OVERVIEW OF THE JOINT PROPOSAL
On April 10, 2026, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) published a joint proposed rule to implement the anti-money laundering and countering the financing of terrorism (AML/CFT) obligations of the GENIUS Act. The proposed joint rule was part of a flurry of proposals issued by FinCEN and the federal banking agencies in April to amend the AML/CFT regulations more generally. Specific to the GENIUS Act implementation, the joint proposal contains provisions relating to sanctions and to AML/CFT obligations by PPSIs.
As for high-level observations, the proposed joint rule does not apply the specific technology of PPSIs to the requirements. Rather, the provisions track existing legal obligations under AML/CFT laws and regulations. In particular, for the special standards of diligence and special measures for PPSIs, the proposed joint rule refers back to the existing provisions under the customer due diligence rule[1] as the standard for PPSIs to observe.
In the preamble, however, FinCEN and OFAC address the special technological challenges posed by payment stablecoin as a vehicle for illicit activity. In addition, the proposed joint rule would require “consultation and consideration” between FinCEN and a primary federal payment stablecoin regulator when the regulator acts “pursuant to authority delegated under this chapter.” Although coordination occurs in the present framework, this provision represents an exertion of FinCEN (and Treasury) oversight as to the federal bank agencies’ enforcement of AML/CFT as to PPSIs.
SANCTIONS COMPLIANCE REQUIREMENTS
As for sanctions, the proposed rule would require PPSIs to maintain an effective sanctions compliance program. Consistent with the existing OFAC’s sanctions obligations that apply applicable to US persons, the proposed rule requires risk assessments, internal controls, testing and auditing, and a training program to implement the PPSI’s sanctions compliance program.
The proposed provisions do not impose specific technical standards, remaining technology neutral, including the provision requiring that the PPSI block or reject any payment stablecoin-related activity that violates or would violate US sanctions but without providing details as to how the PPSI is to block or reject violative stablecoin activity.
As for penalties, a PPSI shall be liable for civil penalties of up to $100,000 for each day on which violations occur. For knowing violations of the requirement to maintain an effective sanctions compliance program, an additional civil penalty of $100,000 per day may be imposed.
AML/CFT COMPLIANCE PROGRAM REQUIREMENTS
The AML/CFT provisions begin with adding PPSI to the definition of financial institution under the existing FinCEN regulations to implement the GENIUS Act’s provision. The preamble notes that stablecoin issuers currently are money transmitters subject to FinCEN’s money service businesses rule, thereby subjecting them already to AML/CFT obligations under FinCEN’s regulations.
Similar to the sanctions section, the proposed rule proceeds to place PPSI under the same obligations as required currently of financial institutions. Specifically, a PPSI would be required to establish an effective Bank Secrecy Act (BSA)/AML program and deems the PPSI as in compliance with the AML/CFT requirements[2] if it complies with the proposed joint rule’s provisions. The program elements in the joint proposal require the PPSI to undertake the following parallel AML/CFT obligations:
- Establish a risk-based set of internal policies, procedures, and controls reasonably designed to ensure compliance with the BSA by:
- Applying risk assessment processes to identify, assess, and document the risks that:
- Evaluate the illicit finance risks of the PPSI, including its products, services, distribution channels, customers, and geographic locations;
- Review and incorporate as appropriate the AML/CFT priorities; and
- When changes occur such that the PPSI knows or has reason to know the changes significantly affect the AML/CFT risks, the PPSI promptly updates its policies and procedures.
- Applying risk assessment processes to identify, assess, and document the risks that:
- Mitigating the PPSI’s AML/CFT risks in keeping with the risk assessment processes required by the section. Directing more attention and resources toward higher-risk customers is an example of risk mitigation.
- Conducting ongoing due diligence of customers that includes the same principles as in the AML/CFT original regulations: establishing a customer risk profile and conducting ongoing monitoring, including updating beneficial ownership of legal entity customers.
- The proposed joint rule contains suspicious activity reporting and record-keeping requirements, some of which are tailored to the specific PPSI model.
Notably, the joint rule directs the PPSI to designate “an individual, who is located in the United States” and is “accessible to and subject to oversight and supervision by FinCEN and its designee” to be responsible for establishing and implementing the AML/CFT program and monitoring day-to-day compliance.
HOW WE CAN HELP
Our team stands ready to helps companies across the digital asset arena. We understand the significant opportunities for clients—both digital asset natives and new entrants.
For additional insights and ongoing developments, visit our Stablecoin hub page.
