AB 2269 vetoed. Here’s how California moves forward with sensible, effective cryptocurrency regulation.
On Friday, Governor Gavin Newsom vetoed California Assembly Bill 2269 (AB 2269). The bill would have effectively required ANY individuals or entities engaged in exchanging, transferring, storing, or other activities to obtain a license from the California Department of Financial Protection and Innovation (DFPI), and adhere to a host of prescriptive criteria, limitations, and prohibitions.
In the Governor’s letter to the State Assembly giving reason as to why he has rejected the bill he said, “It is premature to lock a licensing structure in statute without considering both this work (his new Executive Order N-9-22) and forthcoming federal actions. A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm. Additionally, standing up a new regulatory program is a costly undertaking, and this bill would require a loan from the general fund in the tens of millions of dollars for the first several years. Such a significant commitment of general fund resources should be considered and accounted for in the annual budget process.”
This is good news for innovation and consumers. Here’s why…
In May 2022, Governor Newsom issued an executive order (EO) on cryptocurrency designed to “spur responsible web3 innovation, grow jobs, and protect consumers.” When the EO was first published, we at BitAML recognized this as a big step toward an ambitious regulatory vision that balanced innovation with consumer protection and a myriad of other priorities aimed at the greater good (e.g., job creation, research, and diversity/inclusion, etc.). The Governor’s EO envisioned fostering an environment that was both pro-innovation and pro-consumer; as opposed to other states that focused more on pro-business marketing and gimmickry.
In the background, AB2269 was quietly making its way through the California State Assembly. Although introduced and later referred to the Banking and Finance Committee in March 2022, many viewed the bill as a longshot to make its way through the various committees and receive a floor vote, much less pass. On August 30, 2022, the bill did just that; passing with a 71-0 vote, before being subsequently delivered to the Governor’s desk on September 12, 2022.
So, what exactly was in the bill and why was the crypto industry (and the Governor) so alarmed?
First and foremost, it was a one-sized fits all framework that would have effectively required any crypto money transmitter to obtain a permission-based license with DFPI. While it is true that almost all states now regulate crypto exchangers, most recognize that not all can or ought to require a license. Generally, such a nuanced risk-based approach will mandate licensure for custodial exchangers (i.e., those that hold or have access to customer funds on the promise to make them available at a later time), while granting exemptions to non-custodial exchangers (i.e., those that do not hold or have access to funds, or merely facilitate a direct wallet-to-wallet exchange). The distinction in risk profile couldn’t be starker and, thanks to some troubling recent headlines, more obvious.
Non-custodial business models in crypto are certainly not without their fair share of risks to be sure. But is it really fair to say our only choice in regulating crypto is a license requirement or nothing? We think there is a better way forward.
In our opinion…
Custodial business models should be required to obtain a license from the DFPI, while non-custodial business models should be required to register with the DFPI.
At present, the states that grant exemptions for non-custodial business models (sometimes referred to as “no action” states) simply convey their determination via regulatory agency website, guidance, or respond to so-called “no action letters” via email. While these various state regulatory agencies are often quite responsive and readily accessible, we think they’re missing an opportunity in that they don’t have a complete and accurate accounting of the crypto exchangers in their jurisdiction. Those that qualify for exemption may not reach out to the state regulator, and the agency may not be accurately and completely cataloging all of the inbound inquiries requesting confirmation of exempt status. The DFPI and California would be wise to consider implementing a registration system for non-custodial business models. Unlike a permission-based license, the registration would be much more of a declaration form, not all that different from FinCEN registration at the federal-level. With a more complete accounting of these non-custodial businesses, the DFPI could then cross-reference this registry with consumer complaints on file and other information to take appropriate action, whether in the form of an informational request letter or conducting a full examination.
Operationally, we think that this approach is much more prudent and realistic for the DFPI. AB 2269 would have in essence have set up the DFPI to fail. Forcing virtually all crypto money transmitters operating in California and/or offering services to customers in California to apply for a license would have created a line a mile long with thousands of individuals and entities based on the number of current participants in the marketplace.
The New York Department of Financial Services (NYDFS) “BitLicense,” a one-sized fits all crypto licensing framework presents a cautionary tale. Since rolling out the BitLicense in 2015, NYDFS has only issued 31 licenses, which means an average of less than five licenses are issued each year. That doesn’t mean there’s a shortage of applicants. In fact, many crypto companies have had an application pending with NYDFS for more than two or three years.
So, what would a one-sized fits all approach like AB 2269 mean for California?
Unlike New York, which is the fourth largest state, California has a much larger population, is a global hub of technology and innovation, and is often the first state within which crypto currency exchangers operate or onboard customers due to the current absence of any license requirement. Add to this, consider how many more cryptocurrency exchangers have been launched since 2015 and the rate of new entrants every day. All this to say, the stack of applications for a cryptocurrency money transmitter license in California would likely be exponentially higher than anything we’ve seen in New York if the state had adopted CA AB 2269, or pursues a similar one-sized fits all approach in the future.
What’s more, those granted the BitLicense, and the many more patiently remaining in line, have by many accounts spent hundreds of thousands of dollars on legal, compliance, consulting, and other costs. So much for diversity, equity, and inclusion, which, by the way, is referenced in the seven priorities set forth by Governor Newsom in his Executive Order.
Separately, AB 2269 contained several limitations and prohibitions directed to specific aspects of the cryptocurrency industry. Perhaps most notably, the bill would have required kiosk operators to implement a $1,000 per person, per day transaction limit. (The bill reads, “…electronic information processing device which accepts or dispenses cash when engaging in digital financial asset business activity…,” but let’s face it, this is directly aimed at kiosk operators.) This cap was likely a kneejerk legislative response to complaints from consumers who were scammed and ultimately paid the fraudsters via cryptocurrency purchased at a kiosk. It’s important to remember that kiosks offer customers a convenient method for purchasing cryptocurrency with transactions often completed in less than 30 seconds. Sadly, the bad guys enjoy the same benefits as the good guys.
More practically, a $1,000 per person, per day limit would have unleashed a plethora of unintended consequences. First, as a matter of compliance best practice, many if not most kiosk operators, utilizing a tier-based Know Your Customer policy (KYC), begin collecting and verifying customer identification at or around $1,000. As such, under AB 2269, operators would likely have retained far less customer information that would ultimately be useful to law enforcement. Second, customers wishing to purchase more than $1,000 would simply engage in transactions with multiple different kiosk operators, which is much more difficult to track, form an understanding of the customer and their financial dealings, and ultimately decipher whether or not the behavior is suspicious and/or unusual. Third, cryptocurrency kiosk operators, now making far less money on transaction fees as a result of the cap, may decide to throw in the towel and close down their business, particularly smaller operators of more modest means.
Finally, several kiosk operators have begun offering exchange activities via a tablet or similar device in collaboration with third-party retail store owners. Unlike the kiosks, which are automated, the retail merchant partner accepts the cash from the customer and processes the purchase of the crypto. While operationally similar to a kiosk, at first glance it may not meet the definition of an “…electronic information processing device which accepts or dispenses cash when engaging in digital financial asset business activity…”
In short, we were concerned that such a directed effort to target kiosk operators, or any other specific product or service offering for that matter, may simply result in them identifying operational or fact pattern loopholes.
The one-sized fits all regulatory framework of California AB 2269 was a disaster waiting to happen. It would have neither protected consumers nor promoted innovation within the cryptocurrency industry, which is the key nexus of Governor Newsom’s Executive Order, and as he rightfully pointe
d out, what California values. While state regulation of cryptocurrency money transmitters in California is necessary to protect consumers and ensure the state leads the way on innovation, a heavy-handed approach will deliver neither. Regulation must be risk-based, taking into account the unique risks posed to Californians, prescribing a realistic approach to mitigating these risks, and not tying the hands of regulators with unrealistic demands. Recognizing this, Governor Newsom wisely vetoed AB 2269. Working alongside members of the crypto industry, policymakers, and consumer advocates, we are excited to start the conversation anew about how best to truly balance consumer protection and innovation in cryptocurrency here in California. In our opinion, we believe the state ought to adopt a two-prong, risk-based approach to regulating cryptocurrency exchangers that would mandate (1) permission-based licensure for custodial business models, and (2) a declaratory registration system for non-custodial business models.