(a) An applicant, before submitting an application, shall create and, during licensure, maintain in a record policies and procedures for all of the following: (1) An information security program and an operational security program. (2) A business continuity program. (3) A disaster recovery program. (4) An antifraud program. (5) A program to prevent money laundering. (6) A program to prevent funding of terrorist activity. (7) (A) A program designed to ensure compliance with this division and other laws of this state or federal laws applicable to the digital financial asset business activity contemplated by the licensee with, or on behalf of, residents and to assist the licensee in achieving the purposes of other state laws and federal laws if violation of those laws has a remedy under this division. (B) The program described by this paragraph shall specify detailed policies and procedures that the licensee undertakes to minimize the probability that the licensee facilitates the exchange of unregistered securities. (b) A policy required by subdivision (a) shall be in a record and designed to be adequate for a licenseeâs contemplated digital financial asset business activity with, or on behalf of, residents, considering the circumstances of all participants and the safe operation of the activity. Any policy and implementing procedure shall be compatible with other policies and the procedures implementing them and not conflict with policies or procedures applicable to the licensee under other state law. A policy and implementing procedure may be one in existence in the licenseeâs digital financial asset business activity with, or on behalf of, residents. (c) A licenseeâs policy for detecting fraud shall include all of the following: (1) Identification and assessment of the material risks of its digital financial asset business activity related to fraud, which shall include any form of market manipulation and insider trading by the licensee, its employees, or its customers. (2) Protection against any material risk related to fraud identified by the department or the licensee. (3) Periodic evaluation and revision of the antifraud procedure. (d) A licenseeâs policy for preventing money laundering and financing of terrorist activity shall include all of the following: (1) Identification and assessment of the material risks of its digital financial asset business activity related to money laundering and financing of terrorist activity. (2) Procedures, in accordance with federal law or guidance published by federal agencies responsible for enforcing federal law, pertaining to money laundering and financing of terrorist activity. (3) Filing reports under the Bank Secrecy Act (31 U.S.C. Sec. 5311 et seq.) or Chapter X of Title 31 of the Code of Federal Regulations and other federal or state law pertaining to the prevention or detection of money laundering or financing of terrorist activity. (e) A licenseeâs information security and operational security policy shall include reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of any nonpublic personal information or digital financial asset it receives, maintains, or transmits. (f) A licensee shall file with the department a copy of a report it makes to a federal authority. (g) A licenseeâs protection policy under subdivision (e) for residents shall include all of the following: (1) Any action or system of records required to comply with this division and other state law applicable to the licensee with respect to digital financial asset business activity with, or on behalf of, a resident. (2) A procedure for resolving disputes between the licensee and a resident. (3) A procedure for a resident to report an unauthorized, mistaken, or accidental digital financial asset business activity transaction. (4) A procedure for a resident to file a complaint with the licensee and for the resolution of the
‹ Prev All California sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.