Permitted Payment Stablecoin AML/CFT Sanctions Compliance Requirements

Content

ACTION:

Joint proposed rule.

SUMMARY:

The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC)
are jointly issuing this proposed rule to implement provisions of the Guiding and Establishing National Innovation for U.S.
Stablecoins Act (GENIUS Act). Specifically, it implements the GENIUS Act's directive to treat permitted payment stablecoin
issuers (PPSIs) as financial institutions for purposes of the Bank Secrecy Act, proposes anti-money laundering obligations
for PPSIs, and proposes certain specific obligations required by the GENIUS Act for PPSIs. It also implements the GENIUS Act's
directive to require PPSIs to maintain effective sanctions compliance programs.

DATES:

Comments must be received by June 9, 2026.

ADDRESSES:

Comments must be submitted in one of the following two ways (please choose only one of the ways listed):

• Electronically at https://www.regulations.gov. Follow the “Submit a comment” instructions under Docket FINCEN-2026-0100. If you are reading this document on federalregister.gov, you may use the green “SUBMIT A PUBLIC COMMENT” button beneath this rulemaking's title to submit a comment to the regulations.gov docket.

• You may mail written comments to the following address: Regulatory and Strategic Affairs Division, Financial Crimes Enforcement Network, P.O. Box 39, Vienna, VA 22183. Mailed comments must be received by the close of the comment period. Do not include any personally identifiable information (such as name, address, or other contact information) or confidential business information that you do not want publicly disclosed. All comments are public records; they are publicly displayed exactly as received, and will not be deleted, modified, or redacted. Comments may be submitted anonymously. Follow the search instructions on https://www.regulations.gov to view public comments.

In accordance with 5 U.S.C. 553(b)(4), a summary of this rule may be found at https://www.regulations.gov under Docket FINCEN-2026-0100.

FOR FURTHER INFORMATION CONTACT:

FinCEN: The FinCEN Regulatory Support Section by submitting an inquiry at www.fincen.gov/contact.

OFAC: Assistant Director for Regulatory Affairs, 202-622-4855 or https://ofac.treasury.gov/contact-ofac.

SUPPLEMENTARY INFORMATION:

I. Executive Summary

Payment stablecoins could revolutionize payment systems, but the U.S. financial system's strength, size, and reliability make
its payment systems a notable target for misuse by illicit actors, which jeopardizes U.S. national security. To combat illicit
finance risk, this notice of proposed rulemaking (NPRM) implements the GENIUS Act's directive to subject PPSIs to anti-money
laundering (AML) requirements, including Bank Secrecy Act (BSA) requirements, and to require PPSIs to maintain an effective
economic sanctions compliance program.

Although issued jointly by FinCEN and OFAC, the NPRM outlines independent changes to two different chapters of Title 31 of
the Code of Federal Regulations. First, FinCEN is proposing changes to its existing regulations and creation of a new part
of chapter X to effectuate the GENIUS Act's directive to apply BSA and AML obligations to PPSIs. Second, OFAC is proposing
a new part to chapter V to effectuate the GENIUS Act's directive that PPSIs maintain an effective economic sanctions compliance
program.

II. Statutory Authority

A. The Guiding and Establishing National Innovation for U.S. Stablecoins Act

The GENIUS Act provides a comprehensive framework for the regulation of payment stablecoins. (1) The GENIUS Act outlines the reserve, capital, liquidity, and risk management requirements for PPSIs and tasks implementing
those requirements to the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System
(Board), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and, as applicable,
any State payment stablecoin regulators. (2) The OCC, Board, FDIC, and NCUA are responsible for establishing a process and framework for the licensing, regulation, examination,
and supervision of PPSIs under their respective purviews. (3) The GENIUS Act requires that a PPSI “be treated as a financial institution for purposes of the Bank Secrecy Act, and as such,
shall be subject to all Federal laws applicable to a financial institution located in the United States relating to economic
sanctions, prevention of money laundering, customer identification, and due diligence.” (4) The GENIUS Act directs the Secretary of the Treasury to issue regulations, tailored to the size and complexity of the PPSI,
implementing this provision of the GENIUS Act. (5)

Regarding the BSA and AML, in addition to its clear, general directive that PPSIs be treated as financial institutions for
purposes of the BSA and be subject to “all Federal laws” related to preventing money laundering, the GENIUS Act specifies
that a PPSI's obligations include: (i) maintenance of an effective AML program, which includes appropriate risk assessments
and designation of an officer to supervise the program; (ii) retention of appropriate records; (iii) monitoring and reporting
any suspicious transaction relevant to a possible violation of law or regulation; (iv) maintenance of technical capabilities,
policies, and procedures to

  block, freeze, and reject specific or impermissible transactions that violate Federal or State law, rules, or regulations;
  and (v) maintenance of an effective customer identification program, [(6)]() including identifying and verifying the PPSI's account holders, high-value transactions, and appropriate enhanced due diligence. [(7)]() The GENIUS Act contains other provisions that control illicit risk in the payment stablecoin ecosystem. One of these provisions
  is the requirement that PPSIs only issue payment stablecoins if the issuer has the technological capability to comply and
  will comply with the terms of any “lawful order,” which the GENIUS Act defines, in part, as an order issued or promulgated
  by a Federal agency or court to seize, freeze, burn, or prevent the transfer of payment stablecoins. [(8)]()

Regarding sanctions, the GENIUS Act expressly subjects PPSIs to “all Federal laws applicable to a financial institution located
in the United States relating to economic sanctions” (9) and requires PPSIs to maintain “an effective economic sanctions compliance program, including verification of sanctions lists,
consistent with Federal law.” (10)

This NPRM represents one piece of the comprehensive regulatory framework for PPSIs set out in the GENIUS Act. (11)

B. The Bank Secrecy Act

The Bank Secrecy Act, or “BSA,” is the common name for a collection of statutory authorities designed to safeguard the national
security of the United States by combating money laundering, the financing of terrorism, and other illicit finance activity. (12) Under the BSA, Congress authorized the Secretary to impose various obligations on financial institutions, including requiring
risk-based programs to prevent money laundering and the financing of terrorism. The BSA also enables the Secretary to require
financial institutions to file reports and keep records that “are highly useful” including “in criminal, tax, or regulatory
investigations, risk assessments, or proceedings,” or in the conduct of “intelligence or counterintelligence activities, including
analysis, to protect against terrorism.” (13) In order to enable both the public and private sectors to identify and stop illicit actors, the BSA also directed the establishment
of appropriate frameworks for information sharing among various actors, including financial institutions and law enforcement
authorities. (14) The Secretary has delegated the authority to implement, administer, and enforce the BSA and its associated regulations to
the Director of FinCEN. (15)

Many of the obligations included in the BSA are explicitly included in the GENIUS Act as obligations imposed on PPSIs. For
example, in both the BSA and the GENIUS Act, Congress authorized Treasury to impose obligations to maintain effective AML
programs; (16) retain records; (17) monitor and report suspicious activity; (18) maintain customer identification programs; (19) and conduct enhanced due diligence. (20)

C. Office of Foreign Assets Control Statutory Authority

OFAC acts under Presidential national emergency powers, as well as various statutory authorities, and has been delegated responsibility
by the Treasury Secretary for developing, administering, and enforcing U.S. economic sanctions. The International Emergency
Economic Powers Act (IEEPA), enacted in 1977, is a key authority for imposing economic sanctions. (21) IEEPA authorizes the President to declare a national emergency in response to an unusual or extraordinary threat to the United
States that has its source in whole or substantial part outside the United States. (22) Upon declaration of a national emergency, IEEPA authorizes the President to, among other actions, investigate, block, regulate,
or prohibit transactions and dealings in property subject to U.S. jurisdiction when a foreign national or country has an interest. (23) IEEPA also provides the President with the authority to issue regulations as may be necessary to exercise the authorities
granted in IEEPA. (24) The President typically delegates the authority to administer economic sanctions pursuant to IEEPA to the Secretary, who redelegates
the implementation authority to OFAC. (25)

Through the exercise of its delegated IEEPA authority and other authorities, OFAC administers and enforces economic sanctions
to prohibit certain transactions and to block assets under U.S. jurisdiction, including by issuing civil money penalties.
OFAC sanctions include sanctions that block the property or interests in property of, or prohibit certain transactions or
dealings with, sanctioned individuals and entities, including foreign governments and officials, terrorists, international
narcotics traffickers, and those engaged or who have engaged in activities such as serious human rights abuse, corruption,
the proliferation of weapons of mass destruction, transnational organized crime, sanctions evasion, or the provision of material
support to sanctioned individuals and entities. OFAC also administers comprehensive sanctions that broadly prohibit

  transactions and dealings involving an entire country or geographic region or a particular sector of a country's economy.

III. Advance Notice of Proposed Rulemaking

Treasury issued an advance notice of proposed rulemaking (ANPRM) in September 2025 seeking public comment on potential Treasury
regulations implementing the GENIUS Act. (26) Pertinent to this proposal, the ANPRM asked questions related to definitions used in the GENIUS Act; the GENIUS Act's BSA,
AML, and sanctions program provisions; and the potential costs and benefits associated with BSA and sanctions obligations. (27)

In response to this ANPRM, Treasury received approximately 450 timely comments from a variety of stakeholders, including banks
and credit unions, stablecoin issuers, digital asset exchanges, analytics companies, law firms, trade associations, non-governmental
organizations, technology firms, academics, and members of the public. Treasury reviewed and considered the pertinent comments
in crafting this proposal.

In general, commenters supported applying BSA and sanctions program obligations to PPSIs. For BSA obligations, some commenters
advocated these requirements mirror existing obligations and risk-based frameworks. Some commenters generally asserted that
different obligations should apply with regards to transactions on the primary market versus transactions on the secondary
market. (28) On costs and benefits, some commenters acknowledged meaningful upfront costs associated with complying with the BSA, sanctions
program obligations, and the GENIUS Act, particularly for new or unregulated entrants, but also stated that clearer rules
would lower long-term compliance friction, reduce illicit finance risks, improve supervisory efficiency, and ultimately strengthen
market confidence and U.S. competitiveness.

IV. Stablecoin Ecosystem

The GENIUS Act only governs a subcategory of stablecoins, namely “payment stablecoins” as defined by the GENIUS Act, and a
subcategory of actors in the payment stablecoin ecosystem, most critically for this rulemaking, PPSIs. (29) Thus, under the GENIUS Act, not all stablecoins are payment stablecoins and not all stablecoin issuers will be eligible to
be PPSIs. Because the GENIUS Act framework is not yet in place, it is not yet determined which specific stablecoins will be
payment stablecoins and which specific issuers will be PPSIs. An understanding of the stablecoin ecosystem, uses of stablecoins,
and risks associated with stablecoins generally informs the parameters of the proposed rule, including the rationale behind
certain proposed obligations.

A. Overview of Stablecoins and Stablecoin Issuers

Stablecoins are a blockchain-based (30) digital asset (31) designed to maintain a stable value relative to an underlying asset, most often, but not always, a fiat currency. (32) Many stablecoin issuers represent that their stablecoin can be redeemed at par upon request, although redemption terms and
rights vary by stablecoin. The asserted redemption value of a stablecoin is generally tied to the value of the pool of reserve
assets that “backs” the stablecoin. (33)

Most stablecoins backed by financial assets, including fiat currency, have centralized control, meaning that one company,
or a group of companies, are responsible for governance functions, including defining and ensuring compliance with standards
related to the issuance, purchase, redemption, custody, and transfer of the stablecoin. Generally, a stablecoin issuer will
issue a stablecoin when a user provides the issuer funds denominated in the fiat currency of the stablecoin's peg. Similarly,
a stablecoin is redeemed when a user exchanges stablecoins with the stablecoin issuer for funds valued at the corresponding
amount of fiat currency.

Currently, many stablecoin issuers generally interact directly with a small number of larger companies, which are often institutional
participants in the trading of digital assets (i.e., digital asset exchanges). (34) Those companies, in turn, interact with a larger and more diverse group of users. Many stablecoin issuers predominantly offer
issue and redemption services to financial institutions, including digital asset exchanges that may be regulated under the
BSA as money services businesses (MSBs). (35) Generally, once an issuer issues stablecoins to such financial institutions, those institutions put the stablecoins into broader
circulation to other users, such as individual, retail users. Similarly, individual users generally do not redeem stablecoins
through a stablecoin issuer but rather interact with a digital asset exchange or platform. (36) However, in the future, issuers could more commonly interact directly with retail users, including issuing and redeeming payment
stablecoins.

Most stablecoin issuers use smart contracts (37) to issue stablecoins, enable

  or prohibit subsequent transactions in the stablecoin, and redeem stablecoins. The smart contracts underlying most stablecoins
  maintain a ledger of the number of stablecoins “owned by a set of accounts where each account is owned by a blockchain address”
  or wallet. [(38)]() Smart contracts generally allow for programmability that can enable a stablecoin issuer to maintain control over and alter
  the use of its stablecoin.

In the current environment, control capabilities vary depending on how the stablecoin issuer designed the stablecoin, including
the associated smart contract and the blockchain on which the smart contracts are deployed. For example, a stablecoin issuer
may be able to prohibit specific wallet addresses from interacting with the stablecoin and its smart contract. Applying such
controls to a particular wallet address would effectively prevent the holder of a stablecoin from transferring, redeeming,
or otherwise moving the stablecoin. Additionally, some stablecoin issuers can send stablecoins in circulation to an unrecoverable
wallet address, commonly referred to as “burning,” effectively removing the stablecoins from a given wallet and from circulation
in general. (39) In some cases, including when required by a lawful order, stablecoin issuers reissue stablecoins equivalent to burned or frozen
funds to different wallets as part of efforts to recover and return funds to victims of criminal activity.

B. Stablecoin Use Cases

Currently, most stablecoin users primarily rely on stablecoins to store value, facilitate trades in other digital assets,
or to interact with smart contracts. Payment stablecoins could, however, become a more widely adopted form of payment. (40) U.S. consumers and businesses process trillions of dollars of payments daily. (41) Although innovations like real-time payment networks (42) decrease settlement times, particularly for domestic transfers, cross-border payments through traditional payment mechanisms
remain more costly and slower. (43) Innovation in cross-border payments could support economic growth, including by facilitating international trade. Payment
stablecoins may be able to mitigate some of the challenges individuals and small businesses face in navigating cross-border
payments by increasing speed, decreasing cost, and enabling transactions with fewer intermediaries. (44)

C. Payment Stablecoin Activity

Due to the use of smart contracts underlying stablecoin transactions and how users interact with stablecoin issuers, the ecosystem
can, broadly speaking, be divided into two components, the primary market and the secondary market. For the purposes of this
rulemaking, FinCEN and OFAC use these terms to help describe categories of payment stablecoin activity and articulate the
parameters of particular obligations.

FinCEN and OFAC will use the term “primary market” to generally describe a PPSI interacting directly with a user or holder
of a payment stablecoin, such as when a PPSI engages in issuing, converting, redeeming, repurchasing, burning, and reissuing
payment stablecoins, as well as providing associated services, such as providing custodial services. (45) Generally speaking, primary market activity will involve activity where a PPSI and a user have a relationship or direct interaction
beyond the involvement of a PPSI's smart contract (e.g., the PPSI's maintenance of an account through which the transactions of such user or customer may be effectuated).

FinCEN and OFAC will use the term “secondary market” to describe payment stablecoin activity that does not directly involve
the PPSI as a party to the transaction other than via a smart contract. For example, secondary market activity could include
an individual purchasing payment stablecoins from an intermediary, an individual sending payment stablecoins from a self-hosted
wallet to a vendor to purchase goods, an individual exchanging payment stablecoins for another digital asset via a digital
asset exchange, or person-to-person transactions in payment stablecoins.

D. Illicit Finance Risks Associated With Stablecoins

The liquidity and stability of stablecoins relative to other digital assets and rapid settlement of stablecoins make them
appealing to illicit actors as well as legitimate users. (46) As a result, in general, illicit actors have increasingly used stablecoins to facilitate transactions and store proceeds. (47) The illicit finance risks discussed below related to stablecoins are likely to generally also apply to payment stablecoins,
particularly because the most prolific stablecoins carry indicators they could be payment stablecoins.

The U.S. government has linked stablecoins to a range of illicit activities and bad actors, including scammers and fraudsters; (48) Democratic People's Republic of Korea (DPRK) information technology (IT) workers, cybercriminal groups and related money laundering
networks; (49) drug traffickers; (50) terrorist

  groups; [(51)]() and sanctions evasion and money laundering networks; [(52)]() among others. Between January 1, 2015, and November 21, 2025, FinCEN received approximately 55,000 suspicious activity reports
  (SARs) that referenced one or more specific stablecoins in the narrative, as well as an additional approximately 8,400 reports
  that included a general reference to the term “stablecoin.” Also, between January 1, 2015, and November 21, 2025, OFAC received
  approximately 5,800 reports on blocked property and 3,000 reports on rejected transactions that referenced one or more specific
  stablecoins in the narrative, as well as approximately six reports that included a general reference to the term “stablecoin”.
  Furthermore, the Financial Action Task Force noted in 2025 that “[e]stimates suggest that a majority of all on-chain illicit
  activity is now transacted in stablecoins,” aligning with the trend of overall growth in stablecoin adoption. [(53)]()

Some illicit transactions leveraging stablecoins involve one or more financial institutions, such as a digital asset exchange,
that are subject to U.S. anti-money laundering and countering the financing of terrorism (AML/CFT) obligations. In other instances,
however, stablecoin holders conduct transactions on the secondary market without an intermediary (i.e., person-to-person) or through foreign digital asset exchanges in jurisdictions with inadequate or no AML/CFT obligations for
such actors. (54) BSA data indicates that financial services providers in jurisdictions with lax AML/CFT standards use accounts with stablecoin
issuers to convert funds on behalf of their customers from local currencies into stablecoins, which can then be laundered
and ultimately exchanged for U.S. dollars.

1. Laundering of Illicit Proceeds

Illicit actors have turned to stablecoins to launder illicit proceeds in part because, relative to other digital assets, they
are more stable and have better liquidity. (55) Some facilitators involved in exchanging illicit proceeds in digital assets for fiat currency request stablecoins instead
of other digital assets. (56)

At times, stablecoins are one element of a complex money laundering process that may include the use of digital asset exchanges,
conversion between stablecoins and other digital assets, and transfers between wallets not hosted by a financial institution. (57) For example, in June 2025, DOJ filed a civil forfeiture complaint against more than $225.3 million in stablecoins, alleging
that the addresses holding those stablecoins were part of a sophisticated money laundering network that executed hundreds
of thousands of transactions and were used to conceal the nature, source, control, and ownership of proceeds derived from
digital asset investment fraud. (58)

Stablecoins may also appeal to illicit laundering networks because they enable actors to rapidly move large amounts of value
around the globe. (59) Chinese money laundering networks, which serve as the dominant professional money laundering networks for drug trafficking
and transnational criminal organizations, are also increasingly exchanging illicit proceeds in the form of U.S. dollars for
digital assets, particularly stablecoins, in part to avoid large intra-China bank transfers that may raise capital flight
suspicions. (60)

2. Illicit Uses of Payment Stablecoins

i. Scams and Fraud

Perpetrators of scams and other fraud schemes—most notably digital asset investment scams—use digital assets, including stablecoins,
to generate and launder illicit proceeds. (61) The United States government has sought seizure of substantial amounts of stablecoin, including the $225 million forfeiture
pursued by the Department of Justice as discussed above (62) and a $61 million seizure, (63) in connection with investigations into such schemes. Perpetrators and facilitators of such scams may solicit and receive victim
funds in financial accounts under their control, convert those funds to stablecoins, and then distribute those stablecoins
to co-conspirator-controlled digital asset wallets. (64)

ii. Terrorist Financing and Weapons Proliferation

Certain terrorist groups, such as the Islamic State of Iraq and Syria-Khorasan (ISIS-K) and Hamas, use various types of digital
assets, including stablecoins. (65) In some instances, terrorist organizations generate revenue in digital assets, including stablecoins, through online donation
drives. (66) One long-running online ISIS-K fundraiser, for example, collected $2 million in stablecoins in 2022. (67) Terrorist groups

  soliciting donations of digital assets turn to stablecoins to avoid the volatility and price fluctuations that impact other
  digital assets and to facilitate more seamless conversion to fiat currency. [(68)]()

Terrorist organizations have also utilized stablecoins as a means of transferring funds. For example, DOJ unsealed a civil
forfeiture action in July 2025 against approximately $2 million worth of digital assets connected with a Gaza-based money
transfer business that was involved in financially supporting Hamas. The complaint describes a detailed scheme whereby users
utilized the money transfer business to fund accounts at a digital asset exchange and to fund wallet addresses containing
stablecoins to obfuscate their financial support of international terrorist organizations, including Hamas. (69)

Iran has increasingly turned to digital assets to conduct illicit financial activity, obtain drone components and other high-tech
equipment, accept payments for weapons, and transfer funds to sanctioned actors in the region. Iranian illicit actors often
prefer stablecoins over other digital assets for these transactions due to stablecoins' superior ability to finance international
trade. (70)

iii. Narcotics Production and Trafficking

Transnational criminal organizations (TCOs) also use stablecoins to procure components for the manufacturing of illegal drugs
and to launder the proceeds of illegal drug sales. For example, Mexico-based drug cartels are increasingly purchasing fentanyl
precursor chemicals and manufacturing equipment from People's Republic of China-based suppliers using digital assets, including
stablecoins. (71) Additionally, prosecutors have charged that, in some cases, TCOs use money brokers to pick up bulk cash derived from drug
sales in the United States; exchange the cash for digital assets, including stablecoins; and send the digital assets to wallets
controlled by brokers or co-conspirators. (72) According to DOJ, in some instances, the digital assets are then converted into cash and delivered to cartel leaders in Mexico
and Colombia. (73) In November 2024 for instance, DOJ filed a civil forfeiture complaint against more than $5.5 million in stablecoins allegedly
involved in a money laundering operation related to drug trafficking. (74)

3. Sanctions Evasion

Sanctions evasion and money laundering networks have leveraged stablecoins to move funds on behalf of numerous sanctioned
actors, including Russian elites, sanctioned digital asset exchanges, the DPRK government, Iranian actors, foreign terrorist
organizations, and global terrorists. For example, in December 2024, OFAC designated as Specially Designated Nationals (SDNs)
five individuals and four entities that are associated with or leverage the TGR Group, a sprawling international network of
businesses and employees that works to obfuscate the illicit activities of its clients, which include sanctioned Russian elites,
including by facilitating exchanges of bulk cash for stablecoins. (75)

Additionally, in August 2025, OFAC redesignated as an SDN Garantex Europe OU (Garantex), a virtual currency exchange that
directly facilitated notorious ransomware actors and other cybercriminals by processing over $100 million in transactions
linked to illicit activities since 2019. (76) Garantex was originally designated as an SDN in April 2022. (77) According to an indictment against two Garantex operators, Garantex, beginning in and around early 2023, maintained at least
some of its operational accounts in stablecoins. (78) The operators allegedly moved the exchange's operational wallets storing stablecoins to a new digital asset wallet on a daily
basis to evade detection by blockchain analytics services. (79)

The U.S. government has pursued cases involving DPRK IT workers and co-conspirators involved in money laundering alleged to
have leveraged stablecoins as part of schemes to evade sanctions and generate revenue for the DPRK regime, in part because
they found stablecoins susceptible to laundering. For example, in June 2025, a forfeiture complaint alleged that the DPRK
government generated digital assets, in part, through remote work done by DPRK IT workers deployed around the globe. (80) The complaint also alleges that DPRK IT workers requested to be paid in stablecoins because they (and their alleged money
laundering co-conspirators) retain a consistent value and can more easily trade stablecoins for fiat currency. (81)

The U.S. government has identified the use of stablecoin connected to Iranian actors' provision of material support to the
Iranian Revolutionary Guard Corps (IRGC). For example, in September 2025, DOJ filed a civil forfeiture action to recover approximately
$584,741 in stablecoins alleged to be the property of Mohammad Abedininajafabadi or of his company, (82) who was charged with conspiring to export sophisticated electronic components from the United States to Iran in violation
of U.S. export control and sanctions laws. (83) Additionally, in sanctions actions targeting Iran's IRGC-Quds Force-backed Ansarallah (Houthi) operatives, OFAC has identified
digital asset wallet addresses that have been used by the Houthis to transfer funds

  associated with their activities. Many of the identified wallet addresses have been used to transact stablecoins. [(84)]() Furthermore, on January 30, 2026, OFAC designated as SDNs two UK-based exchanges with connections to notorious Iranian financier
  Babak Zanjani. [(85)]() These exchanges processed approximately $1 billion in funds linked to the IRGC. One of the designated exchanges, Zedxion Exchange,
  Ltd., issued a stablecoin. [(86)]()

V. Existing Regulatory Framework for Stablecoin Issuers

A. Existing Bank Secrecy Act Obligations

Currently, stablecoin issuers generally are subject to BSA obligations as financial institutions, specifically money transmitters,
which are a type of MSB. The BSA statutory definition of “financial institution” includes a “person who engages as a business
in the transmission of currency, funds, or value that substitutes for currency.” (87) FinCEN's regulations define “money services business,” one category of which is a “money transmitter” that “provides money
transmission services.” (88) “Money transmission services” is in turn defined as “the acceptance of currency, funds, or other value that substitutes for
currency from one person and the transmission of currency, funds or other value that substitutes for currency to another location or person by any means.” (89) “Value that substitutes for currency” includes “virtual” currencies (also called convertible virtual currencies or “CVCs”),
such as stablecoins, that either have an equivalent value in real currency or act as a substitute for real currency. (90) FinCEN has further clarified that, unless a limitation or exception applies, persons engaged in issuing and redeeming a virtual
currency (i.e., “administrators”) are money transmitters and thus subject to BSA obligations as MSBs. (91) Stablecoin issuers are, thus, money transmitters because they, for example, issue and redeem virtual currencies and accept
and transmit value that substitutes for currency when issuing and converting, redeeming, or repurchasing stablecoins.

As MSBs, stablecoin issuers are currently subject to a range of BSA obligations. MSBs are required to, for instance: (i) establish
written AML programs; (92) (ii) file currency transaction reports (CTRs) (93) and SARs; (94) and (iii) maintain certain records, including those relating to certain transmittals of funds. (95) MSBs are subject to examination for BSA compliance by the Internal Revenue Service (IRS) under a delegation of authority by
FinCEN. (96)

As required by the GENIUS Act, FinCEN is proposing certain obligations that differ in some material respects from current
obligations that stablecoin issuers are subject to as MSBs, as well as some PPSI-specific obligations required by the GENIUS
Act. However, in many respects, FinCEN expects that the proposed requirements for PPSIs would be comparable to stablecoin
issuers' existing requirements as MSBs.

B. Existing Sanctions Obligations

The GENIUS Act provides that PPSIs are persons (97) formed in the United States (98) and that PPSIs shall be subject to “all Federal laws applicable to a financial institution located in the United States relating
to economic sanctions.” (99) Because the GENIUS Act requires PPSIs to be formed in the United States, PPSIs will be “U.S. persons” under existing OFAC
regulations (100) once the Act takes effect. (101) Therefore, stablecoin issuers qualifying as PPSIs will be subject to the same U.S. sanctions obligations that currently apply
to all other U.S. persons, including those that are stablecoin issuers.

As discussed in section II.C, U.S. sanctions require U.S. persons, including U.S. person stablecoin issuers, to block the
property and interests in property of blocked persons that are in their possession or control and report them to OFAC. This
blocking prohibition requires U.S. persons, including those that are stablecoin issuers, to ensure that property and interests
in property of such blocked persons, including stablecoins, that are in their possession or control are not transferred, withdrawn,
or otherwise dealt in, unless authorized by OFAC or exempt. More broadly, U.S. persons, including those that are stablecoin
issuers, are also generally prohibited from engaging in most transactions with blocked persons, including making any contribution
or provision of funds, goods, or services to or for the benefit of blocked persons or receiving any contribution or funds,
goods, or services from blocked persons, unless authorized by OFAC or exempt. Blocked persons subject to these restrictions
include individuals and entities listed on OFAC's Specially Designated Nationals and Blocked Persons List (“SDN

  List”). [(102)]() In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by
  one or more blocked persons are also blocked and subject to the above restrictions, even if they are not specifically named
  on OFAC's SDN List. [(103)]()

There are a variety of scenarios where these prohibitions apply to U.S. person stablecoin issuers. For example, U.S. person
stablecoin issuers are generally prohibited from engaging in primary market activities with blocked persons, such as issuing
stablecoins to blocked persons or redeeming stablecoins belonging to blocked persons; such transactions, if consummated, would
constitute a prohibited dealing in blocked property, unless authorized or exempt. In such instances, a stablecoin issuer is
required to block these stablecoins because the blocked person has a property interest in the stablecoin and such stablecoins
are in the possession or control of the stablecoin issuer, a U.S. person, at the time of the transaction. To effectively block
such stablecoins, the stablecoin issuer must ensure that it has denied all parties access to the stablecoins, ensure that
it complies with OFAC regulations related to the holding and reporting of blocked assets (discussed further below), and implement
controls that align with a risk-based approach. (104)

U.S. person stablecoin issuers are also prohibited from engaging in secondary market activities with blocked persons. For
example, a U.S. person stablecoin issuer would engage in a prohibited provision of services to a blocked person if it allowed
the blocked person to engage with the stablecoin issuer's smart contract to facilitate trades of stablecoins on the secondary
market. In this instance, the stablecoin issuer would also be required to block such stablecoins because the blocked person
has an interest in the stablecoins, which the issuer controls via its smart contract.

OFAC sanctions prohibitions may also take other forms that do not require blocking but prohibit U.S. persons, including stablecoin
issuers, from engaging in trade or financial transactions or other dealings with certain persons or geographic regions or
countries, such as North Korea, Cuba, Iran, and Crimea, unless authorized by OFAC or exempt. (105) In cases where an underlying transaction is prohibited but there is no blockable interest, all U.S. persons, including those
that are stablecoin issuers, are required to reject such transactions and report them to OFAC. For example, U.S. sanctions
against Iran generally prohibit U.S. persons from directly or indirectly providing services to persons in Iran, unless otherwise
authorized or exempt. (106) Accordingly, U.S. person stablecoin issuers are generally prohibited from engaging in primary or secondary market activities
with persons in Iran, including issuing stablecoins to persons in Iran, redeeming stablecoins of persons in Iran, or allowing
persons in Iran to engage with the issuer's smart contracts to facilitate trades of stablecoins, as any of these activities
would constitute a provision of financial services to Iran. However, unlike when a blocked person is directly or indirectly
involved in a transaction, a stablecoin issuer would only be required to reject such transactions and report them to OFAC.

OFAC's regulations also require U.S. persons, including stablecoin issuers, to comply with certain reporting and recordkeeping
requirements, pursuant to OFAC's Reporting, Procedures and Penalties Regulations (RPPR). (107) Among other requirements, the RPPR require U.S. persons, including stablecoin issuers, to submit reports of blocked property
and rejected transactions to OFAC within 10 business days and annual reports of blocked property by September 30 each year. (108) Persons engaging in transactions subject to the provisions of OFAC's regulations are also required to preserve such records
for at least 10 years. (109)

OFAC's basic regulatory requirement for all U.S. persons, including those that are stablecoin issuers, is that they do not
violate the sanctions that OFAC administers. The ramifications of non-compliance, inadvertent or otherwise, can jeopardize
critical foreign policy and national security goals. Violations of OFAC sanctions may result in the imposition of civil or
criminal penalties. OFAC may impose civil penalties for sanctions violations on a strict liability basis, meaning that U.S.
persons, including those that are stablecoin issuers, may be held civilly liable for sanctions violations even if such person
did not know or have reason to know that it was engaging in a prohibited transaction.

As a general matter, however, OFAC also takes into consideration the totality of facts and circumstances surrounding an apparent
violation to determine the appropriate enforcement response. OFAC's Economic Sanctions Enforcement Guidelines, 31 CFR part
501, Appendix A (“Enforcement Guidelines”), lay out a set of 11 factors that OFAC will generally consider in determining the
appropriate administrative action in response to an apparent violation of U.S. sanctions, including the amount of the penalty,
to the extent that a civil monetary penalty is appropriate. (110) Any of the 11 factors may be considered aggravating or mitigating and may therefore result in adjustments to the proposed
penalty. One of those factors includes the existence, nature, and adequacy of a subject person's risk-based sanctions compliance
program at the time of the apparent violation. Accordingly, when applying the Enforcement Guidelines to a given factual situation,
OFAC considers favorably the presence of an effective sanctions compliance program at the time of an apparent violation.

VI. Proposed AML/CFT Regulation

This proposed rule implements the GENIUS Act's requirement that PPSIs be treated as financial institutions under the BSA.
In doing so, it applies the BSA obligations currently applicable to existing financial institutions that are specifically
enumerated in the GENIUS Act, (111) other quintessential BSA obligations, and GENIUS Act obligations specific to PPSIs. It also proposes regulatory infrastructure,
including definitions, to effectuate the obligations.

In crafting this proposed rule, FinCEN is mindful that some entities may transition from the current MSB framework to the
new PPSI framework. FinCEN is also cognizant that some PPSIs will be closely affiliated with or part of institutions with
existing BSA obligations. To promote regulatory clarity and efficiency, FinCEN used its well-established regulatory obligations
for banks, MSBs, and other financial institutions as points of reference for its proposed PPSI obligations.

A. Permitted Payment Stablecoin Issuers

Before turning to the specifics of the proposed regulation, FinCEN first outlines several broader considerations

  that impact how FinCEN proposes to regulate PPSIs and how it expects PPSIs will operationalize the proposed obligations. FinCEN
  first explains its assessment of how PPSI activities compare to those of other types of financial institutions defined in
  the BSA and proposes using its authority under 31 U.S.C. 5312(a)(2)(Y). It then describes how entities that are PPSIs may
  relate to other categories of BSA-defined financial institutions. Finally, FinCEN briefly discusses how it is proposing to
  apply obligations with regards to different types of market activity.

1. Defining PPSI as a Type of Financial Institution

The GENIUS Act directs that a “permitted payment stablecoin issuer shall be treated as a financial institution for purposes
of the Bank Secrecy Act” and “shall be subject to all Federal laws applicable to a financial institution located in the United
States relating to . . . prevention of money laundering.” (112) However, the GENIUS Act does not specify how PPSIs should be mechanically codified into the existing BSA framework.

The BSA defines “financial institution” as a range of entities, all of which could be subject to statutory obligations and
FinCEN's regulations. (113) These institutions include insured banks; commercial banks and trust companies; businesses engaged in the exchange of currency,
funds, or value that substitutes for currency or funds; and any person who engages as a business in the transmission of currency,
funds, or value that substitutes for currency. (114) Notably, designation as a “financial institution” under 31 U.S.C. 5312(a)(2) affects treatment not only under the BSA but
also under other statutes that address money laundering or predicate crimes that can underpin money laundering. These laws
include those relating to federal third-party subpoenas (115) to access to financial records by U.S. law enforcement, (116) criminal money laundering (117) and terrorist financing offenses, (118) as well as other provisions of federal and state law. (119)

In the BSA, Congress provided authority for FinCEN to, through regulation, expand the categories of financial institutions
enumerated in 31 U.S.C. 5312(a)(2) to include a business engaging in activities “similar to, related to, or a substitute for”
the activities of an enumerated financial institution. (120) FinCEN has determined that PPSIs provide services that are similar to or related to services authorized to be provided by
BSA-defined financial institutions, and is accordingly, proposing to exercise its authority under 31 U.S.C. 5312(a)(2)(Y).
Doing so fulfills Congress's directive that PPSIs be subject to “all Federal laws” applicable to financial institutions related
to money laundering; promotes consistent treatment of PPSIs under federal and state laws that reference the BSA definition
of “financial institution;” and reduces uncertainty for PPSIs, their prudential regulators, law enforcement, and other market
participants.

As discussed in this proposal, stablecoin issuers are currently regulated under the BSA and FinCEN's implementing regulations
as money transmitters, a type of MSB, and MSBs fall under the definition of a financial institution. (121) In that capacity, issuers engage in the transmission of currency, funds, or value that substitutes for currency. Under the
GENIUS Act's regime, PPSIs will continue to perform these kinds of activities when issuing or redeeming a payment stablecoin.
Additionally, the GENIUS Act explicitly preserves the ability of PPSIs to engage in MSB-like activities, including exchanging
digital assets for monetary value, exchanging digital assets for other digital assets, and transferring digital assets to
a third party, so long as the activity is authorized by the PPSI's primary Federal payment stablecoin regulator or State payment
stablecoin regulator and consistent with all other federal and state laws. (122)

The activities of MSBs can overlap substantially with those of other types of financial institutions, particularly banks.
Indeed, so significantly can the activities of these two types of financial institutions overlap that FinCEN carved out MSBs
from its regulatory definition of “bank” (and vice versa), making them mutually exclusive. (123) Just as the business activities of MSBs overlap substantially with those of banks, the business activities of PPSIs can overlap
with those of banks. Notably, at least some PPSIs may have bank charters, (124) and PPSIs' activities have similarities to the business activities of more “conventional” or “traditional” banks. For example,
the GENIUS Act authorizes PPSIs to custody payment stablecoins and, thus, like some banks, PPSIs will hold assets for customers. (125) Accordingly, in critical respects, PPSIs may offer services that are similar to some services provided by some banks.

In addition, it is expected PPSIs will often operate in close coordination with other financial institutions, i.e., they will engage in activities related to the activities of BSA-defined financial institutions. For example, some PPSIs may
partner with digital asset exchanges (i.e., MSBs) and other financial institutions to distribute payment stablecoins or facilitate their use in payments. It is expected
that some PPSIs may also rely on banks and other financial institutions to perform key fiat on- and off-ramp functions, such
as accepting fiat currency from a bank account when payment stablecoins are issued or transmitting fiat currency to a bank
account when payment stablecoins are redeemed. PPSIs often may maintain their own bank accounts, with bank deposits comprising
permissible reserve assets backing outstanding stablecoins. (126) These interconnections reinforce certain functional similarities between PPSIs and other BSA-regulated financial institutions.

In light of the GENIUS Act's directive, the existing treatment of many stablecoin issuers as MSBs, the functional similarities
between PPSIs and BSA-defined financial institutions, and, the interconnectedness between PPSIs and BSA-defined financial
institutions, FinCEN has determined that PPSIs engage in activities that are “similar to” as well as “related to” financial
services in which other

  financial institutions identified in 31 U.S.C. 5312(a)(2) are authorized to engage, and thus proposes exercising its 31 U.S.C.
  5312(a)(2)(Y) authority to expressly define PPSIs as financial institutions under the BSA.

2. PPSIs' Relationship to Other Types of Financial Institutions

PPSIs will be uniquely positioned relative to other kinds of financial institutions. In some cases, PPSIs may be subsidiaries
of depository institutions. In other cases, a single institution may be subject to BSA obligations as both a bank and a PPSI.
Stablecoin issuers that may become PPSIs are currently regulated as MSBs. FinCEN seeks to promote a clear and efficient BSA
regulatory regime and, accordingly, outlines its current thinking regarding how a PPSI's obligations will interact with the
obligations of other BSA-regulated institutions. FinCEN seeks comment on its proposed approaches.

i. Subsidiaries of Insured Depository Institutions

Under the GENIUS Act, one of the three subcategories of PPSIs is a “subsidiary of an insured depository institution,” which
includes insured depository institutions (as defined by 12 U.S.C. 1813) and insured credit unions. (127) Because all insured depository institutions in the United States are subject to regulation under the BSA, at least some PPSIs
will likely be the subsidiaries of parents that are subject to their own AML/CFT obligations under FinCEN's regulations. (128) PPSIs that are subsidiaries of insured depository institutions in the United States may be required by certain Federal functional
regulators to generally comply with a parent entity's AML/CFT obligations. The question naturally arises whether, and if so
how, the parent's AML/CFT program obligation affects that of the subsidiary PPSI and, conversely, how the subsidiary PPSI's
obligations under this proposed rule could affect that of the parent. Overall, FinCEN expects that the similarities among
its regulations will facilitate coordination between subsidiary and parent, and conversely, how the subsidiary PPSI's program
under this proposed rule affects that of the parent.

Under this proposed rule and FinCEN's existing regulations, FinCEN expects its regulations that are applicable to a parent
insured depository institution and its subsidiary PPSI could be similar to one another. If so, a PPSI and its parent would
be able to coordinate compliance practices and share compliance resources, and the PPSI, as part of the insured depository
institution as a whole, can leverage the parent's program. For example, FinCEN is proposing to impose an AML/CFT program on
PPSIs that largely mirrors its proposed programs for banks. (129) FinCEN recognizes the value of enterprise-wide compliance efforts, but also that such efforts must account for obligations
unique to a particular entity. For example, where a PPSI is a subsidiary of an insured depository institution, FinCEN anticipates
that the enterprise may elect to extend a single AML/CFT program to both entities. FinCEN assesses that doing so would be
permissible so long as a comprehensive AML/CFT program is reasonably designed to identify and mitigate the risks posed by
the different aspects of each entity's business and activities and satisfies each of the AML/CFT program and other BSA requirements
to which the PPSI and parent are subject.

Where a PPSI is subject to obligations that differ from those of its parent, a PPSI must comply with the PPSI-specific provision.
For instance, as the GENIUS Act directs and this proposed rule would require, a PPSI must have the “technical capabilities,
policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State
laws, rules, or regulations.” (130) That statutory requirement will necessarily mean a PPSI must have internal policies, procedures, and controls to comply with
the obligation to block, freeze, and reject applicable transactions, which could be part of enterprise-wide policies and procedures
or unique in the corporate structure to PPSIs. (131)

It is also possible that a subsidiary PPSI may be subject to an obligation parallel to that of its parent in a situation where
a Federal functional regulator requires a subsidiary to comply with its parent's regulatory obligations. FinCEN addressed
such a situation in a 2012 administrative ruling. (132) When FinCEN issued that ruling, loan and finance companies had just been added to the list of financial institutions under
the BSA, and FinCEN had just issued regulations requiring loan and finance companies to develop and implement written AML
programs. (133) FinCEN's ruling stated that when a loan or finance company subsidiary and a parent financial institution are subject to the
same rule and are examined by the same regulator, the subsidiary is “deemed to comply with FinCEN's regulations[.]” (134) FinCEN requests comment on whether it would be appropriate to apply the logic of this administrative ruling to PPSIs that
are subsidiaries of insured depository institutions, or conversely whether the holding of the administrative ruling should
be broadened to apply to subsidiaries and parents that are subject to similar rules but not the same rule. FinCEN also requests
comment on whether it is proposing any obligations on PPSIs that would conflict with existing obligations of an insured depository
institution such that complying with both would be legally or practically impossible.

ii. Uninsured National Banks

The GENIUS Act also permits certain uninsured national banks to be PPSIs. (135) Such an institution would potentially be subject to BSA obligations both as a bank and as a PPSI. Much like with PPSIs that
are a subsidiary of an insured depository institution, FinCEN expects that its efforts to harmonize obligations for various
types of financial institutions will facilitate such an entity's ability to efficiently comply with both bank and PPSI obligations.
Moreover, as explained below, some of the obligations proposed in this rule are similar to those currently imposed on banks.
Where obligations differ, an institution that is both a bank and a PPSI, however, will be required to comply with both sets
of obligations. FinCEN requests comment on whether it is proposing any obligations that would

  conflict with existing obligations such that complying with both would be legally or practically impossible. FinCEN also requests
  comment on whether it can take steps to promote efficiencies where a single entity is subject to two obligations.

iii. Money Services Businesses

Finally, the activities in which PPSIs will engage constitute money transmission, the logic under which stablecoin issuers
are currently regulated as MSBs. To limit overlapping obligations and confusion, FinCEN proposes affirmatively carving out
PPSIs from the definition of MSB. (136) FinCEN requests comment on whether this carve out is appropriate and results in any ambiguity.

This carve out only applies to PPSIs, and not to other persons engaged in activities involving the issuance of stablecoins
that are not payment stablecoins. In general, FinCEN is not changing the regulatory framework that currently applies to activities
involving CVCs and to entities other than PPSIs engaging in those activities. For example, stablecoin issuers that issue tokens
that are not payment stablecoins, i.e., value that substitutes for currency, will remain subject to the MSB framework. Other than changes specific to PPSIs, FinCEN
does not intend for this proposal to change any aspect of FinCEN's framework relating to value that substitutes for currency
or entities that engage in activity related to the same.

B. Obligations for Primary and Secondary Market Activity

FinCEN is proposing that some PPSI obligations will apply to the secondary market, while others will not. In doing so, FinCEN
has attempted to balance what it currently assesses is the burden of secondary market obligations against the prospective
benefit. FinCEN is proposing applying secondary market obligation where PPSIs can most directly mitigate illicit finance in
the U.S. financial system. Notably both obligations where FinCEN is proposing secondary market obligations are imposed on
PPSIs directly by the GENIUS Act. FinCEN is proposing PPSIs have obligations with regards to the secondary market as part
of technical capabilities and policies and procedures to block, freeze, and reject impermissible transactions and technical
capabilities to comply, and complying, with the terms of lawful orders. In some cases, stablecoin issuers already have such
capabilities and leverage them to comply with existing law.

In contrast, FinCEN is not proposing to require a PPSI as part of an AML/CFT program to monitor secondary market activity,
although a PPSI will be required to understand the risk its customers pose as part of its due diligence, as well as its distribution
channels, including the blockchains on which its payment stablecoins are deployed. FinCEN is also not proposing to require
PPSIs to file SARs on secondary market transactions as FinCEN has preliminarily assessed that the burden of requiring PPSIs
to file SARs concerning secondary market activity could potentially outweigh the potential benefits. FinCEN requests comment
on its proposed approach.

C. Section-by-Section Analysis

FinCEN is proposing changes to its existing regulations, as well as creation of a new part applicable to PPSIs, proposed part
1033. (137) Section VI.C.1 describes changes proposed to FinCEN's existing definitions as well as proposes new definitions. Section VI.C.2
describes FinCEN's proposed delegation of its examination authority. Section VI.C.3 describes FinCEN's proposed requirement
for PPSIs to establish AML/CFT programs, to include risk-based procedures for conducting ongoing customer due diligence (CDD).
Section VI.C.4 describes FinCEN's proposal related to supervision and enforcement. Section VI.C.5 describes FinCEN's proposal
relating to collection of beneficial ownership information for legal entity customers. Section VI.C.6 describes FinCEN's proposals
for additional technical capabilities, policies, and procedure requirements specific to PPSIs, as mandated by the GENIUS Act.
Section VI.C.7 describes FinCEN's proposal related to PPSIs currency transaction reporting requirements. Section VI.C.8 describes
FinCEN's proposal for PPSI suspicious activity reporting requirements. Section VI.C.9 describes FinCEN's proposal relating
to records PPSIs will be required to maintain, including under the Recordkeeping and Travel Rules. Section VI.C.10 describes
FinCEN's proposals relating to information sharing authorities. Finally, section VI.C.11 describes FinCEN's proposals relating
to enhanced due diligence PPSIs will be required to undertake, as well as application of special measures.

1. Definitions

FinCEN is proposing to amend four existing definitions and add nine new terms to the general definitions section of its regulations,
31 CFR 1010.100. Where it is adding new terms, in large part, FinCEN is proposing promulgating the same language as the GENIUS
Act. In a few instances, however, FinCEN's proposed language diverges from the statutory text in order to reconcile differences
between how the GENIUS Act defines a term and how the same term is defined in FinCEN's existing regulations or to avoid confusion
when similar terms are defined both by the GENIUS Act and FinCEN's existing regulations. FinCEN is also proposing modifications
to improve readability, including not adopting GENIUS Act language where it is unnecessary for purposes of this proposed rule.

Relatedly, FinCEN is not proposing to promulgate regulatory definitions for the GENIUS Act definitions for some words even
though FinCEN is proposing rule text for terms that reference those words. For instance, both the GENIUS Act and FinCEN's
proposed definition of “permitted payment stablecoin issuer” use the term “subsidiary,” which is in turn defined by the GENIUS
Act by reference to section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813). (138) With limited exceptions, FinCEN assesses that while these additional definitions may be essential for other regulatory authorities
to discharge their regulatory obligations relating to approving issuers, they are not necessary to understand the scope of
FinCEN's proposed obligations or the population on which those obligations will be imposed.

None of these proposed changes to the GENIUS Act's language are intended to substantively alter the GENIUS Act's requirements
as implemented through this propose rule. FinCEN seeks comment on the clarity of these definitions, including whether any
deviation that FinCEN is proposing from the GENIUS Act's language could be read as changing the intended effect of

  the Act, and whether any additional terms should be defined.

FinCEN is reserving two subparagraphs, (nnn) and (ooo), expecting they will contain definitions proposed in a previously issued
FinCEN rulemaking related to AML/CFT programs for the 11 types of existing financial institutions.

i. Proposed Amendment to 31 CFR 1010.100(t)—Financial Institution

The GENIUS Act directs that a “permitted payment stablecoin issuer shall be treated as a financial institution for purposes
of the” BSA. (139) To implement this directive and ensure that PPSIs are subject to the appropriate BSA obligations in a clear and consistent
manner—and because, as discussed above in section VI.A.1, FinCEN proposes exercising its 31 U.S.C. 5312(a)(2)(Y) authority
to define PPSIs as financial institutions under the BSA—FinCEN is proposing to amend the definition of “financial institution”
at 31 CFR 1010.100(t) to expressly include “permitted payment stablecoin issuer.” Consistent with other financial institutions,
“permitted payment stablecoin issuer” will be defined separately in a new paragraph.

ii. Proposed Amendment to 31 CFR 1010.100(ff)—Money Services Business

FinCEN is proposing to amend the definition of “money services business,” 31 CFR 1010.100(ff), to add PPSIs to the list of
financial institutions that the term “money services business” shall not include. The amendment makes clear that PPSIs are
subject to obligations as a PPSI and not as a money services business.

iii. Proposed Amendment to 31 CFR 1010.100(bbb)—Transaction

FinCEN is proposing to amend the definition of “transaction,” 31 CFR 1010.100(bbb), to add the issuance or redemption of a
payment stablecoin as a type of transaction. This amendment clarifies that these activities qualify as transactions. It should
not be construed, including by negative inference, that issuance and redemption of other kinds of value that substitute for
currency are not a transaction. (140) Moreover, it should not be construed, including by negative inference, that issuing and redeeming payment stablecoins are
the only kinds of transactions in which a PPSI will engage.

iv. Proposed Amendment to 31 CFR 1010.100(eee)—Transmittal Order

FinCEN is proposing to amend the definition of “transmittal order,” 31 CFR 1010.100(eee), to add a payment stablecoin as a
subject of an order. As discussed in greater detail below, this amendment is intended to clarify that a transmittal order
to pay payment stablecoins is a transmittal order like an order to pay traditional money. It should not be construed, including
by negative inference, that orders to pay other kinds of value that substitute for currency are not transmittal orders. (141)

v. Proposed 31 CFR 1010.100(ppp)—Digital Asset

FinCEN is proposing to define the term “digital asset” as provided in the GENIUS Act, 12 U.S.C. 5901(6). Under the proposed
rule, the term “digital asset” would mean any digital representation of value that is recorded on a cryptographically secured
distributed ledger. FinCEN considers it useful to define this term explicitly in its regulations in order to enhance the clarity
and conciseness of its regulations. Many of the regulatory obligations that FinCEN is proposing to impose on PPSIs take into
account, in one way or another, the concept of digital assets. Most notably, the term “digital assets” is used in “payment
stablecoin.”

FinCEN's use of the term “digital asset” is limited currently to proposed obligations to be imposed on PPSIs. FinCEN is aware
that the addition of “digital asset” adds a term related to other terms used in the BSA, its own regulations and its guidance—most
notably “value that substitutes for currency” and “convertible virtual currency.” FinCEN's defining and use of the term “digital
asset” in proposed obligations to be imposed on PPSIs should not be construed, including by negative inference, to alter or
displace anything about FinCEN's regulatory infrastructure related to value that substitutes for currency or CVC. Digital
assets may be value that substitutes for currency, and vice versa, but the two are not synonymous, and the regulatory requirements
that may be associated with one must be evaluated independently of the requirements that may be associated with the other.

vi. Proposed 31 CFR 1010.100(qqq)—Distributed Ledger

FinCEN is proposing to define the term “distributed ledger” as provided in the GENIUS Act, 12 U.S.C. 5901(8). Under the proposed
rule, the term “distributed ledger” would mean a technology in which data is shared across a network that creates a public
digital ledger of verified transactions or information among network participants and cryptography is used to link the data
to maintain the integrity of the public ledger and execute other functions. The term distributed ledger is used both in the
term digital asset and payment stablecoin.

vii. Proposed 31 CFR 1010.100(rrr)—Lawful Order

FinCEN is proposing to define the term “lawful order” as provided in the GENIUS Act, 12 U.S.C. 5901(16), with certain modifications
in light of a preexisting FinCEN regulatory definition. Under the proposed rule the term “lawful order” would mean any final
and valid writ, process, order, rule, decree, command, or other requirement issued or promulgated under Federal law, issued
by a court of competent jurisdiction or by an authorized Federal agency pursuant to its statutory authority, that (1) requires
an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business
entity, incorporated or unincorporated, to seize, freeze, burn, or prevent the transfer of payment stablecoins that the individual
or entity issued; (2) specifies the payment stablecoins or accounts subject to blocking with reasonable particularity; and
(3) is subject to judicial or administrative review or appeal as provided by law.

The proposed definition modifies the GENIUS Act definition of lawful order by replacing the statutory term “person” with language
used in the GENIUS Act definition of “person,” as provided in 12 U.S.C. 5901(24). (142) The term “person” is already defined in FinCEN regulations at 31 CFR 1010.100(mm) (143) and differs from the GENIUS Act definition of “person.” In particular, FinCEN's regulatory definition of “person” includes
Indian Tribes as defined in the Indian Gaming Regulatory Act, which the GENIUS Act definition of person does not include.

  Further, FinCEN's regulatory definition also does not characterize the entities that comprise the category as “business” entities,
  as the GENIUS Act definition does. To ensure the definition of “lawful order” for PPSIs accurately applies to the “persons”
  that Congress intended, as evidenced by the GENIUS Act definition of the term, FinCEN accordingly proposes to, instead of
  using the term person, incorporate the language the GENIUS Act uses to define person into the regulatory definition of “lawful
  order.” FinCEN solicits comments on whether the incorporation of the specific GENIUS Act language is necessary, or whether,
  if FinCEN reverts to the use of the term “person” as currently defined in its regulations, this will change the intended meaning
  or effect of the GENIUS Act.

Additionally, the GENIUS Act uses the term “account” in the definition of lawful order and FinCEN proposes to do the same. (144) A number of other terms currently codified in FinCEN's general definition section, 31 CFR 1010.100 also use the term “account”
without defining the term. (145) As discussed in greater detail below, and consistent with that approach, FinCEN proposes not further elaborating on the meaning
of account within the definition of lawful order and requests comment on this approach. (146)

viii. Proposed 31 CFR 1010.100(sss)—Payment Stablecoin

FinCEN is proposing to define the term “payment stablecoin” as provided in the GENIUS Act, 12 U.S.C. 5901(22), with certain
modifications in light of preexisting FinCEN regulatory definitions and technical changes. Additionally, FinCEN proposes embedding
within the definition of payment stablecoin two other terms defined in the GENIUS Act.

Under the proposed rule, the term “payment stablecoin” would mean a digital asset (i) that is, or is designed to be, used
as a means of payment or settlement and (ii) the issuer of which: (A) is obligated to convert, redeem, or repurchase for a
fixed amount of monetary value, but not for a digital asset denominated in a fixed amount of a monetary value; and (B) represents
that such issuer will maintain, or create the reasonable expectation that it will maintain, the digital asset at a stable
value relative to the value of a fixed amount of monetary value. The proposed definition also provides that a “payment stablecoin”
does not include a digital asset that is: (i) a national currency; (ii) a deposit (as defined in section 3 of the Federal
Deposit Insurance Act (12 U.S.C. 1813)) including a deposit recorded using distributed ledger technology; or (iii) a security,
as defined in section 2 of the Securities Act of 1933 (15 U.S.C. 77b), section 3 of the Securities Exchange Act of 1934 (15
U.S.C. 78c), or section 2 of the Investment Company Act of 1940 (15 U.S.C. 80a-2). For purposes of the definition of “payment
stablecoin,” FinCEN intends for the definition of “security” provided in paragraph (iii) of the proposed definition to apply
and not the preexisting regulatory definition of “security” at 31 CFR 1010.100(ss).

The GENIUS Act's definition of “payment stablecoin” contains language clarifying that “no bond, note, evidence of indebtedness,
or investment contract that was issued by a permitted payment stablecoin issuer shall qualify as a security solely [because
the issuer satisfies] the conditions in [paragraph (1) of the proposed “payment stablecoin” definition], consistent with section
17 of the Act.” FinCEN has determined that this “for avoidance of doubt” language is unnecessary for its regulatory definition
of payment stablecoin. The GENIUS Act includes amendments to the cited statutes covered in proposed paragraph (iii) that clarify
that payment stablecoins are not securities. (147) Accordingly, while this clarification may have been necessary to understand the intent of the GENIUS Act at the time it was
passed, the Act's amendments of security-related statutory provisions obviate the need to include this language in FinCEN's
regulations.

The proposed definition of “payment stablecoin” also includes definitions of the terms “national currency” and “monetary value”
within the definition of “payment stablecoin” consistent with the definition of the terms in the GENIUS Act, 12 U.S.C. 5901(19)
and (17), with certain modifications. Although the GENIUS Act defines both terms independently from payment stablecoin, neither
term is used outside of payment stablecoin as pertinent to this rulemaking. Moreover, adding the GENIUS Act definitions of
“national currency” or “monetary value” as separately defined terms in 31 CFR 1010.100 could have an unintended impact on
other FinCEN regulations that already use similar terms to mean different things, and could therefore have unintended impact
on the regulatory obligations of other types of financial institutions or create unnecessary confusion about those regulatory
obligations. Relatedly, within the definition of “national currency,” FinCEN proposes replacing the statutory term “money”
with the GENIUS Act's definition of “money.” This should avoid confusion as “money” appears elsewhere in FinCEN's regulations.

FinCEN proposes that for purposes of the definition of “payment stablecoin” the term—(i) National currency means each of the following—(A) A Federal Reserve note (as the term is used in the first undesignated paragraph of section
16 of the Federal Reserve Act (12 U.S.C. 411)); or (B) A medium of exchange currently authorized or adopted by a domestic
or foreign government including a monetary unit of account established by an intergovernmental organization or by agreement
between two or more countries that is: (1) standing to the credit of an account with a Federal Reserve Bank; (2) issued by
a foreign central bank; or (3) issued by an intergovernmental organization pursuant to an agreement by two or more governments;
and (ii) Monetary value means national currency or deposit (as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813)) denominated
in a national currency. The proposed definition of “national currency” reformats and modifies the definition in the GENIUS
Act, 12 U.S.C. 5901(19), by including the GENIUS Act definition of “money,” 12 U.S.C. 5901(18) within the definition, in paragraph
(B), and making statutory paragraphs (B), (C), and (D) into proposed paragraphs (1), (2), and (3) for grammatical consistency. The proposed definition of “monetary value” within the definition of “payment stablecoin” is
consistent with the definition of the term in the GENIUS Act, 12 U.S.C. 5901(17).

ix. Proposed 31 CFR 1010.100(ttt)—Permitted Payment Stablecoin Issuer

FinCEN is proposing to define the term “permitted payment stablecoin issuer” as provided in the GENIUS Act, 12 U.S.C. 5901(23),
with certain

  modifications in light of preexisting FinCEN regulatory definitions. Under the proposed rule, the term permitted payment stablecoin
  issuer would mean an individual, partnership, company, corporation, association, trust, estate, cooperative organization,
  or other business entity, incorporated or unincorporated formed in the United States that is: (1)(A) a subsidiary of an insured
  depository institution that has been approved to issue payment stablecoins by a primary Federal payment stablecoin regulator;
  or (B) a subsidiary of an insured credit union that has been approved to issue payment stablecoins by a primary Federal payment
  stablecoin regulator; (2) a Federal qualified payment stablecoin issuer; or (3) a State qualified payment stablecoin issuer.
  The proposed definition modifies the definition of permitted payment stablecoin issuer provided in the GENIUS Act by replacing
  the statutory term “person” with the language the GENIUS Act uses to define “person” as provided in 12 U.S.C. 5901(24). [(148)]() As described above, the term “person” is already defined in FinCEN regulations at 31 CFR 1010.100(mm) [(149)]() and differs from the GENIUS Act definition of person. To ensure the definition of “permitted payment stablecoin issuer” accurately
  applies only to “persons” as defined in the GENIUS Act, FinCEN proposes adding the GENIUS Act definition of “person” within
  the “permitted payment stablecoin issuer” definition.

Additionally, the proposed definition modifies statutory paragraph (A) by replacing the term “insured depository institution”
with the GENIUS Act definition of “insured depository institution,” in 12 U.S.C. 5901(15), which includes two subparagraphs
one applying to insured depository institutions as defined in section 3 of the Federal Deposit Insurance Act and a second
for insured credit unions. FinCEN is also omitting from the GENIUS Act's definition “insured depository institution” the phrase
“as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813).” While this language may be essential for
regulators responsible for approving issuers, FinCEN does not believe it is necessary to understand the scope of the obligations
it proposes to impose or the population on which those obligations are imposed. Finally, the definition also replaces the
statutory reference “has been approved to issue payment stablecoins under section 5” with “has been approved to issued payment
stablecoins by a primary Federal payment stablecoin regulator” in both proposed paragraph (1)(A) and (1)(B).

x. Proposed 31 CFR 1010.100(uuu)—Primary Federal Payment Stablecoin Regulator

FinCEN is proposing to define the term “primary Federal payment stablecoin regulator” as provided in the GENIUS Act, 12 U.S.C.
5901(25), with certain modifications. Under the proposed rule, the term “primary Federal payment stablecoin regulator” would
mean (1) for a subsidiary of an insured depository institution, as described in paragraph (ttt)(1)(A) of this section, the
appropriate Federal banking agency of such insured depository institution; (2) for a subsidiary of an insured credit union,
as described in paragraph (ttt)(1)(B), the NCUA; (3) for a State chartered depository institution not covered in subparagraph
(1), the FDIC, the OCC, or the Board; or (4) for a Federal qualified payment stablecoin issuer, the OCC.

The proposed definition modifies the statutory definition by including cross references to the proposed definition of “permitted
payment stablecoin issuer” to describe a subsidiary of an insured depository institution and a subsidiary of an insured credit
union. The definition also uses the full agency names for each Federal banking agency named in the definition for stylistic
consistency with other FinCEN regulations.

xi. Proposed 31 CFR 1010.100(vvv)—Federal Qualified Payment Stablecoin Issuer

FinCEN is proposing to define the term “Federal qualified payment stablecoin issuer” as provided in the GENIUS Act, 12 U.S.C.
5901(11), with certain technical modifications for conciseness and in deference to another agency's authority. Under the proposed
rule, the term “Federal qualified payment stablecoin issuer” would mean an entity that is approved by the OCC under 12 U.S.C.
5903 to issue payment stablecoins and is either—(1) a nonbank entity; (2) an uninsured national bank; or (3) a Federal branch.

The GENIUS Act definition of Federal qualified payment stablecoin issuer contains for the three subtypes of institutions—nonbank
entities, uninsured national banks, and foreign bank branches—references to OCC approval and in one case OCC's statutory authority.
FinCEN proposes to consolidate references to OCC approval and remove reference to the OCC's statutory authority. FinCEN considers
this approach appropriate in light of the fact that the OCC, not FinCEN, has the authority to determine how, using what terms
and establishing what categories, to discharge the OCC's regulatory obligations in connection with Federal qualified payment
stablecoin issuers as required by the GENIUS Act. FinCEN conceives of its responsibility in this connection as establishing
a smooth interface between its own regulations on the subject and those of the OCC, and it regards the proposed language as
the best way to do so. In addition, the proposed language has the benefit of conciseness.

xii. Proposed 31 CFR 1010.100(www)—State Payment Stablecoin Regulator

FinCEN is proposing to define the term “State payment stablecoin regulator” as provided in the GENIUS Act, 12 U.S.C. 5901(30),
with certain modifications in light of preexisting FinCEN regulatory definitions. Under the proposed rule, the term “State
payment stablecoin regulator” would mean a state agency that has the primary regulatory and supervisory authority in such
state over entities that issue payment stablecoins. Under the GENIUS Act, the term “State” includes “each of the several States
of the United States, the District of Columbia, and each territory of the United States.” (150) FinCEN proposes modifying the GENIUS Act's definition of “State payment stablecoin regulator” to account for FinCEN's existing
definition of “State,” (151) which does not include any U.S. territories. FinCEN is thus adding its existing regulatory phrase “Territory and Insular Possession”
to make clear that for purposes of this definition “State” includes territories. (152)

xiii. Proposed 31 CFR 1010.100(xxx)—State Qualified Payment Stablecoin Issuer

FinCEN is proposing to define the term “State qualified payment stablecoin issuer” as provided in the GENIUS Act, 12 U.S.C.
5901(31), with certain modifications in light of preexisting FinCEN regulatory definitions. Under the proposed rule, the term
“State qualified payment stablecoin issuer” would mean an entity that is: (1) legally established under the laws of a State
or Territory and Insular Possession and approved to issue payment stablecoins by a State payment stablecoin regulator; and
(2) not an uninsured national bank chartered by the OCC pursuant to title LXII of the Revised Statutes; a Federal branch or
an insured depository institution, or a subsidiary, of such national bank, Federal branch, or insured depository institution.
For meaning of “insured depository institution” this definition would reference the proposed definition of “permitted payment
stablecoin issuer” at proposed 1010.100(ttt), clarifying that, consistent with the GENIUS Act, “insured depository institution,”
includes insured depository institutions and insured credit unions. (153)

As with the definition of “State qualified payment stablecoin issuer,” FinCEN is adding “Territorial and Insular Possessions”
to clarify that, consistent with the GENIUS Act, issuers legally established under the laws of a Territory and Insular Possession
can qualify as a State qualified payment stablecoin issuer.

2. Proposed Amendment to 31 CFR 1010.810—Delegation of Examination Authority

As administrator of the BSA, FinCEN has overall authority for enforcement and compliance with the BSA and its implementing
regulations. (154) FinCEN, however, may delegate examination authority to appropriate agencies while retaining authority for the coordination
and direction of procedures and activities of these agencies. (155) FinCEN has delegated examination authority for various financial institutions, as reflected at § 1010.810(b), and is proposing
the same approach with regards to examination authority for PPSIs.

Broadly speaking, the GENIUS Act divides PPSIs into two categories: PPSIs that are regulated for safety and soundness by a
primary Federal payment stablecoin regulator (which includes the OCC, Board, FDIC, and NCUA) and PPSIs that are regulated
for safety and soundness by a State payment stablecoin regulator. (156) FinCEN proposes delegating examination authority over PPSIs to federal agencies responsible for examining the same entities
for safety and soundness and, where no such federal agency exists, to the IRS. (157)

i. State Qualified Payment Stablecoin Issuers

Under the GENIUS Act, generally, a State qualified payment stablecoin issuer with a consolidated total outstanding issuance
of not more than $10 billion payment stablecoins may opt for regulation under a State-level regulatory regime, provided that
the State-level regulatory regime is substantially similar to the Federal regulatory framework under the GENIUS Act. (158) State qualified payment stablecoin issuers that exceed the $10 billion in outstanding issuance of payment stablecoins must
either transition to the regulatory framework of the primary Federal payment stablecoin regulator, which is then jointly administered
by the State payment stablecoin regulator and the primary Federal payment stablecoin regulator, or obtain a waiver permitting
the State qualified payment stablecoin issuer to remain solely supervised by a State payment stablecoin regulator. (159)

Where a financial institution is not examined for compliance with the BSA and FinCEN's regulations by the OCC, Board, FDIC,
or NCUA, and is not otherwise supervised by a Federal functional regulator, FinCEN has delegated its examination authority
to the IRS in § 1010.810(b)(8). Likewise, here FinCEN proposes delegating its examination authority to the IRS for PPSIs not
examined by the OCC, Board, FDIC, and NCUA— i.e., a primary Federal payment stablecoin regulator—for safety and soundness. This population will include State qualified payment
stablecoin issuers not supervised by a primary Federal payment stablecoin regulator, either because the State qualified payment
stablecoin issuer's outstanding issuance is not more than $10 billion or because the primary Federal payment stablecoin regulator
has granted the PPSI a waiver to allow the PPSI to remain supervised by a State payment stablecoin regulator. FinCEN believes
the IRS is well positioned to conduct BSA examinations for PPSIs not examined by a primary Federal payment stablecoin regulator.
As the BSA examiner for a range of institutions not otherwise examined by another agency, the IRS has staff trained in BSA
examinations and a strong relationship with FinCEN and various state regulators. Relatedly, the IRS currently examines money
transmitters, including stablecoin issuers, for BSA compliance and is, thus, well positioned to assess PPSI compliance with
the BSA and ensure consistent application of BSA provisions across PPSIs based in various states.

To effectuate this delegation of BSA examination, FinCEN believes that no changes are necessary to § 1010.810(b)(8), which
already states that such authority is delegated with respect to “financial institutions . . . not currently examined by Federal
bank supervisory agencies for soundness and safety.” FinCEN believes the proposed text ensures that each PPSI not examined
by a primary Federal payment stablecoin regulator for safety and soundness is examined by the IRS. This delegation will not
grant authority to the IRS where a State qualified payment stablecoin issuer is subject to a primary Federal payment stablecoin
regulator's framework that is jointly administered by the federal and state regulator and results in a primary Federal payment
stablecoin regulator examining for safety and soundness.

ii. Proposed 31 CFR 1010.810(b)(8)—Federal Qualified Payment Stablecoin Issuers

Under the GENIUS Act, the OCC, Board, FDIC, and NCUA are the primary Federal payment stablecoin regulators and responsible
for, among other things, assessing a PPSI's safety and soundness. (160) Additionally, the GENIUS Act requires the primary Federal payment stablecoin regulators to issue regulations relating to,
among other things, risk management principles-based requirements and standards, including relating to the BSA. (161)

With regards to banks, FinCEN has delegated its authority to examine financial institutions for chapter X compliance to the
agency that examines

  the institution for safety and soundness. [(162)]() Consistent with that approach, FinCEN's proposal adds a new paragraph to § 1010.810(b) to delegate examination authority to
  the primary Federal payment stablecoin regulators responsible for assessing a PPSI's safety and soundness. FinCEN believes
  the primary Federal payment stablecoin regulator responsible for promulgating standards related to BSA and examining particular
  PPSIs for safety and soundness is best positioned to carry out effective and efficient BSA exams. As the definition of primary
  Federal payment stablecoin regulator outlines the agency responsible for oversight of various categories of PPSIs, FinCEN
  is not proposing to detail in § 1010.810(b)(11) which agency is responsible for which subcategory of PPSIs. [(163)]()

3. Proposed 31 CFR 1033.210—AML/CFT Program Requirements for PPSIs

The GENIUS Act directs that PPSIs be subject to “maintenance of an effective anti-money laundering program, which shall include
appropriate risk assessments and designation of an officer to supervise the program.” (164) Effective AML/CFT programs safeguard national security and generate significant public benefits by preventing the flow of
illicit funds in the financial system and by assisting law enforcement and national security agencies with the identification
and prosecution of persons attempting to launder money and undertake other illicit activity through the financial system. (165)

FinCEN has separately issued a notice of proposed rulemaking that would amend FinCEN's regulations that prescribe AML/CFT
program requirements for current financial institutions program rules under the BSA. Updating the AML/CFT program requirements
across financial institution types is part of FinCEN's efforts to reform and modernize the BSA, as well as implement the Anti-Money
Laundering Act of 2020 (AML Act). (166) That proposed rule is designed to help ensure that financial institutions' AML/CFT programs are appropriately risk-based,
such that compliance with their program obligations is focused on the goals of the BSA, including combatting and preventing
money laundering, the financing of terrorism, and other illicit finance activity risks (collectively, ML/TF risks), rather
than mere technical compliance. Furthermore, that proposed rule for banks would help ensure that supervisory and enforcement
actions related to AML/CFT programs are focused on significant or systemic failures to implement an effective AML/CFT program
(i.e., deficiencies or issues that arise from failing to implement, in all material respects, a properly established AML/CFT program).

In this proposed rule FinCEN proposes to impose on PPSIs an AML/CFT program obligation consistent with the program being proposed
for the 11 types of financial institutions currently covered by BSA program requirements, with some modifications due to the
GENIUS Act's specific provisions. FinCEN assesses that such consistency across the types of financial institutions promotes
clarity, creates efficiencies, and best protects the U.S. financial system from illicit actors. As described below, under
FinCEN's proposal, an AML/CFT program is inherently tailored to the risk and operations of a PPSI, meeting the GENIUS Act's
directive that rules are tailored to an issuer's size and complexity. (167)

i. AML/CFT Program Overview

A central objective of Treasury and FinCEN's BSA modernization efforts is to create an AML/CFT supervisory and regulatory
regime that is more effective in achieving the purposes of the BSA and promoting better outcomes for law enforcement and national
security agencies. (168) This proposed rule would further that objective by explicitly defining the requirements for a PPSI to establish and maintain
an effective AML/CFT program. Consistent with the changes that the AML Act made for other types of financial institutions,
it would also adopt into regulation the AML Act's expectation that AML/CFT programs should be risk-based, including ensuring
that PPSIs direct more attention and resources toward higher-risk customers and activities, consistent with the risk profile
of the PPSI, rather than toward lower-risk customers and activities. (169)

Under proposed § 1033.210 PPSIs would have an effective AML/CFT program and comply with the requirements of 31 U.S.C. 5318(h)(1)
and § 1033.210 if the PPSI: (1) establishes an AML/CFT program in accordance with paragraph (b) of § 1033.210; and (2) maintains
an AML/CFT program by implementing the AML/CFT program in accordance with paragraph (c) of § 1033.210. As part of the program,
and consistent with the mandate in the GENIUS Act, PPSIs would be required to conduct ongoing customer due diligence.

a. Factors That FinCEN Considered

The AML Act requires FinCEN to take into account certain factors when prescribing minimum AML/CFT program standards. FinCEN
has considered all these factors in developing this proposed rule. (170)

As stated in 31 U.S.C. 5318(h)(2)(B)(iii), effective AML/CFT programs safeguard national security and generate significant
public benefits by preventing the flow of illicit funds in the financial system and by assisting law enforcement and national
security agencies with the identification and prosecution of persons attempting to launder money or undertake other illicit
activity through the financial system. The proposed rule would advance the BSA modernization and reform goals of the AML Act
by providing PPSIs and their regulators with clarity about the requirements to have effective AML/CFT programs.

Likewise, 31 U.S.C. 5318(h)(2)(B)(iv)(I) provides that AML/CFT programs should be “reasonably designed to assure and monitor
compliance” with the BSA and its implementing regulations and be risk-based. The proposed rule advances these objectives by
explicitly requiring PPSIs to have effective AML/CFT programs and by describing the

  minimum components for an AML/CFT program to be effective. Specifically, as part of an effective AML/CFT program, the proposed
  rule requires that a PPSI establish and maintain a risk-based set of internal policies, procedures, and controls that are
  reasonably designed to ensure compliance with the BSA and FinCEN's regulations.

The internal policies, procedures, and controls requirement in the proposed rule also demonstrates FinCEN's consideration
of 31 U.S.C. 5318(h)(2)(B)(iv)(II), which states that AML/CFT programs should be risk-based, including ensuring that more
attention and resources of a PPSI should be directed toward higher-risk customers and activities, consistent with a PPSI's
risk profile, rather than toward lower-risk customers and activities. The proposed rule incorporates this directive by explicitly
requiring, as part of a PPSI's risk-based internal policies, procedures, and controls, that a PPSI identify, assess, and document
its ML/TF risks through risk assessment processes. These risk assessment processes require a PPSI to evaluate ML/TF risks
and review and incorporate the AML/CFT Priorities, as appropriate, with updates to risk assessment processes promptly upon
any change that the PPSI knows or has reason to know significantly changes the PPSI's ML/TF risks. These risk assessment processes
are designed to help PPSIs mitigate ML/TF risks and ensure that they are allocating resources commensurate with their documented
ML/TF risks, directing more attention and resources toward higher-risk customers rather than toward lower-risk customers and
activities.

Finally, 31 U.S.C. 5318(h)(2)(B)(ii) requires FinCEN to consider the extension of financial services to the underbanked and
the facilitation of financial transactions, including remittances, while preventing criminal persons from abusing formal or
informal financial services networks. Through its emphasis on risk-based AML/CFT programs, the proposed rule seeks to provide
PPSIs with the flexibility to serve a broad range of customers and avoid one-size-fits-all approaches to customer risk that
can lead to PPSIs declining to provide financial services to entire categories of customers. The proposed rule would help
ensure that decisions taken by PPSIs with respect to closing customer accounts are based on legitimate ML/TF risks and informed
by relevant facts and circumstances. The proposed rule is intended to mitigate the risks of PPSIs potentially being inappropriately
pressured into closing customer accounts by emphasizing the risk-based nature of AML/CFT programs. In doing so, the proposed
rule also furthers the objectives of E.O. 14331, Guaranteeing Fair Banking for All Americans, which seeks to combat “politicized or unlawful debanking.” (171)

b. Program Overview

The proposed rule would require a PPSI to establish an AML/CFT program and then maintain the AML/CFT program by implementing, in all material respects, the established AML/CFT program. In prescribing the minimum
standards for an AML/CFT program and in supervising and examining compliance with those standards, the AML Act requires the
Secretary and the appropriate Federal functional regulator to take into account that effective AML/CFT programs safeguard
national security and help law enforcement prevent the flow of illicit funds in the financial system. (172) An AML/CFT program can be effective without preventing every minor instance of a financial institution falling prey to illicit
finance misuse. Accordingly, the proposed rule would set out that an AML/CFT program is “effective” and complies with the
requirements of 31 U.S.C. 5318(h)(1) so long as it is established and maintained in accordance with applicable requirements.

A PPSI would be required to establish a risk-based set of internal policies, procedures, and controls that are reasonably
designed to ensure compliance with the BSA and 31 CFR chapter X. The risk-based internal policies, procedures, and controls
must also be reasonably designed to: (1) identify, assess, and document the PPSI's ML/TF risks through risk assessment processes
that evaluate the risks of the PPSI's business activities, review and, as appropriate, incorporate the AML/CFT Priorities,
and are updated promptly upon any change that the PPSI knows or has reason to know significant changes in the PPSI's ML/TF
risks; (2) mitigate the PPSI's ML/TF risks, consistent with the PPSI's risk assessment processes; and, (3) conduct ongoing
customer due diligence.

The proposed rule would also require a PPSI to establish an ongoing employee training program and independent AML/CFT program
testing as part of its AML/CFT program.

Finally, the proposed rule would require a PPSI to designate an individual responsible for establishing and implementing the
AML/CFT program and coordinating and monitoring day-to-day compliance; that individual would be required to be located in
the United States and accessible to, and subject to oversight and supervision by, FinCEN and its designee, including the appropriate
primary Federal payment stablecoin regulator. That individual also could not have been convicted of a felony offense involving
certain kinds of activity, as required by the GENIUS Act. (173)

Under the proposed rule, having an effective AML/CFT program would be more than a one-time adoption of a risk-based set of
internal policies, procedures, and controls. Rather, a PPSI would be required to keep its risk-based set of internal policies,
procedures, and controls—and the risk assessment processes that inform them—current as the PPSI's risk profile changes. Similarly,
an AML/CFT program would involve more than a one-time creation of an employee training program or initiation of an independent
testing mechanism: the PPSI would also be required to keep such aspects of the AML/CFT program current as the PPSI's risk
profile changes. Thus, even where a PPSI has previously established an AML/CFT program in accordance with the proposed rule,
a failure to update the program to reflect significant changes to the PPSI's risk profile may result in the program no longer
meeting the program establishment requirements, and the PPSI may accordingly be subject to supervisory or enforcement action
for failure to establish an effective AML/CFT program.

Once a PPSI has properly “established” an AML/CFT program, the PPSI must “maintain” the program by implementing it, in all
material respects. Minor deficiencies of an AML/CFT program would not necessarily mean that a PPSI has failed to implement
the program.

ii. Proposed 31 CFR 1033.210(b)—Program Establishment

The AML/CFT program requirements for PPSI's must have certain minimum elements comprised of: (1) internal policies, procedures,
and controls; (2) an independent audit function to test programs; (3) a designated compliance officer; and (4) an ongoing
employee training program.

a. Proposed 31 CFR 1033.210(b)(1)—Internal Policies, Procedures, and Controls

The BSA requires financial institutions to develop “internal

  policies, procedures, and controls” as part of their AML/CFT programs. [(174)]() Proposed § 1033.210(b)(1) provides that a PPSI's risk-based set of internal policies, procedures, and controls must be reasonably
  designed to: (1) identify, assess, and document ML/TF risks through risk assessment processes; (2) mitigate ML/TF risks consistent
  with the risk assessment processes, including by allocating more attention and resources toward higher-risk customers and
  activities rather than toward lower-risk customers and activities; and (3) conduct ongoing CDD.

Under this proposal, a PPSI's risk-based set of internal policies, procedures, and controls should be based upon, informed
by, and consistent with a PPSI's risk assessment processes. The level of sophistication of the internal policies, procedures,
and controls should be commensurate with the size, structure, risk profile, and complexity of the PPSI.

The requirement that a PPSI's risk-based set of internal policies, procedures, and controls be “reasonably designed” gives
PPSIs flexibility in how they achieve compliance with the BSA and the proposed rule's other requirements. As part of having
risk-based set of internal policies, procedures, and controls reasonably designed to ensure compliance with the BSA and FinCEN's
regulations, PPSIs may choose to responsibly adopt new technologies or innovative approaches to comply with BSA requirements.

1. Proposed 31 CFR 1033.210(b)(1)(i)—Risk Assessment Processes

FinCEN is proposing in § 1033.210(b)(1)(i) that, as part of a PPSI's risk-based set of internal policies, procedures, and
controls, the PPSI establish and maintain risk assessment processes to: (1) evaluate the ML/TF risks of the PPSI's business
activities, including products, services, distribution channels, customers, and geographic locations; (2) review and, as appropriate,
incorporate the AML/CFT Priorities; and (3) be updated promptly upon any change that the PPSI knows or has reason to know
significantly changes the PPSI's ML/TF risks. This provision implements the GENIUS Act's directive that PPSI AML/CFT programs
include appropriate risk assessments. (175)

The proposed rule requires, as part of a PPSI's risk-based internal policies, procedures and controls, that it identify, assess,
and document its ML/TF risks using risk assessment processes. This risk assessment process, generally conducted on an annual
basis, results in a documented ML/TF risk assessment.

FinCEN believes PPSIs are best positioned to identify and evaluate their ML/TF risk and is therefore not prescribing any particular
risk assessment processes or methodologies other than the critical elements described in this proposed rule. Under the proposed
rule, PPSIs will be examined for whether they have established and implemented, in all material respects, reasonably designed
risk assessment processes—which need not be in the form of a singular risk assessment process. Furthermore, FinCEN is not
prescribing any particular timeframe for PPSIs to update their risk assessment processes.

i. Proposed 31 CFR 1033.210(b)(1)(i)(A)—ML/TF Risks

Proposed § 1033.210(b)(1)(i)(A) would require a PPSIs' risk assessment processes to evaluate the ML/TF risks its business
activities, including products, services, distribution channels, customers, and geographic locations. These factors are generally
well known and often incorporated into current risk assessment processes of some stablecoin issuers and banks. For clarity's
sake, FinCEN considers “distribution channels” to refer to the methods and tools through which a PPSI opens accounts and provides
products or services (including payment stablecoins), including, for example through remote or other non-face-to-face means.
Thus, for example, PPSIs should consider how accounts are opened, as well as the blockchains to which its payment stablecoins
are issued.

PPSIs may use a variety of sources to inform their risk assessment processes. Such sources may include information obtained
from other financial institutions, such as emerging risks and typologies identified through 314(b) information sharing or
payment transactions that other financial institutions returned or flagged due to ML/TF risks. (176) Information a PPSI generates or maintains could be another source, including information acquired from blockchain analytics.
Such internal information may include, for example, customer internet protocol (IP) addresses or device logins and related
geolocation information.

Feedback from FinCEN, law enforcement, and financial regulators may also inform risk assessment processes. For example, if
a PPSI receives feedback from law enforcement about a report it has filed or potential risks at the PPSI, the PPSI may incorporate
that information into its risk assessment processes. Similarly, PPSIs may consider information identified from responding
to section 314(a) requests. Certain FinCEN advisories or guidance may also be particularly relevant to the PPSI's business
activities, thereby warranting consideration when evaluating ML/TF risks. Regardless of the source, PPSIs should take measures
in their risk assessment processes to ensure this information is reasonably current, complete, and accurate.

ii. Proposed 31 CFR 1033.210(b)(1)(i)(B)—AML/CFT Priorities

Proposed § 1033.210(b)(1)(i)(B) would require PPSIs to review and incorporate the AML/CFT Priorities. The AML/CFT Priorities
set out the priorities for the U.S. government's AML/CFT policy as required by the AML Act and are designed to ensure that
PPSIs' AML/CFT programs are aligned with those priorities. Recognizing the diverse nature of ML/TF threats facing the U.S.
financial system and national security, and that PPSI AML/CFT programs will benefit U.S. national security by safeguarding
the financial system from ML/TF risk, the AML/CFT Priorities are intended to ensure that PPSIs are focusing on the greatest
threats to U.S. national security, as defined by Treasury.

FinCEN understands that the AML/CFT Priorities may not always be applicable to a PPSI's risk profile and activities. Therefore,
FinCEN requires the incorporation of the AML/CFT Priorities in PPSI's risk assessment processes, as appropriate. This means that, having reviewed the AML/CFT Priorities, a PPSI may determine the extent to which a particular priority is
applicable and whether and how a particular AML/CFT Priority should be incorporated into its risk assessment processes.

Further, a PPSI may use its judgment and apply a reasonable, risk-based determination on whether to focus on a specific aspect
of an AML/CFT Priority (e.g., cyber-enabled fraud), rather than addressing all aspects of an AML/CFT Priority that may either not be applicable or pose
lower risks to the PPSI. However, FinCEN cautions that a surface-level, perfunctory review of an AML/CFT Priority by a PPSI
and the foreseeable ways in which it may manifest itself within the PPSI's customers, products and services, geographies,
and distribution channels would not satisfy this requirement.

FinCEN anticipates that some PPSIs may ultimately determine that their business models and risk profiles have limited exposure
to some of the threats addressed in the AML/CFT Priorities but instead have greater exposure to other ML/TF risks not addressed
in the AML/CFT Priorities. Additionally, some PPSIs' risk assessment processes may determine that their AML/CFT programs already
sufficiently take into account some, or all, of the AML/CFT Priorities. In either case, any changes to PPSIs' AML/CFT program,
such as internal policies, procedures, or controls, would be based on the results of risk assessment processes and their impact
on the AML/CFT program, including how to review and, as appropriate, incorporate the AML/CFT Priorities before making these
determinations.

iii. Proposed 31 CFR 1033.210(b)(1)(i)(C)—Update Risk Assessment Processes

Proposed § 1033.210(b)(1)(i)(C) would require PPSIs to update their risk assessment processes promptly upon any change that
the PPSI knows or has reason to know significantly changes its ML/TF risk profile. For example, a PPSI may need to update
its risk assessment when new products, services, and customer types are introduced; or existing products, services, and customer
types undergo significant changes; or when the PPSI adopts new risk mitigation technology; or if the PPSI as a whole expands
or contracts through mergers, acquisitions, divestitures, dissolutions, and liquidations. This would include, for example,
when a payment stablecoin is deployed on a new blockchain or new features are coded into the smart contract. A PPSI may also
need to update its risk assessment process based on factors external to its operations that it knows or has reason to know
significantly changes its ML/TF risk profile.

2. Proposed 31 CFR 1033.210(b)(1)(ii)—Mitigate ML/TF Risks

Under the proposed rule, a PPSI's efforts to mitigate its ML/TF risks would involve directing more attention and resources
toward higher-risk customers and activities, consistent with the risk profile of the PPSI, rather than toward lower risk customers
and activities. (177) The goal of risk-based allocation is for PPSIs to spend less time, energy, and resources on lower priority activities that
may result in fewer resources devoted to, and potentially distract from, more serious threats. The proposed rule would thus
enable PPSIs to focus more on higher risk customers and activities, which FinCEN has determined should result in PPSIs being
more effective at detecting, reporting, and preventing the flow of illicit funds and providing law enforcement with more valuable
BSA reporting.

As noted above, FinCEN believes that PPSIs are best positioned to identify and evaluate their ML/TF risk and to make decisions
related to risk identification and resource allocation in accordance with risk identification. The proposed rule, therefore,
does not contemplate regulatory second-guessing of a PPSI's reasonable determinations regarding appropriate resource allocation
or conclusions regarding specific risks. However, while FinCEN does not believe that an examiner should substitute his or
her own subjective judgment in place of the PPSIs, examiners will be expected to assess whether: (1) a PPSI's resource allocation
decisions are informed by, and consistent with, reasonably designed risk assessment processes; and (2) with respect to implementation,
specifically, whether the PPSI knows or should know of resource-related issues involving its internal policies, procedures,
and controls and other mandatory elements that may result in the PPSI failing to implement its AML/CFT program in all material
respects and failing to address such issues.

3. Proposed 31 CFR 1033.210(b)(1)(iii)—Conduct Ongoing Customer Due Diligence

The GENIUS Act specifies that PPSIs should be subject to all Federal laws applicable to a financial institution located in
the United States relating to “due diligence.” (178) The existing program rules for certain financial institutions contain CDD requirements that have commonly been referred to
as the “fifth pillar” of AML program rules for those types of financial institutions. (179) Under these requirements, covered financial institutions must establish and maintain a written AML/CFT program that includes:
“appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: understanding
the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and conducting ongoing
monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.” (180)

Proposed § 1033.210(b)(1)(iii) would require PPSIs to conduct ongoing CDD as part of their AML/CFT program obligations. To
effectively mitigate the illicit finance risks in customer relationships, PPSIs need to obtain and maintain information sufficient
to develop an understanding of normal and expected customer activity. This in turn requires development of an understanding
of the “nature and purpose,” or in other words the intent, of the customer in initiating and maintaining the relationship.
The PPSI can draw conclusions about the type of activity and transactions the customer can be expected to engage in, setting
a “baseline against which aberrant, suspicious transactions are identified.” (181) These are core elements and fundamental expectations of FinCEN's regulations implementing the BSA.

For PPSIs, some considerations of the nature and purpose of customer relationships will be similar to existing practices for
other regulated financial institutions. However, some factors may also be new or unique due to the characteristics of the
products and services being offered. PPSIs may need to consider, among other factors, the type of entity seeking to establish
a customer relationship, the jurisdiction in which they are domiciled, the AML/CFT obligations they are subject to (and potentially
the rigor of supervisory oversight of those obligations), the customer's operating history, the services the customer offers
to its users, the markets that the customer serves, and the agents or intermediaries through which the customer may provide
its services. Such business, product,

  service, and geographic risk considerations are well established components of existing BSA programs. PPSIs may also need
  to consider information more narrowly tailored to the stablecoin market, including both information available from public
  blockchains and relevant off-chain considerations. Notably, as stated above, FinCEN assesses that the majority of illicit
  activity involving stablecoins occurs on the secondary market. [(182)]() Although the proposed rule would not impose a standalone, independent obligation on a PPSI to monitor secondary market transactions,
  consideration of such activity may be appropriate in the PPSI's development and maintenance of a customer risk profile (*e.g.,* public blockchains may indicate that a digital assets exchange that is a PPSI customer is engaged in deposits or withdrawal
  activity of the PPSI's stablecoin with addresses attributed to illicit actors).

b. Proposed 31 CFR 1033.210(b)(2)—Independent Testing

The purpose of independent testing is to assess the PPSI's compliance with AML/CFT statutory and regulatory requirements,
relative to its risk profile. This evaluation helps to inform the PPSI of weaknesses or areas in need of enhancement or stronger
controls. Typically, this evaluation includes a conclusion about the PPSI's overall compliance with AML/CFT statutory and
regulatory requirements and sufficient information for the reviewer (e.g., board of directors, senior management, AML/CFT officer, outside auditor, or an examiner) to reach a conclusion about whether
the risk-based set of internal policies, procedures, and controls are reasonably designed and resources are well-allocated
consistent with the PPSI's risk assessment processes.

Additionally, while PPSIs retain some flexibility regarding who conducts the audit or testing, the proposed rule would require
that testing be independent. PPSIs that do not employ outside auditors or consultants or that do not have internal audit departments
may comply with this requirement by using internal staff who are not involved in the function being tested. For these PPSIs
and PPSIs with other types of arrangements for independent testing, the AML/CFT officer or any party who directly, and in
some cases, indirectly reports to the AML/CFT officer, or an equivalent role, would generally not be considered sufficiently
independent. Any individual conducting the testing, whether internal or external, would be required to be independent of other
parts of the PPSI's AML/CFT program, including its oversight. For PPSIs that engage outside auditors or consultants, the PPSI
would be required to ensure that the outside parties conducting the independent testing are not involved in functions related
to the AML/CFT program at the PPSI that may present a conflict of interest or lack of independence, such as AML/CFT training
or the development or enhancement of internal policies, procedures, and controls. Additionally, for the purposes of the independent
testing component, outside parties would not include government agencies, entities, or instrumentalities, such as a PPSI's
primary Federal payment stablecoin regulator or State payment stablecoin regulator. PPSIs with less complex operations, and
lower risk profiles may consider utilizing a shared resource as part of a collaborative arrangement to conduct testing, as
long as the testing is independent. (183) FinCEN would generally expect, as with the AML/CFT officer component, independent testers to have the expertise and experience
to satisfactorily perform such a duty, including having sufficient knowledge of the PPSI's risk profile and AML/CFT laws and
regulations.

c. Proposed 31 CFR 1033.210(b)(3)—Designate an AML/CFT Officer

Under the GENIUS Act and the BSA, an “officer” oversees an AML/CFT program. (184)

1. Proposed 31 CFR 1033.210(b)(3)(iii)—Duties of the AML/CFT Officer

Proposed § 1033.210(b)(3)(iii) would require PPSIs to designate an individual (referred to as an AML/CFT officer) responsible
for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance with the requirements
and prohibitions of the BSA and FinCEN's implementing regulations. FinCEN's view is that the individual serving as the AML/CFT
officer must be qualified for that role and not overburdened with other responsibilities at the institution.

The proposed rule is not intended to be primarily concerned about the formal title of the individual responsible for establishing
and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance; instead, the proposed rule focuses
on the AML/CFT officer's position in the PPSI's organizational structure that enables the AML/CFT officer to effectively establish
and implement the PPSI's AML/CFT program. The AML/CFT officer's authority, independence, and access to resources within the
PPSI are critical. An AML/CFT officer should have decision-making capability regarding the AML/CFT program and sufficient
functional stature within the organization to ensure that the program meets BSA requirements.

The AML/CFT officer's access to resources may include the following: adequate compliance funds and staffing with the skills
and expertise appropriate to the PPSI's risk profile, size, and complexity; an organizational structure that supports compliance
and effectiveness; and sufficient technology and systems to support the timely identification, measurement, monitoring, reporting,
and management of the PPSI's ML/TF risks. An AML/CFT officer with conflicting responsibilities that adversely impact the officer's
ability to effectively coordinate and monitor day-to-day AML/CFT compliance generally would not fulfill this requirement.

2. Proposed 31 CFR 1033.210(b)(3)(i) and (ii)—The AML/CFT Officer Located in the United States and Accessible to Regulators

Proposed § 1033.210(b)(3)(i) and (ii) would require a PPSI's AML/CFT officer be located in the United States and accessible
to, and subject to oversight and supervision by FinCEN and its designee. Under the proposed rule, while the AML/CFT officer
must be located in the United States, personnel located outside of the United States would still be permitted to perform certain
AML/CFT functions. This language does not alter existing regulations and guidance that generally prohibit the sharing of SARs
with personnel located outside of the United States other than limited circumstances such as a bank's foreign head office
or controlling company. (185)

3. Proposed 31 CFR 1033.210(b)(3)(iv)—Restriction on Officers With Felony Convictions

Under the GENIUS Act, PPSIs must designate an “officer” to supervise its AML/CFT program. (186) This GENIUS Act provision reflects the BSA requirement that a financial institution designate a “compliance officer” for its
AML/CFT program. (187) The GENIUS Act further provides that no individual who has been convicted of a “felony offense involving insider trading,
embezzlement, cybercrime, money laundering, financing of terrorism, or financial fraud” may serve as an “officer” or director
of a PPSI. (188)

Given the use of the term “officer” in the GENIUS Act's prohibition on individuals being convicted of felonies involving certain
activity and the use of the same term in the GENIUS Act and BSA provisions regarding AML/CFT programs, FinCEN proposes to
apply this restriction to AML/CFT officers and, accordingly, is proposing adding this requirement to the AML/CFT program's
provision relating to the individual responsible for overseeing the AML/CFT program. FinCEN expects PPSIs would ensure an
individual does not have a disqualifying felony prior to designating an individual as responsible for the AML/CFT program,
as well as require the individual to report any such conviction and monitor for whether the individual receives such a conviction.

d. Proposed 31 CFR 1033.210(b)(4)—Ongoing Employee Training Program

The BSA requires AML/CFT programs to include an “ongoing employee training program.” (189) Proposed § 1033.210(b)(4) would require PPSIs establish an ongoing employee training program. FinCEN would generally expect
training to cover the PPSI's internal policies, procedures, and controls, which should in turn reflect the results of the
PPSI's risk assessment processes, the latest AML/CFT regulatory requirements, and other relevant information. The frequency
with which the training would occur, and the content of the training, would depend on the PPSI's ML/TF risk profile and the
roles and responsibilities of the persons receiving the training.

iii. Proposed 31 CFR 1033.210(d)—Written AML/CFT Program and Approval

Proposed § 1033.210(d) would require that a PPSI's AML/CFT program be written, and that a PPSI, upon request, make available
a copy of its written AML/CFT program to FinCEN or its designee, which can include the appropriate agency with examination
authorities delegated by FinCEN. (190)

Proposed § 1033.210(d) would also require that a PPSI's written AML/CFT program be approved by the PPSI's board of directors
or an equivalent governing body within the PPSI, or appropriate senior management. The proposed rule specifies that approval
encompasses each of the components of the AML/CFT program.

The proposed rule provides PPSIs with significant flexibility in its chosen approval method. While some PPSIs may choose to
have its board approve the written AML/CFT program, for others, an equivalent governing body might be a sole proprietor, general
partner, or trustee, or a grouping of owners, senior officers (including board committees or other groups with oversight responsibilities),
senior management, or other persons having functions and authority similar to that of a board.

The proposed rule's provision requiring the approval of the AML/CFT program by a PPSI's board of directors, equivalent body,
or appropriate senior management reflects the importance of PPSIs maintaining a strong culture of compliance. A culture of
compliance involves demonstrable support and visible commitment from leadership, the dedication of adequate resources to AML/CFT
compliance, effective information sharing throughout the PPSI, qualified and independent testing, and understanding across
leadership and staff levels of the importance of BSA reports. Adherence to these principles is critical to ensuring that AML/CFT
programs are effective.

iv. Proposed 31 CFR 1033.210(e)—AML/CFT Program Certifications

The proposed rule would also require PPSIs to make available to FinCEN, or its designee, upon request any and all certifications
submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying that
the PPSI has implemented an AML/CFT program. (191) While the GENIUS Act specifies that the primary Federal payment stablecoin regulator or State payment stablecoin regulator
shall make this certification available upon Treasury request, FinCEN's authority under the BSA also enables it to require
PPSIs to provide a copy of such certifications to FinCEN as part of FinCEN's efforts to ensure compliance with the BSA. (192)

4. Proposed 31 CFR 1033.221—Supervision and Enforcement

As previously noted, FinCEN is proposing delegating authority to examine PPSIs for compliance with the proposed rules to the
primary Federal payment stablecoin regulators. (193) In another rulemaking, FinCEN has proposed that where it has delegated its examination authority to the OCC, Board, FDIC,
and NCUA (the “Agencies”), those Agencies be required to consult with FinCEN prior to taking significant AML/CFT supervisory
actions and outlined FinCEN's own considerations in determining when it will take certain enforcement actions. The proposal
also outlined that a bank would only be subject to certain kinds of enforcement actions and significant supervisory actions
for significant and systemic failures to implement an AML/CFT program. In that proposal, FinCEN requested comments on whether
the framework outlined in the proposal should be extended to financial institutions beyond banks.

The GENIUS Act similarly identifies these Agencies—the OCC, Board, FDIC, and NCUA—as primary Federal payment stablecoin regulators
for certain PPSIs as discussed in section VI.C.2.ii. Additionally, as discussed in section IV, some stablecoin issuers engage
in certain activities that are similar to those of banks. Accordingly, in light of the same Agencies that serve as the primary
Federal payment stablecoin regulators and certain similarities in activities as banks, FinCEN proposes to set forth a supervision
and enforcement framework that would subject PPSIs to the same framework proposed for banks. Specifically, the proposed rule
would add § 1033.221 to set forth a supervision and enforcement framework for PPSIs' AML/CFT programs that is aligned with
the AML Act's emphasis on effectiveness and risk-based supervision. This proposal includes three elements: the first defining
key terms; the second outlining when FinCEN or the primary Federal payment stablecoin regulators would take enforcement or
supervisory action regarding certain kinds of AML/CFT

  program violations; and the third outlining when the primary Federal payment stablecoin regulators would consult with FinCEN
  on potential supervisory actions. FinCEN welcomes comment on whether this supervisory and enforcement framework should apply
  to PPSIs, as well as the consultation proposal. The enforcement requirements do not apply to and in no way affect criminal
  enforcement liability under the BSA.

i. Proposed 31 CFR 1033.221(a)—Definitions

Proposed § 1033.221(a) would define several terms used throughout the section.

The term “AML/CFT enforcement action” as proposed in § 1033.221(a)(1) would mean any formal or informal action taken by FinCEN
that seeks to penalize, remedy, prevent, or respond to noncompliance with past or ongoing violations of, or past or ongoing
deficiencies relating to, an AML/CFT requirement.

The term “AML/CFT requirement” as proposed in § 1033.221(a)(2) would mean a requirement of the BSA, 12 U.S.C. 5903(a)(5)(A)(i)-(v),
12 U.S.C. 5903(a)(6)(B), 12 U.S.C. 5903(f)(1)(A), or 31 CFR chapter X.

The term “significant AML/CFT supervisory action” as proposed in § 1033.221(a)(3) would mean any written communication or
other formal supervisory determination issued by FinCEN or a primary Federal payment stablecoin regulator, when acting under
supervisory authority delegated by FinCEN, that identifies one or more alleged deficiencies, weaknesses, violations of law,
or unsafe or unsound practices or conditions relating to an AML/CFT requirement; communicates supervisory expectations regarding
actions or remedial measures required to correct the issue; and contemplates significant or programmatic actions or remedial
measures to be taken by the PPSI. Examiner observations, suggestions, or other informal comments would be expressly excluded
from this definition.

ii. Proposed 31 CFR 1033.221(b)—Enforcement and Supervision Policy

Proposed § 1033.221(b) would articulate FinCEN's enforcement and supervision policy as it relates to AML/CFT requirements
for PPSIs. (194) Except with respect to a significant or systemic failure to implement an effective AML/CFT program (i.e., deficiencies or issues that arise from failing to implement, in all material respects, a properly established AML/CFT program),
a PPSI that has properly established an AML/CFT program would not be subject to an AML/CFT enforcement action based on a violation
of proposed § 1033.210 by FinCEN or to a significant AML/CFT supervisory action based on a violation of proposed § 1033.210
by FinCEN or by a primary Federal payment stablecoin regulator, when acting under supervisory authority delegated by FinCEN.

The proposed rule would clarify that nothing in this policy would restrict an AML/CFT enforcement action or a significant
AML/CFT supervisory action with respect to a failure to properly establish an AML/CFT program. Moreover, the proposed rule would not affect the factors that FinCEN applies in the disposition of a violation
once FinCEN has determined that such violation involves either: (1) a failure to properly establish an AML/CFT program, or
(2) a significant or systemic failure to implement an AML/CFT program. (195)

iii. Proposed 31 CFR 1033.221(c) and (d)—FinCEN Consultation and Consideration

Proposed § 1033.221(c) would establish a notice and consultation framework applicable when a primary Federal payment stablecoin
regulator, acting under supervisory authority delegated by FinCEN, intend to initiate a significant AML/CFT supervisory action.
Before initiating such an action, the primary Federal payment stablecoin regulator would be required to provide the Director
of FinCEN with an opportunity to review the action and consider any input offered by the Director, which may include any view
as to the effectiveness of the PPSI's AML/CFT program. To facilitate that review, the primary Federal payment stablecoin regulator
would be required to provide written notice to the Director of their intent to take the action at least 30 days in advance
of the proposed action, unless a shorter period is necessary, in the sole discretion of the primary Federal payment stablecoin
regulators, to remedy, prevent, or respond to an unsafe or unsound practice or condition.

The notice would be accompanied by the relevant AML/CFT information underlying the proposed action. Relevant AML/CFT information
may include, but is not limited to: the relevant portions of the draft report enforcement action; the relevant examination
workpapers supporting the proposed action and the relevant AML/CFT information submitted by the PPSI to the primary Federal
payment stablecoin regulator. FinCEN notes the primary Federal payment stablecoin regulators would not be obligated to provide
information over which the PPSI may claim privilege under Federal or State law. The primary Federal payment stablecoin regulators
would also be required to respond to requests for additional AML/CFT information from the Director regarding the proposed
action.

Finally, proposed § 1033.221(d) specifies the factors that the Director of FinCEN would consider in determining whether to
take an enforcement action or significant supervisory action with respect to PPSIs, or when reviewing a proposed action by
a primary Federal payment stablecoin regulator. These factors would include the factors set forth in 31 U.S.C. 5318(h)(2)(B),
as applicable; the extent, if any, to which the PPSI—where appropriate in light of its size, complexity, and risk profile—has
advanced the AML/CFT Priorities by providing highly useful information to law enforcement or national security officials,
conducting proactive analytics or performing other innovative activities producing demonstrable outputs evincing the effectiveness
of the PPSI's AML/CFT program (including effective use of artificial intelligence, federated learning, or other advanced monitoring
tools); and any other factor the Director deems appropriate, including the PPSI's size, complexity, and risk profile, and,
as relevant, circumstances in which the PPSI's low-risk customers or limited business activities naturally limit the extent
to which the PPSI can meaningfully contribute to AML/CFT Priorities.

The FinCEN Director's consideration of the extent to which a PPSI has provided highly useful information to law enforcement
or national security agencies reflects that FinCEN considers information sharing to be an important element of an effective
AML/CFT program. PPSIs may share useful information by responding to 314(a) requests, or may use 314(b) authorities to share
information with other financial institutions to identify and report to the federal government activities that may involve
ML/TF. PPSIs may also elect to participate in the FinCEN Exchange Program, a voluntary public-private information sharing
partnership among FinCEN, law enforcement agencies, national security

  agencies, and financial institutions and other private sector entities that aims to support priority national security and
  counter-illicit finance objectives. [(196)]() FinCEN strongly encourages information sharing for the purpose of advancing the AML/CFT Priorities.

The Director of FinCEN may consider the above alongside other factors, including those outlined in the FinCEN Statement on
Enforcement of the Bank Secrecy Act, such as the nature and seriousness of violations, including the extent of possible harm
to the public and amounts involved; impact or harm of the violations on FinCEN's mission to safeguard the financial system
from illicit use, combat money laundering, and promote national security; or financial gain or other benefit resulting from,
or attributable to, the violations, amongst others. (197)

5. Proposed Amendment to 31 CFR 1010.230—Collection of Beneficial Ownership Information

FinCEN is proposing to require PPSIs to collect beneficial ownership information about legal entity customers, which is critical
for a PPSI to effectively carry out its due diligence obligations as provided in the GENIUS Act. (198) This proposed obligation is effectuated through FinCEN's proposed AML/CFT program obligation, its proposed amendment to § 1010.605(e)(1),
and its proposed amendment to § 1010.230(b)(2) and (c). (199) Collecting information on legal entity customers helps a financial institution assess and mitigate risk, as well as the ability
of law enforcement to identify assets and accounts connected with illicit activity. FinCEN is not contemplating application
of CDD to secondary market activity. Accordingly, FinCEN is not extending the collection of beneficial ownership information
to secondary market activity.

Pursuant to § 1010.230(a) “covered financial institutions” are required “to establish and maintain written procedures that
are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures
in their anti-money laundering compliance program required under 31 U.S.C. 5318(h) and its implementing regulations.” Section
1010.230(f) defines “covered financial institution” for purposes of the section by referencing § 1010.605(e)(1), to which
FinCEN is proposing to add PPSIs.

Section 1010.230 provides further specificity on the kinds of procedures that must be established and maintained and the meaning
of account, including in § 1010.230(b)(2) and (c). For financial institutions currently required to collect beneficial ownership
information, § 1010.230(b)(2) and (c) reference the customer identification program regulation in the respective parts for
those institutions. Given that no such regulation currently exists for PPSIs, FinCEN proposes language generally describing
identification verification procedures and the meaning of account. More specifically, FinCEN is currently proposing requiring
procedures relating to verifying the identity of beneficial owners that would contain the same elements as 31 CFR 1022.220(a)(2),
the customer identification program rule for banks. FinCEN proposes that in explaining the meaning of account in § 1010.230(c),
FinCEN clarify that for PPSIs an account is a formal relationship between a customer and a permitted payment stablecoin issuer
established to provide or engage in services, dealings, or other financial transactions. FinCEN anticipates further modifications
to its proposed language based on its expected forthcoming rulemaking implementing the GENIUS Act's requirement that PPSIs
maintain customer identification programs. (200) Ultimately, FinCEN expects the requirement under § 1010.230 for PPSIs will closely adhere to existing BSA requirements that
apply to many other types of financial institutions, including banks.

6. Proposed 31 CFR 1033.240—Additional Technical Capabilities, Policies, and Procedures for PPSIs

The GENIUS Act requires that PPSIs have “technical capabilities, policies, and procedures to block, freeze, and reject specific
or impermissible transactions that violate Federal or State laws, rules, or regulations.” (201) The GENIUS Act also requires that PPSIs “issue payment stablecoins only if the issuer has the technological capability to
comply, and will comply, with the terms of any lawful order.” (202) FinCEN assesses that these obligations are distinct but complementary and, accordingly, proposes implementing both requirements
at § 1033.240, categorized as additional technical capabilities, policies, and procedures for PPSIs. Paragraph (a) would implement
the block, freeze, and reject requirement and paragraph (b) would implement the lawful order requirement. Both obligations
would apply to secondary market activity. Additionally, the obligations would also apply where a PPSI is authorized by its
primary Federal payment stablecoin regulator or State payment stablecoin regulator to engage in digital assert service provider
activities. (203)

Although both of these requirements will be unique obligations under chapter X, FinCEN expects that some stablecoin issuers
may have in place technical capabilities and policies and procedures relating to taking action regarding impermissible transactions
and adhering to lawful orders because of existing legal requirements, including complying with OFAC sanctions and court orders.

i. Proposed 31 CFR 1033.240(a)—Obligations Relating to Blocking, Freezing, and Rejecting Certain Transactions

The proposed rule would effectuate the GENIUS Act's directive that PPSIs have technical capabilities, policies, and procedures
to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations
by proposing to promulgate the same language used in the GENIUS Act, with additional language clarifying that this obligation
extends beyond a PPSI's customers and accounts, i.e., to secondary market activity.

FinCEN recognizes that some stablecoin issuers are currently able to block, freeze, or reject transactions involving their
stablecoin by programming the stablecoin's smart contracts. Stablecoin issuers leverage this capability on secondary as well
as primary market activity. Some stablecoin issuers use the programmability afforded in smart contracts to ban specific wallet
addresses from interacting with stablecoin smart contracts, effectively “freezing” the stablecoins held at those addresses,
or to permanently remove stablecoins from circulation (i.e., “burning” them).

The proposed rule neither prescribes how PPSIs should implement the technical capability requirement nor the policies and
procedures that are specifically required to meet the proposed obligation. FinCEN considered providing more prescriptive regulatory
text, but has preliminary assessed that PPSIs are best positioned to determine how to effectively and efficiently comply with
the obligation, particularly in light of potential technological changes. Accordingly, the proposal provides PPSIs the flexibility
to use various methods to meet the proposed obligation and account for the development and implementation of new technology.

The proposed rule, consistent with the GENIUS Act, would require PPSIs to have the infrastructure necessary to block, freeze,
and reject transactions, but does not identify in which instances PPSIs are required to act on those capabilities. Put differently,
this provision would not require a PPSI to make an independent determination that a transaction violates federal or state
law. Instead, the use of technological capabilities will be dictated by other federal or state laws, rules, or regulations,
as well as court orders, some of which will require PPSIs to take action with regards to transactions occurring on the secondary
market. For example, as discussed in section V.B, U.S. sanctions administered by OFAC are a strict liability regime, meaning
that U.S. persons, including PPSIs, may be held civilly liable for sanctions violations even without having knowledge or reason
to know that it was engaging in such a violation. As such, PPSI's technical capabilities, policies, and procedures should
account for identifying and blocking or rejecting payment stablecoin-related transactions that would violate U.S. sanctions,
including to identify and block stablecoins that are issued to or redeemed by blocked persons. This would also require PPSIs
to have technical capabilities, policies, and procedures to identify and block stablecoins traded by blocked persons on the
secondary market when PPSIs exercise possession or control of such stablecoins, including through smart contracts. Federal
or state court or administrative orders may also require a PPSI to act on its block, freeze, and reject capabilities—including
transactions occurring on the secondary market—which should be accounted for in policies and procedures, as well as technical
capabilities.

Because these sources of law may require PPSIs to take action on secondary market transactions, PPSIs would be expected to
have the technical capabilities, policies, and procedures for both primary and secondary market activity. FinCEN believes
extending these provisions to secondary market activity is consistent with the GENIUS Act, as well as critical to controlling
illicit finance risk associated with PPSI activity. Imposing this obligation only on primary market activity would be of limited
utility, as FinCEN assesses that PPSIs currently have a small number of large, generally institutional customers. FinCEN assesses
that most of the illicit activity involving stablecoins occurs on the secondary market, and it is critical that PPSIs operating
in the U.S. implement these obligations to protect U.S. national security and the U.S. financial system.

Notwithstanding the requirement to maintain technical capabilities, policies, and procedures to block, freeze, and reject
specific or impermissible transactions that violate Federal or State laws, rules, or regulations, a PPSI would not be required
to block, freeze, or reject a transaction when it is under no legal obligation to take action and this proposal would not
require PPSIs to maintain separate internal policies, procedures, or controls as part of required AML/CFT programs to monitor
secondary market activity independent of other obligations.

FinCEN welcomes comment on this proposal, including its approach, its clarity, and whether it should provide greater specificity.

ii. Proposed 31 CFR 1033.240(b)—Obligations Relating to Lawful Order Compliance and Technical Capabilities

Proposed § 1033.240(b) would implement the GENIUS Act's requirement that a PPSI “may issue payment stablecoins only if the
issuer has the technological ability to comply, and will comply, with the terms of any lawful order.” (204) A lawful order as defined by the GENIUS Act and FinCEN's proposal, is—in part—an order that specifies with reasonable particularity
a payment stablecoin or account and requires a person to seize, freeze, burn, or prevent the transfer of payment stablecoins
it issued. (205)

FinCEN is proposing to promulgate this obligation by closely adhering to the GENIUS Act's precise language, but with some
clarifying modifications. Proposed § 1033.240(b) would reflect that the GENIUS Act obligation related to lawful orders is
ongoing rather than only in existence at the time a stablecoin is issued, which FinCEN believes is both consistent with the
GENIUS Act and necessary for the obligation to be meaningful. As with the obligation to have technical capabilities and policies
and procedures to block, freeze, and reject impermissible transactions, FinCEN proposes to include some language clarifying
that PPSIs must account for and abide by lawful orders requiring them to take action with regards to the secondary market,
but does not intend to provide prescriptive regulatory text relating to technological capabilities, providing PPSIs the flexibility
to use various methods to meet the proposed obligation and account for the development and implementation of new technology.

As previously described, FinCEN proposes promulgating the term “lawful order” as provided in the GENIUS Act, with limited
modifications to account for existing regulatory language. The GENIUS Act does not define terms used within that definition,
including the word “burn” and “account.” FinCEN believes that “burn” is generally understood in the industry and by law enforcement
to mean taking action such that the payment stablecoin is permanently removed from circulation, which can be effected through
different tactics. Further, FinCEN is aware that lawful orders often specify particular addresses or wallets for which an
issuer is under obligation to take action, and assess such addresses fall within the meaning of “account” for purposes of
this provision. FinCEN has not proposed regulatory text defining either “burn” or “account” for the purposes of lawful orders,
but requests comment on that approach.

Under this obligation, PPSIs would be required to consider and comply with all terms contained in lawful orders. For example,
a quintessential type of lawful order, assuming it meets the GENIUS Act's requirements, would be a seizure warrant. (206) Those warrants frequently include requirements to respond within a certain amount of time and prohibitions on frustrating
the implementation of the warrant. Additionally, with some regularity, Federal court orders require stablecoin

  issuers to burn and reissue an equivalent amount of stablecoins to a government-controlled wallet. Having the technical capabilities
  and complying with terms such as these would be part of a PPSI's obligations under proposed § 1033.240(b). FinCEN recognizes
  that over time the terms contained in lawful orders might change and would expect that as a PPSI learns of new lawful order
  terms, such terms will be incorporated into its lawful order compliance processes.

As with the requirement to have technical capabilities and policies and procedures relating to blocking, freezing, and rejecting
impermissible transactions, this obligation would apply to any lawful order, including lawful orders that relate to primary
or secondary market activity. FinCEN believes the vast majority of lawful orders currently relate to secondary market activity
and are likely to continue to do so in the future. FinCEN proposes promulgating language that would make clear the lawful
order obligations extend to secondary market activity. Public law enforcement cases demonstrate the value of stablecoin issuers
having the capability to comply with lawful orders and carry out actions to seize, freeze, and burn or prevent the transfer
of their stablecoins in secondary market transactions. Law enforcement has used lawful orders to seize hundreds of millions
of dollars' worth of stablecoins involved in illicit activity. (207)

FinCEN welcome comment on this proposal, including its approach, its clarity, and whether it should provide greater specificity.

7. Proposed 31 CFR 1033.310 Through 1033.315—Reports of Transactions in Currency

Beyond suspicious activity reporting, the GENIUS Act does not specify additional reporting obligations to be imposed on PPSIs.
The BSA authorizes FinCEN to promulgate regulations requiring financial institutions to file reports when they participate
in certain types of financial transactions. (208) Pursuant to this authority, 31 CFR 1010.310 through 1010.314 requires “financial institutions” (other than casinos) to file
currency transaction reports (CTRs) for “each deposit, withdrawal, exchange of currency or other payment or transfer, by,
through, or to such financial institution which involves a transaction in currency of more than $10,000,” unless subject to
an applicable exemption. (209) FinCEN proposes applying the CTR reporting provisions to PPSIs through proposed §§ 1033.310 through 1033.315, which would
cross reference corresponding provisions in §§ 1010.310 through 1010.315.

Application of §§ 1010.310 through 1010.315 would not require reporting of transactions in payment stablecoins. As defined
in § 1010.100(bbb)(2), for the purposes of provisions related solely to the report required by §§ 1010.311 and 1010.313, the
term “transaction in currency” means a transaction involving the physical transfer of currency from one person to another.
Moreover, the definition of “currency,” as defined in § 1010.100(m), does not include a payment stablecoin, and thus, §§ 1033.310
through 1033.314 do not require reports of transactions in payment stablecoins. (210) This approach is consistent with § 1010.100(bbb)(2) which also states that a physical transfer of currency does not include
bank checks, bank drafts, wire transfers or other written orders.

FinCEN recognizes that, presently, stablecoin issuers rarely transact in physical transfers of currency. FinCEN nevertheless
considers it prudent to allow for the possibility that this could change, with PPSI activity expanding to encompass retail,
brick-and-mortar locations where currency could be used, or even kiosks that resemble automated teller machines (ATMs). (211) If such an expansion does occur, FinCEN considers it prudent to adopt CTR obligations for PPSIs as it assesses that PPSIs
should be subject to the same currency reporting obligations as most other financial institutions as cash enables anonymous,
difficult to trace transactions. If a PPSI does not transact in physical transfers of currency, the PPSI would, of course,
not file CTRs and would not be expected to create policies and procedures relating to the filing obligation.

FinCEN's proposal would require PPSIs to comply with the series of provisions comprising CTR obligations. The threshold in
§ 1010.311 applies to transactions in currency of more than $10,000 conducted during a single business day. Section 1010.312
specifies when a financial institution is required to verify and record information about an individual conducting a reportable
transaction or on whose behalf the transaction is conducted. Under § 1010.313 a financial institution must treat multiple
transactions conducted in one business day as a single transaction if the financial institution has knowledge that the transactions
are conducted by, or on behalf of, the same person. And § 1010.314 outlines the prohibition on structuring transactions to
avoid the reporting requirement. Finally, § 1010.315 exempts non-bank financial institutions from filing reports with respect
to transactions between the institution and a commercial bank. Where a PPSI is also a bank, this exemption and not the exemptions
applicable to banks would control. FinCEN does not believe it is necessary to clarify in the regulatory text that when an
entity is acting as a PPSI, the non-bank exemptions apply. Notably, banks can avail themselves of a greater number of CTR
exemptions, (212) and FinCEN welcomes feedback on whether additional exemptions are appropriate for PPSIs.

8. Proposed 31 CFR 1033.320—Reports of Suspicious Transactions

The GENIUS Act explicitly requires PPSIs to be subject to BSA requirements relating to “monitoring and reporting of any suspicious
transaction relevant to a possible violation of law or regulation.” (213) Under the BSA, FinCEN has authority to require any financial institution to “report any suspicious transaction relevant to
a possible violation of law or regulation.” (214) Nearly all financial institutions subject to FinCEN regulations are required to identify and report suspicious activity. (215) These reports provide highly useful information that is leveraged by authorized users as part of criminal, tax, and regulatory
investigations; risk assessments; and intelligence and counterintelligence activities. (216)

This proposed rule would promulgate at § 1033.320 a requirement that PPSIs file SARs for any suspicious transaction relevant
to a possible violation of law or regulation. FinCEN expects that requiring PPSIs to report suspicious activity would similarly
provide highly useful information for investigations and proceedings involving domestic and international money laundering,
terrorist financing, and other illicit finance activity, as well as for intelligence purposes. The proposed requirement is
generally consistent with the existing SAR filing requirements for stablecoin issuers regulated as MSBs, as well as other
financial institutions with SAR filing requirements.

i. PPSI SAR Obligation With Regards to Secondary Market Activity

FinCEN recognizes that the majority of illicit finance involving payment stablecoins occurs on the secondary market. FinCEN
also recognizes that certain aspects of how PPSIs and payment stablecoins operate could raise questions about the appropriate
scope of SAR obligations relating to secondary market activity. Specifically, due to the nature of how transactions occur
on the secondary market via smart contract, a PPSI can see the movement of its payment stablecoin even when the transfer occurs
between individuals or entities with which the PPSI has no established direct customer relationship and when the PPSI is not
a party to the transfer other than via operation of its smart contracts.

PPSIs may have less information on secondary market transactions than on primary market transactions. When a payment stablecoin
transfer occurs in the secondary market, generally, the PPSI's interaction with the transfer is through the smart contract.
When such a transfer occurs in the normal course of business, while the PPSI may be privy to certain information for secondary
market transactions, such information may not be highly useful for SAR reporting purposes. For example, in many cases the
information would not enable a PPSI to make an informed assessment of the transfer for SAR reporting purposes. At times, a
PPSI could not identify an actor behind a secondary market transaction. PPSIs, like other financial institutions and law enforcement,
can rely on the blockchain and analytical tools to gain greater insight into the risk associated with a particular transfer,
but the PPSI may have limited distinct insight particularly as to the parties associated with, or the purpose of, the transfer.
As such, the information available to PPSIs may present challenges as to how and when they are able to identify and report
suspicious activity for secondary market transactions. SARs conveying only limited information are less useful to regulators
and law enforcement.

Relatedly, at times, secondary market transfers for which PPSIs have some visibility due to the smart contract may be subject
to more ready observation by other BSA-regulated institutions or foreign financial institutions subject to reporting obligations.
Such institutions may be better positioned to assess the suspiciousness of a transaction and may be obligated to collect identifying
information associated with a transfer, which can be reported via a SAR as appropriate.

Still, there may be instances in which a PPSI has reason to suspect that a transaction is related to criminal activity or
has no business or apparent lawful purpose and, thus, could be required to report the activity. PPSIs may also suspect suspicious
activity based on public information, information from other compliance efforts, or other information sources. FinCEN also
understands that some PPSIs currently devote resources to monitoring secondary market activity to identify illicit finance
risks.

FinCEN has preliminarily assessed that the burden of requiring PPSIs to file SARs concerning secondary market activity would
potentially outweigh the likely benefits. The requirement would essentially require global monitoring of transfers but could
result in SARs containing minimal information. While in some instances, FinCEN expects the reporting could net highly useful
information, particularly where the transfers do not occur through BSA-regulated institutions, FinCEN preliminarily has determined
that the substantial burden imposed would outweigh the potential benefit it reasonably anticipates could be gained from requiring
such reporting. Moreover, a blanket obligation to report suspicious activity on secondary market transactions could lead to
PPSIs being overly cautious and filing a substantial number of defensive SARs to avoid criticism from examiners about underreporting.
Such defensive SARs can have little value for law enforcement and other users attempting to combat illicit finance.

Accordingly, this proposal does not impose a secondary market SAR reporting obligation. However, consistent with FinCEN's
longstanding position, a PPSI would be afforded the protections from liability provided by the BSA for any SAR voluntarily
filed reporting a possible violation of law or regulation in good faith. (217) To ensure clarity regarding the SAR reporting obligation, FinCEN proposes adding a new paragraph, § 1033.320(g), to clarify
that, for purposes of the SAR obligation, a transfer is not a “transaction” conducted or attempted by, at, or through a PPSI
only due to an interaction with a smart contract. This language should not be construed as changing or opining on SAR regulations
applicable to other types of financial institutions.

FinCEN considered alternatives that would have instead imposed limited secondary market SAR reporting obligations. For example,
FinCEN considered a SAR obligation where a PPSI has reason to know a transaction to which it is not a party is designed to
evade a lawful order. FinCEN also considered, requiring a PPSI to file a SAR when it is notified in some way, such as through
an order, legal process, or via an information sharing channel, that authorities suspect a transfer is associated with illicit
activity. But FinCEN assesses that SAR reporting where authorities are aware of suspicious activity and alert a PPSI to activity
is of limited utility relative to the reporting burden. FinCEN also considered imposing a SAR obligation when a PPSI learns
through any means, such as part of its secondary market risk monitoring, that a secondary market transfer is suspicious. But,
as discussed above, FinCEN assesses such an obligation would outweigh the benefit accrued from the obligation due to, among
other things, the information available to the PPSI.

FinCEN, however, seeks comment on its preliminary determination that PPSIs should not be obligated to provide SAR reporting
on the secondary market. It also seeks comment on whether its proposed regulatory text relating to secondary market activity
provides sufficiently clear and accurate guardrails. FinCEN seeks comment on policy alternatives (including the imposition
of limited, bespoke reporting obligations about secondary market transfers) and the benefits and drawbacks of such alternatives
as well. For any such bespoke SAR obligation recommended, FinCEN requests commenters elaborate on the kinds of information
a PPSI could reasonably be expected to provide based on current or expected technical and operational capabilities, the uniqueness
of such information (i.e., commenters should

  identify the useful information a PPSI could provide about secondary market transfers that could not be readily obtained from
  other sources).

ii. Proposed 31 CFR 1033.320(a)—Reports by PPSIs of Suspicious Transactions

Proposed § 1033.320(a) sets forth the criteria for which a PPSI would be obligated to report suspicious transactions that
are conducted or attempted by, at, or through a PPSI and involve or aggregate at least $5,000 in funds or other assets.

Proposed § 1033.320(a)(1) contains the general statement of the obligation to file reports of suspicious transactions, including
that transactions must be reported if conducted or attempted by, at, or through a PPSI. FinCEN proposes referencing a clarification
to be codified in § 1033.320(g) on the meaning of “transaction” for the PPSI SAR reporting obligation, which as proposed would
state that “A transaction is not conducted or attempted by, at, or through a permitted payment stablecoin issuer only because
a transfer by third parties results in an interaction with a permitted payment stablecoin issuer's smart contract.” To clarify
that the proposed rule imposes a reporting requirement that is consistent with those for other financial institutions, § 1033.320(a)(1)
incorporates language from the SAR rules applicable to other financial institutions, such as banks, broker-dealers in securities,
mutual funds, casinos, and MSBs, including clarifying that the SAR reporting obligations relates not only to discrete transactions
but also to patterns of transactions that in aggregate are suspicious and meet the reporting threshold.

Proposed § 1033.330(a)(1) makes clear that a PPSI is permitted to report voluntarily any transaction the PPSI believes is
relevant to the possible violation of any law or regulation but that is not otherwise required to be reported by this proposed
rule. Thus, the rule would afford PPSIs the protection from liability for the voluntary reporting of such suspicious transactions,
including those occurring on the secondary market.

Proposed § 1033.320(a)(2) would require the reporting of suspicious activity that involves or aggregates at least $5,000 in
funds or other assets. The $5,000 threshold in this proposed rule is consistent with the SAR filing requirements for most
other financial institutions. (218) Currently, stablecoin issuers regulated as MSBs have SAR filing obligations at the monetary threshold of $2,000. (219) FinCEN proposes the $5,000 monetary threshold for PPSIs because $5,000 is the reporting threshold that FinCEN's regulations
use for financial institution types that are subject to customer identification program requirements, and the GENIUS Act requires
PPSIs to have customer identification programs. (220) The $2,000 threshold for MSBs was established in a March 2000 final rule, which highlighted specific characteristics for MSBs
that do not apply in the PPSI context. In particular, the final rule explained that the threshold for MSBs was less than several
other financial institution types due to the relationship between transmitters and their agents; a desire to account for transfers
below the existing $3,000 recordkeeping requirement with respect to funds transfers conducted through MSBs; the fact that
BSA regulations for MSBs were new and existing state-level regulations were uneven; and feedback from law enforcement about
serious abuse of money transmission at levels below $2,000. (221) The proposed $5,000 threshold takes into account the current status of the payment stablecoin ecosystems, where primary market
transactions below $5,000 are rare; the lack of transmitter/agent relationships in the PPSI ecosystem; and the required imposition
of customer identification program obligations on PPSIs.

Section 1033.320(a)(2)(i) through (iv) specifies that a PPSI would be required to report a transaction if it knows, suspects,
or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part): (i) involves
funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity
as a part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under
Federal law or regulation; (ii) is designed, whether through structuring or other means, to evade the requirements of the
BSA; (iii) has no business or apparent lawful purpose, and the PPSI knows of no reasonable explanation for the transaction
after examining the available facts; or (iv) involves the use of the PPSI to facilitate criminal activity. FinCEN notes that
paragraph (iv) is included in all SAR rules enacted after 2001. (222) The bank SAR rule does not contain an equivalent to paragraph (iv), because it was issued prior to 2001. To maintain standard
language across financial institution types, FinCEN proposes paragraph (iv) for PPSIs, which FinCEN does not believe adds
substantially to the reporting obligation already mandated by paragraphs (i) through (iii).

Section 1033.320(a)(3) recognizes that one or more financial institutions may have an obligation to report the same suspicious
transaction and that other financial institutions may have separate obligations to report suspicious activity with respect
to the same transaction pursuant to other provisions in the BSA. Under this proposed provision, where more than one financial
institution with a separate suspicious activity reporting obligation (223) is involved in the same transaction, only one report jointly filed on behalf of all involved financial institutions would
be required, provided that the joint report contained all relevant facts and that each institution maintained a copy of the
report and any supporting documentation. Accordingly, where a PPSI is a subsidiary of a parent insured depository institution
and both institutions are required to file a SAR, the parent will be permitted to file SARs on behalf of its PPSI subsidiary
(and vice versa).

iii. Proposed 31 CFR 1033.320(b)—Filing and Notification Procedures

Proposed § 1033.320(b)(1) through (4) sets forth the filing and notification procedures a PPSI would need to follow to make
reports of suspicious transactions. If the PPSI identifies a suspect, within 30 days of initial detection by the reporting
PPSI of facts that may constitute a basis for filing a SAR, the PPSI would need to report the transaction by completing and
filing a SAR with FinCEN in accordance with all form instructions. If a PPSI does not identify a suspect, a PPSI may delay
filing for 30 days to identify a suspect. The PPSI would also need to collect and

  maintain supporting documentation relating to each SAR.

For situations requiring immediate attention, such as suspected terrorist financing or ongoing money laundering schemes, PPSIs
would be required under § 1033.320(b)(4) to notify immediately by telephone the appropriate law enforcement authority in addition
to filing a timely SAR.

Finally, § 1033.320(b)(5) provides that a PPSI wishing to voluntarily report suspicious transactions that may relate to terrorist
activity may call FinCEN's Financial Institutions Hotline at 1-866-556-3974 in addition to filing timely a SAR if required
by this section. The PPSI may also, but is not required to, contact its primary Federal payment stablecoin regulator to report
such situations.

iv. Proposed 31 CFR 1033.320(c)—Retention of Records

Proposed § 1033.320(c) would provide that PPSIs must maintain copies of filed SARs and the underlying related documentation
for a period of five years from the date of filing. Supporting documentation would need to be made available to FinCEN, any
Federal, State, or local law enforcement agency; or any Federal regulatory authority that examines the PPSI for compliance
with the BSA under the proposed rule, upon request of that agency or authority.

v. Proposed 31 CFR 1033.320(d)—Confidentiality of SARs

Consistent with BSA provisions regarding SAR confidentiality, (224) proposed § 1033.320(d) would provide that a SAR and any information that would reveal the existence of a SAR are confidential
and shall not be disclosed except as authorized in § 1033.320(d)(1)(ii). Section 1033.320(d)(1)(i) would generally provide
that no PPSI, and no current or former director, officer, employee, or agent of any PPSI, shall disclose a SAR or any information
that would reveal the existence of a SAR. This provision of the proposed rule would further provide that any PPSI and any
current or former director, officer, employee, or agent of any PPSI that is subpoenaed or otherwise requested to disclose
a SAR or any information that would reveal the existence of a SAR, would decline to produce the SAR or such information and
would be required to notify FinCEN of such a request and any response thereto. In addition to reports of suspicious activity
required by the proposed rule, PPSIs would be prohibited from disclosing voluntary reports of suspicious activity.

Proposed § 1033.320(d)(1)(ii) would provide three rules of construction that clarify the scope of the prohibition against
the disclosure of a SAR by a PPSI. The rules of construction proposed would remain qualified by, and subordinate to, the statutory
mandate that revealing to one or more subjects of a SAR of the SAR's existence would remain a crime. (225) The first rule of construction, in § 1033.320(d)(1)(ii)(A)(1), would authorize a PPSI, or any director, officer, employee or agent of a PPSI, to disclose a SAR, or any information that
would reveal the existence of a SAR, to various specified authorities provided that no person involved in the reported transaction
is notified that the transaction has been reported. The second rule of construction, in § 1033.320(d)(1)(ii)(A)(2), would provide two instances where disclosures of underlying facts, transactions, and documents upon which a SAR was based
would be permissible: in connection with (i) preparation of a joint SAR or (ii) certain employment references or termination
notices.

The third rule of construction, in § 1033.320(d)(1)(ii)(B), would authorize sharing of a SAR within a PPSI's corporate organizational
structure for purposes consistent with the BSA as determined by regulation or in guidance. FinCEN proposes specifying in this
rule of construction that a PPSI subsidiaries and its insured depository institution parent can share SARs between the two
entities as doing so is consistent with Title II of the Bank Secrecy Act. Specifically, such sharing enables a parent company
to discharge its oversight responsibilities with respect to enterprise-wide risk management. (226) This provision is intended to make it clear that PPSIs will be permitted to share SARs, as well as the underlying facts, transactions,
and documents upon which a SAR was based, with its parent insured depository institution (and vice versa).

Section 1032.330(d)(2) would also incorporate the statutory prohibition against disclosure of SAR information by government
authorities that have access to SARs other than in fulfillment of their official duties consistent with the BSA. The paragraph
would clarify that official duties do not include the disclosure of SAR information in response to a request by a non-governmental
entity for non-public information (227) or for use in a private legal proceeding, including a request under 31 CFR 1.11. (228)

vi. Proposed 31 CFR 1033.320(e)—Limitation of Liability

Proposed § 1033.320(e) would provide protection from liability, also known as a safe harbor, for making either required or
voluntary reports of suspicious transactions, or for failures to provide notice of such disclosure to any person identified
in the disclosure to the full extent provided by 31 U.S.C. 5318(g)(3). (229) This protection would extend to a PPSI and any current or former director, officer, employee, or agent of a PPSI.

vii. Proposed 31 CFR 1033.320(f)—Compliance

Proposed § 1033.320(f) would note that FinCEN or its delegates will examine PPSIs' compliance with their obligation to report
suspicious transactions. Proposed § 1033.320(f) would also provide that a PPSI's failure to comply with FinCEN's SAR filing
requirements may constitute a violation of the BSA and FinCEN's regulations.

viii. Proposed 31 CFR 1033.320(g)—Clarification Regarding Transactions

Proposed § 1033.320(g) would effectuate FinCEN's intent to explicitly scope out secondary market transfers from a PPSI's SAR
reporting obligation. It would state that, for the purposes of the PPSI SAR regulation, “A transaction, for purposes of § 1033.320,
is not conducted or attempted by, at, or

  through a permitted payment stablecoin issuer only because a transfer by third parties results in an interaction with a permitted
  payment stablecoin issuer's smart contract.”

FinCEN also considered, instead of clarifying what transfers are scoped out of the rule, specifying transfers scoped into the rule, by outlining that “transactions” include (1) issuances or redemptions of a payment stablecoin; (2) transfers, payments,
or withdrawals of funds or value related to issuing or redeeming a payment stablecoin, (3) transfers, payments, or withdrawals
of funds or value related to managing reserve assets; (4) transfers, payments, or withdrawals of funds or value related to
providing custodial or safekeeping services for payment stablecoins, required reserves; or private keys of payment stablecoins;
(5) transfers, payments, or withdrawals of funds or value related to any activities that support (1)-(4); and (6) transfers,
deposits or withdrawals relating to any activity in which a PPSI is authorized to engage. FinCEN preliminarily believes, however,
that attempting to further outline “transaction” adds unnecessary complexity; may result in confusion because “transaction”
is otherwise defined in FinCEN's regulations; and could lead to the PPSI SAR obligation being overly or underly inclusive
as the kinds of activities in which PPSIs engage, and how they engage in those activities, could evolve. As indicated above,
FinCEN welcomes comment on its proposed approach.

9. Proposed 31 CFR 1033.400 and 1033.410—Recordkeeping Requirements for PPSIs

The GENIUS Act requires that PPSIs be subject to requirements relating to “retention of appropriate records.” (230) Under the BSA, FinCEN has authority to impose on financial institutions obligations relating to requiring, retaining, and
maintaining records. (231) Financial institutions subject to the BSA obligations have these recordkeeping requirements. (232) These records enhance law enforcement's ability to detect, investigate, and prosecute money laundering, financial crimes,
and have a high degree of usefulness in criminal, tax, or regulatory investigations. (233) Consistent with its treatment of other financial institutions under the BSA, FinCEN proposes amendments to § 1010.410 and
adding §§ 1033.400 and 1033.410 to apply these recordkeeping requirements to PPSIs.

Proposed § 1033.400 would state generally that PPSIs are subject to the recordkeeping requirement of subpart D of part 1010,
which would include § 1010.430 that, among other things, requires records to be kept for five years and § 1010.415. Proposed
§ 1033.410 would cross-reference § 1010.410 which details the specific recordkeeping requirements explained in detail below.

i. Application of Recordkeeping Obligations in § 1010.410(a)-(d)

The proposal would require PPSIs to comply with the recordkeeping obligations outlined in § 1010.410(a) through (c). The recordkeeping
obligations would require PPSIs to create and retain certain records for extensions of credit in excess of $10,000; (234) and certain records of cross-border transfers of currency, monetary instruments, funds, checks, investment securities, and
credit worth more than $10,000. Section 1010.410(d) would require also a PPSI to maintain records related to any order issued
under § 1010.370(a) for up to five years.

ii. Application of Recordkeeping Obligations in § 1010.410(e) and (f)

The proposal would also require PPSIs to comply with the Recordkeeping Rule and Travel Rule, which are complementary obligations
codified in §§ 1010.410(e) and 1010.410(f), respectfully. (235) The Recordkeeping Rule requires financial institutions to collect and retain records for funds transfers and transmittals
of funds in amounts of $3,000 or more. The Travel Rule requires financial institutions to transmit information on certain
funds transfers and transmittals of funds to other financial institutions participating in the transfer or transmittal. As
such, the information “travels” with the transmittal to the next financial institution in the payment chain. (236) Under the current regulatory regime, stablecoin issuers are subject to the Recordkeeping Rule and Travel Rule as MSBs. The
proposed requirement is generally consistent with existing recordkeeping requirements for stablecoin issuers regulated as
MSBs, as well as other financial institutions with recordkeeping requirements. FinCEN is not proposing to substantively change
the Recordkeeping Rule and Travel Rule requirements via this rulemaking other than clearly imposing those requirements on
PPSIs, consistent with the GENIUS Act, and ensuring it is clear that transmittal orders involving payment stablecoins are
covered by the Recordkeeping Rule and Travel Rule. (237)

a. Proposed Amendment to 31 CFR 1010.100(eee)—Definition of Transmittal Order

Both the Recordkeeping Rule, § 1010.410(e), (238) and Travel Rule, § 1010.410(f), rely on the definition of “transmittal order” in § 1010.100(eee), which states, in part, that
a transmittal order causes another financial institution to pay a fixed amount of “money.” FinCEN has clarified in guidance
that transmittal orders relating to transfers involving CVC, of which payment stablecoins are one type, are subject to the
Recordkeeping and Travel Rules, presuming the Rules' other conditions are met. (239) Nevertheless, to avoid any doubt regarding the application of the term transmittal order to payment stablecoins in light of
the GENIUS Act's direction to issue regulations setting out requirements for PPSIs, FinCEN proposes amending the definition
of transmittal order in § 1010.100(eee) to expressly include payment stablecoins in addition to “money.” (240) This change should not be

  construed, including by negative inference, to imply that orders to pay other kinds of value that substitute for currency
  are not transmittal orders. [(241)]()

FinCEN previously discussed its treatment of CVCs for purposes of the Recordkeeping and Travel Rules. FinCEN's 2019 guidance
clarified the application of the Recordkeeping and Travel Rules to CVCs: “because a transmittal order involving CVC is an
instruction to pay `a determinable amount of money,' transactions involving CVC qualify as transmittals of funds, and thus
may fall within” these obligations. (242) FinCEN recognizes various definitions and treatment of the term “money.” Notably, under the GENIUS Act, the term “money” means
“(A) [ ] a medium of exchange currently authorized or adopted by a domestic or foreign government; and (B) includes a monetary
unit of account established by an intergovernmental organization or by agreement between 2 or more countries.” (243) As FinCEN explained in its 2020 notice of proposed rulemaking related to the Recordkeeping and Travel Rules, in the preamble
to the original Recordkeeping Rule, FinCEN indicated non-defined terms should be given the meaning given to the term in Article
4A of the Uniform Commercial Code (UCC), which, at the time, defined “money” as “a medium of exchange currently authorized
or adopted by a domestic or foreign government.” (244) Since 2020, however, additional CVCs and digital assets have emerged. As recognized by Congress in the AML Act, these new
forms of assets are intended to operate as value that substitutes for traditional forms of money. (245) Based on prior FinCEN guidance, stablecoin issuers do constitute money for purpose of the Recordkeeping and Travel Rules, (246) and, accordingly, FinCEN proposes adding payment stablecoin to the definition of transmittal order to ensure the application
to payment stablecoins is clear in light of the GENIUS Act.

b. Proposed Amendment to 31 CFR 1010.410(e)(6)—Scope of Recordkeeping Obligation

FinCEN proposes amending § 1010.410(e)(6) to add PPSIs to the list of entities excepted from the requirements in § 1010.410(e)
when the transfer is between the entities listed. Under this proposal, PPSIs would be treated in the same manner—and with
the same exceptions for transfers to certain other entities—such as banks, broker-dealers, futures commission merchants, introducing
brokers in commodities, and mutual funds. In other words, the recordkeeping requirements of the Recordkeeping Rule would not
apply to transmittals of funds in which both the transmittor and the recipient are either a PPSI, bank, broker-dealer, futures
commission merchant, introducing broker in commodities, or mutual fund.

10. Proposed 31 CFR 1033.520 and 1033.540—Special Information-Sharing Procedures

The GENIUS Act generally directs that PPSIs be treated as financial institutions under the BSA and be subject to “all laws”
relating to “prevention of money laundering.” (247) Although the GENIUS Act does not explicitly direct FinCEN to apply its provisions relating to information sharing to PPSIs,
information sharing authorities are established components of the BSA, which, among other purposes, seek to “prevent laundering
of money.” (248) Indeed, in the AML Act, Congress declared that one purpose of the BSA is to “establish appropriate frameworks for information
sharing.” (249) The USA PATRIOT Act, which amended the BSA, provides in section 314(a) that the Secretary should adopt regulations to encourage
the further cooperation and sharing of information regarding credible evidence of terrorist acts or money laundering activities
among financial institutions, their regulatory authorities, and law enforcement authorities. (250) Section 314(b) further provides financial institutions with the ability to voluntarily share information regarding parties
suspected of possible terrorist or money laundering activities with another financial institution upon notice to the Treasury
under a safe harbor that offers protections from liability.

FinCEN's regulations at 31 CFR 1010.520 and 1010.540 implement sections 314(a) and 314(b) of the USA PATRIOT Act, respectively.
Section 1010.520 applies to financial institutions generally and, as explained below, requires a financial institution to
search its records upon receipt of a request from FinCEN and provide information in return. Section 1010.540 applies to financial
institutions that are required to have AML/CFT programs, or are treated as having satisfied that requirement, and is a voluntary
information sharing tool of which a financial institution may, but is not required, to avail itself.

Consistent with its treatment of other financial institutions under the BSA, FinCEN proposes adding §§ 1033.500, 1033.520,
and 1033.540 to its regulations to expressly apply the information-sharing provisions of §§ 1010.520 and 1010.540 to PPSIs.
FinCEN is proposing to apply these provisions to PPSIs so that law enforcement would be able to request information from PPSIs
where there is reasonable suspicious and credible evidence that an individual, entity, or organization is involved in terrorist
acts or money laundering, potentially resulting in lead information that might otherwise never be uncovered. (251) Further, PPSIs would be able to participate in voluntary information sharing arrangements, through which they can share and
receive information from other financial institutions to identify and, where appropriate, report activities that may involve
terrorist activity or money laundering. As FinCEN has previously noted, under 314(b) financial institutions can share information
about transactions involving the proceeds of specified unlawful activities, which include an array of fraudulent and other
criminal activities, such as fraud against

  individuals, organizations, or governments, computer fraud and abuse, and other crimes. [(252)]() Such sharing could, for example, enable broader understanding of customer risk and filing of more comprehensive SARs. [(253)]()

In particular, proposed § 1033.500 would state generally that PPSIs are subject to the special information sharing procedures
of subpart E of part 1010. In addition to §§ 1010.520 and 1010.540, subpart E of part 1010 contains a brief definition section,
§ 1010.505, containing definitions for, among other things, account. FinCEN assesses that the already codified definition
of account is sufficiently broad to cover accounts established with PPSIs, but requests comment on whether this or any other
definition in that section, including transaction, should be modified to clarify obligations of PPSIs.

Proposed § 1033.520 would cross-reference § 1010.520 and require a PPSI, upon request from FinCEN, to expeditiously search
its records for specific information to determine whether the PPSI maintains or has maintained an account for, or has engaged
in any transaction with, an individual, entity, or organization named in FinCEN's request. (254) A PPSI would then be required to report any such identified information to FinCEN. (255)

Proposed § 1033.540 would cross-reference § 1010.540 and permit PPSIs to, upon providing notice to FinCEN, transmit, receive,
or otherwise share information with other financial institutions or associations of financial institutions in order to identify
and report to the federal government activities that may involve money laundering or terrorist activity.

11. Proposed 31 CFR 1033.600 Through 1033.630—Special Standards of Diligence; Prohibitions; and Special Measures

The GENIUS Act mandated that a PPSI maintain “appropriate enhanced due diligence,” (256) and the BSA directs that financial institutions establish appropriate enhanced due diligence for correspondent accounts and
private banking accounts. (257) Congress has also authorized Treasury to impose special measures to guard the U.S. financial system when foreign financial
institutions or transactions are of primary money laundering concern. (258) FinCEN's regulations implementing these BSA provisions are contained in 31 CFR part 1010, subpart F. FinCEN has applied enhanced
due diligence and special measures to financial institutions who typically maintain account-based relationships with customers.

Consistent with that practice, FinCEN is proposing to apply most of the provisions in part 1010 subpart F to PPSIs, including
enhanced due diligence for correspondent and private banking accounts and some special measures. Proposed § 1033.600 would
state generally that PPSIs are subject to the special standards of diligence, prohibitions, and special measures of part 1010
subpart F. FinCEN is not proposing to apply to PPSIs § 1010.630, which prohibits correspondent accounts for foreign shell
banks, or § 1010.670, which relates to summons and subpoenas on foreign banks, as the statutory authority authorizing those
provisions apply only to certain types of financial institutions. (259)

i. Definition of “Correspondent Account” and “Covered Financial Institution”

FinCEN is proposing to amend two definitions in § 1010.605, the definition section for subpart F. In addition to amending
these terms to account for PPSIs, FinCEN is also making non-substantive edits to § 1010.605(c)(2)(ii) through (iv) to correct
cross references. (260)

First, FinCEN proposes amending the definition of “account” in § 1010.605(c), as applied to the meaning of correspondent account
to include accounts with PPSIs. FinCEN recognizes that the term correspondent account is not typically used in the stablecoin
industry. In a prior rulemaking FinCEN concluded that in enacting the BSA provisions relating to enhanced due diligence for
correspondent accounts, Congress intended the term “correspondent account” to capture more than traditional bank relationships. (261) Rather its goal in enacting BSA provisions related to correspondent accounts was preventing “money laundering through accounts
that give foreign financial institutions a base for moving funds through the U.S. financial system.” (262) Accordingly, FinCEN extended the term “correspondent account” to non-bank financial institutions that “offer accounts that
provide foreign financial institutions a conduit for engaging in ongoing transactions in the U.S. financial system either
on their own behalf or for their customers.”

To effectuate the GENIUS Act's requirement that PPSIs maintain “enhanced due diligence,” FinCEN is proposing to amend the
definition of “correspondent account” so that PPSIs are required to implement obligations related to the BSA's explicit references
to “enhanced due diligence.” Accordingly, FinCEN proposes here, as it has before, extending the term correspondent account
beyond its traditional use in banking and incorporating certain accounts established by PPSIs.

FinCEN proposes adding a new paragraph, § 1010.605(c)(2)(v), defining “account,” as applied to the meaning of “correspondent
account” in § 1010.605(c), to include, as applied to a PPSI, “any formal relationship established by a permitted payment stablecoin
issuer to provide regular services, dealings, and other financial transactions.” This definition is intended to include the
range of activities in which a PPSI may engage as articulated in 12 U.S.C. 5903(a)(7), which include issuing and redeeming
payment stablecoin, managing reserves, and providing custodial services, as well as activities that support any of those efforts.
It would also cover where a PPSI engages in activities as a digital asset service provider.

Second, FinCEN is proposing to amend § 1010.605(e)(1) to include PPSIs in the definition of “covered financial institution,”
which results in PPSIs being subject to provisions implementing special standards of due diligence for correspondent accounts
established or maintained for foreign financial institutions and private

  banking accounts established or maintained for non-U.S. persons. [(263)]()

As part of its implementation of BSA obligations related to enhanced due diligence for private banking accounts, FinCEN has
already defined the term private banking account in § 1010.605(m). That definition provides, in part, that a private banking
account means an account (or collection of accounts) with minimum aggregate assets of more than $1 million, established on
behalf of a non-U.S. person, and assigned or administered by the covered financial institution. FinCEN assesses that this
definition covers the kinds of account relationships PPSIs could maintain for a non-U.S. person and is proposing no changes,
but seeks comment on that approach.

ii. Special Standards for Diligence

To implement the GENIUS Act's directive to apply BSA obligations related to “enhanced due diligence,” FinCEN proposes adding
§§ 1033.610 and 1033.620, which adopt by reference §§ 1010.610 and 1010.620. Sections 1010.610 and 1010.620 implement BSA
obligations related to enhanced due diligence for correspondent accounts and private banking accounts, respectively.

Sections 1010.610 and 1010.620 require that covered financial institutions maintain due diligence programs for correspondent
accounts for foreign financial institutions and banks and for private banking accounts that include policies, procedures,
and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity
conducted through or involving any such correspondent or private banking accounts. (264) These provisions also set certain minimum standards for such due diligence programs, as well as procedures for enhanced due
diligence for correspondent accounts for foreign banks (265) and private banking accounts for senior foreign political figures. (266)

Applying these special standards of due diligence to PPSIs would help PPSIs in understanding risk and identifying illicit
activity in certain relationships with foreign financial institutions. Specifically, these standards would address relationships
with high-net worth non-U.S. customers and foreign financial institutions that may be acting on behalf of higher-risk non-U.S.
customers, when those relationships involve correspondent accounts for foreign financial institutions or private banking accounts.

FinCEN requests comment on the application of these provisions, including whether additional amendments should be made to
account for any uniqueness of PPSIs.

iii. Special Measures

Under the BSA, FinCEN can require U.S. financial institutions to implement certain special measures pursuant to section 311
of the USA PATRIOT Act (section 311) if the Secretary finds that reasonable grounds exist to conclude that a foreign jurisdiction,
institution, class of transaction, or type of account is a “primary money laundering concern.” (267) Section 9714(a) of the Combatting Russian Money Laundering Act (268) and section 7213A Fentanyl Sanctions Act (as amended by section 3201 the of FEND Off Fentanyl Act)—the latter codified in
21 U.S.C. 2313a and referred to colloquially as section 2313a—allow for similar special measures in the context of Russian
illicit finance and illicit opioid trafficking, respectively. As financial institutions, FinCEN is proposing that PPSIs be
required to comply with special measures issued pursuant to sections 311, 9714(a), and 2313a to maintain the options available
under these sections to protect the U.S. financial system from certain illicit finance threats.

Additionally, by incorporating PPSIs into the definition of “covered financial institutions” in § 1010.605(e)(1), FinCEN consequently
imposes the special measures codified in § 1010.658 (relating to FBME Bank, Ltd.); § 1010.659 (relating to North Korea); § 1010.660
(relating to Bank of Dandong); § 1010.661 (relating to Iran); § 1010.663 (relating to Al-Huda Bank); and § 1010.664 (relating
to Huione Group). (269) FinCEN is also proposing to amend § 1010.651 (relating to Burma) (270) and § 1010.653 (relating to the Commercial Bank of Syria) to apply those special measures to PPSIs. (271)

VII. Proposed Application of Sanctions Program Requirement

The GENIUS Act requires PPSIs to maintain “an effective sanctions compliance program, including verification of sanctions
lists, consistent with Federal law.” (272) As discussed in section V.B above, PPSIs are U.S. persons under OFAC's existing regulations because the GENIUS Act requires
PPSIs to be formed in the United States. (273) Accordingly, like all other U.S. persons, stablecoin issuers that qualify as PPSIs will be required to comply with U.S. sanctions
under existing Federal law, meaning they must generally block the property and interests in property of blocked persons; reject
prohibited transactions involving certain persons, jurisdictions, or activities; and retain certain records and file reports
with OFAC. The sanctions compliance program requirement in the GENIUS Act, however, represents the first time that Federal
law has explicitly mandated that a particular U.S. person have an effective sanctions compliance program, although IEEPA and
other statutory authorities authorize the President to, among other actions, investigate, block, regulate, or prohibit transactions
and dealings in property subject to U.S. jurisdiction when a foreign national or country has an interest. (274)

Accordingly, OFAC is proposing a new part 502 to chapter V of the CFR entitled the “Permitted Payment Stablecoin Issuer Effective
Sanctions Compliance Program Regulations” to effectuate the GENIUS Act's effective sanctions compliance program requirement, (275) consistent with statutory authorities that authorize OFAC to administer sanctions. 276 Section VII.A below describes the recordkeeping and reporting requirement for a PPSI in line with standard OFAC requirements
for all U.S. persons, (277) as well as an additional requirement that PPSIs provide to OFAC upon request certain certifications required by the GENIUS
Act and relevant to OFAC's role administering and enforcing the requirement that PPSIs maintain an effective sanctions compliance
program. (278) Section VII.B then outlines the five elements of an effective sanctions compliance program proposed at § 502.201(b), including
an explanation and rationale for each component. Section VII.C discusses terms OFAC proposes to define in the definitions
section in subpart C to part 502. Finally, section VII.D provides an overview of the proposed penalties for materially or
knowingly violating the effective sanctions compliance program requirement contained in proposed 31 CFR part 502, consistent
with the GENIUS Act (279) and pursuant to statutory authorities authorizing OFAC to impose civil monetary penalties, including IEEPA. (280)

A. Recordkeeping and Reporting

Consistent with OFAC's requirements for all U.S. persons, proposed § 502.102(a) imposes on PPSIs standard recordkeeping and
reporting requirements as found in 31 CFR part 501. These requirements align with PPSIs' status as U.S. persons, making them
subject to the requirements found in subpart C of part 501. OFAC's experience in enforcing U.S. sanctions and supporting compliance
by regulated persons has found these requirements to be essential to the integrity of the U.S. sanctions regime.

Proposed § 502.102(b) would require PPSIs provide to OFAC upon request, given OFAC's role in administering and enforcing economic
sanctions and issuing sanctions compliance program requirements under the GENIUS Act, any and all certifications submitted
to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying, pursuant to the
GENIUS Act, that the PPSI has implemented an effective sanctions compliance program. (281) OFAC intends to interpret the terms “primary Federal payment stablecoin regulator” and “State payment stablecoin regulator”
consistent with how those terms are defined in the GENIUS Act. (282)

B. Effective Sanctions Compliance Program

The GENIUS Act requires both that PPSIs maintain an “effective sanctions compliance program” (283) and that regulations promulgated under the Act are “tailored to the size and complexity” (284) of a PPSI. Based on decades of experience administering and enforcing U.S. sanctions, OFAC has found across multiple sectors
that an entity's size and complexity are significant factors in assessing sanctions risk. A larger sized entity can mean greater
exposure to transactions that could involve a blocked person, sanctioned jurisdictions, or interaction with other OFAC-administered
prohibitions or restrictions. Likewise, greater complexity in an entity's operations can necessitate more sophisticated controls
to mitigate sanctions risk. Therefore, based on OFAC's historical experience, OFAC assesses that the best way to implement
the GENIUS Act's instructions is to delineate effective sanctions compliance elements that provide PPSIs discretion to make
risk-based judgments in light of, among other factors, their size and complexity.

In 2019, OFAC published “A Framework for OFAC Compliance Commitments” (the “2019 Compliance Framework”) to support the regulated
public's development of effective sanctions compliance programs with guidance on tailoring risk-based principles to an organization's
unique characteristics and sanctions risk exposure. (285) In addition to being a cornerstone of OFAC's public outreach to all regulated industries, the compliance guidance and expectations
detailed in the 2019 Compliance Framework consistently form the basis of OFAC's published guidance (e.g., sanctions advisories, compliance communiqués, and frequently asked questions), as well as specific guidance issued in response
to public inquiries.

Subsequently, in 2021, OFAC provided additional guidance to the digital assets industry grounded in the Framework by publishing
the “Sanctions Compliance Guidance for the Virtual Currency Industry” (“Virtual Currency Industry Guidance”) and several Frequently
Asked Questions on Virtual Currency. (286) One of OFAC's main objectives in issuing the Virtual Currency Industry Guidance was to explain how actors in the broader digital
assets industry could mitigate sanctions risk by adopting a risk-based approach to sanctions compliance. The Virtual Currency
Industry Guidance also highlighted specific risks facing actors in the digital assets industry and identified best practices
to support industry stakeholders with sanctions compliance, such as the use of geolocation and blockchain analytics tools
for screening and transaction monitoring. (287) Many in the compliance community noted that the document provided clear guidance on digital asset providers' sanctions obligations
and valuable best practices for ensuring compliance in that space.

In addition to OFAC's existing guidance, OFAC's extensive experience administering and enforcing U.S. sanctions has also demonstrated
that a risk-based approach is an effective way to mitigate sanctions risk. Promoting compliance is a core objective in pursuing
enforcement actions. As outlined in the preamble to the Final Rule establishing OFAC's Enforcement Guidelines, (288) the purpose of OFAC's enforcement actions are to raise awareness, increase compliance, and deter “conduct that undermines
the goals of [U.S.] sanctions programs.” (289) Accordingly, OFAC's enforcement settlement agreements with parties usually insist on implementation of a sanctions compliance
program in line with the 2019 Compliance Framework. Consequently, across both OFAC's history of guidance and enforcement,
OFAC has consistently observed that an effective sanctions compliance program contains certain key elements.

Based on that experience, OFAC is now proposing requiring PPSIs adopt a sanctions compliance program including the five key
elements in line with the 2019 Compliance Framework:

(1) Senior Management and Organizational Commitment; (2) Risk Assessment; (3) Internal Controls; (4) Testing and Auditing;
and (5) Training. OFAC assesses that a risk-based approach and a sanctions compliance program grounded in the five enumerated
elements best implements the GENIUS Act's requirement that Treasury adopt rules tailored to the size and complexity of PPSIs
while ensuring that PPSIs maintain an effective sanctions compliance program. (290) Specifically, by mandating the five elements as a minimum for an effective sanctions compliance program, the proposed rule
intentionally sets a necessary floor for an effective sanctions compliance program while leaving space for PPSIs to take additional
or refined compliance measures that account for the specific circumstances of individual PPSIs. Finally, OFAC notes the proposed
rule's focus on a risk-based approach and the five enumerated elements of an effective sanctions compliance program intends
to provide flexibility to account for rapidly evolving payment stablecoin technologies in the digital assets ecosystem. As
PPSIs utilize the GENIUS Act's framework to support innovation and the responsible growth and use of payment stablecoins,
OFAC anticipates the development of new stablecoin-related products and services that may differ from those provided or used
by stablecoin issuers today. Such products and services, in turn, may require new approaches to sanctions compliance to mitigate
sanctions risks and meet OFAC's regulatory obligations.

In sections VII.B.1 through VII.B.5 below, OFAC provides further details regarding the five elements that constitute the effective
sanctions compliance program requirements that OFAC proposes for PPSIs pursuant to the GENIUS Act and consistent with statutory
authorities that OFAC administers as described above.

1. Proposed 31 CFR 502.201(b)(1)—Senior Management and Organizational Commitment

Proposed § 502.201(b)(1) would require a PPSI's senior management to review and approve a PPSI's sanctions compliance program
and to support the sanctions compliance program's effective implementation, including by ensuring the sanctions compliance
program, at a minimum: (i) applies to all payment stablecoin-related activity; (ii) has sufficient resources, including necessary
investments in human capital, expertise, and information technology, to carry out the requirement that PPSIs conduct risk
assessments, maintain internal controls, conduct testing and auditing, and maintain a risk-based sanctions compliance training
program, as described in the proposed § 502.201(b)(2) through (b)(5) (see sections VII.B.2 through VII.B.5 below); (iii) is
fully integrated into the PPSI's ongoing stablecoin-related operations; (iv) routinely provides risk updates, including test
results, to senior management and other appropriate personnel within the PPSI; and (v) provides sufficient authority and autonomy
to the compliance function to manage effectively U.S. sanctions risk for the entire PPSI.

A PPSI's senior management includes individuals responsible for monitoring performance across the organization, including
its sanctions compliance program. As applicable, senior management could include supervisory, managerial, and executive employees,
and can also include its board of directors, owners, operators, and other leadership personnel depending on the PPSI's governance
structure. The particular composition of a PPSI's senior management is a fact-specific matter depending on each individual
PPSI, and in this proposed rule, OFAC proposes to provide PPSIs with flexibility in determining which members of senior management
ensure an effective sanctions compliance program. Nevertheless, based on its experience administering and enforcing U.S. sanctions,
including providing guidance to industry, OFAC views senior management engagement as essential to the effectiveness of any
person's sanctions compliance program. (291) A PPSI's senior management's combination of its vantage point across the entire organization's activities and its decision-making
authority uniquely positions it to review a sanctions compliance program with a comprehensive understanding of the PPSI's
operations and credibly approve a program as meeting that PPSI's particular circumstances. Additionally, the requirement that
senior management approve the sanctions compliance program demonstrates senior management support and buy-in, which is critical
to building a culture of compliance by establishing ultimate responsibility at the PPSI's senior levels.

Furthermore, the proposed § 502.201(b)(1) would require senior management to support the sanctions compliance program's effective
implementation by ensuring the program includes, at a minimum, certain key components. First, senior management would be required
to ensure the sanctions compliance program applies to all payment stablecoin-related activity. As outlined, a PPSI's senior
management operates from a distinct vantage point compared to other personnel, enabling broader awareness and oversight across
an entire organization that uniquely positions them to monitor the creation and implementation of a sanctions compliance program.
That perspective supports making sure the compliance program does not only apply to discrete parts of a PPSI's operations.
While, as outlined below in this section, an effective sanctions compliance program requires a measure of delegation and autonomy
to the compliance function to deploy established compliance policies and procedures, senior management's visibility across
a PPSI's operations during the creation of a sanctions compliance program is vital to avoiding gaps that create heightened
risks of sanctions violations.

Second, senior management would be required to ensure the sanctions compliance program has adequate resources. OFAC's experience
has demonstrated that adequate resourcing is particularly crucial for PPSIs given the nature of the rapidly evolving technologies
underpinning payment stablecoins and attendant sanctions risks. OFAC does not propose to prescribe specific resourcing levels
or breakdowns in resources for various elements of a compliance program. Senior management should tailor those decisions to
a PPSI's particular circumstances. Nonetheless, ensuring adequate resources would entail senior management knowledge of and
engagement on how the PPSI allocates resources for compliance functions across the organization and how that allocation is
commensurate with current levels of sanctions risk exposure, including in the form of human capital, expertise, information
technology, such as the tools described in section VII.B.3 below, and other resources, as appropriate.

Third, senior management would be required to ensure the sanctions compliance program is fully integrated into a PPSI's ongoing
stablecoin-related operations. The active incorporation of the compliance program into ongoing

  operations is critical to both timely and effective responses to sanctions risk. In line with section VII.B.3 below, a senior
  management commitment with respect to ongoing operations would entail ensuring a sanctions compliance function has the necessary
  tools to identify and respond to sanctions risks judiciously. Simultaneously, in addition to resourcing necessary tools, this
  commitment could also be expressed by ensuring written policies and procedures (see section VII.B.3) that enable PPSI personnel
  to respond expeditiously when confronting sanctions risk.

Fourth, senior management would be required to ensure senior management, and other appropriate personnel, routinely receive
risk updates, including test results, from the sanctions compliance program. OFAC's experience providing guidance to the regulated
public and enforcing U.S. sanctions has shown that absent a senior management commitment to an entity's sanctions compliance
program, staff implementing the program will have less routine access to senior management to provide risk updates, including
test results. Such routine updates are necessary to support senior management's continued appreciation of the organization's
sanctions obligations and timely awareness of sanctions risks, as well as then facilitating informed decisions. In the proposed
rule OFAC does not prescribe a cadence for these routine risk updates, as they should be tailored to the particular circumstance
of each PPSI.

Finally, while routine updates to senior management are essential, under the proposed rule, senior management would also be
required to ensure that the sanctions compliance program has sufficient authority and autonomy to function and conduct timely
and effective operations. The proposed rule would require that a PPSI's sanctions compliance program be empowered to work
independently to take appropriate actions to address and mitigate sanctions risks for the entire organization, which is critical
to the integrity of the PPSI's compliance functions. The sanctions compliance program must be able to act efficiently and
effectively within the organization to be able to respond to timely sanctions-related developments. Accordingly, the proposed
rule would require, as a key element, that senior management ensure that the sanctions compliance program is able to manage
effectively U.S. sanctions risks for the entire organization.

Critically, senior management's active support for the five requirements proposed in § 502.201(b)(1)(i) through (v) constitute
a minimum set of activities that OFAC would expect when considering whether a PPSI's sanctions compliance program is effective.
Additional activities may be relevant to a PPSI's compliance program under a risk-based approach. In accordance with the GENIUS
Act's mandate to tailor rules to the size and complexity of each PPSI's operations, (292) the proposed rule leaves discretion for PPSI's to adopt additional measures in line with their circumstances.

2. Proposed 31 CFR 502.201(b)(2)—Risk Assessments

Proposed § 502.201(b)(2) would require a PPSI conduct sanctions-related risk assessments by: (i) conducting holistic assessments
of U.S. sanctions risks at appropriate intervals; (ii) using the risk assessments to inform the PPSI's operation of its sanctions
compliance program, including revising internal controls and training as appropriate; and (iii) revising risk assessments
as appropriate to account for any identified U.S. sanctions violations or deficiencies, new products, services, mergers, or
acquisitions, and any other factors that may affect a PPSI's risk profile.

In the sanctions context, risks are potential threats or vulnerabilities that, if ignored or not properly handled, can lead
to violations of the regulations administered by OFAC. Holistic risk assessments allow an organization to identify these threats
or vulnerabilities. OFAC has found, through its enforcement actions for violations of sanctions and engagement with private
industry, that regular risk assessments are foundational for sanctions compliance programs to be effective. In keeping with
the GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, (293) OFAC does not propose a uniform frequency for conducting risk assessments. Similarly, while risk assessments should be holistic
reviews—for instance, evaluating a PPSI's touchpoints with external parties and jurisdictions, including customers, vendors,
and intermediaries, in order to identify direct and indirect sources of sanctions risk—OFAC does not propose a uniform criteria
for a holistic review, again recognizing the GENIUS Act's tailoring requirement. (294)

Use of risk assessment results to develop and revise a sanctions compliance program ensures a program is grounded in the most
current understanding of the various sources of sanctions risks. As OFAC has determined through various enforcement actions,
a sanctions compliance program's internal controls (see section VII.B.3) and training (see section VII.B.5) are only effective
if an organization has an accurate understanding of the sanctions risks it faces. Therefore, holistic and appropriately frequent
risk assessments are essential to the proper implementation of the other elements of an effective sanctions compliance program
outlined in this section VII.B.

Additionally, to be effective, risk assessments themselves must be revised to account for new information or changing circumstances
that impact a PPSI's risk profile. Identification of U.S. sanctions violations or deficiencies in an existing compliance program
naturally suggest the presence of vulnerabilities necessitating revisions or remediation. Similarly, with respect to new products,
services, mergers, or acquisitions, OFAC has on multiple occasions entered into settlement agreements with entities in the
digital assets industry for apparent violations that arose from the development and release of a product or service without
having given sufficient consideration of attendant sanctions risks or compliance implications. (295) A holistic assessment of the sanctions-related risks that such a new product or service could create is necessary to understand
what additional or revised controls may be necessary. (296) Without these steps pre-launch, the new products or services themselves may immediately give rise to sanctions compliance-related
gaps, possibly seriously undermining the effectiveness of a sanctions compliance program.

3. Proposed 31 CFR 502.201(b)(3)—Internal Controls

Proposed § 502.201(b)(3) would require a PPSI (297) to establish and maintain a system of risk-based internal controls—including technical capabilities and written policies and
procedures—applicable to all payment

  stablecoin-related activity, whether on the primary or secondary market, that identifies, blocks, and/or rejects transactions
  that may violate or would violate U.S. sanctions and retains relevant records in accordance with OFAC regulations. OFAC assesses
  that a dynamic internal controls system that adapts to new regulatory and risk-related developments is critical to fulfilling
  key obligations imposed under the GENIUS Act.

First, the technical components of a PPSI's internal control system are paramount. In particular, the GENIUS Act requires
that a PPSI must be able to “block, freeze, and reject specific or impermissible transactions that violate Federal or State
laws, rules, or regulations,” (298) which includes transactions that violate or would violate U.S. sanctions regulations. Although PPSIs are generally neither
the originator nor the beneficiary of transactions, other than issuing or redeeming a payment stablecoin, the GENIUS Act makes
clear that a PPSI is nonetheless obligated to block and reject impermissible transactions—including on the secondary market—involving
a payment stablecoin it has issued. The proposed rule's requirement that each PPSI establish and maintain technical capabilities
to block or reject any payment stablecoin-related activity that violates or would violate U.S. sanctions directly tracks the
GENIUS Act's mandate that PPSIs maintain such technical control over impermissible transactions that violate Federal laws,
including sanctions regulations.

In practical terms, PPSIs should implement risk-based sanctions controls on transactions, including on the secondary market,
to satisfy this requirement. OFAC's Virtual Currency Industry Guidance provides examples of best practices of internal controls,
including with respect to transaction monitoring and sanctions screening, for digital asset participants, which will likely
be relevant for PPSIs. (299) For example, at a minimum, such sanctions screening should include tools sufficient to identify and block transactions associated
with digital currency addresses included on OFAC's SDN List. (300) In addition, the technical internal controls should enable the PPSI to clearly and effectively identify, interdict, escalate,
and report (as necessary and appropriate) activity that may be prohibited by the regulations and laws administered by OFAC.
Furthermore, PPSIs should generate and maintain records pertaining to activity that may be prohibited by OFAC as part of their
internal controls regime. OFAC has imposed penalties on entities not solely because prohibited transactions occurred, but
because organizations failed to maintain complete records or submit timely reports. (301)

As described, proposed § 502.201(b)(3) would also mandate that the PPSI continually update the technical internal controls
(including risk-based sanctions screening), which ensures the internal controls effectively address amended or updated U.S.
sanctions authorities and applicable U.S. sanctions risks. Given the dynamic nature of OFAC sanctions, internal controls should
be capable of adjusting rapidly to new OFAC designations, prohibitions, requirements, and guidance, and of effectively identifying
risk exposure that may warrant heightened due diligence. (302) Relevant guidance may, as noted in the proposed rule, include risks identified in advisories, alerts, or notices issued by
the Department of the Treasury or other relevant U.S. government agencies. These reports often enumerate specific red flags
and typologies indicative of sanctions evasion trends. PPSIs should consider using such information, along with other open
source and proprietary information, in order to conduct proactive diligence to identify and mitigate potential sanctions risks.
Information obtained by a PPSI for purposes of complying with the BSA may also be relevant in identifying and mitigating sanctions
risks. By establishing and maintaining technical internal control mechanisms, including the ability to effectively identify
sources of sanctions risk, PPSIs are able to maintain the technical capacity necessary to comply with OFAC's blocking and
non-blocking sanctions programs.

Second, the written policies and procedures requirement of proposed § 502.201(b)(3) prescribes that the risk-based internal
controls established by the PPSI are documented in writing and are clearly communicated to all relevant personnel and stakeholders
(e.g., clients, business partners, counterparties). OFAC is proposing written policies and procedures because they ensure that compliance
measures (like screening the SDN List) are applied consistently across an entire organization, preventing fragmented, decentralized,
or ad-hoc practices that can lead to sanctions violations. (303) OFAC has finalized numerous civil monetary penalties or settlements since publishing the 2019 Compliance Framework in which
an organization's decentralized compliance function was one of the root causes of the sanctions violations identified during
the course of the investigation. Written policies and procedures can clearly define the roles and responsibilities of compliance
staff, ensuring accountability and proper oversight. Written policies also ensure that compliance protocols are communicated
to all relevant stakeholders, minimizing inadvertent violations caused by misunderstanding or lack of training. Proposed § 502.201(b)(3)
also stipulates that such internal control documents must be routinely reviewed and revised such that there is timely and
appropriate action to remediate any identified compliance gaps or deficiencies. The process of routinely reviewing and revising
written policies and procedures should incorporate frequent testing of technical internal controls to ensure effectiveness
and sufficiency. If and when a PPSI identifies a weakness in its internal controls system, the PPSI should take immediate
and effective action, to the extent possible, to identify and implement compensating controls until the root cause of the
weakness can be determined and remediated.

Finally, OFAC notes that the exact form of internal controls is not prescribed by this proposed rule. In keeping with the
GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, (304) OFAC does not propose a uniform or “one-size-fits-all” internal control system. Rather, the specific internal control system
should be risk-based and will depend, among other things, on the PPSI's products, services, geographical scope of operations,
direct customers, end users or holders, and on the sanctions risks the PPSI identifies during its risk assessment process
or through any other measures.

PPSIs may consider using a variety of tools to develop and implement internal controls, including external resources. In the
financial industry, internal controls often include software for sanctions screening, investigations, transaction monitoring,
and other

  purposes. For digital assets industry participants in particular, these tools typically function as a linchpin of the organization's
  internal controls. OFAC does not require PPSIs to use any specific tool or software, and OFAC's engagement with the private
  sector has found that the specific tools employed vary widely by industry. Digital assets industry participants routinely
  report using blockchain analysis, open-source intelligence, geolocation tools, and media monitoring tools, among other solutions,
  whether developed internally or sourced from a vendor. OFAC's Virtual Currency Industry Guidance provides other examples of
  internal controls best practices that PPSIs may consider adopting. [(305)]() Whether a PPSI uses these or other tools will depend on specifics of each PPSIs operations.

Ultimately, the internal controls required by the proposed rule will allow PPSIs to comply with the numerous other mandates
in the GENIUS Act.

4. Proposed 31 CFR 502.201(b)(4)—Testing and Auditing

Proposed § 502.201(b)(4) would require that a PPSI establish and maintain an independent testing or audit function, accountable
to senior management, with sufficient resources, expertise, and authority to identify U.S. sanctions compliance-related weaknesses
and deficiencies. In addition, each PPSI would also have to ensure that qualified personnel routinely perform comprehensive,
independent, and objective testing or auditing of the effectiveness of the sanctions compliance program and its functions.
And finally, the proposed rule would require that such testing and auditing results are used to identify and implement any
needed updates or enhancements to the sanctions compliance program, and that PPSIs maintain and provide to OFAC upon request
records of any such testing and auditing results and enhancements.

An independent testing or audit function can be either external or internal to a PPSI. If internal, controls must be in place
to ensure audits or testing are sufficiently independent. Criteria relevant to establish “independence” may vary based on
a range of factors, including a PPSI's internal corporate structure, the internal auditor's accountability to senior leadership
and or the PPSI's board of directors, as well as the training and expertise possessed by the internal auditor. With the appropriate
independence, expertise, and resources, internal audits may be effective and may be a reasonable part of a compliance program,
depending on a PPSI's individualized risk profile. However, OFAC's experience administering and enforcing U.S. sanctions has
also shown that internal audits can lack the independence, expertise, and resources to conduct objective and thorough evaluations
of an entity's own compliance efforts, while external audits often provide more effective and comprehensive assessments.

Routine, comprehensive, independent, and objective testing or auditing of a sanctions compliance program is essential to the
program's continued effectiveness. (306) OFAC has observed cases of apparent violations resulting from compliance, testing, or audit software that was improperly configured,
deactivated, or modified over time, including following updates, changes, or the deployment of new technology by the broader
organization. Human error and lack of attention to changes in testing and audit results can compound these issues as can the
speed and volume of payment stablecoin-related activity that PPSIs and other digital assets industry participants may face.

Again, in line with the GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, (307) proposed § 502.201(b)(4) does not specify the precise contours of what the testing and audit function should include. However,
based on the existing 2019 Compliance Framework, PPSIs should be prepared to implement a testing and audit function that can
identify weaknesses and deficiencies in their sanctions compliance, including in products or services still under development.
In addition, based on the existing 2019 Compliance Framework, a testing and auditing program should be tailored to address
the sanctions risks accompanying the PPSI's operations, and results should be used to implement updates, remediate compliance
gaps, and make the PPSI aware of how its products and services are performing against the sanctions compliance program's internal
control benchmarks.

5. Proposed 31 CFR 502.201(b)(5)—Training

Proposed § 502.201(b)(5) would require a PPSI establish and maintain a risk-based compliance training program that is: (i)
performed at least annually and with a frequency appropriate to the PPSI's risk assessments and risk profile; (ii) provided
to all relevant personnel and stakeholders; (iii) appropriately tailored to each trainee's role and responsibilities; (iv)
modified to reflect risk assessments findings and identified deficiencies in the sanctions compliance program, including testing
and audit findings; and (v) designed to include easily accessible resources and materials for all relevant personnel and stakeholders.
Based on OFAC's experience investigating and enforcing sanctions violations and providing compliance guidance to private industry,
OFAC has found the establishment and maintenance of a risk-based sanctions compliance training program to be critical to ensuring
that the benefits and expertise cultivated by the PPSI's compliance efforts are shared across an organization and not limited
to compliance program personnel and senior management. (308)

In keeping with the GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, (309) OFAC proposes PPSI discretion in setting a training cadence that aligns with a PPSI's particular circumstances, provided a
PPSI meets the minimum of an annual training. Based on industry practice, OFAC views annual training as an appropriate minimum,
recognizing that certain PPSIs may determine, based on their assessment of risk, that more frequent trainings may be necessary,
either for all or certain personnel and stakeholders, including after a knowing or material violation of the GENIUS Act has
occurred or an apparent violation of U.S. sanctions, to understand root causes and avoid repeated issues.

OFAC proposes training be provided to all relevant personnel and stakeholders (310) to support the type of comprehensive risk assessments and testing and auditing that an effective sanctions compliance program
requires. Broad awareness of an organization's sanctions compliance obligations, policies, and available tools is necessary
to identify and surface information regarding potential sanctions risks and to support timely action to address those risks.
Based on OFAC's

  experience engaging with private sector entities of various sizes and sanctions risk profiles, a “one-size-fits-all” training
  requirement would both be less effective and run counter to the principle of supporting private actors to make their own circumstance-based
  prioritizations in furtherance of compliance. Furthermore, the requirement that training-related resources and materials be
  made easily available to all relevant personnel and stakeholders likewise supports the essential flow of information and a
  well-trained workforce. Employees or stakeholders with insufficient or inaccessible training may overlook or fail to understand
  the significance of relevant information at key junctures, causing sanctions violations to go unnoticed, while properly trained
  employees will be equipped to spot red flags and identify sanctions risk in real time.

Finally, the proposed requirement that organizations modify training programs to reflect findings of risk assessments and
identified deficiencies in their sanctions compliance program is essential to keeping trainings current and effective. Training
programs that do not incorporate new information and corrections to past deficiencies are inherently less effective than training
programs that account for such developments.

C. Definitions

OFAC is proposing to define four terms in the definitions section of the new 31 CFR part 502. OFAC proposes to define two
terms—“knowingly” and “OFAC”—at § 502.301 and § 502.302, respectively, consistent with other OFAC regulations. OFAC proposes
to define “payment stablecoin-related activity” at § 502.303 to capture the range of activities involving a PPSI's payment
stablecoin from the time of issuance until the payment stablecoin's removal from circulation, including activity on the secondary
market, and to future-proof the regulations. Finally, OFAC proposes to define the term “permitted payment stablecoin issuer”
at § 502.304 consistent with the definition of that term contained in the GENIUS Act, with slight modifications to reconcile
differences between how the GENIUS Act defines the term “person” and how that term is defined in OFAC's regulations, as well
as to synthesize definitions contained within the GENIUS Act for ease of understanding by the regulated public.

With the exception of the term “OFAC,” which simply refers to the “Office of Foreign Assets Control,” OFAC below provides
additional explanations of the terms described above.

1. Proposed 31 CFR 502.301—Knowingly

Consistent with the GENIUS Act, OFAC's proposed rule provides for civil monetary penalties, including penalties for each day
during which a PPSI knowingly violates the GENIUS Act's requirement that PPSI's maintain an effective sanctions program. (311) However, the GENIUS Act does not define the term “knowingly.” Under the proposed rule, OFAC defines “knowingly” with respect
to conduct, a circumstance, or a result, as meaning that a person has actual knowledge, or should have known, of the conduct,
the circumstance, or the result. OFAC is proposing this definition because it is consistent with how OFAC defines that term
across multiple sanctions programs and will be familiar to the sanctions compliance community. (312)

2. Proposed 31 CFR 502.303—Payment Stablecoin-Related Activity

OFAC proposes to define “payment stablecoin-related activity” to include issuing, trading, holding, transacting, transferring,
redeeming, or any other activity involving a payment stablecoin issued by a PPSI from the time of issuance until the payment
stablecoin's removal from circulation, whether on the primary or secondary market, including through redemption or by any
other means. OFAC intends to interpret the term “payment stablecoin” consistent with how that term is defined in the GENIUS
Act. (313) As discussed in section V.B above, there are a variety of scenarios under which PPSIs may be required to block or reject transactions
under U.S. sanctions, whether on the primary or secondary market. For example, a PPSI is prohibited from issuing payment stablecoins
to a blocked person and from allowing blocked persons to engage with its smart contracts to facilitate trades of its payment
stablecoins. Accordingly, OFAC's proposed definition ensures that a PPSI's sanctions compliance obligations apply to all activity
involving its payment stablecoins, whether on the primary or secondary market. OFAC's proposed definition is also appropriately
scoped to ensure that the proposed rule captures future technological developments, whether in the issuance of payment stablecoins
or in the trading thereof.

3. Proposed 31 CFR 502.304—Permitted Payment Stablecoin Issuer; PPSI

OFAC proposes to define the term “permitted payment stablecoin issuer” or “PPSI” consistent with the definition provided in
the GENIUS Act. (314) To ensure the definition of “permitted payment stablecoin issuer” accurately applies only to “persons” as defined in the GENIUS
Act, rather than “person” as defined differently in other regulations administrated by OFAC, OFAC is replacing the word “person”
with “individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business
entity, incorporated or unincorporated,” which is how “person” is defined in the GENIUS Act. (315)

D. Proposed 31 CFR 502.401 and 502.402—Penalties

Proposed § 502.401(a) would impose civil monetary penalties of not more than $100,000 per day for PPSIs that materially violate
the requirement to maintain an effective sanctions compliance program. Proposed § 502.401(b) would provide for an additional
$100,000 penalty for each day during which a PPSI knowingly participates in a violation of the same. If a PPSI does not pay
the penalty imposed pursuant to § 502.401, proposed § 502.402 authorizes OFAC to refer the matter for administrative collection
measures by the Department of the Treasury or to the Department of Justice for appropriate action to recover the penalty in
a civil suit in a federal district court.

The proposed penalties are consistent with those prescribed in the GENIUS Act, which provides for a civil penalty of not more
than $100,000 for each day during which a PPSI materially violates any regulation issued under the GENIUS Act and an additional
penalty of not more than $100,000 per day during which a PPSI knowingly violates any regulation issued under the GENIUS Act. (316) Additionally, the penalties are consistent with those permitted under IEEPA, which allows for the imposition of civil penalties
of the greater of $377,700 or twice the amount of the underlying transaction for each violation, (317) as well as the Trading with

  the Enemy Act (TWEA), the sanctions authority that underpins OFAC's Cuba sanctions program, which allows OFAC to impose penalties
  of up to $111,308 for each violation. [(318)]()

VIII. Final Rule Effective Dates

FinCEN and OFAC are proposing that their respective rules will become effective 12 months after issuance of final rules to
allow sufficient time for PPSIs to review and implement the requirements of the proposed rule. We seek comment on the proposed
effective date.

IX. AML/CFT Request for Comment

FinCEN seeks comments on all aspects of the proposed rule and specifically seeks comments on the following topics. For all
responses, commenters are encouraged to provide the basis for any conclusions drawn in their comments. FinCEN is also requesting
commenters consider whether any obligation can be better tailored to the size and complexity of an issuer and how such tailoring
would impact burden and risk of illicit finance.

A. Questions on PPSI Relationships to Other Types of Financial Institutions

1. Where PPSIs are subsidiaries of insured depository institutions, do any of FinCEN's proposals for PPSIs present legal challenges
   or substantial operational challenges such that implementation would be practically impossible? How can FinCEN's regulatory
   infrastructure promote an efficient and effective BSA regime where a PPSI and its parent may be subject to similar or overlapping
   obligations?

2. Where PPSIs are also uninsured national banks, do any of FinCEN's proposals present legal challenges or substantial operational
   challenges such that implementation would be practically impossible? How can FinCEN's regulatory infrastructure promote an
   efficient and effective BSA regime where a PPSI may be subject to similar or overlapping obligations as both a PPSI and an
   uninsured national bank? Should FinCEN carve out PPSIs from rules that apply to banks for some or all obligations?

3. What would be the benefits and drawbacks of FinCEN extending the logic of its 2012 administrative ruling (319) to PPSIs that are a subsidiary of an insured depository institution subject to a parallel regulation?

4. Should FinCEN carve PPSIs out of the MSB definition? Are there circumstances in which an entity could reasonably be uncertain
   whether it should be treated as a PPSI or as an MSB under the proposed definitions? If so, please describe.

B. Questions on Proposed Definitions

1. Are FinCEN's proposed definitions sufficiently clear? Should the definitions be expanded or narrowed in any respect? Should
   FinCEN define additional terms or amend additional existing terms?

2. Are there products or arrangements that may fall near the boundary of the proposed definition of payment stablecoin, and
   if so, how should FinCEN address such cases?

3. Is FinCEN's proposed definition of “lawful order” sufficiently clear? Should FinCEN further define any terms within “lawful
   order”? Should FinCEN, for example, specify that “accounts” for purposes of lawful orders include any number or identifier
   used to identify a holder of a payment stablecoin, including a wallet address?

C. Questions on Proposed AML/CFT Program

1. In what respects should a PPSI's AML/CFT program account for risks on the secondary market?

2. The proposed rule sets forth the conditions for an effective AML/CFT program. Is the description of an effective program
   sufficiently clear or is there anything further that FinCEN should consider adding in the final rule to clarify program effectiveness?

3. The proposed rule reflects a determination by FinCEN that PPSIs are best placed to identify risks and allocate resources,
   and that providing them with greater discretion in these areas will improve the quality of AML/CFT compliance and reporting
   to law enforcement. Is this correct or should FinCEN consider adding more requirements regarding allocation of resources?
   How might PPSIs assess changes in the total allocation of resources devoted to an AML/CFT program in a changing risk and cost
   environment?

4. Should the proposed rule's distinction between “establishing” and “maintaining” a program be modified? Is the distinction
   between “establishing” and “maintaining” a compliance program useful for PPSIs? Should FinCEN add anything to further define
   these terms in the final rule?

5. What, if any, difficulties do PPSIs anticipate when incorporating the AML/CFT Priorities as part of their risk assessment
   processes?

6. Should risk assessment processes be required to take into account additional or different criteria or risks than those
   listed in the proposed rule? If so, what additional factors should FinCEN consider requiring?

7. What risk factors should PPSIs consider when conducting risk assessments under the proposed rule, including customer,
   product, transaction, geographic, and technological risks?

8. Is additional explanation needed concerning when a PPSI would be required to update its risk assessment? In particular,
   how might FinCEN clarify how risk assessment processes would be updated “promptly”? Would an alternative approach, such as
   periodic updates or a set schedule for updates, be preferable? Would an alternative standard, such as “materially changes,”
   be clearer than “significantly changes”?

9. To what extent do the proposed AML/CFT program requirements provide sufficient flexibility for PPSIs to design programs
   that are appropriately risk-based and tailored to their size, complexity, and business models?

10. To what extent should PPSIs consider information about secondary market transactions as part of their customer due diligence
    processes?

11. Should FinCEN further clarify which specific elements of an institution's AML/CFT program must be written? Should FinCEN
    instead eliminate the requirement that an AML/CFT program be expressly required to be “written” because, among other reasons,
    financial institutions may be subject to other applicable recordkeeping and documentation requirements? What would be the
    benefits or drawbacks of not prescribing a mandatory written requirement in the regulation?

12. The proposed rule would require that a PPSI's written AML/CFT program be approved by its board of directors, an equivalent
    governing body, or appropriate senior management. Should FinCEN further clarify which aspects of the AML/CFT program must
    be subject to such approval? In particular: (a) should approval be required for each of the core program components, or would
    approval of the overall program framework be sufficient; (b) should material revisions to particular components (such as significant
    changes to the institution's risk assessment methodology, monitoring architecture, or governance structure) require re-

    approval at the same level; and (c) what level of specificity should the approving body be required to review and approve
    (e.g., high-level program architecture versus detailed procedures or parameter-level settings)? Should FinCEN instead eliminate the
    specified approval requirement, allowing PPSIs flexibility in determining how leadership oversight of the AML/CFT program
    is structured? What would be the benefits or drawbacks of not prescribing a mandatory approval requirement in the regulation?
    If FinCEN does not eliminate the specified approval requirement, should FinCEN consider amending the requirement? Are there
    alternatives to board of directors, an equivalent governing body, or appropriate senior management that would be more appropriate?

13. Should FinCEN impose the supervision and enforcement framework outlined in this proposal for PPSIs?

14. If the supervision and enforcement framework is implemented for PPSIs should FinCEN further refine or clarify any of the
    concepts or definitions outlined in this proposal, including “significant or systemic failure,” “failure to establish an AML/CFT
    program,” “any written communication,” and “significant AML/CFT supervisory action”?

15. Should a revocation of a permitted payment stablecoin issuer's application to a primary Federal payment stablecoin regulator
    be accounted for in the supervision and enforcement framework?

16. Do any aspects of the GENIUS Act framework with regards to supervision, examination, and enforcement need to be better
    accounted for if the framework was implemented for PPSIs, including a consultation framework when a primary Federal payment
    stablecoin regulator intends to take an AML/CFT enforcement action or significant AML/CFT supervisory action?

17. Should the proposed consultation process include an asset threshold— i.e., consultation is required for any significant AML/CFT supervisory actions involving PPSIs with $10 billion or more in assets?
    In addition, or as an alternative, should the proposed rule provide the option for PPSIs to request their primary Federal
    payment stablecoin regulator consult with FinCEN prior to initiating a significant AML/CFT supervisory action?

18. Notwithstanding the benefits of the proposed consultation described above, the proposal may result in additional review
    during an examination. How can FinCEN and the primary Federal payment stablecoin regulator streamline the consultation process
    and prevent logistical burdens for PPSIs or delays in exam report issuance?

19. FinCEN welcomes comment on how the Director of FinCEN may consider the performance of innovative activities that produce
    demonstrable outputs under the proposed supervision and enforcement framework.

D. Questions on Proposed Additional Technical Capabilities

1. Should FinCEN refine or clarify the obligation related to having the technical capabilities to block, freeze, and reject
   impermissible transactions?

2. Are there aspects of the proposed requirement that could unintentionally constrain PPSIs' choice of technical or operational
   approaches? If so, please explain.

3. Is FinCEN's proposed language specifying PPSIs must have the technical capabilities to block, freeze, and reject impermissible
   transactions occurring on the secondary market appropriately scoped and sufficiently clear? Does it capture activity it should
   not? Does it leave out activity it should include?

4. What technical, operational, or architectural challenges, if any, might PPSIs face in implementing block, freeze, and
   reject capabilities? How can FinCEN account for such challenges in light of the GENIUS Act's clear directive that PPSIs must
   have such technical abilities?

5. Should FinCEN refine or clarify the obligation related to having the technical capabilities to comply and actual compliance
   with the terms of lawful orders?

6. Is FinCEN's proposed language specifying PPSIs must have the technical capabilities to comply with the terms of lawful
   orders regarding the secondary market appropriately scoped and sufficiently clear? Does it capture activity it should not?
   Does it leave out activity it should include?

E. Questions on Currency Transaction Reporting

1. Should FinCEN impose on PPSIs currency transaction reporting obligations? What would be the risks in not doing so?

2. What, if any, additional exemptions should FinCEN promulgate for PPSIs relating to currency transaction reporting obligations?

F. Questions on Proposed Suspicious Activity Reporting

1. Is FinCEN's proposal clear regarding SAR obligations relating to secondary market activity. If not, why not and how can
   it be improved?

2. Are there particular types of payment stablecoin transactions or activities for which additional clarification regarding
   SAR reporting obligations would be beneficial?

3. Should the proposed regulatory text be modified to clarify joint SAR-filing and SAR sharing when a PPSI is a subsidiary
   of a parent depository institution? Are other clarifications or modifications needed with regards to SAR sharing?

4. Is clarification needed on how the proposed SAR reporting requirements interact with PPSIs' obligations related to blocking,
   freezing, and rejecting transactions, recordkeeping, or responding to lawful orders?

5. Should FinCEN reconsider its decision not to impose any SAR obligation with respect to secondary market activity? In what
   circumstances would secondary market reporting be most beneficial and how burdensome would such a reporting obligation be?
   For example, should PPSIs be required to report secondary market suspicious activity but only at a higher standard than in
   primary market transactions, such as requiring reporting only when a PPSI “knows” a transaction meets specified criteria?

G. Questions on Proposed Recordkeeping Requirements

1. To what extent is it clear how payment stablecoins should be treated for purposes of FinCEN's recordkeeping requirements,
   including whether payment stablecoins should be considered “money,” “funds,” “currency,” or another category under the proposed
   rule?

2. Would Recordkeeping and Travel Rule obligations for PPSIs and other financial institutions be clearer if FinCEN codified
   a PPSI-specific Recordkeeping and Travel Rule in part 1033?

3. The Recordkeeping and Travel Rule proposal implements the GENIUS Act's directive relative to “high-value transaction.”
   How else could this provision of the GENIUS Act be implemented?

H. Questions on Proposed Special Information-Sharing Procedures

1. Are there aspects of the information sharing framework that would benefit from clarification or modification when applied
   to PPSIs, including definitions in 31 CFR 1010.505?

2. To what extent would PPSIs participate in voluntary information sharing with other financial institutions under section
   314(b)?

3. Are there legal, operational, or technical considerations that could affect PPSIs' ability or willingness to engage in
   voluntary information sharing related to payment stablecoin transactions?

I. Questions on Proposed Special Standard of Diligence

1. Are there aspects of the special standard of diligence framework that would benefit from clarification or modification
   when applied to PPSIs?

2. To what extent is it clear how the special standards of diligence applicable to correspondent and private banking accounts
   apply to PPSIs and to activities involving payment stablecoins?

3. Are there types of relationships, accounts, or arrangements involving PPSIs that may raise questions about whether they
   should be treated as correspondent accounts, private banking accounts, or neither?

4. What challenges, if any, would PPSIs face in identifying, collecting, or verifying information required to comply with
   the special standards of diligence, including information related to ownership, control, or source of funds?

J. Question on Proposed Effective Date

1. FinCEN is proposing an effective date of 12 months from the date of issuance of the final rule to allow sufficient time for PPSIs to review and implement its requirements. FinCEN solicits comment on the proposed effective date.

K. Question on AML/CFT Requirements for Foreign Payment Stablecoin Issuers

1. Through this rulemaking FinCEN is only proposing application of AML/CFT requirements to PPSIs. Are there particular requirements that FinCEN has proposed to apply to PPSIs that should or should not apply to foreign payment stablecoin issuers? Please describe why and any benefits and drawbacks.

X. Sanctions Request for Comment

OFAC seeks comments on the following topics. For all responses, commenters are encouraged to provide the basis for any conclusions
drawn in their comments.

1. Are the proposed effective sanctions compliance program regulations clear regarding the minimum elements PPSIs must include
   in their programs? If not, which aspects would benefit from additional clarification?

2. Is the proposed definition of “Payment stablecoin-related activity” sufficiently clear and comprehensive to capture the
   full lifecycle of a payment stablecoin?

3. What best practices would PPSIs consider in developing and implementing policies, procedures, and internal controls designed
   to ensure ongoing compliance with the proposed effective sanctions compliance program requirements?

4. What technical, operational, or architectural controls might PPSIs consider in implementing block, freeze, and reject capabilities
   to comply with U.S. sanctions, including blocking stablecoins of blocked persons traded on the secondary market or rejecting
   transactions on the secondary market that involve sanctioned jurisdictions, such as Iran?

5. To what extent does the proposed rule appropriately afford PPSIs flexibility to determine how to implement the technical
   capability to block, freeze, and reject transactions, consistent with their business models, technologies, and risk profiles?

6. What risk factors should PPSIs consider when conducting risk assessments under the proposed rule, including customer, product,
   transaction, geographic, and technological risks?

7. OFAC is proposing an effective date of 12 months from the date of issuance of the final rule to allow sufficient time to
   review and implement the effective sanctions compliance program requirements. OFAC solicits comment on the proposed effective
   date.

XI. Executive Order 14294 Fighting Overcriminalization in Federal Regulations

A. Overview

Executive Order 14294 Fighting Overcriminalization in Federal Regulations requires that agencies promulgating regulations potentially subject to criminal enforcement explicitly describe the conduct
subject to criminal enforcement, the authorizing statutes, and the mens rea standard applicable to those offenses. (320) Section 5 of E.O. 14294 directs that all future notices of proposed rulemaking and final rules published in the
Federal Register
, the violation of which may constitute criminal regulatory offenses, should include a statement identifying that the rule
or proposed rule is a criminal regulatory offense and the authorizing statute. (321) E.O. 14294 directs agencies to draft this statement in consultation with the Department of Justice. (322)

E.O. 14294 further directs that the regulatory text of all NPRMs and final rules with criminal consequences published in the

  Federal Register
  after May 9, 2025 should explicitly state a *mens rea* requirement for each element of a criminal regulatory offense, accompanied by citations to the relevant provisions of the
  authorizing statute.

B. Criminal Enforcement for Chapter X Obligations

Willful violations of the regulations proposed to be added to Chapter X, if finalized, may be subject to criminal penalties
pursuant to 31 U.S.C. 5322 and regulations promulgated 31 CFR chapter X. The statutory authority for criminal liability requires
a mens rea of willfulness as an element under 31 U.S.C. 5322(a) and 31 U.S.C. 5322(b). FinCEN's existing regulation, 31 CFR 1010.840,
that sets out criminal penalties for violations of regulations promulgated in 31 CFR chapter X also includes a mens rea of willfulness. In drafting this statement, FinCEN has consulted with the Department of Justice.

C. Criminal Enforcement for Chapter V Obligations

Willful violations of the regulations proposed to be added to Chapter V, if finalized, may be subject to criminal penalties
pursuant to 50 U.S.C. 1705, 50 U.S.C. 4315, 19 U.S.C. 3907, 21 U.S.C. 1906, and regulations promulgated thereunder. The statutory
authority for criminal liability under 50 U.S.C. 1705(c), 50 U.S.C. 4315(a), 19 U.S.C. 3907(a)(2), and 21 U.S.C. 1906(a) requires
a mens rea of willfulness as an element. OFAC's existing regulations that set out criminal penalties for violations of regulations issued
pursuant to these statutes also include a mens rea of willfulness. In drafting this statement, OFAC has consulted with the Department of Justice.

XII. Regulatory Impact Analysis

FinCEN and OFAC have analyzed the proposed rule as required under E.O. 12866, (323) E.O. 13563, (324) E.O. 14192, 325 the Regulatory Flexibility Act (RFA), (326) the Unfunded Mandates Reform Act of 1995 (UMRA), (327) and the Paperwork Reduction Act (PRA). (328)

This proposed rule has been determined to be a “significant regulatory action” under section 3(f) of E.O. 12866. FinCEN and
OFAC have included an Initial Regulatory Flexibility Analysis (IRFA) pursuant to the RFA as the proposed rule may have a significant
economic impact on a substantial number of certain types of affected small entities. (329) Pursuant to analysis required by UMRA, FinCEN and OFAC conclude it is unlikely that the proposed rule, if implemented, would
result in a novel annual expenditure of more than $193 million by State, local, and Tribal governments or by the private sector. (330)

As described above, (331) the proposed rule would require certain issuers of “payment stablecoins,” referred to herein as PPSIs, to “be treated as a
financial institution for purposes of the Bank Secrecy Act, and as such, shall be subject to all Federal laws applicable to
financial institutions located in the United States relating to economic sanctions, prevention of money laundering, customer
identification, and due diligence.” (332) Specifically, this NPRM, among other things, would implement the GENIUS Act's directive for PPSIs to: (i) maintain an effective
AML program, which includes appropriate risk assessments and designation of an officer to supervise the program; (ii) retain
appropriate records; (iii) monitor and report any suspicious transaction relevant to a possible violation of law or regulation;
and (iv) maintain the technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible
transactions that violate Federal or State law, rules, or regulations. (333) It also requires PPSIs to maintain an effective sanctions compliance program. (334) The proposal would also implement a GENIUS Act requirement that PPSIs have the technological capability to comply and will
comply with the terms of any lawful order in order to issue payment stablecoins. (335)

In so doing, FinCEN and OFAC contemplate a number of benefits for PPSIs, law enforcement and national security agencies, and
the general public that would flow from (1) ensuring that a PPSI's AML/CFT program is substantively consistent with the requirements
of other financial institution types, and where appropriate, that PPSI are subject to additional provisions to further mitigate
ML/TF risks unique to PPSIs; and (2) codifying longstanding economic sanction compliance expectations and establishing a minimum
threshold for compliance standards.

This regulatory impact analysis (RIA) begins by describing the broad economic analysis undertaken to inform the expectations
of the proposed rule's economic impact and burden. (336) This is followed by pieces of additional and, in some cases, more specifically tailored analysis as required by E.O.s 12866,
13563 and 14192, (337) the RFA, (338) the UMRA, (339) and the PRA. (340) Requests for comments on the RIA—regarding specific findings, assumptions, or expectations, or with respect to the analysis
in its entirety—can be found in the final subsection. (341) These requests for comments have been previewed throughout the RIA.

A. Assessment of Impact

Consistent with best practices in regulatory economic analysis, the assessment of impact begins with an overview of broad
economic considerations identifying, among other things, the need for the policy intervention. (342) Next, FinCEN and OFAC (1) describe the current regulatory requirements and background practices against which the proposed
rule would introduce changes and (2) establish baseline estimates of the number of covered financial institutions and other
entities that could be affected by the proposed rule. (343) The analysis then briefly reviews elements of the proposed rule that most directly inform how foreseeable economic impacts
would flow from how covered financial institutions and their respective regulators would need to newly undertake activities
to comply with the proposed regulation in which they would otherwise be unlikely to engage in the ordinary course of business. (344) Next, the RIA presents the anticipated benefits and estimated costs to the respective affected parties that would be associated
with compliance. (345) Finally, the assessment concludes with a brief discussion of alternative policies FinCEN and OFAC considered and could have
proposed, including an evaluation of the relative economic merits of each against the expected value of the rule as proposed. (346)

1. Broad Economic Considerations

In performing its assessment of impact, FinCEN and OFAC took into consideration certain fundamental economic problems that
the proposed rule is expected to address as well as the general social and economic costs that may ensue from PPSIs with ineffective
BSA compliance or inadequate economic sanctions compliance programs. Because this NPRM is being issued pursuant to statutory
obligations, (347) the necessity for FinCEN and OFAC to independently identify and articulate fundamental economic problems that the proposed
rule is intended to address, as the basis for regulatory action, (348) is attenuated because, at best, this activity would complement the problem identification already performed by Congress. 349 Nevertheless, FinCEN and OFAC have remained mindful of these animating considerations as well as the general social and economic
costs that may ensue from an ineffective BSA and sanctions compliance regime.

FinCEN and OFAC expect that the proposed rulemaking would meaningfully alleviate certain underlying economic problems that
could otherwise impair the effective administration of the BSA and U.S. sanctions laws, as well as potentially distort affected
markets. These include potential problems that flow from the incidence of both positive and negative externalities in connection
with BSA and sanctions compliance activities, certain information asymmetries, and the potential for regulatory arbitrage
in the absence of uniform minimum standards for PPSIs' BSA and sanctions compliance obligations. (350)

The expected benefits of the proposed rule, as discussed below, are therefore linked by the extent to which the proposed requirements
would address these fundamental economic problems. (351)

2. Institutional Baseline and Affected Parties

In proposing this rule, FinCEN and OFAC considered the incremental impacts of the proposed requirements relative to the current
state of the affected markets and their participants. (352) This baseline analysis of the parties that would be affected by the proposed rule, their current obligations and related activities,
and currently accrued costs and/or benefits satisfies analytical best practices by describing the alternative of not pursuing
the proposed, or any other, novel regulatory action. (353) In each case, for new proposed requirements, FinCEN and OFAC have attempted to identify the incremental expected economic
effects of each component of the proposal as precisely as practicable against this baseline. Nevertheless, in certain cases,
FinCEN and OFAC can only make qualitative assessments.

As a first step in the process of isolating these anticipated marginal effects, FinCEN and OFAC assessed the regulatory and
market landscape facing current stablecoin issuers, and potential future PPSIs, that would be affected by the proposed rule,
including an estimate of the expected near-term number of potential PPSIs, their existing regulatory requirements, and the
burden they either would or currently face in connection with the compliance activities the proposed rule would require. FinCEN
and OFAC also briefly discuss other categories of persons and entities (i.e., regulators, compliance examiners, law enforcement and national security agencies, and certain members of the general public)
that are expected to be directly affected by the proposed rule.

FinCEN acknowledges that the discussion below does not include an assessment of the baseline level of general compliance with
existing BSA requirements and must therefore caveat that the incremental effects estimated in subsequent sections are based
on the presumption of full compliance with the current rules. (354) FinCEN does not attempt to estimate a baseline population of currently non-compliant entities that could be differently affected
by the rule because it is unclear that the proposed rule would alter the compliance choices already made by those financial
institutions. FinCEN invites comment on whether this assumption, or the baseline it implies, is appropriate for the purposes
of this analysis.

Relatedly, prior to the passage of the GENIUS Act, there was no explicit legal requirement for U.S. person stablecoin issuers
to establish and maintain a sanctions compliance program. However, as U.S. persons, U.S. stablecoin issuers are, and from
inception have always been, required to comply with U.S. sanctions laws administered by OFAC. OFAC acknowledges that the discussion
below does not include an assessment of the baseline level of general compliance by U.S. persons with sanctions law as currently
administered by OFAC and must therefore caveat that the incremental effects estimated in subsequent sections are similarly
based on the presumption of full compliance as status quo. OFAC invites comments on whether this assumption, or the baseline
it establishes, is the most appropriate and informative for the purposes of this RIA.

i. Regulatory Baseline

FinCEN and OFAC took various components of the current regulatory landscape into consideration when assessing the increments
by which the proposed rule would impose changes on the status quo. (355) Specifically, FinCEN and OFAC considered (1) existing AML/CFT requirements, (2) existing sanctions compliance requirements
(3) state regulations, and (4) required activities proposed here that would also be necessary to satisfy requirements in other
proposed related rules that would implement the GENIUS Act but are not part of this NPRM. (356) The extent to which each of these components of the regulatory baseline is germane to the novel incremental burden of a given
future PPSI is expected to depend on the unique facts and circumstances of the PPSI under consideration. (357)

a. Existing AML/CFT Requirements

Through this rulemaking FinCEN proposes, as required by the GENIUS Act, imposing certain novel obligations or obligations
that differ in some material respects from stablecoin issuers' current obligations. In many respects, however, FinCEN expects
issuers' obligations under this proposal, if finalized, would be comparable to existing ones. If an existing stablecoin

  issuer's current regulatory obligations already include AML/CFT requirements, FinCEN expects this to primarily flow from the
  applicability of the BSA to that stablecoin issuer as an MSB that is a money transmitter. The exposition on this in section
  V.A is adopted here by reference as part of the RIA regulatory baseline.

Alternatively, a future PPSI might exist as the subsidiary of an insured depository institution or as an uninsured national
bank. In this case, because such institutions are also currently subject to a range of BSA obligations, including AML/CFT
program obligations, it is reasonable to consider the regulatory requirements of the parent institution a more relevant baseline.
In addition to the AML/CFT requirements for MSBs discussed above, banks and credit unions are subject to a number of additional
FinCEN requirements, including: (1) CIP requirements, (358) (2) beneficial ownership information (BOI) requirements for legal entity customers, (359) (3) required reporting on transactions of exempt persons, (360) (4) additional recordkeeping requirements, (361) (5) due diligence programs for correspondent accounts for foreign financial institutions and private banking accounts, (362) (6) requirements related to the prohibition on correspondent accounts for foreign shell banks and records concerning owners
of foreign banks and agents for service of legal process, (363) and (7) reporting obligations on foreign bank relationships with Iranian-linked financial institutions designated under IEEPA
and IRGC-linked persons designated under IEEPA. (364) Because the FinCEN requirements for banks already encompass a broader set of elements, and these elements are largely the
same as the requirements being proposed to apply to PPSIs, the incremental change to the regulatory baseline of FinCEN requirements
for future PPSIs that would be subsidiaries of insured depository institutions or uninsured national banks is expected to
be smaller than for PPSIs that would transition into the status from previously being MSBs. (365)

b. Existing Sanctions Compliance Requirements

Prior to the passage of the GENIUS Act, there was no explicit regulatory requirement for U.S. persons to establish and maintain
a sanctions compliance program. However, all U.S. persons, including U.S.-based stablecoin issuers, are required to comply
with U.S. sanctions pursuant to regulations administered by OFAC. Therefore, stablecoin issuers that would be subject to the
proposed rule as PPSIs would be independently required to comply with existing sanctions obligations as U.S. persons, (366) which as a practical matter typically involves the development and implementation of a risk-based sanctions compliance program
in order to comply with such existing sanctions obligations. (367) Thus, OFAC expects PPSIs' obligations under this proposed rule, if finalized, would be comparable to existing obligations
stemming from their status as U.S. persons subject to U.S. sanctions laws. Furthermore, with respect to non-U.S. person stablecoin
issuers that would become U.S. persons to qualify as a PPSI, OFAC's experience administering U.S. sanctions has demonstrated
that sophisticated multi-jurisdictional financial actors often maintain sanctions compliance programs aligned with U.S. sanctions
requirements regardless of their status as U.S. persons. (368) The exposition on this in section V.B is adopted here by reference as part of the RIA regulatory baseline.

c. State Regulations

Stablecoin issuers may also be subject to state regulations, which can vary in (1) general level of detail and complexity,
which as a baseline matter would introduce variation in the incremental compliance burden of the proposed rule's program requirements;
and (2) nexus with AML/CFT and sanctions compliance program requirements, from state to state. For example, the New York State
Department of Financial Services (NYDFS) has detailed virtual currency regulations and guidance specifically for stablecoins. 369 When a stablecoin issuer applies for a license or a charter, NYDFS reviews the issuers' business plan, product offerings,
and business model and may consider whether the issuers is registered with FinCEN as an MSB as well as take into consideration
the issuer's AML program and sanctions compliance. 370 After licensure, a stablecoin issuer must obtain NYDFS's written approval before issuing a stablecoin. 371 NYDFS looks at a range of potential risks before authorizing a stablecoin issuer to issue a stablecoin, including AML and
sanctions

  compliance. 372 In other states, stablecoin issuers do not have separate virtual currency regulations and are instead regulated as money transmitters. [(373)]()

FinCEN and OFAC took these factors into consideration when assessing the quantifiable incremental economic costs of the proposed
rule. In particular, FinCEN and OFAC were sensitive to the additional challenges state regulatory requirements would present
to successfully disaggregating economic effects of the proposed rule from those attributable to business activities otherwise
undertaken with respect to state-level regulatory requirements.

d. Other GENIUS Act Requirements for PPSIs

As part of their analysis, FinCEN and OFAC contemplated additional prospective baseline requirements—once certain other, but
related, rules proposed pursuant to the GENIUS Act are adopted as final rules—that would become part of a prospective future
PPSI's regulatory baseline. Under the GENIUS Act, a PPSI is required to certify to its primary Federal payment stablecoin
regulator or State payment stablecoin regulator that it has implemented an AML program and economic sanctions compliance program
consistent with the requirements of the GENIUS Act within 180 days of approval of its initial application and annually thereafter. (374) Additionally, each PPSI that (1) is not a State qualified payment stablecoin issuer, (2) has a total outstanding issuance
of less than $10 billion, and (3) is supervised by a primary Federal payment stablecoin regulator, is required, upon request,
to submit to its regulator a report on that FQPSI's compliance with the requirements of the BSA and sanctions implemented
by OFAC. (375) FinCEN and OFAC took these requirements into consideration, noting that because the statutory registration requirements, which
are distinct from the ones covered in this proposed rulemaking, necessitate the collection and production of certain information
and records that would flow from compliance with the requirements in this proposed rule, it may not be practicable to artificially
segregate the incremental components of the same recordkeeping burden to fully avoid double-counting the costs of PPSI efforts
across all PRA analyses covering the same activity. (376)

ii. Baseline of Affected Parties

FinCEN and OFAC expect the following populations to be directly affected by the proposed rule: (1) certain financial institutions,
namely PPSIs and PPSI-affiliated insured depository institutions or uninsured national banks; (2) regulators and other compliance
examiners; and (3) law enforcement and national security agencies. FinCEN and OFAC also took into consideration that certain
other persons, including PPSI business counterparties, clients/customers of PPSIs, and other members of the general public
may be indirectly affected by the proposed rule. However, for purposes of the remaining analysis, it was determined that of
these various groups of other affected parties, it would be reasonable to limit further consideration of the anticipated economic
impact on specific subpopulations of the general public, aside from to the general public as a whole, (377) to direct customers of PPSIs (378) and to further limit consideration of the impact on such customers as narrowly attributable to the proposed AML/CFT and sanctions
compliance requirements. (379) To the extent that economic impact on additional key, directly affected subpopulations of the general public should be considered,
FinCEN and OFAC invite comment, data, studies, or reports that would enhance its ability to identify and quantify such effects.

a. Affected Financial Institutions

FinCEN and OFAC expect the proposed rule to directly affect the financial institutions it would regulate. This includes all
future PPSIs. For specifically those PPSIs that would be subsidiaries of insured depository institutions, FinCEN and OFAC
considered that the proposed rule may also economically affect the parent insured depository institutions.

1. PPSIs

Because the proposed rule would specifically apply AML/CFT and economic sanctions compliance program requirements on PPSIs,
they are expected to be the proposed rule's primary affected parties. To form an estimate of the number of future PPSIs the
proposed rule would cover, FinCEN and OFAC attempted to account for both existing stablecoin issuers, who may become PPSIs,
as well as prospective future PPSIs that, but for the GENIUS Act framework, would be unlikely to enter the market.

To estimate the expected population of future PPSIs, FinCEN and OFAC began by conducting a comprehensive review of current
products that were each individually identified by either the product issuer or another market participant as a “stablecoin.”
This scoping of the initial review was intended to be sufficiently broad so as to encompass all current products that could
potentially meet the definitional criteria set forth in the GENIUS Act for a future “payment stablecoin.” (380) The next step was to cull from this initial pool of stablecoin issuers, offering approximately 350 products, the proper subpopulation
of potential future PPSIs that, following the GENIUS Act taking effect, would be able to pursue registration as a PPSI without
first needing to make substantive changes to their current product attributes. 381 FinCEN and OFAC applied certain filters on product characteristics to eliminate identified stablecoins that did not comport
with the definitional attributes of a payment stablecoin as defined by the GENIUS Act and used this to sort the stablecoins'
issuers.

To be a payment stablecoin, under the GENIUS Act, a digital asset must be used or designed for payment or settlement, its
issuer must be obligated to redeem or convert it for a fixed amount of monetary value and not another digital asset, and its
issuer must represent that it will maintain a stable value relative to a fixed amount of monetary value. (382) A PPSI must maintain identifiable reserves backing the payment stablecoin with specific, high quality, liquid assets, which
include U.S. coins and currency, demand deposits, and Treasury bills, notes, and bonds. (383) Consequently, issuers who did not offer products pegged to the U.S. dollar were treated as unlikely to pursue PPSI registration
in the future. In addition, stablecoin products with no central issuer were also considered unlikely to be associated with
an entity that would seek PPSI status.

Table 1 provides a summary of how this review of identified current stablecoins effectively narrowed the total population
to those that might, in the future, be eligible to be considered payment stablecoins. Of the approximately 350 products examined,
only 43 meet the above criteria— i.e., were tri-partly fiat-backed, USD hard-pegged centralized coins. Of these 43, five were precluded from potential future payment
stablecoin eligibility by their reserve holdings, nine by their yield, and one by both of these features.

| Stablecoin classification | Product
population | Filtering criteria | Number of stablecoin products excluded |
| --- | --- | --- | --- |
| Full population | 352 | None | 0. |
| Able to meet payment stablecoin criteria without significant restructure | 43 | Fiat-backed, USD-pegged, centralized issuance, hard-peg a | 309 (from total). |
| Technically compliant with payment stablecoin reserves criteria | 38 | GENIUS Act defined reserve holdings b | 5 (from technically eligible). |
| Technically compliant with payment stablecoin yield requirements | 34 | Non-yield bearing c | 9 (from technically eligible). |
| Potential payment stablecoins | 30 | All | 322 (from total) 13 (from technically eligible). |
| a As defined in section 2(22)(A) of the GENIUS Act, a payment stablecoin must be a digital asset that is, or designed to be,
used as a means of payment or settlement, and, and as defined in section 2(22)(A)(ii)(II) of the GENIUS Act, a payment stablecoin
must be redeemable for a fixed amount, and the issuer represents that it will maintain a stable value relative to the value
of a fixed amount of monetary value. FinCEN and OFAC view product pegging to the U.S. dollar as opposed to another currency
as a practical requirement to hold only USD-denominated reserve assets. | | | |
| b As required by section 4(a)(1)(A) of the GENIUS Act, the issuer of a payment stablecoin must only hold asset types as provided
by the Act as reserves. | | | |
| c As required by section 4(a)(11) of the GENIUS Act, a payment stablecoin must not offer yield. | | | |
Using this method, FinCEN and OFAC identified 30 products issued by 25 unique entities that matched the specified criteria.
As such, there are at least 25 existing issuers of stablecoins that, if the regulations implementing the GENIUS Act were presently
effective, would appear to be eligible to apply to be PPSIs. Understanding that some of these entities might still choose
not to seek PPSI status, (384) and allowing that other current stablecoin issuers could, in the interim, still modify the digital assets that they issue
in order to be eligible to seek PPSI status once the GENIUS Act becomes effective, FinCEN and OFAC anticipate that the number
of current entities that could be potential future PPSIs subject to the proposed rule may be between 20 and 40. (385) FinCEN and OFAC nonetheless acknowledge that a wide range of factors that could potentially influence the choice of eligible
institutions to apply for PPSI status in the future, including market demand, strategic operational decisions, and future
developments in the digital asset landscape. (386) In general, where current stablecoin issuers see PPSI standards as representing costs that would outweigh the benefits of
achieving the PPSI designation, they may voluntarily choose another regulatory option despite being technically eligible to
register. (387)

FinCEN and OFAC's analysis also considered the need for this impact assessment to, in some fashion, account for potential
future PPSIs that have not yet entered the stablecoin market. In the aforementioned review of 350 current stablecoin products,
63 products were identified as issued by an entity that appeared facially eligible for potential future status as either a
PPSI or a foreign payment stablecoin issuer (FPSI). (388) Of those issued since 2018, approximately 45 percent (28 stablecoins) were issued within the last two calendar years (2024
and 2025), with year-over-year growth

  in 2025 slightly lower than the year prior. Because the stablecoin market is still relatively nascent and has historically
  faced varying levels of regulatory uncertainty, basing expectations of stable or sustainable future growth rates on past trends
  would be exceedingly speculative and generally inadvisable. On the one hand, the number of stablecoin market entrants may
  increase in light of the enhanced certainty and clarity afforded by the GENIUS Act framework. On the other hand, it is also
  possible that a number of current stablecoin issuers may exit the U.S. market, either because they are legally not able to
  remain if not PPSIs, or because the market may naturally consolidate as it matures. [(389)]()

To estimate the near-term expected inflow of future PPSIs, FinCEN and OFAC looked to the companionate GENIUS Act-related analyses
of expected future PPSI registration requirements performed by OCC, FDIC, and NCUA as additional sources of information. (390) FinCEN and OFAC expect that a substantial proportion of future PPSIs newly entering the U.S. stablecoin market would be affiliated
with an insured depository institution or uninsured national bank and that, additionally, some potential future PPSIs that
currently do not have any such affiliation, may newly become affiliated with an insured depository institution or uninsured
national bank. Insured depository institutions in particular are well-suited to launch payment stablecoin products due to
their position within financial markets, customer base, and existing technology and compliance infrastructure.

The OCC, FDIC, and NCUA have each conducted independent research with a view to estimating the number of potential PPSIs that
would register as PPSIs in the near-term future. (391) Summing across these respective exercises yields a projection of up to 42 new PPSIs that would initially register as entities
affiliated with insured depository institutions. Taking each of those independent analyses, their respective methodologies,
and expected levels of precision into consideration, FinCEN and OFAC anticipate that the proposed rule could be expected to
apply to an average of approximately 50 PPSIs in each of the first three years of the GENIUS Act being effective. (392)

FinCEN and OFAC project that of the 50 anticipated PPSIs, approximately 60 percent would be subsidiaries of insured depository
institutions and 40 percent would be other PPSIs. (393) Because this projection represents best efforts given limited information, the public is strongly encouraged to provide additional
comments, data, and other information that could enhance the accuracy and precision of these estimates.

2. Insured Depository Institutions With PPSI Subsidiaries

FinCEN and OFAC expect that certain financial institutions other than future PPSIs themselves would be impacted by the rule.
In particular, insured depository institutions that would have a PPSI as a subsidiary may incur additional costs integrating
their PPSI subsidiaries into their broader AML/CFT programs and sanctions compliance framework. (394) Because this RIA projects that there may be up to 30 such PPSIs on average in the each of the first three effective years
of the GENIUS Act, the corresponding number of expected affected insured depository institutions would also be up to 30. It
is anticipated that insured depository institutions would arrange for their subsidiary PPSI's compliance policies, procedures,
and activities to nest within the preexisting overall programmatic compliance structure of the parent organization. As such,
parent organizations may be economically affected by the need to revise, expand, or otherwise tailor their existing practices.
It is possible that similarities between the existing requirements for banks and this proposal would reduce, though not eliminate,
these costs.

b. Regulators and Other Compliance Examiners

Examiners that would be required to assess future PPSIs' compliance with AML/CFT and sanctions compliance program requirements
are expected to be directly affected by the proposed rule. (395) With respect to the proposed AML/CFT requirements, as discussed above in section VI.C.2, the GENIUS Act distinguishes between
the categories “primary Federal payment stablecoin regulator” and “State payment stablecoin regulator,” and this NPRM includes
proposals to (1) amend § 1010.810(b) to delegate examination authority to the primary Federal payment stablecoin regulators
and (2) apply the existing delegation to the IRS at § 1010.810(b)(8) for PPSIs regulated by State payment stablecoin regulators. (396) As a function of the proposed amendments, this proposed rule is expected to directly affect FinCEN as well as other Federal
financial regulatory agencies and their compliance examiners, who number approximately 7,500 from the Board, FDIC, NCUA, and
OCC, (397) plus several hundred additional examiners from the IRS. (398)

With respect to the proposed sanctions compliance program obligations, presented in section VII, this NPRM would require that
PPSIs maintain certain records related to their sanctions compliance program, which can be made available to OFAC upon request. (399) As such, the proposed rule may affect OFAC's enforcement personnel, who would investigate and enforce potential violations
of the effective sanctions compliance program requirement. Additionally, similar to FinCEN's estimation above, the proposed
rule is anticipated to directly affect other Federal financial regulatory agencies and their compliance examiners, who number
approximately 7,500 from the Board, FDIC, NCUA, and OCC, who already incorporate sanctions compliance review as part of the
examination process. (400)

c. Law Enforcement and National Security Agencies

The proposed rule is intended to support the efforts of law enforcement and national security agencies by promoting AML/CFT
compliance and sanctions compliance program implementation among stablecoin issuers that become PPSIs, which should generate
highly useful reports and other data in addition to deterring predicate crimes and violations of U.S. laws and regulations.
Law enforcement and national security agencies that enter into a memorandum of understanding with FinCEN can directly access
and use reports and data provided to FinCEN in compliance with AML/CFT requirements. As of fiscal year 2024, 432 Federal,
State, and local law enforcement; regulatory; and national security agencies had access to BSA reports and BSA Search, and
the BSA Portal had over 12,000 users. (401) In addition, reports of blocked property and rejected transactions submitted to OFAC can be key to developing sanctions enforcement
actions that help protect U.S. national security interests.

d. Members of the General Public

FinCEN and OFAC expect the general public to be affected by the proposed rule, with certain subpopulations affected more directly
than others in specific instances. (402)

1. General Public

Implementing the proposed rule would ensure that PPSIs are “subject to all Federal laws applicable to a financial institution
located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and
due diligence.” (403) Ensuring these guardrails and infrastructure are in place is fundamental to unlocking the potential benefits that a vibrant
and well-functioning payment stablecoin market can offer the public (described above in section IV.B) because these regulatory
guardrails and infrastructure are necessary to insulate the system from abuse and critical risks to its integrity (described
in section IV.D). FinCEN and OFAC also considered that the proposed rule could further benefit the general public to the extent
that AML/CFT and sanctions compliance would deter the use of payment stablecoins to enable fraud (404) and help prevent the use of payment stablecoins to enable and fund illicit activity counter to U.S. national security interests. (405)

2. PPSI Customers

Because the proposed AML/CFT requirements include obligations that depend on information collected and produced by a PPSI's
customers, FinCEN considered the prospective customers of future PPSIs as uniquely affected members of the general public.
Although estimated payment stablecoin users number in the hundreds of millions, a substantially smaller number (in the hundreds
of thousands) are likely to interact with PPSIs in the primary market. Many of these customers are large financial institutions,
as described above in section IV.A, and most large stablecoin issuers set significant financial requirements for primary market
participants that exclude retail-level participation. Most primary market activity, as measured in transaction volume, is
attributable to these large entities. However, some issuers have increasingly adopted wider-facing mint/redeem models that
seek to include smaller investors and businesses. To the extent that PPSI markets continue to face large, or almost exclusively,
larger clients who are themselves legal entities, financial institutions, or other non-natural persons, the typical future
PPSI would be expected to face a higher per-customer burden than other types of financial institutions that currently have
AML/CFT program obligations comparable to those that would apply to PPSIs but a lower concentration of legal entity customers
to individuals. Because certain program requirements that rely on customer information have burdens that scale with the complexity
of the customer and, in general, legal entity customers have more complex information to provide than natural persons, both
future PPSIs and their typical prospective customers would face compliance-related cost profiles that are unique to the industry.

OFAC also considered the impact of the proposed rule on the relationship between PPSIs and their customers. Because PPSIs
would be considered U.S. persons, they are therefore subject to U.S. sanctions laws, including obligations to block or reject
unauthorized transactions as they would apply on either the primary and secondary market, regardless of the proposed rule's
requirement that PPSIs maintain an effective sanctions compliance program. Furthermore, PPSI customers who are U.S. persons
are already obligated to comply with U.S. sanctions themselves. As a result, OFAC would not expect any incremental costs to
the customers of PPSIs as a result of the proposed rule.

To estimate the number of expected primary market customers a future PPSI might interact with and, therefore, need to collect
certain information and conduct due diligence on under the proposed AML/CFT requirements, FinCEN and OFAC examined current
on-chain minting and redemption activity as observable from publicly available data. The majority of stablecoin products meeting
the GENIUS Act's definitional criteria for future payment stablecoins that FinCEN and OFAC reviewed had fewer than 1,000 primary
market customers in a given year, which is consistent with prior expectations of high barriers to market participation. However,
a small number of the stablecoins reviewed had significantly more primary market contact (with up to as many as 250,000 customers)
in a given year. In the sample of issuers FinCEN reviewed, the average number of an issuer's primary market customers was
approximately 17,000, but this value appeared to be driven by extreme outliers. The truncated average was approximately 1,000,
and the median value was 100. (406)

Based on this analysis, FinCEN estimates that the “average” PPSI would have approximately 1,000 primary market customers that
it interacts with directly, including issuing and redeeming payment stablecoins and engaging in digital asset service provider
activities where those activities are authorized by the appropriate primary Federal or the State payment stablecoin regulator
and consistent with all other federal and state laws. However, some PPSIs are expected to have substantially more or substantially
fewer. On aggregate, FinCEN does not expect the total market population of identifiably unique future primary market PPSI
customers to exceed

  300,000. [(407)]() However, FinCEN and OFAC anticipate that a substantial number of these observably unique customers may be affiliates of a
  single counterparty (*i.e.,* not substantively unique or representative of distinct legal entities) or associated with non-U.S. entities. [(408)]() As such, FinCEN and OFAC find that a more appropriate estimate of the population of primary market customers that are unique
  U.S. businesses, legal entities, or other non-natural person is much smaller than 300,000 and is closer to approximately 10,000.
  These businesses belong to several categories, including digital asset exchanges, specialized digital asset commodities traders,
  and other types of investment and securities related businesses. Besides digital asset exchanges, FinCEN and OFAC expect that
  most of a typical future PPSI's other customers are likely to be financial institutions. [(409)]()

FinCEN and OFAC also used publicly available data on on-chain minting and redemption activity to analyze annual rates of customer
growth and turnover. Many of the stablecoin issuers reviewed retained the same group of large “core” primary market customers
year over year but exhibited significant turnover among their smaller primary market customers. In addition, most stablecoin
issuers saw significant growth in their primary market customer base during 2025. For purposes of modelling expected economic
effects, FinCEN and OFAC assume that this growth will continue, particularly among stablecoin issuers that are able to secure
PPSI registration. Of the stablecoin issuers FinCEN reviewed, the average rate of new customer inflow, year-over-year, was
approximately 65 percent of the number of existing, previous customers. Therefore, FinCEN and OFAC apply this rate, where
relevant, when estimating the costs in the remaining analysis. FinCEN requests comment on whether the assumptions regarding
the number of primary market customers are reasonable.

iii. Current Market Practices

In assessing the impact of the proposed rule, FinCEN and OFAC took into consideration a number of current market features
relevant to both the proposed future AML/CFT obligations and the proposed sanctions compliance program requirements of potential
future PPSIs. (410) FinCEN then separately considered current practices of unique relevance to its proposed AML/CFT requirements, (411) while OFAC similarly considered economic sanctions compliance-related current market practices. (412)

a. Market Structure and Activities

At present, the stablecoin market is characterized by many features of early stage development, and within this ecosystem,
existing stablecoins whose issuers would potentially be eligible to register as a payment stablecoin issuers (PPSIs or FPSIs)
in the future constitute a small proportion of currently available products (less than one in five) but a considerably larger
share of current market capitalization, ranging in expectation from approximately 75 to 81 percent, with variation based on
assumptions. Thus, the stablecoin market that future PPSIs would face might reasonably be expected to persist in being highly
concentrated.

Current stablecoin issuers, particularly those with larger market shares, also appear to be part of more complex corporate
structures, existing operationally within a framework of affiliated legal entities that may be functionally unified but, for
either tax or legal purposes, considered technically distinct. It is unclear if these configurations should be expected to
persist in their current form once the GENIUS Act becomes effective.

b. Current AML/CFT Compliance Practices

To inform its assessment of the expected incremental impact of the proposed obligations, FinCEN considered several features
related to current stablecoin issuers' AML practices. In particular, FinCEN performed additional analysis of the stablecoin
issuers identified, as discussed above in section XII.A.2.ii.a, as potential future PPSIs, taking into account the observed
incidence and rate of MSB registration and BSA report-filing activity as well as the general utilization of BSA filings by
law enforcement and national security agencies' efforts that PPSIs would contribute to under the proposed requirements, and
thereby indirectly benefit the general public.

1. Current Stablecoin Issuer MSB Registration

In its review of MSB registrations newly filed, revised, or renewed by the issuers of stablecoin products at least once in
the most recent two calendar years, FinCEN observed that approximately 50 percent of the stablecoin-issuing entities identified
in section XII.A.2.ii.a. 1 appear to have submitted the requisite filings to be registered as MSBs, including one issuer also affiliated with a major
international bank. Current stablecoin products for which no associated MSB registration activity could be identified, while
representing nearly half of the current stablecoin-issuing population, represented less than one percent of the total market
capitalization of all the likely potential future payment stablecoin products.

2. Current Stablecoin Issuer AML/CFT Programs

Even without the AML/CFT requirements of the BSA or the GENIUS Act, FinCEN expects that many stablecoin issuers would still
be likely to employ some AML/CFT measures in their current issuance and trading frameworks. For example, nearly all centralized
issuers collect information on their direct customers (i.e., “primary market” customers) when minting or redeeming coins. (413) Direct customers must typically provide information such as name, address, Social Security number/tax ID number (TIN), government
ID, and often additional business documentation.

In order to collect, screen, and store customer information in the ordinary course of business, stablecoin issuers and other
financial market participants often employ software technologies especially suited for this purpose. These third-party services
often provide customer identity information verification and screening to collect and verify personal information such as

  name or address. These products provide a technical basis for many AML/CFT compliance tasks, particularly with regard to primary
  market customers.

As previously discussed in section XII.A.2.ii.d. 2, many of the potential future PPSIs identified by FinCEN have tended to retain the same group of large “core” primary market
customers year over year but have exhibited significant turnover among smaller primary market customer institutions focused
on market arbitrage or other short-term trading opportunities. In its review, FinCEN observed that turnover rates were particularly
high among issuers whose business models, from inception, facilitated larger numbers of primary market customers. These kinds
of issuers appear to have had several thousand new primary market participants in a given year, which suggests such firms
are likely to have automated screening functions to enable interaction with such high volumes of new customers. Smaller or
more centralized stablecoin issuers generally had far fewer new customers (although retention or growth may be similar from
a percentage standpoint) and have processes that may be more manual.

3. Current Stablecoin Issuer BSA Reporting Practices

In its assessment of current market practices, FinCEN evaluated the SAR and CTR filing activity of current stablecoin issuers.
This review both (1) informed the estimates of expected BSA-reporting activity and burden utilized in sections XII.A.4.ii.a
and XII.E.1 below and (2) illuminated aspects of certain stablecoin issuers' current organizational features and practices
in identifying and responding to suspicious activity.

As a preliminary matter, FinCEN observed that BSA filing activity generally followed the same distribution of attributes as
stablecoin issuer MSB registration but has, in relatively stable fashion, remained concentrated to a smaller proportion of
the population of stablecoin issuers and exhibited more pronounced differences between high volume and low volume report filers
year over year.

FinCEN reviewed BSA available filings for the issuers of 17 of the stablecoin products it identified in section XII.A.2.ii.a. 1 as meeting the definitional criteria set forth in the GENIUS Act to be eligible as potential future PPSIs. Sixteen of these
products had issuers who registered at least once as an MSB within the past three years. The number of annual SAR filings
by these entities ranged from zero to over 4,000 per entity in calendar year 2025, the average was about 350, and the truncated
average was 104. (414) In some cases, high filing counts may have also been attributable to the stablecoin issuer's offering of other products and
services in addition to its stablecoin offerings (resulting in a wider range of activity that could result in a SAR), so the
truncated average is likely a closer estimate for the average rate of stablecoin-related SAR filing frequency for the typical
future PPSI. While FinCEN also observed that some stablecoin issuers have historically filed CTRs, it notes that within the
past five completed calendar years, only one of the stablecoin issuers the analysis in section XII.A.2.ii.a. 1 identified as a potential future PPSI continued to file through the end of the sample period.

FinCEN found several pieces of anecdotal, qualitative, and quantitative information that corroborate the agency's understanding
of certain baseline market features and activities in the SARs filed by stablecoin issuers. In particular, the SAR narratives
proved a rich source of information. For example, data about the stablecoin-issuing filers of BSA reports support FinCEN's
general observations about the structural complexity of potential future PPSIs as discussed above in section XII.A.2.ii.a.
Of the stablecoin issuers with BSA filings, the average number of related but potentially distinct legal entities—as measured
by the number of unique filer TINs per issuer of stablecoin products—associated with filing activity was more than one (approximately
two), but some stablecoin issuers had as many as eight. In several cases, the legal entities filing SARs were distinct from
the legal entities registering as MSBs, even though they were affiliated with the same issuer. FinCEN also examined Report
of Foreign Bank and Financial Account (FBAR) filing activity in which these issuers were the subject, and found indications
that a number of these issuers maintain offshore accounts which may be associated with separate, offshore entities.

These findings provide important insight into how a typical stablecoin issuers may operate. Generally, such issuers establish
multiple legal aliases, often to serve separate functions. The legal entities responsible for identifying and reporting suspicious
activity are often separate from the legal entities responsible for facilitating money transmission as an MSB. However, based
on the SAR filings that FinCEN reviewed, it seems clear that these functions operate in close coordination with one another.
In addition, it appears plausible, based on BSA filing data, that stablecoin issuers may use offshore entities or accounts
to achieve favorable tax treatment or additional legal flexibility.

In addition to filing BSA reports, including SARs about their customers, the potential future PPSIs that FinCEN identified
were often the subject of various filing types, including SARs, themselves. While there were substantially fewer of these
SAR filings about the respective stablecoin issuers than there were filings by those issuers, SARs that reported potential future PPSIs may serve as an additional indication of the illicit activity risks
associated with stablecoins, as discussed above in section IV.D.

The SARs FinCEN reviewed that were filed by stablecoin issuers also speak to the incidence of what FinCEN and OFAC have discussed
and referenced throughout as their expectations of certain current market practices and activities. In particular, a review
of SAR narratives indicates that reporting stablecoin issuers commonly employ a variety of technologies to conduct due diligence
in connection with customer relationships and to identify high-risk customers. Filers often identified suspicious customers
based on documentation provided by the customer that appeared contradictory or falsified, indicating that these issuers currently
obtain and carefully review substantial amounts of information collected by and from customers. From SAR filings, FinCEN observed
that it appears to be common practice, at least among reporting stablecoin issuers, for customers to already be asked to provide
identifying information at a level equivalent to or exceeding the minimum generally necessary to comply with the proposed
rule. Reporting issuers also appear to use technology service providers to investigate linkages between customers and high-risk
and/or sanctioned entities.

Some filings appear to have, in part, been informed by a concern about the apparent nature of the reported transaction activity,
and in some cases transactions with no apparent lawful purpose or with certain identified high-risk on-chain addresses were
flagged for investigation. In certain instances, issuers reported transaction patterns inconsistent with their customers'
reported location information that the

  reporting stablecoin issuers had identified and tracked. In several cases, SAR-filing stablecoin issuers reported subjecting
  high-risk customers to transaction freezes. In one instance, a SAR-filing stablecoin issuer reported having frozen the use
  of issued coins by a particular secondary market user in response to a law enforcement request. Reports such as these suggest
  that at least some stablecoin issuers currently have the ability to, and do, monitor customer activity including, in some
  cases, using geolocation technology and/or monitoring observable transactions on the secondary market, and these reporting
  issuers are also, in many cases, currently able to freeze the use of their stablecoin products.

4. Current Use of BSA Information by Law Enforcement and National Security Agencies

While results may not be published, FinCEN both routinely receives reports (415) and conduct surveys (416) that speak to the use and usefulness of BSA information to law enforcement and national security agencies. An older, but broadly
analogous, publicly available report from the U.S. Government Accountability Office (GAO) found that in 2018, a majority of
federal and state law enforcement agencies had direct access to FinCEN's BSA database (i.e., 85 percent of federal agencies and 54 percent of state agencies), though fewer than one percent of local law enforcement agencies
did. (417) FinCEN believes these survey results may underrepresent the extent to which local law enforcement may benefit from BSA information
insofar as the GAO study could not directly account for the incidence of referrals to local law enforcement of matters not
otherwise pursued by federal or state agencies directly. The study also surveyed 5,257 investigators, analysts, and prosecutors
at six federal law enforcement agencies and found that these agencies used BSA data extensively, estimating that approximately
72 percent of personnel conducting investigations from 2015 to 2018 used BSA reports to support their work. (418)

c. Current Sanctions Compliance Practices

As previously discussed in section XII.A.2.i.b, prior to the enactment of the GENIUS Act, no U.S. person was explicitly required
to establish and maintain a sanctions compliance program. Nevertheless, in practice, industry participants, including U.S.-based
stablecoin issuers, have long implemented risk-based sanctions compliance measures consistent with OFAC's publicly issued
guidance. Specifically, OFAC's 2019 Compliance Framework (419) strongly encourages persons subject to U.S. jurisdiction—including foreign entities engaging in business in or with the United
States, U.S. persons, or U.S.-origin goods or services—to adopt and maintain a risk-based sanctions compliance program. In
current practice, these measures have been adopted to ensure compliance with binding U.S. sanctions obligations, even in the
absence of a formal programmatic requirement. Additionally, in 2021, OFAC issued the Virtual Currency Industry Guidance, (420) which adapted the five elements for a sanctions compliance program from the 2019 Compliance Framework for the digital assets
industry and provided guidance on specific risk typologies that may arise within the industry. This guidance also highlighted
best practices that can assist companies in the industry with sanctions compliance, such as the use of geolocation tools and
transaction monitoring and investigation software. OFAC has also issued guidance specifically related to digital assets, including
frequently asked questions (FAQs), that highlight OFAC's practices and expectations for individuals and entities operating
in the digital assets industry. (421)

Based on current market research, FinCEN and OFAC observe that in practice, sanctions compliance may be operationalized as
an integrated component of what is commonly referred to as an institution's broader AML compliance framework. As a result,
sanctions-related controls commonly share training, technology, personnel, and governance structures with AML compliance programs,
making it difficult, for purposes of this RIA, to meaningfully disaggregate certain costs attributable solely to current or
future sanctions compliance requirements from broader AML/CFT market baseline activities. Consistent with FinCEN's risk-based
AML framework, institutions generally already incorporate sanctions risk into enterprise-wide risk assessments, customer due
diligence, transaction screening, internal controls, and escalation and remediation procedures that form part of the overall
AML compliance program. (422)

As a matter of industry practice, sanctions compliance practices are also typically both conceptually risk based and, operationally,
technology enabled. Such programs commonly incorporate screening technology during customer- or client-onboarding and, on
an ongoing basis, screen against OFAC sanctions lists, as well as conduct due diligence designed to identify sanctions-related
risks that may not explicitly be reflected in OFAC's lists, including indirect or layered exposure. (423) As observed, sanctions screening typically involves a number of complex processes, and stablecoin issuers often adopt “on-chain”
screening technologies and processes to ensure that all payments using stablecoins are compliant with U.S. sanctions. Institutions
typically first screen customer information against OFAC-administered sanctions lists, including the SDN List, at the time
of onboarding. Procedures usually involve ongoing sanctions screening and risk-based re-screening (for example, related to
a historical lookback) to account for updated customer information, updates to OFAC sanctions lists, or changes in regulatory
requirements. Screening techniques attempt to identify addresses, including physical, digital wallet, and IP addresses, and
other relevant information with potential links (or indirect exposure) to sanctioned persons

  or jurisdictions, often utilizing screening tools' “fuzzy logic” capabilities to account for common name variations and misspellings
  (*e.g.,* “Crimea” versus “Krimea”). “Smart contracts” are a commonly utilized blockchain tool that, among other functions, may be programmed
  to automatically identify and prevent transactions attempted by sanctioned entities or rely on third-party data sources, such
  as oracles, for sanctions screening. [(424)]() Based on market research, FinCEN and OFAC find that while existing `off-the-shelf' software is already available to meet many
  of these requirements, a future PPSI might choose to create a bespoke system for its sanctions compliance needs.

3. Description of Proposed Requirements

For purposes of the RIA, FinCEN and OFAC considered the various components of the proposed rule with a view towards the specific
features or elements that are expected to generate, either directly or indirectly, an economic benefit or cost, or lead to
changes in market participant incentives in a way that may generate economic benefits or costs. (425) For components of the proposed rule that FinCEN and OFAC analysis has not assigned a quantified burden (in hours or dollars),
the reason for doing so is briefly explained in the description of expected costs in section XII.A.4.ii.

To balance the completeness of the RIA with the desire for expositional clarity and ease of tractability between the proposed
regulatory text and sections VI and VII (section-by-section analyses) and section XII. (regulatory impact analysis), FinCEN
and OFAC have included table 2, to provide a mapping of the various components of the proposed rulemaking as presented in
FinCEN and OFAC's respective section-by-section analyses to their analogous categorization in the RIA.

Scope of affected entities	The proposed rule would . . .	Section VI and VII analysis	Considered in RIA subsection(s)	Proposed regulatory text location
PPSIs	Amend the definition of “financial institution” to include “a permitted payment stablecoin issuer” for purposes of the BSA	VI.C.1.i	XII.A.3.i and iii.a	31 CFR 1010.100(t)(11).
	Amend the definition of “money services business,” by adding “a permitted payment stable coin issuer” to the list of entities
excluded from the definition	VI.C.1.ii	XII.A.3.i	31 CFR 1010.100(ff)(8).
	Amend the definition of “transaction,” to add the issuance or redemption of a payment stablecoin as a type of transaction	VI.C.1.iii	XII.A.3.i	31 CFR 1010.100(bbb)(1).
	Amend the definition of “transmittal order,” to add a payment stablecoin as a subject of an order	VI.C.1.iv	XII.A.3.i	31 CFR 1010.100(eee).
	Define the terms “digital asset,” “distributed ledger,” “lawful order,” “payment stablecoin,” “permitted payment stablecoin

           issuer,” “primary Federal payment stablecoin regulator,” “Federal qualified payment stablecoin issuer,” “State payment stablecoin
           regulator,” and “State qualified payment stablecoin issuer.” | VI.C.1.v-xiii | XII.A.3.i | 31 CFR 1010.100(ppp), (qqq), (rrr), (sss), (ttt), (uuu), (vvv), and (www). |

| | Delegate examination authority for PPSIs | VI.C.2 | XII.A.3 | 31 CFR 1010.810(b)(11). |
| PPSIs with respect to their AML/CFT Program Requirements | Require internal policies, procedures, and controls that (1) identify, assess, and document ML/TF risks through risk assessment
processes; (2) mitigate ML/TF risks consistent with a PPSI's risk assessment processes; and (3) conduct ongoing customer due
diligence | VI.C.3.ii.a | XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.A.4.ii.a. 4, XII.E.1 | 31 CFR 1033.210(b)(1). |
| | Require that risk assessment processes (1) evaluate ML/TF risks from business activities; (2) consider AML/CFT Priorities;
and (3) update promptly responsive to significant changes to ML/TF risks | VI.C.3.ii.a | XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 | 31 CFR 1033.210(b)(1)(i)(A), (B), and (C). |
| | Require independent testing of the AML/CFT program | VI.C.3.ii.b | XII.A.3.iii.a, XII.A.4.ii.a. 2 | 31 CFR 1033.210(b)(2). |
| | Require the designation of an AML/CFT officer, require that the designated individual is located in the United States, has
not been convicted of a felony, and is subject to oversight and supervision by FinCEN and its designee, and is responsible
for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance | VI.C.3.ii.c | XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 | 31 CFR 1033.210(b)(3). |
| | Require a PPSI AML/CFT program to include an “ongoing employee training program.” | VI.C.3.ii.d | XII.A.3.iii.a, XII.A.4.ii.a. 3, XII.E.1.ii.a | 31 CFR 1033.210(b)(4). |
| | Require the AML/CFT program be written, made available upon request to FinCEN or its designee, and approved by the PPSI's
board of directors, an equivalent governing body within the issuer, or appropriate senior management | VI.C.3.iii | XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 | 31 CFR 1033.210(d). |
| | Require any and all certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin
regulator certifying that the PPSI has implemented an AML/CFT program be made available upon request to FinCEN or its designee | VI.C.3.iv | XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 | 31 CFR 1033.210(e). |
| | Define the terms/phrases “AML/CFT enforcement action,” “AML/CFT requirement,” and “significant AML/CFT supervisory action.” | VI.C.4.i | XII.A.3.i | 31 CFR 1033.221(a). |
| | Provide that a PPSI with an AML/CFT program established in accordance with proposed 31 CFR 1033.210(b) would not be subject
to an AML/CFT enforcement action or significant AML/CFT supervisory action absent a significant or systemic failure to implement
said program within the meaning of proposed 31 CFR 1033.210(c), and provide that the proposed 31 CFR 1033.221(b)(1) provisions
do not apply when there is a failure to establish an AML/CFT program within the meaning of proposed 31 CFR 1033.210(b) | VI.C.4.ii | XII.A.3.iii.a | 31 CFR 1033.221(b). |
| | Provide that in determining to take, or in review of, an AML/CFT enforcement action or significant AML/CFT supervisory action,
the Director would take into account factors under 31 U.S.C. 5318(h)(2)(B) and the PPSI's unique ability and efforts to advance
AML/CFT priorities | VI.C.4.iii | XII.A.3.iii.a | 31 CFR 1033.221(d). |
| | Amend 31 CFR 1010.230 with respect to PPSIs' obligation to collect and verify beneficial ownership information about legal
entity customers | VI.C.5 | XII.A.3.iii.c, XII.A.4.ii.a. 4, XII.A.5.i.b, XII.E.1 | 31 CFR 1010.230. |
| | Require “technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions
that violate Federal or State laws, rules, or regulations.” | VI.C.6.i | XII.A.3.iii.b, XII.A.4.ii.a. 5, XII.A.5.i.c | 31 CFR 1033.240(a). |
| | Require a PPSI to (1) have the technical capabilities to comply with the terms of any lawful order and (2) comply with the
terms of any lawful order | VI.C.6.ii | XII.A.3.iii.b, XII.A.4.ii.a. 5, | 31 CFR 1033.240(b). |
| | Require the filing of CTRs | VI.C.7 | XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 | 31 CFR 1033.310-315. |
| | Require the filing of SARs | VI.C.8.i-iii | XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 | 31 CFR 1033.320(a), (b). |
| | Require the retention of copies of filed SARs and the underlying related documentation for a period of five years from the
date of filing | VI.C.8.iv | XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 | 31 CFR 1033.320(c). |
| | Prohibit the disclosure a SAR or any information that would reveal the existence of a SAR | VI.C.8.v | XII.A.3.iii.c | 31 CFR 1033.320(d). |
| | Provide protection from liability for making required or voluntary reports of suspicious transactions, or for failures to
provide notice of such disclosure to any person identified in the disclosure to the full extent provided by 31 U.S.C. 5318(g)(3) | VI.C.8.vi | XII.A.3.iii.c | 31 CFR 1033.320(e). |
| | Require examination of compliance with their obligation to report suspicious transactions by FinCEN and its delegees | VI.C.8.vii | XII.A.3.iii.c, XII.E.1 | 31 CFR 1033.320(f). |
| | Exclude secondary market transfers from a PPSI's SAR reporting obligations | VI.C.8.viii | XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 | 31 CFR 1033.320(g). |
| | Require the retention of appropriate records | VI.C.9.i | XII.A.3.iii.d, XII.A.4.ii.a. 7, XII.E.1 | 31 CFR 1033.410. |
| | Apply the information-sharing provisions of sections 314(a) and (b) of the USA PATRIOT Act to PPSIs | VI.C.10 | XII.A.3.iii.e, XII.A.4.ii.a. 8, XII.E.1 | 31 CFR 1033.520; 540 |
| | Require compliance with special standards of diligence, prohibitions, and special measures under section 311 of the USA PATRIOT
Act, including enhanced due diligence for correspondent and private banking accounts and some active special measures | VI.C.11 | XII.A.3.iii.f, XII.A.4.ii.a. 9-10, XII.E.1 | 31 CFR 1033.600-630; 31 CFR 1010.651; 653; 658-661; 663; and 664. |
| PPSIs with respect to their Sanction Compliance Program Requirements | Impose standard recordkeeping and reporting requirements as found in 31 CFR part 501, including requiring any and all certifications
submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin be provided to OFAC | VII.A | XII.A.3.iv, XII.A.4.ii.a. 1, XII.A.4.ii.a. 7, XII.E.1 | 31 CFR 502.102. |
| | Require senior management (1) review and approval of a PPSI's sanctions compliance program and (2) support for the sanctions
compliance program's effective implementation | VII.B.1 | XII.A.3.iv, XII.A.4.ii.a. 1, XII.E.1 | 31 CFR 502.201(b)(1). |
| | Require sanctions-related risk assessments by: (i) conducting holistic assessments of U.S. sanctions risks at appropriate
intervals; (ii) using the risk assessments to inform the PPSI's operation of its sanctions compliance program, including revising
internal controls and training as appropriate; and (iii) revising risk assessments as appropriate to account for any identified
U.S. sanctions violations or deficiencies, new products, services, mergers, or acquisitions, and any other factors that may
affect a PPSI's risk profile | VII.B.2 | XII.A.3.iv, XII.A.4.ii.a. 1, XII.E.1 | 31 CFR 502.201(b)(2). |
| | Require a system of risk-based internal controls, including technical capabilities | VII.B.3 | XII.A.3.iv, XII.A.4.ii.a. 5, XII.A.4.ii.a. 7, XII.A.5.ii | 31 CFR 502.201(b)(3). |
| | Require a system of risk-based internal controls, including written policies and procedures | VII.B.3 | XII.A.3.iv, XII.A.4.ii.a. 1, XII.A.5.ii, XII.E.1 | 31 CFR 502.201(b)(3). |
| | Require an independent testing or audit function, accountable to senior management, with sufficient resources, expertise,
and authority to identify U.S. sanctions compliance-related weaknesses and deficiencies | VII.B.4 | XII.A.3.iv, XII.A.4.ii.a. 3, XII.A.5.ii, XII.E.1 | 31 CFR 502.201(b)(4). |
| | Require records of testing and auditing results and resulting updates or enhancements to the sanctions compliance program
be maintained and provided upon request to OFAC | VII.B.4 | XII.A.3.iv, XII.A.4.ii.a. 7, XII.E.2 | 31 CFR 502.201(b)(4)(iv). |
| | Require a risk-based compliance training program | VII.B.5 | XII.A.3.iv, XII.A.4.ii.a. 2, XII.A.5.ii, XII.E.1 | 31 CFR 502.201(b)(5). |
| | Defines the terms “knowingly,” “OFAC,” “payment stablecoin-related activity,” and “permitted payment stablecoin issuer; PPSI.” | VII.C.1-3 | XII.A.3.ii | 31 CFR 301-304. |
| Federal Financial Institutions Regulatory Agencies (FFIRAs) | Require an FFIRA consultation with the Director before any significant AML/CFT supervisory action pursuant to delegated authority
is initiated | VI.C.4.iii | XII.A.3.iii.a, XII.A.4.ii.b | 31 CFR 1033.221(c)(1). |
| | Require, generally, an FFIRA to provide written notice to the Director of any intent to take a significant AML/CFT supervisory
action pursuant to delegated authority at least 30 days in advance of the proposed action | | | 31 CFR 1033.221(c)(2)(i). |
| | Require, to the extent reasonably practicable, that an FFIRA respond to requests from the Director for additional information
regarding a proposed significant AML/CFT supervisory action | | | 31 CFR 1033.221(c)(2)(ii). |
| FinCEN and its Delegees | Require examination of PPSIs' compliance with their obligation to report suspicious transactions | VI.C.8.vii | XII.A.3.iii.c, XII.A.4.ii.b | 31 CFR 1033.320(f). |

i. Proposed New and Amended FinCEN Definitions

As discussed in greater detail in section VI.C.1 above, FinCEN is proposing to amend four existing definitions and add nine
new terms to the general definitions section of its regulations, 31 CFR 1010.100. FinCEN is proposing three additional definitions
in connection with the proposed regulation and supervision of PPSI AML/CFT programs in 31 CFR part 1033. Where it is adding
new terms, in large part, FinCEN's proposed definitions would embed the language of the GENIUS Act in FinCEN regulations.
In a few instances, however, FinCEN is proposing to modify the statutory language.

As a general matter, definitions prescribe the scope of parties to whom, and products to which, a regulation applies and are
therefore capable of generating economic effects as a consequence of the delineations they set forth. However, because FinCEN's
proposed additions and changes to definitions are necessary to effectuate the GENIUS Act's direction that PPSIs be subject
to the BSA, or are otherwise intended to harmonize the GENIUS Act definitions with FinCEN's existing regulations, to improve
readability, or to avoid confusion with other similar terms defined by FinCEN's regulations without changing the meaning of
any defined terms, these components of the proposed rule are not expected to independently generate incremental direct economic
effects. As such, these elements of the proposed rule are not separately considered in the section XII.A.4 discussion below.
Public comment is invited on whether FinCEN should reconsider the potential standalone economic impact of the definitions,
collectively or individually, in the context of and as proposed components of this NPRM.

ii. Proposed New OFAC Definitions

As discussed in greater detail in section VII.C above, OFAC is proposing to define four terms in the definitions section of
the new 31 CFR part 502. OFAC's proposed definitions of the terms “knowingly” and “OFAC” are consistent with other OFAC regulations.
OFAC's proposed definition of “payment stablecoin-related activity” is scoped to cover the range of activities involving a
PPSI's payment stablecoin from the time of issuance until the payment stablecoin's removal from circulation. Finally, OFAC's
proposed definition of “permitted payment stablecoin issuer” is consistent with the definition of that term contained in the
GENIUS Act, with minor modifications.

While OFAC recognizes that definitions can generate economic effects, OFAC does not expect these components of the proposed
rule to independently generate incremental direct economic effects. OFAC's proposed definitions are necessary to effectuate
and enforce the GENIUS Act's requirement that PPSIs maintain an effective sanctions compliance program, including by emphasizing
that a PPSI's sanctions compliance obligations apply

  to all activity involving its payment stablecoins, [(426)]() or are otherwise intended to harmonize the GENIUS Act definitions with OFAC's existing regulations. As such, these elements
  of the proposed rule are not separately considered in section XII.A.4 discussion below. Public comment is invited on whether
  OFAC should reconsider the potential standalone economics impact of the definitions, collectively or individually, in the
  context of and as proposed components of this NPRM.

iii. Proposed New FinCEN Requirements

a. AML/CFT Program-Related Proposed Requirements

As discussed in greater detail in section VI.C.3, the proposed rule includes new requirements for PPSIs to develop and implement
AML/CFT programs. The proposed rule would require AML/CFT programs to reasonably manage and mitigate ML/TF risks through internal
policies, procedures, and controls that are commensurate with those risks and ensure ongoing compliance with the BSA and its
implementing regulations. The proposed rule would require PPSIs to reasonably manage and mitigate risks using internal policies,
procedures, and controls based on their institution-specific ML/TF risks as identified by the risk assessment process(es)
required. An effective, risk-based, and reasonably designed AML/CFT program would continue to incorporate the results of the
applicable risk assessment process(es) through appropriate changes to internal policies, procedures, and controls to manage
ML/TF risks on an ongoing basis as necessary. The procedures must also integrate and support the conduct of ongoing customer
due diligence. The proposed rule would require PPSIs to conduct ongoing customer due diligence as part of their AML/CFT program
obligations. (427) The GENIUS Act requires that PPSIs are subject to due diligence requirements including enhanced due diligence where appropriate. (428)

The proposed rule provides PPSIs with the regulatory flexibility to consider innovative approaches to comply with BSA requirements
as FinCEN aims to encourage instances where a PPSI finds it beneficial to consider and evaluate technological innovation and,
as warranted by the PPSI's risk profile, implement new technology or innovative approaches in combating financial crime. Additionally,
PPSIs may find it beneficial to consider whether the AML/CFT program appropriately uses the financial institution's existing
internal capabilities, technologies, product lines, and data. For example, if a PPSI's issuance or financial risk management
team monitors the lifecycle of the PPSI's stablecoins for financial resilience, the PPSI may find it beneficial for its AML/CFT
program to consider using similar technology or approaches in managing and mitigating its ML/TF risks.

The proposed rule also includes several other program requirements. The BSA requires AML/CFT programs to have an “independent
audit function to test programs.” (429) Under the proposed rule, a PPSI would need to establish independent AML/CFT program testing to be conducted by the PPSI's
personnel or an outside party. (430) The GENIUS Act, 12 U.S.C. 5903(a)(5)(A)(i), and the BSA, 31 U.S.C. 5318(h)(1)(B), also require PPSIs to designate an AML/CFT
officer. Under the proposed rule, PPSI's would be required to designate an individual, who is located in the United States
and accessible to, subject to oversight and supervision by, FinCEN and its designee, and has not been convicted of certain
felony offenses. (431) The AML/CFT officer would be responsible for establishing and implementing the AML/CFT program and coordinating and monitoring
day-to-day compliance with the requirements and prohibitions of the BSA and FinCEN's implementing regulations. (432) The BSA additionally requires AML/CFT programs to have an “ongoing employee training program;” (433) accordingly, the proposed rule would require PPSIs to have an ongoing employee training program. (434)

The proposed rule would require PPSIs to have a written AML/CFT program and would require the PPSI to make a copy of its written
AML/CFT program available to FinCEN or its designee upon request. The proposed rule would also require that a PPSI's written
AML/CFT program be approved by the PPSI's board of directors or an equivalent governing body within the PPIS, or appropriate
senior management of the PPSI. The proposed rule specifies that approval encompasses each of the components of the AML/CFT
program. (435) In addition, the proposed rule would require PPSIs to make available to FinCEN, or its designee, upon request any and all
certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator
certifying that the PPSI has implemented an AML/CFT program.

FinCEN is proposing to require PPSIs to establish and maintain written procedures that are reasonably designed to identify
and verify the beneficial owners of legal entity customers as part of a PPSI's AML/CFT program obligations. (436) These requirements mirror existing BSA requirements that apply to many other financial institutions. The GENIUS Act requires
that PPSIs be subject to “due diligence requirements.” Collection of beneficial ownership information is a core element of
effective due diligence.

The proposed rule also sets forth a supervision and enforcement framework. FinCEN expects proposed 31 CFR 1033.221(d) to affect
PPSIs' incentives because it provides that in determining to take, or in review of, an AML/CFT enforcement action or significant
AML/CFT supervisory action, the FinCEN Director would take certain factors into consideration, including facts and circumstances
unique to the PPSI in question. In particular, § 1033.221(d)(2) would require the Director to consider the PPSI's demonstrable
efforts to advance AML/CFT priorities such as its production of highly useful information, analytics, or other innovations.
FinCEN expects that the proposed regulation could reasonably be expected to generate economic effects because it would likely
change the scope or nature of activities undertaken and/or investments made.

b. Proposed Additional Technical Capabilities, Policies, and Procedures

The GENIUS Act requires that PPSIs have “technical capabilities, policies, and procedures to block, freeze, and reject specific
or impermissible transactions that violate Federal or State laws, rules, or regulations.” (437) This is a novel requirement that does not currently apply to other types of financial institutions. (438) GENIUS Act

  also requires that PPSIs “issue payment stablecoins only if the issuer has the technological capability to comply, and will
  comply, with the terms of any lawful order.” [(439)]() The GENIUS Act defines “lawful order,” which states, in part, that a lawful order is an order that is subject to judicial
  review and is issued under Federal law that requires a person to “seize, freeze, burn or prevent the transfer of” payment
  stablecoins the person issued and specifies the payment stablecoins or account with reasonable particularity. [(440)]()

Due to the overlap in terms between this requirement and the requirement that PPSIs be able to “block, freeze, and reject”
specific transactions, under the proposed rule the regulatory text regarding the block/freeze/reject requirement also includes
the requirement that PPSIs have capabilities, policies, and procedures in place to comply with lawful orders. (441)

c. Proposed Currency Transaction and Suspicious Activity Reporting

The proposed rule includes reporting requirements related to currency transaction reporting, (442) Specifically, the proposal requires PPSIs to file CTRs for “each deposit, withdrawal, exchange of currency or other payment
or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000,”
unless subject to an applicable exemption. As discussed in section VI.C.7 and section XII.A.2.iii.b. 3, FinCEN recognizes that, presently, stablecoin issuers rarely transact in physical transfers of currency.

The GENIUS Act explicitly requires PPSIs to be subject to BSA requirements relating to “monitoring and reporting of any suspicious
transaction relevant to a possible violation of law or regulation.” Under the BSA, FinCEN has authority to require any financial
institution to report “any suspicious transaction relevant to a possible violation of law or regulation.” With limited exceptions,
all financial institutions subject to the BSA are required to identify and report suspicious activity. These reports provide
highly useful information that is leveraged by authorized users as part of criminal, tax, and regulatory investigations; risk
assessments; and intelligence and counterintelligence activities. The proposed rule implements these requirements for PPSIs. (443) PPSIs would also be required to maintain copies of filed SARs and the underlying related documentation for a period of five
years from the date of filing. The proposed rule also applies standards for SARs relating to confidentiality and liability.

d. Proposed Recordkeeping

The GENIUS Act requires that PPSIs be subject to laws relating to “retention of appropriate records.” (444) Under the BSA, FinCEN has authority to impose on financial institutions obligations relating to requiring, retaining, and
maintaining records. (445) Pursuant to this authority, FinCEN has issued recordkeeping regulations, including those codified as 31 CFR part 1010, subpart
D, which apply broadly to financial institutions subject to specified exceptions. These recordkeeping obligations enhance
law enforcement's ability to detect, investigate, and prosecute money laundering and other financial crimes by preserving
an information trail about persons sending and receiving funds. This proposed rule would apply these recordkeeping regulations
to PPSIs. (446)

The recordkeeping obligations would require PPSIs to create and retain certain records for extensions of credit in excess
of $10,000; and certain records of cross-border transfers of currency, monetary instruments, funds, checks, investment securities,
and credit worth more than $10,000. The proposal also requires financial institutions to collect and retain records for funds
transfers and transmittals of funds in amounts of $3,000 or more. Lastly, The Travel Rule requires financial institutions
to transmit information on certain funds transfers and transmittals of funds to other financial institutions participating
in the transfer or transmittal.

e. Special Information Sharing

The proposed rule would apply the information sharing provisions at § 1010.520 also known as 314(a) and § 1010.540 also known
as 314(b) to PPSIs. The description of requirements in section VI.C.10 above is adopted by reference.

f. Special Standards of Diligence, Prohibitions, and Special Measures

Finally, the proposal would require that PPSIs be subject to some of the special standards of diligence, prohibitions, and
special measures under section 311 of the USA PATRIOT Act, including enhanced due diligence for correspondent and private
banking accounts and additional special measures. (447) As discussed in section VI.C.11, FinCEN is not proposing to apply 31 CFR 1010.630 to PPSIs, which would prohibit correspondent
accounts for foreign shell banks. Thus, this provision is not relevant to the cost of the proposed rule. The proposed rule
would require PPSIs to comply with special measures issued pursuant to the sections 311, 9714(a), and 2313a to maintain the
options available under these sections to protect the U.S. financial system from certain illicit finance threats. (448)

iv. Proposed OFAC Sanctions Compliance Program Requirements

The GENIUS Act requires that PPSIs maintain an “effective sanctions compliance program” (449) and that regulations promulgated under the Act are “tailored to the size and complexity” (450) of a PPSI. To implement this requirement, OFAC's proposed rule would require PPSIs adopt a sanctions compliance program that
includes, at a minimum, five key elements outlined in OFAC's 2019 Compliance Framework: (451) (1) senior management and organizational commitments, (452) requiring that a PPSI's senior management establish and maintain an effective sanctions compliance program as prescribed in
the proposed rule; (2) risk assessments, (453) requiring holistic assessments of sanctions risks at appropriate intervals that are utilized and revised as specified in the
proposed rule; (3) internal controls, (454) which are applicable to all payment stablecoin-related activity, whether on the primary or secondary market, that identify,
block, and/or reject transactions that may violate or would violate U.S. sanctions and retains relevant records in accordance
with OFAC regulations; (4) an independent testing and auditing function, (455) accountable to senior

  management, with sufficient resources, expertise, and authority; and (5) *training,* [(456)]() requiring PPSIs to establish and maintain a risk-based sanctions compliance training program for all relevant personnel and
  stakeholders. [(457)]()

The GENIUS Act's requirement that PPSIs maintain an effective sanctions compliance program is a novel legal requirement that
currently does not apply to other U.S. persons. (458) Nevertheless, the five enumerated minimum elements for a sanctions compliance program included in the proposed rule reflect
a well-established risk-based approach to sanctions compliance that OFAC has strongly encouraged and for which OFAC has issued
publicly available guidance, including the 2019 Compliance Framework. (459) Accordingly, apart from one new recordkeeping requirement discussed below, OFAC does not assess the required elements of a
sanctions compliance program as proposed would impose novel incremental economic costs. OFAC's history of enforcing U.S. sanctions
has shown that, as a matter of current industry practice, actors in the digital asset ecosystem—alongside numerous other U.S.
persons—employ sanctions compliance practices that are typically risk based, technology enabled, and informed by the outlined
OFAC guidance.

The proposed rule would impose certain recordkeeping requirements that extend beyond current obligations on U.S. persons pursuant
to existing regulations administered by OFAC. (460) First, the proposed rule would require a PPSI to maintain records of the results and enhancements that are made to a PPSI's
sanctions compliance program in line with the testing and auditing mandated by the proposed rule. (461) Second, the proposed rule would require PPSIs to provide upon request to OFAC any and all certifications submitted to the
PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying that the PPSI has implemented
an effective sanctions compliance program. (462)

4. Anticipated Economic Effects

This section provides FinCEN and OFAC's analysis of the estimated benefits and costs of the proposed rule. While not all benefits
and costs are readily quantifiable, in this analysis FinCEN and OFAC have sought to include an evaluation of certain foreseeable
non-quantified economic benefits in addition to quantified costs to more comprehensively assess the potential net benefit
of the proposed rule and select alternatives.

i. Expected Benefits

The proposed rule is anticipated to result in certain nonquantifiable benefits to covered PPSIs, law enforcement, national
security, U.S. foreign policy objectives and the general public. As discussed in section XII.A.1, these benefits are expected
to flow from the extent to which BSA and sanctions compliance program requirements reduce uncertainty, improve transparency,
and increase adherence to legal requirements in the stablecoin industry.

The benefits assessed here are more difficult to quantify than the costs, but the proposed rule is nonetheless anticipated
to add substantial value directly and indirectly through effects that can contribute to the detection and deterrence of money
laundering and terrorist financing, and that support broader policy goals.

Significant direct benefits of the proposed rule are expected to accrue to the public sector, most notably to U.S. law enforcement
and the national security community, and to the stablecoin industry itself. Further, the identification of illicit activity
in, or malign uses of, the stablecoin industry that would not occur but for the application of specific program, sanctions
compliance, technology, reporting, and recordkeeping obligations to payment stablecoin issuers would (1) result in more effective
detection of illicit finance activity occurring through the industry and (2) contribute to deterrence. This would benefit
society more generally through a range of economic, security, and other effects.

The proposed rule is also expected to benefit participants in the payment stablecoin industry by introducing greater regulatory
clarity and industry-specific standards around AML/CFT and sanctions compliance program requirements. By introducing legal
clarity around the status and requirements of certain issuers of payment stablecoins, the GENIUS Act and the proposed rule
may reduce certain information asymmetries between investors and stablecoin issuers. As discussed earlier, regulatory uncertainty
often increases investors' perceptions of risk and reduces or otherwise distorts equilibrium levels of investment. Regulatory
measures affecting digital assets in U.S. states have been found to be associated with significant increases in industry investment
activity. (463)

In addition, the AML/CFT and sanctions compliance program requirements in the proposed rule would provide further benefit
by addressing existing gaps and market externalities, with potentially significant implications for detection and deterrence.
For instance, some anticipated results associated with the proposed rule include (1) implementing enhanced technology standards
for PPSIs that are not currently applicable to MSBs or banks, (2) requiring non-IDI subsidiary PPSIs to collect more detailed
information on legal entities who are their primary market customers, (3) setting clear standards for PPSIs that prevent stablecoin
products from exploiting or being exploited by regulatory arbitrage or ambiguity, and (4) codifying sanctions compliance requirements.
These changes would support law enforcement by ensuring the technological means to mitigate the use of illicit funds by criminal
actors. These changes would indirectly benefit the public at large by reducing money laundering and sanction evasion activity,
which can distort legitimate markets, countering the financing of terrorism and other illicit finance activity, and protecting
national security.

In addition, the newly proposed requirement for PPSIs to establish and maintain an effective sanctions compliance program
would increase transparency and accountability, closing certain potential avenues for sanctions evasion, and helping ensure
consistent regulatory oversight.

ii. Expected Costs

This section assesses the potential incremental costs to PPSIs, government agencies, and the customers of PPSIs associated
with the proposed rule, relative to the baseline over a three-year period in which a final rule would be

  effective. [(464)]() For PPSIs, this includes incremental costs associated with the need to (1) establish and maintain a written AML/CFT program
  and an effective sanctions compliance program in accordance with the requirements of the proposed rule, (2) update training
  programs to contain sanctions compliance, (3) conduct ongoing CDD and BOI collection for legal entity customers, (4) store
  the results of the testing and auditing of the sanctions compliance program and implement required technology, and (5) comply
  with special measures. The section also includes discussion of other costs to PPSIs associated with requirements in the proposed
  rule that are not considered incremental. The analysis then estimates costs to customers of providing information to PPSIs
  that the proposed rule would require, and costs to the government to support and enforce the totality of proposed requirements
  described herein. Given the substantial, but not complete, overlap in practice between an AML/CFT program and the proposed
  sanctions compliance program, the remainder of section XII.A.4.ii. ascribes and discusses certain expected costs to both FinCEN
  and OFAC requirements jointly where appropriate. For elements applicable only to FinCEN or OFAC requirements, only the relevant
  agency is included in that subsection.

In sum, FinCEN and OFAC expect the total incremental cost of the proposed rule for PPSIs to be approximately $1.8 million
in the first year (approximately $24,983 per insured depository institution (IDI)-subsidiary PPSI and $52,453 per non-IDI
subsidiary PPSI), and $1 million in each year thereafter (approximately $10,249 per IDI-subsidiary PPSI and $36,760 per non-IDI
subsidiary PPSI). (465) However, the cost for smaller PPSIs is expected to be significantly less on average, approximately $13,737 per IDI-subsidiary
PPSI and $22,987 per non-IDI subsidiary PPSI in the first year. (466) FinCEN and OFAC estimate that up to 19 of the 50 potential PPSIs could be small; (467) thus, the average first-year cost to the small PPSIs is estimated to range between $261,011 and $436,762. The cost to government
is expected to be $1.7 million in the year prior to the final rule's effective date, $5.9 million in the first year, and $2.9
million in each year thereafter. The cost to customers is expected to be approximately $1.2 million annually. In total, the
quantified economic costs of the proposed rule would amount to an average incremental expenditure of approximately $6.5 million
per year once a final rule became effective.

| Affected party | Year (−1) | Year 1 | Year 2 | Year 3 | 3-Year
average |
| --- | --- | --- | --- | --- | --- |
| PPSIs | | $1,798,558 | $1,042,670 | $1,042,670 | $1,294,633 |
| Government | 1,713,930 | 5,871,244 | 2,938,297 | 2,938,297 | 3,915,946 |
| New PPSI Customers | | 1,245,800 | 1,245,800 | 1,245,800 | 1,245,800 |
| Annual Incremental Costs | 1,713,930 | 8,915,602 | 5,226,768 | 5,226,768 | 6,456,379 |

a. Costs for PPSIs

In this subsection, FinCEN and OFAC identify the costs associated with (1) program development and maintenance; (2) audit
and independent testing, (3) training development and implementation; (4) customer due diligence; (5) addition technical capabilities,
policies, and procedures; (6) BSA reporting; (7) recordkeeping and technology; (8) information sharing; (9) special standards
of diligence; and (10) section 311 and other special measures. Some of these costs are expected to flow from requirements
proposed by FinCEN, others from requirements proposed by OFAC, and others could not be meaningfully disaggregated and separately
attributed given the nature of how the respective programs are expected to be jointly operationalized in an integrated fashion
by future PPSIs. FinCEN and OFAC further anticipate that many of the costs articulated below would not represent incremental
costs uniquely attributable to the requirements of the proposed rule. Where relevant, FinCEN and OFAC have provided explanation
below when the pro forma costs presented are expected to differ from the anticipated incremental costs of the respective proposed
requirements.

1. Program Development and Maintenance

The proposed rule would require PPSIs to establish and maintain an effective AML/CFT program and an effective sanctions compliance
program, described in sections VI.C.3 and VII.B, respectively. FinCEN and OFAC outline the impacts of these requirements on
incremental costs below.

With respect to FinCEN requirements, PPSIs would be required to establish and maintain an effective AML/CFT program comprised
of: (1) internal policies, procedures, and controls; (2) an independent audit function; (3) a designated compliance officer;
and (4) an ongoing employee training program. A PPSI's internal policies, procedures, and controls would need to be reasonably
designed to identify, assess, and document the PPSI's ML/TF risks through risk assessment processes and mitigate the PPSI's
ML/TF risks, consistent with the PPSI's risk assessment processes, including by allocating more attention and resources toward
higher risk customers and activities rather than toward lower-risk customers and activities. PPSIs would be required to conduct
independent testing to assess the PPSI's compliance with the AML/CFT statutory and regulatory requirements. A PPSI would be
required to designate an individual responsible for establishing and implementing the AML/CFT program. A PPSI would be required
to establish an ongoing employee training program. A PPSI would also be required to keep its

  risk-based internal policies, procedures, and controls, risk assessment processes, and employee training program current as
  the PPSI's risk profile changes.

The proposed rule would also require that PPSI's AML/CFT program be written, and that a PPSI, upon request, make available
a copy of its written AML/CFT program to FinCEN or its designee. It would also require the PPSI's AML/CFT program be approved
by the PPSI's board of directors or an equivalent governing body within the PPSI, or appropriate senior management.

PPSIs that do not already have an AML/CFT program in place would incur costs to establish such a program and have it approved
by the PPSI's board of directors or an equivalent governing body within the PPSI, or appropriate senior management. A PPIS
that already has a AML/CFT program would need to review and/or modify its program to ensure it complies with the requirements
of the rule. In addition, all PPSIs would incur costs for maintaining, updating, storing, and producing upon request the written
AML/CFT program. (468)

With respect to OFAC requirements, PPSIs would need to establish and maintain an effective sanctions compliance program. The
program must be risk based and reasonably designed to ensure compliance with all applicable U.S. sanctions. Entities that
do not have a sanctions compliance program in place would need to establish such a program, and those with a sanctions compliance
program would need to review and, as necessary and appropriate, modify their programs to ensure they comply with the requirements
of the final rule. In line with an organizational commitment to the compliance program, senior management would need to review
and approve the sanctions compliance program. Senior management would also be required to support the effective implementation
of the sanctions compliance program, as previously described in section VII.B.1, by ensuring that it is appropriately resourced,
supported, and integrated into a PPSI's operations. A key part of this program implementation is the establishment and maintenance
of a system of risk-based internal controls, as described in section VII.B.3, including technical capabilities and written
policies and procedures, to identify any activity prohibited by U.S. sanctions and take appropriate action, including blocking,
rejecting, and reporting certain transactions in compliance with existing OFAC regulations.

In support of maintaining an effective sanctions compliance program, OFAC's proposed rule would require the conduct of holistic
risk assessments at appropriate intervals, as outlined in VII.B.2. These periodic risk assessments are essential to a current
and effective sanctions compliance program, including in terms of understanding risk and maintaining up-to-date internal controls
and training programs. Internal controls and risk assessments are already a key element of standard sanctions compliance practices
common among regulated actors and thus OFAC does not assess this requirement to incur incremental economic costs, despite
being a novel explicit requirement.

In practice, FinCEN and OFAC expect that some elements of a PPSI's AML/CFT program may overlap with its sanctions compliance
program. For instance, approval of the AML/CFT program would also likely include approval of the sanctions compliance program,
and risk assessments could be conducted enterprise-wide to evaluate risks stemming from both AML/CFT and sanctions compliance
obligations. Thus, OFAC does not expect that most requirements associated with sanctions compliance program implementation
would impose an incremental cost beyond the overall AML/CFT program implementation.

As discussed in section XII.A.2.ii.a, FinCEN and OFAC expect that most PPSIs would be U.S. persons that are likely successors
to MSBs or affiliated with insured depository institutions, which already have AML/CFT program requirements and generally,
in practice have systems to comply with sanctions similar to the ones that would be required to comply with the proposed rule.
Thus, the incremental costs contemplated here are only those entailed by the need for PPSIs to review the regulation and make
any changes or modifications to their AML/CFT or sanctions compliance programs. The modified program would then be approved
and appropriate records retained to be produced upon request.

FinCEN and OFAC expect that on average, the incremental burden associated with establishing and maintaining a written AML/CFT
and sanctions compliance program (including the time burden associated with storing and producing the relevant program records
upon request) would take approximately 30 hours per PPSI in the first year and ten hours in each subsequent year. However,
because MSBs and insured depository institutions already generally update their programs annually, FinCEN and OFAC only account
for the first-year burden as an incremental cost. As presented in table 4, FinCEN and OFAC estimate an average incremental
cost of $3,737 per PPSI and a total incremental cost of $186,870 in the first year associated with this activity. (469)

Hours per PPSI	Cost per PPSI	Number of PPSIs	Total cost
30	$3,737	50	$186,870

2. Audit and Independent Testing

FinCEN and OFAC also expect PPSIs to face costs associated with independent testing of their AML/CFT program and sanctions
compliance program and associated systems. (470) Because such testing often relates closely to the technology services financial institutions typically have in place for these
compliance functions, the costs for such testing are considered jointly with technology implementation. In concordance with
previous FinCEN analysis on this topic, (471) FinCEN and OFAC expect the cost of independent testing to be comparable to the cost of technology implementation. However,
because MSBs and banks are already subject to audit and testing requirements, these costs are not included in the estimate
of novel incremental costs of the proposed rule.

To ensure the integrity of PPSIs' sanctions compliance programs and internal controls, as outlined in VII.B.4., OFAC's proposed
rule would also require that PPSIs maintain an independent testing or audit function to examine the effectiveness of their
sanctions compliance program, including their internal controls. PPSIs would also need to utilize the results of such tests
and audits to identify and implement any needed changes to its sanctions compliance program. In practice, OFAC expects that
PPSIs would conduct any AML/CFT and sanctions compliance program testing or audits jointly.

3. Training Development and Implementation

The proposed rule would require a PPSI to provide ongoing employee training as part of its AML/CFT program and to establish
and maintain a risk-based compliance training program as part of its sanctions compliance program in accordance with the requirements
as described in sections VI.C.3.ii.d and VII.B.5, respectively. FinCEN and OFAC outline the expected economic impacts of these
requirements on incremental costs below.

With respect to FinCEN requirements, a PPSI's AML/CFT program must include an ongoing employee training program. (472) The training should generally cover the PPSI's internal policies, procedures, and controls, which in turn reflect the results
of the PPSI's risk assessment processes, the latest AML/CFT regulatory requirements, and other relevant information. While
the proposed rule does not prescribe the frequency with which the training should occur, PPSIs should conduct the training
as frequently as they deem necessary based on their unique, individual ML/TF risk profiles and the specific roles and responsibilities
of the persons receiving the training.

As described in section VII.B.5, OFAC's proposed rule would require a PPSI to establish and maintain a risk-based compliance
training program that is conducted at least annually, provided to all relevant personnel and stakeholders, appropriately tailored
to each trainee's role and responsibilities, and based appropriately on the PPSI's risk assessment and risk profile. (473) Additionally, OFAC would require that a PPSI's compliance training program be modified to reflect risk assessments findings
and identified deficiencies as well as designed to include easily accessible resources and materials for all.

Although these are separate requirements, it is common for financial institutions to include sanctions in their AML/CFT training.
FinCEN and OFAC expect that PPSIs would face limited costs in training development, implementation, and execution for employees
relative to other financial institutions like traditional large banks because stablecoin issuers typically operate under a
capital-intensive model with fewer employees. (474) Because overall AML/CFT training requirements already exist for MSBs and banks, this proposed requirement would only impose
a small incremental cost associated with updating training to contain sanctions compliance. Table 5 provides an estimate of
the one-time costs associated with establishing and maintaining the employee training program in the first year. Because annual
ongoing costs associated with training programs already exist for MSBs and banks, FinCEN and OFAC do not assign additional
incremental costs in subsequent years attributed to the proposed rule.

Hours per PPSI	Cost per PPSI	Number of PPSIs	Total cost
8	$997	50	$49,832

4. Customer Due Diligence

The proposed rule would require PPSIs to conduct ongoing CDD as part of their AML/CFT program. Specifically, PPSIs would be
required to (1) understand the nature and purpose of customer relationships for the purpose of developing a customer risk
profile; and (2) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain
and update customer information, including information regarding the beneficial owners of a legal entity customer. This section
estimates the cost to PPSIs of CDD activities and the collection of BOI from legal entity customers.

Because ongoing CDD is a risk-based activity not inherently tied to the number of customers a PPSI has, FinCEN estimates a
fixed annual burden of 50 hours per PPSI. This estimate reflects similar costs expected to accrue to other financial institution
types subject to CDD requirements as proposed in another FinCEN rulemaking. (475) Using the annual average of 650 new customers per PPSI, as discussed in section XII.A.2.ii.d. 2, this estimate equates to nearly five minutes per customer. However, as CDD activities need not be applied to every customer
if doing so would be inconsistent with an allocation of resources that prioritizes higher risk,

  this merely serves as an illustrative estimation. In practice, FinCEN expects PPSIs might allocate a fixed amount of effort
  and resources to the review of customers ranked by identified risk, meaning that some customers would experience significant
  review, while others may not experience any in a given year. In addition, because ongoing CDD is already required of banks,
  this proposed requirement is not expected to result in incremental costs for IDI-subsidiary PPSIs. As presented in table 6,
  for 20 non-IDI subsidiary PPSI, the incremental cost of this requirement amounts to an annual per-firm burden of 50 hours,
  a total burden of 1,000 hours, a per-firm cost of $6,229, and a total cost of $124,580.

Hours per PPSI	Cost per PPSI	Number of PPSIs	Total cost
50	$6,229	20	$124,580

In addition to ongoing CDD, PPSIs would be required to collect and verify BOI of new accounts opened by legal entity customers. (476) These would represent new requirements not currently applicable to MSBs and are therefore considered by FinCEN to result in
incremental costs for non-IDI subsidiary PPSIs. A PPSI may obtain the required identifying information by either obtaining
a prescribed certification form from the individual opening the account on behalf of the legal entity customer or by obtaining
the required information directly from the individual. PPSIs would be required to retain records used to identify each beneficial
owner of a legal entity customer for five years after the date the account is closed.

Some of the activities a PPSI would undertake to satisfy CDD requirements are difficult to meaningfully separate from similar
and complementary activities that would be undertaken to satisfy a PPSI's CIP requirements, which the GENIUS Act directs to
be imposed on PPSIs. Therefore, some burden elements associated with collecting customer information that serves both CIP
and CDD purposes would also be accounted for in the regulatory analysis accompanying such a CIP-specific proposal. However,
the cost of beneficial ownership verification, which extends beyond the basic customer information collection requirements
that would be contained in a PPSI CIP NPRM, are estimated below.

FinCEN anticipates a population of approximately 20 non-IDI subsidiary PPSIs that are not currently subject to any BOI collection
requirement for new customers. (477) BOI collection would be required only for new primary market customers. FinCEN anticipates the additional BOI collection for
new customers would require 15 minutes (0.25 hours) on average per customer. PPSIs are expected to have an average of 650
new customers per year, (478) and virtually all of these are expected to be legal entities. Thus, as presented in table 7, FinCEN conservatively estimates
that BOI collection would result in an annual incremental cost of $20,244 per non-IDI subsidiary PPSI, resulting in a total
incremental cost of $404,885 per year. For small PPSIs, the number of expected primary market customers is expected to be
closer to 100, or 65 new customers annually. Thus, the anticipated cost for small PPSIs is expected to be substantially less
than the average presented here (approximately $2,024 per PPSI). As this section does not apply to OFAC related requirements,
no additional OFAC associated costs were considered here.

| Number of new customers | Hours per
customer | Hours per
PPSI | Cost per
PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- | --- | --- |
| 650 | 0.25 | 162.5 | $20,244 | 20 | $404,885 |

5. Additional Technical Capabilities, Policies, and Procedures

The proposed rule would require PPSIs to have technical capabilities, policies, and procedures to block, freeze, and reject
specific or impermissible transactions that violate Federal or State laws, rules, or regulations, described in VI.C.5.i. The
requirement would apply to both a PPSI's primary market and secondary market activity. The proposed rule would also require
PPSIs to have the technological capability to comply, and to comply with the terms of any lawful order, described in VI.C.5.ii.
Although these are separate obligations, FinCEN expects that PPSIs may use the same technological capability to comply with
both. FinCEN also expects that stablecoin issuers may already have in place technical capabilities and policies and procedures
relating to taking action regarding impermissible transactions and adhering to lawful orders because of existing legal requirements,
including complying with OFAC sanctions and court orders. (479)

For these reasons, the expected economic costs of the proposed additional requirements with respect to technical capabilities,
policies, and procedures are not itemized separately or incrementally, but are instead considered to be included in the costs
associated with the internal policies, procedures, and controls component of establishing and maintaining an AML/CFT program
and the broader general technology costs of the proposed rule.

6. BSA Reporting

The proposed rule would require PPSIs to file BSA reports, namely CTRs and SARs.

CTRs

As proposed, the rule would require a PPSI to file CTRs on transactions in currency of more than $10,000, unless subject to
an applicable exemption, described in section VI.C.7 However, FinCEN recognizes that, presently, stablecoin issuers rarely
engage in physical transfers of currency, and anticipate that because this would likely also be the case for future PPSIs,
the costs of actually filing CTRs are expected to be de minimis. In addition, because CTR filing requirements already exist for IDIs and MSBs, FinCEN does not consider the costs of the proposed
CTR filing obligation to represent a change in requirements. Consequently, there is nothing to which a novel incremental cost
could attach. (480)

SARs

The proposed rule would require PPSIs to file SARs for any suspicious primary market transaction relevant to a possible violation
of law or regulation, described in section VI.C.8. In addition, PPSIs would be required to maintain a copy of any SAR filed
and the supporting documentation for a period of five years from the date of filing. Supporting documentation would need to
be made available to FinCEN and the prescribed law enforcement and regulatory authorities, upon request.

Based on an analysis of SAR filings between 2021 and 2025 discussed in section XII.A.2.iii.b, FinCEN estimates that PPSIs
would each file an average of 100 SARs per year, although some may file significantly more than that. To estimate the range
of costs associated with SAR filing, FinCEN contemplated a range of potential filing scenarios, with a low end of 100 and
a high end of 1,000. FinCEN anticipates that each SAR filing would take approximately 90 minutes (1.5 hours). Based on market
data, FinCEN estimates a distribution where five out of 50 PPSIs would have stylized high reporting obligations in connection
with more widely used products with more, and more complex, SAR filings, and 45 out of 50 would have stylized low reporting
obligations with fewer, less complex SAR filings. (481) Table 8 presents this distribution, which results in a weighted annual average of 190 filings per PPSI, resulting in an annual
burden of 285 hours per PPSI. (482)

| Number of filings | Hours per
filing | Total hours | Number of
PPSIs |
| --- | --- | --- | --- |
| 100 | 1.5 | 150 | 45 |
| 1,000 | 1.5 | 1,500 | 5 |
Based on survey responses reported in a 2018 Bank Policy Institute report, of the suspicious activity alerts that are turned
into full case investigations (i.e., alerts that are not considered false positives and involve additional documentation, which are hereafter referred to as “cases”),
approximately 42 percent were turned into SARs. (483) Therefore, for each case filed as a SAR, approximately 1.4 cases were not filed. FinCEN estimates that each unfiled case would
take approximately 30 minutes (0.5 hours). Using the distribution described above, FinCEN estimates a weighted annual average
of 266 unfiled cases per PPSI, resulting in an additional annual burden of 133 hours per PPSI.

| Number of gilings | Number of unfiled cases | Hours per unfiled case | Total hours | Number of
PPSIs |
| --- | --- | --- | --- | --- |
| 100 | 140 | 0.5 | 70 | 45 |
| 1,000 | 1,400 | 0.5 | 700 | 5 |
While these time estimates are used to provide a sense of the costs associated with SAR reporting for PPSIs, because FinCEN
assumes that as the relevant counterfactual all future PPSIs would otherwise still have SAR filing requirements either as
an MSB or because of bank affiliation, this proposed requirement is not expected to present a novel incremental cost to PPSIs. (484)

7. Recordkeeping and Technology

The proposed rule would require PPSIs be subject to recordkeeping under the BSA and under OFAC regulations, described in sections
VI.C.9 and VII.A, respectively. FinCEN and OFAC outline the impacts of these requirements on incremental costs below.

With respect to FinCEN requirements, PPSIs would be required to create and retain certain records for extension of credit
in excess of $10,000; and certain records of cross-border transfers of currency, monetary instruments, funds, checks, investment
securities, and credit worth more than $10,000. PPSIs would be required to maintain records related to any order issued under
§ 1010.370(a) for up to five years. PPSIs would also be required to comply with the Recordkeeping Rule which would require
PPSIs to collect and retain records for funds transfers and transmittals of funds in amounts of $3,000 or more, and the Travel
Rule which would require PPSIs to transmit information on certain funds transfers and transmittals of funds to other financial
institutions participating in the transfer or transmittal.

In practice, FinCEN expects that PPSIs would extend credit infrequently and therefore expect the primary burden

  from these proposed requirements to stem from compliance with the Recordkeeping Rule and the Travel Rule. Cumulatively, FinCEN
  estimates the annual recordkeeping burden per PPSI for these requirements would be approximately 20 hours. However, because
  these requirements already exist for banks and MSBs, FinCEN does not contemplate this as an incremental cost attributable
  to the proposed rule.

With respect to OFAC requirements, the proposed rule includes a new requirement that would require PPSIs to maintain records
of the results and enhancements from the testing and auditing components of their sanction compliance programs, in addition
to standard recordkeeping requirements for U.S. persons pursuant to part 501 of title 31. (485) This newly proposed recordkeeping requirement would apply only to the results of the testing and auditing of the sanctions
compliance program component. However, OFAC acknowledges that in practice, many firms may opt to store the results of their
overarching AML/CFT program test, of which sanctions compliance is an inseparable part. The average annual cost of this specific
recordkeeping activity, which is distinct from the joint costs, is approximated in table 10.

| Hours per PPSI | Cost per PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- |
| 2 | $249 | 50 | $12,458 |
FinCEN and OFAC also conservatively estimate a joint incremental general technology cost associated with AML/CFT and sanctions
compliance obligations under the proposed rule. Based on market research and given the wide range of customers that PPSIs
interact with, (486) FinCEN and OFAC estimate that such technology costs, which may include licensing fees for specialized software, would range
from approximately $10,000 to $20,000 per firm in the first year, and about $5,000 to $10,000 annually thereafter (depending
on firm size). For purposes of cost estimation FinCEN and OFAC conservatively assign each PPSI a $20,000 cost in the first
year, for a maximum total incremental cost of $1 million annually for 50 PPSIs. In subsequent years, FinCEN and OFAC estimate
they would each incur an annual cost of $10,000. This includes the cost of technology implementation, annual transaction screening,
and recordkeeping. (487) These costs are outlined in Table 11. Smaller PPSIs are expected to experience costs at the lower ends of the ranges mentioned
above.

| Years | Cost per PPSI | Estimated
number ofPPSIs | Total cost |
| --- | --- | --- | --- |
| 1 | $20,000 | 50 | $1,000,000 |
| 2+ | 10,000 | 50 | 500,000 |

8. Information Sharing

The proposed rule would apply the information sharing provisions at § 1010.520, also known as 314(a), and § 1010.540, also
known as 314(b), to PPSIs, described in section VI.C.10. Section 1010.520 requires a financial institution to search its records
upon receipt of a request from FinCEN and provide information in return. Section 1010.540 is a voluntary information sharing
tool of which a financial institution may, but is not required, to avail itself.

Because banks and MSBs are already required to comply with section 314(a), FinCEN does not contemplate this as an incremental
cost. In addition, FinCEN generally only transmits 314(a) requests to a limited subset of the financial institutions that
are required to comply with 314(a) requirements in any given year. Historically, the proportion of potentially affected financial
institutions required to provide a response in a given year has remained below three percent. (488) The subjects of 314(a) requests are individuals and entities suspected by law enforcement of engaging in money laundering
or terrorist financing. Most PPSIs' primary market customers are financial institutions or other legal entities which have
generally not been the subject of 314(a) requests. Because PPSIs nevertheless may receive 314(a) requests in the future that
require a response, FinCEN assigns a nominal annual burden for this activity of one hour, commensurate with the expectation
that PPSIs may be less likely to maintain accounts or conduct transactions with individuals or entities that are the subject
of 314(a) requests.

| Hours per PPSI | Cost per PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- |
| 1 | $125 | 50 | $6,229 |
Under section 314(b), PPSIs would be able to share information about transactions involving the proceeds of specified unlawful
activities. This would be a voluntary information sharing tool of which a financial institution may, but would not be required
to, avail itself. For this reason, FinCEN does not attribute an incremental burden to activity conducted under section 314(b). (489)

9. Special Standards of Diligence

As described in section VI.C.11.ii, under the proposed rule, PPSIs would be subject to special standards of diligence. PPSIs
would be required to maintain due diligence programs for correspondent accounts for foreign financial institutions and banks
and for private banking accounts. These programs would include policies, procedures, and controls that are reasonably designed
to detect and report any known or suspected money laundering or suspicious activity conducted through or involving such correspondent
or private banking accounts.

FinCEN estimates the annual hourly burden of maintaining and updating the due diligence program for such correspondent or
private banking accounts would be approximately two hours for each regulated entity—one hour to maintain and update the program
and one hour to obtain the approval of senior management. (490) However, because these requirements already exist for banks and MSBs, FinCEN does not contemplate this as an incremental cost. (491)

| Hours per PPSI | Cost per PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- |
| 2 | $249 | 50 | $12,458 |

10. Section 311 and other Special Measures

The proposed rule would require that PPSIs comply with special measures issued pursuant to section 311 of the USA PATRIOT
Act, 2313a of the Fentanyl Sanctions Act, and section 9714(a) of the Combating Russian Money Laundering Act. To date, FinCEN
has issued several final rules pursuant to section 311 imposing the fifth special measure to prohibit covered financial institutions
from opening or maintaining a correspondent account for, or on behalf of, specified entities. (492) Future PPSIs would be expected to incur burden in complying with this component of the proposed rule insofar as they would
both (1) need to establish and maintain the ability to comply with future impositions of special measures and (2) ensure compliance
with all existing section 311 final rules.

For purposes of burden estimation, and taking into account the intended scope of the defined term “correspondent account”
as presented in section VI.C.11.i, FinCEN conservatively assumes that all projected 50 future PPSIs would be equally likely
to maintain foreign correspondent accounts and incur costs associated with the proposed obligation to comply with the various
types of special measures. Borrowing from the approach FinCEN utilized in the most recent 60-day notice renewing existing
section 311 OMB control numbers, (493) FinCEN continues to apply a graduated burden model with an anticipated cost profile that declines sharply in the years following
the first effective year of a given special measure. Thus, for future non-IDI subsidiary PPSIs, who would be expected to face
an immediate, full start-up burden (because they are less familiar with the special measures described above), FinCEN assigns
a first-year average burden of eight hours per expected future non-IDI subsidiary PPSIs and 0.5 hours for each of the 30 expected
future IDI-subsidiary PPSIs. FinCEN then applies the same graduated declining burden model as employed in its section 311
60-day notice, estimating that in subsequent years, all 50 expected future PPSIs would incur an average annual burden of approximately
18-minutes each. Because these requirements already exist for IDIs, FinCEN does not consider the costs presented in table
14 as novel incremental costs for future IDI-subsidiary PPSIs; however, the costs presented in table 15 would be considered
an incremental new burden for PPSIs that are not IDI subsidiaries. (494)

| Year | Hours per
PPSI | Cost per
PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- | --- |
| 1 | 0.5 | $62 | 30 | $1,869 |
| 2+ | 0.3 | 37 | 30 | 1,121 |

| Year | Hours per
PPSI | Cost per
PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- | --- |
| 1 | 8 | $997 | 20 | $19,933 |
| 2+ | 0.3 | 37 | 20 | 747 |

b. Government

To implement the proposed rule, FinCEN expects to incur certain operating costs that would include approximately $1.7 million
in the year prior to the final rule's effective date, $5.9 million in the first effective year of the final rule, and approximately
$2.9 million in the average subsequent year. These estimates include anticipated expenses related to stakeholder outreach
and informational support, compliance monitoring, and potential enforcement activities as well as certain incremental increases
to pre-existing technological and IT infrastructure, administrative and logistic expenses, primarily related to data collection
and analysis.

FinCEN acknowledges that this treatment of cost estimates implicitly assumes that increased resources commensurate with any
novel operating costs would exist. If this assumption does not hold, then operating costs associated with this rule may impose
certain economic costs on the public in the form of opportunity costs from the agency's forgone alternative activities and
those activities' attendant benefits. Benchmarking against FinCEN's appropriated budget for BSA administration and analysis
in fiscal year 2025 ($190,193,000), (495) the corresponding opportunity cost could resemble forgoing up to 3.1 percent (1.5 percent) of current activities annually
in the first year (each subsequent year) in which a final rule was effective. However, to the extent that activities FinCEN
would undertake as a function of the proposed rule would functionally substitute for or otherwise replace foregone activities,
such an estimate likely overstates the potential economic costs to FinCEN and, consequently, the public.

FinCEN notes that these estimates do not include the potential costs borne by other regulators or entities who might foreseeably
be engaged in informational outreach, examinations or related supervisory actions or enforcement activities as a consequence
of the proposal. Such regulators and entities include the primary Federal payment stablecoin regulators and the IRS. FinCEN
acknowledges that the cost estimates here would therefore understate the burden of activities required to promote compliance
with the rules as proposed and the full scope of government costs.

As described above in section, the proposed rule would introduce consultation requirements for primary Federal payment stablecoin
regulators before initiating significant AML/CFT supervisory actions. FinCEN anticipates that the proposed consultation process
is likely to have direct economic effects on both FinCEN and the primary Federal payment stablecoin regulators. The proposed
process could also reasonably be expected to have indirect effects on the PPSIs subject to supervision and examination to
the extent that the consultative process is successful in better aligning supervisory and enforcement activities with the
efficient establishment and maintenance of AML/CFT programs. Finally, while further downstream economic effects may also flow
to the general public from this improved alignment, these effects would be third order at best, and difficult to distinguish
from the effects of other incremental components of the proposed rule. Thus, despite acknowledging that economic effects of
the proposed regulatory changes applicable to primary Federal payment stablecoin regulators may reach to PPSIs and the general
public, they are not itemized or further considered in the respective discussions of expected economic effects on these specific
parties.

OFAC does not expect to incur additional operating expenses to implement the proposed rule. While OFAC's Enforcement Division
will be responsible for investigating and enforcing potential violations of the proposed rule, OFAC expects that these efforts
would be folded into their existing enforcement responsibilities and that investigations into violations of the sanctions
compliance program requirement would occur in conjunction with investigations into violations of other U.S. sanctions regulations.
As noted in section V.B, OFAC already considers the existence, nature, and adequacy of a subject person's risk-based sanctions
compliance program when determining the appropriate administrative action to take in response to an apparent violation of
U.S. sanctions. (496) As FinCEN notes above, OFAC acknowledges that these estimates do not include the potential costs borne by other regulators,
or entities who might foreseeably be engaged in informational outreach, examinations (such as those by the IRS), or related
supervisory actions or enforcement activities as a consequence of the proposed rule.

c. PPSI Customers

As discussed earlier in this analysis, (497) based on the median value of customers, FinCEN and OFAC expect that the typical PPSI would have approximately 100 legal entity
clients that it interacts with directly. However, some PPSIs are expected to have substantially more than this, and FinCEN
and OFAC apply an average of 1,000 customers per PPSI. In total, FinCEN and OFAC do not expect the aggregate number of direct
PPSI customers to exceed 300,000. However, FinCEN and OFAC estimate that a substantial portion of these may be affiliates
of a single counterparty or associated with non-U.S. entities. FinCEN and OFAC estimate that the number of affected U.S. businesses
is no more than 10,000.

As described earlier, (498) these businesses belong to several industrial categories, including digital asset exchanges, specialized digital commodities
traders, and other types of investment and securities related businesses. Aside from digital asset exchanges, FinCEN expects
that nearly all of these firms would be part of the NAICS classifications under industry code 523 (“Securities, Commodity
Contracts, and Other Financial Investments and Related Activities”). Based on this assessment, FinCEN and OFAC applied the
associated standard wage rate to estimate the costs of PPSI customers' time. (499)

While FinCEN and OFAC estimate that a significant portion of these entities may be subsidiaries of a single counterparty or
connected to non-U.S. entities, PPSIs would still be responsible for verifying the identities of all connected counterparties
in order to meet program obligations. FinCEN and OFAC expect that each customer would be required to spend approximately one
hour to collect, review, and transmit the required customer identification information to the stablecoin issuing counterparty
(specifically, information about beneficial ownership). Table 16 provides a summary of the expected costs to these customers.
FinCEN and OFAC estimate that PPSI customers, which are mostly financial institutions engaged in trading a broad range of
stablecoin products as part of their investment portfolios, or exchanges seeking to provide off-chain liquidity to retail
customers for a similarly broad range of stablecoin products, will likely initiate at least one new primary market relationship
each year, although this frequency may fluctuate. In order to generate a conservative estimate, FinCEN and OFAC assume for
purposes of this analysis that all primary market participants would be required to provide this information once during the
course of business in a given year when interacting with a new stablecoin issuer, while acknowledging significant uncertainty
around this estimate. FinCEN and OFAC request public comment on this assumption.

| Total number of customers | Hours per
customer | Cost per
customer | Total cost |
| --- | --- | --- | --- |
| 10,000 | 1 | $125 | $1,245,800 |

5. Consideration of Policy Alternatives

In developing the proposed rule, FinCEN and OFAC considered several policy alternatives, including alternatives that would,
if adopted, imply differences in the cost profile of the requirements, particularly for small entities. FinCEN and OFAC invite
comment on these alternatives, and on any other alternatives that were not considered here.

i. FinCEN Alternatives

a. Size-Related Alternatives

First, FinCEN considered modifying the proposed rule's requirements for small entities or establishing an asset threshold
for certain proposed compliance obligations. As discussed in more detail in the IRFA analysis (section XII.C.2.i.b below),
FinCEN utilizes a threshold of $200 million in total reserve assets to define small PPSIs that are not IDI subsidiaries. FinCEN
considered using this threshold as a tailoring benchmark, whereby PPSIs under the threshold might have been afforded burden
accommodations in the form of additional time to transition, or additional time to undertake certain required activities,
potentially differential reporting thresholds, or other modifications to AML/CFT program standards designed to reduce compliance
cost. However, FinCEN opted against this alternative. Creating some category of PPSI for small issuers that would entail lessened
AML/CFT requirements would conceivably result in the targeting of these PPSIs by illicit actors seeking to circumvent regulatory
scrutiny. Additionally, FinCEN's analysis indicates that most technology services that enable AML/CFT functions as described
here are highly scalable, allowing small PPSIs to readily identify and employ more cost-effective options.

b. Alternative Information Requirements

FinCEN separately considered a version of the proposed rule that would have required PPSIs to collect, and customers to provide,
additional information beyond what this NPRM would require. For example, in addition to the proposed rule's requirement that
future PPSIs collect the name, date of birth, address, and government-issued identification number for the beneficial owners
of a legal entity customer (as defined under 31 CFR 1010.230, but generally meaning one executive officer and all individuals
with 25 percent or more equity interest in the entity), FinCEN considered further requiring PPSIs to collect customers' blockchain
wallet addresses associated with the legal entity, incorporation or tax documents, or certain identifying financial information
such as account numbers. However, FinCEN opted not to require these items for several reasons. First, many issuers already
collect this additional information in the ordinary course of business, and are best situated to determine what, if any, additional
information is necessary to make risk-based decisions about a customer. Secondly, the absence of this information does not
exempt an issuer from the responsibility to assess the risk associated with a customer or their transactions, and therefore
it is the imperative of the issuer to determine whether or not such additional information is necessary to conduct risk-based
screening and analysis. FinCEN concluded that it would strike a more appropriate balance of anticipated benefits to expected
costs to refrain from imposing a unilateral requirement that such additional information be collected in every instance and
that instead it would be more economically efficient to defer in these aspects to the discretion of the PPSI's risk-based
determinations. In declining to pursue this alternative, FinCEN also took into consideration that it may also comport more
closely with the GENIUS Act requirement that Treasury issue regulations tailored to the size and complexity of the PPSI to
limit the information requirements as proposed. FinCEN requests comment on the extent to which this assessment comports with
market expectations and practices.

c. Block, Freeze, and Reject Alternative

FinCEN separately and additionally considered providing a more detailed regulation related to the requirement for PPSIs to
have the technical capability, policies, and procedures to block, freeze, and reject specific or impermissible transactions
that violate Federal or State laws, rules, or regulations. For example, FinCEN could have provided details on the specific
technical capability, policies, and procedures that would be required or required a PPSI to take proactive action related
to this requirement. This might have required a PPSI to act if it had a reason to know the transaction was impermissible.
However, FinCEN decided against these alternatives. Providing a more detailed regulation could have limited how a PPSI could
comply with this requirement. FinCEN decided it was important for PPSIs to have the flexibility to implement new technology,
best practices, and adapt to changing laws, rules, or regulations. FinCEN also considered that proposing a more proactive
requirement could increase the compliance burden for PPSIs. In sum, FinCEN's decision not to pursue a proposed rule that included
this alternative formulation was informed by its belief that the alternative would not strike a preferable balance between
the anticipated benefits and the expected costs or be as economically efficient as the more flexible formulation proposed.
FinCEN is requesting comment on the extent to which this assessment comports with market expectations.

ii. OFAC Alternatives

Additionally, OFAC considered basing the minimal elements for a sanctions compliance program on FinCEN's current AML program
requirements for banks at 31 CFR 1020.210. For example, that alternative regulatory foundation would require: (1) a system
of internal controls to assure ongoing sanctions compliance; (2) independent testing for compliance to be conducted by the
PPSI's personnel or by an outside party; (3) designation of an individual or individuals responsible for coordinating and
monitoring day-to-day compliance; (4) training for appropriate personnel; and (5) appropriate risk-based procedures for conducting
ongoing customer due diligence. Although these requirements are similar in substance to the proposed rule, OFAC chose to instead
align the proposed minimal elements of a sanctions compliance program with existing OFAC guidance, particularly the 2019 Compliance
Framework.

The 2019 Compliance Framework has been a cornerstone of OFAC's regular public outreach to all regulated industries. Likewise,
the compliance guidance and expectations detailed in the 2019 Compliance Framework consistently form the basis of OFAC's published
guidance (e.g., sanctions advisories, compliance communiqués, and frequently asked questions). Consequently, the sanctions compliance community
is already highly familiar with the proposed rule's requirements as consistent with existing OFAC guidance. Additionally,
FinCEN's AML requirements at 31 CFR 1020.210 and OFAC's existing regulations differ in applicable scope; the former center
on traditional banks, whereas the latter apply to all U.S. persons. The 2019 Compliance Framework's focus on U.S. persons,
rather than financial institutions, is therefore better aligned with future PPSI's obligations as U.S. persons under the GENIUS
Act. Finally, the 2019 Compliance Framework is grounded in the principle of a risk-based approach to sanctions compliance.
This foundation supports PPSI flexibility and discretion in how to meet the GENIUS Act's requirement of an effective sanctions
compliance program within the context of maintaining the five minimal elements in the proposed rule. This flexibility not
only accounts for the development and implementation of new technology but also is consistent with the GENIUS Act's direction
that regulations be tailored to the size and complexity of the PPSI. (500) OFAC is requesting comment on the extent to which this assessment comports with market expectations and practices.

B. Executive Orders 12866, 13563, and 14192

E.O. 12866 directs agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary,
to select regulatory approaches that maximize net benefits (including potential economic, environmental, and public health
and safety effects; distributive impacts; and equity). E.O. 13563 emphasizes the importance of quantifying both costs and
benefits, reducing costs, harmonizing rules, and promoting flexibility. E.O. 13563 also recognizes that some benefits are
difficult to quantify and provides that, where appropriate and permitted by law, agencies may consider and discuss qualitatively
values that are difficult or impossible to quantify.

This proposed rule has been designated a “significant regulatory action”; accordingly, it has been reviewed by OMB.

E.O. 14192, entitled “Unleashing Prosperity Through Deregulation,” was issued on January 31, 2025. Section 3(c) of the order
requires that any new incremental costs associated with new regulations shall, to the extent permitted by law, be offset by
the elimination of existing costs associated with at least ten prior regulations.

If finalized as proposed, this action is expected to be considered an E.O. 14192 regulatory action.

C. Regulatory Flexibility Analysis

When an agency issues a proposed rulemaking, the RFA requires the agency either to provide an IRFA or certify that the proposed
rule would not have a significant economic impact on a substantial number of small entities. Because the proposed rule may
have a significant economic impact on a substantial number of certain types of PPSIs that may qualify as small entities, FinCEN
and OFAC undertook the following analysis. In the event that FinCEN and OFAC have potentially overestimated the anticipated
economic burden of the proposed rule, and certification would instead be more appropriate, comments to this effect—including
studies, data, or other evidence—are invited.

1. The Proposed Rule: Objectives, Description, and Legal Basis

The proposed rule would implement FinCEN's regulations that prescribe BSA obligations and OFAC's sanctions compliance program
requirement for PPSIs as described in sections VI, VII, and XII.A.3.

The GENIUS Act, enacted on July 18, 2025, the legal basis for the proposed rule, creates a regulatory framework for PPSIs
in the United States. (501) The GENIUS Act provides a comprehensive framework for the regulation of payment stablecoins. (502) The GENIUS Act outlines the reserve, capital, liquidity, and risk management requirements for PPSIs and tasks the Board, FDIC,
NCUA, and OCC, as well as any State payment stablecoin regulators, with implementing those requirements and establishing a
process and framework for the licensing, regulation, examination, and supervision of PPSIs. (503)

The proposed rule seeks to implement the GENIUS Act by requiring that PPSIs

  “be treated as a financial institution for purposes of the Bank Secrecy Act, and as such, shall be subject to all Federal
  laws applicable to financial institutions located in the United States relating to economic sanctions, prevention of money
  laundering, customer identification, and due diligence.” [(504)]()

The GENIUS Act directs the Secretary of the Treasury to issue regulations, tailored to the size and complexity of the PPSI,
implementing the AML/CFT and sanctions compliance requirements directed by the GENIUS Act. (505)

2. The Expected Impact on Small Entities

i. Defining Small Affected Entities

The impact of the rule on small entities varies across the three distinct types of PPSIs: those that are subsidiaries of banks
(including credit unions); those that are Federal qualified payment stablecoin issuers (FQPSIs); 506 and State qualified payment stablecoin issuers (SQPSIs). (507) FinCEN has incorporated the OCC, FDIC, Board, and NCUA's RFA analyses with respect to their nexuses with these respective
types and limited its own further analysis below to the remaining potential future PPSIs that it anticipates. As the proposed
rulemaking may also impact the small entities that are customers of PPSIs, this population was also subject to IRFA requirements
and is included in section XII.C.2.i.d.

a. Small PPSIs Regulated by the Agencies

As discussed in section II.A, the GENIUS Act tasks the OCC, Board, FDIC, and NCUA (the “Agencies”) with implementing reserve,
capital, liquidity, and risk management requirements for PPSIs. The OCC, FDIC, and NCUA have recently published other NPRMs
necessary to implement the GENIUS Act. (508) Because each of these proposed rules has already provided the operational definition of “small” used to scope the respective
estimated populations of small IDIs that would also be relevant for the RFA analysis in this proposed rule, FinCEN and OFAC
are adopting those analyses and estimates by reference. Table 17 provides a summary of the incorporated estimates below.

| Agency | Total
population | Number of
small institutions | Percentage
small |
| --- | --- | --- | --- |
| FDIC | 2,772 | 2,064 | 74.5% |
| Board | 702 | 440 | 62.7 |
| OCC | 997 | 609 | 61.1 |
| NCUA | | | b 19 |
| a Data is based on consultation with the Agencies. See also FDIC, Approval Requirements for Issuance of Payment Stablecoins by Subsidiaries of FDIC-Supervised Insured Depository Institutions, 90 FR 59409 (Dec. 19, 2025); NCUA, Investments in and Licensing of Permitted Payment Stablecoins Issuers, 91 FR 6531 (Feb. 12, 2026); OCC, Implementing the Guiding and Establishing National Innovation for U.S. Stablecoins Act for the Issuance of Stablecoins by
Entities Subject to the Jurisdiction of the Office of the Comptroller of the Currency, 91 FR 10202 (Mar. 2, 2026). | | | |

b. Other PPSIs

The SBA publishes annual size thresholds defining small businesses by their classification under categories of the NAICS.
While there is currently no NAICS category specifically for stablecoin issuers, FinCEN and OFAC anticipate that they would
most appropriately fit within several broader categories of financial institution. Most stablecoin issuers meet the definition
of MSBs, and therefore belong either to Financial Transactions Processing, Reserve, and Clearinghouse Activities (522320)
(most appropriate for those that engage in money transmitting), or Other Activities Related to Credit Intermediation (522390).
The SBA-defined threshold for a small business in these categories is $47 million and $28.5 million in gross receipts, respectively.
In addition, because digital assets may sometimes be classified as commodities, some stablecoin issuers might otherwise be
categorized under NAICS code 523160 as Commodity Contracts Intermediation. The SBA-defined threshold for a small business
in this category is $47 million in gross receipts. Among these categories, the most appropriate designation for stablecoin
issuers, due to their role as money transmitters, is Financial Transactions Processing, Reserve, and Clearinghouse Activities
(522320), with an SBA-defined threshold for a small business of $47 million in annual gross receipts.

However, because the number of potential future PPSIs (as defined under the GENIUS Act) is small relative to the number of
total firms in this NAICS category, and because most stablecoin issuers generate revenue in a manner unlike other MSBs, FinCEN
and OFAC considered that an alternative threshold might be better suited to identify a “small entity” based on the current
distribution and characteristics of entities in the stablecoin industry. Specifically, an asset-based threshold is a standard
better suited to identifying genuinely small stablecoin issuers. As discussed earlier, stablecoin issuers primarily generate
revenue through capital appreciation and other investment returns on their reserve holdings rather than receipts from the
sale of goods or services. Moreover, a stablecoin issuer's investment returns may be attributable primarily to fluctuations
in interest rates and other market factors, meaning that a stablecoin issuer may produce vastly different returns over time
with virtually no change in size. Accordingly, we do not believe that the gross receipts standard provides an appropriate
means for FinCEN and OFAC to identify small stablecoin issuers for purposes of the RFA.

To determine an appropriate asset-based threshold, FinCEN and OFAC developed a profile of the stablecoin sector, which includes
all affected

  stablecoin issuers as well as small businesses. Stablecoin issuers generally earn revenue using their reserve funds in a way
  similar to many other types of asset managers. Therefore, total reserve fund assets (“total assets”) is a good measure by
  which to define “small entities” in this industry, similarly to the way banks or investment companies are often measured.
  As discussed in section XII.A.2.ii.a, FinCEN and OFAC examined public data on the issuers of over 350 stablecoin products
  using publicly available data from several sources, which included metrics on the circulating value of each product. Because
  every USD fiat currency-backed stablecoin issued is backed by an equivalent value in USD, the circulating value is a good
  indication of the size of the stablecoin issuer's reserve fund total assets.

Taken as a whole, stablecoin issuers managed a total of about $300 billion in total assets as of 2025, with about $250 billion
of this value being held by issuers of products likely to be eligible for status as a payment stablecoin under the Act. Among
the stablecoin issuers reviewed, the mean total asset value was about $5.6 billion. However, the distribution of assets across
stablecoin issuer is highly skewed, with a significant concentration of assets at the very largest stablecoin issuers. Accordingly,
the median value was significantly less than the mean, about $14 million.

FinCEN and OFAC estimate that over 99 percent of potential payment stablecoin total assets are held by the top five stablecoin
issuers. Table 18 provides a summary of total asset thresholds by percentile based on public data about the total circulating
value of issuer's associated stablecoins. Considering this concentration, FinCEN and OFAC propose using a threshold value
of $200 million in total assets to define a small PPSI, which is roughly the 80th percentile value. FinCEN and OFAC request
public comment on the suitability of this threshold. This value also falls close to the mean total asset value for issuers
below the top five percent of firms. Using the proposed $200 million total asset threshold would represent less than one percent
of total assets in the industry as being held by small entities but would encompass 84 percent of likely payment stablecoin
issuers for which data could be obtained (approximately 40 entities, 19 of which were identified as potential PPSIs). This
results in a distribution of small entities which is fairly robust to the threshold; doubling the threshold $400 million would
result in an identical distribution and halving it to $100 million would result in the exclusion of six issuers, resulting
in 71 percent of stablecoin issuers being below the threshold. Eighty-four percent of stablecoin issuers falling below the
threshold is consistent with the distributions of other similarly concentrated finance-related industries.

In considering the adoption of a $200 million total asset threshold to designate PPSI size for RFA purposes, FinCEN and OFAC
considered the following population distribution information for stablecoin issuers:

| Percentile | Net asset
threshold | Percentage
of issuersbelow(%) | Percentage
of aggregatenet assetsbelow(%) |
| --- | --- | --- | --- |
| 10th | $300,660 | 11 | 0.0002 |
| 20th | 887,584 | 18 | 0.0007 |
| 30th | 3,952,000 | 22 | 0.0021 |
| 40th | 10,260,054 | 36 | 0.0172 |
| 50th | 13,670,000 | 47 | 0.0420 |
| 60th | 33,446,620 | 58 | 0.0788 |
| 70th | 62,497,337 | 67 | 0.1571 |
| 80th | 173,946,000 | 78 | 0.3486 |
| 90th | 734,997,872 | 87 | 0.7767 |
| 100th | 173,113,000,000 | 98 | 32.3282 |

c. Small SQPSIs

At this time there is insufficient data to separately forecast a population of potential future SQPSIs. It is therefore not
possible to assess the proportion of that potential future population that would be considered small for purposes of this
analysis or assess the appropriateness of an additional alternative definition of “small” uniquely applicable to SQPSIs with
any meaningful degree of certainty. Comments and data are invited to assist FinCEN and OFAC in analyzing the potential effects
of the proposed requirements on SQPSIs, generally, and small SQPSIs in particular.

d. Small Entity PPSI Customers

Additionally, as discussed in section XII.A.2.ii.d. 2, FinCEN and OFAC expect that the proposed rule, if adopted, may impose costs on the primary market customers of future PPSIs
that are legal entities because these PPSI customers would need to collect and provide information to their respective PPSIs,
who would have initiated the requests for customers' information as a consequence of the need to satisfy certain requirements
in the proposed rule. FinCEN and OFAC anticipate that many of these affected PPSI customers would be digital asset exchanges,
specialized digital commodities traders, and other types of investment and securities-related firms, at least some of whom
may be small businesses for purposes of the RFA. As described earlier, (509) FinCEN and OFAC estimate that there are approximately 300,000 primary market customers that could, in the future, interact
directly with PPSIs, of which the number of affected customers that may be U.S. businesses is expected to be no more than
10,000. As described earlier, (510) these businesses belong to several categories, including digital asset exchanges, specialized digital commodities traders,
and other types of investment and securities related businesses, the majority of which would be classified under NAICS code
523 (“Securities, Commodity Contracts, and Other Financial Investments and Related Activities”). Table 19 summarizes FinCEN
and OFAC's analysis of the most recent vintage of Census Bureau data

  corresponding to this NAICS code, which indicates that small business comprise the majority of the industries that are expected
  to be the primary market customers of future PPSIs.

| Primary market customer type | Approximate
number ofcustomers | NAICS code | SBA small-business threshold | Percentage considered small a | Average annual revenue of small entities b |
| --- | --- | --- | --- | --- | --- |
| Digital Exchanges | 300 | 523210 | $47 million | 70% (about 210 firms) | $5.85 million. |
| Other Investment Firms | 10,000 | 523 | $47 million | 97.7% (about 9,770 firms) | $1.55 million. |
| a To estimate the number of small entities in this sector, FinCEN and OFAC used the U.S. Census Bureau, 2022 Statistics of
U.S. Businesses Data by Enterprise Receipts Size, available at https://www.census.gov/data/tables/2022/econ/susb/2022-susb-annual.html
(“2022 SUSB Data”). FinCEN and OFAC counted the proportion of small businesses in NAICS code 523 with less than $50 million
in annual receipts (the closest available threshold). For Digital Exchanges, FinCEN used internal data. | | | | | |
| b Revenue data for NAICS code 523 and Digital Exchanges was collected from the 2022 SUSB Data and internal data. | | | | | |

ii. Estimating the Economic Impact on Small Future PPSIs

a. Small IDI Subsidiaries

As in section XII.C.2.i.a, FinCEN and OFAC are adopting by reference the applicable RFA analyses performed by the OCC, FDIC,
and NCUA. FinCEN and OFAC are relying on the data provided and determinations already made by the Agencies with respect to
the characteristics of expected future PPSIs under their jurisdictions because such agencies are better positioned to understand
the nature of their regulated entities in a manner that could reasonably inform future expectations. (511) As discussed in the Agencies' analyses, there is a general anticipation that future PPSIs that would be IDI subsidiaries would
not be able to qualify as small by virtue of the dollar amount of their own offering/issuance. Additionally, it is not clear
that the subsidiary of an institution that is not itself small would be eligible to obtain an independent designation as small.
For these reasons, it may be unlikely that a small IDI-subsidiary PPSI could exist. FinCEN and OFAC are requesting comment
on (1) the reasonableness of an expectation that a future small IDI-subsidiary PPSI might exist and, if so (2) the expected
significance of the proposed rule's economic impact on such a small entity.

b. Other PPSIs

To examine the expected impact of the proposed rule on small entities, FinCEN and OFAC used two steps: the first step estimates
the total number of small entities affected by the proposed rule, and the second step estimates the significance of this impact
on those entities.

1. Estimated Number of Small Potential PPSIs

The SBA definition of “small entity” at 13 CFR 121.201 includes businesses, nonprofits, and small government entities with
less than 50,000 residents. It is worth noting that some stablecoin issuers are organized as nonprofit entities and are included
in this count.

Based on analysis of the distribution of data described above, (512) FinCEN and OFAC are proposing a “small entity” definition that corresponds closely to the 80th percentile threshold, which
was rounded to $200 million for convenience in the proposed rule. The proposed $200 million threshold would capture approximately
84 percent of stablecoin issuers, which together hold approximately one percent of aggregate average total assets.

Using the same methods discussed earlier, (513) FinCEN and OFAC identified 25 potential future PPSIs from among these stablecoin issuers, and among these, approximately 19
had fewer than $200 million in total circulating stablecoin product values.

2. Expected Effect on FQPSIs

To contextualize the relative significance of costs associated with the proposed rule for small stablecoin issuing entities,
FinCEN and OFAC used the estimates of total assets described earlier to estimate likely revenues for such issuers. (514) As referenced earlier, (515) stablecoin issuers generally derive revenue from investment returns on their reserve holdings. As stated in the Act, PPSIs
are permitted to invest reserve funds in several different types of asset class, including government backed securities. Based
on prevailing interest rates, FinCEN and OFAC estimated that stablecoin issuers were likely to receive returns of about five
percent on invested funds. While actual returns may fluctuate and fall below or above this estimate, this value represents
an average for estimation purposes. To validate this assumption, FinCEN reviewed actual reported revenue values. While five
percent of total assets was generally within the same order of magnitude as actual reported revenue, actual revenues often
exceeded five percent.

Returns more than prevailing rates for government-issued fixed income securities can be due to several factors. First, issuers
often “over collateralize” their products, meaning that they hold larger reserve portfolios than are required to redeem every
coin at par value. This practice helps protect from market fluctuations and affords issuers greater flexibility during times
of financial stress. In such cases, stablecoin issuers have reserve portfolios that are larger than the circulating value
of their products, leading to returns in excess of those implied by multiplying their circulating value by prevailing rates
of return for common reserve investments. Stablecoin issuers may also invest excess reserves in higher-yielding products or
loans whose rates of return exceed those of government-backed securities. In addition to this, several other factors might
lead to larger returns. For example, stablecoin issuers may offer certain fee-based services to customers, and may account
for certain unrealized gains as revenue, increasing reported revenue levels.

Bearing these factors in mind, FinCEN and OFAC retained five percent of total assets as a reasonable benchmark for revenue.
This parameter was chosen to retain an estimate of revenue that does not minimize costs or possible fluctuations in returns.
By using a conservative but realistic estimate,

  FinCEN and OFAC avoid underestimating the relative impact of compliance costs associated with the proposed rule. FinCEN and
  OFAC request comment on this benchmark.

In section XII.A.4.ii.a, FinCEN and OFAC discussed the expected costs of compliance with the proposed rule for PPSIs. In that
section, the first-year incremental cost for a small PPSI was estimated to be approximately $13,737 per IDI-subsidiary PPSI
and $22,987 per non-IDI subsidiary PPSI, and approximately $5,249 per IDI-subsidiary PPSI and $13,540 per non-IDI subsidiary
PPSI in each year thereafter.

Table 20 presents FinCEN and OFAC's estimates of the share of small entity PPSIs that would experience significant impact
as a result of the estimated first-year incremental compliance costs with the proposed rule and the anticipated average compliance
costs each year thereafter. FinCEN and OFAC request public comment on the general accuracy of these estimates of the impact
to small entities. In an effort to avoid understating the effect on small entities, FinCEN and OFAC conservatively base the
calculation on the estimated costs for small non-IDI subsidiary PPSIs.

| Cost year | Modeled AML/CFT program cost | Percentage of small entities for which Year-1 AML/CFT program costs exceed 1% of modeled
revenue | Percentage of small entities for which Year-1 AML/CFT program costs exceed
3% ofmodeled revenue |
| --- | --- | --- | --- |
| 1 | $23,000 | 71 | 61 |
| 2+ | 13,700 | 68 | 39 |

c. Small Entity PPSI Customers

While a substantial number of the firms that FinCEN and OFAC anticipate would be required to provide customer information
to the PPSIs they wish to engage in direct transactions with, the cost of provisioning this information is expected to be de minimis relative to the average revenue of these firms. (516) Based on the estimated costs as described in section XII.A.4.ii.c and the average annual revenue values in table 19, the expected
cost to legal entity customers by type are .002 percent and .008 percent of revenue, respectively. Therefore, while a substantial
number of businesses may be providing information to issuers, FinCEN and OFAC do not contemplate that this requirement would
constitute a significant effect when considered in relation to their overall financial positions.

3. Other Matters: Duplicate, Overlapping, Conflicting, and Alternative Requirements

FinCEN and OFAC are unaware of any existing Federal regulations that would overlap or conflict with the proposed rule. While
FinCEN and OFAC are mindful of concurrent GENIUS Act rulemakings that are related to the proposed requirements in this rulemaking,
neither FinCEN nor OFAC anticipate a conflict between those proposed rules and this NPRM. As previously discussed in section
XII.A.2.i.d, the Agencies' proposed rules will require a prospective PPSI to include in its registration submission a certification
that the prospective PPSI has established and maintains the programs proposed in this NPRM. The Agencies' proposed rules would
also require a PPSI that has been granted its registration to continue to provide re-certification of its AML/CFT program
and its sanctions compliance program on an annual basis in the years following initial registration. Because the certification
requirements are ancillary to the actual program establishments and ongoing maintenance that the certifications attest to,
FinCEN and OFAC do not anticipate conflict with concurrently proposed regulations.

The following sections reiterate FinCEN specific alternatives that were previously discussed in section XII.A.5.i related
to the expected costs and potential benefits to small entities.

As previously referenced in section XII.A.5.i.a, FinCEN considered exempting from or modifying requirements for small entities.
In that section, FinCEN opted against this exclusion for several reasons. Firstly, because PPSI status is a voluntary designation,
small entities wishing to elsewise adhere to another regulatory standard have certain abilities to do so, and thereby not
incur the full burdens associated with the proposed PPSI requirements even without seeking and obtaining an exemption from
the Secretary. Secondly, creating some category of PPSI for small issuers that would entail lessened AML/CFT requirements
would conceivably result in the targeting of these PPSIs by illicit actors seeking to circumvent regulatory scrutiny. Lastly,
FinCEN's analysis indicates that most technology services that enable AML/CFT functions as described here are highly scalable,
allowing small PPSIs to readily identify and employ more cost-effective options.

In addition, as discussed in greater detail in section XII.A.5.b, FinCEN also considered adopting additional BOI reporting
requirements for new legal entity customers. Because many primary market customers of potential PPSIs are themselves small
businesses, such a requirement that expanded reporting requirements beyond the information that is already provided in the
ordinary course of business may have presented an incremental cost for some number of these small entities. However, as discussed
in that section, FinCEN opted not to augment these requirements for several reasons. First, many stablecoin issuers already
collect this additional information in the course of business, and are best situated to determine what, if any, additional
information is necessary to make risk-based decisions about a customer. Secondly, the absence of this information does not
exempt an issuer from the responsibility to assess the risk associated with specific customers or their transactions, and
thus it is the prerogative of the issuer to determine whether or not such additional information is necessary to conduct risk-based
screening and analysis. By not pursing this regulatory alternative, the requirements FinCEN is proposing instead would impose
lower costs on both small PPSIs and PPSI customers that are small entities.

D. Unfunded Mandates Reform Act

The UMRA requires that an agency prepare a statement before promulgating a rule that may result in expenditure by

  the state, local, and Tribal governments, in the aggregate, or by the private sector, of $193 million or more in any one year
  ($100 million in 1995, adjusted for inflation). [(517)]() Section 202 of UMRA also requires an agency to identify and consider a reasonable number of regulatory alternatives before
  promulgating a rule.

As discussed above, (518) FinCEN and OFAC have not estimated the number of potential future SQPSIs given the inherently speculative nature of such an
exercise at this time. Consequently, FinCEN and OFAC are unable to more fulsomely assess the potential burden to state, local,
and Tribal governments of the proposed rule and currently do not expect any additional expenditures by these parties as an
incremental cost of the proposed rule. However, FinCEN and OFAC's expectation that this rulemaking will not cause material
changes in State expenditures should be understood as relating only to the impact of this rulemaking and not to the impact
of the GENIUS Act writ large. The GENIUS Act envisions an active role for the States in the regulation of PPSIs as a complement
to federal regulation.

While the analysis above (519) and below (520) indicate that the proposed rule is not expected to impose incremental novel expenditures on the private sector of $193 million
or more, and hence that additional economic analysis pursuant to UMRA requirements is not strictly necessary, FinCEN and OFAC
believe that the preceding assessment of impact, generally, and consideration of policy alternatives, specifically, would
satisfy the UMRA's analytical requirements. FinCEN and OFAC invite public comment on any additional factors that, if considered,
would materially alter the conclusions of this assessment.

E. Paperwork Reduction Act

The recordkeeping and reporting requirements in the proposed rule, which qualify as “collections of information” under the
PRA, will be submitted to OMB for review in accordance with the PRA. (521) Under the PRA, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information
unless it displays a valid control number assigned by OMB. (522) Written comments and recommendations for the proposed information collection can be submitted by visiting https://www.reginfo.gov/public/do/PRAMain. Find this particular document by selecting “Currently Under Review—Open for Public Comments” or by using the search function.
Comments are welcome and must be received by June 9, 2026.

1. FinCEN

In accordance with requirements of the PRA, 44 U.S.C. 3506(c)(2)(A), and its implementing regulations, 5 CFR part 1320, the
following information concerning the collection of information as it relates to the PPSI AML/CFT requirements is presented
to assist those persons wishing to comment on the information collections. (523)

i. Description of Affected Financial Institutions and OMB Control Numbers

OMB Control Number(s): 1506-[XXXX].

Description of Affected Entities: Only those covered financial institutions defined in section 31 CFR 1010.100(t)(11) (i.e., PPSIs) would be affected.

Estimated Number of Respondents: 50 PPSIs.

FinCEN estimates an average population of approximately 50 PPSIs in each of the first three years of an effective final rule,
comprised of approximately 20 non-IDI subsidiary PPSIs and 30 IDI-subsidiary PPSIs. (524) FinCEN expects these entities to each have an average of 650 new customers annually. (525)

As this is a developing market, FinCEN acknowledges the significant uncertainty regarding the number of banks that would apply
to issue payment stablecoins, either independently or through consortia and other partnerships, or engage in other permitted
payment stablecoin activities through a subsidiary. However, as discussed earlier, FinCEN estimates that PPSIs associated
with insured depository institutions would have certain reduced AML/CFT program-related expenses due to their position within
an insured depository institution parent's existing AML/CFT program.

ii. Estimated Annual Burden Hours

FinCEN has identified nine primary cost elements resulting from the recurring recordkeeping and reporting costs associated
with the requirements of the proposed rule. These are (1) establishing and maintaining a written AML/CFT program, (2) ongoing
customer due diligence, (3) BOI-related customer due diligence, (4) CTRs, (5) SARs, (6) recordkeeping and travel rule requirements,
(7) information sharing, (8) special standards of diligence requirements, and (9) special measure requirements.

a. Recordkeeping Burden Associated With Establishing and Maintaining an AML/CFT Program

PPSIs subject to requirements in the proposed rule would need to establish and maintain an AML/CFT program that meets the
minimum requirements of the BSA. This program must be approved, stored, and produced upon request. FinCEN expects that on
average, each PPSI would spend approximately 30 hours on this activity in the first year, and approximately ten hours annually
in subsequent years.

b. Recordkeeping Burden Associated With Ongoing Customer Due Diligence

The proposed rule would require PPSIs to implement appropriate risk-based procedures for conducting ongoing customer due diligence.
Specifically, PPSIs would be required to (1) understand the nature and purpose of customer relationships for the purpose of
developing a customer risk profile and (2) conduct ongoing monitoring to identify and report suspicious transactions and,
on a risk basis, to maintain and update customer information. FinCEN estimates this activity would take an average of 50 hours
per PPSI annually.

c. Recordkeeping Burden Associated With BOI-Related Customer Due Diligence

In addition, PPSIs would be required to identify and verify beneficial owners of new accounts opened by legal entity customers.
The PPSI may obtain the required identifying information by either obtaining a prescribed certification form from the individual
opening the account on behalf of the legal entity customer, or by obtaining from the individual the information required by
the form by another means, provided the individual certifies to the

  best of the individual's knowledge the accuracy of the information.

PPSIs must maintain a record of customers' identifying information and a description of any document relied on for verification,
including a description of any non-documentary methods and results of any measures undertaken, and the resolutions of substantive
discrepancies. PPSIs would be required to retain such records used to identify each beneficial owner for five years after
the date the account is closed and would also be required to retain records used to verify the identity of each beneficial
owner for five years after the record is made.

FinCEN estimates this activity would take an average of 0.25 hours per new customer. Given an average of 650 new customers
per year, this would result in an annual burden of 162.5 hours per PPSI.

d. Recordkeeping and Reporting Burden Associated With CTRs

As discussed in section VI.C.7, entities subject to the AML/CFT program requirements of the BSA are obligated to file CTRs.
Because stablecoin issuance and redemption is typically a digital-only business, FinCEN considers costs associated with filing
CTRs to be de minimis for regulated entities. Therefore, FinCEN assigns zero cost to this requirement, but includes it here for pro forma completeness.

e. Recordkeeping and Reporting Burden Associated With SARs

Under the proposed rule, PPSIs would be required to conduct ongoing monitoring of customers' transactions and file SARs when
appropriate. In addition, PPSIs would be required to maintain copies of filed SARs and the underlying related documentation
for a period of five years from the date of filing. FinCEN utilized the findings in a recent Bank Policy Institute report
on the number of suspicious activity alerts that turned into cases (i.e., alerts that are not considered false positives) and concluded in the filing of a SAR (approximately 42 percent) to infer that
for each case filed as a SAR, approximately 1.4 cases were not filed. (526) While there is no requirement to report or retain unfiled suspicious activity alerts, FinCEN considers this activity to be
part of the overall burden of SAR reporting and recordkeeping.

FinCEN estimates that PPSIs would file a weighted annual average of 190 SAR filings and have 266 unfiled cases. With an estimated
hourly burden of 1.5 hours per SAR filing and 0.5 hours per unfiled case, together, these activities are estimated to take
418 hours annually per PPSI.

f. Recordkeeping Burden Associated With Proposed Recordkeeping and Travel Rule Requirements

The proposed rule would require PPSIs to comply with certain recordkeeping obligations, including recording and maintaining
originator and beneficiary information for certain transactions. As discussed in section XII.A.4.ii.a. 7, FinCEN expects the primary burden from these requirements to stem from compliance with proposed requirements related to the
Recordkeeping and Travel Rules which ae codified at 31 CFR 1010.410(e) and (f), respectively. The Recordkeeping and Travel
Rules respectively require financial institutions to collect and retain records for funds transfers and transmittals of funds
in amounts of $3,000 or more and to transmit information on certain funds transfers and transmittals of funds to other financial
institutions participating in the transfer or transmittal. Cumulatively, FinCEN estimates the annual recordkeeping burden
per PPSI for these requirements would be approximately 20 hours.

g. Recordkeeping Burden Associated With Information Sharing

The proposed rule would require PPSIs to implement the information sharing procedures contained in section 314(a) of the USA
PATRIOT Act. Section 314(a) requires financial institutions, upon FinCEN's request, to search their records to determine whether
they have maintained an account or conducted a transaction with a specified individual, entity, or organization that a law
enforcement agency has certified is suspected, based on credible evidence, of engaging in terrorist activity or money laundering.
FinCEN estimates the annual hourly burden of complying with the requirements under section 314(a) would be approximately one
hour for each regulated entity.

h. Recordkeeping Burden Associated With Special Standards of Diligence Requirements

Under the proposed rule, PPSIs would be required to apply enhanced due diligence for correspondent and private banking accounts.
The scope of the annual PRA burden and cost estimates in this renewal is limited to maintaining and updating the due diligence
programs as part of current AML/CFT program requirements.

Due to the practical challenges of obtaining the total number of correspondent accounts maintained for foreign financial institutions
subject to general due diligence requirements, the number of correspondent accounts maintained for foreign banks subject to
enhanced due diligence requirements, and the number of private banking accounts, the scope of the annual PRA burden is limited
to the annual burden of (1) establishing and maintaining a due diligence program as part of the AML/CFT program for foreign
correspondent accounts and private banking accounts, and (2) securing approval of the program by an appropriate level of senior
management.

FinCEN estimates the annual hourly burden of establishing and maintaining the due diligence program for foreign correspondent
accounts and private banking accounts and obtaining program approval at two hours per PPSIs. This estimate covers the burden
of (1) establishing and maintaining the due diligence program to take into consideration any regulatory changes and any potential
modifications required by changes in the types of foreign correspondent accounts or private banking accounts maintained, or
by changes in the operations or organizational structure of the foreign financial institutions for which a covered financial
institution maintains accounts, as well as changes to the organizational structure of private banking accounts (one hour),
and (2) presenting the updated due diligence program to the appropriate level of senior management of the financial institution
for approval (one hour).

i. Recordkeeping Burden Associated With Special Measure Requirements

As discussed in section VI.C.11.iii, the rule proposes that PPSIs be required to comply with special measures issued pursuant
to the sections 311, 9714(a), and 2313a to maintain the options available under these sections to protect the U.S. financial
system from certain illicit finance threats. FinCEN assumes that all 50 PPSIs would have foreign correspondent accounts and
would therefore incur costs associated with the special measures under section 311.

Consistent with the approach outlined in FinCEN's recent 60-day notice, (527) FinCEN estimates the average burden for the 20 non-IDI subsidiary PPSIs

  would be approximately eight hours in the first year for general recordkeeping activities. FinCEN assumes that the 30 IDI-subsidiary
  PPSIs would leverage the special measure processes that are already in place and would therefore each incur only a 0.5-hour
  burden in the first year. FinCEN assumes that in subsequent years, all 50 PPSIs would incur an annual 18-minute burden associated
  with notification.

j. Total Annual Burden

Tables 21 and 22 present the annual burden hours per respondent and total annual burden hours for all affected PPSIs for year
one and years two and three, respectively. (528) FinCEN estimates a three-year annual burden of 672 hours per PPSI (529) and a three-year average annual burden of 33,577 hours for all 50 PPSIs.

| Provision | Hours per
response | Number of
responses | Hours per
respondent | Number of
respondents | Total
burdenhours |
| --- | --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it
upon request) | 30 | 1 | 30 | 50 | 1,500 |
| Ongoing customer due diligence | 50 | 1 | 50 | 50 | 2,500 |
| BOI-related customer due diligence | 0.25 | 650 | 162.5 | 50 | 8,125 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 50 | 0 |
| Recordkeeping and reporting of SARs | 1.5 | 190 | 285 | 50 | 14,250 |
| Recordkeeping of unfiled suspicious activity cases | 0.5 | 266 | 133 | 50 | 6,650 |
| Recordkeeping and Travel Rule requirements | 20 | 1 | 20 | 50 | 1,000 |
| Information sharing requirements (314(a)) | 1 | 1 | 1 | 50 | 50 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 1 | 2 | 50 | 100 |
| Special measures (non-IDI subsidiary PPSIs) | 8 | 1 | 8 | 20 | 160 |
| Special measures (IDI-subsidiary PPSIs) | 0.5 | 1 | 0.5 | 30 | 15 |
| Total | | | | 50 | 34,350 |

| Provision | Hours per
response | Number of
responses | Hours per
respondent | Number of
respondents | Total
burdenhours |
| --- | --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it
upon request) | 10 | 1 | 10 | 50 | 500 |
| Ongoing customer due diligence | 50 | 1 | 50 | 50 | 2,500 |
| BOI-related customer due diligence | 0.25 | 650 | 162.5 | 50 | 8,125 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 50 | 0 |
| Recordkeeping and reporting of SARs | 1.5 | 190 | 285 | 50 | 14,250 |
| Recordkeeping of unfiled suspicious activity cases | 0.5 | 266 | 133 | 50 | 6,650 |
| Recordkeeping and Travel Rule requirements | 20 | 1 | 20 | 50 | 1,000 |
| Information sharing requirements (314(a)) | 1 | 1 | 1 | 50 | 50 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 1 | 2 | 50 | 100 |
| Special measures | 0.3 | 1 | 0.3 | 50 | 15 |
| Total | | | 664 | 50 | 33,190 |

iii. Estimated Annual Cost

Tables 23 and 24 present the average annual cost per respondent and total annual cost for all affected PPSIs for year one
and years two and three, respectively. FinCEN estimates the three-year average annual cost of recordkeeping and reporting
requirements under the proposed rule to be approximately $4.2 million, with a three-year average annual cost of $83,660 per
PPSI.

| Provision | Hours per
respondent | Average
cost perrespondent | Total
burdenhours | Total cost |
| --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it
upon request) | 30 | $3,737 | 1,500 | $186,870 |
| Ongoing customer due diligence | 50 | 6,229 | 2,500 | 311,450 |
| BOI-related customer due diligence | 162.5 | 20,244 | 8,125 | 1,012,213 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 0 |
| Recordkeeping and reporting of SARs | 285 | 35,505 | 14,250 | 1,775,265 |
| Recordkeeping of unfiled suspicious activity cases | 133 | 16,569 | 6,650 | 828,457 |
| Recordkeeping and Travel Rule requirements | 20 | 2,492 | 1,000 | 124,580 |
| Information sharing requirements (314(a)) | 1 | 125 | 100 | 6,229 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 249 | 100 | 12,458 |
| Special measures (non-IDI subsidiary PPSIs) | 8 | 997 | 160 | 19,933 |
| Special measures (IDI-subsidiary PPSIs) | 0.5 | 62 | 15 | 1,869 |
| Total | | | 34,350 | 4,279,323 |

| Provision | Hours per
respondent | Average
cost perrespondent | Total
burdenhours | Total cost |
| --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it
upon request) | 10 | $1,246 | 500 | $62,290 |
| Ongoing customer due diligence | 50 | 6,229 | 2,500 | 311,450 |
| BOI-related customer due diligence | 162.5 | 20,244 | 8,125 | 1,012,213 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 0 |
| Recordkeeping and reporting of SARs | 285 | 35,505 | 14,250 | 1,775,265 |
| Recordkeeping of unfiled suspicious activity cases | 133 | 16,569 | 6,650 | 828,457 |
| Recordkeeping and Travel Rule requirements | 20 | 2,492 | 1,000 | 124,580 |
| Information sharing requirements (314(a)) | 1 | 125 | 100 | 6,229 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 249 | 100 | 12,458 |
| Special measures | 0.3 | 37 | 15 | 18,869 |
| Total | 664 | 82,696 | 33,190 | 4,134,810 |

iv. Summary of Burden and Cost Estimates

Estimated Number of Respondents: 50 PPSIs.

Estimated Average Aggregate Annual Recordkeeping and Reporting Burden: 33,577 hours.

Estimated Average Aggregate Annual Recordkeeping and Reporting Cost: $4.18 million.

2. OFAC

In accordance with requirements of the PRA, 44 U.S.C. 3506(c)(2)(A), and its implementing regulations, 5 CFR part 1320, the
following information concerning the collection of information as it relates to the proposed PPSI sanctions compliance program
requirements is presented to assist those persons wishing to comment on the information collections. (530)

OFAC will submit a request for a new OMB control number for some of the specific, new information collection and recordkeeping
requirements for PPSIs to maintain an effective sanctions compliance program under this proposed rulemaking to implement the
GENIUS Act. OFAC is proposing a new part 502 to chapter V of the CFR entitled the “Payment Stablecoin Effective Sanctions
Compliance Program Regulations” to effectuate the GENIUS Act's effective sanctions program requirement. The proposed information
collection covered by this notice includes some of the requirements for an effective sanctions compliance program to be maintained
by PPSIs. Even though the proposed sanctions compliance program prescribed five categories of requirement, only two are expected
to engender recordkeeping burdens for purposes of the PRA: (1) internal controls (including maintaining written policies and
procedures and certification of PPSI status) and (2) maintaining the records of results from testing and auditing and any
enhancements identified for the sanctions compliance program will be covered by this information collection. Because a recordkeeping
burden associated with the internal controls requirements of the anti-money laundering/counter-terrorist financing (AML/CFT)
program is already accounted for under FinCEN's requested new OMB control number 1506-[XXXX], no additional burden is assigned
here to avoid double counting activities that may have substantial functional overlap. The only cost and burden calculation
itemized below pertains to the requirement to maintain the records of the results of, and any enhancements made following
the testing and auditing mandated by the proposed rule for a PPSI's sanctions compliance program.

i. Description of Impacted Financial Institutions and OMB Control Numbers

The likely respondents and recordkeepers affected by the information collections covered by this authority are PPSIs. OFAC's
current annual assessment of burden considers the number and type of information collection and recordkeeping requirements
necessary for record retention under testing and auditing controls to maintain an effective sanctions compliance program for

  PPSIs. The submissions covered by this information collection will be reviewed by the U.S. Department of the Treasury and
  may be used for sanctions reconsiderations and other regulatory or administrative actions by OFAC under its authorities.

OFAC will submit a request for a new OMB control number for the new recordkeeping requirements for testing and auditing for
PPSIs to maintain a sanctions compliance program under this proposed rulemaking to implement the GENIUS Act. The internal
controls burden is part of broader overall AML/CFT internal controls and are therefore accounted for under FinCEN's requested
new OMB control number 1506-[XXXX].

ii. Estimated Annual Burden Hours

OFAC estimates that the average time for information collection for the recordkeeping requirements under the sanctions compliance
program testing and auditing elements to be 100 hours for the industry.

iii. Estimated Annual Cost

The estimated total annual reporting burden associated with the information collections authorized under this authority is
expected to cost approximately $12,458 for the industry.

iv. Summary of Burden and Cost Estimates

The estimated total annual reporting burden associated with the information collections authorized under this authority is
expected to cost approximately $12,458 for the industry. Under this information collection, the estimated annual frequency
of retaining record for audit and testing is once per year. OFAC's estimate for the number of unique entities annually is
approximately 50 PPSIs. OFAC estimates that the average time for information collection and recordkeeping requirements to
be 100 hours for industry.

3. General Request for Comments Under the Paperwork Reduction Act

Comments submitted in response to this proposed rule will be summarized and included in a request for OMB approval. All comments
will become a matter of public record. FinCEN and OFAC invite comments on: (1) whether the collection of information is necessary
for the proper performance of the mission of FinCEN and OFAC, including whether the information shall have practical utility;
(2) the accuracy of FinCEN and OFAC's estimate of the burden of the collection of information; (3) ways to enhance the quality,
utility, and clarity of the information to be collected; (4) ways to minimize the burden of the collection of information
on reporting persons, including through the use of technology; and (5) estimates of capital or start-up costs and costs of
operation, maintenance, and purchase of services required to provide information.

F. Additional Requests for Comment

1. This RIA utilizes an assumption of presumed compliance with baseline regulatory requirements. Is there any reason to alternatively
   expect that the proposed rule, if adopted as a final rule, would independently alter the likelihood that a previously non-complaint
   entity would newly seek to come into compliance? If so, how would this alter the current expected balance of benefits to costs
   of the rule as proposed? Please provide data, studies, or anecdotal evidence that FinCEN and OFAC should take into consideration.

2. The assumption that all potential PPSIs would either be (1) affiliated with depository institutions as a subsidiary or
   as part of consortium or (2) successors to entities already registered as MSBs is foundational to FinCEN and OFAC's assessment
   of the incremental changes the proposed rule would introduce. Is this assumption reasonable? Additionally, is the projected
   distribution of 60 percent IDI-subsidiary PPSIs and 40 percent non-IDI subsidiary PPSIs reasonable? If not, are there specific
   sources of empirical evidence or data that would suggest these assumptions should be revised? Please provide data, studies,
   or anecdotal evidence that would support the suggested alternative assumptions.

3. FinCEN and OFAC's estimate of the population of potential PPSIs incorporates certain assumptions about the willingness
   and/or likelihood of current stablecoin issuers to change certain features of their present product offerings to meet PPSI
   product requirements. Are there concerns about the reasonableness of this approach? Please provide data, studies, or any other
   information that might inform a more accurate assessment of how likely current stablecoin issuers are to change PPSI-disqualifying
   features or launch alternative products.

4. FinCEN and OFAC assume a total affected population of approximately 50 PPSIs on average in each of the first three years
   of an effective final rule. Are FinCEN and OFAC's implied assumptions regarding market entry and attrition rates and the resulting
   population estimate reasonable? If not, please provide data, studies, or reports that would enhance FinCEN and OFAC's ability
   to estimate the expected size of the affected population.

5. The RIA in this NPRM does not include a forecasted population of potential future SQPSIs as a specific category of PPSIs
   due to limitations in data availability. Please provide data, studies, or anecdotal evidence that would enable analysis of
   the potential effects of the proposed requirements on SQPSIs, generally, and small SQPSIs in particular.

6. Stablecoin issuers, or potential stablecoin issuers, can seek PPSI status through various paths, including as a subsidiary
   of a depository institution, an uninsured national bank, or as another subtype of FQPSI or as a SQPSI. How likely are stablecoin
   issuers to choose each path?

7. FinCEN and OFAC formed certain expectations about the number of primary market customers a typical PPSI would have based
   on data regarding current stablecoin issuers. Are there other sources of data or other methods to more accurately estimate
   how many unique primary market customers a typical issuer of payment stablecoin-like products interacts with? What costs do
   these stablecoin issuers face in collecting customer information from these entities? How many of these customers are new
   to the issuer on an annual basis?

8. FinCEN and OFAC have conservatively assumed that the majority of future PPSI customers would either be financial institutions
   that trade a broad range of stablecoin products as part of their investment portfolios or digital asset exchanges that provide
   off-chain liquidity to retail customers for a similarly broad range of stablecoin products, and that these PPSI customers
   would each need to provide information about themselves to a PPSI once per year. How reasonable are these assumptions and
   expectations? How many new issuing/redeeming relationships do current primary market customers for payment stablecoin-like
   products typically initiate on an annual basis?

9. Are there other distinct, identifiable subpopulations of the general public that could reasonably be expected to be directly
   affected by the proposed rules and should have been separately considered in the RIA? To what extent could their exclusion
   have substantive effects on the RIA's assessment of economic impact? Please provide data, studies, or reports that would enhance
   FinCEN or OFAC's ability to identify and quantify such effects.

10. FinCEN and OFAC imposed certain conservative assumptions about the incremental costs of implementing

    technology to block, freeze, and reject stablecoin transactions, while recognizing in their assessment of current market practices
    that the proposed requirements would not represent an incremental cost for many stablecoin issuers who appear to already have
    this technology. How common is this technology to stablecoin issuers? How costly is it, and do costs recur on an annual basis?
    Is there a substantive difference in costs to obtain and/or retrofit such technology after a stablecoin has already been issued?

11. Please provide data on the number of hours or specific costs associated with current stablecoin issuers' review of suspicious
    activity and SAR reporting. How generalizable are the data points provided to expected future PPSIs?

12. FinCEN and OFAC assume that many stablecoin issuers may have incentives to become PPSIs but did not have sufficient information
    to quantify these when analyzing the expected benefits of the proposed rule. Please describe any incentives that would be
    driving factors in a stablecoin issuer's decision to apply for PPSI status and, if applicable and to the extent feasible,
    include the expected magnitude of anticipated financial or economic benefit to the stablecoin issuer and comment on the generalizability
    to other similar issuers.

13. Are there any additional cost categories associated with establishment and maintenance of the proposed AML/CFT programs
    and/or the proposed sanctions compliance program that FinCEN and OFAC have failed to consider? If so, please describe. To
    what extent would a failure to separately consider these costs affect the conclusions of the RIA?

14. FinCEN and OFAC assumed that many of the same resources would be utilized by PPSIs to provide and complete the sanctions
    compliance program-specific training and AML/CFT training that the proposed rules would require. Is this a reasonable assumption?
    If not, please provide data, studies, or anecdotal evidence that would support an alternative assumption.

15. FinCEN and OFAC's assessment of economic impact assumes future PPSIs would incur lower training implementation costs relative
    to other financial institutions with larger employee bases and broader arrays of clients, like traditional banks or broker-dealers.
    Is this a reasonable assumption? If not, please provide data, studies, or anecdotal evidence that would support an alternative
    assumption.

16. FinCEN and OFAC request comment on the alternative policy options presented and their anticipated economic effect.

17. The economic expectation that the proposed rule may have a significant economic impact on a substantial number of certain
    types of potentially affected small entities is sensitive to key assumptions about how potentially affected financial institutions
    would respond to the proposed requirements. FinCEN and OFAC request comment on whether it would instead be more reasonable
    to certify that the proposed rule would not have a significant economic impact on a substantial number of small entities.

18. FinCEN and OFAC are requesting comment on the reasonableness of an expectation that, in the future, small IDI-subsidiary
    PPSI would exist. Are there data, studies, or anecdotal information that would suggest these kinds of PPSIs should be expected?
    If so, please comment on the expected population size and the anticipated significance of the proposed rule's economic impact
    on such small entities.

19. In the IRFA, FinCEN and OFAC utilized a threshold of less than $200 million in total reserve assets to define a small
    non-bank payment stablecoin issuer. Please comment on the general soundness of this approach and/or suggest additional methodologies
    to the extent that an alternative approach would have been more appropriate.

20. In the IRFA, FinCEN and OFAC estimated firms' revenue for non-IDI subsidiary potential PPSIs as five percent of total
    reserve assets. Please comment on the general soundness of this approach and/or suggest additional methodologies to the extent
    that an alternative approach would have been more appropriate.

21. FinCEN and OFAC do not anticipate that the proposed rule would result in novel incremental aggregate expenditures by State,
    local, or Tribal governments, or by the private sector of $193 million or more in any one year. Is there any empirical evidence
    that could be used to support expectations to the contrary? If so, what studies, data, or anecdotal evidence should have been
    taken into consideration?

22. Which states are likely to take action in response to this proposed rule, and what actions are states likely to take?
    Please provide data, studies, reports, or anecdotal evidence that would enhance FinCEN and OFAC's ability to identify and
    quantify such effects.

23. Should FinCEN reconsider the potential for standalone incremental economic effects attributable to the definitions as
    proposed in section VI.C.1, collectively or individually, in the context of the requirements proposed in this NPRM? If so,
    please describe the effects anticipated and their expected economic significance.

24. Are FinCEN's analyses of the average costs for each component the AML/CFT framework as outlined in section XII.A.4.ii.a
    an accurate reflection of the costs faced by current issuers of products that resemble future payment stablecoins? If not,
    are there specific sources of empirical evidence or data that would suggest these burden estimates should be revised? Please
    provide data, studies, or anecdotal evidence that would support any suggested revisions. Are there reasons to expect that
    the cost profile for future PPSIs would substantively differ from the cost profile for current comparable stablecoin issuers?

25. FinCEN assumed that some PPSIs would interact with foreign banking entities as primary market customers and may therefore
    incur costs associated with special standards of diligence and/or the imposition of certain special measures and therefore
    conservatively assigned the related expected compliance burden to all expected future PPSI in its cost models. Is this a reasonable
    approach? If not, what share of stablecoin issuers should be expected to interact with foreign entities as primary market
    customers? Please provide data, studies, or anecdotal evidence that would enhance FinCEN's ability to estimate the affected
    population.

26. Are there any additional, distinct categories of cost associated with the establishment and maintenance of an AML/CFT
    program or otherwise associated with ensuring compliance with the proposed AML/CFT program requirements that FinCEN should
    have articulated and separately taken into consideration? If so, please discuss the extent to which failure to include such
    considerations would materially alter FinCEN's conclusions or expectations of economic impact.

27. Please provide comments on the policy alternatives FinCEN considered. In particular, do FinCEN's expectations about the
    anticipated balance of costs to benefits of the alternatives considered relative to the rule, as proposed, comport with market
    expectations?

28. For the purposes of this economic analysis, is it appropriate for OFAC to estimate the incremental effects of the proposed
    rule based on the presumption of full compliance by U.S. persons with sanctions law as currently administered by OFAC?

29. Should OFAC reconsider the potential for standalone incremental economic effects attributable to the

    definitions as proposed in section VII.C, collectively or individually, in the context of the requirements proposed in this
    NPRM? If so, please describe the effects anticipated and their expected economic significance.

30. OFAC considers that in practice, regulated persons do not typically maintain sanctions compliance as a standalone function
    but operationalize sanctions compliance as an integrated component of an entity's broader AML compliance framework, and therefore
    combine the costs associated with sanctions compliance with AML frameworks. Is this a reasonable assumption?

31. OFAC estimated that retaining records for both audit activities and enhancements made to sanctions compliance programs
    would require only a couple of hours annually. How reasonable is this estimate?

32. Are there any additional, distinct categories of cost associated with the establishment and maintenance of a sanctions
    compliance program or otherwise associated with ensuring compliance with the proposed rule that OFAC should have articulated
    and separately taken into consideration? If so, please describe.

33. OFAC's analysis notes that its proposed rule will not create incremental costs for primary market customers of PPIs. Is
    OFAC's analysis reasonable? If not, please provide defensible methods or data, studies, or anecdotal evidence that OFAC could
    use to estimate the economic burden its proposed rule would have on direct customers of PPSIs.

List of Subjects

Administrative practice and procedure, Banks, Banking, Blocking of assets, Credit, Foreign trade, Payment stablecoins, Penalties,
Permitted payment stablecoin issuer, Reporting and recordkeeping requirements, Sanctions, Securities, Services.

Administrative practice and procedure, Authority delegations (Government agencies), Banks, banking, Brokers, Business and
industry, Citizenship and naturalization, Commodity futures, Crime, Currency, Electronic filing, Federal savings associations,
Foreign persons, Holding companies, Indian—law, Indians, Insurance companies, Intergovernmental relations, Investigations,
Law enforcement, Penalties, Reporting and recordkeeping requirements, Small businesses, Securities, Terrorism.

Administrative practice and procedure, Banks, banking, Business and industry, Electronic filing, Foreign persons, Investigations,
Law enforcement, Reporting and recordkeeping requirements, Terrorism.

For the reasons stated in the preamble, the Office of Foreign Assets Control proposes to amend 31 CFR chapter V and the Financial
Crimes Enforcement Network proposes to amend 31 CFR chapter X as follows:

Title 31—Money and Finance: Treasury

CHAPTER V—OFFICE OF FOREIGN ASSETS CONTROL, DEPARTMENT OF THE TREASURY

1. Add part 502 to read as follows:

PART 502—PERMITTED PAYMENT STABLECOIN ISSUER EFFECTIVE SANCTIONS COMPLIANCE PROGRAM REGULATIONS

Subpart A—General Provisions

Sec. 502.101 Relation of this part to other laws and regulations. 502.102 Records and reports. 502.103 Procedures. 502.104 Paperwork Reduction Act notice.

Subpart B—Effective Sanctions Compliance Program Requirements

Sec. 502.201 Effective sanctions compliance program requirements for permitted payment stablecoin issuers. 502.202 [Reserved]

Subpart C—General Definitions

Sec. 502.301 Knowingly. 502.302 OFAC. 502.303 Payment stablecoin-related activity. 502.304 Permitted payment stablecoin issuer; PPSI.

Subpart D—Penalties

Sec. 502.401 Penalties. 502.402 Referral to United States Department of Justice; administrative collection measures.

Authority:

3 U.S.C. 301; 12 U.S.C. 5901-5916; 18 U.S.C. 2339B; 19 U.S.C. 3901-3913; 21 U.S.C. 1901-1908; 31 U.S.C. 321(b); 50 U.S.C.
1701-1706, 4301-4341; Pub. L. 101-410, 104 Stat. 890, as amended (28 U.S.C. 2461 note).

Subpart A—General Provisions

§ 502.101 Relation of this part to other laws and regulations. This part is separate from, and independent of, the other parts of this chapter, with the exceptions of part 501 of this chapter,
which includes recordkeeping and reporting requirements and other procedures that apply to this part. Actions taken pursuant
to part 501 of this chapter with respect to the provisions contained in this part are considered actions taken pursuant to
this part. Differing foreign policy and national security circumstances may result in differing interpretations of similar
language among the parts of this chapter. No license or authorization contained in or issued pursuant to other parts of this
chapter excuses any requirement of this part. No license or authorization contained in or issued pursuant to any other provision
of law or regulation excuses any requirement of this part.

§ 502.102 Records and reports. (a) For provisions relating to required records and reports, see part 501, subpart C, of this chapter. Recordkeeping and reporting
requirements imposed by part 501 of this chapter with respect to requirements contained in this part are considered requirements
arising pursuant to this part.

(b) A permitted payment stablecoin issuer shall provide upon request to OFAC, or its designee, any and all certifications
submitted to its primary Federal payment stablecoin regulator or State payment stablecoin regulator that the permitted payment
stablecoin issuer has implemented an economic sanctions compliance program pursuant to 12 U.S.C. 5904(i)(1).

§ 502.103 Procedures. For procedures relating to administrative decisions, rulemaking, and requests for documents pursuant to the Freedom of Information
and Privacy Acts (5 U.S.C. 552 and 552a), see part 501, subpart E, of this chapter.

§ 502.104 Paperwork Reduction Act notice. OFAC is seeking approval by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C.
3507) for a new OMB control number for the specific, new recordkeeping requirements for permitted payment stablecoin issuers
that are required to maintain an effective sanctions compliance program under this proposed rule. Other information collection
and recordkeeping requirements pursuant to any OFAC sanctions program are approved by OMB under control number 1505-0164 and
contained in § 501.901 of this chapter. An agency may not conduct or sponsor a collection of information unless it displays
a valid control number assigned by OMB.

Subpart B—Effective Sanctions Compliance Program Requirements

§ 502.201 Effective sanctions compliance program requirements for permitted payment stablecoin issuers. (a) Each permitted payment stablecoin issuer (PPSI) is required to maintain an effective sanctions compliance program (SCP).

(b) An effective SCP is one that is risk-based and reasonably designed to ensure compliance with all applicable U.S. sanctions.
It shall include, at a minimum:

(1) Senior management and organizational commitment. A PPSI's senior management shall review and approve the SCP and support the SCP's effective implementation, including by ensuring
the SCP, at a minimum:

(i) Applies to all payment stablecoin-related activity;

(ii) Has sufficient resources, including necessary investments in human capital, expertise, and information technology to
carry out the activities described in paragraphs (b)(2) through (b)(5) of this section;

(iii) Is fully integrated into the PPSI's ongoing stablecoin-related operations;

(iv) Routinely provides risk updates, including testing results, to senior management and other appropriate stakeholders within
the organization; and

(v) Provides sufficient authority and autonomy to the PPSI's compliance function to manage effectively U.S. sanctions risks
for the entire organization.

(2) Risk assessments. Each PPSI shall:

(i) Conduct holistic assessments of U.S. sanctions risks at appropriate intervals. Such assessments should analyze all payment
stablecoin-related activity and consider, among other relevant factors, a PPSI's customer base, its size and complexity, direct
and indirect points of contact with foreign persons or persons residing in foreign jurisdictions, and specific products and
services.

(ii) Use its risk assessments to inform the operation of its SCP, including by revising internal controls and training as
appropriate; and

(iii) Revise risk assessments as appropriate to account for any identified U.S. sanctions violations or deficiencies; new
products, services, mergers, or acquisitions; and any other factors that may affect the PPSI's risk profile.

(3) Internal Controls. Each PPSI shall:

(i) Establish and maintain a system of risk-based internal controls, including technical capabilities and written policies
and procedures, applicable to all payment stablecoin-related activity, whether on the primary or secondary market, that:

(A) Identifies any payment stablecoin-related activity that is or may be prohibited by U.S. sanctions;

(B) Blocks or rejects, as applicable, any payment stablecoin-related activity that violates or would violate U.S. sanctions;

(C) Provides reports to OFAC as required, including those described in § 502.102(b) and part 501 of this chapter; and

(D) Retains relevant records in accordance with OFAC recordkeeping obligations, including those described in part 501 of this
chapter.

(ii) Document the internal controls described in paragraph (b)(3)(i) of this section in writing and clearly communicate them
to all relevant personnel and stakeholders; and

(iii) Routinely review and revise the internal controls described in paragraph (b)(3)(i) by:

(A) Taking timely and appropriate action to remediate any identified gaps or deficiencies; and

(B) Ensuring the internal controls effectively address current, new, amended, or updated U.S. sanctions authorities and applicable
U.S. sanctions risks, which may include addressing risks identified in the PPSI's risk assessments or in advisories, alerts,
or notices issued by the Department of the Treasury or other relevant U.S. government agencies.

(4) Testing and Auditing. Each PPSI shall:

(i) Establish and maintain an independent testing or audit function, accountable to senior management, with sufficient resources,
expertise, and authority to identify U.S. sanctions compliance-related weaknesses and deficiencies;

(ii) Ensure that qualified personnel routinely perform comprehensive, independent, and objective testing or auditing of the
effectiveness of the SCP and its functions;

(iii) Utilize test and audit results as appropriate to identify and implement any needed updates or enhancements to the SCP;
and

(iv) Maintain, and provide upon request to OFAC, records of the results and enhancements described in paragraph (b)(4)(iii)
of this section.

(5) Training. Each PPSI shall establish and maintain a risk-based sanctions compliance training program that is:

(i) Performed at least annually and with a frequency appropriate to the PPSI's risk assessments and risk profile;

(ii) Provided to all relevant personnel and stakeholders;

(iii) Appropriately tailored to each trainee's role and responsibilities;

(iv) Modified to reflect risk assessment findings and identified deficiencies, including testing and audit findings or following
identified violations of U.S. sanctions; and

(v) Designed to include easily accessible resources and materials for all relevant personnel and stakeholders.

§ 502.202 [Reserved]

Subpart C—General Definitions

§ 502.301 Knowingly. The term knowingly, with respect to conduct, a circumstance, or a result, means that a person has actual knowledge, or should have known, of the
conduct, the circumstance, or the result.

§ 502.302 OFAC. The term OFAC means the Department of the Treasury's Office of Foreign Assets Control.

§ 502.303 Payment stablecoin-related activity. The term payment stablecoin-related activity includes issuing, trading, holding, transacting, transferring, redeeming, or any other activity involving a payment stablecoin
issued by a permitted payment stablecoin issuer from the time of issuance until the payment stablecoin's removal from circulation,
whether on the primary or secondary market, including through redemption or by any other means.

§ 502.304 Permitted payment stablecoin issuer; PPSI. The term permitted payment stablecoin issuer or PPSI means an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business
entity, incorporated or unincorporated, that is formed in the United States and is:

(a) A subsidiary of either an insured depository institution, as defined in section 3 of the Federal Deposit Insurance Act,
12 U.S.C. 1813, or an insured credit union, as defined in section 101 of the Federal Credit Union Act, 12 U.S.C. 1752, that
has been approved to issue payment stablecoins, as defined in section 2(22) of the GENIUS Act, by a primary Federal payment
stablecoin regulator, as defined in section 2(25) of the GENIUS Act;

(b) A Federal qualified payment stablecoin issuer, as defined in section 2(11) of the GENIUS Act; or

(c) A State qualified payment stablecoin issuer, as defined in section 2(31) of the GENIUS Act.

Subpart D—Penalties

§ 502.401 Penalties. (a) Material Violations. A permitted payment stablecoin issuer (PPSI) that materially violates the requirement to maintain an effective sanctions compliance
program (SCP), as described in § 502.201, shall be liable for a civil penalty of not more than $100,000 for each day during
which the violation continues.

(b) Knowing Violations. In addition to the penalties described in paragraph (a) of this section, a PPSI who knowingly violates the requirement to
maintain an effective SCP, as described in § 502.201 of this chapter, shall be liable for a civil penalty of not more than
an additional $100,000 for each day during which the violation continues.

§ 502.402 Referral to United States Department of Justice; administrative collection measures. In the event that the violator does not pay the penalty imposed pursuant to this part or make payment arrangements acceptable
to the Director of the Office of Foreign Assets Control, the matter may be referred for administrative collection measures
by the Department of the Treasury or to the United States Department of Justice for appropriate action to recover the penalty
in a civil suit in a federal district court.

Title 31—Money and Finance: Treasury

CHAPTER X—FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY

PART 1010—GENERAL PROVISIONS

1. The authority citation for part 1010 is revised to read as follows:

Authority:

12 U.S.C. 1829b, 1951-1959, and 5901-5916; 31 U.S.C. 5311-5314 and 5316-5336; title III, sec. 314, Pub. L. 107-56, 115 Stat.
307; sec. 2006, Pub. L. 114-41, 129 Stat. 458-459; sec. 701, Pub. L. 114-74, 129 Stat. 599; sec. 6403, Pub. L. 116-283, 134
Stat. 3388.

1. Revising § 1010.100 by:

a. Revising and republishing paragraph (t)(9) and (t)(10);

b. Adding paragraph (t)(11);

c. Revising and republishing paragraph (ff)(8)(ii) and (ff)(8)(iii);

d. Adding paragraph (ff)(8)(iv);

e. Revising and republishing paragraph (bbb)(1);

f. Revising and republishing paragraph (eee); and

g. Adding paragraphs (nnn), (ooo), (ppp), (qqq), (rrr), (sss), (ttt), (uuu), (vvv), (www), and (xxx).

The revisions, republications, and additions read as follows:

§ 1010.100 General definitions. * * * * *

(t) * * *

(9) An introducing broker in commodities;

(10) A mutual fund; or

(11) A permitted payment stablecoin issuer.

---

(ff) * * *

(8) * * *

(ii) A person registered with, and functionally regulated for examined by, the SEC or the CFTC, or a foreign financial agency
that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to
be registered with the SEC or CFTC;

(iii) A permitted payment stablecoin issuer; or

(iv) A natural person who engages in an activity identified in paragraphs (ff)(1) through (ff)(5) of this section on an infrequent
basis and not for gain or profit.

---

(bbb) * * *

(1) Except as provided in paragraph (bbb)(2) of this section, transaction means a purchase, sale, loan, pledge, gift, transfer,
delivery, or other disposition, and with respect to a financial institution includes a deposit, withdrawal, transfer between
accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or
other monetary instrument, security, contract of sale of a commodity for future delivery, option on any contract of sale of
a commodity for future delivery, option on a commodity, purchase or redemption of any money order, payment or order for any
money remittance or transfer, purchase or redemption of casino chips or tokens, or other gaming instruments, an issuance or
redemption of a payment stablecoin, or any other payment, transfer, or delivery by, through, or to a financial institution,
by whatever means effected.

---

(eee) Transmittal order. The term transmittal order includes a payment order and is an instruction of a sender to a receiving financial institution,
transmitted orally, electronically, or in writing, to pay, or cause another financial institution or foreign financial agency
to pay, a fixed or determinable amount of money or payment stablecoin to a recipient if:

---

(nnn) [Reserved]

(ooo) [Reserved]

(ppp) Digital asset. Any digital representation of value that is recorded on a cryptographically secured distributed ledger.

(qqq) Distributed ledger. A technology in which data is shared across a network that creates a public digital ledger of verified transactions or information
among network participants and cryptography is used to link the data to maintain the integrity of the public ledger and execute
other functions.

(rrr) Lawful order. A lawful order is any final and valid writ, process, order, rule, decree, command, or other requirement issued or promulgated
under Federal law, issued by a court of competent jurisdiction or by an authorized Federal agency pursuant to its statutory
authority, that:

(1) Requires an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other
business entity, incorporated or unincorporated, to seize, freeze, burn, or prevent the transfer of payment stablecoins it
issued;

(2) Specifies the payment stablecoins or accounts subject to blocking with reasonable particularity; and

(3) Is subject to judicial or administrative review or appeal as provided by law.

(sss) Payment stablecoin.

(1) In general. A digital asset (i) that is, or is designed to be, used as a means of payment or settlement; and (ii) the issuer of which:

(A) Is obligated to convert, redeem, or repurchase for a fixed amount of monetary value, not including a digital asset denominated
in a fixed amount of a monetary value; and

(B) Represents that such issuer will maintain, or create the reasonable expectation that it will maintain, the digital asset
at a stable value relative to the value of a fixed amount of monetary value.

(2) Exceptions. A payment stablecoin does not include a digital asset that:

(i) Is a national currency;

(ii) Is a deposit (as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813)), including a deposit recorded
using distributed ledger technology; or

(iii) Is a security, as defined in section 2 of the Securities Act of 1933 (15 U.S.C. 77b), section 3 of the Securities Exchange
Act of 1934 (15 U.S.C. 78c), or section 2 of the Investment Company Act of 1940 (15 U.S.C. 80a-2).

(3) For purposes of this definition the term—

(i) National currency means each of the following—

(A) A Federal Reserve note (as the term is used in the first undesignated paragraph of section 16 of the Federal Reserve Act
(12 U.S.C. 411)); or

(B) A medium of exchange currently authorized or adopted by a domestic or foreign government, including a monetary unit of
account established by an intergovernmental organization or by agreement between two or more countries that is:

(1) Standing to the credit of an account with a Federal Reserve Bank;

(2) Issued by a foreign central bank; or

(3) Issued by an intergovernmental organization pursuant to an agreement by two or more governments; and

(ii) Monetary value means national currency or deposit (as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813)) denominated
in a national currency.

(ttt) Permitted payment stablecoin issuer. An individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business
entity, incorporated or unincorporated formed in the United States that is:

(1) (i) A subsidiary of an insured depository institution that has been approved to issue payment stablecoins by a primary
Federal payment stablecoin regulator; or

(ii) A subsidiary of an insured credit union that has been approved to issue payment stablecoins by a primary Federal payment
stablecoin regulator;

(2) A Federal qualified payment stablecoin issuer; or

(3) A State qualified payment stablecoin issuer.

(uuu) Primary Federal payment stablecoin regulator.

(1) For a subsidiary of an insured depository institution, as described in paragraph (ttt)(1)(i) of this section, the appropriate
Federal banking agency of such insured depository institution;

(2) For an insured credit union or a subsidiary of an insured credit union, as described in paragraph (ttt)(1)(ii), the National
Credit Union Administration;

(3) For a State chartered depository institution, not covered in subparagraph (1), the Federal Deposit Insurance Corporation,
the Office of the Comptroller of the Currency, or the Board of Governors of the Federal Reserve System; or

(4) For a Federal qualified payment stablecoin issuer, the Office of the Comptroller of the Currency.

(vvv) Federal qualified payment stablecoin issuer. An entity that is approved by the Office of the Comptroller of the Currency under 12 U.S.C. 5904 to issue payment stablecoins
and is either—

(1) A nonbank entity;

(2) An uninsured national bank; or

(3) A Federal branch.

(www) State payment stablecoin regulator. A State agency that has the primary regulatory and supervisory authority in such State over entities that issue payment stablecoins.
For purposes of this definition, the term State includes each State and each Territory and Insular Possession.

(xxx) State qualified payment stablecoin issuer. An entity that:

(1) Is legally established under the laws of a State or Territory and Insular Possession and approved to issue payment stablecoins
by a State payment stablecoin regulator; and

(2) Is not an uninsured national bank chartered by the Office of the Comptroller of the Currency pursuant to title LXII of
the Revised Statutes; a Federal branch, or an insured depository institution (as described in paragraph (ttt)(1) of this section),
or a subsidiary, of such national bank, Federal branch, or insured depository institutions.

1. In § 1010.230, revise and republish paragraphs (b)(2) and (c) to read as follows:

§ 1010.230 Beneficial ownership requirements for legal entity customers. * * * * *

(b) * * *

(2) Verify the identity of each beneficial owner identified to the covered financial institution, according to risk-based
procedures to the extent reasonable and practicable. At a minimum, these procedures must contain the elements required for
verifying the identity of customers that are individuals under § 1020.220(a)(2) of this chapter (for banks); § 1023.220(a)(2)
of this chapter (for brokers or dealers in securities); § 1024.220(a)(2) of this chapter (for mutual funds); § 1026.220(a)(2)
of this chapter (for futures commission merchants or introducing brokers in commodities); or for permitted payment stablecoin
issuers procedures that enable the permitted payment stablecoin issuer to form a reasonable belief that it knows the true
identity of each individual, including procedures that contain the elements of § 1020.220(a)(2); provided, that in the case
of documentary verification, the financial institution may use photocopies or other reproductions of the documents listed
in paragraph (a)(2)(ii)(A)(1) of § 1020.220 of this chapter (for banks); § 1023.220 of this chapter (for brokers or dealers in securities); § 1024.220
of this chapter (for mutual funds); § 1026.220 of this chapter (for futures commission merchants or introducing brokers in
commodities), or for permitted payment stablecoin issuers for an individual, an unexpired government-issued identification
evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport;
and for a person other than an individual (such as a corporation, partnership, or trust), documents and any amendments thereto
showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a
partnership agreement, or a trust instrument. A covered financial institution may rely on the information supplied by the
legal entity customer regarding the identity of its beneficial owner or owners, provided that it has no knowledge of facts
that would reasonably call into question the reliability of such information.

(c) Account. For purposes of this section, account has the meaning set forth in § 1020.100(a) of this chapter (for banks); § 1023.100(a) of this chapter (for brokers or dealers
in securities); § 1024.100(a) of this chapter (for mutual funds); § 1026.100(a) of this chapter (for futures commission merchants
or introducing brokers in commodities); and for permitted payment stablecoin issuers a formal relationship between a customer
and a permitted payment stablecoin issuer established to provide or engage in services, dealings, or other financial transactions.

---

1. In § 1010.410:

a. Removing the word “or” at the end of paragraph (e)(6)(i)(H) and (I);

b. Revising and republishing paragraph (e)(6)(i)(J); and

c. Adding paragraph (e)(6)(i)(K).

The removal, revisions, republications, and additions read as follows:

§ 1010.410 Records to be made and retained by financial institutions. * * * * *

(e) * * *

(6) * * *

(i) * * *

(J) A mutual fund; or

(K) A permitted payment stablecoin issuer; and

1. In § 1010.605:

a. Revising and republishing (c)(2)(i), (ii), (iii), and (iv);

b. Adding paragraph (c)(2)(v);

c. Removing the word “and” at the end of paragraph (e)(1)(iii);

d. Revising and republishing (e)(1)(iv); and

e. Adding paragraph (e)(1)(v).

The revisions, republications, and additions read as follows:

§ 1010.605 Definitions. * * * * *

(c) * * *

(2) * * *

(i) As applied to banks (as set forth in paragraphs (e)(1)(i) through (v) of this section):

(A) * * *

(ii) As applied to brokers or dealers in securities (as set forth in paragraph (e)(1)(ii) of this section) means any formal
relationship established with a broker or dealer in securities to provide regular services to effect transactions in securities,
including, but not limited to, the purchase or sale of securities and securities loaned and borrowed activity, and to hold
securities or other assets for safekeeping or as collateral;

(iii) As applied to futures commission merchants and introducing brokers (as set forth in paragraph (e)(1)(iii) of this section)
means any formal relationship established by a futures commission merchant to provide regular services, including, but not
limited to, those established to effect transactions in contracts of sale of a commodity for future delivery, options on any
contract of sale of a commodity for future delivery, or options on a commodity;

(iv) As applied to mutual funds (as set forth in paragraph (e)(1)(iv) of this section) means any contractual or other business
relationship established between a person and a mutual fund to provide regular services to effect transactions in securities
issued by the mutual fund, including the purchase or sale of securities; and

(v) As applied to permitted payment stablecoin issuers (as set forth in paragraph (e)(1)(v) of this section) means any formal
relationship established by a permitted payment stablecoin issuer to provide regular services, dealings, and other financial
transactions.

---

(e) * * *

(1) * * *

(iv) A mutual fund; and

(v) A permitted payment stablecoin issuer.

1. In § 1010.651:

a. Removing the word “and” at the end of paragraph (a)(3)(i);

b. Revising and republishing (a)(3)(ii); and

c. Adding paragraph (a)(3)(iii).

The revisions, republications, and additions read as follows:

§ 1010.651 Special measures against Burma. (a) * * *

(3) * * *

(ii) An investment company (as defined in section 3 of the Investment Company Act of 1940 (15 U.S.C. 80a-5)) that is an open-end
company (as defined in section 5 of the Investment Company Act (15 U.S.C. 80a-5)) and that is registered, or required to register,
with the Securities and Exchange Commission pursuant to that Act; and

(iii) A permitted payment stablecoin issuer.

1. In § 1010.653:

a. Removing the word “and” at the end of paragraph (a)(3)(ix);

b. Revising and republishing (a)(3)(x); and

c. Adding paragraph (a)(3)(xi).

The revisions, republications, and additions read as follows:

§ 1010.653 Special measures against Commercial Bank of Syria. (a) * * *

(3) * * *

(x) A mutual fund, which means an investment company (as defined in section 3(a)(1) of the Investment Company Act of 1940
((“Investment Company Act”) (15 U.S.C. 80a-3(a)(1))) that is an open-end company (as defined in section 5(a)(1) of the Investment
Company Act (15 U.S.C. 80a-5(a)(1))) and that is registered, or is required to register with the Securities and Exchange Commission
pursuant to the Investment Company Act; and

(xi) A permitted payment stablecoin issuer.

1. In § 1010.810, add paragraph (b)(11) to read as follows:

§ 1010.810 Enforcement. * * * * *

(b) * * *

(11) To the appropriate primary Federal payment stablecoin regulator with respect to permitted payment stablecoin issuers
regularly examined by the primary Federal payment stablecoin regulator for safety and soundness.

1. Add part 1033 to read as follows:

PART 1033—RULES FOR PERMITTED PAYMENT STABLECOIN ISSUERS

Sec.

Subpart A—General Provisions

1033.100 Definitions. 1033.110 Severability.

Subpart B—Programs

1033.200 General. 1033.210 Anti-money laundering/countering the financing of terrorism program requirements for permitted payment stablecoin issuers. 1033.220 [Reserved] 1033.221 Supervision and enforcement. 1033.230 [Reserved] 1033.240 Additional technical capabilities, policies, and procedures for permitted payment stablecoin issuers.

Subpart C—Reports Required To Be Made By Permitted Payment Stablecoin Issuers

1033.300 General. 1033.310 Reports of transaction in currency. 1033.311 Filing obligations. 1033.312 Identification required. 1033.313 Aggregation. 1033.314 Structured transactions. 1033.315 Exemptions. 1033.320 Reports by permitted payment stablecoin issuers of suspicious transactions.

Subpart D—Records Required To Be Maintained By Permitted Payment Stablecoin Issuers

1033.400 General. 1033.410 Recordkeeping.

Subpart E—Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity

1033.500 General. 1033.520 Special information sharing procedures to deter money laundering and terrorist activity for permitted payment stablecoin issuers. 1033.530 [Reserved] 1033.540 Voluntary information sharing among financial institutions.

Subpart F—Special Standards of Diligence; Prohibitions, and Special Measures for Permitted Payment Stablecoin Issuers

1033.600 General. 1033.610 Due diligence programs for correspondent accounts for foreign financial institutions. 1033.620 Due diligence programs for private banking accounts. 1033.630 Prohibition on correspondent accounts for foreign shell banks; records concerning owners of foreign banks and agents for service
of legal process.

Authority:

12 U.S.C. 1829b, 1951-1959, and 5901-5916; 31 U.S.C. 5311-5314 and 5316-5336; title III, sec. 314, Pub. L. 107-56, 115 Stat.
307; sec. 701, Pub. L. 114-74, 129 Stat. 599.

Subpart A—General Provisions

§ 1033.100 Definitions. Refer to § 1010.100 of this chapter for general definitions not noted in this part. To the extent there is a differing definition
in § 1010.100 of this chapter, the definition in this section is what applies to part 1033. Unless otherwise indicated, for
purposes of this part:

(a) [Reserved]

(b) [Reserved]

(c) [Reserved]

§ 1033.110 Severability. If any provision of this part, or any provision of §§ 1010.100, 1010.230, 1010.410, 1010.605, 1010.651, 1010.653, or 1010.810
of this chapter referencing permitted payment stablecoin issuers, is held to be invalid, or the application thereof to any
person or circumstance is held to be invalid, such invalidity shall not affect other provisions, or application of such other
provisions to other persons or circumstances, that can be given effect without the invalid provision or application.

Subpart B—Programs

§ 1033.200 General. Permitted payment stablecoin issuers are subject to the program requirements set forth and cross-referenced in this subpart.
Permitted payment stablecoin issuers should also refer to subpart B of part 1010 of this chapter for program requirements
contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.210 Anti-money laundering/countering the financing of terrorism program requirements for permitted payment stablecoin issuers. (a) In general. A permitted payment stablecoin issuer has an effective AML/CFT program and complies with the requirements of 31 U.S.C. 5318(h)(1)
and this section if the permitted payment stablecoin issuer:

(1) Establishes an AML/CFT program in accordance with paragraph (b) of this section; and

(2) Maintains an AML/CFT program by implementing the AML/CFT program in accordance with paragraph (c) of this section.

(b) Program establishment. A permitted payment stablecoin issuer establishes an AML/CFT program in accordance with this paragraph if the permitted payment
stablecoin issuer:

(1) Establishes a risk-based set of internal policies, procedures, and controls that are reasonably designed to ensure compliance
with the Bank Secrecy Act and this chapter and to:

(i) Identify, assess, and document the permitted payment stablecoin issuer's money laundering, terrorist financing, and other
illicit finance activity risks through risk assessment processes that:

(A) Evaluate the money laundering, terrorist financing, and other illicit finance activity risks of the permitted payment
stablecoin issuer's business activities, including its products, services, distribution channels, customers, and geographic
locations;

(B) Review and, as appropriate, incorporate the AML/CFT Priorities; and

(C) Are updated promptly upon any change that the permitted payment stablecoin issuer knows or has reason to know significantly
changes the permitted payment stablecoin issuer's money laundering, terrorist financing, and other illicit finance activity
risks;

(ii) Mitigate the permitted payment stablecoin issuer's money laundering, terrorist financing, and other illicit finance activity
risks consistent with the risk assessment processes required under paragraph (b)(1)(i) of this section, including by directing
more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the permitted
payment stablecoin issuer, rather than toward lower-risk customers and activities; and

(iii) Conduct ongoing customer due diligence, including to:

(A) Understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and

(B) Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update
customer information (including information regarding the beneficial owners of legal entity customers, as defined in § 1010.230
of this chapter);

(2) Establishes independent AML/CFT program testing to be conducted by permitted payment stablecoin issuer personnel or by
an outside party;

(3) Designates an individual, who is (i) located in the United States, (ii) accessible to, and subject to oversight and supervision
by FinCEN and its designee, (iii) responsible for establishing and implementing the AML/CFT program and coordinating and monitoring
day-to-day compliance, and (iv) has not been convicted of a felony offense involving insider trading, embezzlement, cybercrime,
money laundering, financing of terrorism, or financial fraud may be designated as the responsible individual under this paragraph;
and

(4) Establishes an ongoing employee training program.

(c) Program implementation. A permitted payment stablecoin issuer implements an AML/CFT program in accordance with this paragraph if the permitted payment
stablecoin issuer implements, in all material respects, the AML/CFT program required under paragraph (b) of this section.

(d) Written AML/CFT program and approval. A permitted payment stablecoin issuer's AML/CFT program must be written, and it must be approved by the permitted payment
stablecoin issuer's board of directors, an equivalent governing body within the permitted payment stablecoin issuer, or appropriate
senior management. The permitted payment stablecoin issuer must make a copy of its AML/CFT program available to FinCEN or
its designee upon request.

(e) AML/CFT program certifications. A permitted payment stablecoin issuer shall make available to FinCEN, or its designee,
upon request any and all certifications submitted to its primary Federal payment stablecoin regulator or State payment stablecoin
regulator that the permitted payment stablecoin issuer has implemented an AML/CFT program pursuant to 12 U.S.C. 5904(i)(1).

§ 1033.220 [Reserved] § 1033.221 Supervision and enforcement. (a) Definitions. For purposes of this section:

(1) AML/CFT enforcement action means any formal or informal action taken by FinCEN that seeks to penalize, remedy, prevent, or respond to noncompliance with
past or ongoing violations of, or past or ongoing deficiencies relating to, an AML/CFT requirement. The term includes—

(i) A cease-and-desist order, consent order, or memorandum of understanding; or

(ii) The assessment of a civil money penalty.

(2) AML/CFT requirement means a requirement of the Bank Secrecy Act, 12 U.S.C. 5903(a)(5)(A)(i)-(v), 12 U.S.C. 5903(a)(6)(B), 12 U.S.C. 5903(f)(1)(A),
or this chapter.

(3) Significant AML/CFT supervisory action means any written communication or other formal supervisory determination issued by FinCEN or a primary Federal payment stablecoin
regulator when acting pursuant to authority delegated under this chapter that, in either case—

(i) Identifies one or more alleged deficiencies, weaknesses, violations of law, or unsafe or unsound practices or conditions
relating to an AML/CFT requirement;

(ii) Communicates supervisory expectations to a permitted payment stablecoin issuer regarding actions or remedial measures
required to correct the deficiency, weakness, violation, or practice or condition; and

(iii) Contemplates significant or programmatic actions or remedial measures to be taken by the permitted payment stablecoin
issuer.

The term does not include examiner observations, suggestions, or other informal comments.

(b) FinCEN enforcement and supervision policy.

(1) In general. Except with respect to a significant or systemic failure to implement the AML/CFT program in accordance with § 1033.210(c),
a permitted payment stablecoin issuer that has established an AML/CFT program in accordance with § 1033.210(b) will not be
subject to:

(A) An AML/CFT enforcement action related to the requirements of 31 U.S.C. 5318(h)(1) or 31 CFR 1033.210 by FinCEN; or

(B) A significant AML/CFT supervisory action related to the

  requirements of 31 U.S.C. 5318(h)(1) or 31 CFR 1033.210 by FinCEN or by a primary Federal payment stablecoin regulator when
  acting pursuant to authority delegated under this chapter.

(2) Program establishment violations. Nothing in this paragraph (b) may be construed to restrict an AML/CFT enforcement action by FinCEN, or a significant AML/CFT
supervisory action by FinCEN or a primary Federal payment stablecoin regulator when acting pursuant to authority delegated
under this chapter with respect to any failure to establish an AML/CFT program in accordance with § 1033.210(b).

(3) Criminal enforcement. Nothing in this paragraph (b) may be construed to affect criminal enforcement liability under the Bank Secrecy Act.

(c) FinCEN consultation.

(1) Consultation and consideration requirement. Before initiating a significant AML/CFT supervisory action, a primary Federal payment stablecoin regulator when acting pursuant
to authority delegated under this chapter will provide the Director, FinCEN an opportunity to review the action and consider
any input offered by the Director, FinCEN on the action, which may include any view as to the effectiveness of the permitted
payment stablecoin issuer's AML/CFT program.

(2) Notice requirement. To provide the Director, FinCEN an opportunity to provide a view under paragraph (c)(1) of this section, a primary Federal
payment stablecoin regulator when acting pursuant to authority delegated under this chapter will:

(i) Send written notice, to the Director, FinCEN of its intent to take that action at least 30 days before taking the action
(unless a shorter period of time is necessary, in the sole discretion of the primary Federal payment stablecoin regulator,
to remedy, prevent, or respond to an unsafe or unsound practice or condition), accompanied by the relevant AML/CFT information
underlying the proposed action, including the relevant portions of the draft report or enforcement action, the relevant examination
workpapers supporting the proposed action, and the relevant AML/CFT information submitted by the permitted payment stablecoin
issuer to the primary Federal payment stablecoin regulator, other than information over which the permitted payment stablecoin
issuer may claim privilege under Federal or State law; and

(ii) Respond to the extent reasonably practicable to requests for additional information from the Director, FinCEN regarding
the proposed action.

(d) FinCEN considerations. In determining whether to take an AML/CFT enforcement action or significant AML/CFT supervisory action, or when reviewing
a proposed action by a primary Federal payment stablecoin regulator under paragraph (c) of this section or applicable regulations
under title 12 of the Code of Federal Regulation, the Director, FinCEN shall consider:

(1) The factors under 31 U.S.C. 5318(h)(2)(B), as applicable to actions concerning the AML/CFT program requirements under
§ 1033.210;

(2) The extent (if any) to which the permitted payment stablecoin issuer, where appropriate in light of its size, complexity,
and risk profile, has advanced the AML/CFT priorities by providing highly useful information to law enforcement authorities
or national security officials, conducting proactive analytics, or performing other innovative activities producing demonstrable
outputs evincing the effectiveness of the permitted payment stablecoin issuer's AML/CFT program (including effective use of
artificial intelligence, federated learning, and other advanced monitoring tools); and

(3) Any other factor the Director, FinCEN deems appropriate, including the permitted payment stablecoin issuer's size, complexity,
and risk profile, and, as relevant, where the permitted payment stablecoin issuer's low-risk customers or limited business
activities naturally limits the extent to which the permitted payment stablecoin issuer can meaningfully contribute to AML/CFT
priorities.

§ 1033.230 [Reserved] § 1033.240 Additional technical capabilities, policies, and procedures for permitted payment stablecoin issuers. (a) Permitted payment stablecoin issuers shall have the technical capabilities, policies, and procedures to block, freeze,
and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations. The required
technical capabilities, policies and procedures must account for transactions occurring by, at, or through the permitted payment
stablecoin issuer, as well as transactions by third parties, including where a transaction results in an interaction with
a permitted payment stablecoin issuer's smart contract.

(b) Permitted payment stablecoin issuers shall (1) have the technical capabilities to comply with the terms of any lawful
order and (2) comply with the terms of any lawful order. A permitted payment stablecoin issuer's technical capabilities to
comply with the terms of any lawful order must account for lawful orders requiring an issuer to comply with terms regarding
an issuer's payment stablecoins held by a third party, including in an account not with or controlled by a permitted payment
stablecoin issuer, and transactions by third parties, including where a transaction results in an interaction with a permitted
payment stablecoin issuer's smart contract.

Subpart C—Reports Required To Be Made By Permitted Payment Stablecoin Issuers

§ 1033.300 General. Permitted payment stablecoin issuers are subject to the reporting requirements set forth and cross-referenced in this subpart.
Permitted payment stablecoin issuers should also refer to subpart C of part 1010 of this chapter for reporting requirements
contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.310 Reports of transactions in currency. The reports of transactions in currency requirements for permitted payment stablecoin issuers are located in subpart C of
part 1010 of this chapter and this subpart.

§ 1033.311 Filing obligations. Refer to § 1010.311 of this chapter for reports of transactions in currency filing obligations for permitted payment stablecoin
issuers.

§ 1033.312 Identification required. Refer to § 1010.312 of this chapter for identification requirements for reports of transactions in currency filed by permitted
payment stablecoin issuers.

§ 1033.313 Aggregation. Refer to § 1010.313 of this chapter for reports of transactions in currency aggregation requirements for permitted payment
stablecoin issuers.

§ 1033.314 Structured transactions. Refer to § 1010.314 of this chapter for rules regarding structured transactions for permitted payment stablecoin issuers.

§ 1033.315 Exemptions. Refer to § 1010.315 of this chapter for exemptions from the obligation to file reports of transactions in currency for permitted
payment stablecoin issuers.

§ 1033.320 Reports by permitted payment stablecoin issuers of suspicious transactions. (a) General. (1) Every permitted payment stablecoin issuer shall file with

  FinCEN, to the extent and in the manner required by this section, a report of any suspicious transaction relevant to a possible
  violation of law or regulation. A permitted payment stablecoin issuer may also file with FinCEN, by using the Suspicious Activity
  Report specified in paragraph (b)(1) of this section, or otherwise, a report of any suspicious transaction that it believes
  is relevant to the possible violation of any law or regulation, but whose reporting is not required by this section.

(2) A transaction, as clarified by paragraph (g) of the section, requires reporting under this section if it is conducted
or attempted by, at, or through the permitted payment stablecoin issuer; it involves or aggregates funds or other assets of
at least $5,000; and the permitted payment stablecoin issuer knows, suspects, or has reason to suspect that the transaction
(or a pattern of transactions of which the transaction is a part):

(i) Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets
derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such
funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting
requirement under Federal law or regulation;

(ii) Is designed, whether through structuring or other means, to evade any requirements of this chapter or any other regulations
promulgated under the Bank Secrecy Act;

(iii) Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected
to engage, and the permitted payment stablecoin issuer knows of no reasonable explanation for the transaction after examining
the available facts, including the background and possible purpose of the transaction; or

(iv) Involves use of the permitted payment stablecoin issuer to facilitate criminal activity.

(3) A permitted payment stablecoin issuer and other financial institutions may have separate obligations to report suspicious
activity with respect to the same transaction pursuant to other provisions of this chapter. In those instances, no more than
one report is required to be filed by the permitted payment stablecoin issuer and other financial institution(s) involved
in the transaction, provided that the report filed contains all relevant facts, including the name of each financial institution
and the words “joint filing” in the narrative section, and each institution maintains a copy of the report filed, along with
any supporting documentation.

(b) Filing and notification procedures —(1) What to file. A suspicious transaction shall be reported by completing a Suspicious Activity Report (SAR) and collecting and maintaining
supporting documentation as required by paragraph (c) of this section.

(2) Where to file. The SAR shall be filed with FinCEN in accordance with the instructions to the SAR.

(3) When to file. A SAR shall be filed no later than 30 calendar days after the date of the initial detection by the reporting permitted payment
stablecoin issuer of facts that may constitute a basis for filing a SAR under this section. If no suspect is identified on
the date of the initial detection, a permitted payment stablecoin issuer may delay filing a SAR for an additional 30 calendar
days to identify a suspect, but in no case shall reporting be delayed more than 60 calendar days after the date of such initial
detection.

(4) Mandatory notification to law enforcement. In situations involving violations that require immediate attention, such as suspected terrorist financing or ongoing money
laundering schemes, a permitted payment stablecoin issuer shall immediately notify by telephone an appropriate law enforcement
authority in addition to filing timely a SAR.

(5) Voluntary notification to the Financial Crimes Enforcement Network or a Primary Federal Payment Stablecoin Regulator. A permitted payment stablecoin issuer wishing to voluntarily report suspicious transactions that may relate to terrorist activity
may call the Financial Crimes Enforcement Network's Financial Institutions Hotline at 1-866-556-3974 in addition to filing
timely a SAR if required by this section. The permitted payment stablecoin issuer may also, but is not required to, contact
its primary Federal payment stablecoin regulator to report in such situations.

(c) Retention of records. A permitted payment stablecoin issuer shall maintain a copy of any SAR filed by the permitted payment stablecoin issuer or
on its behalf (including joint reports), and the original (or business record equivalent) of any supporting documentation
concerning any SAR that it files (or that is filed on its behalf) for a period of five years from the date of filing the SAR.
Supporting documentation shall be identified as such and maintained by the permitted payment stablecoin issuer and shall be
deemed to have been filed with the SAR. A permitted payment stablecoin issuer shall make all supporting documentation available
to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the permitted
payment stablecoin issuer for compliance with the Bank Secrecy Act, upon request.

(d) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as
authorized in this paragraph (d). For purposes of this paragraph (d) only, a SAR shall include any suspicious activity report
filed with FinCEN pursuant to any regulation in this chapter.

(1) Prohibition on disclosures by permitted payment stablecoin issuers —

(i) General rule. No permitted payment stablecoin issuer, and no current or former director, officer, employee, or agent of any permitted payment
stablecoin issuer, shall disclose a SAR or any information that would reveal the existence of a SAR. Any permitted payment
stablecoin issuer, and any current or former director, officer, employee, or agent of any permitted payment stablecoin issuer,
that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR shall
decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN
of any such request and the response thereto.

(ii) Rules of construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported,
this paragraph (d)(1) shall not be construed as prohibiting:

(A) The disclosure by a permitted payment stablecoin issuer, or any current or former director, officer, employee, or agent
of a permitted payment stablecoin issuer of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement
agency, or any Federal regulatory authority that examines the permitted payment stablecoin issuer for compliance with the
Bank Secrecy Act; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures:

(i) To another financial institution, or any current or former director, officer, employee, or agent of a financial institution,
for the preparation of a joint SAR; or

(ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B);
or

(B) The sharing by a permitted payment stablecoin issuer, or any current or former director, officer, employee, or agent of
the permitted payment stablecoin issuer, of a SAR, or any information that would reveal the existence of a SAR, within the
permitted payment stablecoin issuer's corporate organizational structure for purposes consistent with Title II of the Bank
Secrecy Act as determined by regulation or in guidance. As doing so is consistent with Title II of the Bank Secrecy Act, a
permitted payment stablecoin issuer, as defined in § 1010.100(ttt)(1), may reveal the existence of a SAR to its parent insured
depository institution and such parent may also reveal the existence of a SAR to a subsidiary permitted payment stablecoin
issuer.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any current or former director, officer, employee,
or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except
as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official
duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response
to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request
pursuant to 31 CFR 1.11.

(e) Limitation on liability. A permitted payment stablecoin issuer, and any current or former director, officer, employee, or agent of any permitted payment
stablecoin issuer, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency
or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution,
shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure
to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(f) Compliance. Permitted payment stablecoin issuers shall be examined by FinCEN or its delegates for compliance with this section. Failure
to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this chapter.

(g) Transaction. A transaction, for purposes of § 1033.320, is not conducted or attempted by, at, or through a permitted payment stablecoin
issuer only because a transfer by third parties results in an interaction with a permitted payment stablecoin issuer's smart
contract.

Subpart D—Records Required To Be Maintained By Permitted Payment Stablecoin Issuers

§ 1033.400 General. Permitted payment stablecoin issuers are subject to the recordkeeping requirements set forth and cross referenced in this
subpart. Permitted payment stablecoin issuers should also refer to subpart D of part 1010 of this chapter for recordkeeping
requirements contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.410 Recordkeeping. For regulations regarding recordkeeping, refer to § 1010.410 of this chapter.

Subpart E—Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity

§ 1033.500 General. Permitted payment stablecoin issuers are subject to the special information-sharing procedures to deter money laundering and
terrorist activity requirements set forth and cross-referenced in this subpart. Permitted payment stablecoin issuers should
also refer to subpart E of part 1010 of this chapter for special information-sharing procedures to deter money laundering
and terrorist activity contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.520 Special information sharing procedures to deter money laundering and terrorist activity for permitted payment stablecoin issuers. For regulations regarding special information-sharing procedures to deter money laundering and terrorist activity for permitted
payment stablecoin issuers, refer to § 1010.520 of this chapter.

§ 1033.530 [Reserved] § 1033.540 Voluntary information sharing among financial institutions. For regulations regarding voluntary information-sharing among financial institutions, refer to § 1010.540 of this chapter.

Subpart F—Special Standards of Diligence; Prohibitions, and Special Measures for Permitted Payment Stablecoin Issuers

§ 1033.600 General. Permitted payment stablecoin issuers are subject to the special standards of diligence, prohibitions, and special measures
requirements set forth and cross referenced in this subpart. Permitted payment stablecoin issuers should also refer to subpart
F of part 1010 of this chapter for special standards of diligence, prohibitions, and special measures contained in that subpart.

§ 1033.610 Due diligence programs for correspondent accounts for foreign financial institutions. For regulations regarding due diligence programs for correspondent accounts for foreign financial institutions, refer to § 1010.610
of this chapter.

§ 1033.620 Due diligence programs for private banking accounts. For regulations regarding due diligence programs for private banking accounts, refer to § 1010.620 of this chapter.

§ 1033.630 Prohibition on correspondent accounts for foreign shell banks; records concerning owners of foreign banks and agents for service
of legal process. For regulations regarding prohibition on correspondent accounts for foreign shell banks and related provisions refer to § 1010.630
of this chapter.

Dated: April 8, 2026. Andrea M. Gacki, Director, Financial Crimes Enforcement Network. Dated: April 8, 2026. Bradley T. Smith, Director, Office of Foreign Assets Control. [FR Doc. 2026-06963 Filed 4-9-26; 8:45 am] BILLING CODE 4810-02-P

Footnotes

(1) GENIUS Act, Public Law 119-27, 139 Stat. 419 (2025) (codified at 12 U.S.C. 5901-5916).

(2) See 12 U.S.C. 5901(25), (30); see also 12 U.S.C. 5903(a)(4)(A), 5906(d).

(3) 12 U.S.C. 5901(25) (defining “primary Federal payment stablecoin regulator” and outlining jurisdiction regarding specific
types of PPSIs), 5904 (directing the primary Federal payment stablecoin regulators to “establish a process and framework for
the licensing, regulation, examination, and supervision” for PPSIs under their respective jurisdictions).

(4) 12 U.S.C. 5903(a)(5)(A).

(5) 12 U.S.C. 5903(a)(5)(B). In addition to rulemaking authority codified in the “Treatment Under the Bank Secrecy Act and Sanctions
Law” section, the GENIUS Act also generally calls for the Secretary of the Treasury to promulgate regulations “to carry out
[the GENIUS Act] through appropriate notice and comment rulemaking.” 12 U.S.C. 5913(a). In accordance with Treasury Order
101-05 and 31 U.S.C. 321(b)(2), the authority vested in the Secretary under the GENIUS Act to issue regulations related to
prevention of money laundering and countering the financing of terrorism and related to economic sanctions has been delegated
to the Director of FinCEN and to the Director of OFAC, respectively.

(6) The GENIUS Act's customer identification program requirement is expected to be the subject of a separate rulemaking.

(7) 12 U.S.C. 5903(a)(5)(A)(i)-(v).

(8) 12 U.S.C. 5903(a)(6)(B), 5901(16) (defining “lawful order”).

(9) 12 U.S.C. 5903(a)(5)(A).

(10) 12 U.S.C. 5903(a)(5)(A)(vi).

(11) On September 19, 2025, the Department of the Treasury issued an advance notice of proposed rulemaking concerning the GENIUS
Act. See Treasury, GENIUS Act Implementation, 90 FR 45159 (Sept. 19, 2025); see also FDIC, Approval Requirements for Issuance of Payment Stablecoins by Subsidiaries of FDIC-Supervised Insured Depository Institutions, 90 FR 59409 (Dec. 19, 2025); NCUA, Investments in and Licensing of Permitted Payment Stablecoins Issuers, 91 FR 6531 (Feb. 12, 2026); OCC, Implementing the Guiding and Establishing National Innovation for U.S. Stablecoins Act for the Issuance of Stablecoins by
Entities Subject to the Jurisdiction of the Office of the Comptroller of the Currency, 91 FR 10202 (Mar. 2, 2026); Treasury, GENIUS Act Broad-Based Principles for Determining Whether a State-Level Regulatory Regime Is Substantially Similar to the
Federal Regulatory Framework, 91 FR 16844 (Apr. 3, 2026).

(12) See 31 U.S.C. 5311. Certain parts of the Currency and Foreign Transactions Reporting Act, its amendments, and the other statutes
relating to the subject matter of that Act, have come to be referred to as the BSA. These statutes are codified at 12 U.S.C.
1829b, 12 U.S.C. 1951-1960, and 31 U.S.C. 5311-5314 and 5316-5336 and notes thereto, with implementing regulations at 31 CFR
chapter X. Consistent with that understood meaning, as codified, the GENIUS Act defines the “Bank Secrecy Act” to mean “(A)
section 1829b of [title 12]; (B) chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951 et seq.); and (C) subchapter II of chapter 53 of title 31.” 12 U.S.C. 5901(2).

(13) See 31 U.S.C. 5311(1); see also 5313, 5318(g).

(14) See 31 U.S.C. 5311(5), 5311 note (“Cooperation Among Financial Institutions, Regulatory Authorities, and Law Enforcement Authorities”); see also 31 U.S.C. 310.

(15) See Treasury Order 180-01 (Jan. 14, 2020), para. 3, available at https://home.treasury.gov/about/general-information/orders-and-directives/treasury-order-180-01; see also 31 U.S.C. 310(b)(2)(I) (providing that the Director of FinCEN shall “[a]dminister the requirements of subchapter II of chapter
53 of this title, chapter 2 of title I of Public Law 91-508, and section 21 of the Federal Deposit Insurance Act, to the extent
delegated such authority by the Secretary”).

(16) See 31 U.S.C. 5318(h); 12 U.S.C. 5903(a)(5)(A)(i).

(17) See, e.g., 31 U.S.C. 5318(a)(2); 12 U.S.C. 1826b; 12 U.S.C. 1953; 12 U.S.C. 5903(a)(5)(A)(ii).

(18) See 31 U.S.C. 5318(g); 12 U.S.C. 5903(a)(5)(A)(iii).

(19) See 31 U.S.C. 5318(l); 12 U.S.C. 5903(a)(5)(A)(v).

(20) See 31 U.S.C. 5318(i); 12 U.S.C. 5903(a)(5)(A)(v).

(21) See 50 U.S.C. 1701 et seq.

(22) See 50 U.S.C. 1701.

(23) See 50 U.S.C. 1702.

(24) See 50 U.S.C. 1704.

(25) See, e.g., 31 CFR 525.106, 548.802, 591.802.

(26) GENIUS Act Implementation, 90 FR 45159. The ANPRM solicited comment on a range of potential Treasury efforts related to the GENIUS Act and payment stablecoins
that are outside the purview of this rulemaking. For example, the ANPRM included questions related to the GENIUS Act prohibition
on digital asset service providers offering and selling a payment stablecoin to any person in the United States unless the
payment stablecoin is issued by a PPSI or a foreign payment stablecoin issuer that meets certain requirements. Id. at 45160-61. It also included questions related to Treasury's role in determining whether a state-level regulatory regime
is substantially similar to the Federal framework and whether a foreign country's regulatory and supervisory regime is comparable
to the U.S. framework. Id. at 45162-63.

(27) Id. at 45161-63.

(28) See infra section IV.C discussing the meaning of primary and secondary market for purposes of this rulemaking.

(29) See, e.g., 12 U.S.C. 5902, 5903.

(30) A blockchain is “any technology where data is: (i) shared across a network to create a public ledger of verified transactions
or information among network participants; (ii) linked using cryptography to maintain the integrity of the public ledger and
to execute other functions; (iii) distributed among network participants in an automated fashion to concurrently update network
participants on the state of the public ledger and any other functions; and (iv) composed of source code that is publicly
available.” See Executive Order (E.O.) 14178, Strengthening American Leadership in Digital Financial Technology, 90 FR 8647, sec. 2(b) (Jan. 31, 2025).

(31) For this proposed rule, a “digital asset” is “any digital representation of value that is recorded on a cryptographically
secured distributed ledger.” See 12 U.S.C. 5901(6).

(32) White House, Strengthening American Leadership in Digital Financial Technology, p. 88 (July 2025) [hereinafter E.O. 14178 Report ], available at https://www.whitehouse.gov/wp-content/uploads/2025/07/Digital-Assets-Report-EO14178.pdf. This report was issued by the President's Working Group on Digital Asset Markets, of which the Secretary is a member, pursuant
to E.O. 14178.

(33) See id. at p. 90. As discussed in the E.O. 14178 Report, as of July 2025, more than 99 percent of the outstanding value of stablecoins in circulation is pegged to the U.S. dollar. Id. Other types of assets that may back different forms of stablecoins include digital assets, precious metals, or corporate bonds
with lower credit ratings. See id.

(34) See Watsky, Cy, et al., Primary and Secondary Markets for Stablecoins, FEDS Notes, Washington: Board of Governors of the Federal Reserve System (Feb. 23, 2024), available at https://doi.org/10.17016/2380-7172.3447.

(35) See id.; see also E.O. 14178 Report, supra note 32, pp. 104-05.

(36) See, e.g., E.O. 14178 Report, supra note 32, p. 18.

(37) A smart contract is a “collection of code and data . . . that is deployed using cryptographically signed transactions” on
a blockchain network, which is executed by nodes on a blockchain to perform any given set of pre-determined functions or conditions
that are recorded on a blockchain. See National Institute of Standards and Technology (NIST), NISTIR 8202, Blockchain Technology Overview, p. 32 (Oct. 2018), available at https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf (“A smart contract can perform calculations, store information, expose properties to reflect a publicly exposed state and,
if appropriate, automatically send funds to other accounts.”).

(38) NIST, NISTIR 8408, Understanding Stablecoin Technology and Security Considerations, p. 6 (Sept. 2023), available at https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8408.pdf. The lynchpin of a blockchain is asymmetric (public key) cryptography, which is used to secure and send transactions on a blockchain. See Blockchain Technology Overview, supra note 37, p. 11. First, a user generates a private key (a string of characters that function like a password) and uses that
private key to generate a public key (an account number on a blockchain known as an address). Without the private key associated
with an address or public key, a user cannot access the digital assets contained within. Developers have created software
or hardware wallets to enable users to manage their public and private keys. See E.O. 14178 Report, supra note 32, pp. 9-10.

(39) Understanding Stablecoin Technology and Security Considerations, supra note 38, p. 8.

(40) See E.O. 14178 Report, supra note 32, p. 91.

(41) Id. at p. 88.

(42) See id. at p. 89; see, e.g., Fed. Reserve, About the FedNow Service (n.d.), available at https://www.frbservices.org/financial-services/fednow/about.html.

(43) See E.O. 14178 Report, supra note 32, p. 88.

(44) See id. at pp. 90-91.

(45) If consistent with the law and authorized by a primary Federal payment stablecoin regulator or the State payment stablecoin
regulator, as applicable, PPSIs can also engage in activities as a “digital asset service provider,” as defined by the GENIUS
Act, and activities incidental thereto. Such activities include exchanging and transferring digital assets. See 12 U.S.C. 5903(a)(7)(B), 5901(7). Such activity would also constitute primary market activity.

(46) See Treasury, 2026 National Money Laundering Risk Assessment, p. 50 (Mar. 2026) [hereinafter 2026 NMLRA ], available at https://home.treasury.gov/system/files/246/2026-NMLRA.pdf; E.O. 14178 Report, supra note 32, p. 94.

(47) See 2026 NMLRA, supra note 46, p. 50.

(48) See, e.g., Compl., United States v. Approximately 225,364,961 USDT, No. 25-cv-1907 (D.D.C. June 18, 2025) (civil forfeiture action against more than $225.3 million in stablecoins allegedly involved
in concealing proceeds of digital assets investment fraud); United States v. Su, No. 25-cr-362 (C.D. Cal. Jan. 27, 2026) (defendant sentenced to 46 months in prison for role in digital investment scam involving
$36.9 million where victim funds were converted to stablecoins).

(49) See, e.g., Indictment, United States v. Sop, No. 23-cr-128 (D.D.C. Mar. 18, 2023) (indictment alleging defendant laundered proceeds of DPRK IT workers in violation of
sanctions, including through use of stablecoins); DOJ, Press Release, Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government (June 5, 2025), available at https://www.justice.gov/opa/pr/department-files-civil-forfeiture-complaint-against-over-774m-laundered-behalf-north-korean;
United States of America v. Approximately 1,159,834.52 USDT, No. 25-cv-3771 (D.D.C. Oct. 24, 2025) (civil forfeiture complaint of stablecoins related to virtual currency heists perpetrated
by DPRK hacking groups).

(50) See, e.g., United States v. Zhang et al., No. 22-cr-10279 (Aug. 15, 2025) (defendants sentenced to prison in connection with drug trafficking scheme

  involving conversion of proceeds to stablecoins); *see also,* DOJ, Press Release, *Two Men Sentenced for Role in International Money Laundering and Drug Trafficking Conspiracy* (Aug. 15, 2025), available at *https://www.justice.gov/usao-ma/pr/two-men-sentenced-role-international-money-laundering-and-drug-trafficking-conspiracy.*

(51) See, e.g., DOJ, Press Release, Justice Department Disrupts Hamas Terrorist Financing Scheme Through Seizure of Cryptocurrency (Mar. 27, 2025), available at https://www.justice.gov/opa/pr/justice-department-disrupts-hamas-terrorist-financing-scheme-through-seizure-cryptocurrency;
United States of America v. Nine Cryptocurrency Wallets Held by Tether Ltd. and Seven Cryptocurrency Wallets Held by Binance Holdings Ltd., No. 24-cv-01251 (D.D.C. Nov. 13, 2025) (involving a civil forfeiture of approximately $2 million dollars in digital currency
connected to a Gaza-based money transfer business that was involved in financially supporting Hamas).

(52) Treasury, Press Release, Treasury Exposes Money Laundering Network Using Digital Assets to Evade Sanctions (Dec. 4, 2024), available at https://home.treasury.gov/news/press-releases/jy2735.

(53) Financial Action Task Force (FATF), Targeted Update on Implementation of the FATF Standards on Virtual Assets and Virtual Assets Service Providers, ¶ 35 (June 2025), available at https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/2025-Targeted-Upate-VA-VASPs.pdf.coredownload.pdf.

(54) Id.

(55) 2026 NMLRA, supra note 46, p. 52.

(56) Id.

(57) Id.

(58) DOJ, Press Release, Largest Ever Seizure of Funds Related to Crypto Confidence Scams (June 18, 2025), available at https://www.justice.gov/usao-dc/pr/largest-ever-seizure-funds-related-crypto-confidence-scams.

(59) International Monetary Fund, Understanding Stablecoins, p. 30 (2025), available at https://www.imf.org/-/media/files/publications/dp/2025/english/usea.pdf.

(60) 2026 NMLRA, supra note 46, p. 26.

(61) Id. at p. 5, 52.

(62) See Largest Ever Seizure of Funds Related to Crypto Confidence Scams, supra note 58.

(63) See, e.g., DOJ, Press Release, U.S. Attorney's Office EDNC Announces Seizure of $61 Million Dollars' Worth of Cryptocurrency, (Feb. 24, 2026), available at https://www.justice.gov/usao-ednc/pr/us-attorneys-office-ednc-announces-seizure-61-million-dollars-worth-cryptocurrency; see
also DOJ, Press Release, Ohio Woman Loses Life Savings in Cryptocurrency Investment Scam (Feb. 28, 2025), available at https://www.justice.gov/usao-ndoh/pr/ohio-woman-loses-life-savings-cryptocurrency-investment-scam (discussing seizure of $8.2 million in stablecoins); see also DOJ, Press Release, Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto (Nov. 21, 2023), available at https://www.justice.gov/usao-ndca/pr/cyber-scam-organization-disrupted-through-seizure-nearly-9m-crypto.

(64) See, e.g., Judgment, United States v. Li, 2:23-cr-596 (C.D. Cal. Feb. 10, 2026) (defendant sentenced to 240 months); see also DOJ, Press Release, Man Sentenced to 20 Years in Prison for role in $73 Million Global Cryptocurrency Investment Scam (Feb. 9, 2026), available at https://www.justice.gov/archives/opa/pr/foreign-national-pleads-guilty-laundering-millions-proceeds-cryptocurrency-investment-scams.
See Plea, United States v. He, 2:25-cr-175 (C.D. Cal. Apr 7, 2025); see also DOJ, Press Release, California Man Sentenced for Role in Global Digital Asset Investment Scam Conspiracy Resulting in Theft of More than $36.9M
from Victims (Sept. 8, 2025), available at https://www.justice.gov/opa/pr/california-man-sentenced-role-global-digital-asset-investment-scam-conspiracy-resulting.

(65) Treasury, 2026 National Terrorist Financing Risk Assessment, p. 19 (Mar. 2026) [hereinafter 2026 NTFRA ], available at https://home.treasury.gov/system/files/246/2026-NTFRA.pdf.

(66) See, e.g., Justice Department Disrupts Hamas Terrorist Financing Scheme Through Seizure of Cryptocurrency, supra note 51.

(67) United Nations Security Council Counter Terrorism Committee Executive Directorate, Evolving Trends in the Financing of Foreign Terrorist Fighters' Activity, 2014-2024, p. 11 (Nov. 2024), available at https://www.un.org/securitycouncil/ctc/sites/www.un.org.securitycouncil.ctc/files/cted_trends_tracker_evolving_trends_in_the_financing_of_foreign_terrorist_fighters_activity_2014_-_2024.

(68) 2026 NTFRA, supra note 65, p. 26.

(69) See Justice Department Disrupts Hamas Terrorist Financing Scheme Through Seizure of Cryptocurrency, supra note 51.

(70) FATF, Targeted Report on Stablecoins and Unhosted Wallets: Peer-to-Peer Transactions, ¶ 36 (Mar. 2025), available at https://www.fatf-gafi.org/content/dam/fatf-gafi/publications/targeted-report-on-stablecoins-and-unhosted-wallets.pdf.coredownload.inline.pdf.

(71) FinCEN, Supplemental Advisory on the Procurement of Precursor Chemicals and Manufacturing Equipment Used for the Synthesis of Illicit
Fentanyl and Other Synthetic Opioids, p. 9 (June 20, 2024), available at https://www.fincen.gov/system/files/advisory/2024-06-20/FinCEN-Supplemental-Advisory-on-Fentanyl-508C.pdf.

(72) See, e.g., Superseding Indictment, United States v. Duarte et al., No. 24-cr-20367 (S.D. Fla. Nov. 19, 2024).

(73) Id.

(74) Compl. United States v. Approximately 114,366.044785 Tether (USDT) Cryptocurrency from Binance Account User ID Ending in 7382, No. 24-cv-01503, (E.D. Wisc. Nov. 20, 2024); see also Decision and Order, United States v. Approximately 114,366.044785 Tether (USDT) Cryptocurrency from Binance Account User ID Ending in 7382, No. 24-cv-01503, (E.D. Wisc. Feb. 6, 2026) (default judgment ordering assets to be forfeited).

(75) Treasury, Press Release, Treasury Exposes Money Laundering Network Using Digital Assets to Evade Sanctions (Dec. 4, 2024), available at https://home.treasury.gov/news/press-releases/jy2735.

(76) Treasury, Press Release, Treasury Sanctions Cryptocurrency Exchange and Network Enabling Sanctions Evasion and Cyber Criminals (Aug. 14, 2025), available at https://home.treasury.gov/news/press-releases/sb0225.

(77) Treasury, Press Release, Treasury Sanctions Russia-Based Hydra, World's Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex (Apr. 05, 2022), available at https://home.treasury.gov/news/press-releases/jy0701.

(78) Indictment ¶ 29, United States v. Besciokov and Mira Serda, No. 25-cr-39, (E.D. Va. Feb. 27, 2025), https://www.justice.gov/opa/media/1392316/dl.

(79) Id.

(80) Compl. ¶¶ 48-49, United States v. Virtual Currency Associated with North Korean IT Worker Money Laundering and Sanctions Evasion Conspiracies, No. 25-cv-1769, (D.D.C. June 5, 2025).

(81) Id. at ¶¶ 50, 59.

(82) DOJ, Press Release, United States Seeks Civil Forfeiture of Cryptocurrency Associated with Iranian National Mohammad Abedini (Sept. 11, 2025), available at https://www.justice.gov/usao-ma/pr/united-states-seeks-civil-forfeiture-cryptocurrency-associated-iranian-national-mohammad.

(83) Compl., United States v. Sadeghi and Abedininajafabadi, No. 24-cr-10391 (D. Mass. Dec. 13, 2024).

(84) See, e.g., Treasury, Press Release, Treasury Sanctions Houthi Network Procuring Weapons and Commodities from Russia (Apr. 2, 2025), available at https://home.treasury.gov/news/press-releases/sb0068; Treasury, Counter Terrorism Designations and Designation Update; Russia-related Designation Removal; Reports for Licensing Activities
Undertaken Pursuant to the Trade Sanctions Reform and Export Enhancement Act (TSRA) (Apr. 2, 2024), available at https://ofac.treasury.gov/recent-actions/20250402.

(85) Treasury, Press Release, Treasury Sanctions Iranian Regime Officials for Violent Repression and Corruption (Jan. 30, 2026), available at https://home.treasury.gov/news/press-releases/sb0375.

(86) See TRM Labs, How Two UK-registered Companies Moved Over a Billion in Stablecoins for the IRGC (Jan. 9, 2026), available at https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc.

(87) 31 U.S.C. 5312(a)(2)(J), 5312(a)(2)(R) (defining, in part, a “financial institution” a “business engaged in the exchange
of currency, funds, or value that substitutes for currency or funds,” or “a licensed sender of money or any other person who
engages as a business in the transmission of currency, funds, or value that substitutes for currency”). As part of the AML
Act, Congress amended 31 U.S.C. 5312 to add this “value that substitutes for currency” language. See Public Law 116-283, sec. 6102(d), 134 Stat. 4547 (2021). In the AML Act, Congress also reaffirmed FinCEN's existing regulatory
framework applying MSB obligations to persons engaged in certain activities related to “value that substitutes for currency,”
including the issuing and redeeming of virtual currencies. See FinCEN, Bank Secrecy Act Regulations; Definitions and Other Regulations Relating to Money Services Businesses, 76 FR 43585, 43586 (July 21, 2011); see also FinCEN Guidance, FIN-2013-G001, Application of FinCEN's Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (Mar. 18, 2013) [hereinafter 2013 CVC Guidance], available at https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-persons-administering; FinCEN, FIN-2019-G001, Application of FinCEN's Regulations to Certain Business Models Involving Convertible Virtual Currencies (May 9, 2019) [hereinafter 2019 CVC Guidance], available at https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models.

(88) 31 CFR 1010.100(ff)(5).

(89) 31 CFR 1010.100(ff)(5)(i)(A) (emphasis in original).

(90) 2013 CVC Guidance, supra note 87, p 3.

(91) See id. at p. 2 (concluding administrators are generally MSBs and stating that “An administrator is a person engaged as a business
in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation)
such virtual currency”); see also 2019 CVC Guidance, supra note 87, p. 13.

(92) See 31 CFR 1022.210.

(93) See 31 CFR 1022.310.

(94) See 31 CFR 1022.320.

(95) See 31 CFR 1022.400, 1010.410(e)-(f).

(96) See 31 CFR 1010.810(b)(8).

(97) 12 U.S.C. 5901(24) (defining a “person” as “an individual, partnership, company, corporation, association, trust, estate,
cooperative organization, or other business entity, incorporated or unincorporated”).

(98) 12 U.S.C. 5901(23) (defining a “permitted payment stablecoin issuer” as “a person formed in the United States that is—(A)
a subsidiary of an insured depository institution that has been approved to issue payment stablecoins under 12 U.S.C. 5904;
(B) a Federal qualified payment stablecoin issuer; or (C) a State qualified payment stablecoin issuer”).

(99) See 12 U.S.C. 5903(a)(5)(A).

(100) See, e.g., 31 CFR 510.326, 555.313, 583.314.

(101) See 12 U.S.C. 5901(23).

(102) See OFAC, Specially Designated Nationals List, available at https://sanctionslist.ofac.treas.gov/Home/SdnList.

(103) See OFAC, Revised Guidance on Entities Owned by Persons Whose Property and Interests in Property Are Blocked (Aug. 13, 2014), available at https://ofac.treasury.gov/media/6186/download?inline.

(104) See OFAC, Frequently Asked Question 646, available at https://ofac.treasury.gov/faqs/646.

(105) See 31 CFR part 510, part 515, part 560, part 589.

(106) See 31 CFR 560.204, 560.410, 560.427.

(107) See 31 CFR part 501.

(108) See 31 CFR 501.603, 501.604.

(109) See 31 CFR 501.601.

(110) 31 CFR part 501, Appendix A.

(111) Although specifically enumerated in the GENIUS Act, this proposed rule does not impose a customer identification program
obligation, which is the subject of a separate rulemaking.

(112) 12 U.S.C. 5903(a)(5)(A).

(113) See 31 U.S.C. 5312(a)(2); see also, e.g., 31 U.S.C. 5318.

(114) 31 U.S.C. 5312(a)(2)(A), (B), (J), (R).

(115) 18 U.S.C. 986(a).

(116) 12 U.S.C. 3414.

(117) 18 U.S.C. 1956.

(118) 18 U.S.C. 2339B.

(119) See, e.g., 50 U.S.C. 3164(5) (defining financial institution for purposes of subchapter); Ariz. Rev. Stat. Ann. 6-1241(3) (defining money
transmitter under Arizona law by referencing “financial institution” as defined under 31 U.S.C 5312).

(120) 31 U.S.C. 5312(a)(2)(Y).

(121) See 31 U.S.C. 5312(a)(2)(R); 31 CFR 1010.100(t)(3), (ff)(5).

(122) See 12 U.S.C. 5903(a)(7)(B) (including as a rule of construction that “Nothing in [12 U.S.C. 5903(a)(7)(A)] shall limit a permitted
payment stablecoin issuer from engaging in payment stablecoin activities or digital asset service provider activities . .
. that are authorized by the primary Federal payment stablecoin regulator or the State payment stablecoin regulator, as applicable,
consistent with all other Federal and State laws, provided that the claims of payment stablecoin holders rank senior to any
potential claims of non-stablecoin creditors with respect to the reserve assets. . . .”).

(123) See 31 CFR 1010.100(d)(7) (defining a bank, in part, as “Any other organization (except a money services business) chartered under
the banking laws of any state and subject to the supervision of the bank supervisory authorities of a State”), 1010.100(ff)(8)(i)
(definition of money services business “shall not include . . . a bank or foreign bank”).

(124) See 12 U.S.C. 5901(11)(B) (including uninsured national banks within the definition of “Federal qualified payment stablecoin issuer,”
a type of PPSI under 12 U.S.C. 5901(23)(B)).

(125) See 12 U.S.C. 5903(a)(7)(A)(iii)-(v).

(126) See 12 U.S.C. 5903(a)(1)(A)(ii).

(127) See 12 U.S.C. 5901(23)(A); 12 U.S.C. 5901(15) (defining “insured depository institution” as “(A) an insured depository institution,
as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813); and (B) an insured credit union”); see infra section VI.C.1.ix (discussing proposed definition of permitted payment stablecoin issuer).

(128) See 12 U.S.C. 5901(23)(A); 31 CFR part 1020.

(129) See infra section VI.C.3.

(130) 12 U.S.C. 5903(a)(5)(A)(iv).

(131) Id.; see also infra section VI.C.6 for a discussion of additional technical capabilities, policies, and procedure requirements specific to PPSIs.

(132) FinCEN, FIN-2012-R005, Compliance Obligations of Certain Loan or Finance Company Subsidiaries of Federally Regulated Banks and Other Financial Institutions (Aug. 13, 2012) available at https://www.fincen.gov/system/files/administrative_ruling/FIN-2012-R005.pdf.

(133) See FinCEN, Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Residential Mortgage Lenders and Originators, 77 FR 8157 (Feb. 14, 2012).

(134) FinCEN, FIN-2012-R005, supra note 132, p. 2.

(135) See 12 U.S.C. 5901(11)(B); see also Implementing the Guiding and Establishing National Innovation for U.S. Stablecoins Act for the Issuance of Stablecoins
by Entities Subject to the Jurisdiction of the Office of the Comptroller of the Currency, 91 FR 10202, 10232, 10296 (Mar. 2, 2026).

(136) See infra section VI.C.1.ii.

(137) As part of proposed part 1033, FinCEN proposes that if one portion of the proposed regulation, if finalized, is found to
be invalid, the invalidated portion of the regulation should be severed with the remaining portions of the regulation remaining
in full force and effect. FinCEN's position is that invalidation of any one provision, or application thereof to any one person
or circumstance, does not, and should not, affect any other provision in this proposed regulation. Each provision serves an
important, related, but distinct purpose and application, designed to benefit the public by protecting the U.S. financial
system from illicit financial activity. FinCEN accordingly has proposed each provision such that invalidity to one provision
would not undermine the operability or usefulness of the other provisions.

(138) See 12 U.S.C. 5901(32) (defining “subsidiary”); see also 12 U.S.C. 5901(23) (defining “permitted payment stablecoin issuer”).

(139) See 12 U.S.C. 5903(a)(5)(A).

(140) See 2019 CVC Guidance, supra note 87, p. 13 (discussing that an “administrator” engages in issuing and redeeming a virtual currency and is generally a
money transmitter).

(141) See infra section VI.C.9.ii.a; see also 2019 CVC Guidance, supra note 87, p. 11.

(142) See 12 U.S.C. 5901(24) (defining “person” as “an individual, partnership, company, corporation, association, trust, estate, cooperative
organization, or other business entity, incorporated or unincorporated”).

(143) See 31 CFR 1010.100(mm) (defining “Person” as “An individual, a corporation, a partnership, a trust or estate, a joint stock company,
an association, a syndicate, joint venture, or other unincorporated organization or group, an Indian Tribe (as that term is
defined in the Indian Gaming Regulatory Act), and all entities cognizable as legal personalities.”).

(144) See 12 U.S.C. 5901(16) (defining, in part, “lawful order” as one that “specifies the payment stablecoins or accounts subject to blocking with reasonable particularity” (emphasis added)).

(145) See, e.g., 31 CFR 1010.100(p) (defining “established customer”); 1010.100(bbb) (defining “transaction”). For financial institutions with
customer identification program (CIP) obligations, those institution's subparts often include a definition of “account.” However,
those definitions are limited to CIP obligations unless expressly noted elsewhere. See 31 CFR 1020.100(a) (defining “account” for CIP purposes in bank subpart); 1023.100(a) (defining “account” for CIP purposes
in brokers or dealers in securities subpart); see also 1010.230 (defining “account” in obligation related to legal entity customers by explicit reference to CIP definitions of “account”).

(146) See infra section VI.C.6.ii discussing proposed obligations related to lawful order compliance and technical capabilities.

(147) See section 17 of the GENIUS Act, Public Law 119-27.

(148) See 12 U.S.C. 5901(24) (defining the term “person” to mean “an individual, partnership, company, corporation, association, trust,
estate, cooperative organization, or other business entity, incorporated or unincorporated”).

(149) See 31 CFR 1010.100(mm) (stating “Person. An individual, a corporation, a partnership, a trust or estate, a joint stock company,
an association, a syndicate, joint venture, or other unincorporated organization or group, an Indian Tribe (as that term is
defined in the Indian Gaming Regulatory Act), and all entities cognizable as legal personalities.”).

(150) See 12 U.S.C. 5901(28).

(151) See 31 CFR 1010.100(vv) (defining “State” as “The States of the United States and, wherever necessary to carry out the provisions
of this chapter, the District of Columbia.”).

(152) See 31 CFR 1010.100(zz) (defining “Territories and Insular Possessions” as “The Commonwealth of Puerto Rico, the United States
Virgin Islands, Guam, the Commonwealth of the Northern Mariana Islands, and all other territories and possessions of the United
States other than the Indian lands and the District of Columbia.”).

(153) 12 U.S.C. 5901(15).

(154) See Treasury Order 180-01, supra note 15, para. 3; see also 31 CFR 1010.810(a).

(155) 31 U.S.C. 5318(a)(1); 31 CFR 1010.810(a); Treasury Order 180-1, supra note 15, paras. 3(b), 4(b).

(156) See, e.g., 12 U.S.C. 5905 (outlining supervision by primary Federal payment stablecoin regulators); 12 U.S.C. 5906 (outlining supervision
by State payment stablecoin regulators).

(157) Compare 31 CFR 1010.810(b)(1)-(6) with 31 CFR 1010.810(b)(8).

(158) See 12 U.S.C. 5903(c), 5906.

(159) 12 U.S.C. 5903(d).

(160) 12 U.S.C. 5905(a)(3); 12 U.S.C. 5901(25).

(161) 12 U.S.C. 5903(a)(4)(A)(iv).

(162) See 31 CFR 1010.810(b)(1)-(3), (5).

(163) See infra section VI.C.1.x.

(164) See 12 U.S.C. 5903(a)(5)(A)(i); see also 31 U.S.C. 5318(h).

(165) 31 U.S.C. 5318(h)(2)(B)(iii).

(166) Anti-Money Laundering Act of 2020, Public Law 116-283, Div. F, sections 6001-6511, 134 Stat. 3388, 4547-4633 (Jan. 1, 2021).

(167) See 12 U.S.C. 5903(a)(5)(B).

(168) 31 U.S.C. 5311.

(169) 31 U.S.C. 5318(h)(2)(B)(iv)(II).

(170) See 31 U.S.C. 5318(h)(2)(B). Per the BSA, the factors FinCEN considered include, “(i) Financial institutions are spending private
compliance funds for a public and private benefit, including protecting the United States financial system from illicit finance
risks. (ii) The extension of financial services to the underbanked and the facilitation of financial transactions, including
remittances, coming from the United States and abroad in ways that simultaneously prevent criminal persons from abusing formal
or informal financial services networks are key policy goals of the United States. (iii) Effective anti-money laundering and
countering the financing of terrorism programs safeguard national security and generate significant public benefits by preventing
the flow of illicit funds in the financial system and by assisting law enforcement and national security agencies with the
identification and prosecution of persons attempting to launder money and undertake other illicit activity through the financial
system. (iv) Anti-money laundering and countering the financing of terrorism programs [. . .] should be—(I) reasonably designed
to assure and monitor compliance with the requirements of this subchapter and regulations promulgated under this subchapter;
and (II) risk-based, including ensuring that more attention and resources of financial institutions should be directed toward
higher-risk customers and activities, consistent with the risk profile of a financial institution, rather than toward lower-risk
customers and activities.”

(171) E.O. 14331, Guaranteeing Fair Banking for All Americans, 90 FR 38925 (Aug. 12, 2025).

(172) See 31 U.S.C. 5318(h)(2)(B)(iii).

(173) See 12 U.S.C. 5903(f).

(174) 31 U.S.C. 5318(h)(1)(A).

(175) See 12 U.S.C. 5903(a)(5)(A)(i).

(176) See FinCEN, Section 314(b) Fact Sheet, (Dec. 2020), available at https://www.fincen.gov/system/files/shared/314bfactsheet.pdf.

(177) 31 U.S.C. 5318(h)(2)(B)(iv)(II).

(178) See 12 U.S.C. 5903(a)(5)(A).

(179) See applicable program rules with CDD requirements for covered financial institutions are located at 31 CFR 1020.210(a)(2)(v)
and (b)(2)(v) (banks), 1023.210(b)(5) (broker-dealers), 1024.210(b)(5) (mutual funds), and 1026.210(b)(5) (futures commission
merchants and introducing brokers in commodities). FinCEN in February 2026 issued an order granting exceptive relief to covered
financial institutions from the requirements in 31 CFR 1010.230(b) to identify and verify the identities of beneficial owners
of legal entity customers at each new account opening. See FinCEN, Exceptive Relief from Requirement to Identify and Verify Beneficial Owners at Each Account Opening (Feb. 13, 2026), available at https://www.fincen.gov/system/files/2026-02/FinCEN-Order-CCDExceptiveRelief.pdf.

(180) See 31 CFR 1020.210(a)(2)(v) and (b)(2)(v) (banks); 1023.210(b)(5) (broker-dealers); 1024.210(b)(5) (mutual funds); 1026.210(b)(5)
(futures commission merchants and introducing brokers in commodities).

(181) See FinCEN, Customer Due Diligence Requirements for Financial Institutions, 81 FR 29398, 29419 (May 11, 2016); FinCEN, Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions, Question 36 (Apr. 3, 2018), available at https://www.fincen.gov/system/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf.

(182) See supra section IV.D.

(183) See Board, FDIC, NCUA, OCC, and FinCEN, Interagency Statement on Sharing Bank Secrecy Act Resources (Oct. 3, 2018), available at https://www.fincen.gov/news/news-releases/interagency-statement-sharing-bank-secrecy-act-resources.

(184) See 12 U.S.C. 5903(a)(5)(A)(i); 31 U.S.C. 5318(h)(1)(B).

(185) See, e.g., FinCEN, Financial Crimes Enforcement Network; Confidentiality of Suspicious Activity Reports, 75 FR 75593 (Dec. 3, 2010); see also FinCEN, the Board, FDIC, OCC, and Office of Thrift Supervision, Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies (Jan. 20, 2006), available at https://www.fincen.gov/system/files/guidance/sarsharingguidance01122006.pdf.

(186) See 12 U.S.C. 5903(a)(5)(A)(i).

(187) See 31 U.S.C. 5318(h)(1)(B).

(188) See 12 U.S.C. 5903(f).

(189) See 31 U.S.C. 5318(h)(1)(C).

(190) See 31 CFR 1010.810(b); see also supra section VI.C.2.

(191) See 12 U.S.C. 5904(i)(l).

(192) See 31 U.S.C. 5318(a)(2).

(193) See supra section VI.C.2.

(194) The proposal is not intended to and does not affect criminal enforcement liability under the BSA, or the related authority
of the Department of Justice.

(195) FinCEN, FinCEN Statement on Enforcement of the Bank Secrecy Act, pp. 2-3 (Aug. 18, 2020), available at https://www.fincen.gov/system/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf.

(196) FinCEN, FinCEN Exchange, available at https://www.fincen.gov/resources/fincen-exchange.

(197) FinCEN, FinCEN Statement on Enforcement of the Bank Secrecy Act (Aug. 18, 2020), available at https://www.fincen.gov/system/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf.

(198) See 12 U.S.C. 5903(a)(5)(A).

(199) See Customer Due Diligence Requirements for Financial Institutions, 81 FR at 29398. As previously highlighted, FinCEN in February 2026 issued an order granting exceptive relief to covered financial
institutions from the requirements in 31 CFR 1010.230(b) to identify and verify the identities of beneficial owners of legal
entity customers at each new account opening. See Exceptive Relief from Requirement to Identify and Verify Beneficial Owners at Each Account Opening, supra note 179.

(200) 12 U.S.C. 5903(a)(5)(A)(v).

(201) See 12 U.S.C. 5903(a)(5)(A)(iv).

(202) See 12 U.S.C. 5903(a)(6)(B).

(203) See 12 U.S.C. 5903(a)(7)(B), 5901(7) (defining “digital asset service provider”).

(204) See 12 U.S.C. 5903(a)(6)(B). Although codified outside the GENIUS Act section specifically dealing with the BSA, Congress provided
Treasury general rulemaking authority to implement the GENIUS Act. See 12 U.S.C. 5913. This provision directly implicates illicit finance considerations and, as such, is appropriately overseen
by FinCEN at Treasury as part of efforts to combat money laundering and the financing of terrorism.

(205) See 12 U.S.C. 5901(16); see also section VI.C.1.vii.

(206) See DOJ, Asset Forfeiture Policy Manual (2025), chap. 4, sec. I.B., available at https://www.justice.gov/usdoj-media/criminal/media/1140236/dl?inline.

(207) See U.S. Attorney's Office EDNC Announces Seizure of $61 Million Dollars' Worth of Cryptocurrency, Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto supra note 63; Largest Ever Seizure of Funds Related to Crypto Confidence Scam supra note 58.

(208) See, e.g., 31 U.S.C. 5313(a), 5326. This proposal also implements the GENIUS Act's requirements related to high value transactions. See 12 U.S.C. 5903(a)(5)(A)(v).

(209) 31 CFR 1010.311.

(210) 31 CFR 1010.100(m) (defining, in part, “currency” as “[t]he coin and paper money of the United States or of any other country”).

(211) Kiosks, for example, which are ATM-like devices that allow customers to exchange real (or fiat) currency for virtual currency
and vice versa, are already used to exchange CVC for fiat currency including cash. See FinCEN, FIN-2025-NTC1, FinCEN Notice on the Use of Convertible Virtual Currency Kiosks for Scam Payments and Other Illicit Activity (Aug. 4, 2025), available at https://www.fincen.gov/system/files/2025-08/FinCEN-Notice-CVCKIOSK.pdf. Such devices could be leveraged by PPSIs as an additional means to interact with customers.

(212) See 31 CFR 1020.315.

(213) See 12 U.S.C. 5903(a)(5)(A)(iii).

(214) See 31 U.S.C. 5318(g)(1).

(215) See 31 CFR 1020.320, 1021.320, 1022.320, 1023.320, 1024.320, 1025.320, 1026.320, 1029.320, 1030.320.

(216) See 31 U.S.C. 5311(1); see also, e.g., FinCEN, Financial Crimes Enforcement Network (FinCEN) available at https://www.fincen.gov/system/files/2025-08/FinCEN-Infographic-Public-2025-508.pdf.

(217) See infra section VI.C.8.ii. and vi.

(218) See 31 CFR 1020.320(a), 1021.320(a), 1023.320(a), 1024.320(a), 1026.320(a), 1029.320(a) (requiring banks, casinos, broker-dealers
in securities, mutual funds, futures commission merchants and introducing brokers, and loan or finance companies to report
suspicious transactions if they involve in the aggregate at least $5,000).

(219) 31 CFR 1022.320(a)(2).

(220) 12 U.S.C. 5903(a)(5)(A)(v).

(221) See FinCEN, Amendments to the Bank Secrecy Act Regulations-Requirement that Money Transmitters and Money Order and Traveler's Check Issuers,
Sellers, and Redeemers Report Suspicious Transactions, 65 FR 13683 (Mar. 14, 2000).

(222) See 31 CFR 1021.320(a)(2)(iv), 1022.320(a)(2)(iv), 1023.320(a)(2)(iv), 1024.320(a)(2)(iv), 1025.320(a)(2)(iv), 1026.320(a)(2)(iv),
1029.320(a)(2)(iv), 1030.320(a)(2)(iv).

(223) Other BSA-defined financial institutions, such as banks, broker-dealers in securities, and mutual funds have separate reporting
obligations that may involve the same suspicious activity. See 31 CFR 1020.320, 1023.320, 1024.320.

(224) 31 U.S.C. 5318(g)(2).

(225) See 31 U.S.C. 5318(g)(2)(A)(i), 5322.

(226) In reaching this conclusion, FinCEN considered and found persuasive the rationale underlying interagency guidance issued
by FinCEN, the Board, FDIC, OCC, and Office of Thrift Supervision, which determined “a U.S. bank or savings association may
disclose a Suspicious Activity Report to its controlling company.” See FinCEN, the Board, FDIC, OCC, and Office of Thrift Supervision, Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies (Jan. 20, 2006), available at https://www.fincen.gov/system/files/guidance/sarsharingguidance01122006.pdf.

(227) For purposes of this rulemaking, “non-public information” refers to information that is exempt from disclosure under the
Freedom of Information Act.

(228) 31 CFR 1.11 is Treasury's regulation governing demands for testimony or the production of records of Department employees
and former employees in a court or other proceeding.

(229) As previously referenced, to encourage the reporting of possible violations of law or regulation and the filing of SARs,
the BSA contains a safe harbor provision that shields financial institutions making such reports from civil liability. In
2001, the USA PATRIOT Act clarified that the safe harbor also covers voluntary disclosure of possible violations of law and
regulations to a government agency and expanded the scope of the safe harbor to cover any civil liability which may exist
under any contract or other legally enforceable agreement (including any arbitration agreement). See USA PATRIOT Act, Public Law 107-56, sec. 351(a), 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(3).

(230) See 12 U.S.C. 5903(a)(5)(A)(ii).

(231) See 12 U.S.C. 1953; 31 U.S.C. 5318(a)(2); see also 12 U.S.C. 5901(2) (defining “Bank Secrecy Act” to include 12 U.S.C. 1951 et seq.); 31 U.S.C. 5311(1) (stating purpose of the BSA includes requiring records that are highly useful for law enforcement and
regulatory investigations and intelligence and counterintelligence activities).

(232) See 31 CFR 1020 subpart D, 1021 subpart D, 1022 subpart D, 1023 subpart D, 1024 subpart D, 1025 subpart D, 1026 subpart D, 1027
subpart D, 1028 subpart D, 1029 subpart D, and 1030 subpart D.

(233) See 31 CFR 1010.401.

(234) FinCEN recognizes that it is unlikely PPSIs will engage in extensions of credit, but in the event the ability of PPSI to
extend credit is not fully foreclosed, FinCEN believes it prudent to apply the obligation. A PPSI not engaged in such activity
would not be expected to take any action to implement it, including creating policies and procedures, and accordingly would
accrue no burden from the application of this obligation.

(235) The Recordkeeping Rule for nonbank financial institutions is codified at 31 CFR 1010.410(e). The Travel Rule is codified
at 31 CFR 1010.410(f) and applies to both bank and nonbank financial institutions. See Treasury, Board, Amendment to the Bank Secrecy Act Regulations Relating to Recordkeeping for Funds Transfers and Transmittals of Funds by Financial
Institutions, 60 FR 220 (Jan. 3, 1995).

(236) See 31 CFR 1010.410(e).

(237) In addition to implementing the GENIUS Act's directive that PPSIs be subject to recordkeeping obligations, this proposal
also implements its requirements related to high value transactions by requiring collection of information for certain transactions. See 12 U.S.C. 5903(a)(5)(A)(v).

(238) Section 1010.410(e) applies to “nonbank financial institutions.” FinCEN recognizes that some PPSIs may also be banks but
believes further clarifying in the regulatory text that when an entity acts as a PPSI it is acting as a nonbank financial
institution is not necessary.

(239) See 2019 CVC Guidance, supra note 87.

(240) Under 31 U.S.C. 5318(a)(2), FinCEN can require financial institutions to maintain appropriate procedures, including to collect
and report information. to guard against money laundering, the financing of terrorism, or other forms of illicit finance.
Additionally, 12 U.S.C. 1953

  provides the Secretary the ability to, for any financial institution other than an insured bank, promulgate rules related
  to maintenance of appropriate records including relating to funds transfers. While FinCEN assesses its inclusion of “payment
  stablecoin” is no more than a clarification, it also has and is using its authority under 12 U.S.C. 1953 and 31 U.S.C. 5318(a)(2)
  to independently add payment stablecoin to the Recordkeeping and Travel Rule's purview.

(241) See supra section VI.C.1.iv; see also 2019 CVC Guidance, supra note 87, p. 11.

(242) See 2019 CVC Guidance, supra note 87, p. 11.

(243) 12 U.S.C. 5901(18).

(244) See FinCEN, Board, Threshold for the Requirement To Collect, Retain, and Transmit Information on Funds Transfers and Transmittals of Funds That
Begin or End Outside the United States, and Clarification of the Requirement To Collect, Retain, and Transmit Information
on Transactions Involving Convertible Virtual Currencies and Digital Assets With Legal Tender Status, 85 FR 68005, 68009 (Oct. 27, 2020). FinCEN intends to withdraw this proposal. See E.O. 14178 Report, supra note 32, p. 100.

(245) See, e.g., AML Act, Public Law 116-283 (2021). Section 6102(d) of the AML Act adding “value that substitutes for currency” to clarify
the application of the BSA to those assets, including clarifying that “monetary instruments” can include “value that substitutes
for any monetary instrument.”

(246) See 2019 CVC Guidance, supra note 87, p. 11.

(247) 12 U.S.C. 5903(a)(5)(A).

(248) 31 U.S.C. 5311(2), (5).

(249) See 31 U.S.C. 5311(5); see also AML Act, Public Law 116-283.

(250) See 31 U.S.C. 5311 note (“Cooperation Among Financial Institutions, Regulatory Authorities, and Law Enforcement Authorities”).

(251) FinCEN, FinCEN's 314(a) Fact Sheet (last updated Feb. 3, 2026), available at https://www.fincen.gov/sites/default/files/shared/314afactsheet.pdf. Covered financial institutions are instructed not to reply to the 314(a) request if a search does not uncover any matching
accounts or transactions.

(252) See FinCEN, Section 314(b) Fact Sheet (Dec. 2020), available at https://www.fincen.gov/system/files/shared/314bfactsheet.pdf.

(253) Id.

(254) See 31 CFR 1010.520(b)(3)(i).

(255) See 31 CFR 1010.520(b)(3)(ii).

(256) See 12 U.S.C. 5903(a)(5)(A)(v).

(257) See 31 U.S.C. 5318(i)(1).

(258) See 31 U.S.C. 5318A and note; 21 U.S.C. 2313a; see also 31 CFR 1010.651-664.

(259) See 31 U.S.C. 5318(j)(1) (specifying prohibition on correspondent accounts for shell banks is limited to financial institutions
defined in 31 U.S.C. 5312(A) though (G)); 31 U.S.C. 5318(k)(1)(B) (specifying application of subsection only to covered financial
institutions as specified in 31 U.S.C. 5318(j)(1)).

(260) Currently, cross references in § 1010.605(c)(2)(ii) through (iv) to corresponding paragraphs in (e)(1) are misaligned. For
example, § 1010.605(c)(2)(ii), which deals with broker dealers, should cross the corresponding paragraph in (e)(1) that deals
with broker dealers, paragraph (e)(1)(ii), but instead references paragraph (e)(1)(viii). FinCEN's proposed changes to paragraphs
1010.605(c)(2)(ii) through (iv) clean up the cross references and do not result in any substantive change to the rule.

(261) FinCEN, Anti-Money Laundering Programs; Special Due Diligence Programs for Certain Foreign Accounts, 71 FR 496, 497-98 (Jan. 4, 2006).

(262) Id. at 499.

(263) See 31 CFR 1010.610-620.

(264) See 31 CFR 1010.610-620.

(265) See 31 CFR 1010.610(b).

(266) See 31 CFR 1010.620(c).

(267) Section 311 is codified at 31 U.S.C. 5318A.

(268) Section 9714(a) of the Combating Russian Money Laundering Act, as amended by section 6106(b) of the National Defense Authorization
Act for Fiscal Year 2022. Section 9714 (as amended) can be found in a note to 31 U.S.C. 5318A.

(269) Additionally, FinCEN has proposed special measures that, if finalized, could also require PPSIs to take special measures. See FinCEN, Proposal of Special Measure Regarding MBaer Merchant Bank AG as a Financial Institution Operating Outside of the United States
of Primary Money Laundering Concern, 91 FR 10034 (Mar. 2, 2026); FinCEN, Proposal of Special Measure Regarding Transactions Involving Ten Mexican Gambling Establishments as a Class of Transactions
of Primary Money Laundering Concern, 90 FR 51234 (Nov. 17, 2025).

(270) In October 2016, FinCEN issued conditional exceptive relief permitting covered financial institutions to maintain correspondent
accounts for Burmese banks under certain conditions. See FinCEN, Conditional Exception to Bank Secrecy Act Regulations Relating to the Burma Section 311 Final Rule, 81 FR 71986 (Oct. 19, 2016).

(271) In May 2025, FinCEN issued conditional exceptive relief permitting covered financial institutions to open and maintain correspondent
accounts for the Commercial Bank of Syria under certain conditions. FinCEN, Exception to Prohibition Imposed by Section 311 of the USA PATRIOT Act Against the Commercial Bank of Syria (May 23, 2025), available at https://www.fincen.gov/system/files/2025-08/Commercial-Bank-of-Syria-Exceptive-Relief.pdf.

(272) 12 U.S.C. 5903(a)(5)(A)(vi).

(273) 12 U.S.C. 5901(23) (defining, in part, “permitted payment stablecoin issuer” as “a person formed in the United States”).

(274) See 50 U.S.C. 1702.

(275) 12 U.S.C. 5903(a)(5)(A)(vi).

(276) See, e.g., 50 U.S.C. 1702.

(277) See, e.g., 31 CFR 525.102, 583.102, 587.601.

(278) See 12 U.S.C. 5904(i)(1).

(279) 12 U.S.C. 5905(b)(5)(B)-(C).

(280) See, e.g., 50 U.S.C. 1705(b), 4315(b).

(281) See 12 U.S.C. 5904(i)(1).

(282) See 12 U.S.C. 5901(25), 5901(30).

(283) 12 U.S.C. 5903(a)(5)(A)(vi).

(284) 12 U.S.C. 5903(a)(5)(B).

(285) See OFAC, A Framework for OFAC Compliance Commitments (May 2, 2019) [hereinafter 2019 Compliance Framework ], available at https://ofac.treasury.gov/media/16331/download?inline.

(286) See OFAC, Sanctions Compliance Guidance for the Virtual Currency Industry (Oct. 2021) [hereinafter Virtual Currency Industry Guidance ], available at https://ofac.treasury.gov/media/913571/download?inline; see also OFAC, Questions on Virtual Currency, available at https://ofac.treasury.gov/faqs/topic/1626.

(287) See Virtual Currency Industry Guidance, supra note 286, at pp. 14, 16.

(288) OFAC, Economic Sanctions Enforcement Guidelines, 74 FR 57593 (Nov. 9, 2009).

(289) Id. at 57594.

(290) 12 U.S.C. 5903(a)(5)(B).

(291) See, e.g., OFAC, OFAC Settles with Murad, LLC for $3,334,286 and with a Former Senior Executive of Murad, LLC for $175,000 Related to Apparent
Violations of the Iranian Transactions and Sanctions Regulations (May 17, 2023), available at https://ofac.treasury.gov/media/931761/download?inline=.

(292) See 12 U.S.C. 5903(a)(5)(B).

(293) Id.

(294) Id.

(295) See, e.g., OFAC, Key Holding, LLC Settles with OFAC for $608,825 Related to Apparent Violations of Cuban Assets Control Regulations (July 2, 2025) [hereinafter Key Holding ], available at https://ofac.treasury.gov/media/934456/download?inline.

(296) See Virtual Currency Industry Guidance, supra note 286, at p. 11.

(297) The PPSI as an entity would be required to establish and maintain the internal controls as part of the compliance program,
which senior management would be required to review and approve as part of reviewing and approving the compliance program
writ large. See supra section VII.B.1 for discussion of the role of senior management.

(298) 12 U.S.C. 5903(a)(5)(A)(iv).

(299) See Virtual Currency Industry Guidance, supra note 286, at pp. 13-17.

(300) See id. at p. 15.

(301) See, e.g., OFAC, OFAC Imposes $7,139,305 Penalty on Gracetown, Inc. for Violating Ukraine-/Russia-Related Sanctions and Reporting Obligations (Dec. 4, 2025), available at https://ofac.treasury.gov/media/934796/download?inline.

(302) See, e.g., OFAC, OFAC Settles with Toll Holdings Limited for $6,131,855 Related to Apparent Violations of Multiple Sanctions Programs (Apr. 25, 2022), available at https://ofac.treasury.gov/media/922441/download?inline=.

(303) See, e.g., Key Holding, supra note 295.

(304) 12 U.S.C. 5903(a)(5)(B).

(305) See generally Virtual Currency Industry Guidance, supra note 286.

(306) See, e.g., OFAC, OFAC Enters Into $1,385,901.40 Settlement with Payoneer Inc. for Apparent Violations of Multiple Sanctions Programs (Jul. 23, 2021), available at https://ofac.treasury.gov/media/911571/download?inline.

(307) 12 U.S.C. 5903(a)(5)(B).

(308) See, e.g., OFAC, OFAC Settles with 3M Company for $9,618,477 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (Sept. 21, 2023), available at https://ofac.treasury.gov/media/932161/download?inline.

(309) 12 U.S.C. 5903(a)(5)(B).

(310) Relevant stakeholders can include clients, suppliers, business partners, and counterparties. 2019 Compliance Framework, supra note 285, at p. 7.

(311) 12 U.S.C. 5905(b)(5)(B).

(312) See, e.g., 31 CFR 561.314, 566.312, 589.322, 594.321.

(313) See 12 U.S.C. 5901(22).

(314) See 12 U.S.C. 5901(23).

(315) See 12 U.S.C. 5901(24).

(316) See 12 U.S.C. 5905(b)(5)(B)-(C).

(317) See 50 U.S.C. 1705(b), as adjusted pursuant to the Federal Civil Penalties Inflation Adjustment Act of 1990 (28 U.S.C. 2461 note).

(318) See 50 U.S.C. 4315(b)(1), as adjusted pursuant to the Federal Civil Penalties Inflation Adjustment Act of 1990 (28 U.S.C. 2461
note).

(319) FinCEN, FIN-2012-R005, Compliance Obligations of Certain Loan or Finance Company Subsidiaries of Federally Regulated Banks and Other Financial Institutions (Aug. 13, 2012), available at https://www.fincen.gov/system/files/administrative_ruling/FIN-2012-R005.pdf.

(320) E.O. 14292, Fighting Overcriminalization in Federal Regulations, 90 FR 20363, 20364 (May 14, 2025).

(321) Id.

(322) Id.

(323) E.O. 12866, Regulatory Planning and Review, 58 FR 51735 (Oct. 4, 1993).

(324) E.O. 13563, Improving Regulation and Regulatory Review, 76 FR 3821 (Jan. 21, 2011).

(325) See E.O. 14192, Unleashing Prosperity Through Deregulation, 90 FR 9065 (Feb. 6, 2025); Office of Management and Budget (OMB), M-25-20, Guidance Implementing Section 3 of Executive Order 14192, Titled “Unleashing Prosperity Through Deregulation” (Mar. 26, 2025), available at https://www.whitehouse.gov/wp-content/uploads/2025/02/M-25-20-Guidance-Implementing-Section-

(326) 5 U.S.C. 601 et seq.

(327) 2 U.S.C. 1532.

(328) 44 U.S.C. 3501 et seq.

(329) This economic expectation is sensitive to key assumptions about how potentially affected financial institutions would respond
to the proposed requirements. FinCEN and OFAC request comment on whether it would instead be more reasonable to certify that
the proposed rule would not have a significant economic impact on a substantial number of small entities.

(330) The UMRA requires an assessment of any Federal mandates that may result in annual expenditures of $100 million or more, adjusted
for inflation, before issuing a general notice of proposed rulemaking. 2 U.S.C. 1532(a). FinCEN and OFAC have not anticipated
material changes in expenditures for State, local, and Tribal governments, insofar as they would not participate in the primary
activities of monitoring or enforcing compliance of the newly proposed requirements in a way that differs from current involvement,
thereby incurring novel incremental costs. But because the proposed rule would affect entities in the private sector that
are covered financial institutions, FinCEN and OFAC have considered expenditures these private entities may incur, pursuant
to UMRA, as part of the regulatory impact in its assessment below.

(331) See supra section VI.A.1.

(332) 12 U.S.C. 5903(a)(5)(A).

(333) 12 U.S.C. 5903(a)(5)(A)(i)-(iv).

(334) 12 U.S.C. 5903(a)(5)(A)(vi).

(335) 12 U.S.C. 5903(a)(6)(B).

(336) See infra section XII.A.

(337) See infra section XII.B.

(338) See infra section XII.C.

(339) See infra section XII.D.

(340) See infra section XII.E.

(341) See infra section XII.F.

(342) See infra section XII.A.1.

(343) See infra section XII.A.2.

(344) See infra section XII.A.3.

(345) See infra section XII.A.4.

(346) See infra section XII.A.5.

(347) See generally supra section II.

(348) See E.O. 12866, section 1(b)(1) (“Each agency shall identify the problem that it intends to address (including, where applicable,
the failures of private markets or public institutions that warrant new agency action) as well as assess the significance
of that problem.”).

(349) With respect to AML/CFT programs in particular, Congress instructed FinCEN to consider the potential economic inefficiencies
engendered by the presence of market externalities when promulgating implementing regulations. See 31 U.S.C. 5318(h)(2)(B)(i) (stating financial institutions are spending private compliance funds for a public and private
benefit, including protecting U.S.

  financial system from illicit finance risks); *see also* 31 U.S.C. 5318(h)(2)(B)(iii) (stating that AML/CFT programs safeguard national security and generate significant public benefits
  by prevent illicit flows of funds and assisting law enforcement and national security agencies with information).

(350) See, e.g., FinCEN, Anti-Money Laundering and Countering the Financing of Terrorism Programs, 89 FR 55428, 55451 (July 3, 2024).

(351) See infra section XII.A.4.i.

(352) In this context, FinCEN and OFAC employ the term “market” in its broadest economic sense, referring to any set of exchanges,
transactions, or actions that involve counterparties with unique objectives. The baseline here set forth also forms the counterfactual
against which the quantifiable effects of the rule are measured; therefore, substantive errors in or omissions of relevant
data, facts, or other information may affect the conclusions formed regarding the general and economically significant impacts
of the rule. FinCEN and OFAC invite comment on the accuracy of the baseline population estimates as well as any supporting
studies, data, or anecdotes.

(353) See E.O. 12866, section 1(a) (“In deciding whether and how to regulate, agencies should assess all costs and benefits of available
regulatory alternatives, including the alternative of not regulating”).

(354) See infra section XII.A.4; see also infra sections XII.C. and XII.E.

(355) Analyzing the anticipated effects of a rule requires first establishing what the proposed changes will be measured against,
and establishing such a counterfactual often requires making numerous assumptions. The extent to which the proposed rule would
impose incremental economic effects relies on a number of assumptions about the strategic decisions current and future stablecoin
issuers would make, responsive to various factors, that include but are not limited to: (1) the decision to remain/become
a stablecoin issuer; (2) the decision to pursue registration as a PPSI, and if so; (3) the decision about which type of PPSI
status to seek. These assumptions, in turn, inform the selection of the most informative counterfactual(s), including the
appropriate regulatory baseline.

(356) See supra note 11.

(357) For example, if one assumes a current stablecoin issuer decides to both remain an issuer and pursue registration as a PPSI,
the most relevant regulatory baseline comparison might be relative to the current AML/CFT requirements for MSBs that are money
transmitters. Alternatively, if a decision is made to newly become a stablecoin issuer, and to do so as a bank subsidiary,
then the current BSA requirements of the parent bank might be a more appropriate regulatory baseline to assess the incremental
burden of that PPSI.

(358) 31 CFR 1020.220; see generally Supporting Statement for OMB Control No. 1506-0026: FinCEN, Customer Identification Program Regulatory Requirements for Banks (Aug. 29, 2024), available at https://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=202408-1506-003.

(359) 31 CFR 1020.210(a)(2)(v) and (b)(2)(v), 1010.230(b)(c); see generally Supporting Statement OMB Control No. 1506-0070: FinCEN, Beneficial Ownership Requirements for Legal Entity Customers (Apr. 30, 2024), available at https://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=202404-1506-004.

(360) 31 CFR 1020.315; see generally Supporting Statement OMB Control No. 1506-0012: FinCEN, Transactions of Exempt Persons Regulations, and FinCEN Form 110, Designation of Exempt Persons Report (Oct. 28, 2024), available at https://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=202410-1506-001.

(361) 31 CFR 1020.410; see generally Supporting Statement OMB Control No. 1506-0059: FinCEN, Additional Records to be Made and Retained by Banks (Oct. 29, 2024), available at https://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=202410-1506-006.

(362) 31 CFR 1020.610, 1020.620, 1010.610, 1010.620; see generally Supporting Statement OMB Control No. 1506-0046: FinCEN, Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions and for Private Banking Accounts (Aug. 27, 2024), available at https://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=202408-1506-001.

(363) 31 CFR 1020.630, 1010.630; see generally Supporting Statement OMB Control No. 1506-0043: FinCEN, Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service
of Legal Process (July 31, 2025), available at https://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=202501-1506-001.

(364) 31 CFR 1060.300; see generally Supporting Statement OMB Control No. 1506-0066: FinCEN, Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions Designated under IEEPA and
IRGC-Linked Persons Designated under IEEPA (July 8, 2025), available at https://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=202507-1506-001.

(365) If, under an effective GENIUS framework, the issuer of an existing stablecoin product applies and is granted registration
as a PPSI, then its obligations under the BSA as an MSB would be superseded by its new obligations as a PPSI.

(366) In 12 U.S.C. 5901(23), the GENIUS Act defines PPSIs as persons incorporated in the United States. As such, in order to issue
stablecoins, an issuer would need to register as a U.S. person and would therefore become subject to U.S. sanctions laws and
all resulting obligations.

(367) OFAC's Enforcement Guidelines, 31 CFR part 501, Appendix A, include the existence, nature, and adequacy of a subject person
as a factor in determining what administrative action to take in response to an apparent violation of U.S. sanctions.

(368) This understanding aligns with OFAC's guidance in the 2019 Compliance Framework, which notes that “OFAC strongly encourages
organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States,
U.S. persons, or using U.S.-origin goods or services, to employ a risk-based approach to sanctions compliance by developing,
implementing, and routinely updating a sanctions compliance program (SCP).” 2019 Compliance Framework, supra note 285, at p. 1.

(369) 23 NYCRR Part 200; NYDFS, Guidance on the Issuance of U.S. Dollar-Backed Stablecoins (June 8, 2022), available at https://www.dfs.ny.gov/industry_guidance/industry_letters/il20220608_issuance_stablecoins.

(370) 23 NYCRR 200.4; see also NYDFS, Guidance on the Issuance of U.S. Dollar-Backed Stablecoins (June 8, 2022), available at https://www.dfs.ny.gov/industry_guidance/industry_letters/il20220608_issuance_stablecoins.

(371) 23 NYCRR 200.10; see also NYDFS, Guidance on the Issuance of U.S. Dollar-Backed Stablecoins (June 8, 2022).

(372) NYDFS, Guidance on the Issuance of U.S. Dollar-Backed Stablecoins (June 8, 2022).

(373) See, e.g., Texas Dep't of Banking, GENIUS Act—Non Depository (last accessed Apr. 6, 2026) (noting that Texas “currently licenses and regulates issuers of fiat-currency backed stablecoin
as money transmitters), available at https://www.dob.texas.gov/money-services-business/genius-act-non-depository.

(374) 12 U.S.C. 5904(i)(1).

(375) 12 U.S.C. 5905(a)(2)(D).

(376) See supra note11; see also infra section XII.E.

(377) See infra section XII.A.2.ii.d. 1.

(378) See infra section XII.A.2.ii.d. 2.

(379) OFAC does not anticipate the proposed sanction compliance program requirements would have an incremental direct economic
effect on a future PPSI's primary market customers because OFAC's proposed rule applies only to the PPSIs themselves. Further,
as noted previously, future PPSIs would already be U.S. persons and therefore subject to U.S. sanctions laws irrespective
of any regulations issued under the Act. As a result, they would have already been prohibited from engaging in prohibited
transactions with or involving prospective primary market customers, and OFAC's proposed additional requirement that the PPSI
would need to maintain an effective sanctions compliance program should not impose any additional burden or economic impact
on that PPSI's direct customers. To the extent a non-U.S. person stablecoin issuer would become U.S. persons to qualify as
a PPSI, as discussed above in section XII.A.2.i.b, OFAC's experience administering U.S. sanctions has demonstrated that sophisticated
multi-jurisdictional financial actors, of the type that would seek to qualify as a PPSI, often maintain sanctions compliance
programs aligned with U.S. sanctions requirements regardless of their status as U.S. persons. Furthermore, where a future
PPSI's direct customers are U.S. persons, those direct customers would already also be subject to existing U.S. sanctions
requirements themselves. OFAC invites comment on whether the reasoning that its proposed rule would not have an economic impact
on direct customers of PPSIs is reasonable.

(380) See 12 U.S.C. 5901(22); see also supra section VI.C.1.viii.

(381) See 12 U.S.C. 5903(a)(11), PPSIs are not permitted to pay the holder of any payment stablecoin any form of interest or yield solely
in connection with the holding, use, or retention of payment stablecoins. See also 12 U.S.C. 5903(a)(1)(A). PPSIs are required to maintain identifiable reserves backing its payment stablecoin, on at least
a one-to-one basis, with reserves composed of certain specific, high-quality and liquid assets, including United States coins
and currency; demand deposits; and Treasury bills, notes, or bonds. Accordingly, the GENIUS Act does not allow payment stablecoins
to be backed by, for example, other kinds of digital assets, nor does the GENIUS Act allow payment stablecoins to be algorithmic
backed.

(382) 12 U.S.C. 5901(22).

(383) 12 U.S.C. 5903(a)(1).

(384) The degree to which the current stablecoin market would migrate to PPSI status under the proposal remains uncertain. The
issuers of several large products have made varying statements about their interest in seeking PPSI status.

(385) FinCEN and OFAC invite comments on the methodology and assumptions used to derive this estimate.

(386) FinCEN and OFAC invite comment on the driving factors that would incentivize an issuer to apply for PPSI status.

(387) FinCEN and OFAC expect that issuers of payment stablecoin products may have several incentives to apply for status as a PPSI
instead of existing under another designation. First, because PPSIs would be required by law to maintain certain standards
(for example, holding certain assets in their reserve portfolio), the designation may be attractive to more risk-averse investors
or payment stablecoin customers. In addition, because potential PPSIs would be required to apply for that status and be approved
by the appropriate regulatory agency to be entitled to the designation, the designation may serve as a stronger signal of
regulatory compliance in contrast to a self-adopted designation. Other issuers may have alternative incentives to avoid the
PPSI designation, despite being technically able to comply with its requirements.

(388) In addition to activities permitted for PPSIs, the GENIUS Act allows for the offering and selling in the United States of
payment stablecoins issued by FPSIs subject to certain requirements. See 12 U.S.C. 5902(b)(2).

(389) To the extent that the evolution of the stablecoin market is comparable to other technology sector models. See e.g., Steven Klepper, “Entry, Exit, Growth, and Innovation over the Product Life Cycle,” The American Economic Review, vol. 86, no. 3 (June 1996), at pp. 562-83, available at https://www.jstor.org/stable/pdf/2118212.pdf.

(390) See supra note 11.

(391) See id.

(392) Because no currently operating stablecoin issuers have been identified that can, with more certainty than not, be expected
to become a SQPSI within the PPSI regulatory framework (as defined in proposed 31 CFR 1010.100(ttt)(3) and 31 CFR 1010.100(xxx)),
the population used in this analysis does not include an estimate for these types of potential future PPSIs.

(393) See supra sections VI.C.1.xi and xiii (discussing potential definitions for FQPSIs and SQPSIs at 31 CFR 1010.100(vvv) and (xxx), respectively);
s ee also 12 U.S.C. 5901(11), (31).

(394) See supra section VI.A.2.i.

(395) Certain state regulators may be affected in a way that is comparable to the effects on Federal regulators. However, given
that the GENIUS Act sets out a federal regulatory framework with certain tasks for Federal regulators, it is difficult at
this time to do more than speculate about what actions states may take, and therefore FinCEN and OFAC did not attempt to estimate
the effect of this rule on state regulatory agencies. However, FinCEN and OFAC are interested in receiving comments offering
assessments on this subject.

(396) FinCEN is not proposing to amend § 1010.810(b)(8) to effectuate this because the existing delegation covers it. See supra section VI.C.2.i.

(397) This figure is based on the estimated number of compliance examiners at the Board, FDIC, NCUA, and OCC.

(398) These figures represent an approximate number of Federal examiners provided by Federal functional regulators with AML/CFT
supervisory responsibilities.

(399) See supra section VII.A.

(400) On the listed figure, see supra note 398. See generally OFAC, Examination Guidelines, (Jun. 30, 2005) available at https://ofac.treasury.gov/recent-actions/20050630a.

(401) See FinCEN, Financial Crimes Enforcement Network (FinCEN) Year in Review for Fiscal Year 2024, p. 5. Note that not all users are from external agencies. FinCEN employees are also among the users with access to the BSA
Portal.

(402) See infra section XII.A.2.ii.d. 2.

(403) 12 U.S.C. 5903(a)(5)(A).

(404) The Federal Bureau of Investigation estimated that in 2025 direct losses to U.S. citizens resultant of crypto-related scammers
and fraudsters exceeded $7.2 billion. See Federal Bureau of Investigation, 2025 internet Crime Report (2026), available at https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf; see also supra section IV.D.2.

(405) See supra section IV.D.

(406) To address the impact of extreme outliers, the truncated average was estimated by removing six percent of the sample from
the left and right tails of the distribution (the single smallest and largest values). The largest value was more than three
standard deviations away from nearest value, making it a significant outlier.

(407) A substantial portion of these customers may be affiliates of a single counterparty or associated with non-U.S. entities.
In cases where these entities are not U.S. persons, the incremental economic burdens of the proposed rule, while considered
as part of the broader economic analysis, are not included in the IRFA (see infra section XII.C) because RFA considerations apply to U.S. small entities only.

(408) In cases where these entities are not U.S. persons, the incremental economic burdens of the proposed rule, while considered
as part of the broader economic analysis, are not included in the IRFA because RFA considerations apply to U.S. small entities
only.

(409) Such firms would be classified under North American Industry Classification System (NAICS) industry code 523 (“Securities,
Commodity Contracts, and Other Financial Investments and Related Activities”).

(410) The term “potential payment stablecoin” is meant in this analysis to refer to those products which, based on FinCEN's analysis,
possess the attributes that could qualify them as “payment stablecoins” as defined in the GENIUS Act.

(411) See infra section XII.A.2.iii.b.

(412) See infra section XII.A.2.iii.c.

(413) The FATF identifies central governance bodies (issuers) as “obliged entities” responsible for customer due diligence and
transaction monitoring; they typically collect some customer information from primary market customers. See FATF, Report to the G20 on So-called Stablecoins, pp. 9-11 (Jun. 2020), available at https://www.fatf-gafi.org/en/publications/Virtualassets/Report-g20-so-called-stablecoins-june-2020.html.

(414) The truncated average was calculated by removing the single largest outlier, which had over 4,000 filings, significantly
more than the next highest value. This entity also offered other retail products in addition to their stablecoin offering,
resulting in a number of SARs being filed unrelated to their stablecoin product.

(415) William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Public Law 116-283, 134 Stat. 3388 (Jan.
1, 2021), sec. 6201 (Annual reporting requirements).

(416) FinCEN, Agency Information Collection Activities: Proposed Renewal; Comment Request; Renewal Without Change of the Generic Clearance
for the Collection of Qualitative Feedback on Agency Service Delivery, 88 FR 30383 (May 11, 2023).

(417) See GAO, Anti-Money Laundering: Opportunities Exist to Increase Law Enforcement Use of Bank Secrecy Act Reports, and Banks' Costs to
Comply with the Act Varied, GAO-20-574 (Sept. 2020), available at https://www.gao.gov/assets/gao-20-574.pdf. GAO conducted the survey from November 9, 2019, through March 16, 2020.

(418) Based on a response rate of approximately 57 percent.

(419) See OFAC, 2019 Compliance Framework, supra note 285.

(420) See OFAC, Virtual Currency Industry Guidance, supra note 286.

(421) See OFAC, Questions on Virtual Currency, available at https://ofac.treasury.gov/faqs/topic/1626.

(422) See FinCEN, Information on Complying with the Customer Due Diligence (CDD) Final Rule, available at https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule; see also FinCEN, Fact Sheet: Proposed Rule to Strengthen and Modernize Financial Institution AML/CFT Programs, FIN-2024-FCT1 (Jun. 28, 2024), available at https://www.fincen.gov/system/files/shared/Program-NPRM-FactSheet-508.pdf; FinCEN, the Board, FDIC, NCUA, and OCC, Interagency Statement on the Issuance of the AML/CFT Program Notices of Proposed Rulemaking (Jul. 19, 2024), available at https://www.fincen.gov/system/files/shared/Interagency-Statement-on-the-Issuance-of-the-AML-CFT-Program-Notices-of-Proposed-Rulemaking-FINAL.pdf;
see also FinCEN, Anti-Money Laundering and Countering the Financing of Terrorism Programs, 89 FR 55428 (July 3, 2024).

(423) See OFAC, Entities Owned by Blocked Persons (50% Rule) (Aug. 13, 2024), available at https://ofac.treasury.gov/faqs/topic/1521.

(424) See supra section IV.A, note 37.

(425) See infra section XII.A.4.

(426) As noted in section V.B, U.S. persons, including U.S. person stablecoin issuers, are and have always been subject to U.S.
sanctions laws, including with respect to transactions occurring on the primary or secondary markets.

(427) See supra section VI.C.3.ii.a. 3.

(428) 12 U.S.C. 5903(a)(5), 5903(a)(5)(A)(v).

(429) See 31 U.S.C. 5318(h)(1)(D).

(430) See supra section VI.C.3.ii.b.

(431) See supra section VI.C.3.ii.c.

(432) This individual is also commonly referred to as a “BSA officer.” However, as discussed below, the particular labels that
FinCEN or a PPSI may use to refer to this individual are immaterial.

(433) See 31 U.S.C. 5318(h)(1)(C).

(434) See supra section VI.C.3.ii.d.

(435) See supra sections VI.C.3.iii-iv.

(436) See supra section VI.C.5.

(437) 12 U.S.C. 5903(a)(5)(A)(iv).

(438) As noted in section V.B, however, U.S. persons, including U.S. financial institutions, are required to comply with U.S. sanctions
laws, including obligations to block, reject, and report certain prohibited transactions.

(439) 12 U.S.C. 5903(a)(6)(B).

(440) See 12 U.S.C. 5901(16).

(441) See supra sections VI.C.6.ii.

(442) See supra section VI.C.7.

(443) See supra section VI.C.8.

(444) See 12 U.S.C. 5903(a)(5)(A)(ii).

(445) See 12 U.S.C. 1953; 31 U.S.C. 5318(a)(2); see also 12 U.S.C. 5901(2) (defining “Bank Secrecy Act” to include 12 U.S.C. 1951 et seq.); 31 U.S.C. 5311(1) (stating purpose of the BSA includes requiring records that are highly useful for law enforcement and
regulatory investigations and intelligence and counterintelligence activities).

(446) See supra section VI.C.9.

(447) See supra section VI.C.11.

(448) See supra section VI.C.11.iii.

(449) 12 U.S.C. 5903(a)(5)(A)(vi).

(450) 12 U.S.C. 5903(a)(5)(B).

(451) See supra section VII.B; OFAC, 2019 Compliance Framework, supra note 285.

(452) See supra section VII.B.1.

(453) See supra section VII.B.2.

(454) See supra section VII.B.3.

(455) See supra section VII.B.4.

(456) See supra section VII.B.5.

(457) See OFAC, 2019 Compliance Framework, supra note 285.

(458) A PPSI, by virtue of their status as a U.S. person would be required to comply with U.S. sanctions obligations applicable
to U.S. persons under OFAC's existing regulations. See, e.g., 31 CFR 510.326, 555.313, 583.314.

(459) See OFAC, 2019 Compliance Framework, supra note 285; OFAC, Virtual Currency Industry Guidance, supra note 286.

(460) See 31 CFR part 501.

(461) See supra section VII.B.4.

(462) See supra section VII.A.

(463) A BIS study found that a one-standard-deviation increase in digital asset regulatory comprehensiveness, as measured by the
authors, was associated with a 30-percent increase in capital raised by crypto-related firms located in those jurisdictions. See Matteo Aquilina, Giulio Cornelli, and Marina Sanchez del Villar, “Regulation, Information Asymmetries and the Funding of New
Ventures,” BIS Working Papers, no. 1162, pp. 5-21 (Jan. 2024), available at https://www.bis.org/publ/work1162.pdf.

(464) Note, the incremental costs presented in this subsection differ in several ways from the PRA recordkeeping and reporting
costs presented in section XII.E below. The cost totals presented here reflect the estimated incremental costs that would
result from this proposed rule, while the costs presented in section XII.E analysis include pro forma accounting of all costs
associated with the PRA recordkeeping and reporting activities required by the proposed rule, even if such activities are
already being conducted by the respondents.

(465) FinCEN estimates that the net present value of costs associated with a three-year time horizon is $3.44 million ($3.68 million)
using a 7 precent (3 percent) discount rate, respectively. This equates to annualized costs of $1.31 million ($1.30 million)
using the same discount rates.

(466) See infra section XII.A.4.ii.a for a discussion of the basis for differential cost estimates by size. See specifically sections XII.A.4.ii.a. 1, 4, and 7.

(467) This estimate was obtained by applying the equivalent annual revenue threshold for small entities described and utilized
in the IRFA below. See infra section XII.C.2.i.b.

(468) This includes both producing the program and any program certifications upon request. See supra sections VI.C.3.iii and iv.

(469) Throughout this analysis, FinCEN and OFAC apply an hourly wage rate that is a general composite hourly wage rate ($87.61)
scaled by a private sector benefits factor of 1.42 ($124.58 = $87.61 × 1.42). This incorporates Bureau of Labor Statistics
(BLS) mean wage data associated with six occupational codes (11-1010: Chief Executives; 11-3021: Computer and Information
Systems Managers; 11-3031: Financial Managers; 13-1041: Compliance Officers; 23-1010: Lawyers and Judicial Law Clerks; 43-3099:
Financial Clerks, All Other) for each of the nine groupings of NAICS industry codes that FinCEN and OFAC determined are most
directly comparable to its 11 categories of potentially affected financial institutions as delineated in 31 CFR parts 1020
to 1030. See BLS, May 2024—National industry-specific and by ownership, available at https://www.bls.gov/oes/tables.htm. Given that many occupations provide benefits beyond wages (e.g., insurance and paid leave), FinCEN and OFAC apply the private sector benefit factor to the unloaded wage rate to reflect the
total cost to the employer. The benefit factor is the ratio of total compensation (which includes wages and benefits) to wages.
Total compensation = 43.94 and Wages and salaries = 30.90 (1.42 = 43.94 ÷ 30.90) as of June 2024, based on the private industry
workers series data downloaded from BLS. BLS, Employer Costs for Employee Compensation data, available at https://www.bls.gov/news.release/archives/ecec_09102024.pdf.

(470) See supra sections VI.C.3.ii.b and VII.B.4.

(471) In 2024, FinCEN's analysis of AML/CFT software implementation and testing, based on a 2020 study by the GAO, estimated independent
AML/CFT testing for financial institutions to cost approximately $17,000, which was 1.37 times more costly than AML/CFT software
implementation. See FinCEN, Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity
Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 FR 72230 (Sept. 4, 2024), at table 5.3.

(472) See supra section VI.C.3.ii.d.

(473) See supra section VII.B.5.

(474) FinCEN and OFAC invite comment on whether these are accurate assumptions.

(475) See the 2026 NPRM, FinCEN, Anti-Money Laundering and Countering the Financing of Terrorism Programs, at section X.E.2 of that NPRM.

(476) See supra VI.C.5.

(477) See supra section XII.A.2.ii.a.

(478) See supra section XII.A.2.ii.d. 2.

(479) With respect to OFAC requirements, as described in section VII.B.3, under the proposed rule, OFAC would require a PPSI to
establish and maintain risk-based controls, including technical capabilities and written policies and procedures, to identify
any activity prohibited by U.S. sanctions and take appropriate action, including blocking, rejecting, and reporting certain
transactions in compliance with existing OFAC regulations. While the technological ability to block, freeze, and reject specific
transactions would be a new requirement, OFAC expects that most or all PPSIs would already have this capability as a part
of standard business practices.

(480) There are no OFAC associated costs considered here because this section does not apply to OFAC related requirements.

(481) Among the products and issuers FinCEN examined, as discussed in section XII.A.2.iii.b, the top five largest potential PPSI
issuers (each with reserve assets of over $300 million) filed approximately 88 percent of the total SARs observed by FinCEN.

(482) FinCEN and OFAC request public comment on the accuracy and completeness of this estimate.

(483) See Bank Policy Institute, Getting to Effectiveness—Report on U.S. Financial Institution Resources Devoted to BSA/AML & Sanctions Compliance (Oct. 29, 2018), table 1, p. 6, available at https://bpi.com/wp-content/uploads/2018/10/BPI_AML_Sanctions_Study_vF.pdf.

(484) This section does not apply to OFAC related requirements and so OFAC associated costs are not considered here.

(485) See supra section VII.B.4.

(486) See supra section XII.A.2.ii.d. 2.

(487) FinCEN and OFAC request public comment on the accuracy and completeness of this estimate.

(488) See FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request; Renewal Without Change on Information Sharing
Between Government Agencies and Financial Institutions, 90 FR 47125 (Sept. 30, 2025).

(489) This section does not apply to OFAC related requirements and as such there were no OFAC associated costs to consider here.

(490) FinCEN requests public comment on the accuracy and completeness of this estimate.

(491) As this section does not apply to OFAC related requirements, no additional OFAC associated costs were considered here.

(492) See supra section VI.C.11.iii.

(493) FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request: Renewal Without Change of Information Collection
Requirements in Connection With the Imposition of Special Measures, 90 FR 57279 (Dec. 10, 2025).

(494) OFAC is not making a proposal under this section and as such, there are no OFAC associated costs to be considered here.

(495) See, FinCEN, Congressional Budget Justification FY 2026, available at https://home.treasury.gov/system/files/266/11.-FinCEN-FY-2026-CJ.pdf.

(496) 31 CFR part 501, Appendix A.

(497) See supra section XII.A.2.ii.d. 2.

(498) See id.

(499) Because FinCEN and OFAC expect most primary market customers to be legal entities in the financial sector, it applies the
standard wage rage, which is broadly reflective of expected wage costs for a wide range of financial institutions. This

  hourly wage rate is a general composite hourly wage rate ($87.61) scaled by a private sector benefits factor of 1.42 ($124.58
  = $87.61 × 1.42). This incorporates BLS mean wage data associated with six occupational codes (11-1010: Chief Executives;
  11-3021: Computer and Information Systems Managers; 11-3031: Financial Managers; 13-1041: Compliance Officers; 23-1010: Lawyers
  and Judicial Law Clerks; 43-3099: Financial Clerks, All Other) for each of the nine groupings of NAICS industry codes that
  FinCEN determined are most directly comparable to its 11 categories of potentially affected financial institutions as delineated
  in 31 CFR parts 1020 to 1030. *See* BLS, *May 2024—National industry-specific and by ownership,* available at *https://www.bls.gov/oes/tables.htm.* Given that many occupations provide benefits beyond wages (*e.g.,* insurance and paid leave), FinCEN applies the private sector benefit factor to the unloaded wage rate to reflect the total
  cost to the employer. The benefit factor is the ratio of total compensation (which includes wages and benefits) to wages.
  Total compensation = 43.94 and Wages and salaries = 30.90 (1.42 = 43.94 ÷ 30.90) as of June 2024, based on the private industry
  workers series data downloaded from BLS. BLS, *Employer Costs for Employee Compensation* data, available at *https://www.bls.gov/news.release/archives/ecec_09102024.pdf.*

(500) See 12 U.S.C. 5903(a)(5)(B).

(501) See GENIUS Act, Pub. L. 119-27.

(502) See id.

(503) See supra section II.A.

(504) 12 U.S.C. 5903(a)(5)(A).

(505) See 12 U.S.C. 5903(a)(5)(B); see also supra note 15 (discussing GENIUS Act delegation to Directors of FinCEN and OFAC).

(506) 12 U.S.C. 5901(11). FinCEN proposes to define this category in its regulations using essentially the same language as the
statute. See supra section VI.C.1.xi.

(507) 12 U.S.C. 5901(31). FinCEN proposes to define this category in its regulations using essentially the same language as the
statute. See supra section VI.C.1.xiii.

(508) See supra note 11. See also infra section XII.C.3.

(509) See supra section XII.A.2.ii.d. 2.

(510) Id.

(511) See supra table 17 endnote a.

(512) See supra section XII.C.2.i.b.

(513) Id.

(514) Id.

(515) Id.

(516) This cost is estimated to be less than $200 per firm. See section XII.A.4.ii.c.

(517) The U.S. Bureau of Economic Analysis reports the annual value of the gross domestic product implicit price deflator for calendar
year 1995 (the year UMRA was enacted) as 66.939, and as 128.974 for calendar year 2025 (the most recent available). Thus,
the inflation-adjusted estimate for $100 million is 128.974 ÷ 66.939 × $100 million, or $192.7 million. U.S. Bureau of Economic
Analysis, Table 1.1.9. Implicit Price Deflators for Gross Domestic Product, available at https://apps.bea.gov/iTable/?reqid=19&step=3&isuri=1&1921=survey&1903=13#eyJhcHBpZCI6MTksInN0ZXBzIjpbMSwyLDMsM10sImRhdGEiOltbIk5JUEFfVGFibGVfTGlzdCIsIjEzIl0sWyJDYXRlZ29yaWVzIiwiU3VydmV5Il0sWyJGaXJzdF9ZZWFyIiwiMTk5NSJdLFsiTGFzdF9ZZWFyIiwiMjAyNSJdLFsiU2NhbGUiLCIwIl0sWyJTZXJpZXMiLCJBIl1dfQ==.

(518) See supra section XII.C.2.i.c.

(519) See supra sections XII.A through C.

(520) See infra section XII.E.

(521) See 44 U.S.C. 3506(c)(2)(A).

(522) See 44 U.S.C. 3507(a)(3).

(523) See infra section XII.E.3.

(524) See supra section XII.A.2.ii.a.

(525) See supra section XII.A.2.ii.d. 2.

(526) See Bank Policy Institute, Getting to Effectiveness—Report on U.S. Financial Institution Resources Devoted to BSA/AML & Sanctions Compliance, supra note 483.

(527) FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request: Renewal Without Change of Information Collection
Requirements in Connection With the Imposition of Special Measures, 90 FR 57279 (Dec. 10, 2025).

(528) Hourly burden figures presented in tables 22 and 23 are rounded to the nearest hundredth of an hour for presentation purposes.
Total burden figures are produced using unrounded figures for accuracy.

(529) FinCEN notes that because, in its approach to calculating expected time burdens, different burden estimates apply to PPSIs
of various (1) types (e.g., whether a PPSI is a subsidiary of an IDI or not) and (2) sizes, average values may not meaningfully represent the economic
burden that any single, particular PPSI may expect to incur.

(530) See infra section XII.E.3.

Download File

Download