On January 16, after identifying repeated violations of the Digital Financial Assets Law (DFAL) and the California Consumer Financial Protection Law (CCFPL), the California DFPI entered a consent order requiring a digital financial asset kiosk operator to cease and desist from conducting business with California residents within 30 calendar days.

The DFPI found that since January 1, 2024, and continuing into 2025, the operator violated the DFAL by: (i) accepting more than $1,000 in a single day from a single customer (§ 3902); (ii) charging excessive fees (§ 3904); (iii) failing to provide required pre-transaction disclosures (§ 3905(a)); and (iv) issuing receipts missing the required spread and exchange information (§§ 3905(b)(7) and (8)). The order further alleged the operator failed to implement an effective anti-money laundering program as required under the BSA/AML. The agency asserted these violations constituted unfair practices and nonconformity with consumer financial laws, as proscribed by sections 90003(a)(1) and 90003(a)(2) of the CCFPL, respectively.

The consent order imposed a $1 million penalty, due and payable if the operator does not comply, and required the operator to halt all digital financial asset business activity with California residents within 30 days unless properly licensed. The operator neither admitted nor denied the allegations contained in the consent order, but waived hearing rights and agreed to be bound by the terms of the order.