California’s recent enforcement actions against crypto ATM operators are beginning to reveal a more structured approach to digital asset supervision, one that places consumer protection, operational controls, and anti-money laundering compliance at the center of regulatory oversight.
The latest case involves Anh Management, LLC, operating as Hermes Bitcoin, which agreed to cease operating its digital financial asset kiosks in California following findings that the company violated provisions of the state’s Digital Financial Assets Law (DFAL), the California Consumer Financial Protection Law (CCFPL), and federal anti-money laundering requirements.
While the action against Hermes Bitcoin is notable on its own, it also forms part of a broader enforcement pattern that has emerged as California implements its digital asset regulatory framework.
An emerging category within digital asset supervision
In announcing the Hermes Bitcoin settlement, the California Department of Financial Protection and Innovation (DFPI) referenced several recent enforcement actions involving crypto kiosk operators.
These include actions against RockItCoin, Coinme, and LSGT Services, LLC, which operates under the Coinhub brand.
According to the DFPI, RockItCoin was ordered to pay $202,000 in restitution to California consumers and a $75,000 penalty. Coinme was fined $300,000, including $51,700 in restitution, while Coinhub was ordered to pay $675,000 in penalties, including $105,000 in restitution.
Viewed collectively, these cases suggest regulators are treating crypto ATM operators as a distinct supervisory category rather than as a peripheral subset of the broader digital asset industry.
The enforcement actions are notable not because they focus on token classification, trading activity, or market conduct, but because they concentrate on the operational mechanics of customer-facing digital asset services.
Consumer protection as the primary enforcement lens
A recurring feature across California’s approach is the emphasis on consumer safeguards.
The Digital Financial Assets Law introduced specific requirements for digital financial asset transaction kiosks, including transaction limits, fee restrictions, disclosure requirements, and receipt obligations designed to improve transparency and reduce consumer harm.
Regulators have repeatedly highlighted concerns that crypto ATMs can be used in fraud schemes where victims are persuaded to convert cash into digital assets and transfer those assets to scammers. Unlike many traditional payment channels, digital asset transactions are generally irreversible once completed.
The structure of the enforcement actions suggests that compliance with consumer protection requirements is becoming a core supervisory expectation rather than a secondary compliance consideration.
Operational controls and AML expectations
The Hermes Bitcoin case illustrates that California’s enforcement framework extends beyond transaction pricing and disclosure practices.
According to the settlement, regulators identified violations involving transaction limits, fee practices, customer disclosures, receipt requirements, and anti-money laundering controls.
The DFPI also concluded that the company maintained an ineffective Bank Secrecy Act and Anti-Money Laundering compliance program, citing failures to collect and verify customer identification information across thousands of transactions.
This broader focus indicates that regulators are evaluating crypto ATM operators through multiple compliance lenses simultaneously, including consumer protection, financial crime prevention, operational controls, and recordkeeping obligations.
Rather than viewing these requirements as separate regulatory categories, California’s enforcement actions suggest an integrated supervisory approach in which deficiencies in any of these areas may become grounds for intervention.
Digital asset supervision after DFAL
California’s Digital Financial Assets Law was enacted in 2023 and established a regulatory framework for businesses engaged in digital financial asset activity involving state residents.
As implementation of the framework continues, the state’s enforcement actions provide one of the earliest indications of how regulators intend to apply the law in practice.
The progression from restitution orders and monetary penalties to an agreement requiring Hermes Bitcoin to cease operating in California demonstrates a willingness to escalate supervisory responses where regulators identify significant compliance deficiencies.
For market participants, the cases offer practical insight into the types of controls and compliance expectations that regulators may prioritize under the state’s digital asset regime.
Signals from California’s regulatory model
Several themes emerge from California’s recent enforcement activity.
First, the actions focus on business activity rather than asset classification. The cases are centered on how services are provided to consumers, not on the legal characterization of specific digital assets.
Second, consumer protection measures and anti-money laundering requirements appear to be treated as complementary objectives. Transaction limits, disclosures, customer identification procedures, and compliance controls are addressed within the same supervisory framework.
Third, the enforcement record suggests a progression from remediation toward stronger intervention where deficiencies persist. The sequence of penalties, restitution orders, enforcement actions, and operational restrictions indicates an increasingly active approach to oversight.
While it remains early in the implementation of California’s Digital Financial Assets Law, the enforcement actions against RockItCoin, Coinme, Coinhub, and Hermes Bitcoin provide a clearer picture of how the state is approaching supervision of crypto ATM operators and the regulatory priorities that are beginning to shape that framework.
