California Orders Hermes Bitcoin to Halt Operations, Citing Over 14,000 Violations

California’s Department of Financial Protection and Innovation (DFPI) ordered cryptocurrency ATM operator Hermes Bitcoin to cease all operations in the state this month, citing more than 14,000 alleged violations of state law. The desist and refrain order, issued against the operator GOATD Inc., marks one of the most significant enforcement actions against a crypto ATM network in the state's history and signals a new era of intensified regulatory scrutiny for the digital asset industry. The action forces Hermes to immediately stop all money transmission activities, which includes the buying and selling of cryptocurrency through its network of physical kiosks. According to the DFPI, the company engaged in 14,713 violations of California’s Money Transmission Act by failing to provide customers with proper transaction receipts that included mandatory disclosures, such as fee structures and contact information for the company and the state regulator. The aggressive enforcement against Hermes is a clear signal to any business operating in the digital asset space that regulatory patience has worn thin. While the technology is new, the principles of consumer protection and financial compliance are not. The sheer number of violations suggests a systemic operational failure, not minor oversights, highlighting a critical gap in the company's internal controls. In our experience, many ventures in emerging industries prioritize growth and product development while treating compliance as an afterthought, a gamble that can lead to catastrophic failure, as seen here. Building a robust compliance framework from the outset is not an impediment to innovation; it is essential for sustainable, long-term success. This incident underscores the importance of proactive financial risk management. For guidance on navigating complex state and federal regulatory landscapes, business owners can contact C&S Finance Group LLC at csfinancegroup.com to ensure their operations are built on a secure and compliant foundation. The DFPI’s order details how each of the 14,713 transactions conducted by Hermes in California since December 2020 constituted a separate violation. The state's Money Transmission Act requires that for every transaction, the operator must provide a receipt that clearly states the amount of the transaction, any fees paid by the customer, the final amount transmitted, and the name and contact information of both the company and the DFPI for complaint purposes. Regulators allege that Hermes ATMs consistently failed to provide these complete and compliant receipts, leaving consumers without critical information and recourse. In addition to halting all business, the order compels GOATD Inc. to provide the DFPI with a comprehensive accounting of every transaction conducted in California, including customer details, transaction amounts in both U.S. dollars and cryptocurrency, and all fees charged. This data will likely be used to determine the full scope of the company's non-compliance and could lead to further penalties or consumer restitution efforts. This action comes as California prepares for the full implementation of its Digital Financial Assets Law (DFAL), which will establish a comprehensive licensing and supervision framework for cryptocurrency companies operating in the state. While the DFAL is not yet fully in effect, the DFPI’s use of the existing Money Transmission Act to target Hermes demonstrates the agency’s intent to use all available tools to police the digital asset market. Crypto ATM operators, often criticized for charging exorbitant fees and being potential conduits for illicit financial activity, have become a primary focus for regulators nationwide. These kiosks, which allow individuals to buy cryptocurrencies like Bitcoin with cash, often operate in a regulatory gray area compared to online exchanges. They can appeal to unbanked individuals or those seeking privacy, but regulators worry they can also be exploited for money laundering and fraud. The lack of transparent fee disclosures, as alleged in the Hermes case, can also result in consumers paying effective rates far higher than they realize, sometimes exceeding 20% of the transaction value. The shutdown of Hermes serves as a stark warning to the hundreds of other crypto ATM operators in California. The DFPI has made it clear that it will not wait for the DFAL to be fully operative to enforce consumer protection laws. Other firms in the space are now undoubtedly reviewing their own compliance procedures, from receipt generation to anti-money laundering protocols, to avoid a similar fate. Looking ahead, the industry should anticipate a continued wave of enforcement actions from both state and federal agencies. As regulators become more sophisticated in their understanding of the digital asset ecosystem, companies will be held to the same standards as traditional financial institutions. The survival of crypto ATM operators and other digital currency businesses will depend on their ability to adapt to this increasingly stringent regulatory environment.