing blockchain network on a shared ledger. So, that was cool to see that there seem to be carving out a direct exemption for miners who oftentimes are overlooked, and the grand scheme of things, we're referring to DLT-based systems and digital assets.
Ethan Ostroff:
Interesting. So, validators operating on the network, for purposes of staking aren't encompassed by this law and don't require licensure, if all they're doing is providing the validation services. Is that right?
Addison Morgan:
Yes. I mean, the law doesn't specifically say that. It's kind of like my analysis of that particular exemption. But that's what it seems to be saying. If you contribute connectivity software, or computing power, so I'm thinking of nodes, Bitcoin network, where my node that contains the historic ledger of Bitcoin transactions, I'm contributing to securing that network and validating transactions that are continuously being added to the network. I think that activity will be encompassed there. But it doesn't explicitly state that.
Ethan Ostroff:
And you think that activity would or would not be encompassed and require licensure?
Addison Morgan:
I think it would be encompassed within that exemption. Although, the exemption doesn't directly state that. It’s just kind of my viewpoint.
Ethan Ostroff:
Understood. What about if you've already got some type of license from a regulator that governs digital assets? Do I still have to go get a new license from the DFPI?
Addison Morgan:
So, you don't have to go get a new license from it. Well, you will still have to obtain a license from the DFPI in the grand scheme of things. But what will happen if you do have a license from a regulator that the DFPI acknowledges that they will grant you a conditional license, which enables you to engage in digital financial asset business activity while your application with the DFPI is pending.
Ethan Ostroff:
So, if I've got a BitLicense, I've got an avenue to begin operating while my application is being considered by the DFPI, for example?
Addison Morgan:
Exactly. Exactly. So, right now, to your point, BitLicense is the only license that the FBI is recognizing, at this moment. I'm not sure if – let's say, for example, other state store begin to finalize regulatory regimes for digital assets. I'm not sure if the DFPI will amend the DFAL to include those licenses as well. But at the moment, only the BitLicense from the New York Department of Financial Services will grant you a conditional license from the DFPI.
So, if the applicant obtains a conditional license from the DFPI, but his application is not approved, the DFPI will revoke the applicant’s conditional license and the applicant will not be permitted to engage in digital asset financial business activity in California, notwithstanding the applicants active BitLicense from the New York Department of Financial Services. Likewise, if the NY DFS revokes the applicant’s BitLicense, while the applicant’s application is pending with the DFPI, the DFPI will again, revoke the applicant’s conditional license.
Ethan Ostroff:
So, I thought we can now move on and talk a little bit about DFPI’s supervisory powers under the DFAL. So, can you talk a little bit about for example when can the DFPI examine a licensee’s business and their records?
Addison Morgan:
So, to answer your question, the DFPI can review a licensee’s policies and procedures at any time without prior notice.
Ethan Ostroff:
Are there particular records that the licensee is required to have ready for examination if the DFPI comes knocking on the door?
Addison Morgan:
For sure. So, DFPI, under the law, the applicant or licensee is required to maintain for five years from the date of activity, certain records. The identity of the resident, the form of the transaction, the amount, date, and payment instructions given by the resident, the account number name, and United States Postal Service, and mailing address of the resident. We have a few more here that are notable. Any transaction in which the licensee exchange one form of digital asset for legal tender, or another form of digital financial asset with or on behalf of the resident, big statements and bank reconciliation records for the licensee, and the name, account number, and the United States Postal Service mailing service mailing address, of any bank the licensee uses in the conduct of its digital financial asset business activity.
I think one of the more noteworthy requirements under the record retention aspect of the DFAL is the licensee is required to maintain any disputes with any resident. So, just adding more aspects of consumer protection into the law.
Ethan Ostroff:
So then, we talked a little bit about supervisory powers. What about enforcement authority under DFAL? What kind of enforcement authority does the DFPI have under this new law?
Addison Morgan:
Under the new law, the DFPI can suspend or revoke an applicant's license. They can also issue a cease-and-desist letters, prohibiting the applicant or licensee from engaging in digital financial asset business activity with California residents. It can also have request injunctive relief from the court to prohibit a licensee from engaging in digital financial asset business activity. It can assess penalties. It can recover any surety bonds. It can also impose necessary appropriate conditions. So, this provision is more so of a discretionary enforcement tactic, but it's also there. And lastly, the DFPI can also seek restitution on behalf of residents that demonstrate economic injury.
Ethan Ostroff:
Right. So, there's a wide breadth of the different types of hammers that the DFPI can bring to bear, and the enforcement context under the DFAL. So, with respect to disclosures in the context of consumer protection, I mean, how does the DFAL go about imposing requirements on licensees to present disclosures to consumers?
Addison Morgan:
The DFAL actually prescribes a specific disclosure standard that somewhat resembles the Truth-In-Billing Act. So, it says that any disclosures made under this section shall be made separately from any other information provided by the covered person or licensee, in a clear and conspicuous manner, in a record the resident may keep.
Ethan Ostroff:
And to which categories of disclosures are licensees required to provide? Are there particular categories?
Addison Morgan:
Yes, there are particular categories. And so, the licensee must provide the consumer with certain insurance-related disclosures. So, whether the digital financial assets placed under the control of the licensee are covered by, for example, federal deposit insurance, or FDIC insurance, and National Credit Union Share Insurance, or civic insurance. So, the Securities Investor Protection Corporation.
Another noteworthy disclosure required by the DFPI is the irrevocability of a transfer or exchange in any exception to irrevocability. I think that disclosure provision is interesting, because, as you know, Ethan, when you're dealing with Blockchain-based transactions, they're very much so one-sided, in the case that if I send you a digital asset to your wallet, there's really no way I can reverse that transaction. Once it's sent, it’s sent.
So, I think, just from a consumer protection standpoint, the DFPI include that particular disclosure requirement, because for a lot of consumers, especially consumers who are now just now entering the digital asset space, I think that aspect of the technology is often overlooked. Then, you come to find out that there's really nothing you can do to reverse the transaction, in the case in which you send it to the incorrect wallet address. Instead of me sending it to Ethan, I send it to someone else, who's not Ethan, and now there's no way to get those funds back or that asset back.
Ethan Ostroff:
Great. So, with these disclosures, I mean, does it vary depending on the type of business model that a licensee is using as to what disclosures are required? Or is it one size fits all?
Addison Morgan:
No, it's not one size fits all. There are actually, another disclosure, or a list of disclosure requirements apply to covered exchanges. We didn't speak about that term earlier, but I'll probably define it now. So, a covered exchange means a covered person that exchanges or holds itself out as being able to exchange a digital asset for a resident.
In this instance, I think this term applies solely to the existing cryptocurrency or digital asset exchanges, who offer a digital asset marketplace in which you can, in exchange, for legal tender purchase a set of digital assets. So, for those companies, they are required to, prior to listing, a new digital financial asset on their exchange. They actually have to seek certification from the DFPI.
So, that sort of certification involves identifying the likelihood that a digital financial asset would be deemed a security by a federal or California regulator. These entities also must provide in writing full and fair disclosure of all material facts relating to conflicts of interest, that are associated with the cover exchange and the digital financial asset. They must also conduct comprehensive risk assessments to ensure consumers are adequately protected from cybersecurity risks. They must also establish policies and procedures to reevaluate the appropriateness of the continued listing of digital financial assets after it is approved by the DFPI.
And lastly, there's a nice caveat. But if the digital financial asset that the cover exchange is trying to list on this platform has already been approved by the New York Department of Financial Services, that particular entity does not also have to seek approval from the DFPI. So, there's just goes that New York connection. We were talking about the traditional licenses earlier. And so, there's just goes that New York connection again, with the NY DFS.
Ethan Ostroff:
Sure. So, just bringing us towards the end here, just wanted to spend a couple minutes talking about stablecoins. If I recall correctly, I think it's chapter six of the DFAL that deals with stablecoins and defines it too. What's your sense of how this definition matches up with its common usage and definition in other places?
Addison Morgan:
Sure. So, just to give our listeners the full complete definition. DFAL defines a stablecoin as a digital financial asset that is pegged to the United States dollar or another national currency and it is marketed in a manner that intends to establish a reasonable expectation or belief among the general public, that the instrument will retain a nominal value that is so stable as to render the nominal value effectively fixed.
So, the point Ethan was referring to earlier is that small caveat in there where it states, the stablecoin is marketed in a manner that intends to establish a reasonable expectation of belief among the general public, that the instrument will effectively remained fixed to whichever form of legal tender it’s being compared to. For example, if there's a digital financial asset that its issuers are stating, it will remain always to be a single dollar, then that's the stablecoin, or at least under DFAL, it is.
To answer your question, it's interesting, because I think that these technologies Act where there's two sides to the equation. There's the consumers subjective belief that what this particular issuer of the stablecoin is telling me is completely true. In the case of an algorithmic stablecoin, like Terra LUNA, all the representations there, for UST were that algorithmic stablecoins are great. They will remain pegged to the US dollar. But then, we saw what happened. That platform lost essentially all of its value, so did holders of that particular token. But it was marketed as it would remain, it's pegged to the dollar. But that didn't happen.
So, I think that there will be some conflict there, with respect to the underlying technology, and how it functions, and how people believe it should function in reality, and then the actual outcomes. Well, let's say we do have another Terra situation, if the consumer can prove that it was reasonable to believe these issuers that stablecoins are just as good as reserved back stablecoins, then the customer may very well have a claim. But I think that the courts will develop a standard, especially in California, for what reasonableness constitutes under this particular definition.
Ethan Ostroff:
So, if a company gets a DFAL license, can they exchange, transfer, restore any stablecoin in existence today?
Addison Morgan:
No, they cannot. So, they can only, just like cover exchanges, can only list digital financial assets that are approved by the DFPI. That same principle applies also to stablecoins. So, before a digital financial asset, or stablecoin, can be used by a cover person, the issue of this particular stablecoin must be an applicant, and must be licensed too by the DFPI, and also, the issue of the stablecoin at all times must own eligible securities in the form of high-quality liquid investments, having an aggregate market value computed in accordance with United States GAAP principles, where not less than the aggregate amount of all of its outstanding stablecoins issue or so.
So, there has to be a one-to-one ratio to whatever reserves you are utilizing to back your stablecoin under this definition. So, two things must be true. The stablecoin issuer must be an applicant or must be a bank or another exempted entity. So, a bank, a Trust Company license, or a national association, authorized under federal law to engage in trust-making business. And the issue of the stablecoin must back that stablecoin at a one-to-one ratio.
Ethan Ostroff:
Okay. What action will the DFPI take when it approves a stablecoin?
Addison Morgan:
So, when the DFPI approves a stablecoin, it'll actually list that stablecoin on his website for all to see. So, consumers can easily access the DFPIs website to see a list of – or I'm assuming this is how it's going to play out. But to see a list of stablecoins that have been approved by the DFPI.
Ethan Ostroff:
So, there'll be like a repository of DFPI-approved stablecoins?
Addison Morgan:
Yes, yes. Presumably so. It doesn't state that, but given the fact that the law says they will be on the website, I'm assuming that's how there'll be compartmentalized.
Ethan Ostroff:
Right. Then, of course, the DFPI could in the future, subsequently revoke a licensee’s approval to exchange transfer or store particular stablecoin?
Addison Morgan:
Exactly. Yes.
Ethan Ostroff:
Or say a particular stablecoins no longer approved and removed from the repository of approved stablecoins, right?
Addison Morgan:
Exactly. Exactly. It's not like a permanent approval.
Ethan Ostroff:
So, a moving target that has to be checked periodically, right?
Addison Morgan:
Mm-hmm.
Ethan Ostroff:
So then, I think the last part of the law talks about policies and procedures a licensee must devise before applying for a license with the DFPI. Just as the final takeaway for our listeners here, what are some of the main policies and procedures that a company has to have in place as required by DFAL? And does that include consumer protection specific policies and procedures?
Addison Morgan:
For sure. So, to answer the first portion of your question, the policies and procedures that DFAL require, the main ones are an information security program, and an operational security program, a business continuity program, a disaster recovery program, an anti-fraud program, a program to prevent money laundering, like we discussed earlier, and a program to also prevent the funding of terrorist activity.
To answer the second portion of your question, or before I get there, there's also a second subset of positive procedures that the licensees must have under this new law. So, you also just have to have general fraud detection policies and procedures. These should be geared towards pinpointing market manipulation and trading. It should also kind of coincide with suspicious activity reporting under the Bank Secrecy Act, and just kind of generally safeguarding non-public personal information of consumers.
Ethan Ostroff:
Is there anything additional that's specifically consumer protection related?
Addison Morgan:
Yes, yes, yes. So, to answer your last portion of your question, the consumer-related protection policies that are included in DFAL are procedures for resolving disputes between the licensee and consumers or residents, a procedure for the resident to report on authorized transactions that occur on the covered person’s platform. Another noteworthy procedure or policy required by the DFAL file is a procedure for the resident to file a complaint with the licensee and for the resolution of the complaint in a fair and timely manner, with notice to the resident as soon as reasonably practicable.
Ethan Ostroff:
All right. Hey, Addison, thank you so much for joining today. I think this was super helpful and in-depth and insightful and really appreciate our audience for listening to today's episode of our podcast. Don't forget to visit our blog, consumerfinancialserviceslawmonitor.com and troutmanpepperfinancialservices.com. Subscribe so you can get the latest updates from them. And please make sure you subscribe to this podcast via Apple Podcast, Google Play, Stitcher, or whatever platform you use. We look forward to talking to you next time.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.