Earlier this month, Virginia (HB 665), Kentucky (SB 189) and Wisconsin (Act 226) enacted new laws regulating virtual currency kiosks, collectively imposing licensing, disclosure, transaction-limit, and fraud prevention requirements on kiosk operators.
The laws include several operational and compliance requirements for virtual currency kiosk operators. Specifically, the statutes:
- Impose licensing requirements. Each state requires virtual currency kiosk operators to obtain a license before operating in the state. Virginia and Kentucky also establish detailed application, bonding, reporting, examination, and enforcement frameworks.
- Limit transaction amounts. Wisconsin limits kiosk transactions to $1,000 per customer per day. Virginia limits transactions to $2,000 per day for new users, $5,000 per day for other users, and $10,000 per month for any user. Kentucky limits transactions to $2,000 per day and $10,500 during the 30-day new-user period.
- Require fraud warnings and transaction disclosures. Each law requires operators to provide fraud warnings, disclose transaction terms and fees, and provide information for reporting suspected fraud. Kentucky and Virginia also require disclosures addressing virtual currency risks, including volatility and lack of federal deposit insurance protections.
- Create fraud-prevention obligations. Operators must verify user identities and maintain written anti-fraud programs. Kentucky and Virginia also require operators to use blockchain analytics and tracing software to identify potentially fraudulent or illicit activity.
- Require customer service, receipts, and refunds. Each law requires live customer service and transaction receipts. The statutes also create fraud-related refund rights, though the timing, scope, and refund amounts differ by state.
Putting It Into Practice: The latest laws add to a wave of recent state activity targeting virtual currency kiosks, including several states implementing licensing frameworks (previously discussed here, here, and here) and Tennessee’s outright ban on such kiosks (previously discussed here). Operators should expect continued expansion of licensing frameworks, transaction limits, and mandated disclosures across additional jurisdictions. Businesses in this space should evaluate whether existing compliance programs, particularly around identity verification, transaction monitoring, and consumer communications, align with these emerging requirements and update policies accordingly.
