ARTICLE
4 February 2026

DFPI Imposes Up To $1 Million Penalty On Crypto Kiosk Operator For Alleged Digital Financial Assets Law Violation

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
On January 16, the DFPI entered into a consent order with a digital financial asset kiosk operator, based on DFPI's allegations that the operator violated the Digital Financial Assets Law (DFAL)...
United States California Technology
A.J. Dhaliwal,Mehul Madia, and Maxwell Earp-Thomas
Your Author LinkedIn Connections
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Cannabis & Hemp and Insolvency/Bankruptcy/Re-Structuring topic(s)

On January 16, the DFPI entered into a consent order with a digital financial asset kiosk operator, based on DFPI's allegations that the operator violated the Digital Financial Assets Law (DFAL), the California Consumer Financial Protection Law (CCFPL), and the Bank Secrecy Act (BSA). According to the consent order, the kiosk operator:

  • Processed transactions above the daily dollar cap. The kiosks accepted more than $1,000 from a customer in a single day, in violation of the DFAL and the CCFPL.
  • Charged fees above the permitted limits. Transactions included charges that exceeded the applicable fee cap, in violation of the DFAL and the CCFPL.
  • Completed transactions without required pre-transaction disclosures. Customers did not receive required written disclosures before certain transactions, including required fee and pricing information,
  • Printed receipts missing spread transparency information. Receipts omitted the spread amount and the exchange used to calculate the spread.
  • Maintained an AML program DFPI viewed as insufficient for kiosk risks. The operator did not maintain an effective anti-money laundering program with controls commensurate with its kiosk activity, including customer identification related controls, in violation of the Bank Secrecy Act.

Under the consent order, the operator agreed to stop engaging in digital financial asset business activity with California residents within 30 calendar days unless and until it obtains a license from DFPI. The order also imposes a $1,000,000 administrative penalty that becomes due and payable if the operator fails to comply with the consent order's requirements.

Putting It Into Practice: DFPI's crypto kiosk enforcement posture continues to emphasize transaction caps, fee limits, and transaction-level disclosures for cash-to-crypto activity (previously discussed here and here). Kiosk operators should validate California-specific controls for daily limit logic, fee and spread calculations, disclosure delivery at the point of sale, receipt fields, and escalation processes for suspected fraud, including scams affecting older adults.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of A.J. Dhaliwal
A.J. Dhaliwal
Photo of Mehul Madia
Mehul Madia
Photo of Maxwell Earp-Thomas
Maxwell Earp-Thomas
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More