Mississippi HB 1596 Enacts Data Security Requirements for Money Transmitters
Summary
Mississippi Governor signed HB 1596, the Data Security for Money Transmitters Act, into law on April 8, 2026, effective July 1, 2026. The law amends the Money Transmission Modernization Act to impose comprehensive data security requirements including written information security programs, risk assessments, access controls, encryption, multi-factor authentication, annual penetration testing, semi-annual vulnerability assessments, and incident response and business continuity plans on licensed money transmitters and virtual currency kiosk operators. The law also requires 72-hour notification to the Commissioner of Banking and Consumer Finance upon discovering unauthorized acquisition of unencrypted customer information, brings virtual currency kiosks under MTMA licensing requirements, and mandates elder adult financial abuse training for authorized delegates.
“The law requires licensees to develop and maintain a comprehensive written information security program proportionate to the licensee's size and complexity, designate a qualified individual to oversee the program, conduct risk assessments, and report annually to the board of directors.”
Money transmitters and virtual currency kiosk operators in Mississippi should assess whether they have fewer than 5,000 consumers to determine exemption eligibility for certain requirements. All licensees should begin developing or updating their written information security programs, conducting required risk assessments, and implementing the technical safeguards (encryption, MFA, access controls) ahead of the July 1, 2026 effective date. Firms should also update their incident response plans to include the 72-hour notification requirement to the Commissioner of Banking and Consumer Finance.
About this source
JD Supra is the legal industry's open library where US and UK law firms publish client alerts, regulatory analysis, and case commentaries. The Finance & Banking section aggregates everything published by partners at firms covering bank supervision, payments, capital markets, fintech, securitization, AML, and consumer finance. Around 400 alerts a month from across the bar. Watch this if you want primary-source law-firm thinking on the latest CFPB rule, OCC bulletin, FCA consultation, or Basel update, before it shows up in trade press. The signal-to-noise ratio is genuinely good because firms only publish when they have something to say to their own clients. GovPing pulls each alert with the firm name, author, and topic.
What changed
HB 1596 enacts comprehensive data security and consumer protection requirements for all licensed money transmitters and virtual currency kiosk operators in Mississippi. Key requirements include developing a written information security program proportionate to the licensee's size and complexity, designating a qualified individual to oversee the program, conducting regular risk assessments, and providing annual board reporting. Technical safeguards required include access controls, encryption, multi-factor authentication, secure disposal of customer information, annual penetration testing, and semi-annual vulnerability assessments. Licensees must also maintain written incident response and business continuity plans.
Affected parties include all licensed money transmitters and virtual currency kiosk operators operating in Mississippi. Smaller licensees with fewer than 5,000 consumers are exempt from certain requirements including written risk assessment criteria, penetration testing, the incident response plan, and annual board reporting. All licensees must provide annual training to authorized delegates on recognizing elder adult financial abuse and display fraud warnings at authorized delegate locations. Virtual currency kiosk operators are newly brought under the MTMA's licensing, renewal, and authorized delegate reporting requirements.
Archived snapshot
Apr 27, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
April 27, 2026
Mississippi enacts data security and consumer protection requirements for money transmitters
On April 8, the Mississippi governor signed into law HB 1596, known as the “Data Security for Money Transmitters Act.” The law, effective July 1, amends the Money Transmission Modernization Act (MTMA) to impose data security, consumer protection, and operational requirements on licensed money transmitters and virtual currency kiosk operators. The law requires licensees to develop and maintain a comprehensive written information security program proportionate to the licensee’s size and complexity, designate a qualified individual to oversee the program, conduct risk assessments, and report annually to the board of directors. Required safeguards include access controls, encryption, multi-factor authentication, secure disposal of customer information, annual penetration testing, and semiannual vulnerability assessments. Licensees must also maintain written incident response and business continuity plans. Certain requirements, including written risk assessment criteria, penetration testing, the incident response plan, and annual board reporting, do not apply to licensees with fewer than 5,000 consumers.
The law also requires notification to the Commissioner of Banking and Consumer Finance within 72 hours of discovering the unauthorized acquisition of unencrypted customer information, with provisions for law enforcement to delay public notification. In addition, HB 1596 brings virtual currency kiosks under the MTMA’s licensing, renewal, and authorized delegate reporting requirements. Licensees must provide annual training to authorized delegates on recognizing elder adult financial abuse and display fraud warnings at authorized delegate locations.
[View source.]
;) ;) Report
Related Posts
- DOJ begins enforcement of its Data Security Program
- North Dakota expands its financial data security framework, includes alternative financing providers to obtain money broker licenses
- DOJ implements its Data Security Program to protect users’ data
Latest Posts
- CFPB union opposes Bureau’s motion to modify stay, implement reduction-in-force plan
- Mississippi enacts data security and consumer protection requirements for money transmitters See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.
©
Orrick, Herrington & Sutcliffe LLP
2026
Written by:
Orrick, Herrington & Sutcliffe LLP Contact + Follow
PUBLISH YOUR CONTENT ON JD SUPRA
- ✔ Increased readership
- ✔ Actionable analytics
- ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra
Published In:
Consumer Protection Laws + Follow Cybersecurity + Follow Data Protection + Follow Data Security + Follow Digital Assets + Follow Incident Response Plans + Follow New Legislation + Follow Regulatory Requirements + Follow Reporting Requirements + Follow Virtual Currency + Follow Consumer Protection + Follow Finance & Banking + Follow Privacy + Follow more
Orrick, Herrington & Sutcliffe LLP on:
Solve with 2Captcha
Solve with 2Captcha
Named provisions
Related changes
Get daily alerts for JD Supra Finance & Banking
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from Orrick.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when JD Supra Finance & Banking publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.