Publications

#news-content { display: block; } .meta-tag-list { display: block !important; visibility: visible !important; }

^Memos ^{Go Back}

Treasury Proposes Anti-Money Laundering and Sanctions Compliance Rules for Permitted Stable Coin Issuers Under the GENIUS Act

04.16.26

On April 8, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) issued a notice of proposed rulemaking to implement the anti-money laundering/countering the financing of terrorism (AML/CFT) and U.S. economic sanctions provisions of the GENIUS Act (the Proposed Rule). The Proposed Rule treats permitted payment stablecoin issuers (PPSIs) as financial institutions for purposes of the BSA and imposes anti-money laundering and sanctions compliance obligations on PPSIs consistent with other U.S. financial institutions, with some differences specific to PPSIs under the GENIUS Act, including—for the first time—imposing an affirmative requirement on U.S. companies to establish a sanctions compliance program.

AML/CFT Compliance

Under the Proposed Rule, PPSIs would have compliance obligations consistent with those required of other U.S. financial institutions and, in some cases, FinCEN has tailored requirements for PPSIs to ensure compliance with the GENIUS Act or to account for the unique properties of stablecoins.

AML/CFT Program Requirement: The Proposed Rule would require PPSIs to implement an AML/CFT program comprised of four pillars: (1) written internal policies, procedures, and controls, including, where applicable, ongoing customer due diligence; (2) independent program testing; (3) the designation of a S.-based compliance officer;^{^[1]} and (4) ongoing employee training. The PPSI’s AML/CFT program must be approved by the board or an equivalent governing body within the PPSI, or appropriate senior management, and made available to FinCEN or the relevant Federal regulator upon request.
Risk Assessment Process: PPSIs will be required to implement a risk assessment process, which would have to: (1) evaluate the money laundering/terrorist financing (ML/TF) risks of the PPSI’s business activities;
(2) review and, as appropriate, incorporate national AML/CFT priorities published annually by FinCEN; and (3) be updated upon any change that would significantly change the PPSI’s ML/TF risks. The PPSI’s policies, procedures, and controls would need to be reasonably designed to mitigate identified ML/TF risks—and be updated as risks evolve—and be designed to devote more attention and resources toward higher-risk than lower-risk activities and customers.
Suspicious Activity Monitoring and Reporting: The Proposed Rule would require PPSIs to undertake suspicious activity monitoring and reporting for suspicious transactions that are conducted or attempted by, at or through a PPSI and involving or at least $5,000 in the aggregate in funds or other assets. This requirement would only apply to primary market transactions.
Recordkeeping and Reporting Requirements: PPSIs would, with some exceptions, need to comply with the requirements of the Recordkeeping Rule and the so-called “Travel Rule,” which would require PPSIs to maintain records of funds transfers in amounts of $3,000 or more, to transmit certain information to other financial institutions, and to comply with the Currency Transaction Reporting (CTR) requirements for currency transactions of $10,000 or more.
FinCEN Information Requests: PPSIs would be required to comply with FinCEN information requests under Section 314(a) of the USA PATRIOT Act, which requires a financial institution to search its records to determine whether it maintains or has maintained any accounts for or transacted with individuals or entities identified in the request. PPSIs would also be eligible to participate in voluntary information-sharing with other financial institutions under Section 314(b) of the USA PATRIOT Act.
Technical Blocking, Freezing and Rejecting Capabilities: The Proposed Rule would require PPSIs to have the technical capabilities, policies, and procedures to (i) block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations and (ii) comply, and to in fact comply, with the terms of any lawful order. Significantly, FinCEN notes in the proposed rule that certain stablecoin issuers are currently able to block, freeze, or reject transactions involving their stablecoins via smart contracts, and that stablecoin issuers can leverage this capability on both secondary as well as primary markets. Therefore, FinCEN proposes to extend these obligations to both primary and secondary market activity. FinCEN has not, however, prescribed specific technical requirements because it believes that PPSIs are best positioned to determine how to effectively comply with these requirements.
Enhanced Due Diligence: Finally, like other financial institutions, PPSIs would be required to undertake customer due diligence and enhance due diligence for correspondent and private banking accounts, and to comply with Section 311 of the USA PATRIOT Act, which imposes special measures with respect to foreign banks, jurisdictions, or transactions deemed to be of primary money laundering concern. The customer due diligence obligations would not generally apply to secondary markets.

FinCEN has proposed to delegate examination authority over PPSIs to the same federal agencies responsible for examining the same entities for safety and soundness (i.e., the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve (the Fed), the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA)), and to the Internal Revenue Service where no such federal agency exists (i.e., where the PPSI is supervised by a state agency).

Consistent with proposed rules issued on April 7, 2026, by FinCEN, OCC, FDIC and NCUA to overhaul AML/CFT Supervision and Enforcement,^{^[2]} the Proposed Rule would focus enforcement or supervisory actions on compliance issues primarily arising from a PPSI’s establishment of its AML/CFT program, rather than on the maintenance of the program. Specifically, if a PPSI has properly established an AML/CFT program under the Proposed Rule, FinCEN, or any agencies acting on its behalf, generally would not take a major supervisory enforcement action unless the PPSI has a significant or systemic failure to maintain that program. Establishing an AML/CFT program would require establishing a program that incorporates the four pillars described above and keeping the program current as the PPSI’s risk profile evolves. Maintaining the program would require an institution to implement its program in all material respects (i.e., executing the program in practice).

Because the activities of PPSIs would necessarily constitute money transmission, to avoid overlapping requirements, FinCEN proposes to carve PPSIs out from the definition of Money Services Businesses (MSBs). FinCEN will, however, leave unchanged prior guidance related to the compliance obligations under the BSA for MSBs, including related to the administration or exchange of convertible virtual currency. Moreover, a PPSI that also offers services outside of payment stablecoins (e.g., offering tokens that are not payment stablecoins) may still be subject to regulation as an MSB and would have to comply with relevant requirements.

Finally, where a PPSI is a subsidiary of a parent insured depository institution, or has existing AML/CFT compliance obligations (e.g., by virtue of being a non-insured national bank), the PPSI would be permitted to leverage its parent’s or its existing program, but to the extent that the requirements specific to a PPSI exceed such program, the PPSI would need to comply with the PPSI-specific requirements.

Sanctions Compliance

Perhaps the most significant regulatory development related to the Proposed Rule is that, pursuant to the GENIUS Act, PPSIs will have an affirmative obligation to implement and maintain an effective sanctions compliance program. This represents the first time that federal law has explicitly required U.S. persons to have an OFAC compliance program.

In order to comply with the GENIUS Act requirements, OFAC has proposed that an effective sanctions compliance program will contain five main pillars: (i) senior management and organizational commitment, (ii) risk assessments, (iii) internal controls, (iv) testing and auditing, and (v) training, which will be codified in OFAC regulations. These five pillars are drawn from and mirror recommendations previously promulgated by OFAC in its 2019 “A Framework for OFAC Compliance Commitments.” Banks and more sophisticated PPSIs may already have these policies and procedures in place, but for others, they would need to develop such program alongside the new AML/CFT program requirements.

OFAC has proposed that failure to maintain an effective sanctions compliance program would result in penalties of up to $200,000 per day for knowing violations of the GENIUS Act’s requirements. Although not specifically addressed in the Proposed Rule, we would expect that such penalties may be in addition to civil or criminal penalties for any underlying violations of OFAC-administered economic sanctions, which are strict liability for civil violations and can result in civil penalties of up to $377,700 or twice the amount of the underlying transaction for violations of the International Emergency Economic Powers Act (IEEPA) or up to $111,308 for violations of the Trading with the Enemy Act (TWEA). OFAC weighs the effectiveness of a company’s sanctions compliance program when determining whether and to what extent to impose a civil penalty, and a comprehensive sanctions compliance program has been a strong mitigating factor in the eyes of OFAC enforcement.

[1] The Proposed Rule clarifies that certain AML/CFT operations (excluding SARs) may be delegated to third-party providers or personnel located outside of the United States.

[2] Read our client alert on the proposed rules here.