April 6, 2026

California’s New DFAL License: What Digital Asset Firms Need to Know — And How Ankura Can Help

Austin Briggs, Sherry Tomac, Jesus Torres Ankura + Follow Contact LinkedIn Facebook X Send Embed

California is set to implement one of the country’s most far‑reaching regulatory frameworks for digital asset businesses. Under the Digital Financial Asset Law (DFAL), any company conducting digital financial asset activities with California residents must obtain a license from the Department of Financial Protection and Innovation (DFPI) by July 1, 2026.

This requirement applies to exchanges, custodians, wallet providers, digital asset issuers, and crypto kiosk operators, unless a statutory exemption applies. Firms that wish to continue serving California residents will need to submit a comprehensive DFAL license application — supported by robust compliance, cybersecurity, and financial documentation.

Understanding the DFAL Requirements

DFAL introduces a wide range of obligations for applicants, including:

1. Detailed Organizational and Financial Disclosures

The application requires audited or unconsolidated financial statements, flow‑of‑funds documentation, management and ownership information, background checks, and a minimum $500,000 surety bond.

2. Comprehensive AML/BSA and Fraud Controls

Applicants must maintain data-driven anti-money laundering (AML) programs, know your customer (KYC) procedures, sanctions screening, suspicious activity reporting, and anti‑fraud frameworks, including independent testing.

3. Cybersecurity and Operational Security Aligned to NIST CSF 2.0

DFPI will evaluate an applicant’s cybersecurity maturity across governance, identity management, data protection, detection, response, and recovery — requiring documented evidence and clearly defined processes.

4. Token Listing Certification Requirements

Covered exchanges must certify that they have assessed securities risk, evaluated conflicts, conducted cybersecurity and market‑risk reviews, and established listing and delisting procedures — backed by the possibility of significant daily penalties for noncompliance.

5. Customer Disclosures and User Protections

Licensees must provide clear, standardized disclosures on fees, service outages, liability, insurance status, and rights under California law, and issue detailed receipts for each transaction.

How Ankura Can Help

Preparing a complete and compliant DFAL application will require cross‑functional alignment across compliance, information security, product, and finance teams. Ankura is uniquely positioned to assist organizations navigate this regulatory shift.

Our team can support clients with:

1. DFAL Application Preparation and Project Management

We help assemble and structure all required filings, documentation, attestations, and evidence — reducing burden on internal resources.

2. AML/BSA Program Development and Enhancement

We design and enhance AML/KYC programs that meet DFAL expectations, including risk assessments, policies, procedures, and independent testing.

3. Business Plan, Flow-of-Funds, and Control Framework Documentation

We translate your operational model into DFPI‑ready documentation, ensuring clarity, completeness, and alignment with regulatory expectations.

4. Token Listing Certification Frameworks

We help exchanges design defensible processes for risk assessments, governance, disclosures, and ongoing asset monitoring.

5. Ongoing Compliance Program Support

DFAL is not a one‑time event — it introduces ongoing obligations. We help clients stand up sustainable, auditable processes for long‑term compliance.

Getting Ready for July 2026

The DFAL represents a major evolution in digital asset regulation. It introduces significant new expectations around governance, consumer protection, financial stability, cybersecurity, and risk management. Companies operating in California should begin preparing immediately to avoid business disruptions.

Send Print Report

Related Posts

• The GENIUS Act: A New Era for Digital Assets
• Valuation Of Digital Asset Businesses: A Call for Rigor in A Transformative Industry
• Are NFTs valuable digital assets or near-worthless illusions?

Latest Posts

• California’s New DFAL License: What Digital Asset Firms Need to Know — And How Ankura Can Help
• Does Private Credit Really Have an AI Problem? See more »

©
Ankura

Written by:

Ankura Contact + Follow Austin Briggs + Follow Sherry Tomac + Follow Jesus Torres + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Anti-Money Laundering + Follow California + Follow Compliance + Follow Cryptocurrency + Follow Cybersecurity + Follow Department of Financial Protection and Innovation (DFPI) + Follow Digital Assets + Follow New Legislation + Follow Regulatory Requirements + Follow State and Local Government + Follow Administrative Agency + Follow Finance & Banking + Follow Securities + Follow more less

Ankura on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide