(205 ILCS 731/Art. 1 heading) Article 1. General Provisions (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/1-1)     Sec. 1-1. Short title. This Act may be cited as the Digital Assets and Consumer Protection Act. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/1-5)     Sec. 1-5. Definitions.     (a) As used in this Act:     "Affiliate" means any person that controls, is controlled by, or is under common control with another person. For purposes of this definition, "control" means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person.     "Applicant" means a person that applies for registration under this Act.     "Bank" means a bank, savings banks, savings and loan association, savings association, or industrial loan company chartered under the laws of this State or any other state or under the laws of the United States.     "Confidential supervisory information" means information or documents obtained by employees, agents, or representatives of the Department in the course of any examination, investigation, audit, visit, registration, certification, review, licensing, or any other regulatory or supervisory activity pursuant to this Act, and any record prepared or obtained by the Department to the extent that the record summarizes or contains information derived from any report, document, or record described in this Act.     "Conflict of interest" means an interest that might incline a covered person or an individual who is an associated person of a covered person to make a recommendation that is not disinterested.     "Corporate fiduciary" shall mean a corporate fiduciary as defined by Section 1-5.05 of the Corporate Fiduciary Act.     "Covered person" means a registrant or person required to register pursuant to this Act.     "Covered exchange" means a covered person that exchanges or holds itself out as being able to exchange a digital asset for a resident as part of a business or on behalf of a customer who has entered into an agreement with a business for the provision of such services.     "Credit union" means a credit union chartered under the laws of this State or any other state or under the laws of the United States.     "Department" means the Department of Financial and Professional Regulation.     "Digital asset" means a digital representation of value that is used as a medium of exchange, unit of account, or store of value, and that is not fiat currency, whether or not denominated in fiat currency. "Digital asset" does not include any of the following:         (1) A digital representation of value that a merchant

grants as part of an affinity or rewards program and that primarily relates to such affinity or rewards program.

(2) A digital representation of value that is issued

by or on behalf of a game publisher and that is used primarily within online games or gaming platforms.

(3) Other digital representations of value that have

substantial value, utility, or significance beyond the asset's mere existence as a digital asset, including digital equivalents of tangible and intangible goods such as: (A) works of art, musical compositions, literary works, and similar intellectual property; (B) collectibles and merchandise; and (C) licenses, tickets, and similar rights to attend events or participate in activities.

(4) A digital representation of value that is not

marketed, used, promoted, offered, or sold for investment or speculation, except that this exclusion shall not apply to any digital representation of value that (A) is meme-based with no intrinsic value or utility or (B) is marketed, used, promoted, offered, or sold in a manner that intends to establish a reasonable expectation or belief among the general public that the instrument will retain a nominal value that is so stable as to render the nominal value effectively fixed. The Department may adopt rules to clarify the scope and applicability of this subsection.

(5) A digital representation of value that is used as

part of prepaid cards.

"Digital asset business activity" means any of the following:         (1) Exchanging, transferring, or storing a digital

asset as part of a business or on behalf of a customer who has entered into an agreement with a business for the provision of such services.

(2) Engaging in digital asset administration.         (3) Any other business activity involving digital

assets designated by rule by the Department as may be necessary and appropriate for the protection of residents.

"Digital asset business activity" does not include (1) peer-to-peer exchanges or transfers of digital assets, (2) decentralized exchanges facilitating peer-to-peer exchanges or transfers solely through use of a computer program or a transaction protocol that is intended to automatically execute, control, or document events and actions, (3) the development, publication, constitution, administration, maintenance, and dissemination of software in and of itself, (4) the issuance of a non-fungible token in and of itself, and (5) validating a digital asset transaction, operating a node, or engaging in similar activity to participate in facilitating, operating, or securing a blockchain system.     "Exchange", when used as a verb, means to exchange, buy, sell, trade, or convert, on behalf of a resident, either of the following:         (1) A digital asset for fiat currency or one or more

forms of digital assets.

(2) Fiat currency for one or more forms of digital

assets.

"Exchange" does not include buying, selling, or trading digital assets for a person's own account in a principal capacity.     "Executive officer" includes, without limitation, an individual who is a director, officer, manager, managing member, partner, or trustee, or other functionally equivalent responsible individual, of a person.     "Federally insured depository institution" shall mean an insured depository institution as defined by Section 3(c)(2) of the Federal Deposit Insurance Act, 12 U.S.C. 1813(c)(2), as amended, or an insured credit union as defined by Section 101(7) of the Federal Credit Union Act, 12 U.S.C. 1752(7), as amended.     "Fiat currency" means a medium of exchange or unit of value issued by the United States or a foreign government and that is designated as legal tender in its country of issuance.     "Insolvent" means any of the following:         (1) Having generally ceased to pay debts in the

ordinary course of business other than as a result of a bona fide dispute.

(2) Being unable to pay debts as they become due.         (3) Being insolvent within the meaning of federal

bankruptcy law.

"Non-fungible token" means any unique digital identifier on any blockchain or digital asset network used to certify authenticity and ownership rights that is not readily exchangeable or replaceable with a mutually interchangeable digital asset of the same value. The Department may modify this definition by rule.     "Person" includes, without limitation, any individual, corporation, business trust, estate, trust, partnership, proprietorship, syndicate, limited liability company, association, joint venture, government, governmental subsection, agency or instrumentality, public corporation or joint stock company, or any other organization or legal or commercial entity.     "Prepaid card" means an electronic payment device that, subject to any rules adopted by the Department:         (1) is usable at a single merchant or an affiliated

group of merchants that share the same name, mark, or logo, or is usable at multiple, unaffiliated merchants or service providers;

(2) is issued in and for a specified amount of fiat

currency;

(3) can be reloaded in and for only fiat currency, if

at all;

(4) is issued or reloaded on a prepaid basis for the

future purchase or delivery of goods or services;

(5) is honored upon presentation;         (6) can be redeemed in and for only fiat currency, if

at all;

(7) is governed by the Uniform Money Transmission

Modernization Act; and

(8) complies with any other condition designated by

rule by the Department as may be necessary and appropriate for the protection of residents.

"Qualified custodian" means a bank, credit union, or trust company, subject to any rules adopted by the Department.     "Record" means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.     "Registrant" means a person registered under this Act.     "Resident" means any of the following:         (1) A person who is domiciled in this State.         (2) A person who is physically located in this State

for more than 183 days of the previous 365 days.

(3) A person who has a place of business in this

State.

(4) A legal representative of a person that is

domiciled in this State.

"Request for assistance" means all inquiries, complaints, account disputes, and requests for documentation a covered person receives from residents.     "Responsible individual" means an individual who has direct control over, or significant management, policy, or decision-making authority with respect to, a person's digital asset business activity in this State.     "Secretary" means the Secretary of Financial and Professional Regulation and any authorized representative of the Secretary.     "Service provider" means any person that provides a material service to a covered person in connection with the offering or provision by that covered person of a digital asset business activity in this State, including a person that either:         (1) Participates in designing, operating, or

maintaining the digital asset business activity.

(2) Processes transactions relating to the digital

asset business activity, other than unknowingly or incidentally transmitting or processing financial data in a manner that the data is undifferentiated from other types of data of the same form as the person transmits or processes.

"State" means a state of the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, or any territory or insular possession subject to the jurisdiction of the United States.     "Store," "storage", and "storing", except in the phrase "store of value," means to store, hold, or maintain custody or control of a digital asset on behalf of a resident by a person other than the resident.     "Transfer" means to transfer or transmit a digital asset on behalf of a resident, including by doing any of the following:         (1) Crediting the digital asset to the account or

storage of another person.

(2) Moving the digital asset from one account or

storage of a resident to another account or storage of the same resident.

(3) Relinquishing custody or control of a digital

asset to another person.

"United States dollar equivalent of digital assets" means the equivalent value of a particular digital asset in United States dollars shown on a covered exchange regulated in the United States for a particular date or period specified in this Act, subject to any rules adopted by the Department.     (b) Whenever the terms "include", "including" or terms of similar import appear in this Act, unless the context requires otherwise, such terms shall not be construed to imply the exclusion of any person, class, or thing not specifically included.     (c) A reference in this Act to any other law or statute of this State, or of any other jurisdiction, means such law or statute as amended to the effective date of this Act, and unless the context otherwise requires, as amended thereafter.     (d) Any reference to this Act shall include any rules adopted in accordance with this Act. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/1-10)     Sec. 1-10. Applicability.     (a) This Act governs the digital asset business activity of a person doing business in this State or, wherever located, who engages in or holds itself out as engaging in the activity with or on behalf of a resident, to the extent not preempted by federal law and except as otherwise provided in subsections (b), (c), (d), or (e).     (b)(1) This Act does not apply to the exchange, transfer, or storage of a digital asset or to digital asset administration to the extent that:             (A) the Securities Exchange Act of 1934, 15

U.S.C. 78a et seq., or the Illinois Securities Law of 1953 govern the activity as a security transaction and the activity is regulated by the U.S. Securities and Exchange Commission or the Illinois Secretary of State; or

(B) the Commodity Exchange Act, 7 U.S.C. 1 et

seq., governs the activity, the activity is in connection with trading of a contract of sale of a commodity for future delivery, an option on such a contract or a swap, and the activity is regulated by the U.S. Commodity Futures Trading Commission.

(2) This subsection shall be construed in a manner

consistent with affording the greatest protection to residents and the Department's authority under subsection (a) of Section 1-15 to exercise nonexclusive oversight and enforcement under any federal law applicable to digital asset business activity. This subsection shall not be construed to exempt an activity solely because a financial regulatory agency has anti-fraud and anti-manipulation enforcement authority over the activity.

(c) This Act does not apply to the following persons:         (1) The United States, a State, political subdivision

of a State, agency, or instrumentality of federal, State, or local government, or a foreign government or a subdivision, department, agency, or instrumentality of a foreign government.

(2) A federally insured depository institution.         (3) A corporate fiduciary acting as a fiduciary or

otherwise engaging in fiduciary activities.

(4) A merchant using digital assets solely for the

purchase or sale of goods or services, excluding the sale of purchase of digital assets, in the ordinary course of its business.

(5) A person using digital assets solely for the

purchase or sale of goods or services for his or her own personal, family, or household purposes.

(6) A person who (A) contributes connectivity

software or computing power or otherwise participates in the process of securing a network, (B) records digital asset transactions to the network or protocol governing transfer of the digital representation of value, or (C) develops, publishes, constitutes, administers, maintains, or otherwise distributes software relating to the network, so long as the person does not control transactions of digital assets on the network.

(7) A credit union with member share accounts insured

by an insurer approved by the credit union's primary financial regulatory agency. An out-of-state credit union may not conduct any activity in this State that is not authorized for a credit union chartered under the laws of this State.

Nothing in this Act grants persons described in this subsection (c) authority to engage in any activity not otherwise granted under existing law.     (d) The Department may by rule or order clarify whether an activity is governed under this Act or another Act that governs money transmission. This subsection (d) shall not be applied in a manner inconsistent with the protection of residents.     (e) Notwithstanding any other provision of this Act, the Department, by rule or order, may conditionally or unconditionally exempt any person, digital asset, or transaction, or any class or classes of persons, digital assets, or transactions, from any provision of this Act or of any rule thereunder, to the extent that the exemption is necessary or appropriate, in the public interest, and consistent with the protection of residents. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/1-15)     Sec. 1-15. General powers and duties.     (a) The Department shall regulate digital asset business activity in this State, unless it is exempt pursuant to Section 1-10. To the extent permissible under federal law, the Department shall exercise nonexclusive oversight and enforcement under any federal law applicable to digital asset business activity.     (b) The functions, powers, and duties conferred upon the Department by this Act are cumulative to any other functions, powers, and duties conferred upon the Department by other laws applicable to digital asset business activity.     (c) The Department shall have the following functions, powers, and duties in carrying out its responsibilities under this Act and any other law applicable to digital asset business activity in this State:         (1) to issue or refuse to issue any registration or

other authorization under this Act;

(2) to revoke or suspend for cause any registration

or other authorization under this Act;

(3) to keep records of all registrations or other

authorizations under this Act;

(4) to receive, consider, investigate, and act upon

complaints made by any person relating to any digital asset business activity in this State;

(5) to prescribe the forms of and receive:             (A) applications for registrations or other

authorizations under this Act; and

(B) all reports and all books and records

required to be made under this Act;

(6) to subpoena documents and witnesses and compel

their attendance and production, to administer oaths, and to require the production of any books, papers, or other materials relevant to any inquiry authorized by this Act or other law applicable to digital asset business activity in this State;

(7) to issue orders against any person:             (A) if the Secretary has reasonable cause to

believe that an unsafe, unsound, or unlawful practice has occurred, is occurring, or is about to occur;

(B) if any person has violated, is violating, or

is about to violate any law, rule, or written agreement with the Secretary; or

(C) for the purpose of administering the

provisions of this Act or other law applicable to digital asset business activity and any rule adopted in accordance with this Act or other law applicable to digital asset business activity;

(8) to address any inquiries to any covered person,

or the directors, officers, or employees of the covered person, or the affiliates or service providers of the covered person, in relation to the covered person's activities and conditions or any other matter connected with its affairs, and it shall be the duty of any person so addressed to promptly reply in writing to those inquiries; the Secretary may also require reports from any covered person at any time the Secretary chooses;

(9) to examine the books and records of every covered

person, affiliate, or service provider;

(10) to enforce the provisions of this Act and any

state or federal law applicable to digital asset business activity;

(11) to levy fees, fines, and civil penalties,

charges for services, and assessments to defray operating expenses, including direct and indirect costs, of administering this Act and other laws applicable to digital asset business activity;

(12) to appoint examiners, supervisors, experts, and

special assistants as needed to effectively and efficiently administer this Act and other laws applicable to digital asset business activity;

(13) to conduct hearings for the purpose of carrying

out the purposes of this Act;

(14) to exercise visitorial power over a covered

person, affiliate, or service provider;

(15) to enter into cooperative agreements with

federal and state regulatory authorities and to accept reports of examinations from federal and state regulatory authorities;

(16) to assign on an emergency basis an examiner or

examiners to monitor the affairs of a covered person, affiliate, or service provider with whatever frequency the Secretary determines appropriate and to charge the covered person for reasonable and necessary expenses of the Secretary if in the opinion of the Secretary an emergency exists or appears likely to occur;

(17) to impose civil penalties against a covered

person, affiliate, or service provider for failing to respond to a regulatory request or reporting requirement; and

(18) to conduct investigations, market surveillance,

and research, studies, and analyses of matters affecting the interests of users of digital assets;

(19) to take such actions as the Secretary deems

necessary to educate and protect users of digital assets;

(20) to develop and implement initiatives and

programs to promote responsible innovation in digital asset business activity; and

(21) to perform any other lawful acts necessary or

desirable to carry out the purposes and provisions of this Act and other laws applicable to digital asset business activity.

(d) The Department may share any information obtained pursuant to this Act or any other law applicable to digital asset business activity with law enforcement officials or other regulatory agencies. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/1-20)     Sec. 1-20. Funds.     (a) All moneys collected or received by the Department under this Act shall be deposited into the Consumer Protection Fund, which is hereby created as a special fund in the State treasury. The amounts deposited into the Consumer Protection Fund shall be used for the ordinary and contingent expenses of the Department in administering this Act and other financial laws; nothing in this Act shall prevent the continuation of the practice of paying expenses involving salaries, retirement, social security, and State-paid insurance of State officers and employees by appropriation from the General Revenue Fund or any other fund. Moneys deposited into the Consumer Protection Fund may be transferred to the Professions Indirect Cost Fund or any other Department fund.     (b) The expenses of administering this Act, including investigations and examinations provided for in this Act, shall be borne by and assessed against persons regulated by this Act. The Department may establish fees by rule, including in the following categories:         (1) investigation of registrants and registration

applicant fees;

(2) examination fees;         (3) contingent fees; and         (4) such other categories as may be required to

administer this Act.

(c) The Department shall charge and collect fees from covered persons, which shall be nonrefundable unless otherwise indicated, for the expenses of administering this Act as follows:         (1) Each covered person shall pay $150 for each hour

or part of an hour for each examiner or staff assigned to the supervision of the covered person plus actual travel costs for any examination of digital asset business activity pursuant to the Act.

(2) Each covered person shall pay to the Department

its pro rata share of the cost for administration of this Act that exceeds other fees listed in this Act, as estimated by the Department, for the current year and any deficit actually incurred in the administration of the Act in prior years. The total annual assessment for all registrants shall initially be divided into a transaction-based assessment and a custody-based assessment, each equal to approximately half the cost for administration of this Act. Each registrant's pro rata share of the transaction-based assessment shall be the percentage that the total volume of digital asset transactions conducted on behalf of residents by the registrant bears to the total volume of digital asset transactions by all registrants in Illinois. Each registrant's pro rata share of the custody-based assessment shall be the percentage that the total United States dollar value of digital assets held in custody or controlled by the registrant for residents bears to the total United States dollar value held in custody or controlled by all registrants in Illinois for residents.

(3) Beginning one year after the effective date of

this Act, the Department may, by rule, amend the fees set forth in this subsection in accordance with this Act. The Department is authorized to consider setting fees for digital asset business activity based on the value of digital assets transacted by covered persons, volume of digital assets transacted by covered persons, the value of digital assets held in custody by covered person, and the volume of digital assets held in custody by covered persons.

(Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 5 heading) Article 5. Customer Protections (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/5-5)     Sec. 5-5. Customer disclosures.     (a) When engaging in digital asset business activity with a resident, a covered person shall provide to a resident the customer disclosures required by subsection (b) and any additional disclosures the Department by rule determines to be necessary and appropriate for the protection of residents. The Department may determine by rule the time and form required for disclosures. A disclosure required by this Section shall be made separately from any other information provided by the covered person and in a clear and conspicuous manner in a record the resident may keep.     (b) Before engaging in digital asset business activity with a resident, a covered person shall disclose, to the extent applicable to the digital asset business activity the covered person will undertake with the resident, subject to any rule or order issued by the Department, all of the following:         (1) A schedule of fees and charges the covered person

may assess, the manner by which fees and charges will be calculated if they are not set in advance and disclosed, and the timing of the fees and charges.

(2) Whether the product or service provided by the

covered person is covered by either of the following:

(A) A form of insurance or other guarantee

against loss by an agency of the United States as follows:

(i) Up to the full United States dollar

equivalent of digital assets placed under the custody or control of, or purchased from, the covered person as of the date of the placement or purchase, including the maximum amount provided by insurance under the Federal Deposit Insurance Corporation or National Credit Union Administration or otherwise available from the Securities Investor Protection Corporation.

(ii) If not provided at the full United

States dollar equivalent of the digital assets placed under the custody or control of or purchased from the covered person, the maximum amount of coverage for each resident expressed in the United States dollar equivalent of the digital asset.

(iii) If not applicable to the product or

service provided by the covered person, a clear and conspicuous statement that the product is not insured, as applicable, by the Federal Deposit Insurance Corporation, National Credit Union Administration, or the Securities Investor Protection Corporation.

(B)(i) Private insurance against loss or theft,

including cybertheft or theft by other means.

(ii) A covered person shall disclose the

terms of the insurance policy to the resident in a manner that allows the resident to understand the specific insured risks that may result in partial coverage of the resident's assets.

(3) The irrevocability of a transfer or exchange and

any exception to irrevocability.

(4) A description of all of the following:             (A) The covered person's liability for an

unauthorized, mistaken, or accidental transfer or exchange.

(B) The resident's responsibility to provide

notice to the covered person of an unauthorized, mistaken, or accidental transfer or exchange.

(C) The basis for any recovery by the resident

from the covered person in case of an unauthorized, mistaken, or accidental transfer or exchange.

(D) General error resolution rights applicable to

an unauthorized, mistaken, or accidental transfer or exchange.

(E) The method for the resident to update the

resident's contact information with the covered person.

(5) That the date or time when the transfer or

exchange is made and the resident's account is debited may differ from the date or time when the resident initiates the instruction to make the transfer or exchange.

(6) Whether the resident has a right to stop a

preauthorized payment or revoke authorization for a transfer and the procedure to initiate a stop-payment order or revoke authorization for a subsequent transfer.

(7) The resident's right to receive a receipt, trade

ticket, or other evidence of the transfer or exchange.

(8) The resident's right to at least 14 days' prior

notice of a change in the covered person's fee schedule, other terms and conditions that have a material impact on digital asset business activity with the resident, or the policies applicable to the resident's account.

(9) That no digital asset is currently recognized as

legal tender by the State of Illinois or the United States.

(10)(A) A list of instances in the past 12 months

when the covered person's service was unavailable to customers seeking to engage in digital asset business activity due to a service outage on the part of the covered person and the causes of each identified service outage.

(B) As part of the disclosure required by this

paragraph, the covered person may list any steps the covered person has taken to resolve underlying causes for those outages.

(11) A disclosure, provided separately from the

disclosures provided pursuant to paragraphs (1) to (10) of this subsection and written prominently in bold type, that the State of Illinois has not approved or endorsed any digital assets or determined if this customer disclosure is truthful or complete.

(c) Except as otherwise provided in subsection (d), at the conclusion of a digital asset transaction with, or on behalf of, a resident, a covered person shall provide the resident a confirmation in a record which contains all of the following:         (1) The name and contact information of the covered

person, including the toll-free telephone number required under Section 5-20.

(2) The type, value, date, precise time, and amount

of the transaction.

(3) The fee charged for the transaction, including

any charge for conversion of a digital asset to fiat currency or other digital asset, as well as any indirect charges.

(d) If a covered person discloses that it will provide a daily confirmation in the initial disclosure under subsection (c), the covered person may elect to provide a single, daily confirmation for all transactions with or on behalf of a resident on that day instead of a per transaction confirmation. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/5-10)     Sec. 5-10. Custody and protection of customer assets.     (a) A covered person that stores, holds, or maintains custody or control of a digital asset for one or more persons shall:         (1) at all times maintain an amount of each type of

digital asset sufficient to satisfy the aggregate entitlements of the persons to the type of digital asset;

(2) segregate such digital assets from the other

assets of the covered person; and

(3) not sell, transfer, assign, lend, hypothecate,

pledge, or otherwise use or encumber such digital assets, except for the sale, transfer, or assignment of such digital assets at the direction of such other persons.

(b) If a covered person violates subsection (a), then the property interests of the persons in the digital asset are pro rata property interests in the type of digital asset to which the persons are entitled without regard to the time the persons became entitled to the digital asset or the covered person obtained control of the digital asset.     (c) A digital asset subject to this Section is:         (1) held for the persons entitled to the digital

asset under subsection (a);

(2) not the property of the covered person; and         (3) not subject to the claims of creditors of the

covered person.

(d) Digital assets subject to this Section, even if commingled with other assets of the covered person, are held in trust for the benefit of the persons entitled to the digital assets under subsection (a), in the event of insolvency, the filing of a petition by or against the covered person under the United States Bankruptcy Code (11 U.S.C. 101 et seq.) for bankruptcy or reorganization, the filing of a petition by or against the covered person for receivership, the commencement of any other judicial or administrative proceeding for its dissolution or reorganization, or an action by a creditor against the covered person who is not a beneficiary of this statutory trust. No digital asset impressed with a trust pursuant to this subsection shall be subject to attachment, levy of execution, or sequestration by order of any court, except for a beneficiary of this statutory trust.     (e) The Department may adopt rules applicable to covered persons related to additional protections of customer assets, including, but not limited to:         (1) rules requiring that digital assets and funds

controlled by the covered person on behalf of residents be held in accounts segregated from the covered person's own digital assets and funds;

(2) rules related to qualified custodians that may

hold such segregated accounts;

(3) rules related to titling of such segregated

accounts;

(4) rules related to audit requirements for customer

assets;

(5) rules requiring compliance with specific

provisions of the Uniform Commercial Code applicable to digital assets;

(6) rules restricting selling, transferring,

assigning, lending, hypothecating, pledging, or otherwise using or encumbering customer assets; and

(7) any rules as may be as may be necessary and

appropriate for the protection of residents or necessary to effectuate the purposes of this Section.

(Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/5-15)     Sec. 5-15. Covered exchanges.     (a)(1) Except as provided for under paragraph (2) of this subsection, a covered exchange, before listing or offering a digital asset that the covered exchange can exchange on behalf of a resident, shall certify on a form provided by the Department that the covered exchange has done the following:         (A) Identified the risk that the digital asset would

be deemed a security by federal or state regulators.

(B) Provided, in writing, full and fair disclosure of

all material facts relating to conflicts of interest that are associated with the covered exchange and the digital asset.

(C) Conducted a comprehensive risk assessment

designed to ensure consumers are adequately protected from cybersecurity risk, risk of malfeasance, including theft, risks related to code or protocol defects, market-related risks, including price manipulation and fraud, and any other material risks.

(D) Established policies and procedures to reevaluate

the appropriateness of the continued listing or offering of the digital asset, including an evaluation of whether material changes have occurred.

(E) Established policies and procedures to cease

listing or offering the digital asset, including notification to affected consumers and counterparties.

(F) Any other requirement designated by rule by the

Department as may be necessary and appropriate for the protection of residents.

(2) Certification by a covered exchange shall not be required for any digital asset approved for listing on or before the effective date of this Act by the New York Department of Financial Services pursuant to Part 200 of Title 23 of the New York Code of Rules and Regulations, if the covered exchange provides notification to the Department on a form provided by the Department.     (3) After a finding that a covered exchange has listed or offered a digital asset without appropriate certification or after a finding that misrepresentations were made in the certification process, the Department may require the covered exchange to cease listing or offering the digital asset and may take an enforcement action under Section 20-50 of this Act.     (b)(1) A covered exchange shall make every effort to execute a resident's request to exchange a digital asset that the covered exchange receives fully and promptly.     (2)(A) A covered exchange shall use reasonable diligence to ensure that the outcome to the resident is as favorable as possible under prevailing market conditions. Compliance with this paragraph shall be determined by factors, including, but not limited to, all of the following:         (i) The character of the market for the digital

asset, including price and volatility.

(ii) The size and type of transaction.         (iii) The number of markets checked.         (iv) Accessibility of appropriate pricing.         (v) Any other factor designated by rule by the

Department as may be necessary and appropriate for the protection of residents.

(B) At least once every 6 months, a covered exchange shall review aggregated trading records of residents against benchmarks to determine execution quality, investigate the causes of any variance, and promptly take action to remedy issues identified in that review.     (3) In a transaction for or with a resident, the covered exchange shall not interject a third party between the covered exchange and the best market for the digital asset in a manner inconsistent with this subsection.     (4) If a covered exchange cannot execute directly with a market and employs other means in order to ensure an execution advantageous to the resident, the burden of showing the acceptable circumstances for doing so is on the covered exchange. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/5-20)     Sec. 5-20. Customer service; requests for assistance.     (a) A covered person shall prominently display on its internet website a toll-free telephone number through which a resident can contact the covered person for requests for assistance and receive live customer assistance, subject to any rules adopted by the Department.     (b) A covered person shall implement reasonable policies and procedures for accepting, processing, investigating, and responding to requests for assistance in a timely and effective manner. Such policies and procedures shall include all of the following:         (1) A procedure for resolving disputes between the

covered person and a resident.

(2) A procedure for a resident to report an

unauthorized, mistaken, or accidental digital asset business activity transaction.

(3) A procedure for a resident to file a complaint

with the covered person and for the resolution of the complaint in a fair and timely manner with notice to the resident as soon as reasonably practical of the resolution and the reasons for the resolution.

(4) Any other procedure designated by rule by the

Department as may be necessary and appropriate for the protection of residents.

(Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/5-25)     Sec. 5-25. Collection of compensation. Unless exempt from registration under this Act, no person engaged in or offering to engage in any act or service for which a registration under this Act is required may bring or maintain any action in any court to collect compensation for the performance of the registrable services without alleging and proving that he or she was the holder of a valid registration under this Act at all times during the performance of those services. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 10 heading) Article 10. Compliance (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/10-5)     Sec. 10-5. General requirements.     (a) Each registrant is required to comply with the provisions of this Act, any lawful order, rule, or regulation made or issued under the provisions of this Act, and all applicable federal and State laws, rules, and regulations.     (b) Each registrant shall designate a qualified individual or individuals responsible for coordinating and monitoring compliance with subsection (a).     (c) Each registrant shall maintain, implement, update, and enforce written compliance policies and procedures, in accordance with Section 10-10 and subject to any rules adopted by the Department, which policies and procedures must be reviewed and approved by the registrant's board of directors or an equivalent governing body of the registrant. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/10-10)     Sec. 10-10. Required policies and procedures.     (a) An applicant, before submitting an application, shall create and a registrant, during registration, shall maintain, implement, update, and enforce, written compliance policies and procedures for all of the following:         (1) A cybersecurity program.         (2) A business continuity program.         (3) A disaster recovery program.         (4) An anti-fraud program.         (5) An anti-money laundering and countering the

financing of terrorism program.

(6) An operational security program.         (7)(A) A program designed to ensure compliance with

this Act and other laws of this State or federal laws that are relevant to the digital asset business activity contemplated by the registrant with or on behalf of residents and to assist the registrant in achieving the purposes of other State laws and federal laws if violation of those laws has a remedy under this Act.

(B) At a minimum, the program described by this

paragraph shall specify the policies and procedures that the registrant undertakes to minimize the risk that the registrant facilitates the exchange of unregistered securities.

(8) A conflict of interest program.         (9) A request for assistance program to comply with

Section 5-20.

(10) Any other compliance program, policy, or

procedure the Department establishes by rule as necessary for the protection of residents or for the safety and soundness of the registrant's business or to effectuate the purposes of this Act.

(b) A policy required by subsection (a) shall be maintained in a record and designed to be adequate for a registrant's contemplated digital asset business activity with or on behalf of residents, considering the circumstances of all participants and the safe operation of the activity. Any policy and implementing procedure shall be compatible with other policies and the procedures implementing them and not conflict with policies or procedures applicable to the registrant under other State law.     (c) A registrant's anti-fraud program shall include, at a minimum, all of the following:         (1) Identification and assessment of the material

risks of its digital asset business activity related to fraud, which shall include any form of market manipulation and insider trading by the registrant, its employees, its associated persons, or its customers.

(2) Protection against any material risk related to

fraud identified by the Department or the registrant.

(3) Periodic evaluation and revision of the

anti-fraud program, policies, and procedures.

(d) A registrant's anti-money laundering and countering the financing of terrorism program shall include, at a minimum, all of the following:         (1) Identification and assessment of the material

risks of its digital asset business activity related to money laundering and financing of terrorist activity.

(2) Procedures, in accordance with federal law or

guidance published by federal agencies responsible for enforcing federal law, pertaining to money laundering and financing of terrorist activity.

(3) Filing reports under the Bank Secrecy Act, 31

U.S.C. 5311 et seq., or Chapter X of Title 31 of the Code of Federal Regulations and other federal or State law pertaining to the prevention or detection of money laundering or financing of terrorist activity.

(e) A registrant's operational security program shall include, at a minimum, reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of any nonpublic information or digital asset it receives, maintains, or transmits.     (f)(1) A registrant's cybersecurity program shall include, at a minimum, all of the following:         (A) Maintaining, updating, and enforcing policies and

procedures designed to protect the confidentiality, integrity, and availability of the registrant's information systems and nonpublic information stored on those information systems.

(B) Implementing and maintaining a written policy or

policies, approved at least annually by an executive officer or the registrant's board of directors, or an appropriate committee thereof, or equivalent governing body, setting forth the registrant's policies and procedures for the protection of its information systems and nonpublic information stored on those information systems.

(C) Designating a qualified individual responsible

for overseeing and implementing the registrant's cybersecurity program and enforcing its cybersecurity policy. The individual must have adequate authority to ensure cybersecurity risks are appropriately managed, including the ability to direct sufficient resources to implement and maintain a cybersecurity program. The individual may be employed by the registrant, one of its affiliates, or a service provider.

(2) To assist in carrying out this subsection, the Department may adopt rules to define terms used in this subsection and to establish specific requirements for the required cybersecurity program, including, but not limited to, rules related to:         (A) penetration testing and vulnerability assessment;         (B) audit trails;         (C) access privileges;         (D) application security;         (E) risk assessment;         (F) cybersecurity personnel and intelligence;         (G) affiliates and service providers;         (H) authentication;         (I) data retention;         (J) training and monitoring;         (K) encryption;         (L) incident response;         (M) notice of cybersecurity events; and         (N) any other requirement necessary and appropriate

for the protection of residents or for the safety and soundness of the registrant or to effectuate the purposes of this subsection.

(g) The Department may require a registrant to file with the Department a copy of any report it makes to a federal or state authority.     (h) After the policies and procedures required under this Article are created and approved by the registrant, the registrant shall engage a qualified individual or individuals with adequate authority and experience to monitor and implement each policy and procedure, publicize it as appropriate, recommend changes as necessary, and enforce it. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 15 heading) Article 15. Registration (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/15-5)     Sec. 15-5. Registration required. A person shall not engage in digital asset business activity, or hold itself out as being able to engage in digital asset business activity, with or on behalf of a resident unless the person is registered in this State by the Department under this Article, or the person is exempt from registration pursuant to Section 1-10. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/15-10)     Sec. 15-10. Application.     (a) An application for a registration under this Act shall meet all of the following requirements:         (1) The application shall be in a form and medium

prescribed by the Department. The Department may require the filing of the application through a multistate licensing system.

(2) The application shall provide all of the

following information relevant to the applicant's proposed digital asset business activity:

(A) The legal name of the applicant, any current

or proposed business United States Postal Service address of the applicant, and any fictitious or trade name the applicant uses or plans to use in conducting the applicant's digital asset business activity with or on behalf of a resident.

(B) The legal name, any former or fictitious

name, and the residential and business United States Postal Service address of any executive officer and responsible individual of the applicant and any person that has control of the applicant.

(C) A description of the current and former

business of the applicant and any affiliate of the applicant for the 5 years before the application is submitted, or, if the business has operated for less than 5 years, for the time the business has operated, including its products and services, associated internet website addresses and social media pages, principal place of business, projected user base, and specific marketing targets.

(D) A list of all of the following:                 (i) Any digital asset, money service, or

money transmitter registration the applicant and any affiliates hold in another state or from an agency of the United States.

(ii) The date the registrations described in

subdivision (i) expire.

(iii) Any revocation, suspension, or other

disciplinary action taken against the applicant and any affiliates in any state or by an agency of the United States and any applications rejected by any state or agency of the United States.

(E) A list of any criminal conviction, deferred

prosecution agreement, and pending criminal proceeding in any jurisdiction against all of the following:

(i) The applicant.                 (ii) Any executive officer of the applicant.                 (iii) Any responsible individual of the

applicant.

(iv) Any person that has control over the

applicant.

(v) Any affiliate of the applicant.             (F) A list of any litigation, arbitration, or

administrative proceeding in any jurisdiction in which the applicant or an executive officer, responsible individual, or affiliate of the applicant has been a party for the 10 years before the application is submitted determined to be material in accordance with generally accepted accounting principles and, to the extent the applicant or such other person would be required to disclose the litigation, arbitration, or administrative proceeding in the applicant's or such other person's audited financial statements, reports to equity owners, and similar statements or reports.

(G) A list of any bankruptcy or receivership

proceeding in any jurisdiction for the 10 years before the application is submitted in which any of the following was a debtor:

(i) The applicant.                 (ii) An executive officer of the applicant.                 (iii) A responsible individual of the

applicant.

(iv) A person that has control over the

applicant.

(v) An affiliate of the applicant.             (H) The name and United States Postal Service

address of any bank or credit union in which the applicant and any affiliates plan to deposit funds obtained by digital asset business activity.

(I) The source of funds and credit to be used by

the applicant and any affiliate to conduct digital asset business activity with or on behalf of a resident.

(J) A current financial statement and other

documentation satisfactory to the Department demonstrating that the applicant has the capital and liquidity required by Section 20-5.

(K) The United States Postal Service address and

email address to which communications from the Department can be sent.

(L) The name, United States Postal Service

address, and email address of the registered agent of the applicant in this State.

(M) A copy of the certificate, or a detailed

summary acceptable to the Department, of coverage for any liability, casualty, business interruption, or cybersecurity insurance policy maintained by the applicant for itself, an executive officer, a responsible individual, an affiliate, or the applicant's users.

(N) If applicable, the date on which and the

state in which the applicant is formed and a copy of a current certificate of good standing issued by that state.

(O) If a person has control of the applicant and

the person's equity interests are publicly traded in the United States, a copy of the audited financial statement of the person for the most recent fiscal year or most recent report of the person filed under Section 13 of the Securities Exchange Act of 1934, 15 U.S.C. 78m.

(P) If a person has control of the applicant and

the person's equity interests are publicly traded outside the United States, a copy of the audited financial statement of the person for the most recent fiscal year of the person or a copy of the most recent documentation similar to that required in subparagraph (O) filed with the foreign regulator in the domicile of the person.

(Q) If the applicant is a partnership or a

member-managed limited liability company, the names and United States Postal Service addresses of any general partner or member.

(R) If the applicant is required to register with

the Financial Crimes Enforcement Network of the United States Department of the Treasury as a money service business, evidence of the registration.

(S) A set of fingerprints for each executive

officer and responsible individual of the applicant.

(T) If available, for any executive officer and

responsible individual of the applicant, for the 10 years before the application is submitted, employment history and history of any investigation of the individual or legal proceeding to which the individual was a party.

(U) The plans through which the applicant will

meet its obligations under Article 10.

(V) Any other information the Department requires

by rule.

(3) The application shall be accompanied by a

nonrefundable fee of $5,000 or the amount determined by the Department to cover the costs of application review, whichever is greater.

(b)(1) On receipt of a completed application, the Department shall investigate all of the following:         (A) The financial condition and responsibility of the

applicant and any affiliate of the applicant.

(B) The relevant financial and business experience,

character, and general fitness of the applicant and any affiliate of the applicant.

(C) The competence, experience, character, and

general fitness of each executive officer and director, each responsible individual, and any person that has control of the applicant.

(2) On receipt of a completed application, the Department may investigate the business premises of an applicant or an affiliate of the applicant or require the submission of any other documents or information the Department deems relevant to the application.     (3) The investigation required by this subsection must allow the Secretary to issue positive findings stating that the financial condition, financial responsibility, competence, experience, character, and general fitness of the applicant, each executive officer and director, each responsible individual, any person that has control of the applicant, and any affiliate of the applicant are such as to command the confidence of the community and to warrant belief that the business will be operated honestly, fairly, and efficiently within the purpose of this Act; if the Secretary does not so find, he or she shall not issue the registration, and he or she shall notify the applicant of the denial.     (c)(1) After completing the investigation required by subsection (b), the Department shall send the applicant notice of its decision to approve, conditionally approve, or deny the application. If the Department does not receive notice from the applicant that the applicant accepts conditions specified by the Department within 31 days following the Department's notice of the conditions, the application shall be deemed withdrawn.     (2) The Secretary may impose conditions on a registration if the Secretary determines that those conditions are necessary or appropriate. These conditions shall be imposed in writing and shall continue in effect for the period prescribed by the Secretary.     (d) A registration issued pursuant to this Act shall take effect on the later of the following:         (1) The date the Department issues the registration.         (2) The date the registration provides the security

required by Section 20-5.

(e) In addition to the fee required by paragraph (3) of subsection (a), an applicant shall pay the costs of the Department's investigation under subsection (b).     (f) A registration issued pursuant to this Act shall remain in full force and effect until it expires without renewal, is surrendered by the registration, or revoked or suspended as hereinafter provided.     (g)(1) The Department may issue a conditional registration to an applicant who holds or maintains a registration to conduct virtual currency business activity in the State of New York pursuant to Part 200 of Title 23 of the New York Code of Rules and Regulations, or a charter as a New York State limited purpose trust company with approval to conduct virtual currency business under the New York Banking Law, if the registration or approval was issued no later than the effective date of this Act and the applicant pays all appropriate fees and complies with the requirements of this Act.     (2) A conditional registration issued pursuant to this subsection shall expire at the earliest of the following:         (A) upon issuance of an unconditional registration;         (B) upon denial of a registration;         (C) upon revocation of a registration issued pursuant

to Part 200 of Title 23 of the New York Code of Rules and Regulations or disapproval or revocation of a charter as a New York State limited purpose trust company with approval to conduct virtual currency business under the New York Banking Law.

(Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/15-15)     Sec. 15-15. Renewal.     (a) Registrations shall be subject to renewal every year using a common renewal period as established by the Department by rule. A registrant may apply for renewal of the registration by submitting a renewal application under subsection (b) and paying all applicable fees due to the Department.     (b) The renewal application required by subsection (a) shall be submitted in a form and medium prescribed by the Department. The application shall contain all of the following:         (1) Either a copy of the registrant's most recent

reviewed annual financial statement, if the gross revenue generated by the registrant's digital asset business activity in this State was not more than $2,000,000 for the fiscal year ending before the anniversary date of issuance of its registration under this Act, or a copy of the registrant's most recent audited annual financial statement, if the registrant's digital asset business activity in this State amounted to more than $2,000,000, for the fiscal year ending before the anniversary date.

(2) If a person other than an individual has control

of the registrant, a copy of either of the following:

(A) The person's most recent reviewed annual

financial statement, if the person's gross revenue was not more than $2,000,000 in the previous fiscal year measured as of the anniversary date of issuance of its registration under this Act.

(B) The person's most recent audited consolidated

annual financial statement, if the person's gross revenue was more than $2,000,000 in the previous fiscal year measured as of the anniversary date of issuance of its registration under this Act.

(3) A description of any of the following:             (A) Any material change in the financial

condition of the registrant and any affiliate of the registrant.

(B) Any material litigation related to the

registrant's digital asset business activity and involving the registrant or an executive officer, responsible individual, or affiliate of the registrant.

(C) Any federal, state, or foreign investigation

involving the registrant or an executive officer, responsible individual, or affiliate of the registrant.

(D)(i) Any data security breach or cybersecurity

event involving the registrant.

(ii) A description of a data security breach

pursuant to this subparagraph does not constitute disclosure or notification of a security breach for purposes of any other law.

(4) Information or records required by Section 20-25

that the registrant has not reported to the Department.

(5) The number of digital asset business activity

transactions with or on behalf of residents for the period since the later of the date the registration was issued or the date the last renewal application was submitted.

(6)(A) The amount of United States dollar equivalent

of digital assets in the custody or control of the registrant at the end of the last month that ends not later than 30 days before the date of the renewal application.

(B) The total number of residents for whom the

registrant had custody or control of United States dollar equivalent of digital assets on that date.

(7) Evidence that the registrant is in compliance

with Section 5-10.

(8) Evidence that the registrant is in compliance

with Section 20-5.

(9) A list of all locations where the registrant

engages in digital asset business activity.

(10) Any other information the Department requires by

rule.

(c) If a registrant does not timely comply with this Section, the Department may take enforcement actions provided under Section 20-50. Notice or hearing is not required for a suspension or revocation of a registration under this Act for failure to pay a renewal fee, file a renewal application, or otherwise comply with this Section.     (d) Suspension or revocation of a registration under this Section does not invalidate a transfer or exchange of digital assets for or on behalf of a resident made during the suspension or revocation and does not insulate the registrant from liability under this Act.     (e) For good cause, the Department, in its sole discretion, may extend a period under this Section.     (f) A registrant that does not comply with this Section shall cease digital asset business activities with or on behalf of a resident. A registrant ceasing an activity or activities regulated by this Act and desiring to no longer be registered shall so inform the Department in writing and, at the same time, convey any registration issued and all other symbols or indicia of registration. The registrant shall include a plan for the withdrawal from regulated business, including a timetable for the disposition of the business, and comply with the surrender guidelines or requirements of the Department. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/15-20)     Sec. 15-20. Nontransferable registration. A registration under this Act is not transferable or assignable. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 20 heading) Article 20. Supervision (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-5)     Sec. 20-5. Surety bond; capital and liquidity requirements.     (a)(1)(A) A registrant shall maintain a surety bond or trust account in United States dollars in a form and amount as determined by the Department for the protection of residents that engage in digital asset business activity with the registrant.     (B) If a registrant maintains a trust account pursuant to this Section, that trust account shall be maintained with a qualified custodian.     (2) Security deposited under this Section shall be for the benefit of a claim against the registrant on account of the registrant's digital asset business activity with or on behalf of a resident.     (3) Security deposited under this Section shall cover claims for the period the Department specifies by rule and for an additional period the Department specifies after the registrant ceases to engage in digital asset business activity with or on behalf of a resident.     (4) The Department may require the registrant to increase the amount of security deposited under this Section, and the registrant shall deposit the additional security not later than 15 days after the registrant receives notice in a record of the required increase.     (5) The Department may permit a registrant to substitute or deposit an alternate form of security satisfactory to the Department if the registrant at all times complies with this Section.     (b) In addition to the security required under subsection (a), a registrant shall maintain at all times capital and liquidity, each in an amount and form as the Department determines is sufficient to ensure the financial integrity of the registrant and its ongoing operations based on an assessment of the specific risks applicable to the registrant. In determining the minimum amount of capital and liquidity that shall be maintained by a registrant, the Department may consider factors, including, but not limited to, all of the following:         (1) The composition of the registrant's total assets,

including the position, size, quality, liquidity, risk exposure, and price volatility of each type of asset.

(2) The composition of the registrant's total

liabilities, including the size and repayment timing of each type of liability.

(3) The actual and expected volume of the

registrant's digital asset business activity.

(4) The amount of leverage employed by the

registrant.

(5) The liquidity position of the registrant.         (6) The financial protection that the registrant

provides pursuant to subsection (a).

(7) The types of entities to be serviced by the

registrant.

(8) The types of products or services to be offered

by the registrant.

(9) Arrangements adopted by the registrant for the

protection of its customers in the event of the registrant's insolvency.

(c) A registrant shall hold liquidity required to be maintained in accordance with this Section in the form of cash or high-quality liquid assets, as defined by the Department and in proportions determined by the Department.     (d) The Department may require a registrant to increase the capital or liquidity required under this Section. A registrant shall submit evidence satisfactory to the Department that it has additional capital or liquidity required pursuant to this subsection not later than 15 days after the registrant receives notice in a record of the required increase. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-10)     Sec. 20-10. Examination.     (a)(1)(A) The Department may, at any time and from time to time, examine the business and any office, within or outside this State, of any covered person, or any agent of a covered person, in order to ascertain (i) the financial condition of the covered person, (ii) the safety and soundness of the conduct of its business, (iii) the policies of its management, (iv) whether the business is being conducted in a lawful manner, (v) whether all digital asset business activity is properly accounted for, and (vi) such other matters as the Department may determine, including, but not limited to, any activities of the covered person outside the State if in the Department's judgment such activities may affect the covered person's digital asset business activity.     (B) The directors, officers, and employees of a covered person, or agent of a covered person, being examined by the Department shall exhibit to the Department, on request, any or all of the covered person's accounts, books, correspondence, memoranda, papers, and other records and shall otherwise facilitate the examination so far as it may be in their power to do so.     (C) The covered person shall permit and assist the Department to examine an affiliate or service provider of the covered person when, in the Department's judgment, it is necessary or advisable to do so.     (2) The Department may examine a covered person, its affiliate, or service provider pursuant to this paragraph without prior notice to the covered person, affiliate, or service provider.     (b) A covered person shall pay the necessary costs of an examination under this Section. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-15)     Sec. 20-15. Books and records.     (a) A registrant shall maintain, for all digital asset business activity with or on behalf of a resident for 5 years after the date of the activity, a record of all of the following:         (1) Any transaction of the registrant with or on

behalf of the resident or for the registrant's account in this State, including all of the following:

(A) The identity of the resident.             (B) The form of the transaction.             (C) The amount, date, and payment instructions

given by the resident.

(D) The account number, name, and physical

address of:

(i) the parties to the transaction that are

customers or account holders of the registrant; and

(ii) to the extent practicable, any other

parties to the transaction.

(2) The aggregate number of transactions and

aggregate value of transactions by the registrant with, or on behalf of, the resident and for the registrant's account in this State expressed in United States dollar equivalent of digital assets for the previous 12 calendar months.

(3) Any transaction in which the registrant exchanged

one form of digital asset for fiat currency or another form of digital asset with or on behalf of the resident.

(4) A general ledger maintained at least monthly that

lists all assets, liabilities, capital, income, and expenses of the registrant.

(5) Any report of condition or other reports to the

Department, at such times and in such form, as the Department may request.

(6) Bank statements and bank reconciliation records

for the registrant and the name, account number, and United States Postal Service address of any bank or credit union the registrant uses in the conduct of its digital asset business activity with or on behalf of the resident.

(7) A report of any dispute with a resident.     (b) A registrant shall maintain records required by subsection (a) in a form that enables the Department to determine whether the registrant is in compliance with this Act, any court order, and the laws of this State.     (c) If a registrant maintains records outside this State that pertain to transactions with or on behalf of a resident, the registrant shall make the records available to the Department not later than 3 days after request, or, on a determination of good cause by the Department, in its sole discretion, at a later time.     (d) All records maintained by a registrant, any affiliate, or any service provider are subject to inspection by the Department. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-20)     Sec. 20-20. Regulatory cooperation. The Department may cooperate, coordinate, jointly examine, consult, and share records and other information with the appropriate regulatory agency of another state, a self-regulatory organization, federal or state regulator of banking or non-depository institutions, or a regulator of a jurisdiction outside the United States, concerning the affairs and conduct of a covered person, affiliate, or service provider in this State. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-25)     Sec. 20-25. Material business changes.     (a) A registrant shall file with the Department a report of the following, as may be applicable:         (1) A material change in information in the

application for a registration under this Act or the most recent renewal report of the registrant under this Act.

(2) A material change in the registrant's business

for the conduct of its digital asset business activity with or on behalf of a resident.

(3) A change of an affiliate, executive officer,

responsible individual, or person in control of the registrant.

(b) A report required by this Section shall be filed not later than 15 days after the change described in subsection (a). (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-30)     Sec. 20-30. Change in control.     (a) As used in this Section, "proposed person to be in control" means the person that would control a registrant after a proposed transaction that would result in a change in control of the registrant.     (b) The following rules apply in determining whether a person has control over a registrant:         (1) There is a rebuttable presumption of control if a

person directly or indirectly owns, controls, holds with the power to vote, or holds proxies representing 10% or more of the then outstanding voting securities issued by the registrant.

(2) A person has control over a registrant if the

person's voting power in the registrant constitutes or will constitute at least 25% of the total voting power of the registrant.

(3) There is a rebuttable presumption of control if

the person's voting power in another person constitutes or will constitute at least 10% of the total voting power of the other person and the other person's voting power in the registrant constitutes at least 10% of the total voting power of the registrant.

(4) There is no presumption of control solely because

an individual is an executive officer of the registrant.

(c) Before a proposed change in control of a registrant, the proposed person to be in control shall submit to the Department in a record all of the following:         (1) An application in a form and medium prescribed by

the Department.

(2) The information and records that Section 15-10

would require if the proposed person to be in control already had control of the registrant.

(d) The Department shall not approve an application unless the Secretary finds all of the following:         (1) The proposed person to be in control and all

executive officers of the proposed person to be in control, if any, are of good character and sound financial standing.

(2) The proposed person to be in control is competent

to engage in digital asset business activity.

(3) It is reasonable to believe that, if the person

acquires control of the registrant, the proposed person to be in control and the registrant will comply with all applicable provisions of this Act and any rules or order issued under this Act.

(4) Any plans by the proposed person to be in control

to change the business, corporate structure, or management of the registrant are not detrimental to the safety and soundness of the registrant.

(e) The Department, in accordance with Section 15-10, shall approve, approve with conditions, or deny an application for a change in control of a registrant. The Department, in a record, shall send notice of its decision to the registrant and the person that would be in control if the Department had approved the change in control. If the Department denies the application, the registrant shall abandon the proposed change in control or cease digital asset business activity with or on behalf of residents.     (f) If the Department applies a condition to approval of a change in control of a registrant, and the Department does not receive notice of the applicant's acceptance of the condition specified by the Department not later than 31 days after the Department sends notice of the condition, the application is deemed denied. If the application is deemed denied, the registrant shall abandon the proposed change in control or cease digital asset business activity with or on behalf of residents.     (g) The Department may revoke or modify a determination under subsection (d), after notice and opportunity to be heard, if, in its judgment, revocation or modification is consistent with this Act.     (h) If a change in control of a registrant requires approval of another regulatory agency, and the action of the other agency conflicts with that of the Department, the Department shall confer with the other agency. If the proposed change in control cannot be completed because the conflict cannot be resolved, the registrant shall abandon the change in control or cease digital asset business activity with or on behalf of residents. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-35)     Sec. 20-35. Mergers.     (a) Before a proposed merger or consolidation of a registrant with another person, the registrant shall submit all of the following, as applicable, to the Department:         (1) An application in a form and medium prescribed by

the Department.

(2) The plan of merger or consolidation in accordance

with subsection (e).

(3) In the case of a registrant, the information

required by Section 15-10 concerning the person that would be the surviving entity in the proposed merger or consolidation.

(b) If a proposed merger or consolidation would change the control of a registrant, the registrant shall comply with Section 20-30 and this Section.     (c) The Department, in accordance with Section 15-10, shall approve, conditionally approve, or deny an application for approval of a merger or consolidation of a registrant. The Department, in a record, shall send notice of its decision to the registrant and the person that would be the surviving entity. If the Department denies the application, the registrant shall abandon the merger or consolidation or cease digital asset business activity with or on behalf of residents.     (d) The Department may revoke or modify a determination under paragraph (c), after notice and opportunity to be heard, if, in its judgment, revocation or modification is consistent with this Act.     (e) A plan of merger or consolidation of a registrant with another person shall do all of the following:         (1) Describe the effect of the proposed transaction

on the registrant's conduct of digital asset business activity with or on behalf of residents.

(2) Identify each person to be merged or consolidated

and the person that would be the surviving entity.

(3) Describe the terms and conditions of the merger

or consolidation and the mode of carrying it into effect.

(f) If a merger or consolidation of a registrant and another person requires approval of another regulatory agency, and the action of the other agency conflicts with that of the Department, the Department shall confer with the other agency. If the proposed merger or consolidation cannot be completed because the conflict cannot be resolved, the registrant shall abandon the merger or consolidation or cease digital asset business activity with or on behalf of residents.     (g) The Department may condition approval of an application under subsection (a). If the Department does not receive notice from the parties that the parties accept the Department's condition not later than 31 days after the Department sends notice in a record of the condition, the application is deemed denied. If the application is deemed denied, the registrant shall abandon the merger or consolidation or cease digital asset business activity with, or on behalf of, residents.     (h) If a registrant acquires substantially all of the assets of a person, whether or not the person's registration was approved by the Department, the transaction is subject to this Section. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-40)     Sec. 20-40. Investigation of complaints. The Secretary shall be authorized at all times to maintain staff and facilities adequate to receive, record, and investigate complaints and inquiries made by any person concerning this Act and any covered persons, affiliates, and service providers under this Act. Each such person shall open their books, records, documents, and offices wherever situated to the Secretary or his or her appointees as needed to facilitate such investigations. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-45)     Sec. 20-45. Additional investigation and examination authority. In addition to any authority allowed under this Act or other applicable law, the Secretary shall have the authority to conduct investigations and examinations as follows:         (1) For purposes of initial registration, renewal,

suspension, conditioning, revocation or termination, or general or specific inquiry or investigation to determine compliance with this Act, the Secretary shall have the authority to access, receive, and use any books, accounts, records, files, documents, information, or evidence, including, but not limited to, the following:

(A) criminal, civil, and administrative history

information, including nonconviction data as specified in the Criminal Code of 2012;

(B) personal history and experience information,

including independent credit reports obtained from a consumer reporting agency described in Section 603(p) of the federal Fair Credit Reporting Act; and

(C) any other documents, information, or evidence

the Secretary deems relevant to the inquiry or investigation, regardless of the location, possession, control, or custody of the documents, information, or evidence.

(2) For the purposes of investigating violations or

complaints arising under this Act or for the purposes of examination, the Secretary may review, investigate, or examine any covered person, affiliate, service provider, individual, or person subject to this Act as often as necessary in order to carry out the purposes of this Act. The Secretary may direct, subpoena, or order the attendance of and examine under oath all persons whose testimony may be required about the transactions or the business or subject matter of any such examination or investigation, and may direct, subpoena, or order the person to produce books, accounts, records, files, and any other documents the Secretary deems relevant to the inquiry.

(3) Each covered person, affiliate, service provider,

individual, or person subject to this Act shall make available to the Secretary upon request the books and records relating to the operations of the registrant, affiliate, individual, or person subject to this Act. The Secretary shall have access to those books and records and interview the officers, principals, employees, independent contractors, agents, and customers of the covered person, affiliate, service provider, individual, or person subject to this Act concerning their business.

(4) Each covered person, affiliate, service provider,

individual, or person subject to this Act shall make or compile reports or prepare other information as directed by the Secretary in order to carry out the purposes of this Section, including, but not limited to:

(A) accounting compilations;             (B) information lists and data concerning

transactions in a format prescribed by the Secretary; or

(C) other information deemed necessary to carry

out the purposes of this Section.

(5) In making any examination or investigation

authorized by this Act, the Secretary may control access to any documents and records of the covered person or person under examination or investigation. The Secretary may take possession of the documents and records or place a person in exclusive charge of the documents and records in the place where they are usually kept. During the period of control, no person shall remove or attempt to remove any of the documents or records, except pursuant to a court order or with the consent of the Secretary. Unless the Secretary has reasonable grounds to believe the documents or records of the covered person or person under examination or investigation have been or are at risk of being altered or destroyed for purposes of concealing a violation of this Act, the covered person or owner of the documents and records shall have access to the documents or records as necessary to conduct its ordinary business affairs.

(6) In order to carry out the purposes of this

Section, the Secretary may:

(A) retain attorneys, accountants, or other

professionals and specialists as examiners, auditors, or investigators to conduct or assist in the conduct of examinations or investigations;

(B) enter into agreements or relationships with

other government officials, regulatory associations, or self-regulatory organizations in order to improve efficiencies and reduce regulatory burden by sharing resources, standardized or uniform methods or procedures, and documents, records, information, or evidence obtained under this Section;

(C) use, hire, contract, or employ public or

privately available analytical systems, methods, or software to examine or investigate the covered person, affiliate, service provider, individual, or person subject to this Act;

(D) accept and rely on examination or

investigation reports made by other government officials, within or outside this State; or

(E) accept audit reports made by an independent

certified public accountant for the covered person, affiliate, service provider, individual, or person subject to this Act in the course of that part of the examination covering the same general subject matter as the audit and may incorporate the audit report in the report of the examination, report of investigation, or other writing of the Secretary.

(7) The authority of this Section shall remain in

effect, whether such a covered person, affiliate, service provider, individual, or person subject to this Act acts or claims to act under any licensing or registration law of this State or claims to act without the authority.

(8) No covered person, affiliate, service provider,

individual, or person subject to investigation or examination under this Section may knowingly withhold, abstract, remove, mutilate, destroy, or secrete any books, records, computer records, or other information.

(Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-50)     Sec. 20-50. Enforcement actions.     (a) As used in this Article, "enforcement action" means an action including, but not limited to, all of the following:         (1) Suspending or revoking a registration under this

Act.

(2) Ordering a person to cease and desist from doing

digital asset business activity with or on behalf of a resident.

(3) Requesting the court to appoint a receiver for

the assets of a person doing digital asset business activity with or on behalf of a resident.

(4) Requesting the court to issue temporary,

preliminary, or permanent injunctive relief against a person doing digital asset business activity with or on behalf of a resident.

(5) Assessing a civil penalty under Section 20-70.         (6) Recovering on the security under Section 20-5 and

initiating a plan to distribute the proceeds for the benefit of a resident injured by a violation of this Act, or law of this State other than this Act that applies to digital asset business activity with or on behalf of a resident.

(7) Imposing necessary or appropriate conditions on

the conduct of digital asset business activity with or on behalf of a resident.

(8) Seeking restitution on behalf of a resident if

the Department shows economic injury due to a violation of this Act.

(b) The Department may enter into a consent order with a person regarding an enforcement action.     (c) This Section does not provide a private right of action to a resident, provided this Section does not preclude an action by a resident to enforce rights under Article 5 or subsection (a) of Section 20-5. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-55)     Sec. 20-55. Violations.     (a) The Department may take an enforcement action against a covered person or any person otherwise subject to this Act in any of the following instances:         (1) The covered person or person violates this Act, a

rule adopted or order issued under this Act, or a State or federal law or regulation that applies to digital asset business activity of the violator with or on behalf of a resident.

(2) The covered person or person does not cooperate

with an examination or investigation by the Department, fails to pay a fee, or fails to submit a report or documentation.

(3) The covered person or person, in the conduct of

its digital asset business activity with or on behalf of a resident, has engaged, is engaging, or is about to engage in any of the following:

(A) An unsafe, unsound, or unlawful act or

practice.

(B) An unfair, deceptive, or abusive act or

practice.

(C) Fraud, misrepresentation, deceit, or

negligence.

(D) Misappropriation of fiat currency, a digital

asset, or other value.

(4) An agency of the United States or another state

takes an action against the covered person or person that would constitute an enforcement action if the Department had taken the action.

(5) The covered person or person is convicted of a

crime related to its digital asset business activity with or on behalf of a resident or involving fraud or felonious activity that, as determined by the Department, makes the covered person or person unsuitable to engage in digital asset business activity.

(6) Any of the following occurs:             (A) The covered person or person becomes

insolvent.

(B) The covered person or person makes a general

assignment for the benefit of its creditors.

(C) The covered person or person becomes the

debtor, alleged debtor, respondent, or person in a similar capacity in a case or other proceeding under any bankruptcy, reorganization, arrangement, readjustment, insolvency, receivership, dissolution, liquidation, or similar law, and does not obtain from the court, within a reasonable time, confirmation of a plan or dismissal of the case or proceeding.

(D) The covered person or person applies for, or

permits the appointment of, a receiver, trustee, or other agent of a court for itself or for a substantial part of its assets.

(7) The covered person or person makes a

misrepresentation to the Department.

(b) If the Secretary finds, as the result of examination, investigation, or review of reports submitted by a registrant, that the business and affairs of a registrant are not being conducted in accordance with this Act, the Secretary may notify the registrant of the correction necessary. If a registrant fails to correct such violations, the Secretary may issue an order requiring immediate correction and compliance with this Act and may specify a reasonable date for performance. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-60)     Sec. 20-60. Hearings.     (a) Except as provided in subsection (b), the Department may take an enforcement action only after notice and opportunity for a hearing as appropriate in the circumstances. All hearings provided for in this Act shall be conducted in accordance with Title 38, Part 100 of the Illinois Administrative Code, and the Secretary shall have all the powers granted therein.     (b)(1)(A) The Department may take an enforcement action, other than the imposition of a civil penalty under Section 20-70, without notice if the circumstances require action before notice can be given.     (B) A person subject to an enforcement action pursuant to this subsection shall have the right to an expedited post-action hearing by the Department unless the person has waived the hearing.     (2)(A) The Department may take an enforcement action, other than the imposition of a civil penalty under Section 20-70, after notice and without a prior hearing if the circumstances require action before a hearing can be held.     (B) A person subject to an enforcement action pursuant to this subsection shall have the right to an expedited post-action hearing by the Department unless the person has waived the hearing.     (3) The Department may take an enforcement action after notice and without a hearing if the person subject to the enforcement action does not timely request a hearing. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-65)     Sec. 20-65. Hearing rules.     (a) The Department may, in accordance with the Illinois Administrative Procedure Act, adopt rules to provide for review within the Department of the Secretary's decisions affecting the rights of persons or entities under this Act. The review shall provide for, at a minimum:         (1) appointment of a hearing officer;         (2) appropriate procedural rules, specific deadlines

for filings, and standards of evidence and of proof; and

(3) provision for apportioning costs among parties to

the appeal.

(b) All final administrative decisions of the Department under this Act, all amendments and modifications of final administrative decisions, and any rules adopted by the Department pursuant to this Act shall be subject to judicial review pursuant to the provisions of the Administrative Review Law. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-70)     Sec. 20-70. Civil penalties.     (a) If a person other than a registrant has engaged, is engaging, or is about to engage in digital asset business activity with or on behalf of a resident in violation of this Act, the Department may assess a civil penalty against the person in an amount not to exceed $100,000 for each day the person is in violation of this Act.     (b) If a person violates a provision of this Act, the Department may assess a civil penalty in an amount not to exceed $25,000 for each day of violation or for each act or omission in violation, except that a fine may be imposed not to exceed $75,000 for each day of violation or for each act or omission in violation related to fraud, misrepresentation, deceit, or negligence.     (c) A civil penalty under this Section continues to accrue until the date the violation ceases.     (d) A civil penalty under this Section is cumulative to any civil penalties enforceable by the Department under any other law. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-75)     Sec. 20-75. Subpoena power.     (a) The Secretary shall have the power to issue and to serve subpoenas and subpoenas duces tecum to compel the attendance of witnesses and the production of all books, accounts, records, and other documents and materials relevant to an examination or investigation. The Secretary, or his or her duly authorized representative, shall have power to administer oaths and affirmations to any person.     (b) In the event of noncompliance with a subpoena or subpoena duces tecum issued or caused to be issued by the Secretary, the Secretary may, through the Attorney General or the State's Attorney of the county in which the person subpoenaed resides or has its principal place of business, petition the circuit court of the county for an order requiring the subpoenaed person to appear and testify and to produce such books, accounts, records, and other documents as are specified in the subpoena duces tecum. The court may grant injunctive relief restraining the person from advertising, promoting, soliciting, entering into, offering to enter into, continuing, or completing any digital asset business activity. The court may grant other relief, including, but not limited to, the restraint, by injunction or appointment of a receiver, of any transfer, pledge, assignment, or other disposition of the person's assets or any concealment, alteration, destruction, or other disposition of books, accounts, records, or other documents and materials as the court deems appropriate, until the person has fully complied with the subpoena or subpoena duces tecum and the Secretary has completed an investigation or examination.     (c) If it appears to the Secretary that the compliance with a subpoena or subpoena duces tecum issued or caused to be issued by the Secretary pursuant to this Section is essential to an investigation or examination, the Secretary, in addition to the other remedies provided for in this Act, may, through the Attorney General or the State's Attorney of the county in which the subpoenaed person resides or has its principal place of business, apply for relief to the circuit court of the county. The court shall thereupon direct the issuance of an order against the subpoenaed person requiring sufficient bond conditioned on compliance with the subpoena or subpoena duces tecum. The court shall cause to be endorsed on the order a suitable amount of bond or payment pursuant to which the person named in the order shall be freed, having a due regard to the nature of the case.     (d) In addition, the Secretary may, through the Attorney General or the State's Attorney of the applicable county, seek a writ of attachment or an equivalent order from the circuit court having jurisdiction over the person who has refused to obey a subpoena, who has refused to give testimony, or who has refused to produce the matters described in the subpoena duces tecum. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/20-80)     Sec. 20-80. Civil actions.     (a) The Department may bring a civil action in accordance with the following:         (1) If a person violates any provision of this Act, a

rule or final order, or condition imposed in writing by the Department, the Department through the Attorney General or the State's Attorney of the county in which any such violation occurs may bring an action in the circuit court to enjoin the acts or practices or to enforce compliance with this Act or any rule or order adopted pursuant to this Act. Upon a proper showing, a permanent or preliminary injunction, restraining order, or writ of mandate shall be granted and a receiver, monitor, conservator, or other designated fiduciary or officer of the court may be appointed for the defendant or the defendant's assets, or any other ancillary relief may be granted as appropriate. A receiver, monitor, conservator, or other designated fiduciary or officer of the court appointed by the circuit court pursuant to this Section may, with the approval of the court, exercise any or all of the powers of the defendant's officers, directors, partners, trustees, or persons who exercise similar powers and perform similar duties, including the filing of a petition for bankruptcy. No action at law or in equity may be maintained by any party against the Secretary, a receiver, monitor, conservator, or other designated fiduciary or officer of the court, by reason of their exercising these powers or performing these duties pursuant to the order of, or with the approval of, the circuit court.

(2) The Secretary may include in any action relief

authorized by Section 20-50. The circuit court shall have jurisdiction to award additional relief.

(3) In any action brought by the Department, the

Department may recover its costs and attorney's fees in connection with prosecuting the action if the Department is the prevailing party in the action.

(b) The Attorney General may enforce a violation of Article 5 as an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act.     (c) A claim of violation of Article 5 may be asserted in a civil action. Additionally, a prevailing resident may be awarded reasonable attorney's fees and court costs. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 30 heading) Article 30. Additional Procedural Provisions (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/30-5)     Sec. 30-5. Confidential supervisory information.     (a) Confidential supervisory information shall, unless made a matter of public record, not be subject to disclosure under the Freedom of Information Act, and shall only be subject to disclosure pursuant to subpoena or court order as provided in subsection (e).     (b) All records of communications or summaries of communications between employees, agents, or representatives of the Department and employees, agents, or representatives of other governmental agencies, a provider of any multistate licensing system, or associations or organizations representing federal, state, or local law enforcement or regulatory agencies or providers of any multistate licensing system, pursuant to any regulatory or supervision activity under this Act (1) shall not be subject to disclosure under the Freedom of Information Act, and (2) to the extent the records contain confidential supervisory information, shall only be subject to disclosure pursuant to subpoena or court order as provided in subsection (e).     (c) All confidential supervisory information received from other governmental agencies, a multistate licensing system provider, or associations or organizations consisting of employees, agents, or representatives of such agencies or providers, shall not be subject to disclosure under the Freedom of Information Act, and only subject to disclosure pursuant to subpoena or court order as provided in subsection (e).     (d) The sharing of any confidential supervisory information under this Act with governmental agencies, providers of any multistate licensing system, or associations or organizations consisting of employees, agents, or representatives of such federal, state, or local law enforcement or regulatory agencies, shall not result in the loss of privilege arising under federal or state law, or the loss of confidentiality protections provided by federal law or state law, and are only subject to disclosure pursuant to subpoena or court order as provided in subsection (e).     (e) Confidential supervisory information may not be disclosed to anyone other than the regulated person, law enforcement officials or other regulatory agencies that have an appropriate regulatory interest as determined by the Secretary, or to a party presenting a lawful subpoena, order, or other judicial or administrative process to the Secretary. The Secretary may immediately appeal to the court of jurisdiction the disclosure of such confidential supervisory information and seek a stay of the subpoena pending the outcome of the appeal. Reports required of regulated persons by the Secretary under this Act and results of examinations performed by the Secretary under this Act shall be the property of only the Secretary but may be shared with the regulated person. Access under this Act to the books and records of each regulated person shall be limited to the Secretary and his agents as provided in this Act and to the regulated person and its authorized agents and designees. No other person shall have access to the books and records of a regulated person under this Act. Any person upon whom a demand for production of confidential supervisory information is made, whether by subpoena, order, or other judicial or administrative process, must withhold production of the confidential supervisory information and must notify the Secretary of the demand, at which time the Secretary is authorized to intervene for the purpose of enforcing the limitations of this Section or seeking the withdrawal or termination of the attempt to compel production of the confidential supervisory information. The Secretary may impose any conditions and limitations on the disclosure of confidential supervisory information that are necessary to protect the confidentiality of such information. Except as authorized by the Secretary, no person obtaining access to confidential supervisory information may make a copy of the confidential supervisory information. The Secretary may condition a decision to disclose confidential supervisory information on entry of a protective order by the court or administrative tribunal presiding in the particular case or on a written agreement of confidentiality. In a case in which a protective order or agreement has already been entered between parties other than the Secretary, the Secretary may nevertheless condition approval for release of confidential supervisory information upon the inclusion of additional or amended provisions in the protective order. The Secretary may authorize a party who obtained the records for use in one case to provide them to another party in another case, subject to any conditions that the Secretary may impose on either or both parties. The requester shall promptly notify other parties to a case of the release of confidential supervisory information obtained and, upon entry of a protective order, shall provide copies of confidential supervisory information to the other parties.     (f) The Secretary is authorized to enter agreements or sharing arrangements with other governmental agencies, providers of any multistate licensing system, or associations or organizations representing governmental agencies or providers of any multistate licensing system. Notwithstanding the foregoing, the provisions of this Section shall apply regardless of the existence of any such agreement or sharing arrangement.     (g) This Section in no way limits any right, privilege, or authority that the Department has pursuant to any other applicable law. This Section does not in any way limit any privilege arising under federal or state law or other exemption from disclosure pursuant to the Freedom of Information Act.     (h) Notwithstanding the foregoing, whenever the Secretary determines, in his or her sole discretion, that it is in the public's interest, he or she may publicly disclose information or documents obtained under this Act, unless otherwise prohibited by law. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/30-10)     Sec. 30-10. Additional rulemaking authority.     (a) In addition to such powers and rulemaking authority as may be prescribed elsewhere in this Act or other financial laws administered by the Department, the Department is hereby authorized and empowered to adopt rules consistent with the purposes of this Act, including, but not limited to:         (1) rules in connection with the activities of

covered persons, affiliates, and service providers as may be necessary and appropriate for the protection of residents;

(2) rules to define the terms used in this Act and as

may be necessary and appropriate to interpret and implement the provisions of this Act;

(3) rules as may be necessary for the administration

and enforcement of this Act;

(4) rules to set and collect fees necessary to

administer and enforce this Act;

(5) rules in connection with the activities of

covered persons, affiliates, and service providers as may be necessary and appropriate for the safety and soundness of such covered persons and affiliates and the stability of the financial system in this State; and

(6) rules in connection with the adoption of

reciprocity agreements between the Department and the appropriate licensing agency of another state to register a covered person on an expedited basis.

(b) The Secretary is hereby authorized and empowered to make specific rulings, demands, and findings that he or she deems necessary for the proper conduct of the registrants and affiliates thereof. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 35 heading) Article 35. Miscellaneous Provisions (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/35-5)     Sec. 35-5. No evasion.     (a) It shall be unlawful to engage in any device, subterfuge, or pretense to willfully evade or attempt to evade the requirements of this Act or any rule or order issued by the Department hereunder.     (b) Any financial product, service, or transaction that is willfully structured to evade or attempt to evade the definitions of digital asset or digital asset business activity is a digital asset or digital asset business activity, respectively, for purposes of this Act. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/35-10)     Sec. 35-10. Construction; severability.     (a) The provisions of this Act shall be liberally construed to effectuate its purposes.     (b) The provisions of this Act are severable under Section 1.31 of the Statute on Statutes.     (c) To the extent that any provision of this Act is preempted by federal law, the provision shall not apply and shall not be enforced solely as to the extent of the preemption and not as to other circumstances, persons, or applications. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/35-15)     Sec. 35-15. Transition period.     (a) A covered person engaging in digital asset business activity without a registration under this Act shall not be considered in violation of Section 15-5 or 5-25 until July 1, 2027.     (b) A covered person engaging in digital asset business activity shall not be considered in violation of Sections 5-5, 5-10, and 5-20 until January 1, 2027.     (c) A covered exchange shall not be considered in violation of Section 5-15 until January 1, 2027.     (d) Notwithstanding the foregoing, the Department may adopt rules pursuant to this Act upon this Act becoming law with such rules not to take effect earlier than January 1, 2026.". (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 90 heading) Article 90. Amendatory provisions (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/Art. 99 heading) Article 99. Non-acceleration and Effective Date (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/99-95)     Sec. 99-95. No acceleration or delay. Where this Act makes changes in a statute that is represented in this Act by text that is not yet or no longer in effect (for example, a Section represented by multiple versions), the use of that text does not accelerate or delay the taking effect of (i) the changes made by this Act or (ii) provisions derived from any other Public Act. (Source: P.A. 104-428, eff. 8-18-25.)

(205 ILCS 731/99-99)     Sec. 99-99. Effective date. This Act takes effect upon becoming law. (Source: P.A. 104-428, eff. 8-18-25.)