Proposed Rule2026-06963
Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions Compliance Program Requirements
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
April 10, 2026
Issuing agencies
Treasury DepartmentForeign Assets Control OfficeFinancial Crimes Enforcement Network
Abstract
The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) are jointly issuing this proposed rule to implement provisions of the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act). Specifically, it implements the GENIUS Act's directive to treat permitted payment stablecoin issuers (PPSIs) as financial institutions for purposes of the Bank Secrecy Act, proposes anti-money laundering obligations for PPSIs, and proposes certain specific obligations required by the GENIUS Act for PPSIs. It also implements the GENIUS Act's directive to require PPSIs to maintain effective sanctions compliance programs.
Full Text
<html>
<head>
<title>Federal Register, Volume 91 Issue 69 (Friday, April 10, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 69 (Friday, April 10, 2026)]
[Proposed Rules]
[Pages 18582-18667]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-06963]
[[Page 18581]]
Vol. 91
Friday,
No. 69
April 10, 2026
Part III
Department of the Treasury
-----------------------------------------------------------------------
Office of Foreign Assets Control
-----------------------------------------------------------------------
31 CFR Part 502
Financial Crimes Enforcement Network
-----------------------------------------------------------------------
31 CFR Parts 1010 and 1033
Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering
the Financing of Terrorism Program and Sanctions Compliance Program
Requirements; Proposed Rule
��Federal Register / Vol. 91 , No. 69 / Friday, April 10, 2026 /
Proposed Rules��
[[Page 18582]]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of Foreign Assets Control
31 CFR Part 502
Financial Crimes Enforcement Network
31 CFR Parts 1010 and 1033
[Docket No. FINCEN-2026-0100]
RIN 1506-AB73
Permitted Payment Stablecoin Issuer Anti-Money Laundering/
Countering the Financing of Terrorism Program and Sanctions Compliance
Program Requirements
AGENCY: Financial Crimes Enforcement Network, Office of Foreign Assets
Control, Treasury.
ACTION: Joint proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Department of the Treasury's Financial Crimes Enforcement
Network (FinCEN) and Office of Foreign Assets Control (OFAC) are
jointly issuing this proposed rule to implement provisions of the
Guiding and Establishing National Innovation for U.S. Stablecoins Act
(GENIUS Act). Specifically, it implements the GENIUS Act's directive to
treat permitted payment stablecoin issuers (PPSIs) as financial
institutions for purposes of the Bank Secrecy Act, proposes anti-money
laundering obligations for PPSIs, and proposes certain specific
obligations required by the GENIUS Act for PPSIs. It also implements
the GENIUS Act's directive to require PPSIs to maintain effective
sanctions compliance programs.
DATES: Comments must be received by June 9, 2026.
ADDRESSES: Comments must be submitted in one of the following two ways
(please choose only one of the ways listed):
<bullet> Electronically at <a href="https://www.regulations.gov">https://www.regulations.gov</a>. Follow the
``Submit a comment'' instructions under Docket FINCEN-2026-0100. If you
are reading this document on <a href="http://federalregister.gov">federalregister.gov</a>, you may use the green
``SUBMIT A PUBLIC COMMENT'' button beneath this rulemaking's title to
submit a comment to the <a href="http://regulations.gov">regulations.gov</a> docket.
<bullet> You may mail written comments to the following address:
Regulatory and Strategic Affairs Division, Financial Crimes Enforcement
Network, P.O. Box 39, Vienna, VA 22183. Mailed comments must be
received by the close of the comment period.
Do not include any personally identifiable information (such as
name, address, or other contact information) or confidential business
information that you do not want publicly disclosed. All comments are
public records; they are publicly displayed exactly as received, and
will not be deleted, modified, or redacted. Comments may be submitted
anonymously. Follow the search instructions on <a href="https://www.regulations.gov">https://www.regulations.gov</a> to view public comments.
In accordance with 5 U.S.C. 553(b)(4), a summary of this rule may
be found at <a href="https://www.regulations.gov">https://www.regulations.gov</a> under Docket FINCEN-2026-0100.
FOR FURTHER INFORMATION CONTACT:
FinCEN: The FinCEN Regulatory Support Section by submitting an
inquiry at <a href="http://www.fincen.gov/contact">www.fincen.gov/contact</a>.
OFAC: Assistant Director for Regulatory Affairs, 202-622-4855 or
<a href="https://ofac.treasury.gov/contact-ofac">https://ofac.treasury.gov/contact-ofac</a>.
SUPPLEMENTARY INFORMATION:
I. Executive Summary
Payment stablecoins could revolutionize payment systems, but the
U.S. financial system's strength, size, and reliability make its
payment systems a notable target for misuse by illicit actors, which
jeopardizes U.S. national security. To combat illicit finance risk,
this notice of proposed rulemaking (NPRM) implements the GENIUS Act's
directive to subject PPSIs to anti-money laundering (AML) requirements,
including Bank Secrecy Act (BSA) requirements, and to require PPSIs to
maintain an effective economic sanctions compliance program.
Although issued jointly by FinCEN and OFAC, the NPRM outlines
independent changes to two different chapters of Title 31 of the Code
of Federal Regulations. First, FinCEN is proposing changes to its
existing regulations and creation of a new part of chapter X to
effectuate the GENIUS Act's directive to apply BSA and AML obligations
to PPSIs. Second, OFAC is proposing a new part to chapter V to
effectuate the GENIUS Act's directive that PPSIs maintain an effective
economic sanctions compliance program.
II. Statutory Authority
A. The Guiding and Establishing National Innovation for U.S.
Stablecoins Act
The GENIUS Act provides a comprehensive framework for the
regulation of payment stablecoins.\1\ The GENIUS Act outlines the
reserve, capital, liquidity, and risk management requirements for PPSIs
and tasks implementing those requirements to the Office of the
Comptroller of the Currency (OCC), the Board of Governors of the
Federal Reserve System (Board), the Federal Deposit Insurance
Corporation (FDIC), the National Credit Union Administration (NCUA),
and, as applicable, any State payment stablecoin regulators.\2\ The
OCC, Board, FDIC, and NCUA are responsible for establishing a process
and framework for the licensing, regulation, examination, and
supervision of PPSIs under their respective purviews.\3\ The GENIUS Act
requires that a PPSI ``be treated as a financial institution for
purposes of the Bank Secrecy Act, and as such, shall be subject to all
Federal laws applicable to a financial institution located in the
United States relating to economic sanctions, prevention of money
laundering, customer identification, and due diligence.'' \4\ The
GENIUS Act directs the Secretary of the Treasury to issue regulations,
tailored to the size and complexity of the PPSI, implementing this
provision of the GENIUS Act.\5\
---------------------------------------------------------------------------
\1\ GENIUS Act, Public Law 119-27, 139 Stat. 419 (2025)
(codified at 12 U.S.C. 5901-5916).
\2\ See 12 U.S.C. 5901(25), (30); see also 12 U.S.C.
5903(a)(4)(A), 5906(d).
\3\ 12 U.S.C. 5901(25) (defining ``primary Federal payment
stablecoin regulator'' and outlining jurisdiction regarding specific
types of PPSIs), 5904 (directing the primary Federal payment
stablecoin regulators to ``establish a process and framework for the
licensing, regulation, examination, and supervision'' for PPSIs
under their respective jurisdictions).
\4\ 12 U.S.C. 5903(a)(5)(A).
\5\ 12 U.S.C. 5903(a)(5)(B). In addition to rulemaking authority
codified in the ``Treatment Under the Bank Secrecy Act and Sanctions
Law'' section, the GENIUS Act also generally calls for the Secretary
of the Treasury to promulgate regulations ``to carry out [the GENIUS
Act] through appropriate notice and comment rulemaking.'' 12 U.S.C.
5913(a). In accordance with Treasury Order 101-05 and 31 U.S.C.
321(b)(2), the authority vested in the Secretary under the GENIUS
Act to issue regulations related to prevention of money laundering
and countering the financing of terrorism and related to economic
sanctions has been delegated to the Director of FinCEN and to the
Director of OFAC, respectively.
---------------------------------------------------------------------------
Regarding the BSA and AML, in addition to its clear, general
directive that PPSIs be treated as financial institutions for purposes
of the BSA and be subject to ``all Federal laws'' related to preventing
money laundering, the GENIUS Act specifies that a PPSI's obligations
include: (i) maintenance of an effective AML program, which includes
appropriate risk assessments and designation of an officer to supervise
the program; (ii) retention of appropriate records; (iii) monitoring
and reporting any suspicious transaction relevant to a possible
violation of law or regulation; (iv) maintenance of technical
capabilities, policies, and procedures to
[[Page 18583]]
block, freeze, and reject specific or impermissible transactions that
violate Federal or State law, rules, or regulations; and (v)
maintenance of an effective customer identification program,\6\
including identifying and verifying the PPSI's account holders, high-
value transactions, and appropriate enhanced due diligence.\7\ The
GENIUS Act contains other provisions that control illicit risk in the
payment stablecoin ecosystem. One of these provisions is the
requirement that PPSIs only issue payment stablecoins if the issuer has
the technological capability to comply and will comply with the terms
of any ``lawful order,'' which the GENIUS Act defines, in part, as an
order issued or promulgated by a Federal agency or court to seize,
freeze, burn, or prevent the transfer of payment stablecoins.\8\
---------------------------------------------------------------------------
\6\ The GENIUS Act's customer identification program requirement
is expected to be the subject of a separate rulemaking.
\7\ 12 U.S.C. 5903(a)(5)(A)(i)-(v).
\8\ 12 U.S.C. 5903(a)(6)(B), 5901(16) (defining ``lawful
order'').
---------------------------------------------------------------------------
Regarding sanctions, the GENIUS Act expressly subjects PPSIs to
``all Federal laws applicable to a financial institution located in the
United States relating to economic sanctions'' \9\ and requires PPSIs
to maintain ``an effective economic sanctions compliance program,
including verification of sanctions lists, consistent with Federal
law.'' \10\
---------------------------------------------------------------------------
\9\ 12 U.S.C. 5903(a)(5)(A).
\10\ 12 U.S.C. 5903(a)(5)(A)(vi).
---------------------------------------------------------------------------
This NPRM represents one piece of the comprehensive regulatory
framework for PPSIs set out in the GENIUS Act.\11\
---------------------------------------------------------------------------
\11\ On September 19, 2025, the Department of the Treasury
issued an advance notice of proposed rulemaking concerning the
GENIUS Act. See Treasury, GENIUS Act Implementation, 90 FR 45159
(Sept. 19, 2025); see also FDIC, Approval Requirements for Issuance
of Payment Stablecoins by Subsidiaries of FDIC-Supervised Insured
Depository Institutions, 90 FR 59409 (Dec. 19, 2025); NCUA,
Investments in and Licensing of Permitted Payment Stablecoins
Issuers, 91 FR 6531 (Feb. 12, 2026); OCC, Implementing the Guiding
and Establishing National Innovation for U.S. Stablecoins Act for
the Issuance of Stablecoins by Entities Subject to the Jurisdiction
of the Office of the Comptroller of the Currency, 91 FR 10202 (Mar.
2, 2026); Treasury, GENIUS Act Broad-Based Principles for
Determining Whether a State-Level Regulatory Regime Is Substantially
Similar to the Federal Regulatory Framework, 91 FR 16844 (Apr. 3,
2026).
---------------------------------------------------------------------------
B. The Bank Secrecy Act
The Bank Secrecy Act, or ``BSA,'' is the common name for a
collection of statutory authorities designed to safeguard the national
security of the United States by combating money laundering, the
financing of terrorism, and other illicit finance activity.\12\ Under
the BSA, Congress authorized the Secretary to impose various
obligations on financial institutions, including requiring risk-based
programs to prevent money laundering and the financing of terrorism.
The BSA also enables the Secretary to require financial institutions to
file reports and keep records that ``are highly useful'' including ``in
criminal, tax, or regulatory investigations, risk assessments, or
proceedings,'' or in the conduct of ``intelligence or
counterintelligence activities, including analysis, to protect against
terrorism.'' \13\ In order to enable both the public and private
sectors to identify and stop illicit actors, the BSA also directed the
establishment of appropriate frameworks for information sharing among
various actors, including financial institutions and law enforcement
authorities.\14\ The Secretary has delegated the authority to
implement, administer, and enforce the BSA and its associated
regulations to the Director of FinCEN.\15\
---------------------------------------------------------------------------
\12\ See 31 U.S.C. 5311. Certain parts of the Currency and
Foreign Transactions Reporting Act, its amendments, and the other
statutes relating to the subject matter of that Act, have come to be
referred to as the BSA. These statutes are codified at 12 U.S.C.
1829b, 12 U.S.C. 1951-1960, and 31 U.S.C. 5311-5314 and 5316-5336
and notes thereto, with implementing regulations at 31 CFR chapter
X. Consistent with that understood meaning, as codified, the GENIUS
Act defines the ``Bank Secrecy Act'' to mean ``(A) section 1829b of
[title 12]; (B) chapter 2 of title I of Public Law 91-508 (12 U.S.C.
1951 et seq.); and (C) subchapter II of chapter 53 of title 31.'' 12
U.S.C. 5901(2).
\13\ See 31 U.S.C. 5311(1); see also 5313, 5318(g).
\14\ See 31 U.S.C. 5311(5), 5311 note (``Cooperation Among
Financial Institutions, Regulatory Authorities, and Law Enforcement
Authorities''); see also 31 U.S.C. 310.
\15\ See Treasury Order 180-01 (Jan. 14, 2020), para. 3,
available at <a href="https://home.treasury.gov/about/general-information/orders-and-directives/treasury-order-180-01">https://home.treasury.gov/about/general-information/orders-and-directives/treasury-order-180-01</a>; see also 31 U.S.C.
310(b)(2)(I) (providing that the Director of FinCEN shall
``[a]dminister the requirements of subchapter II of chapter 53 of
this title, chapter 2 of title I of Public Law 91-508, and section
21 of the Federal Deposit Insurance Act, to the extent delegated
such authority by the Secretary'').
---------------------------------------------------------------------------
Many of the obligations included in the BSA are explicitly included
in the GENIUS Act as obligations imposed on PPSIs. For example, in both
the BSA and the GENIUS Act, Congress authorized Treasury to impose
obligations to maintain effective AML programs; \16\ retain records;
\17\ monitor and report suspicious activity; \18\ maintain customer
identification programs; \19\ and conduct enhanced due diligence.\20\
---------------------------------------------------------------------------
\16\ See 31 U.S.C. 5318(h); 12 U.S.C. 5903(a)(5)(A)(i).
\17\ See, e.g., 31 U.S.C. 5318(a)(2); 12 U.S.C. 1826b; 12 U.S.C.
1953; 12 U.S.C. 5903(a)(5)(A)(ii).
\18\ See 31 U.S.C. 5318(g); 12 U.S.C. 5903(a)(5)(A)(iii).
\19\ See 31 U.S.C. 5318(l); 12 U.S.C. 5903(a)(5)(A)(v).
\20\ See 31 U.S.C. 5318(i); 12 U.S.C. 5903(a)(5)(A)(v).
---------------------------------------------------------------------------
C. Office of Foreign Assets Control Statutory Authority
OFAC acts under Presidential national emergency powers, as well as
various statutory authorities, and has been delegated responsibility by
the Treasury Secretary for developing, administering, and enforcing
U.S. economic sanctions. The International Emergency Economic Powers
Act (IEEPA), enacted in 1977, is a key authority for imposing economic
sanctions.\21\ IEEPA authorizes the President to declare a national
emergency in response to an unusual or extraordinary threat to the
United States that has its source in whole or substantial part outside
the United States.\22\ Upon declaration of a national emergency, IEEPA
authorizes the President to, among other actions, investigate, block,
regulate, or prohibit transactions and dealings in property subject to
U.S. jurisdiction when a foreign national or country has an
interest.\23\ IEEPA also provides the President with the authority to
issue regulations as may be necessary to exercise the authorities
granted in IEEPA.\24\ The President typically delegates the authority
to administer economic sanctions pursuant to IEEPA to the Secretary,
who redelegates the implementation authority to OFAC.\25\
---------------------------------------------------------------------------
\21\ See 50 U.S.C. 1701 et seq.
\22\ See 50 U.S.C. 1701.
\23\ See 50 U.S.C. 1702.
\24\ See 50 U.S.C. 1704.
\25\ See, e.g., 31 CFR 525.106, 548.802, 591.802.
---------------------------------------------------------------------------
Through the exercise of its delegated IEEPA authority and other
authorities, OFAC administers and enforces economic sanctions to
prohibit certain transactions and to block assets under U.S.
jurisdiction, including by issuing civil money penalties. OFAC
sanctions include sanctions that block the property or interests in
property of, or prohibit certain transactions or dealings with,
sanctioned individuals and entities, including foreign governments and
officials, terrorists, international narcotics traffickers, and those
engaged or who have engaged in activities such as serious human rights
abuse, corruption, the proliferation of weapons of mass destruction,
transnational organized crime, sanctions evasion, or the provision of
material support to sanctioned individuals and entities. OFAC also
administers comprehensive sanctions that broadly prohibit
[[Page 18584]]
transactions and dealings involving an entire country or geographic
region or a particular sector of a country's economy.
III. Advance Notice of Proposed Rulemaking
Treasury issued an advance notice of proposed rulemaking (ANPRM) in
September 2025 seeking public comment on potential Treasury regulations
implementing the GENIUS Act.\26\ Pertinent to this proposal, the ANPRM
asked questions related to definitions used in the GENIUS Act; the
GENIUS Act's BSA, AML, and sanctions program provisions; and the
potential costs and benefits associated with BSA and sanctions
obligations.\27\
---------------------------------------------------------------------------
\26\ GENIUS Act Implementation, 90 FR 45159. The ANPRM solicited
comment on a range of potential Treasury efforts related to the
GENIUS Act and payment stablecoins that are outside the purview of
this rulemaking. For example, the ANPRM included questions related
to the GENIUS Act prohibition on digital asset service providers
offering and selling a payment stablecoin to any person in the
United States unless the payment stablecoin is issued by a PPSI or a
foreign payment stablecoin issuer that meets certain requirements.
Id. at 45160-61. It also included questions related to Treasury's
role in determining whether a state-level regulatory regime is
substantially similar to the Federal framework and whether a foreign
country's regulatory and supervisory regime is comparable to the
U.S. framework. Id. at 45162-63.
\27\ Id. at 45161-63.
---------------------------------------------------------------------------
In response to this ANPRM, Treasury received approximately 450
timely comments from a variety of stakeholders, including banks and
credit unions, stablecoin issuers, digital asset exchanges, analytics
companies, law firms, trade associations, non-governmental
organizations, technology firms, academics, and members of the public.
Treasury reviewed and considered the pertinent comments in crafting
this proposal.
In general, commenters supported applying BSA and sanctions program
obligations to PPSIs. For BSA obligations, some commenters advocated
these requirements mirror existing obligations and risk-based
frameworks. Some commenters generally asserted that different
obligations should apply with regards to transactions on the primary
market versus transactions on the secondary market.\28\ On costs and
benefits, some commenters acknowledged meaningful upfront costs
associated with complying with the BSA, sanctions program obligations,
and the GENIUS Act, particularly for new or unregulated entrants, but
also stated that clearer rules would lower long-term compliance
friction, reduce illicit finance risks, improve supervisory efficiency,
and ultimately strengthen market confidence and U.S. competitiveness.
---------------------------------------------------------------------------
\28\ See infra section IV.C discussing the meaning of primary
and secondary market for purposes of this rulemaking.
---------------------------------------------------------------------------
IV. Stablecoin Ecosystem
The GENIUS Act only governs a subcategory of stablecoins, namely
``payment stablecoins'' as defined by the GENIUS Act, and a subcategory
of actors in the payment stablecoin ecosystem, most critically for this
rulemaking, PPSIs.\29\ Thus, under the GENIUS Act, not all stablecoins
are payment stablecoins and not all stablecoin issuers will be eligible
to be PPSIs. Because the GENIUS Act framework is not yet in place, it
is not yet determined which specific stablecoins will be payment
stablecoins and which specific issuers will be PPSIs. An understanding
of the stablecoin ecosystem, uses of stablecoins, and risks associated
with stablecoins generally informs the parameters of the proposed rule,
including the rationale behind certain proposed obligations.
---------------------------------------------------------------------------
\29\ See, e.g., 12 U.S.C. 5902, 5903.
---------------------------------------------------------------------------
A. Overview of Stablecoins and Stablecoin Issuers
Stablecoins are a blockchain-based \30\ digital asset \31\ designed
to maintain a stable value relative to an underlying asset, most often,
but not always, a fiat currency.\32\ Many stablecoin issuers represent
that their stablecoin can be redeemed at par upon request, although
redemption terms and rights vary by stablecoin. The asserted redemption
value of a stablecoin is generally tied to the value of the pool of
reserve assets that ``backs'' the stablecoin.\33\
---------------------------------------------------------------------------
\30\ A blockchain is ``any technology where data is: (i) shared
across a network to create a public ledger of verified transactions
or information among network participants; (ii) linked using
cryptography to maintain the integrity of the public ledger and to
execute other functions; (iii) distributed among network
participants in an automated fashion to concurrently update network
participants on the state of the public ledger and any other
functions; and (iv) composed of source code that is publicly
available.'' See Executive Order (E.O.) 14178, Strengthening
American Leadership in Digital Financial Technology, 90 FR 8647,
sec. 2(b) (Jan. 31, 2025).
\31\ For this proposed rule, a ``digital asset'' is ``any
digital representation of value that is recorded on a
cryptographically secured distributed ledger.'' See 12 U.S.C.
5901(6).
\32\ White House, Strengthening American Leadership in Digital
Financial Technology, p. 88 (July 2025) [hereinafter E.O. 14178
Report], available at <a href="https://www.whitehouse.gov/wp-content/uploads/2025/07/Digital-Assets-Report-EO14178.pdf">https://www.whitehouse.gov/wp-content/uploads/2025/07/Digital-Assets-Report-EO14178.pdf</a>. This report was issued by
the President's Working Group on Digital Asset Markets, of which the
Secretary is a member, pursuant to E.O. 14178.
\33\ See id. at p. 90. As discussed in the E.O. 14178 Report, as
of July 2025, more than 99 percent of the outstanding value of
stablecoins in circulation is pegged to the U.S. dollar. Id. Other
types of assets that may back different forms of stablecoins include
digital assets, precious metals, or corporate bonds with lower
credit ratings. See id.
---------------------------------------------------------------------------
Most stablecoins backed by financial assets, including fiat
currency, have centralized control, meaning that one company, or a
group of companies, are responsible for governance functions, including
defining and ensuring compliance with standards related to the
issuance, purchase, redemption, custody, and transfer of the
stablecoin. Generally, a stablecoin issuer will issue a stablecoin when
a user provides the issuer funds denominated in the fiat currency of
the stablecoin's peg. Similarly, a stablecoin is redeemed when a user
exchanges stablecoins with the stablecoin issuer for funds valued at
the corresponding amount of fiat currency.
Currently, many stablecoin issuers generally interact directly with
a small number of larger companies, which are often institutional
participants in the trading of digital assets (i.e., digital asset
exchanges).\34\ Those companies, in turn, interact with a larger and
more diverse group of users. Many stablecoin issuers predominantly
offer issue and redemption services to financial institutions,
including digital asset exchanges that may be regulated under the BSA
as money services businesses (MSBs).\35\ Generally, once an issuer
issues stablecoins to such financial institutions, those institutions
put the stablecoins into broader circulation to other users, such as
individual, retail users. Similarly, individual users generally do not
redeem stablecoins through a stablecoin issuer but rather interact with
a digital asset exchange or platform.\36\ However, in the future,
issuers could more commonly interact directly with retail users,
including issuing and redeeming payment stablecoins.
---------------------------------------------------------------------------
\34\ See Watsky, Cy, et al., Primary and Secondary Markets for
Stablecoins, FEDS Notes, Washington: Board of Governors of the
Federal Reserve System (Feb. 23, 2024), available at <a href="https://doi.org/10.17016/2380-7172.3447">https://doi.org/10.17016/2380-7172.3447</a>.
\35\ See id.; see also E.O. 14178 Report, supra note 32, pp.
104-05.
\36\ See, e.g., E.O. 14178 Report, supra note 32, p. 18.
---------------------------------------------------------------------------
Most stablecoin issuers use smart contracts \37\ to issue
stablecoins, enable
[[Page 18585]]
or prohibit subsequent transactions in the stablecoin, and redeem
stablecoins. The smart contracts underlying most stablecoins maintain a
ledger of the number of stablecoins ``owned by a set of accounts where
each account is owned by a blockchain address'' or wallet.\38\ Smart
contracts generally allow for programmability that can enable a
stablecoin issuer to maintain control over and alter the use of its
stablecoin.
---------------------------------------------------------------------------
\37\ A smart contract is a ``collection of code and data . . .
that is deployed using cryptographically signed transactions'' on a
blockchain network, which is executed by nodes on a blockchain to
perform any given set of pre-determined functions or conditions that
are recorded on a blockchain. See National Institute of Standards
and Technology (NIST), NISTIR 8202, Blockchain Technology Overview,
p. 32 (Oct. 2018), available at <a href="https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf">https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf</a> (``A smart contract can perform
calculations, store information, expose properties to reflect a
publicly exposed state and, if appropriate, automatically send funds
to other accounts.'').
\38\ NIST, NISTIR 8408, Understanding Stablecoin Technology and
Security Considerations, p. 6 (Sept. 2023), available at <a href="https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8408.pdf">https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8408.pdf</a>. The lynchpin of
a blockchain is asymmetric (public key) cryptography, which is used
to secure and send transactions on a blockchain. See Blockchain
Technology Overview, supra note 37, p. 11. First, a user generates a
private key (a string of characters that function like a password)
and uses that private key to generate a public key (an account
number on a blockchain known as an address). Without the private key
associated with an address or public key, a user cannot access the
digital assets contained within. Developers have created software or
hardware wallets to enable users to manage their public and private
keys. See E.O. 14178 Report, supra note 32, pp. 9-10.
---------------------------------------------------------------------------
In the current environment, control capabilities vary depending on
how the stablecoin issuer designed the stablecoin, including the
associated smart contract and the blockchain on which the smart
contracts are deployed. For example, a stablecoin issuer may be able to
prohibit specific wallet addresses from interacting with the stablecoin
and its smart contract. Applying such controls to a particular wallet
address would effectively prevent the holder of a stablecoin from
transferring, redeeming, or otherwise moving the stablecoin.
Additionally, some stablecoin issuers can send stablecoins in
circulation to an unrecoverable wallet address, commonly referred to as
``burning,'' effectively removing the stablecoins from a given wallet
and from circulation in general.\39\ In some cases, including when
required by a lawful order, stablecoin issuers reissue stablecoins
equivalent to burned or frozen funds to different wallets as part of
efforts to recover and return funds to victims of criminal activity.
---------------------------------------------------------------------------
\39\ Understanding Stablecoin Technology and Security
Considerations, supra note 38, p. 8.
---------------------------------------------------------------------------
B. Stablecoin Use Cases
Currently, most stablecoin users primarily rely on stablecoins to
store value, facilitate trades in other digital assets, or to interact
with smart contracts. Payment stablecoins could, however, become a more
widely adopted form of payment.\40\ U.S. consumers and businesses
process trillions of dollars of payments daily.\41\ Although
innovations like real-time payment networks \42\ decrease settlement
times, particularly for domestic transfers, cross-border payments
through traditional payment mechanisms remain more costly and
slower.\43\ Innovation in cross-border payments could support economic
growth, including by facilitating international trade. Payment
stablecoins may be able to mitigate some of the challenges individuals
and small businesses face in navigating cross-border payments by
increasing speed, decreasing cost, and enabling transactions with fewer
intermediaries.\44\
---------------------------------------------------------------------------
\40\ See E.O. 14178 Report, supra note 32, p. 91.
\41\ Id. at p. 88.
\42\ See id. at p. 89; see, e.g., Fed. Reserve, About the FedNow
Service (n.d.), available at <a href="https://www.frbservices.org/financial-services/fednow/about.html">https://www.frbservices.org/financial-services/fednow/about.html</a>.
\43\ See E.O. 14178 Report, supra note 32, p. 88.
\44\ See id. at pp. 90-91.
---------------------------------------------------------------------------
C. Payment Stablecoin Activity
Due to the use of smart contracts underlying stablecoin
transactions and how users interact with stablecoin issuers, the
ecosystem can, broadly speaking, be divided into two components, the
primary market and the secondary market. For the purposes of this
rulemaking, FinCEN and OFAC use these terms to help describe categories
of payment stablecoin activity and articulate the parameters of
particular obligations.
FinCEN and OFAC will use the term ``primary market'' to generally
describe a PPSI interacting directly with a user or holder of a payment
stablecoin, such as when a PPSI engages in issuing, converting,
redeeming, repurchasing, burning, and reissuing payment stablecoins, as
well as providing associated services, such as providing custodial
services.\45\ Generally speaking, primary market activity will involve
activity where a PPSI and a user have a relationship or direct
interaction beyond the involvement of a PPSI's smart contract (e.g.,
the PPSI's maintenance of an account through which the transactions of
such user or customer may be effectuated).
---------------------------------------------------------------------------
\45\ If consistent with the law and authorized by a primary
Federal payment stablecoin regulator or the State payment stablecoin
regulator, as applicable, PPSIs can also engage in activities as a
``digital asset service provider,'' as defined by the GENIUS Act,
and activities incidental thereto. Such activities include
exchanging and transferring digital assets. See 12 U.S.C.
5903(a)(7)(B), 5901(7). Such activity would also constitute primary
market activity.
---------------------------------------------------------------------------
FinCEN and OFAC will use the term ``secondary market'' to describe
payment stablecoin activity that does not directly involve the PPSI as
a party to the transaction other than via a smart contract. For
example, secondary market activity could include an individual
purchasing payment stablecoins from an intermediary, an individual
sending payment stablecoins from a self-hosted wallet to a vendor to
purchase goods, an individual exchanging payment stablecoins for
another digital asset via a digital asset exchange, or person-to-person
transactions in payment stablecoins.
D. Illicit Finance Risks Associated With Stablecoins
The liquidity and stability of stablecoins relative to other
digital assets and rapid settlement of stablecoins make them appealing
to illicit actors as well as legitimate users.\46\ As a result, in
general, illicit actors have increasingly used stablecoins to
facilitate transactions and store proceeds.\47\ The illicit finance
risks discussed below related to stablecoins are likely to generally
also apply to payment stablecoins, particularly because the most
prolific stablecoins carry indicators they could be payment
stablecoins.
---------------------------------------------------------------------------
\46\ See Treasury, 2026 National Money Laundering Risk
Assessment, p. 50 (Mar. 2026) [hereinafter 2026 NMLRA], available at
<a href="https://home.treasury.gov/system/files/246/2026-NMLRA.pdf">https://home.treasury.gov/system/files/246/2026-NMLRA.pdf</a>; E.O.
14178 Report, supra note 32, p. 94.
\47\ See 2026 NMLRA, supra note 46, p. 50.
---------------------------------------------------------------------------
The U.S. government has linked stablecoins to a range of illicit
activities and bad actors, including scammers and fraudsters; \48\
Democratic People's Republic of Korea (DPRK) information technology
(IT) workers, cybercriminal groups and related money laundering
networks; \49\ drug traffickers; \50\ terrorist
[[Page 18586]]
groups; \51\ and sanctions evasion and money laundering networks; \52\
among others. Between January 1, 2015, and November 21, 2025, FinCEN
received approximately 55,000 suspicious activity reports (SARs) that
referenced one or more specific stablecoins in the narrative, as well
as an additional approximately 8,400 reports that included a general
reference to the term ``stablecoin.'' Also, between January 1, 2015,
and November 21, 2025, OFAC received approximately 5,800 reports on
blocked property and 3,000 reports on rejected transactions that
referenced one or more specific stablecoins in the narrative, as well
as approximately six reports that included a general reference to the
term ``stablecoin''. Furthermore, the Financial Action Task Force noted
in 2025 that ``[e]stimates suggest that a majority of all on-chain
illicit activity is now transacted in stablecoins,'' aligning with the
trend of overall growth in stablecoin adoption.\53\
---------------------------------------------------------------------------
\48\ See, e.g., Compl., United States v. Approximately
225,364,961 USDT, No. 25-cv-1907 (D.D.C. June 18, 2025) (civil
forfeiture action against more than $225.3 million in stablecoins
allegedly involved in concealing proceeds of digital assets
investment fraud); United States v. Su, No. 25-cr-362 (C.D. Cal.
Jan. 27, 2026) (defendant sentenced to 46 months in prison for role
in digital investment scam involving $36.9 million where victim
funds were converted to stablecoins).
\49\ See, e.g., Indictment, United States v. Sop, No. 23-cr-128
(D.D.C. Mar. 18, 2023) (indictment alleging defendant laundered
proceeds of DPRK IT workers in violation of sanctions, including
through use of stablecoins); DOJ, Press Release, Department Files
Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf
of the North Korean Government (June 5, 2025), available at <a href="https://www.justice.gov/opa/pr/department-files-civil-forfeiture-complaint-against-over-774m-laundered-behalf-north-korean">https://www.justice.gov/opa/pr/department-files-civil-forfeiture-complaint-against-over-774m-laundered-behalf-north-korean</a>; United States of
America v. Approximately 1,159,834.52 USDT, No. 25-cv-3771 (D.D.C.
Oct. 24, 2025) (civil forfeiture complaint of stablecoins related to
virtual currency heists perpetrated by DPRK hacking groups).
\50\ See, e.g., United States v. Zhang et al., No. 22-cr-10279
(Aug. 15, 2025) (defendants sentenced to prison in connection with
drug trafficking scheme involving conversion of proceeds to
stablecoins); see also, DOJ, Press Release, Two Men Sentenced for
Role in International Money Laundering and Drug Trafficking
Conspiracy (Aug. 15, 2025), available at <a href="https://www.justice.gov/usao-ma/pr/two-men-sentenced-role-international-money-laundering-and-drug-trafficking-conspiracy">https://www.justice.gov/usao-ma/pr/two-men-sentenced-role-international-money-laundering-and-drug-trafficking-conspiracy</a>.
\51\ See, e.g., DOJ, Press Release, Justice Department Disrupts
Hamas Terrorist Financing Scheme Through Seizure of Cryptocurrency
(Mar. 27, 2025), available at <a href="https://www.justice.gov/opa/pr/justice-department-disrupts-hamas-terrorist-financing-scheme-through-seizure-cryptocurrency">https://www.justice.gov/opa/pr/justice-department-disrupts-hamas-terrorist-financing-scheme-through-seizure-cryptocurrency</a>; United States of America v. Nine
Cryptocurrency Wallets Held by Tether Ltd. and Seven Cryptocurrency
Wallets Held by Binance Holdings Ltd., No. 24-cv-01251 (D.D.C. Nov.
13, 2025) (involving a civil forfeiture of approximately $2 million
dollars in digital currency connected to a Gaza-based money transfer
business that was involved in financially supporting Hamas).
\52\ Treasury, Press Release, Treasury Exposes Money Laundering
Network Using Digital Assets to Evade Sanctions (Dec. 4, 2024),
available at <a href="https://home.treasury.gov/news/press-releases/jy2735">https://home.treasury.gov/news/press-releases/jy2735</a>.
\53\ Financial Action Task Force (FATF), Targeted Update on
Implementation of the FATF Standards on Virtual Assets and Virtual
Assets Service Providers, ] 35 (June 2025), available at <a href="https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/2025-Targeted-Upate-VA-VASPs.pdf.coredownload.pdf">https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/2025-Targeted-Upate-VA-VASPs.pdf.coredownload.pdf</a>.
---------------------------------------------------------------------------
Some illicit transactions leveraging stablecoins involve one or
more financial institutions, such as a digital asset exchange, that are
subject to U.S. anti-money laundering and countering the financing of
terrorism (AML/CFT) obligations. In other instances, however,
stablecoin holders conduct transactions on the secondary market without
an intermediary (i.e., person-to-person) or through foreign digital
asset exchanges in jurisdictions with inadequate or no AML/CFT
obligations for such actors.\54\ BSA data indicates that financial
services providers in jurisdictions with lax AML/CFT standards use
accounts with stablecoin issuers to convert funds on behalf of their
customers from local currencies into stablecoins, which can then be
laundered and ultimately exchanged for U.S. dollars.
---------------------------------------------------------------------------
\54\ Id.
---------------------------------------------------------------------------
1. Laundering of Illicit Proceeds
Illicit actors have turned to stablecoins to launder illicit
proceeds in part because, relative to other digital assets, they are
more stable and have better liquidity.\55\ Some facilitators involved
in exchanging illicit proceeds in digital assets for fiat currency
request stablecoins instead of other digital assets.\56\
---------------------------------------------------------------------------
\55\ 2026 NMLRA, supra note 46, p. 52.
\56\ Id.
---------------------------------------------------------------------------
At times, stablecoins are one element of a complex money laundering
process that may include the use of digital asset exchanges, conversion
between stablecoins and other digital assets, and transfers between
wallets not hosted by a financial institution.\57\ For example, in June
2025, DOJ filed a civil forfeiture complaint against more than $225.3
million in stablecoins, alleging that the addresses holding those
stablecoins were part of a sophisticated money laundering network that
executed hundreds of thousands of transactions and were used to conceal
the nature, source, control, and ownership of proceeds derived from
digital asset investment fraud.\58\
---------------------------------------------------------------------------
\57\ Id.
\58\ DOJ, Press Release, Largest Ever Seizure of Funds Related
to Crypto Confidence Scams (June 18, 2025), available at <a href="https://www.justice.gov/usao-dc/pr/largest-ever-seizure-funds-related-crypto-confidence-scams">https://www.justice.gov/usao-dc/pr/largest-ever-seizure-funds-related-crypto-confidence-scams</a>.
---------------------------------------------------------------------------
Stablecoins may also appeal to illicit laundering networks because
they enable actors to rapidly move large amounts of value around the
globe.\59\ Chinese money laundering networks, which serve as the
dominant professional money laundering networks for drug trafficking
and transnational criminal organizations, are also increasingly
exchanging illicit proceeds in the form of U.S. dollars for digital
assets, particularly stablecoins, in part to avoid large intra-China
bank transfers that may raise capital flight suspicions.\60\
---------------------------------------------------------------------------
\59\ International Monetary Fund, Understanding Stablecoins, p.
30 (2025), available at <a href="https://www.imf.org/-/media/files/publications/dp/2025/english/usea.pdf">https://www.imf.org/-/media/files/publications/dp/2025/english/usea.pdf</a>.
\60\ 2026 NMLRA, supra note 46, p. 26.
---------------------------------------------------------------------------
2. Illicit Uses of Payment Stablecoins
i. Scams and Fraud
Perpetrators of scams and other fraud schemes--most notably digital
asset investment scams--use digital assets, including stablecoins, to
generate and launder illicit proceeds.\61\ The United States government
has sought seizure of substantial amounts of stablecoin, including the
$225 million forfeiture pursued by the Department of Justice as
discussed above \62\ and a $61 million seizure,\63\ in connection with
investigations into such schemes. Perpetrators and facilitators of such
scams may solicit and receive victim funds in financial accounts under
their control, convert those funds to stablecoins, and then distribute
those stablecoins to co-conspirator-controlled digital asset
wallets.\64\
---------------------------------------------------------------------------
\61\ Id. at p. 5, 52.
\62\ See Largest Ever Seizure of Funds Related to Crypto
Confidence Scams, supra note 58.
\63\ See, e.g., DOJ, Press Release, U.S. Attorney's Office EDNC
Announces Seizure of $61 Million Dollars' Worth of Cryptocurrency,
(Feb. 24, 2026), available at <a href="https://www.justice.gov/usao-ednc/pr/us-attorneys-office-ednc-announces-seizure-61-million-dollars-worth-cryptocurrency">https://www.justice.gov/usao-ednc/pr/us-attorneys-office-ednc-announces-seizure-61-million-dollars-worth-cryptocurrency</a>; see also DOJ, Press Release, Ohio Woman Loses Life
Savings in Cryptocurrency Investment Scam (Feb. 28, 2025), available
at <a href="https://www.justice.gov/usao-ndoh/pr/ohio-woman-loses-life-savings-cryptocurrency-investment-scam">https://www.justice.gov/usao-ndoh/pr/ohio-woman-loses-life-savings-cryptocurrency-investment-scam</a> (discussing seizure of $8.2
million in stablecoins); see also DOJ, Press Release, Cyber Scam
Organization Disrupted Through Seizure of Nearly $9M in Crypto (Nov.
21, 2023), available at <a href="https://www.justice.gov/usao-ndca/pr/cyber-scam-organization-disrupted-through-seizure-nearly-9m-crypto">https://www.justice.gov/usao-ndca/pr/cyber-scam-organization-disrupted-through-seizure-nearly-9m-crypto</a>.
\64\ See, e.g., Judgment, United States v. Li, 2:23-cr-596 (C.D.
Cal. Feb. 10, 2026) (defendant sentenced to 240 months); see also
DOJ, Press Release, Man Sentenced to 20 Years in Prison for role in
$73 Million Global Cryptocurrency Investment Scam (Feb. 9, 2026),
available at <a href="https://www.justice.gov/archives/opa/pr/foreign-national-pleads-guilty-laundering-millions-proceeds-cryptocurrency-investment-scams">https://www.justice.gov/archives/opa/pr/foreign-national-pleads-guilty-laundering-millions-proceeds-cryptocurrency-investment-scams</a>. See Plea, United States v. He, 2:25-cr-175 (C.D.
Cal. Apr 7, 2025); see also DOJ, Press Release, California Man
Sentenced for Role in Global Digital Asset Investment Scam
Conspiracy Resulting in Theft of More than $36.9M from Victims
(Sept. 8, 2025), available at <a href="https://www.justice.gov/opa/pr/california-man-sentenced-role-global-digital-asset-investment-scam-conspiracy-resulting">https://www.justice.gov/opa/pr/california-man-sentenced-role-global-digital-asset-investment-scam-conspiracy-resulting</a>.
---------------------------------------------------------------------------
ii. Terrorist Financing and Weapons Proliferation
Certain terrorist groups, such as the Islamic State of Iraq and
Syria-Khorasan (ISIS-K) and Hamas, use various types of digital assets,
including stablecoins.\65\ In some instances, terrorist organizations
generate revenue in digital assets, including stablecoins, through
online donation drives.\66\ One long-running online ISIS-K fundraiser,
for example, collected $2 million in stablecoins in 2022.\67\ Terrorist
groups
[[Page 18587]]
soliciting donations of digital assets turn to stablecoins to avoid the
volatility and price fluctuations that impact other digital assets and
to facilitate more seamless conversion to fiat currency.\68\
---------------------------------------------------------------------------
\65\ Treasury, 2026 National Terrorist Financing Risk
Assessment, p. 19 (Mar. 2026) [hereinafter 2026 NTFRA], available at
<a href="https://home.treasury.gov/system/files/246/2026-NTFRA.pdf">https://home.treasury.gov/system/files/246/2026-NTFRA.pdf</a>.
\66\ See, e.g., Justice Department Disrupts Hamas Terrorist
Financing Scheme Through Seizure of Cryptocurrency, supra note 51.
\67\ United Nations Security Council Counter Terrorism Committee
Executive Directorate, Evolving Trends in the Financing of Foreign
Terrorist Fighters' Activity, 2014-2024, p. 11 (Nov. 2024),
available at <a href="https://www.un.org/securitycouncil/ctc/sites/www.un.org.securitycouncil.ctc/files/cted_trends_tracker_evolving_trends_in_the_financing_of_foreign_terrorist_fighters_activity_2014_-_2024">https://www.un.org/securitycouncil/ctc/sites/www.un.org.securitycouncil.ctc/files/cted_trends_tracker_evolving_trends_in_the_financing_of_foreign_terrorist_fighters_activity_2014_-_2024</a>.
\68\ 2026 NTFRA, supra note 65, p. 26.
---------------------------------------------------------------------------
Terrorist organizations have also utilized stablecoins as a means
of transferring funds. For example, DOJ unsealed a civil forfeiture
action in July 2025 against approximately $2 million worth of digital
assets connected with a Gaza-based money transfer business that was
involved in financially supporting Hamas. The complaint describes a
detailed scheme whereby users utilized the money transfer business to
fund accounts at a digital asset exchange and to fund wallet addresses
containing stablecoins to obfuscate their financial support of
international terrorist organizations, including Hamas.\69\
---------------------------------------------------------------------------
\69\ See Justice Department Disrupts Hamas Terrorist Financing
Scheme Through Seizure of Cryptocurrency, supra note 51.
---------------------------------------------------------------------------
Iran has increasingly turned to digital assets to conduct illicit
financial activity, obtain drone components and other high-tech
equipment, accept payments for weapons, and transfer funds to
sanctioned actors in the region. Iranian illicit actors often prefer
stablecoins over other digital assets for these transactions due to
stablecoins' superior ability to finance international trade.\70\
---------------------------------------------------------------------------
\70\ FATF, Targeted Report on Stablecoins and Unhosted Wallets:
Peer-to-Peer Transactions, ] 36 (Mar. 2025), available at <a href="https://www.fatf-gafi.org/content/dam/fatf-gafi/publications/targeted-report-on-stablecoins-and-unhosted-wallets.pdf.coredownload.inline.pdf">https://www.fatf-gafi.org/content/dam/fatf-gafi/publications/targeted-report-on-stablecoins-and-unhosted-wallets.pdf.coredownload.inline.pdf</a>.
---------------------------------------------------------------------------
iii. Narcotics Production and Trafficking
Transnational criminal organizations (TCOs) also use stablecoins to
procure components for the manufacturing of illegal drugs and to
launder the proceeds of illegal drug sales. For example, Mexico-based
drug cartels are increasingly purchasing fentanyl precursor chemicals
and manufacturing equipment from People's Republic of China-based
suppliers using digital assets, including stablecoins.\71\
Additionally, prosecutors have charged that, in some cases, TCOs use
money brokers to pick up bulk cash derived from drug sales in the
United States; exchange the cash for digital assets, including
stablecoins; and send the digital assets to wallets controlled by
brokers or co-conspirators.\72\ According to DOJ, in some instances,
the digital assets are then converted into cash and delivered to cartel
leaders in Mexico and Colombia.\73\ In November 2024 for instance, DOJ
filed a civil forfeiture complaint against more than $5.5 million in
stablecoins allegedly involved in a money laundering operation related
to drug trafficking.\74\
---------------------------------------------------------------------------
\71\ FinCEN, Supplemental Advisory on the Procurement of
Precursor Chemicals and Manufacturing Equipment Used for the
Synthesis of Illicit Fentanyl and Other Synthetic Opioids, p. 9
(June 20, 2024), available at <a href="https://www.fincen.gov/system/files/advisory/2024-06-20/FinCEN-Supplemental-Advisory-on-Fentanyl-508C.pdf">https://www.fincen.gov/system/files/advisory/2024-06-20/FinCEN-Supplemental-Advisory-on-Fentanyl-508C.pdf</a>.
\72\ See, e.g., Superseding Indictment, United States v. Duarte
et al., No. 24-cr-20367 (S.D. Fla. Nov. 19, 2024).
\73\ Id.
\74\ Compl. United States v. Approximately 114,366.044785 Tether
(USDT) Cryptocurrency from Binance Account User ID Ending in 7382,
No. 24-cv-01503, (E.D. Wisc. Nov. 20, 2024); see also Decision and
Order, United States v. Approximately 114,366.044785 Tether (USDT)
Cryptocurrency from Binance Account User ID Ending in 7382, No. 24-
cv-01503, (E.D. Wisc. Feb. 6, 2026) (default judgment ordering
assets to be forfeited).
---------------------------------------------------------------------------
3. Sanctions Evasion
Sanctions evasion and money laundering networks have leveraged
stablecoins to move funds on behalf of numerous sanctioned actors,
including Russian elites, sanctioned digital asset exchanges, the DPRK
government, Iranian actors, foreign terrorist organizations, and global
terrorists. For example, in December 2024, OFAC designated as Specially
Designated Nationals (SDNs) five individuals and four entities that are
associated with or leverage the TGR Group, a sprawling international
network of businesses and employees that works to obfuscate the illicit
activities of its clients, which include sanctioned Russian elites,
including by facilitating exchanges of bulk cash for stablecoins.\75\
---------------------------------------------------------------------------
\75\ Treasury, Press Release, Treasury Exposes Money Laundering
Network Using Digital Assets to Evade Sanctions (Dec. 4, 2024),
available at <a href="https://home.treasury.gov/news/press-releases/jy2735">https://home.treasury.gov/news/press-releases/jy2735</a>.
---------------------------------------------------------------------------
Additionally, in August 2025, OFAC redesignated as an SDN Garantex
Europe OU (Garantex), a virtual currency exchange that directly
facilitated notorious ransomware actors and other cybercriminals by
processing over $100 million in transactions linked to illicit
activities since 2019.\76\ Garantex was originally designated as an SDN
in April 2022.\77\ According to an indictment against two Garantex
operators, Garantex, beginning in and around early 2023, maintained at
least some of its operational accounts in stablecoins.\78\ The
operators allegedly moved the exchange's operational wallets storing
stablecoins to a new digital asset wallet on a daily basis to evade
detection by blockchain analytics services.\79\
---------------------------------------------------------------------------
\76\ Treasury, Press Release, Treasury Sanctions Cryptocurrency
Exchange and Network Enabling Sanctions Evasion and Cyber Criminals
(Aug. 14, 2025), available at <a href="https://home.treasury.gov/news/press-releases/sb0225">https://home.treasury.gov/news/press-releases/sb0225</a>.
\77\ Treasury, Press Release, Treasury Sanctions Russia-Based
Hydra, World's Largest Darknet Market, and Ransomware-Enabling
Virtual Currency Exchange Garantex (Apr. 05, 2022), available at
<a href="https://home.treasury.gov/news/press-releases/jy0701">https://home.treasury.gov/news/press-releases/jy0701</a>.
\78\ Indictment ] 29, United States v. Besciokov and Mira Serda,
No. 25-cr-39, (E.D. Va. Feb. 27, 2025), <a href="https://www.justice.gov/opa/media/1392316/dl">https://www.justice.gov/opa/media/1392316/dl</a>.
\79\ Id.
---------------------------------------------------------------------------
The U.S. government has pursued cases involving DPRK IT workers and
co-conspirators involved in money laundering alleged to have leveraged
stablecoins as part of schemes to evade sanctions and generate revenue
for the DPRK regime, in part because they found stablecoins susceptible
to laundering. For example, in June 2025, a forfeiture complaint
alleged that the DPRK government generated digital assets, in part,
through remote work done by DPRK IT workers deployed around the
globe.\80\ The complaint also alleges that DPRK IT workers requested to
be paid in stablecoins because they (and their alleged money laundering
co-conspirators) retain a consistent value and can more easily trade
stablecoins for fiat currency.\81\
---------------------------------------------------------------------------
\80\ Compl. ]] 48-49, United States v. Virtual Currency
Associated with North Korean IT Worker Money Laundering and
Sanctions Evasion Conspiracies, No. 25-cv-1769, (D.D.C. June 5,
2025).
\81\ Id. at ]] 50, 59.
---------------------------------------------------------------------------
The U.S. government has identified the use of stablecoin connected
to Iranian actors' provision of material support to the Iranian
Revolutionary Guard Corps (IRGC). For example, in September 2025, DOJ
filed a civil forfeiture action to recover approximately $584,741 in
stablecoins alleged to be the property of Mohammad Abedininajafabadi or
of his company,\82\ who was charged with conspiring to export
sophisticated electronic components from the United States to Iran in
violation of U.S. export control and sanctions laws.\83\ Additionally,
in sanctions actions targeting Iran's IRGC-Quds Force-backed Ansarallah
(Houthi) operatives, OFAC has identified digital asset wallet addresses
that have been used by the Houthis to transfer funds
[[Page 18588]]
associated with their activities. Many of the identified wallet
addresses have been used to transact stablecoins.\84\ Furthermore, on
January 30, 2026, OFAC designated as SDNs two UK-based exchanges with
connections to notorious Iranian financier Babak Zanjani.\85\ These
exchanges processed approximately $1 billion in funds linked to the
IRGC. One of the designated exchanges, Zedxion Exchange, Ltd., issued a
stablecoin.\86\
---------------------------------------------------------------------------
\82\ DOJ, Press Release, United States Seeks Civil Forfeiture of
Cryptocurrency Associated with Iranian National Mohammad Abedini
(Sept. 11, 2025), available at <a href="https://www.justice.gov/usao-ma/pr/united-states-seeks-civil-forfeiture-cryptocurrency-associated-iranian-national-mohammad">https://www.justice.gov/usao-ma/pr/united-states-seeks-civil-forfeiture-cryptocurrency-associated-iranian-national-mohammad</a>.
\83\ Compl., United States v. Sadeghi and Abedininajafabadi, No.
24-cr-10391 (D. Mass. Dec. 13, 2024).
\84\ See, e.g., Treasury, Press Release, Treasury Sanctions
Houthi Network Procuring Weapons and Commodities from Russia (Apr.
2, 2025), available at <a href="https://home.treasury.gov/news/press-releases/sb0068">https://home.treasury.gov/news/press-releases/sb0068</a>; Treasury, Counter Terrorism Designations and
Designation Update; Russia-related Designation Removal; Reports for
Licensing Activities Undertaken Pursuant to the Trade Sanctions
Reform and Export Enhancement Act (TSRA) (Apr. 2, 2024), available
at <a href="https://ofac.treasury.gov/recent-actions/20250402">https://ofac.treasury.gov/recent-actions/20250402</a>.
\85\ Treasury, Press Release, Treasury Sanctions Iranian Regime
Officials for Violent Repression and Corruption (Jan. 30, 2026),
available at <a href="https://home.treasury.gov/news/press-releases/sb0375">https://home.treasury.gov/news/press-releases/sb0375</a>.
\86\ See TRM Labs, How Two UK-registered Companies Moved Over a
Billion in Stablecoins for the IRGC (Jan. 9, 2026), available at
<a href="https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc">https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc</a>.
---------------------------------------------------------------------------
V. Existing Regulatory Framework for Stablecoin Issuers
A. Existing Bank Secrecy Act Obligations
Currently, stablecoin issuers generally are subject to BSA
obligations as financial institutions, specifically money transmitters,
which are a type of MSB. The BSA statutory definition of ``financial
institution'' includes a ``person who engages as a business in the
transmission of currency, funds, or value that substitutes for
currency.'' \87\ FinCEN's regulations define ``money services
business,'' one category of which is a ``money transmitter'' that
``provides money transmission services.'' \88\ ``Money transmission
services'' is in turn defined as ``the acceptance of currency, funds,
or other value that substitutes for currency from one person and the
transmission of currency, funds or other value that substitutes for
currency to another location or person by any means.'' \89\ ``Value
that substitutes for currency'' includes ``virtual'' currencies (also
called convertible virtual currencies or ``CVCs''), such as
stablecoins, that either have an equivalent value in real currency or
act as a substitute for real currency.\90\ FinCEN has further clarified
that, unless a limitation or exception applies, persons engaged in
issuing and redeeming a virtual currency (i.e., ``administrators'') are
money transmitters and thus subject to BSA obligations as MSBs.\91\
Stablecoin issuers are, thus, money transmitters because they, for
example, issue and redeem virtual currencies and accept and transmit
value that substitutes for currency when issuing and converting,
redeeming, or repurchasing stablecoins.
---------------------------------------------------------------------------
\87\ 31 U.S.C. 5312(a)(2)(J), 5312(a)(2)(R) (defining, in part,
a ``financial institution'' a ``business engaged in the exchange of
currency, funds, or value that substitutes for currency or funds,''
or ``a licensed sender of money or any other person who engages as a
business in the transmission of currency, funds, or value that
substitutes for currency''). As part of the AML Act, Congress
amended 31 U.S.C. 5312 to add this ``value that substitutes for
currency'' language. See Public Law 116-283, sec. 6102(d), 134 Stat.
4547 (2021). In the AML Act, Congress also reaffirmed FinCEN's
existing regulatory framework applying MSB obligations to persons
engaged in certain activities related to ``value that substitutes
for currency,'' including the issuing and redeeming of virtual
currencies. See FinCEN, Bank Secrecy Act Regulations; Definitions
and Other Regulations Relating to Money Services Businesses, 76 FR
43585, 43586 (July 21, 2011); see also FinCEN Guidance, FIN-2013-
G001, Application of FinCEN's Regulations to Persons Administering,
Exchanging, or Using Virtual Currencies (Mar. 18, 2013) [hereinafter
2013 CVC Guidance], available at <a href="https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-persons-administering">https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-persons-administering</a>; FinCEN, FIN-2019-G001, Application of
FinCEN's Regulations to Certain Business Models Involving
Convertible Virtual Currencies (May 9, 2019) [hereinafter 2019 CVC
Guidance], available at <a href="https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models">https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models</a>.
\88\ 31 CFR 1010.100(ff)(5).
\89\ 31 CFR 1010.100(ff)(5)(i)(A) (emphasis in original).
\90\ 2013 CVC Guidance, supra note 87, p 3.
\91\ See id. at p. 2 (concluding administrators are generally
MSBs and stating that ``An administrator is a person engaged as a
business in issuing (putting into circulation) a virtual currency,
and who has the authority to redeem (to withdraw from circulation)
such virtual currency''); see also 2019 CVC Guidance, supra note 87,
p. 13.
---------------------------------------------------------------------------
As MSBs, stablecoin issuers are currently subject to a range of BSA
obligations. MSBs are required to, for instance: (i) establish written
AML programs; \92\ (ii) file currency transaction reports (CTRs) \93\
and SARs; \94\ and (iii) maintain certain records, including those
relating to certain transmittals of funds.\95\ MSBs are subject to
examination for BSA compliance by the Internal Revenue Service (IRS)
under a delegation of authority by FinCEN.\96\
---------------------------------------------------------------------------
\92\ See 31 CFR 1022.210.
\93\ See 31 CFR 1022.310.
\94\ See 31 CFR 1022.320.
\95\ See 31 CFR 1022.400, 1010.410(e)-(f).
\96\ See 31 CFR 1010.810(b)(8).
---------------------------------------------------------------------------
As required by the GENIUS Act, FinCEN is proposing certain
obligations that differ in some material respects from current
obligations that stablecoin issuers are subject to as MSBs, as well as
some PPSI-specific obligations required by the GENIUS Act. However, in
many respects, FinCEN expects that the proposed requirements for PPSIs
would be comparable to stablecoin issuers' existing requirements as
MSBs.
B. Existing Sanctions Obligations
The GENIUS Act provides that PPSIs are persons \97\ formed in the
United States \98\ and that PPSIs shall be subject to ``all Federal
laws applicable to a financial institution located in the United States
relating to economic sanctions.'' \99\ Because the GENIUS Act requires
PPSIs to be formed in the United States, PPSIs will be ``U.S. persons''
under existing OFAC regulations \100\ once the Act takes effect.\101\
Therefore, stablecoin issuers qualifying as PPSIs will be subject to
the same U.S. sanctions obligations that currently apply to all other
U.S. persons, including those that are stablecoin issuers.
---------------------------------------------------------------------------
\97\ 12 U.S.C. 5901(24) (defining a ``person'' as ``an
individual, partnership, company, corporation, association, trust,
estate, cooperative organization, or other business entity,
incorporated or unincorporated'').
\98\ 12 U.S.C. 5901(23) (defining a ``permitted payment
stablecoin issuer'' as ``a person formed in the United States that
is--(A) a subsidiary of an insured depository institution that has
been approved to issue payment stablecoins under 12 U.S.C. 5904; (B)
a Federal qualified payment stablecoin issuer; or (C) a State
qualified payment stablecoin issuer'').
\99\ See 12 U.S.C. 5903(a)(5)(A).
\100\ See, e.g., 31 CFR 510.326, 555.313, 583.314.
\101\ See 12 U.S.C. 5901(23).
---------------------------------------------------------------------------
As discussed in section II.C, U.S. sanctions require U.S. persons,
including U.S. person stablecoin issuers, to block the property and
interests in property of blocked persons that are in their possession
or control and report them to OFAC. This blocking prohibition requires
U.S. persons, including those that are stablecoin issuers, to ensure
that property and interests in property of such blocked persons,
including stablecoins, that are in their possession or control are not
transferred, withdrawn, or otherwise dealt in, unless authorized by
OFAC or exempt. More broadly, U.S. persons, including those that are
stablecoin issuers, are also generally prohibited from engaging in most
transactions with blocked persons, including making any contribution or
provision of funds, goods, or services to or for the benefit of blocked
persons or receiving any contribution or funds, goods, or services from
blocked persons, unless authorized by OFAC or exempt. Blocked persons
subject to these restrictions include individuals and entities listed
on OFAC's Specially Designated Nationals and Blocked Persons List
(``SDN
[[Page 18589]]
List'').\102\ In addition, any entities that are owned, directly or
indirectly, individually or in the aggregate, 50 percent or more by one
or more blocked persons are also blocked and subject to the above
restrictions, even if they are not specifically named on OFAC's SDN
List.\103\
---------------------------------------------------------------------------
\102\ See OFAC, Specially Designated Nationals List, available
at <a href="https://sanctionslist.ofac.treas.gov/Home/SdnList">https://sanctionslist.ofac.treas.gov/Home/SdnList</a>.
\103\ See OFAC, Revised Guidance on Entities Owned by Persons
Whose Property and Interests in Property Are Blocked (Aug. 13,
2014), available at <a href="https://ofac.treasury.gov/media/6186/download?inline">https://ofac.treasury.gov/media/6186/download?inline</a>.
---------------------------------------------------------------------------
There are a variety of scenarios where these prohibitions apply to
U.S. person stablecoin issuers. For example, U.S. person stablecoin
issuers are generally prohibited from engaging in primary market
activities with blocked persons, such as issuing stablecoins to blocked
persons or redeeming stablecoins belonging to blocked persons; such
transactions, if consummated, would constitute a prohibited dealing in
blocked property, unless authorized or exempt. In such instances, a
stablecoin issuer is required to block these stablecoins because the
blocked person has a property interest in the stablecoin and such
stablecoins are in the possession or control of the stablecoin issuer,
a U.S. person, at the time of the transaction. To effectively block
such stablecoins, the stablecoin issuer must ensure that it has denied
all parties access to the stablecoins, ensure that it complies with
OFAC regulations related to the holding and reporting of blocked assets
(discussed further below), and implement controls that align with a
risk-based approach.\104\
---------------------------------------------------------------------------
\104\ See OFAC, Frequently Asked Question 646, available at
<a href="https://ofac.treasury.gov/faqs/646">https://ofac.treasury.gov/faqs/646</a>.
---------------------------------------------------------------------------
U.S. person stablecoin issuers are also prohibited from engaging in
secondary market activities with blocked persons. For example, a U.S.
person stablecoin issuer would engage in a prohibited provision of
services to a blocked person if it allowed the blocked person to engage
with the stablecoin issuer's smart contract to facilitate trades of
stablecoins on the secondary market. In this instance, the stablecoin
issuer would also be required to block such stablecoins because the
blocked person has an interest in the stablecoins, which the issuer
controls via its smart contract.
OFAC sanctions prohibitions may also take other forms that do not
require blocking but prohibit U.S. persons, including stablecoin
issuers, from engaging in trade or financial transactions or other
dealings with certain persons or geographic regions or countries, such
as North Korea, Cuba, Iran, and Crimea, unless authorized by OFAC or
exempt.\105\ In cases where an underlying transaction is prohibited but
there is no blockable interest, all U.S. persons, including those that
are stablecoin issuers, are required to reject such transactions and
report them to OFAC. For example, U.S. sanctions against Iran generally
prohibit U.S. persons from directly or indirectly providing services to
persons in Iran, unless otherwise authorized or exempt.\106\
Accordingly, U.S. person stablecoin issuers are generally prohibited
from engaging in primary or secondary market activities with persons in
Iran, including issuing stablecoins to persons in Iran, redeeming
stablecoins of persons in Iran, or allowing persons in Iran to engage
with the issuer's smart contracts to facilitate trades of stablecoins,
as any of these activities would constitute a provision of financial
services to Iran. However, unlike when a blocked person is directly or
indirectly involved in a transaction, a stablecoin issuer would only be
required to reject such transactions and report them to OFAC.
---------------------------------------------------------------------------
\105\ See 31 CFR part 510, part 515, part 560, part 589.
\106\ See 31 CFR 560.204, 560.410, 560.427.
---------------------------------------------------------------------------
OFAC's regulations also require U.S. persons, including stablecoin
issuers, to comply with certain reporting and recordkeeping
requirements, pursuant to OFAC's Reporting, Procedures and Penalties
Regulations (RPPR).\107\ Among other requirements, the RPPR require
U.S. persons, including stablecoin issuers, to submit reports of
blocked property and rejected transactions to OFAC within 10 business
days and annual reports of blocked property by September 30 each
year.\108\ Persons engaging in transactions subject to the provisions
of OFAC's regulations are also required to preserve such records for at
least 10 years.\109\
---------------------------------------------------------------------------
\107\ See 31 CFR part 501.
\108\ See 31 CFR 501.603, 501.604.
\109\ See 31 CFR 501.601.
---------------------------------------------------------------------------
OFAC's basic regulatory requirement for all U.S. persons, including
those that are stablecoin issuers, is that they do not violate the
sanctions that OFAC administers. The ramifications of non-compliance,
inadvertent or otherwise, can jeopardize critical foreign policy and
national security goals. Violations of OFAC sanctions may result in the
imposition of civil or criminal penalties. OFAC may impose civil
penalties for sanctions violations on a strict liability basis, meaning
that U.S. persons, including those that are stablecoin issuers, may be
held civilly liable for sanctions violations even if such person did
not know or have reason to know that it was engaging in a prohibited
transaction.
As a general matter, however, OFAC also takes into consideration
the totality of facts and circumstances surrounding an apparent
violation to determine the appropriate enforcement response. OFAC's
Economic Sanctions Enforcement Guidelines, 31 CFR part 501, Appendix A
(``Enforcement Guidelines''), lay out a set of 11 factors that OFAC
will generally consider in determining the appropriate administrative
action in response to an apparent violation of U.S. sanctions,
including the amount of the penalty, to the extent that a civil
monetary penalty is appropriate.\110\ Any of the 11 factors may be
considered aggravating or mitigating and may therefore result in
adjustments to the proposed penalty. One of those factors includes the
existence, nature, and adequacy of a subject person's risk-based
sanctions compliance program at the time of the apparent violation.
Accordingly, when applying the Enforcement Guidelines to a given
factual situation, OFAC considers favorably the presence of an
effective sanctions compliance program at the time of an apparent
violation.
---------------------------------------------------------------------------
\110\ 31 CFR part 501, Appendix A.
---------------------------------------------------------------------------
VI. Proposed AML/CFT Regulation
This proposed rule implements the GENIUS Act's requirement that
PPSIs be treated as financial institutions under the BSA. In doing so,
it applies the BSA obligations currently applicable to existing
financial institutions that are specifically enumerated in the GENIUS
Act,\111\ other quintessential BSA obligations, and GENIUS Act
obligations specific to PPSIs. It also proposes regulatory
infrastructure, including definitions, to effectuate the obligations.
---------------------------------------------------------------------------
\111\ Although specifically enumerated in the GENIUS Act, this
proposed rule does not impose a customer identification program
obligation, which is the subject of a separate rulemaking.
---------------------------------------------------------------------------
In crafting this proposed rule, FinCEN is mindful that some
entities may transition from the current MSB framework to the new PPSI
framework. FinCEN is also cognizant that some PPSIs will be closely
affiliated with or part of institutions with existing BSA obligations.
To promote regulatory clarity and efficiency, FinCEN used its well-
established regulatory obligations for banks, MSBs, and other financial
institutions as points of reference for its proposed PPSI obligations.
A. Permitted Payment Stablecoin Issuers
Before turning to the specifics of the proposed regulation, FinCEN
first outlines several broader considerations
[[Page 18590]]
that impact how FinCEN proposes to regulate PPSIs and how it expects
PPSIs will operationalize the proposed obligations. FinCEN first
explains its assessment of how PPSI activities compare to those of
other types of financial institutions defined in the BSA and proposes
using its authority under 31 U.S.C. 5312(a)(2)(Y). It then describes
how entities that are PPSIs may relate to other categories of BSA-
defined financial institutions. Finally, FinCEN briefly discusses how
it is proposing to apply obligations with regards to different types of
market activity.
1. Defining PPSI as a Type of Financial Institution
The GENIUS Act directs that a ``permitted payment stablecoin issuer
shall be treated as a financial institution for purposes of the Bank
Secrecy Act'' and ``shall be subject to all Federal laws applicable to
a financial institution located in the United States relating to . . .
prevention of money laundering.'' \112\ However, the GENIUS Act does
not specify how PPSIs should be mechanically codified into the existing
BSA framework.
---------------------------------------------------------------------------
\112\ 12 U.S.C. 5903(a)(5)(A).
---------------------------------------------------------------------------
The BSA defines ``financial institution'' as a range of entities,
all of which could be subject to statutory obligations and FinCEN's
regulations.\113\ These institutions include insured banks; commercial
banks and trust companies; businesses engaged in the exchange of
currency, funds, or value that substitutes for currency or funds; and
any person who engages as a business in the transmission of currency,
funds, or value that substitutes for currency.\114\ Notably,
designation as a ``financial institution'' under 31 U.S.C. 5312(a)(2)
affects treatment not only under the BSA but also under other statutes
that address money laundering or predicate crimes that can underpin
money laundering. These laws include those relating to federal third-
party subpoenas \115\ to access to financial records by U.S. law
enforcement,\116\ criminal money laundering \117\ and terrorist
financing offenses,\118\ as well as other provisions of federal and
state law.\119\
---------------------------------------------------------------------------
\113\ See 31 U.S.C. 5312(a)(2); see also, e.g., 31 U.S.C. 5318.
\114\ 31 U.S.C. 5312(a)(2)(A), (B), (J), (R).
\115\ 18 U.S.C. 986(a).
\116\ 12 U.S.C. 3414.
\117\ 18 U.S.C. 1956.
\118\ 18 U.S.C. 2339B.
\119\ See, e.g., 50 U.S.C. 3164(5) (defining financial
institution for purposes of subchapter); Ariz. Rev. Stat. Ann. 6-
1241(3) (defining money transmitter under Arizona law by referencing
``financial institution'' as defined under 31 U.S.C 5312).
---------------------------------------------------------------------------
In the BSA, Congress provided authority for FinCEN to, through
regulation, expand the categories of financial institutions enumerated
in 31 U.S.C. 5312(a)(2) to include a business engaging in activities
``similar to, related to, or a substitute for'' the activities of an
enumerated financial institution.\120\ FinCEN has determined that PPSIs
provide services that are similar to or related to services authorized
to be provided by BSA-defined financial institutions, and is
accordingly, proposing to exercise its authority under 31 U.S.C.
5312(a)(2)(Y). Doing so fulfills Congress's directive that PPSIs be
subject to ``all Federal laws'' applicable to financial institutions
related to money laundering; promotes consistent treatment of PPSIs
under federal and state laws that reference the BSA definition of
``financial institution;'' and reduces uncertainty for PPSIs, their
prudential regulators, law enforcement, and other market participants.
---------------------------------------------------------------------------
\120\ 31 U.S.C. 5312(a)(2)(Y).
---------------------------------------------------------------------------
As discussed in this proposal, stablecoin issuers are currently
regulated under the BSA and FinCEN's implementing regulations as money
transmitters, a type of MSB, and MSBs fall under the definition of a
financial institution.\121\ In that capacity, issuers engage in the
transmission of currency, funds, or value that substitutes for
currency. Under the GENIUS Act's regime, PPSIs will continue to perform
these kinds of activities when issuing or redeeming a payment
stablecoin. Additionally, the GENIUS Act explicitly preserves the
ability of PPSIs to engage in MSB-like activities, including exchanging
digital assets for monetary value, exchanging digital assets for other
digital assets, and transferring digital assets to a third party, so
long as the activity is authorized by the PPSI's primary Federal
payment stablecoin regulator or State payment stablecoin regulator and
consistent with all other federal and state laws.\122\
---------------------------------------------------------------------------
\121\ See 31 U.S.C. 5312(a)(2)(R); 31 CFR 1010.100(t)(3),
(ff)(5).
\122\ See 12 U.S.C. 5903(a)(7)(B) (including as a rule of
construction that ``Nothing in [12 U.S.C. 5903(a)(7)(A)] shall limit
a permitted payment stablecoin issuer from engaging in payment
stablecoin activities or digital asset service provider activities .
. . that are authorized by the primary Federal payment stablecoin
regulator or the State payment stablecoin regulator, as applicable,
consistent with all other Federal and State laws, provided that the
claims of payment stablecoin holders rank senior to any potential
claims of non-stablecoin creditors with respect to the reserve
assets. . . .'').
---------------------------------------------------------------------------
The activities of MSBs can overlap substantially with those of
other types of financial institutions, particularly banks. Indeed, so
significantly can the activities of these two types of financial
institutions overlap that FinCEN carved out MSBs from its regulatory
definition of ``bank'' (and vice versa), making them mutually
exclusive.\123\ Just as the business activities of MSBs overlap
substantially with those of banks, the business activities of PPSIs can
overlap with those of banks. Notably, at least some PPSIs may have bank
charters,\124\ and PPSIs' activities have similarities to the business
activities of more ``conventional'' or ``traditional'' banks. For
example, the GENIUS Act authorizes PPSIs to custody payment stablecoins
and, thus, like some banks, PPSIs will hold assets for customers.\125\
Accordingly, in critical respects, PPSIs may offer services that are
similar to some services provided by some banks.
---------------------------------------------------------------------------
\123\ See 31 CFR 1010.100(d)(7) (defining a bank, in part, as
``Any other organization (except a money services business)
chartered under the banking laws of any state and subject to the
supervision of the bank supervisory authorities of a State''),
1010.100(ff)(8)(i) (definition of money services business ``shall
not include . . . a bank or foreign bank'').
\124\ See 12 U.S.C. 5901(11)(B) (including uninsured national
banks within the definition of ``Federal qualified payment
stablecoin issuer,'' a type of PPSI under 12 U.S.C. 5901(23)(B)).
\125\ See 12 U.S.C. 5903(a)(7)(A)(iii)-(v).
---------------------------------------------------------------------------
In addition, it is expected PPSIs will often operate in close
coordination with other financial institutions, i.e., they will engage
in activities related to the activities of BSA-defined financial
institutions. For example, some PPSIs may partner with digital asset
exchanges (i.e., MSBs) and other financial institutions to distribute
payment stablecoins or facilitate their use in payments. It is expected
that some PPSIs may also rely on banks and other financial institutions
to perform key fiat on- and off-ramp functions, such as accepting fiat
currency from a bank account when payment stablecoins are issued or
transmitting fiat currency to a bank account when payment stablecoins
are redeemed. PPSIs often may maintain their own bank accounts, with
bank deposits comprising permissible reserve assets backing outstanding
stablecoins.\126\ These interconnections reinforce certain functional
similarities between PPSIs and other BSA-regulated financial
institutions.
---------------------------------------------------------------------------
\126\ See 12 U.S.C. 5903(a)(1)(A)(ii).
---------------------------------------------------------------------------
In light of the GENIUS Act's directive, the existing treatment of
many stablecoin issuers as MSBs, the functional similarities between
PPSIs and BSA-defined financial institutions, and, the
interconnectedness between PPSIs and BSA-defined financial
institutions, FinCEN has determined that PPSIs engage in activities
that are ``similar to'' as well as ``related to'' financial services in
which other
[[Page 18591]]
financial institutions identified in 31 U.S.C. 5312(a)(2) are
authorized to engage, and thus proposes exercising its 31 U.S.C.
5312(a)(2)(Y) authority to expressly define PPSIs as financial
institutions under the BSA.
2. PPSIs' Relationship to Other Types of Financial Institutions
PPSIs will be uniquely positioned relative to other kinds of
financial institutions. In some cases, PPSIs may be subsidiaries of
depository institutions. In other cases, a single institution may be
subject to BSA obligations as both a bank and a PPSI. Stablecoin
issuers that may become PPSIs are currently regulated as MSBs. FinCEN
seeks to promote a clear and efficient BSA regulatory regime and,
accordingly, outlines its current thinking regarding how a PPSI's
obligations will interact with the obligations of other BSA-regulated
institutions. FinCEN seeks comment on its proposed approaches.
i. Subsidiaries of Insured Depository Institutions
Under the GENIUS Act, one of the three subcategories of PPSIs is a
``subsidiary of an insured depository institution,'' which includes
insured depository institutions (as defined by 12 U.S.C. 1813) and
insured credit unions.\127\ Because all insured depository institutions
in the United States are subject to regulation under the BSA, at least
some PPSIs will likely be the subsidiaries of parents that are subject
to their own AML/CFT obligations under FinCEN's regulations.\128\ PPSIs
that are subsidiaries of insured depository institutions in the United
States may be required by certain Federal functional regulators to
generally comply with a parent entity's AML/CFT obligations. The
question naturally arises whether, and if so how, the parent's AML/CFT
program obligation affects that of the subsidiary PPSI and, conversely,
how the subsidiary PPSI's obligations under this proposed rule could
affect that of the parent. Overall, FinCEN expects that the
similarities among its regulations will facilitate coordination between
subsidiary and parent, and conversely, how the subsidiary PPSI's
program under this proposed rule affects that of the parent.
---------------------------------------------------------------------------
\127\ See 12 U.S.C. 5901(23)(A); 12 U.S.C. 5901(15) (defining
``insured depository institution'' as ``(A) an insured depository
institution, as defined in section 3 of the Federal Deposit
Insurance Act (12 U.S.C. 1813); and (B) an insured credit union'');
see infra section VI.C.1.ix (discussing proposed definition of
permitted payment stablecoin issuer).
\128\ See 12 U.S.C. 5901(23)(A); 31 CFR part 1020.
---------------------------------------------------------------------------
Under this proposed rule and FinCEN's existing regulations, FinCEN
expects its regulations that are applicable to a parent insured
depository institution and its subsidiary PPSI could be similar to one
another. If so, a PPSI and its parent would be able to coordinate
compliance practices and share compliance resources, and the PPSI, as
part of the insured depository institution as a whole, can leverage the
parent's program. For example, FinCEN is proposing to impose an AML/CFT
program on PPSIs that largely mirrors its proposed programs for
banks.\129\ FinCEN recognizes the value of enterprise-wide compliance
efforts, but also that such efforts must account for obligations unique
to a particular entity. For example, where a PPSI is a subsidiary of an
insured depository institution, FinCEN anticipates that the enterprise
may elect to extend a single AML/CFT program to both entities. FinCEN
assesses that doing so would be permissible so long as a comprehensive
AML/CFT program is reasonably designed to identify and mitigate the
risks posed by the different aspects of each entity's business and
activities and satisfies each of the AML/CFT program and other BSA
requirements to which the PPSI and parent are subject.
---------------------------------------------------------------------------
\129\ See infra section VI.C.3.
---------------------------------------------------------------------------
Where a PPSI is subject to obligations that differ from those of
its parent, a PPSI must comply with the PPSI-specific provision. For
instance, as the GENIUS Act directs and this proposed rule would
require, a PPSI must have the ``technical capabilities, policies, and
procedures to block, freeze, and reject specific or impermissible
transactions that violate Federal or State laws, rules, or
regulations.'' \130\ That statutory requirement will necessarily mean a
PPSI must have internal policies, procedures, and controls to comply
with the obligation to block, freeze, and reject applicable
transactions, which could be part of enterprise-wide policies and
procedures or unique in the corporate structure to PPSIs.\131\
---------------------------------------------------------------------------
\130\ 12 U.S.C. 5903(a)(5)(A)(iv).
\131\ Id.; see also infra section VI.C.6 for a discussion of
additional technical capabilities, policies, and procedure
requirements specific to PPSIs.
---------------------------------------------------------------------------
It is also possible that a subsidiary PPSI may be subject to an
obligation parallel to that of its parent in a situation where a
Federal functional regulator requires a subsidiary to comply with its
parent's regulatory obligations. FinCEN addressed such a situation in a
2012 administrative ruling.\132\ When FinCEN issued that ruling, loan
and finance companies had just been added to the list of financial
institutions under the BSA, and FinCEN had just issued regulations
requiring loan and finance companies to develop and implement written
AML programs.\133\ FinCEN's ruling stated that when a loan or finance
company subsidiary and a parent financial institution are subject to
the same rule and are examined by the same regulator, the subsidiary is
``deemed to comply with FinCEN's regulations[.]'' \134\ FinCEN requests
comment on whether it would be appropriate to apply the logic of this
administrative ruling to PPSIs that are subsidiaries of insured
depository institutions, or conversely whether the holding of the
administrative ruling should be broadened to apply to subsidiaries and
parents that are subject to similar rules but not the same rule. FinCEN
also requests comment on whether it is proposing any obligations on
PPSIs that would conflict with existing obligations of an insured
depository institution such that complying with both would be legally
or practically impossible.
---------------------------------------------------------------------------
\132\ FinCEN, FIN-2012-R005, Compliance Obligations of Certain
Loan or Finance Company Subsidiaries of Federally Regulated Banks
and Other Financial Institutions (Aug. 13, 2012) available at
<a href="https://www.fincen.gov/system/files/administrative_ruling/FIN-2012-R005.pdf">https://www.fincen.gov/system/files/administrative_ruling/FIN-2012-R005.pdf</a>.
\133\ See FinCEN, Anti-Money Laundering Program and Suspicious
Activity Report Filing Requirements for Residential Mortgage Lenders
and Originators, 77 FR 8157 (Feb. 14, 2012).
\134\ FinCEN, FIN-2012-R005, supra note 132, p. 2.
---------------------------------------------------------------------------
ii. Uninsured National Banks
The GENIUS Act also permits certain uninsured national banks to be
PPSIs.\135\ Such an institution would potentially be subject to BSA
obligations both as a bank and as a PPSI. Much like with PPSIs that are
a subsidiary of an insured depository institution, FinCEN expects that
its efforts to harmonize obligations for various types of financial
institutions will facilitate such an entity's ability to efficiently
comply with both bank and PPSI obligations. Moreover, as explained
below, some of the obligations proposed in this rule are similar to
those currently imposed on banks. Where obligations differ, an
institution that is both a bank and a PPSI, however, will be required
to comply with both sets of obligations. FinCEN requests comment on
whether it is proposing any obligations that would
[[Page 18592]]
conflict with existing obligations such that complying with both would
be legally or practically impossible. FinCEN also requests comment on
whether it can take steps to promote efficiencies where a single entity
is subject to two obligations.
---------------------------------------------------------------------------
\135\ See 12 U.S.C. 5901(11)(B); see also Implementing the
Guiding and Establishing National Innovation for U.S. Stablecoins
Act for the Issuance of Stablecoins by Entities Subject to the
Jurisdiction of the Office of the Comptroller of the Currency, 91 FR
10202, 10232, 10296 (Mar. 2, 2026).
---------------------------------------------------------------------------
iii. Money Services Businesses
Finally, the activities in which PPSIs will engage constitute money
transmission, the logic under which stablecoin issuers are currently
regulated as MSBs. To limit overlapping obligations and confusion,
FinCEN proposes affirmatively carving out PPSIs from the definition of
MSB.\136\ FinCEN requests comment on whether this carve out is
appropriate and results in any ambiguity.
---------------------------------------------------------------------------
\136\ See infra section VI.C.1.ii.
---------------------------------------------------------------------------
This carve out only applies to PPSIs, and not to other persons
engaged in activities involving the issuance of stablecoins that are
not payment stablecoins. In general, FinCEN is not changing the
regulatory framework that currently applies to activities involving
CVCs and to entities other than PPSIs engaging in those activities. For
example, stablecoin issuers that issue tokens that are not payment
stablecoins, i.e., value that substitutes for currency, will remain
subject to the MSB framework. Other than changes specific to PPSIs,
FinCEN does not intend for this proposal to change any aspect of
FinCEN's framework relating to value that substitutes for currency or
entities that engage in activity related to the same.
B. Obligations for Primary and Secondary Market Activity
FinCEN is proposing that some PPSI obligations will apply to the
secondary market, while others will not. In doing so, FinCEN has
attempted to balance what it currently assesses is the burden of
secondary market obligations against the prospective benefit. FinCEN is
proposing applying secondary market obligation where PPSIs can most
directly mitigate illicit finance in the U.S. financial system. Notably
both obligations where FinCEN is proposing secondary market obligations
are imposed on PPSIs directly by the GENIUS Act. FinCEN is proposing
PPSIs have obligations with regards to the secondary market as part of
technical capabilities and policies and procedures to block, freeze,
and reject impermissible transactions and technical capabilities to
comply, and complying, with the terms of lawful orders. In some cases,
stablecoin issuers already have such capabilities and leverage them to
comply with existing law.
In contrast, FinCEN is not proposing to require a PPSI as part of
an AML/CFT program to monitor secondary market activity, although a
PPSI will be required to understand the risk its customers pose as part
of its due diligence, as well as its distribution channels, including
the blockchains on which its payment stablecoins are deployed. FinCEN
is also not proposing to require PPSIs to file SARs on secondary market
transactions as FinCEN has preliminarily assessed that the burden of
requiring PPSIs to file SARs concerning secondary market activity could
potentially outweigh the potential benefits. FinCEN requests comment on
its proposed approach.
C. Section-by-Section Analysis
FinCEN is proposing changes to its existing regulations, as well as
creation of a new part applicable to PPSIs, proposed part 1033.\137\
Section VI.C.1 describes changes proposed to FinCEN's existing
definitions as well as proposes new definitions. Section VI.C.2
describes FinCEN's proposed delegation of its examination authority.
Section VI.C.3 describes FinCEN's proposed requirement for PPSIs to
establish AML/CFT programs, to include risk-based procedures for
conducting ongoing customer due diligence (CDD). Section VI.C.4
describes FinCEN's proposal related to supervision and enforcement.
Section VI.C.5 describes FinCEN's proposal relating to collection of
beneficial ownership information for legal entity customers. Section
VI.C.6 describes FinCEN's proposals for additional technical
capabilities, policies, and procedure requirements specific to PPSIs,
as mandated by the GENIUS Act. Section VI.C.7 describes FinCEN's
proposal related to PPSIs currency transaction reporting requirements.
Section VI.C.8 describes FinCEN's proposal for PPSI suspicious activity
reporting requirements. Section VI.C.9 describes FinCEN's proposal
relating to records PPSIs will be required to maintain, including under
the Recordkeeping and Travel Rules. Section VI.C.10 describes FinCEN's
proposals relating to information sharing authorities. Finally, section
VI.C.11 describes FinCEN's proposals relating to enhanced due diligence
PPSIs will be required to undertake, as well as application of special
measures.
---------------------------------------------------------------------------
\137\ As part of proposed part 1033, FinCEN proposes that if one
portion of the proposed regulation, if finalized, is found to be
invalid, the invalidated portion of the regulation should be severed
with the remaining portions of the regulation remaining in full
force and effect. FinCEN's position is that invalidation of any one
provision, or application thereof to any one person or circumstance,
does not, and should not, affect any other provision in this
proposed regulation. Each provision serves an important, related,
but distinct purpose and application, designed to benefit the public
by protecting the U.S. financial system from illicit financial
activity. FinCEN accordingly has proposed each provision such that
invalidity to one provision would not undermine the operability or
usefulness of the other provisions.
---------------------------------------------------------------------------
1. Definitions
FinCEN is proposing to amend four existing definitions and add nine
new terms to the general definitions section of its regulations, 31 CFR
1010.100. Where it is adding new terms, in large part, FinCEN is
proposing promulgating the same language as the GENIUS Act. In a few
instances, however, FinCEN's proposed language diverges from the
statutory text in order to reconcile differences between how the GENIUS
Act defines a term and how the same term is defined in FinCEN's
existing regulations or to avoid confusion when similar terms are
defined both by the GENIUS Act and FinCEN's existing regulations.
FinCEN is also proposing modifications to improve readability,
including not adopting GENIUS Act language where it is unnecessary for
purposes of this proposed rule.
Relatedly, FinCEN is not proposing to promulgate regulatory
definitions for the GENIUS Act definitions for some words even though
FinCEN is proposing rule text for terms that reference those words. For
instance, both the GENIUS Act and FinCEN's proposed definition of
``permitted payment stablecoin issuer'' use the term ``subsidiary,''
which is in turn defined by the GENIUS Act by reference to section 3 of
the Federal Deposit Insurance Act (12 U.S.C. 1813).\138\ With limited
exceptions, FinCEN assesses that while these additional definitions may
be essential for other regulatory authorities to discharge their
regulatory obligations relating to approving issuers, they are not
necessary to understand the scope of FinCEN's proposed obligations or
the population on which those obligations will be imposed.
---------------------------------------------------------------------------
\138\ See 12 U.S.C. 5901(32) (defining ``subsidiary''); see also
12 U.S.C. 5901(23) (defining ``permitted payment stablecoin
issuer'').
---------------------------------------------------------------------------
None of these proposed changes to the GENIUS Act's language are
intended to substantively alter the GENIUS Act's requirements as
implemented through this propose rule. FinCEN seeks comment on the
clarity of these definitions, including whether any deviation that
FinCEN is proposing from the GENIUS Act's language could be read as
changing the intended effect of
[[Page 18593]]
the Act, and whether any additional terms should be defined.
FinCEN is reserving two subparagraphs, (nnn) and (ooo), expecting
they will contain definitions proposed in a previously issued FinCEN
rulemaking related to AML/CFT programs for the 11 types of existing
financial institutions.
i. Proposed Amendment to 31 CFR 1010.100(t)--Financial Institution
The GENIUS Act directs that a ``permitted payment stablecoin issuer
shall be treated as a financial institution for purposes of the''
BSA.\139\ To implement this directive and ensure that PPSIs are subject
to the appropriate BSA obligations in a clear and consistent manner--
and because, as discussed above in section VI.A.1, FinCEN proposes
exercising its 31 U.S.C. 5312(a)(2)(Y) authority to define PPSIs as
financial institutions under the BSA--FinCEN is proposing to amend the
definition of ``financial institution'' at 31 CFR 1010.100(t) to
expressly include ``permitted payment stablecoin issuer.'' Consistent
with other financial institutions, ``permitted payment stablecoin
issuer'' will be defined separately in a new paragraph.
---------------------------------------------------------------------------
\139\ See 12 U.S.C. 5903(a)(5)(A).
---------------------------------------------------------------------------
ii. Proposed Amendment to 31 CFR 1010.100(ff)--Money Services Business
FinCEN is proposing to amend the definition of ``money services
business,'' 31 CFR 1010.100(ff), to add PPSIs to the list of financial
institutions that the term ``money services business'' shall not
include. The amendment makes clear that PPSIs are subject to
obligations as a PPSI and not as a money services business.
iii. Proposed Amendment to 31 CFR 1010.100(bbb)--Transaction
FinCEN is proposing to amend the definition of ``transaction,'' 31
CFR 1010.100(bbb), to add the issuance or redemption of a payment
stablecoin as a type of transaction. This amendment clarifies that
these activities qualify as transactions. It should not be construed,
including by negative inference, that issuance and redemption of other
kinds of value that substitute for currency are not a transaction.\140\
Moreover, it should not be construed, including by negative inference,
that issuing and redeeming payment stablecoins are the only kinds of
transactions in which a PPSI will engage.
---------------------------------------------------------------------------
\140\ See 2019 CVC Guidance, supra note 87, p. 13 (discussing
that an ``administrator'' engages in issuing and redeeming a virtual
currency and is generally a money transmitter).
---------------------------------------------------------------------------
iv. Proposed Amendment to 31 CFR 1010.100(eee)--Transmittal Order
FinCEN is proposing to amend the definition of ``transmittal
order,'' 31 CFR 1010.100(eee), to add a payment stablecoin as a subject
of an order. As discussed in greater detail below, this amendment is
intended to clarify that a transmittal order to pay payment stablecoins
is a transmittal order like an order to pay traditional money. It
should not be construed, including by negative inference, that orders
to pay other kinds of value that substitute for currency are not
transmittal orders.\141\
---------------------------------------------------------------------------
\141\ See infra section VI.C.9.ii.a; see also 2019 CVC Guidance,
supra note 87, p. 11.
---------------------------------------------------------------------------
v. Proposed 31 CFR 1010.100(ppp)--Digital Asset
FinCEN is proposing to define the term ``digital asset'' as
provided in the GENIUS Act, 12 U.S.C. 5901(6). Under the proposed rule,
the term ``digital asset'' would mean any digital representation of
value that is recorded on a cryptographically secured distributed
ledger. FinCEN considers it useful to define this term explicitly in
its regulations in order to enhance the clarity and conciseness of its
regulations. Many of the regulatory obligations that FinCEN is
proposing to impose on PPSIs take into account, in one way or another,
the concept of digital assets. Most notably, the term ``digital
assets'' is used in ``payment stablecoin.''
FinCEN's use of the term ``digital asset'' is limited currently to
proposed obligations to be imposed on PPSIs. FinCEN is aware that the
addition of ``digital asset'' adds a term related to other terms used
in the BSA, its own regulations and its guidance--most notably ``value
that substitutes for currency'' and ``convertible virtual currency.''
FinCEN's defining and use of the term ``digital asset'' in proposed
obligations to be imposed on PPSIs should not be construed, including
by negative inference, to alter or displace anything about FinCEN's
regulatory infrastructure related to value that substitutes for
currency or CVC. Digital assets may be value that substitutes for
currency, and vice versa, but the two are not synonymous, and the
regulatory requirements that may be associated with one must be
evaluated independently of the requirements that may be associated with
the other.
vi. Proposed 31 CFR 1010.100(qqq)--Distributed Ledger
FinCEN is proposing to define the term ``distributed ledger'' as
provided in the GENIUS Act, 12 U.S.C. 5901(8). Under the proposed rule,
the term ``distributed ledger'' would mean a technology in which data
is shared across a network that creates a public digital ledger of
verified transactions or information among network participants and
cryptography is used to link the data to maintain the integrity of the
public ledger and execute other functions. The term distributed ledger
is used both in the term digital asset and payment stablecoin.
vii. Proposed 31 CFR 1010.100(rrr)--Lawful Order
FinCEN is proposing to define the term ``lawful order'' as provided
in the GENIUS Act, 12 U.S.C. 5901(16), with certain modifications in
light of a preexisting FinCEN regulatory definition. Under the proposed
rule the term ``lawful order'' would mean any final and valid writ,
process, order, rule, decree, command, or other requirement issued or
promulgated under Federal law, issued by a court of competent
jurisdiction or by an authorized Federal agency pursuant to its
statutory authority, that (1) requires an individual, partnership,
company, corporation, association, trust, estate, cooperative
organization, or other business entity, incorporated or unincorporated,
to seize, freeze, burn, or prevent the transfer of payment stablecoins
that the individual or entity issued; (2) specifies the payment
stablecoins or accounts subject to blocking with reasonable
particularity; and (3) is subject to judicial or administrative review
or appeal as provided by law.
The proposed definition modifies the GENIUS Act definition of
lawful order by replacing the statutory term ``person'' with language
used in the GENIUS Act definition of ``person,'' as provided in 12
U.S.C. 5901(24).\142\ The term ``person'' is already defined in FinCEN
regulations at 31 CFR 1010.100(mm) \143\ and differs from the GENIUS
Act definition of ``person.'' In particular, FinCEN's regulatory
definition of ``person'' includes Indian Tribes as defined in the
Indian Gaming Regulatory Act, which the GENIUS Act definition of person
does not include.
[[Page 18594]]
Further, FinCEN's regulatory definition also does not characterize the
entities that comprise the category as ``business'' entities, as the
GENIUS Act definition does. To ensure the definition of ``lawful
order'' for PPSIs accurately applies to the ``persons'' that Congress
intended, as evidenced by the GENIUS Act definition of the term, FinCEN
accordingly proposes to, instead of using the term person, incorporate
the language the GENIUS Act uses to define person into the regulatory
definition of ``lawful order.'' FinCEN solicits comments on whether the
incorporation of the specific GENIUS Act language is necessary, or
whether, if FinCEN reverts to the use of the term ``person'' as
currently defined in its regulations, this will change the intended
meaning or effect of the GENIUS Act.
---------------------------------------------------------------------------
\142\ See 12 U.S.C. 5901(24) (defining ``person'' as ``an
individual, partnership, company, corporation, association, trust,
estate, cooperative organization, or other business entity,
incorporated or unincorporated'').
\143\ See 31 CFR 1010.100(mm) (defining ``Person'' as ``An
individual, a corporation, a partnership, a trust or estate, a joint
stock company, an association, a syndicate, joint venture, or other
unincorporated organization or group, an Indian Tribe (as that term
is defined in the Indian Gaming Regulatory Act), and all entities
cognizable as legal personalities.'').
---------------------------------------------------------------------------
Additionally, the GENIUS Act uses the term ``account'' in the
definition of lawful order and FinCEN proposes to do the same.\144\ A
number of other terms currently codified in FinCEN's general definition
section, 31 CFR 1010.100 also use the term ``account'' without defining
the term.\145\ As discussed in greater detail below, and consistent
with that approach, FinCEN proposes not further elaborating on the
meaning of account within the definition of lawful order and requests
comment on this approach.\146\
---------------------------------------------------------------------------
\144\ See 12 U.S.C. 5901(16) (defining, in part, ``lawful
order'' as one that ``specifies the payment stablecoins or accounts
subject to blocking with reasonable particularity'' (emphasis
added)).
\145\ See, e.g., 31 CFR 1010.100(p) (defining ``established
customer''); 1010.100(bbb) (defining ``transaction''). For financial
institutions with customer identification program (CIP) obligations,
those institution's subparts often include a definition of
``account.'' However, those definitions are limited to CIP
obligations unless expressly noted elsewhere. See 31 CFR 1020.100(a)
(defining ``account'' for CIP purposes in bank subpart); 1023.100(a)
(defining ``account'' for CIP purposes in brokers or dealers in
securities subpart); see also 1010.230 (defining ``account'' in
obligation related to legal entity customers by explicit reference
to CIP definitions of ``account'').
\146\ See infra section VI.C.6.ii discussing proposed
obligations related to lawful order compliance and technical
capabilities.
---------------------------------------------------------------------------
viii. Proposed 31 CFR 1010.100(sss)--Payment Stablecoin
FinCEN is proposing to define the term ``payment stablecoin'' as
provided in the GENIUS Act, 12 U.S.C. 5901(22), with certain
modifications in light of preexisting FinCEN regulatory definitions and
technical changes. Additionally, FinCEN proposes embedding within the
definition of payment stablecoin two other terms defined in the GENIUS
Act.
Under the proposed rule, the term ``payment stablecoin'' would mean
a digital asset (i) that is, or is designed to be, used as a means of
payment or settlement and (ii) the issuer of which: (A) is obligated to
convert, redeem, or repurchase for a fixed amount of monetary value,
but not for a digital asset denominated in a fixed amount of a monetary
value; and (B) represents that such issuer will maintain, or create the
reasonable expectation that it will maintain, the digital asset at a
stable value relative to the value of a fixed amount of monetary value.
The proposed definition also provides that a ``payment stablecoin''
does not include a digital asset that is: (i) a national currency; (ii)
a deposit (as defined in section 3 of the Federal Deposit Insurance Act
(12 U.S.C. 1813)) including a deposit recorded using distributed ledger
technology; or (iii) a security, as defined in section 2 of the
Securities Act of 1933 (15 U.S.C. 77b), section 3 of the Securities
Exchange Act of 1934 (15 U.S.C. 78c), or section 2 of the Investment
Company Act of 1940 (15 U.S.C. 80a-2). For purposes of the definition
of ``payment stablecoin,'' FinCEN intends for the definition of
``security'' provided in paragraph (iii) of the proposed definition to
apply and not the preexisting regulatory definition of ``security'' at
31 CFR 1010.100(ss).
The GENIUS Act's definition of ``payment stablecoin'' contains
language clarifying that ``no bond, note, evidence of indebtedness, or
investment contract that was issued by a permitted payment stablecoin
issuer shall qualify as a security solely [because the issuer
satisfies] the conditions in [paragraph (1) of the proposed ``payment
stablecoin'' definition], consistent with section 17 of the Act.''
FinCEN has determined that this ``for avoidance of doubt'' language is
unnecessary for its regulatory definition of payment stablecoin. The
GENIUS Act includes amendments to the cited statutes covered in
proposed paragraph (iii) that clarify that payment stablecoins are not
securities.\147\ Accordingly, while this clarification may have been
necessary to understand the intent of the GENIUS Act at the time it was
passed, the Act's amendments of security-related statutory provisions
obviate the need to include this language in FinCEN's regulations.
---------------------------------------------------------------------------
\147\ See section 17 of the GENIUS Act, Public Law 119-27.
---------------------------------------------------------------------------
The proposed definition of ``payment stablecoin'' also includes
definitions of the terms ``national currency'' and ``monetary value''
within the definition of ``payment stablecoin'' consistent with the
definition of the terms in the GENIUS Act, 12 U.S.C. 5901(19) and (17),
with certain modifications. Although the GENIUS Act defines both terms
independently from payment stablecoin, neither term is used outside of
payment stablecoin as pertinent to this rulemaking. Moreover, adding
the GENIUS Act definitions of ``national currency'' or ``monetary
value'' as separately defined terms in 31 CFR 1010.100 could have an
unintended impact on other FinCEN regulations that already use similar
terms to mean different things, and could therefore have unintended
impact on the regulatory obligations of other types of financial
institutions or create unnecessary confusion about those regulatory
obligations. Relatedly, within the definition of ``national currency,''
FinCEN proposes replacing the statutory term ``money'' with the GENIUS
Act's definition of ``money.'' This should avoid confusion as ``money''
appears elsewhere in FinCEN's regulations.
FinCEN proposes that for purposes of the definition of ``payment
stablecoin'' the term--(i) National currency means each of the
following--(A) A Federal Reserve note (as the term is used in the first
undesignated paragraph of section 16 of the Federal Reserve Act (12
U.S.C. 411)); or (B) A medium of exchange currently authorized or
adopted by a domestic or foreign government including a monetary unit
of account established by an intergovernmental organization or by
agreement between two or more countries that is: (1) standing to the
credit of an account with a Federal Reserve Bank; (2) issued by a
foreign central bank; or (3) issued by an intergovernmental
organization pursuant to an agreement by two or more governments; and
(ii) Monetary value means national currency or deposit (as defined in
section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813))
denominated in a national currency. The proposed definition of
``national currency'' reformats and modifies the definition in the
GENIUS Act, 12 U.S.C. 5901(19), by including the GENIUS Act definition
of ``money,'' 12 U.S.C. 5901(18) within the definition, in paragraph
(B), and making statutory paragraphs (B), (C), and (D) into proposed
paragraphs (1), (2), and (3) for grammatical consistency. The proposed
definition of ``monetary value'' within the definition of ``payment
stablecoin'' is consistent with the definition of the term in the
GENIUS Act, 12 U.S.C. 5901(17).
ix. Proposed 31 CFR 1010.100(ttt)--Permitted Payment Stablecoin Issuer
FinCEN is proposing to define the term ``permitted payment
stablecoin issuer'' as provided in the GENIUS Act, 12 U.S.C. 5901(23),
with certain
[[Page 18595]]
modifications in light of preexisting FinCEN regulatory definitions.
Under the proposed rule, the term permitted payment stablecoin issuer
would mean an individual, partnership, company, corporation,
association, trust, estate, cooperative organization, or other business
entity, incorporated or unincorporated formed in the United States that
is: (1)(A) a subsidiary of an insured depository institution that has
been approved to issue payment stablecoins by a primary Federal payment
stablecoin regulator; or (B) a subsidiary of an insured credit union
that has been approved to issue payment stablecoins by a primary
Federal payment stablecoin regulator; (2) a Federal qualified payment
stablecoin issuer; or (3) a State qualified payment stablecoin issuer.
The proposed definition modifies the definition of permitted payment
stablecoin issuer provided in the GENIUS Act by replacing the statutory
term ``person'' with the language the GENIUS Act uses to define
``person'' as provided in 12 U.S.C. 5901(24).\148\ As described above,
the term ``person'' is already defined in FinCEN regulations at 31 CFR
1010.100(mm) \149\ and differs from the GENIUS Act definition of
person. To ensure the definition of ``permitted payment stablecoin
issuer'' accurately applies only to ``persons'' as defined in the
GENIUS Act, FinCEN proposes adding the GENIUS Act definition of
``person'' within the ``permitted payment stablecoin issuer''
definition.
---------------------------------------------------------------------------
\148\ See 12 U.S.C. 5901(24) (defining the term ``person'' to
mean ``an individual, partnership, company, corporation,
association, trust, estate, cooperative organization, or other
business entity, incorporated or unincorporated'').
\149\ See 31 CFR 1010.100(mm) (stating ``Person. An individual,
a corporation, a partnership, a trust or estate, a joint stock
company, an association, a syndicate, joint venture, or other
unincorporated organization or group, an Indian Tribe (as that term
is defined in the Indian Gaming Regulatory Act), and all entities
cognizable as legal personalities.'').
---------------------------------------------------------------------------
Additionally, the proposed definition modifies statutory paragraph
(A) by replacing the term ``insured depository institution'' with the
GENIUS Act definition of ``insured depository institution,'' in 12
U.S.C. 5901(15), which includes two subparagraphs one applying to
insured depository institutions as defined in section 3 of the Federal
Deposit Insurance Act and a second for insured credit unions. FinCEN is
also omitting from the GENIUS Act's definition ``insured depository
institution'' the phrase ``as defined in section 3 of the Federal
Deposit Insurance Act (12 U.S.C. 1813).'' While this language may be
essential for regulators responsible for approving issuers, FinCEN does
not believe it is necessary to understand the scope of the obligations
it proposes to impose or the population on which those obligations are
imposed. Finally, the definition also replaces the statutory reference
``has been approved to issue payment stablecoins under section 5'' with
``has been approved to issued payment stablecoins by a primary Federal
payment stablecoin regulator'' in both proposed paragraph (1)(A) and
(1)(B).
x. Proposed 31 CFR 1010.100(uuu)--Primary Federal Payment Stablecoin
Regulator
FinCEN is proposing to define the term ``primary Federal payment
stablecoin regulator'' as provided in the GENIUS Act, 12 U.S.C.
5901(25), with certain modifications. Under the proposed rule, the term
``primary Federal payment stablecoin regulator'' would mean (1) for a
subsidiary of an insured depository institution, as described in
paragraph (ttt)(1)(A) of this section, the appropriate Federal banking
agency of such insured depository institution; (2) for a subsidiary of
an insured credit union, as described in paragraph (ttt)(1)(B), the
NCUA; (3) for a State chartered depository institution not covered in
subparagraph (1), the FDIC, the OCC, or the Board; or (4) for a Federal
qualified payment stablecoin issuer, the OCC.
The proposed definition modifies the statutory definition by
including cross references to the proposed definition of ``permitted
payment stablecoin issuer'' to describe a subsidiary of an insured
depository institution and a subsidiary of an insured credit union. The
definition also uses the full agency names for each Federal banking
agency named in the definition for stylistic consistency with other
FinCEN regulations.
xi. Proposed 31 CFR 1010.100(vvv)--Federal Qualified Payment Stablecoin
Issuer
FinCEN is proposing to define the term ``Federal qualified payment
stablecoin issuer'' as provided in the GENIUS Act, 12 U.S.C. 5901(11),
with certain technical modifications for conciseness and in deference
to another agency's authority. Under the proposed rule, the term
``Federal qualified payment stablecoin issuer'' would mean an entity
that is approved by the OCC under 12 U.S.C. 5903 to issue payment
stablecoins and is either--(1) a nonbank entity; (2) an uninsured
national bank; or (3) a Federal branch.
The GENIUS Act definition of Federal qualified payment stablecoin
issuer contains for the three subtypes of institutions--nonbank
entities, uninsured national banks, and foreign bank branches--
references to OCC approval and in one case OCC's statutory authority.
FinCEN proposes to consolidate references to OCC approval and remove
reference to the OCC's statutory authority. FinCEN considers this
approach appropriate in light of the fact that the OCC, not FinCEN, has
the authority to determine how, using what terms and establishing what
categories, to discharge the OCC's regulatory obligations in connection
with Federal qualified payment stablecoin issuers as required by the
GENIUS Act. FinCEN conceives of its responsibility in this connection
as establishing a smooth interface between its own regulations on the
subject and those of the OCC, and it regards the proposed language as
the best way to do so. In addition, the proposed language has the
benefit of conciseness.
xii. Proposed 31 CFR 1010.100(www)--State Payment Stablecoin Regulator
FinCEN is proposing to define the term ``State payment stablecoin
regulator'' as provided in the GENIUS Act, 12 U.S.C. 5901(30), with
certain modifications in light of preexisting FinCEN regulatory
definitions. Under the proposed rule, the term ``State payment
stablecoin regulator'' would mean a state agency that has the primary
regulatory and supervisory authority in such state over entities that
issue payment stablecoins. Under the GENIUS Act, the term ``State''
includes ``each of the several States of the United States, the
District of Columbia, and each territory of the United States.'' \150\
FinCEN proposes modifying the GENIUS Act's definition of ``State
payment stablecoin regulator'' to account for FinCEN's existing
definition of ``State,'' \151\ which does not include any U.S.
territories. FinCEN is thus adding its existing regulatory phrase
``Territory and Insular Possession'' to make clear that for purposes of
this definition ``State'' includes territories.\152\
---------------------------------------------------------------------------
\150\ See 12 U.S.C. 5901(28).
\151\ See 31 CFR 1010.100(vv) (defining ``State'' as ``The
States of the United States and, wherever necessary to carry out the
provisions of this chapter, the District of Columbia.'').
\152\ See 31 CFR 1010.100(zz) (defining ``Territories and
Insular Possessions'' as ``The Commonwealth of Puerto Rico, the
United States Virgin Islands, Guam, the Commonwealth of the Northern
Mariana Islands, and all other territories and possessions of the
United States other than the Indian lands and the District of
Columbia.'').
---------------------------------------------------------------------------
[[Page 18596]]
xiii. Proposed 31 CFR 1010.100(xxx)--State Qualified Payment Stablecoin
Issuer
FinCEN is proposing to define the term ``State qualified payment
stablecoin issuer'' as provided in the GENIUS Act, 12 U.S.C. 5901(31),
with certain modifications in light of preexisting FinCEN regulatory
definitions. Under the proposed rule, the term ``State qualified
payment stablecoin issuer'' would mean an entity that is: (1) legally
established under the laws of a State or Territory and Insular
Possession and approved to issue payment stablecoins by a State payment
stablecoin regulator; and (2) not an uninsured national bank chartered
by the OCC pursuant to title LXII of the Revised Statutes; a Federal
branch or an insured depository institution, or a subsidiary, of such
national bank, Federal branch, or insured depository institution. For
meaning of ``insured depository institution'' this definition would
reference the proposed definition of ``permitted payment stablecoin
issuer'' at proposed 1010.100(ttt), clarifying that, consistent with
the GENIUS Act, ``insured depository institution,'' includes insured
depository institutions and insured credit unions.\153\
---------------------------------------------------------------------------
\153\ 12 U.S.C. 5901(15).
---------------------------------------------------------------------------
As with the definition of ``State qualified payment stablecoin
issuer,'' FinCEN is adding ``Territorial and Insular Possessions'' to
clarify that, consistent with the GENIUS Act, issuers legally
established under the laws of a Territory and Insular Possession can
qualify as a State qualified payment stablecoin issuer.
2. Proposed Amendment to 31 CFR 1010.810--Delegation of Examination
Authority
As administrator of the BSA, FinCEN has overall authority for
enforcement and compliance with the BSA and its implementing
regulations.\154\ FinCEN, however, may delegate examination authority
to appropriate agencies while retaining authority for the coordination
and direction of procedures and activities of these agencies.\155\
FinCEN has delegated examination authority for various financial
institutions, as reflected at Sec. 1010.810(b), and is proposing the
same approach with regards to examination authority for PPSIs.
---------------------------------------------------------------------------
\154\ See Treasury Order 180-01, supra note 15, para. 3; see
also 31 CFR 1010.810(a).
\155\ 31 U.S.C. 5318(a)(1); 31 CFR 1010.810(a); Treasury Order
180-1, supra note 15, paras. 3(b), 4(b).
---------------------------------------------------------------------------
Broadly speaking, the GENIUS Act divides PPSIs into two categories:
PPSIs that are regulated for safety and soundness by a primary Federal
payment stablecoin regulator (which includes the OCC, Board, FDIC, and
NCUA) and PPSIs that are regulated for safety and soundness by a State
payment stablecoin regulator.\156\ FinCEN proposes delegating
examination authority over PPSIs to federal agencies responsible for
examining the same entities for safety and soundness and, where no such
federal agency exists, to the IRS.\157\
---------------------------------------------------------------------------
\156\ See, e.g., 12 U.S.C. 5905 (outlining supervision by
primary Federal payment stablecoin regulators); 12 U.S.C. 5906
(outlining supervision by State payment stablecoin regulators).
\157\ Compare 31 CFR 1010.810(b)(1)-(6) with 31 CFR
1010.810(b)(8).
---------------------------------------------------------------------------
i. State Qualified Payment Stablecoin Issuers
Under the GENIUS Act, generally, a State qualified payment
stablecoin issuer with a consolidated total outstanding issuance of not
more than $10 billion payment stablecoins may opt for regulation under
a State-level regulatory regime, provided that the State-level
regulatory regime is substantially similar to the Federal regulatory
framework under the GENIUS Act.\158\ State qualified payment stablecoin
issuers that exceed the $10 billion in outstanding issuance of payment
stablecoins must either transition to the regulatory framework of the
primary Federal payment stablecoin regulator, which is then jointly
administered by the State payment stablecoin regulator and the primary
Federal payment stablecoin regulator, or obtain a waiver permitting the
State qualified payment stablecoin issuer to remain solely supervised
by a State payment stablecoin regulator.\159\
---------------------------------------------------------------------------
\158\ See 12 U.S.C. 5903(c), 5906.
\159\ 12 U.S.C. 5903(d).
---------------------------------------------------------------------------
Where a financial institution is not examined for compliance with
the BSA and FinCEN's regulations by the OCC, Board, FDIC, or NCUA, and
is not otherwise supervised by a Federal functional regulator, FinCEN
has delegated its examination authority to the IRS in Sec.
1010.810(b)(8). Likewise, here FinCEN proposes delegating its
examination authority to the IRS for PPSIs not examined by the OCC,
Board, FDIC, and NCUA--i.e., a primary Federal payment stablecoin
regulator--for safety and soundness. This population will include State
qualified payment stablecoin issuers not supervised by a primary
Federal payment stablecoin regulator, either because the State
qualified payment stablecoin issuer's outstanding issuance is not more
than $10 billion or because the primary Federal payment stablecoin
regulator has granted the PPSI a waiver to allow the PPSI to remain
supervised by a State payment stablecoin regulator. FinCEN believes the
IRS is well positioned to conduct BSA examinations for PPSIs not
examined by a primary Federal payment stablecoin regulator. As the BSA
examiner for a range of institutions not otherwise examined by another
agency, the IRS has staff trained in BSA examinations and a strong
relationship with FinCEN and various state regulators. Relatedly, the
IRS currently examines money transmitters, including stablecoin
issuers, for BSA compliance and is, thus, well positioned to assess
PPSI compliance with the BSA and ensure consistent application of BSA
provisions across PPSIs based in various states.
To effectuate this delegation of BSA examination, FinCEN believes
that no changes are necessary to Sec. 1010.810(b)(8), which already
states that such authority is delegated with respect to ``financial
institutions . . . not currently examined by Federal bank supervisory
agencies for soundness and safety.'' FinCEN believes the proposed text
ensures that each PPSI not examined by a primary Federal payment
stablecoin regulator for safety and soundness is examined by the IRS.
This delegation will not grant authority to the IRS where a State
qualified payment stablecoin issuer is subject to a primary Federal
payment stablecoin regulator's framework that is jointly administered
by the federal and state regulator and results in a primary Federal
payment stablecoin regulator examining for safety and soundness.
ii. Proposed 31 CFR 1010.810(b)(8)--Federal Qualified Payment
Stablecoin Issuers
Under the GENIUS Act, the OCC, Board, FDIC, and NCUA are the
primary Federal payment stablecoin regulators and responsible for,
among other things, assessing a PPSI's safety and soundness.\160\
Additionally, the GENIUS Act requires the primary Federal payment
stablecoin regulators to issue regulations relating to, among other
things, risk management principles-based requirements and standards,
including relating to the BSA.\161\
---------------------------------------------------------------------------
\160\ 12 U.S.C. 5905(a)(3); 12 U.S.C. 5901(25).
\161\ 12 U.S.C. 5903(a)(4)(A)(iv).
---------------------------------------------------------------------------
With regards to banks, FinCEN has delegated its authority to
examine financial institutions for chapter X compliance to the agency
that examines
[[Page 18597]]
the institution for safety and soundness.\162\ Consistent with that
approach, FinCEN's proposal adds a new paragraph to Sec. 1010.810(b)
to delegate examination authority to the primary Federal payment
stablecoin regulators responsible for assessing a PPSI's safety and
soundness. FinCEN believes the primary Federal payment stablecoin
regulator responsible for promulgating standards related to BSA and
examining particular PPSIs for safety and soundness is best positioned
to carry out effective and efficient BSA exams. As the definition of
primary Federal payment stablecoin regulator outlines the agency
responsible for oversight of various categories of PPSIs, FinCEN is not
proposing to detail in Sec. 1010.810(b)(11) which agency is
responsible for which subcategory of PPSIs.\163\
---------------------------------------------------------------------------
\162\ See 31 CFR 1010.810(b)(1)-(3), (5).
\163\ See infra section VI.C.1.x.
---------------------------------------------------------------------------
3. Proposed 31 CFR 1033.210--AML/CFT Program Requirements for PPSIs
The GENIUS Act directs that PPSIs be subject to ``maintenance of an
effective anti-money laundering program, which shall include
appropriate risk assessments and designation of an officer to supervise
the program.'' \164\ Effective AML/CFT programs safeguard national
security and generate significant public benefits by preventing the
flow of illicit funds in the financial system and by assisting law
enforcement and national security agencies with the identification and
prosecution of persons attempting to launder money and undertake other
illicit activity through the financial system.\165\
---------------------------------------------------------------------------
\164\ See 12 U.S.C. 5903(a)(5)(A)(i); see also 31 U.S.C.
5318(h).
\165\ 31 U.S.C. 5318(h)(2)(B)(iii).
---------------------------------------------------------------------------
FinCEN has separately issued a notice of proposed rulemaking that
would amend FinCEN's regulations that prescribe AML/CFT program
requirements for current financial institutions program rules under the
BSA. Updating the AML/CFT program requirements across financial
institution types is part of FinCEN's efforts to reform and modernize
the BSA, as well as implement the Anti-Money Laundering Act of 2020
(AML Act).\166\ That proposed rule is designed to help ensure that
financial institutions' AML/CFT programs are appropriately risk-based,
such that compliance with their program obligations is focused on the
goals of the BSA, including combatting and preventing money laundering,
the financing of terrorism, and other illicit finance activity risks
(collectively, ML/TF risks), rather than mere technical compliance.
Furthermore, that proposed rule for banks would help ensure that
supervisory and enforcement actions related to AML/CFT programs are
focused on significant or systemic failures to implement an effective
AML/CFT program (i.e., deficiencies or issues that arise from failing
to implement, in all material respects, a properly established AML/CFT
program).
---------------------------------------------------------------------------
\166\ Anti-Money Laundering Act of 2020, Public Law 116-283,
Div. F, sections 6001-6511, 134 Stat. 3388, 4547-4633 (Jan. 1,
2021).
---------------------------------------------------------------------------
In this proposed rule FinCEN proposes to impose on PPSIs an AML/CFT
program obligation consistent with the program being proposed for the
11 types of financial institutions currently covered by BSA program
requirements, with some modifications due to the GENIUS Act's specific
provisions. FinCEN assesses that such consistency across the types of
financial institutions promotes clarity, creates efficiencies, and best
protects the U.S. financial system from illicit actors. As described
below, under FinCEN's proposal, an AML/CFT program is inherently
tailored to the risk and operations of a PPSI, meeting the GENIUS Act's
directive that rules are tailored to an issuer's size and
complexity.\167\
---------------------------------------------------------------------------
\167\ See 12 U.S.C. 5903(a)(5)(B).
---------------------------------------------------------------------------
i. AML/CFT Program Overview
A central objective of Treasury and FinCEN's BSA modernization
efforts is to create an AML/CFT supervisory and regulatory regime that
is more effective in achieving the purposes of the BSA and promoting
better outcomes for law enforcement and national security
agencies.\168\ This proposed rule would further that objective by
explicitly defining the requirements for a PPSI to establish and
maintain an effective AML/CFT program. Consistent with the changes that
the AML Act made for other types of financial institutions, it would
also adopt into regulation the AML Act's expectation that AML/CFT
programs should be risk-based, including ensuring that PPSIs direct
more attention and resources toward higher-risk customers and
activities, consistent with the risk profile of the PPSI, rather than
toward lower-risk customers and activities.\169\
---------------------------------------------------------------------------
\168\ 31 U.S.C. 5311.
\169\ 31 U.S.C. 5318(h)(2)(B)(iv)(II).
---------------------------------------------------------------------------
Under proposed Sec. 1033.210 PPSIs would have an effective AML/CFT
program and comply with the requirements of 31 U.S.C. 5318(h)(1) and
Sec. 1033.210 if the PPSI: (1) establishes an AML/CFT program in
accordance with paragraph (b) of Sec. 1033.210; and (2) maintains an
AML/CFT program by implementing the AML/CFT program in accordance with
paragraph (c) of Sec. 1033.210. As part of the program, and consistent
with the mandate in the GENIUS Act, PPSIs would be required to conduct
ongoing customer due diligence.
a. Factors That FinCEN Considered
The AML Act requires FinCEN to take into account certain factors
when prescribing minimum AML/CFT program standards. FinCEN has
considered all these factors in developing this proposed rule.\170\
---------------------------------------------------------------------------
\170\ See 31 U.S.C. 5318(h)(2)(B). Per the BSA, the factors
FinCEN considered include, ``(i) Financial institutions are spending
private compliance funds for a public and private benefit, including
protecting the United States financial system from illicit finance
risks. (ii) The extension of financial services to the underbanked
and the facilitation of financial transactions, including
remittances, coming from the United States and abroad in ways that
simultaneously prevent criminal persons from abusing formal or
informal financial services networks are key policy goals of the
United States. (iii) Effective anti-money laundering and countering
the financing of terrorism programs safeguard national security and
generate significant public benefits by preventing the flow of
illicit funds in the financial system and by assisting law
enforcement and national security agencies with the identification
and prosecution of persons attempting to launder money and undertake
other illicit activity through the financial system. (iv) Anti-money
laundering and countering the financing of terrorism programs [. .
.] should be--(I) reasonably designed to assure and monitor
compliance with the requirements of this subchapter and regulations
promulgated under this subchapter; and (II) risk-based, including
ensuring that more attention and resources of financial institutions
should be directed toward higher-risk customers and activities,
consistent with the risk profile of a financial institution, rather
than toward lower-risk customers and activities.''
---------------------------------------------------------------------------
As stated in 31 U.S.C. 5318(h)(2)(B)(iii), effective AML/CFT
programs safeguard national security and generate significant public
benefits by preventing the flow of illicit funds in the financial
system and by assisting law enforcement and national security agencies
with the identification and prosecution of persons attempting to
launder money or undertake other illicit activity through the financial
system. The proposed rule would advance the BSA modernization and
reform goals of the AML Act by providing PPSIs and their regulators
with clarity about the requirements to have effective AML/CFT programs.
Likewise, 31 U.S.C. 5318(h)(2)(B)(iv)(I) provides that AML/CFT
programs should be ``reasonably designed to assure and monitor
compliance'' with the BSA and its implementing regulations and be risk-
based. The proposed rule advances these objectives by explicitly
requiring PPSIs to have effective AML/CFT programs and by describing
the
[[Page 18598]]
minimum components for an AML/CFT program to be effective.
Specifically, as part of an effective AML/CFT program, the proposed
rule requires that a PPSI establish and maintain a risk-based set of
internal policies, procedures, and controls that are reasonably
designed to ensure compliance with the BSA and FinCEN's regulations.
The internal policies, procedures, and controls requirement in the
proposed rule also demonstrates FinCEN's consideration of 31 U.S.C.
5318(h)(2)(B)(iv)(II), which states that AML/CFT programs should be
risk-based, including ensuring that more attention and resources of a
PPSI should be directed toward higher-risk customers and activities,
consistent with a PPSI's risk profile, rather than toward lower-risk
customers and activities. The proposed rule incorporates this directive
by explicitly requiring, as part of a PPSI's risk-based internal
policies, procedures, and controls, that a PPSI identify, assess, and
document its ML/TF risks through risk assessment processes. These risk
assessment processes require a PPSI to evaluate ML/TF risks and review
and incorporate the AML/CFT Priorities, as appropriate, with updates to
risk assessment processes promptly upon any change that the PPSI knows
or has reason to know significantly changes the PPSI's ML/TF risks.
These risk assessment processes are designed to help PPSIs mitigate ML/
TF risks and ensure that they are allocating resources commensurate
with their documented ML/TF risks, directing more attention and
resources toward higher-risk customers rather than toward lower-risk
customers and activities.
Finally, 31 U.S.C. 5318(h)(2)(B)(ii) requires FinCEN to consider
the extension of financial services to the underbanked and the
facilitation of financial transactions, including remittances, while
preventing criminal persons from abusing formal or informal financial
services networks. Through its emphasis on risk-based AML/CFT programs,
the proposed rule seeks to provide PPSIs with the flexibility to serve
a broad range of customers and avoid one-size-fits-all approaches to
customer risk that can lead to PPSIs declining to provide financial
services to entire categories of customers. The proposed rule would
help ensure that decisions taken by PPSIs with respect to closing
customer accounts are based on legitimate ML/TF risks and informed by
relevant facts and circumstances. The proposed rule is intended to
mitigate the risks of PPSIs potentially being inappropriately pressured
into closing customer accounts by emphasizing the risk-based nature of
AML/CFT programs. In doing so, the proposed rule also furthers the
objectives of E.O. 14331, Guaranteeing Fair Banking for All Americans,
which seeks to combat ``politicized or unlawful debanking.'' \171\
---------------------------------------------------------------------------
\171\ E.O. 14331, Guaranteeing Fair Banking for All Americans,
90 FR 38925 (Aug. 12, 2025).
---------------------------------------------------------------------------
b. Program Overview
The proposed rule would require a PPSI to establish an AML/CFT
program and then maintain the AML/CFT program by implementing, in all
material respects, the established AML/CFT program. In prescribing the
minimum standards for an AML/CFT program and in supervising and
examining compliance with those standards, the AML Act requires the
Secretary and the appropriate Federal functional regulator to take into
account that effective AML/CFT programs safeguard national security and
help law enforcement prevent the flow of illicit funds in the financial
system.\172\ An AML/CFT program can be effective without preventing
every minor instance of a financial institution falling prey to illicit
finance misuse. Accordingly, the proposed rule would set out that an
AML/CFT program is ``effective'' and complies with the requirements of
31 U.S.C. 5318(h)(1) so long as it is established and maintained in
accordance with applicable requirements.
---------------------------------------------------------------------------
\172\ See 31 U.S.C. 5318(h)(2)(B)(iii).
---------------------------------------------------------------------------
A PPSI would be required to establish a risk-based set of internal
policies, procedures, and controls that are reasonably designed to
ensure compliance with the BSA and 31 CFR chapter X. The risk-based
internal policies, procedures, and controls must also be reasonably
designed to: (1) identify, assess, and document the PPSI's ML/TF risks
through risk assessment processes that evaluate the risks of the PPSI's
business activities, review and, as appropriate, incorporate the AML/
CFT Priorities, and are updated promptly upon any change that the PPSI
knows or has reason to know significant changes in the PPSI's ML/TF
risks; (2) mitigate the PPSI's ML/TF risks, consistent with the PPSI's
risk assessment processes; and, (3) conduct ongoing customer due
diligence.
The proposed rule would also require a PPSI to establish an ongoing
employee training program and independent AML/CFT program testing as
part of its AML/CFT program.
Finally, the proposed rule would require a PPSI to designate an
individual responsible for establishing and implementing the AML/CFT
program and coordinating and monitoring day-to-day compliance; that
individual would be required to be located in the United States and
accessible to, and subject to oversight and supervision by, FinCEN and
its designee, including the appropriate primary Federal payment
stablecoin regulator. That individual also could not have been
convicted of a felony offense involving certain kinds of activity, as
required by the GENIUS Act.\173\
---------------------------------------------------------------------------
\173\ See 12 U.S.C. 5903(f).
---------------------------------------------------------------------------
Under the proposed rule, having an effective AML/CFT program would
be more than a one-time adoption of a risk-based set of internal
policies, procedures, and controls. Rather, a PPSI would be required to
keep its risk-based set of internal policies, procedures, and
controls--and the risk assessment processes that inform them--current
as the PPSI's risk profile changes. Similarly, an AML/CFT program would
involve more than a one-time creation of an employee training program
or initiation of an independent testing mechanism: the PPSI would also
be required to keep such aspects of the AML/CFT program current as the
PPSI's risk profile changes. Thus, even where a PPSI has previously
established an AML/CFT program in accordance with the proposed rule, a
failure to update the program to reflect significant changes to the
PPSI's risk profile may result in the program no longer meeting the
program establishment requirements, and the PPSI may accordingly be
subject to supervisory or enforcement action for failure to establish
an effective AML/CFT program.
Once a PPSI has properly ``established'' an AML/CFT program, the
PPSI must ``maintain'' the program by implementing it, in all material
respects. Minor deficiencies of an AML/CFT program would not
necessarily mean that a PPSI has failed to implement the program.
ii. Proposed 31 CFR 1033.210(b)--Program Establishment
The AML/CFT program requirements for PPSI's must have certain
minimum elements comprised of: (1) internal policies, procedures, and
controls; (2) an independent audit function to test programs; (3) a
designated compliance officer; and (4) an ongoing employee training
program.
a. Proposed 31 CFR 1033.210(b)(1)--Internal Policies, Procedures, and
Controls
The BSA requires financial institutions to develop ``internal
[[Page 18599]]
policies, procedures, and controls'' as part of their AML/CFT
programs.\174\ Proposed Sec. 1033.210(b)(1) provides that a PPSI's
risk-based set of internal policies, procedures, and controls must be
reasonably designed to: (1) identify, assess, and document ML/TF risks
through risk assessment processes; (2) mitigate ML/TF risks consistent
with the risk assessment processes, including by allocating more
attention and resources toward higher-risk customers and activities
rather than toward lower-risk customers and activities; and (3) conduct
ongoing CDD.
---------------------------------------------------------------------------
\174\ 31 U.S.C. 5318(h)(1)(A).
---------------------------------------------------------------------------
Under this proposal, a PPSI's risk-based set of internal policies,
procedures, and controls should be based upon, informed by, and
consistent with a PPSI's risk assessment processes. The level of
sophistication of the internal policies, procedures, and controls
should be commensurate with the size, structure, risk profile, and
complexity of the PPSI.
The requirement that a PPSI's risk-based set of internal policies,
procedures, and controls be ``reasonably designed'' gives PPSIs
flexibility in how they achieve compliance with the BSA and the
proposed rule's other requirements. As part of having risk-based set of
internal policies, procedures, and controls reasonably designed to
ensure compliance with the BSA and FinCEN's regulations, PPSIs may
choose to responsibly adopt new technologies or innovative approaches
to comply with BSA requirements.
1. Proposed 31 CFR 1033.210(b)(1)(i)--Risk Assessment Processes
FinCEN is proposing in Sec. 1033.210(b)(1)(i) that, as part of a
PPSI's risk-based set of internal policies, procedures, and controls,
the PPSI establish and maintain risk assessment processes to: (1)
evaluate the ML/TF risks of the PPSI's business activities, including
products, services, distribution channels, customers, and geographic
locations; (2) review and, as appropriate, incorporate the AML/CFT
Priorities; and (3) be updated promptly upon any change that the PPSI
knows or has reason to know significantly changes the PPSI's ML/TF
risks. This provision implements the GENIUS Act's directive that PPSI
AML/CFT programs include appropriate risk assessments.\175\
---------------------------------------------------------------------------
\175\ See 12 U.S.C. 5903(a)(5)(A)(i).
---------------------------------------------------------------------------
The proposed rule requires, as part of a PPSI's risk-based internal
policies, procedures and controls, that it identify, assess, and
document its ML/TF risks using risk assessment processes. This risk
assessment process, generally conducted on an annual basis, results in
a documented ML/TF risk assessment.
FinCEN believes PPSIs are best positioned to identify and evaluate
their ML/TF risk and is therefore not prescribing any particular risk
assessment processes or methodologies other than the critical elements
described in this proposed rule. Under the proposed rule, PPSIs will be
examined for whether they have established and implemented, in all
material respects, reasonably designed risk assessment processes--which
need not be in the form of a singular risk assessment process.
Furthermore, FinCEN is not prescribing any particular timeframe for
PPSIs to update their risk assessment processes.
i. Proposed 31 CFR 1033.210(b)(1)(i)(A)--ML/TF Risks
Proposed Sec. 1033.210(b)(1)(i)(A) would require a PPSIs' risk
assessment processes to evaluate the ML/TF risks its business
activities, including products, services, distribution channels,
customers, and geographic locations. These factors are generally well
known and often incorporated into current risk assessment processes of
some stablecoin issuers and banks. For clarity's sake, FinCEN considers
``distribution channels'' to refer to the methods and tools through
which a PPSI opens accounts and provides products or services
(including payment stablecoins), including, for example through remote
or other non-face-to-face means. Thus, for example, PPSIs should
consider how accounts are opened, as well as the blockchains to which
its payment stablecoins are issued.
PPSIs may use a variety of sources to inform their risk assessment
processes. Such sources may include information obtained from other
financial institutions, such as emerging risks and typologies
identified through 314(b) information sharing or payment transactions
that other financial institutions returned or flagged due to ML/TF
risks.\176\ Information a PPSI generates or maintains could be another
source, including information acquired from blockchain analytics. Such
internal information may include, for example, customer internet
protocol (IP) addresses or device logins and related geolocation
information.
---------------------------------------------------------------------------
\176\ See FinCEN, Section 314(b) Fact Sheet, (Dec. 2020),
available at <a href="https://www.fincen.gov/system/files/shared/314bfactsheet.pdf">https://www.fincen.gov/system/files/shared/314bfactsheet.pdf</a>.
---------------------------------------------------------------------------
Feedback from FinCEN, law enforcement, and financial regulators may
also inform risk assessment processes. For example, if a PPSI receives
feedback from law enforcement about a report it has filed or potential
risks at the PPSI, the PPSI may incorporate that information into its
risk assessment processes. Similarly, PPSIs may consider information
identified from responding to section 314(a) requests. Certain FinCEN
advisories or guidance may also be particularly relevant to the PPSI's
business activities, thereby warranting consideration when evaluating
ML/TF risks. Regardless of the source, PPSIs should take measures in
their risk assessment processes to ensure this information is
reasonably current, complete, and accurate.
ii. Proposed 31 CFR 1033.210(b)(1)(i)(B)--AML/CFT Priorities
Proposed Sec. 1033.210(b)(1)(i)(B) would require PPSIs to review
and incorporate the AML/CFT Priorities. The AML/CFT Priorities set out
the priorities for the U.S. government's AML/CFT policy as required by
the AML Act and are designed to ensure that PPSIs' AML/CFT programs are
aligned with those priorities. Recognizing the diverse nature of ML/TF
threats facing the U.S. financial system and national security, and
that PPSI AML/CFT programs will benefit U.S. national security by
safeguarding the financial system from ML/TF risk, the AML/CFT
Priorities are intended to ensure that PPSIs are focusing on the
greatest threats to U.S. national security, as defined by Treasury.
FinCEN understands that the AML/CFT Priorities may not always be
applicable to a PPSI's risk profile and activities. Therefore, FinCEN
requires the incorporation of the AML/CFT Priorities in PPSI's risk
assessment processes, as appropriate. This means that, having reviewed
the AML/CFT Priorities, a PPSI may determine the extent to which a
particular priority is applicable and whether and how a particular AML/
CFT Priority should be incorporated into its risk assessment processes.
Further, a PPSI may use its judgment and apply a reasonable, risk-
based determination on whether to focus on a specific aspect of an AML/
CFT Priority (e.g., cyber-enabled fraud), rather than addressing all
aspects of an AML/CFT Priority that may either not be applicable or
pose lower risks to the PPSI. However, FinCEN cautions that a surface-
level, perfunctory review of an AML/CFT Priority by a PPSI and the
foreseeable ways in which it may manifest itself within the PPSI's
customers, products and services, geographies, and distribution
channels would not satisfy this requirement.
[[Page 18600]]
FinCEN anticipates that some PPSIs may ultimately determine that
their business models and risk profiles have limited exposure to some
of the threats addressed in the AML/CFT Priorities but instead have
greater exposure to other ML/TF risks not addressed in the AML/CFT
Priorities. Additionally, some PPSIs' risk assessment processes may
determine that their AML/CFT programs already sufficiently take into
account some, or all, of the AML/CFT Priorities. In either case, any
changes to PPSIs' AML/CFT program, such as internal policies,
procedures, or controls, would be based on the results of risk
assessment processes and their impact on the AML/CFT program, including
how to review and, as appropriate, incorporate the AML/CFT Priorities
before making these determinations.
iii. Proposed 31 CFR 1033.210(b)(1)(i)(C)--Update Risk Assessment
Processes
Proposed Sec. 1033.210(b)(1)(i)(C) would require PPSIs to update
their risk assessment processes promptly upon any change that the PPSI
knows or has reason to know significantly changes its ML/TF risk
profile. For example, a PPSI may need to update its risk assessment
when new products, services, and customer types are introduced; or
existing products, services, and customer types undergo significant
changes; or when the PPSI adopts new risk mitigation technology; or if
the PPSI as a whole expands or contracts through mergers, acquisitions,
divestitures, dissolutions, and liquidations. This would include, for
example, when a payment stablecoin is deployed on a new blockchain or
new features are coded into the smart contract. A PPSI may also need to
update its risk assessment process based on factors external to its
operations that it knows or has reason to know significantly changes
its ML/TF risk profile.
2. Proposed 31 CFR 1033.210(b)(1)(ii)--Mitigate ML/TF Risks
Under the proposed rule, a PPSI's efforts to mitigate its ML/TF
risks would involve directing more attention and resources toward
higher-risk customers and activities, consistent with the risk profile
of the PPSI, rather than toward lower risk customers and
activities.\177\ The goal of risk-based allocation is for PPSIs to
spend less time, energy, and resources on lower priority activities
that may result in fewer resources devoted to, and potentially distract
from, more serious threats. The proposed rule would thus enable PPSIs
to focus more on higher risk customers and activities, which FinCEN has
determined should result in PPSIs being more effective at detecting,
reporting, and preventing the flow of illicit funds and providing law
enforcement with more valuable BSA reporting.
---------------------------------------------------------------------------
\177\ 31 U.S.C. 5318(h)(2)(B)(iv)(II).
---------------------------------------------------------------------------
As noted above, FinCEN believes that PPSIs are best positioned to
identify and evaluate their ML/TF risk and to make decisions related to
risk identification and resource allocation in accordance with risk
identification. The proposed rule, therefore, does not contemplate
regulatory second-guessing of a PPSI's reasonable determinations
regarding appropriate resource allocation or conclusions regarding
specific risks. However, while FinCEN does not believe that an examiner
should substitute his or her own subjective judgment in place of the
PPSIs, examiners will be expected to assess whether: (1) a PPSI's
resource allocation decisions are informed by, and consistent with,
reasonably designed risk assessment processes; and (2) with respect to
implementation, specifically, whether the PPSI knows or should know of
resource-related issues involving its internal policies, procedures,
and controls and other mandatory elements that may result in the PPSI
failing to implement its AML/CFT program in all material respects and
failing to address such issues.
3. Proposed 31 CFR 1033.210(b)(1)(iii)--Conduct Ongoing Customer Due
Diligence
The GENIUS Act specifies that PPSIs should be subject to all
Federal laws applicable to a financial institution located in the
United States relating to ``due diligence.'' \178\ The existing program
rules for certain financial institutions contain CDD requirements that
have commonly been referred to as the ``fifth pillar'' of AML program
rules for those types of financial institutions.\179\ Under these
requirements, covered financial institutions must establish and
maintain a written AML/CFT program that includes: ``appropriate risk-
based procedures for conducting ongoing customer due diligence, to
include, but not be limited to: understanding the nature and purpose of
customer relationships for the purpose of developing a customer risk
profile; and conducting ongoing monitoring to identify and report
suspicious transactions and, on a risk basis, to maintain and update
customer information.'' \180\
---------------------------------------------------------------------------
\178\ See 12 U.S.C. 5903(a)(5)(A).
\179\ See applicable program rules with CDD requirements for
covered financial institutions are located at 31 CFR
1020.210(a)(2)(v) and (b)(2)(v) (banks), 1023.210(b)(5) (broker-
dealers), 1024.210(b)(5) (mutual funds), and 1026.210(b)(5) (futures
commission merchants and introducing brokers in commodities). FinCEN
in February 2026 issued an order granting exceptive relief to
covered financial institutions from the requirements in 31 CFR
1010.230(b) to identify and verify the identities of beneficial
owners of legal entity customers at each new account opening. See
FinCEN, Exceptive Relief from Requirement to Identify and Verify
Beneficial Owners at Each Account Opening (Feb. 13, 2026), available
at <a href="https://www.fincen.gov/system/files/2026-02/FinCEN-Order-CCDExceptiveRelief.pdf">https://www.fincen.gov/system/files/2026-02/FinCEN-Order-CCDExceptiveRelief.pdf</a>.
\180\ See 31 CFR 1020.210(a)(2)(v) and (b)(2)(v) (banks);
1023.210(b)(5) (broker-dealers); 1024.210(b)(5) (mutual funds);
1026.210(b)(5) (futures commission merchants and introducing brokers
in commodities).
---------------------------------------------------------------------------
Proposed Sec. 1033.210(b)(1)(iii) would require PPSIs to conduct
ongoing CDD as part of their AML/CFT program obligations. To
effectively mitigate the illicit finance risks in customer
relationships, PPSIs need to obtain and maintain information sufficient
to develop an understanding of normal and expected customer activity.
This in turn requires development of an understanding of the ``nature
and purpose,'' or in other words the intent, of the customer in
initiating and maintaining the relationship. The PPSI can draw
conclusions about the type of activity and transactions the customer
can be expected to engage in, setting a ``baseline against which
aberrant, suspicious transactions are identified.'' \181\ These are
core elements and fundamental expectations of FinCEN's regulations
implementing the BSA.
---------------------------------------------------------------------------
\181\ See FinCEN, Customer Due Diligence Requirements for
Financial Institutions, 81 FR 29398, 29419 (May 11, 2016); FinCEN,
Frequently Asked Questions Regarding Customer Due Diligence
Requirements for Financial Institutions, Question 36 (Apr. 3, 2018),
available at <a href="https://www.fincen.gov/system/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf">https://www.fincen.gov/system/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf</a>.
---------------------------------------------------------------------------
For PPSIs, some considerations of the nature and purpose of
customer relationships will be similar to existing practices for other
regulated financial institutions. However, some factors may also be new
or unique due to the characteristics of the products and services being
offered. PPSIs may need to consider, among other factors, the type of
entity seeking to establish a customer relationship, the jurisdiction
in which they are domiciled, the AML/CFT obligations they are subject
to (and potentially the rigor of supervisory oversight of those
obligations), the customer's operating history, the services the
customer offers to its users, the markets that the customer serves, and
the agents or intermediaries through which the customer may provide its
services. Such business, product,
[[Page 18601]]
service, and geographic risk considerations are well established
components of existing BSA programs. PPSIs may also need to consider
information more narrowly tailored to the stablecoin market, including
both information available from public blockchains and relevant off-
chain considerations. Notably, as stated above, FinCEN assesses that
the majority of illicit activity involving stablecoins occurs on the
secondary market.\182\ Although the proposed rule would not impose a
standalone, independent obligation on a PPSI to monitor secondary
market transactions, consideration of such activity may be appropriate
in the PPSI's development and maintenance of a customer risk profile
(e.g., public blockchains may indicate that a digital assets exchange
that is a PPSI customer is engaged in deposits or withdrawal activity
of the PPSI's stablecoin with addresses attributed to illicit actors).
---------------------------------------------------------------------------
\182\ See supra section IV.D.
---------------------------------------------------------------------------
b. Proposed 31 CFR 1033.210(b)(2)--Independent Testing
The purpose of independent testing is to assess the PPSI's
compliance with AML/CFT statutory and regulatory requirements, relative
to its risk profile. This evaluation helps to inform the PPSI of
weaknesses or areas in need of enhancement or stronger controls.
Typically, this evaluation includes a conclusion about the PPSI's
overall compliance with AML/CFT statutory and regulatory requirements
and sufficient information for the reviewer (e.g., board of directors,
senior management, AML/CFT officer, outside auditor, or an examiner) to
reach a conclusion about whether the risk-based set of internal
policies, procedures, and controls are reasonably designed and
resources are well-allocated consistent with the PPSI's risk assessment
processes.
Additionally, while PPSIs retain some flexibility regarding who
conducts the audit or testing, the proposed rule would require that
testing be independent. PPSIs that do not employ outside auditors or
consultants or that do not have internal audit departments may comply
with this requirement by using internal staff who are not involved in
the function being tested. For these PPSIs and PPSIs with other types
of arrangements for independent testing, the AML/CFT officer or any
party who directly, and in some cases, indirectly reports to the AML/
CFT officer, or an equivalent role, would generally not be considered
sufficiently independent. Any individual conducting the testing,
whether internal or external, would be required to be independent of
other parts of the PPSI's AML/CFT program, including its oversight. For
PPSIs that engage outside auditors or consultants, the PPSI would be
required to ensure that the outside parties conducting the independent
testing are not involved in functions related to the AML/CFT program at
the PPSI that may present a conflict of interest or lack of
independence, such as AML/CFT training or the development or
enhancement of internal policies, procedures, and controls.
Additionally, for the purposes of the independent testing component,
outside parties would not include government agencies, entities, or
instrumentalities, such as a PPSI's primary Federal payment stablecoin
regulator or State payment stablecoin regulator. PPSIs with less
complex operations, and lower risk profiles may consider utilizing a
shared resource as part of a collaborative arrangement to conduct
testing, as long as the testing is independent.\183\ FinCEN would
generally expect, as with the AML/CFT officer component, independent
testers to have the expertise and experience to satisfactorily perform
such a duty, including having sufficient knowledge of the PPSI's risk
profile and AML/CFT laws and regulations.
---------------------------------------------------------------------------
\183\ See Board, FDIC, NCUA, OCC, and FinCEN, Interagency
Statement on Sharing Bank Secrecy Act Resources (Oct. 3, 2018),
available at <a href="https://www.fincen.gov/news/news-releases/interagency-statement-sharing-bank-secrecy-act-resources">https://www.fincen.gov/news/news-releases/interagency-statement-sharing-bank-secrecy-act-resources</a>.
---------------------------------------------------------------------------
c. Proposed 31 CFR 1033.210(b)(3)--Designate an AML/CFT Officer
Under the GENIUS Act and the BSA, an ``officer'' oversees an AML/
CFT program.\184\
---------------------------------------------------------------------------
\184\ See 12 U.S.C. 5903(a)(5)(A)(i); 31 U.S.C. 5318(h)(1)(B).
---------------------------------------------------------------------------
1. Proposed 31 CFR 1033.210(b)(3)(iii)--Duties of the AML/CFT Officer
Proposed Sec. 1033.210(b)(3)(iii) would require PPSIs to designate
an individual (referred to as an AML/CFT officer) responsible for
establishing and implementing the AML/CFT program and coordinating and
monitoring day-to-day compliance with the requirements and prohibitions
of the BSA and FinCEN's implementing regulations. FinCEN's view is that
the individual serving as the AML/CFT officer must be qualified for
that role and not overburdened with other responsibilities at the
institution.
The proposed rule is not intended to be primarily concerned about
the formal title of the individual responsible for establishing and
implementing the AML/CFT program and coordinating and monitoring day-
to-day compliance; instead, the proposed rule focuses on the AML/CFT
officer's position in the PPSI's organizational structure that enables
the AML/CFT officer to effectively establish and implement the PPSI's
AML/CFT program. The AML/CFT officer's authority, independence, and
access to resources within the PPSI are critical. An AML/CFT officer
should have decision-making capability regarding the AML/CFT program
and sufficient functional stature within the organization to ensure
that the program meets BSA requirements.
The AML/CFT officer's access to resources may include the
following: adequate compliance funds and staffing with the skills and
expertise appropriate to the PPSI's risk profile, size, and complexity;
an organizational structure that supports compliance and effectiveness;
and sufficient technology and systems to support the timely
identification, measurement, monitoring, reporting, and management of
the PPSI's ML/TF risks. An AML/CFT officer with conflicting
responsibilities that adversely impact the officer's ability to
effectively coordinate and monitor day-to-day AML/CFT compliance
generally would not fulfill this requirement.
2. Proposed 31 CFR 1033.210(b)(3)(i) and (ii)--The AML/CFT Officer
Located in the United States and Accessible to Regulators
Proposed Sec. 1033.210(b)(3)(i) and (ii) would require a PPSI's
AML/CFT officer be located in the United States and accessible to, and
subject to oversight and supervision by FinCEN and its designee. Under
the proposed rule, while the AML/CFT officer must be located in the
United States, personnel located outside of the United States would
still be permitted to perform certain AML/CFT functions. This language
does not alter existing regulations and guidance that generally
prohibit the sharing of SARs with personnel located outside of the
United States other than limited circumstances such as a bank's foreign
head office or controlling company.\185\
---------------------------------------------------------------------------
\185\ See, e.g., FinCEN, Financial Crimes Enforcement Network;
Confidentiality of Suspicious Activity Reports, 75 FR 75593 (Dec. 3,
2010); see also FinCEN, the Board, FDIC, OCC, and Office of Thrift
Supervision, Interagency Guidance on Sharing Suspicious Activity
Reports with Head Offices and Controlling Companies (Jan. 20, 2006),
available at <a href="https://www.fincen.gov/system/files/guidance/sarsharingguidance01122006.pdf">https://www.fincen.gov/system/files/guidance/sarsharingguidance01122006.pdf</a>.
---------------------------------------------------------------------------
[[Page 18602]]
3. Proposed 31 CFR 1033.210(b)(3)(iv)--Restriction on Officers With
Felony Convictions
Under the GENIUS Act, PPSIs must designate an ``officer'' to
supervise its AML/CFT program.\186\ This GENIUS Act provision reflects
the BSA requirement that a financial institution designate a
``compliance officer'' for its AML/CFT program.\187\ The GENIUS Act
further provides that no individual who has been convicted of a
``felony offense involving insider trading, embezzlement, cybercrime,
money laundering, financing of terrorism, or financial fraud'' may
serve as an ``officer'' or director of a PPSI.\188\
---------------------------------------------------------------------------
\186\ See 12 U.S.C. 5903(a)(5)(A)(i).
\187\ See 31 U.S.C. 5318(h)(1)(B).
\188\ See 12 U.S.C. 5903(f).
---------------------------------------------------------------------------
Given the use of the term ``officer'' in the GENIUS Act's
prohibition on individuals being convicted of felonies involving
certain activity and the use of the same term in the GENIUS Act and BSA
provisions regarding AML/CFT programs, FinCEN proposes to apply this
restriction to AML/CFT officers and, accordingly, is proposing adding
this requirement to the AML/CFT program's provision relating to the
individual responsible for overseeing the AML/CFT program. FinCEN
expects PPSIs would ensure an individual does not have a disqualifying
felony prior to designating an individual as responsible for the AML/
CFT program, as well as require the individual to report any such
conviction and monitor for whether the individual receives such a
conviction.
d. Proposed 31 CFR 1033.210(b)(4)--Ongoing Employee Training Program
The BSA requires AML/CFT programs to include an ``ongoing employee
training program.'' \189\ Proposed Sec. 1033.210(b)(4) would require
PPSIs establish an ongoing employee training program. FinCEN would
generally expect training to cover the PPSI's internal policies,
procedures, and controls, which should in turn reflect the results of
the PPSI's risk assessment processes, the latest AML/CFT regulatory
requirements, and other relevant information. The frequency with which
the training would occur, and the content of the training, would depend
on the PPSI's ML/TF risk profile and the roles and responsibilities of
the persons receiving the training.
---------------------------------------------------------------------------
\189\ See 31 U.S.C. 5318(h)(1)(C).
---------------------------------------------------------------------------
iii. Proposed 31 CFR 1033.210(d)--Written AML/CFT Program and Approval
Proposed Sec. 1033.210(d) would require that a PPSI's AML/CFT
program be written, and that a PPSI, upon request, make available a
copy of its written AML/CFT program to FinCEN or its designee, which
can include the appropriate agency with examination authorities
delegated by FinCEN.\190\
---------------------------------------------------------------------------
\190\ See 31 CFR 1010.810(b); see also supra section VI.C.2.
---------------------------------------------------------------------------
Proposed Sec. 1033.210(d) would also require that a PPSI's written
AML/CFT program be approved by the PPSI's board of directors or an
equivalent governing body within the PPSI, or appropriate senior
management. The proposed rule specifies that approval encompasses each
of the components of the AML/CFT program.
The proposed rule provides PPSIs with significant flexibility in
its chosen approval method. While some PPSIs may choose to have its
board approve the written AML/CFT program, for others, an equivalent
governing body might be a sole proprietor, general partner, or trustee,
or a grouping of owners, senior officers (including board committees or
other groups with oversight responsibilities), senior management, or
other persons having functions and authority similar to that of a
board.
The proposed rule's provision requiring the approval of the AML/CFT
program by a PPSI's board of directors, equivalent body, or appropriate
senior management reflects the importance of PPSIs maintaining a strong
culture of compliance. A culture of compliance involves demonstrable
support and visible commitment from leadership, the dedication of
adequate resources to AML/CFT compliance, effective information sharing
throughout the PPSI, qualified and independent testing, and
understanding across leadership and staff levels of the importance of
BSA reports. Adherence to these principles is critical to ensuring that
AML/CFT programs are effective.
iv. Proposed 31 CFR 1033.210(e)--AML/CFT Program Certifications
The proposed rule would also require PPSIs to make available to
FinCEN, or its designee, upon request any and all certifications
submitted to the PPSI's primary Federal payment stablecoin regulator or
State payment stablecoin regulator certifying that the PPSI has
implemented an AML/CFT program.\191\ While the GENIUS Act specifies
that the primary Federal payment stablecoin regulator or State payment
stablecoin regulator shall make this certification available upon
Treasury request, FinCEN's authority under the BSA also enables it to
require PPSIs to provide a copy of such certifications to FinCEN as
part of FinCEN's efforts to ensure compliance with the BSA.\192\
---------------------------------------------------------------------------
\191\ See 12 U.S.C. 5904(i)(l).
\192\ See 31 U.S.C. 5318(a)(2).
---------------------------------------------------------------------------
4. Proposed 31 CFR 1033.221--Supervision and Enforcement
As previously noted, FinCEN is proposing delegating authority to
examine PPSIs for compliance with the proposed rules to the primary
Federal payment stablecoin regulators.\193\ In another rulemaking,
FinCEN has proposed that where it has delegated its examination
authority to the OCC, Board, FDIC, and NCUA (the ``Agencies''), those
Agencies be required to consult with FinCEN prior to taking significant
AML/CFT supervisory actions and outlined FinCEN's own considerations in
determining when it will take certain enforcement actions. The proposal
also outlined that a bank would only be subject to certain kinds of
enforcement actions and significant supervisory actions for significant
and systemic failures to implement an AML/CFT program. In that
proposal, FinCEN requested comments on whether the framework outlined
in the proposal should be extended to financial institutions beyond
banks.
---------------------------------------------------------------------------
\193\ See supra section VI.C.2.
---------------------------------------------------------------------------
The GENIUS Act similarly identifies these Agencies--the OCC, Board,
FDIC, and NCUA--as primary Federal payment stablecoin regulators for
certain PPSIs as discussed in section VI.C.2.ii. Additionally, as
discussed in section IV, some stablecoin issuers engage in certain
activities that are similar to those of banks. Accordingly, in light of
the same Agencies that serve as the primary Federal payment stablecoin
regulators and certain similarities in activities as banks, FinCEN
proposes to set forth a supervision and enforcement framework that
would subject PPSIs to the same framework proposed for banks.
Specifically, the proposed rule would add Sec. 1033.221 to set forth a
supervision and enforcement framework for PPSIs' AML/CFT programs that
is aligned with the AML Act's emphasis on effectiveness and risk-based
supervision. This proposal includes three elements: the first defining
key terms; the second outlining when FinCEN or the primary Federal
payment stablecoin regulators would take enforcement or supervisory
action regarding certain kinds of AML/CFT
[[Page 18603]]
program violations; and the third outlining when the primary Federal
payment stablecoin regulators would consult with FinCEN on potential
supervisory actions. FinCEN welcomes comment on whether this
supervisory and enforcement framework should apply to PPSIs, as well as
the consultation proposal. The enforcement requirements do not apply to
and in no way affect criminal enforcement liability under the BSA.
i. Proposed 31 CFR 1033.221(a)--Definitions
Proposed Sec. 1033.221(a) would define several terms used
throughout the section.
The term ``AML/CFT enforcement action'' as proposed in Sec.
1033.221(a)(1) would mean any formal or informal action taken by FinCEN
that seeks to penalize, remedy, prevent, or respond to noncompliance
with past or ongoing violations of, or past or ongoing deficiencies
relating to, an AML/CFT requirement.
The term ``AML/CFT requirement'' as proposed in Sec.
1033.221(a)(2) would mean a requirement of the BSA, 12 U.S.C.
5903(a)(5)(A)(i)-(v), 12 U.S.C. 5903(a)(6)(B), 12 U.S.C. 5903(f)(1)(A),
or 31 CFR chapter X.
The term ``significant AML/CFT supervisory action'' as proposed in
Sec. 1033.221(a)(3) would mean any written communication or other
formal supervisory determination issued by FinCEN or a primary Federal
payment stablecoin regulator, when acting under supervisory authority
delegated by FinCEN, that identifies one or more alleged deficiencies,
weaknesses, violations of law, or unsafe or unsound practices or
conditions relating to an AML/CFT requirement; communicates supervisory
expectations regarding actions or remedial measures required to correct
the issue; and contemplates significant or programmatic actions or
remedial measures to be taken by the PPSI. Examiner observations,
suggestions, or other informal comments would be expressly excluded
from this definition.
ii. Proposed 31 CFR 1033.221(b)--Enforcement and Supervision Policy
Proposed Sec. 1033.221(b) would articulate FinCEN's enforcement
and supervision policy as it relates to AML/CFT requirements for
PPSIs.\194\ Except with respect to a significant or systemic failure to
implement an effective AML/CFT program (i.e., deficiencies or issues
that arise from failing to implement, in all material respects, a
properly established AML/CFT program), a PPSI that has properly
established an AML/CFT program would not be subject to an AML/CFT
enforcement action based on a violation of proposed Sec. 1033.210 by
FinCEN or to a significant AML/CFT supervisory action based on a
violation of proposed Sec. 1033.210 by FinCEN or by a primary Federal
payment stablecoin regulator, when acting under supervisory authority
delegated by FinCEN.
---------------------------------------------------------------------------
\194\ The proposal is not intended to and does not affect
criminal enforcement liability under the BSA, or the related
authority of the Department of Justice.
---------------------------------------------------------------------------
The proposed rule would clarify that nothing in this policy would
restrict an AML/CFT enforcement action or a significant AML/CFT
supervisory action with respect to a failure to properly establish an
AML/CFT program. Moreover, the proposed rule would not affect the
factors that FinCEN applies in the disposition of a violation once
FinCEN has determined that such violation involves either: (1) a
failure to properly establish an AML/CFT program, or (2) a significant
or systemic failure to implement an AML/CFT program.\195\
---------------------------------------------------------------------------
\195\ FinCEN, FinCEN Statement on Enforcement of the Bank
Secrecy Act, pp. 2-3 (Aug. 18, 2020), available at <a href="https://www.fincen.gov/system/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf">https://www.fincen.gov/system/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf</a>.
---------------------------------------------------------------------------
iii. Proposed 31 CFR 1033.221(c) and (d)--FinCEN Consultation and
Consideration
Proposed Sec. 1033.221(c) would establish a notice and
consultation framework applicable when a primary Federal payment
stablecoin regulator, acting under supervisory authority delegated by
FinCEN, intend to initiate a significant AML/CFT supervisory action.
Before initiating such an action, the primary Federal payment
stablecoin regulator would be required to provide the Director of
FinCEN with an opportunity to review the action and consider any input
offered by the Director, which may include any view as to the
effectiveness of the PPSI's AML/CFT program. To facilitate that review,
the primary Federal payment stablecoin regulator would be required to
provide written notice to the Director of their intent to take the
action at least 30 days in advance of the proposed action, unless a
shorter period is necessary, in the sole discretion of the primary
Federal payment stablecoin regulators, to remedy, prevent, or respond
to an unsafe or unsound practice or condition.
The notice would be accompanied by the relevant AML/CFT information
underlying the proposed action. Relevant AML/CFT information may
include, but is not limited to: the relevant portions of the draft
report enforcement action; the relevant examination workpapers
supporting the proposed action and the relevant AML/CFT information
submitted by the PPSI to the primary Federal payment stablecoin
regulator. FinCEN notes the primary Federal payment stablecoin
regulators would not be obligated to provide information over which the
PPSI may claim privilege under Federal or State law. The primary
Federal payment stablecoin regulators would also be required to respond
to requests for additional AML/CFT information from the Director
regarding the proposed action.
Finally, proposed Sec. 1033.221(d) specifies the factors that the
Director of FinCEN would consider in determining whether to take an
enforcement action or significant supervisory action with respect to
PPSIs, or when reviewing a proposed action by a primary Federal payment
stablecoin regulator. These factors would include the factors set forth
in 31 U.S.C. 5318(h)(2)(B), as applicable; the extent, if any, to which
the PPSI--where appropriate in light of its size, complexity, and risk
profile--has advanced the AML/CFT Priorities by providing highly useful
information to law enforcement or national security officials,
conducting proactive analytics or performing other innovative
activities producing demonstrable outputs evincing the effectiveness of
the PPSI's AML/CFT program (including effective use of artificial
intelligence, federated learning, or other advanced monitoring tools);
and any other factor the Director deems appropriate, including the
PPSI's size, complexity, and risk profile, and, as relevant,
circumstances in which the PPSI's low-risk customers or limited
business activities naturally limit the extent to which the PPSI can
meaningfully contribute to AML/CFT Priorities.
The FinCEN Director's consideration of the extent to which a PPSI
has provided highly useful information to law enforcement or national
security agencies reflects that FinCEN considers information sharing to
be an important element of an effective AML/CFT program. PPSIs may
share useful information by responding to 314(a) requests, or may use
314(b) authorities to share information with other financial
institutions to identify and report to the federal government
activities that may involve ML/TF. PPSIs may also elect to participate
in the FinCEN Exchange Program, a voluntary public-private information
sharing partnership among FinCEN, law enforcement agencies, national
security
[[Page 18604]]
agencies, and financial institutions and other private sector entities
that aims to support priority national security and counter-illicit
finance objectives.\196\ FinCEN strongly encourages information sharing
for the purpose of advancing the AML/CFT Priorities.
---------------------------------------------------------------------------
\196\ FinCEN, FinCEN Exchange, available at <a href="https://www.fincen.gov/resources/fincen-exchange">https://www.fincen.gov/resources/fincen-exchange</a>.
---------------------------------------------------------------------------
The Director of FinCEN may consider the above alongside other
factors, including those outlined in the FinCEN Statement on
Enforcement of the Bank Secrecy Act, such as the nature and seriousness
of violations, including the extent of possible harm to the public and
amounts involved; impact or harm of the violations on FinCEN's mission
to safeguard the financial system from illicit use, combat money
laundering, and promote national security; or financial gain or other
benefit resulting from, or attributable to, the violations, amongst
others.\197\
---------------------------------------------------------------------------
\197\ FinCEN, FinCEN Statement on Enforcement of the Bank
Secrecy Act (Aug. 18, 2020), available at <a href="https://www.fincen.gov/system/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf">https://www.fincen.gov/system/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf</a>.
---------------------------------------------------------------------------
5. Proposed Amendment to 31 CFR 1010.230--Collection of Beneficial
Ownership Information
FinCEN is proposing to require PPSIs to collect beneficial
ownership information about legal entity customers, which is critical
for a PPSI to effectively carry out its due diligence obligations as
provided in the GENIUS Act.\198\ This proposed obligation is
effectuated through FinCEN's proposed AML/CFT program obligation, its
proposed amendment to Sec. 1010.605(e)(1), and its proposed amendment
to Sec. 1010.230(b)(2) and (c).\199\ Collecting information on legal
entity customers helps a financial institution assess and mitigate
risk, as well as the ability of law enforcement to identify assets and
accounts connected with illicit activity. FinCEN is not contemplating
application of CDD to secondary market activity. Accordingly, FinCEN is
not extending the collection of beneficial ownership information to
secondary market activity.
---------------------------------------------------------------------------
\198\ See 12 U.S.C. 5903(a)(5)(A).
\199\ See Customer Due Diligence Requirements for Financial
Institutions, 81 FR at 29398. As previously highlighted, FinCEN in
February 2026 issued an order granting exceptive relief to covered
financial institutions from the requirements in 31 CFR 1010.230(b)
to identify and verify the identities of beneficial owners of legal
entity customers at each new account opening. See Exceptive Relief
from Requirement to Identify and Verify Beneficial Owners at Each
Account Opening, supra note 179.
---------------------------------------------------------------------------
Pursuant to Sec. 1010.230(a) ``covered financial institutions''
are required ``to establish and maintain written procedures that are
reasonably designed to identify and verify beneficial owners of legal
entity customers and to include such procedures in their anti-money
laundering compliance program required under 31 U.S.C. 5318(h) and its
implementing regulations.'' Section 1010.230(f) defines ``covered
financial institution'' for purposes of the section by referencing
Sec. 1010.605(e)(1), to which FinCEN is proposing to add PPSIs.
Section 1010.230 provides further specificity on the kinds of
procedures that must be established and maintained and the meaning of
account, including in Sec. 1010.230(b)(2) and (c). For financial
institutions currently required to collect beneficial ownership
information, Sec. 1010.230(b)(2) and (c) reference the customer
identification program regulation in the respective parts for those
institutions. Given that no such regulation currently exists for PPSIs,
FinCEN proposes language generally describing identification
verification procedures and the meaning of account. More specifically,
FinCEN is currently proposing requiring procedures relating to
verifying the identity of beneficial owners that would contain the same
elements as 31 CFR 1022.220(a)(2), the customer identification program
rule for banks. FinCEN proposes that in explaining the meaning of
account in Sec. 1010.230(c), FinCEN clarify that for PPSIs an account
is a formal relationship between a customer and a permitted payment
stablecoin issuer established to provide or engage in services,
dealings, or other financial transactions. FinCEN anticipates further
modifications to its proposed language based on its expected
forthcoming rulemaking implementing the GENIUS Act's requirement that
PPSIs maintain customer identification programs.\200\ Ultimately,
FinCEN expects the requirement under Sec. 1010.230 for PPSIs will
closely adhere to existing BSA requirements that apply to many other
types of financial institutions, including banks.
---------------------------------------------------------------------------
\200\ 12 U.S.C. 5903(a)(5)(A)(v).
---------------------------------------------------------------------------
6. Proposed 31 CFR 1033.240--Additional Technical Capabilities,
Policies, and Procedures for PPSIs
The GENIUS Act requires that PPSIs have ``technical capabilities,
policies, and procedures to block, freeze, and reject specific or
impermissible transactions that violate Federal or State laws, rules,
or regulations.'' \201\ The GENIUS Act also requires that PPSIs ``issue
payment stablecoins only if the issuer has the technological capability
to comply, and will comply, with the terms of any lawful order.
[…truncated; see source link]Indexed from Federal Register on April 10, 2026.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.