AB 236 prescribes what an applicant must submit to obtain a California license to conduct digital financial asset business with residents. The bill lists exhaustive disclosure and documentary requirements — from audited financials and sources of funds to fingerprints and insurance certificates — authorizes a nonrefundable application fee capped at $5,000, and lets the department charge for investigation costs.
The measure matters for any firm seeking to offer digital-asset custody, exchange, or other services to Californians: it raises the bar on pre-licensing due diligence, creates explicit cost recovery for regulators, and ties license effectiveness to a security requirement in the licensing regime. Compliance officers, in-house counsel, and founders should review the documentation and timing obligations closely before applying.
At a Glance
What It Does
Requires a standardized, document-heavy license application for digital financial asset businesses that includes identity and background disclosures, financial statements, proof of insurance, banking arrangements, and fingerprints; charges a nonrefundable application fee (department-set, up to $5,000) and permits recovery of investigation costs. The department must investigate fitness and may inspect business premises before approving, conditionally approving, or denying an application.
Who It Affects
Firms offering digital-asset services to California residents, their executives and responsible individuals (who must submit fingerprints and histories), banks that will hold customer deposits, and the state department that reviews and enforces licensing. Startups, out-of-state companies planning California operations, and compliance vendors will face the most immediate operational impact.
Why It Matters
The bill operationalizes how California vets digital-asset providers and creates predictable fee and documentation expectations. It shifts some investigative costs to applicants, formalizes security and capital evidence requirements, and gives regulators explicit inspection authority — all of which affect market entry economics and compliance workflows.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill creates a concrete checklist that applicants must complete before the department will consider a license. Applicants must submit core identity information, contact details, corporate formation documents, and detailed lists of prior licenses, disciplinary actions, criminal matters, litigation, bankruptcies, and related-party control.
The package includes operational materials — projected user base, marketing targets, bank relationships, and a plan for meeting obligations under the related insolvency chapter — and proof of insurance and capital adequacy.
Financial disclosure is significant: the bill asks for audited financial statements for the most recent fiscal year and preceding two years when available, plus current unconsolidated statements. If a controlling parent is publicly traded, its audited financials or SEC filings must be supplied.
The department can demand additional information by rule and treat the application as incomplete until those materials arrive.The department investigates completed applications against a set of fitness criteria: financial soundness, relevant experience, character and competence of executives and controlling persons, statutory compliance, and a reasonable prospect of success. Investigations can include premises inspections.
After the investigation, the department approves, conditionally approves, or denies the application; applicants have 31 days to accept conditions or request a hearing or the application is treated as withdrawn.On fees and timing, the bill requires a nonrefundable application fee (set by the department but capped at $5,000) and separately requires applicants to pay the department’s reasonable investigation costs. A license does not take effect until both the department issues it and the licensee provides the security mandated elsewhere in the code.
The bill also defines what constitutes a "completed application" for triggering the department’s review process.
The Five Things You Need to Know
The department may set the application fee but cannot exceed $5,000; the fee is nonrefundable.
Applicants must supply audited financial statements for the most recent fiscal year and, if available, the two prior years, plus current unconsolidated financials.
Every executive officer and responsible individual must submit fingerprints and, where available, 10-year employment and investigation histories.
The department may inspect business premises and charge applicants the reasonable costs of its investigation; those costs are separate from the nonrefundable application fee.
A license only becomes effective when the department issues it and the licensee provides the security required by the statute governing capitalization/security.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Application form and core disclosures
The bill requires applicants to use a department-prescribed form and to provide detailed identity and contact information for the firm, executives, responsible individuals, and controlling persons. It also requires prior-business descriptions, marketing targets, user estimates, and banking arrangements — information designed to let the regulator assess business model, scale, and where customer funds will be held.
Financial, disciplinary, and corporate documentation
Applicants must list other financial licenses, disciplinary matters, criminal convictions, litigation and bankruptcy history, and produce audited and unconsolidated financial statements. If a controlling entity is publicly traded (domestic or foreign), the bill requires that entity’s audited statements or equivalent regulator filings. These provisions let the department analyze financial strength and management history at both applicant and parent levels.
Operational proofs, insurance, AML, and forecasts
The application must include insurance documentation (liability, business interruption, cybersecurity), evidence of FINCEN MSB registration when applicable, fingerprints, and plans to comply with the insolvency chapter of the code. Applicants must also report recent and projected counts of California residents served — data points the department can use to prioritize supervision and tailor conditions.
Fees, cost recovery, and completeness standard
The department may charge a nonrefundable application fee not to exceed $5,000 and may bill applicants for the reasonable costs of its background and business investigations. The statute defines a "completed application" as one that contains the fee, the listed materials, and any rule-based add-ons — the filing that triggers the department’s substantive review and potential premises inspection.
Investigation standards and conditional approvals
On receiving a completed application the department must evaluate the applicant’s financial condition, competence, character of key personnel, compliance with related chapters, and reasonable prospect of success. The department can inspect premises. If it imposes conditions, the applicant has 31 days to accept them or request a hearing; failing either, the application is deemed withdrawn — a tight deadline that pushes applicants toward quick procedural responses or loss of their filing.
When a license becomes effective
A license does not take effect simply on issuance; it becomes operative only when the department issues it and the licensee furnishes the statutorily required security. That ties licensing to capitalization or bonding requirements found elsewhere and prevents a gap between approval and financial protection for customers.
Confidentiality cross-reference
Information submitted under this section is covered by subdivision (a) of Government Code Section 7929.000, which affords confidentiality protections to certain financial-services filings. The provision signals that while the department collects sensitive data, that data is not automatically public — an important practical point for applicants concerned about proprietary disclosures.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- California residents who use licensed digital-asset services — they gain regulatory vetting of providers, mandatory insurance disclosures, and the requirement that licenses align with security/capital protections.
- The California regulatory department — receives explicit authority to recover investigation costs, inspect premises, and demand a wide range of documentation, improving its ability to assess risk before licensing.
- Compliant mid-size and large firms — benefit from clearer entry requirements and a level playing field, reducing uncertainty about what evidence the state expects during licensing.
Who Bears the Cost
- Startups and small entrants — face higher upfront costs for audited financials, fingerprinting, insurance proof, and potential investigation fees that can create a material barrier to market entry.
- Applicants’ executives and responsible individuals — bear personal burdens from fingerprinting and disclosure of criminal or disciplinary histories, including reputational exposure.
- Banks and custody partners named in applications — may become the focus of additional due diligence requests and reputational scrutiny when listed as deposit holders for customer funds.
Key Issues
The Core Tension
The central trade-off is between protecting consumers and deterring risky providers by collecting comprehensive pre-license information, and preserving market access and innovation by avoiding burdens that disproportionately hit small or early-stage entrants; the bill errs toward the former, leaving regulators to manage the latter through rulemaking and fee policies.
The bill piles documentation and disclosure requirements on applicants, which improves the regulator’s informational position but raises several implementation questions. First, audited financial statements and multi-year disclosures are costly and time-consuming; small firms often lack audited historicals, which could force reliance on unaudited statements or delay filings.
Second, many of the statutory fitness criteria — "sound financial condition," "reasonable promise of success," and "general fitness" — are inherently subjective. That subjectivity gives the department flexibility, but it also risks inconsistent application unless the department issues detailed guidance or rules.
Operationally, the combination of a capped application fee and recoverable investigation costs creates potential mismatch: a $5,000 cap on the base fee may understate the true upfront cost when investigation fees are added, and the statute does not define standards for what constitutes "reasonable" investigation costs. Confidentiality is addressed by cross-reference to the Government Code, but applicants will still worry about disclosure risk for commercially sensitive materials.
Finally, tying license effectiveness to security required elsewhere (Section 3207) strengthens consumer protections but sets up a dependency: an applicant could clear the department’s review yet still be unable to commence business if it cannot timely post the required security.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.