knowledgeCryptocurrency
Is Crypto Legal in California? Regulations & Compliance in 2025

Is Crypto Legal in California : Regulations & Compliance for Cross-Border Payments

Lightspark Team
Sep 12, 2025
6
 min read

Quick Answer

Yes, cryptocurrency is legal and regulated in California.

  • The Digital Financial Assets Law requires crypto businesses to be licensed by July 2025.
  • The DFPI regulates firms, requiring licenses and anti-money laundering compliance.

Legal Status of Crypto in California

Cryptocurrency is legal in California, though it is actively transitioning from a regulatory gray area to a clearly defined legal framework. This shift is primarily driven by the Digital Financial Assets Law (DFAL), which establishes a comprehensive licensing and compliance system for crypto businesses. The Department of Financial Protection and Innovation (DFPI) is the main regulatory body tasked with enforcing this law. Under its authority, firms must obtain licenses and adhere to critical compliance requirements, such as anti-money laundering (AML) rules, to protect consumers and ensure market stability.

Current Regulations

California's regulatory landscape for cryptocurrency is primarily shaped by the Digital Financial Assets Law (DFAL), which was signed into law in October 2023. While the law will not take full effect until July 1, 2025, it establishes the state's first comprehensive licensing and compliance framework for businesses handling digital assets. The Department of Financial Protection and Innovation (DFPI) is the primary regulator responsible for enforcing the DFAL, which mandates that crypto firms obtain a license, maintain sufficient capital, and implement robust consumer protections. This new regime marks a significant shift from a previously unlicensed environment to a structured and supervised market.

Regulatory Authorities

Several state and federal bodies are responsible for the oversight and enforcement of cryptocurrency regulations in California.

  • Department of Financial Protection and Innovation (DFPI): The DFPI is California's primary regulator, responsible for licensing crypto businesses and enforcing the Digital Financial Assets Law. It also focuses on consumer protection by monitoring the market for fraud, reviewing complaints, and providing public resources like the Crypto Scam Tracker.
  • Financial Crimes Enforcement Network (FinCEN): As a bureau of the U.S. Treasury, FinCEN administers the Bank Secrecy Act to combat money laundering and the financing of terrorism. Crypto businesses in California must comply with its AML/CFT regulations, which include reporting suspicious activities and are enforced by state partners like the DFPI in multistate actions.
  • Securities and Exchange Commission (SEC): The SEC oversees digital assets that are classified as securities, enforcing federal securities laws across the country, including in California. Crypto businesses registered as securities broker-dealers under the SEC are exempt from the state's DFAL, as they fall under federal jurisdiction.
  • Commodity Futures Trading Commission (CFTC): The CFTC regulates digital assets that are considered commodities, such as Bitcoin, at the federal level. Its oversight applies to derivatives markets involving these assets, and entities registered under the federal Commodity Exchange Act are also exempt from California's state licensing requirements.

Historical Context

California’s crypto landscape evolved from a largely unregulated environment to a structured one. Before 2023, companies enjoyed relative freedom without specific licensing. A key policy shift began with a 2022 executive order expanding the DFPI's oversight role. This culminated in the October 2023 enactment of the Digital Financial Assets Law (DFAL), a comprehensive licensing regime. The law’s full implementation on July 1, 2025, will require all crypto businesses to be licensed, significantly impacting operations. More recent legislative efforts, such as a bill to manage dormant crypto assets, show the state’s continued refinement of its regulatory framework.

Compliance Requirements for Businesses in California

Businesses handling digital assets in California must adhere to a stringent set of compliance rules rooted in the federal Bank Secrecy Act (BSA). These regulations are designed to combat money laundering and the financing of terrorism (AML/CFT). Key requirements outlined in government guidance include:

  • Anti-Money Laundering (AML) Program: Firms must implement a risk-based AML program to prevent their services from being used for illegal activities. This includes ongoing monitoring for suspicious transactions and applying stricter controls for high-risk accounts.
  • Know Your Customer (KYC): This is a critical component of due diligence. It involves a Customer Identification Program (CIP) to verify a customer's identity by collecting information like their name, address, and date of birth. It also includes Customer Due Diligence (CDD), which requires understanding the nature of the customer relationship and monitoring for unusual activity.
  • Suspicious Activity Reporting (SAR): If a business detects a known or suspected criminal violation or a transaction related to money laundering, it is required to file a Suspicious Activity Report (SAR) with FinCEN.
  • Recordkeeping and Audits: Companies must maintain detailed records as required by the BSA. Following compliance failures, regulators may mandate corrective actions, such as hiring an independent third party to verify fixes and submitting regular reports, as seen in a recent multistate enforcement action.
  • Third-Party Risk Management: Businesses are also responsible for managing the risks associated with third-party relationships, ensuring their partners and vendors also comply with relevant regulations.

Why this matters for Cross-Border Payments

For businesses handling cross-border payments with India, California's stringent regulations introduce a new layer of complexity. Companies must now navigate the dual compliance demands of both the Digital Financial Assets Law and India's own rigorous financial oversight, including its foreign exchange management rules. This can create significant operational friction, leading to potential delays in transaction processing and increased costs to ensure adherence to Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols on both sides of the corridor. Ultimately, the need to harmonize these distinct regulatory frameworks presents a major hurdle for firms aiming to facilitate seamless and efficient international payments.

How Lightspark Enables Compliant Crypto-Native Payments

Lightspark provides a global payments infrastructure built on Bitcoin to streamline cross-border transactions. Its offerings, Lightspark Connect and Grid Switch, address the operational friction of dual regulatory environments. Connect allows businesses to access the Bitcoin Lightning Network directly, using AI-powered routing to optimize for speed and cost. Grid Switch bridges traditional finance with crypto by connecting domestic real-time payment systems to the Lightning Network, enabling instant fiat-to-fiat transfers and reducing delays associated with harmonizing different financial systems.

To help businesses meet compliance obligations under frameworks like the DFAL, Lightspark provides compliant-ready solutions. The platform offers features like audit-ready reporting, flexible custody options, and built-in tools for OFAC screening and travel rule adherence. These features equip regulated institutions with the necessary infrastructure to manage their own KYC/AML requirements more efficiently, allowing them to leverage crypto-native speed while maintaining regulatory controls.

To learn more about Lightspark's global payment solutions, visit their website.

Notice: This article is provided for informational purposes only and does not constitute legal advice.

Sources

  • "Anti-Money Laundering / Countering The Financing Of Terrorism (AML/CFT)." Federal Deposit Insurance Corporation, 11 Aug. 2025, www.fdic.gov/banker-resource-center/anti-money-laundering-countering-financing-terrorism-amlcft.
  • "California Joins $4.2 Million Multistate Enforcement Action Against Wise US, Inc. for BSA/AML Violations." California Department of Financial Protection and Innovation, 9 July 2025, dfpi.ca.gov/press_release/california-joins-4-2-million-multistate-enforcement-action-against-wise-us-inc-for-bsa-aml-violations/.
  • Cernescu, Dragos. "California bill targets dormant crypto assets on exchanges." The Paypers, 6 June 2025, thepaypers.com/fintech/news/california-bill-targets-dormant-crypto-assets-on-exchanges.
  • "Crypto." California Department of Financial Protection and Innovation, dfpi.ca.gov/consumers/crypto/.
  • De Bernier, Paul C., et al. "California Passes Expansive “Crypto” (Digital Financial Asset) Licensing and Compliance Law." Mayer Brown, 26 Oct. 2023, www.mayerbrown.com/en/insights/publications/2023/10/california-passes-expansive-crypto-digital-financial-asset-licensing-and-compliance-law.
  • McLaughlin, Jeremy M., et al. "California Enacts Landmark Crypto Licensing Law." K&L Gates, 17 Oct. 2023, www.klgates.com/hub/california-enacts-landmark-crypto-licensing-law.
Build the Future of Payments on Bitcoin

Lightspark helps digital banks, wallets, and developers deliver fast, borderless money movement — with Bitcoin as the settlement layer.

Book a Demo

FAQs

What regulations apply to cryptocurrency businesses in California?

In California, cryptocurrency businesses are primarily regulated under the Digital Financial Assets Law (DFAL), which requires them to obtain a license from the Department of Financial Protection and Innovation (DFPI) by July 1, 2025. These businesses must also comply with federal anti-money laundering (AML) regulations, such as the Bank Secrecy Act, and adhere to consumer protection and record-keeping requirements.

Are there any specific licenses required for operating a crypto exchange in California?

Yes, under California’s Digital Financial Assets Law (DFAL), any business conducting digital financial asset activity with or for a California resident must secure a license from the Department of Financial Protection and Innovation (DFPI). This comprehensive licensing and compliance framework, which includes specific rules for stablecoin issuers and consumer disclosures, will take effect on July 1, 2025.

How does California's approach to cryptocurrency differ from other states?

California's approach, established by the Digital Financial Assets Law (DFAL), positions it alongside New York with one of the most significant state-specific laws in the country. The law is notable for offering conditional licensure to businesses already approved under New York's BitLicense regime and for granting regulators broad enforcement authority.

More Articles

Is Crypto Legal in Taiwan? Regulations & Compliance in 2025

Cryptocurrency
Sep 12, 2025
Lightspark Team
Lightspark Team

Is Crypto Legal in Panama? Regulations & Compliance in 2025

Cryptocurrency
Sep 12, 2025
Lightspark Team
Lightspark Team

Is Crypto Legal in Maldives? Regulations & Compliance in 2025

Cryptocurrency
Sep 12, 2025
Lightspark Team
Lightspark Team
Show all Articles
© 2022 - Lightspark Group, Inc.