Read the full stored bill text
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~ G1/2
26/HR43/R1718SG
PAGE 1 (ELS\KP)
To: Banking and Financial
Services
MISSISSIPPI LEGISLATURE REGULAR SESSION 2026
By: Representative Aguirre
HOUSE BILL NO. 1596
(As Sent to Governor)
AN ACT TO REQUIRE A MONEY TRANSMITTER LICENSED UNDER THE 1
MONEY TRANSMISSION MODERNIZATION ACT TO IMPLEMENT SAFEGUARDS TO 2
PROTECT CUSTOMER INFORMATION AND INCREASE DATA SECURITY; TO 3
REQUIRE A LICENSEE TO DESIGNATE A QUALIFIED INDIVIDUAL TO BE 4
RESPONSIBLE FOR OVERSEEING, IMPLEMENTING AND ENFORCING AN 5
INFORMATION SECURITY PROGRAM; TO PROVIDE THE MINIMUM STANDARDS AND 6
REQUIREMENTS FOR THE INFORMATION SECURITY PROGRAM AND TO REQUIRE 7
RISK ASSESSMENTS; TO REQUIRE NOTIFICATION TO THE COMMISSIONER OF 8
BANKING AND CONSUMER FINANCE WHEN UNENCRYPTED CUSTOMER INFORMATION 9
IS ACQUIRED WITHOUT THE AUTHORIZATION OF THE AFFECTED INDIVIDUAL; 10
TO PROVIDE CERTAIN EXCEPTIONS; TO AMEND SECTION 75-16-11, 11
MISSISSIPPI CODE OF 1972, TO PROVIDE THAT FUNDS COMING INTO THE 12
POSSESSION OF THE COMMISSIONER AS A RESULT OF THE MONEY 13
TRANSMISSION MODERNIZATION ACT SHALL BE DEPOSITED INTO THE 14
CONSUMER FINANCE FUND; TO AMEND SECTIONS 75-16-25, 75-16-31 AND 15
75-16-43, MISSISSIPPI CODE OF 1972, TO REGULATE VIRTUAL CURRENCY 16
KIOSKS UNDER THE PROVISIONS OF THE MONEY TRANSMISSION 17
MODERNIZATION ACT; TO AMEND SECTION 75-16-51, MISSISSIPPI CODE OF 18
1972, TO REQUIRE A LICENSEE TO PROVIDE TRAINING MATERIALS TO HELP 19
AUTHORIZED DELEGATES RECOGNIZE FINANCIAL ABUSE AND FINANCIAL 20
EXPLOITATION OF AN ELDER ADULT AND RESPOND APPROPRIATELY IN SUCH 21
SITUATIONS; TO AMEND SECTION 75-16-65, MISSISSIPPI CODE OF 1972, 22
TO INCLUDE THE WORD "INVESTMENTS"; TO CREATE NEW SECTION 75-16-89, 23
MISSISSIPPI CODE OF 1972, TO REQUIRE A LICENSEE TO PROVIDE CERTAIN 24
INFORMATION TO THE PURCHASER IN CONNECTION WITH EACH MONEY 25
TRANSMISSION OR KIOSK TRANSACTION CONDUCTED BY THE LICENSEE 26
DIRECTLY OR THROUGH AN AUTHORIZED DELEGATE; AND FOR RELATED 27
PURPOSES. 28
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI: 29
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 2 (ELS\KP)
SECTION 1. Short title. Sections 1 through 7 of this act 30
shall be known and may be cited as the "Data Security for Money 31
Transmitters Act". 32
SECTION 2. Definitions. The definitions provided in Section 33
75-16-5 shall also apply to the terms used in Sections 1 through 7 34
of this act, and the following terms as used in Sections 1 through 35
7 of this act have the meanings as defined in this section, unless 36
the context clearly indicates otherwise: 37
(a) "Authorized user" means an employee, contractor, 38
agent or other person that participates in a licensee's business 39
operations and is authorized to access and use a licensee's 40
information systems and data. 41
(b) "Consumer" means an individual who obtains or has 42
obtained a financial product or service from a licensee that is to 43
be used primarily for personal, family or household purposes, or 44
that individual's legal representative. 45
(c) "Customer" means a consumer who has a customer 46
relationship with a licensee. 47
(d) "Customer information" means a record containing 48
nonpublic personal information about a customer of a licensee, 49
whether in paper, electronic or other form, that is handled or 50
maintained by or on behalf of a licensee or the licensee's 51
affiliates. 52
(e) "Customer relationship" means a continuing 53
relationship between a consumer and a licensee under which the 54
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 3 (ELS\KP)
licensee provides to the consumer one or more financial products 55
or services that are used primarily for personal, family or 56
household purposes. 57
(f) "Encryption" means the transformation of data into 58
a form that results in a low probability of assigning meaning 59
without the use of a protective process or key, consistent with 60
current cryptographic standards and accompanied by appropriate 61
safeguards for cryptographic key material. 62
(g) "Financial product or service" means a product or 63
service that a financial holding company could offer by engaging 64
in a financial activity under Section 4(k) of the Bank Holding 65
Company Act of 1956, 12 USC Section 1843(k), as it existed on 66
January 1, 2025. The term "financial product or service" includes 67
a licensee's evaluation or brokerage of information that a 68
licensee collects in connection with a request or an application 69
from a consumer for a financial product or service. 70
(h) "Information security program" means the 71
administrative, technical or physical safeguards a licensee uses 72
to access, collect, distribute, process, protect, store, use, 73
transmit, dispose of or otherwise handle customer information. 74
(i) "Information system" means a discrete set of 75
electronic information resources organized for the collection, 76
processing, maintenance, use, sharing, dissemination or 77
disposition of electronic information, including any specialized 78
system such as industrial controls systems or process controls 79
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 4 (ELS\KP)
systems, telephone switching and private branch exchange systems, 80
and environmental controls systems, that contains customer 81
information or that is connected to a system that contains 82
customer information. 83
(j) "Licensee" means a money transmitter or virtual 84
currency kiosk licensed under the Money Transmission Modernization 85
Act, Section 75-16-1 et seq. 86
(k) "Multi-factor authentication" means authentication 87
through verification of at least two (2) of the following types of 88
authentication factors: 89
(i) Knowledge factors, including, but not limited 90
to, a password; 91
(ii) Possession factors, including, but not 92
limited to, a token; or 93
(iii) Inherence factors, including, but not 94
limited to, biometric characteristics. 95
(l) (i) "Nonpublic personal information" means: 96
1. Personally identifiable financial 97
information; and 98
2. A list, description or other grouping of 99
consumers, and publicly available information pertaining to a 100
consumer, that is derived using personally identifiable financial 101
information that is not publicly available. 102
(ii) The term "nonpublic personal information" 103
includes, but is not limited to, a list of individuals' names and 104
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 5 (ELS\KP)
street addresses that is derived, in whole or in part, using 105
personally identifiable financial information that is not publicly 106
available. The term "nonpublic personal information" does not 107
include: 108
1. Publicly available information except as 109
included on a list described in subparagraph (i)2 of this 110
paragraph (l); 111
2. A list, description or other grouping of 112
consumers, and publicly available information pertaining to the 113
list, description or other grouping of consumers, that is derived 114
without using personally identifiable financial information that 115
is not publicly available; or 116
3. A list of individuals' names and addresses 117
that contains only publicly available information and is not: 118
a. Derived, in whole or in part, using 119
personally identifiable financial information that is not publicly 120
available; and 121
b. Disclosed in a manner that indicates 122
that any of the individuals on the list is a consumer of a 123
licensee. 124
(m) "Notification event" means acquisition of 125
unencrypted customer information without the authorization of the 126
affected individual. For purposes of this paragraph (m): 127
(i) Customer information is considered unencrypted 128
if the encryption key was accessed by an unauthorized person; and 129
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 6 (ELS\KP)
(ii) Unauthorized acquisition will be presumed to 130
include unauthorized access to unencrypted customer information 131
unless a licensee has reliable evidence showing that there has not 132
been, or could not reasonably have been, unauthorized acquisition 133
of the customer information. 134
(n) "Penetration testing" means a test methodology in 135
which assessors attempt to circumvent or defeat the security 136
features of an information system by attempting penetration of 137
databases or controls from outside or inside a licensee's 138
information systems. 139
(o) (i) "Personally identifiable financial 140
information" means information: 141
1. A consumer provides to a licensee to 142
obtain a financial product or service from a licensee; 143
2. About a consumer resulting from a 144
transaction involving a financial product or service between a 145
licensee and a consumer; or 146
3. A licensee otherwise obtains about a 147
consumer in connection with providing a financial product or 148
service to that consumer. 149
(ii) The term "personally identifiable financial 150
information" includes: 151
1. Information a consumer provides to a 152
licensee on an application to obtain a loan, credit card or other 153
financial product or service; 154
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 7 (ELS\KP)
2. Account balance information, payment 155
history, overdraft history and credit or debit card purchase 156
information; 157
3. The fact that an individual is or has been 158
a licensee's customer or has obtained a financial product or 159
service from a licensee; 160
4. Information about a licensee's consumer if 161
the information is disclosed in a manner that indicates that the 162
individual is or has been the licensee's consumer; 163
5. Information that a consumer provides to a 164
licensee or that a licensee or a licensee's agent otherwise 165
obtains in connection with collecting on, or servicing, a credit 166
account; 167
6. Information a licensee collects through an 168
Internet cookie or the information collecting device from a 169
computer server; and 170
7. Information from a consumer report. 171
(iii) The term "personally identifiable financial 172
information" does not include: 173
1. A list of names and addresses of customers 174
of an entity that is not a licensee; and 175
2. Information that does not identify a 176
consumer, including aggregate information or blind data that does 177
not contain personal identifiers such as account numbers, names or 178
addresses. 179
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 8 (ELS\KP)
(p) "Publicly available information" means information 180
that a licensee has a reasonable basis to believe is lawfully made 181
available to the public from federal, state or local government 182
records; widely distributed media; or disclosures to the public 183
that are required to be made by federal, state or local law. 184
The term "publicly available information" includes, but is 185
not limited to: 186
(i) Information in government records, including 187
information in government real estate records and security 188
interest filings; and 189
(ii) Information from widely distributed media, 190
including information from a telephone book, a television or radio 191
program, a newspaper or a website that is available to the public 192
on an unrestricted basis. A website is not considered to be 193
restricted under this subparagraph (ii) merely because an Internet 194
service provider or a site operator requires a fee or a password, 195
so long as access is available to the public. 196
For purposes of this paragraph (p), a licensee has a 197
reasonable basis to believe that information is lawfully made 198
available to the public if the licensee has taken steps to 199
determine that the information is of the type that is available to 200
the public, whether an individual can direct that the information 201
not be made available to the public and, if so, that the 202
licensee's consumer has not directed that the information not be 203
made available to the public. 204
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 9 (ELS\KP)
For purposes of this paragraph (p), mortgage information is 205
lawfully made available to the public if the licensee determines 206
that the information is of the type included on the public record 207
in the jurisdiction where the mortgage would be recorded. 208
For purposes of this paragraph (p), an individual's telephone 209
number is lawfully made available to the public if the licensee 210
has located the telephone number in a telephone directory or the 211
consumer has informed the licensee that the telephone number is 212
not unlisted. 213
(q) "Qualified individual" means an individual 214
designated by a licensee to oversee, implement and enforce the 215
licensee's information security program. 216
(r) "Security event" means an event resulting in 217
unauthorized access to, or disruption or misuse of: 218
(i) An information system or information stored on 219
the information system; or 220
(ii) Customer information held in physical form. 221
(s) "Service provider" means a person or entity that 222
receives, maintains, processes or otherwise is permitted access to 223
customer information through its provision of services directly to 224
a licensee that is subject to this act. 225
SECTION 3. Standards for safeguarding customer information. 226
(1) A licensee shall develop, implement and maintain a 227
comprehensive information security program. 228
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 10 (ELS\KP)
(2) The information security program under subsection (1) of 229
this section shall: 230
(a) Be written in one or more readily accessible parts; 231
and 232
(b) Contain administrative, technical and physical 233
safeguards that are appropriate to the licensee's size and 234
complexity, the nature and scope of the licensee's activities, and 235
the sensitivity of any customer information at issue. 236
SECTION 4. Information security program required elements. 237
(1) (a) A licensee shall designate a qualified individual 238
to be responsible for implementing, overseeing and enforcing the 239
licensee's information security program. 240
(b) The qualified individual may be employed by the 241
licensee, an affiliate or a service provider. If a licensee 242
designates an individual employed by an affiliate or service 243
provider to oversee the information security program, the 244
licensee: 245
(i) Remains responsible for compliance with this 246
act; 247
(ii) Must designate a senior member of the 248
licensee's personnel to be responsible for the direction and 249
oversight of the qualified individual; and 250
(iii) Must require the service provider or 251
affiliate to maintain an information security program that 252
protects the licensee as required by this act. 253
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 11 (ELS\KP)
(2) (a) A licensee shall base the information security 254
program on a risk assessment that: 255
(i) Identifies reasonably foreseeable internal and 256
external risks to the security, confidentiality and integrity of 257
customer information that could result in the unauthorized 258
disclosure, misuse, alteration, destruction or other compromise of 259
the information; and 260
(ii) Assesses the sufficiency of any safeguards in 261
place to control these risks. 262
(b) The risk assessment shall be written and include: 263
(i) Criteria for the evaluation and categorization 264
of identified security risks or threats the licensee faces; 265
(ii) Criteria for the assessment of the 266
confidentiality, integrity and availability of the licensee's 267
information systems and customer information, including the 268
adequacy of the existing controls in the context of the identified 269
risks or threats the licensee faces; and 270
(iii) Requirements for mitigating or accepting 271
identified risks based on the risk assessment and a description of 272
how the information security program will address identified 273
risks. 274
(3) A licensee shall periodically perform additional risk 275
assessments that: 276
(a) Reexamine the reasonably foreseeable internal and 277
external risks to the security, confidentiality and integrity of 278
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 12 (ELS\KP)
customer information that could result in the unauthorized 279
disclosure, misuse, alteration, destruction or other compromise of 280
customer information; and 281
(b) Reassess the sufficiency of any safeguards in place 282
to control these risks. 283
(4) A licensee shall design and implement safeguards to 284
control the risks the financial institution identifies through the 285
risk assessment as required under subsection (2) of this section, 286
including, but not limited to: 287
(a) Implementing and periodically reviewing access 288
controls, including technical and, as appropriate, physical 289
controls, to: 290
(i) Authenticate and permit access only to 291
authorized users to protect against the unauthorized acquisition 292
of customer information; and 293
(ii) Limit authorized users' access only to 294
customer information that the authorized user needs to perform the 295
authorized user's duties and functions, or in the case of 296
customers, to access the customer's own customer information; 297
(b) Identifying and managing the data, personnel, 298
devices, systems and facilities that enable the licensee to 299
achieve business purposes according to the licensee's relative 300
importance to business objectives and the licensee's risk 301
strategy; 302
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 13 (ELS\KP)
(c) Protecting by encryption all customer information 303
held or transmitted by the licensee both in transit over external 304
networks and at rest. To the extent the licensee determines that 305
encryption of customer information, either in transit over 306
external networks or at rest, is infeasible, the licensee may 307
instead secure the customer information using effective 308
alternative compensating controls reviewed and approved by the 309
licensee's qualified individual; 310
(d) Adopting secure development practices for in-house 311
developed applications used by the licensee for transmitting, 312
accessing or storing customer information and procedures for 313
evaluating, assessing or testing the security of externally 314
developed applications the licensee uses to transmit, access or 315
store customer information; 316
(e) Implementing multi-factor authentication for an 317
individual accessing an information system, unless the licensee's 318
qualified individual has approved in writing the use of reasonably 319
equivalent or more secure access controls; 320
(f) Developing, implementing and maintaining procedures 321
for the secure disposal of customer information in any format no 322
later than two (2) years after the last date the customer 323
information was used in connection with the provision of a 324
financial product or service to the customer, unless the customer 325
information is: 326
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 14 (ELS\KP)
(i) Necessary for business operations or for other 327
legitimate business purposes; 328
(ii) Otherwise required to be retained by state or 329
federal law or regulation; or 330
(iii) Where targeted disposal is not reasonably 331
feasible due to the manner in which the information is maintained; 332
(g) Periodically reviewing the licensee's data 333
retention policy to minimize the unnecessary retention of data; 334
(h) Adopting procedures for change management; and 335
(i) Implementing policies, procedures and controls 336
designed to monitor and log the activity of authorized users and 337
detect unauthorized access or use of, or tampering with, customer 338
information by these users. 339
(5) (a) A licensee shall regularly test or otherwise 340
monitor the effectiveness of the safeguards' key controls, systems 341
and procedures, including those to detect actual and attempted 342
attacks on or intrusions into information systems. 343
(b) For information systems, monitoring and testing 344
shall include continuous monitoring or periodic penetration 345
testing and vulnerability assessments. Absent effective 346
continuous monitoring or other systems to detect, on an ongoing 347
basis, changes in information systems that may create 348
vulnerabilities, the licensee shall conduct: 349
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 15 (ELS\KP)
(i) Annual penetration testing of a licensee's 350
information systems determined each given year based on relevant 351
identified risks according to the risk assessment; and 352
(ii) Vulnerability assessments, including a 353
systemic scan or review of an information system reasonably 354
designed to identify publicly known security vulnerabilities in 355
the licensee's information systems based on the risk assessment, 356
at least every six (6) months, and whenever there are: 357
1. Material changes to the licensee's 358
operations or business arrangements; and 359
2. Circumstances the licensee knows or has 360
reason to know may have a material impact on the licensee's 361
information security program. 362
(6) A licensee shall implement policies and procedures to 363
ensure that personnel are able to enact the licensee's information 364
security program by: 365
(a) Providing the licensee's personnel with security 366
awareness training that is updated as necessary to reflect risks 367
identified by the risk assessment; 368
(b) Using qualified information security personnel 369
employed by the licensee or an affiliate or service provider 370
sufficient to manage the licensee's information security risks and 371
to perform or oversee the information security program; 372
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 16 (ELS\KP)
(c) Providing information security personnel with 373
security updates and training sufficient to address relevant 374
security risks; and 375
(d) Verifying that key information security personnel 376
take steps to maintain current knowledge of changing information, 377
security threats and countermeasures. 378
(7) (a) A licensee shall take reasonable steps to select 379
and retain service providers that are capable of maintaining 380
appropriate safeguards for the customer information at issue. As 381
a provision of the contract between a licensee and a service 382
provider, the service provider shall be required to implement and 383
maintain such safeguards. 384
(b) A licensee shall periodically assess its service 385
providers based on the risk they present and the continued 386
adequacy of their safeguards. 387
(8) A licensee shall evaluate and adjust the licensee's 388
information security program to reflect: 389
(a) The results of the testing and monitoring required 390
by subsection (5) of this section; 391
(b) A material change to the licensee's operations or 392
business arrangements or other circumstances; 393
(c) The results of risk assessments performed under 394
subsection (2) of this section; and 395
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 17 (ELS\KP)
(d) Any other circumstances that the licensee knows or 396
has reason to know may have a material impact on the licensee's 397
information security program. 398
(9) A licensee shall establish a written incident response 399
plan designed to promptly respond to, and recover from, any 400
security event materially affecting the confidentiality, integrity 401
or availability of customer information in the licensee's control. 402
The incident response plan shall address: 403
(a) The goals of the incident response plan; 404
(b) The internal processes for responding to a security 405
event; 406
(c) The definition of clear roles, responsibilities and 407
levels of decision-making authority; 408
(d) External and internal communications and 409
information sharing; 410
(e) Identification of requirements for the remediation 411
of any identified weaknesses in information systems and associated 412
controls; 413
(f) Documentation and reporting regarding security 414
events and related incident response activities; and 415
(g) The evaluation and revision as necessary of the 416
incident response plan following a security event. 417
(10) (a) The licensee's qualified individual shall report 418
in writing, at least annually, to the licensee's board of 419
directors or equivalent governing body. If a board of directors 420
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 18 (ELS\KP)
or equivalent governing body does not exist, the report required 421
under this subsection (10) shall be timely presented to a senior 422
officer responsible for the licensee's information security 423
program. 424
(b) The report shall include: 425
(i) The overall status of the information security 426
program and the licensee's compliance with Sections 1 through 7 of 427
this act and associated rules; and 428
(ii) Material matters related to the information 429
security program, addressing issues such as risk assessment, risk 430
management and control decisions, service provider arrangements, 431
results of testing, security events or violations and management's 432
responses to security events or violations, and recommendations 433
for changes in the information security program. 434
(11) A licensee shall establish a written plan addressing 435
business continuity and disaster recovery. 436
SECTION 5. Notification to the commissioner. (1) A 437
licensee shall provide notice to the commissioner about 438
notification events. Upon discovery of a notification event, if 439
the notification event involves the information of any consumers 440
in this state, the licensee shall notify the commissioner as soon 441
as possible, but in no event later than seventy-two (72) hours 442
after discovery of the notification event. The notice shall be 443
made in a format specified by the commissioner and include the 444
following information: 445
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 19 (ELS\KP)
(a) The name and contact information of the reporting 446
licensee; 447
(b) A description of the types of information that were 448
involved in the notification event; 449
(c) If the information is possible to determine, the 450
date or date range of the notification event; 451
(d) The number of consumers affected or potentially 452
affected by the notification event; 453
(e) A general description of the notification event; 454
and 455
(f) Whether a law enforcement official has provided the 456
licensee with a written determination that notifying the public of 457
the notification event would impede a criminal investigation or 458
cause damage to national security, and a means for the 459
commissioner to contact the law enforcement official. 460
(2) Pursuant to subsection (1)(f) of this section, a law 461
enforcement official may request an initial delay of up to thirty 462
(30) days following the date when notice was provided to the 463
commissioner. The delay may be extended for an additional period 464
of up to sixty (60) days if the law enforcement official seeks an 465
extension in writing. Additional delay may be permitted only if 466
the commissioner determines that public disclosure of a 467
notification event continues to impede a criminal investigation or 468
cause damage to national security. 469
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 20 (ELS\KP)
(3) A notification event under this section shall be treated 470
as discovered as of the first day on which the notification event 471
is known to the licensee. The licensee shall be deemed to have 472
knowledge of a notification event if the notification event is 473
known to any of the licensee's employees, officers or other 474
agents, excluding the person committing the notification event. 475
(4) If a licensee becomes aware of a notification event in a 476
system maintained by a service provider, the licensee shall treat 477
such event as it would under subsection (1) of this section. 478
However, the computation of the licensee's deadlines shall begin 479
on the day after the service provider notifies the licensee of the 480
notification event or the licensee otherwise has actual knowledge 481
of the event, whichever is sooner. 482
SECTION 6. Exceptions. (1) Subsections (2)(b), (5)(b), (9) 483
and (10) of Section 4 of this act shall not apply to a licensee 484
that maintains customer information concerning fewer than five 485
thousand (5,000) consumers. 486
SECTION 7. Authority of the Commissioner. (1) The 487
commissioner shall have the power to examine and investigate the 488
affairs of any covered licensee to determine whether the licensee 489
has been or is engaged in any conduct in violation of Sections 1 490
through 7 of this act. This authority is in addition to the other 491
powers that the commissioner has under the Money Transmission 492
Modernization Act. 493
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 21 (ELS\KP)
(2) Whenever the commissioner has reason to believe that a 494
licensee has been or is engaged in conduct in this state that 495
violates Sections 1 through 7 of this act, the commissioner may 496
take action that is necessary or appropriate to enforce the 497
provisions of Sections 1 through 7 of this act. 498
SECTION 8. Sections 1 through 7 of this act shall be 499
codified in Title 75, Mississippi Code of 1972. 500
SECTION 9. Section 75-16-25, Mississippi Code of 1972, is 501
amended as follows: 502
75-16-25. Application for license. (1) Applicants for a 503
license shall apply in a form and in a medium as prescribed by the 504
commissioner. Each such form shall contain content as set forth 505
by rule, regulation, instruction or procedure of the commissioner 506
and may be changed or updated by the commissioner in accordance 507
with applicable law in order to carry out the purposes of this 508
chapter and maintain consistency with NMLS licensing standards and 509
practices. The application must state or contain, as applicable: 510
(a) The legal name and residential and business 511
addresses of the applicant and any fictitious or trade name used 512
by the applicant in conducting its business; 513
(b) A list of any criminal convictions of the applicant 514
and any material litigation in which the applicant has been 515
involved in the ten-year period next preceding the submission of 516
the application; 517
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 22 (ELS\KP)
(c) A description of any money transmission previously 518
provided by the applicant and the money transmission that the 519
applicant seeks to provide in this state; 520
(d) A list of the applicant's proposed authorized 521
delegates and the locations, including virtual currency kiosks, in 522
this state where the applicant and its authorized delegates 523
propose to engage in money transmission or provide any other money 524
services, including, but not limited to, virtual currency kiosk 525
transactions; 526
(e) A list of other states in which the applicant is 527
licensed to engage in money transmission and any license 528
revocations, suspensions or other disciplinary action taken 529
against the applicant in another state; 530
(f) Information concerning any bankruptcy or 531
receivership proceedings affecting the licensee or a person in 532
control of a licensee; 533
(g) A sample form of contract for authorized delegates, 534
if applicable; 535
(h) A sample form of payment instrument or stored 536
value, as applicable; 537
(i) The name and address of any federally insured 538
depository financial institution through which the applicant plans 539
to conduct money transmission; and 540
(j) Any other information the commissioner or NMLS 541
requires with respect to the applicant. 542
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 23 (ELS\KP)
(2) If an applicant is a corporation, limited liability 543
company, partnership or other legal entity, the applicant shall 544
also provide: 545
(a) The date of the applicant's incorporation or 546
formation and state or country of incorporation or formation; 547
(b) If applicable, a certificate of good standing from 548
the state or country in which the applicant is incorporated or 549
formed; 550
(c) A brief description of the structure or 551
organization of the applicant, including any parents or 552
subsidiaries of the applicant, and whether any parents or 553
subsidiaries are publicly traded; 554
(d) The legal name, any fictitious or trade name, all 555
business and residential addresses and the employment, as 556
applicable, in the ten-year period next preceding the submission 557
of the application of each key individual and person in control of 558
the applicant; 559
(e) A list of any criminal convictions and material 560
litigation in which a person in control of the applicant that is 561
not an individual has been involved in the ten-year period next 562
preceding the submission of the application; 563
(f) A copy of audited financial statements of the 564
applicant for the most recent fiscal year and for the two-year 565
period next preceding the submission of the application; 566
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 24 (ELS\KP)
(g) A certified copy of unaudited financial statements 567
of the applicant for the most recent fiscal quarter; 568
(h) If the applicant is a publicly traded corporation, 569
a copy of the most recent report filed with the United States 570
Securities and Exchange Commission under Section 13 of the U.S. 571
Securities Exchange Act of 1934, 15 USC Section 78m, as amended or 572
recodified from time to time; 573
(i) If the applicant is a wholly owned subsidiary of: 574
(i) A corporation publicly traded in the United 575
States, a copy of audited financial statements for the parent 576
corporation for the most recent fiscal year or a copy of the 577
parent corporation's most recent report filed under Section 13 of 578
the U.S. Securities Exchange Act of 1934, 15 USC Section 78m, as 579
amended or recodified from time to time; or 580
(ii) A corporation publicly traded outside the 581
United States, a copy of similar documentation filed with the 582
regulator of the parent corporation's domicile outside the United 583
States; 584
(j) The name and address of the applicant's registered 585
agent in this state; and 586
(k) Any other information the commissioner requires 587
with respect to the applicant. 588
(3) A nonrefundable license fee of One Thousand Five Hundred 589
Dollars ($1,500.00) must accompany an application for a license 590
under this section. However, beginning with calendar year 2025 591
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 25 (ELS\KP)
and for each subsequent calendar year, on or before July 1 of the 592
following year, the Mississippi Department of Banking and Consumer 593
Finance will issue a memo authorizing a new license fee under this 594
section. The new amount will be calculated by applying any 595
increase or decrease in the United States Bureau of Labor 596
Statistics Consumer Price Index for All Urban Consumers (CPI-U) 597
for the previous calendar year to the previous fee amount and 598
rounding that amount upward to the nearest One-Hundred-Dollar 599
increment. 600
(4) The commissioner may waive one or more requirements of 601
subsections (1) and (2) of this section or permit an applicant to 602
submit other information in lieu of the required information. 603
SECTION 10. Section 75-16-31, Mississippi Code of 1972, is 604
amended as follows: 605
75-16-31. Renewal of license. (1) A license under this 606
chapter shall be renewed annually. 607
(a) An annual renewal fee of Eight Hundred Dollars 608
($800.00) plus One Hundred Dollars ($100.00) for each location in 609
excess of one in Mississippi through which the licensee plans to 610
conduct money transmission during the license year for which the 611
fee is paid, shall be paid, provided that in no event shall the 612
annual renewal fee exceed Five Thousand Eight Hundred Dollars 613
($5,800.00). Such renewal fee shall be paid no more than sixty 614
(60) days before the license expiration. 615
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 26 (ELS\KP)
(b) The renewal term shall be for a period of one (1) 616
year and shall begin on January 1 of each year after the initial 617
license term and shall expire on December 31 of the year the 618
renewal term begins. 619
(2) A licensee shall submit a renewal report with the 620
renewal fee, in a form and in a medium prescribed by the 621
commissioner. The renewal report must state or contain a 622
description of each material change in information submitted by 623
the licensee in its original license application which has not 624
been reported to the commissioner. The report must also contain a 625
list of the locations in this state where the licensee or an 626
authorized delegate of the licensee engages in virtual currency 627
kiosk transactions. 628
(3) The commissioner, for good cause, may grant an extension 629
of the renewal date. 630
(4) The commissioner is authorized and encouraged to utilize 631
NMLS to process license renewals provided that such functionality 632
is consistent with this section. 633
SECTION 11. Section 75-16-43, Mississippi Code of 1972, is 634
amended as follows: 635
75-16-43. Authorized delegate reporting. (1) Each licensee 636
shall submit a report of all authorized delegates and locations in 637
this state where the licensee or an authorized delegate of the 638
licensee provides money services, including, but not limited to, 639
virtual currency kiosks. Such report must be provided within 640
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 27 (ELS\KP)
forty-five (45) days of the end of the calendar quarter. The 641
commissioner is authorized and encouraged to utilize NMLS for the 642
submission of the report required by this subsection provided that 643
such functionality is consistent with the requirements of this 644
section. Such utilization shall include the NMLS Uniform 645
Authorized Agent Reporting (UAAR) process, or such other similar 646
process as designated by NMLS. 647
(2) The authorized delegate report shall include, at a 648
minimum, each authorized delegate's: 649
(a) Company legal name; 650
(b) Taxpayer employer identification number; 651
(c) Principal provider identifier; 652
(d) Physical address; 653
(e) Mailing address; 654
(f) Any business conducted in other states; 655
(g) Any fictitious or trade name; 656
(h) Contact person name, phone number, and email; 657
(i) Start date as licensee's authorized delegate; 658
(j) End date acting as licensee's authorized delegate, 659
if applicable; and 660
(k) Any other information the commissioner requires 661
with respect to the authorized delegate. 662
SECTION 12. Section 75-16-51, Mississippi Code of 1972, is 663
amended as follows: 664
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 28 (ELS\KP)
75-16-51. Relationship between licensee and authorized 665
delegate. (1) In this section, "remit" means to make direct 666
payments of money to a licensee or its representative authorized 667
to receive money or to deposit money in a bank in an account 668
specified by the licensee. 669
(2) Before a licensee is authorized to conduct business 670
through an authorized delegate or allows a person to act as the 671
licensee's authorized delegate, the licensee must: 672
(a) Adopt, and update as necessary, written policies 673
and procedures designed to ensure that the licensee's authorized 674
delegates comply with applicable state and federal law; 675
(b) Enter into a written contract, available to the 676
commissioner upon request, that complies with subsection (4) of 677
this section; and 678
(c) Conduct a risk-based background investigation 679
sufficient for the licensee to determine whether the authorized 680
delegate has complied and will likely comply with applicable state 681
and federal law. 682
(3) An authorized delegate must operate in full compliance 683
with this chapter. 684
(4) The written contract required by subsection (2) of this 685
section must be signed by the licensee and the authorized delegate 686
and, at a minimum, must: 687
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 29 (ELS\KP)
(a) Appoint the person signing the contract as the 688
licensee's authorized delegate with the authority to conduct money 689
transmission on behalf of the licensee; 690
(b) Set forth the nature and scope of the relationship 691
between the licensee and the authorized delegate and the 692
respective rights and responsibilities of the parties; 693
(c) Require the authorized delegate to agree to fully 694
comply with all applicable state and federal laws, rules, and 695
regulations pertaining to money transmission, including this 696
chapter and regulations implementing this chapter, relevant 697
provisions of the Bank Secrecy Act and the USA PATRIOT ACT; 698
(d) Require the authorized delegate to remit and handle 699
money and monetary value in accordance with the terms of the 700
contract between the licensee and the authorized delegate; 701
(e) Impose a trust on money and monetary value net of 702
fees received for money transmission for the benefit of the 703
licensee; 704
(f) Require the authorized delegate to prepare and 705
maintain records as required by this chapter or regulations 706
implementing this chapter, or as requested by the commissioner; 707
(g) Acknowledge that the authorized delegate consents 708
to examination or investigation by the commissioner; 709
(h) State that the licensee is subject to regulation by 710
the commissioner and that, as part of that regulation, the 711
commissioner may suspend or revoke an authorized delegate 712
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 30 (ELS\KP)
designation or require the licensee to terminate an authorized 713
delegate designation; and 714
(i) Acknowledge receipt of the written policies and 715
procedures required under subsection (2)(a) of this section. 716
(5) If the licensee's license is suspended, revoked, 717
surrendered or expired, the licensee must, within five (5) 718
business days, provide documentation to the commissioner that the 719
licensee has notified all applicable authorized delegates of the 720
licensee whose names are in a record filed with the commissioner 721
of the suspension, revocation, surrender or expiration of a 722
license. Upon suspension, revocation, surrender or expiration of 723
a license, applicable authorized delegates shall immediately cease 724
to provide money transmission as an authorized delegate of the 725
licensee. 726
(6) An authorized delegate of a licensee holds in trust for 727
the benefit of the licensee all money net of fees received from 728
money transmission. If any authorized delegate commingles any 729
funds received from money transmission with any other funds or 730
property owned or controlled by the authorized delegate, all 731
commingled funds and other property shall be considered held in 732
trust in favor of the licensee in an amount equal to the amount of 733
money net of fees received from money transmission. 734
(7) An authorized delegate may not use a subdelegate to 735
conduct money transmission on behalf of a licensee. 736
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 31 (ELS\KP)
(8) On or before April 1 of each year, a licensee shall 737
provide to each authorized delegate through which it engages in 738
the business of money transmission training materials on how to: 739
(a) Recognize financial abuse and financial 740
exploitation of an elder adult; and 741
(b) Respond appropriately if the authorized delegate 742
suspects that the authorized delegate is being asked to engage in 743
the business of money transmission for a fraudulent transaction in 744
which an elder adult is the victim of financial abuse or financial 745
exploitation. 746
A licensee shall provide the training materials required 747
under this subsection (8) to each newly appointed authorized 748
delegate within one (1) month after appointment of the authorized 749
delegate. 750
SECTION 13. Section 75-16-65, Mississippi Code of 1972, is 751
amended as follows: 752
75-16-65. Maintenance of permissible investments. (1) A 753
licensee shall maintain at all times permissible investments that 754
have a market value computed in accordance with United States 755
Generally Accepted Accounting Principles of not less than the 756
aggregate amount of all of its outstanding money transmission 757
obligations. 758
(2) Except for permissible investments enumerated in Section 759
75-16-67(1), the commissioner, with respect to any licensee, may 760
by rule, regulation or order limit the extent to which a specific 761
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 32 (ELS\KP)
investment maintained by a licensee within a class of permissible 762
investments may be considered a permissible investment, if the 763
specific investment represents undue risk to customers, not 764
reflected in the market value of investments. 765
(3) Permissible investments, even if commingled with other 766
assets of the licensee, are held in trust for the benefit of the 767
purchasers and holders of the licensee's outstanding money 768
transmission obligations in the event of insolvency, the filing of 769
a petition by or against the licensee under the United States 770
Bankruptcy Code, 11 USC Sections 101-110, as amended or recodified 771
from time to time, for bankruptcy or reorganization, the filing of 772
a petition by or against the licensee for receivership, the 773
commencement of any other judicial or administrative proceeding 774
for its dissolution or reorganization, or in the event of an 775
action by a creditor against the licensee who is not a beneficiary 776
of this statutory trust. No permissible investments impressed 777
with a trust pursuant to this subsection (3) shall be subject to 778
attachment, levy of execution or sequestration by order of any 779
court, except for a beneficiary of this statutory trust. 780
(4) Upon the establishment of a statutory trust in 781
accordance with subsection (3) of this section or when any funds 782
are drawn on a letter of credit pursuant to Section 75-16-67(1), 783
the commissioner shall notify the applicable regulator of each 784
state in which the licensee is licensed to engage in money 785
transmission, if any, of the establishment of the trust or the 786
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 33 (ELS\KP)
funds drawn on the letter of credit, as applicable. Notice shall 787
be deemed satisfied if performed pursuant to a multistate 788
agreement or through NMLS. Funds drawn on a letter of credit, and 789
any other permissible investments held in trust for the benefit of 790
the purchasers and holders of the licensee's outstanding money 791
transmission obligations, are deemed held in trust for the benefit 792
of such purchasers and holders on a pro rata and equitable basis 793
in accordance with statutes pursuant to which permissible 794
investments are required to be held in this state, and other 795
states, as applicable. Any statutory trust established hereunder 796
shall be terminated upon extinguishment of all of the licensee's 797
outstanding money transmission obligations. 798
(5) The commissioner, by rule, regulation or by order may 799
allow other types of investments that the commissioner determines 800
are of sufficient liquidity and quality to be a permissible 801
investment. The commissioner is authorized to participate in 802
efforts with other state regulators to determine that other types 803
of investments are of sufficient liquidity and quality to be a 804
permissible investment. 805
SECTION 14. The following shall be codified as Section 806
75-16-89, Mississippi Code of 1972: 807
75-16-89. (1) A licensee shall provide its name and mailing 808
address or telephone number to the purchaser in connection with 809
each money transmission or kiosk transaction conducted by the 810
licensee directly or through an authorized delegate. 811
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 34 (ELS\KP)
(2) An authorized delegate shall display prominently in a 812
form and in a medium prescribed by the commissioner a notice that 813
states or contains the following information: 814
(a) The name, mailing address and telephone number of 815
the authorized delegate; 816
(b) For each licensee of the authorized delegate: 817
(i) A statement that the authorized delegate is an 818
agent conducting business on behalf of the licensee under this 819
chapter; and 820
(ii) The name, mailing address and telephone 821
number of the licensee; and 822
(c) A statement: 823
(i) Directing consumers with complaints to contact 824
the Department of Banking and Consumer Finance; and 825
(ii) Containing the current mailing address and 826
telephone number of the department. 827
(3) (a) A licensee or authorized delegate shall include a 828
clear, concise and conspicuous fraud warning that is posted in a 829
conspicuous area or included on a transmittal form used by a 830
consumer to send money to another individual. 831
(b) The fraud warning required under subsection (3)(a) 832
of this section shall: 833
(i) Include a toll-free telephone number for 834
consumers to call to report fraud or suspected fraud; and 835
H. B. No. 1596 *HR43/R1718SG* ~ OFFICIAL ~
26/HR43/R1718SG
PAGE 35 (ELS\KP)
ST: Money transmitters; require to implement
certain data security measures and customer
protections.
(ii) Be in clear, conspicuous and legible writing 836
in English and in the language principally used by the licensee or 837
authorized delegate to advertise, solicit or negotiate, either 838
orally or in writing, for a transaction conducted in person, 839
electronically or by telephone, if other than English. 840
(c) A licensee shall monitor the activities of its 841
authorized delegates relating to transmittals by consumers. 842
(d) If a licensee or authorized delegate conducts money 843
transmission activity through a website or a mobile application 844
that is not in a physical location, the commissioner may authorize 845
an alternative form of the fraud notice required under subsection 846
(3)(a) of this section. 847
SECTION 15. This act shall take effect and be in force from 848
and after July 1, 2026. 849