On October 30, the California DFPI announced a consent order with a digital asset kiosk operator, resolving findings that the company violated several provisions of the Digital Financial Assets Law (DFAL). The order alleged the operator: (i) exceeded the $1,000 daily transaction limit per customer in violation of § 3902; (ii) collected fees and spreads above the statutory maximum in violation of § 3904; (iii) failed to provide required pre-transaction disclosures in violation of § 3905(a); and (iv) did not include the operator’s name or the name of the digital asset exchange used to determine the spread on receipts in violation of § 3905(b)(3), (8).

Under the consent order, the operator must pay a $675,000 penalty, including up to $105,000 in restitution to California consumers who were charged excessive fees. The order also required the company to update its policies and procedures to ensure compliance with transaction limits, fee caps, disclosure, and receipt requirements under the DFAL. The operator must also submit regular compliance reports to the DFPI every 60 days for up to one year, unless the operator ceases crypto kiosk operations in the state, in which case the reporting requirement would conclude.

In its announcement of the action, the DFPI referenced a broader effort to “crack down” on crypto kiosk operators, citing three recent enforcement actions taken against such operators in recent months. The DFPI entered into a $350,000 consent order with a crypto kiosk operator in June (covered by InfoBytes here); issued a desist and refrain order that sought penalties of up to $60.8 million (covered here); and, most recently, issued a desist and refrain order against an operator in October that sought penalties of up to $497,267,500 (covered here).