As Introduced
136th General Assembly
Regular Session H. B. No. 648
2025-2026
Representatives Kishman, Miller, M.
Cosponsors: Representatives Salvo, Brennan
To amend sections 1315.05 and 1315.18 and to enact sections 1349.57, 1349.571, 1349.572, 1349.573, 1349.574, 1349.575, 1349.576, 1349.577, 1349.578, 1349.579, 1349.5710, 1349.5711, and 1349.5712 of the Revised Code to establish regulations for digital asset kiosks and require they be registered as money transmitters.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF OHIO:
Section 1. That sections 1315.05 and 1315.18 be amended and sections 1349.57, 1349.571, 1349.572, 1349.573, 1349.574, 1349.575, 1349.576, 1349.577, 1349.578, 1349.579, 1349.5710, 1349.5711, and 1349.5712 of the Revised Code be enacted to read as follows:
Sec.
1315.05. Each
licensee, at all times, shall meet both
all
of
the following requirements:
(A) Be a legally established business entity that is capitalized separately and distinctly from every other legal entity and qualified to do business in this state;
(B)
Have a minimum net worth of not less than five hundred thousand
dollars, calculated according to generally accepted accounting
principles, but excluding any assets that the superintendent of
financial institutions disqualifies and including any off-balance
sheet liabilities that the superintendent requires.;
(C) Maintain a detailed plan and accounting as to how the licensee shall engage in winding down operations and shall provide the plan and accounting to the superintendent of financial institutions upon request. The plan and accounting shall contain the following, at minimum:
(1) A record showing that the licensee's minimum net worth and reserves are sufficient to prevent losses to consumers and purchasers and to repay any outstanding obligations or accounts payable;
(2) Procedures to ensure that, after winding down operations, the licensee shall not retain any consumer funds, purchaser funds, or other client funds;
(3) A plan demonstrating that consumers shall have access to consumer funds in the licensee's custody;
(4) Detailed instructions informing consumers how they may withdraw consumer funds upon request;
(5) Any other records and information requested by the superintendent regarding winding down operations.
(D) No licensee shall fail to comply with this section.
Sec. 1315.18. (A) A licensee that ceases to do business in this state shall do so in accordance with a plan approved by the superintendent of financial institutions or pursuant to directions issued by the superintendent in connection with the revocation or suspension of the licensee's license pursuant to section 1315.151 of the Revised Code. The plan shall be delivered in writing to the superintendent at least thirty business days prior to the effective date of the proposed cessation. The plan shall require the licensee to:
(1) Provide written notice to all consumers, purchasers, and users of the licensee of the proposed cessation, and the date of the proposed cessation, at least thirty business days prior to the date of the proposed cessation;
(2) Provide all consumers, purchasers, and users of the licensee with detailed final accounting of the consumers', purchasers', and users' accounts;
(3) Remit all money held in the custody of the licensee on behalf of consumers, purchasers, and users to such consumers, purchasers, and users.
(B) When a licensee ceases to do business in this state, if the superintendent considers it necessary to protect the interests of the licensee's customers, the superintendent may do either of the following:
(1) Take control of permissible investments or other assets owned by the licensee equal in value to the licensee's outstandings in this state;
(2) Require the sale of the licensee's contracts for continuing services or require the licensee's termination of those contracts with compensation to the customers for loss of the services.
(C) No licensee shall fail to comply with this section.
Sec. 1349.57. As used in sections 1349.57 to 1349.5711 of the Revised Code:
(A)(1) "Digital asset" means any type of digital unit that is used as a medium of exchange or a form of digitally stored value or that is incorporated into payment system technology.
(2) "Digital asset" includes digital units of exchange that meet the following:
(a) Have a centralized repository or administrator;
(b) Are decentralized and have no centralized repository or administrator;
(c) May be created or obtained by computing or manufacturing effort.
(3) "Digital asset" does not include digital units of exchange that are used as follows:
(a) Solely within online gaming platforms with no market or application outside of such gaming platforms;
(b) Exclusively as part of a consumer affinity or rewards program, and can be applied solely as payment for purchases with the issuer or other designated merchants, but cannot be converted into or redeemed for fiat currency.
(B) "Digital asset address" means an alphanumeric identifier representing a destination for a digital asset transfer that is associated with a digital asset wallet.
(C) "Digital asset kiosk" means an electronic terminal acting as a mechanical agent of the owner or operator to enable the owner or operator to facilitate the exchange of digital assets for fiat currency or other digital assets, including by connecting directly to a separate digital asset exchanger that performs the actual digital asset transmission, or by drawing upon the digital assets in the possession of the owner or operator of the electronic terminal.
(D) "Digital asset wallet" means a software application or other mechanism providing a means for holding, storing, and transferring digital assets.
(E) "Existing customer" means a consumer who is engaging in a transaction at a digital asset kiosk in this state and who has been registered as a customer of the owner or operator for seventy-two hours or more.
(F)(1) "Linked identifier" means any identifier or data point that the owner or operator of a digital asset kiosk designates in its written, risk-based anti-money-laundering and fraud prevention program as reasonably capable of associating two or more transactions with the same customer or related customers for the purpose of section 1349.5711 of the Revised Code.
(2) "Linked identifier" may include any combination of customer accounts or profiles, telephone numbers, electronic mail addresses, device identifiers, payment instructions or funding sources, or digital asset wallets or addresses.
(G) "New customer" means a consumer who is engaging in a transaction at a digital asset kiosk in this state and who has been registered as a customer of the owner or operator for less than seventy-two hours.
Sec. 1349.571. A person who owns, operates, solicits, markets, advertises, or facilitates digital asset kiosks in this state is deemed to be engaged in money transmission and require licensure pursuant to Chapter 1315. of the Revised Code.
Sec. 1349.572. Prior to entering into an initial transaction for, on behalf of, or with a customer, a digital asset kiosk owner or operator shall disclose in clear and conspicuous writing in the English language all material risks associated with its products, services, and activities and with digital assets generally. The disclosures shall provide substantially all of the following information:
(A) A disclosure to be acknowledged by the customer, provided separately from other disclosures required under this section, written prominently and in bold type stating the following:
"WARNING: NO GOVERNMENTAL ENTITY OR FINANCIAL INSTITUTION WILL ASK YOU TO USE THIS MACHINE FOR PAYMENT OF DEBTS OR FINES. LOSSES DUE TO FRAUDULENT OR ACCIDENTAL TRANSACTIONS MAY NOT BE RECOVERABLE AND TRANSACTIONS IN DIGITAL ASSETS ARE IRREVERSIBLE."
(B) That digital assets are not backed or insured by the government and accounts and value balances are not subject to federal deposit insurance corporation, national credit union administration, or securities investor protection corporation protections;
(C) That some digital asset transactions shall be deemed to be made when recorded on a public ledger, which is not necessarily the date or time that the customer initiates the transaction;
(D) That the value of digital assets may be derived from the continued willingness of market participants to exchange fiat currency for digital assets, which may result in the potential for permanent and total loss of value of a particular currency should the market for that digital asset disappear;
(E) That there is no assurance that a person who accepts digital assets as a payment today will continue to do so in the future;
(F) That the volatility and unpredictability of the price of digital assets relative to fiat currency may result in significant loss over a short period of time;
(G) That the nature of digital assets may lead to an increased risk of fraud or cyberattack;
(H) That the nature of digital assets means that any technological difficulties experienced by the digital asset kiosk owner or operator may prevent the access or use of a customer's digital assets;
(I) That any bond or trust account maintained by the digital asset kiosk owner or operator for the benefit of its customers may not be sufficient to cover all losses incurred by customers;
(J) That digital asset transactions are irreversible and are used by persons seeking to defraud customers, including a person impersonating a customer's loved one, threatening jail time, stating that a customer's identity has been stolen, insisting that a customer withdraw money from the customer's bank account and purchase digital assets, or alleging that a customer's personal computer has been hacked.
Sec. 1349.573. Prior to entering into an initial transaction for, on behalf of, or with a customer, a digital asset kiosk owner or operator shall disclose in clear and conspicuous writing in the English language, whether in accessible terms of service or elsewhere, all relevant terms and conditions associated with its products, services, and activities and with digital assets generally. The disclosures shall provide substantially all of the following information:
(A) The customer's liability for unauthorized digital asset transactions;
(B) The customer's right to stop payment of a preauthorized digital asset transfer and the procedure used to initiate a stop payment order;
(C) Under what circumstances the digital asset kiosk owner or operator will, absent a court or government order, disclose information concerning the customer's account to third parties;
(D) The requirement that the digital asset kiosk owner or operator communicate to the customer what customer information may be disclosed to third parties;
(E) The customer's right to receive a physical, provisional confirmation for a digital asset transaction at the time the transaction is initiated, and a final receipt upon completion of the transaction that complies with section 1349.576 of the Revised Code;
(F) Upon any changes in the rules or policies of the digital asset kiosk owner or operator, the customer's right to consent to such changed rules or practices prior to performing any transaction after such change.
Sec. 1349.574. Prior to entering into each transaction for, on behalf of, or with a customer, a digital asset kiosk owner or operator shall disclose in clear and conspicuous writing in the English language, in at least twenty-four point sans serif font, the terms and conditions of the digital asset transaction, including:
(A) The amount of the transaction;
(B) Any fees, expenses, and charges borne by the customer, including applicable exchange rates;
(C) The type and nature of the digital asset transaction;
(D) A warning that, once executed, the digital asset transaction may not be undone, if applicable, provided that transactions subject to section 1349.577 of the Revised Code are cancelable during the seventy-two-hour hold period;
(E) A daily digital asset transaction limit in accordance with section 1349.578 of the Revised Code;
(F) The difference in the sale price of the digital asset versus the current market price.
Sec. 1349.575. The owner or operator of a digital asset kiosk shall ensure that each customer acknowledges receipt of all disclosures required under sections 1349.572 to 1349.574 of the Revised Code.
Sec. 1349.576. (A) The owner or operator of a digital asset kiosk shall, upon the completion of any digital asset transaction, provide to the customer a receipt containing the following information:
(1) The name of, and contact information for, the owner or operator of the digital asset kiosk, including the owner's or operator's business address and a customer service telephone number established by the owner or operator to answer questions and register complaints;
(2) The name of the customer;
(3) The type, value, date, and precise time of the digital asset transaction, and each digital asset address;
(4) The amount of the digital asset transaction expressed in United States currency;
(5) The full unique transaction hash or identification number;
(6) The public digital asset address of the customer;
(7) The digital asset kiosk's:
(a) Nationwide multistate licensing system unique identifier;
(b) Ohio money transmitter license number;
(c) RSSD ID number assigned by the board of governors of the federal reserve system, if applicable.
(8) Any fee charged, including any fee charged directly or indirectly by the owner or operator of the digital asset kiosk or a third party involved in the digital asset transaction;
(9) The exchange rate, if applicable;
(10) Any tax collected by the owner or operator of the digital asset kiosk;
(11) A statement of the liability of the owner or operator of the digital asset kiosk for nondelivery or delayed delivery, provided that a delay attributable solely to the seventy-two-hour hold required by section 1349.577 of the Revised Code does not constitute nondelivery or delayed delivery;
(12) The name and telephone number of the department of commerce's division of financial institutions and a statement disclosing that the customer may contact the division with questions or complaints about the owner's or operator's digital asset kiosk services;
(13) Any additional information the superintendent of financial institutions requires.
(B) A receipt required under division (A) of this section:
(1) Shall be provided in:
(a) A retainable form;
(b) The English language;
(c) The language principally used by the owner or operator of the digital asset kiosk to advertise, solicit, or negotiate, either orally or in writing.
(2) May be provided electronically if the customer requests or agrees to receive an electronic receipt.
Sec. 1349.577. (A) The owner or operator of a digital asset kiosk shall place a seventy-two-hour hold on any transaction initiated by a new customer.
(B)(1) A new customer may cancel a transaction placed on hold under division (A) of this section at any time during the seventy-two-hour-hold period through procedures established by the owner or operator of the digital asset kiosk.
(2) Upon cancellation of a transaction placed on hold under division (A) of this section, the owner or operator of the digital asset kiosk shall promptly return the customer's funds, less irreversible third-party network fees, if any.
(C) During a hold placed pursuant to this section, neither the owner or operator of the digital asset kiosk nor any service provider shall provide provisional credit, vouchers, or off-chain ledger postings that make funds or digital assets available to the customer or any third party, or represent or certify to any person that such funds or digital assets are available or transferable before settlement.
(D) Nothing in this section shall be construed to require the owner or operator of a digital asset kiosk to hold or refund transactions of existing customers.
(E) Nothing in this section shall be construed to prohibit the owner or operator of a digital asset kiosk from requiring a new customer to verify the customer's identity and provide proof of initiation, such as a digital asset kiosk-issued transaction reference or confirmation number, prior to canceling the transaction.
Sec. 1349.578. The owner or operator of a digital asset kiosk transaction shall not allow customers to transfer more than the following amounts in a twenty-four-hour period:
(A) Two thousand five hundred dollars for each new customer of a digital asset kiosk, adjusted annually in accordance with section 1349.5712 of the Revised Code;
(B) Ten thousand five hundred dollars for each existing customer of a digital asset kiosk, adjusted annually in accordance with section 1349.5712 of the Revised Code.
Sec. 1349.579. (A) The owner or operator of a digital asset kiosk shall provide a refund of any transaction fees or commissions for any fraudulent digital asset transaction made as the result of deception or improper inducement if, within thirty days of the fraudulent digital asset transaction, the customer:
(1) Contacts the owner or operator of the digital asset kiosk and a government or law enforcement agency to inform them of the fraudulent nature of the digital asset transaction;
(2) Files a report with a government or law enforcement agency memorializing the fraudulent nature of the digital asset transaction and provides a copy of the report to the owner or operator of the digital asset kiosk.
(B) A refund under this section shall be provided within ten business days of the owner or operator of a digital asset kiosk receiving the report required by division (A)(2) of this section.
(C) A refund under this section shall be credited to the customer's original funding source where practicable, or otherwise by a commercially reasonable method requested by the customer.
(D) If a law enforcement agency requests in writing that the owner or operator of a digital asset kiosk temporarily refrain from issuing a refund to avoid interference with an active investigation, the ten-day period is tolled during the documented hold and resumes upon withdrawal or expiration of the hold.
(E) Nothing in this section shall be construed to require the owner or operator of a digital asset kiosk to refund the principal amount of a completed digital asset transfer or to limit the owner or operator of a digital asset kiosk's ability to assist recovery from counter-parties or law enforcement.
Sec. 1349.5710. Each owner or operator of a digital asset kiosk shall do the following:
(A)(1) Verify each customer's identity using a copy of a government-issued identification card for any of the following transactions:
(a) A transaction of one thousand dollars or more;
(b) Two or more related transactions totaling one thousand dollars or more within a twenty-four-hour period.
(2) Nothing in this section shall be construed to prohibit the owner or operator of a digital asset kiosk from requiring identity verification for transactions below one thousand dollars.
(3) An owner or operator of a digital asset kiosk acts in good faith and is not liable for a violation of division (A) of this section when applying reasonable written procedures to identify related transactions using linked identifiers designated under its risk-based program. Immaterial or technical mismatches do not create liability.
(4) As used in this section, "related transactions" means multiple transactions that the owner or operator of a digital asset kiosk knows or reasonably should know are connected, structured, or split to avoid division (A)(1) of this section. "Related transactions" includes transactions linked by one or more linked identifiers as designated by the owner or operator of the digital asset kiosk.
(B) Disclose on the digital asset kiosk in clear and conspicuous writing in the English language that identity verification may be required for any transaction to comply with law or prevent fraud;
(C)(1) Do all of the following regarding data collected pursuant to this section:
(a) Limit data collection to what is reasonably necessary to verify the customer's identity and to comply with any applicable laws;
(b) Securely store data collected;
(c) Unless otherwise required by law, retain data no later than three years from the date of the transaction or the date the customer's account is closed, whichever is later.
(2) Nothing in this section shall be construed to require the owner or operator of a digital asset kiosk to retain a photographic copy of a government-issued identification card as part of its identification data.
(D)(1) Use a customer's electronic mail address or telephone number for transactional purposes only, unless the customer opts to receive marketing materials.
(2) Not condition access to the digital asset kiosk on agreeing to receive marketing materials.
(3) Allow a customer to opt out of receiving marketing materials at any time, including by providing an option to opt out in all marketing materials.
(4) Not disclose a customer's electronic mail address or telephone number without separate express consent.
(E) Offer, during a digital asset kiosk's hours of operation, live customer support by telephone from a telephone number prominently displayed at or on the digital asset kiosk;
(F)(1) Identify and speak by telephone with any new customer, flagged via a government-issued identification card or linked identifiers as being sixty years of age or older, attempting to perform a digital asset transaction that equals or exceeds one thousand dollars before the transaction may be completed.
(2) The communication described in division (F)(1) of this section shall be recorded. During such communication, the owner or operator shall do all of the following:
(a) Positively identify the new customer;
(b) Review the new customer's stated purpose of the transaction;
(c) Discuss types of fraudulent schemes relating to digital assets.
(3) Approval of a transaction described in division (F)(1) of this section is dependent upon the owner's or operator's assessment of such communication.
(G) Designate and employ a chief compliance officer who shall do all of the following:
(1) Be qualified to coordinate and monitor a compliance program to ensure compliance with sections 1349.57 to 1349.5711 of the Revised Code and all other applicable federal and state laws, rules, and regulations;
(2) Be employed on a full-time basis by the owner or operator;
(3) Not own more than twenty per cent of the digital asset kiosk owner or operator that employs the officer.
(H) Use full-time employees to fulfill the owner's or operator's compliance responsibilities under federal and state laws, rules, and regulations.
(I) Designate linked identifiers no more broadly than reasonably necessary. Linked identifiers shall not require collection or retention of biometric data or identification images, except as permitted for transient automated verification or where required by law.
Sec. 1349.5711. A person shall not structure or cause transactions to be structured to evade the identification requirements set forth in division (A) of section 1349.5710 of the Revised Code.
Sec. 1349.5712. (A) The superintendent of financial institutions may, in accordance with Chapter 119. of the Revised Code, adopt reasonable rules to administer and enforce sections 1349.57 to 1349.5711 of the Revised Code.
(B) Beginning January 1, 2027, and on the first day of January every year thereafter, the superintendent of financial institutions shall adopt rules to annually adjust the transaction limits established in section 1349.578 of the Revised Code by the rate of inflation for the twelve-month period ending in September of the prior year according to the consumer price index or its successor index.
Section 2. That existing sections 1315.05 and 1315.18 of the Revised Code are hereby repealed.