Florida Senate - 2024 SB 914
By Senator Perry
9-00756-24 2024914__
1 A bill to be entitled
2 An act relating to digital trust business; creating s.
3 658.996, F.S.; defining terms; providing legislative
4 intent; prohibiting certain entities from engaging in
5 digital trust business without an application to and
6 prior approval by the Office of Financial Regulation;
7 specifying the requirements of such application;
8 authorizing a state bank or state trust company to
9 exclusively engage in virtual trust business under
10 certain circumstances; authorizing certain companies
11 to submit an application to the office to organize as
12 a state trust company to exclusively engage in virtual
13 trust business; specifying the requirements of such
14 application and that such application is deemed to
15 satisfy certain provisions; requiring the office to
16 consider specified factors when acting on applications
17 to engage in digital trust business; specifying the
18 timeframe for the office to grant or deny an
19 application to engage in digital trust business;
20 providing that such application will be deemed
21 approved if the office fails to render a decision
22 within a specified timeframe; authorizing the
23 Financial Services Commission to adopt rules;
24 specifying the requirements for such rules; requiring
25 the commission to adopt rules regarding a failed state
26 bank or state trust company and compliance with
27 certain procedures; requiring the commission to ensure
28 that the state bank’s or state trust company’s
29 policies and procedures satisfy certain requirements;
30 requiring the commission to establish standards by
31 rule which relate to stablecoin; providing
32 requirements for such standards; authorizing the
33 commission to establish by rule certain requirements
34 and standards; authorizing the office to require state
35 banks or state trust companies engaged in digital
36 trust business and their affiliates to file reports;
37 specifying the contents of the reports; providing
38 construction; providing an effective date.
39
40 Be It Enacted by the Legislature of the State of Florida:
41
42 Section 1. Section 658.996, Florida Statutes, is created to
43 read:
44 658.996 Digital trust business.—
45 (1) As used in this section, the term:
46 (a) “Digital trust business” means any of the following
47 activities, in either a fiduciary or nonfiduciary capacity:
48 1. Receiving virtual currency for transmission or
49 transmitting virtual currency, except where the transaction is
50 undertaken for nonfinancial purposes and does not involve the
51 transfer of more than a nominal amount of virtual currency.
52 2. Storing, holding, or maintaining custody or safekeeping
53 of virtual currency on behalf of a customer.
54 3. Buying and selling virtual currency.
55 4. Performing exchange services related to virtual
56 currency, regardless of whether directly or indirectly,
57 including by affiliating with or being an affiliate of a company
58 that performs such services.
59 5. Controlling, administering, or issuing virtual currency.
60 (b) “Stablecoin” means a virtual currency designed to
61 maintain a stable value relative to a national currency or other
62 reference assets, which may include a commodity.
63 (c) “Virtual currency” has the same meaning as in s.
64 560.103.
65 (2) It is the intent of the Legislature to authorize state
66 banks and trust companies to engage in digital trust business.
67 It is the intent of the Legislature that such institutions
68 wishing to engage in such business shall conduct due diligence
69 and carefully examine the risks involved in virtual currency
70 activities through a methodical and comprehensive risk
71 assessment process consistent with best practices, including
72 those identified by the office. The Legislature intends that the
73 office continue to charter state banks and state trust companies
74 to engage in digital trust business consistent with historical
75 practice and the requirements of this section.
76 (3) A state bank, state trust company, or other company may
77 not engage in digital trust business, except by application to
78 and with prior approval of the office.
79 (4) The commission shall prescribe by rule the requirements
80 of the application, but the application must, at minimum,
81 contain all of the following:
82 (a) The applicant’s legal name, including any fictitious or
83 trade names used by the applicant in the conduct of its
84 business, the form of business organization of the applicant,
85 and the date and place of organization of the applicant.
86 (b) An organizational chart of the applicant and its
87 management structure, including its principal officers or senior
88 management, indicating lines of authority and the allocation of
89 duties among its principal officers or senior management.
90 (c) A list of all of the applicant’s affiliates and an
91 organizational chart illustrating the relationship among the
92 applicant and such affiliates.
93 (d) A list of, and detailed biographical information for,
94 each director, principal officer, principal stockholder, and
95 principal beneficiary of the applicant, as applicable, including
96 such individual’s name, physical and mailing addresses, and
97 information and documentation regarding such individual’s
98 personal history, experience, and qualification, which must be
99 accompanied by a form of authority, executed by such individual,
100 to release information to the office.
101 (e) For each principal officer, principal stockholder, and
102 principal beneficiary of the applicant, as applicable, a
103 background report prepared by an independent investigatory
104 agency acceptable to the office.
105 (f) For each principal officer, principal stockholder, and
106 principal beneficiary of the applicant, as applicable, and for
107 all individuals employed by the applicant who have access to any
108 customer funds, whether denominated in fiat currency or virtual
109 currency, all of the following:
110 1. A set of completed fingerprints to the office or vendor
111 authorized by s. 943.053(13). The office or vendor shall forward
112 the fingerprints to the Florida Department of Law Enforcement
113 for state processing, and the Department of Law Enforcement
114 shall forward the fingerprints to the Federal Bureau of
115 Investigation for national processing.
116 2. Two portrait-style photographs of the individuals,
117 measuring not more than 2 inches by 2 inches.
118 (g) A current financial statement for the applicant and
119 each principal officer, principal stockholder, and principal
120 beneficiary of the applicant, as applicable, and a projected
121 balance sheet and income statement for the applicant’s
122 operations for the first 12 to 24 months, as the office
123 determines appropriate. Such financial statements and balance
124 statements must be audited or compiled by an independent
125 certified public accountant (CPA).
126 (h) A description of the proposed, current, and historical
127 business of the applicant, including detail on the products and
128 services provided and to be provided, all associated website
129 addresses, the jurisdictions in which the applicant is engaged
130 in business, the principal place of business, the primary market
131 of operation, the projected customer base, any specific
132 marketing targets, and the physical address of any operation in
133 this state.
134 (i) A detailed explanation of all banking arrangements.
135 (j) An affidavit describing any pending or threatened
136 administrative, civil, or criminal action, litigation, or
137 proceeding before any governmental agency, court, or arbitration
138 tribunal against the applicant or any of its directors,
139 principal officers, principal stockholders, or principal
140 beneficiaries, as applicable, including the names of the
141 parties, the nature of the proceeding, and the current status of
142 the proceeding.
143 (k) A copy of any insurance policies maintained for the
144 benefit of the applicant, its directors or officers, or its
145 customers, as applicable.
146 (l) An explanation of the methodology used to calculate the
147 value of virtual currency in fiat currency.
148 (5) A state bank or state trust company may, after being
149 approved to engage in virtual trust business by the office,
150 limit its business activities exclusively to persons engaging in
151 digital trust business by providing written notice to the
152 office. A company, other than an existing state bank or state
153 trust company, may submit an application to the office for the
154 authority to organize as a state trust company to exclusively
155 engage in digital trust business. Such application must comply
156 with the requirements of this section and is deemed to satisfy
157 the application requirements of s. 658.19.
158 (6) In acting on an application to engage in digital trust
159 business, the office shall consider all of the following:
160 (a) The financial and managerial resources of an applicant
161 to conduct digital trust business. The consideration of the
162 managerial resources of an applicant must include consideration
163 of the competence, experience, and integrity of the officers,
164 directors, and principal shareholders of the applicant.
165 (b) The financial projections of an applicant, including
166 the reasonable promise of successful operation of the
167 applicant’s proposed digital trust business. The consideration
168 of financial projections must include consideration of the
169 reasonable likelihood that an applicant will be profitable in
170 the first 3 to 5 years of operation based on the applicant’s
171 business plan and product offerings.
172 (c) The ability of an applicant to conduct digital trust
173 business in a safe and sound manner and in compliance with laws
174 and regulations. In considering such ability, the office shall
175 consider all of the following:
176 1. The ability of the office to obtain such information on
177 the operations or activities of an applicant, and any affiliate
178 of an applicant, as the office determines to be appropriate to
179 supervise and regulate the applicant as well as to determine and
180 enforce compliance with applicable laws, regulations, orders, or
181 directives of the office.
182 2. The risks associated with an applicant’s digital trust
183 business, including those relating to cybersecurity and
184 information technology; network design and maintenance and
185 related technology and operational considerations; Bank Secrecy
186 Act, Pub. L. No. 91-508; anti-money laundering and sanctions
187 compliance; the protection of customer funds, assets, and data
188 privacy; and the stability and integrity of the payment system,
189 as applicable.
190 (7)(a) The office shall grant or deny any application to
191 engage in digital trust business within 60 calendar days after
192 receiving a completed application but may extend the period for
193 acting on the application for an additional 60 calendar days by
194 notifying the applicant. Any decision to grant or deny an
195 application to engage in digital trust business must be made
196 public, and the office shall provide a statement of the basis
197 for the decision.
198 (b) An application is deemed approved if the office fails
199 to render a decision within 120 days of the filing of such
200 application.
201 (8) The commission may adopt rules regarding minimum
202 capital and liquidity requirements and protection of customer
203 assets for state banks or state trust companies engaged in
204 digital trust business.
205 (a) In establishing capital requirements, the commission
206 shall ensure that such requirements reflect the risks and value
207 associated with engaging in the digital trust business. The
208 office shall also ensure such requirements reflect that the bank
209 or company engaging in the digital trust business does not hold
210 customer virtual currency assets in a principal capacity.
211 (b) If required by the commission, evidence of a customer’s
212 virtual currency assets may include a balance sheet of the state
213 bank or state trust company engaging in the digital trust
214 business, consistent with federal regulatory guidance.
215 (c) In establishing liquidity requirements, the commission
216 shall, at all times, ensure that a state bank or state trust
217 company engaged in digital trust business maintains sufficient
218 liquidity in a form satisfactory to the office, which may
219 include virtual currency and precious metal, in an amount at
220 least equal to 180 days’ coverage of operating expenses, after
221 accounting for liabilities on the state bank’s or state trust
222 company’s balance sheet which reflect an obligation to repay
223 funds to any party.
224 (d) In establishing protection of customer asset rules, the
225 commission shall ensure that digital trust business customers
226 are recognized as the owners of funds, deposits, and assets they
227 have placed in custody with a state bank or state trust company
228 and that the funds, deposits, and assets do not constitute the
229 property of the state bank or state trust company in a
230 bankruptcy, receivership, or other dissolution, as applicable.
231 The office may require or prohibit, as appropriate, the use of
232 contract terms in order to ensure that customers are recognized
233 as the owners of funds, deposits, or assets held by a state bank
234 or state trust company serving as custodian of such funds,
235 deposits, or assets so that they do not constitute the property
236 of the state bank or state trust company in a bankruptcy,
237 receivership, or other dissolution, as applicable.
238 (e) The commission may require that a state bank or state
239 trust company engaged in digital trust business maintain,
240 enhance, and, as necessary, develop written procedures that:
241 1. Are consistent with the state bank’s or state trust
242 company’s products, services, and customer base;
243 2. In the event of the state bank’s or state trust
244 company’s bankruptcy, receivership, or other dissolution, as
245 applicable, are reasonably designed to track, trace, and return
246 customer funds, deposits, and assets to their proper owner,
247 including where relevant to the applicable token holders of
248 record, to the greatest extent possible;
249 3. Are reasonably designed to monitor and guard against
250 fraud and mismanagement; and
251 4. Have sufficient independent accounting, audit, and
252 operation controls or technical infrastructure.
253 (9) The commission shall adopt rules ensuring, in the event
254 of a bankruptcy, receivership, or other dissolution of a state
255 bank or state trust company engaged in digital trust business,
256 that the office has the ability to take control of the assets of
257 the failed state bank or state trust company, act quickly to
258 protect the customers of such bank or company, and return all
259 assets belonging to the appropriate owners or holders of record
260 as soon as possible.
261 (10) The commission shall, by rule, ensure that a state
262 bank or state trust company engaged in digital trust business
263 maintains, enhances, and, as necessary, develops written
264 policies and procedures relating to compliance with anti-money
265 laundering (AML) sections of the Florida Statutes, the Bank
266 Secrecy Act (BSA), Pub. L. No. 91-508, as amended, and the
267 regulations of the Office of Foreign Assets Control (OFAC).
268 (11) The commission shall require that the state bank's or
269 state trust company’s BSA/AML policies and procedures do all of
270 the following:
271 (a) Provide for a system of internal controls and processes
272 to manage and mitigate identified risks.
273 (b) Provide for independent testing of a state bank’s or
274 state trust company’s compliance by qualified parties.
275 (c) Designate a qualified BSA/AML compliance officer.
276 (d) Ensure that the BSA/AML compliance officer has
277 appropriate authority, independence, and access to resources to
278 administer an adequate BSA/AML compliance program based on a
279 state bank’s or state trust company’s risk profile.
280 (e) Provide training for board members and all appropriate
281 personnel.
282 (12) The commission shall require that the state bank’s or
283 state trust company’s policies and procedures related to OFAC
284 regulations are reasonably designed to ensure compliance with
285 OFAC sanctions requirements and include an appropriate OFAC risk
286 assessment and procedures for watch list or sanctions screening,
287 clearing of alerts, blocking and rejecting transactions, and
288 reporting matches to OFAC.
289 (13) The commission shall, by rule, establish standards
290 relating to stablecoin which do all of the following:
291 (a) Define the parameters of stablecoin products permitted
292 within a state bank’s or state trust company’s digital trust
293 business.
294 (b) Require that holders of stablecoin be able to redeem
295 them either on demand or within a reasonably brief period of
296 time.
297 (c) Require the issuer of stablecoin to adopt written,
298 conspicuous redemption policies, approved in advance by the
299 office, that confer on any lawful holder of stablecoin a right
300 to redeem units of stablecoin from the issuer in a timely
301 fashion at a 1 to 1 exchange rate for the U.S. dollar, minus
302 ordinary, well-disclosed fees. The commission may adopt
303 reasonable, non-burdensome conditions on the right of the lawful
304 holder of stablecoin to redeem units of stablecoin, such as
305 requiring the stablecoin holder to onboard successfully with the
306 issuer before redeeming. The commission shall require that an
307 issuer’s redemption policies clearly disclose the meaning of
308 “redemption” and what constitutes timely redemption.
309 (d) Require that stablecoin be backed by any of the
310 following liquid assets equal to the nominal value of all the
311 outstanding units of stablecoin of an issuer, to facilitate
312 timely redemption:
313 1. U.S. Treasury bills acquired by the issuer 3 months or
314 less from their respective maturities.
315 2. Reverse repurchase agreements fully collateralized by
316 U.S. Treasury bills, U.S. Treasury notes, or U.S. Treasury bonds
317 on an overnight basis, subject to requirements approved by the
318 office concerning overcollateralization. Such reverse repurchase
319 agreements must be with a counterparty that the issuer has found
320 to be adequately creditworthy and whose identity has been
321 submitted to the office in writing, without objection, together
322 with the issuer’s credit assessment, at least 14 days before the
323 issuer’s commencing to enter into contracts with such
324 counterparty.
325 3. Government money-market funds, subject to caps on the
326 fraction of reserve assets to be held in such funds as
327 determined by the office.
328 4. Deposit accounts at state or federally chartered
329 depository institutions or well-regulated non-U.S. depository
330 institutions, subject to limits as determined by the commission,
331 which may be based on the commission’s conclusions concerning
332 the risk characteristics of particular depository institutions,
333 taking into consideration the amounts reasonably needed to be
334 held at depository institutions to meet anticipated redemption
335 demands.
336
337 Such assets must be segregated from the proprietary assets of
338 the issuing entity.
339 (e) Subject the issuer of stablecoin to ongoing third-party
340 verification, and public disclosure, of reserve assets backing
341 the outstanding issuance of stablecoin to ensure public
342 confidence, support redemption, and avoid consumer harm.
343 1. The commission shall require that the reserve assets be
344 subject to an examination at least once per month by a CPA
345 licensed in the United States and applying the attestation
346 standards of the American Institute of Certified Public
347 Accountants, where such CPA and such CPA’s engagement letter
348 have been approved in advance in writing by the office.
349 2. The CPA shall attest to all of the following:
350 a. The market value of the reserve assets, both in
351 aggregate and broken down by asset class.
352 b. The quantity of outstanding stablecoin units.
353 c. Whether the reserve assets were, at all times, adequate
354 to fully back all outstanding units of stablecoin.
355 d. Whether all conditions required by the office relating
356 to reserve assets have been met.
357 (f) Require that the underlying assets backing units of
358 stablecoin are the property of the token holders and are not
359 available to the creditors of a state bank or state trust
360 company engaged in digital trust business and do not constitute
361 the property of such state bank or state trust company in a
362 bankruptcy, receivership, or other dissolution, as applicable.
363 (14) The commission may, by rule, establish requirements
364 and standards regarding any of the following:
365 (a) The safe and sound operations of a state bank’s or
366 state trust company’s digital trust business.
367 (b) Ensuring that the state bank’s or state trust company’s
368 interests are independently assessed and appropriately
369 protected.
370 (c) That contracts, agreements, transactions, and other
371 relationships between a state bank or state trust company and
372 any affiliate, insider, or officer, employee, or contractor of
373 an affiliate comply with applicable law and are on terms and
374 conditions that are at least as favorable to the state bank or
375 state trust company as those for comparable transactions with
376 unrelated third parties.
377 (15) The office may require a state bank or a state trust
378 company engaged in digital trust business and its affiliates to
379 submit reports under oath to keep the office informed as to all
380 of the following:
381 (a) The state bank’s or state trust company’s financial
382 condition, systems for monitoring and controlling financial and
383 operating risks, and transactions with depository institutions;
384 and
385 (b) Compliance by the state bank or state trust company and
386 its affiliates with this chapter and any state laws that the
387 office has specific authority to enforce against the state bank
388 or state trust company and its affiliates.
389 (16) This section may not be construed to authorize the
390 office to regulate or supervise an affiliate, other than a
391 subsidiary, of a state bank or state trust company engaged in
392 digital trust business.
393 Section 2. This act shall take effect July 1, 2024.