California crypto license requirements in 2026

California’s Digital Financial Assets Law (DFAL) is the state’s comprehensive framework for many businesses engaging in digital financial asset activity with or on behalf of California residents. Public materials reference a July 1, 2026 licensure milestone for firms that must be licensed and are not exempt — making 2026 the year application readiness becomes operational, not theoretical.

DFPI publishes orientation on its Digital Financial Assets hub; always verify current dates, rulemaking, and forms before filing.

Firms that engage in covered digital financial asset business activity for California residents — including many exchange, custody, transmission, stablecoin, and kiosk models — generally need a licensing path unless a fact-specific exemption applies.

Exemptions are narrow operational conclusions, not marketing labels. Document your analysis with counsel and refresh it when products change.

NMLS company and control-person workflows (often described as MU1/MU2-style bundles).

Financial condition, bonding, and governance narratives with responsible individuals identified.

AML/BSA, cybersecurity, consumer protection, and activity-specific programs (stablecoin reserves, kiosk disclosures, etc.) where applicable.

Evidence vault discipline: policies, testing, incident logs, and board materials that prove ongoing control — not last-minute PDFs.

California licensing does not replace federal MSB registration, AML programs, sanctions compliance, or Travel Rule expectations for many models. Map federal and state obligations on one timeline.

Confirm California nexus and exemption posture with counsel.

Stand up statutory row tracking, owners, and vault naming before NMLS polish.

Run gap tests on AML, cyber, custody, and consumer modules tied to your activities.

Use CompliFi’s public DFAL checklist for browser-based readiness tracking while building toward the full workspace.