From the journal

California DFPI Orders Hermes Bitcoin to Cease Crypto Kiosk Operations Under DFAL, 18 May 2026

The California Department of Financial Protection and Innovation announced a consent order on 18 May 2026 requiring Hermes Bitcoin, the operator of 42 crypto kiosks across Southern California, to cease all digital financial asset business in the state by 20 May 2026. The DFPI alleged violations of the Digital Financial Assets Law (DFAL), the California Consumer Financial Protection Law, and federal anti-money laundering rules. Restitution totals $174,874.28 with a $1 million suspended administrative penalty.

3 min read

The California Department of Financial Protection and Innovation (DFPI) announced a final consent order on 18 May 2026 against Anh Management, LLC, the operator of Hermes Bitcoin kiosks. The order required the company to cease all digital financial asset business in California by 20 May 2026. Hermes Bitcoin operated 42 crypto kiosks across Southern California. The DFPI alleged that the company processed over 3,000 non-compliant transactions and issued more than 14,000 deficient receipts. The settlement is final and in effect.

The DFPI applied the Digital Financial Assets Law at Financial Code Division 1.25, sections 3101 through 3905. The DFAL took effect 1 July 2025 and full licensure begins 1 July 2026. The agency enforced the rules in advance through the California Consumer Financial Protection Law. The order alleges violations of the DFAL's $1,000 single-day cash transaction cap at section 3601, the fee limits at section 3603, the receipt content requirements at section 3604, and the customer identification requirements at section 3605. The order also cites the federal Bank Secrecy Act customer identification program rules at 31 CFR 1010.220 for affiliated kiosk operations. Consideration includes $174,874.28 in restitution and a $1 million administrative penalty held in suspense pending compliance with the consent order.

The order reaches every digital financial asset kiosk operator that serves California consumers. Operators must respect the $1,000 single-day cash cap, the statutory fee cap, and the receipt and customer identification rules under the DFAL. Operators must collect tax identification numbers, verify customer identity, and maintain audit trails before processing transactions. Banking and payment partners that route flows to kiosk networks should review counterparty due diligence files. The DFPI has signaled that pre-license enforcement will continue and that operators relying on prior unlicensed activity face restitution and outright bans.

DFAL licensure applications open 1 July 2026 under Financial Code section 3201. Unlicensed operators may continue limited activity only under DFPI conditional approval pending license review. The consent order bars Hermes Bitcoin from any digital financial asset business in California unless the DFPI grants a license. Other states with kiosk-specific statutes, including Minnesota SF 3868 and Vermont H.659, are advancing parallel restrictions on cash-loaded crypto ATMs.

Licentium advises crypto-asset service providers and kiosk operators on state money transmitter and digital asset law compliance through a partner network across enforcement defense and licensing. Contact us to discuss DFAL filings, consent order negotiation, or pre-license remediation. Work we undertake includes DFAL license applications, BitLicense filings, federal money services business registration, BSA and AML compliance programs, transaction monitoring policies, and consumer disclosure design.

Source: California Department of Financial Protection and Innovation, "DFPI Shuts Down Crypto Kiosk Operator for Cheating Consumers and Violating State Laws," 18 May 2026, https://dfpi.ca.gov/press_release/dfpi-shuts-down-crypto-kiosk-operator-for-cheating-consumers-and-violating-state-laws/

The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

Crypto Regulatory

More from the journal

See all

Ireland Publishes Regulation of Artificial Intelligence Bill 2026 to Implement EU AI Act

On 17 June 2026, the Irish Government published the Regulation of Artificial Intelligence Bill 2026, comprising 139 sections, 10 parts, and 4 schedules. The Bill establishes the domestic enforcement architecture for the EU AI Act in Ireland. It creates Oifig IS na hEireann, the AI Office of Ireland, as an independent statutory body. Sector regulators become Market Surveillance Authorities with enforcement powers, including fines up to 7 percent of global annual turnover.

FCA Publishes Final Cryptoasset Rules Setting UK Regime Effective October 2027

On 30 June 2026, the Financial Conduct Authority published five policy statements (PS26/9 through PS26/13) finalising the UK cryptoasset regulatory regime. The rules cover trading platforms, intermediaries, custodians, stablecoin issuers, and staking providers. Firms must obtain FCA authorisation before the 25 October 2027 go-live date. The authorisation gateway opens in September 2026. The legal basis is the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, passed on 4 February 2026.

Senator Warner Releases Discussion Draft of AI AGENT Act on 29 June 2026

On 29 June 2026, Senator Mark Warner (D-VA) released a discussion draft of the Artificial Intelligence Access, Gatekeeper Exchange, and Nondiscriminatory Transfer Act (AI AGENT Act). The draft would create a Federal Trade Commission registry of vetted AI agents and require agents accessing sensitive user data to act in users' best interests. Large online platforms would face a non-discrimination obligation for AI agent access. NIST would develop open technical standards for agent authentication.