Section 1. Definitions 

As used in this Chapter, the following terms shall have the following meanings: 

1. “Commissioner” means the Commissioner of Financial Institutions of this state. 
2. “Customer” means any person or entity for whom an institution provides digital asset services, including a digital asset account holder or a person on whose behalf the institution acts in a fiduciary capacity. 
3. “Digital asset” means virtual currency, cryptocurrencies, natively electronic assets, including stablecoins and non-fungible tokens, and other digital-only assets that confer economic, proprietary, or access rights or powers. 
4. “Digital asset company” means a business entity that is registered to do business in this state and is licensed under the laws of this state as a money transmitter or under any other applicable digital asset licensing regime, and that is authorized to provide digital asset custody services, digital asset transaction services, or both. 
5. “Digital asset custody services” means the safekeeping or custody of digital assets on behalf of customers by an institution, including maintaining control over the digital assets and any associated cryptographic keys. 
6. “Digital asset services” means any services involving digital assets offered by an institution, including digital asset custody services, staking services, and digital asset transaction services. 
7. “Digital asset transaction services” means services that facilitate the execution of digital asset purchase or sale transactions on behalf of a customer. 
8. “Fiduciary capacity” means acting with trust powers under state law to provide digital asset services on behalf of a customer, including the discretionary management or administration of digital assets subject to fiduciary duties. 
9. “Institution” means a bank or credit union chartered under the laws of this state and authorized to conduct digital asset services under this Act. 
10. “Keys” means a pair of cryptographic codes associated with a digital asset wallet, consisting of a public key and a private key. The public key enables the receipt of digital assets and the verification of digital signatures. The private key enables the control, transfer, or management of digital assets within the wallet.  
11. “Material cybersecurity incident” means a cybersecurity breach or event that materially compromises the security, confidentiality, or integrity of an institution’s information systems or the digital assets under the institution’s control. 
12. “Non-fiduciary capacity” means providing digital asset custody services solely for safekeeping, without discretionary authority to manage or transfer the assets, and with legal title and control of the assets remaining with the customer. 
13. “Slashing” means a penalty imposed by a blockchain protocol that results in the forfeiture or reduction of staked digital assets or rewards due to validator misconduct or failure. 
14. “Staking” means committing digital assets to a blockchain network to participate in the network’s operations by validating transactions, proposing and attesting to blocks, and securing the network. 
15. “Staking rewards” means any interest, yield, or other compensation earned by a customer through staking digital assets on a blockchain network. 
16. “Subcustodian” means a third party that an institution uses to hold digital assets on the institution’s behalf as part of providing custody services to a customer. 
17. “Wallet” means a digital interface or physical device that stores digital assets or private keys, enabling the owner to securely manage, transfer, and maintain independent control over their digital assets. 

Section 2. Banks and Credit Unions – Digital Asset Custody Services 

• A. Authorization of Custody Services. An institution, may directly provide digital asset custody services to its customers.
• B. Fiduciary and Non-Fiduciary Capacity. An institution may provide digital asset custody services in either a fiduciary capacity or a non-fiduciary capacity, subject to the following provisions:
  1. Fiduciary Capacity. An institution shall not provide digital asset custody services in a fiduciary capacity unless it is authorized to exercise trust powers under state law. An institution acting in a fiduciary capacity shall exercise such authority in accordance with all applicable fiduciary duties and standards, including those governing trustees, custodians, and agents under applicable state law.
  2. Non-Fiduciary Capacity. An institution may provide digital asset custody services in a non-fiduciary capacity without being authorized to exercise trust powers. When acting in a non-fiduciary capacity, the institution shall act solely as a custodian for safekeeping purposes and shall not exercise discretionary authority over the customer’s digital assets. The institution may act only upon the explicit instructions of the customer and shall not independently manage, transfer, or dispose of the digital assets.
• C. Customer Agreement and Disclosures. An institution shall enter into a written custodial agreement with each customer before undertaking digital asset custody services. The custodial agreement must clearly specify whether the institution is acting in a fiduciary capacity or a non-fiduciary capacity for that customer. The agreement shall also include, at a minimum, the following written disclosures, which must be prominently presented to the customer:
  1. Digital assets held in custody by the institution are not deposits, obligations, or other liabilities of the institution; and
  2. Digital assets in custody are not insured by the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), or any other federal or state deposit insurance or share insurance program. 
• D. Asset Reserve Requirement. An institution providing digital asset custody services shall at all times maintain control over a quantity of each type of digital asset in its custody that exceeds the total quantity of that digital asset owed to customers or required to be held on behalf of customers. In no event shall the institution hold less than a one-to-one full reserve of each digital asset owed or attributable to its customers, and the institution’s aggregate holdings of each such digital asset must at all times be greater than the total amount of that asset that the institution owes to its customers. Pooled custody of assets, as provided in subsection E, shall not relieve the institution of the requirement to individually account for and fully reserve each type of digital asset for the benefit of customers under this subsection.
• E. Pooled or Segregated Custody Permitted. An institution may hold digital assets of multiple customers in a pooled omnibus custody arrangement or may segregate digital assets by individual customer, as provided in the custodial agreement. Pooled custody is permitted, but not required, provided the institution maintains accurate records identifying each customer’s specific interest in the digital assets. Nothing in this section shall be construed to require pooling of digital assets. An institution may segregate a customer’s digital assets in a separate account or digital wallet upon customer request or as required by the custodial agreement or applicable law.
• F. Independent Quarterly Audits. An institution engaging in digital asset custody services shall undergo an independent audit of its custodial activities and holdings at least once every calendar quarter. The audit must be conducted by a qualified independent auditor and shall verify that the institution’s actual holdings of each digital asset exceed the amount of that digital asset that the institution owes to or holds for customers. The institution shall promptly provide the results of each quarterly audit to the Commissioner and shall make the audit results available to its customers upon request.
• G. Regulatory Notification. An institution intending to commence digital asset custody services shall notify the Commissioner in writing before initiating such services. The written notice must be provided to the Commissioner at least [60] days prior to the institution’s commencement of custody services and shall include any information required by the Commissioner to evaluate the institution’s plans, policies, and procedures for compliance with this section.
• H. Fiduciary Custody – Additional Approval Requirement. An institution shall not begin offering digital asset custody services in a fiduciary capacity without first obtaining the written approval of the Commissioner. In applying for such approval, the institution shall demonstrate that it has satisfied all requirements to exercise trust powers and that it has the necessary expertise, policies, and procedures in place to safely conduct fiduciary digital asset custody services. The Commissioner, in their discretion, may condition or limit the scope of an institution’s authority to engage in fiduciary digital asset custody services and may impose any supervisory conditions deemed necessary to ensure the safety and soundness of the institution and the protection of customer assets.

Section 3.  Subcustody of Digital Assets

• A. A institution may utilize one or more subcustodians to assist in providing digital asset custody services to its customers. The engagement of a subcustodian shall not require any separate consent from the customer, provided that the use of subcustodians is disclosed in the customer’s custodial agreement. The use of a subcustodian does not relieve the institution of its duties as custodian, and the institution shall remain legally responsible to the customer for the custody of the digital assets.
• B. A institution may place digital assets into subcustody only with an entity that is any of the following:
  1. A bank chartered under the laws of this state, another state, or the United States  
  2. A special purpose depository institution chartered under the laws of this or another state; or
  3. A digital asset company that holds a current license under the laws of this state as either a virtual currency business or a money transmitter.
• C. A institution placing digital assets in subcustody shall at all times retain legal control and custody of those assets. The subcustodial arrangement shall be structured so that the institution remains the custodial record-holder of the assets on behalf of its customers and the digital assets remain the property of the institution’s customers.
• D. A institution shall execute a written agreement with each subcustodian it uses. Each such agreement shall delineate the rights and responsibilities of the institution and the subcustodian and require compliance with the provisions of this section. The institution shall make any subcustodial agreement available to the Commissioner for review upon request.
• E. For any digital asset held in subcustody, the institution shall require the subcustodian to maintain a one-to-one reserve of that asset by type. The amount of each type of digital asset held by the subcustodian must at all times equal the amount of that asset credited to the institution’s customers. Different types of digital assets shall not be commingled for reserve purposes, and assets held by a subcustodian on behalf of one institution shall not be commingled with assets held on behalf of any other institution or person.
• F. A institution shall only utilize a subcustodian that maintains insurance coverage sufficient to protect against the loss of digital assets due to cybersecurity breaches, theft, or other similar events. The institution shall ensure that the subcustodian’s insurance remains in effect and adequate to cover the value of assets held in subcustody.
• G. If an institution provides digital asset custody services in a fiduciary capacity and uses a subcustodian for any such fiduciary assets, the institution must be authorized to exercise trust powers under state law. The institution shall provide notice to the Commissioner of its use of a subcustodian for fiduciary custody, consistent with any notice requirements applicable to its fiduciary custody authority.
• H. Digital assets held in subcustody shall be included in the scope of the institution’s quarterly independent audits. All records relating to digital assets held in subcustody shall be subject to examination by the Commissioner to the same extent as records relating to digital assets held directly by the institution.

Section 4. Staking of Digital Assets 

• A. Authorization of Staking Services. An institution may stake digital assets held in custody on behalf of its customers. Staking services may be provided with respect to digital assets held in either a non-fiduciary custodial capacity or a fiduciary capacity, subject to the requirements of this section. Unless otherwise instructed by the customer, an institution may include a customer’s eligible custodial digital assets in its staking program by default, provided that the customer has been given the required disclosures and an opportunity to opt out as described in subsection H of this section.
• B. Customer Ownership and Off-Balance Sheet Status. Any digital asset that an institution stakes on behalf of a customer shall remain the property of that customer. Staked customer assets, and any staking rewards associated with those assets, shall not be recorded as assets or liabilities on the institution’s balance sheet. The institution shall ensure that staked assets are safeguarded and not subject to any lien, security interest, or claim of the institution’s creditors. An institution shall not encumber, hypothecate, or otherwise use a customer’s staked assets for any purpose except for facilitating staking on the relevant blockchain or distributed ledger, and shall not expose such assets to risk of loss except to the extent inherent in the normal operation of the staking process.
• C. Use of Subcustodians for Staking. An institution may utilize one or more subcustodians or digital asset companies to facilitate the staking of digital assets on behalf of its customers. In any such arrangement, the institution shall at all times retain legal control over the staked assets and maintain appropriate oversight of the staking process. The use of a subcustodian or digital asset company for staking shall not relieve the institution of its duties to the customer under this section, and the institution shall remain responsible for ensuring compliance with all requirements of this section. Any such subcustodial or third-party arrangement for staking must be governed by a written agreement that delineates the rights and responsibilities of the institution and the subcustodian or digital asset company and requires compliance with the provisions of this section.
• D. Reserve Requirements for Staked Assets. A institution that stakes digital assets on behalf of customers shall maintain reserves of each digital asset in amounts sufficient to facilitate timely customer withdrawals and transfers. At all times, the total quantity of each digital asset type held by the institution, including those held by any subcustodian or third-party provider, shall equal or exceed the total quantity of that digital asset owed to customers. The institution shall ensure that an appropriate portion of each digital asset type remains unstaked or otherwise available to meet customer withdrawal requests promptly, subject to any staking lock-up or unbonding periods disclosed to the customer pursuant to this Act.
• E. Staking Rewards to Customers. All rewards, yield, or other benefits earned from the staking of a customer’s digital assets shall accrue to the benefit of that customer. An institution may deduct a reasonable fee or commission from staking rewards only if that fee has been disclosed to the customer in advance in writing. Except as otherwise agreed in writing by the customer, the institution shall credit all net staking rewards, after the deduction of any disclosed fees, to the customer’s account in the same type of digital asset that generated the rewards. Such credits shall be made within a reasonable period after the rewards are received or become available to the institution.
• F. Regulatory Notification and Fiduciary Staking Authority. An institution shall notify the Commissioner in writing of its intent to commence offering staking services at least [60] days prior to initiating such services. The written notice shall include any information that the Commissioner requires to evaluate the institution’s plans, policies, and procedures for conducting staking in a safe and sound If the institution will be staking digital assets in a fiduciary capacity on behalf of any customer, the institution must be authorized to exercise trust powers under state law and shall obtain any necessary approval from the Commissioner to engage in such fiduciary staking services.
• G. Audits, Risk Management, and Insurance. An institution’s digital asset staking activities shall be included within the scope of its independent quarterly audits of digital asset custody. The institution shall implement and maintain written internal policies and procedures to effectively identify, monitor, and manage risks associated with staking, including operational risks, cybersecurity threats, slashing, and other risks associated with staking services. The institution shall maintain insurance coverage adequate to protect against potential losses arising from staking activities, including losses attributable to slashing, cybersecurity breaches, theft, or similar events, and shall ensure such coverage remains in effect and sufficient to cover the current value of assets staked on behalf of customers. All records relating to the institution’s staking services shall be available for independent audit and examination by the Commissioner, consistent with the treatment of non-staked custodial asset records.
• H. Customer Disclosures and Opt-Out. Before initiating staking services for any customer’s digital assets, an institution shall provide the customer with a clear and conspicuous written disclosure of the terms and conditions of the staking program. Such disclosure shall, at a minimum, inform the customer of:
  1. Automatic Staking and Opt-Out: The fact that the institution may automatically stake eligible digital assets in the customer’s account unless the customer affirmatively opts out of participation;
  2. Risks of Staking: The key risks associated with staking, such as the potential for loss of staked assets or rewards due to slashing or other network events, and cybersecurity or operational risks inherent in the staking process;
  3. Lock-Up Periods: Any applicable lock-up, unbonding, or notice period before staked assets can be withdrawn or transferred, and the implications of such period for the customer’s access to their assets;
  4. Customer Rights: The customer’s rights and obligations related to the staking service, including the right to discontinue participation in staking at any time and the entitlement to receive staking rewards earned on their assets; and
  5. Fees: The amount or rate of any fees or commissions that the institution will deduct from staking rewards as compensation for providing the staking service. 

A customer’s agreement to participate in the staking program shall constitute authorization for the institution to stake the customer’s digital assets in accordance with this section. All disclosures required by this subsection shall be written in plain language and presented in a manner that is readily accessible and understandable to the customer. 

Section 5 Cybersecurity and Compliance Requirements for Digital Asset Services 

• A. Compliance with Laws. An institution shall comply with all applicable federal and state laws and regulations governing its digital asset custody and staking activities. This includes, but is not limited to, compliance with the federal Bank Secrecy Act (31 U.S.C. § 5311 et seq.) and its implementing regulations, applicable customer due diligence requirements issued by the U.S. Department of the Treasury’s Financial Crimes Enforcement Network, the sanctions regulations administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), and data security and privacy laws such as the Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801–6809) and regulations promulgated thereunder.
• B. Anti-Money Laundering Program. An institution shall establish and maintain an anti-money laundering compliance program that is risk-based and commensurate with the nature and scope of the institution’s digital asset custody and staking services. The program shall include, at a minimum: 
  1. A system of internal controls to ensure ongoing compliance with the Bank Secrecy Act and other applicable anti-money laundering requirements;
  2. Independent testing for compliance to be conducted by qualified internal audit personnel or an independent external party;
  3. The designation of a Bank Secrecy Act and Anti-Money Laundering compliance officer or officers responsible for coordinating and monitoring day-to-day compliance with the program; and
  4. Appropriate risk-based procedures for conducting ongoing customer due diligence, including monitoring of customer transactions and updating customer information as necessary. 
• C. Cybersecurity Program. An institution shall implement and maintain a written cybersecurity program designed to ensure the security of the institution’s digital asset custody and staking systems and protect the confidentiality, integrity, and availability of customer digital assets and related information. The cybersecurity program shall be commensurate with the institution’s size and complexity and the sensitivity of its operations, and shall align with applicable federal cybersecurity standards for institutions – including, at a minimum, the guidelines of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook and the framework established by the National Institute of Standards and Technology (NIST) – as well as comply with applicable federal financial privacy and data security requirements. The program shall include appropriate administrative, technical, and physical safeguards to protect against anticipated threats or hazards and unauthorized access to or theft of customer assets or information.
• D. Incident Notification. An institution shall notify the Commissioner as soon as possible, but in no event later than seventy-two (72) hours after discovering any material cybersecurity incident that impacts the institution’s digital asset custody or staking systems or the digital assets held or managed through those systems. Such notice shall provide a description of the incident and its likely impact on the institution and its customers, in accordance with any notification procedures prescribed by the Commissioner. For purposes of this subsection, a “material cybersecurity incident” means a cybersecurity breach or event that materially compromises the security, confidentiality, or integrity of the institution’s information systems or the digital assets under its control.
• E. Recordkeeping. An institution shall maintain detailed records of its compliance efforts under this section, including all policies, procedures, risk assessments, audit reports, and training materials related to its anti-money laundering program and cybersecurity program. All such records and supporting documentation shall be retained for a period of at least five (5) years and shall be made available for inspection by the Commissioner upon request or during any examination.
• F. Program Oversight Personnel. Each institution shall designate qualified individuals responsible for overseeing the institution’s anti-money laundering compliance program and its cybersecurity program. The designated anti-money laundering compliance officer and the designated cybersecurity program officer shall have the appropriate expertise, authority, and resources to administer their respective programs and to enforce compliance with all applicable laws and regulations. An institution shall promptly report to the Commissioner the names and contact information of the persons designated to these oversight roles and shall notify the Commissioner of any change in such designations.
• G. Rulemaking Authority. The Commissioner may promulgate rules and regulations as necessary to implement, clarify, and enforce the requirements of this section. Such rules may include, but are not limited to, more specific standards for cybersecurity programs, definitions of terms and detailed requirements for anti-money laundering and customer due diligence programs for digital asset custody and staking services. The Commissioner may also issue advisory guidance to assist institutions in complying with the provisions of this section.

Section 6 Fiduciary Digital Asset Transaction Authority. 

• A. Authorized Institutions and Fiduciary Capacity. An institution is authorized to exercise trust powers under state law may, only when acting in a fiduciary capacity, facilitate the purchase or sale of digital assets on behalf of a fiduciary account or customer, subject to the requirements of this section. 
• B. Customer Instruction or Discretionary Authority. An institution shall execute a digital asset transaction under this section only: 
  1. pursuant to the express instruction of the customer for whom the institution is acting as fiduciary, or  
  2. in the exercise of discretionary investment authority granted to the institution under the governing fiduciary instrument or applicable law, consistent with the institution’s fiduciary duties. 
• C. Regulatory Notice. An institution intending to engage in digital asset purchase or sale services under this section shall provide at least sixty (60) days’ prior written notice of its intent to the Commissioner. The institution may commence such services only after the notice period has elapsed, unless the Commissioner specifies an earlier effective date or objects in writing during the notice period.
• D. Use of Licensed Counterparties. Any purchase or sale of digital assets executed under this section must be affected only through or with a counterparty that is duly licensed or chartered to conduct digital asset business activity. 
• E. Prohibition on Proprietary Trading. An institution facilitating digital asset transactions under this section shall act solely in a fiduciary capacity for the benefit of its clients and shall not engage in proprietary trading of digital assets. No purchase or sale of a digital asset may be made for the institution’s own account under the authority of this section, and all transactions must be solely for the account of, or benefit of, the fiduciary customer.
• F. Use of Subcustodians and Execution Agents. An institution facilitating digital asset transactions under this section may utilize subcustodians or third-party execution agents to execute transactions on behalf of fiduciary accounts. The institution may delegate discretionary authority to these subcustodians or agents regarding the timing, sequence, and venue of transaction execution. Such delegation must comply with the fiduciary responsibilities of the institution and be subject to ongoing oversight. The institution shall perform due diligence and maintain continuous monitoring of any subcustodian or execution agent to ensure compliance with this Act and the protection of fiduciary assets. Delegation of authority under this subsection does not relieve the institution of its fiduciary obligations or its ultimate responsibility for compliance with the requirements of this Act.
• G. Custody of Assets Post-Transaction. An institution that purchases a digital asset under this section for a fiduciary account shall ensure that the asset is transferred into the institution’s fiduciary custody as soon as commercially practicable after execution of the transaction. All digital assets so acquired must be held in custody in accordance with the fiduciary custody standards established elsewhere in this Act, and maintained under the institution’s control consistent with its fiduciary obligations. 
• H. Customer Disclosures. An institution shall disclose to its customer or the person on whose behalf it acts, prior to or at the time of any digital asset transaction under this section:  
  1. the methodology or basis used to determine the execution price of the digital asset transaction;  
  2. any spreads, fees, commissions, or other charges that will be applied to the transaction; and
  3. the expected timeline for settlement of the transaction and for the digital asset to be available in the customer’s fiduciary account. Such disclosures must be provided in a clear and conspicuous written form and in compliance with any disclosure standards set by the Commissioner. 
• I. Recordkeeping and Oversight. For each digital asset purchase or sale executed under this section, the institution shall create and retain an electronic record of the transaction, including, at a minimum, the date and time of execution; the type and amount of digital asset purchased or sold; the price at which the transaction was executed; the identity of the counterparty or any execution agent used; and all fees, commissions, or spreads charged. These records shall be maintained in accordance with applicable record retention requirements for fiduciary accounts and shall be made available to the Commissioner upon request or during examination. The institution shall also document its compliance with the requirements of this section and shall be prepared to demonstrate such compliance to the Commissioner. 

Section 7. Enforcement and Supervisory Authority 

• A. Enforcement Authority – Grounds. If the Commissioner determines that an institution:
  1. has violated any provision of this Act or any order issued under this Act;
  2. has engaged in any unsafe or unsound practice in connection with its digital asset services; or
  3. is operating in a manner that threatens the safety or security of customer digital assets, the Commissioner may exercise the enforcement powers set forth in this section to address such violation, practice, or conduct. 
• B. Corrective Action Orders. The Commissioner may issue a written order directing an institution to take specific corrective action to remedy any condition or violation identified under subsection A. The order shall state the grounds for issuance and the required remedial measures. The institution shall, within ten (10) days of receiving the order, respond in writing to the Commissioner detailing the corrective actions taken or planned to address the issues identified. Failure to adequately respond or comply within the specified period may prompt further enforcement action as authorized by this Act.
• C. Cease and Desist Orders. The Commissioner may, after notice and an opportunity for hearing, issue an order requiring an institution to cease and desist from any violation or unsafe or unsound practice. The Commissioner shall serve upon the institution a written notice describing the alleged violation or practice and specifying a time and place for a hearing to be held within fifteen (15) days of the notice, at which the institution may present evidence or argument. If, after such notice and hearing, the Commissioner finds that the institution has engaged in the alleged conduct, the Commissioner may issue a cease-and-desist order ordering the institution to immediately discontinue the specified conduct and to take affirmative action, if necessary, to prevent its recurrence.
• D. Temporary Emergency Orders. If the Commissioner finds that an institution’s conduct or condition is likely to cause immediate and irreparable harm to its customers or the public before a formal hearing can be concluded, the Commissioner may issue a temporary emergency order. Such an order may direct the institution to immediately cease or refrain from a specified activity, or to take any other action necessary to prevent or mitigate the harm. A temporary emergency order is effective upon service on the institution. An institution subject to a temporary order shall be given the opportunity for an expedited hearing. Upon the institution’s request, a hearing shall be held within ten (10) days after the issuance of the temporary order to determine whether the order should be stayed, modified, or made permanent. If no hearing is requested within the ten-day period, or if the institution fails to appear at the scheduled hearing, the temporary order shall remain in effect until the Commissioner either lifts it or replaces it with a cease-and-desist order or other final order following the procedures in subsection C.
• E. Civil Penalties. In addition to or in lieu of the orders described in this section, the Commissioner may impose civil monetary penalties for violations of this Act. For the first offense, the penalty shall not exceed five thousand dollars ($5,000) per violation. For each subsequent offense, the penalty shall not exceed ten thousand dollars ($10,000) per violation. Each act or omission that is found to constitute a violation shall be considered a separate violation for purposes of assessing civil penalties. The Commissioner shall issue to the institution written notice of the proposed penalty, identifying the violation and the amount of the penalty, and shall inform the institution of its right to request a hearing on the penalty in accordance with subsection G of this section.
• F. Suspension or Revocation of Digital Asset Service Authority. If, after notice and an opportunity for hearing, the Commissioner finds that an institution has committed a material or repeated violation of this Act, has willfully defied any lawful order issued by the Commissioner, or is conducting its digital asset services in a manner that poses a significant risk to the safety of customer assets or to the soundness of the institution, the Commissioner may suspend or revoke the institution’s authority to provide digital asset services under this Act. Any notice of intent to suspend or revoke shall be served upon the institution, stating the grounds for such action and setting a hearing at which the institution may show cause why its authority should not be suspended or revoked. A suspension or revocation issued under this subsection shall become effective only after the institution has been given notice, a hearing opportunity, and a written decision by the Commissioner affirming the grounds for the action.
• G. Hearing and Appeal Rights. An institution subject to any final enforcement action under this section, including but not limited to a cease-and-desist order, temporary order, civil penalty, or suspension or revocation of authority, is entitled to an administrative hearing and to judicial review of the Commissioner’s decision. Upon timely request by the institution, the Commissioner shall conduct an administrative hearing within seven (7) days. The institution may present evidence and argument at the hearing, and the Commissioner shall issue a written final decision or order based on the record of the proceeding.  An institution may appeal a final decision or order of the Commissioner to a court of competent jurisdiction as provided by law. The filing of an appeal shall operate as an automatic stay of the Commissioner’s order, unless the court, upon motion of the Commissioner, finds that the stay would pose a substantial risk to the public interest.  Any appeal filed under this subsection shall be expedited and given priority on the court’s docket. The reviewing court shall hear and determine the appeal as promptly as practicable, giving precedence over other civil matters, except matters of the same character. 

Section 8. General Provisions 

Severability. If any provision of this Act, or the application of any such provision to any person or circumstance, is held invalid by a court of competent jurisdiction, the remainder of the Act and the application of its other provisions to other persons or circumstances shall not be affected thereby. The provisions of this Act are declared to be severable.

Effective Date. This Act shall take effect sixty (60) days after its enactment.

Existing Duties and Obligations. Nothing in this Act shall be construed to alter, diminish, or expand the duties and obligations of banks, credit unions, or fiduciaries under existing state or federal law, except as expressly provided in this Act.