California's Department of Financial Protection and Innovation (DFPI) has ordered Evergreen ATM, LLC — operating as Getcoins — to cease all Bitcoin ATM operations in the state within 30 days, unless the company first obtains a license. The consent order, signed January 16, 2026, imposes a $1 million conditional penalty and finds Getcoins violated California's daily transaction limits, fee caps, disclosure requirements, and federal anti-money laundering rules.
This is the third DFPI consent order targeting a Bitcoin ATM operator under California's Digital Financial Assets Law (DFAL), which took effect in phases starting January 1, 2024. The earlier orders against Coinhub and RockItCoin followed a similar pattern: investigate, find violations, and force either compliance or market exit. Getcoins chose exit — at least until it can secure a license.
Case: Commissioner of Financial Protection and Innovation v. Evergreen ATM, LLC dba Getcoins
Key sourced metrics. Visualize the strongest filing metrics as a simple chart.Source: Bitcoin ATM News reporting
Agency: California Department of Financial Protection and Innovation
Date: January 16, 2026
Legal Basis: Digital Financial Assets Law (Cal. Fin. Code § 3101 et seq.) and California Consumer Financial Protection Law (Cal. Fin. Code § 90000 et seq.)
What the DFPI Found
The consent order documents four categories of violations spanning from January 2024 through the investigation period:
DFPI Findings Against Getcoins:
Daily limit violations: Getcoins kiosks accepted more than $1,000 from individual customers in a single day — the cap set by DFAL section 3902 — on "multiple occasions" since January 1, 2024.
Fee overcharges: Getcoins charged customers more than the legal maximum (the greater of $5 or 15% of the transaction) on "multiple occasions" since January 1, 2025.
Missing pre-transaction disclosures: Getcoins processed transactions without providing any of the required written disclosures — including fees, the exchange rate charged versus the market rate, and whether transactions are irreversible — on "multiple occasions" since January 1, 2025.
Incomplete receipts: Transaction receipts did not include the spread amount or the name of the exchange used to calculate it, as required since January 1, 2024.
AML program deficiencies: The DFPI concluded that allowing transactions above the $1,000 daily limit constituted a failure to maintain an anti-money laundering program commensurate with the risks of the business, as required by federal BSA regulations (31 C.F.R. § 1022.210).
The DFPI classifies Getcoins as both a "covered person" under the California Consumer Financial Protection Law and an "operator" under the DFAL. The order concludes Getcoins violated Financial Code sections 3902, 3904, and 3905, as well as section 90003(a)(1) — the prohibition against unfair, deceptive, or abusive acts.
The Penalty Structure
$1M
Conditional Penalty
30 Days
To Cease Operations
15%
Max Fee Under CA Law
$1,000
CA Daily Transaction Limit
The $1 million penalty is conditional — it becomes due only if Getcoins fails to comply with the consent order's terms. If Getcoins shuts down its California kiosks within 30 days and stays out until licensed, it owes nothing. If it doesn't, the full amount becomes immediately payable within 10 days of a written noncompliance notice.
This is the same structure the DFPI used in its earlier consent orders against Coinhub and RockItCoin. It's a compliance lever, not a fine — the DFPI is saying "get out or get licensed," not "pay us money."
Critically, Getcoins has not admitted or denied the allegations. The order states that the company's "voluntary agreement to entry of this Consent Order does not constitute admission or denial of any of the allegations."
How Getcoins Compares to Prior DFPI Actions
The DFPI has now established a clear enforcement template for Bitcoin ATM operators in California. All three consent orders — Coinhub, RockItCoin, and now Getcoins — cite the same statutory violations and impose the same basic remedy: cease operations or get licensed.
But the Getcoins order includes a notable addition. Unlike the prior orders, this one explicitly cites federal Bank Secrecy Act compliance failures. The DFPI found that by allowing transactions above the $1,000 daily limit, Getcoins failed to maintain an AML program "commensurate with the risks" of its business. This is significant because it signals the DFPI is willing to invoke federal AML obligations, not just state consumer protection law, as a basis for enforcement.
The order also prominently references the August 4, 2025 FinCEN guidance on crypto kiosks, which urged operators to be "vigilant in identifying and reporting suspicious activity" and highlighted the disproportionate impact on people aged 60 and over. The DFPI's inclusion of this federal context suggests the agency views Bitcoin ATM regulation as inseparable from fraud prevention — a position consistent with the broader national enforcement trend.
The FinCEN Connection
The consent order dedicates three paragraphs to FinCEN's August 2025 guidance, quoting it at length. The key passage the DFPI chose to include:
"[P]eople aged 60 and over were more than three times as likely as younger adults to report a loss using a [crypto] kiosk. More than two of every three dollars reported lost to fraud using [crypto] kiosks was lost by an older adult."
— FinCEN guidance, August 4, 2025, citing FTC data (as quoted in the DFPI consent order)
This isn't decorative. By embedding FinCEN's elder fraud findings into the legal record, the DFPI is building a narrative that kiosk operators who fail to comply with transaction limits and disclosure rules are effectively facilitating the conditions that enable scams. It's the same theory underlying attorney general lawsuits against Bitcoin Depot in Massachusetts and Iowa, against CoinFlip in Iowa, and against Athena Bitcoin in DC — but applied through administrative enforcement rather than litigation.
What This Means for Getcoins Customers in California
If you've used a Getcoins kiosk in California:
Getcoins kiosks in California must go offline within 30 days of January 16, 2026 — by approximately February 15, 2026 — unless the company obtains a DFAL license first.
If you were charged fees exceeding 15% of your transaction value (or $5, whichever is greater), those charges violated California law. Consider filing a complaint with the DFPI.
If you transacted more than $1,000 in a single day at a Getcoins kiosk, the operator should not have allowed that transaction under California law.
The consent order does not create a direct refund mechanism for affected customers. For more on your options, see our consumer protection resources.
What This Means for Operators
The Getcoins order reinforces three things every Bitcoin ATM operator running kiosks in California needs to understand:
**The DFPI is systematically working through the market.** Three consent orders in roughly a year means the agency has an active enforcement program, not just a one-off action. Any operator running kiosks in California without a DFAL license should assume the DFPI knows they exist.
**Federal AML compliance is now part of the state enforcement toolkit.** The inclusion of BSA/AML violations in the Getcoins order expands the DFPI's reach beyond state consumer protection statutes. Operators who thought their AML compliance was a federal-only concern now face the prospect of state regulators citing those same failures.
**The $1,000 daily limit is enforced.** California's daily transaction cap is among the strictest in the country, and the DFPI is treating it as a bright-line rule. Operators who allow even occasional exceedances risk the same outcome Getcoins received: a desist-and-refrain order with a seven-figure penalty attached.
Operators in California should review their current DFAL license status and compliance posture. The operators directory tracks enforcement actions and trust scores across the industry.
What to Watch
The consent order preserves Getcoins' right to apply for a DFAL license in the future — the DFPI committed not to deny a license "based solely on the fact that the Parties entered into this Settlement Agreement." That leaves open the question of whether Getcoins will attempt to re-enter California as a licensed operator or abandon the market entirely.
The broader question is how many unlicensed kiosk operators remain in California, and how quickly the DFPI intends to reach them. Three consent orders suggest a deliberate pace. But with FinCEN guidance now providing federal cover and the DFAL's provisions fully in effect, operators still running without a license in California are operating on borrowed time.
