Florida Senate - 2024                                     SB 914
       
       
        
       By Senator Perry
       
       
       
       
       
       9-00756-24                                             2024914__
    1                        A bill to be entitled                      
    2         An act relating to digital trust business; creating s.
    3         658.996, F.S.; defining terms; providing legislative
    4         intent; prohibiting certain entities from engaging in
    5         digital trust business without an application to and
    6         prior approval by the Office of Financial Regulation;
    7         specifying the requirements of such application;
    8         authorizing a state bank or state trust company to
    9         exclusively engage in virtual trust business under
   10         certain circumstances; authorizing certain companies
   11         to submit an application to the office to organize as
   12         a state trust company to exclusively engage in virtual
   13         trust business; specifying the requirements of such
   14         application and that such application is deemed to
   15         satisfy certain provisions; requiring the office to
   16         consider specified factors when acting on applications
   17         to engage in digital trust business; specifying the
   18         timeframe for the office to grant or deny an
   19         application to engage in digital trust business;
   20         providing that such application will be deemed
   21         approved if the office fails to render a decision
   22         within a specified timeframe; authorizing the
   23         Financial Services Commission to adopt rules;
   24         specifying the requirements for such rules; requiring
   25         the commission to adopt rules regarding a failed state
   26         bank or state trust company and compliance with
   27         certain procedures; requiring the commission to ensure
   28         that the state bank’s or state trust company’s
   29         policies and procedures satisfy certain requirements;
   30         requiring the commission to establish standards by
   31         rule which relate to stablecoin; providing
   32         requirements for such standards; authorizing the
   33         commission to establish by rule certain requirements
   34         and standards; authorizing the office to require state
   35         banks or state trust companies engaged in digital
   36         trust business and their affiliates to file reports;
   37         specifying the contents of the reports; providing
   38         construction; providing an effective date.
   39          
   40  Be It Enacted by the Legislature of the State of Florida:
   41  
   42         Section 1. Section 658.996, Florida Statutes, is created to
   43  read:
   44         658.996 Digital trust business.—
   45         (1)As used in this section, the term:
   46         (a)“Digital trust business” means any of the following
   47  activities, in either a fiduciary or nonfiduciary capacity:
   48         1.Receiving virtual currency for transmission or
   49  transmitting virtual currency, except where the transaction is
   50  undertaken for nonfinancial purposes and does not involve the
   51  transfer of more than a nominal amount of virtual currency.
   52         2.Storing, holding, or maintaining custody or safekeeping
   53  of virtual currency on behalf of a customer.
   54         3.Buying and selling virtual currency.
   55         4.Performing exchange services related to virtual
   56  currency, regardless of whether directly or indirectly,
   57  including by affiliating with or being an affiliate of a company
   58  that performs such services.
   59         5.Controlling, administering, or issuing virtual currency.
   60         (b)“Stablecoin” means a virtual currency designed to
   61  maintain a stable value relative to a national currency or other
   62  reference assets, which may include a commodity.
   63         (c)“Virtual currency” has the same meaning as in s.
   64  560.103.
   65         (2)It is the intent of the Legislature to authorize state
   66  banks and trust companies to engage in digital trust business.
   67  It is the intent of the Legislature that such institutions
   68  wishing to engage in such business shall conduct due diligence
   69  and carefully examine the risks involved in virtual currency
   70  activities through a methodical and comprehensive risk
   71  assessment process consistent with best practices, including
   72  those identified by the office. The Legislature intends that the
   73  office continue to charter state banks and state trust companies
   74  to engage in digital trust business consistent with historical
   75  practice and the requirements of this section.
   76         (3)A state bank, state trust company, or other company may
   77  not engage in digital trust business, except by application to
   78  and with prior approval of the office.
   79         (4)The commission shall prescribe by rule the requirements
   80  of the application, but the application must, at minimum,
   81  contain all of the following:
   82         (a)The applicant’s legal name, including any fictitious or
   83  trade names used by the applicant in the conduct of its
   84  business, the form of business organization of the applicant,
   85  and the date and place of organization of the applicant.
   86         (b)An organizational chart of the applicant and its
   87  management structure, including its principal officers or senior
   88  management, indicating lines of authority and the allocation of
   89  duties among its principal officers or senior management.
   90         (c)A list of all of the applicant’s affiliates and an
   91  organizational chart illustrating the relationship among the
   92  applicant and such affiliates.
   93         (d)A list of, and detailed biographical information for,
   94  each director, principal officer, principal stockholder, and
   95  principal beneficiary of the applicant, as applicable, including
   96  such individual’s name, physical and mailing addresses, and
   97  information and documentation regarding such individual’s
   98  personal history, experience, and qualification, which must be
   99  accompanied by a form of authority, executed by such individual,
  100  to release information to the office.
  101         (e)For each principal officer, principal stockholder, and
  102  principal beneficiary of the applicant, as applicable, a
  103  background report prepared by an independent investigatory
  104  agency acceptable to the office.
  105         (f)For each principal officer, principal stockholder, and
  106  principal beneficiary of the applicant, as applicable, and for
  107  all individuals employed by the applicant who have access to any
  108  customer funds, whether denominated in fiat currency or virtual
  109  currency, all of the following:
  110         1.A set of completed fingerprints to the office or vendor
  111  authorized by s. 943.053(13). The office or vendor shall forward
  112  the fingerprints to the Florida Department of Law Enforcement
  113  for state processing, and the Department of Law Enforcement
  114  shall forward the fingerprints to the Federal Bureau of
  115  Investigation for national processing.
  116         2.Two portrait-style photographs of the individuals,
  117  measuring not more than 2 inches by 2 inches.
  118         (g)A current financial statement for the applicant and
  119  each principal officer, principal stockholder, and principal
  120  beneficiary of the applicant, as applicable, and a projected
  121  balance sheet and income statement for the applicant’s
  122  operations for the first 12 to 24 months, as the office
  123  determines appropriate. Such financial statements and balance
  124  statements must be audited or compiled by an independent
  125  certified public accountant (CPA).
  126         (h)A description of the proposed, current, and historical
  127  business of the applicant, including detail on the products and
  128  services provided and to be provided, all associated website
  129  addresses, the jurisdictions in which the applicant is engaged
  130  in business, the principal place of business, the primary market
  131  of operation, the projected customer base, any specific
  132  marketing targets, and the physical address of any operation in
  133  this state.
  134         (i)A detailed explanation of all banking arrangements.
  135         (j)An affidavit describing any pending or threatened
  136  administrative, civil, or criminal action, litigation, or
  137  proceeding before any governmental agency, court, or arbitration
  138  tribunal against the applicant or any of its directors,
  139  principal officers, principal stockholders, or principal
  140  beneficiaries, as applicable, including the names of the
  141  parties, the nature of the proceeding, and the current status of
  142  the proceeding.
  143         (k)A copy of any insurance policies maintained for the
  144  benefit of the applicant, its directors or officers, or its
  145  customers, as applicable.
  146         (l)An explanation of the methodology used to calculate the
  147  value of virtual currency in fiat currency.
  148         (5)A state bank or state trust company may, after being
  149  approved to engage in virtual trust business by the office,
  150  limit its business activities exclusively to persons engaging in
  151  digital trust business by providing written notice to the
  152  office. A company, other than an existing state bank or state
  153  trust company, may submit an application to the office for the
  154  authority to organize as a state trust company to exclusively
  155  engage in digital trust business. Such application must comply
  156  with the requirements of this section and is deemed to satisfy
  157  the application requirements of s. 658.19.
  158         (6)In acting on an application to engage in digital trust
  159  business, the office shall consider all of the following:
  160         (a)The financial and managerial resources of an applicant
  161  to conduct digital trust business. The consideration of the
  162  managerial resources of an applicant must include consideration
  163  of the competence, experience, and integrity of the officers,
  164  directors, and principal shareholders of the applicant.
  165         (b)The financial projections of an applicant, including
  166  the reasonable promise of successful operation of the
  167  applicant’s proposed digital trust business. The consideration
  168  of financial projections must include consideration of the
  169  reasonable likelihood that an applicant will be profitable in
  170  the first 3 to 5 years of operation based on the applicant’s
  171  business plan and product offerings.
  172         (c)The ability of an applicant to conduct digital trust
  173  business in a safe and sound manner and in compliance with laws
  174  and regulations. In considering such ability, the office shall
  175  consider all of the following:
  176         1.The ability of the office to obtain such information on
  177  the operations or activities of an applicant, and any affiliate
  178  of an applicant, as the office determines to be appropriate to
  179  supervise and regulate the applicant as well as to determine and
  180  enforce compliance with applicable laws, regulations, orders, or
  181  directives of the office.
  182         2.The risks associated with an applicant’s digital trust
  183  business, including those relating to cybersecurity and
  184  information technology; network design and maintenance and
  185  related technology and operational considerations; Bank Secrecy
  186  Act, Pub. L. No. 91-508; anti-money laundering and sanctions
  187  compliance; the protection of customer funds, assets, and data
  188  privacy; and the stability and integrity of the payment system,
  189  as applicable.
  190         (7)(a)The office shall grant or deny any application to
  191  engage in digital trust business within 60 calendar days after
  192  receiving a completed application but may extend the period for
  193  acting on the application for an additional 60 calendar days by
  194  notifying the applicant. Any decision to grant or deny an
  195  application to engage in digital trust business must be made
  196  public, and the office shall provide a statement of the basis
  197  for the decision.
  198         (b)An application is deemed approved if the office fails
  199  to render a decision within 120 days of the filing of such
  200  application.
  201         (8)The commission may adopt rules regarding minimum
  202  capital and liquidity requirements and protection of customer
  203  assets for state banks or state trust companies engaged in
  204  digital trust business.
  205         (a)In establishing capital requirements, the commission
  206  shall ensure that such requirements reflect the risks and value
  207  associated with engaging in the digital trust business. The
  208  office shall also ensure such requirements reflect that the bank
  209  or company engaging in the digital trust business does not hold
  210  customer virtual currency assets in a principal capacity.
  211         (b)If required by the commission, evidence of a customer’s
  212  virtual currency assets may include a balance sheet of the state
  213  bank or state trust company engaging in the digital trust
  214  business, consistent with federal regulatory guidance.
  215         (c)In establishing liquidity requirements, the commission
  216  shall, at all times, ensure that a state bank or state trust
  217  company engaged in digital trust business maintains sufficient
  218  liquidity in a form satisfactory to the office, which may
  219  include virtual currency and precious metal, in an amount at
  220  least equal to 180 days coverage of operating expenses, after
  221  accounting for liabilities on the state bank’s or state trust
  222  company’s balance sheet which reflect an obligation to repay
  223  funds to any party.
  224         (d)In establishing protection of customer asset rules, the
  225  commission shall ensure that digital trust business customers
  226  are recognized as the owners of funds, deposits, and assets they
  227  have placed in custody with a state bank or state trust company
  228  and that the funds, deposits, and assets do not constitute the
  229  property of the state bank or state trust company in a
  230  bankruptcy, receivership, or other dissolution, as applicable.
  231  The office may require or prohibit, as appropriate, the use of
  232  contract terms in order to ensure that customers are recognized
  233  as the owners of funds, deposits, or assets held by a state bank
  234  or state trust company serving as custodian of such funds,
  235  deposits, or assets so that they do not constitute the property
  236  of the state bank or state trust company in a bankruptcy,
  237  receivership, or other dissolution, as applicable.
  238         (e)The commission may require that a state bank or state
  239  trust company engaged in digital trust business maintain,
  240  enhance, and, as necessary, develop written procedures that:
  241         1.Are consistent with the state bank’s or state trust
  242  company’s products, services, and customer base;
  243         2.In the event of the state bank’s or state trust
  244  company’s bankruptcy, receivership, or other dissolution, as
  245  applicable, are reasonably designed to track, trace, and return
  246  customer funds, deposits, and assets to their proper owner,
  247  including where relevant to the applicable token holders of
  248  record, to the greatest extent possible;
  249         3.Are reasonably designed to monitor and guard against
  250  fraud and mismanagement; and
  251         4.Have sufficient independent accounting, audit, and
  252  operation controls or technical infrastructure.
  253         (9)The commission shall adopt rules ensuring, in the event
  254  of a bankruptcy, receivership, or other dissolution of a state
  255  bank or state trust company engaged in digital trust business,
  256  that the office has the ability to take control of the assets of
  257  the failed state bank or state trust company, act quickly to
  258  protect the customers of such bank or company, and return all
  259  assets belonging to the appropriate owners or holders of record
  260  as soon as possible.
  261         (10)The commission shall, by rule, ensure that a state
  262  bank or state trust company engaged in digital trust business
  263  maintains, enhances, and, as necessary, develops written
  264  policies and procedures relating to compliance with anti-money
  265  laundering (AML) sections of the Florida Statutes, the Bank
  266  Secrecy Act (BSA), Pub. L. No. 91-508, as amended, and the
  267  regulations of the Office of Foreign Assets Control (OFAC).
  268         (11)The commission shall require that the state bank's or
  269  state trust company’s BSA/AML policies and procedures do all of
  270  the following:
  271         (a)Provide for a system of internal controls and processes
  272  to manage and mitigate identified risks.
  273         (b)Provide for independent testing of a state bank’s or
  274  state trust company’s compliance by qualified parties.
  275         (c)Designate a qualified BSA/AML compliance officer.
  276         (d)Ensure that the BSA/AML compliance officer has
  277  appropriate authority, independence, and access to resources to
  278  administer an adequate BSA/AML compliance program based on a
  279  state bank’s or state trust company’s risk profile.
  280         (e)Provide training for board members and all appropriate
  281  personnel.
  282         (12)The commission shall require that the state bank’s or
  283  state trust company’s policies and procedures related to OFAC
  284  regulations are reasonably designed to ensure compliance with
  285  OFAC sanctions requirements and include an appropriate OFAC risk
  286  assessment and procedures for watch list or sanctions screening,
  287  clearing of alerts, blocking and rejecting transactions, and
  288  reporting matches to OFAC.
  289         (13)The commission shall, by rule, establish standards
  290  relating to stablecoin which do all of the following:
  291         (a)Define the parameters of stablecoin products permitted
  292  within a state bank’s or state trust company’s digital trust
  293  business.
  294         (b)Require that holders of stablecoin be able to redeem
  295  them either on demand or within a reasonably brief period of
  296  time.
  297         (c)Require the issuer of stablecoin to adopt written,
  298  conspicuous redemption policies, approved in advance by the
  299  office, that confer on any lawful holder of stablecoin a right
  300  to redeem units of stablecoin from the issuer in a timely
  301  fashion at a 1 to 1 exchange rate for the U.S. dollar, minus
  302  ordinary, well-disclosed fees. The commission may adopt
  303  reasonable, non-burdensome conditions on the right of the lawful
  304  holder of stablecoin to redeem units of stablecoin, such as
  305  requiring the stablecoin holder to onboard successfully with the
  306  issuer before redeeming. The commission shall require that an
  307  issuer’s redemption policies clearly disclose the meaning of
  308  “redemption” and what constitutes timely redemption.
  309         (d)Require that stablecoin be backed by any of the
  310  following liquid assets equal to the nominal value of all the
  311  outstanding units of stablecoin of an issuer, to facilitate
  312  timely redemption:
  313         1.U.S. Treasury bills acquired by the issuer 3 months or
  314  less from their respective maturities.
  315         2.Reverse repurchase agreements fully collateralized by
  316  U.S. Treasury bills, U.S. Treasury notes, or U.S. Treasury bonds
  317  on an overnight basis, subject to requirements approved by the
  318  office concerning overcollateralization. Such reverse repurchase
  319  agreements must be with a counterparty that the issuer has found
  320  to be adequately creditworthy and whose identity has been
  321  submitted to the office in writing, without objection, together
  322  with the issuer’s credit assessment, at least 14 days before the
  323  issuer’s commencing to enter into contracts with such
  324  counterparty.
  325         3.Government money-market funds, subject to caps on the
  326  fraction of reserve assets to be held in such funds as
  327  determined by the office.
  328         4.Deposit accounts at state or federally chartered
  329  depository institutions or well-regulated non-U.S. depository
  330  institutions, subject to limits as determined by the commission,
  331  which may be based on the commission’s conclusions concerning
  332  the risk characteristics of particular depository institutions,
  333  taking into consideration the amounts reasonably needed to be
  334  held at depository institutions to meet anticipated redemption
  335  demands.
  336  
  337  Such assets must be segregated from the proprietary assets of
  338  the issuing entity.
  339         (e)Subject the issuer of stablecoin to ongoing third-party
  340  verification, and public disclosure, of reserve assets backing
  341  the outstanding issuance of stablecoin to ensure public
  342  confidence, support redemption, and avoid consumer harm.
  343         1.The commission shall require that the reserve assets be
  344  subject to an examination at least once per month by a CPA
  345  licensed in the United States and applying the attestation
  346  standards of the American Institute of Certified Public
  347  Accountants, where such CPA and such CPA’s engagement letter
  348  have been approved in advance in writing by the office.
  349         2.The CPA shall attest to all of the following:
  350         a.The market value of the reserve assets, both in
  351  aggregate and broken down by asset class.
  352         b.The quantity of outstanding stablecoin units.
  353         c.Whether the reserve assets were, at all times, adequate
  354  to fully back all outstanding units of stablecoin.
  355         d.Whether all conditions required by the office relating
  356  to reserve assets have been met.
  357         (f)Require that the underlying assets backing units of
  358  stablecoin are the property of the token holders and are not
  359  available to the creditors of a state bank or state trust
  360  company engaged in digital trust business and do not constitute
  361  the property of such state bank or state trust company in a
  362  bankruptcy, receivership, or other dissolution, as applicable.
  363         (14)The commission may, by rule, establish requirements
  364  and standards regarding any of the following:
  365         (a)The safe and sound operations of a state bank’s or
  366  state trust company’s digital trust business.
  367         (b)Ensuring that the state bank’s or state trust company’s
  368  interests are independently assessed and appropriately
  369  protected.
  370         (c)That contracts, agreements, transactions, and other
  371  relationships between a state bank or state trust company and
  372  any affiliate, insider, or officer, employee, or contractor of
  373  an affiliate comply with applicable law and are on terms and
  374  conditions that are at least as favorable to the state bank or
  375  state trust company as those for comparable transactions with
  376  unrelated third parties.
  377         (15)The office may require a state bank or a state trust
  378  company engaged in digital trust business and its affiliates to
  379  submit reports under oath to keep the office informed as to all
  380  of the following:
  381         (a)The state bank’s or state trust company’s financial
  382  condition, systems for monitoring and controlling financial and
  383  operating risks, and transactions with depository institutions;
  384  and
  385         (b)Compliance by the state bank or state trust company and
  386  its affiliates with this chapter and any state laws that the
  387  office has specific authority to enforce against the state bank
  388  or state trust company and its affiliates.
  389         (16)This section may not be construed to authorize the
  390  office to regulate or supervise an affiliate, other than a
  391  subsidiary, of a state bank or state trust company engaged in
  392  digital trust business.
  393         Section 2. This act shall take effect July 1, 2024.