SB 97 (2025) builds the statutory vocabulary California will use to regulate digital financial assets. Section 3102 supplies detailed definitions — who counts as an applicant, licensee, covered person, resident, and responsible individual — and what activities fall within the new regime: exchanging, transferring, storing, or administering digital financial assets, plus holding or issuing electronic interests in precious metals.
The statute narrows and broadens at the same time: it defines "digital financial asset" as a non‑legal‑tender digital representation of value but explicitly excludes merchant rewards, most in‑game currencies, and instruments that are securities under federal or state law. Practical hooks — a 25% voting threshold for control, a 183‑day physical presence test for residency, and a redemption‑focused definition of "administration" — steer enforcement, compliance, and commercial design choices for issuers, exchanges, custodians, and banks operating in California.
At a Glance
What It Does
Section 3102 establishes the definitions that determine who must be licensed and which activities are regulated: it lays out what counts as a "digital financial asset," specifies regulated activities (exchange, transfer, store, administration), and defines key concepts such as control, resident, and responsible individual.
Who It Affects
The definitions target digital asset issuers and operators that exchange, custody, transfer, or promise redemption (including tokenized precious metals), as well as banks and credit unions that might participate; it also identifies the Department of Financial Protection and Innovation (DFPI) as the supervising agency.
Why It Matters
Precise statutory definitions will shape which business models fall inside California’s licensing regime, which get carve‑outs, and how enforcement treats decentralized protocols, algorithmic stablecoins, and tokenized commodities — the choice of words here will determine regulatory scope and compliance costs.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
SB 97 does most of its heavy lifting by naming things. The bill does not, in the text provided, set out licensing fees or prudential rules; instead it supplies the definitions regulators and courts will use to decide who needs a license and what behavior counts as regulated activity.
By defining "digital financial asset" as a digital representation of value used as a medium of exchange, unit of account, or store of value — and then excluding merchant reward points, certain in‑game currencies, and registered securities — the statute draws a working line between consumer/retail payment instruments and other tokenized items.
The bill treats activity and control as distinct compliance triggers. It defines "digital financial asset business activity" to include exchanging, transferring, storing, and "digital financial asset administration," the latter being issuance with authority to redeem for legal tender, bank/credit union credit, or another digital asset.
Control is both technical (the ability to execute or indefinitely prevent a transaction) and corporate (a 25% voting threshold or the practical ability to direct management), so custody providers, key‑holders, or any party that can block transactions may be caught even without equity ownership.SB 97 also sets operational thresholds that matter for implementation: a "resident" can be someone domiciled in California, physically present more than 183 days, or with a place of business in the state (with a narrow carve‑out for licensees and their affiliates). The bill includes electronic precious metals and electronic certificates representing interests in metals as covered activity, which imports commodity‑type products into the licensing regime.
It references federal frameworks (the SAFE Act) and clarifies terms like "insolvent," "legal tender," and how to express value (a "United States dollar equivalent" tied to a U.S.-based exchange), which will matter for reporting, valuation, and insolvency analysis.Taken together, these definitions give DFPI the language to regulate a broad set of digital‑asset players while exempting specific uses. What counts as a regulated token, what counts as custody or control, and which entities qualify as "residents" are all point decisions that will determine whether a business model needs a California license, must name responsible individuals, or must change product design to avoid being treated as issuing a redeemable asset.
The Five Things You Need to Know
The bill defines "digital financial asset" as a non‑legal‑tender digital representation of value used as a medium of exchange, unit of account, or store of value, but it expressly excludes merchant rewards, many in‑game currencies, and securities registered with or exempt from the SEC.
"Digital financial asset administration" specifically means issuing a token with the authority to redeem it for legal tender, bank or credit union credit, or another digital financial asset — a definition that targets redeemable stablecoins.
"Control" has two prongs: (1) operational control — the unilateral power to execute or prevent a transaction indefinitely — and (2) corporate control — either 25% or more of voting securities or the ability to direct management, excluding ordinary commercial contracts.
The statute treats exchanges, transfers, and storage as covered activities and adds electronic precious metals and certificates to the scope of regulated business activity, pulling tokenized commodity products into the licensing frame.
"Resident" is defined to include domiciled persons, those physically present in California over 183 days in the prior year, and persons with a place of business in California; notably, the definition excludes licensees and their affiliates, a targeted carve‑out for regulated firms.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Who’s who: applicants, banks, credit unions, and the regulator
These subsections name the parties that the division will treat as applicants and licensees and identify the Department of Financial Protection and Innovation (DFPI) as the regulator. Calling out banks and credit unions in the definitions signals the statute expects those chartered institutions to appear in the regulatory ecosystem — either as licensees, partners, or counterparties — and preserves the ability to reference banking terms in other provisions.
What is a digital financial asset (and what is not)
Subsection (g) establishes the core statutory definition and three explicit exclusions: merchant affinity/rewards programs, in‑game currencies limited to a publisher’s ecosystem, and securities registered with or exempt from the SEC or qualified with or exempt from DFPI. This subsection is the gatekeeper: whether a token is a "digital financial asset" under (g) will control downstream licensing, consumer protections, and enforcement.
Administration, business activity, and control services vendors
These clauses define "digital financial asset administration" (issuance with a promise or authority to redeem), the set of business activities that trigger regulation (exchanging, transferring, storing, administration), and the idea of a "control services vendor" that assumes control of assets under agreement. Together they cast a wide net — covering custodians, custodial vendors, and third‑party service providers that assume control under contract — and put contractual custody arrangements squarely in scope.
Exchange, transfer, and store — operational definitions
The statute breaks out operational verbs: "exchange" means assuming control to sell, trade, or convert between digital assets and legal tender/bank credit; "transfer" covers moving or crediting assets between accounts or relinquishing control; "store" means maintaining control for a resident. Defining these verbs reduces ambiguity about when activity crosses the threshold into regulated conduct and will shape compliance controls, transaction monitoring, and recordkeeping requirements.
Control: technical and corporate tests
Control is defined both as the real‑world power to execute or indefinitely prevent a transaction and as a corporate test (25% voting threshold or de facto direction of management), but the statute carves out that mere service roles like director or officer do not alone create control. This dual test will matter for decentralized protocols, multisig custodians, and parties that hold governance tokens or critical keys; determining which actors exercise "control" will be fact‑specific and central to enforcement.
Residency, responsible individuals, and valuation metric
The bill defines "resident" using domicile, physical presence (more than 183 days), and place‑of‑business tests while excluding licensees and affiliates. It also creates the concept of a "responsible individual" with direct control or significant decisionmaking authority for in‑state activity, and it ties valuation to a U.S.-based exchange's U.S. dollar equivalent. Those provisions establish compliance touchstones for licensing, designate named individuals for supervisory responsibility, and set a default valuation reference for reporting and insolvency scenarios.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- California residents using consumer payment or redemption tokens — the definitions target redeemable tokens and establish a regulatory framework that can enable supervised redemptions and consumer disclosures.
- Banks and credit unions — by being named and defined, chartered financial institutions gain clarity about how their existing legal status interacts with digital asset activities and whether to participate under the licensing regime.
- Game publishers and loyalty program operators — the statute explicitly excludes most in‑game currencies and merchant reward points, shielding these business models from the digital asset licensing regime.
- DFPI — the department gains a clear statutory vocabulary to assert supervisory authority and to build regulatory requirements around custody, control, and responsible individuals.
Who Bears the Cost
- Issuers of redeemable tokens and stablecoins — the redemption‑focused definition of administration pulls redeemable token models into the licensing framework, creating compliance and capital/segregation obligations.
- Exchanges, custodians, and custody‑service vendors — the operational definitions of exchange, transfer, and store and the control tests mean custodians and third‑party vendors will need compliance programs, key‑management controls, and licensing (or contractual redesign) to operate in California.
- Small fintechs and startups designing novel token models — the broad functional language (medium of exchange, store of value) and inclusion of tokenized precious metals can force product redesigns or raise the cost of market entry.
- Marketplaces and protocol service providers that can block or execute transactions — entities that hold materially effective keys or governance control may become subject to licensing where previously they viewed themselves as neutral infrastructure.
Key Issues
The Core Tension
The bill tries to square two competing goals: give regulators clear authority to supervise redeemable tokens, custody, and exchanges to protect consumers and financial stability, while avoiding overreach that would sweep up innocuous loyalty points, in‑game currencies, and decentralized protocols; achieving both clarity and narrowness with a set of definitions — rather than prescriptive rules — creates inevitable ambiguity about who falls under regulation and how to treat decentralized or algorithmic token designs.
The statute’s utility depends on interpretation. The "digital financial asset" test (medium of exchange, unit of account, store of value) is intentionally functional and captures many designs, but that breadth creates line‑drawing challenges: is a niche utility token that occasionally trades for fiat a covered asset?
The listed exclusions help, but the securities carve‑out imports SEC classification disputes into state licensing decisions, potentially producing conflicting federal‑state outcomes.
The dual control test — operational ability to execute or prevent transactions and the 25% voting threshold — is practical but awkward for decentralized systems and key‑split custody. Who ‘‘controls’’ a protocol state if multisignature keyholders or a DAO governance process can block a transaction?
Similarly, the redemption‑focused definition of administration targets redeemable stablecoins but may not clearly capture algorithmic designs that promise (or imply) convertibility without a contractual redemption right. Valuation rules tied to a U.S.-based exchange create dependence on market infrastructure and raise questions for thinly traded or over‑the‑counter tokens.
Finally, adding tokenized precious metals brings commodity law overlap: Californians and regulated firms will need clarity on how DFPI oversight interacts with federal commodity regulators and state money‑transmitter regimes.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.