Changeflow GovPing Trade & Sanctions Permitted Payment Stablecoin Issuer Anti-Money ...
Priority review Consultation Added Consultation

Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions Compliance Requirements

Favicon for www.federalregister.gov FR: Foreign Assets Control Office
Published
Detected
Email

Summary

OFAC and FinCEN jointly propose a rule requiring permitted payment stablecoin issuers to establish AML/CFT programs and sanctions compliance programs. The proposal would mandate covered entities to implement controls, conduct customer due diligence, and file suspicious activity reports. Comments are due 60 days from the April 10, 2026 publication date.

View original document View source feed page

What changed

OFAC and FinCEN jointly published a proposed rule on April 10, 2026 that would impose Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) program requirements, as well as sanctions compliance obligations, on permitted payment stablecoin issuers. The proposal represents the first coordinated federal AML/CFT framework specifically targeting the stablecoin industry.

Stablecoin issuers that qualify as 'permitted payment stablecoin issuers' under the rule would be required to develop, implement, and maintain effective AML/CFT programs including customer identification procedures, suspicious activity reporting, and recordkeeping. Additionally, these issuers would need to establish sanctions compliance programs aligned with OFAC requirements. Compliance officers at affected entities should evaluate their current frameworks against the proposed requirements and prepare public comments addressing operational feasibility, implementation timelines, and any definitional ambiguities before the June 9, 2026 comment deadline.

What to do next

  1. Review the proposed rule and identify applicability to your stablecoin issuance activities
  2. Submit public comments by June 9, 2026 via Federal Register or Regulations.gov
  3. Begin assessing current AML/CFT and sanctions compliance program gaps

Archived snapshot

Apr 10, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Legal Status This site displays a prototype of a “Web 2.0” version of the daily
Federal Register. It is not an official legal edition of the Federal
Register, and does not replace the official print version or the official
electronic version on GPO’s govinfo.gov.

The documents posted on this site are XML renditions of published Federal
Register documents. Each document posted on the site includes a link to the
corresponding official PDF file on govinfo.gov. This prototype edition of the
daily Federal Register on FederalRegister.gov will remain an unofficial
informational resource until the Administrative Committee of the Federal
Register (ACFR) issues a regulation granting it official legal status.
For complete information about, and access to, our official publications
and services, go to About the Federal Register on NARA's archives.gov.

The OFR/GPO partnership is committed to presenting accurate and reliable
regulatory information on FederalRegister.gov with the objective of
establishing the XML-based Federal Register as an ACFR-sanctioned
publication in the future. While every effort has been made to ensure that
the material on FederalRegister.gov is accurately displayed, consistent with
the official SGML-based PDF version on govinfo.gov, those relying on it for
legal research should verify their results against an official edition of
the Federal Register. Until the ACFR grants it official status, the XML
rendition of the daily Federal Register on FederalRegister.gov does not
provide legal notice to the public or judicial notice to the courts.

Legal Status

Proposed Rule

Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions Compliance Program Requirements

A Proposed Rule by the Foreign Assets Control Office and the Financial Crimes Enforcement Network on 04/10/2026

  • 1.

1.
This document has a comment period that ends in 60 days.
(06/09/2026) View Comment Instructions

Thank you for taking the time to create a comment. Your input is important.

Once you have filled in the required fields below you can preview and/or submit your comment to the Treasury Department for review. All comments are considered public and will be posted online once the Treasury Department has reviewed them.

You can view alternative ways to comment or you may also comment via Regulations.gov at /documents/2026/04/10/2026-06963/permitted-payment-stablecoin-issuer-anti-money-launderingcountering-the-financing-of-terrorism.

It appears that you have attempted to comment on this document before
so we've restored your progress.
Start over.
1.
2. Comment * What is your comment about? Upload File(s) Note: You can attach your comment as a file and/or attach supporting
documents to your comment. Attachment Requirements.

Email this will NOT be posted on regulations.gov

Opt to receive email confirmation of submission and tracking number? Tell us about yourself! I am... * An Individual An Organization Anonymous First Name * Last Name * City Region State Alabama Alaska American Samoa Arizona Arkansas California Colorado Connecticut Delaware District of Columbia Florida Georgia Guam Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Puerto Rico Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virgin Islands Virginia Washington West Virginia Wisconsin Wyoming Zip Country Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia, the Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Phone Organization Type * Company Organization Federal State Local Tribal Regional Foreign U.S. House of Representatives U.S. Senate Organization Name * You are filing a document into an official docket. Any personal
information included in your comment text and/or uploaded
attachment(s) may be publicly viewable on the web. I read and understand the statement above.

  2. Preview Comment Please review the Regulations.gov privacy notice and user notice.
  3. Document Details Published Content - Document Details Agencies Department of the Treasury Office of Foreign Assets Control Financial Crimes Enforcement Network Agency/Docket Number Docket No. FINCEN-2026-0100 CFR 31 CFR 502 31 CFR 1010 31 CFR 1033 Document Citation 91 FR 18582 Document Number 2026-06963 Document Type Proposed Rule Pages 18582-18667 (86 pages) Publication Date 04/10/2026 RIN 1506-AB73 Published Content - Document Details

Enhanced Content - Public Comments
- Regulations.gov Data Enhanced Content - Regulations.gov Data Additional information is not currently available for this document.

Enhanced Content - Regulations.gov Data

- Sharing Enhanced Content - Sharing Shorter Document URL https://www.federalregister.gov/d/2026-06963 Email Email this document to a friend Enhanced Content - Sharing

  • Print Enhanced Content - Print
  • Other Formats Enhanced Content - Other Formats This document is also available in the following formats:

JSON Normalized attributes and metadata XML Original full text XML MODS Government Publishing Office metadata More information and documentation can be found in our developer tools pages.

Enhanced Content - Other Formats
- Public Inspection Public Inspection This PDF is FR Doc. 2026-06963 as it appeared on Public Inspection on
04/09/2026 at 8:45 am.

It was viewed
177
times while on Public Inspection.

If you are using public inspection listings for legal research, you
should verify the contents of the documents against a final, official
edition of the Federal Register. Only official editions of the
Federal Register provide legal notice of publication to the public and judicial notice
to the courts under 44 U.S.C. 1503 & 1507. Learn more here.

Public Inspection
Published Document: 2026-06963 (91 FR 18582) This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Document Headings Document headings vary by document type but may contain
the following:

  1. the agency or agencies that issued and signed a document
  2. the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
  3. the agency docket number / agency internal file number
  4. the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details.
Department of the Treasury
Office of Foreign Assets Control
Financial Crimes Enforcement Network
  1. 31 CFR Part 502
  2. 31 CFR Parts 1010 and 1033
  3. [Docket No. FINCEN-2026-0100]
  4. RIN 1506-AB73 ( printed page 18582) # AGENCY:

Financial Crimes Enforcement Network, Office of Foreign Assets Control, Treasury.

ACTION:

Joint proposed rule.

SUMMARY:

The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) are jointly issuing this proposed rule to implement provisions of the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act). Specifically, it implements the GENIUS Act's directive to treat permitted payment stablecoin issuers (PPSIs) as financial institutions for purposes of the Bank Secrecy Act, proposes anti-money laundering obligations for PPSIs, and proposes certain specific obligations required by the GENIUS Act for PPSIs. It also implements the GENIUS Act's directive to require PPSIs to maintain effective sanctions compliance programs.

DATES:

Comments must be received by June 9, 2026.

ADDRESSES:

Comments must be submitted in one of the following two ways (please choose only one of the ways listed):

  • Electronically at https://www.regulations.gov. Follow the “Submit a comment” instructions under Docket FINCEN-2026-0100. If you are reading this document on federalregister.gov, you may use the green “SUBMIT A PUBLIC COMMENT” button beneath this rulemaking's title to submit a comment to the regulations.gov docket.
  • You may mail written comments to the following address: Regulatory and Strategic Affairs Division, Financial Crimes Enforcement Network, P.O. Box 39, Vienna, VA 22183. Mailed comments must be received by the close of the comment period. Do not include any personally identifiable information (such as name, address, or other contact information) or confidential business information that you do not want publicly disclosed. All comments are public records; they are publicly displayed exactly as received, and will not be deleted, modified, or redacted. Comments may be submitted anonymously. Follow the search instructions on https://www.regulations.gov to view public comments.

In accordance with 5 U.S.C. 553(b)(4), a summary of this rule may be found at https://www.regulations.gov under Docket FINCEN-2026-0100.

FOR FURTHER INFORMATION CONTACT:

FinCEN: The FinCEN Regulatory Support Section by submitting an inquiry at www.fincen.gov/​contact.

OFAC: Assistant Director for Regulatory Affairs, 202-622-4855 or https://ofac.treasury.gov/​contact-ofac.

SUPPLEMENTARY INFORMATION:

I. Executive Summary

Payment stablecoins could revolutionize payment systems, but the U.S. financial system's strength, size, and reliability make its payment systems a notable target for misuse by illicit actors, which jeopardizes U.S. national security. To combat illicit finance risk, this notice of proposed rulemaking (NPRM) implements the GENIUS Act's directive to subject PPSIs to anti-money laundering (AML) requirements, including Bank Secrecy Act (BSA) requirements, and to require PPSIs to maintain an effective economic sanctions compliance program.

Although issued jointly by FinCEN and OFAC, the NPRM outlines independent changes to two different chapters of Title 31 of the Code of Federal Regulations. First, FinCEN is proposing changes to its existing regulations and creation of a new part of chapter X to effectuate the GENIUS Act's directive to apply BSA and AML obligations to PPSIs. Second, OFAC is proposing a new part to chapter V to effectuate the GENIUS Act's directive that PPSIs maintain an effective economic sanctions compliance program.

II. Statutory Authority

A. The Guiding and Establishing National Innovation for U.S. Stablecoins Act

The GENIUS Act provides a comprehensive framework for the regulation of payment stablecoins. [1 ] The GENIUS Act outlines the reserve, capital, liquidity, and risk management requirements for PPSIs and tasks implementing those requirements to the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and, as applicable, any State payment stablecoin regulators. [2 ] The OCC, Board, FDIC, and NCUA are responsible for establishing a process and framework for the licensing, regulation, examination, and supervision of PPSIs under their respective purviews. [3 ] The GENIUS Act requires that a PPSI “be treated as a financial institution for purposes of the Bank Secrecy Act, and as such, shall be subject to all Federal laws applicable to a financial institution located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and due diligence.” [4 ] The GENIUS Act directs the Secretary of the Treasury to issue regulations, tailored to the size and complexity of the PPSI, implementing this provision of the GENIUS Act. [5 ]

Regarding the BSA and AML, in addition to its clear, general directive that PPSIs be treated as financial institutions for purposes of the BSA and be subject to “all Federal laws” related to preventing money laundering, the GENIUS Act specifies that a PPSI's obligations include: (i) maintenance of an effective AML program, which includes appropriate risk assessments and designation of an officer to supervise the program; (ii) retention of appropriate records; (iii) monitoring and reporting any suspicious transaction relevant to a possible violation of law or regulation; (iv) maintenance of technical capabilities, policies, and procedures to ( printed page 18583) block, freeze, and reject specific or impermissible transactions that violate Federal or State law, rules, or regulations; and (v) maintenance of an effective customer identification program, [6 ] including identifying and verifying the PPSI's account holders, high-value transactions, and appropriate enhanced due diligence. [7 ] The GENIUS Act contains other provisions that control illicit risk in the payment stablecoin ecosystem. One of these provisions is the requirement that PPSIs only issue payment stablecoins if the issuer has the technological capability to comply and will comply with the terms of any “lawful order,” which the GENIUS Act defines, in part, as an order issued or promulgated by a Federal agency or court to seize, freeze, burn, or prevent the transfer of payment stablecoins. [8 ]

Regarding sanctions, the GENIUS Act expressly subjects PPSIs to “all Federal laws applicable to a financial institution located in the United States relating to economic sanctions” [9 ] and requires PPSIs to maintain “an effective economic sanctions compliance program, including verification of sanctions lists, consistent with Federal law.” [10 ]

This NPRM represents one piece of the comprehensive regulatory framework for PPSIs set out in the GENIUS Act. [11 ]

B. The Bank Secrecy Act

The Bank Secrecy Act, or “BSA,” is the common name for a collection of statutory authorities designed to safeguard the national security of the United States by combating money laundering, the financing of terrorism, and other illicit finance activity. [12 ] Under the BSA, Congress authorized the Secretary to impose various obligations on financial institutions, including requiring risk-based programs to prevent money laundering and the financing of terrorism. The BSA also enables the Secretary to require financial institutions to file reports and keep records that “are highly useful” including “in criminal, tax, or regulatory investigations, risk assessments, or proceedings,” or in the conduct of “intelligence or counterintelligence activities, including analysis, to protect against terrorism.” [13 ] In order to enable both the public and private sectors to identify and stop illicit actors, the BSA also directed the establishment of appropriate frameworks for information sharing among various actors, including financial institutions and law enforcement authorities. [14 ] The Secretary has delegated the authority to implement, administer, and enforce the BSA and its associated regulations to the Director of FinCEN. [15 ]

Many of the obligations included in the BSA are explicitly included in the GENIUS Act as obligations imposed on PPSIs. For example, in both the BSA and the GENIUS Act, Congress authorized Treasury to impose obligations to maintain effective AML programs; [16 ] retain records; [17 ] monitor and report suspicious activity; [18 ] maintain customer identification programs; [19 ] and conduct enhanced due diligence. [20 ]

C. Office of Foreign Assets Control Statutory Authority

OFAC acts under Presidential national emergency powers, as well as various statutory authorities, and has been delegated responsibility by the Treasury Secretary for developing, administering, and enforcing U.S. economic sanctions. The International Emergency Economic Powers Act (IEEPA), enacted in 1977, is a key authority for imposing economic sanctions. [21 ] IEEPA authorizes the President to declare a national emergency in response to an unusual or extraordinary threat to the United States that has its source in whole or substantial part outside the United States. [22 ] Upon declaration of a national emergency, IEEPA authorizes the President to, among other actions, investigate, block, regulate, or prohibit transactions and dealings in property subject to U.S. jurisdiction when a foreign national or country has an interest. [23 ] IEEPA also provides the President with the authority to issue regulations as may be necessary to exercise the authorities granted in IEEPA. [24 ] The President typically delegates the authority to administer economic sanctions pursuant to IEEPA to the Secretary, who redelegates the implementation authority to OFAC. [25 ]

Through the exercise of its delegated IEEPA authority and other authorities, OFAC administers and enforces economic sanctions to prohibit certain transactions and to block assets under U.S. jurisdiction, including by issuing civil money penalties. OFAC sanctions include sanctions that block the property or interests in property of, or prohibit certain transactions or dealings with, sanctioned individuals and entities, including foreign governments and officials, terrorists, international narcotics traffickers, and those engaged or who have engaged in activities such as serious human rights abuse, corruption, the proliferation of weapons of mass destruction, transnational organized crime, sanctions evasion, or the provision of material support to sanctioned individuals and entities. OFAC also administers comprehensive sanctions that broadly prohibit ( printed page 18584) transactions and dealings involving an entire country or geographic region or a particular sector of a country's economy.

III. Advance Notice of Proposed Rulemaking

Treasury issued an advance notice of proposed rulemaking (ANPRM) in September 2025 seeking public comment on potential Treasury regulations implementing the GENIUS Act. [26 ] Pertinent to this proposal, the ANPRM asked questions related to definitions used in the GENIUS Act; the GENIUS Act's BSA, AML, and sanctions program provisions; and the potential costs and benefits associated with BSA and sanctions obligations. [27 ]

In response to this ANPRM, Treasury received approximately 450 timely comments from a variety of stakeholders, including banks and credit unions, stablecoin issuers, digital asset exchanges, analytics companies, law firms, trade associations, non-governmental organizations, technology firms, academics, and members of the public. Treasury reviewed and considered the pertinent comments in crafting this proposal.

In general, commenters supported applying BSA and sanctions program obligations to PPSIs. For BSA obligations, some commenters advocated these requirements mirror existing obligations and risk-based frameworks. Some commenters generally asserted that different obligations should apply with regards to transactions on the primary market versus transactions on the secondary market. [28 ] On costs and benefits, some commenters acknowledged meaningful upfront costs associated with complying with the BSA, sanctions program obligations, and the GENIUS Act, particularly for new or unregulated entrants, but also stated that clearer rules would lower long-term compliance friction, reduce illicit finance risks, improve supervisory efficiency, and ultimately strengthen market confidence and U.S. competitiveness.

IV. Stablecoin Ecosystem

The GENIUS Act only governs a subcategory of stablecoins, namely “payment stablecoins” as defined by the GENIUS Act, and a subcategory of actors in the payment stablecoin ecosystem, most critically for this rulemaking, PPSIs. [29 ] Thus, under the GENIUS Act, not all stablecoins are payment stablecoins and not all stablecoin issuers will be eligible to be PPSIs. Because the GENIUS Act framework is not yet in place, it is not yet determined which specific stablecoins will be payment stablecoins and which specific issuers will be PPSIs. An understanding of the stablecoin ecosystem, uses of stablecoins, and risks associated with stablecoins generally informs the parameters of the proposed rule, including the rationale behind certain proposed obligations.

A. Overview of Stablecoins and Stablecoin Issuers

Stablecoins are a blockchain-based [30 ] digital asset [31 ] designed to maintain a stable value relative to an underlying asset, most often, but not always, a fiat currency. [32 ] Many stablecoin issuers represent that their stablecoin can be redeemed at par upon request, although redemption terms and rights vary by stablecoin. The asserted redemption value of a stablecoin is generally tied to the value of the pool of reserve assets that “backs” the stablecoin. [33 ]

Most stablecoins backed by financial assets, including fiat currency, have centralized control, meaning that one company, or a group of companies, are responsible for governance functions, including defining and ensuring compliance with standards related to the issuance, purchase, redemption, custody, and transfer of the stablecoin. Generally, a stablecoin issuer will issue a stablecoin when a user provides the issuer funds denominated in the fiat currency of the stablecoin's peg. Similarly, a stablecoin is redeemed when a user exchanges stablecoins with the stablecoin issuer for funds valued at the corresponding amount of fiat currency.

Currently, many stablecoin issuers generally interact directly with a small number of larger companies, which are often institutional participants in the trading of digital assets (i.e., digital asset exchanges). [34 ] Those companies, in turn, interact with a larger and more diverse group of users. Many stablecoin issuers predominantly offer issue and redemption services to financial institutions, including digital asset exchanges that may be regulated under the BSA as money services businesses (MSBs). [35 ] Generally, once an issuer issues stablecoins to such financial institutions, those institutions put the stablecoins into broader circulation to other users, such as individual, retail users. Similarly, individual users generally do not redeem stablecoins through a stablecoin issuer but rather interact with a digital asset exchange or platform. [36 ] However, in the future, issuers could more commonly interact directly with retail users, including issuing and redeeming payment stablecoins.

Most stablecoin issuers use smart contracts [37 ] to issue stablecoins, enable ( printed page 18585) or prohibit subsequent transactions in the stablecoin, and redeem stablecoins. The smart contracts underlying most stablecoins maintain a ledger of the number of stablecoins “owned by a set of accounts where each account is owned by a blockchain address” or wallet. [38 ] Smart contracts generally allow for programmability that can enable a stablecoin issuer to maintain control over and alter the use of its stablecoin.

In the current environment, control capabilities vary depending on how the stablecoin issuer designed the stablecoin, including the associated smart contract and the blockchain on which the smart contracts are deployed. For example, a stablecoin issuer may be able to prohibit specific wallet addresses from interacting with the stablecoin and its smart contract. Applying such controls to a particular wallet address would effectively prevent the holder of a stablecoin from transferring, redeeming, or otherwise moving the stablecoin. Additionally, some stablecoin issuers can send stablecoins in circulation to an unrecoverable wallet address, commonly referred to as “burning,” effectively removing the stablecoins from a given wallet and from circulation in general. [39 ] In some cases, including when required by a lawful order, stablecoin issuers reissue stablecoins equivalent to burned or frozen funds to different wallets as part of efforts to recover and return funds to victims of criminal activity.

B. Stablecoin Use Cases

Currently, most stablecoin users primarily rely on stablecoins to store value, facilitate trades in other digital assets, or to interact with smart contracts. Payment stablecoins could, however, become a more widely adopted form of payment. [40 ] U.S. consumers and businesses process trillions of dollars of payments daily. [41 ] Although innovations like real-time payment networks [42 ] decrease settlement times, particularly for domestic transfers, cross-border payments through traditional payment mechanisms remain more costly and slower. [43 ] Innovation in cross-border payments could support economic growth, including by facilitating international trade. Payment stablecoins may be able to mitigate some of the challenges individuals and small businesses face in navigating cross-border payments by increasing speed, decreasing cost, and enabling transactions with fewer intermediaries. [44 ]

C. Payment Stablecoin Activity

Due to the use of smart contracts underlying stablecoin transactions and how users interact with stablecoin issuers, the ecosystem can, broadly speaking, be divided into two components, the primary market and the secondary market. For the purposes of this rulemaking, FinCEN and OFAC use these terms to help describe categories of payment stablecoin activity and articulate the parameters of particular obligations.

FinCEN and OFAC will use the term “primary market” to generally describe a PPSI interacting directly with a user or holder of a payment stablecoin, such as when a PPSI engages in issuing, converting, redeeming, repurchasing, burning, and reissuing payment stablecoins, as well as providing associated services, such as providing custodial services. [45 ] Generally speaking, primary market activity will involve activity where a PPSI and a user have a relationship or direct interaction beyond the involvement of a PPSI's smart contract (e.g., the PPSI's maintenance of an account through which the transactions of such user or customer may be effectuated).

FinCEN and OFAC will use the term “secondary market” to describe payment stablecoin activity that does not directly involve the PPSI as a party to the transaction other than via a smart contract. For example, secondary market activity could include an individual purchasing payment stablecoins from an intermediary, an individual sending payment stablecoins from a self-hosted wallet to a vendor to purchase goods, an individual exchanging payment stablecoins for another digital asset via a digital asset exchange, or person-to-person transactions in payment stablecoins.

D. Illicit Finance Risks Associated With Stablecoins

The liquidity and stability of stablecoins relative to other digital assets and rapid settlement of stablecoins make them appealing to illicit actors as well as legitimate users. [46 ] As a result, in general, illicit actors have increasingly used stablecoins to facilitate transactions and store proceeds. [47 ] The illicit finance risks discussed below related to stablecoins are likely to generally also apply to payment stablecoins, particularly because the most prolific stablecoins carry indicators they could be payment stablecoins.

The U.S. government has linked stablecoins to a range of illicit activities and bad actors, including scammers and fraudsters; [48 ] Democratic People's Republic of Korea (DPRK) information technology (IT) workers, cybercriminal groups and related money laundering networks; [49 ] drug traffickers; [50 ] terrorist ( printed page 18586) groups; [51 ] and sanctions evasion and money laundering networks; [52 ] among others. Between January 1, 2015, and November 21, 2025, FinCEN received approximately 55,000 suspicious activity reports (SARs) that referenced one or more specific stablecoins in the narrative, as well as an additional approximately 8,400 reports that included a general reference to the term “stablecoin.” Also, between January 1, 2015, and November 21, 2025, OFAC received approximately 5,800 reports on blocked property and 3,000 reports on rejected transactions that referenced one or more specific stablecoins in the narrative, as well as approximately six reports that included a general reference to the term “stablecoin”. Furthermore, the Financial Action Task Force noted in 2025 that “[e]stimates suggest that a majority of all on-chain illicit activity is now transacted in stablecoins,” aligning with the trend of overall growth in stablecoin adoption. [53 ]

Some illicit transactions leveraging stablecoins involve one or more financial institutions, such as a digital asset exchange, that are subject to U.S. anti-money laundering and countering the financing of terrorism (AML/CFT) obligations. In other instances, however, stablecoin holders conduct transactions on the secondary market without an intermediary (i.e., person-to-person) or through foreign digital asset exchanges in jurisdictions with inadequate or no AML/CFT obligations for such actors. [54 ] BSA data indicates that financial services providers in jurisdictions with lax AML/CFT standards use accounts with stablecoin issuers to convert funds on behalf of their customers from local currencies into stablecoins, which can then be laundered and ultimately exchanged for U.S. dollars.

1. Laundering of Illicit Proceeds

Illicit actors have turned to stablecoins to launder illicit proceeds in part because, relative to other digital assets, they are more stable and have better liquidity. [55 ] Some facilitators involved in exchanging illicit proceeds in digital assets for fiat currency request stablecoins instead of other digital assets. [56 ]

At times, stablecoins are one element of a complex money laundering process that may include the use of digital asset exchanges, conversion between stablecoins and other digital assets, and transfers between wallets not hosted by a financial institution. [57 ] For example, in June 2025, DOJ filed a civil forfeiture complaint against more than $225.3 million in stablecoins, alleging that the addresses holding those stablecoins were part of a sophisticated money laundering network that executed hundreds of thousands of transactions and were used to conceal the nature, source, control, and ownership of proceeds derived from digital asset investment fraud. [58 ]

Stablecoins may also appeal to illicit laundering networks because they enable actors to rapidly move large amounts of value around the globe. [59 ] Chinese money laundering networks, which serve as the dominant professional money laundering networks for drug trafficking and transnational criminal organizations, are also increasingly exchanging illicit proceeds in the form of U.S. dollars for digital assets, particularly stablecoins, in part to avoid large intra-China bank transfers that may raise capital flight suspicions. [60 ]

2. Illicit Uses of Payment Stablecoins

i. Scams and Fraud

Perpetrators of scams and other fraud schemes—most notably digital asset investment scams—use digital assets, including stablecoins, to generate and launder illicit proceeds. [61 ] The United States government has sought seizure of substantial amounts of stablecoin, including the $225 million forfeiture pursued by the Department of Justice as discussed above [62 ] and a $61 million seizure, [63 ] in connection with investigations into such schemes. Perpetrators and facilitators of such scams may solicit and receive victim funds in financial accounts under their control, convert those funds to stablecoins, and then distribute those stablecoins to co-conspirator-controlled digital asset wallets. [64 ]

ii. Terrorist Financing and Weapons Proliferation

Certain terrorist groups, such as the Islamic State of Iraq and Syria-Khorasan (ISIS-K) and Hamas, use various types of digital assets, including stablecoins. [65 ] In some instances, terrorist organizations generate revenue in digital assets, including stablecoins, through online donation drives. [66 ] One long-running online ISIS-K fundraiser, for example, collected $2 million in stablecoins in 2022. [67 ] Terrorist groups ( printed page 18587) soliciting donations of digital assets turn to stablecoins to avoid the volatility and price fluctuations that impact other digital assets and to facilitate more seamless conversion to fiat currency. [68 ]

Terrorist organizations have also utilized stablecoins as a means of transferring funds. For example, DOJ unsealed a civil forfeiture action in July 2025 against approximately $2 million worth of digital assets connected with a Gaza-based money transfer business that was involved in financially supporting Hamas. The complaint describes a detailed scheme whereby users utilized the money transfer business to fund accounts at a digital asset exchange and to fund wallet addresses containing stablecoins to obfuscate their financial support of international terrorist organizations, including Hamas. [69 ]

Iran has increasingly turned to digital assets to conduct illicit financial activity, obtain drone components and other high-tech equipment, accept payments for weapons, and transfer funds to sanctioned actors in the region. Iranian illicit actors often prefer stablecoins over other digital assets for these transactions due to stablecoins' superior ability to finance international trade. [70 ]

iii. Narcotics Production and Trafficking

Transnational criminal organizations (TCOs) also use stablecoins to procure components for the manufacturing of illegal drugs and to launder the proceeds of illegal drug sales. For example, Mexico-based drug cartels are increasingly purchasing fentanyl precursor chemicals and manufacturing equipment from People's Republic of China-based suppliers using digital assets, including stablecoins. [71 ] Additionally, prosecutors have charged that, in some cases, TCOs use money brokers to pick up bulk cash derived from drug sales in the United States; exchange the cash for digital assets, including stablecoins; and send the digital assets to wallets controlled by brokers or co-conspirators. [72 ] According to DOJ, in some instances, the digital assets are then converted into cash and delivered to cartel leaders in Mexico and Colombia. [73 ] In November 2024 for instance, DOJ filed a civil forfeiture complaint against more than $5.5 million in stablecoins allegedly involved in a money laundering operation related to drug trafficking. [74 ]

3. Sanctions Evasion

Sanctions evasion and money laundering networks have leveraged stablecoins to move funds on behalf of numerous sanctioned actors, including Russian elites, sanctioned digital asset exchanges, the DPRK government, Iranian actors, foreign terrorist organizations, and global terrorists. For example, in December 2024, OFAC designated as Specially Designated Nationals (SDNs) five individuals and four entities that are associated with or leverage the TGR Group, a sprawling international network of businesses and employees that works to obfuscate the illicit activities of its clients, which include sanctioned Russian elites, including by facilitating exchanges of bulk cash for stablecoins. [75 ]

Additionally, in August 2025, OFAC redesignated as an SDN Garantex Europe OU (Garantex), a virtual currency exchange that directly facilitated notorious ransomware actors and other cybercriminals by processing over $100 million in transactions linked to illicit activities since 2019. [76 ] Garantex was originally designated as an SDN in April 2022. [77 ] According to an indictment against two Garantex operators, Garantex, beginning in and around early 2023, maintained at least some of its operational accounts in stablecoins. [78 ] The operators allegedly moved the exchange's operational wallets storing stablecoins to a new digital asset wallet on a daily basis to evade detection by blockchain analytics services. [79 ]

The U.S. government has pursued cases involving DPRK IT workers and co-conspirators involved in money laundering alleged to have leveraged stablecoins as part of schemes to evade sanctions and generate revenue for the DPRK regime, in part because they found stablecoins susceptible to laundering. For example, in June 2025, a forfeiture complaint alleged that the DPRK government generated digital assets, in part, through remote work done by DPRK IT workers deployed around the globe. [80 ] The complaint also alleges that DPRK IT workers requested to be paid in stablecoins because they (and their alleged money laundering co-conspirators) retain a consistent value and can more easily trade stablecoins for fiat currency. [81 ]

The U.S. government has identified the use of stablecoin connected to Iranian actors' provision of material support to the Iranian Revolutionary Guard Corps (IRGC). For example, in September 2025, DOJ filed a civil forfeiture action to recover approximately $584,741 in stablecoins alleged to be the property of Mohammad Abedininajafabadi or of his company, [82 ] who was charged with conspiring to export sophisticated electronic components from the United States to Iran in violation of U.S. export control and sanctions laws. [83 ] Additionally, in sanctions actions targeting Iran's IRGC-Quds Force-backed Ansarallah (Houthi) operatives, OFAC has identified digital asset wallet addresses that have been used by the Houthis to transfer funds ( printed page 18588) associated with their activities. Many of the identified wallet addresses have been used to transact stablecoins. [84 ] Furthermore, on January 30, 2026, OFAC designated as SDNs two UK-based exchanges with connections to notorious Iranian financier Babak Zanjani. [85 ] These exchanges processed approximately $1 billion in funds linked to the IRGC. One of the designated exchanges, Zedxion Exchange, Ltd., issued a stablecoin. [86 ]

V. Existing Regulatory Framework for Stablecoin Issuers

A. Existing Bank Secrecy Act Obligations

Currently, stablecoin issuers generally are subject to BSA obligations as financial institutions, specifically money transmitters, which are a type of MSB. The BSA statutory definition of “financial institution” includes a “person who engages as a business in the transmission of currency, funds, or value that substitutes for currency.” [87 ] FinCEN's regulations define “money services business,” one category of which is a “money transmitter” that “provides money transmission services.” [88 ] “Money transmission services” is in turn defined as “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds or other value that substitutes for currency to another location or person by any means.” [89 ] “Value that substitutes for currency” includes “virtual” currencies (also called convertible virtual currencies or “CVCs”), such as stablecoins, that either have an equivalent value in real currency or act as a substitute for real currency. [90 ] FinCEN has further clarified that, unless a limitation or exception applies, persons engaged in issuing and redeeming a virtual currency (i.e., “administrators”) are money transmitters and thus subject to BSA obligations as MSBs. [91 ] Stablecoin issuers are, thus, money transmitters because they, for example, issue and redeem virtual currencies and accept and transmit value that substitutes for currency when issuing and converting, redeeming, or repurchasing stablecoins.

As MSBs, stablecoin issuers are currently subject to a range of BSA obligations. MSBs are required to, for instance: (i) establish written AML programs; 92 file currency transaction reports (CTRs) [93 ] and SARs; [94 ] and (iii) maintain certain records, including those relating to certain transmittals of funds. [95 ] MSBs are subject to examination for BSA compliance by the Internal Revenue Service (IRS) under a delegation of authority by FinCEN. [96 ]

As required by the GENIUS Act, FinCEN is proposing certain obligations that differ in some material respects from current obligations that stablecoin issuers are subject to as MSBs, as well as some PPSI-specific obligations required by the GENIUS Act. However, in many respects, FinCEN expects that the proposed requirements for PPSIs would be comparable to stablecoin issuers' existing requirements as MSBs.

B. Existing Sanctions Obligations

The GENIUS Act provides that PPSIs are persons [97 ] formed in the United States [98 ] and that PPSIs shall be subject to “all Federal laws applicable to a financial institution located in the United States relating to economic sanctions.” [99 ] Because the GENIUS Act requires PPSIs to be formed in the United States, PPSIs will be “U.S. persons” under existing OFAC regulations [100 ] once the Act takes effect. [101 ] Therefore, stablecoin issuers qualifying as PPSIs will be subject to the same U.S. sanctions obligations that currently apply to all other U.S. persons, including those that are stablecoin issuers.

As discussed in section II.C, U.S. sanctions require U.S. persons, including U.S. person stablecoin issuers, to block the property and interests in property of blocked persons that are in their possession or control and report them to OFAC. This blocking prohibition requires U.S. persons, including those that are stablecoin issuers, to ensure that property and interests in property of such blocked persons, including stablecoins, that are in their possession or control are not transferred, withdrawn, or otherwise dealt in, unless authorized by OFAC or exempt. More broadly, U.S. persons, including those that are stablecoin issuers, are also generally prohibited from engaging in most transactions with blocked persons, including making any contribution or provision of funds, goods, or services to or for the benefit of blocked persons or receiving any contribution or funds, goods, or services from blocked persons, unless authorized by OFAC or exempt. Blocked persons subject to these restrictions include individuals and entities listed on OFAC's Specially Designated Nationals and Blocked Persons List (“SDN ( printed page 18589) List”). [102 ] In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked and subject to the above restrictions, even if they are not specifically named on OFAC's SDN List. [103 ]

There are a variety of scenarios where these prohibitions apply to U.S. person stablecoin issuers. For example, U.S. person stablecoin issuers are generally prohibited from engaging in primary market activities with blocked persons, such as issuing stablecoins to blocked persons or redeeming stablecoins belonging to blocked persons; such transactions, if consummated, would constitute a prohibited dealing in blocked property, unless authorized or exempt. In such instances, a stablecoin issuer is required to block these stablecoins because the blocked person has a property interest in the stablecoin and such stablecoins are in the possession or control of the stablecoin issuer, a U.S. person, at the time of the transaction. To effectively block such stablecoins, the stablecoin issuer must ensure that it has denied all parties access to the stablecoins, ensure that it complies with OFAC regulations related to the holding and reporting of blocked assets (discussed further below), and implement controls that align with a risk-based approach. [104 ]

U.S. person stablecoin issuers are also prohibited from engaging in secondary market activities with blocked persons. For example, a U.S. person stablecoin issuer would engage in a prohibited provision of services to a blocked person if it allowed the blocked person to engage with the stablecoin issuer's smart contract to facilitate trades of stablecoins on the secondary market. In this instance, the stablecoin issuer would also be required to block such stablecoins because the blocked person has an interest in the stablecoins, which the issuer controls via its smart contract.

OFAC sanctions prohibitions may also take other forms that do not require blocking but prohibit U.S. persons, including stablecoin issuers, from engaging in trade or financial transactions or other dealings with certain persons or geographic regions or countries, such as North Korea, Cuba, Iran, and Crimea, unless authorized by OFAC or exempt. [105 ] In cases where an underlying transaction is prohibited but there is no blockable interest, all U.S. persons, including those that are stablecoin issuers, are required to reject such transactions and report them to OFAC. For example, U.S. sanctions against Iran generally prohibit U.S. persons from directly or indirectly providing services to persons in Iran, unless otherwise authorized or exempt. [106 ] Accordingly, U.S. person stablecoin issuers are generally prohibited from engaging in primary or secondary market activities with persons in Iran, including issuing stablecoins to persons in Iran, redeeming stablecoins of persons in Iran, or allowing persons in Iran to engage with the issuer's smart contracts to facilitate trades of stablecoins, as any of these activities would constitute a provision of financial services to Iran. However, unlike when a blocked person is directly or indirectly involved in a transaction, a stablecoin issuer would only be required to reject such transactions and report them to OFAC.

OFAC's regulations also require U.S. persons, including stablecoin issuers, to comply with certain reporting and recordkeeping requirements, pursuant to OFAC's Reporting, Procedures and Penalties Regulations (RPPR). [107 ] Among other requirements, the RPPR require U.S. persons, including stablecoin issuers, to submit reports of blocked property and rejected transactions to OFAC within 10 business days and annual reports of blocked property by September 30 each year. [108 ] Persons engaging in transactions subject to the provisions of OFAC's regulations are also required to preserve such records for at least 10 years. [109 ]

OFAC's basic regulatory requirement for all U.S. persons, including those that are stablecoin issuers, is that they do not violate the sanctions that OFAC administers. The ramifications of non-compliance, inadvertent or otherwise, can jeopardize critical foreign policy and national security goals. Violations of OFAC sanctions may result in the imposition of civil or criminal penalties. OFAC may impose civil penalties for sanctions violations on a strict liability basis, meaning that U.S. persons, including those that are stablecoin issuers, may be held civilly liable for sanctions violations even if such person did not know or have reason to know that it was engaging in a prohibited transaction.

As a general matter, however, OFAC also takes into consideration the totality of facts and circumstances surrounding an apparent violation to determine the appropriate enforcement response. OFAC's Economic Sanctions Enforcement Guidelines, 31 CFR part 501, Appendix A (“Enforcement Guidelines”), lay out a set of 11 factors that OFAC will generally consider in determining the appropriate administrative action in response to an apparent violation of U.S. sanctions, including the amount of the penalty, to the extent that a civil monetary penalty is appropriate. [110 ] Any of the 11 factors may be considered aggravating or mitigating and may therefore result in adjustments to the proposed penalty. One of those factors includes the existence, nature, and adequacy of a subject person's risk-based sanctions compliance program at the time of the apparent violation. Accordingly, when applying the Enforcement Guidelines to a given factual situation, OFAC considers favorably the presence of an effective sanctions compliance program at the time of an apparent violation.

VI. Proposed AML/CFT Regulation

This proposed rule implements the GENIUS Act's requirement that PPSIs be treated as financial institutions under the BSA. In doing so, it applies the BSA obligations currently applicable to existing financial institutions that are specifically enumerated in the GENIUS Act, [111 ] other quintessential BSA obligations, and GENIUS Act obligations specific to PPSIs. It also proposes regulatory infrastructure, including definitions, to effectuate the obligations.

In crafting this proposed rule, FinCEN is mindful that some entities may transition from the current MSB framework to the new PPSI framework. FinCEN is also cognizant that some PPSIs will be closely affiliated with or part of institutions with existing BSA obligations. To promote regulatory clarity and efficiency, FinCEN used its well-established regulatory obligations for banks, MSBs, and other financial institutions as points of reference for its proposed PPSI obligations.

A. Permitted Payment Stablecoin Issuers

Before turning to the specifics of the proposed regulation, FinCEN first outlines several broader considerations ( printed page 18590) that impact how FinCEN proposes to regulate PPSIs and how it expects PPSIs will operationalize the proposed obligations. FinCEN first explains its assessment of how PPSI activities compare to those of other types of financial institutions defined in the BSA and proposes using its authority under 31 U.S.C. 5312(a)(2)(Y). It then describes how entities that are PPSIs may relate to other categories of BSA-defined financial institutions. Finally, FinCEN briefly discusses how it is proposing to apply obligations with regards to different types of market activity.

1. Defining PPSI as a Type of Financial Institution

The GENIUS Act directs that a “permitted payment stablecoin issuer shall be treated as a financial institution for purposes of the Bank Secrecy Act” and “shall be subject to all Federal laws applicable to a financial institution located in the United States relating to . . . prevention of money laundering.” [112 ] However, the GENIUS Act does not specify how PPSIs should be mechanically codified into the existing BSA framework.

The BSA defines “financial institution” as a range of entities, all of which could be subject to statutory obligations and FinCEN's regulations. [113 ] These institutions include insured banks; commercial banks and trust companies; businesses engaged in the exchange of currency, funds, or value that substitutes for currency or funds; and any person who engages as a business in the transmission of currency, funds, or value that substitutes for currency. [114 ] Notably, designation as a “financial institution” under 31 U.S.C. 5312(a)(2) affects treatment not only under the BSA but also under other statutes that address money laundering or predicate crimes that can underpin money laundering. These laws include those relating to federal third-party subpoenas [115 ] to access to financial records by U.S. law enforcement, [116 ] criminal money laundering [117 ] and terrorist financing offenses, [118 ] as well as other provisions of federal and state law. [119 ]

In the BSA, Congress provided authority for FinCEN to, through regulation, expand the categories of financial institutions enumerated in 31 U.S.C. 5312(a)(2) to include a business engaging in activities “similar to, related to, or a substitute for” the activities of an enumerated financial institution. [120 ] FinCEN has determined that PPSIs provide services that are similar to or related to services authorized to be provided by BSA-defined financial institutions, and is accordingly, proposing to exercise its authority under 31 U.S.C. 5312(a)(2)(Y). Doing so fulfills Congress's directive that PPSIs be subject to “all Federal laws” applicable to financial institutions related to money laundering; promotes consistent treatment of PPSIs under federal and state laws that reference the BSA definition of “financial institution;” and reduces uncertainty for PPSIs, their prudential regulators, law enforcement, and other market participants.

As discussed in this proposal, stablecoin issuers are currently regulated under the BSA and FinCEN's implementing regulations as money transmitters, a type of MSB, and MSBs fall under the definition of a financial institution. [121 ] In that capacity, issuers engage in the transmission of currency, funds, or value that substitutes for currency. Under the GENIUS Act's regime, PPSIs will continue to perform these kinds of activities when issuing or redeeming a payment stablecoin. Additionally, the GENIUS Act explicitly preserves the ability of PPSIs to engage in MSB-like activities, including exchanging digital assets for monetary value, exchanging digital assets for other digital assets, and transferring digital assets to a third party, so long as the activity is authorized by the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator and consistent with all other federal and state laws. [122 ]

The activities of MSBs can overlap substantially with those of other types of financial institutions, particularly banks. Indeed, so significantly can the activities of these two types of financial institutions overlap that FinCEN carved out MSBs from its regulatory definition of “bank” (and vice versa), making them mutually exclusive. [123 ] Just as the business activities of MSBs overlap substantially with those of banks, the business activities of PPSIs can overlap with those of banks. Notably, at least some PPSIs may have bank charters, [124 ] and PPSIs' activities have similarities to the business activities of more “conventional” or “traditional” banks. For example, the GENIUS Act authorizes PPSIs to custody payment stablecoins and, thus, like some banks, PPSIs will hold assets for customers. [125 ] Accordingly, in critical respects, PPSIs may offer services that are similar to some services provided by some banks.

In addition, it is expected PPSIs will often operate in close coordination with other financial institutions, i.e., they will engage in activities related to the activities of BSA-defined financial institutions. For example, some PPSIs may partner with digital asset exchanges (i.e., MSBs) and other financial institutions to distribute payment stablecoins or facilitate their use in payments. It is expected that some PPSIs may also rely on banks and other financial institutions to perform key fiat on- and off-ramp functions, such as accepting fiat currency from a bank account when payment stablecoins are issued or transmitting fiat currency to a bank account when payment stablecoins are redeemed. PPSIs often may maintain their own bank accounts, with bank deposits comprising permissible reserve assets backing outstanding stablecoins. [126 ] These interconnections reinforce certain functional similarities between PPSIs and other BSA-regulated financial institutions.

In light of the GENIUS Act's directive, the existing treatment of many stablecoin issuers as MSBs, the functional similarities between PPSIs and BSA-defined financial institutions, and, the interconnectedness between PPSIs and BSA-defined financial institutions, FinCEN has determined that PPSIs engage in activities that are “similar to” as well as “related to” financial services in which other ( printed page 18591) financial institutions identified in 31 U.S.C. 5312(a)(2) are authorized to engage, and thus proposes exercising its 31 U.S.C. 5312(a)(2)(Y) authority to expressly define PPSIs as financial institutions under the BSA.

2. PPSIs' Relationship to Other Types of Financial Institutions

PPSIs will be uniquely positioned relative to other kinds of financial institutions. In some cases, PPSIs may be subsidiaries of depository institutions. In other cases, a single institution may be subject to BSA obligations as both a bank and a PPSI. Stablecoin issuers that may become PPSIs are currently regulated as MSBs. FinCEN seeks to promote a clear and efficient BSA regulatory regime and, accordingly, outlines its current thinking regarding how a PPSI's obligations will interact with the obligations of other BSA-regulated institutions. FinCEN seeks comment on its proposed approaches.

i. Subsidiaries of Insured Depository Institutions

Under the GENIUS Act, one of the three subcategories of PPSIs is a “subsidiary of an insured depository institution,” which includes insured depository institutions (as defined by 12 U.S.C. 1813) and insured credit unions. [127 ] Because all insured depository institutions in the United States are subject to regulation under the BSA, at least some PPSIs will likely be the subsidiaries of parents that are subject to their own AML/CFT obligations under FinCEN's regulations. [128 ] PPSIs that are subsidiaries of insured depository institutions in the United States may be required by certain Federal functional regulators to generally comply with a parent entity's AML/CFT obligations. The question naturally arises whether, and if so how, the parent's AML/CFT program obligation affects that of the subsidiary PPSI and, conversely, how the subsidiary PPSI's obligations under this proposed rule could affect that of the parent. Overall, FinCEN expects that the similarities among its regulations will facilitate coordination between subsidiary and parent, and conversely, how the subsidiary PPSI's program under this proposed rule affects that of the parent.

Under this proposed rule and FinCEN's existing regulations, FinCEN expects its regulations that are applicable to a parent insured depository institution and its subsidiary PPSI could be similar to one another. If so, a PPSI and its parent would be able to coordinate compliance practices and share compliance resources, and the PPSI, as part of the insured depository institution as a whole, can leverage the parent's program. For example, FinCEN is proposing to impose an AML/CFT program on PPSIs that largely mirrors its proposed programs for banks. [129 ] FinCEN recognizes the value of enterprise-wide compliance efforts, but also that such efforts must account for obligations unique to a particular entity. For example, where a PPSI is a subsidiary of an insured depository institution, FinCEN anticipates that the enterprise may elect to extend a single AML/CFT program to both entities. FinCEN assesses that doing so would be permissible so long as a comprehensive AML/CFT program is reasonably designed to identify and mitigate the risks posed by the different aspects of each entity's business and activities and satisfies each of the AML/CFT program and other BSA requirements to which the PPSI and parent are subject.

Where a PPSI is subject to obligations that differ from those of its parent, a PPSI must comply with the PPSI-specific provision. For instance, as the GENIUS Act directs and this proposed rule would require, a PPSI must have the “technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations.” [130 ] That statutory requirement will necessarily mean a PPSI must have internal policies, procedures, and controls to comply with the obligation to block, freeze, and reject applicable transactions, which could be part of enterprise-wide policies and procedures or unique in the corporate structure to PPSIs. [131 ]

It is also possible that a subsidiary PPSI may be subject to an obligation parallel to that of its parent in a situation where a Federal functional regulator requires a subsidiary to comply with its parent's regulatory obligations. FinCEN addressed such a situation in a 2012 administrative ruling. [132 ] When FinCEN issued that ruling, loan and finance companies had just been added to the list of financial institutions under the BSA, and FinCEN had just issued regulations requiring loan and finance companies to develop and implement written AML programs. [133 ] FinCEN's ruling stated that when a loan or finance company subsidiary and a parent financial institution are subject to the same rule and are examined by the same regulator, the subsidiary is “deemed to comply with FinCEN's regulations[.]” [134 ] FinCEN requests comment on whether it would be appropriate to apply the logic of this administrative ruling to PPSIs that are subsidiaries of insured depository institutions, or conversely whether the holding of the administrative ruling should be broadened to apply to subsidiaries and parents that are subject to similar rules but not the same rule. FinCEN also requests comment on whether it is proposing any obligations on PPSIs that would conflict with existing obligations of an insured depository institution such that complying with both would be legally or practically impossible.

ii. Uninsured National Banks

The GENIUS Act also permits certain uninsured national banks to be PPSIs. [135 ] Such an institution would potentially be subject to BSA obligations both as a bank and as a PPSI. Much like with PPSIs that are a subsidiary of an insured depository institution, FinCEN expects that its efforts to harmonize obligations for various types of financial institutions will facilitate such an entity's ability to efficiently comply with both bank and PPSI obligations. Moreover, as explained below, some of the obligations proposed in this rule are similar to those currently imposed on banks. Where obligations differ, an institution that is both a bank and a PPSI, however, will be required to comply with both sets of obligations. FinCEN requests comment on whether it is proposing any obligations that would ( printed page 18592) conflict with existing obligations such that complying with both would be legally or practically impossible. FinCEN also requests comment on whether it can take steps to promote efficiencies where a single entity is subject to two obligations.

iii. Money Services Businesses

Finally, the activities in which PPSIs will engage constitute money transmission, the logic under which stablecoin issuers are currently regulated as MSBs. To limit overlapping obligations and confusion, FinCEN proposes affirmatively carving out PPSIs from the definition of MSB. [136 ] FinCEN requests comment on whether this carve out is appropriate and results in any ambiguity.

This carve out only applies to PPSIs, and not to other persons engaged in activities involving the issuance of stablecoins that are not payment stablecoins. In general, FinCEN is not changing the regulatory framework that currently applies to activities involving CVCs and to entities other than PPSIs engaging in those activities. For example, stablecoin issuers that issue tokens that are not payment stablecoins, i.e., value that substitutes for currency, will remain subject to the MSB framework. Other than changes specific to PPSIs, FinCEN does not intend for this proposal to change any aspect of FinCEN's framework relating to value that substitutes for currency or entities that engage in activity related to the same.

B. Obligations for Primary and Secondary Market Activity

FinCEN is proposing that some PPSI obligations will apply to the secondary market, while others will not. In doing so, FinCEN has attempted to balance what it currently assesses is the burden of secondary market obligations against the prospective benefit. FinCEN is proposing applying secondary market obligation where PPSIs can most directly mitigate illicit finance in the U.S. financial system. Notably both obligations where FinCEN is proposing secondary market obligations are imposed on PPSIs directly by the GENIUS Act. FinCEN is proposing PPSIs have obligations with regards to the secondary market as part of technical capabilities and policies and procedures to block, freeze, and reject impermissible transactions and technical capabilities to comply, and complying, with the terms of lawful orders. In some cases, stablecoin issuers already have such capabilities and leverage them to comply with existing law.

In contrast, FinCEN is not proposing to require a PPSI as part of an AML/CFT program to monitor secondary market activity, although a PPSI will be required to understand the risk its customers pose as part of its due diligence, as well as its distribution channels, including the blockchains on which its payment stablecoins are deployed. FinCEN is also not proposing to require PPSIs to file SARs on secondary market transactions as FinCEN has preliminarily assessed that the burden of requiring PPSIs to file SARs concerning secondary market activity could potentially outweigh the potential benefits. FinCEN requests comment on its proposed approach.

C. Section-by-Section Analysis

FinCEN is proposing changes to its existing regulations, as well as creation of a new part applicable to PPSIs, proposed part 1033. [137 ] Section VI.C.1 describes changes proposed to FinCEN's existing definitions as well as proposes new definitions. Section VI.C.2 describes FinCEN's proposed delegation of its examination authority. Section VI.C.3 describes FinCEN's proposed requirement for PPSIs to establish AML/CFT programs, to include risk-based procedures for conducting ongoing customer due diligence (CDD). Section VI.C.4 describes FinCEN's proposal related to supervision and enforcement. Section VI.C.5 describes FinCEN's proposal relating to collection of beneficial ownership information for legal entity customers. Section VI.C.6 describes FinCEN's proposals for additional technical capabilities, policies, and procedure requirements specific to PPSIs, as mandated by the GENIUS Act. Section VI.C.7 describes FinCEN's proposal related to PPSIs currency transaction reporting requirements. Section VI.C.8 describes FinCEN's proposal for PPSI suspicious activity reporting requirements. Section VI.C.9 describes FinCEN's proposal relating to records PPSIs will be required to maintain, including under the Recordkeeping and Travel Rules. Section VI.C.10 describes FinCEN's proposals relating to information sharing authorities. Finally, section VI.C.11 describes FinCEN's proposals relating to enhanced due diligence PPSIs will be required to undertake, as well as application of special measures.

1. Definitions

FinCEN is proposing to amend four existing definitions and add nine new terms to the general definitions section of its regulations, 31 CFR 1010.100. Where it is adding new terms, in large part, FinCEN is proposing promulgating the same language as the GENIUS Act. In a few instances, however, FinCEN's proposed language diverges from the statutory text in order to reconcile differences between how the GENIUS Act defines a term and how the same term is defined in FinCEN's existing regulations or to avoid confusion when similar terms are defined both by the GENIUS Act and FinCEN's existing regulations. FinCEN is also proposing modifications to improve readability, including not adopting GENIUS Act language where it is unnecessary for purposes of this proposed rule.

Relatedly, FinCEN is not proposing to promulgate regulatory definitions for the GENIUS Act definitions for some words even though FinCEN is proposing rule text for terms that reference those words. For instance, both the GENIUS Act and FinCEN's proposed definition of “permitted payment stablecoin issuer” use the term “subsidiary,” which is in turn defined by the GENIUS Act by reference to section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813). [138 ] With limited exceptions, FinCEN assesses that while these additional definitions may be essential for other regulatory authorities to discharge their regulatory obligations relating to approving issuers, they are not necessary to understand the scope of FinCEN's proposed obligations or the population on which those obligations will be imposed.

None of these proposed changes to the GENIUS Act's language are intended to substantively alter the GENIUS Act's requirements as implemented through this propose rule. FinCEN seeks comment on the clarity of these definitions, including whether any deviation that FinCEN is proposing from the GENIUS Act's language could be read as changing the intended effect of ( printed page 18593) the Act, and whether any additional terms should be defined.

FinCEN is reserving two subparagraphs, (nnn) and (ooo), expecting they will contain definitions proposed in a previously issued FinCEN rulemaking related to AML/CFT programs for the 11 types of existing financial institutions.

i. Proposed Amendment to 31 CFR 1010.100(t) —Financial Institution

The GENIUS Act directs that a “permitted payment stablecoin issuer shall be treated as a financial institution for purposes of the” BSA. [139 ] To implement this directive and ensure that PPSIs are subject to the appropriate BSA obligations in a clear and consistent manner—and because, as discussed above in section VI.A.1, FinCEN proposes exercising its 31 U.S.C. 5312(a)(2)(Y) authority to define PPSIs as financial institutions under the BSA—FinCEN is proposing to amend the definition of “financial institution” at 31 CFR 1010.100(t) to expressly include “permitted payment stablecoin issuer.” Consistent with other financial institutions, “permitted payment stablecoin issuer” will be defined separately in a new paragraph.

ii. Proposed Amendment to 31 CFR 1010.100(ff) —Money Services Business

FinCEN is proposing to amend the definition of “money services business,” 31 CFR 1010.100(ff), to add PPSIs to the list of financial institutions that the term “money services business” shall not include. The amendment makes clear that PPSIs are subject to obligations as a PPSI and not as a money services business.

iii. Proposed Amendment to 31 CFR 1010.100(bbb) —Transaction

FinCEN is proposing to amend the definition of “transaction,” 31 CFR 1010.100(bbb), to add the issuance or redemption of a payment stablecoin as a type of transaction. This amendment clarifies that these activities qualify as transactions. It should not be construed, including by negative inference, that issuance and redemption of other kinds of value that substitute for currency are not a transaction. [140 ] Moreover, it should not be construed, including by negative inference, that issuing and redeeming payment stablecoins are the only kinds of transactions in which a PPSI will engage.

iv. Proposed Amendment to 31 CFR 1010.100(eee) —Transmittal Order

FinCEN is proposing to amend the definition of “transmittal order,” 31 CFR 1010.100(eee), to add a payment stablecoin as a subject of an order. As discussed in greater detail below, this amendment is intended to clarify that a transmittal order to pay payment stablecoins is a transmittal order like an order to pay traditional money. It should not be construed, including by negative inference, that orders to pay other kinds of value that substitute for currency are not transmittal orders. [141 ]

v. Proposed 31 CFR 1010.100(ppp) —Digital Asset

FinCEN is proposing to define the term “digital asset” as provided in the GENIUS Act, 12 U.S.C. 5901(6). Under the proposed rule, the term “digital asset” would mean any digital representation of value that is recorded on a cryptographically secured distributed ledger. FinCEN considers it useful to define this term explicitly in its regulations in order to enhance the clarity and conciseness of its regulations. Many of the regulatory obligations that FinCEN is proposing to impose on PPSIs take into account, in one way or another, the concept of digital assets. Most notably, the term “digital assets” is used in “payment stablecoin.”

FinCEN's use of the term “digital asset” is limited currently to proposed obligations to be imposed on PPSIs. FinCEN is aware that the addition of “digital asset” adds a term related to other terms used in the BSA, its own regulations and its guidance—most notably “value that substitutes for currency” and “convertible virtual currency.” FinCEN's defining and use of the term “digital asset” in proposed obligations to be imposed on PPSIs should not be construed, including by negative inference, to alter or displace anything about FinCEN's regulatory infrastructure related to value that substitutes for currency or CVC. Digital assets may be value that substitutes for currency, and vice versa, but the two are not synonymous, and the regulatory requirements that may be associated with one must be evaluated independently of the requirements that may be associated with the other.

vi. Proposed 31 CFR 1010.100(qqq) —Distributed Ledger

FinCEN is proposing to define the term “distributed ledger” as provided in the GENIUS Act, 12 U.S.C. 5901(8). Under the proposed rule, the term “distributed ledger” would mean a technology in which data is shared across a network that creates a public digital ledger of verified transactions or information among network participants and cryptography is used to link the data to maintain the integrity of the public ledger and execute other functions. The term distributed ledger is used both in the term digital asset and payment stablecoin.

vii. Proposed 31 CFR 1010.100(rrr) —Lawful Order

FinCEN is proposing to define the term “lawful order” as provided in the GENIUS Act, 12 U.S.C. 5901(16), with certain modifications in light of a preexisting FinCEN regulatory definition. Under the proposed rule the term “lawful order” would mean any final and valid writ, process, order, rule, decree, command, or other requirement issued or promulgated under Federal law, issued by a court of competent jurisdiction or by an authorized Federal agency pursuant to its statutory authority, that (1) requires an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated, to seize, freeze, burn, or prevent the transfer of payment stablecoins that the individual or entity issued; (2) specifies the payment stablecoins or accounts subject to blocking with reasonable particularity; and (3) is subject to judicial or administrative review or appeal as provided by law.

The proposed definition modifies the GENIUS Act definition of lawful order by replacing the statutory term “person” with language used in the GENIUS Act definition of “person,” as provided in 12 U.S.C. 5901(24). [142 ] The term “person” is already defined in FinCEN regulations at 31 CFR 1010.100(mm) [143 ] and differs from the GENIUS Act definition of “person.” In particular, FinCEN's regulatory definition of “person” includes Indian Tribes as defined in the Indian Gaming Regulatory Act, which the GENIUS Act definition of person does not include. ( printed page 18594) Further, FinCEN's regulatory definition also does not characterize the entities that comprise the category as “business” entities, as the GENIUS Act definition does. To ensure the definition of “lawful order” for PPSIs accurately applies to the “persons” that Congress intended, as evidenced by the GENIUS Act definition of the term, FinCEN accordingly proposes to, instead of using the term person, incorporate the language the GENIUS Act uses to define person into the regulatory definition of “lawful order.” FinCEN solicits comments on whether the incorporation of the specific GENIUS Act language is necessary, or whether, if FinCEN reverts to the use of the term “person” as currently defined in its regulations, this will change the intended meaning or effect of the GENIUS Act.

Additionally, the GENIUS Act uses the term “account” in the definition of lawful order and FinCEN proposes to do the same. [144 ] A number of other terms currently codified in FinCEN's general definition section, 31 CFR 1010.100 also use the term “account” without defining the term. [145 ] As discussed in greater detail below, and consistent with that approach, FinCEN proposes not further elaborating on the meaning of account within the definition of lawful order and requests comment on this approach. [146 ]

viii. Proposed 31 CFR 1010.100(sss) —Payment Stablecoin

FinCEN is proposing to define the term “payment stablecoin” as provided in the GENIUS Act, 12 U.S.C. 5901(22), with certain modifications in light of preexisting FinCEN regulatory definitions and technical changes. Additionally, FinCEN proposes embedding within the definition of payment stablecoin two other terms defined in the GENIUS Act.

Under the proposed rule, the term “payment stablecoin” would mean a digital asset (i) that is, or is designed to be, used as a means of payment or settlement and (ii) the issuer of which: (A) is obligated to convert, redeem, or repurchase for a fixed amount of monetary value, but not for a digital asset denominated in a fixed amount of a monetary value; and (B) represents that such issuer will maintain, or create the reasonable expectation that it will maintain, the digital asset at a stable value relative to the value of a fixed amount of monetary value. The proposed definition also provides that a “payment stablecoin” does not include a digital asset that is: (i) a national currency; (ii) a deposit (as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813)) including a deposit recorded using distributed ledger technology; or (iii) a security, as defined in section 2 of the Securities Act of 1933 (15 U.S.C. 77b), section 3 of the Securities Exchange Act of 1934 (15 U.S.C. 78c), or section 2 of the Investment Company Act of 1940 (15 U.S.C. 80a-2). For purposes of the definition of “payment stablecoin,” FinCEN intends for the definition of “security” provided in paragraph (iii) of the proposed definition to apply and not the preexisting regulatory definition of “security” at 31 CFR 1010.100(ss).

The GENIUS Act's definition of “payment stablecoin” contains language clarifying that “no bond, note, evidence of indebtedness, or investment contract that was issued by a permitted payment stablecoin issuer shall qualify as a security solely [because the issuer satisfies] the conditions in [paragraph (1) of the proposed “payment stablecoin” definition], consistent with section 17 of the Act.” FinCEN has determined that this “for avoidance of doubt” language is unnecessary for its regulatory definition of payment stablecoin. The GENIUS Act includes amendments to the cited statutes covered in proposed paragraph (iii) that clarify that payment stablecoins are not securities. [147 ] Accordingly, while this clarification may have been necessary to understand the intent of the GENIUS Act at the time it was passed, the Act's amendments of security-related statutory provisions obviate the need to include this language in FinCEN's regulations.

The proposed definition of “payment stablecoin” also includes definitions of the terms “national currency” and “monetary value” within the definition of “payment stablecoin” consistent with the definition of the terms in the GENIUS Act, 12 U.S.C. 5901(19) and (17), with certain modifications. Although the GENIUS Act defines both terms independently from payment stablecoin, neither term is used outside of payment stablecoin as pertinent to this rulemaking. Moreover, adding the GENIUS Act definitions of “national currency” or “monetary value” as separately defined terms in 31 CFR 1010.100 could have an unintended impact on other FinCEN regulations that already use similar terms to mean different things, and could therefore have unintended impact on the regulatory obligations of other types of financial institutions or create unnecessary confusion about those regulatory obligations. Relatedly, within the definition of “national currency,” FinCEN proposes replacing the statutory term “money” with the GENIUS Act's definition of “money.” This should avoid confusion as “money” appears elsewhere in FinCEN's regulations.

FinCEN proposes that for purposes of the definition of “payment stablecoin” the term—(i) National currency means each of the following—(A) A Federal Reserve note (as the term is used in the first undesignated paragraph of section 16 of the Federal Reserve Act (12 U.S.C. 411)); or (B) A medium of exchange currently authorized or adopted by a domestic or foreign government including a monetary unit of account established by an intergovernmental organization or by agreement between two or more countries that is: (1) standing to the credit of an account with a Federal Reserve Bank; (2) issued by a foreign central bank; or (3) issued by an intergovernmental organization pursuant to an agreement by two or more governments; and (ii) Monetary value means national currency or deposit (as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813)) denominated in a national currency. The proposed definition of “national currency” reformats and modifies the definition in the GENIUS Act, 12 U.S.C. 5901(19), by including the GENIUS Act definition of “money,” 12 U.S.C. 5901(18) within the definition, in paragraph (B), and making statutory paragraphs (B), (C), and (D) into proposed paragraphs (1), (2), and (3) for grammatical consistency. The proposed definition of “monetary value” within the definition of “payment stablecoin” is consistent with the definition of the term in the GENIUS Act, 12 U.S.C. 5901(17).

ix. Proposed 31 CFR 1010.100(ttt) —Permitted Payment Stablecoin Issuer

FinCEN is proposing to define the term “permitted payment stablecoin issuer” as provided in the GENIUS Act, 12 U.S.C. 5901(23), with certain ( printed page 18595) modifications in light of preexisting FinCEN regulatory definitions. Under the proposed rule, the term permitted payment stablecoin issuer would mean an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated formed in the United States that is: (1)(A) a subsidiary of an insured depository institution that has been approved to issue payment stablecoins by a primary Federal payment stablecoin regulator; or (B) a subsidiary of an insured credit union that has been approved to issue payment stablecoins by a primary Federal payment stablecoin regulator; (2) a Federal qualified payment stablecoin issuer; or (3) a State qualified payment stablecoin issuer. The proposed definition modifies the definition of permitted payment stablecoin issuer provided in the GENIUS Act by replacing the statutory term “person” with the language the GENIUS Act uses to define “person” as provided in 12 U.S.C. 5901(24). [148 ] As described above, the term “person” is already defined in FinCEN regulations at 31 CFR 1010.100(mm) [149 ] and differs from the GENIUS Act definition of person. To ensure the definition of “permitted payment stablecoin issuer” accurately applies only to “persons” as defined in the GENIUS Act, FinCEN proposes adding the GENIUS Act definition of “person” within the “permitted payment stablecoin issuer” definition.

Additionally, the proposed definition modifies statutory paragraph (A) by replacing the term “insured depository institution” with the GENIUS Act definition of “insured depository institution,” in 12 U.S.C. 5901(15), which includes two subparagraphs one applying to insured depository institutions as defined in section 3 of the Federal Deposit Insurance Act and a second for insured credit unions. FinCEN is also omitting from the GENIUS Act's definition “insured depository institution” the phrase “as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813).” While this language may be essential for regulators responsible for approving issuers, FinCEN does not believe it is necessary to understand the scope of the obligations it proposes to impose or the population on which those obligations are imposed. Finally, the definition also replaces the statutory reference “has been approved to issue payment stablecoins under section 5” with “has been approved to issued payment stablecoins by a primary Federal payment stablecoin regulator” in both proposed paragraph (1)(A) and (1)(B).

x. Proposed 31 CFR 1010.100(uuu) —Primary Federal Payment Stablecoin Regulator

FinCEN is proposing to define the term “primary Federal payment stablecoin regulator” as provided in the GENIUS Act, 12 U.S.C. 5901(25), with certain modifications. Under the proposed rule, the term “primary Federal payment stablecoin regulator” would mean (1) for a subsidiary of an insured depository institution, as described in paragraph (ttt)(1)(A) of this section, the appropriate Federal banking agency of such insured depository institution; (2) for a subsidiary of an insured credit union, as described in paragraph (ttt)(1)(B), the NCUA; (3) for a State chartered depository institution not covered in subparagraph (1), the FDIC, the OCC, or the Board; or (4) for a Federal qualified payment stablecoin issuer, the OCC.

The proposed definition modifies the statutory definition by including cross references to the proposed definition of “permitted payment stablecoin issuer” to describe a subsidiary of an insured depository institution and a subsidiary of an insured credit union. The definition also uses the full agency names for each Federal banking agency named in the definition for stylistic consistency with other FinCEN regulations.

xi. Proposed 31 CFR 1010.100(vvv) —Federal Qualified Payment Stablecoin Issuer

FinCEN is proposing to define the term “Federal qualified payment stablecoin issuer” as provided in the GENIUS Act, 12 U.S.C. 5901(11), with certain technical modifications for conciseness and in deference to another agency's authority. Under the proposed rule, the term “Federal qualified payment stablecoin issuer” would mean an entity that is approved by the OCC under 12 U.S.C. 5903 to issue payment stablecoins and is either—(1) a nonbank entity; (2) an uninsured national bank; or (3) a Federal branch.

The GENIUS Act definition of Federal qualified payment stablecoin issuer contains for the three subtypes of institutions—nonbank entities, uninsured national banks, and foreign bank branches—references to OCC approval and in one case OCC's statutory authority. FinCEN proposes to consolidate references to OCC approval and remove reference to the OCC's statutory authority. FinCEN considers this approach appropriate in light of the fact that the OCC, not FinCEN, has the authority to determine how, using what terms and establishing what categories, to discharge the OCC's regulatory obligations in connection with Federal qualified payment stablecoin issuers as required by the GENIUS Act. FinCEN conceives of its responsibility in this connection as establishing a smooth interface between its own regulations on the subject and those of the OCC, and it regards the proposed language as the best way to do so. In addition, the proposed language has the benefit of conciseness.

xii. Proposed 31 CFR 1010.100(www) —State Payment Stablecoin Regulator

FinCEN is proposing to define the term “State payment stablecoin regulator” as provided in the GENIUS Act, 12 U.S.C. 5901(30), with certain modifications in light of preexisting FinCEN regulatory definitions. Under the proposed rule, the term “State payment stablecoin regulator” would mean a state agency that has the primary regulatory and supervisory authority in such state over entities that issue payment stablecoins. Under the GENIUS Act, the term “State” includes “each of the several States of the United States, the District of Columbia, and each territory of the United States.” [150 ] FinCEN proposes modifying the GENIUS Act's definition of “State payment stablecoin regulator” to account for FinCEN's existing definition of “State,” [151 ] which does not include any U.S. territories. FinCEN is thus adding its existing regulatory phrase “Territory and Insular Possession” to make clear that for purposes of this definition “State” includes territories. [152 ]

( printed page 18596)

xiii. Proposed 31 CFR 1010.100(xxx) —State Qualified Payment Stablecoin Issuer

FinCEN is proposing to define the term “State qualified payment stablecoin issuer” as provided in the GENIUS Act, 12 U.S.C. 5901(31), with certain modifications in light of preexisting FinCEN regulatory definitions. Under the proposed rule, the term “State qualified payment stablecoin issuer” would mean an entity that is: (1) legally established under the laws of a State or Territory and Insular Possession and approved to issue payment stablecoins by a State payment stablecoin regulator; and (2) not an uninsured national bank chartered by the OCC pursuant to title LXII of the Revised Statutes; a Federal branch or an insured depository institution, or a subsidiary, of such national bank, Federal branch, or insured depository institution. For meaning of “insured depository institution” this definition would reference the proposed definition of “permitted payment stablecoin issuer” at proposed 1010.100(ttt), clarifying that, consistent with the GENIUS Act, “insured depository institution,” includes insured depository institutions and insured credit unions. [153 ]

As with the definition of “State qualified payment stablecoin issuer,” FinCEN is adding “Territorial and Insular Possessions” to clarify that, consistent with the GENIUS Act, issuers legally established under the laws of a Territory and Insular Possession can qualify as a State qualified payment stablecoin issuer.

2. Proposed Amendment to 31 CFR 1010.810 —Delegation of Examination Authority

As administrator of the BSA, FinCEN has overall authority for enforcement and compliance with the BSA and its implementing regulations. [154 ] FinCEN, however, may delegate examination authority to appropriate agencies while retaining authority for the coordination and direction of procedures and activities of these agencies. [155 ] FinCEN has delegated examination authority for various financial institutions, as reflected at § 1010.810(b), and is proposing the same approach with regards to examination authority for PPSIs.

Broadly speaking, the GENIUS Act divides PPSIs into two categories: PPSIs that are regulated for safety and soundness by a primary Federal payment stablecoin regulator (which includes the OCC, Board, FDIC, and NCUA) and PPSIs that are regulated for safety and soundness by a State payment stablecoin regulator. [156 ] FinCEN proposes delegating examination authority over PPSIs to federal agencies responsible for examining the same entities for safety and soundness and, where no such federal agency exists, to the IRS. [157 ]

i. State Qualified Payment Stablecoin Issuers

Under the GENIUS Act, generally, a State qualified payment stablecoin issuer with a consolidated total outstanding issuance of not more than $10 billion payment stablecoins may opt for regulation under a State-level regulatory regime, provided that the State-level regulatory regime is substantially similar to the Federal regulatory framework under the GENIUS Act. [158 ] State qualified payment stablecoin issuers that exceed the $10 billion in outstanding issuance of payment stablecoins must either transition to the regulatory framework of the primary Federal payment stablecoin regulator, which is then jointly administered by the State payment stablecoin regulator and the primary Federal payment stablecoin regulator, or obtain a waiver permitting the State qualified payment stablecoin issuer to remain solely supervised by a State payment stablecoin regulator. [159 ]

Where a financial institution is not examined for compliance with the BSA and FinCEN's regulations by the OCC, Board, FDIC, or NCUA, and is not otherwise supervised by a Federal functional regulator, FinCEN has delegated its examination authority to the IRS in § 1010.810(b)(8). Likewise, here FinCEN proposes delegating its examination authority to the IRS for PPSIs not examined by the OCC, Board, FDIC, and NCUA— i.e., a primary Federal payment stablecoin regulator—for safety and soundness. This population will include State qualified payment stablecoin issuers not supervised by a primary Federal payment stablecoin regulator, either because the State qualified payment stablecoin issuer's outstanding issuance is not more than $10 billion or because the primary Federal payment stablecoin regulator has granted the PPSI a waiver to allow the PPSI to remain supervised by a State payment stablecoin regulator. FinCEN believes the IRS is well positioned to conduct BSA examinations for PPSIs not examined by a primary Federal payment stablecoin regulator. As the BSA examiner for a range of institutions not otherwise examined by another agency, the IRS has staff trained in BSA examinations and a strong relationship with FinCEN and various state regulators. Relatedly, the IRS currently examines money transmitters, including stablecoin issuers, for BSA compliance and is, thus, well positioned to assess PPSI compliance with the BSA and ensure consistent application of BSA provisions across PPSIs based in various states.

To effectuate this delegation of BSA examination, FinCEN believes that no changes are necessary to § 1010.810(b)(8), which already states that such authority is delegated with respect to “financial institutions . . . not currently examined by Federal bank supervisory agencies for soundness and safety.” FinCEN believes the proposed text ensures that each PPSI not examined by a primary Federal payment stablecoin regulator for safety and soundness is examined by the IRS. This delegation will not grant authority to the IRS where a State qualified payment stablecoin issuer is subject to a primary Federal payment stablecoin regulator's framework that is jointly administered by the federal and state regulator and results in a primary Federal payment stablecoin regulator examining for safety and soundness.

ii. Proposed 31 CFR 1010.810(b)(8) —Federal Qualified Payment Stablecoin Issuers

Under the GENIUS Act, the OCC, Board, FDIC, and NCUA are the primary Federal payment stablecoin regulators and responsible for, among other things, assessing a PPSI's safety and soundness. [160 ] Additionally, the GENIUS Act requires the primary Federal payment stablecoin regulators to issue regulations relating to, among other things, risk management principles-based requirements and standards, including relating to the BSA. [161 ]

With regards to banks, FinCEN has delegated its authority to examine financial institutions for chapter X compliance to the agency that examines ( printed page 18597) the institution for safety and soundness. [162 ] Consistent with that approach, FinCEN's proposal adds a new paragraph to § 1010.810(b) to delegate examination authority to the primary Federal payment stablecoin regulators responsible for assessing a PPSI's safety and soundness. FinCEN believes the primary Federal payment stablecoin regulator responsible for promulgating standards related to BSA and examining particular PPSIs for safety and soundness is best positioned to carry out effective and efficient BSA exams. As the definition of primary Federal payment stablecoin regulator outlines the agency responsible for oversight of various categories of PPSIs, FinCEN is not proposing to detail in § 1010.810(b)(11) which agency is responsible for which subcategory of PPSIs. [163 ]

3. Proposed 31 CFR 1033.210 —AML/CFT Program Requirements for PPSIs

The GENIUS Act directs that PPSIs be subject to “maintenance of an effective anti-money laundering program, which shall include appropriate risk assessments and designation of an officer to supervise the program.” [164 ] Effective AML/CFT programs safeguard national security and generate significant public benefits by preventing the flow of illicit funds in the financial system and by assisting law enforcement and national security agencies with the identification and prosecution of persons attempting to launder money and undertake other illicit activity through the financial system. [165 ]

FinCEN has separately issued a notice of proposed rulemaking that would amend FinCEN's regulations that prescribe AML/CFT program requirements for current financial institutions program rules under the BSA. Updating the AML/CFT program requirements across financial institution types is part of FinCEN's efforts to reform and modernize the BSA, as well as implement the Anti-Money Laundering Act of 2020 (AML Act). [166 ] That proposed rule is designed to help ensure that financial institutions' AML/CFT programs are appropriately risk-based, such that compliance with their program obligations is focused on the goals of the BSA, including combatting and preventing money laundering, the financing of terrorism, and other illicit finance activity risks (collectively, ML/TF risks), rather than mere technical compliance. Furthermore, that proposed rule for banks would help ensure that supervisory and enforcement actions related to AML/CFT programs are focused on significant or systemic failures to implement an effective AML/CFT program (i.e., deficiencies or issues that arise from failing to implement, in all material respects, a properly established AML/CFT program).

In this proposed rule FinCEN proposes to impose on PPSIs an AML/CFT program obligation consistent with the program being proposed for the 11 types of financial institutions currently covered by BSA program requirements, with some modifications due to the GENIUS Act's specific provisions. FinCEN assesses that such consistency across the types of financial institutions promotes clarity, creates efficiencies, and best protects the U.S. financial system from illicit actors. As described below, under FinCEN's proposal, an AML/CFT program is inherently tailored to the risk and operations of a PPSI, meeting the GENIUS Act's directive that rules are tailored to an issuer's size and complexity. [167 ]

i. AML/CFT Program Overview

A central objective of Treasury and FinCEN's BSA modernization efforts is to create an AML/CFT supervisory and regulatory regime that is more effective in achieving the purposes of the BSA and promoting better outcomes for law enforcement and national security agencies. [168 ] This proposed rule would further that objective by explicitly defining the requirements for a PPSI to establish and maintain an effective AML/CFT program. Consistent with the changes that the AML Act made for other types of financial institutions, it would also adopt into regulation the AML Act's expectation that AML/CFT programs should be risk-based, including ensuring that PPSIs direct more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the PPSI, rather than toward lower-risk customers and activities. [169 ]

Under proposed § 1033.210 PPSIs would have an effective AML/CFT program and comply with the requirements of 31 U.S.C. 5318(h)(1) and § 1033.210 if the PPSI: (1) establishes an AML/CFT program in accordance with paragraph (b) of § 1033.210; and (2) maintains an AML/CFT program by implementing the AML/CFT program in accordance with paragraph (c) of § 1033.210. As part of the program, and consistent with the mandate in the GENIUS Act, PPSIs would be required to conduct ongoing customer due diligence.

a. Factors That FinCEN Considered

The AML Act requires FinCEN to take into account certain factors when prescribing minimum AML/CFT program standards. FinCEN has considered all these factors in developing this proposed rule. [170 ]

As stated in 31 U.S.C. 5318(h)(2)(B)(iii), effective AML/CFT programs safeguard national security and generate significant public benefits by preventing the flow of illicit funds in the financial system and by assisting law enforcement and national security agencies with the identification and prosecution of persons attempting to launder money or undertake other illicit activity through the financial system. The proposed rule would advance the BSA modernization and reform goals of the AML Act by providing PPSIs and their regulators with clarity about the requirements to have effective AML/CFT programs.

Likewise, 31 U.S.C. 5318(h)(2)(B)(iv)(I) provides that AML/CFT programs should be “reasonably designed to assure and monitor compliance” with the BSA and its implementing regulations and be risk-based. The proposed rule advances these objectives by explicitly requiring PPSIs to have effective AML/CFT programs and by describing the ( printed page 18598) minimum components for an AML/CFT program to be effective. Specifically, as part of an effective AML/CFT program, the proposed rule requires that a PPSI establish and maintain a risk-based set of internal policies, procedures, and controls that are reasonably designed to ensure compliance with the BSA and FinCEN's regulations.

The internal policies, procedures, and controls requirement in the proposed rule also demonstrates FinCEN's consideration of 31 U.S.C. 5318(h)(2)(B)(iv)(II), which states that AML/CFT programs should be risk-based, including ensuring that more attention and resources of a PPSI should be directed toward higher-risk customers and activities, consistent with a PPSI's risk profile, rather than toward lower-risk customers and activities. The proposed rule incorporates this directive by explicitly requiring, as part of a PPSI's risk-based internal policies, procedures, and controls, that a PPSI identify, assess, and document its ML/TF risks through risk assessment processes. These risk assessment processes require a PPSI to evaluate ML/TF risks and review and incorporate the AML/CFT Priorities, as appropriate, with updates to risk assessment processes promptly upon any change that the PPSI knows or has reason to know significantly changes the PPSI's ML/TF risks. These risk assessment processes are designed to help PPSIs mitigate ML/TF risks and ensure that they are allocating resources commensurate with their documented ML/TF risks, directing more attention and resources toward higher-risk customers rather than toward lower-risk customers and activities.

Finally, 31 U.S.C. 5318(h)(2)(B)(ii) requires FinCEN to consider the extension of financial services to the underbanked and the facilitation of financial transactions, including remittances, while preventing criminal persons from abusing formal or informal financial services networks. Through its emphasis on risk-based AML/CFT programs, the proposed rule seeks to provide PPSIs with the flexibility to serve a broad range of customers and avoid one-size-fits-all approaches to customer risk that can lead to PPSIs declining to provide financial services to entire categories of customers. The proposed rule would help ensure that decisions taken by PPSIs with respect to closing customer accounts are based on legitimate ML/TF risks and informed by relevant facts and circumstances. The proposed rule is intended to mitigate the risks of PPSIs potentially being inappropriately pressured into closing customer accounts by emphasizing the risk-based nature of AML/CFT programs. In doing so, the proposed rule also furthers the objectives of E.O. 14331, Guaranteeing Fair Banking for All Americans, which seeks to combat “politicized or unlawful debanking.” [171 ]

b. Program Overview

The proposed rule would require a PPSI to establish an AML/CFT program and then maintain the AML/CFT program by implementing, in all material respects, the established AML/CFT program. In prescribing the minimum standards for an AML/CFT program and in supervising and examining compliance with those standards, the AML Act requires the Secretary and the appropriate Federal functional regulator to take into account that effective AML/CFT programs safeguard national security and help law enforcement prevent the flow of illicit funds in the financial system. [172 ] An AML/CFT program can be effective without preventing every minor instance of a financial institution falling prey to illicit finance misuse. Accordingly, the proposed rule would set out that an AML/CFT program is “effective” and complies with the requirements of 31 U.S.C. 5318(h)(1) so long as it is established and maintained in accordance with applicable requirements.

A PPSI would be required to establish a risk-based set of internal policies, procedures, and controls that are reasonably designed to ensure compliance with the BSA and 31 CFR chapter X. The risk-based internal policies, procedures, and controls must also be reasonably designed to: (1) identify, assess, and document the PPSI's ML/TF risks through risk assessment processes that evaluate the risks of the PPSI's business activities, review and, as appropriate, incorporate the AML/CFT Priorities, and are updated promptly upon any change that the PPSI knows or has reason to know significant changes in the PPSI's ML/TF risks; (2) mitigate the PPSI's ML/TF risks, consistent with the PPSI's risk assessment processes; and, (3) conduct ongoing customer due diligence.

The proposed rule would also require a PPSI to establish an ongoing employee training program and independent AML/CFT program testing as part of its AML/CFT program.

Finally, the proposed rule would require a PPSI to designate an individual responsible for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance; that individual would be required to be located in the United States and accessible to, and subject to oversight and supervision by, FinCEN and its designee, including the appropriate primary Federal payment stablecoin regulator. That individual also could not have been convicted of a felony offense involving certain kinds of activity, as required by the GENIUS Act. [173 ]

Under the proposed rule, having an effective AML/CFT program would be more than a one-time adoption of a risk-based set of internal policies, procedures, and controls. Rather, a PPSI would be required to keep its risk-based set of internal policies, procedures, and controls—and the risk assessment processes that inform them—current as the PPSI's risk profile changes. Similarly, an AML/CFT program would involve more than a one-time creation of an employee training program or initiation of an independent testing mechanism: the PPSI would also be required to keep such aspects of the AML/CFT program current as the PPSI's risk profile changes. Thus, even where a PPSI has previously established an AML/CFT program in accordance with the proposed rule, a failure to update the program to reflect significant changes to the PPSI's risk profile may result in the program no longer meeting the program establishment requirements, and the PPSI may accordingly be subject to supervisory or enforcement action for failure to establish an effective AML/CFT program.

Once a PPSI has properly “established” an AML/CFT program, the PPSI must “maintain” the program by implementing it, in all material respects. Minor deficiencies of an AML/CFT program would not necessarily mean that a PPSI has failed to implement the program.

ii. Proposed 31 CFR 1033.210(b) —Program Establishment

The AML/CFT program requirements for PPSI's must have certain minimum elements comprised of: (1) internal policies, procedures, and controls; (2) an independent audit function to test programs; (3) a designated compliance officer; and (4) an ongoing employee training program.

a. Proposed 31 CFR 1033.210(b)(1) —Internal Policies, Procedures, and Controls

The BSA requires financial institutions to develop “internal ( printed page 18599) policies, procedures, and controls” as part of their AML/CFT programs. [174 ] Proposed § 1033.210(b)(1) provides that a PPSI's risk-based set of internal policies, procedures, and controls must be reasonably designed to: (1) identify, assess, and document ML/TF risks through risk assessment processes; (2) mitigate ML/TF risks consistent with the risk assessment processes, including by allocating more attention and resources toward higher-risk customers and activities rather than toward lower-risk customers and activities; and (3) conduct ongoing CDD.

Under this proposal, a PPSI's risk-based set of internal policies, procedures, and controls should be based upon, informed by, and consistent with a PPSI's risk assessment processes. The level of sophistication of the internal policies, procedures, and controls should be commensurate with the size, structure, risk profile, and complexity of the PPSI.

The requirement that a PPSI's risk-based set of internal policies, procedures, and controls be “reasonably designed” gives PPSIs flexibility in how they achieve compliance with the BSA and the proposed rule's other requirements. As part of having risk-based set of internal policies, procedures, and controls reasonably designed to ensure compliance with the BSA and FinCEN's regulations, PPSIs may choose to responsibly adopt new technologies or innovative approaches to comply with BSA requirements.

1. Proposed 31 CFR 1033.210(b)(1)(i) —Risk Assessment Processes

FinCEN is proposing in § 1033.210(b)(1)(i) that, as part of a PPSI's risk-based set of internal policies, procedures, and controls, the PPSI establish and maintain risk assessment processes to: (1) evaluate the ML/TF risks of the PPSI's business activities, including products, services, distribution channels, customers, and geographic locations; (2) review and, as appropriate, incorporate the AML/CFT Priorities; and (3) be updated promptly upon any change that the PPSI knows or has reason to know significantly changes the PPSI's ML/TF risks. This provision implements the GENIUS Act's directive that PPSI AML/CFT programs include appropriate risk assessments. [175 ]

The proposed rule requires, as part of a PPSI's risk-based internal policies, procedures and controls, that it identify, assess, and document its ML/TF risks using risk assessment processes. This risk assessment process, generally conducted on an annual basis, results in a documented ML/TF risk assessment.

FinCEN believes PPSIs are best positioned to identify and evaluate their ML/TF risk and is therefore not prescribing any particular risk assessment processes or methodologies other than the critical elements described in this proposed rule. Under the proposed rule, PPSIs will be examined for whether they have established and implemented, in all material respects, reasonably designed risk assessment processes—which need not be in the form of a singular risk assessment process. Furthermore, FinCEN is not prescribing any particular timeframe for PPSIs to update their risk assessment processes.

i. Proposed 31 CFR 1033.210(b)(1)(i)(A) —ML/TF Risks

Proposed § 1033.210(b)(1)(i)(A) would require a PPSIs' risk assessment processes to evaluate the ML/TF risks its business activities, including products, services, distribution channels, customers, and geographic locations. These factors are generally well known and often incorporated into current risk assessment processes of some stablecoin issuers and banks. For clarity's sake, FinCEN considers “distribution channels” to refer to the methods and tools through which a PPSI opens accounts and provides products or services (including payment stablecoins), including, for example through remote or other non-face-to-face means. Thus, for example, PPSIs should consider how accounts are opened, as well as the blockchains to which its payment stablecoins are issued.

PPSIs may use a variety of sources to inform their risk assessment processes. Such sources may include information obtained from other financial institutions, such as emerging risks and typologies identified through 314(b) information sharing or payment transactions that other financial institutions returned or flagged due to ML/TF risks. [176 ] Information a PPSI generates or maintains could be another source, including information acquired from blockchain analytics. Such internal information may include, for example, customer internet protocol (IP) addresses or device logins and related geolocation information.

Feedback from FinCEN, law enforcement, and financial regulators may also inform risk assessment processes. For example, if a PPSI receives feedback from law enforcement about a report it has filed or potential risks at the PPSI, the PPSI may incorporate that information into its risk assessment processes. Similarly, PPSIs may consider information identified from responding to section 314(a) requests. Certain FinCEN advisories or guidance may also be particularly relevant to the PPSI's business activities, thereby warranting consideration when evaluating ML/TF risks. Regardless of the source, PPSIs should take measures in their risk assessment processes to ensure this information is reasonably current, complete, and accurate.

ii. Proposed 31 CFR 1033.210(b)(1)(i)(B) —AML/CFT Priorities

Proposed § 1033.210(b)(1)(i)(B) would require PPSIs to review and incorporate the AML/CFT Priorities. The AML/CFT Priorities set out the priorities for the U.S. government's AML/CFT policy as required by the AML Act and are designed to ensure that PPSIs' AML/CFT programs are aligned with those priorities. Recognizing the diverse nature of ML/TF threats facing the U.S. financial system and national security, and that PPSI AML/CFT programs will benefit U.S. national security by safeguarding the financial system from ML/TF risk, the AML/CFT Priorities are intended to ensure that PPSIs are focusing on the greatest threats to U.S. national security, as defined by Treasury.

FinCEN understands that the AML/CFT Priorities may not always be applicable to a PPSI's risk profile and activities. Therefore, FinCEN requires the incorporation of the AML/CFT Priorities in PPSI's risk assessment processes, as appropriate. This means that, having reviewed the AML/CFT Priorities, a PPSI may determine the extent to which a particular priority is applicable and whether and how a particular AML/CFT Priority should be incorporated into its risk assessment processes.

Further, a PPSI may use its judgment and apply a reasonable, risk-based determination on whether to focus on a specific aspect of an AML/CFT Priority (e.g., cyber-enabled fraud), rather than addressing all aspects of an AML/CFT Priority that may either not be applicable or pose lower risks to the PPSI. However, FinCEN cautions that a surface-level, perfunctory review of an AML/CFT Priority by a PPSI and the foreseeable ways in which it may manifest itself within the PPSI's customers, products and services, geographies, and distribution channels would not satisfy this requirement. ( printed page 18600)

FinCEN anticipates that some PPSIs may ultimately determine that their business models and risk profiles have limited exposure to some of the threats addressed in the AML/CFT Priorities but instead have greater exposure to other ML/TF risks not addressed in the AML/CFT Priorities. Additionally, some PPSIs' risk assessment processes may determine that their AML/CFT programs already sufficiently take into account some, or all, of the AML/CFT Priorities. In either case, any changes to PPSIs' AML/CFT program, such as internal policies, procedures, or controls, would be based on the results of risk assessment processes and their impact on the AML/CFT program, including how to review and, as appropriate, incorporate the AML/CFT Priorities before making these determinations.

iii. Proposed 31 CFR 1033.210(b)(1)(i)(C) —Update Risk Assessment Processes

Proposed § 1033.210(b)(1)(i)(C) would require PPSIs to update their risk assessment processes promptly upon any change that the PPSI knows or has reason to know significantly changes its ML/TF risk profile. For example, a PPSI may need to update its risk assessment when new products, services, and customer types are introduced; or existing products, services, and customer types undergo significant changes; or when the PPSI adopts new risk mitigation technology; or if the PPSI as a whole expands or contracts through mergers, acquisitions, divestitures, dissolutions, and liquidations. This would include, for example, when a payment stablecoin is deployed on a new blockchain or new features are coded into the smart contract. A PPSI may also need to update its risk assessment process based on factors external to its operations that it knows or has reason to know significantly changes its ML/TF risk profile.

2. Proposed 31 CFR 1033.210(b)(1)(ii) —Mitigate ML/TF Risks

Under the proposed rule, a PPSI's efforts to mitigate its ML/TF risks would involve directing more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the PPSI, rather than toward lower risk customers and activities. [177 ] The goal of risk-based allocation is for PPSIs to spend less time, energy, and resources on lower priority activities that may result in fewer resources devoted to, and potentially distract from, more serious threats. The proposed rule would thus enable PPSIs to focus more on higher risk customers and activities, which FinCEN has determined should result in PPSIs being more effective at detecting, reporting, and preventing the flow of illicit funds and providing law enforcement with more valuable BSA reporting.

As noted above, FinCEN believes that PPSIs are best positioned to identify and evaluate their ML/TF risk and to make decisions related to risk identification and resource allocation in accordance with risk identification. The proposed rule, therefore, does not contemplate regulatory second-guessing of a PPSI's reasonable determinations regarding appropriate resource allocation or conclusions regarding specific risks. However, while FinCEN does not believe that an examiner should substitute his or her own subjective judgment in place of the PPSIs, examiners will be expected to assess whether: (1) a PPSI's resource allocation decisions are informed by, and consistent with, reasonably designed risk assessment processes; and (2) with respect to implementation, specifically, whether the PPSI knows or should know of resource-related issues involving its internal policies, procedures, and controls and other mandatory elements that may result in the PPSI failing to implement its AML/CFT program in all material respects and failing to address such issues.

3. Proposed 31 CFR 1033.210(b)(1)(iii) —Conduct Ongoing Customer Due Diligence

The GENIUS Act specifies that PPSIs should be subject to all Federal laws applicable to a financial institution located in the United States relating to “due diligence.” [178 ] The existing program rules for certain financial institutions contain CDD requirements that have commonly been referred to as the “fifth pillar” of AML program rules for those types of financial institutions. [179 ] Under these requirements, covered financial institutions must establish and maintain a written AML/CFT program that includes: “appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.” [180 ]

Proposed § 1033.210(b)(1)(iii) would require PPSIs to conduct ongoing CDD as part of their AML/CFT program obligations. To effectively mitigate the illicit finance risks in customer relationships, PPSIs need to obtain and maintain information sufficient to develop an understanding of normal and expected customer activity. This in turn requires development of an understanding of the “nature and purpose,” or in other words the intent, of the customer in initiating and maintaining the relationship. The PPSI can draw conclusions about the type of activity and transactions the customer can be expected to engage in, setting a “baseline against which aberrant, suspicious transactions are identified.” [181 ] These are core elements and fundamental expectations of FinCEN's regulations implementing the BSA.

For PPSIs, some considerations of the nature and purpose of customer relationships will be similar to existing practices for other regulated financial institutions. However, some factors may also be new or unique due to the characteristics of the products and services being offered. PPSIs may need to consider, among other factors, the type of entity seeking to establish a customer relationship, the jurisdiction in which they are domiciled, the AML/CFT obligations they are subject to (and potentially the rigor of supervisory oversight of those obligations), the customer's operating history, the services the customer offers to its users, the markets that the customer serves, and the agents or intermediaries through which the customer may provide its services. Such business, product, ( printed page 18601) service, and geographic risk considerations are well established components of existing BSA programs. PPSIs may also need to consider information more narrowly tailored to the stablecoin market, including both information available from public blockchains and relevant off-chain considerations. Notably, as stated above, FinCEN assesses that the majority of illicit activity involving stablecoins occurs on the secondary market. [182 ] Although the proposed rule would not impose a standalone, independent obligation on a PPSI to monitor secondary market transactions, consideration of such activity may be appropriate in the PPSI's development and maintenance of a customer risk profile (e.g., public blockchains may indicate that a digital assets exchange that is a PPSI customer is engaged in deposits or withdrawal activity of the PPSI's stablecoin with addresses attributed to illicit actors).

b. Proposed 31 CFR 1033.210(b)(2) —Independent Testing

The purpose of independent testing is to assess the PPSI's compliance with AML/CFT statutory and regulatory requirements, relative to its risk profile. This evaluation helps to inform the PPSI of weaknesses or areas in need of enhancement or stronger controls. Typically, this evaluation includes a conclusion about the PPSI's overall compliance with AML/CFT statutory and regulatory requirements and sufficient information for the reviewer (e.g., board of directors, senior management, AML/CFT officer, outside auditor, or an examiner) to reach a conclusion about whether the risk-based set of internal policies, procedures, and controls are reasonably designed and resources are well-allocated consistent with the PPSI's risk assessment processes.

Additionally, while PPSIs retain some flexibility regarding who conducts the audit or testing, the proposed rule would require that testing be independent. PPSIs that do not employ outside auditors or consultants or that do not have internal audit departments may comply with this requirement by using internal staff who are not involved in the function being tested. For these PPSIs and PPSIs with other types of arrangements for independent testing, the AML/CFT officer or any party who directly, and in some cases, indirectly reports to the AML/CFT officer, or an equivalent role, would generally not be considered sufficiently independent. Any individual conducting the testing, whether internal or external, would be required to be independent of other parts of the PPSI's AML/CFT program, including its oversight. For PPSIs that engage outside auditors or consultants, the PPSI would be required to ensure that the outside parties conducting the independent testing are not involved in functions related to the AML/CFT program at the PPSI that may present a conflict of interest or lack of independence, such as AML/CFT training or the development or enhancement of internal policies, procedures, and controls. Additionally, for the purposes of the independent testing component, outside parties would not include government agencies, entities, or instrumentalities, such as a PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator. PPSIs with less complex operations, and lower risk profiles may consider utilizing a shared resource as part of a collaborative arrangement to conduct testing, as long as the testing is independent. [183 ] FinCEN would generally expect, as with the AML/CFT officer component, independent testers to have the expertise and experience to satisfactorily perform such a duty, including having sufficient knowledge of the PPSI's risk profile and AML/CFT laws and regulations.

c. Proposed 31 CFR 1033.210(b)(3) —Designate an AML/CFT Officer

Under the GENIUS Act and the BSA, an “officer” oversees an AML/CFT program. [184 ]

1. Proposed 31 CFR 1033.210(b)(3)(iii) —Duties of the AML/CFT Officer

Proposed § 1033.210(b)(3)(iii) would require PPSIs to designate an individual (referred to as an AML/CFT officer) responsible for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance with the requirements and prohibitions of the BSA and FinCEN's implementing regulations. FinCEN's view is that the individual serving as the AML/CFT officer must be qualified for that role and not overburdened with other responsibilities at the institution.

The proposed rule is not intended to be primarily concerned about the formal title of the individual responsible for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance; instead, the proposed rule focuses on the AML/CFT officer's position in the PPSI's organizational structure that enables the AML/CFT officer to effectively establish and implement the PPSI's AML/CFT program. The AML/CFT officer's authority, independence, and access to resources within the PPSI are critical. An AML/CFT officer should have decision-making capability regarding the AML/CFT program and sufficient functional stature within the organization to ensure that the program meets BSA requirements.

The AML/CFT officer's access to resources may include the following: adequate compliance funds and staffing with the skills and expertise appropriate to the PPSI's risk profile, size, and complexity; an organizational structure that supports compliance and effectiveness; and sufficient technology and systems to support the timely identification, measurement, monitoring, reporting, and management of the PPSI's ML/TF risks. An AML/CFT officer with conflicting responsibilities that adversely impact the officer's ability to effectively coordinate and monitor day-to-day AML/CFT compliance generally would not fulfill this requirement.

2. Proposed 31 CFR 1033.210(b)(3)(i) and (ii) —The AML/CFT Officer Located in the United States and Accessible to Regulators

Proposed § 1033.210(b)(3)(i) and (ii) would require a PPSI's AML/CFT officer be located in the United States and accessible to, and subject to oversight and supervision by FinCEN and its designee. Under the proposed rule, while the AML/CFT officer must be located in the United States, personnel located outside of the United States would still be permitted to perform certain AML/CFT functions. This language does not alter existing regulations and guidance that generally prohibit the sharing of SARs with personnel located outside of the United States other than limited circumstances such as a bank's foreign head office or controlling company. [185 ]

( printed page 18602)

3. Proposed 31 CFR 1033.210(b)(3)(iv) —Restriction on Officers With Felony Convictions

Under the GENIUS Act, PPSIs must designate an “officer” to supervise its AML/CFT program. [186 ] This GENIUS Act provision reflects the BSA requirement that a financial institution designate a “compliance officer” for its AML/CFT program. [187 ] The GENIUS Act further provides that no individual who has been convicted of a “felony offense involving insider trading, embezzlement, cybercrime, money laundering, financing of terrorism, or financial fraud” may serve as an “officer” or director of a PPSI. [188 ]

Given the use of the term “officer” in the GENIUS Act's prohibition on individuals being convicted of felonies involving certain activity and the use of the same term in the GENIUS Act and BSA provisions regarding AML/CFT programs, FinCEN proposes to apply this restriction to AML/CFT officers and, accordingly, is proposing adding this requirement to the AML/CFT program's provision relating to the individual responsible for overseeing the AML/CFT program. FinCEN expects PPSIs would ensure an individual does not have a disqualifying felony prior to designating an individual as responsible for the AML/CFT program, as well as require the individual to report any such conviction and monitor for whether the individual receives such a conviction.

d. Proposed 31 CFR 1033.210(b)(4) —Ongoing Employee Training Program

The BSA requires AML/CFT programs to include an “ongoing employee training program.” [189 ] Proposed § 1033.210(b)(4) would require PPSIs establish an ongoing employee training program. FinCEN would generally expect training to cover the PPSI's internal policies, procedures, and controls, which should in turn reflect the results of the PPSI's risk assessment processes, the latest AML/CFT regulatory requirements, and other relevant information. The frequency with which the training would occur, and the content of the training, would depend on the PPSI's ML/TF risk profile and the roles and responsibilities of the persons receiving the training.

iii. Proposed 31 CFR 1033.210(d) —Written AML/CFT Program and Approval

Proposed § 1033.210(d) would require that a PPSI's AML/CFT program be written, and that a PPSI, upon request, make available a copy of its written AML/CFT program to FinCEN or its designee, which can include the appropriate agency with examination authorities delegated by FinCEN. [190 ]

Proposed § 1033.210(d) would also require that a PPSI's written AML/CFT program be approved by the PPSI's board of directors or an equivalent governing body within the PPSI, or appropriate senior management. The proposed rule specifies that approval encompasses each of the components of the AML/CFT program.

The proposed rule provides PPSIs with significant flexibility in its chosen approval method. While some PPSIs may choose to have its board approve the written AML/CFT program, for others, an equivalent governing body might be a sole proprietor, general partner, or trustee, or a grouping of owners, senior officers (including board committees or other groups with oversight responsibilities), senior management, or other persons having functions and authority similar to that of a board.

The proposed rule's provision requiring the approval of the AML/CFT program by a PPSI's board of directors, equivalent body, or appropriate senior management reflects the importance of PPSIs maintaining a strong culture of compliance. A culture of compliance involves demonstrable support and visible commitment from leadership, the dedication of adequate resources to AML/CFT compliance, effective information sharing throughout the PPSI, qualified and independent testing, and understanding across leadership and staff levels of the importance of BSA reports. Adherence to these principles is critical to ensuring that AML/CFT programs are effective.

iv. Proposed 31 CFR 1033.210(e) —AML/CFT Program Certifications

The proposed rule would also require PPSIs to make available to FinCEN, or its designee, upon request any and all certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying that the PPSI has implemented an AML/CFT program. [191 ] While the GENIUS Act specifies that the primary Federal payment stablecoin regulator or State payment stablecoin regulator shall make this certification available upon Treasury request, FinCEN's authority under the BSA also enables it to require PPSIs to provide a copy of such certifications to FinCEN as part of FinCEN's efforts to ensure compliance with the BSA. [192 ]

4. Proposed 31 CFR 1033.221 —Supervision and Enforcement

As previously noted, FinCEN is proposing delegating authority to examine PPSIs for compliance with the proposed rules to the primary Federal payment stablecoin regulators. [193 ] In another rulemaking, FinCEN has proposed that where it has delegated its examination authority to the OCC, Board, FDIC, and NCUA (the “Agencies”), those Agencies be required to consult with FinCEN prior to taking significant AML/CFT supervisory actions and outlined FinCEN's own considerations in determining when it will take certain enforcement actions. The proposal also outlined that a bank would only be subject to certain kinds of enforcement actions and significant supervisory actions for significant and systemic failures to implement an AML/CFT program. In that proposal, FinCEN requested comments on whether the framework outlined in the proposal should be extended to financial institutions beyond banks.

The GENIUS Act similarly identifies these Agencies—the OCC, Board, FDIC, and NCUA—as primary Federal payment stablecoin regulators for certain PPSIs as discussed in section VI.C.2.ii. Additionally, as discussed in section IV, some stablecoin issuers engage in certain activities that are similar to those of banks. Accordingly, in light of the same Agencies that serve as the primary Federal payment stablecoin regulators and certain similarities in activities as banks, FinCEN proposes to set forth a supervision and enforcement framework that would subject PPSIs to the same framework proposed for banks. Specifically, the proposed rule would add § 1033.221 to set forth a supervision and enforcement framework for PPSIs' AML/CFT programs that is aligned with the AML Act's emphasis on effectiveness and risk-based supervision. This proposal includes three elements: the first defining key terms; the second outlining when FinCEN or the primary Federal payment stablecoin regulators would take enforcement or supervisory action regarding certain kinds of AML/CFT ( printed page 18603) program violations; and the third outlining when the primary Federal payment stablecoin regulators would consult with FinCEN on potential supervisory actions. FinCEN welcomes comment on whether this supervisory and enforcement framework should apply to PPSIs, as well as the consultation proposal. The enforcement requirements do not apply to and in no way affect criminal enforcement liability under the BSA.

i. Proposed 31 CFR 1033.221(a) —Definitions

Proposed § 1033.221(a) would define several terms used throughout the section.

The term “AML/CFT enforcement action” as proposed in § 1033.221(a)(1) would mean any formal or informal action taken by FinCEN that seeks to penalize, remedy, prevent, or respond to noncompliance with past or ongoing violations of, or past or ongoing deficiencies relating to, an AML/CFT requirement.

The term “AML/CFT requirement” as proposed in § 1033.221(a)(2) would mean a requirement of the BSA, 12 U.S.C. 5903(a)(5)(A)(i)-(v), 12 U.S.C. 5903(a)(6)(B), 12 U.S.C. 5903(f)(1)(A), or 31 CFR chapter X.

The term “significant AML/CFT supervisory action” as proposed in § 1033.221(a)(3) would mean any written communication or other formal supervisory determination issued by FinCEN or a primary Federal payment stablecoin regulator, when acting under supervisory authority delegated by FinCEN, that identifies one or more alleged deficiencies, weaknesses, violations of law, or unsafe or unsound practices or conditions relating to an AML/CFT requirement; communicates supervisory expectations regarding actions or remedial measures required to correct the issue; and contemplates significant or programmatic actions or remedial measures to be taken by the PPSI. Examiner observations, suggestions, or other informal comments would be expressly excluded from this definition.

ii. Proposed 31 CFR 1033.221(b) —Enforcement and Supervision Policy

Proposed § 1033.221(b) would articulate FinCEN's enforcement and supervision policy as it relates to AML/CFT requirements for PPSIs. [194 ] Except with respect to a significant or systemic failure to implement an effective AML/CFT program (i.e., deficiencies or issues that arise from failing to implement, in all material respects, a properly established AML/CFT program), a PPSI that has properly established an AML/CFT program would not be subject to an AML/CFT enforcement action based on a violation of proposed § 1033.210 by FinCEN or to a significant AML/CFT supervisory action based on a violation of proposed § 1033.210 by FinCEN or by a primary Federal payment stablecoin regulator, when acting under supervisory authority delegated by FinCEN.

The proposed rule would clarify that nothing in this policy would restrict an AML/CFT enforcement action or a significant AML/CFT supervisory action with respect to a failure to properly establish an AML/CFT program. Moreover, the proposed rule would not affect the factors that FinCEN applies in the disposition of a violation once FinCEN has determined that such violation involves either: (1) a failure to properly establish an AML/CFT program, or (2) a significant or systemic failure to implement an AML/CFT program. [195 ]

iii. Proposed 31 CFR 1033.221(c) and (d) —FinCEN Consultation and Consideration

Proposed § 1033.221(c) would establish a notice and consultation framework applicable when a primary Federal payment stablecoin regulator, acting under supervisory authority delegated by FinCEN, intend to initiate a significant AML/CFT supervisory action. Before initiating such an action, the primary Federal payment stablecoin regulator would be required to provide the Director of FinCEN with an opportunity to review the action and consider any input offered by the Director, which may include any view as to the effectiveness of the PPSI's AML/CFT program. To facilitate that review, the primary Federal payment stablecoin regulator would be required to provide written notice to the Director of their intent to take the action at least 30 days in advance of the proposed action, unless a shorter period is necessary, in the sole discretion of the primary Federal payment stablecoin regulators, to remedy, prevent, or respond to an unsafe or unsound practice or condition.

The notice would be accompanied by the relevant AML/CFT information underlying the proposed action. Relevant AML/CFT information may include, but is not limited to: the relevant portions of the draft report enforcement action; the relevant examination workpapers supporting the proposed action and the relevant AML/CFT information submitted by the PPSI to the primary Federal payment stablecoin regulator. FinCEN notes the primary Federal payment stablecoin regulators would not be obligated to provide information over which the PPSI may claim privilege under Federal or State law. The primary Federal payment stablecoin regulators would also be required to respond to requests for additional AML/CFT information from the Director regarding the proposed action.

Finally, proposed § 1033.221(d) specifies the factors that the Director of FinCEN would consider in determining whether to take an enforcement action or significant supervisory action with respect to PPSIs, or when reviewing a proposed action by a primary Federal payment stablecoin regulator. These factors would include the factors set forth in 31 U.S.C. 5318(h)(2)(B), as applicable; the extent, if any, to which the PPSI—where appropriate in light of its size, complexity, and risk profile—has advanced the AML/CFT Priorities by providing highly useful information to law enforcement or national security officials, conducting proactive analytics or performing other innovative activities producing demonstrable outputs evincing the effectiveness of the PPSI's AML/CFT program (including effective use of artificial intelligence, federated learning, or other advanced monitoring tools); and any other factor the Director deems appropriate, including the PPSI's size, complexity, and risk profile, and, as relevant, circumstances in which the PPSI's low-risk customers or limited business activities naturally limit the extent to which the PPSI can meaningfully contribute to AML/CFT Priorities.

The FinCEN Director's consideration of the extent to which a PPSI has provided highly useful information to law enforcement or national security agencies reflects that FinCEN considers information sharing to be an important element of an effective AML/CFT program. PPSIs may share useful information by responding to 314(a) requests, or may use 314(b) authorities to share information with other financial institutions to identify and report to the federal government activities that may involve ML/TF. PPSIs may also elect to participate in the FinCEN Exchange Program, a voluntary public-private information sharing partnership among FinCEN, law enforcement agencies, national security ( printed page 18604) agencies, and financial institutions and other private sector entities that aims to support priority national security and counter-illicit finance objectives. [196 ] FinCEN strongly encourages information sharing for the purpose of advancing the AML/CFT Priorities.

The Director of FinCEN may consider the above alongside other factors, including those outlined in the FinCEN Statement on Enforcement of the Bank Secrecy Act, such as the nature and seriousness of violations, including the extent of possible harm to the public and amounts involved; impact or harm of the violations on FinCEN's mission to safeguard the financial system from illicit use, combat money laundering, and promote national security; or financial gain or other benefit resulting from, or attributable to, the violations, amongst others. [197 ]

5. Proposed Amendment to 31 CFR 1010.230 —Collection of Beneficial Ownership Information

FinCEN is proposing to require PPSIs to collect beneficial ownership information about legal entity customers, which is critical for a PPSI to effectively carry out its due diligence obligations as provided in the GENIUS Act. [198 ] This proposed obligation is effectuated through FinCEN's proposed AML/CFT program obligation, its proposed amendment to § 1010.605(e)(1), and its proposed amendment to § 1010.230(b)(2) and (c). [199 ] Collecting information on legal entity customers helps a financial institution assess and mitigate risk, as well as the ability of law enforcement to identify assets and accounts connected with illicit activity. FinCEN is not contemplating application of CDD to secondary market activity. Accordingly, FinCEN is not extending the collection of beneficial ownership information to secondary market activity.

Pursuant to § 1010.230(a) “covered financial institutions” are required “to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures in their anti-money laundering compliance program required under 31 U.S.C. 5318(h) and its implementing regulations.” Section 1010.230(f) defines “covered financial institution” for purposes of the section by referencing § 1010.605(e)(1), to which FinCEN is proposing to add PPSIs.

Section 1010.230 provides further specificity on the kinds of procedures that must be established and maintained and the meaning of account, including in § 1010.230(b)(2) and (c). For financial institutions currently required to collect beneficial ownership information, § 1010.230(b)(2) and (c) reference the customer identification program regulation in the respective parts for those institutions. Given that no such regulation currently exists for PPSIs, FinCEN proposes language generally describing identification verification procedures and the meaning of account. More specifically, FinCEN is currently proposing requiring procedures relating to verifying the identity of beneficial owners that would contain the same elements as 31 CFR 1022.220(a)(2), the customer identification program rule for banks. FinCEN proposes that in explaining the meaning of account in § 1010.230(c), FinCEN clarify that for PPSIs an account is a formal relationship between a customer and a permitted payment stablecoin issuer established to provide or engage in services, dealings, or other financial transactions. FinCEN anticipates further modifications to its proposed language based on its expected forthcoming rulemaking implementing the GENIUS Act's requirement that PPSIs maintain customer identification programs. [200 ] Ultimately, FinCEN expects the requirement under § 1010.230 for PPSIs will closely adhere to existing BSA requirements that apply to many other types of financial institutions, including banks.

6. Proposed 31 CFR 1033.240 —Additional Technical Capabilities, Policies, and Procedures for PPSIs

The GENIUS Act requires that PPSIs have “technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations.” [201 ] The GENIUS Act also requires that PPSIs “issue payment stablecoins only if the issuer has the technological capability to comply, and will comply, with the terms of any lawful order.” [202 ] FinCEN assesses that these obligations are distinct but complementary and, accordingly, proposes implementing both requirements at § 1033.240, categorized as additional technical capabilities, policies, and procedures for PPSIs. Paragraph (a) would implement the block, freeze, and reject requirement and paragraph (b) would implement the lawful order requirement. Both obligations would apply to secondary market activity. Additionally, the obligations would also apply where a PPSI is authorized by its primary Federal payment stablecoin regulator or State payment stablecoin regulator to engage in digital assert service provider activities. [203 ]

Although both of these requirements will be unique obligations under chapter X, FinCEN expects that some stablecoin issuers may have in place technical capabilities and policies and procedures relating to taking action regarding impermissible transactions and adhering to lawful orders because of existing legal requirements, including complying with OFAC sanctions and court orders.

i. Proposed 31 CFR 1033.240(a) —Obligations Relating to Blocking, Freezing, and Rejecting Certain Transactions

The proposed rule would effectuate the GENIUS Act's directive that PPSIs have technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations by proposing to promulgate the same language used in the GENIUS Act, with additional language clarifying that this obligation extends beyond a PPSI's customers and accounts, i.e., to secondary market activity.

FinCEN recognizes that some stablecoin issuers are currently able to block, freeze, or reject transactions involving their stablecoin by programming the stablecoin's smart contracts. Stablecoin issuers leverage this capability on secondary as well as primary market activity. Some stablecoin issuers use the programmability afforded in smart contracts to ban specific wallet addresses from interacting with stablecoin smart contracts, effectively “freezing” the stablecoins held at those addresses, or to permanently remove stablecoins from circulation (i.e., “burning” them). ( printed page 18605)

The proposed rule neither prescribes how PPSIs should implement the technical capability requirement nor the policies and procedures that are specifically required to meet the proposed obligation. FinCEN considered providing more prescriptive regulatory text, but has preliminary assessed that PPSIs are best positioned to determine how to effectively and efficiently comply with the obligation, particularly in light of potential technological changes. Accordingly, the proposal provides PPSIs the flexibility to use various methods to meet the proposed obligation and account for the development and implementation of new technology.

The proposed rule, consistent with the GENIUS Act, would require PPSIs to have the infrastructure necessary to block, freeze, and reject transactions, but does not identify in which instances PPSIs are required to act on those capabilities. Put differently, this provision would not require a PPSI to make an independent determination that a transaction violates federal or state law. Instead, the use of technological capabilities will be dictated by other federal or state laws, rules, or regulations, as well as court orders, some of which will require PPSIs to take action with regards to transactions occurring on the secondary market. For example, as discussed in section V.B, U.S. sanctions administered by OFAC are a strict liability regime, meaning that U.S. persons, including PPSIs, may be held civilly liable for sanctions violations even without having knowledge or reason to know that it was engaging in such a violation. As such, PPSI's technical capabilities, policies, and procedures should account for identifying and blocking or rejecting payment stablecoin-related transactions that would violate U.S. sanctions, including to identify and block stablecoins that are issued to or redeemed by blocked persons. This would also require PPSIs to have technical capabilities, policies, and procedures to identify and block stablecoins traded by blocked persons on the secondary market when PPSIs exercise possession or control of such stablecoins, including through smart contracts. Federal or state court or administrative orders may also require a PPSI to act on its block, freeze, and reject capabilities—including transactions occurring on the secondary market—which should be accounted for in policies and procedures, as well as technical capabilities.

Because these sources of law may require PPSIs to take action on secondary market transactions, PPSIs would be expected to have the technical capabilities, policies, and procedures for both primary and secondary market activity. FinCEN believes extending these provisions to secondary market activity is consistent with the GENIUS Act, as well as critical to controlling illicit finance risk associated with PPSI activity. Imposing this obligation only on primary market activity would be of limited utility, as FinCEN assesses that PPSIs currently have a small number of large, generally institutional customers. FinCEN assesses that most of the illicit activity involving stablecoins occurs on the secondary market, and it is critical that PPSIs operating in the U.S. implement these obligations to protect U.S. national security and the U.S. financial system.

Notwithstanding the requirement to maintain technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations, a PPSI would not be required to block, freeze, or reject a transaction when it is under no legal obligation to take action and this proposal would not require PPSIs to maintain separate internal policies, procedures, or controls as part of required AML/CFT programs to monitor secondary market activity independent of other obligations.

FinCEN welcomes comment on this proposal, including its approach, its clarity, and whether it should provide greater specificity.

ii. Proposed 31 CFR 1033.240(b) —Obligations Relating to Lawful Order Compliance and Technical Capabilities

Proposed § 1033.240(b) would implement the GENIUS Act's requirement that a PPSI “may issue payment stablecoins only if the issuer has the technological ability to comply, and will comply, with the terms of any lawful order.” [204 ] A lawful order as defined by the GENIUS Act and FinCEN's proposal, is—in part—an order that specifies with reasonable particularity a payment stablecoin or account and requires a person to seize, freeze, burn, or prevent the transfer of payment stablecoins it issued. [205 ]

FinCEN is proposing to promulgate this obligation by closely adhering to the GENIUS Act's precise language, but with some clarifying modifications. Proposed § 1033.240(b) would reflect that the GENIUS Act obligation related to lawful orders is ongoing rather than only in existence at the time a stablecoin is issued, which FinCEN believes is both consistent with the GENIUS Act and necessary for the obligation to be meaningful. As with the obligation to have technical capabilities and policies and procedures to block, freeze, and reject impermissible transactions, FinCEN proposes to include some language clarifying that PPSIs must account for and abide by lawful orders requiring them to take action with regards to the secondary market, but does not intend to provide prescriptive regulatory text relating to technological capabilities, providing PPSIs the flexibility to use various methods to meet the proposed obligation and account for the development and implementation of new technology.

As previously described, FinCEN proposes promulgating the term “lawful order” as provided in the GENIUS Act, with limited modifications to account for existing regulatory language. The GENIUS Act does not define terms used within that definition, including the word “burn” and “account.” FinCEN believes that “burn” is generally understood in the industry and by law enforcement to mean taking action such that the payment stablecoin is permanently removed from circulation, which can be effected through different tactics. Further, FinCEN is aware that lawful orders often specify particular addresses or wallets for which an issuer is under obligation to take action, and assess such addresses fall within the meaning of “account” for purposes of this provision. FinCEN has not proposed regulatory text defining either “burn” or “account” for the purposes of lawful orders, but requests comment on that approach.

Under this obligation, PPSIs would be required to consider and comply with all terms contained in lawful orders. For example, a quintessential type of lawful order, assuming it meets the GENIUS Act's requirements, would be a seizure warrant. [206 ] Those warrants frequently include requirements to respond within a certain amount of time and prohibitions on frustrating the implementation of the warrant. Additionally, with some regularity, Federal court orders require stablecoin ( printed page 18606) issuers to burn and reissue an equivalent amount of stablecoins to a government-controlled wallet. Having the technical capabilities and complying with terms such as these would be part of a PPSI's obligations under proposed § 1033.240(b). FinCEN recognizes that over time the terms contained in lawful orders might change and would expect that as a PPSI learns of new lawful order terms, such terms will be incorporated into its lawful order compliance processes.

As with the requirement to have technical capabilities and policies and procedures relating to blocking, freezing, and rejecting impermissible transactions, this obligation would apply to any lawful order, including lawful orders that relate to primary or secondary market activity. FinCEN believes the vast majority of lawful orders currently relate to secondary market activity and are likely to continue to do so in the future. FinCEN proposes promulgating language that would make clear the lawful order obligations extend to secondary market activity. Public law enforcement cases demonstrate the value of stablecoin issuers having the capability to comply with lawful orders and carry out actions to seize, freeze, and burn or prevent the transfer of their stablecoins in secondary market transactions. Law enforcement has used lawful orders to seize hundreds of millions of dollars' worth of stablecoins involved in illicit activity. [207 ]

FinCEN welcome comment on this proposal, including its approach, its clarity, and whether it should provide greater specificity.

7. Proposed 31 CFR 1033.310 Through 1033.315 —Reports of Transactions in Currency

Beyond suspicious activity reporting, the GENIUS Act does not specify additional reporting obligations to be imposed on PPSIs. The BSA authorizes FinCEN to promulgate regulations requiring financial institutions to file reports when they participate in certain types of financial transactions. [208 ] Pursuant to this authority, 31 CFR 1010.310 through 1010.314 requires “financial institutions” (other than casinos) to file currency transaction reports (CTRs) for “each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000,” unless subject to an applicable exemption. [209 ] FinCEN proposes applying the CTR reporting provisions to PPSIs through proposed §§ 1033.310 through 1033.315, which would cross reference corresponding provisions in §§ 1010.310 through 1010.315.

Application of §§ 1010.310 through 1010.315 would not require reporting of transactions in payment stablecoins. As defined in § 1010.100(bbb)(2), for the purposes of provisions related solely to the report required by §§ 1010.311 and 1010.313, the term “transaction in currency” means a transaction involving the physical transfer of currency from one person to another. Moreover, the definition of “currency,” as defined in § 1010.100(m), does not include a payment stablecoin, and thus, §§ 1033.310 through 1033.314 do not require reports of transactions in payment stablecoins. [210 ] This approach is consistent with § 1010.100(bbb)(2) which also states that a physical transfer of currency does not include bank checks, bank drafts, wire transfers or other written orders.

FinCEN recognizes that, presently, stablecoin issuers rarely transact in physical transfers of currency. FinCEN nevertheless considers it prudent to allow for the possibility that this could change, with PPSI activity expanding to encompass retail, brick-and-mortar locations where currency could be used, or even kiosks that resemble automated teller machines (ATMs). [211 ] If such an expansion does occur, FinCEN considers it prudent to adopt CTR obligations for PPSIs as it assesses that PPSIs should be subject to the same currency reporting obligations as most other financial institutions as cash enables anonymous, difficult to trace transactions. If a PPSI does not transact in physical transfers of currency, the PPSI would, of course, not file CTRs and would not be expected to create policies and procedures relating to the filing obligation.

FinCEN's proposal would require PPSIs to comply with the series of provisions comprising CTR obligations. The threshold in § 1010.311 applies to transactions in currency of more than $10,000 conducted during a single business day. Section 1010.312 specifies when a financial institution is required to verify and record information about an individual conducting a reportable transaction or on whose behalf the transaction is conducted. Under § 1010.313 a financial institution must treat multiple transactions conducted in one business day as a single transaction if the financial institution has knowledge that the transactions are conducted by, or on behalf of, the same person. And § 1010.314 outlines the prohibition on structuring transactions to avoid the reporting requirement. Finally, § 1010.315 exempts non-bank financial institutions from filing reports with respect to transactions between the institution and a commercial bank. Where a PPSI is also a bank, this exemption and not the exemptions applicable to banks would control. FinCEN does not believe it is necessary to clarify in the regulatory text that when an entity is acting as a PPSI, the non-bank exemptions apply. Notably, banks can avail themselves of a greater number of CTR exemptions, [212 ] and FinCEN welcomes feedback on whether additional exemptions are appropriate for PPSIs.

8. Proposed 31 CFR 1033.320 —Reports of Suspicious Transactions

The GENIUS Act explicitly requires PPSIs to be subject to BSA requirements relating to “monitoring and reporting of any suspicious transaction relevant to a possible violation of law or regulation.” [213 ] Under the BSA, FinCEN has authority to require any financial institution to “report any suspicious transaction relevant to a possible violation of law or regulation.” [214 ] Nearly all financial institutions subject to FinCEN regulations are required to identify and report suspicious activity. [215 ] These reports provide highly useful information that is leveraged by authorized users as part of criminal, tax, and regulatory investigations; risk assessments; and intelligence and counterintelligence activities. [216 ]

( printed page 18607) This proposed rule would promulgate at § 1033.320 a requirement that PPSIs file SARs for any suspicious transaction relevant to a possible violation of law or regulation. FinCEN expects that requiring PPSIs to report suspicious activity would similarly provide highly useful information for investigations and proceedings involving domestic and international money laundering, terrorist financing, and other illicit finance activity, as well as for intelligence purposes. The proposed requirement is generally consistent with the existing SAR filing requirements for stablecoin issuers regulated as MSBs, as well as other financial institutions with SAR filing requirements.

i. PPSI SAR Obligation With Regards to Secondary Market Activity

FinCEN recognizes that the majority of illicit finance involving payment stablecoins occurs on the secondary market. FinCEN also recognizes that certain aspects of how PPSIs and payment stablecoins operate could raise questions about the appropriate scope of SAR obligations relating to secondary market activity. Specifically, due to the nature of how transactions occur on the secondary market via smart contract, a PPSI can see the movement of its payment stablecoin even when the transfer occurs between individuals or entities with which the PPSI has no established direct customer relationship and when the PPSI is not a party to the transfer other than via operation of its smart contracts.

PPSIs may have less information on secondary market transactions than on primary market transactions. When a payment stablecoin transfer occurs in the secondary market, generally, the PPSI's interaction with the transfer is through the smart contract. When such a transfer occurs in the normal course of business, while the PPSI may be privy to certain information for secondary market transactions, such information may not be highly useful for SAR reporting purposes. For example, in many cases the information would not enable a PPSI to make an informed assessment of the transfer for SAR reporting purposes. At times, a PPSI could not identify an actor behind a secondary market transaction. PPSIs, like other financial institutions and law enforcement, can rely on the blockchain and analytical tools to gain greater insight into the risk associated with a particular transfer, but the PPSI may have limited distinct insight particularly as to the parties associated with, or the purpose of, the transfer. As such, the information available to PPSIs may present challenges as to how and when they are able to identify and report suspicious activity for secondary market transactions. SARs conveying only limited information are less useful to regulators and law enforcement.

Relatedly, at times, secondary market transfers for which PPSIs have some visibility due to the smart contract may be subject to more ready observation by other BSA-regulated institutions or foreign financial institutions subject to reporting obligations. Such institutions may be better positioned to assess the suspiciousness of a transaction and may be obligated to collect identifying information associated with a transfer, which can be reported via a SAR as appropriate.

Still, there may be instances in which a PPSI has reason to suspect that a transaction is related to criminal activity or has no business or apparent lawful purpose and, thus, could be required to report the activity. PPSIs may also suspect suspicious activity based on public information, information from other compliance efforts, or other information sources. FinCEN also understands that some PPSIs currently devote resources to monitoring secondary market activity to identify illicit finance risks.

FinCEN has preliminarily assessed that the burden of requiring PPSIs to file SARs concerning secondary market activity would potentially outweigh the likely benefits. The requirement would essentially require global monitoring of transfers but could result in SARs containing minimal information. While in some instances, FinCEN expects the reporting could net highly useful information, particularly where the transfers do not occur through BSA-regulated institutions, FinCEN preliminarily has determined that the substantial burden imposed would outweigh the potential benefit it reasonably anticipates could be gained from requiring such reporting. Moreover, a blanket obligation to report suspicious activity on secondary market transactions could lead to PPSIs being overly cautious and filing a substantial number of defensive SARs to avoid criticism from examiners about underreporting. Such defensive SARs can have little value for law enforcement and other users attempting to combat illicit finance.

Accordingly, this proposal does not impose a secondary market SAR reporting obligation. However, consistent with FinCEN's longstanding position, a PPSI would be afforded the protections from liability provided by the BSA for any SAR voluntarily filed reporting a possible violation of law or regulation in good faith. [217 ] To ensure clarity regarding the SAR reporting obligation, FinCEN proposes adding a new paragraph, § 1033.320(g), to clarify that, for purposes of the SAR obligation, a transfer is not a “transaction” conducted or attempted by, at, or through a PPSI only due to an interaction with a smart contract. This language should not be construed as changing or opining on SAR regulations applicable to other types of financial institutions.

FinCEN considered alternatives that would have instead imposed limited secondary market SAR reporting obligations. For example, FinCEN considered a SAR obligation where a PPSI has reason to know a transaction to which it is not a party is designed to evade a lawful order. FinCEN also considered, requiring a PPSI to file a SAR when it is notified in some way, such as through an order, legal process, or via an information sharing channel, that authorities suspect a transfer is associated with illicit activity. But FinCEN assesses that SAR reporting where authorities are aware of suspicious activity and alert a PPSI to activity is of limited utility relative to the reporting burden. FinCEN also considered imposing a SAR obligation when a PPSI learns through any means, such as part of its secondary market risk monitoring, that a secondary market transfer is suspicious. But, as discussed above, FinCEN assesses such an obligation would outweigh the benefit accrued from the obligation due to, among other things, the information available to the PPSI.

FinCEN, however, seeks comment on its preliminary determination that PPSIs should not be obligated to provide SAR reporting on the secondary market. It also seeks comment on whether its proposed regulatory text relating to secondary market activity provides sufficiently clear and accurate guardrails. FinCEN seeks comment on policy alternatives (including the imposition of limited, bespoke reporting obligations about secondary market transfers) and the benefits and drawbacks of such alternatives as well. For any such bespoke SAR obligation recommended, FinCEN requests commenters elaborate on the kinds of information a PPSI could reasonably be expected to provide based on current or expected technical and operational capabilities, the uniqueness of such information (i.e., commenters should ( printed page 18608) identify the useful information a PPSI could provide about secondary market transfers that could not be readily obtained from other sources).

ii. Proposed 31 CFR 1033.320(a) —Reports by PPSIs of Suspicious Transactions

Proposed § 1033.320(a) sets forth the criteria for which a PPSI would be obligated to report suspicious transactions that are conducted or attempted by, at, or through a PPSI and involve or aggregate at least $5,000 in funds or other assets.

Proposed § 1033.320(a)(1) contains the general statement of the obligation to file reports of suspicious transactions, including that transactions must be reported if conducted or attempted by, at, or through a PPSI. FinCEN proposes referencing a clarification to be codified in § 1033.320(g) on the meaning of “transaction” for the PPSI SAR reporting obligation, which as proposed would state that “A transaction is not conducted or attempted by, at, or through a permitted payment stablecoin issuer only because a transfer by third parties results in an interaction with a permitted payment stablecoin issuer's smart contract.” To clarify that the proposed rule imposes a reporting requirement that is consistent with those for other financial institutions, § 1033.320(a)(1) incorporates language from the SAR rules applicable to other financial institutions, such as banks, broker-dealers in securities, mutual funds, casinos, and MSBs, including clarifying that the SAR reporting obligations relates not only to discrete transactions but also to patterns of transactions that in aggregate are suspicious and meet the reporting threshold.

Proposed § 1033.330(a)(1) makes clear that a PPSI is permitted to report voluntarily any transaction the PPSI believes is relevant to the possible violation of any law or regulation but that is not otherwise required to be reported by this proposed rule. Thus, the rule would afford PPSIs the protection from liability for the voluntary reporting of such suspicious transactions, including those occurring on the secondary market.

Proposed § 1033.320(a)(2) would require the reporting of suspicious activity that involves or aggregates at least $5,000 in funds or other assets. The $5,000 threshold in this proposed rule is consistent with the SAR filing requirements for most other financial institutions. [218 ] Currently, stablecoin issuers regulated as MSBs have SAR filing obligations at the monetary threshold of $2,000. [219 ] FinCEN proposes the $5,000 monetary threshold for PPSIs because $5,000 is the reporting threshold that FinCEN's regulations use for financial institution types that are subject to customer identification program requirements, and the GENIUS Act requires PPSIs to have customer identification programs. [220 ] The $2,000 threshold for MSBs was established in a March 2000 final rule, which highlighted specific characteristics for MSBs that do not apply in the PPSI context. In particular, the final rule explained that the threshold for MSBs was less than several other financial institution types due to the relationship between transmitters and their agents; a desire to account for transfers below the existing $3,000 recordkeeping requirement with respect to funds transfers conducted through MSBs; the fact that BSA regulations for MSBs were new and existing state-level regulations were uneven; and feedback from law enforcement about serious abuse of money transmission at levels below $2,000. [221 ] The proposed $5,000 threshold takes into account the current status of the payment stablecoin ecosystems, where primary market transactions below $5,000 are rare; the lack of transmitter/agent relationships in the PPSI ecosystem; and the required imposition of customer identification program obligations on PPSIs.

Section 1033.320(a)(2)(i) through (iv) specifies that a PPSI would be required to report a transaction if it knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part): (i) involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity as a part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation; (ii) is designed, whether through structuring or other means, to evade the requirements of the BSA; (iii) has no business or apparent lawful purpose, and the PPSI knows of no reasonable explanation for the transaction after examining the available facts; or (iv) involves the use of the PPSI to facilitate criminal activity. FinCEN notes that paragraph (iv) is included in all SAR rules enacted after 2001. [222 ] The bank SAR rule does not contain an equivalent to paragraph (iv), because it was issued prior to 2001. To maintain standard language across financial institution types, FinCEN proposes paragraph (iv) for PPSIs, which FinCEN does not believe adds substantially to the reporting obligation already mandated by paragraphs (i) through (iii).

Section 1033.320(a)(3) recognizes that one or more financial institutions may have an obligation to report the same suspicious transaction and that other financial institutions may have separate obligations to report suspicious activity with respect to the same transaction pursuant to other provisions in the BSA. Under this proposed provision, where more than one financial institution with a separate suspicious activity reporting obligation [223 ] is involved in the same transaction, only one report jointly filed on behalf of all involved financial institutions would be required, provided that the joint report contained all relevant facts and that each institution maintained a copy of the report and any supporting documentation. Accordingly, where a PPSI is a subsidiary of a parent insured depository institution and both institutions are required to file a SAR, the parent will be permitted to file SARs on behalf of its PPSI subsidiary (and vice versa).

iii. Proposed 31 CFR 1033.320(b) —Filing and Notification Procedures

Proposed § 1033.320(b)(1) through (4) sets forth the filing and notification procedures a PPSI would need to follow to make reports of suspicious transactions. If the PPSI identifies a suspect, within 30 days of initial detection by the reporting PPSI of facts that may constitute a basis for filing a SAR, the PPSI would need to report the transaction by completing and filing a SAR with FinCEN in accordance with all form instructions. If a PPSI does not identify a suspect, a PPSI may delay filing for 30 days to identify a suspect. The PPSI would also need to collect and ( printed page 18609) maintain supporting documentation relating to each SAR.

For situations requiring immediate attention, such as suspected terrorist financing or ongoing money laundering schemes, PPSIs would be required under § 1033.320(b)(4) to notify immediately by telephone the appropriate law enforcement authority in addition to filing a timely SAR.

Finally, § 1033.320(b)(5) provides that a PPSI wishing to voluntarily report suspicious transactions that may relate to terrorist activity may call FinCEN's Financial Institutions Hotline at 1-866-556-3974 in addition to filing timely a SAR if required by this section. The PPSI may also, but is not required to, contact its primary Federal payment stablecoin regulator to report such situations.

iv. Proposed 31 CFR 1033.320(c) —Retention of Records

Proposed § 1033.320(c) would provide that PPSIs must maintain copies of filed SARs and the underlying related documentation for a period of five years from the date of filing. Supporting documentation would need to be made available to FinCEN, any Federal, State, or local law enforcement agency; or any Federal regulatory authority that examines the PPSI for compliance with the BSA under the proposed rule, upon request of that agency or authority.

v. Proposed 31 CFR 1033.320(d) —Confidentiality of SARs

Consistent with BSA provisions regarding SAR confidentiality, [224 ] proposed § 1033.320(d) would provide that a SAR and any information that would reveal the existence of a SAR are confidential and shall not be disclosed except as authorized in § 1033.320(d)(1)(ii). Section 1033.320(d)(1)(i) would generally provide that no PPSI, and no current or former director, officer, employee, or agent of any PPSI, shall disclose a SAR or any information that would reveal the existence of a SAR. This provision of the proposed rule would further provide that any PPSI and any current or former director, officer, employee, or agent of any PPSI that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, would decline to produce the SAR or such information and would be required to notify FinCEN of such a request and any response thereto. In addition to reports of suspicious activity required by the proposed rule, PPSIs would be prohibited from disclosing voluntary reports of suspicious activity.

Proposed § 1033.320(d)(1)(ii) would provide three rules of construction that clarify the scope of the prohibition against the disclosure of a SAR by a PPSI. The rules of construction proposed would remain qualified by, and subordinate to, the statutory mandate that revealing to one or more subjects of a SAR of the SAR's existence would remain a crime. [225 ] The first rule of construction, in § 1033.320(d)(1)(ii)(A)(1), would authorize a PPSI, or any director, officer, employee or agent of a PPSI, to disclose a SAR, or any information that would reveal the existence of a SAR, to various specified authorities provided that no person involved in the reported transaction is notified that the transaction has been reported. The second rule of construction, in § 1033.320(d)(1)(ii)(A)(2), would provide two instances where disclosures of underlying facts, transactions, and documents upon which a SAR was based would be permissible: in connection with (i) preparation of a joint SAR or (ii) certain employment references or termination notices.

The third rule of construction, in § 1033.320(d)(1)(ii)(B), would authorize sharing of a SAR within a PPSI's corporate organizational structure for purposes consistent with the BSA as determined by regulation or in guidance. FinCEN proposes specifying in this rule of construction that a PPSI subsidiaries and its insured depository institution parent can share SARs between the two entities as doing so is consistent with Title II of the Bank Secrecy Act. Specifically, such sharing enables a parent company to discharge its oversight responsibilities with respect to enterprise-wide risk management. [226 ] This provision is intended to make it clear that PPSIs will be permitted to share SARs, as well as the underlying facts, transactions, and documents upon which a SAR was based, with its parent insured depository institution (and vice versa).

Section 1032.330(d)(2) would also incorporate the statutory prohibition against disclosure of SAR information by government authorities that have access to SARs other than in fulfillment of their official duties consistent with the BSA. The paragraph would clarify that official duties do not include the disclosure of SAR information in response to a request by a non-governmental entity for non-public information [227 ] or for use in a private legal proceeding, including a request under 31 CFR 1.11. [228 ]

vi. Proposed 31 CFR 1033.320(e) —Limitation of Liability

Proposed § 1033.320(e) would provide protection from liability, also known as a safe harbor, for making either required or voluntary reports of suspicious transactions, or for failures to provide notice of such disclosure to any person identified in the disclosure to the full extent provided by 31 U.S.C. 5318(g)(3). [229 ] This protection would extend to a PPSI and any current or former director, officer, employee, or agent of a PPSI.

vii. Proposed 31 CFR 1033.320(f) —Compliance

Proposed § 1033.320(f) would note that FinCEN or its delegates will examine PPSIs' compliance with their obligation to report suspicious transactions. Proposed § 1033.320(f) would also provide that a PPSI's failure to comply with FinCEN's SAR filing requirements may constitute a violation of the BSA and FinCEN's regulations.

viii. Proposed 31 CFR 1033.320(g) —Clarification Regarding Transactions

Proposed § 1033.320(g) would effectuate FinCEN's intent to explicitly scope out secondary market transfers from a PPSI's SAR reporting obligation. It would state that, for the purposes of the PPSI SAR regulation, “A transaction, for purposes of § 1033.320, is not conducted or attempted by, at, or ( printed page 18610) through a permitted payment stablecoin issuer only because a transfer by third parties results in an interaction with a permitted payment stablecoin issuer's smart contract.”

FinCEN also considered, instead of clarifying what transfers are scoped out of the rule, specifying transfers scoped into the rule, by outlining that “transactions” include (1) issuances or redemptions of a payment stablecoin; (2) transfers, payments, or withdrawals of funds or value related to issuing or redeeming a payment stablecoin, (3) transfers, payments, or withdrawals of funds or value related to managing reserve assets; (4) transfers, payments, or withdrawals of funds or value related to providing custodial or safekeeping services for payment stablecoins, required reserves; or private keys of payment stablecoins; (5) transfers, payments, or withdrawals of funds or value related to any activities that support (1)-(4); and (6) transfers, deposits or withdrawals relating to any activity in which a PPSI is authorized to engage. FinCEN preliminarily believes, however, that attempting to further outline “transaction” adds unnecessary complexity; may result in confusion because “transaction” is otherwise defined in FinCEN's regulations; and could lead to the PPSI SAR obligation being overly or underly inclusive as the kinds of activities in which PPSIs engage, and how they engage in those activities, could evolve. As indicated above, FinCEN welcomes comment on its proposed approach.

9. Proposed 31 CFR 1033.400 and 1033.410 —Recordkeeping Requirements for PPSIs

The GENIUS Act requires that PPSIs be subject to requirements relating to “retention of appropriate records.” [230 ] Under the BSA, FinCEN has authority to impose on financial institutions obligations relating to requiring, retaining, and maintaining records. [231 ] Financial institutions subject to the BSA obligations have these recordkeeping requirements. [232 ] These records enhance law enforcement's ability to detect, investigate, and prosecute money laundering, financial crimes, and have a high degree of usefulness in criminal, tax, or regulatory investigations. [233 ] Consistent with its treatment of other financial institutions under the BSA, FinCEN proposes amendments to § 1010.410 and adding §§ 1033.400 and 1033.410 to apply these recordkeeping requirements to PPSIs.

Proposed § 1033.400 would state generally that PPSIs are subject to the recordkeeping requirement of subpart D of part 1010, which would include § 1010.430 that, among other things, requires records to be kept for five years and § 1010.415. Proposed § 1033.410 would cross-reference § 1010.410 which details the specific recordkeeping requirements explained in detail below.

i. Application of Recordkeeping Obligations in § 1010.410(a)-(d)

The proposal would require PPSIs to comply with the recordkeeping obligations outlined in § 1010.410(a) through (c). The recordkeeping obligations would require PPSIs to create and retain certain records for extensions of credit in excess of $10,000; [234 ] and certain records of cross-border transfers of currency, monetary instruments, funds, checks, investment securities, and credit worth more than $10,000. Section 1010.410(d) would require also a PPSI to maintain records related to any order issued under § 1010.370(a) for up to five years.

ii. Application of Recordkeeping Obligations in § 1010.410(e) and (f)

The proposal would also require PPSIs to comply with the Recordkeeping Rule and Travel Rule, which are complementary obligations codified in §§ 1010.410(e) and 1010.410(f), respectfully. [235 ] The Recordkeeping Rule requires financial institutions to collect and retain records for funds transfers and transmittals of funds in amounts of $3,000 or more. The Travel Rule requires financial institutions to transmit information on certain funds transfers and transmittals of funds to other financial institutions participating in the transfer or transmittal. As such, the information “travels” with the transmittal to the next financial institution in the payment chain. [236 ] Under the current regulatory regime, stablecoin issuers are subject to the Recordkeeping Rule and Travel Rule as MSBs. The proposed requirement is generally consistent with existing recordkeeping requirements for stablecoin issuers regulated as MSBs, as well as other financial institutions with recordkeeping requirements. FinCEN is not proposing to substantively change the Recordkeeping Rule and Travel Rule requirements via this rulemaking other than clearly imposing those requirements on PPSIs, consistent with the GENIUS Act, and ensuring it is clear that transmittal orders involving payment stablecoins are covered by the Recordkeeping Rule and Travel Rule. [237 ]

a. Proposed Amendment to 31 CFR 1010.100(eee) —Definition of Transmittal Order

Both the Recordkeeping Rule, § 1010.410(e), [238 ] and Travel Rule, § 1010.410(f), rely on the definition of “transmittal order” in § 1010.100(eee), which states, in part, that a transmittal order causes another financial institution to pay a fixed amount of “money.” FinCEN has clarified in guidance that transmittal orders relating to transfers involving CVC, of which payment stablecoins are one type, are subject to the Recordkeeping and Travel Rules, presuming the Rules' other conditions are met. [239 ] Nevertheless, to avoid any doubt regarding the application of the term transmittal order to payment stablecoins in light of the GENIUS Act's direction to issue regulations setting out requirements for PPSIs, FinCEN proposes amending the definition of transmittal order in § 1010.100(eee) to expressly include payment stablecoins in addition to “money.” [240 ] This change should not be ( printed page 18611) construed, including by negative inference, to imply that orders to pay other kinds of value that substitute for currency are not transmittal orders. [241 ]

FinCEN previously discussed its treatment of CVCs for purposes of the Recordkeeping and Travel Rules. FinCEN's 2019 guidance clarified the application of the Recordkeeping and Travel Rules to CVCs: “because a transmittal order involving CVC is an instruction to pay `a determinable amount of money,' transactions involving CVC qualify as transmittals of funds, and thus may fall within” these obligations. [242 ] FinCEN recognizes various definitions and treatment of the term “money.” Notably, under the GENIUS Act, the term “money” means “(A) [ ] a medium of exchange currently authorized or adopted by a domestic or foreign government; and (B) includes a monetary unit of account established by an intergovernmental organization or by agreement between 2 or more countries.” [243 ] As FinCEN explained in its 2020 notice of proposed rulemaking related to the Recordkeeping and Travel Rules, in the preamble to the original Recordkeeping Rule, FinCEN indicated non-defined terms should be given the meaning given to the term in Article 4A of the Uniform Commercial Code (UCC), which, at the time, defined “money” as “a medium of exchange currently authorized or adopted by a domestic or foreign government.” [244 ] Since 2020, however, additional CVCs and digital assets have emerged. As recognized by Congress in the AML Act, these new forms of assets are intended to operate as value that substitutes for traditional forms of money. [245 ] Based on prior FinCEN guidance, stablecoin issuers do constitute money for purpose of the Recordkeeping and Travel Rules, [246 ] and, accordingly, FinCEN proposes adding payment stablecoin to the definition of transmittal order to ensure the application to payment stablecoins is clear in light of the GENIUS Act.

b. Proposed Amendment to 31 CFR 1010.410(e)(6) —Scope of Recordkeeping Obligation

FinCEN proposes amending § 1010.410(e)(6) to add PPSIs to the list of entities excepted from the requirements in § 1010.410(e) when the transfer is between the entities listed. Under this proposal, PPSIs would be treated in the same manner—and with the same exceptions for transfers to certain other entities—such as banks, broker-dealers, futures commission merchants, introducing brokers in commodities, and mutual funds. In other words, the recordkeeping requirements of the Recordkeeping Rule would not apply to transmittals of funds in which both the transmittor and the recipient are either a PPSI, bank, broker-dealer, futures commission merchant, introducing broker in commodities, or mutual fund.

10. Proposed 31 CFR 1033.520 and 1033.540 —Special Information-Sharing Procedures

The GENIUS Act generally directs that PPSIs be treated as financial institutions under the BSA and be subject to “all laws” relating to “prevention of money laundering.” [247 ] Although the GENIUS Act does not explicitly direct FinCEN to apply its provisions relating to information sharing to PPSIs, information sharing authorities are established components of the BSA, which, among other purposes, seek to “prevent laundering of money.” [248 ] Indeed, in the AML Act, Congress declared that one purpose of the BSA is to “establish appropriate frameworks for information sharing.” [249 ] The USA PATRIOT Act, which amended the BSA, provides in section 314(a) that the Secretary should adopt regulations to encourage the further cooperation and sharing of information regarding credible evidence of terrorist acts or money laundering activities among financial institutions, their regulatory authorities, and law enforcement authorities. [250 ] Section 314(b) further provides financial institutions with the ability to voluntarily share information regarding parties suspected of possible terrorist or money laundering activities with another financial institution upon notice to the Treasury under a safe harbor that offers protections from liability.

FinCEN's regulations at 31 CFR 1010.520 and 1010.540 implement sections 314(a) and 314(b) of the USA PATRIOT Act, respectively. Section 1010.520 applies to financial institutions generally and, as explained below, requires a financial institution to search its records upon receipt of a request from FinCEN and provide information in return. Section 1010.540 applies to financial institutions that are required to have AML/CFT programs, or are treated as having satisfied that requirement, and is a voluntary information sharing tool of which a financial institution may, but is not required, to avail itself.

Consistent with its treatment of other financial institutions under the BSA, FinCEN proposes adding §§ 1033.500, 1033.520, and 1033.540 to its regulations to expressly apply the information-sharing provisions of §§ 1010.520 and 1010.540 to PPSIs. FinCEN is proposing to apply these provisions to PPSIs so that law enforcement would be able to request information from PPSIs where there is reasonable suspicious and credible evidence that an individual, entity, or organization is involved in terrorist acts or money laundering, potentially resulting in lead information that might otherwise never be uncovered. [251 ] Further, PPSIs would be able to participate in voluntary information sharing arrangements, through which they can share and receive information from other financial institutions to identify and, where appropriate, report activities that may involve terrorist activity or money laundering. As FinCEN has previously noted, under 314(b) financial institutions can share information about transactions involving the proceeds of specified unlawful activities, which include an array of fraudulent and other criminal activities, such as fraud against ( printed page 18612) individuals, organizations, or governments, computer fraud and abuse, and other crimes. [252 ] Such sharing could, for example, enable broader understanding of customer risk and filing of more comprehensive SARs. [253 ]

In particular, proposed § 1033.500 would state generally that PPSIs are subject to the special information sharing procedures of subpart E of part 1010. In addition to §§ 1010.520 and 1010.540, subpart E of part 1010 contains a brief definition section, § 1010.505, containing definitions for, among other things, account. FinCEN assesses that the already codified definition of account is sufficiently broad to cover accounts established with PPSIs, but requests comment on whether this or any other definition in that section, including transaction, should be modified to clarify obligations of PPSIs.

Proposed § 1033.520 would cross-reference § 1010.520 and require a PPSI, upon request from FinCEN, to expeditiously search its records for specific information to determine whether the PPSI maintains or has maintained an account for, or has engaged in any transaction with, an individual, entity, or organization named in FinCEN's request. [254 ] A PPSI would then be required to report any such identified information to FinCEN. [255 ]

Proposed § 1033.540 would cross-reference § 1010.540 and permit PPSIs to, upon providing notice to FinCEN, transmit, receive, or otherwise share information with other financial institutions or associations of financial institutions in order to identify and report to the federal government activities that may involve money laundering or terrorist activity.

11. Proposed 31 CFR 1033.600 Through 1033.630 —Special Standards of Diligence; Prohibitions; and Special Measures

The GENIUS Act mandated that a PPSI maintain “appropriate enhanced due diligence,” [256 ] and the BSA directs that financial institutions establish appropriate enhanced due diligence for correspondent accounts and private banking accounts. [257 ] Congress has also authorized Treasury to impose special measures to guard the U.S. financial system when foreign financial institutions or transactions are of primary money laundering concern. [258 ] FinCEN's regulations implementing these BSA provisions are contained in 31 CFR part 1010, subpart F. FinCEN has applied enhanced due diligence and special measures to financial institutions who typically maintain account-based relationships with customers.

Consistent with that practice, FinCEN is proposing to apply most of the provisions in part 1010 subpart F to PPSIs, including enhanced due diligence for correspondent and private banking accounts and some special measures. Proposed § 1033.600 would state generally that PPSIs are subject to the special standards of diligence, prohibitions, and special measures of part 1010 subpart F. FinCEN is not proposing to apply to PPSIs § 1010.630, which prohibits correspondent accounts for foreign shell banks, or § 1010.670, which relates to summons and subpoenas on foreign banks, as the statutory authority authorizing those provisions apply only to certain types of financial institutions. [259 ]

i. Definition of “Correspondent Account” and “Covered Financial Institution”

FinCEN is proposing to amend two definitions in § 1010.605, the definition section for subpart F. In addition to amending these terms to account for PPSIs, FinCEN is also making non-substantive edits to § 1010.605(c)(2)(ii) through (iv) to correct cross references. [260 ]

First, FinCEN proposes amending the definition of “account” in § 1010.605(c), as applied to the meaning of correspondent account to include accounts with PPSIs. FinCEN recognizes that the term correspondent account is not typically used in the stablecoin industry. In a prior rulemaking FinCEN concluded that in enacting the BSA provisions relating to enhanced due diligence for correspondent accounts, Congress intended the term “correspondent account” to capture more than traditional bank relationships. [261 ] Rather its goal in enacting BSA provisions related to correspondent accounts was preventing “money laundering through accounts that give foreign financial institutions a base for moving funds through the U.S. financial system.” [262 ] Accordingly, FinCEN extended the term “correspondent account” to non-bank financial institutions that “offer accounts that provide foreign financial institutions a conduit for engaging in ongoing transactions in the U.S. financial system either on their own behalf or for their customers.”

To effectuate the GENIUS Act's requirement that PPSIs maintain “enhanced due diligence,” FinCEN is proposing to amend the definition of “correspondent account” so that PPSIs are required to implement obligations related to the BSA's explicit references to “enhanced due diligence.” Accordingly, FinCEN proposes here, as it has before, extending the term correspondent account beyond its traditional use in banking and incorporating certain accounts established by PPSIs.

FinCEN proposes adding a new paragraph, § 1010.605(c)(2)(v), defining “account,” as applied to the meaning of “correspondent account” in § 1010.605(c), to include, as applied to a PPSI, “any formal relationship established by a permitted payment stablecoin issuer to provide regular services, dealings, and other financial transactions.” This definition is intended to include the range of activities in which a PPSI may engage as articulated in 12 U.S.C. 5903(a)(7), which include issuing and redeeming payment stablecoin, managing reserves, and providing custodial services, as well as activities that support any of those efforts. It would also cover where a PPSI engages in activities as a digital asset service provider.

Second, FinCEN is proposing to amend § 1010.605(e)(1) to include PPSIs in the definition of “covered financial institution,” which results in PPSIs being subject to provisions implementing special standards of due diligence for correspondent accounts established or maintained for foreign financial institutions and private ( printed page 18613) banking accounts established or maintained for non-U.S. persons. [263 ]

As part of its implementation of BSA obligations related to enhanced due diligence for private banking accounts, FinCEN has already defined the term private banking account in § 1010.605(m). That definition provides, in part, that a private banking account means an account (or collection of accounts) with minimum aggregate assets of more than $1 million, established on behalf of a non-U.S. person, and assigned or administered by the covered financial institution. FinCEN assesses that this definition covers the kinds of account relationships PPSIs could maintain for a non-U.S. person and is proposing no changes, but seeks comment on that approach.

ii. Special Standards for Diligence

To implement the GENIUS Act's directive to apply BSA obligations related to “enhanced due diligence,” FinCEN proposes adding §§ 1033.610 and 1033.620, which adopt by reference §§ 1010.610 and 1010.620. Sections 1010.610 and 1010.620 implement BSA obligations related to enhanced due diligence for correspondent accounts and private banking accounts, respectively.

Sections 1010.610 and 1010.620 require that covered financial institutions maintain due diligence programs for correspondent accounts for foreign financial institutions and banks and for private banking accounts that include policies, procedures, and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving any such correspondent or private banking accounts. [264 ] These provisions also set certain minimum standards for such due diligence programs, as well as procedures for enhanced due diligence for correspondent accounts for foreign banks [265 ] and private banking accounts for senior foreign political figures. [266 ]

Applying these special standards of due diligence to PPSIs would help PPSIs in understanding risk and identifying illicit activity in certain relationships with foreign financial institutions. Specifically, these standards would address relationships with high-net worth non-U.S. customers and foreign financial institutions that may be acting on behalf of higher-risk non-U.S. customers, when those relationships involve correspondent accounts for foreign financial institutions or private banking accounts.

FinCEN requests comment on the application of these provisions, including whether additional amendments should be made to account for any uniqueness of PPSIs.

iii. Special Measures

Under the BSA, FinCEN can require U.S. financial institutions to implement certain special measures pursuant to section 311 of the USA PATRIOT Act (section 311) if the Secretary finds that reasonable grounds exist to conclude that a foreign jurisdiction, institution, class of transaction, or type of account is a “primary money laundering concern.” [267 ] Section 9714(a) of the Combatting Russian Money Laundering Act [268 ] and section 7213A Fentanyl Sanctions Act (as amended by section 3201 the of FEND Off Fentanyl Act)—the latter codified in 21 U.S.C. 2313a and referred to colloquially as section 2313a—allow for similar special measures in the context of Russian illicit finance and illicit opioid trafficking, respectively. As financial institutions, FinCEN is proposing that PPSIs be required to comply with special measures issued pursuant to sections 311, 9714(a), and 2313a to maintain the options available under these sections to protect the U.S. financial system from certain illicit finance threats.

Additionally, by incorporating PPSIs into the definition of “covered financial institutions” in § 1010.605(e)(1), FinCEN consequently imposes the special measures codified in § 1010.658 (relating to FBME Bank, Ltd.); § 1010.659 (relating to North Korea); § 1010.660 (relating to Bank of Dandong); § 1010.661 (relating to Iran); § 1010.663 (relating to Al-Huda Bank); and § 1010.664 (relating to Huione Group). [269 ] FinCEN is also proposing to amend § 1010.651 (relating to Burma) [270 ] and § 1010.653 (relating to the Commercial Bank of Syria) to apply those special measures to PPSIs. [271 ]

VII. Proposed Application of Sanctions Program Requirement

The GENIUS Act requires PPSIs to maintain “an effective sanctions compliance program, including verification of sanctions lists, consistent with Federal law.” [272 ] As discussed in section V.B above, PPSIs are U.S. persons under OFAC's existing regulations because the GENIUS Act requires PPSIs to be formed in the United States. [273 ] Accordingly, like all other U.S. persons, stablecoin issuers that qualify as PPSIs will be required to comply with U.S. sanctions under existing Federal law, meaning they must generally block the property and interests in property of blocked persons; reject prohibited transactions involving certain persons, jurisdictions, or activities; and retain certain records and file reports with OFAC. The sanctions compliance program requirement in the GENIUS Act, however, represents the first time that Federal law has explicitly mandated that a particular U.S. person have an effective sanctions compliance program, although IEEPA and other statutory authorities authorize the President to, among other actions, investigate, block, regulate, or prohibit transactions and dealings in property subject to U.S. jurisdiction when a foreign national or country has an interest. [274 ]

Accordingly, OFAC is proposing a new part 502 to chapter V of the CFR entitled the “Permitted Payment Stablecoin Issuer Effective Sanctions Compliance Program Regulations” to effectuate the GENIUS Act's effective sanctions compliance program requirement, [275 ] consistent with statutory authorities that authorize OFAC to administer sanctions. 276 Section VII.A below describes the recordkeeping and reporting requirement for a PPSI in line with standard OFAC requirements for all U.S. persons, [277 ] as well as an additional requirement that PPSIs provide to OFAC upon request certain certifications required by the GENIUS Act and relevant to OFAC's role administering and enforcing the requirement that PPSIs maintain an effective sanctions compliance program. [278 ] Section VII.B then outlines the five elements of an effective sanctions compliance program proposed at § 502.201(b), including an explanation and rationale for each component. Section VII.C discusses terms OFAC proposes to define in the definitions section in subpart C to part 502. Finally, section VII.D provides an overview of the proposed penalties for materially or knowingly violating the effective sanctions compliance program requirement contained in proposed 31 CFR part 502, consistent with the GENIUS Act [279 ] and pursuant to statutory authorities authorizing OFAC to impose civil monetary penalties, including IEEPA. [280 ]

A. Recordkeeping and Reporting

Consistent with OFAC's requirements for all U.S. persons, proposed § 502.102(a) imposes on PPSIs standard recordkeeping and reporting requirements as found in 31 CFR part 501. These requirements align with PPSIs' status as U.S. persons, making them subject to the requirements found in subpart C of part 501. OFAC's experience in enforcing U.S. sanctions and supporting compliance by regulated persons has found these requirements to be essential to the integrity of the U.S. sanctions regime.

Proposed § 502.102(b) would require PPSIs provide to OFAC upon request, given OFAC's role in administering and enforcing economic sanctions and issuing sanctions compliance program requirements under the GENIUS Act, any and all certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying, pursuant to the GENIUS Act, that the PPSI has implemented an effective sanctions compliance program. [281 ] OFAC intends to interpret the terms “primary Federal payment stablecoin regulator” and “State payment stablecoin regulator” consistent with how those terms are defined in the GENIUS Act. [282 ]

B. Effective Sanctions Compliance Program

The GENIUS Act requires both that PPSIs maintain an “effective sanctions compliance program” [283 ] and that regulations promulgated under the Act are “tailored to the size and complexity” [284 ] of a PPSI. Based on decades of experience administering and enforcing U.S. sanctions, OFAC has found across multiple sectors that an entity's size and complexity are significant factors in assessing sanctions risk. A larger sized entity can mean greater exposure to transactions that could involve a blocked person, sanctioned jurisdictions, or interaction with other OFAC-administered prohibitions or restrictions. Likewise, greater complexity in an entity's operations can necessitate more sophisticated controls to mitigate sanctions risk. Therefore, based on OFAC's historical experience, OFAC assesses that the best way to implement the GENIUS Act's instructions is to delineate effective sanctions compliance elements that provide PPSIs discretion to make risk-based judgments in light of, among other factors, their size and complexity.

In 2019, OFAC published “A Framework for OFAC Compliance Commitments” (the “2019 Compliance Framework”) to support the regulated public's development of effective sanctions compliance programs with guidance on tailoring risk-based principles to an organization's unique characteristics and sanctions risk exposure. [285 ] In addition to being a cornerstone of OFAC's public outreach to all regulated industries, the compliance guidance and expectations detailed in the 2019 Compliance Framework consistently form the basis of OFAC's published guidance (e.g., sanctions advisories, compliance communiqués, and frequently asked questions), as well as specific guidance issued in response to public inquiries.

Subsequently, in 2021, OFAC provided additional guidance to the digital assets industry grounded in the Framework by publishing the “Sanctions Compliance Guidance for the Virtual Currency Industry” (“Virtual Currency Industry Guidance”) and several Frequently Asked Questions on Virtual Currency. [286 ] One of OFAC's main objectives in issuing the Virtual Currency Industry Guidance was to explain how actors in the broader digital assets industry could mitigate sanctions risk by adopting a risk-based approach to sanctions compliance. The Virtual Currency Industry Guidance also highlighted specific risks facing actors in the digital assets industry and identified best practices to support industry stakeholders with sanctions compliance, such as the use of geolocation and blockchain analytics tools for screening and transaction monitoring. [287 ] Many in the compliance community noted that the document provided clear guidance on digital asset providers' sanctions obligations and valuable best practices for ensuring compliance in that space.

In addition to OFAC's existing guidance, OFAC's extensive experience administering and enforcing U.S. sanctions has also demonstrated that a risk-based approach is an effective way to mitigate sanctions risk. Promoting compliance is a core objective in pursuing enforcement actions. As outlined in the preamble to the Final Rule establishing OFAC's Enforcement Guidelines, [288 ] the purpose of OFAC's enforcement actions are to raise awareness, increase compliance, and deter “conduct that undermines the goals of [U.S.] sanctions programs.” [289 ] Accordingly, OFAC's enforcement settlement agreements with parties usually insist on implementation of a sanctions compliance program in line with the 2019 Compliance Framework. Consequently, across both OFAC's history of guidance and enforcement, OFAC has consistently observed that an effective sanctions compliance program contains certain key elements.

Based on that experience, OFAC is now proposing requiring PPSIs adopt a sanctions compliance program including the five key elements in line with the 2019 Compliance Framework:

( printed page 18615) (1) Senior Management and Organizational Commitment; (2) Risk Assessment; (3) Internal Controls; (4) Testing and Auditing; and (5) Training. OFAC assesses that a risk-based approach and a sanctions compliance program grounded in the five enumerated elements best implements the GENIUS Act's requirement that Treasury adopt rules tailored to the size and complexity of PPSIs while ensuring that PPSIs maintain an effective sanctions compliance program. [290 ] Specifically, by mandating the five elements as a minimum for an effective sanctions compliance program, the proposed rule intentionally sets a necessary floor for an effective sanctions compliance program while leaving space for PPSIs to take additional or refined compliance measures that account for the specific circumstances of individual PPSIs. Finally, OFAC notes the proposed rule's focus on a risk-based approach and the five enumerated elements of an effective sanctions compliance program intends to provide flexibility to account for rapidly evolving payment stablecoin technologies in the digital assets ecosystem. As PPSIs utilize the GENIUS Act's framework to support innovation and the responsible growth and use of payment stablecoins, OFAC anticipates the development of new stablecoin-related products and services that may differ from those provided or used by stablecoin issuers today. Such products and services, in turn, may require new approaches to sanctions compliance to mitigate sanctions risks and meet OFAC's regulatory obligations.

In sections VII.B.1 through VII.B.5 below, OFAC provides further details regarding the five elements that constitute the effective sanctions compliance program requirements that OFAC proposes for PPSIs pursuant to the GENIUS Act and consistent with statutory authorities that OFAC administers as described above.

1. Proposed 31 CFR 502.201(b)(1) —Senior Management and Organizational Commitment

Proposed § 502.201(b)(1) would require a PPSI's senior management to review and approve a PPSI's sanctions compliance program and to support the sanctions compliance program's effective implementation, including by ensuring the sanctions compliance program, at a minimum: (i) applies to all payment stablecoin-related activity; (ii) has sufficient resources, including necessary investments in human capital, expertise, and information technology, to carry out the requirement that PPSIs conduct risk assessments, maintain internal controls, conduct testing and auditing, and maintain a risk-based sanctions compliance training program, as described in the proposed § 502.201(b)(2) through (b)(5) (see sections VII.B.2 through VII.B.5 below); (iii) is fully integrated into the PPSI's ongoing stablecoin-related operations; (iv) routinely provides risk updates, including test results, to senior management and other appropriate personnel within the PPSI; and (v) provides sufficient authority and autonomy to the compliance function to manage effectively U.S. sanctions risk for the entire PPSI.

A PPSI's senior management includes individuals responsible for monitoring performance across the organization, including its sanctions compliance program. As applicable, senior management could include supervisory, managerial, and executive employees, and can also include its board of directors, owners, operators, and other leadership personnel depending on the PPSI's governance structure. The particular composition of a PPSI's senior management is a fact-specific matter depending on each individual PPSI, and in this proposed rule, OFAC proposes to provide PPSIs with flexibility in determining which members of senior management ensure an effective sanctions compliance program. Nevertheless, based on its experience administering and enforcing U.S. sanctions, including providing guidance to industry, OFAC views senior management engagement as essential to the effectiveness of any person's sanctions compliance program. [291 ] A PPSI's senior management's combination of its vantage point across the entire organization's activities and its decision-making authority uniquely positions it to review a sanctions compliance program with a comprehensive understanding of the PPSI's operations and credibly approve a program as meeting that PPSI's particular circumstances. Additionally, the requirement that senior management approve the sanctions compliance program demonstrates senior management support and buy-in, which is critical to building a culture of compliance by establishing ultimate responsibility at the PPSI's senior levels.

Furthermore, the proposed § 502.201(b)(1) would require senior management to support the sanctions compliance program's effective implementation by ensuring the program includes, at a minimum, certain key components. First, senior management would be required to ensure the sanctions compliance program applies to all payment stablecoin-related activity. As outlined, a PPSI's senior management operates from a distinct vantage point compared to other personnel, enabling broader awareness and oversight across an entire organization that uniquely positions them to monitor the creation and implementation of a sanctions compliance program. That perspective supports making sure the compliance program does not only apply to discrete parts of a PPSI's operations. While, as outlined below in this section, an effective sanctions compliance program requires a measure of delegation and autonomy to the compliance function to deploy established compliance policies and procedures, senior management's visibility across a PPSI's operations during the creation of a sanctions compliance program is vital to avoiding gaps that create heightened risks of sanctions violations.

Second, senior management would be required to ensure the sanctions compliance program has adequate resources. OFAC's experience has demonstrated that adequate resourcing is particularly crucial for PPSIs given the nature of the rapidly evolving technologies underpinning payment stablecoins and attendant sanctions risks. OFAC does not propose to prescribe specific resourcing levels or breakdowns in resources for various elements of a compliance program. Senior management should tailor those decisions to a PPSI's particular circumstances. Nonetheless, ensuring adequate resources would entail senior management knowledge of and engagement on how the PPSI allocates resources for compliance functions across the organization and how that allocation is commensurate with current levels of sanctions risk exposure, including in the form of human capital, expertise, information technology, such as the tools described in section VII.B.3 below, and other resources, as appropriate.

Third, senior management would be required to ensure the sanctions compliance program is fully integrated into a PPSI's ongoing stablecoin-related operations. The active incorporation of the compliance program into ongoing ( printed page 18616) operations is critical to both timely and effective responses to sanctions risk. In line with section VII.B.3 below, a senior management commitment with respect to ongoing operations would entail ensuring a sanctions compliance function has the necessary tools to identify and respond to sanctions risks judiciously. Simultaneously, in addition to resourcing necessary tools, this commitment could also be expressed by ensuring written policies and procedures (see section VII.B.3) that enable PPSI personnel to respond expeditiously when confronting sanctions risk.

Fourth, senior management would be required to ensure senior management, and other appropriate personnel, routinely receive risk updates, including test results, from the sanctions compliance program. OFAC's experience providing guidance to the regulated public and enforcing U.S. sanctions has shown that absent a senior management commitment to an entity's sanctions compliance program, staff implementing the program will have less routine access to senior management to provide risk updates, including test results. Such routine updates are necessary to support senior management's continued appreciation of the organization's sanctions obligations and timely awareness of sanctions risks, as well as then facilitating informed decisions. In the proposed rule OFAC does not prescribe a cadence for these routine risk updates, as they should be tailored to the particular circumstance of each PPSI.

Finally, while routine updates to senior management are essential, under the proposed rule, senior management would also be required to ensure that the sanctions compliance program has sufficient authority and autonomy to function and conduct timely and effective operations. The proposed rule would require that a PPSI's sanctions compliance program be empowered to work independently to take appropriate actions to address and mitigate sanctions risks for the entire organization, which is critical to the integrity of the PPSI's compliance functions. The sanctions compliance program must be able to act efficiently and effectively within the organization to be able to respond to timely sanctions-related developments. Accordingly, the proposed rule would require, as a key element, that senior management ensure that the sanctions compliance program is able to manage effectively U.S. sanctions risks for the entire organization.

Critically, senior management's active support for the five requirements proposed in § 502.201(b)(1)(i) through (v) constitute a minimum set of activities that OFAC would expect when considering whether a PPSI's sanctions compliance program is effective. Additional activities may be relevant to a PPSI's compliance program under a risk-based approach. In accordance with the GENIUS Act's mandate to tailor rules to the size and complexity of each PPSI's operations, [292 ] the proposed rule leaves discretion for PPSI's to adopt additional measures in line with their circumstances.

2. Proposed 31 CFR 502.201(b)(2) —Risk Assessments

Proposed § 502.201(b)(2) would require a PPSI conduct sanctions-related risk assessments by: (i) conducting holistic assessments of U.S. sanctions risks at appropriate intervals; (ii) using the risk assessments to inform the PPSI's operation of its sanctions compliance program, including revising internal controls and training as appropriate; and (iii) revising risk assessments as appropriate to account for any identified U.S. sanctions violations or deficiencies, new products, services, mergers, or acquisitions, and any other factors that may affect a PPSI's risk profile.

In the sanctions context, risks are potential threats or vulnerabilities that, if ignored or not properly handled, can lead to violations of the regulations administered by OFAC. Holistic risk assessments allow an organization to identify these threats or vulnerabilities. OFAC has found, through its enforcement actions for violations of sanctions and engagement with private industry, that regular risk assessments are foundational for sanctions compliance programs to be effective. In keeping with the GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, [293 ] OFAC does not propose a uniform frequency for conducting risk assessments. Similarly, while risk assessments should be holistic reviews—for instance, evaluating a PPSI's touchpoints with external parties and jurisdictions, including customers, vendors, and intermediaries, in order to identify direct and indirect sources of sanctions risk—OFAC does not propose a uniform criteria for a holistic review, again recognizing the GENIUS Act's tailoring requirement. [294 ]

Use of risk assessment results to develop and revise a sanctions compliance program ensures a program is grounded in the most current understanding of the various sources of sanctions risks. As OFAC has determined through various enforcement actions, a sanctions compliance program's internal controls (see section VII.B.3) and training (see section VII.B.5) are only effective if an organization has an accurate understanding of the sanctions risks it faces. Therefore, holistic and appropriately frequent risk assessments are essential to the proper implementation of the other elements of an effective sanctions compliance program outlined in this section VII.B.

Additionally, to be effective, risk assessments themselves must be revised to account for new information or changing circumstances that impact a PPSI's risk profile. Identification of U.S. sanctions violations or deficiencies in an existing compliance program naturally suggest the presence of vulnerabilities necessitating revisions or remediation. Similarly, with respect to new products, services, mergers, or acquisitions, OFAC has on multiple occasions entered into settlement agreements with entities in the digital assets industry for apparent violations that arose from the development and release of a product or service without having given sufficient consideration of attendant sanctions risks or compliance implications. [295 ] A holistic assessment of the sanctions-related risks that such a new product or service could create is necessary to understand what additional or revised controls may be necessary. [296 ] Without these steps pre-launch, the new products or services themselves may immediately give rise to sanctions compliance-related gaps, possibly seriously undermining the effectiveness of a sanctions compliance program.

3. Proposed 31 CFR 502.201(b)(3) —Internal Controls

Proposed § 502.201(b)(3) would require a PPSI [297 ] to establish and maintain a system of risk-based internal controls—including technical capabilities and written policies and procedures—applicable to all payment ( printed page 18617) stablecoin-related activity, whether on the primary or secondary market, that identifies, blocks, and/or rejects transactions that may violate or would violate U.S. sanctions and retains relevant records in accordance with OFAC regulations. OFAC assesses that a dynamic internal controls system that adapts to new regulatory and risk-related developments is critical to fulfilling key obligations imposed under the GENIUS Act.

First, the technical components of a PPSI's internal control system are paramount. In particular, the GENIUS Act requires that a PPSI must be able to “block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations,” [298 ] which includes transactions that violate or would violate U.S. sanctions regulations. Although PPSIs are generally neither the originator nor the beneficiary of transactions, other than issuing or redeeming a payment stablecoin, the GENIUS Act makes clear that a PPSI is nonetheless obligated to block and reject impermissible transactions—including on the secondary market—involving a payment stablecoin it has issued. The proposed rule's requirement that each PPSI establish and maintain technical capabilities to block or reject any payment stablecoin-related activity that violates or would violate U.S. sanctions directly tracks the GENIUS Act's mandate that PPSIs maintain such technical control over impermissible transactions that violate Federal laws, including sanctions regulations.

In practical terms, PPSIs should implement risk-based sanctions controls on transactions, including on the secondary market, to satisfy this requirement. OFAC's Virtual Currency Industry Guidance provides examples of best practices of internal controls, including with respect to transaction monitoring and sanctions screening, for digital asset participants, which will likely be relevant for PPSIs. [299 ] For example, at a minimum, such sanctions screening should include tools sufficient to identify and block transactions associated with digital currency addresses included on OFAC's SDN List. [300 ] In addition, the technical internal controls should enable the PPSI to clearly and effectively identify, interdict, escalate, and report (as necessary and appropriate) activity that may be prohibited by the regulations and laws administered by OFAC. Furthermore, PPSIs should generate and maintain records pertaining to activity that may be prohibited by OFAC as part of their internal controls regime. OFAC has imposed penalties on entities not solely because prohibited transactions occurred, but because organizations failed to maintain complete records or submit timely reports. [301 ]

As described, proposed § 502.201(b)(3) would also mandate that the PPSI continually update the technical internal controls (including risk-based sanctions screening), which ensures the internal controls effectively address amended or updated U.S. sanctions authorities and applicable U.S. sanctions risks. Given the dynamic nature of OFAC sanctions, internal controls should be capable of adjusting rapidly to new OFAC designations, prohibitions, requirements, and guidance, and of effectively identifying risk exposure that may warrant heightened due diligence. [302 ] Relevant guidance may, as noted in the proposed rule, include risks identified in advisories, alerts, or notices issued by the Department of the Treasury or other relevant U.S. government agencies. These reports often enumerate specific red flags and typologies indicative of sanctions evasion trends. PPSIs should consider using such information, along with other open source and proprietary information, in order to conduct proactive diligence to identify and mitigate potential sanctions risks. Information obtained by a PPSI for purposes of complying with the BSA may also be relevant in identifying and mitigating sanctions risks. By establishing and maintaining technical internal control mechanisms, including the ability to effectively identify sources of sanctions risk, PPSIs are able to maintain the technical capacity necessary to comply with OFAC's blocking and non-blocking sanctions programs.

Second, the written policies and procedures requirement of proposed § 502.201(b)(3) prescribes that the risk-based internal controls established by the PPSI are documented in writing and are clearly communicated to all relevant personnel and stakeholders (e.g., clients, business partners, counterparties). OFAC is proposing written policies and procedures because they ensure that compliance measures (like screening the SDN List) are applied consistently across an entire organization, preventing fragmented, decentralized, or ad-hoc practices that can lead to sanctions violations. [303 ] OFAC has finalized numerous civil monetary penalties or settlements since publishing the 2019 Compliance Framework in which an organization's decentralized compliance function was one of the root causes of the sanctions violations identified during the course of the investigation. Written policies and procedures can clearly define the roles and responsibilities of compliance staff, ensuring accountability and proper oversight. Written policies also ensure that compliance protocols are communicated to all relevant stakeholders, minimizing inadvertent violations caused by misunderstanding or lack of training. Proposed § 502.201(b)(3) also stipulates that such internal control documents must be routinely reviewed and revised such that there is timely and appropriate action to remediate any identified compliance gaps or deficiencies. The process of routinely reviewing and revising written policies and procedures should incorporate frequent testing of technical internal controls to ensure effectiveness and sufficiency. If and when a PPSI identifies a weakness in its internal controls system, the PPSI should take immediate and effective action, to the extent possible, to identify and implement compensating controls until the root cause of the weakness can be determined and remediated.

Finally, OFAC notes that the exact form of internal controls is not prescribed by this proposed rule. In keeping with the GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, [304 ] OFAC does not propose a uniform or “one-size-fits-all” internal control system. Rather, the specific internal control system should be risk-based and will depend, among other things, on the PPSI's products, services, geographical scope of operations, direct customers, end users or holders, and on the sanctions risks the PPSI identifies during its risk assessment process or through any other measures.

PPSIs may consider using a variety of tools to develop and implement internal controls, including external resources. In the financial industry, internal controls often include software for sanctions screening, investigations, transaction monitoring, and other ( printed page 18618) purposes. For digital assets industry participants in particular, these tools typically function as a linchpin of the organization's internal controls. OFAC does not require PPSIs to use any specific tool or software, and OFAC's engagement with the private sector has found that the specific tools employed vary widely by industry. Digital assets industry participants routinely report using blockchain analysis, open-source intelligence, geolocation tools, and media monitoring tools, among other solutions, whether developed internally or sourced from a vendor. OFAC's Virtual Currency Industry Guidance provides other examples of internal controls best practices that PPSIs may consider adopting. [305 ] Whether a PPSI uses these or other tools will depend on specifics of each PPSIs operations.

Ultimately, the internal controls required by the proposed rule will allow PPSIs to comply with the numerous other mandates in the GENIUS Act.

4. Proposed 31 CFR 502.201(b)(4) —Testing and Auditing

Proposed § 502.201(b)(4) would require that a PPSI establish and maintain an independent testing or audit function, accountable to senior management, with sufficient resources, expertise, and authority to identify U.S. sanctions compliance-related weaknesses and deficiencies. In addition, each PPSI would also have to ensure that qualified personnel routinely perform comprehensive, independent, and objective testing or auditing of the effectiveness of the sanctions compliance program and its functions. And finally, the proposed rule would require that such testing and auditing results are used to identify and implement any needed updates or enhancements to the sanctions compliance program, and that PPSIs maintain and provide to OFAC upon request records of any such testing and auditing results and enhancements.

An independent testing or audit function can be either external or internal to a PPSI. If internal, controls must be in place to ensure audits or testing are sufficiently independent. Criteria relevant to establish “independence” may vary based on a range of factors, including a PPSI's internal corporate structure, the internal auditor's accountability to senior leadership and or the PPSI's board of directors, as well as the training and expertise possessed by the internal auditor. With the appropriate independence, expertise, and resources, internal audits may be effective and may be a reasonable part of a compliance program, depending on a PPSI's individualized risk profile. However, OFAC's experience administering and enforcing U.S. sanctions has also shown that internal audits can lack the independence, expertise, and resources to conduct objective and thorough evaluations of an entity's own compliance efforts, while external audits often provide more effective and comprehensive assessments.

Routine, comprehensive, independent, and objective testing or auditing of a sanctions compliance program is essential to the program's continued effectiveness. [306 ] OFAC has observed cases of apparent violations resulting from compliance, testing, or audit software that was improperly configured, deactivated, or modified over time, including following updates, changes, or the deployment of new technology by the broader organization. Human error and lack of attention to changes in testing and audit results can compound these issues as can the speed and volume of payment stablecoin-related activity that PPSIs and other digital assets industry participants may face.

Again, in line with the GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, [307 ] proposed § 502.201(b)(4) does not specify the precise contours of what the testing and audit function should include. However, based on the existing 2019 Compliance Framework, PPSIs should be prepared to implement a testing and audit function that can identify weaknesses and deficiencies in their sanctions compliance, including in products or services still under development. In addition, based on the existing 2019 Compliance Framework, a testing and auditing program should be tailored to address the sanctions risks accompanying the PPSI's operations, and results should be used to implement updates, remediate compliance gaps, and make the PPSI aware of how its products and services are performing against the sanctions compliance program's internal control benchmarks.

5. Proposed 31 CFR 502.201(b)(5) —Training

Proposed § 502.201(b)(5) would require a PPSI establish and maintain a risk-based compliance training program that is: (i) performed at least annually and with a frequency appropriate to the PPSI's risk assessments and risk profile; (ii) provided to all relevant personnel and stakeholders; (iii) appropriately tailored to each trainee's role and responsibilities; (iv) modified to reflect risk assessments findings and identified deficiencies in the sanctions compliance program, including testing and audit findings; and (v) designed to include easily accessible resources and materials for all relevant personnel and stakeholders. Based on OFAC's experience investigating and enforcing sanctions violations and providing compliance guidance to private industry, OFAC has found the establishment and maintenance of a risk-based sanctions compliance training program to be critical to ensuring that the benefits and expertise cultivated by the PPSI's compliance efforts are shared across an organization and not limited to compliance program personnel and senior management. [308 ]

In keeping with the GENIUS Act's requirement to tailor rules to the size and complexity of each PPSI's operations, [309 ] OFAC proposes PPSI discretion in setting a training cadence that aligns with a PPSI's particular circumstances, provided a PPSI meets the minimum of an annual training. Based on industry practice, OFAC views annual training as an appropriate minimum, recognizing that certain PPSIs may determine, based on their assessment of risk, that more frequent trainings may be necessary, either for all or certain personnel and stakeholders, including after a knowing or material violation of the GENIUS Act has occurred or an apparent violation of U.S. sanctions, to understand root causes and avoid repeated issues.

OFAC proposes training be provided to all relevant personnel and stakeholders [310 ] to support the type of comprehensive risk assessments and testing and auditing that an effective sanctions compliance program requires. Broad awareness of an organization's sanctions compliance obligations, policies, and available tools is necessary to identify and surface information regarding potential sanctions risks and to support timely action to address those risks. Based on OFAC's ( printed page 18619) experience engaging with private sector entities of various sizes and sanctions risk profiles, a “one-size-fits-all” training requirement would both be less effective and run counter to the principle of supporting private actors to make their own circumstance-based prioritizations in furtherance of compliance. Furthermore, the requirement that training-related resources and materials be made easily available to all relevant personnel and stakeholders likewise supports the essential flow of information and a well-trained workforce. Employees or stakeholders with insufficient or inaccessible training may overlook or fail to understand the significance of relevant information at key junctures, causing sanctions violations to go unnoticed, while properly trained employees will be equipped to spot red flags and identify sanctions risk in real time.

Finally, the proposed requirement that organizations modify training programs to reflect findings of risk assessments and identified deficiencies in their sanctions compliance program is essential to keeping trainings current and effective. Training programs that do not incorporate new information and corrections to past deficiencies are inherently less effective than training programs that account for such developments.

C. Definitions

OFAC is proposing to define four terms in the definitions section of the new 31 CFR part 502. OFAC proposes to define two terms—“knowingly” and “OFAC”—at § 502.301 and § 502.302, respectively, consistent with other OFAC regulations. OFAC proposes to define “payment stablecoin-related activity” at § 502.303 to capture the range of activities involving a PPSI's payment stablecoin from the time of issuance until the payment stablecoin's removal from circulation, including activity on the secondary market, and to future-proof the regulations. Finally, OFAC proposes to define the term “permitted payment stablecoin issuer” at § 502.304 consistent with the definition of that term contained in the GENIUS Act, with slight modifications to reconcile differences between how the GENIUS Act defines the term “person” and how that term is defined in OFAC's regulations, as well as to synthesize definitions contained within the GENIUS Act for ease of understanding by the regulated public.

With the exception of the term “OFAC,” which simply refers to the “Office of Foreign Assets Control,” OFAC below provides additional explanations of the terms described above.

1. Proposed 31 CFR 502.301 —Knowingly

Consistent with the GENIUS Act, OFAC's proposed rule provides for civil monetary penalties, including penalties for each day during which a PPSI knowingly violates the GENIUS Act's requirement that PPSI's maintain an effective sanctions program. [311 ] However, the GENIUS Act does not define the term “knowingly.” Under the proposed rule, OFAC defines “knowingly” with respect to conduct, a circumstance, or a result, as meaning that a person has actual knowledge, or should have known, of the conduct, the circumstance, or the result. OFAC is proposing this definition because it is consistent with how OFAC defines that term across multiple sanctions programs and will be familiar to the sanctions compliance community. [312 ]

2. Proposed 31 CFR 502.303 —Payment Stablecoin-Related Activity

OFAC proposes to define “payment stablecoin-related activity” to include issuing, trading, holding, transacting, transferring, redeeming, or any other activity involving a payment stablecoin issued by a PPSI from the time of issuance until the payment stablecoin's removal from circulation, whether on the primary or secondary market, including through redemption or by any other means. OFAC intends to interpret the term “payment stablecoin” consistent with how that term is defined in the GENIUS Act. [313 ] As discussed in section V.B above, there are a variety of scenarios under which PPSIs may be required to block or reject transactions under U.S. sanctions, whether on the primary or secondary market. For example, a PPSI is prohibited from issuing payment stablecoins to a blocked person and from allowing blocked persons to engage with its smart contracts to facilitate trades of its payment stablecoins. Accordingly, OFAC's proposed definition ensures that a PPSI's sanctions compliance obligations apply to all activity involving its payment stablecoins, whether on the primary or secondary market. OFAC's proposed definition is also appropriately scoped to ensure that the proposed rule captures future technological developments, whether in the issuance of payment stablecoins or in the trading thereof.

3. Proposed 31 CFR 502.304 —Permitted Payment Stablecoin Issuer; PPSI

OFAC proposes to define the term “permitted payment stablecoin issuer” or “PPSI” consistent with the definition provided in the GENIUS Act. [314 ] To ensure the definition of “permitted payment stablecoin issuer” accurately applies only to “persons” as defined in the GENIUS Act, rather than “person” as defined differently in other regulations administrated by OFAC, OFAC is replacing the word “person” with “individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated,” which is how “person” is defined in the GENIUS Act. [315 ]

D. Proposed 31 CFR 502.401 and 502.402 —Penalties

Proposed § 502.401(a) would impose civil monetary penalties of not more than $100,000 per day for PPSIs that materially violate the requirement to maintain an effective sanctions compliance program. Proposed § 502.401(b) would provide for an additional $100,000 penalty for each day during which a PPSI knowingly participates in a violation of the same. If a PPSI does not pay the penalty imposed pursuant to § 502.401, proposed § 502.402 authorizes OFAC to refer the matter for administrative collection measures by the Department of the Treasury or to the Department of Justice for appropriate action to recover the penalty in a civil suit in a federal district court.

The proposed penalties are consistent with those prescribed in the GENIUS Act, which provides for a civil penalty of not more than $100,000 for each day during which a PPSI materially violates any regulation issued under the GENIUS Act and an additional penalty of not more than $100,000 per day during which a PPSI knowingly violates any regulation issued under the GENIUS Act. [316 ] Additionally, the penalties are consistent with those permitted under IEEPA, which allows for the imposition of civil penalties of the greater of $377,700 or twice the amount of the underlying transaction for each violation, [317 ] as well as the Trading with ( printed page 18620) the Enemy Act (TWEA), the sanctions authority that underpins OFAC's Cuba sanctions program, which allows OFAC to impose penalties of up to $111,308 for each violation. [318 ]

VIII. Final Rule Effective Dates

FinCEN and OFAC are proposing that their respective rules will become effective 12 months after issuance of final rules to allow sufficient time for PPSIs to review and implement the requirements of the proposed rule. We seek comment on the proposed effective date.

IX. AML/CFT Request for Comment

FinCEN seeks comments on all aspects of the proposed rule and specifically seeks comments on the following topics. For all responses, commenters are encouraged to provide the basis for any conclusions drawn in their comments. FinCEN is also requesting commenters consider whether any obligation can be better tailored to the size and complexity of an issuer and how such tailoring would impact burden and risk of illicit finance.

A. Questions on PPSI Relationships to Other Types of Financial Institutions

  1. Where PPSIs are subsidiaries of insured depository institutions, do any of FinCEN's proposals for PPSIs present legal challenges or substantial operational challenges such that implementation would be practically impossible? How can FinCEN's regulatory infrastructure promote an efficient and effective BSA regime where a PPSI and its parent may be subject to similar or overlapping obligations?

  2. Where PPSIs are also uninsured national banks, do any of FinCEN's proposals present legal challenges or substantial operational challenges such that implementation would be practically impossible? How can FinCEN's regulatory infrastructure promote an efficient and effective BSA regime where a PPSI may be subject to similar or overlapping obligations as both a PPSI and an uninsured national bank? Should FinCEN carve out PPSIs from rules that apply to banks for some or all obligations?

  3. What would be the benefits and drawbacks of FinCEN extending the logic of its 2012 administrative ruling [319 ] to PPSIs that are a subsidiary of an insured depository institution subject to a parallel regulation?

  4. Should FinCEN carve PPSIs out of the MSB definition? Are there circumstances in which an entity could reasonably be uncertain whether it should be treated as a PPSI or as an MSB under the proposed definitions? If so, please describe.

B. Questions on Proposed Definitions

  1. Are FinCEN's proposed definitions sufficiently clear? Should the definitions be expanded or narrowed in any respect? Should FinCEN define additional terms or amend additional existing terms?

  2. Are there products or arrangements that may fall near the boundary of the proposed definition of payment stablecoin, and if so, how should FinCEN address such cases?

  3. Is FinCEN's proposed definition of “lawful order” sufficiently clear? Should FinCEN further define any terms within “lawful order”? Should FinCEN, for example, specify that “accounts” for purposes of lawful orders include any number or identifier used to identify a holder of a payment stablecoin, including a wallet address?

C. Questions on Proposed AML/CFT Program

  1. In what respects should a PPSI's AML/CFT program account for risks on the secondary market?

  2. The proposed rule sets forth the conditions for an effective AML/CFT program. Is the description of an effective program sufficiently clear or is there anything further that FinCEN should consider adding in the final rule to clarify program effectiveness?

  3. The proposed rule reflects a determination by FinCEN that PPSIs are best placed to identify risks and allocate resources, and that providing them with greater discretion in these areas will improve the quality of AML/CFT compliance and reporting to law enforcement. Is this correct or should FinCEN consider adding more requirements regarding allocation of resources? How might PPSIs assess changes in the total allocation of resources devoted to an AML/CFT program in a changing risk and cost environment?

  4. Should the proposed rule's distinction between “establishing” and “maintaining” a program be modified? Is the distinction between “establishing” and “maintaining” a compliance program useful for PPSIs? Should FinCEN add anything to further define these terms in the final rule?

  5. What, if any, difficulties do PPSIs anticipate when incorporating the AML/CFT Priorities as part of their risk assessment processes?

  6. Should risk assessment processes be required to take into account additional or different criteria or risks than those listed in the proposed rule? If so, what additional factors should FinCEN consider requiring?

  7. What risk factors should PPSIs consider when conducting risk assessments under the proposed rule, including customer, product, transaction, geographic, and technological risks?

  8. Is additional explanation needed concerning when a PPSI would be required to update its risk assessment? In particular, how might FinCEN clarify how risk assessment processes would be updated “promptly”? Would an alternative approach, such as periodic updates or a set schedule for updates, be preferable? Would an alternative standard, such as “materially changes,” be clearer than “significantly changes”?

  9. To what extent do the proposed AML/CFT program requirements provide sufficient flexibility for PPSIs to design programs that are appropriately risk-based and tailored to their size, complexity, and business models?

  10. To what extent should PPSIs consider information about secondary market transactions as part of their customer due diligence processes?

  11. Should FinCEN further clarify which specific elements of an institution's AML/CFT program must be written? Should FinCEN instead eliminate the requirement that an AML/CFT program be expressly required to be “written” because, among other reasons, financial institutions may be subject to other applicable recordkeeping and documentation requirements? What would be the benefits or drawbacks of not prescribing a mandatory written requirement in the regulation?

  12. The proposed rule would require that a PPSI's written AML/CFT program be approved by its board of directors, an equivalent governing body, or appropriate senior management. Should FinCEN further clarify which aspects of the AML/CFT program must be subject to such approval? In particular: (a) should approval be required for each of the core program components, or would approval of the overall program framework be sufficient; (b) should material revisions to particular components (such as significant changes to the institution's risk assessment methodology, monitoring architecture, or governance structure) require re- ( printed page 18621) approval at the same level; and (c) what level of specificity should the approving body be required to review and approve (e.g., high-level program architecture versus detailed procedures or parameter-level settings)? Should FinCEN instead eliminate the specified approval requirement, allowing PPSIs flexibility in determining how leadership oversight of the AML/CFT program is structured? What would be the benefits or drawbacks of not prescribing a mandatory approval requirement in the regulation? If FinCEN does not eliminate the specified approval requirement, should FinCEN consider amending the requirement? Are there alternatives to board of directors, an equivalent governing body, or appropriate senior management that would be more appropriate?

  13. Should FinCEN impose the supervision and enforcement framework outlined in this proposal for PPSIs?

  14. If the supervision and enforcement framework is implemented for PPSIs should FinCEN further refine or clarify any of the concepts or definitions outlined in this proposal, including “significant or systemic failure,” “failure to establish an AML/CFT program,” “any written communication,” and “significant AML/CFT supervisory action”?

  15. Should a revocation of a permitted payment stablecoin issuer's application to a primary Federal payment stablecoin regulator be accounted for in the supervision and enforcement framework?

  16. Do any aspects of the GENIUS Act framework with regards to supervision, examination, and enforcement need to be better accounted for if the framework was implemented for PPSIs, including a consultation framework when a primary Federal payment stablecoin regulator intends to take an AML/CFT enforcement action or significant AML/CFT supervisory action?

  17. Should the proposed consultation process include an asset threshold— i.e., consultation is required for any significant AML/CFT supervisory actions involving PPSIs with $10 billion or more in assets? In addition, or as an alternative, should the proposed rule provide the option for PPSIs to request their primary Federal payment stablecoin regulator consult with FinCEN prior to initiating a significant AML/CFT supervisory action?

  18. Notwithstanding the benefits of the proposed consultation described above, the proposal may result in additional review during an examination. How can FinCEN and the primary Federal payment stablecoin regulator streamline the consultation process and prevent logistical burdens for PPSIs or delays in exam report issuance?

  19. FinCEN welcomes comment on how the Director of FinCEN may consider the performance of innovative activities that produce demonstrable outputs under the proposed supervision and enforcement framework.

D. Questions on Proposed Additional Technical Capabilities

  1. Should FinCEN refine or clarify the obligation related to having the technical capabilities to block, freeze, and reject impermissible transactions?

  2. Are there aspects of the proposed requirement that could unintentionally constrain PPSIs' choice of technical or operational approaches? If so, please explain.

  3. Is FinCEN's proposed language specifying PPSIs must have the technical capabilities to block, freeze, and reject impermissible transactions occurring on the secondary market appropriately scoped and sufficiently clear? Does it capture activity it should not? Does it leave out activity it should include?

  4. What technical, operational, or architectural challenges, if any, might PPSIs face in implementing block, freeze, and reject capabilities? How can FinCEN account for such challenges in light of the GENIUS Act's clear directive that PPSIs must have such technical abilities?

  5. Should FinCEN refine or clarify the obligation related to having the technical capabilities to comply and actual compliance with the terms of lawful orders?

  6. Is FinCEN's proposed language specifying PPSIs must have the technical capabilities to comply with the terms of lawful orders regarding the secondary market appropriately scoped and sufficiently clear? Does it capture activity it should not? Does it leave out activity it should include?

E. Questions on Currency Transaction Reporting

  1. Should FinCEN impose on PPSIs currency transaction reporting obligations? What would be the risks in not doing so?

  2. What, if any, additional exemptions should FinCEN promulgate for PPSIs relating to currency transaction reporting obligations?

F. Questions on Proposed Suspicious Activity Reporting

  1. Is FinCEN's proposal clear regarding SAR obligations relating to secondary market activity. If not, why not and how can it be improved?

  2. Are there particular types of payment stablecoin transactions or activities for which additional clarification regarding SAR reporting obligations would be beneficial?

  3. Should the proposed regulatory text be modified to clarify joint SAR-filing and SAR sharing when a PPSI is a subsidiary of a parent depository institution? Are other clarifications or modifications needed with regards to SAR sharing?

  4. Is clarification needed on how the proposed SAR reporting requirements interact with PPSIs' obligations related to blocking, freezing, and rejecting transactions, recordkeeping, or responding to lawful orders?

  5. Should FinCEN reconsider its decision not to impose any SAR obligation with respect to secondary market activity? In what circumstances would secondary market reporting be most beneficial and how burdensome would such a reporting obligation be? For example, should PPSIs be required to report secondary market suspicious activity but only at a higher standard than in primary market transactions, such as requiring reporting only when a PPSI “knows” a transaction meets specified criteria?

G. Questions on Proposed Recordkeeping Requirements

  1. To what extent is it clear how payment stablecoins should be treated for purposes of FinCEN's recordkeeping requirements, including whether payment stablecoins should be considered “money,” “funds,” “currency,” or another category under the proposed rule?

  2. Would Recordkeeping and Travel Rule obligations for PPSIs and other financial institutions be clearer if FinCEN codified a PPSI-specific Recordkeeping and Travel Rule in part 1033?

  3. The Recordkeeping and Travel Rule proposal implements the GENIUS Act's directive relative to “high-value transaction.” How else could this provision of the GENIUS Act be implemented?

H. Questions on Proposed Special Information-Sharing Procedures

  1. Are there aspects of the information sharing framework that would benefit from clarification or modification when applied to PPSIs, including definitions in 31 CFR 1010.505?

  2. To what extent would PPSIs participate in voluntary information sharing with other financial institutions under section 314(b)? ( printed page 18622)

  3. Are there legal, operational, or technical considerations that could affect PPSIs' ability or willingness to engage in voluntary information sharing related to payment stablecoin transactions?

I. Questions on Proposed Special Standard of Diligence

  1. Are there aspects of the special standard of diligence framework that would benefit from clarification or modification when applied to PPSIs?

  2. To what extent is it clear how the special standards of diligence applicable to correspondent and private banking accounts apply to PPSIs and to activities involving payment stablecoins?

  3. Are there types of relationships, accounts, or arrangements involving PPSIs that may raise questions about whether they should be treated as correspondent accounts, private banking accounts, or neither?

  4. What challenges, if any, would PPSIs face in identifying, collecting, or verifying information required to comply with the special standards of diligence, including information related to ownership, control, or source of funds?

J. Question on Proposed Effective Date

  1. FinCEN is proposing an effective date of 12 months from the date of issuance of the final rule to allow sufficient time for PPSIs to review and implement its requirements. FinCEN solicits comment on the proposed effective date.

K. Question on AML/CFT Requirements for Foreign Payment Stablecoin Issuers

  1. Through this rulemaking FinCEN is only proposing application of AML/CFT requirements to PPSIs. Are there particular requirements that FinCEN has proposed to apply to PPSIs that should or should not apply to foreign payment stablecoin issuers? Please describe why and any benefits and drawbacks.

X. Sanctions Request for Comment

OFAC seeks comments on the following topics. For all responses, commenters are encouraged to provide the basis for any conclusions drawn in their comments.

  1. Are the proposed effective sanctions compliance program regulations clear regarding the minimum elements PPSIs must include in their programs? If not, which aspects would benefit from additional clarification?

  2. Is the proposed definition of “Payment stablecoin-related activity” sufficiently clear and comprehensive to capture the full lifecycle of a payment stablecoin?

  3. What best practices would PPSIs consider in developing and implementing policies, procedures, and internal controls designed to ensure ongoing compliance with the proposed effective sanctions compliance program requirements?

  4. What technical, operational, or architectural controls might PPSIs consider in implementing block, freeze, and reject capabilities to comply with U.S. sanctions, including blocking stablecoins of blocked persons traded on the secondary market or rejecting transactions on the secondary market that involve sanctioned jurisdictions, such as Iran?

  5. To what extent does the proposed rule appropriately afford PPSIs flexibility to determine how to implement the technical capability to block, freeze, and reject transactions, consistent with their business models, technologies, and risk profiles?

  6. What risk factors should PPSIs consider when conducting risk assessments under the proposed rule, including customer, product, transaction, geographic, and technological risks?

  7. OFAC is proposing an effective date of 12 months from the date of issuance of the final rule to allow sufficient time to review and implement the effective sanctions compliance program requirements. OFAC solicits comment on the proposed effective date.

XI. Executive Order 14294 Fighting Overcriminalization in Federal Regulations

A. Overview

Executive Order 14294 Fighting Overcriminalization in Federal Regulations requires that agencies promulgating regulations potentially subject to criminal enforcement explicitly describe the conduct subject to criminal enforcement, the authorizing statutes, and the mens rea standard applicable to those offenses. [320 ] Section 5 of E.O. 14294 directs that all future notices of proposed rulemaking and final rules published in the Federal Register, the violation of which may constitute criminal regulatory offenses, should include a statement identifying that the rule or proposed rule is a criminal regulatory offense and the authorizing statute. [321 ] E.O. 14294 directs agencies to draft this statement in consultation with the Department of Justice. [322 ]

E.O. 14294 further directs that the regulatory text of all NPRMs and final rules with criminal consequences published in the Federal Register after May 9, 2025 should explicitly state a mens rea requirement for each element of a criminal regulatory offense, accompanied by citations to the relevant provisions of the authorizing statute.

B. Criminal Enforcement for Chapter X Obligations

Willful violations of the regulations proposed to be added to Chapter X, if finalized, may be subject to criminal penalties pursuant to 31 U.S.C. 5322 and regulations promulgated 31 CFR chapter X. The statutory authority for criminal liability requires a mens rea of willfulness as an element under 31 U.S.C. 5322(a) and 31 U.S.C. 5322(b). FinCEN's existing regulation, 31 CFR 1010.840, that sets out criminal penalties for violations of regulations promulgated in 31 CFR chapter X also includes a mens rea of willfulness. In drafting this statement, FinCEN has consulted with the Department of Justice.

C. Criminal Enforcement for Chapter V Obligations

Willful violations of the regulations proposed to be added to Chapter V, if finalized, may be subject to criminal penalties pursuant to 50 U.S.C. 1705, 50 U.S.C. 4315, 19 U.S.C. 3907, 21 U.S.C. 1906, and regulations promulgated thereunder. The statutory authority for criminal liability under 50 U.S.C. 1705(c), 50 U.S.C. 4315(a), 19 U.S.C. 3907(a)(2), and 21 U.S.C. 1906(a) requires a mens rea of willfulness as an element. OFAC's existing regulations that set out criminal penalties for violations of regulations issued pursuant to these statutes also include a mens rea of willfulness. In drafting this statement, OFAC has consulted with the Department of Justice.

XII. Regulatory Impact Analysis

FinCEN and OFAC have analyzed the proposed rule as required under E.O. 12866, [323 ] E.O. 13563, [324 ] E.O. 14192, 325 the Regulatory Flexibility Act (RFA), [326 ] the Unfunded Mandates Reform Act of 1995 (UMRA), [327 ] and the Paperwork Reduction Act (PRA). [328 ]

This proposed rule has been determined to be a “significant regulatory action” under section 3(f) of E.O. 12866. FinCEN and OFAC have included an Initial Regulatory Flexibility Analysis (IRFA) pursuant to the RFA as the proposed rule may have a significant economic impact on a substantial number of certain types of affected small entities. [329 ] Pursuant to analysis required by UMRA, FinCEN and OFAC conclude it is unlikely that the proposed rule, if implemented, would result in a novel annual expenditure of more than $193 million by State, local, and Tribal governments or by the private sector. [330 ]

As described above, [331 ] the proposed rule would require certain issuers of “payment stablecoins,” referred to herein as PPSIs, to “be treated as a financial institution for purposes of the Bank Secrecy Act, and as such, shall be subject to all Federal laws applicable to financial institutions located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and due diligence.” [332 ] Specifically, this NPRM, among other things, would implement the GENIUS Act's directive for PPSIs to: (i) maintain an effective AML program, which includes appropriate risk assessments and designation of an officer to supervise the program; (ii) retain appropriate records; (iii) monitor and report any suspicious transaction relevant to a possible violation of law or regulation; and (iv) maintain the technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State law, rules, or regulations. [333 ] It also requires PPSIs to maintain an effective sanctions compliance program. [334 ] The proposal would also implement a GENIUS Act requirement that PPSIs have the technological capability to comply and will comply with the terms of any lawful order in order to issue payment stablecoins. [335 ]

In so doing, FinCEN and OFAC contemplate a number of benefits for PPSIs, law enforcement and national security agencies, and the general public that would flow from (1) ensuring that a PPSI's AML/CFT program is substantively consistent with the requirements of other financial institution types, and where appropriate, that PPSI are subject to additional provisions to further mitigate ML/TF risks unique to PPSIs; and (2) codifying longstanding economic sanction compliance expectations and establishing a minimum threshold for compliance standards.

This regulatory impact analysis (RIA) begins by describing the broad economic analysis undertaken to inform the expectations of the proposed rule's economic impact and burden. [336 ] This is followed by pieces of additional and, in some cases, more specifically tailored analysis as required by E.O.s 12866, 13563 and 14192, [337 ] the RFA, [338 ] the UMRA, [339 ] and the PRA. [340 ] Requests for comments on the RIA—regarding specific findings, assumptions, or expectations, or with respect to the analysis in its entirety—can be found in the final subsection. [341 ] These requests for comments have been previewed throughout the RIA.

A. Assessment of Impact

Consistent with best practices in regulatory economic analysis, the assessment of impact begins with an overview of broad economic considerations identifying, among other things, the need for the policy intervention. [342 ] Next, FinCEN and OFAC (1) describe the current regulatory requirements and background practices against which the proposed rule would introduce changes and (2) establish baseline estimates of the number of covered financial institutions and other entities that could be affected by the proposed rule. [343 ] The analysis then briefly reviews elements of the proposed rule that most directly inform how foreseeable economic impacts would flow from how covered financial institutions and their respective regulators would need to newly undertake activities to comply with the proposed regulation in which they would otherwise be unlikely to engage in the ordinary course of business. [344 ] Next, the RIA presents the anticipated benefits and estimated costs to the respective affected parties that would be associated with compliance. [345 ] Finally, the assessment concludes with a brief discussion of alternative policies FinCEN and OFAC considered and could have proposed, including an evaluation of the relative economic merits of each against the expected value of the rule as proposed. [346 ]

1. Broad Economic Considerations

In performing its assessment of impact, FinCEN and OFAC took into consideration certain fundamental economic problems that the proposed rule is expected to address as well as the general social and economic costs that may ensue from PPSIs with ineffective BSA compliance or inadequate economic sanctions compliance programs. Because this NPRM is being issued pursuant to statutory obligations, [347 ] the necessity for FinCEN and OFAC to independently identify and articulate fundamental economic problems that the proposed rule is intended to address, as the basis for regulatory action, [348 ] is attenuated because, at best, this activity would complement the problem identification already performed by Congress. 349 ( printed page 18624) Nevertheless, FinCEN and OFAC have remained mindful of these animating considerations as well as the general social and economic costs that may ensue from an ineffective BSA and sanctions compliance regime.

FinCEN and OFAC expect that the proposed rulemaking would meaningfully alleviate certain underlying economic problems that could otherwise impair the effective administration of the BSA and U.S. sanctions laws, as well as potentially distort affected markets. These include potential problems that flow from the incidence of both positive and negative externalities in connection with BSA and sanctions compliance activities, certain information asymmetries, and the potential for regulatory arbitrage in the absence of uniform minimum standards for PPSIs' BSA and sanctions compliance obligations. [350 ]

The expected benefits of the proposed rule, as discussed below, are therefore linked by the extent to which the proposed requirements would address these fundamental economic problems. [351 ]

2. Institutional Baseline and Affected Parties

In proposing this rule, FinCEN and OFAC considered the incremental impacts of the proposed requirements relative to the current state of the affected markets and their participants. [352 ] This baseline analysis of the parties that would be affected by the proposed rule, their current obligations and related activities, and currently accrued costs and/or benefits satisfies analytical best practices by describing the alternative of not pursuing the proposed, or any other, novel regulatory action. [353 ] In each case, for new proposed requirements, FinCEN and OFAC have attempted to identify the incremental expected economic effects of each component of the proposal as precisely as practicable against this baseline. Nevertheless, in certain cases, FinCEN and OFAC can only make qualitative assessments.

As a first step in the process of isolating these anticipated marginal effects, FinCEN and OFAC assessed the regulatory and market landscape facing current stablecoin issuers, and potential future PPSIs, that would be affected by the proposed rule, including an estimate of the expected near-term number of potential PPSIs, their existing regulatory requirements, and the burden they either would or currently face in connection with the compliance activities the proposed rule would require. FinCEN and OFAC also briefly discuss other categories of persons and entities (i.e., regulators, compliance examiners, law enforcement and national security agencies, and certain members of the general public) that are expected to be directly affected by the proposed rule.

FinCEN acknowledges that the discussion below does not include an assessment of the baseline level of general compliance with existing BSA requirements and must therefore caveat that the incremental effects estimated in subsequent sections are based on the presumption of full compliance with the current rules. [354 ] FinCEN does not attempt to estimate a baseline population of currently non-compliant entities that could be differently affected by the rule because it is unclear that the proposed rule would alter the compliance choices already made by those financial institutions. FinCEN invites comment on whether this assumption, or the baseline it implies, is appropriate for the purposes of this analysis.

Relatedly, prior to the passage of the GENIUS Act, there was no explicit legal requirement for U.S. person stablecoin issuers to establish and maintain a sanctions compliance program. However, as U.S. persons, U.S. stablecoin issuers are, and from inception have always been, required to comply with U.S. sanctions laws administered by OFAC. OFAC acknowledges that the discussion below does not include an assessment of the baseline level of general compliance by U.S. persons with sanctions law as currently administered by OFAC and must therefore caveat that the incremental effects estimated in subsequent sections are similarly based on the presumption of full compliance as status quo. OFAC invites comments on whether this assumption, or the baseline it establishes, is the most appropriate and informative for the purposes of this RIA.

i. Regulatory Baseline

FinCEN and OFAC took various components of the current regulatory landscape into consideration when assessing the increments by which the proposed rule would impose changes on the status quo. [355 ] Specifically, FinCEN and OFAC considered (1) existing AML/CFT requirements, (2) existing sanctions compliance requirements (3) state regulations, and (4) required activities proposed here that would also be necessary to satisfy requirements in other proposed related rules that would implement the GENIUS Act but are not part of this NPRM. [356 ] The extent to which each of these components of the regulatory baseline is germane to the novel incremental burden of a given future PPSI is expected to depend on the unique facts and circumstances of the PPSI under consideration. [357 ]

a. Existing AML/CFT Requirements

Through this rulemaking FinCEN proposes, as required by the GENIUS Act, imposing certain novel obligations or obligations that differ in some material respects from stablecoin issuers' current obligations. In many respects, however, FinCEN expects issuers' obligations under this proposal, if finalized, would be comparable to existing ones. If an existing stablecoin ( printed page 18625) issuer's current regulatory obligations already include AML/CFT requirements, FinCEN expects this to primarily flow from the applicability of the BSA to that stablecoin issuer as an MSB that is a money transmitter. The exposition on this in section V.A is adopted here by reference as part of the RIA regulatory baseline.

Alternatively, a future PPSI might exist as the subsidiary of an insured depository institution or as an uninsured national bank. In this case, because such institutions are also currently subject to a range of BSA obligations, including AML/CFT program obligations, it is reasonable to consider the regulatory requirements of the parent institution a more relevant baseline. In addition to the AML/CFT requirements for MSBs discussed above, banks and credit unions are subject to a number of additional FinCEN requirements, including: (1) CIP requirements, 358 beneficial ownership information (BOI) requirements for legal entity customers, 359 required reporting on transactions of exempt persons, 360 additional recordkeeping requirements, 361 due diligence programs for correspondent accounts for foreign financial institutions and private banking accounts, 362 requirements related to the prohibition on correspondent accounts for foreign shell banks and records concerning owners of foreign banks and agents for service of legal process, [363 ] and (7) reporting obligations on foreign bank relationships with Iranian-linked financial institutions designated under IEEPA and IRGC-linked persons designated under IEEPA. [364 ] Because the FinCEN requirements for banks already encompass a broader set of elements, and these elements are largely the same as the requirements being proposed to apply to PPSIs, the incremental change to the regulatory baseline of FinCEN requirements for future PPSIs that would be subsidiaries of insured depository institutions or uninsured national banks is expected to be smaller than for PPSIs that would transition into the status from previously being MSBs. [365 ]

b. Existing Sanctions Compliance Requirements

Prior to the passage of the GENIUS Act, there was no explicit regulatory requirement for U.S. persons to establish and maintain a sanctions compliance program. However, all U.S. persons, including U.S.-based stablecoin issuers, are required to comply with U.S. sanctions pursuant to regulations administered by OFAC. Therefore, stablecoin issuers that would be subject to the proposed rule as PPSIs would be independently required to comply with existing sanctions obligations as U.S. persons, [366 ] which as a practical matter typically involves the development and implementation of a risk-based sanctions compliance program in order to comply with such existing sanctions obligations. [367 ] Thus, OFAC expects PPSIs' obligations under this proposed rule, if finalized, would be comparable to existing obligations stemming from their status as U.S. persons subject to U.S. sanctions laws. Furthermore, with respect to non-U.S. person stablecoin issuers that would become U.S. persons to qualify as a PPSI, OFAC's experience administering U.S. sanctions has demonstrated that sophisticated multi-jurisdictional financial actors often maintain sanctions compliance programs aligned with U.S. sanctions requirements regardless of their status as U.S. persons. [368 ] The exposition on this in section V.B is adopted here by reference as part of the RIA regulatory baseline.

c. State Regulations

Stablecoin issuers may also be subject to state regulations, which can vary in (1) general level of detail and complexity, which as a baseline matter would introduce variation in the incremental compliance burden of the proposed rule's program requirements; and (2) nexus with AML/CFT and sanctions compliance program requirements, from state to state. For example, the New York State Department of Financial Services (NYDFS) has detailed virtual currency regulations and guidance specifically for stablecoins. [369 ] When a stablecoin issuer applies for a license or a charter, NYDFS reviews the issuers' business plan, product offerings, and business model and may consider whether the issuers is registered with FinCEN as an MSB as well as take into consideration the issuer's AML program and sanctions compliance. [370 ] After licensure, a stablecoin issuer must obtain NYDFS's written approval before issuing a stablecoin. [371 ] NYDFS looks at a range of potential risks before authorizing a stablecoin issuer to issue a stablecoin, including AML and sanctions ( printed page 18626) compliance. [372 ] In other states, stablecoin issuers do not have separate virtual currency regulations and are instead regulated as money transmitters. [373 ]

FinCEN and OFAC took these factors into consideration when assessing the quantifiable incremental economic costs of the proposed rule. In particular, FinCEN and OFAC were sensitive to the additional challenges state regulatory requirements would present to successfully disaggregating economic effects of the proposed rule from those attributable to business activities otherwise undertaken with respect to state-level regulatory requirements.

d. Other GENIUS Act Requirements for PPSIs

As part of their analysis, FinCEN and OFAC contemplated additional prospective baseline requirements—once certain other, but related, rules proposed pursuant to the GENIUS Act are adopted as final rules—that would become part of a prospective future PPSI's regulatory baseline. Under the GENIUS Act, a PPSI is required to certify to its primary Federal payment stablecoin regulator or State payment stablecoin regulator that it has implemented an AML program and economic sanctions compliance program consistent with the requirements of the GENIUS Act within 180 days of approval of its initial application and annually thereafter. [374 ] Additionally, each PPSI that (1) is not a State qualified payment stablecoin issuer, (2) has a total outstanding issuance of less than $10 billion, and (3) is supervised by a primary Federal payment stablecoin regulator, is required, upon request, to submit to its regulator a report on that FQPSI's compliance with the requirements of the BSA and sanctions implemented by OFAC. [375 ] FinCEN and OFAC took these requirements into consideration, noting that because the statutory registration requirements, which are distinct from the ones covered in this proposed rulemaking, necessitate the collection and production of certain information and records that would flow from compliance with the requirements in this proposed rule, it may not be practicable to artificially segregate the incremental components of the same recordkeeping burden to fully avoid double-counting the costs of PPSI efforts across all PRA analyses covering the same activity. [376 ]

ii. Baseline of Affected Parties

FinCEN and OFAC expect the following populations to be directly affected by the proposed rule: (1) certain financial institutions, namely PPSIs and PPSI-affiliated insured depository institutions or uninsured national banks; (2) regulators and other compliance examiners; and (3) law enforcement and national security agencies. FinCEN and OFAC also took into consideration that certain other persons, including PPSI business counterparties, clients/customers of PPSIs, and other members of the general public may be indirectly affected by the proposed rule. However, for purposes of the remaining analysis, it was determined that of these various groups of other affected parties, it would be reasonable to limit further consideration of the anticipated economic impact on specific subpopulations of the general public, aside from to the general public as a whole, [377 ] to direct customers of PPSIs [378 ] and to further limit consideration of the impact on such customers as narrowly attributable to the proposed AML/CFT and sanctions compliance requirements. [379 ] To the extent that economic impact on additional key, directly affected subpopulations of the general public should be considered, FinCEN and OFAC invite comment, data, studies, or reports that would enhance its ability to identify and quantify such effects.

a. Affected Financial Institutions

FinCEN and OFAC expect the proposed rule to directly affect the financial institutions it would regulate. This includes all future PPSIs. For specifically those PPSIs that would be subsidiaries of insured depository institutions, FinCEN and OFAC considered that the proposed rule may also economically affect the parent insured depository institutions.

1. PPSIs

Because the proposed rule would specifically apply AML/CFT and economic sanctions compliance program requirements on PPSIs, they are expected to be the proposed rule's primary affected parties. To form an estimate of the number of future PPSIs the proposed rule would cover, FinCEN and OFAC attempted to account for both existing stablecoin issuers, who may become PPSIs, as well as prospective future PPSIs that, but for the GENIUS Act framework, would be unlikely to enter the market.

To estimate the expected population of future PPSIs, FinCEN and OFAC began by conducting a comprehensive review of current products that were each individually identified by either the product issuer or another market participant as a “stablecoin.” This scoping of the initial review was intended to be sufficiently broad so as to encompass all current products that could potentially meet the definitional criteria set forth in the GENIUS Act for a future “payment stablecoin.” [380 ] The next step was to cull from this initial pool of stablecoin issuers, offering approximately 350 products, the proper subpopulation of potential future PPSIs that, following the GENIUS Act taking effect, would be able to pursue registration as a PPSI without first needing to make substantive changes to their current product attributes. 381 ( printed page 18627) FinCEN and OFAC applied certain filters on product characteristics to eliminate identified stablecoins that did not comport with the definitional attributes of a payment stablecoin as defined by the GENIUS Act and used this to sort the stablecoins' issuers.

To be a payment stablecoin, under the GENIUS Act, a digital asset must be used or designed for payment or settlement, its issuer must be obligated to redeem or convert it for a fixed amount of monetary value and not another digital asset, and its issuer must represent that it will maintain a stable value relative to a fixed amount of monetary value. [382 ] A PPSI must maintain identifiable reserves backing the payment stablecoin with specific, high quality, liquid assets, which include U.S. coins and currency, demand deposits, and Treasury bills, notes, and bonds. [383 ] Consequently, issuers who did not offer products pegged to the U.S. dollar were treated as unlikely to pursue PPSI registration in the future. In addition, stablecoin products with no central issuer were also considered unlikely to be associated with an entity that would seek PPSI status.

Table 1 provides a summary of how this review of identified current stablecoins effectively narrowed the total population to those that might, in the future, be eligible to be considered payment stablecoins. Of the approximately 350 products examined, only 43 meet the above criteria— i.e., were tri-partly fiat-backed, USD hard-pegged centralized coins. Of these 43, five were precluded from potential future payment stablecoin eligibility by their reserve holdings, nine by their yield, and one by both of these features.

| Stablecoin classification | Product
population | Filtering criteria | Number of stablecoin products excluded |
| --- | --- | --- | --- |
| Full population | 352 | None | 0. |
| Able to meet payment stablecoin criteria without significant restructure | 43 | Fiat-backed, USD-pegged, centralized issuance, hard-peg a | 309 (from total). |
| Technically compliant with payment stablecoin reserves criteria | 38 | GENIUS Act defined reserve holdings b | 5 (from technically eligible). |
| Technically compliant with payment stablecoin yield requirements | 34 | Non-yield bearing c | 9 (from technically eligible). |
| Potential payment stablecoins | 30 | All | 322 (from total) 13 (from technically eligible). |
| a As defined in section 2(22)(A) of the GENIUS Act, a payment stablecoin must be a digital asset that is, or designed to be, used as a means of payment or settlement, and, and as defined in section 2(22)(A)(ii)(II) of the GENIUS Act, a payment stablecoin must be redeemable for a fixed amount, and the issuer represents that it will maintain a stable value relative to the value of a fixed amount of monetary value. FinCEN and OFAC view product pegging to the U.S. dollar as opposed to another currency as a practical requirement to hold only USD-denominated reserve assets. | | | |
| b As required by section 4(a)(1)(A) of the GENIUS Act, the issuer of a payment stablecoin must only hold asset types as provided by the Act as reserves. | | | |
| c As required by section 4(a)(11) of the GENIUS Act, a payment stablecoin must not offer yield. | | | |
Using this method, FinCEN and OFAC identified 30 products issued by 25 unique entities that matched the specified criteria. As such, there are at least 25 existing issuers of stablecoins that, if the regulations implementing the GENIUS Act were presently effective, would appear to be eligible to apply to be PPSIs. Understanding that some of these entities might still choose not to seek PPSI status, [384 ] and allowing that other current stablecoin issuers could, in the interim, still modify the digital assets that they issue in order to be eligible to seek PPSI status once the GENIUS Act becomes effective, FinCEN and OFAC anticipate that the number of current entities that could be potential future PPSIs subject to the proposed rule may be between 20 and 40. [385 ] FinCEN and OFAC nonetheless acknowledge that a wide range of factors that could potentially influence the choice of eligible institutions to apply for PPSI status in the future, including market demand, strategic operational decisions, and future developments in the digital asset landscape. [386 ] In general, where current stablecoin issuers see PPSI standards as representing costs that would outweigh the benefits of achieving the PPSI designation, they may voluntarily choose another regulatory option despite being technically eligible to register. [387 ]

FinCEN and OFAC's analysis also considered the need for this impact assessment to, in some fashion, account for potential future PPSIs that have not yet entered the stablecoin market. In the aforementioned review of 350 current stablecoin products, 63 products were identified as issued by an entity that appeared facially eligible for potential future status as either a PPSI or a foreign payment stablecoin issuer (FPSI). [388 ] Of those issued since 2018, approximately 45 percent (28 stablecoins) were issued within the last two calendar years (2024 and 2025), with year-over-year growth ( printed page 18628) in 2025 slightly lower than the year prior. Because the stablecoin market is still relatively nascent and has historically faced varying levels of regulatory uncertainty, basing expectations of stable or sustainable future growth rates on past trends would be exceedingly speculative and generally inadvisable. On the one hand, the number of stablecoin market entrants may increase in light of the enhanced certainty and clarity afforded by the GENIUS Act framework. On the other hand, it is also possible that a number of current stablecoin issuers may exit the U.S. market, either because they are legally not able to remain if not PPSIs, or because the market may naturally consolidate as it matures. [389 ]

To estimate the near-term expected inflow of future PPSIs, FinCEN and OFAC looked to the companionate GENIUS Act-related analyses of expected future PPSI registration requirements performed by OCC, FDIC, and NCUA as additional sources of information. [390 ] FinCEN and OFAC expect that a substantial proportion of future PPSIs newly entering the U.S. stablecoin market would be affiliated with an insured depository institution or uninsured national bank and that, additionally, some potential future PPSIs that currently do not have any such affiliation, may newly become affiliated with an insured depository institution or uninsured national bank. Insured depository institutions in particular are well-suited to launch payment stablecoin products due to their position within financial markets, customer base, and existing technology and compliance infrastructure.

The OCC, FDIC, and NCUA have each conducted independent research with a view to estimating the number of potential PPSIs that would register as PPSIs in the near-term future. [391 ] Summing across these respective exercises yields a projection of up to 42 new PPSIs that would initially register as entities affiliated with insured depository institutions. Taking each of those independent analyses, their respective methodologies, and expected levels of precision into consideration, FinCEN and OFAC anticipate that the proposed rule could be expected to apply to an average of approximately 50 PPSIs in each of the first three years of the GENIUS Act being effective. [392 ]

FinCEN and OFAC project that of the 50 anticipated PPSIs, approximately 60 percent would be subsidiaries of insured depository institutions and 40 percent would be other PPSIs. [393 ] Because this projection represents best efforts given limited information, the public is strongly encouraged to provide additional comments, data, and other information that could enhance the accuracy and precision of these estimates.

2. Insured Depository Institutions With PPSI Subsidiaries

FinCEN and OFAC expect that certain financial institutions other than future PPSIs themselves would be impacted by the rule. In particular, insured depository institutions that would have a PPSI as a subsidiary may incur additional costs integrating their PPSI subsidiaries into their broader AML/CFT programs and sanctions compliance framework. [394 ] Because this RIA projects that there may be up to 30 such PPSIs on average in the each of the first three effective years of the GENIUS Act, the corresponding number of expected affected insured depository institutions would also be up to 30. It is anticipated that insured depository institutions would arrange for their subsidiary PPSI's compliance policies, procedures, and activities to nest within the preexisting overall programmatic compliance structure of the parent organization. As such, parent organizations may be economically affected by the need to revise, expand, or otherwise tailor their existing practices. It is possible that similarities between the existing requirements for banks and this proposal would reduce, though not eliminate, these costs.

b. Regulators and Other Compliance Examiners

Examiners that would be required to assess future PPSIs' compliance with AML/CFT and sanctions compliance program requirements are expected to be directly affected by the proposed rule. [395 ] With respect to the proposed AML/CFT requirements, as discussed above in section VI.C.2, the GENIUS Act distinguishes between the categories “primary Federal payment stablecoin regulator” and “State payment stablecoin regulator,” and this NPRM includes proposals to (1) amend § 1010.810(b) to delegate examination authority to the primary Federal payment stablecoin regulators and (2) apply the existing delegation to the IRS at § 1010.810(b)(8) for PPSIs regulated by State payment stablecoin regulators. [396 ] As a function of the proposed amendments, this proposed rule is expected to directly affect FinCEN as well as other Federal financial regulatory agencies and their compliance examiners, who number approximately 7,500 from the Board, FDIC, NCUA, and OCC, [397 ] plus several hundred additional examiners from the IRS. [398 ]

With respect to the proposed sanctions compliance program obligations, presented in section VII, this NPRM would require that PPSIs maintain certain records related to their sanctions compliance program, which can be made available to OFAC upon request. [399 ] As such, the proposed rule may affect OFAC's enforcement personnel, who would investigate and enforce potential violations of the effective sanctions compliance program requirement. Additionally, similar to FinCEN's estimation above, the proposed rule is anticipated to directly affect other Federal financial regulatory agencies and their compliance examiners, who number approximately 7,500 from the Board, FDIC, NCUA, and OCC, who already incorporate sanctions compliance review as part of the examination process. [400 ]

( printed page 18629)

c. Law Enforcement and National Security Agencies

The proposed rule is intended to support the efforts of law enforcement and national security agencies by promoting AML/CFT compliance and sanctions compliance program implementation among stablecoin issuers that become PPSIs, which should generate highly useful reports and other data in addition to deterring predicate crimes and violations of U.S. laws and regulations. Law enforcement and national security agencies that enter into a memorandum of understanding with FinCEN can directly access and use reports and data provided to FinCEN in compliance with AML/CFT requirements. As of fiscal year 2024, 432 Federal, State, and local law enforcement; regulatory; and national security agencies had access to BSA reports and BSA Search, and the BSA Portal had over 12,000 users. [401 ] In addition, reports of blocked property and rejected transactions submitted to OFAC can be key to developing sanctions enforcement actions that help protect U.S. national security interests.

d. Members of the General Public

FinCEN and OFAC expect the general public to be affected by the proposed rule, with certain subpopulations affected more directly than others in specific instances. [402 ]

1. General Public

Implementing the proposed rule would ensure that PPSIs are “subject to all Federal laws applicable to a financial institution located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and due diligence.” [403 ] Ensuring these guardrails and infrastructure are in place is fundamental to unlocking the potential benefits that a vibrant and well-functioning payment stablecoin market can offer the public (described above in section IV.B) because these regulatory guardrails and infrastructure are necessary to insulate the system from abuse and critical risks to its integrity (described in section IV.D). FinCEN and OFAC also considered that the proposed rule could further benefit the general public to the extent that AML/CFT and sanctions compliance would deter the use of payment stablecoins to enable fraud [404 ] and help prevent the use of payment stablecoins to enable and fund illicit activity counter to U.S. national security interests. [405 ]

2. PPSI Customers

Because the proposed AML/CFT requirements include obligations that depend on information collected and produced by a PPSI's customers, FinCEN considered the prospective customers of future PPSIs as uniquely affected members of the general public. Although estimated payment stablecoin users number in the hundreds of millions, a substantially smaller number (in the hundreds of thousands) are likely to interact with PPSIs in the primary market. Many of these customers are large financial institutions, as described above in section IV.A, and most large stablecoin issuers set significant financial requirements for primary market participants that exclude retail-level participation. Most primary market activity, as measured in transaction volume, is attributable to these large entities. However, some issuers have increasingly adopted wider-facing mint/redeem models that seek to include smaller investors and businesses. To the extent that PPSI markets continue to face large, or almost exclusively, larger clients who are themselves legal entities, financial institutions, or other non-natural persons, the typical future PPSI would be expected to face a higher per-customer burden than other types of financial institutions that currently have AML/CFT program obligations comparable to those that would apply to PPSIs but a lower concentration of legal entity customers to individuals. Because certain program requirements that rely on customer information have burdens that scale with the complexity of the customer and, in general, legal entity customers have more complex information to provide than natural persons, both future PPSIs and their typical prospective customers would face compliance-related cost profiles that are unique to the industry.

OFAC also considered the impact of the proposed rule on the relationship between PPSIs and their customers. Because PPSIs would be considered U.S. persons, they are therefore subject to U.S. sanctions laws, including obligations to block or reject unauthorized transactions as they would apply on either the primary and secondary market, regardless of the proposed rule's requirement that PPSIs maintain an effective sanctions compliance program. Furthermore, PPSI customers who are U.S. persons are already obligated to comply with U.S. sanctions themselves. As a result, OFAC would not expect any incremental costs to the customers of PPSIs as a result of the proposed rule.

To estimate the number of expected primary market customers a future PPSI might interact with and, therefore, need to collect certain information and conduct due diligence on under the proposed AML/CFT requirements, FinCEN and OFAC examined current on-chain minting and redemption activity as observable from publicly available data. The majority of stablecoin products meeting the GENIUS Act's definitional criteria for future payment stablecoins that FinCEN and OFAC reviewed had fewer than 1,000 primary market customers in a given year, which is consistent with prior expectations of high barriers to market participation. However, a small number of the stablecoins reviewed had significantly more primary market contact (with up to as many as 250,000 customers) in a given year. In the sample of issuers FinCEN reviewed, the average number of an issuer's primary market customers was approximately 17,000, but this value appeared to be driven by extreme outliers. The truncated average was approximately 1,000, and the median value was 100. [406 ]

Based on this analysis, FinCEN estimates that the “average” PPSI would have approximately 1,000 primary market customers that it interacts with directly, including issuing and redeeming payment stablecoins and engaging in digital asset service provider activities where those activities are authorized by the appropriate primary Federal or the State payment stablecoin regulator and consistent with all other federal and state laws. However, some PPSIs are expected to have substantially more or substantially fewer. On aggregate, FinCEN does not expect the total market population of identifiably unique future primary market PPSI customers to exceed ( printed page 18630) 300,000. [407 ] However, FinCEN and OFAC anticipate that a substantial number of these observably unique customers may be affiliates of a single counterparty (i.e., not substantively unique or representative of distinct legal entities) or associated with non-U.S. entities. [408 ] As such, FinCEN and OFAC find that a more appropriate estimate of the population of primary market customers that are unique U.S. businesses, legal entities, or other non-natural person is much smaller than 300,000 and is closer to approximately 10,000. These businesses belong to several categories, including digital asset exchanges, specialized digital asset commodities traders, and other types of investment and securities related businesses. Besides digital asset exchanges, FinCEN and OFAC expect that most of a typical future PPSI's other customers are likely to be financial institutions. [409 ]

FinCEN and OFAC also used publicly available data on on-chain minting and redemption activity to analyze annual rates of customer growth and turnover. Many of the stablecoin issuers reviewed retained the same group of large “core” primary market customers year over year but exhibited significant turnover among their smaller primary market customers. In addition, most stablecoin issuers saw significant growth in their primary market customer base during 2025. For purposes of modelling expected economic effects, FinCEN and OFAC assume that this growth will continue, particularly among stablecoin issuers that are able to secure PPSI registration. Of the stablecoin issuers FinCEN reviewed, the average rate of new customer inflow, year-over-year, was approximately 65 percent of the number of existing, previous customers. Therefore, FinCEN and OFAC apply this rate, where relevant, when estimating the costs in the remaining analysis. FinCEN requests comment on whether the assumptions regarding the number of primary market customers are reasonable.

iii. Current Market Practices

In assessing the impact of the proposed rule, FinCEN and OFAC took into consideration a number of current market features relevant to both the proposed future AML/CFT obligations and the proposed sanctions compliance program requirements of potential future PPSIs. [410 ] FinCEN then separately considered current practices of unique relevance to its proposed AML/CFT requirements, [411 ] while OFAC similarly considered economic sanctions compliance-related current market practices. [412 ]

a. Market Structure and Activities

At present, the stablecoin market is characterized by many features of early stage development, and within this ecosystem, existing stablecoins whose issuers would potentially be eligible to register as a payment stablecoin issuers (PPSIs or FPSIs) in the future constitute a small proportion of currently available products (less than one in five) but a considerably larger share of current market capitalization, ranging in expectation from approximately 75 to 81 percent, with variation based on assumptions. Thus, the stablecoin market that future PPSIs would face might reasonably be expected to persist in being highly concentrated.

Current stablecoin issuers, particularly those with larger market shares, also appear to be part of more complex corporate structures, existing operationally within a framework of affiliated legal entities that may be functionally unified but, for either tax or legal purposes, considered technically distinct. It is unclear if these configurations should be expected to persist in their current form once the GENIUS Act becomes effective.

b. Current AML/CFT Compliance Practices

To inform its assessment of the expected incremental impact of the proposed obligations, FinCEN considered several features related to current stablecoin issuers' AML practices. In particular, FinCEN performed additional analysis of the stablecoin issuers identified, as discussed above in section XII.A.2.ii.a, as potential future PPSIs, taking into account the observed incidence and rate of MSB registration and BSA report-filing activity as well as the general utilization of BSA filings by law enforcement and national security agencies' efforts that PPSIs would contribute to under the proposed requirements, and thereby indirectly benefit the general public.

1. Current Stablecoin Issuer MSB Registration

In its review of MSB registrations newly filed, revised, or renewed by the issuers of stablecoin products at least once in the most recent two calendar years, FinCEN observed that approximately 50 percent of the stablecoin-issuing entities identified in section XII.A.2.ii.a. 1 appear to have submitted the requisite filings to be registered as MSBs, including one issuer also affiliated with a major international bank. Current stablecoin products for which no associated MSB registration activity could be identified, while representing nearly half of the current stablecoin-issuing population, represented less than one percent of the total market capitalization of all the likely potential future payment stablecoin products.

2. Current Stablecoin Issuer AML/CFT Programs

Even without the AML/CFT requirements of the BSA or the GENIUS Act, FinCEN expects that many stablecoin issuers would still be likely to employ some AML/CFT measures in their current issuance and trading frameworks. For example, nearly all centralized issuers collect information on their direct customers (i.e., “primary market” customers) when minting or redeeming coins. [413 ] Direct customers must typically provide information such as name, address, Social Security number/tax ID number (TIN), government ID, and often additional business documentation.

In order to collect, screen, and store customer information in the ordinary course of business, stablecoin issuers and other financial market participants often employ software technologies especially suited for this purpose. These third-party services often provide customer identity information verification and screening to collect and verify personal information such as ( printed page 18631) name or address. These products provide a technical basis for many AML/CFT compliance tasks, particularly with regard to primary market customers.

As previously discussed in section XII.A.2.ii.d. 2, many of the potential future PPSIs identified by FinCEN have tended to retain the same group of large “core” primary market customers year over year but have exhibited significant turnover among smaller primary market customer institutions focused on market arbitrage or other short-term trading opportunities. In its review, FinCEN observed that turnover rates were particularly high among issuers whose business models, from inception, facilitated larger numbers of primary market customers. These kinds of issuers appear to have had several thousand new primary market participants in a given year, which suggests such firms are likely to have automated screening functions to enable interaction with such high volumes of new customers. Smaller or more centralized stablecoin issuers generally had far fewer new customers (although retention or growth may be similar from a percentage standpoint) and have processes that may be more manual.

3. Current Stablecoin Issuer BSA Reporting Practices

In its assessment of current market practices, FinCEN evaluated the SAR and CTR filing activity of current stablecoin issuers. This review both (1) informed the estimates of expected BSA-reporting activity and burden utilized in sections XII.A.4.ii.a and XII.E.1 below and (2) illuminated aspects of certain stablecoin issuers' current organizational features and practices in identifying and responding to suspicious activity.

As a preliminary matter, FinCEN observed that BSA filing activity generally followed the same distribution of attributes as stablecoin issuer MSB registration but has, in relatively stable fashion, remained concentrated to a smaller proportion of the population of stablecoin issuers and exhibited more pronounced differences between high volume and low volume report filers year over year.

FinCEN reviewed BSA available filings for the issuers of 17 of the stablecoin products it identified in section XII.A.2.ii.a. 1 as meeting the definitional criteria set forth in the GENIUS Act to be eligible as potential future PPSIs. Sixteen of these products had issuers who registered at least once as an MSB within the past three years. The number of annual SAR filings by these entities ranged from zero to over 4,000 per entity in calendar year 2025, the average was about 350, and the truncated average was 104. [414 ] In some cases, high filing counts may have also been attributable to the stablecoin issuer's offering of other products and services in addition to its stablecoin offerings (resulting in a wider range of activity that could result in a SAR), so the truncated average is likely a closer estimate for the average rate of stablecoin-related SAR filing frequency for the typical future PPSI. While FinCEN also observed that some stablecoin issuers have historically filed CTRs, it notes that within the past five completed calendar years, only one of the stablecoin issuers the analysis in section XII.A.2.ii.a. 1 identified as a potential future PPSI continued to file through the end of the sample period.

FinCEN found several pieces of anecdotal, qualitative, and quantitative information that corroborate the agency's understanding of certain baseline market features and activities in the SARs filed by stablecoin issuers. In particular, the SAR narratives proved a rich source of information. For example, data about the stablecoin-issuing filers of BSA reports support FinCEN's general observations about the structural complexity of potential future PPSIs as discussed above in section XII.A.2.ii.a. Of the stablecoin issuers with BSA filings, the average number of related but potentially distinct legal entities—as measured by the number of unique filer TINs per issuer of stablecoin products—associated with filing activity was more than one (approximately two), but some stablecoin issuers had as many as eight. In several cases, the legal entities filing SARs were distinct from the legal entities registering as MSBs, even though they were affiliated with the same issuer. FinCEN also examined Report of Foreign Bank and Financial Account (FBAR) filing activity in which these issuers were the subject, and found indications that a number of these issuers maintain offshore accounts which may be associated with separate, offshore entities.

These findings provide important insight into how a typical stablecoin issuers may operate. Generally, such issuers establish multiple legal aliases, often to serve separate functions. The legal entities responsible for identifying and reporting suspicious activity are often separate from the legal entities responsible for facilitating money transmission as an MSB. However, based on the SAR filings that FinCEN reviewed, it seems clear that these functions operate in close coordination with one another. In addition, it appears plausible, based on BSA filing data, that stablecoin issuers may use offshore entities or accounts to achieve favorable tax treatment or additional legal flexibility.

In addition to filing BSA reports, including SARs about their customers, the potential future PPSIs that FinCEN identified were often the subject of various filing types, including SARs, themselves. While there were substantially fewer of these SAR filings about the respective stablecoin issuers than there were filings by those issuers, SARs that reported potential future PPSIs may serve as an additional indication of the illicit activity risks associated with stablecoins, as discussed above in section IV.D.

The SARs FinCEN reviewed that were filed by stablecoin issuers also speak to the incidence of what FinCEN and OFAC have discussed and referenced throughout as their expectations of certain current market practices and activities. In particular, a review of SAR narratives indicates that reporting stablecoin issuers commonly employ a variety of technologies to conduct due diligence in connection with customer relationships and to identify high-risk customers. Filers often identified suspicious customers based on documentation provided by the customer that appeared contradictory or falsified, indicating that these issuers currently obtain and carefully review substantial amounts of information collected by and from customers. From SAR filings, FinCEN observed that it appears to be common practice, at least among reporting stablecoin issuers, for customers to already be asked to provide identifying information at a level equivalent to or exceeding the minimum generally necessary to comply with the proposed rule. Reporting issuers also appear to use technology service providers to investigate linkages between customers and high-risk and/or sanctioned entities.

Some filings appear to have, in part, been informed by a concern about the apparent nature of the reported transaction activity, and in some cases transactions with no apparent lawful purpose or with certain identified high-risk on-chain addresses were flagged for investigation. In certain instances, issuers reported transaction patterns inconsistent with their customers' reported location information that the ( printed page 18632) reporting stablecoin issuers had identified and tracked. In several cases, SAR-filing stablecoin issuers reported subjecting high-risk customers to transaction freezes. In one instance, a SAR-filing stablecoin issuer reported having frozen the use of issued coins by a particular secondary market user in response to a law enforcement request. Reports such as these suggest that at least some stablecoin issuers currently have the ability to, and do, monitor customer activity including, in some cases, using geolocation technology and/or monitoring observable transactions on the secondary market, and these reporting issuers are also, in many cases, currently able to freeze the use of their stablecoin products.

4. Current Use of BSA Information by Law Enforcement and National Security Agencies

While results may not be published, FinCEN both routinely receives reports [415 ] and conduct surveys [416 ] that speak to the use and usefulness of BSA information to law enforcement and national security agencies. An older, but broadly analogous, publicly available report from the U.S. Government Accountability Office (GAO) found that in 2018, a majority of federal and state law enforcement agencies had direct access to FinCEN's BSA database (i.e., 85 percent of federal agencies and 54 percent of state agencies), though fewer than one percent of local law enforcement agencies did. [417 ] FinCEN believes these survey results may underrepresent the extent to which local law enforcement may benefit from BSA information insofar as the GAO study could not directly account for the incidence of referrals to local law enforcement of matters not otherwise pursued by federal or state agencies directly. The study also surveyed 5,257 investigators, analysts, and prosecutors at six federal law enforcement agencies and found that these agencies used BSA data extensively, estimating that approximately 72 percent of personnel conducting investigations from 2015 to 2018 used BSA reports to support their work. [418 ]

c. Current Sanctions Compliance Practices

As previously discussed in section XII.A.2.i.b, prior to the enactment of the GENIUS Act, no U.S. person was explicitly required to establish and maintain a sanctions compliance program. Nevertheless, in practice, industry participants, including U.S.-based stablecoin issuers, have long implemented risk-based sanctions compliance measures consistent with OFAC's publicly issued guidance. Specifically, OFAC's 2019 Compliance Framework [419 ] strongly encourages persons subject to U.S. jurisdiction—including foreign entities engaging in business in or with the United States, U.S. persons, or U.S.-origin goods or services—to adopt and maintain a risk-based sanctions compliance program. In current practice, these measures have been adopted to ensure compliance with binding U.S. sanctions obligations, even in the absence of a formal programmatic requirement. Additionally, in 2021, OFAC issued the Virtual Currency Industry Guidance, [420 ] which adapted the five elements for a sanctions compliance program from the 2019 Compliance Framework for the digital assets industry and provided guidance on specific risk typologies that may arise within the industry. This guidance also highlighted best practices that can assist companies in the industry with sanctions compliance, such as the use of geolocation tools and transaction monitoring and investigation software. OFAC has also issued guidance specifically related to digital assets, including frequently asked questions (FAQs), that highlight OFAC's practices and expectations for individuals and entities operating in the digital assets industry. [421 ]

Based on current market research, FinCEN and OFAC observe that in practice, sanctions compliance may be operationalized as an integrated component of what is commonly referred to as an institution's broader AML compliance framework. As a result, sanctions-related controls commonly share training, technology, personnel, and governance structures with AML compliance programs, making it difficult, for purposes of this RIA, to meaningfully disaggregate certain costs attributable solely to current or future sanctions compliance requirements from broader AML/CFT market baseline activities. Consistent with FinCEN's risk-based AML framework, institutions generally already incorporate sanctions risk into enterprise-wide risk assessments, customer due diligence, transaction screening, internal controls, and escalation and remediation procedures that form part of the overall AML compliance program. [422 ]

As a matter of industry practice, sanctions compliance practices are also typically both conceptually risk based and, operationally, technology enabled. Such programs commonly incorporate screening technology during customer- or client-onboarding and, on an ongoing basis, screen against OFAC sanctions lists, as well as conduct due diligence designed to identify sanctions-related risks that may not explicitly be reflected in OFAC's lists, including indirect or layered exposure. [423 ] As observed, sanctions screening typically involves a number of complex processes, and stablecoin issuers often adopt “on-chain” screening technologies and processes to ensure that all payments using stablecoins are compliant with U.S. sanctions. Institutions typically first screen customer information against OFAC-administered sanctions lists, including the SDN List, at the time of onboarding. Procedures usually involve ongoing sanctions screening and risk-based re-screening (for example, related to a historical lookback) to account for updated customer information, updates to OFAC sanctions lists, or changes in regulatory requirements. Screening techniques attempt to identify addresses, including physical, digital wallet, and IP addresses, and other relevant information with potential links (or indirect exposure) to sanctioned persons ( printed page 18633) or jurisdictions, often utilizing screening tools' “fuzzy logic” capabilities to account for common name variations and misspellings (e.g., “Crimea” versus “Krimea”). “Smart contracts” are a commonly utilized blockchain tool that, among other functions, may be programmed to automatically identify and prevent transactions attempted by sanctioned entities or rely on third-party data sources, such as oracles, for sanctions screening. [424 ] Based on market research, FinCEN and OFAC find that while existing `off-the-shelf' software is already available to meet many of these requirements, a future PPSI might choose to create a bespoke system for its sanctions compliance needs.

3. Description of Proposed Requirements

For purposes of the RIA, FinCEN and OFAC considered the various components of the proposed rule with a view towards the specific features or elements that are expected to generate, either directly or indirectly, an economic benefit or cost, or lead to changes in market participant incentives in a way that may generate economic benefits or costs. [425 ] For components of the proposed rule that FinCEN and OFAC analysis has not assigned a quantified burden (in hours or dollars), the reason for doing so is briefly explained in the description of expected costs in section XII.A.4.ii.

To balance the completeness of the RIA with the desire for expositional clarity and ease of tractability between the proposed regulatory text and sections VI and VII (section-by-section analyses) and section XII. (regulatory impact analysis), FinCEN and OFAC have included table 2, to provide a mapping of the various components of the proposed rulemaking as presented in FinCEN and OFAC's respective section-by-section analyses to their analogous categorization in the RIA.

Scope of affected entities The proposed rule would . . . Section VI and VII analysis Considered in RIA subsection(s) Proposed regulatory text location
PPSIs Amend the definition of “financial institution” to include “a permitted payment stablecoin issuer” for purposes of the BSA VI.C.1.i XII.A.3.i and iii.a 31 CFR 1010.100(t)(11).
Amend the definition of “money services business,” by adding “a permitted payment stable coin issuer” to the list of entities excluded from the definition VI.C.1.ii XII.A.3.i 31 CFR 1010.100(ff)(8).
Amend the definition of “transaction,” to add the issuance or redemption of a payment stablecoin as a type of transaction VI.C.1.iii XII.A.3.i 31 CFR 1010.100(bbb)(1).
Amend the definition of “transmittal order,” to add a payment stablecoin as a subject of an order VI.C.1.iv XII.A.3.i 31 CFR 1010.100(eee).
Define the terms “digital asset,” “distributed ledger,” “lawful order,” “payment stablecoin,” “permitted payment stablecoin issuer,” “primary Federal payment stablecoin regulator,” “Federal qualified payment stablecoin issuer,” “State payment stablecoin regulator,” and “State qualified payment stablecoin issuer.” VI.C.1.v-xiii XII.A.3.i 31 CFR 1010.100(ppp), (qqq), (rrr), (sss), (ttt), (uuu), (vvv), and (www).
Delegate examination authority for PPSIs VI.C.2 XII.A.3 31 CFR 1010.810(b)(11).
PPSIs with respect to their AML/CFT Program Requirements Require internal policies, procedures, and controls that (1) identify, assess, and document ML/TF risks through risk assessment processes; (2) mitigate ML/TF risks consistent with a PPSI's risk assessment processes; and (3) conduct ongoing customer due diligence VI.C.3.ii.a XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.A.4.ii.a. 4, XII.E.1 31 CFR 1033.210(b)(1).
Require that risk assessment processes (1) evaluate ML/TF risks from business activities; (2) consider AML/CFT Priorities; and (3) update promptly responsive to significant changes to ML/TF risks VI.C.3.ii.a XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 31 CFR 1033.210(b)(1)(i)(A), (B), and (C).
Require independent testing of the AML/CFT program VI.C.3.ii.b XII.A.3.iii.a, XII.A.4.ii.a. 2 31 CFR 1033.210(b)(2).
Require the designation of an AML/CFT officer, require that the designated individual is located in the United States, has not been convicted of a felony, and is subject to oversight and supervision by FinCEN and its designee, and is responsible for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance VI.C.3.ii.c XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 31 CFR 1033.210(b)(3).
Require a PPSI AML/CFT program to include an “ongoing employee training program.” VI.C.3.ii.d XII.A.3.iii.a, XII.A.4.ii.a. 3, XII.E.1.ii.a 31 CFR 1033.210(b)(4).
Require the AML/CFT program be written, made available upon request to FinCEN or its designee, and approved by the PPSI's board of directors, an equivalent governing body within the issuer, or appropriate senior management VI.C.3.iii XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 31 CFR 1033.210(d).
Require any and all certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying that the PPSI has implemented an AML/CFT program be made available upon request to FinCEN or its designee VI.C.3.iv XII.A.3.iii.a, XII.A.4.ii.a. 1, XII.E.1 31 CFR 1033.210(e).
( printed page 18634)
Define the terms/phrases “AML/CFT enforcement action,” “AML/CFT requirement,” and “significant AML/CFT supervisory action.” VI.C.4.i XII.A.3.i 31 CFR 1033.221(a).
Provide that a PPSI with an AML/CFT program established in accordance with proposed 31 CFR 1033.210(b) would not be subject to an AML/CFT enforcement action or significant AML/CFT supervisory action absent a significant or systemic failure to implement said program within the meaning of proposed 31 CFR 1033.210(c), and provide that the proposed 31 CFR 1033.221(b)(1) provisions do not apply when there is a failure to establish an AML/CFT program within the meaning of proposed 31 CFR 1033.210(b) VI.C.4.ii XII.A.3.iii.a 31 CFR 1033.221(b).
Provide that in determining to take, or in review of, an AML/CFT enforcement action or significant AML/CFT supervisory action, the Director would take into account factors under 31 U.S.C. 5318(h)(2)(B) and the PPSI's unique ability and efforts to advance AML/CFT priorities VI.C.4.iii XII.A.3.iii.a 31 CFR 1033.221(d).
Amend 31 CFR 1010.230 with respect to PPSIs' obligation to collect and verify beneficial ownership information about legal entity customers VI.C.5 XII.A.3.iii.c, XII.A.4.ii.a. 4, XII.A.5.i.b, XII.E.1 31 CFR 1010.230.
Require “technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations.” VI.C.6.i XII.A.3.iii.b, XII.A.4.ii.a. 5, XII.A.5.i.c 31 CFR 1033.240(a).
Require a PPSI to (1) have the technical capabilities to comply with the terms of any lawful order and (2) comply with the terms of any lawful order VI.C.6.ii XII.A.3.iii.b, XII.A.4.ii.a. 5, 31 CFR 1033.240(b).
Require the filing of CTRs VI.C.7 XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 31 CFR 1033.310-315.
Require the filing of SARs VI.C.8.i-iii XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 31 CFR 1033.320(a), (b).
Require the retention of copies of filed SARs and the underlying related documentation for a period of five years from the date of filing VI.C.8.iv XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 31 CFR 1033.320(c).
Prohibit the disclosure a SAR or any information that would reveal the existence of a SAR VI.C.8.v XII.A.3.iii.c 31 CFR 1033.320(d).
Provide protection from liability for making required or voluntary reports of suspicious transactions, or for failures to provide notice of such disclosure to any person identified in the disclosure to the full extent provided by 31 U.S.C. 5318(g)(3) VI.C.8.vi XII.A.3.iii.c 31 CFR 1033.320(e).
Require examination of compliance with their obligation to report suspicious transactions by FinCEN and its delegees VI.C.8.vii XII.A.3.iii.c, XII.E.1 31 CFR 1033.320(f).
Exclude secondary market transfers from a PPSI's SAR reporting obligations VI.C.8.viii XII.A.3.iii.c, XII.A.4.ii.a. 6, XII.E.1 31 CFR 1033.320(g).
Require the retention of appropriate records VI.C.9.i XII.A.3.iii.d, XII.A.4.ii.a. 7, XII.E.1 31 CFR 1033.410.
Apply the information-sharing provisions of sections 314(a) and (b) of the USA PATRIOT Act to PPSIs VI.C.10 XII.A.3.iii.e, XII.A.4.ii.a. 8, XII.E.1 31 CFR 1033.520; 540
Require compliance with special standards of diligence, prohibitions, and special measures under section 311 of the USA PATRIOT Act, including enhanced due diligence for correspondent and private banking accounts and some active special measures VI.C.11 XII.A.3.iii.f, XII.A.4.ii.a. 9-10, XII.E.1 31 CFR 1033.600-630; 31 CFR 1010.651; 653; 658-661; 663; and 664.
PPSIs with respect to their Sanction Compliance Program Requirements Impose standard recordkeeping and reporting requirements as found in 31 CFR part 501, including requiring any and all certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin be provided to OFAC VII.A XII.A.3.iv, XII.A.4.ii.a. 1, XII.A.4.ii.a. 7, XII.E.1 31 CFR 502.102.
Require senior management (1) review and approval of a PPSI's sanctions compliance program and (2) support for the sanctions compliance program's effective implementation VII.B.1 XII.A.3.iv, XII.A.4.ii.a. 1, XII.E.1 31 CFR 502.201(b)(1).
( printed page 18635)
Require sanctions-related risk assessments by: (i) conducting holistic assessments of U.S. sanctions risks at appropriate intervals; (ii) using the risk assessments to inform the PPSI's operation of its sanctions compliance program, including revising internal controls and training as appropriate; and (iii) revising risk assessments as appropriate to account for any identified U.S. sanctions violations or deficiencies, new products, services, mergers, or acquisitions, and any other factors that may affect a PPSI's risk profile VII.B.2 XII.A.3.iv, XII.A.4.ii.a. 1, XII.E.1 31 CFR 502.201(b)(2).
Require a system of risk-based internal controls, including technical capabilities VII.B.3 XII.A.3.iv, XII.A.4.ii.a. 5, XII.A.4.ii.a. 7, XII.A.5.ii 31 CFR 502.201(b)(3).
Require a system of risk-based internal controls, including written policies and procedures VII.B.3 XII.A.3.iv, XII.A.4.ii.a. 1, XII.A.5.ii, XII.E.1 31 CFR 502.201(b)(3).
Require an independent testing or audit function, accountable to senior management, with sufficient resources, expertise, and authority to identify U.S. sanctions compliance-related weaknesses and deficiencies VII.B.4 XII.A.3.iv, XII.A.4.ii.a. 3, XII.A.5.ii, XII.E.1 31 CFR 502.201(b)(4).
Require records of testing and auditing results and resulting updates or enhancements to the sanctions compliance program be maintained and provided upon request to OFAC VII.B.4 XII.A.3.iv, XII.A.4.ii.a. 7, XII.E.2 31 CFR 502.201(b)(4)(iv).
Require a risk-based compliance training program VII.B.5 XII.A.3.iv, XII.A.4.ii.a. 2, XII.A.5.ii, XII.E.1 31 CFR 502.201(b)(5).
Defines the terms “knowingly,” “OFAC,” “payment stablecoin-related activity,” and “permitted payment stablecoin issuer; PPSI.” VII.C.1-3 XII.A.3.ii 31 CFR 301-304.
Federal Financial Institutions Regulatory Agencies (FFIRAs) Require an FFIRA consultation with the Director before any significant AML/CFT supervisory action pursuant to delegated authority is initiated VI.C.4.iii XII.A.3.iii.a, XII.A.4.ii.b 31 CFR 1033.221(c)(1).
Require, generally, an FFIRA to provide written notice to the Director of any intent to take a significant AML/CFT supervisory action pursuant to delegated authority at least 30 days in advance of the proposed action 31 CFR 1033.221(c)(2)(i).
Require, to the extent reasonably practicable, that an FFIRA respond to requests from the Director for additional information regarding a proposed significant AML/CFT supervisory action 31 CFR 1033.221(c)(2)(ii).
FinCEN and its Delegees Require examination of PPSIs' compliance with their obligation to report suspicious transactions VI.C.8.vii XII.A.3.iii.c, XII.A.4.ii.b 31 CFR 1033.320(f).

i. Proposed New and Amended FinCEN Definitions

As discussed in greater detail in section VI.C.1 above, FinCEN is proposing to amend four existing definitions and add nine new terms to the general definitions section of its regulations, 31 CFR 1010.100. FinCEN is proposing three additional definitions in connection with the proposed regulation and supervision of PPSI AML/CFT programs in 31 CFR part 1033. Where it is adding new terms, in large part, FinCEN's proposed definitions would embed the language of the GENIUS Act in FinCEN regulations. In a few instances, however, FinCEN is proposing to modify the statutory language.

As a general matter, definitions prescribe the scope of parties to whom, and products to which, a regulation applies and are therefore capable of generating economic effects as a consequence of the delineations they set forth. However, because FinCEN's proposed additions and changes to definitions are necessary to effectuate the GENIUS Act's direction that PPSIs be subject to the BSA, or are otherwise intended to harmonize the GENIUS Act definitions with FinCEN's existing regulations, to improve readability, or to avoid confusion with other similar terms defined by FinCEN's regulations without changing the meaning of any defined terms, these components of the proposed rule are not expected to independently generate incremental direct economic effects. As such, these elements of the proposed rule are not separately considered in the section XII.A.4 discussion below. Public comment is invited on whether FinCEN should reconsider the potential standalone economic impact of the definitions, collectively or individually, in the context of and as proposed components of this NPRM.

ii. Proposed New OFAC Definitions

As discussed in greater detail in section VII.C above, OFAC is proposing to define four terms in the definitions section of the new 31 CFR part 502. OFAC's proposed definitions of the terms “knowingly” and “OFAC” are consistent with other OFAC regulations. OFAC's proposed definition of “payment stablecoin-related activity” is scoped to cover the range of activities involving a PPSI's payment stablecoin from the time of issuance until the payment stablecoin's removal from circulation. Finally, OFAC's proposed definition of “permitted payment stablecoin issuer” is consistent with the definition of that term contained in the GENIUS Act, with minor modifications.

While OFAC recognizes that definitions can generate economic effects, OFAC does not expect these components of the proposed rule to independently generate incremental direct economic effects. OFAC's proposed definitions are necessary to effectuate and enforce the GENIUS Act's requirement that PPSIs maintain an effective sanctions compliance program, including by emphasizing that a PPSI's sanctions compliance obligations apply ( printed page 18636) to all activity involving its payment stablecoins, [426 ] or are otherwise intended to harmonize the GENIUS Act definitions with OFAC's existing regulations. As such, these elements of the proposed rule are not separately considered in section XII.A.4 discussion below. Public comment is invited on whether OFAC should reconsider the potential standalone economics impact of the definitions, collectively or individually, in the context of and as proposed components of this NPRM.

iii. Proposed New FinCEN Requirements

a. AML/CFT Program-Related Proposed Requirements

As discussed in greater detail in section VI.C.3, the proposed rule includes new requirements for PPSIs to develop and implement AML/CFT programs. The proposed rule would require AML/CFT programs to reasonably manage and mitigate ML/TF risks through internal policies, procedures, and controls that are commensurate with those risks and ensure ongoing compliance with the BSA and its implementing regulations. The proposed rule would require PPSIs to reasonably manage and mitigate risks using internal policies, procedures, and controls based on their institution-specific ML/TF risks as identified by the risk assessment process(es) required. An effective, risk-based, and reasonably designed AML/CFT program would continue to incorporate the results of the applicable risk assessment process(es) through appropriate changes to internal policies, procedures, and controls to manage ML/TF risks on an ongoing basis as necessary. The procedures must also integrate and support the conduct of ongoing customer due diligence. The proposed rule would require PPSIs to conduct ongoing customer due diligence as part of their AML/CFT program obligations. [427 ] The GENIUS Act requires that PPSIs are subject to due diligence requirements including enhanced due diligence where appropriate. [428 ]

The proposed rule provides PPSIs with the regulatory flexibility to consider innovative approaches to comply with BSA requirements as FinCEN aims to encourage instances where a PPSI finds it beneficial to consider and evaluate technological innovation and, as warranted by the PPSI's risk profile, implement new technology or innovative approaches in combating financial crime. Additionally, PPSIs may find it beneficial to consider whether the AML/CFT program appropriately uses the financial institution's existing internal capabilities, technologies, product lines, and data. For example, if a PPSI's issuance or financial risk management team monitors the lifecycle of the PPSI's stablecoins for financial resilience, the PPSI may find it beneficial for its AML/CFT program to consider using similar technology or approaches in managing and mitigating its ML/TF risks.

The proposed rule also includes several other program requirements. The BSA requires AML/CFT programs to have an “independent audit function to test programs.” [429 ] Under the proposed rule, a PPSI would need to establish independent AML/CFT program testing to be conducted by the PPSI's personnel or an outside party. [430 ] The GENIUS Act, 12 U.S.C. 5903(a)(5)(A)(i), and the BSA, 31 U.S.C. 5318(h)(1)(B), also require PPSIs to designate an AML/CFT officer. Under the proposed rule, PPSI's would be required to designate an individual, who is located in the United States and accessible to, subject to oversight and supervision by, FinCEN and its designee, and has not been convicted of certain felony offenses. [431 ] The AML/CFT officer would be responsible for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance with the requirements and prohibitions of the BSA and FinCEN's implementing regulations. [432 ] The BSA additionally requires AML/CFT programs to have an “ongoing employee training program;” [433 ] accordingly, the proposed rule would require PPSIs to have an ongoing employee training program. [434 ]

The proposed rule would require PPSIs to have a written AML/CFT program and would require the PPSI to make a copy of its written AML/CFT program available to FinCEN or its designee upon request. The proposed rule would also require that a PPSI's written AML/CFT program be approved by the PPSI's board of directors or an equivalent governing body within the PPIS, or appropriate senior management of the PPSI. The proposed rule specifies that approval encompasses each of the components of the AML/CFT program. [435 ] In addition, the proposed rule would require PPSIs to make available to FinCEN, or its designee, upon request any and all certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying that the PPSI has implemented an AML/CFT program.

FinCEN is proposing to require PPSIs to establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers as part of a PPSI's AML/CFT program obligations. [436 ] These requirements mirror existing BSA requirements that apply to many other financial institutions. The GENIUS Act requires that PPSIs be subject to “due diligence requirements.” Collection of beneficial ownership information is a core element of effective due diligence.

The proposed rule also sets forth a supervision and enforcement framework. FinCEN expects proposed 31 CFR 1033.221(d) to affect PPSIs' incentives because it provides that in determining to take, or in review of, an AML/CFT enforcement action or significant AML/CFT supervisory action, the FinCEN Director would take certain factors into consideration, including facts and circumstances unique to the PPSI in question. In particular, § 1033.221(d)(2) would require the Director to consider the PPSI's demonstrable efforts to advance AML/CFT priorities such as its production of highly useful information, analytics, or other innovations. FinCEN expects that the proposed regulation could reasonably be expected to generate economic effects because it would likely change the scope or nature of activities undertaken and/or investments made.

b. Proposed Additional Technical Capabilities, Policies, and Procedures

The GENIUS Act requires that PPSIs have “technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations.” [437 ] This is a novel requirement that does not currently apply to other types of financial institutions. [438 ] GENIUS Act ( printed page 18637) also requires that PPSIs “issue payment stablecoins only if the issuer has the technological capability to comply, and will comply, with the terms of any lawful order.” [439 ] The GENIUS Act defines “lawful order,” which states, in part, that a lawful order is an order that is subject to judicial review and is issued under Federal law that requires a person to “seize, freeze, burn or prevent the transfer of” payment stablecoins the person issued and specifies the payment stablecoins or account with reasonable particularity. [440 ]

Due to the overlap in terms between this requirement and the requirement that PPSIs be able to “block, freeze, and reject” specific transactions, under the proposed rule the regulatory text regarding the block/freeze/reject requirement also includes the requirement that PPSIs have capabilities, policies, and procedures in place to comply with lawful orders. [441 ]

c. Proposed Currency Transaction and Suspicious Activity Reporting

The proposed rule includes reporting requirements related to currency transaction reporting, [442 ] Specifically, the proposal requires PPSIs to file CTRs for “each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000,” unless subject to an applicable exemption. As discussed in section VI.C.7 and section XII.A.2.iii.b. 3, FinCEN recognizes that, presently, stablecoin issuers rarely transact in physical transfers of currency.

The GENIUS Act explicitly requires PPSIs to be subject to BSA requirements relating to “monitoring and reporting of any suspicious transaction relevant to a possible violation of law or regulation.” Under the BSA, FinCEN has authority to require any financial institution to report “any suspicious transaction relevant to a possible violation of law or regulation.” With limited exceptions, all financial institutions subject to the BSA are required to identify and report suspicious activity. These reports provide highly useful information that is leveraged by authorized users as part of criminal, tax, and regulatory investigations; risk assessments; and intelligence and counterintelligence activities. The proposed rule implements these requirements for PPSIs. [443 ] PPSIs would also be required to maintain copies of filed SARs and the underlying related documentation for a period of five years from the date of filing. The proposed rule also applies standards for SARs relating to confidentiality and liability.

d. Proposed Recordkeeping

The GENIUS Act requires that PPSIs be subject to laws relating to “retention of appropriate records.” [444 ] Under the BSA, FinCEN has authority to impose on financial institutions obligations relating to requiring, retaining, and maintaining records. [445 ] Pursuant to this authority, FinCEN has issued recordkeeping regulations, including those codified as 31 CFR part 1010, subpart D, which apply broadly to financial institutions subject to specified exceptions. These recordkeeping obligations enhance law enforcement's ability to detect, investigate, and prosecute money laundering and other financial crimes by preserving an information trail about persons sending and receiving funds. This proposed rule would apply these recordkeeping regulations to PPSIs. [446 ]

The recordkeeping obligations would require PPSIs to create and retain certain records for extensions of credit in excess of $10,000; and certain records of cross-border transfers of currency, monetary instruments, funds, checks, investment securities, and credit worth more than $10,000. The proposal also requires financial institutions to collect and retain records for funds transfers and transmittals of funds in amounts of $3,000 or more. Lastly, The Travel Rule requires financial institutions to transmit information on certain funds transfers and transmittals of funds to other financial institutions participating in the transfer or transmittal.

e. Special Information Sharing

The proposed rule would apply the information sharing provisions at § 1010.520 also known as 314(a) and § 1010.540 also known as 314(b) to PPSIs. The description of requirements in section VI.C.10 above is adopted by reference.

f. Special Standards of Diligence, Prohibitions, and Special Measures

Finally, the proposal would require that PPSIs be subject to some of the special standards of diligence, prohibitions, and special measures under section 311 of the USA PATRIOT Act, including enhanced due diligence for correspondent and private banking accounts and additional special measures. [447 ] As discussed in section VI.C.11, FinCEN is not proposing to apply 31 CFR 1010.630 to PPSIs, which would prohibit correspondent accounts for foreign shell banks. Thus, this provision is not relevant to the cost of the proposed rule. The proposed rule would require PPSIs to comply with special measures issued pursuant to the sections 311, 9714(a), and 2313a to maintain the options available under these sections to protect the U.S. financial system from certain illicit finance threats. [448 ]

iv. Proposed OFAC Sanctions Compliance Program Requirements

The GENIUS Act requires that PPSIs maintain an “effective sanctions compliance program” [449 ] and that regulations promulgated under the Act are “tailored to the size and complexity” [450 ] of a PPSI. To implement this requirement, OFAC's proposed rule would require PPSIs adopt a sanctions compliance program that includes, at a minimum, five key elements outlined in OFAC's 2019 Compliance Framework: 451 senior management and organizational commitments, [452 ] requiring that a PPSI's senior management establish and maintain an effective sanctions compliance program as prescribed in the proposed rule; (2) risk assessments, [453 ] requiring holistic assessments of sanctions risks at appropriate intervals that are utilized and revised as specified in the proposed rule; (3) internal controls, [454 ] which are applicable to all payment stablecoin-related activity, whether on the primary or secondary market, that identify, block, and/or reject transactions that may violate or would violate U.S. sanctions and retains relevant records in accordance with OFAC regulations; (4) an independent testing and auditing function, [455 ] accountable to senior ( printed page 18638) management, with sufficient resources, expertise, and authority; and (5) training, [456 ] requiring PPSIs to establish and maintain a risk-based sanctions compliance training program for all relevant personnel and stakeholders. [457 ]

The GENIUS Act's requirement that PPSIs maintain an effective sanctions compliance program is a novel legal requirement that currently does not apply to other U.S. persons. [458 ] Nevertheless, the five enumerated minimum elements for a sanctions compliance program included in the proposed rule reflect a well-established risk-based approach to sanctions compliance that OFAC has strongly encouraged and for which OFAC has issued publicly available guidance, including the 2019 Compliance Framework. [459 ] Accordingly, apart from one new recordkeeping requirement discussed below, OFAC does not assess the required elements of a sanctions compliance program as proposed would impose novel incremental economic costs. OFAC's history of enforcing U.S. sanctions has shown that, as a matter of current industry practice, actors in the digital asset ecosystem—alongside numerous other U.S. persons—employ sanctions compliance practices that are typically risk based, technology enabled, and informed by the outlined OFAC guidance.

The proposed rule would impose certain recordkeeping requirements that extend beyond current obligations on U.S. persons pursuant to existing regulations administered by OFAC. [460 ] First, the proposed rule would require a PPSI to maintain records of the results and enhancements that are made to a PPSI's sanctions compliance program in line with the testing and auditing mandated by the proposed rule. [461 ] Second, the proposed rule would require PPSIs to provide upon request to OFAC any and all certifications submitted to the PPSI's primary Federal payment stablecoin regulator or State payment stablecoin regulator certifying that the PPSI has implemented an effective sanctions compliance program. [462 ]

4. Anticipated Economic Effects

This section provides FinCEN and OFAC's analysis of the estimated benefits and costs of the proposed rule. While not all benefits and costs are readily quantifiable, in this analysis FinCEN and OFAC have sought to include an evaluation of certain foreseeable non-quantified economic benefits in addition to quantified costs to more comprehensively assess the potential net benefit of the proposed rule and select alternatives.

i. Expected Benefits

The proposed rule is anticipated to result in certain nonquantifiable benefits to covered PPSIs, law enforcement, national security, U.S. foreign policy objectives and the general public. As discussed in section XII.A.1, these benefits are expected to flow from the extent to which BSA and sanctions compliance program requirements reduce uncertainty, improve transparency, and increase adherence to legal requirements in the stablecoin industry.

The benefits assessed here are more difficult to quantify than the costs, but the proposed rule is nonetheless anticipated to add substantial value directly and indirectly through effects that can contribute to the detection and deterrence of money laundering and terrorist financing, and that support broader policy goals.

Significant direct benefits of the proposed rule are expected to accrue to the public sector, most notably to U.S. law enforcement and the national security community, and to the stablecoin industry itself. Further, the identification of illicit activity in, or malign uses of, the stablecoin industry that would not occur but for the application of specific program, sanctions compliance, technology, reporting, and recordkeeping obligations to payment stablecoin issuers would (1) result in more effective detection of illicit finance activity occurring through the industry and (2) contribute to deterrence. This would benefit society more generally through a range of economic, security, and other effects.

The proposed rule is also expected to benefit participants in the payment stablecoin industry by introducing greater regulatory clarity and industry-specific standards around AML/CFT and sanctions compliance program requirements. By introducing legal clarity around the status and requirements of certain issuers of payment stablecoins, the GENIUS Act and the proposed rule may reduce certain information asymmetries between investors and stablecoin issuers. As discussed earlier, regulatory uncertainty often increases investors' perceptions of risk and reduces or otherwise distorts equilibrium levels of investment. Regulatory measures affecting digital assets in U.S. states have been found to be associated with significant increases in industry investment activity. [463 ]

In addition, the AML/CFT and sanctions compliance program requirements in the proposed rule would provide further benefit by addressing existing gaps and market externalities, with potentially significant implications for detection and deterrence. For instance, some anticipated results associated with the proposed rule include (1) implementing enhanced technology standards for PPSIs that are not currently applicable to MSBs or banks, (2) requiring non-IDI subsidiary PPSIs to collect more detailed information on legal entities who are their primary market customers, (3) setting clear standards for PPSIs that prevent stablecoin products from exploiting or being exploited by regulatory arbitrage or ambiguity, and (4) codifying sanctions compliance requirements. These changes would support law enforcement by ensuring the technological means to mitigate the use of illicit funds by criminal actors. These changes would indirectly benefit the public at large by reducing money laundering and sanction evasion activity, which can distort legitimate markets, countering the financing of terrorism and other illicit finance activity, and protecting national security.

In addition, the newly proposed requirement for PPSIs to establish and maintain an effective sanctions compliance program would increase transparency and accountability, closing certain potential avenues for sanctions evasion, and helping ensure consistent regulatory oversight.

ii. Expected Costs

This section assesses the potential incremental costs to PPSIs, government agencies, and the customers of PPSIs associated with the proposed rule, relative to the baseline over a three-year period in which a final rule would be ( printed page 18639) effective. [464 ] For PPSIs, this includes incremental costs associated with the need to (1) establish and maintain a written AML/CFT program and an effective sanctions compliance program in accordance with the requirements of the proposed rule, (2) update training programs to contain sanctions compliance, (3) conduct ongoing CDD and BOI collection for legal entity customers, (4) store the results of the testing and auditing of the sanctions compliance program and implement required technology, and (5) comply with special measures. The section also includes discussion of other costs to PPSIs associated with requirements in the proposed rule that are not considered incremental. The analysis then estimates costs to customers of providing information to PPSIs that the proposed rule would require, and costs to the government to support and enforce the totality of proposed requirements described herein. Given the substantial, but not complete, overlap in practice between an AML/CFT program and the proposed sanctions compliance program, the remainder of section XII.A.4.ii. ascribes and discusses certain expected costs to both FinCEN and OFAC requirements jointly where appropriate. For elements applicable only to FinCEN or OFAC requirements, only the relevant agency is included in that subsection.

In sum, FinCEN and OFAC expect the total incremental cost of the proposed rule for PPSIs to be approximately $1.8 million in the first year (approximately $24,983 per insured depository institution (IDI)-subsidiary PPSI and $52,453 per non-IDI subsidiary PPSI), and $1 million in each year thereafter (approximately $10,249 per IDI-subsidiary PPSI and $36,760 per non-IDI subsidiary PPSI). [465 ] However, the cost for smaller PPSIs is expected to be significantly less on average, approximately $13,737 per IDI-subsidiary PPSI and $22,987 per non-IDI subsidiary PPSI in the first year. [466 ] FinCEN and OFAC estimate that up to 19 of the 50 potential PPSIs could be small; [467 ] thus, the average first-year cost to the small PPSIs is estimated to range between $261,011 and $436,762. The cost to government is expected to be $1.7 million in the year prior to the final rule's effective date, $5.9 million in the first year, and $2.9 million in each year thereafter. The cost to customers is expected to be approximately $1.2 million annually. In total, the quantified economic costs of the proposed rule would amount to an average incremental expenditure of approximately $6.5 million per year once a final rule became effective.

| Affected party | Year (−1) | Year 1 | Year 2 | Year 3 | 3-Year
average |
| --- | --- | --- | --- | --- | --- |
| PPSIs | | $1,798,558 | $1,042,670 | $1,042,670 | $1,294,633 |
| Government | 1,713,930 | 5,871,244 | 2,938,297 | 2,938,297 | 3,915,946 |
| New PPSI Customers | | 1,245,800 | 1,245,800 | 1,245,800 | 1,245,800 |
| Annual Incremental Costs | 1,713,930 | 8,915,602 | 5,226,768 | 5,226,768 | 6,456,379 |

a. Costs for PPSIs

In this subsection, FinCEN and OFAC identify the costs associated with (1) program development and maintenance; (2) audit and independent testing, (3) training development and implementation; (4) customer due diligence; (5) addition technical capabilities, policies, and procedures; (6) BSA reporting; (7) recordkeeping and technology; (8) information sharing; (9) special standards of diligence; and (10) section 311 and other special measures. Some of these costs are expected to flow from requirements proposed by FinCEN, others from requirements proposed by OFAC, and others could not be meaningfully disaggregated and separately attributed given the nature of how the respective programs are expected to be jointly operationalized in an integrated fashion by future PPSIs. FinCEN and OFAC further anticipate that many of the costs articulated below would not represent incremental costs uniquely attributable to the requirements of the proposed rule. Where relevant, FinCEN and OFAC have provided explanation below when the pro forma costs presented are expected to differ from the anticipated incremental costs of the respective proposed requirements.

1. Program Development and Maintenance

The proposed rule would require PPSIs to establish and maintain an effective AML/CFT program and an effective sanctions compliance program, described in sections VI.C.3 and VII.B, respectively. FinCEN and OFAC outline the impacts of these requirements on incremental costs below.

With respect to FinCEN requirements, PPSIs would be required to establish and maintain an effective AML/CFT program comprised of: (1) internal policies, procedures, and controls; (2) an independent audit function; (3) a designated compliance officer; and (4) an ongoing employee training program. A PPSI's internal policies, procedures, and controls would need to be reasonably designed to identify, assess, and document the PPSI's ML/TF risks through risk assessment processes and mitigate the PPSI's ML/TF risks, consistent with the PPSI's risk assessment processes, including by allocating more attention and resources toward higher risk customers and activities rather than toward lower-risk customers and activities. PPSIs would be required to conduct independent testing to assess the PPSI's compliance with the AML/CFT statutory and regulatory requirements. A PPSI would be required to designate an individual responsible for establishing and implementing the AML/CFT program. A PPSI would be required to establish an ongoing employee training program. A PPSI would also be required to keep its ( printed page 18640) risk-based internal policies, procedures, and controls, risk assessment processes, and employee training program current as the PPSI's risk profile changes.

The proposed rule would also require that PPSI's AML/CFT program be written, and that a PPSI, upon request, make available a copy of its written AML/CFT program to FinCEN or its designee. It would also require the PPSI's AML/CFT program be approved by the PPSI's board of directors or an equivalent governing body within the PPSI, or appropriate senior management.

PPSIs that do not already have an AML/CFT program in place would incur costs to establish such a program and have it approved by the PPSI's board of directors or an equivalent governing body within the PPSI, or appropriate senior management. A PPIS that already has a AML/CFT program would need to review and/or modify its program to ensure it complies with the requirements of the rule. In addition, all PPSIs would incur costs for maintaining, updating, storing, and producing upon request the written AML/CFT program. [468 ]

With respect to OFAC requirements, PPSIs would need to establish and maintain an effective sanctions compliance program. The program must be risk based and reasonably designed to ensure compliance with all applicable U.S. sanctions. Entities that do not have a sanctions compliance program in place would need to establish such a program, and those with a sanctions compliance program would need to review and, as necessary and appropriate, modify their programs to ensure they comply with the requirements of the final rule. In line with an organizational commitment to the compliance program, senior management would need to review and approve the sanctions compliance program. Senior management would also be required to support the effective implementation of the sanctions compliance program, as previously described in section VII.B.1, by ensuring that it is appropriately resourced, supported, and integrated into a PPSI's operations. A key part of this program implementation is the establishment and maintenance of a system of risk-based internal controls, as described in section VII.B.3, including technical capabilities and written policies and procedures, to identify any activity prohibited by U.S. sanctions and take appropriate action, including blocking, rejecting, and reporting certain transactions in compliance with existing OFAC regulations.

In support of maintaining an effective sanctions compliance program, OFAC's proposed rule would require the conduct of holistic risk assessments at appropriate intervals, as outlined in VII.B.2. These periodic risk assessments are essential to a current and effective sanctions compliance program, including in terms of understanding risk and maintaining up-to-date internal controls and training programs. Internal controls and risk assessments are already a key element of standard sanctions compliance practices common among regulated actors and thus OFAC does not assess this requirement to incur incremental economic costs, despite being a novel explicit requirement.

In practice, FinCEN and OFAC expect that some elements of a PPSI's AML/CFT program may overlap with its sanctions compliance program. For instance, approval of the AML/CFT program would also likely include approval of the sanctions compliance program, and risk assessments could be conducted enterprise-wide to evaluate risks stemming from both AML/CFT and sanctions compliance obligations. Thus, OFAC does not expect that most requirements associated with sanctions compliance program implementation would impose an incremental cost beyond the overall AML/CFT program implementation.

As discussed in section XII.A.2.ii.a, FinCEN and OFAC expect that most PPSIs would be U.S. persons that are likely successors to MSBs or affiliated with insured depository institutions, which already have AML/CFT program requirements and generally, in practice have systems to comply with sanctions similar to the ones that would be required to comply with the proposed rule. Thus, the incremental costs contemplated here are only those entailed by the need for PPSIs to review the regulation and make any changes or modifications to their AML/CFT or sanctions compliance programs. The modified program would then be approved and appropriate records retained to be produced upon request.

FinCEN and OFAC expect that on average, the incremental burden associated with establishing and maintaining a written AML/CFT and sanctions compliance program (including the time burden associated with storing and producing the relevant program records upon request) would take approximately 30 hours per PPSI in the first year and ten hours in each subsequent year. However, because MSBs and insured depository institutions already generally update their programs annually, FinCEN and OFAC only account for the first-year burden as an incremental cost. As presented in table 4, FinCEN and OFAC estimate an average incremental cost of $3,737 per PPSI and a total incremental cost of $186,870 in the first year associated with this activity. [469 ]

Hours per PPSI Cost per PPSI Number of PPSIs Total cost
30 $3,737 50 $186,870

( printed page 18641)

2. Audit and Independent Testing

FinCEN and OFAC also expect PPSIs to face costs associated with independent testing of their AML/CFT program and sanctions compliance program and associated systems. [470 ] Because such testing often relates closely to the technology services financial institutions typically have in place for these compliance functions, the costs for such testing are considered jointly with technology implementation. In concordance with previous FinCEN analysis on this topic, [471 ] FinCEN and OFAC expect the cost of independent testing to be comparable to the cost of technology implementation. However, because MSBs and banks are already subject to audit and testing requirements, these costs are not included in the estimate of novel incremental costs of the proposed rule.

To ensure the integrity of PPSIs' sanctions compliance programs and internal controls, as outlined in VII.B.4., OFAC's proposed rule would also require that PPSIs maintain an independent testing or audit function to examine the effectiveness of their sanctions compliance program, including their internal controls. PPSIs would also need to utilize the results of such tests and audits to identify and implement any needed changes to its sanctions compliance program. In practice, OFAC expects that PPSIs would conduct any AML/CFT and sanctions compliance program testing or audits jointly.

3. Training Development and Implementation

The proposed rule would require a PPSI to provide ongoing employee training as part of its AML/CFT program and to establish and maintain a risk-based compliance training program as part of its sanctions compliance program in accordance with the requirements as described in sections VI.C.3.ii.d and VII.B.5, respectively. FinCEN and OFAC outline the expected economic impacts of these requirements on incremental costs below.

With respect to FinCEN requirements, a PPSI's AML/CFT program must include an ongoing employee training program. [472 ] The training should generally cover the PPSI's internal policies, procedures, and controls, which in turn reflect the results of the PPSI's risk assessment processes, the latest AML/CFT regulatory requirements, and other relevant information. While the proposed rule does not prescribe the frequency with which the training should occur, PPSIs should conduct the training as frequently as they deem necessary based on their unique, individual ML/TF risk profiles and the specific roles and responsibilities of the persons receiving the training.

As described in section VII.B.5, OFAC's proposed rule would require a PPSI to establish and maintain a risk-based compliance training program that is conducted at least annually, provided to all relevant personnel and stakeholders, appropriately tailored to each trainee's role and responsibilities, and based appropriately on the PPSI's risk assessment and risk profile. [473 ] Additionally, OFAC would require that a PPSI's compliance training program be modified to reflect risk assessments findings and identified deficiencies as well as designed to include easily accessible resources and materials for all.

Although these are separate requirements, it is common for financial institutions to include sanctions in their AML/CFT training. FinCEN and OFAC expect that PPSIs would face limited costs in training development, implementation, and execution for employees relative to other financial institutions like traditional large banks because stablecoin issuers typically operate under a capital-intensive model with fewer employees. [474 ] Because overall AML/CFT training requirements already exist for MSBs and banks, this proposed requirement would only impose a small incremental cost associated with updating training to contain sanctions compliance. Table 5 provides an estimate of the one-time costs associated with establishing and maintaining the employee training program in the first year. Because annual ongoing costs associated with training programs already exist for MSBs and banks, FinCEN and OFAC do not assign additional incremental costs in subsequent years attributed to the proposed rule.

Hours per PPSI Cost per PPSI Number of PPSIs Total cost
8 $997 50 $49,832

4. Customer Due Diligence

The proposed rule would require PPSIs to conduct ongoing CDD as part of their AML/CFT program. Specifically, PPSIs would be required to (1) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (2) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, including information regarding the beneficial owners of a legal entity customer. This section estimates the cost to PPSIs of CDD activities and the collection of BOI from legal entity customers.

Because ongoing CDD is a risk-based activity not inherently tied to the number of customers a PPSI has, FinCEN estimates a fixed annual burden of 50 hours per PPSI. This estimate reflects similar costs expected to accrue to other financial institution types subject to CDD requirements as proposed in another FinCEN rulemaking. [475 ] Using the annual average of 650 new customers per PPSI, as discussed in section XII.A.2.ii.d. 2, this estimate equates to nearly five minutes per customer. However, as CDD activities need not be applied to every customer if doing so would be inconsistent with an allocation of resources that prioritizes higher risk, ( printed page 18642) this merely serves as an illustrative estimation. In practice, FinCEN expects PPSIs might allocate a fixed amount of effort and resources to the review of customers ranked by identified risk, meaning that some customers would experience significant review, while others may not experience any in a given year. In addition, because ongoing CDD is already required of banks, this proposed requirement is not expected to result in incremental costs for IDI-subsidiary PPSIs. As presented in table 6, for 20 non-IDI subsidiary PPSI, the incremental cost of this requirement amounts to an annual per-firm burden of 50 hours, a total burden of 1,000 hours, a per-firm cost of $6,229, and a total cost of $124,580.

Hours per PPSI Cost per PPSI Number of PPSIs Total cost
50 $6,229 20 $124,580

In addition to ongoing CDD, PPSIs would be required to collect and verify BOI of new accounts opened by legal entity customers. [476 ] These would represent new requirements not currently applicable to MSBs and are therefore considered by FinCEN to result in incremental costs for non-IDI subsidiary PPSIs. A PPSI may obtain the required identifying information by either obtaining a prescribed certification form from the individual opening the account on behalf of the legal entity customer or by obtaining the required information directly from the individual. PPSIs would be required to retain records used to identify each beneficial owner of a legal entity customer for five years after the date the account is closed.

Some of the activities a PPSI would undertake to satisfy CDD requirements are difficult to meaningfully separate from similar and complementary activities that would be undertaken to satisfy a PPSI's CIP requirements, which the GENIUS Act directs to be imposed on PPSIs. Therefore, some burden elements associated with collecting customer information that serves both CIP and CDD purposes would also be accounted for in the regulatory analysis accompanying such a CIP-specific proposal. However, the cost of beneficial ownership verification, which extends beyond the basic customer information collection requirements that would be contained in a PPSI CIP NPRM, are estimated below.

FinCEN anticipates a population of approximately 20 non-IDI subsidiary PPSIs that are not currently subject to any BOI collection requirement for new customers. [477 ] BOI collection would be required only for new primary market customers. FinCEN anticipates the additional BOI collection for new customers would require 15 minutes (0.25 hours) on average per customer. PPSIs are expected to have an average of 650 new customers per year, [478 ] and virtually all of these are expected to be legal entities. Thus, as presented in table 7, FinCEN conservatively estimates that BOI collection would result in an annual incremental cost of $20,244 per non-IDI subsidiary PPSI, resulting in a total incremental cost of $404,885 per year. For small PPSIs, the number of expected primary market customers is expected to be closer to 100, or 65 new customers annually. Thus, the anticipated cost for small PPSIs is expected to be substantially less than the average presented here (approximately $2,024 per PPSI). As this section does not apply to OFAC related requirements, no additional OFAC associated costs were considered here.

| Number of new customers | Hours per
customer | Hours per
PPSI | Cost per
PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- | --- | --- |
| 650 | 0.25 | 162.5 | $20,244 | 20 | $404,885 |

5. Additional Technical Capabilities, Policies, and Procedures

The proposed rule would require PPSIs to have technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations, described in VI.C.5.i. The requirement would apply to both a PPSI's primary market and secondary market activity. The proposed rule would also require PPSIs to have the technological capability to comply, and to comply with the terms of any lawful order, described in VI.C.5.ii. Although these are separate obligations, FinCEN expects that PPSIs may use the same technological capability to comply with both. FinCEN also expects that stablecoin issuers may already have in place technical capabilities and policies and procedures relating to taking action regarding impermissible transactions and adhering to lawful orders because of existing legal requirements, including complying with OFAC sanctions and court orders. [479 ]

For these reasons, the expected economic costs of the proposed additional requirements with respect to technical capabilities, policies, and procedures are not itemized separately or incrementally, but are instead considered to be included in the costs associated with the internal policies, procedures, and controls component of establishing and maintaining an AML/CFT program and the broader general technology costs of the proposed rule.

6. BSA Reporting

The proposed rule would require PPSIs to file BSA reports, namely CTRs and SARs. ( printed page 18643)

CTRs

As proposed, the rule would require a PPSI to file CTRs on transactions in currency of more than $10,000, unless subject to an applicable exemption, described in section VI.C.7 However, FinCEN recognizes that, presently, stablecoin issuers rarely engage in physical transfers of currency, and anticipate that because this would likely also be the case for future PPSIs, the costs of actually filing CTRs are expected to be de minimis. In addition, because CTR filing requirements already exist for IDIs and MSBs, FinCEN does not consider the costs of the proposed CTR filing obligation to represent a change in requirements. Consequently, there is nothing to which a novel incremental cost could attach. [480 ]

SARs

The proposed rule would require PPSIs to file SARs for any suspicious primary market transaction relevant to a possible violation of law or regulation, described in section VI.C.8. In addition, PPSIs would be required to maintain a copy of any SAR filed and the supporting documentation for a period of five years from the date of filing. Supporting documentation would need to be made available to FinCEN and the prescribed law enforcement and regulatory authorities, upon request.

Based on an analysis of SAR filings between 2021 and 2025 discussed in section XII.A.2.iii.b, FinCEN estimates that PPSIs would each file an average of 100 SARs per year, although some may file significantly more than that. To estimate the range of costs associated with SAR filing, FinCEN contemplated a range of potential filing scenarios, with a low end of 100 and a high end of 1,000. FinCEN anticipates that each SAR filing would take approximately 90 minutes (1.5 hours). Based on market data, FinCEN estimates a distribution where five out of 50 PPSIs would have stylized high reporting obligations in connection with more widely used products with more, and more complex, SAR filings, and 45 out of 50 would have stylized low reporting obligations with fewer, less complex SAR filings. [481 ] Table 8 presents this distribution, which results in a weighted annual average of 190 filings per PPSI, resulting in an annual burden of 285 hours per PPSI. [482 ]

| Number of filings | Hours per
filing | Total hours | Number of
PPSIs |
| --- | --- | --- | --- |
| 100 | 1.5 | 150 | 45 |
| 1,000 | 1.5 | 1,500 | 5 |
Based on survey responses reported in a 2018 Bank Policy Institute report, of the suspicious activity alerts that are turned into full case investigations (i.e., alerts that are not considered false positives and involve additional documentation, which are hereafter referred to as “cases”), approximately 42 percent were turned into SARs. [483 ] Therefore, for each case filed as a SAR, approximately 1.4 cases were not filed. FinCEN estimates that each unfiled case would take approximately 30 minutes (0.5 hours). Using the distribution described above, FinCEN estimates a weighted annual average of 266 unfiled cases per PPSI, resulting in an additional annual burden of 133 hours per PPSI.

| Number of gilings | Number of unfiled cases | Hours per unfiled case | Total hours | Number of
PPSIs |
| --- | --- | --- | --- | --- |
| 100 | 140 | 0.5 | 70 | 45 |
| 1,000 | 1,400 | 0.5 | 700 | 5 |
While these time estimates are used to provide a sense of the costs associated with SAR reporting for PPSIs, because FinCEN assumes that as the relevant counterfactual all future PPSIs would otherwise still have SAR filing requirements either as an MSB or because of bank affiliation, this proposed requirement is not expected to present a novel incremental cost to PPSIs. [484 ]

7. Recordkeeping and Technology

The proposed rule would require PPSIs be subject to recordkeeping under the BSA and under OFAC regulations, described in sections VI.C.9 and VII.A, respectively. FinCEN and OFAC outline the impacts of these requirements on incremental costs below.

With respect to FinCEN requirements, PPSIs would be required to create and retain certain records for extension of credit in excess of $10,000; and certain records of cross-border transfers of currency, monetary instruments, funds, checks, investment securities, and credit worth more than $10,000. PPSIs would be required to maintain records related to any order issued under § 1010.370(a) for up to five years. PPSIs would also be required to comply with the Recordkeeping Rule which would require PPSIs to collect and retain records for funds transfers and transmittals of funds in amounts of $3,000 or more, and the Travel Rule which would require PPSIs to transmit information on certain funds transfers and transmittals of funds to other financial institutions participating in the transfer or transmittal.

In practice, FinCEN expects that PPSIs would extend credit infrequently and therefore expect the primary burden ( printed page 18644) from these proposed requirements to stem from compliance with the Recordkeeping Rule and the Travel Rule. Cumulatively, FinCEN estimates the annual recordkeeping burden per PPSI for these requirements would be approximately 20 hours. However, because these requirements already exist for banks and MSBs, FinCEN does not contemplate this as an incremental cost attributable to the proposed rule.

With respect to OFAC requirements, the proposed rule includes a new requirement that would require PPSIs to maintain records of the results and enhancements from the testing and auditing components of their sanction compliance programs, in addition to standard recordkeeping requirements for U.S. persons pursuant to part 501 of title 31. [485 ] This newly proposed recordkeeping requirement would apply only to the results of the testing and auditing of the sanctions compliance program component. However, OFAC acknowledges that in practice, many firms may opt to store the results of their overarching AML/CFT program test, of which sanctions compliance is an inseparable part. The average annual cost of this specific recordkeeping activity, which is distinct from the joint costs, is approximated in table 10.

| Hours per PPSI | Cost per PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- |
| 2 | $249 | 50 | $12,458 |
FinCEN and OFAC also conservatively estimate a joint incremental general technology cost associated with AML/CFT and sanctions compliance obligations under the proposed rule. Based on market research and given the wide range of customers that PPSIs interact with, [486 ] FinCEN and OFAC estimate that such technology costs, which may include licensing fees for specialized software, would range from approximately $10,000 to $20,000 per firm in the first year, and about $5,000 to $10,000 annually thereafter (depending on firm size). For purposes of cost estimation FinCEN and OFAC conservatively assign each PPSI a $20,000 cost in the first year, for a maximum total incremental cost of $1 million annually for 50 PPSIs. In subsequent years, FinCEN and OFAC estimate they would each incur an annual cost of $10,000. This includes the cost of technology implementation, annual transaction screening, and recordkeeping. [487 ] These costs are outlined in Table 11. Smaller PPSIs are expected to experience costs at the lower ends of the ranges mentioned above.

| Years | Cost per PPSI | Estimated
number of
PPSIs | Total cost |
| --- | --- | --- | --- |
| 1 | $20,000 | 50 | $1,000,000 |
| 2+ | 10,000 | 50 | 500,000 |

8. Information Sharing

The proposed rule would apply the information sharing provisions at § 1010.520, also known as 314(a), and § 1010.540, also known as 314(b), to PPSIs, described in section VI.C.10. Section 1010.520 requires a financial institution to search its records upon receipt of a request from FinCEN and provide information in return. Section 1010.540 is a voluntary information sharing tool of which a financial institution may, but is not required, to avail itself.

Because banks and MSBs are already required to comply with section 314(a), FinCEN does not contemplate this as an incremental cost. In addition, FinCEN generally only transmits 314(a) requests to a limited subset of the financial institutions that are required to comply with 314(a) requirements in any given year. Historically, the proportion of potentially affected financial institutions required to provide a response in a given year has remained below three percent. [488 ] The subjects of 314(a) requests are individuals and entities suspected by law enforcement of engaging in money laundering or terrorist financing. Most PPSIs' primary market customers are financial institutions or other legal entities which have generally not been the subject of 314(a) requests. Because PPSIs nevertheless may receive 314(a) requests in the future that require a response, FinCEN assigns a nominal annual burden for this activity of one hour, commensurate with the expectation that PPSIs may be less likely to maintain accounts or conduct transactions with individuals or entities that are the subject of 314(a) requests.

| Hours per PPSI | Cost per PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- |
| 1 | $125 | 50 | $6,229 |
( printed page 18645) Under section 314(b), PPSIs would be able to share information about transactions involving the proceeds of specified unlawful activities. This would be a voluntary information sharing tool of which a financial institution may, but would not be required to, avail itself. For this reason, FinCEN does not attribute an incremental burden to activity conducted under section 314(b). [489 ]

9. Special Standards of Diligence

As described in section VI.C.11.ii, under the proposed rule, PPSIs would be subject to special standards of diligence. PPSIs would be required to maintain due diligence programs for correspondent accounts for foreign financial institutions and banks and for private banking accounts. These programs would include policies, procedures, and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving such correspondent or private banking accounts.

FinCEN estimates the annual hourly burden of maintaining and updating the due diligence program for such correspondent or private banking accounts would be approximately two hours for each regulated entity—one hour to maintain and update the program and one hour to obtain the approval of senior management. [490 ] However, because these requirements already exist for banks and MSBs, FinCEN does not contemplate this as an incremental cost. [491 ]

| Hours per PPSI | Cost per PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- |
| 2 | $249 | 50 | $12,458 |

10. Section 311 and other Special Measures

The proposed rule would require that PPSIs comply with special measures issued pursuant to section 311 of the USA PATRIOT Act, 2313a of the Fentanyl Sanctions Act, and section 9714(a) of the Combating Russian Money Laundering Act. To date, FinCEN has issued several final rules pursuant to section 311 imposing the fifth special measure to prohibit covered financial institutions from opening or maintaining a correspondent account for, or on behalf of, specified entities. [492 ] Future PPSIs would be expected to incur burden in complying with this component of the proposed rule insofar as they would both (1) need to establish and maintain the ability to comply with future impositions of special measures and (2) ensure compliance with all existing section 311 final rules.

For purposes of burden estimation, and taking into account the intended scope of the defined term “correspondent account” as presented in section VI.C.11.i, FinCEN conservatively assumes that all projected 50 future PPSIs would be equally likely to maintain foreign correspondent accounts and incur costs associated with the proposed obligation to comply with the various types of special measures. Borrowing from the approach FinCEN utilized in the most recent 60-day notice renewing existing section 311 OMB control numbers, [493 ] FinCEN continues to apply a graduated burden model with an anticipated cost profile that declines sharply in the years following the first effective year of a given special measure. Thus, for future non-IDI subsidiary PPSIs, who would be expected to face an immediate, full start-up burden (because they are less familiar with the special measures described above), FinCEN assigns a first-year average burden of eight hours per expected future non-IDI subsidiary PPSIs and 0.5 hours for each of the 30 expected future IDI-subsidiary PPSIs. FinCEN then applies the same graduated declining burden model as employed in its section 311 60-day notice, estimating that in subsequent years, all 50 expected future PPSIs would incur an average annual burden of approximately 18-minutes each. Because these requirements already exist for IDIs, FinCEN does not consider the costs presented in table 14 as novel incremental costs for future IDI-subsidiary PPSIs; however, the costs presented in table 15 would be considered an incremental new burden for PPSIs that are not IDI subsidiaries. [494 ]

| Year | Hours per
PPSI | Cost per
PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- | --- |
| 1 | 0.5 | $62 | 30 | $1,869 |
| 2+ | 0.3 | 37 | 30 | 1,121 |

| Year | Hours per
PPSI | Cost per
PPSI | Number of
PPSIs | Total cost |
| --- | --- | --- | --- | --- |
| 1 | 8 | $997 | 20 | $19,933 |
| ( printed page 18646) | | | | |
| 2+ | 0.3 | 37 | 20 | 747 |

b. Government

To implement the proposed rule, FinCEN expects to incur certain operating costs that would include approximately $1.7 million in the year prior to the final rule's effective date, $5.9 million in the first effective year of the final rule, and approximately $2.9 million in the average subsequent year. These estimates include anticipated expenses related to stakeholder outreach and informational support, compliance monitoring, and potential enforcement activities as well as certain incremental increases to pre-existing technological and IT infrastructure, administrative and logistic expenses, primarily related to data collection and analysis.

FinCEN acknowledges that this treatment of cost estimates implicitly assumes that increased resources commensurate with any novel operating costs would exist. If this assumption does not hold, then operating costs associated with this rule may impose certain economic costs on the public in the form of opportunity costs from the agency's forgone alternative activities and those activities' attendant benefits. Benchmarking against FinCEN's appropriated budget for BSA administration and analysis in fiscal year 2025 ($190,193,000), [495 ] the corresponding opportunity cost could resemble forgoing up to 3.1 percent (1.5 percent) of current activities annually in the first year (each subsequent year) in which a final rule was effective. However, to the extent that activities FinCEN would undertake as a function of the proposed rule would functionally substitute for or otherwise replace foregone activities, such an estimate likely overstates the potential economic costs to FinCEN and, consequently, the public.

FinCEN notes that these estimates do not include the potential costs borne by other regulators or entities who might foreseeably be engaged in informational outreach, examinations or related supervisory actions or enforcement activities as a consequence of the proposal. Such regulators and entities include the primary Federal payment stablecoin regulators and the IRS. FinCEN acknowledges that the cost estimates here would therefore understate the burden of activities required to promote compliance with the rules as proposed and the full scope of government costs.

As described above in section, the proposed rule would introduce consultation requirements for primary Federal payment stablecoin regulators before initiating significant AML/CFT supervisory actions. FinCEN anticipates that the proposed consultation process is likely to have direct economic effects on both FinCEN and the primary Federal payment stablecoin regulators. The proposed process could also reasonably be expected to have indirect effects on the PPSIs subject to supervision and examination to the extent that the consultative process is successful in better aligning supervisory and enforcement activities with the efficient establishment and maintenance of AML/CFT programs. Finally, while further downstream economic effects may also flow to the general public from this improved alignment, these effects would be third order at best, and difficult to distinguish from the effects of other incremental components of the proposed rule. Thus, despite acknowledging that economic effects of the proposed regulatory changes applicable to primary Federal payment stablecoin regulators may reach to PPSIs and the general public, they are not itemized or further considered in the respective discussions of expected economic effects on these specific parties.

OFAC does not expect to incur additional operating expenses to implement the proposed rule. While OFAC's Enforcement Division will be responsible for investigating and enforcing potential violations of the proposed rule, OFAC expects that these efforts would be folded into their existing enforcement responsibilities and that investigations into violations of the sanctions compliance program requirement would occur in conjunction with investigations into violations of other U.S. sanctions regulations. As noted in section V.B, OFAC already considers the existence, nature, and adequacy of a subject person's risk-based sanctions compliance program when determining the appropriate administrative action to take in response to an apparent violation of U.S. sanctions. [496 ] As FinCEN notes above, OFAC acknowledges that these estimates do not include the potential costs borne by other regulators, or entities who might foreseeably be engaged in informational outreach, examinations (such as those by the IRS), or related supervisory actions or enforcement activities as a consequence of the proposed rule.

c. PPSI Customers

As discussed earlier in this analysis, [497 ] based on the median value of customers, FinCEN and OFAC expect that the typical PPSI would have approximately 100 legal entity clients that it interacts with directly. However, some PPSIs are expected to have substantially more than this, and FinCEN and OFAC apply an average of 1,000 customers per PPSI. In total, FinCEN and OFAC do not expect the aggregate number of direct PPSI customers to exceed 300,000. However, FinCEN and OFAC estimate that a substantial portion of these may be affiliates of a single counterparty or associated with non-U.S. entities. FinCEN and OFAC estimate that the number of affected U.S. businesses is no more than 10,000.

As described earlier, [498 ] these businesses belong to several industrial categories, including digital asset exchanges, specialized digital commodities traders, and other types of investment and securities related businesses. Aside from digital asset exchanges, FinCEN expects that nearly all of these firms would be part of the NAICS classifications under industry code 523 (“Securities, Commodity Contracts, and Other Financial Investments and Related Activities”). Based on this assessment, FinCEN and OFAC applied the associated standard wage rate to estimate the costs of PPSI customers' time. [499 ]

( printed page 18647) While FinCEN and OFAC estimate that a significant portion of these entities may be subsidiaries of a single counterparty or connected to non-U.S. entities, PPSIs would still be responsible for verifying the identities of all connected counterparties in order to meet program obligations. FinCEN and OFAC expect that each customer would be required to spend approximately one hour to collect, review, and transmit the required customer identification information to the stablecoin issuing counterparty (specifically, information about beneficial ownership). Table 16 provides a summary of the expected costs to these customers. FinCEN and OFAC estimate that PPSI customers, which are mostly financial institutions engaged in trading a broad range of stablecoin products as part of their investment portfolios, or exchanges seeking to provide off-chain liquidity to retail customers for a similarly broad range of stablecoin products, will likely initiate at least one new primary market relationship each year, although this frequency may fluctuate. In order to generate a conservative estimate, FinCEN and OFAC assume for purposes of this analysis that all primary market participants would be required to provide this information once during the course of business in a given year when interacting with a new stablecoin issuer, while acknowledging significant uncertainty around this estimate. FinCEN and OFAC request public comment on this assumption.

| Total number of customers | Hours per
customer | Cost per
customer | Total cost |
| --- | --- | --- | --- |
| 10,000 | 1 | $125 | $1,245,800 |

5. Consideration of Policy Alternatives

In developing the proposed rule, FinCEN and OFAC considered several policy alternatives, including alternatives that would, if adopted, imply differences in the cost profile of the requirements, particularly for small entities. FinCEN and OFAC invite comment on these alternatives, and on any other alternatives that were not considered here.

i. FinCEN Alternatives

a. Size-Related Alternatives

First, FinCEN considered modifying the proposed rule's requirements for small entities or establishing an asset threshold for certain proposed compliance obligations. As discussed in more detail in the IRFA analysis (section XII.C.2.i.b below), FinCEN utilizes a threshold of $200 million in total reserve assets to define small PPSIs that are not IDI subsidiaries. FinCEN considered using this threshold as a tailoring benchmark, whereby PPSIs under the threshold might have been afforded burden accommodations in the form of additional time to transition, or additional time to undertake certain required activities, potentially differential reporting thresholds, or other modifications to AML/CFT program standards designed to reduce compliance cost. However, FinCEN opted against this alternative. Creating some category of PPSI for small issuers that would entail lessened AML/CFT requirements would conceivably result in the targeting of these PPSIs by illicit actors seeking to circumvent regulatory scrutiny. Additionally, FinCEN's analysis indicates that most technology services that enable AML/CFT functions as described here are highly scalable, allowing small PPSIs to readily identify and employ more cost-effective options.

b. Alternative Information Requirements

FinCEN separately considered a version of the proposed rule that would have required PPSIs to collect, and customers to provide, additional information beyond what this NPRM would require. For example, in addition to the proposed rule's requirement that future PPSIs collect the name, date of birth, address, and government-issued identification number for the beneficial owners of a legal entity customer (as defined under 31 CFR 1010.230, but generally meaning one executive officer and all individuals with 25 percent or more equity interest in the entity), FinCEN considered further requiring PPSIs to collect customers' blockchain wallet addresses associated with the legal entity, incorporation or tax documents, or certain identifying financial information such as account numbers. However, FinCEN opted not to require these items for several reasons. First, many issuers already collect this additional information in the ordinary course of business, and are best situated to determine what, if any, additional information is necessary to make risk-based decisions about a customer. Secondly, the absence of this information does not exempt an issuer from the responsibility to assess the risk associated with a customer or their transactions, and therefore it is the imperative of the issuer to determine whether or not such additional information is necessary to conduct risk-based screening and analysis. FinCEN concluded that it would strike a more appropriate balance of anticipated benefits to expected costs to refrain from imposing a unilateral requirement that such additional information be collected in every instance and that instead it would be more economically efficient to defer in these aspects to the discretion of the PPSI's risk-based determinations. In declining to pursue this alternative, FinCEN also took into consideration that it may also comport more closely with the GENIUS Act requirement that Treasury issue regulations tailored to the size and complexity of the PPSI to limit the information requirements as proposed. FinCEN requests comment on the extent to which this assessment comports with market expectations and practices. ( printed page 18648)

c. Block, Freeze, and Reject Alternative

FinCEN separately and additionally considered providing a more detailed regulation related to the requirement for PPSIs to have the technical capability, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations. For example, FinCEN could have provided details on the specific technical capability, policies, and procedures that would be required or required a PPSI to take proactive action related to this requirement. This might have required a PPSI to act if it had a reason to know the transaction was impermissible. However, FinCEN decided against these alternatives. Providing a more detailed regulation could have limited how a PPSI could comply with this requirement. FinCEN decided it was important for PPSIs to have the flexibility to implement new technology, best practices, and adapt to changing laws, rules, or regulations. FinCEN also considered that proposing a more proactive requirement could increase the compliance burden for PPSIs. In sum, FinCEN's decision not to pursue a proposed rule that included this alternative formulation was informed by its belief that the alternative would not strike a preferable balance between the anticipated benefits and the expected costs or be as economically efficient as the more flexible formulation proposed. FinCEN is requesting comment on the extent to which this assessment comports with market expectations.

ii. OFAC Alternatives

Additionally, OFAC considered basing the minimal elements for a sanctions compliance program on FinCEN's current AML program requirements for banks at 31 CFR 1020.210. For example, that alternative regulatory foundation would require: (1) a system of internal controls to assure ongoing sanctions compliance; (2) independent testing for compliance to be conducted by the PPSI's personnel or by an outside party; (3) designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance; (4) training for appropriate personnel; and (5) appropriate risk-based procedures for conducting ongoing customer due diligence. Although these requirements are similar in substance to the proposed rule, OFAC chose to instead align the proposed minimal elements of a sanctions compliance program with existing OFAC guidance, particularly the 2019 Compliance Framework.

The 2019 Compliance Framework has been a cornerstone of OFAC's regular public outreach to all regulated industries. Likewise, the compliance guidance and expectations detailed in the 2019 Compliance Framework consistently form the basis of OFAC's published guidance (e.g., sanctions advisories, compliance communiqués, and frequently asked questions). Consequently, the sanctions compliance community is already highly familiar with the proposed rule's requirements as consistent with existing OFAC guidance. Additionally, FinCEN's AML requirements at 31 CFR 1020.210 and OFAC's existing regulations differ in applicable scope; the former center on traditional banks, whereas the latter apply to all U.S. persons. The 2019 Compliance Framework's focus on U.S. persons, rather than financial institutions, is therefore better aligned with future PPSI's obligations as U.S. persons under the GENIUS Act. Finally, the 2019 Compliance Framework is grounded in the principle of a risk-based approach to sanctions compliance. This foundation supports PPSI flexibility and discretion in how to meet the GENIUS Act's requirement of an effective sanctions compliance program within the context of maintaining the five minimal elements in the proposed rule. This flexibility not only accounts for the development and implementation of new technology but also is consistent with the GENIUS Act's direction that regulations be tailored to the size and complexity of the PPSI. [500 ] OFAC is requesting comment on the extent to which this assessment comports with market expectations and practices.

B. Executive Orders 12866, 13563, and 14192

E.O. 12866 directs agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, and public health and safety effects; distributive impacts; and equity). E.O. 13563 emphasizes the importance of quantifying both costs and benefits, reducing costs, harmonizing rules, and promoting flexibility. E.O. 13563 also recognizes that some benefits are difficult to quantify and provides that, where appropriate and permitted by law, agencies may consider and discuss qualitatively values that are difficult or impossible to quantify.

This proposed rule has been designated a “significant regulatory action”; accordingly, it has been reviewed by OMB.

E.O. 14192, entitled “Unleashing Prosperity Through Deregulation,” was issued on January 31, 2025. Section 3(c) of the order requires that any new incremental costs associated with new regulations shall, to the extent permitted by law, be offset by the elimination of existing costs associated with at least ten prior regulations.

If finalized as proposed, this action is expected to be considered an E.O. 14192 regulatory action.

C. Regulatory Flexibility Analysis

When an agency issues a proposed rulemaking, the RFA requires the agency either to provide an IRFA or certify that the proposed rule would not have a significant economic impact on a substantial number of small entities. Because the proposed rule may have a significant economic impact on a substantial number of certain types of PPSIs that may qualify as small entities, FinCEN and OFAC undertook the following analysis. In the event that FinCEN and OFAC have potentially overestimated the anticipated economic burden of the proposed rule, and certification would instead be more appropriate, comments to this effect—including studies, data, or other evidence—are invited.

1. The Proposed Rule: Objectives, Description, and Legal Basis

The proposed rule would implement FinCEN's regulations that prescribe BSA obligations and OFAC's sanctions compliance program requirement for PPSIs as described in sections VI, VII, and XII.A.3.

The GENIUS Act, enacted on July 18, 2025, the legal basis for the proposed rule, creates a regulatory framework for PPSIs in the United States. [501 ] The GENIUS Act provides a comprehensive framework for the regulation of payment stablecoins. [502 ] The GENIUS Act outlines the reserve, capital, liquidity, and risk management requirements for PPSIs and tasks the Board, FDIC, NCUA, and OCC, as well as any State payment stablecoin regulators, with implementing those requirements and establishing a process and framework for the licensing, regulation, examination, and supervision of PPSIs. [503 ]

The proposed rule seeks to implement the GENIUS Act by requiring that PPSIs ( printed page 18649) “be treated as a financial institution for purposes of the Bank Secrecy Act, and as such, shall be subject to all Federal laws applicable to financial institutions located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and due diligence.” [504 ]

The GENIUS Act directs the Secretary of the Treasury to issue regulations, tailored to the size and complexity of the PPSI, implementing the AML/CFT and sanctions compliance requirements directed by the GENIUS Act. [505 ]

2. The Expected Impact on Small Entities

i. Defining Small Affected Entities

The impact of the rule on small entities varies across the three distinct types of PPSIs: those that are subsidiaries of banks (including credit unions); those that are Federal qualified payment stablecoin issuers (FQPSIs); [506 ] and State qualified payment stablecoin issuers (SQPSIs). [507 ] FinCEN has incorporated the OCC, FDIC, Board, and NCUA's RFA analyses with respect to their nexuses with these respective types and limited its own further analysis below to the remaining potential future PPSIs that it anticipates. As the proposed rulemaking may also impact the small entities that are customers of PPSIs, this population was also subject to IRFA requirements and is included in section XII.C.2.i.d.

a. Small PPSIs Regulated by the Agencies

As discussed in section II.A, the GENIUS Act tasks the OCC, Board, FDIC, and NCUA (the “Agencies”) with implementing reserve, capital, liquidity, and risk management requirements for PPSIs. The OCC, FDIC, and NCUA have recently published other NPRMs necessary to implement the GENIUS Act. [508 ] Because each of these proposed rules has already provided the operational definition of “small” used to scope the respective estimated populations of small IDIs that would also be relevant for the RFA analysis in this proposed rule, FinCEN and OFAC are adopting those analyses and estimates by reference. Table 17 provides a summary of the incorporated estimates below.

| Agency | Total
population | Number of
small

institutions | Percentage
small |
| --- | --- | --- | --- |
| FDIC | 2,772 | 2,064 | 74.5% |
| Board | 702 | 440 | 62.7 |
| OCC | 997 | 609 | 61.1 |
| NCUA | | | b 19 |
| a Data is based on consultation with the Agencies. See also FDIC, Approval Requirements for Issuance of Payment Stablecoins by Subsidiaries of FDIC-Supervised Insured Depository Institutions, 90 FR 59409 (Dec. 19, 2025); NCUA, Investments in and Licensing of Permitted Payment Stablecoins Issuers, 91 FR 6531 (Feb. 12, 2026); OCC, Implementing the Guiding and Establishing National Innovation for U.S. Stablecoins Act for the Issuance of Stablecoins by Entities Subject to the Jurisdiction of the Office of the Comptroller of the Currency, 91 FR 10202 (Mar. 2, 2026). | | | |

b. Other PPSIs

The SBA publishes annual size thresholds defining small businesses by their classification under categories of the NAICS. While there is currently no NAICS category specifically for stablecoin issuers, FinCEN and OFAC anticipate that they would most appropriately fit within several broader categories of financial institution. Most stablecoin issuers meet the definition of MSBs, and therefore belong either to Financial Transactions Processing, Reserve, and Clearinghouse Activities (522320) (most appropriate for those that engage in money transmitting), or Other Activities Related to Credit Intermediation (522390). The SBA-defined threshold for a small business in these categories is $47 million and $28.5 million in gross receipts, respectively. In addition, because digital assets may sometimes be classified as commodities, some stablecoin issuers might otherwise be categorized under NAICS code 523160 as Commodity Contracts Intermediation. The SBA-defined threshold for a small business in this category is $47 million in gross receipts. Among these categories, the most appropriate designation for stablecoin issuers, due to their role as money transmitters, is Financial Transactions Processing, Reserve, and Clearinghouse Activities (522320), with an SBA-defined threshold for a small business of $47 million in annual gross receipts.

However, because the number of potential future PPSIs (as defined under the GENIUS Act) is small relative to the number of total firms in this NAICS category, and because most stablecoin issuers generate revenue in a manner unlike other MSBs, FinCEN and OFAC considered that an alternative threshold might be better suited to identify a “small entity” based on the current distribution and characteristics of entities in the stablecoin industry. Specifically, an asset-based threshold is a standard better suited to identifying genuinely small stablecoin issuers. As discussed earlier, stablecoin issuers primarily generate revenue through capital appreciation and other investment returns on their reserve holdings rather than receipts from the sale of goods or services. Moreover, a stablecoin issuer's investment returns may be attributable primarily to fluctuations in interest rates and other market factors, meaning that a stablecoin issuer may produce vastly different returns over time with virtually no change in size. Accordingly, we do not believe that the gross receipts standard provides an appropriate means for FinCEN and OFAC to identify small stablecoin issuers for purposes of the RFA.

To determine an appropriate asset-based threshold, FinCEN and OFAC developed a profile of the stablecoin sector, which includes all affected ( printed page 18650) stablecoin issuers as well as small businesses. Stablecoin issuers generally earn revenue using their reserve funds in a way similar to many other types of asset managers. Therefore, total reserve fund assets (“total assets”) is a good measure by which to define “small entities” in this industry, similarly to the way banks or investment companies are often measured. As discussed in section XII.A.2.ii.a, FinCEN and OFAC examined public data on the issuers of over 350 stablecoin products using publicly available data from several sources, which included metrics on the circulating value of each product. Because every USD fiat currency-backed stablecoin issued is backed by an equivalent value in USD, the circulating value is a good indication of the size of the stablecoin issuer's reserve fund total assets.

Taken as a whole, stablecoin issuers managed a total of about $300 billion in total assets as of 2025, with about $250 billion of this value being held by issuers of products likely to be eligible for status as a payment stablecoin under the Act. Among the stablecoin issuers reviewed, the mean total asset value was about $5.6 billion. However, the distribution of assets across stablecoin issuer is highly skewed, with a significant concentration of assets at the very largest stablecoin issuers. Accordingly, the median value was significantly less than the mean, about $14 million.

FinCEN and OFAC estimate that over 99 percent of potential payment stablecoin total assets are held by the top five stablecoin issuers. Table 18 provides a summary of total asset thresholds by percentile based on public data about the total circulating value of issuer's associated stablecoins. Considering this concentration, FinCEN and OFAC propose using a threshold value of $200 million in total assets to define a small PPSI, which is roughly the 80th percentile value. FinCEN and OFAC request public comment on the suitability of this threshold. This value also falls close to the mean total asset value for issuers below the top five percent of firms. Using the proposed $200 million total asset threshold would represent less than one percent of total assets in the industry as being held by small entities but would encompass 84 percent of likely payment stablecoin issuers for which data could be obtained (approximately 40 entities, 19 of which were identified as potential PPSIs). This results in a distribution of small entities which is fairly robust to the threshold; doubling the threshold $400 million would result in an identical distribution and halving it to $100 million would result in the exclusion of six issuers, resulting in 71 percent of stablecoin issuers being below the threshold. Eighty-four percent of stablecoin issuers falling below the threshold is consistent with the distributions of other similarly concentrated finance-related industries.

In considering the adoption of a $200 million total asset threshold to designate PPSI size for RFA purposes, FinCEN and OFAC considered the following population distribution information for stablecoin issuers:

| Percentile | Net asset
threshold | Percentage
of issuers
below
(%) | Percentage
of aggregate
net assets
below
(%) |
| --- | --- | --- | --- |
| 10th | $300,660 | 11 | 0.0002 |
| 20th | 887,584 | 18 | 0.0007 |
| 30th | 3,952,000 | 22 | 0.0021 |
| 40th | 10,260,054 | 36 | 0.0172 |
| 50th | 13,670,000 | 47 | 0.0420 |
| 60th | 33,446,620 | 58 | 0.0788 |
| 70th | 62,497,337 | 67 | 0.1571 |
| 80th | 173,946,000 | 78 | 0.3486 |
| 90th | 734,997,872 | 87 | 0.7767 |
| 100th | 173,113,000,000 | 98 | 32.3282 |

c. Small SQPSIs

At this time there is insufficient data to separately forecast a population of potential future SQPSIs. It is therefore not possible to assess the proportion of that potential future population that would be considered small for purposes of this analysis or assess the appropriateness of an additional alternative definition of “small” uniquely applicable to SQPSIs with any meaningful degree of certainty. Comments and data are invited to assist FinCEN and OFAC in analyzing the potential effects of the proposed requirements on SQPSIs, generally, and small SQPSIs in particular.

d. Small Entity PPSI Customers

Additionally, as discussed in section XII.A.2.ii.d. 2, FinCEN and OFAC expect that the proposed rule, if adopted, may impose costs on the primary market customers of future PPSIs that are legal entities because these PPSI customers would need to collect and provide information to their respective PPSIs, who would have initiated the requests for customers' information as a consequence of the need to satisfy certain requirements in the proposed rule. FinCEN and OFAC anticipate that many of these affected PPSI customers would be digital asset exchanges, specialized digital commodities traders, and other types of investment and securities-related firms, at least some of whom may be small businesses for purposes of the RFA. As described earlier, [509 ] FinCEN and OFAC estimate that there are approximately 300,000 primary market customers that could, in the future, interact directly with PPSIs, of which the number of affected customers that may be U.S. businesses is expected to be no more than 10,000. As described earlier, [510 ] these businesses belong to several categories, including digital asset exchanges, specialized digital commodities traders, and other types of investment and securities related businesses, the majority of which would be classified under NAICS code 523 (“Securities, Commodity Contracts, and Other Financial Investments and Related Activities”). Table 19 summarizes FinCEN and OFAC's analysis of the most recent vintage of Census Bureau data ( printed page 18651) corresponding to this NAICS code, which indicates that small business comprise the majority of the industries that are expected to be the primary market customers of future PPSIs.

| Primary market customer type | Approximate
number of
customers | NAICS code | SBA small-business threshold | Percentage considered small a | Average annual revenue of small entities b |
| --- | --- | --- | --- | --- | --- |
| Digital Exchanges | 300 | 523210 | $47 million | 70% (about 210 firms) | $5.85 million. |
| Other Investment Firms | 10,000 | 523 | $47 million | 97.7% (about 9,770 firms) | $1.55 million. |
| a To estimate the number of small entities in this sector, FinCEN and OFAC used the U.S. Census Bureau, 2022 Statistics of U.S. Businesses Data by Enterprise Receipts Size, available at https://www.census.gov/​data/​tables/​2022/​econ/​susb/​2022-susb-annual.html (“2022 SUSB Data”). FinCEN and OFAC counted the proportion of small businesses in NAICS code 523 with less than $50 million in annual receipts (the closest available threshold). For Digital Exchanges, FinCEN used internal data. | | | | | |
| b Revenue data for NAICS code 523 and Digital Exchanges was collected from the 2022 SUSB Data and internal data. | | | | | |

ii. Estimating the Economic Impact on Small Future PPSIs

a. Small IDI Subsidiaries

As in section XII.C.2.i.a, FinCEN and OFAC are adopting by reference the applicable RFA analyses performed by the OCC, FDIC, and NCUA. FinCEN and OFAC are relying on the data provided and determinations already made by the Agencies with respect to the characteristics of expected future PPSIs under their jurisdictions because such agencies are better positioned to understand the nature of their regulated entities in a manner that could reasonably inform future expectations. [511 ] As discussed in the Agencies' analyses, there is a general anticipation that future PPSIs that would be IDI subsidiaries would not be able to qualify as small by virtue of the dollar amount of their own offering/issuance. Additionally, it is not clear that the subsidiary of an institution that is not itself small would be eligible to obtain an independent designation as small. For these reasons, it may be unlikely that a small IDI-subsidiary PPSI could exist. FinCEN and OFAC are requesting comment on (1) the reasonableness of an expectation that a future small IDI-subsidiary PPSI might exist and, if so (2) the expected significance of the proposed rule's economic impact on such a small entity.

b. Other PPSIs

To examine the expected impact of the proposed rule on small entities, FinCEN and OFAC used two steps: the first step estimates the total number of small entities affected by the proposed rule, and the second step estimates the significance of this impact on those entities.

1. Estimated Number of Small Potential PPSIs

The SBA definition of “small entity” at 13 CFR 121.201 includes businesses, nonprofits, and small government entities with less than 50,000 residents. It is worth noting that some stablecoin issuers are organized as nonprofit entities and are included in this count.

Based on analysis of the distribution of data described above, [512 ] FinCEN and OFAC are proposing a “small entity” definition that corresponds closely to the 80th percentile threshold, which was rounded to $200 million for convenience in the proposed rule. The proposed $200 million threshold would capture approximately 84 percent of stablecoin issuers, which together hold approximately one percent of aggregate average total assets.

Using the same methods discussed earlier, [513 ] FinCEN and OFAC identified 25 potential future PPSIs from among these stablecoin issuers, and among these, approximately 19 had fewer than $200 million in total circulating stablecoin product values.

2. Expected Effect on FQPSIs

To contextualize the relative significance of costs associated with the proposed rule for small stablecoin issuing entities, FinCEN and OFAC used the estimates of total assets described earlier to estimate likely revenues for such issuers. [514 ] As referenced earlier, [515 ] stablecoin issuers generally derive revenue from investment returns on their reserve holdings. As stated in the Act, PPSIs are permitted to invest reserve funds in several different types of asset class, including government backed securities. Based on prevailing interest rates, FinCEN and OFAC estimated that stablecoin issuers were likely to receive returns of about five percent on invested funds. While actual returns may fluctuate and fall below or above this estimate, this value represents an average for estimation purposes. To validate this assumption, FinCEN reviewed actual reported revenue values. While five percent of total assets was generally within the same order of magnitude as actual reported revenue, actual revenues often exceeded five percent.

Returns more than prevailing rates for government-issued fixed income securities can be due to several factors. First, issuers often “over collateralize” their products, meaning that they hold larger reserve portfolios than are required to redeem every coin at par value. This practice helps protect from market fluctuations and affords issuers greater flexibility during times of financial stress. In such cases, stablecoin issuers have reserve portfolios that are larger than the circulating value of their products, leading to returns in excess of those implied by multiplying their circulating value by prevailing rates of return for common reserve investments. Stablecoin issuers may also invest excess reserves in higher-yielding products or loans whose rates of return exceed those of government-backed securities. In addition to this, several other factors might lead to larger returns. For example, stablecoin issuers may offer certain fee-based services to customers, and may account for certain unrealized gains as revenue, increasing reported revenue levels.

Bearing these factors in mind, FinCEN and OFAC retained five percent of total assets as a reasonable benchmark for revenue. This parameter was chosen to retain an estimate of revenue that does not minimize costs or possible fluctuations in returns. By using a conservative but realistic estimate, ( printed page 18652) FinCEN and OFAC avoid underestimating the relative impact of compliance costs associated with the proposed rule. FinCEN and OFAC request comment on this benchmark.

In section XII.A.4.ii.a, FinCEN and OFAC discussed the expected costs of compliance with the proposed rule for PPSIs. In that section, the first-year incremental cost for a small PPSI was estimated to be approximately $13,737 per IDI-subsidiary PPSI and $22,987 per non-IDI subsidiary PPSI, and approximately $5,249 per IDI-subsidiary PPSI and $13,540 per non-IDI subsidiary PPSI in each year thereafter.

Table 20 presents FinCEN and OFAC's estimates of the share of small entity PPSIs that would experience significant impact as a result of the estimated first-year incremental compliance costs with the proposed rule and the anticipated average compliance costs each year thereafter. FinCEN and OFAC request public comment on the general accuracy of these estimates of the impact to small entities. In an effort to avoid understating the effect on small entities, FinCEN and OFAC conservatively base the calculation on the estimated costs for small non-IDI subsidiary PPSIs.

| Cost year | Modeled AML/CFT program cost | Percentage of small entities for which Year-1 AML/CFT program costs exceed 1% of modeled
revenue | Percentage of small entities for which Year-1 AML/CFT program costs exceed
3% of
modeled revenue |
| --- | --- | --- | --- |
| 1 | $23,000 | 71 | 61 |
| 2+ | 13,700 | 68 | 39 |

c. Small Entity PPSI Customers

While a substantial number of the firms that FinCEN and OFAC anticipate would be required to provide customer information to the PPSIs they wish to engage in direct transactions with, the cost of provisioning this information is expected to be de minimis relative to the average revenue of these firms. [516 ] Based on the estimated costs as described in section XII.A.4.ii.c and the average annual revenue values in table 19, the expected cost to legal entity customers by type are .002 percent and .008 percent of revenue, respectively. Therefore, while a substantial number of businesses may be providing information to issuers, FinCEN and OFAC do not contemplate that this requirement would constitute a significant effect when considered in relation to their overall financial positions.

3. Other Matters: Duplicate, Overlapping, Conflicting, and Alternative Requirements

FinCEN and OFAC are unaware of any existing Federal regulations that would overlap or conflict with the proposed rule. While FinCEN and OFAC are mindful of concurrent GENIUS Act rulemakings that are related to the proposed requirements in this rulemaking, neither FinCEN nor OFAC anticipate a conflict between those proposed rules and this NPRM. As previously discussed in section XII.A.2.i.d, the Agencies' proposed rules will require a prospective PPSI to include in its registration submission a certification that the prospective PPSI has established and maintains the programs proposed in this NPRM. The Agencies' proposed rules would also require a PPSI that has been granted its registration to continue to provide re-certification of its AML/CFT program and its sanctions compliance program on an annual basis in the years following initial registration. Because the certification requirements are ancillary to the actual program establishments and ongoing maintenance that the certifications attest to, FinCEN and OFAC do not anticipate conflict with concurrently proposed regulations.

The following sections reiterate FinCEN specific alternatives that were previously discussed in section XII.A.5.i related to the expected costs and potential benefits to small entities.

As previously referenced in section XII.A.5.i.a, FinCEN considered exempting from or modifying requirements for small entities. In that section, FinCEN opted against this exclusion for several reasons. Firstly, because PPSI status is a voluntary designation, small entities wishing to elsewise adhere to another regulatory standard have certain abilities to do so, and thereby not incur the full burdens associated with the proposed PPSI requirements even without seeking and obtaining an exemption from the Secretary. Secondly, creating some category of PPSI for small issuers that would entail lessened AML/CFT requirements would conceivably result in the targeting of these PPSIs by illicit actors seeking to circumvent regulatory scrutiny. Lastly, FinCEN's analysis indicates that most technology services that enable AML/CFT functions as described here are highly scalable, allowing small PPSIs to readily identify and employ more cost-effective options.

In addition, as discussed in greater detail in section XII.A.5.b, FinCEN also considered adopting additional BOI reporting requirements for new legal entity customers. Because many primary market customers of potential PPSIs are themselves small businesses, such a requirement that expanded reporting requirements beyond the information that is already provided in the ordinary course of business may have presented an incremental cost for some number of these small entities. However, as discussed in that section, FinCEN opted not to augment these requirements for several reasons. First, many stablecoin issuers already collect this additional information in the course of business, and are best situated to determine what, if any, additional information is necessary to make risk-based decisions about a customer. Secondly, the absence of this information does not exempt an issuer from the responsibility to assess the risk associated with specific customers or their transactions, and thus it is the prerogative of the issuer to determine whether or not such additional information is necessary to conduct risk-based screening and analysis. By not pursing this regulatory alternative, the requirements FinCEN is proposing instead would impose lower costs on both small PPSIs and PPSI customers that are small entities.

D. Unfunded Mandates Reform Act

The UMRA requires that an agency prepare a statement before promulgating a rule that may result in expenditure by ( printed page 18653) the state, local, and Tribal governments, in the aggregate, or by the private sector, of $193 million or more in any one year ($100 million in 1995, adjusted for inflation). [517 ] Section 202 of UMRA also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule.

As discussed above, [518 ] FinCEN and OFAC have not estimated the number of potential future SQPSIs given the inherently speculative nature of such an exercise at this time. Consequently, FinCEN and OFAC are unable to more fulsomely assess the potential burden to state, local, and Tribal governments of the proposed rule and currently do not expect any additional expenditures by these parties as an incremental cost of the proposed rule. However, FinCEN and OFAC's expectation that this rulemaking will not cause material changes in State expenditures should be understood as relating only to the impact of this rulemaking and not to the impact of the GENIUS Act writ large. The GENIUS Act envisions an active role for the States in the regulation of PPSIs as a complement to federal regulation.

While the analysis above [519 ] and below [520 ] indicate that the proposed rule is not expected to impose incremental novel expenditures on the private sector of $193 million or more, and hence that additional economic analysis pursuant to UMRA requirements is not strictly necessary, FinCEN and OFAC believe that the preceding assessment of impact, generally, and consideration of policy alternatives, specifically, would satisfy the UMRA's analytical requirements. FinCEN and OFAC invite public comment on any additional factors that, if considered, would materially alter the conclusions of this assessment.

E. Paperwork Reduction Act

The recordkeeping and reporting requirements in the proposed rule, which qualify as “collections of information” under the PRA, will be submitted to OMB for review in accordance with the PRA. [521 ] Under the PRA, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid control number assigned by OMB. [522 ] Written comments and recommendations for the proposed information collection can be submitted by visiting https://www.reginfo.gov/​public/​do/​PRAMain. Find this particular document by selecting “Currently Under Review—Open for Public Comments” or by using the search function. Comments are welcome and must be received by June 9, 2026.

1. FinCEN

In accordance with requirements of the PRA, 44 U.S.C. 3506(c)(2)(A), and its implementing regulations, 5 CFR part 1320, the following information concerning the collection of information as it relates to the PPSI AML/CFT requirements is presented to assist those persons wishing to comment on the information collections. [523 ]

i. Description of Affected Financial Institutions and OMB Control Numbers

OMB Control Number(s): 1506-[XXXX].

Description of Affected Entities: Only those covered financial institutions defined in section 31 CFR 1010.100(t)(11) (i.e., PPSIs) would be affected.

Estimated Number of Respondents: 50 PPSIs.

FinCEN estimates an average population of approximately 50 PPSIs in each of the first three years of an effective final rule, comprised of approximately 20 non-IDI subsidiary PPSIs and 30 IDI-subsidiary PPSIs. [524 ] FinCEN expects these entities to each have an average of 650 new customers annually. [525 ]

As this is a developing market, FinCEN acknowledges the significant uncertainty regarding the number of banks that would apply to issue payment stablecoins, either independently or through consortia and other partnerships, or engage in other permitted payment stablecoin activities through a subsidiary. However, as discussed earlier, FinCEN estimates that PPSIs associated with insured depository institutions would have certain reduced AML/CFT program-related expenses due to their position within an insured depository institution parent's existing AML/CFT program.

ii. Estimated Annual Burden Hours

FinCEN has identified nine primary cost elements resulting from the recurring recordkeeping and reporting costs associated with the requirements of the proposed rule. These are (1) establishing and maintaining a written AML/CFT program, (2) ongoing customer due diligence, (3) BOI-related customer due diligence, (4) CTRs, (5) SARs, (6) recordkeeping and travel rule requirements, (7) information sharing, (8) special standards of diligence requirements, and (9) special measure requirements.

a. Recordkeeping Burden Associated With Establishing and Maintaining an AML/CFT Program

PPSIs subject to requirements in the proposed rule would need to establish and maintain an AML/CFT program that meets the minimum requirements of the BSA. This program must be approved, stored, and produced upon request. FinCEN expects that on average, each PPSI would spend approximately 30 hours on this activity in the first year, and approximately ten hours annually in subsequent years.

b. Recordkeeping Burden Associated With Ongoing Customer Due Diligence

The proposed rule would require PPSIs to implement appropriate risk-based procedures for conducting ongoing customer due diligence. Specifically, PPSIs would be required to (1) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile and (2) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. FinCEN estimates this activity would take an average of 50 hours per PPSI annually.

c. Recordkeeping Burden Associated With BOI-Related Customer Due Diligence

In addition, PPSIs would be required to identify and verify beneficial owners of new accounts opened by legal entity customers. The PPSI may obtain the required identifying information by either obtaining a prescribed certification form from the individual opening the account on behalf of the legal entity customer, or by obtaining from the individual the information required by the form by another means, provided the individual certifies to the ( printed page 18654) best of the individual's knowledge the accuracy of the information.

PPSIs must maintain a record of customers' identifying information and a description of any document relied on for verification, including a description of any non-documentary methods and results of any measures undertaken, and the resolutions of substantive discrepancies. PPSIs would be required to retain such records used to identify each beneficial owner for five years after the date the account is closed and would also be required to retain records used to verify the identity of each beneficial owner for five years after the record is made.

FinCEN estimates this activity would take an average of 0.25 hours per new customer. Given an average of 650 new customers per year, this would result in an annual burden of 162.5 hours per PPSI.

d. Recordkeeping and Reporting Burden Associated With CTRs

As discussed in section VI.C.7, entities subject to the AML/CFT program requirements of the BSA are obligated to file CTRs. Because stablecoin issuance and redemption is typically a digital-only business, FinCEN considers costs associated with filing CTRs to be de minimis for regulated entities. Therefore, FinCEN assigns zero cost to this requirement, but includes it here for pro forma completeness.

e. Recordkeeping and Reporting Burden Associated With SARs

Under the proposed rule, PPSIs would be required to conduct ongoing monitoring of customers' transactions and file SARs when appropriate. In addition, PPSIs would be required to maintain copies of filed SARs and the underlying related documentation for a period of five years from the date of filing. FinCEN utilized the findings in a recent Bank Policy Institute report on the number of suspicious activity alerts that turned into cases (i.e., alerts that are not considered false positives) and concluded in the filing of a SAR (approximately 42 percent) to infer that for each case filed as a SAR, approximately 1.4 cases were not filed. [526 ] While there is no requirement to report or retain unfiled suspicious activity alerts, FinCEN considers this activity to be part of the overall burden of SAR reporting and recordkeeping.

FinCEN estimates that PPSIs would file a weighted annual average of 190 SAR filings and have 266 unfiled cases. With an estimated hourly burden of 1.5 hours per SAR filing and 0.5 hours per unfiled case, together, these activities are estimated to take 418 hours annually per PPSI.

f. Recordkeeping Burden Associated With Proposed Recordkeeping and Travel Rule Requirements

The proposed rule would require PPSIs to comply with certain recordkeeping obligations, including recording and maintaining originator and beneficiary information for certain transactions. As discussed in section XII.A.4.ii.a. 7, FinCEN expects the primary burden from these requirements to stem from compliance with proposed requirements related to the Recordkeeping and Travel Rules which ae codified at 31 CFR 1010.410(e) and (f), respectively. The Recordkeeping and Travel Rules respectively require financial institutions to collect and retain records for funds transfers and transmittals of funds in amounts of $3,000 or more and to transmit information on certain funds transfers and transmittals of funds to other financial institutions participating in the transfer or transmittal. Cumulatively, FinCEN estimates the annual recordkeeping burden per PPSI for these requirements would be approximately 20 hours.

g. Recordkeeping Burden Associated With Information Sharing

The proposed rule would require PPSIs to implement the information sharing procedures contained in section 314(a) of the USA PATRIOT Act. Section 314(a) requires financial institutions, upon FinCEN's request, to search their records to determine whether they have maintained an account or conducted a transaction with a specified individual, entity, or organization that a law enforcement agency has certified is suspected, based on credible evidence, of engaging in terrorist activity or money laundering. FinCEN estimates the annual hourly burden of complying with the requirements under section 314(a) would be approximately one hour for each regulated entity.

h. Recordkeeping Burden Associated With Special Standards of Diligence Requirements

Under the proposed rule, PPSIs would be required to apply enhanced due diligence for correspondent and private banking accounts. The scope of the annual PRA burden and cost estimates in this renewal is limited to maintaining and updating the due diligence programs as part of current AML/CFT program requirements.

Due to the practical challenges of obtaining the total number of correspondent accounts maintained for foreign financial institutions subject to general due diligence requirements, the number of correspondent accounts maintained for foreign banks subject to enhanced due diligence requirements, and the number of private banking accounts, the scope of the annual PRA burden is limited to the annual burden of (1) establishing and maintaining a due diligence program as part of the AML/CFT program for foreign correspondent accounts and private banking accounts, and (2) securing approval of the program by an appropriate level of senior management.

FinCEN estimates the annual hourly burden of establishing and maintaining the due diligence program for foreign correspondent accounts and private banking accounts and obtaining program approval at two hours per PPSIs. This estimate covers the burden of (1) establishing and maintaining the due diligence program to take into consideration any regulatory changes and any potential modifications required by changes in the types of foreign correspondent accounts or private banking accounts maintained, or by changes in the operations or organizational structure of the foreign financial institutions for which a covered financial institution maintains accounts, as well as changes to the organizational structure of private banking accounts (one hour), and (2) presenting the updated due diligence program to the appropriate level of senior management of the financial institution for approval (one hour).

i. Recordkeeping Burden Associated With Special Measure Requirements

As discussed in section VI.C.11.iii, the rule proposes that PPSIs be required to comply with special measures issued pursuant to the sections 311, 9714(a), and 2313a to maintain the options available under these sections to protect the U.S. financial system from certain illicit finance threats. FinCEN assumes that all 50 PPSIs would have foreign correspondent accounts and would therefore incur costs associated with the special measures under section 311.

Consistent with the approach outlined in FinCEN's recent 60-day notice, [527 ] FinCEN estimates the average burden for the 20 non-IDI subsidiary PPSIs ( printed page 18655) would be approximately eight hours in the first year for general recordkeeping activities. FinCEN assumes that the 30 IDI-subsidiary PPSIs would leverage the special measure processes that are already in place and would therefore each incur only a 0.5-hour burden in the first year. FinCEN assumes that in subsequent years, all 50 PPSIs would incur an annual 18-minute burden associated with notification.

j. Total Annual Burden

Tables 21 and 22 present the annual burden hours per respondent and total annual burden hours for all affected PPSIs for year one and years two and three, respectively. [528 ] FinCEN estimates a three-year annual burden of 672 hours per PPSI [529 ] and a three-year average annual burden of 33,577 hours for all 50 PPSIs.

| Provision | Hours per
response | Number of
responses | Hours per
respondent | Number of
respondents | Total
burden
hours |
| --- | --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it upon request) | 30 | 1 | 30 | 50 | 1,500 |
| Ongoing customer due diligence | 50 | 1 | 50 | 50 | 2,500 |
| BOI-related customer due diligence | 0.25 | 650 | 162.5 | 50 | 8,125 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 50 | 0 |
| Recordkeeping and reporting of SARs | 1.5 | 190 | 285 | 50 | 14,250 |
| Recordkeeping of unfiled suspicious activity cases | 0.5 | 266 | 133 | 50 | 6,650 |
| Recordkeeping and Travel Rule requirements | 20 | 1 | 20 | 50 | 1,000 |
| Information sharing requirements (314(a)) | 1 | 1 | 1 | 50 | 50 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 1 | 2 | 50 | 100 |
| Special measures (non-IDI subsidiary PPSIs) | 8 | 1 | 8 | 20 | 160 |
| Special measures (IDI-subsidiary PPSIs) | 0.5 | 1 | 0.5 | 30 | 15 |
| Total | | | | 50 | 34,350 |

| Provision | Hours per
response | Number of
responses | Hours per
respondent | Number of
respondents | Total
burden
hours |
| --- | --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it upon request) | 10 | 1 | 10 | 50 | 500 |
| Ongoing customer due diligence | 50 | 1 | 50 | 50 | 2,500 |
| BOI-related customer due diligence | 0.25 | 650 | 162.5 | 50 | 8,125 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 50 | 0 |
| Recordkeeping and reporting of SARs | 1.5 | 190 | 285 | 50 | 14,250 |
| Recordkeeping of unfiled suspicious activity cases | 0.5 | 266 | 133 | 50 | 6,650 |
| Recordkeeping and Travel Rule requirements | 20 | 1 | 20 | 50 | 1,000 |
| Information sharing requirements (314(a)) | 1 | 1 | 1 | 50 | 50 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 1 | 2 | 50 | 100 |
| Special measures | 0.3 | 1 | 0.3 | 50 | 15 |
| Total | | | 664 | 50 | 33,190 |

iii. Estimated Annual Cost

Tables 23 and 24 present the average annual cost per respondent and total annual cost for all affected PPSIs for year one and years two and three, respectively. FinCEN estimates the three-year average annual cost of recordkeeping and reporting requirements under the proposed rule to be approximately $4.2 million, with a three-year average annual cost of $83,660 per PPSI.

| Provision | Hours per
respondent | Average
cost per
respondent | Total
burden
hours | Total cost |
| --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it upon request) | 30 | $3,737 | 1,500 | $186,870 |
| ( printed page 18656) | | | | |
| Ongoing customer due diligence | 50 | 6,229 | 2,500 | 311,450 |
| BOI-related customer due diligence | 162.5 | 20,244 | 8,125 | 1,012,213 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 0 |
| Recordkeeping and reporting of SARs | 285 | 35,505 | 14,250 | 1,775,265 |
| Recordkeeping of unfiled suspicious activity cases | 133 | 16,569 | 6,650 | 828,457 |
| Recordkeeping and Travel Rule requirements | 20 | 2,492 | 1,000 | 124,580 |
| Information sharing requirements (314(a)) | 1 | 125 | 100 | 6,229 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 249 | 100 | 12,458 |
| Special measures (non-IDI subsidiary PPSIs) | 8 | 997 | 160 | 19,933 |
| Special measures (IDI-subsidiary PPSIs) | 0.5 | 62 | 15 | 1,869 |
| Total | | | 34,350 | 4,279,323 |

| Provision | Hours per
respondent | Average
cost per
respondent | Total
burden
hours | Total cost |
| --- | --- | --- | --- | --- |
| Establishing and maintaining the written AML/CFT program (including program approval, storing the program, and producing it upon request) | 10 | $1,246 | 500 | $62,290 |
| Ongoing customer due diligence | 50 | 6,229 | 2,500 | 311,450 |
| BOI-related customer due diligence | 162.5 | 20,244 | 8,125 | 1,012,213 |
| Recordkeeping and reporting of CTRs | 0 | 0 | 0 | 0 |
| Recordkeeping and reporting of SARs | 285 | 35,505 | 14,250 | 1,775,265 |
| Recordkeeping of unfiled suspicious activity cases | 133 | 16,569 | 6,650 | 828,457 |
| Recordkeeping and Travel Rule requirements | 20 | 2,492 | 1,000 | 124,580 |
| Information sharing requirements (314(a)) | 1 | 125 | 100 | 6,229 |
| Establishing and maintaining the enhanced due diligence program (including program approval) | 2 | 249 | 100 | 12,458 |
| Special measures | 0.3 | 37 | 15 | 18,869 |
| Total | 664 | 82,696 | 33,190 | 4,134,810 |

iv. Summary of Burden and Cost Estimates

Estimated Number of Respondents: 50 PPSIs.

Estimated Average Aggregate Annual Recordkeeping and Reporting Burden: 33,577 hours.

Estimated Average Aggregate Annual Recordkeeping and Reporting Cost: $4.18 million.

2. OFAC

In accordance with requirements of the PRA, 44 U.S.C. 3506(c)(2)(A), and its implementing regulations, 5 CFR part 1320, the following information concerning the collection of information as it relates to the proposed PPSI sanctions compliance program requirements is presented to assist those persons wishing to comment on the information collections. [530 ]

OFAC will submit a request for a new OMB control number for some of the specific, new information collection and recordkeeping requirements for PPSIs to maintain an effective sanctions compliance program under this proposed rulemaking to implement the GENIUS Act. OFAC is proposing a new part 502 to chapter V of the CFR entitled the “Payment Stablecoin Effective Sanctions Compliance Program Regulations” to effectuate the GENIUS Act's effective sanctions program requirement. The proposed information collection covered by this notice includes some of the requirements for an effective sanctions compliance program to be maintained by PPSIs. Even though the proposed sanctions compliance program prescribed five categories of requirement, only two are expected to engender recordkeeping burdens for purposes of the PRA: (1) internal controls (including maintaining written policies and procedures and certification of PPSI status) and (2) maintaining the records of results from testing and auditing and any enhancements identified for the sanctions compliance program will be covered by this information collection. Because a recordkeeping burden associated with the internal controls requirements of the anti-money laundering/counter-terrorist financing (AML/CFT) program is already accounted for under FinCEN's requested new OMB control number 1506-[XXXX], no additional burden is assigned here to avoid double counting activities that may have substantial functional overlap. The only cost and burden calculation itemized below pertains to the requirement to maintain the records of the results of, and any enhancements made following the testing and auditing mandated by the proposed rule for a PPSI's sanctions compliance program.

i. Description of Impacted Financial Institutions and OMB Control Numbers

The likely respondents and recordkeepers affected by the information collections covered by this authority are PPSIs. OFAC's current annual assessment of burden considers the number and type of information collection and recordkeeping requirements necessary for record retention under testing and auditing controls to maintain an effective sanctions compliance program for ( printed page 18657) PPSIs. The submissions covered by this information collection will be reviewed by the U.S. Department of the Treasury and may be used for sanctions reconsiderations and other regulatory or administrative actions by OFAC under its authorities.

OFAC will submit a request for a new OMB control number for the new recordkeeping requirements for testing and auditing for PPSIs to maintain a sanctions compliance program under this proposed rulemaking to implement the GENIUS Act. The internal controls burden is part of broader overall AML/CFT internal controls and are therefore accounted for under FinCEN's requested new OMB control number 1506-[XXXX].

ii. Estimated Annual Burden Hours

OFAC estimates that the average time for information collection for the recordkeeping requirements under the sanctions compliance program testing and auditing elements to be 100 hours for the industry.

iii. Estimated Annual Cost

The estimated total annual reporting burden associated with the information collections authorized under this authority is expected to cost approximately $12,458 for the industry.

iv. Summary of Burden and Cost Estimates

The estimated total annual reporting burden associated with the information collections authorized under this authority is expected to cost approximately $12,458 for the industry. Under this information collection, the estimated annual frequency of retaining record for audit and testing is once per year. OFAC's estimate for the number of unique entities annually is approximately 50 PPSIs. OFAC estimates that the average time for information collection and recordkeeping requirements to be 100 hours for industry.

3. General Request for Comments Under the Paperwork Reduction Act

Comments submitted in response to this proposed rule will be summarized and included in a request for OMB approval. All comments will become a matter of public record. FinCEN and OFAC invite comments on: (1) whether the collection of information is necessary for the proper performance of the mission of FinCEN and OFAC, including whether the information shall have practical utility; (2) the accuracy of FinCEN and OFAC's estimate of the burden of the collection of information; (3) ways to enhance the quality, utility, and clarity of the information to be collected; (4) ways to minimize the burden of the collection of information on reporting persons, including through the use of technology; and (5) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services required to provide information.

F. Additional Requests for Comment

  1. This RIA utilizes an assumption of presumed compliance with baseline regulatory requirements. Is there any reason to alternatively expect that the proposed rule, if adopted as a final rule, would independently alter the likelihood that a previously non-complaint entity would newly seek to come into compliance? If so, how would this alter the current expected balance of benefits to costs of the rule as proposed? Please provide data, studies, or anecdotal evidence that FinCEN and OFAC should take into consideration.

  2. The assumption that all potential PPSIs would either be (1) affiliated with depository institutions as a subsidiary or as part of consortium or (2) successors to entities already registered as MSBs is foundational to FinCEN and OFAC's assessment of the incremental changes the proposed rule would introduce. Is this assumption reasonable? Additionally, is the projected distribution of 60 percent IDI-subsidiary PPSIs and 40 percent non-IDI subsidiary PPSIs reasonable? If not, are there specific sources of empirical evidence or data that would suggest these assumptions should be revised? Please provide data, studies, or anecdotal evidence that would support the suggested alternative assumptions.

  3. FinCEN and OFAC's estimate of the population of potential PPSIs incorporates certain assumptions about the willingness and/or likelihood of current stablecoin issuers to change certain features of their present product offerings to meet PPSI product requirements. Are there concerns about the reasonableness of this approach? Please provide data, studies, or any other information that might inform a more accurate assessment of how likely current stablecoin issuers are to change PPSI-disqualifying features or launch alternative products.

  4. FinCEN and OFAC assume a total affected population of approximately 50 PPSIs on average in each of the first three years of an effective final rule. Are FinCEN and OFAC's implied assumptions regarding market entry and attrition rates and the resulting population estimate reasonable? If not, please provide data, studies, or reports that would enhance FinCEN and OFAC's ability to estimate the expected size of the affected population.

  5. The RIA in this NPRM does not include a forecasted population of potential future SQPSIs as a specific category of PPSIs due to limitations in data availability. Please provide data, studies, or anecdotal evidence that would enable analysis of the potential effects of the proposed requirements on SQPSIs, generally, and small SQPSIs in particular.

  6. Stablecoin issuers, or potential stablecoin issuers, can seek PPSI status through various paths, including as a subsidiary of a depository institution, an uninsured national bank, or as another subtype of FQPSI or as a SQPSI. How likely are stablecoin issuers to choose each path?

  7. FinCEN and OFAC formed certain expectations about the number of primary market customers a typical PPSI would have based on data regarding current stablecoin issuers. Are there other sources of data or other methods to more accurately estimate how many unique primary market customers a typical issuer of payment stablecoin-like products interacts with? What costs do these stablecoin issuers face in collecting customer information from these entities? How many of these customers are new to the issuer on an annual basis?

  8. FinCEN and OFAC have conservatively assumed that the majority of future PPSI customers would either be financial institutions that trade a broad range of stablecoin products as part of their investment portfolios or digital asset exchanges that provide off-chain liquidity to retail customers for a similarly broad range of stablecoin products, and that these PPSI customers would each need to provide information about themselves to a PPSI once per year. How reasonable are these assumptions and expectations? How many new issuing/redeeming relationships do current primary market customers for payment stablecoin-like products typically initiate on an annual basis?

  9. Are there other distinct, identifiable subpopulations of the general public that could reasonably be expected to be directly affected by the proposed rules and should have been separately considered in the RIA? To what extent could their exclusion have substantive effects on the RIA's assessment of economic impact? Please provide data, studies, or reports that would enhance FinCEN or OFAC's ability to identify and quantify such effects.

  10. FinCEN and OFAC imposed certain conservative assumptions about the incremental costs of implementing ( printed page 18658) technology to block, freeze, and reject stablecoin transactions, while recognizing in their assessment of current market practices that the proposed requirements would not represent an incremental cost for many stablecoin issuers who appear to already have this technology. How common is this technology to stablecoin issuers? How costly is it, and do costs recur on an annual basis? Is there a substantive difference in costs to obtain and/or retrofit such technology after a stablecoin has already been issued?

  11. Please provide data on the number of hours or specific costs associated with current stablecoin issuers' review of suspicious activity and SAR reporting. How generalizable are the data points provided to expected future PPSIs?

  12. FinCEN and OFAC assume that many stablecoin issuers may have incentives to become PPSIs but did not have sufficient information to quantify these when analyzing the expected benefits of the proposed rule. Please describe any incentives that would be driving factors in a stablecoin issuer's decision to apply for PPSI status and, if applicable and to the extent feasible, include the expected magnitude of anticipated financial or economic benefit to the stablecoin issuer and comment on the generalizability to other similar issuers.

  13. Are there any additional cost categories associated with establishment and maintenance of the proposed AML/CFT programs and/or the proposed sanctions compliance program that FinCEN and OFAC have failed to consider? If so, please describe. To what extent would a failure to separately consider these costs affect the conclusions of the RIA?

  14. FinCEN and OFAC assumed that many of the same resources would be utilized by PPSIs to provide and complete the sanctions compliance program-specific training and AML/CFT training that the proposed rules would require. Is this a reasonable assumption? If not, please provide data, studies, or anecdotal evidence that would support an alternative assumption.

  15. FinCEN and OFAC's assessment of economic impact assumes future PPSIs would incur lower training implementation costs relative to other financial institutions with larger employee bases and broader arrays of clients, like traditional banks or broker-dealers. Is this a reasonable assumption? If not, please provide data, studies, or anecdotal evidence that would support an alternative assumption.

  16. FinCEN and OFAC request comment on the alternative policy options presented and their anticipated economic effect.

  17. The economic expectation that the proposed rule may have a significant economic impact on a substantial number of certain types of potentially affected small entities is sensitive to key assumptions about how potentially affected financial institutions would respond to the proposed requirements. FinCEN and OFAC request comment on whether it would instead be more reasonable to certify that the proposed rule would not have a significant economic impact on a substantial number of small entities.

  18. FinCEN and OFAC are requesting comment on the reasonableness of an expectation that, in the future, small IDI-subsidiary PPSI would exist. Are there data, studies, or anecdotal information that would suggest these kinds of PPSIs should be expected? If so, please comment on the expected population size and the anticipated significance of the proposed rule's economic impact on such small entities.

  19. In the IRFA, FinCEN and OFAC utilized a threshold of less than $200 million in total reserve assets to define a small non-bank payment stablecoin issuer. Please comment on the general soundness of this approach and/or suggest additional methodologies to the extent that an alternative approach would have been more appropriate.

  20. In the IRFA, FinCEN and OFAC estimated firms' revenue for non-IDI subsidiary potential PPSIs as five percent of total reserve assets. Please comment on the general soundness of this approach and/or suggest additional methodologies to the extent that an alternative approach would have been more appropriate.

  21. FinCEN and OFAC do not anticipate that the proposed rule would result in novel incremental aggregate expenditures by State, local, or Tribal governments, or by the private sector of $193 million or more in any one year. Is there any empirical evidence that could be used to support expectations to the contrary? If so, what studies, data, or anecdotal evidence should have been taken into consideration?

  22. Which states are likely to take action in response to this proposed rule, and what actions are states likely to take? Please provide data, studies, reports, or anecdotal evidence that would enhance FinCEN and OFAC's ability to identify and quantify such effects.

  23. Should FinCEN reconsider the potential for standalone incremental economic effects attributable to the definitions as proposed in section VI.C.1, collectively or individually, in the context of the requirements proposed in this NPRM? If so, please describe the effects anticipated and their expected economic significance.

  24. Are FinCEN's analyses of the average costs for each component the AML/CFT framework as outlined in section XII.A.4.ii.a an accurate reflection of the costs faced by current issuers of products that resemble future payment stablecoins? If not, are there specific sources of empirical evidence or data that would suggest these burden estimates should be revised? Please provide data, studies, or anecdotal evidence that would support any suggested revisions. Are there reasons to expect that the cost profile for future PPSIs would substantively differ from the cost profile for current comparable stablecoin issuers?

  25. FinCEN assumed that some PPSIs would interact with foreign banking entities as primary market customers and may therefore incur costs associated with special standards of diligence and/or the imposition of certain special measures and therefore conservatively assigned the related expected compliance burden to all expected future PPSI in its cost models. Is this a reasonable approach? If not, what share of stablecoin issuers should be expected to interact with foreign entities as primary market customers? Please provide data, studies, or anecdotal evidence that would enhance FinCEN's ability to estimate the affected population.

  26. Are there any additional, distinct categories of cost associated with the establishment and maintenance of an AML/CFT program or otherwise associated with ensuring compliance with the proposed AML/CFT program requirements that FinCEN should have articulated and separately taken into consideration? If so, please discuss the extent to which failure to include such considerations would materially alter FinCEN's conclusions or expectations of economic impact.

  27. Please provide comments on the policy alternatives FinCEN considered. In particular, do FinCEN's expectations about the anticipated balance of costs to benefits of the alternatives considered relative to the rule, as proposed, comport with market expectations?

  28. For the purposes of this economic analysis, is it appropriate for OFAC to estimate the incremental effects of the proposed rule based on the presumption of full compliance by U.S. persons with sanctions law as currently administered by OFAC?

  29. Should OFAC reconsider the potential for standalone incremental economic effects attributable to the ( printed page 18659) definitions as proposed in section VII.C, collectively or individually, in the context of the requirements proposed in this NPRM? If so, please describe the effects anticipated and their expected economic significance.

  30. OFAC considers that in practice, regulated persons do not typically maintain sanctions compliance as a standalone function but operationalize sanctions compliance as an integrated component of an entity's broader AML compliance framework, and therefore combine the costs associated with sanctions compliance with AML frameworks. Is this a reasonable assumption?

  31. OFAC estimated that retaining records for both audit activities and enhancements made to sanctions compliance programs would require only a couple of hours annually. How reasonable is this estimate?

  32. Are there any additional, distinct categories of cost associated with the establishment and maintenance of a sanctions compliance program or otherwise associated with ensuring compliance with the proposed rule that OFAC should have articulated and separately taken into consideration? If so, please describe.

  33. OFAC's analysis notes that its proposed rule will not create incremental costs for primary market customers of PPIs. Is OFAC's analysis reasonable? If not, please provide defensible methods or data, studies, or anecdotal evidence that OFAC could use to estimate the economic burden its proposed rule would have on direct customers of PPSIs.

List of Subjects

31 CFR Part 502

  • Administrative practice and procedure
  • Banks
  • Banking
  • Blocking of assets
  • Credit
  • Foreign trade
  • Payment stablecoins
  • Penalties
  • Permitted payment stablecoin issuer
  • Reporting and recordkeeping requirements
  • Sanctions
  • Securities
  • Services

31 CFR Part 1010

  • Administrative practice and procedure
  • Authority delegations (Government agencies)
  • Banks, banking
  • Brokers
  • Business and industry
  • Citizenship and naturalization
  • Commodity futures
  • Crime
  • Currency
  • Electronic filing
  • Federal savings associations
  • Foreign persons
  • Holding companies
  • Indian—law
  • Indians
  • Insurance companies
  • Intergovernmental relations
  • Investigations
  • Law enforcement
  • Penalties
  • Reporting and recordkeeping requirements
  • Small businesses
  • Securities
  • Terrorism

31 CFR Part 1033

  • Administrative practice and procedure
  • Banks, banking
  • Business and industry
  • Electronic filing
  • Foreign persons
  • Investigations
  • Law enforcement
  • Reporting and recordkeeping requirements
  • Terrorism For the reasons stated in the preamble, the Office of Foreign Assets Control proposes to amend 31 CFR chapter V and the Financial Crimes Enforcement Network proposes to amend 31 CFR chapter X as follows:

Title 31—Money and Finance: Treasury

CHAPTER V—OFFICE OF FOREIGN ASSETS CONTROL, DEPARTMENT OF THE TREASURY

  1. Add part 502 to read as follows:

PART 502—PERMITTED PAYMENT STABLECOIN ISSUER EFFECTIVE SANCTIONS COMPLIANCE PROGRAM REGULATIONS

Subpart A—General Provisions 502.101 Relation of this part to other laws and regulations. 502.102 Records and reports. 502.103 Procedures. 502.104 Paperwork Reduction Act notice. Subpart B—Effective Sanctions Compliance Program Requirements 502.201 Effective sanctions compliance program requirements for permitted payment stablecoin issuers. 502.202 [Reserved] Subpart C—General Definitions 502.301 Knowingly. 502.302 OFAC. 502.303 Payment stablecoin-related activity. 502.304 Permitted payment stablecoin issuer; PPSI. Subpart D—Penalties 502.401 Penalties. 502.402 Referral to United States Department of Justice; administrative collection measures. Authority: 3 U.S.C. 301; 12 U.S.C. 5901-5916; 18 U.S.C. 2339B; 19 U.S.C. 3901-3913; 21 U.S.C. 1901-1908; 31 U.S.C. 321(b); 50 U.S.C. 1701-1706, 4301-4341; Pub. L. 101-410, 104 Stat. 890, as amended (28 U.S.C. 2461 note).

Subpart A—General Provisions

§ 502.101 Relation of this part to other laws and regulations. This part is separate from, and independent of, the other parts of this chapter, with the exceptions of part 501 of this chapter, which includes recordkeeping and reporting requirements and other procedures that apply to this part. Actions taken pursuant to part 501 of this chapter with respect to the provisions contained in this part are considered actions taken pursuant to this part. Differing foreign policy and national security circumstances may result in differing interpretations of similar language among the parts of this chapter. No license or authorization contained in or issued pursuant to other parts of this chapter excuses any requirement of this part. No license or authorization contained in or issued pursuant to any other provision of law or regulation excuses any requirement of this part.

§ 502.102 Records and reports. (a) For provisions relating to required records and reports, see part 501, subpart C, of this chapter. Recordkeeping and reporting requirements imposed by part 501 of this chapter with respect to requirements contained in this part are considered requirements arising pursuant to this part.

(b) A permitted payment stablecoin issuer shall provide upon request to OFAC, or its designee, any and all certifications submitted to its primary Federal payment stablecoin regulator or State payment stablecoin regulator that the permitted payment stablecoin issuer has implemented an economic sanctions compliance program pursuant to 12 U.S.C. 5904(i)(1).

§ 502.103 Procedures. For procedures relating to administrative decisions, rulemaking, and requests for documents pursuant to the Freedom of Information and Privacy Acts (5 U.S.C. 552 and 552a), see part 501, subpart E, of this chapter.

§ 502.104 Paperwork Reduction Act notice. OFAC is seeking approval by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 3507) for a new OMB control number for the specific, new recordkeeping requirements for permitted payment stablecoin issuers that are required to maintain an effective sanctions compliance program under this proposed rule. Other information collection and recordkeeping requirements pursuant to any OFAC sanctions program are approved by OMB under control number 1505-0164 and contained in § 501.901 of this chapter. An agency may not conduct or sponsor a collection of information unless it displays a valid control number assigned by OMB.

( printed page 18660)

Subpart B—Effective Sanctions Compliance Program Requirements

§ 502.201 Effective sanctions compliance program requirements for permitted payment stablecoin issuers. (a) Each permitted payment stablecoin issuer (PPSI) is required to maintain an effective sanctions compliance program (SCP).

(b) An effective SCP is one that is risk-based and reasonably designed to ensure compliance with all applicable U.S. sanctions. It shall include, at a minimum:

(1) Senior management and organizational commitment. A PPSI's senior management shall review and approve the SCP and support the SCP's effective implementation, including by ensuring the SCP, at a minimum:

(i) Applies to all payment stablecoin-related activity;

(ii) Has sufficient resources, including necessary investments in human capital, expertise, and information technology to carry out the activities described in paragraphs (b)(2) through (b)(5) of this section;

(iii) Is fully integrated into the PPSI's ongoing stablecoin-related operations;

(iv) Routinely provides risk updates, including testing results, to senior management and other appropriate stakeholders within the organization; and

(v) Provides sufficient authority and autonomy to the PPSI's compliance function to manage effectively U.S. sanctions risks for the entire organization.

(2) Risk assessments. Each PPSI shall:

(i) Conduct holistic assessments of U.S. sanctions risks at appropriate intervals. Such assessments should analyze all payment stablecoin-related activity and consider, among other relevant factors, a PPSI's customer base, its size and complexity, direct and indirect points of contact with foreign persons or persons residing in foreign jurisdictions, and specific products and services.

(ii) Use its risk assessments to inform the operation of its SCP, including by revising internal controls and training as appropriate; and

(iii) Revise risk assessments as appropriate to account for any identified U.S. sanctions violations or deficiencies; new products, services, mergers, or acquisitions; and any other factors that may affect the PPSI's risk profile.

(3) Internal Controls. Each PPSI shall:

(i) Establish and maintain a system of risk-based internal controls, including technical capabilities and written policies and procedures, applicable to all payment stablecoin-related activity, whether on the primary or secondary market, that:

(A) Identifies any payment stablecoin-related activity that is or may be prohibited by U.S. sanctions;

(B) Blocks or rejects, as applicable, any payment stablecoin-related activity that violates or would violate U.S. sanctions;

(C) Provides reports to OFAC as required, including those described in § 502.102(b) and part 501 of this chapter; and

(D) Retains relevant records in accordance with OFAC recordkeeping obligations, including those described in part 501 of this chapter.

(ii) Document the internal controls described in paragraph (b)(3)(i) of this section in writing and clearly communicate them to all relevant personnel and stakeholders; and

(iii) Routinely review and revise the internal controls described in paragraph (b)(3)(i) by:

(A) Taking timely and appropriate action to remediate any identified gaps or deficiencies; and

(B) Ensuring the internal controls effectively address current, new, amended, or updated U.S. sanctions authorities and applicable U.S. sanctions risks, which may include addressing risks identified in the PPSI's risk assessments or in advisories, alerts, or notices issued by the Department of the Treasury or other relevant U.S. government agencies.

(4) Testing and Auditing. Each PPSI shall:

(i) Establish and maintain an independent testing or audit function, accountable to senior management, with sufficient resources, expertise, and authority to identify U.S. sanctions compliance-related weaknesses and deficiencies;

(ii) Ensure that qualified personnel routinely perform comprehensive, independent, and objective testing or auditing of the effectiveness of the SCP and its functions;

(iii) Utilize test and audit results as appropriate to identify and implement any needed updates or enhancements to the SCP; and

(iv) Maintain, and provide upon request to OFAC, records of the results and enhancements described in paragraph (b)(4)(iii) of this section.

(5) Training. Each PPSI shall establish and maintain a risk-based sanctions compliance training program that is:

(i) Performed at least annually and with a frequency appropriate to the PPSI's risk assessments and risk profile;

(ii) Provided to all relevant personnel and stakeholders;

(iii) Appropriately tailored to each trainee's role and responsibilities;

(iv) Modified to reflect risk assessment findings and identified deficiencies, including testing and audit findings or following identified violations of U.S. sanctions; and

(v) Designed to include easily accessible resources and materials for all relevant personnel and stakeholders.

§ 502.202 [Reserved]

Subpart C—General Definitions

§ 502.301 Knowingly. The term knowingly, with respect to conduct, a circumstance, or a result, means that a person has actual knowledge, or should have known, of the conduct, the circumstance, or the result.

§ 502.302 OFAC. The term OFAC means the Department of the Treasury's Office of Foreign Assets Control.

§ 502.303 Payment stablecoin-related activity. The term payment stablecoin-related activity includes issuing, trading, holding, transacting, transferring, redeeming, or any other activity involving a payment stablecoin issued by a permitted payment stablecoin issuer from the time of issuance until the payment stablecoin's removal from circulation, whether on the primary or secondary market, including through redemption or by any other means.

§ 502.304 Permitted payment stablecoin issuer; PPSI. The term permitted payment stablecoin issuer or PPSI means an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated, that is formed in the United States and is:

(a) A subsidiary of either an insured depository institution, as defined in section 3 of the Federal Deposit Insurance Act, 12 U.S.C. 1813, or an insured credit union, as defined in section 101 of the Federal Credit Union Act, 12 U.S.C. 1752, that has been approved to issue payment stablecoins, as defined in section 2(22) of the GENIUS Act, by a primary Federal payment stablecoin regulator, as defined in section 2(25) of the GENIUS Act;

(b) A Federal qualified payment stablecoin issuer, as defined in section 2(11) of the GENIUS Act; or

(c) A State qualified payment stablecoin issuer, as defined in section 2(31) of the GENIUS Act.

( printed page 18661)

Subpart D—Penalties

§ 502.401 Penalties. (a) Material Violations. A permitted payment stablecoin issuer (PPSI) that materially violates the requirement to maintain an effective sanctions compliance program (SCP), as described in § 502.201, shall be liable for a civil penalty of not more than $100,000 for each day during which the violation continues.

(b) Knowing Violations. In addition to the penalties described in paragraph (a) of this section, a PPSI who knowingly violates the requirement to maintain an effective SCP, as described in § 502.201 of this chapter, shall be liable for a civil penalty of not more than an additional $100,000 for each day during which the violation continues.

§ 502.402 Referral to United States Department of Justice; administrative collection measures. In the event that the violator does not pay the penalty imposed pursuant to this part or make payment arrangements acceptable to the Director of the Office of Foreign Assets Control, the matter may be referred for administrative collection measures by the Department of the Treasury or to the United States Department of Justice for appropriate action to recover the penalty in a civil suit in a federal district court.

Title 31—Money and Finance: Treasury

CHAPTER X—FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY

PART 1010—GENERAL PROVISIONS

  1. The authority citation for part 1010 is revised to read as follows:

Authority: 12 U.S.C. 1829b, 1951-1959, and 5901-5916; 31 U.S.C. 5311-5314 and 5316-5336; title III, sec. 314, Pub. L. 107-56, 115 Stat. 307; sec. 2006, Pub. L. 114-41, 129 Stat. 458-459; sec. 701, Pub. L. 114-74, 129 Stat. 599; sec. 6403, Pub. L. 116-283, 134 Stat. 3388.

  1. Revising § 1010.100 by:

a. Revising and republishing paragraph (t)(9) and (t)(10);

b. Adding paragraph (t)(11);

c. Revising and republishing paragraph (ff)(8)(ii) and (ff)(8)(iii);

d. Adding paragraph (ff)(8)(iv);

e. Revising and republishing paragraph (bbb)(1);

f. Revising and republishing paragraph (eee); and

g. Adding paragraphs (nnn), (ooo), (ppp), (qqq), (rrr), (sss), (ttt), (uuu), (vvv), (www), and (xxx).

The revisions, republications, and additions read as follows:

§ 1010.100 General definitions. * * * * * (t) * * *

(9) An introducing broker in commodities;

(10) A mutual fund; or

(11) A permitted payment stablecoin issuer.

  • * * * * (ff) * * *

(8) * * *

(ii) A person registered with, and functionally regulated for examined by, the SEC or the CFTC, or a foreign financial agency that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to be registered with the SEC or CFTC;

(iii) A permitted payment stablecoin issuer; or

(iv) A natural person who engages in an activity identified in paragraphs (ff)(1) through (ff)(5) of this section on an infrequent basis and not for gain or profit.

  • * * * * (bbb) * * *

(1) Except as provided in paragraph (bbb)(2) of this section, transaction means a purchase, sale, loan, pledge, gift, transfer, delivery, or other disposition, and with respect to a financial institution includes a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument, security, contract of sale of a commodity for future delivery, option on any contract of sale of a commodity for future delivery, option on a commodity, purchase or redemption of any money order, payment or order for any money remittance or transfer, purchase or redemption of casino chips or tokens, or other gaming instruments, an issuance or redemption of a payment stablecoin, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected.

    • * * * (eee) Transmittal order. The term transmittal order includes a payment order and is an instruction of a sender to a receiving financial institution, transmitted orally, electronically, or in writing, to pay, or cause another financial institution or foreign financial agency to pay, a fixed or determinable amount of money or payment stablecoin to a recipient if:
    • * * * (nnn) [Reserved]

(ooo) [Reserved]

(ppp) Digital asset. Any digital representation of value that is recorded on a cryptographically secured distributed ledger.

(qqq) Distributed ledger. A technology in which data is shared across a network that creates a public digital ledger of verified transactions or information among network participants and cryptography is used to link the data to maintain the integrity of the public ledger and execute other functions.

(rrr) Lawful order. A lawful order is any final and valid writ, process, order, rule, decree, command, or other requirement issued or promulgated under Federal law, issued by a court of competent jurisdiction or by an authorized Federal agency pursuant to its statutory authority, that:

(1) Requires an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated, to seize, freeze, burn, or prevent the transfer of payment stablecoins it issued;

(2) Specifies the payment stablecoins or accounts subject to blocking with reasonable particularity; and

(3) Is subject to judicial or administrative review or appeal as provided by law.

(sss) Payment stablecoin.

(1) In general. A digital asset (i) that is, or is designed to be, used as a means of payment or settlement; and (ii) the issuer of which:

(A) Is obligated to convert, redeem, or repurchase for a fixed amount of monetary value, not including a digital asset denominated in a fixed amount of a monetary value; and

(B) Represents that such issuer will maintain, or create the reasonable expectation that it will maintain, the digital asset at a stable value relative to the value of a fixed amount of monetary value.

(2) Exceptions. A payment stablecoin does not include a digital asset that:

(i) Is a national currency;

(ii) Is a deposit (as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813)), including a deposit recorded using distributed ledger technology; or

(iii) Is a security, as defined in section 2 of the Securities Act of 1933 (15 U.S.C. 77b), section 3 of the Securities Exchange Act of 1934 (15 U.S.C. 78c), or section 2 of the Investment Company Act of 1940 (15 U.S.C. 80a-2).

(3) For purposes of this definition the term—

(i) National currency means each of the following—

(A) A Federal Reserve note (as the term is used in the first undesignated paragraph of section 16 of the Federal Reserve Act (12 U.S.C. 411)); or ( printed page 18662)

(B) A medium of exchange currently authorized or adopted by a domestic or foreign government, including a monetary unit of account established by an intergovernmental organization or by agreement between two or more countries that is:

(1) Standing to the credit of an account with a Federal Reserve Bank;

(2) Issued by a foreign central bank; or

(3) Issued by an intergovernmental organization pursuant to an agreement by two or more governments; and

(ii) Monetary value means national currency or deposit (as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813)) denominated in a national currency.

(ttt) Permitted payment stablecoin issuer. An individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated formed in the United States that is:

(1) (i) A subsidiary of an insured depository institution that has been approved to issue payment stablecoins by a primary Federal payment stablecoin regulator; or

(ii) A subsidiary of an insured credit union that has been approved to issue payment stablecoins by a primary Federal payment stablecoin regulator;

(2) A Federal qualified payment stablecoin issuer; or

(3) A State qualified payment stablecoin issuer.

(uuu) Primary Federal payment stablecoin regulator.

(1) For a subsidiary of an insured depository institution, as described in paragraph (ttt)(1)(i) of this section, the appropriate Federal banking agency of such insured depository institution;

(2) For an insured credit union or a subsidiary of an insured credit union, as described in paragraph (ttt)(1)(ii), the National Credit Union Administration;

(3) For a State chartered depository institution, not covered in subparagraph (1), the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, or the Board of Governors of the Federal Reserve System; or

(4) For a Federal qualified payment stablecoin issuer, the Office of the Comptroller of the Currency.

(vvv) Federal qualified payment stablecoin issuer. An entity that is approved by the Office of the Comptroller of the Currency under 12 U.S.C. 5904 to issue payment stablecoins and is either—

(1) A nonbank entity;

(2) An uninsured national bank; or

(3) A Federal branch.

(www) State payment stablecoin regulator. A State agency that has the primary regulatory and supervisory authority in such State over entities that issue payment stablecoins. For purposes of this definition, the term State includes each State and each Territory and Insular Possession.

(xxx) State qualified payment stablecoin issuer. An entity that:

(1) Is legally established under the laws of a State or Territory and Insular Possession and approved to issue payment stablecoins by a State payment stablecoin regulator; and

(2) Is not an uninsured national bank chartered by the Office of the Comptroller of the Currency pursuant to title LXII of the Revised Statutes; a Federal branch, or an insured depository institution (as described in paragraph (ttt)(1) of this section), or a subsidiary, of such national bank, Federal branch, or insured depository institutions.

  1. In § 1010.230, revise and republish paragraphs (b)(2) and (c) to read as follows:

§ 1010.230 Beneficial ownership requirements for legal entity customers. * * * * * (b) * * *

(2) Verify the identity of each beneficial owner identified to the covered financial institution, according to risk-based procedures to the extent reasonable and practicable. At a minimum, these procedures must contain the elements required for verifying the identity of customers that are individuals under § 1020.220(a)(2) of this chapter (for banks); § 1023.220(a)(2) of this chapter (for brokers or dealers in securities); § 1024.220(a)(2) of this chapter (for mutual funds); § 1026.220(a)(2) of this chapter (for futures commission merchants or introducing brokers in commodities); or for permitted payment stablecoin issuers procedures that enable the permitted payment stablecoin issuer to form a reasonable belief that it knows the true identity of each individual, including procedures that contain the elements of § 1020.220(a)(2); provided, that in the case of documentary verification, the financial institution may use photocopies or other reproductions of the documents listed in paragraph (a)(2)(ii)(A)(1) of § 1020.220 of this chapter (for banks); § 1023.220 of this chapter (for brokers or dealers in securities); § 1024.220 of this chapter (for mutual funds); § 1026.220 of this chapter (for futures commission merchants or introducing brokers in commodities), or for permitted payment stablecoin issuers for an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport; and for a person other than an individual (such as a corporation, partnership, or trust), documents and any amendments thereto showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or a trust instrument. A covered financial institution may rely on the information supplied by the legal entity customer regarding the identity of its beneficial owner or owners, provided that it has no knowledge of facts that would reasonably call into question the reliability of such information.

(c) Account. For purposes of this section, account has the meaning set forth in § 1020.100(a) of this chapter (for banks); § 1023.100(a) of this chapter (for brokers or dealers in securities); § 1024.100(a) of this chapter (for mutual funds); § 1026.100(a) of this chapter (for futures commission merchants or introducing brokers in commodities); and for permitted payment stablecoin issuers a formal relationship between a customer and a permitted payment stablecoin issuer established to provide or engage in services, dealings, or other financial transactions.

  • * * * * 5. In § 1010.410:

a. Removing the word “or” at the end of paragraph (e)(6)(i)(H) and (I);

b. Revising and republishing paragraph (e)(6)(i)(J); and

c. Adding paragraph (e)(6)(i)(K).

The removal, revisions, republications, and additions read as follows:

§ 1010.410 Records to be made and retained by financial institutions. * * * * * (e) * * *

(6) * * *

(i) * * *

(J) A mutual fund; or

(K) A permitted payment stablecoin issuer; and

  1. In § 1010.605:

a. Revising and republishing (c)(2)(i), (ii), (iii), and (iv);

b. Adding paragraph (c)(2)(v);

c. Removing the word “and” at the end of paragraph (e)(1)(iii);

d. Revising and republishing (e)(1)(iv); and

e. Adding paragraph (e)(1)(v).

The revisions, republications, and additions read as follows:

§ 1010.605 Definitions. * * * * * (c) * * *

(2) * * * ( printed page 18663)

(i) As applied to banks (as set forth in paragraphs (e)(1)(i) through (v) of this section):

(A) * * *

(ii) As applied to brokers or dealers in securities (as set forth in paragraph (e)(1)(ii) of this section) means any formal relationship established with a broker or dealer in securities to provide regular services to effect transactions in securities, including, but not limited to, the purchase or sale of securities and securities loaned and borrowed activity, and to hold securities or other assets for safekeeping or as collateral;

(iii) As applied to futures commission merchants and introducing brokers (as set forth in paragraph (e)(1)(iii) of this section) means any formal relationship established by a futures commission merchant to provide regular services, including, but not limited to, those established to effect transactions in contracts of sale of a commodity for future delivery, options on any contract of sale of a commodity for future delivery, or options on a commodity;

(iv) As applied to mutual funds (as set forth in paragraph (e)(1)(iv) of this section) means any contractual or other business relationship established between a person and a mutual fund to provide regular services to effect transactions in securities issued by the mutual fund, including the purchase or sale of securities; and

(v) As applied to permitted payment stablecoin issuers (as set forth in paragraph (e)(1)(v) of this section) means any formal relationship established by a permitted payment stablecoin issuer to provide regular services, dealings, and other financial transactions.

  • * * * * (e) * * *

(1) * * *

(iv) A mutual fund; and

(v) A permitted payment stablecoin issuer.

  1. In § 1010.651:

a. Removing the word “and” at the end of paragraph (a)(3)(i);

b. Revising and republishing (a)(3)(ii); and

c. Adding paragraph (a)(3)(iii).

The revisions, republications, and additions read as follows:

§ 1010.651 Special measures against Burma. (a) * * *

(3) * * *

(ii) An investment company (as defined in section 3 of the Investment Company Act of 1940 (15 U.S.C. 80a-5)) that is an open-end company (as defined in section 5 of the Investment Company Act (15 U.S.C. 80a-5)) and that is registered, or required to register, with the Securities and Exchange Commission pursuant to that Act; and

(iii) A permitted payment stablecoin issuer.

  1. In § 1010.653:

a. Removing the word “and” at the end of paragraph (a)(3)(ix);

b. Revising and republishing (a)(3)(x); and

c. Adding paragraph (a)(3)(xi).

The revisions, republications, and additions read as follows:

§ 1010.653 Special measures against Commercial Bank of Syria. (a) * * *

(3) * * *

(x) A mutual fund, which means an investment company (as defined in section 3(a)(1) of the Investment Company Act of 1940 ((“Investment Company Act”) (15 U.S.C. 80a-3(a)(1))) that is an open-end company (as defined in section 5(a)(1) of the Investment Company Act (15 U.S.C. 80a-5(a)(1))) and that is registered, or is required to register with the Securities and Exchange Commission pursuant to the Investment Company Act; and

(xi) A permitted payment stablecoin issuer.

  1. In § 1010.810, add paragraph (b)(11) to read as follows:

§ 1010.810 Enforcement. * * * * * (b) * * *

(11) To the appropriate primary Federal payment stablecoin regulator with respect to permitted payment stablecoin issuers regularly examined by the primary Federal payment stablecoin regulator for safety and soundness.

  1. Add part 1033 to read as follows:

PART 1033—RULES FOR PERMITTED PAYMENT STABLECOIN ISSUERS

Subpart A—General Provisions 1033.100 Definitions. 1033.110 Severability. Subpart B—Programs 1033.200 General. 1033.210 Anti-money laundering/countering the financing of terrorism program requirements for permitted payment stablecoin issuers. 1033.220 [Reserved] 1033.221 Supervision and enforcement. 1033.230 [Reserved] 1033.240 Additional technical capabilities, policies, and procedures for permitted payment stablecoin issuers. Subpart C—Reports Required To Be Made By Permitted Payment Stablecoin Issuers 1033.300 General. 1033.310 Reports of transaction in currency. 1033.311 Filing obligations. 1033.312 Identification required. 1033.313 Aggregation. 1033.314 Structured transactions. 1033.315 Exemptions. 1033.320 Reports by permitted payment stablecoin issuers of suspicious transactions. Subpart D—Records Required To Be Maintained By Permitted Payment Stablecoin Issuers 1033.400 General. 1033.410 Recordkeeping. Subpart E—Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity 1033.500 General. 1033.520 Special information sharing procedures to deter money laundering and terrorist activity for permitted payment stablecoin issuers. 1033.530 [Reserved] 1033.540 Voluntary information sharing among financial institutions. Subpart F—Special Standards of Diligence; Prohibitions, and Special Measures for Permitted Payment Stablecoin Issuers 1033.600 General. 1033.610 Due diligence programs for correspondent accounts for foreign financial institutions. 1033.620 Due diligence programs for private banking accounts. 1033.630 Prohibition on correspondent accounts for foreign shell banks; records concerning owners of foreign banks and agents for service of legal process. Authority: 12 U.S.C. 1829b, 1951-1959, and 5901-5916; 31 U.S.C. 5311-5314 and 5316-5336; title III, sec. 314, Pub. L. 107-56, 115 Stat. 307; sec. 701, Pub. L. 114-74, 129 Stat. 599.

Subpart A—General Provisions

§ 1033.100 Definitions. Refer to § 1010.100 of this chapter for general definitions not noted in this part. To the extent there is a differing definition in § 1010.100 of this chapter, the definition in this section is what applies to part 1033. Unless otherwise indicated, for purposes of this part:

(a) [Reserved]

(b) [Reserved]

(c) [Reserved]

§ 1033.110 Severability. If any provision of this part, or any provision of §§ 1010.100, 1010.230, 1010.410, 1010.605, 1010.651, 1010.653, or 1010.810 of this chapter referencing permitted payment stablecoin issuers, is held to be invalid, or the application thereof to any person or circumstance is held to be invalid, such invalidity shall not affect other provisions, or application of such other provisions to other persons or circumstances, that can be given effect without the invalid provision or application.

( printed page 18664)

Subpart B—Programs

§ 1033.200 General. Permitted payment stablecoin issuers are subject to the program requirements set forth and cross-referenced in this subpart. Permitted payment stablecoin issuers should also refer to subpart B of part 1010 of this chapter for program requirements contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.210 Anti-money laundering/countering the financing of terrorism program requirements for permitted payment stablecoin issuers. (a) In general. A permitted payment stablecoin issuer has an effective AML/CFT program and complies with the requirements of 31 U.S.C. 5318(h)(1) and this section if the permitted payment stablecoin issuer:

(1) Establishes an AML/CFT program in accordance with paragraph (b) of this section; and

(2) Maintains an AML/CFT program by implementing the AML/CFT program in accordance with paragraph (c) of this section.

(b) Program establishment. A permitted payment stablecoin issuer establishes an AML/CFT program in accordance with this paragraph if the permitted payment stablecoin issuer:

(1) Establishes a risk-based set of internal policies, procedures, and controls that are reasonably designed to ensure compliance with the Bank Secrecy Act and this chapter and to:

(i) Identify, assess, and document the permitted payment stablecoin issuer's money laundering, terrorist financing, and other illicit finance activity risks through risk assessment processes that:

(A) Evaluate the money laundering, terrorist financing, and other illicit finance activity risks of the permitted payment stablecoin issuer's business activities, including its products, services, distribution channels, customers, and geographic locations;

(B) Review and, as appropriate, incorporate the AML/CFT Priorities; and

(C) Are updated promptly upon any change that the permitted payment stablecoin issuer knows or has reason to know significantly changes the permitted payment stablecoin issuer's money laundering, terrorist financing, and other illicit finance activity risks;

(ii) Mitigate the permitted payment stablecoin issuer's money laundering, terrorist financing, and other illicit finance activity risks consistent with the risk assessment processes required under paragraph (b)(1)(i) of this section, including by directing more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the permitted payment stablecoin issuer, rather than toward lower-risk customers and activities; and

(iii) Conduct ongoing customer due diligence, including to:

(A) Understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and

(B) Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information (including information regarding the beneficial owners of legal entity customers, as defined in § 1010.230 of this chapter);

(2) Establishes independent AML/CFT program testing to be conducted by permitted payment stablecoin issuer personnel or by an outside party;

(3) Designates an individual, who is (i) located in the United States, (ii) accessible to, and subject to oversight and supervision by FinCEN and its designee, (iii) responsible for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance, and (iv) has not been convicted of a felony offense involving insider trading, embezzlement, cybercrime, money laundering, financing of terrorism, or financial fraud may be designated as the responsible individual under this paragraph; and

(4) Establishes an ongoing employee training program.

(c) Program implementation. A permitted payment stablecoin issuer implements an AML/CFT program in accordance with this paragraph if the permitted payment stablecoin issuer implements, in all material respects, the AML/CFT program required under paragraph (b) of this section.

(d) Written AML/CFT program and approval. A permitted payment stablecoin issuer's AML/CFT program must be written, and it must be approved by the permitted payment stablecoin issuer's board of directors, an equivalent governing body within the permitted payment stablecoin issuer, or appropriate senior management. The permitted payment stablecoin issuer must make a copy of its AML/CFT program available to FinCEN or its designee upon request.

(e) AML/CFT program certifications. A permitted payment stablecoin issuer shall make available to FinCEN, or its designee, upon request any and all certifications submitted to its primary Federal payment stablecoin regulator or State payment stablecoin regulator that the permitted payment stablecoin issuer has implemented an AML/CFT program pursuant to 12 U.S.C. 5904(i)(1).

§ 1033.220 [Reserved] § 1033.221 Supervision and enforcement. (a) Definitions. For purposes of this section:

(1) AML/CFT enforcement action means any formal or informal action taken by FinCEN that seeks to penalize, remedy, prevent, or respond to noncompliance with past or ongoing violations of, or past or ongoing deficiencies relating to, an AML/CFT requirement. The term includes—

(i) A cease-and-desist order, consent order, or memorandum of understanding; or

(ii) The assessment of a civil money penalty.

(2) AML/CFT requirement means a requirement of the Bank Secrecy Act, 12 U.S.C. 5903(a)(5)(A)(i)-(v), 12 U.S.C. 5903(a)(6)(B), 12 U.S.C. 5903(f)(1)(A), or this chapter.

(3) Significant AML/CFT supervisory action means any written communication or other formal supervisory determination issued by FinCEN or a primary Federal payment stablecoin regulator when acting pursuant to authority delegated under this chapter that, in either case—

(i) Identifies one or more alleged deficiencies, weaknesses, violations of law, or unsafe or unsound practices or conditions relating to an AML/CFT requirement;

(ii) Communicates supervisory expectations to a permitted payment stablecoin issuer regarding actions or remedial measures required to correct the deficiency, weakness, violation, or practice or condition; and

(iii) Contemplates significant or programmatic actions or remedial measures to be taken by the permitted payment stablecoin issuer.

The term does not include examiner observations, suggestions, or other informal comments.

(b) FinCEN enforcement and supervision policy.

(1) In general. Except with respect to a significant or systemic failure to implement the AML/CFT program in accordance with § 1033.210(c), a permitted payment stablecoin issuer that has established an AML/CFT program in accordance with § 1033.210(b) will not be subject to:

(A) An AML/CFT enforcement action related to the requirements of 31 U.S.C. 5318(h)(1) or 31 CFR 1033.210 by FinCEN; or

(B) A significant AML/CFT supervisory action related to the ( printed page 18665) requirements of 31 U.S.C. 5318(h)(1) or 31 CFR 1033.210 by FinCEN or by a primary Federal payment stablecoin regulator when acting pursuant to authority delegated under this chapter.

(2) Program establishment violations. Nothing in this paragraph (b) may be construed to restrict an AML/CFT enforcement action by FinCEN, or a significant AML/CFT supervisory action by FinCEN or a primary Federal payment stablecoin regulator when acting pursuant to authority delegated under this chapter with respect to any failure to establish an AML/CFT program in accordance with § 1033.210(b).

(3) Criminal enforcement. Nothing in this paragraph (b) may be construed to affect criminal enforcement liability under the Bank Secrecy Act.

(c) FinCEN consultation.

(1) Consultation and consideration requirement. Before initiating a significant AML/CFT supervisory action, a primary Federal payment stablecoin regulator when acting pursuant to authority delegated under this chapter will provide the Director, FinCEN an opportunity to review the action and consider any input offered by the Director, FinCEN on the action, which may include any view as to the effectiveness of the permitted payment stablecoin issuer's AML/CFT program.

(2) Notice requirement. To provide the Director, FinCEN an opportunity to provide a view under paragraph (c)(1) of this section, a primary Federal payment stablecoin regulator when acting pursuant to authority delegated under this chapter will:

(i) Send written notice, to the Director, FinCEN of its intent to take that action at least 30 days before taking the action (unless a shorter period of time is necessary, in the sole discretion of the primary Federal payment stablecoin regulator, to remedy, prevent, or respond to an unsafe or unsound practice or condition), accompanied by the relevant AML/CFT information underlying the proposed action, including the relevant portions of the draft report or enforcement action, the relevant examination workpapers supporting the proposed action, and the relevant AML/CFT information submitted by the permitted payment stablecoin issuer to the primary Federal payment stablecoin regulator, other than information over which the permitted payment stablecoin issuer may claim privilege under Federal or State law; and

(ii) Respond to the extent reasonably practicable to requests for additional information from the Director, FinCEN regarding the proposed action.

(d) FinCEN considerations. In determining whether to take an AML/CFT enforcement action or significant AML/CFT supervisory action, or when reviewing a proposed action by a primary Federal payment stablecoin regulator under paragraph (c) of this section or applicable regulations under title 12 of the Code of Federal R egulation, the Director, FinCEN shall consider:

(1) The factors under 31 U.S.C. 5318(h)(2)(B), as applicable to actions concerning the AML/CFT program requirements under § 1033.210;

(2) The extent (if any) to which the permitted payment stablecoin issuer, where appropriate in light of its size, complexity, and risk profile, has advanced the AML/CFT priorities by providing highly useful information to law enforcement authorities or national security officials, conducting proactive analytics, or performing other innovative activities producing demonstrable outputs evincing the effectiveness of the permitted payment stablecoin issuer's AML/CFT program (including effective use of artificial intelligence, federated learning, and other advanced monitoring tools); and

(3) Any other factor the Director, FinCEN deems appropriate, including the permitted payment stablecoin issuer's size, complexity, and risk profile, and, as relevant, where the permitted payment stablecoin issuer's low-risk customers or limited business activities naturally limits the extent to which the permitted payment stablecoin issuer can meaningfully contribute to AML/CFT priorities.

§ 1033.230 [Reserved] § 1033.240 Additional technical capabilities, policies, and procedures for permitted payment stablecoin issuers. (a) Permitted payment stablecoin issuers shall have the technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations. The required technical capabilities, policies and procedures must account for transactions occurring by, at, or through the permitted payment stablecoin issuer, as well as transactions by third parties, including where a transaction results in an interaction with a permitted payment stablecoin issuer's smart contract.

(b) Permitted payment stablecoin issuers shall (1) have the technical capabilities to comply with the terms of any lawful order and (2) comply with the terms of any lawful order. A permitted payment stablecoin issuer's technical capabilities to comply with the terms of any lawful order must account for lawful orders requiring an issuer to comply with terms regarding an issuer's payment stablecoins held by a third party, including in an account not with or controlled by a permitted payment stablecoin issuer, and transactions by third parties, including where a transaction results in an interaction with a permitted payment stablecoin issuer's smart contract.

Subpart C—Reports Required To Be Made By Permitted Payment Stablecoin Issuers

§ 1033.300 General. Permitted payment stablecoin issuers are subject to the reporting requirements set forth and cross-referenced in this subpart. Permitted payment stablecoin issuers should also refer to subpart C of part 1010 of this chapter for reporting requirements contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.310 Reports of transactions in currency. The reports of transactions in currency requirements for permitted payment stablecoin issuers are located in subpart C of part 1010 of this chapter and this subpart.

§ 1033.311 Filing obligations. Refer to § 1010.311 of this chapter for reports of transactions in currency filing obligations for permitted payment stablecoin issuers.

§ 1033.312 Identification required. Refer to § 1010.312 of this chapter for identification requirements for reports of transactions in currency filed by permitted payment stablecoin issuers.

§ 1033.313 Aggregation. Refer to § 1010.313 of this chapter for reports of transactions in currency aggregation requirements for permitted payment stablecoin issuers.

§ 1033.314 Structured transactions. Refer to § 1010.314 of this chapter for rules regarding structured transactions for permitted payment stablecoin issuers.

§ 1033.315 Exemptions. Refer to § 1010.315 of this chapter for exemptions from the obligation to file reports of transactions in currency for permitted payment stablecoin issuers.

§ 1033.320 Reports by permitted payment stablecoin issuers of suspicious transactions. (a) General. (1) Every permitted payment stablecoin issuer shall file with ( printed page 18666) FinCEN, to the extent and in the manner required by this section, a report of any suspicious transaction relevant to a possible violation of law or regulation. A permitted payment stablecoin issuer may also file with FinCEN, by using the Suspicious Activity Report specified in paragraph (b)(1) of this section, or otherwise, a report of any suspicious transaction that it believes is relevant to the possible violation of any law or regulation, but whose reporting is not required by this section.

(2) A transaction, as clarified by paragraph (g) of the section, requires reporting under this section if it is conducted or attempted by, at, or through the permitted payment stablecoin issuer; it involves or aggregates funds or other assets of at least $5,000; and the permitted payment stablecoin issuer knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):

(i) Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation;

(ii) Is designed, whether through structuring or other means, to evade any requirements of this chapter or any other regulations promulgated under the Bank Secrecy Act;

(iii) Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the permitted payment stablecoin issuer knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or

(iv) Involves use of the permitted payment stablecoin issuer to facilitate criminal activity.

(3) A permitted payment stablecoin issuer and other financial institutions may have separate obligations to report suspicious activity with respect to the same transaction pursuant to other provisions of this chapter. In those instances, no more than one report is required to be filed by the permitted payment stablecoin issuer and other financial institution(s) involved in the transaction, provided that the report filed contains all relevant facts, including the name of each financial institution and the words “joint filing” in the narrative section, and each institution maintains a copy of the report filed, along with any supporting documentation.

(b) Filing and notification procedures —(1) What to file. A suspicious transaction shall be reported by completing a Suspicious Activity Report (SAR) and collecting and maintaining supporting documentation as required by paragraph (c) of this section.

(2) Where to file. The SAR shall be filed with FinCEN in accordance with the instructions to the SAR.

(3) When to file. A SAR shall be filed no later than 30 calendar days after the date of the initial detection by the reporting permitted payment stablecoin issuer of facts that may constitute a basis for filing a SAR under this section. If no suspect is identified on the date of the initial detection, a permitted payment stablecoin issuer may delay filing a SAR for an additional 30 calendar days to identify a suspect, but in no case shall reporting be delayed more than 60 calendar days after the date of such initial detection.

(4) Mandatory notification to law enforcement. In situations involving violations that require immediate attention, such as suspected terrorist financing or ongoing money laundering schemes, a permitted payment stablecoin issuer shall immediately notify by telephone an appropriate law enforcement authority in addition to filing timely a SAR.

(5) Voluntary notification to the Financial Crimes Enforcement Network or a Primary Federal Payment Stablecoin Regulator. A permitted payment stablecoin issuer wishing to voluntarily report suspicious transactions that may relate to terrorist activity may call the Financial Crimes Enforcement Network's Financial Institutions Hotline at 1-866-556-3974 in addition to filing timely a SAR if required by this section. The permitted payment stablecoin issuer may also, but is not required to, contact its primary Federal payment stablecoin regulator to report in such situations.

(c) Retention of records. A permitted payment stablecoin issuer shall maintain a copy of any SAR filed by the permitted payment stablecoin issuer or on its behalf (including joint reports), and the original (or business record equivalent) of any supporting documentation concerning any SAR that it files (or that is filed on its behalf) for a period of five years from the date of filing the SAR. Supporting documentation shall be identified as such and maintained by the permitted payment stablecoin issuer and shall be deemed to have been filed with the SAR. A permitted payment stablecoin issuer shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the permitted payment stablecoin issuer for compliance with the Bank Secrecy Act, upon request.

(d) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (d). For purposes of this paragraph (d) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this chapter.

(1) Prohibition on disclosures by permitted payment stablecoin issuers

(i) General rule. No permitted payment stablecoin issuer, and no current or former director, officer, employee, or agent of any permitted payment stablecoin issuer, shall disclose a SAR or any information that would reveal the existence of a SAR. Any permitted payment stablecoin issuer, and any current or former director, officer, employee, or agent of any permitted payment stablecoin issuer, that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (d)(1) shall not be construed as prohibiting:

(A) The disclosure by a permitted payment stablecoin issuer, or any current or former director, officer, employee, or agent of a permitted payment stablecoin issuer of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the permitted payment stablecoin issuer for compliance with the Bank Secrecy Act; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures:

(i) To another financial institution, or any current or former director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR; or ( printed page 18667)

(ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or

(B) The sharing by a permitted payment stablecoin issuer, or any current or former director, officer, employee, or agent of the permitted payment stablecoin issuer, of a SAR, or any information that would reveal the existence of a SAR, within the permitted payment stablecoin issuer's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance. As doing so is consistent with Title II of the Bank Secrecy Act, a permitted payment stablecoin issuer, as defined in § 1010.100(ttt)(1), may reveal the existence of a SAR to its parent insured depository institution and such parent may also reveal the existence of a SAR to a subsidiary permitted payment stablecoin issuer.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any current or former director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(e) Limitation on liability. A permitted payment stablecoin issuer, and any current or former director, officer, employee, or agent of any permitted payment stablecoin issuer, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(f) Compliance. Permitted payment stablecoin issuers shall be examined by FinCEN or its delegates for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this chapter.

(g) Transaction. A transaction, for purposes of § 1033.320, is not conducted or attempted by, at, or through a permitted payment stablecoin issuer only because a transfer by third parties results in an interaction with a permitted payment stablecoin issuer's smart contract.

Subpart D—Records Required To Be Maintained By Permitted Payment Stablecoin Issuers

§ 1033.400 General. Permitted payment stablecoin issuers are subject to the recordkeeping requirements set forth and cross referenced in this subpart. Permitted payment stablecoin issuers should also refer to subpart D of part 1010 of this chapter for recordkeeping requirements contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.410 Recordkeeping. For regulations regarding recordkeeping, refer to § 1010.410 of this chapter.

Subpart E—Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity

§ 1033.500 General. Permitted payment stablecoin issuers are subject to the special information-sharing procedures to deter money laundering and terrorist activity requirements set forth and cross-referenced in this subpart. Permitted payment stablecoin issuers should also refer to subpart E of part 1010 of this chapter for special information-sharing procedures to deter money laundering and terrorist activity contained in that subpart which apply to permitted payment stablecoin issuers.

§ 1033.520 Special information sharing procedures to deter money laundering and terrorist activity for permitted payment stablecoin issuers. For regulations regarding special information-sharing procedures to deter money laundering and terrorist activity for permitted payment stablecoin issuers, refer to § 1010.520 of this chapter.

§ 1033.530 [Reserved] § 1033.540 Voluntary information sharing among financial institutions. For regulations regarding voluntary information-sharing among financial institutions, refer to § 1010.540 of this chapter.

Subpart F—Special Standards of Diligence; Prohibitions, and Special Measures for Permitted Payment Stablecoin Issuers

§ 1033.600 General. Permitted payment stablecoin issuers are subject to the special standards of diligence, prohibitions, and special measures requirements set forth and cross referenced in this subpart. Permitted payment stablecoin issuers should also refer to subpart F of part 1010 of this chapter for special standards of diligence, prohibitions, and special measures contained in that subpart.

§ 1033.610 Due diligence programs for correspondent accounts for foreign financial institutions. For regulations regarding due diligence programs for correspondent accounts for foreign financial institutions, refer to § 1010.610 of this chapter.

§ 1033.620 Due diligence programs for private banking accounts. For regulations regarding due diligence programs for private banking accounts, refer to § 1010.620 of this chapter.

§ 1033.630 Prohibition on correspondent accounts for foreign shell banks; records concerning owners of foreign banks and agents for service of legal process. For regulations regarding prohibition on correspondent accounts for foreign shell banks and related provisions refer to § 1010.630 of this chapter.

Dated: April 8, 2026.

Andrea M. Gacki,

Director, Financial Crimes Enforcement Network.

Dated: April 8, 2026.

Bradley T. Smith,

Director, Office of Foreign Assets Control.

Footnotes

1.

                         GENIUS Act, [Public Law 119-27](https://www.govinfo.gov/link/plaw/119/public/27), 139 Stat. 419 (2025) (codified at [12 U.S.C. 5901-5916](https://www.govinfo.gov/link/uscode/12/5901)).

Back to Citation 2.

                         
                        See [12 U.S.C. 5901(25)](https://www.govinfo.gov/link/uscode/12/5901), (30); *see also* [12 U.S.C. 5903(a)(4)(A)](https://www.govinfo.gov/link/uscode/12/5903), [5906(d)](https://www.govinfo.gov/link/uscode/12/5906).

Back to Citation 3. 12 U.S.C. 5901(25) (defining “primary Federal payment stablecoin regulator” and outlining jurisdiction regarding specific types of PPSIs), 5904 (directing the primary Federal payment stablecoin regulators to “establish a process and framework for the licensing, regulation, examination, and supervision” for PPSIs under their respective jurisdictions).

Back to Citation 4. 12 U.S.C. 5903(a)(5)(A).

Back to Citation 5. 12 U.S.C. 5903(a)(5)(B). In addition to rulemaking authority codified in the “Treatment Under the Bank Secrecy Act and Sanctions Law” section, the GENIUS Act also generally calls for the Secretary of the Treasury to promulgate regulations “to carry out [the GENIUS Act] through appropriate notice and comment rulemaking.” 12 U.S.C. 5913(a). In accordance with Treasury Order 101-05 and 31 U.S.C. 321(b)(2), the authority vested in the Secretary under the GENIUS Act to issue regulations related to prevention of money laundering and countering the financing of terrorism and related to economic sanctions has been delegated to the Director of FinCEN and to the Director of OFAC, respectively.

Back to Citation 6.

                         The GENIUS Act's customer identification program requirement is expected to be the subject of a separate rulemaking.

Back to Citation 7. 12 U.S.C. 5903(a)(5)(A)(i)-(v).

Back to Citation 8. 12 U.S.C. 5903(a)(6)(B), 5901(16) (defining “lawful order”).

Back to Citation 9. 12 U.S.C. 5903(a)(5)(A).

Back to Citation 10. 12 U.S.C. 5903(a)(5)(A)(vi).

Back to Citation 11.

                         On September 19, 2025, the Department of the Treasury issued an advance notice of proposed rulemaking concerning the GENIUS Act. 
                        See 
                         Treasury, *GENIUS Act Implementation,* [90 FR 45159](https://www.federalregister.gov/citation/90-FR-45159) (Sept. 19, 2025); *see also* FDIC, *Approval Requirements for Issuance of Payment Stablecoins by Subsidiaries of FDIC-Supervised Insured Depository Institutions,* [90 FR 59409](https://www.federalregister.gov/citation/90-FR-59409) (Dec. 19, 2025); NCUA, *Investments in and Licensing of Permitted Payment Stablecoins Issuers,* [91 FR 6531](https://www.federalregister.gov/citation/91-FR-6531) (Feb. 12, 2026); OCC, *Implementing the Guiding and Establishing National Innovation for U.S. Stablecoins Act for the Issuance of Stablecoins by Entities Subject to the Jurisdiction of the Office of the Comptroller of the Currency,* [91 FR 10202](https://www.federalregister.gov/citation/91-FR-10202) (Mar. 2, 2026); Treasury, *GENIUS Act Broad-Based Principles for Determining Whether a State-Level Regulatory Regime Is Substantially Similar to the Federal Regulatory Framework,* [91 FR 16844](https://www.federalregister.gov/citation/91-FR-16844) (Apr. 3, 2026).

Back to Citation 12.

                         
                        See [31 U.S.C. 5311](https://www.govinfo.gov/link/uscode/31/5311). Certain parts of the Currency and Foreign Transactions Reporting Act, its amendments, and the other statutes relating to the subject matter of that Act, have come to be referred to as the BSA. These statutes are codified at [12 U.S.C. 1829b](https://www.govinfo.gov/link/uscode/12/1829b), [12 U.S.C. 1951-1960](https://www.govinfo.gov/link/uscode/12/1951), and [31 U.S.C. 5311-5314](https://www.govinfo.gov/link/uscode/31/5311) and [5316-5336](https://www.govinfo.gov/link/uscode/31/5316) and notes thereto, with implementing regulations at [31 CFR chapter X](https://www.ecfr.gov/current/title-31/chapter-X). Consistent with that understood meaning, as codified, the GENIUS Act defines the “Bank Secrecy Act” to mean “(A) section 1829b of [title 12]; (B) chapter 2 of title I of Public Law 91-508 ([12 U.S.C. 1951](https://www.govinfo.gov/link/uscode/12/1951) *et seq.*); and (C) subchapter II of chapter 53 of title 31.” [12 U.S.C. 5901(2)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 13.

                         
                        See [31 U.S.C. 5311(1)](https://www.govinfo.gov/link/uscode/31/5311); *see also* 5313, 5318(g).

Back to Citation 14.

                         
                        See [31 U.S.C. 5311(5)](https://www.govinfo.gov/link/uscode/31/5311), [5311 note](https://www.govinfo.gov/link/uscode/31/5311) (“Cooperation Among Financial Institutions, Regulatory Authorities, and Law Enforcement Authorities”); *see also* [31 U.S.C. 310](https://www.govinfo.gov/link/uscode/31/310).

Back to Citation 15.

                         
                        See 
                         Treasury Order 180-01 (Jan. 14, 2020), para. 3, available at *[https://home.treasury.gov/​about/​general-information/​orders-and-directives/​treasury-order-180-01](https://home.treasury.gov/about/general-information/orders-and-directives/treasury-order-180-01); see also* [31 U.S.C. 310(b)(2)(I)](https://www.govinfo.gov/link/uscode/31/310) (providing that the Director of FinCEN shall “[a]dminister the requirements of subchapter II of chapter 53 of this title, chapter 2 of title I of Public Law 91-508, and section 21 of the Federal Deposit Insurance Act, to the extent delegated such authority by the Secretary”).

Back to Citation 16.

                         
                        See [31 U.S.C. 5318(h)](https://www.govinfo.gov/link/uscode/31/5318); [12 U.S.C. 5903(a)(5)(A)(i)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 17. See, e.g., 31 U.S.C. 5318(a)(2); 12 U.S.C. 1826b; 12 U.S.C. 1953; 12 U.S.C. 5903(a)(5)(A)(ii).

Back to Citation 18.

                         
                        See [31 U.S.C. 5318(g)](https://www.govinfo.gov/link/uscode/31/5318); [12 U.S.C. 5903(a)(5)(A)(iii)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 19.

                         
                        See [31 U.S.C. 5318](https://www.govinfo.gov/link/uscode/31/5318) (*l*); [12 U.S.C. 5903(a)(5)(A)(v)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 20.

                         
                        See [31 U.S.C. 5318(i)](https://www.govinfo.gov/link/uscode/31/5318); [12 U.S.C. 5903(a)(5)(A)(v)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 21.

                         
                        See [50 U.S.C. 1701](https://www.govinfo.gov/link/uscode/50/1701) *et seq.*

Back to Citation 22.

                         
                        See [50 U.S.C. 1701](https://www.govinfo.gov/link/uscode/50/1701).

Back to Citation 23.

                         
                        See [50 U.S.C. 1702](https://www.govinfo.gov/link/uscode/50/1702).

Back to Citation 24.

                         
                        See [50 U.S.C. 1704](https://www.govinfo.gov/link/uscode/50/1704).

Back to Citation 25. See, e.g., 31 CFR 525.106, 548.802, 591.802.

Back to Citation 26. GENIUS Act Implementation, 90 FR 45159. The ANPRM solicited comment on a range of potential Treasury efforts related to the GENIUS Act and payment stablecoins that are outside the purview of this rulemaking. For example, the ANPRM included questions related to the GENIUS Act prohibition on digital asset service providers offering and selling a payment stablecoin to any person in the United States unless the payment stablecoin is issued by a PPSI or a foreign payment stablecoin issuer that meets certain requirements. Id. at 45160-61. It also included questions related to Treasury's role in determining whether a state-level regulatory regime is substantially similar to the Federal framework and whether a foreign country's regulatory and supervisory regime is comparable to the U.S. framework. Id. at 45162-63.

Back to Citation 27. Id. at 45161-63.

Back to Citation 28. See infra section IV.C discussing the meaning of primary and secondary market for purposes of this rulemaking.

Back to Citation 29. See, e.g., 12 U.S.C. 5902, 5903.

Back to Citation 30.

                         A blockchain is “any technology where data is: (i) shared across a network to create a public ledger of verified transactions or information among network participants; (ii) linked using cryptography to maintain the integrity of the public ledger and to execute other functions; (iii) distributed among network participants in an automated fashion to concurrently update network participants on the state of the public ledger and any other functions; and (iv) composed of source code that is publicly available.” 
                        See 
                         Executive Order (E.O.) 14178, *Strengthening American Leadership in Digital Financial Technology,* [90 FR 8647](https://www.federalregister.gov/citation/90-FR-8647), sec. 2(b) (Jan. 31, 2025).

Back to Citation 31.

                         For this proposed rule, a “digital asset” is “any digital representation of value that is recorded on a cryptographically secured distributed ledger.” 
                        See [12 U.S.C. 5901(6)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 32.

                         White House, *Strengthening American Leadership in Digital Financial Technology,* p. 88 (July 2025) [hereinafter *[E.O. 14178](https://www.federalregister.gov/executive-order/14178) Report* ], available at *[https://www.whitehouse.gov/​wp-content/​uploads/​2025/​07/​Digital-Assets-Report-EO14178.pdf](https://www.whitehouse.gov/wp-content/uploads/2025/07/Digital-Assets-Report-EO14178.pdf).* This report was issued by the President's Working Group on Digital Asset Markets, of which the Secretary is a member, pursuant to [E.O. 14178](https://www.federalregister.gov/executive-order/14178).

Back to Citation 33. See id. at p. 90. As discussed in the E.O. 14178 Report, as of July 2025, more than 99 percent of the outstanding value of stablecoins in circulation is pegged to the U.S. dollar. Id. Other types of assets that may back different forms of stablecoins include digital assets, precious metals, or corporate bonds with lower credit ratings. See id.

Back to Citation 34.

                         
                        See 
                         Watsky, Cy, *et al., Primary and Secondary Markets for Stablecoins,* FEDS Notes, Washington: Board of Governors of the Federal Reserve System (Feb. 23, 2024), available at *[https://doi.org/​10.17016/​2380-7172.3447](https://doi.org/10.17016/2380-7172.3447).*

Back to Citation 35. See id.; see also E.O. 14178 Report, supra note 32, pp. 104-05.

Back to Citation 36. See, e.g., E.O. 14178 Report, supra note 32, p. 18.

Back to Citation 37.

                         A smart contract is a “collection of code and data . . . that is deployed using cryptographically signed transactions” on a blockchain network, which is executed by nodes on a blockchain to perform any given set of pre-determined functions or conditions that are recorded on a blockchain. 
                        See 
                         National Institute of Standards and Technology (NIST), NISTIR 8202, *Blockchain Technology Overview,* p. 32 (Oct. 2018), available at *[https://nvlpubs.nist.gov/​nistpubs/​ir/​2018/​NIST.IR.8202.pdf](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf)* (“A smart contract can perform calculations, store information, expose properties to reflect a publicly exposed state and, if appropriate, automatically send funds to other accounts.”).

Back to Citation 38.

                         NIST, NISTIR 8408, *Understanding Stablecoin Technology and Security Considerations,* p. 6 (Sept. 2023), available at *[https://nvlpubs.nist.gov/​nistpubs/​ir/​2023/​NIST.IR.8408.pdf](https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8408.pdf).* The lynchpin of a blockchain is asymmetric (public key) cryptography, which is used to secure and send transactions on a blockchain. *See Blockchain Technology Overview, supra* note 37, p. 11. First, a user generates a private key (a string of characters that function like a password) and uses that private key to generate a public key (an account number on a blockchain known as an address). Without the private key associated with an address or public key, a user cannot access the digital assets contained within. Developers have created software or hardware wallets to enable users to manage their public and private keys. *See [E.O. 14178](https://www.federalregister.gov/executive-order/14178) Report, supra* note 32, pp. 9-10.

Back to Citation 39. Understanding Stablecoin Technology and Security Considerations, supra note 38, p. 8.

Back to Citation 40. See E.O. 14178 Report, supra note 32, p. 91.

Back to Citation 41. Id. at p. 88.

Back to Citation 42. See id. at p. 89; see, e.g., Fed. Reserve, About the FedNow Service (n.d.), available at https://www.frbservices.org/​financial-services/​fednow/​about.html.

Back to Citation 43. See E.O. 14178 Report, supra note 32, p. 88.

Back to Citation 44. See id. at pp. 90-91.

Back to Citation 45.

                         If consistent with the law and authorized by a primary Federal payment stablecoin regulator or the State payment stablecoin regulator, as applicable, PPSIs can also engage in activities as a “digital asset service provider,” as defined by the GENIUS Act, and activities incidental thereto. Such activities include exchanging and transferring digital assets. 
                        See [12 U.S.C. 5903(a)(7)(B)](https://www.govinfo.gov/link/uscode/12/5903), [5901(7)](https://www.govinfo.gov/link/uscode/12/5901). Such activity would also constitute primary market activity.

Back to Citation 46.

                         
                        See 
                         Treasury, *2026 National Money Laundering Risk Assessment,* p. 50 (Mar. 2026) [hereinafter *2026 NMLRA* ], available at *[https://home.treasury.gov/​system/​files/​246/​2026-NMLRA.pdf](https://home.treasury.gov/system/files/246/2026-NMLRA.pdf); [E.O. 14178](https://www.federalregister.gov/executive-order/14178) Report,* *supra* note 32, p. 94.

Back to Citation 47. See 2026 NMLRA, supra note 46, p. 50.

Back to Citation 48. See, e.g., Compl., United States v. Approximately 225,364,961 USDT, No. 25-cv-1907 (D.D.C. June 18, 2025) (civil forfeiture action against more than $225.3 million in stablecoins allegedly involved in concealing proceeds of digital assets investment fraud); United States v. Su, No. 25-cr-362 (C.D. Cal. Jan. 27, 2026) (defendant sentenced to 46 months in prison for role in digital investment scam involving $36.9 million where victim funds were converted to stablecoins).

Back to Citation 49. See, e.g., Indictment, United States v. Sop, No. 23-cr-128 (D.D.C. Mar. 18, 2023) (indictment alleging defendant laundered proceeds of DPRK IT workers in violation of sanctions, including through use of stablecoins); DOJ, Press Release, Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government (June 5, 2025), available at https://www.justice.gov/​opa/​pr/​department-files-civil-forfeiture-complaint-against-over-774m-laundered-behalf-north-korean; United States of America v. Approximately 1,159,834.52 USDT, No. 25-cv-3771 (D.D.C. Oct. 24, 2025) (civil forfeiture complaint of stablecoins related to virtual currency heists perpetrated by DPRK hacking groups).

Back to Citation 50. See, e.g., United States v. Zhang et al., No. 22-cr-10279 (Aug. 15, 2025) (defendants sentenced to prison in connection with drug trafficking scheme 

                        involving conversion of proceeds to stablecoins); *see also,* DOJ, Press Release, *Two Men Sentenced for Role in International Money Laundering and Drug Trafficking Conspiracy* (Aug. 15, 2025), available at *[https://www.justice.gov/​usao-ma/​pr/​two-men-sentenced-role-international-money-laundering-and-drug-trafficking-conspiracy](https://www.justice.gov/usao-ma/pr/two-men-sentenced-role-international-money-laundering-and-drug-trafficking-conspiracy).*

Back to Citation 51. See, e.g., DOJ, Press Release, Justice Department Disrupts Hamas Terrorist Financing Scheme Through Seizure of Cryptocurrency (Mar. 27, 2025), available at https://www.justice.gov/​opa/​pr/​justice-department-disrupts-hamas-terrorist-financing-scheme-through-seizure-cryptocurrency; United States of America v. Nine Cryptocurrency Wallets Held by Tether Ltd. and Seven Cryptocurrency Wallets Held by Binance Holdings Ltd., No. 24-cv-01251 (D.D.C. Nov. 13, 2025) (involving a civil forfeiture of approximately $2 million dollars in digital currency connected to a Gaza-based money transfer business that was involved in financially supporting Hamas).

Back to Citation 52.

                         Treasury, Press Release, *Treasury Exposes Money Laundering Network Using Digital Assets to Evade Sanctions* (Dec. 4, 2024), available at *[https://home.treasury.gov/​news/​press-releases/​jy2735](https://home.treasury.gov/news/press-releases/jy2735).*

Back to Citation 53.

                         Financial Action Task Force (FATF), *Targeted Update on Implementation of the FATF Standards on Virtual Assets and Virtual Assets Service Providers,* ¶ 35 (June 2025), available at *[https://www.fatf-gafi.org/​content/​dam/​fatf-gafi/​recommendations/​2025-Targeted-Upate-VA-VASPs.pdf.coredownload.pdf](https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/2025-Targeted-Upate-VA-VASPs.pdf.coredownload.pdf).*

Back to Citation 54. Id.

Back to Citation 55. 2026 NMLRA, supra note 46, p. 52.

Back to Citation 56. Id.

Back to Citation 57. Id.

Back to Citation 58.

                         DOJ, Press Release, *Largest Ever Seizure of Funds Related to Crypto Confidence Scams* (June 18, 2025), available at *[https://www.justice.gov/​usao-dc/​pr/​largest-ever-seizure-funds-related-crypto-confidence-scams](https://www.justice.gov/usao-dc/pr/largest-ever-seizure-funds-related-crypto-confidence-scams).*

Back to Citation 59.

                         International Monetary Fund, *Understanding Stablecoins,* p. 30 (2025), available at *[https://www.imf.org/​-/​media/​files/​publications/​dp/​2025/​english/​usea.pdf](https://www.imf.org/-/media/files/publications/dp/2025/english/usea.pdf).*

Back to Citation 60. 2026 NMLRA, supra note 46, p. 26.

Back to Citation 61. Id. at p. 5, 52.

Back to Citation 62. See Largest Ever Seizure of Funds Related to Crypto Confidence Scams, supra note 58.

Back to Citation 63. See, e.g., DOJ, Press Release, U.S. Attorney's Office EDNC Announces Seizure of $61 Million Dollars' Worth of Cryptocurrency, (Feb. 24, 2026), available at https://www.justice.gov/​usao-ednc/​pr/​us-attorneys-office-ednc-announces-seizure-61-million-dollars-worth-cryptocurrency; see also DOJ, Press Release, Ohio Woman Loses Life Savings in Cryptocurrency Investment Scam (Feb. 28, 2025), available at https://www.justice.gov/​usao-ndoh/​pr/​ohio-woman-loses-life-savings-cryptocurrency-investment-scam (discussing seizure of $8.2 million in stablecoins); see also DOJ, Press Release, Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto (Nov. 21, 2023), available at https://www.justice.gov/​usao-ndca/​pr/​cyber-scam-organization-disrupted-through-seizure-nearly-9m-crypto.

Back to Citation 64. See, e.g., Judgment, United States v. Li, 2:23-cr-596 (C.D. Cal. Feb. 10, 2026) (defendant sentenced to 240 months); see also DOJ, Press Release, Man Sentenced to 20 Years in Prison for role in $73 Million Global Cryptocurrency Investment Scam (Feb. 9, 2026), available at https://www.justice.gov/​archives/​opa/​pr/​foreign-national-pleads-guilty-laundering-millions-proceeds-cryptocurrency-investment-scams. See Plea, United States v. He, 2:25-cr-175 (C.D. Cal. Apr 7, 2025); see also DOJ, Press Release, California Man Sentenced for Role in Global Digital Asset Investment Scam Conspiracy Resulting in Theft of More than $36.9M from Victims (Sept. 8, 2025), available at https://www.justice.gov/​opa/​pr/​california-man-sentenced-role-global-digital-asset-investment-scam-conspiracy-resulting.

Back to Citation 65.

                         Treasury, *2026 National Terrorist Financing Risk Assessment,* p. 19 (Mar. 2026) [hereinafter *2026 NTFRA* ], available at *[https://home.treasury.gov/​system/​files/​246/​2026-NTFRA.pdf](https://home.treasury.gov/system/files/246/2026-NTFRA.pdf).*

Back to Citation 66. See, e.g., Justice Department Disrupts Hamas Terrorist Financing Scheme Through Seizure of Cryptocurrency, supra note 51.

Back to Citation 67.

                         United Nations Security Council Counter Terrorism Committee Executive Directorate, *Evolving Trends in the Financing of Foreign Terrorist Fighters' Activity, 2014-2024,* p. 11 (Nov. 2024), available at *[https://www.un.org/​securitycouncil/​ctc/​sites/​www.un.org.securitycouncil.ctc/​files/​cted_​trends_​tracker_​evolving_​trends_​in_​the_​financing_​of_​foreign_​terrorist_​fighters_​activity_​2014_​-_​2024](https://www.un.org/securitycouncil/ctc/sites/www.un.org.securitycouncil.ctc/files/cted_trends_tracker_evolving_trends_in_the_financing_of_foreign_terrorist_fighters_activity_2014_-_2024).*

Back to Citation 68. 2026 NTFRA, supra note 65, p. 26.

Back to Citation 69. See Justice Department Disrupts Hamas Terrorist Financing Scheme Through Seizure of Cryptocurrency, supra note 51.

Back to Citation 70.

                         FATF, *Targeted Report on Stablecoins and Unhosted Wallets: Peer-to-Peer Transactions,* ¶ 36 (Mar. 2025), available at *[https://www.fatf-gafi.org/​content/​dam/​fatf-gafi/​publications/​targeted-report-on-stablecoins-and-unhosted-wallets.pdf.coredownload.inline.pdf](https://www.fatf-gafi.org/content/dam/fatf-gafi/publications/targeted-report-on-stablecoins-and-unhosted-wallets.pdf.coredownload.inline.pdf).*

Back to Citation 71.

                         FinCEN, *Supplemental Advisory on the Procurement of Precursor Chemicals and Manufacturing Equipment Used for the Synthesis of Illicit Fentanyl and Other Synthetic Opioids,* p. 9 (June 20, 2024), available at *[https://www.fincen.gov/​system/​files/​advisory/​2024-06-20/​FinCEN-Supplemental-Advisory-on-Fentanyl-508C.pdf](https://www.fincen.gov/system/files/advisory/2024-06-20/FinCEN-Supplemental-Advisory-on-Fentanyl-508C.pdf).*

Back to Citation 72. See, e.g., Superseding Indictment, United States v. Duarte et al., No. 24-cr-20367 (S.D. Fla. Nov. 19, 2024).

Back to Citation 73. Id.

Back to Citation 74.

                         Compl. *United States* v. *Approximately 114,366.044785 Tether (USDT) Cryptocurrency from Binance Account User ID Ending in 7382,* No. 24-cv-01503, (E.D. Wisc. Nov. 20, 2024); *see also* Decision and Order, *United States* v. *Approximately 114,366.044785 Tether (USDT) Cryptocurrency from Binance Account User ID Ending in 7382,* No. 24-cv-01503, (E.D. Wisc. Feb. 6, 2026) (default judgment ordering assets to be forfeited).

Back to Citation 75.

                         Treasury, Press Release, *Treasury Exposes Money Laundering Network Using Digital Assets to Evade Sanctions* (Dec. 4, 2024), available at *[https://home.treasury.gov/​news/​press-releases/​jy2735](https://home.treasury.gov/news/press-releases/jy2735).*

Back to Citation 76.

                         Treasury, Press Release, *Treasury Sanctions Cryptocurrency Exchange and Network Enabling Sanctions Evasion and Cyber Criminals* (Aug. 14, 2025), available at *[https://home.treasury.gov/​news/​press-releases/​sb0225](https://home.treasury.gov/news/press-releases/sb0225).*

Back to Citation 77.

                         Treasury, Press Release, *Treasury Sanctions Russia-Based Hydra, World's Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex* (Apr. 05, 2022), available at *[https://home.treasury.gov/​news/​press-releases/​jy0701](https://home.treasury.gov/news/press-releases/jy0701).*

Back to Citation 78.

                         Indictment ¶ 29, *United States* v. *Besciokov and Mira Serda,* No. 25-cr-39, (E.D. Va. Feb. 27, 2025), *[https://www.justice.gov/​opa/​media/​1392316/​dl](https://www.justice.gov/opa/media/1392316/dl).*

Back to Citation 79. Id.

Back to Citation 80.

                         Compl. ¶¶ 48-49, *United States* v. *Virtual Currency Associated with North Korean IT Worker Money Laundering and Sanctions Evasion Conspiracies,* No. 25-cv-1769, (D.D.C. June 5, 2025).

Back to Citation 81. Id. at ¶¶ 50, 59.

Back to Citation 82.

                         DOJ, Press Release, *United States Seeks Civil Forfeiture of Cryptocurrency Associated with Iranian National Mohammad Abedini* (Sept. 11, 2025), available at *[https://www.justice.gov/​usao-ma/​pr/​united-states-seeks-civil-forfeiture-cryptocurrency-associated-iranian-national-mohammad](https://www.justice.gov/usao-ma/pr/united-states-seeks-civil-forfeiture-cryptocurrency-associated-iranian-national-mohammad).*

Back to Citation 83.

                         Compl., *United States* v. *Sadeghi and Abedininajafabadi,* No. 24-cr-10391 (D. Mass. Dec. 13, 2024).

Back to Citation 84. See, e.g., Treasury, Press Release, Treasury Sanctions Houthi Network Procuring Weapons and Commodities from Russia (Apr. 2, 2025), available at https://home.treasury.gov/​news/​press-releases/​sb0068; Treasury, Counter Terrorism Designations and Designation Update; Russia-related Designation Removal; Reports for Licensing Activities Undertaken Pursuant to the Trade Sanctions Reform and Export Enhancement Act (TSRA) (Apr. 2, 2024), available at https://ofac.treasury.gov/​recent-actions/​20250402.

Back to Citation 85.

                         Treasury, Press Release, *Treasury Sanctions Iranian Regime Officials for Violent Repression and Corruption* (Jan. 30, 2026), available at *[https://home.treasury.gov/​news/​press-releases/​sb0375](https://home.treasury.gov/news/press-releases/sb0375).*

Back to Citation 86.

                         
                        See 
                         TRM Labs, *How Two UK-registered Companies Moved Over a Billion in Stablecoins for the IRGC* (Jan. 9, 2026), available at *[https://www.trmlabs.com/​resources/​blog/​how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc](https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc).*

Back to Citation 87. 31 U.S.C. 5312(a)(2)(J), 5312(a)(2)(R) (defining, in part, a “financial institution” a “business engaged in the exchange of currency, funds, or value that substitutes for currency or funds,” or “a licensed sender of money or any other person who engages as a business in the transmission of currency, funds, or value that substitutes for currency”). As part of the AML Act, Congress amended 31 U.S.C. 5312 to add this “value that substitutes for currency” language.
See Public Law 116-283, sec. 6102(d), 134 Stat. 4547 (2021). In the AML Act, Congress also reaffirmed FinCEN's existing regulatory framework applying MSB obligations to persons engaged in certain activities related to “value that substitutes for currency,” including the issuing and redeeming of virtual currencies.
See
FinCEN, Bank Secrecy Act Regulations; Definitions and Other Regulations Relating to Money Services Businesses, 76 FR 43585, 43586 (July 21, 2011); see also FinCEN Guidance, FIN-2013-G001, Application of FinCEN's Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (Mar. 18, 2013) [hereinafter 2013 CVC Guidance], available at https://www.fincen.gov/​resources/​statutes-regulations/​guidance/​application-fincens-regulations-persons-administering; FinCEN, FIN-2019-G001, Application of FinCEN's Regulations to Certain Business Models Involving Convertible Virtual Currencies (May 9, 2019) [hereinafter 2019 CVC Guidance], available at https://www.fincen.gov/​resources/​statutes-regulations/​guidance/​application-fincens-regulations-certain-business-models.

Back to Citation 88. 31 CFR 1010.100(ff)(5).

Back to Citation 89. 31 CFR 1010.100(ff)(5)(i)(A) (emphasis in original).

Back to Citation 90.

                         2013 CVC Guidance, *supra* note 87, p 3.

Back to Citation 91. See id. at p. 2 (concluding administrators are generally MSBs and stating that “An administrator is a person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency”); see also 2019 CVC Guidance, supra note 87, p. 13.

Back to Citation 92.

                         
                        See [31 CFR 1022.210](https://www.ecfr.gov/current/title-31/section-1022.210).

Back to Citation 93.

                         
                        See [31 CFR 1022.310](https://www.ecfr.gov/current/title-31/section-1022.310).

Back to Citation 94.

                         
                        See [31 CFR 1022.320](https://www.ecfr.gov/current/title-31/section-1022.320).

Back to Citation 95.

                         
                        See [31 CFR 1022.400](https://www.ecfr.gov/current/title-31/section-1022.400), [1010.410(e)-(f)](https://www.ecfr.gov/current/title-31/section-1010.410(e)-#p-1010.410(e)-(f)).

Back to Citation 96.

                         
                        See [31 CFR 1010.810(b)(8)](https://www.ecfr.gov/current/title-31/section-1010.810#p-1010.810(b)(8)).

Back to Citation 97. 12 U.S.C. 5901(24) (defining a “person” as “an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated”).

Back to Citation 98. 12 U.S.C. 5901(23) (defining a “permitted payment stablecoin issuer” as “a person formed in the United States that is—(A) a subsidiary of an insured depository institution that has been approved to issue payment stablecoins under 12 U.S.C. 5904; (B) a Federal qualified payment stablecoin issuer; or (C) a State qualified payment stablecoin issuer”).

Back to Citation 99.

                         
                        See [12 U.S.C. 5903(a)(5)(A)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 100. See, e.g., 31 CFR 510.326, 555.313, 583.314.

Back to Citation 101.

                         
                        See [12 U.S.C. 5901(23)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 102.

                         
                        See 
                         OFAC, *Specially Designated Nationals List,* available at *[https://sanctionslist.ofac.treas.gov/​Home/​SdnList](https://sanctionslist.ofac.treas.gov/Home/SdnList).*

Back to Citation 103.

                         
                        See 
                         OFAC, *Revised Guidance on Entities Owned by Persons Whose Property and Interests in Property Are Blocked* (Aug. 13, 2014), available at *[https://ofac.treasury.gov/​media/​6186/​download?​inline](https://ofac.treasury.gov/media/6186/download?inline).*

Back to Citation 104.

                         
                        See 
                         OFAC, *Frequently Asked Question 646,* available at *[https://ofac.treasury.gov/​faqs/​646](https://ofac.treasury.gov/faqs/646).*

Back to Citation 105.

                         
                        See [31 CFR part 510](https://www.ecfr.gov/current/title-31/part-510), part 515, part 560, part 589.

Back to Citation 106.

                         
                        See [31 CFR 560.204](https://www.ecfr.gov/current/title-31/section-560.204), [560.410](https://www.ecfr.gov/current/title-31/section-560.410), [560.427](https://www.ecfr.gov/current/title-31/section-560.427).

Back to Citation 107.

                         
                        See [31 CFR part 501](https://www.ecfr.gov/current/title-31/part-501).

Back to Citation 108.

                         
                        See [31 CFR 501.603](https://www.ecfr.gov/current/title-31/section-501.603), [501.604](https://www.ecfr.gov/current/title-31/section-501.604).

Back to Citation 109.

                         
                        See [31 CFR 501.601](https://www.ecfr.gov/current/title-31/section-501.601).

Back to Citation 110. 31 CFR part 501, Appendix A.

Back to Citation 111.

                         Although specifically enumerated in the GENIUS Act, this proposed rule does not impose a customer identification program obligation, which is the subject of a separate rulemaking.

Back to Citation 112. 12 U.S.C. 5903(a)(5)(A).

Back to Citation 113.

                         
                        See [31 U.S.C. 5312(a)(2)](https://www.govinfo.gov/link/uscode/31/5312); *see also, e.g.,* [31 U.S.C. 5318](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 114. 31 U.S.C. 5312(a)(2)(A), (B), (J), (R).

Back to Citation 115. 18 U.S.C. 986(a).

Back to Citation 116. 12 U.S.C. 3414.

Back to Citation 117. 18 U.S.C. 1956.

Back to Citation 118. 18 U.S.C. 2339B.

Back to Citation 119. See, e.g., 50 U.S.C. 3164(5) (defining financial institution for purposes of subchapter); Ariz. Rev. Stat. Ann. 6-1241(3) (defining money transmitter under Arizona law by referencing “financial institution” as defined under 31 U.S.C 5312).

Back to Citation 120. 31 U.S.C. 5312(a)(2)(Y).

Back to Citation 121.

                         
                        See [31 U.S.C. 5312(a)(2)(R)](https://www.govinfo.gov/link/uscode/31/5312); [31 CFR 1010.100(t)(3)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(t)(3)), [(ff)(5)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(ff)(5)).

Back to Citation 122.

                         
                        See [12 U.S.C. 5903(a)(7)(B)](https://www.govinfo.gov/link/uscode/12/5903) (including as a rule of construction that “Nothing in [[12 U.S.C. 5903(a)(7)(A)](https://www.govinfo.gov/link/uscode/12/5903) ] shall limit a permitted payment stablecoin issuer from engaging in payment stablecoin activities or digital asset service provider activities . . . that are authorized by the primary Federal payment stablecoin regulator or the State payment stablecoin regulator, as applicable, consistent with all other Federal and State laws, provided that the claims of payment stablecoin holders rank senior to any potential claims of non-stablecoin creditors with respect to the reserve assets. . . .”).

Back to Citation 123.

                         
                        See [31 CFR 1010.100(d)(7)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(d)(7)) (defining a bank, in part, as “Any other organization (except a money services business) chartered under the banking laws of any state and subject to the supervision of the bank supervisory authorities of a State”), 1010.100(ff)(8)(i) (definition of money services business “shall not include . . . a bank or foreign bank”).

Back to Citation 124.

                         
                        See [12 U.S.C. 5901(11)(B)](https://www.govinfo.gov/link/uscode/12/5901) (including uninsured national banks within the definition of “Federal qualified payment stablecoin issuer,” a type of PPSI under [12 U.S.C. 5901(23)(B)](https://www.govinfo.gov/link/uscode/12/5901)).

Back to Citation 125.

                         
                        See [12 U.S.C. 5903(a)(7)(A)(iii)-(v)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 126.

                         
                        See [12 U.S.C. 5903(a)(1)(A)(ii)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 127.

                         
                        See [12 U.S.C. 5901(23)(A)](https://www.govinfo.gov/link/uscode/12/5901); [12 U.S.C. 5901(15)](https://www.govinfo.gov/link/uscode/12/5901) (defining “insured depository institution” as “(A) an insured depository institution, as defined in section 3 of the Federal Deposit Insurance Act ([12 U.S.C. 1813](https://www.govinfo.gov/link/uscode/12/1813)); and (B) an insured credit union”); *see infra* section VI.C.1.ix (discussing proposed definition of permitted payment stablecoin issuer).

Back to Citation 128.

                         
                        See [12 U.S.C. 5901(23)(A)](https://www.govinfo.gov/link/uscode/12/5901); [31 CFR part 1020](https://www.ecfr.gov/current/title-31/part-1020).

Back to Citation 129. See infra section VI.C.3.

Back to Citation 130. 12 U.S.C. 5903(a)(5)(A)(iv).

Back to Citation 131. Id.; see also infra section VI.C.6 for a discussion of additional technical capabilities, policies, and procedure requirements specific to PPSIs.

Back to Citation 132.

                         FinCEN, FIN-2012-R005, *Compliance Obligations of Certain Loan or Finance Company Subsidiaries of Federally Regulated Banks and Other Financial Institutions* (Aug. 13, 2012) available at *[https://www.fincen.gov/​system/​files/​administrative_​ruling/​FIN-2012-R005.pdf](https://www.fincen.gov/system/files/administrative_ruling/FIN-2012-R005.pdf).*

Back to Citation 133.

                         
                        See 
                         FinCEN, *Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Residential Mortgage Lenders and Originators,* [77 FR 8157](https://www.federalregister.gov/citation/77-FR-8157) (Feb. 14, 2012).

Back to Citation 134.

                         FinCEN, FIN-2012-R005, *supra* note 132, p. 2.

Back to Citation 135.

                         
                        See [12 U.S.C. 5901(11)(B)](https://www.govinfo.gov/link/uscode/12/5901); *see also Implementing the Guiding and Establishing National Innovation for U.S. Stablecoins Act for the Issuance of Stablecoins by Entities Subject to the Jurisdiction of the Office of the Comptroller of the Currency,* [91 FR 10202](https://www.federalregister.gov/citation/91-FR-10202), [10232](https://www.federalregister.gov/citation/91-FR-10232), [10296](https://www.federalregister.gov/citation/91-FR-10296) (Mar. 2, 2026).

Back to Citation 136. See infra section VI.C.1.ii.

Back to Citation 137.

                         As part of proposed part 1033, FinCEN proposes that if one portion of the proposed regulation, if finalized, is found to be invalid, the invalidated portion of the regulation should be severed with the remaining portions of the regulation remaining in full force and effect. FinCEN's position is that invalidation of any one provision, or application thereof to any one person or circumstance, does not, and should not, affect any other provision in this proposed regulation. Each provision serves an important, related, but distinct purpose and application, designed to benefit the public by protecting the U.S. financial system from illicit financial activity. FinCEN accordingly has proposed each provision such that invalidity to one provision would not undermine the operability or usefulness of the other provisions.

Back to Citation 138.

                         
                        See [12 U.S.C. 5901(32)](https://www.govinfo.gov/link/uscode/12/5901) (defining “subsidiary”); *see also* [12 U.S.C. 5901(23)](https://www.govinfo.gov/link/uscode/12/5901) (defining “permitted payment stablecoin issuer”).

Back to Citation 139.

                         
                        See [12 U.S.C. 5903(a)(5)(A)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 140.

                         
                        See 
                         2019 CVC Guidance, *supra* note 87, p. 13 (discussing that an “administrator” engages in issuing and redeeming a virtual currency and is generally a money transmitter).

Back to Citation 141. See infra section VI.C.9.ii.a; see also 2019 CVC Guidance, supra note 87, p. 11.

Back to Citation 142.

                         
                        See [12 U.S.C. 5901(24)](https://www.govinfo.gov/link/uscode/12/5901) (defining “person” as “an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated”).

Back to Citation 143.

                         
                        See [31 CFR 1010.100(mm)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(mm)) (defining “Person” as “An individual, a corporation, a partnership, a trust or estate, a joint stock company, an association, a syndicate, joint venture, or other unincorporated organization or group, an Indian Tribe (as that term is defined in the Indian Gaming Regulatory Act), and all entities cognizable as legal personalities.”).

Back to Citation 144.

                         
                        See [12 U.S.C. 5901(16)](https://www.govinfo.gov/link/uscode/12/5901) (defining, in part, “lawful order” as one that “specifies the payment stablecoins or *accounts* subject to blocking with reasonable particularity” (emphasis added)).

Back to Citation 145. See, e.g., 31 CFR 1010.100(p) (defining “established customer”); 1010.100(bbb) (defining “transaction”). For financial institutions with customer identification program (CIP) obligations, those institution's subparts often include a definition of “account.” However, those definitions are limited to CIP obligations unless expressly noted elsewhere.
See 31 CFR 1020.100(a) (defining “account” for CIP purposes in bank subpart); 1023.100(a) (defining “account” for CIP purposes in brokers or dealers in securities subpart); see also 1010.230 (defining “account” in obligation related to legal entity customers by explicit reference to CIP definitions of “account”).

Back to Citation 146. See infra section VI.C.6.ii discussing proposed obligations related to lawful order compliance and technical capabilities.

Back to Citation 147.

                         
                        See 
                         section 17 of the GENIUS Act, [Public Law 119-27](https://www.govinfo.gov/link/plaw/119/public/27).

Back to Citation 148.

                         
                        See [12 U.S.C. 5901(24)](https://www.govinfo.gov/link/uscode/12/5901) (defining the term “person” to mean “an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated”).

Back to Citation 149.

                         
                        See [31 CFR 1010.100(mm)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(mm)) (stating “Person. An individual, a corporation, a partnership, a trust or estate, a joint stock company, an association, a syndicate, joint venture, or other unincorporated organization or group, an Indian Tribe (as that term is defined in the Indian Gaming Regulatory Act), and all entities cognizable as legal personalities.”).

Back to Citation 150.

                         
                        See [12 U.S.C. 5901(28)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 151.

                         
                        See [31 CFR 1010.100(vv)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(vv)) (defining “State” as “The States of the United States and, wherever necessary to carry out the provisions of this chapter, the District of Columbia.”).

Back to Citation 152.

                         
                        See [31 CFR 1010.100(zz)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(zz)) (defining “Territories and Insular Possessions” as “The Commonwealth of Puerto Rico, the United States Virgin Islands, Guam, the Commonwealth of the Northern Mariana Islands, and all other territories and possessions of the United States other than the Indian lands and the District of Columbia.”).

Back to Citation 153. 12 U.S.C. 5901(15).

Back to Citation 154.

                         
                        See 
                         Treasury Order 180-01, *supra* note 15, para. 3; *see also* [31 CFR 1010.810(a)](https://www.ecfr.gov/current/title-31/section-1010.810#p-1010.810(a)).

Back to Citation 155. 31 U.S.C. 5318(a)(1); 31 CFR 1010.810(a); Treasury Order 180-1, supra note 15, paras. 3(b), 4(b).

Back to Citation 156. See, e.g., 12 U.S.C. 5905 (outlining supervision by primary Federal payment stablecoin regulators); 12 U.S.C. 5906 (outlining supervision by State payment stablecoin regulators).

Back to Citation 157. Compare 31 CFR 1010.810(b)(1)-(6) with 31 CFR 1010.810(b)(8).

Back to Citation 158.

                         
                        See [12 U.S.C. 5903(c)](https://www.govinfo.gov/link/uscode/12/5903), [5906](https://www.govinfo.gov/link/uscode/12/5906).

Back to Citation 159. 12 U.S.C. 5903(d).

Back to Citation 160. 12 U.S.C. 5905(a)(3); 12 U.S.C. 5901(25).

Back to Citation 161. 12 U.S.C. 5903(a)(4)(A)(iv).

Back to Citation 162.

                         
                        See [31 CFR 1010.810(b)(1)-(3)](https://www.ecfr.gov/current/title-31/section-1010.810#p-1010.810(b)(1)), [(5)](https://www.ecfr.gov/current/title-31/section-1010.810#p-1010.810(5)).

Back to Citation 163. See infra section VI.C.1.x.

Back to Citation 164.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(i)](https://www.govinfo.gov/link/uscode/12/5903); *see also* [31 U.S.C. 5318(h)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 165. 31 U.S.C. 5318(h)(2)(B)(iii).

Back to Citation 166.

                         Anti-Money Laundering Act of 2020, [Public Law 116-283](https://www.govinfo.gov/link/plaw/116/public/283), Div. F, sections 6001-6511, 134 Stat. 3388, 4547-4633 (Jan. 1, 2021).

Back to Citation 167.

                         
                        See [12 U.S.C. 5903(a)(5)(B)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 168. 31 U.S.C. 5311.

Back to Citation 169. 31 U.S.C. 5318(h)(2)(B)(iv)(II).

Back to Citation 170.

                         
                        See [31 U.S.C. 5318(h)(2)(B)](https://www.govinfo.gov/link/uscode/31/5318). Per the BSA, the factors FinCEN considered include, “(i) Financial institutions are spending private compliance funds for a public and private benefit, including protecting the United States financial system from illicit finance risks. (ii) The extension of financial services to the underbanked and the facilitation of financial transactions, including remittances, coming from the United States and abroad in ways that simultaneously prevent criminal persons from abusing formal or informal financial services networks are key policy goals of the United States. (iii) Effective anti-money laundering and countering the financing of terrorism programs safeguard national security and generate significant public benefits by preventing the flow of illicit funds in the financial system and by assisting law enforcement and national security agencies with the identification and prosecution of persons attempting to launder money and undertake other illicit activity through the financial system. (iv) Anti-money laundering and countering the financing of terrorism programs [. . .] should be—(I) reasonably designed to assure and monitor compliance with the requirements of this subchapter and regulations promulgated under this subchapter; and (II) risk-based, including ensuring that more attention and resources of financial institutions should be directed toward higher-risk customers and activities, consistent with the risk profile of a financial institution, rather than toward lower-risk customers and activities.”

Back to Citation 171. E.O. 14331, Guaranteeing Fair Banking for All Americans, 90 FR 38925 (Aug. 12, 2025).

Back to Citation 172.

                         
                        See [31 U.S.C. 5318(h)(2)(B)(iii)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 173.

                         
                        See [12 U.S.C. 5903(f)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 174. 31 U.S.C. 5318(h)(1)(A).

Back to Citation 175.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(i)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 176.

                         
                        See 
                         FinCEN, *Section 314(b) Fact Sheet,* (Dec. 2020), available at *[https://www.fincen.gov/​system/​files/​shared/​314bfactsheet.pdf](https://www.fincen.gov/system/files/shared/314bfactsheet.pdf).*

Back to Citation 177. 31 U.S.C. 5318(h)(2)(B)(iv)(II).

Back to Citation 178.

                         
                        See [12 U.S.C. 5903(a)(5)(A)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 179.

                         
                        See 
                         applicable program rules with CDD requirements for covered financial institutions are located at [31 CFR 1020.210(a)(2)(v)](https://www.ecfr.gov/current/title-31/section-1020.210#p-1020.210(a)(2)(v)) and [(b)(2)(v)](https://www.ecfr.gov/current/title-31/section-1020.210#p-1020.210(b)(2)(v)) (banks), 1023.210(b)(5) (broker-dealers), 1024.210(b)(5) (mutual funds), and 1026.210(b)(5) (futures commission merchants and introducing brokers in commodities). FinCEN in February 2026 issued an order granting exceptive relief to covered financial institutions from the requirements in [31 CFR 1010.230(b)](https://www.ecfr.gov/current/title-31/section-1010.230#p-1010.230(b)) to identify and verify the identities of beneficial owners of legal entity customers at each new account opening. 
                        See 
                         FinCEN, *Exceptive Relief from Requirement to Identify and Verify Beneficial Owners at Each Account Opening* (Feb. 13, 2026), available at *[https://www.fincen.gov/​system/​files/​2026-02/​FinCEN-Order-CCDExceptiveRelief.pdf](https://www.fincen.gov/system/files/2026-02/FinCEN-Order-CCDExceptiveRelief.pdf).*

Back to Citation 180.

                         
                        See [31 CFR 1020.210(a)(2)(v)](https://www.ecfr.gov/current/title-31/section-1020.210#p-1020.210(a)(2)(v)) and [(b)(2)(v)](https://www.ecfr.gov/current/title-31/section-1020.210#p-1020.210(b)(2)(v)) (banks); 1023.210(b)(5) (broker-dealers); 1024.210(b)(5) (mutual funds); 1026.210(b)(5) (futures commission merchants and introducing brokers in commodities).

Back to Citation 181.

                         
                        See 
                         FinCEN, *Customer Due Diligence Requirements for Financial Institutions,* [81 FR 29398](https://www.federalregister.gov/citation/81-FR-29398), [29419](https://www.federalregister.gov/citation/81-FR-29419) (May 11, 2016); FinCEN, *Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions,* Question 36 (Apr. 3, 2018), available at *[https://www.fincen.gov/​system/​files/​2018-04/​FinCEN_​Guidance_​CDD_​FAQ_​FINAL_​508_​2.pdf](https://www.fincen.gov/system/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf).*

Back to Citation 182. See supra section IV.D.

Back to Citation 183.

                         
                        See 
                         Board, FDIC, NCUA, OCC, and FinCEN, *Interagency Statement on Sharing Bank Secrecy Act Resources* (Oct. 3, 2018), available at *[https://www.fincen.gov/​news/​news-releases/​interagency-statement-sharing-bank-secrecy-act-resources](https://www.fincen.gov/news/news-releases/interagency-statement-sharing-bank-secrecy-act-resources).*

Back to Citation 184.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(i)](https://www.govinfo.gov/link/uscode/12/5903); [31 U.S.C. 5318(h)(1)(B)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 185. See, e.g., FinCEN, Financial Crimes Enforcement Network; Confidentiality of Suspicious Activity Reports, 75 FR 75593 (Dec. 3, 2010); see also FinCEN, the Board, FDIC, OCC, and Office of Thrift Supervision, Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies (Jan. 20, 2006), available at https://www.fincen.gov/​system/​files/​guidance/​sarsharingguidance01122006.pdf.

Back to Citation 186.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(i)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 187.

                         
                        See [31 U.S.C. 5318(h)(1)(B)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 188.

                         
                        See [12 U.S.C. 5903(f)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 189.

                         
                        See [31 U.S.C. 5318(h)(1)(C)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 190.

                         
                        See [31 CFR 1010.810(b)](https://www.ecfr.gov/current/title-31/section-1010.810#p-1010.810(b)); *see also* supra section VI.C.2.

Back to Citation 191.

                         
                        See [12 U.S.C. 5904(i)(l)](https://www.govinfo.gov/link/uscode/12/5904).

Back to Citation 192.

                         
                        See [31 U.S.C. 5318(a)(2)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 193. See supra section VI.C.2.

Back to Citation 194.

                         The proposal is not intended to and does not affect criminal enforcement liability under the BSA, or the related authority of the Department of Justice.

Back to Citation 195.

                         FinCEN, *FinCEN Statement on Enforcement of the Bank Secrecy Act,* pp. 2-3 (Aug. 18, 2020), available at *[https://www.fincen.gov/​system/​files/​shared/​FinCEN%20Enforcement%20Statement_​FINAL%20508.pdf](https://www.fincen.gov/system/files/shared/FinCEN%2520Enforcement%2520Statement_FINAL%2520508.pdf).*

Back to Citation 196.

                         FinCEN, *FinCEN Exchange,* available at *[https://www.fincen.gov/​resources/​fincen-exchange](https://www.fincen.gov/resources/fincen-exchange).*

Back to Citation 197.

                         FinCEN, *FinCEN Statement on Enforcement of the Bank Secrecy Act* (Aug. 18, 2020), available at *[https://www.fincen.gov/​system/​files/​shared/​FinCEN%20Enforcement%20Statement_​FINAL%20508.pdf](https://www.fincen.gov/system/files/shared/FinCEN%2520Enforcement%2520Statement_FINAL%2520508.pdf).*

Back to Citation 198.

                         
                        See [12 U.S.C. 5903(a)(5)(A)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 199. See Customer Due Diligence Requirements for Financial Institutions, 81 FR at 29398. As previously highlighted, FinCEN in February 2026 issued an order granting exceptive relief to covered financial institutions from the requirements in 31 CFR 1010.230(b) to identify and verify the identities of beneficial owners of legal entity customers at each new account opening. See Exceptive Relief from Requirement to Identify and Verify Beneficial Owners at Each Account Opening, supra note 179.

Back to Citation 200. 12 U.S.C. 5903(a)(5)(A)(v).

Back to Citation 201.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(iv)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 202.

                         
                        See [12 U.S.C. 5903(a)(6)(B)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 203.

                         
                        See [12 U.S.C. 5903(a)(7)(B)](https://www.govinfo.gov/link/uscode/12/5903), [5901(7)](https://www.govinfo.gov/link/uscode/12/5901) (defining “digital asset service provider”).

Back to Citation 204.

                         
                        See [12 U.S.C. 5903(a)(6)(B)](https://www.govinfo.gov/link/uscode/12/5903). Although codified outside the GENIUS Act section specifically dealing with the BSA, Congress provided Treasury general rulemaking authority to implement the GENIUS Act. 
                        See [12 U.S.C. 5913](https://www.govinfo.gov/link/uscode/12/5913). This provision directly implicates illicit finance considerations and, as such, is appropriately overseen by FinCEN at Treasury as part of efforts to combat money laundering and the financing of terrorism.

Back to Citation 205.

                         
                        See [12 U.S.C. 5901(16)](https://www.govinfo.gov/link/uscode/12/5901); *see also* section VI.C.1.vii.

Back to Citation 206.

                         
                        See 
                         DOJ, *Asset Forfeiture Policy Manual* (2025), chap. 4, sec. I.B., available at *[https://www.justice.gov/​usdoj-media/​criminal/​media/​1140236/​dl?​inline](https://www.justice.gov/usdoj-media/criminal/media/1140236/dl?inline).*

Back to Citation 207. See U.S. Attorney's Office EDNC Announces Seizure of $61 Million Dollars' Worth of Cryptocurrency, Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto supra note 63; Largest Ever Seizure of Funds Related to Crypto Confidence Scam supra note 58.

Back to Citation 208. See, e.g., 31 U.S.C. 5313(a), 5326. This proposal also implements the GENIUS Act's requirements related to high value transactions.
See 12 U.S.C. 5903(a)(5)(A)(v).

Back to Citation 209. 31 CFR 1010.311.

Back to Citation 210. 31 CFR 1010.100(m) (defining, in part, “currency” as “[t]he coin and paper money of the United States or of any other country”).

Back to Citation 211.

                         Kiosks, for example, which are ATM-like devices that allow customers to exchange real (or fiat) currency for virtual currency and vice versa, are already used to exchange CVC for fiat currency including cash. 
                        See 
                         FinCEN, FIN-2025-NTC1, *FinCEN Notice on the Use of Convertible Virtual Currency Kiosks for Scam Payments and Other Illicit Activity* (Aug. 4, 2025), available at *[https://www.fincen.gov/​system/​files/​2025-08/​FinCEN-Notice-CVCKIOSK.pdf](https://www.fincen.gov/system/files/2025-08/FinCEN-Notice-CVCKIOSK.pdf).* Such devices could be leveraged by PPSIs as an additional means to interact with customers.

Back to Citation 212.

                         
                        See [31 CFR 1020.315](https://www.ecfr.gov/current/title-31/section-1020.315).

Back to Citation 213.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(iii)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 214.

                         
                        See [31 U.S.C. 5318(g)(1)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 215.

                         
                        See [31 CFR 1020.320](https://www.ecfr.gov/current/title-31/section-1020.320), [1021.320](https://www.ecfr.gov/current/title-31/section-1021.320), [1022.320](https://www.ecfr.gov/current/title-31/section-1022.320), [1023.320](https://www.ecfr.gov/current/title-31/section-1023.320), [1024.320](https://www.ecfr.gov/current/title-31/section-1024.320), [1025.320](https://www.ecfr.gov/current/title-31/section-1025.320), [1026.320](https://www.ecfr.gov/current/title-31/section-1026.320), [1029.320](https://www.ecfr.gov/current/title-31/section-1029.320), [1030.320](https://www.ecfr.gov/current/title-31/section-1030.320).

Back to Citation 216.

                         
                        See [31 U.S.C. 5311(1)](https://www.govinfo.gov/link/uscode/31/5311); *see also, e.g.,* FinCEN, *Financial Crimes Enforcement Network (FinCEN) 

                            Year in Review for Fiscal Year 2024,* available at *[https://www.fincen.gov/​system/​files/​2025-08/​FinCEN-Infographic-Public-2025-508.pdf](https://www.fincen.gov/system/files/2025-08/FinCEN-Infographic-Public-2025-508.pdf).*

Back to Citation 217. See infra section VI.C.8.ii. and vi.

Back to Citation 218.

                         
                        See [31 CFR 1020.320(a)](https://www.ecfr.gov/current/title-31/section-1020.320#p-1020.320(a)), [1021.320(a)](https://www.ecfr.gov/current/title-31/section-1021.320#p-1021.320(a)), [1023.320(a)](https://www.ecfr.gov/current/title-31/section-1023.320#p-1023.320(a)), [1024.320(a)](https://www.ecfr.gov/current/title-31/section-1024.320#p-1024.320(a)), [1026.320(a)](https://www.ecfr.gov/current/title-31/section-1026.320#p-1026.320(a)), [1029.320(a)](https://www.ecfr.gov/current/title-31/section-1029.320#p-1029.320(a)) (requiring banks, casinos, broker-dealers in securities, mutual funds, futures commission merchants and introducing brokers, and loan or finance companies to report suspicious transactions if they involve in the aggregate at least $5,000).

Back to Citation 219. 31 CFR 1022.320(a)(2).

Back to Citation 220. 12 U.S.C. 5903(a)(5)(A)(v).

Back to Citation 221.

                         
                        See 
                         FinCEN, *Amendments to the Bank Secrecy Act Regulations-Requirement that Money Transmitters and Money Order and Traveler's Check Issuers, Sellers, and Redeemers Report Suspicious Transactions,* [65 FR 13683](https://www.federalregister.gov/citation/65-FR-13683) (Mar. 14, 2000).

Back to Citation 222.

                         
                        See [31 CFR 1021.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1021.320#p-1021.320(a)(2)(iv)), [1022.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1022.320#p-1022.320(a)(2)(iv)), [1023.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1023.320#p-1023.320(a)(2)(iv)), [1024.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1024.320#p-1024.320(a)(2)(iv)), [1025.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1025.320#p-1025.320(a)(2)(iv)), [1026.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1026.320#p-1026.320(a)(2)(iv)), [1029.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1029.320#p-1029.320(a)(2)(iv)), [1030.320(a)(2)(iv)](https://www.ecfr.gov/current/title-31/section-1030.320#p-1030.320(a)(2)(iv)).

Back to Citation 223.

                         Other BSA-defined financial institutions, such as banks, broker-dealers in securities, and mutual funds have separate reporting obligations that may involve the same suspicious activity. 
                        See [31 CFR 1020.320](https://www.ecfr.gov/current/title-31/section-1020.320), [1023.320](https://www.ecfr.gov/current/title-31/section-1023.320), [1024.320](https://www.ecfr.gov/current/title-31/section-1024.320).

Back to Citation 224. 31 U.S.C. 5318(g)(2).

Back to Citation 225.

                         
                        See [31 U.S.C. 5318(g)(2)(A)(i)](https://www.govinfo.gov/link/uscode/31/5318), [5322](https://www.govinfo.gov/link/uscode/31/5322).

Back to Citation 226.

                         In reaching this conclusion, FinCEN considered and found persuasive the rationale underlying interagency guidance issued by FinCEN, the Board, FDIC, OCC, and Office of Thrift Supervision, which determined “a U.S. bank or savings association may disclose a Suspicious Activity Report to its controlling company.” 
                        See 
                         FinCEN, the Board, FDIC, OCC, and Office of Thrift Supervision, *Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies* (Jan. 20, 2006), available at *[https://www.fincen.gov/​system/​files/​guidance/​sarsharingguidance01122006.pdf](https://www.fincen.gov/system/files/guidance/sarsharingguidance01122006.pdf).*

Back to Citation 227.

                         For purposes of this rulemaking, “non-public information” refers to information that is exempt from disclosure under the Freedom of Information Act.

Back to Citation 228. 31 CFR 1.11 is Treasury's regulation governing demands for testimony or the production of records of Department employees and former employees in a court or other proceeding.

Back to Citation 229.

                         As previously referenced, to encourage the reporting of possible violations of law or regulation and the filing of SARs, the BSA contains a safe harbor provision that shields financial institutions making such reports from civil liability. In 2001, the USA PATRIOT Act clarified that the safe harbor also covers voluntary disclosure of possible violations of law and regulations to a government agency and expanded the scope of the safe harbor to cover any civil liability which may exist under any contract or other legally enforceable agreement (including any arbitration agreement). 
                        See 
                         USA PATRIOT Act, [Public Law 107-56](https://www.govinfo.gov/link/plaw/107/public/56), sec. 351(a), 115 Stat. 272, 321 (2001); [31 U.S.C. 5318(g)(3)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 230.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(ii)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 231.

                         
                        See [12 U.S.C. 1953](https://www.govinfo.gov/link/uscode/12/1953); [31 U.S.C. 5318(a)(2)](https://www.govinfo.gov/link/uscode/31/5318); *see also* [12 U.S.C. 5901(2)](https://www.govinfo.gov/link/uscode/12/5901) (defining “Bank Secrecy Act” to include [12 U.S.C. 1951](https://www.govinfo.gov/link/uscode/12/1951) *et seq.*); [31 U.S.C. 5311(1)](https://www.govinfo.gov/link/uscode/31/5311) (stating purpose of the BSA includes requiring records that are highly useful for law enforcement and regulatory investigations and intelligence and counterintelligence activities).

Back to Citation 232.

                         
                        See [31 CFR 1020 subpart D](https://www.ecfr.gov/current/title-31/part-1020/subpart-D), [1021](https://www.ecfr.gov/current/title-31/part-1020/subpart-1021) subpart D, 1022 subpart D, 1023 subpart D, 1024 subpart D, 1025 subpart D, 1026 subpart D, 1027 subpart D, 1028 subpart D, 1029 subpart D, and 1030 subpart D.

Back to Citation 233.

                         
                        See [31 CFR 1010.401](https://www.ecfr.gov/current/title-31/section-1010.401).

Back to Citation 234.

                         FinCEN recognizes that it is unlikely PPSIs will engage in extensions of credit, but in the event the ability of PPSI to extend credit is not fully foreclosed, FinCEN believes it prudent to apply the obligation. A PPSI not engaged in such activity would not be expected to take any action to implement it, including creating policies and procedures, and accordingly would accrue no burden from the application of this obligation.

Back to Citation 235.

                          The Recordkeeping Rule for nonbank financial institutions is codified at [31 CFR 1010.410(e)](https://www.ecfr.gov/current/title-31/section-1010.410#p-1010.410(e)). The Travel Rule is codified at [31 CFR 1010.410(f)](https://www.ecfr.gov/current/title-31/section-1010.410#p-1010.410(f)) and applies to both bank and nonbank financial institutions. 
                        See 
                         Treasury, Board, *Amendment to the Bank Secrecy Act Regulations Relating to Recordkeeping for Funds Transfers and Transmittals of Funds by Financial Institutions,* [60 FR 220](https://www.federalregister.gov/citation/60-FR-220) (Jan. 3, 1995).

Back to Citation 236.

                         
                        See [31 CFR 1010.410(e)](https://www.ecfr.gov/current/title-31/section-1010.410#p-1010.410(e)).

Back to Citation 237.

                         In addition to implementing the GENIUS Act's directive that PPSIs be subject to recordkeeping obligations, this proposal also implements its requirements related to high value transactions by requiring collection of information for certain transactions. 
                        See [12 U.S.C. 5903(a)(5)(A)(v)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 238.

                         Section 1010.410(e) applies to “nonbank financial institutions.” FinCEN recognizes that some PPSIs may also be banks but believes further clarifying in the regulatory text that when an entity acts as a PPSI it is acting as a nonbank financial institution is not necessary.

Back to Citation 239.

                         
                        See 
                         2019 CVC Guidance, *supra* note 87.

Back to Citation 240.

                         Under [31 U.S.C. 5318(a)(2)](https://www.govinfo.gov/link/uscode/31/5318), FinCEN can require financial institutions to maintain appropriate procedures, including to collect and report information. to guard against money laundering, the financing of terrorism, or other forms of illicit finance. Additionally, [12 U.S.C. 1953](https://www.govinfo.gov/link/uscode/12/1953) provides the Secretary the ability to, for any financial institution other than an insured bank, promulgate rules related to maintenance of appropriate records including relating to funds transfers. While FinCEN assesses its inclusion of “payment stablecoin” is no more than a clarification, it also has and is using its authority under [12 U.S.C. 1953](https://www.govinfo.gov/link/uscode/12/1953) and [31 U.S.C. 5318(a)(2)](https://www.govinfo.gov/link/uscode/31/5318) to independently add payment stablecoin to the Recordkeeping and Travel Rule's purview.

Back to Citation 241. See supra section VI.C.1.iv; see also 2019 CVC Guidance, supra note 87, p. 11.

Back to Citation 242.

                         
                        See 
                         2019 CVC Guidance, *supra* note 87, p. 11.

Back to Citation 243. 12 U.S.C. 5901(18).

Back to Citation 244.

                         
                        See 
                         FinCEN, Board, *Threshold for the Requirement To Collect, Retain, and Transmit Information on Funds Transfers and Transmittals of Funds That Begin or End Outside the United States, and Clarification of the Requirement To Collect, Retain, and Transmit Information on Transactions Involving Convertible Virtual Currencies and Digital Assets With Legal Tender Status,* [85 FR 68005](https://www.federalregister.gov/citation/85-FR-68005), [68009](https://www.federalregister.gov/citation/85-FR-68009) (Oct. 27, 2020). FinCEN intends to withdraw this proposal. *See [E.O. 14178](https://www.federalregister.gov/executive-order/14178) Report, supra* note 32, p. 100.

Back to Citation 245. See, e.g., AML Act, Public Law 116-283 (2021). Section 6102(d) of the AML Act adding “value that substitutes for currency” to clarify the application of the BSA to those assets, including clarifying that “monetary instruments” can include “value that substitutes for any monetary instrument.”

Back to Citation 246.

                         
                        See 
                         2019 CVC Guidance, *supra* note 87, p. 11.

Back to Citation 247. 12 U.S.C. 5903(a)(5)(A).

Back to Citation 248. 31 U.S.C. 5311(2), (5).

Back to Citation 249.

                         
                        See [31 U.S.C. 5311(5)](https://www.govinfo.gov/link/uscode/31/5311); *see also* AML Act, [Public Law 116-283](https://www.govinfo.gov/link/plaw/116/public/283).

Back to Citation 250.

                         
                        See [31 U.S.C. 5311 note](https://www.govinfo.gov/link/uscode/31/5311) (“Cooperation Among Financial Institutions, Regulatory Authorities, and Law Enforcement Authorities”).

Back to Citation 251.

                         FinCEN, *FinCEN's 314(a) Fact Sheet* (last updated Feb. 3, 2026), available at *[https://www.fincen.gov/​sites/​default/​files/​shared/​314afactsheet.pdf](https://www.fincen.gov/sites/default/files/shared/314afactsheet.pdf).* Covered financial institutions are instructed not to reply to the 314(a) request if a search does not uncover any matching accounts or transactions.

Back to Citation 252.

                         
                        See 
                         FinCEN, *Section 314(b) Fact Sheet* (Dec. 2020), available at *[https://www.fincen.gov/​system/​files/​shared/​314bfactsheet.pdf](https://www.fincen.gov/system/files/shared/314bfactsheet.pdf).*

Back to Citation 253. Id.

Back to Citation 254.

                         
                        See [31 CFR 1010.520(b)(3)(i)](https://www.ecfr.gov/current/title-31/section-1010.520#p-1010.520(b)(3)(i)).

Back to Citation 255.

                         
                        See [31 CFR 1010.520(b)(3)(ii)](https://www.ecfr.gov/current/title-31/section-1010.520#p-1010.520(b)(3)(ii)).

Back to Citation 256.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(v)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 257.

                         
                        See [31 U.S.C. 5318(i)(1)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 258.

                         
                        See [31 U.S.C. 5318A](https://www.govinfo.gov/link/uscode/31/5318A) and note; [21 U.S.C. 2313a](https://www.govinfo.gov/link/uscode/21/2313a); *see also* [31 CFR 1010.651-664](https://www.ecfr.gov/current/title-31/section-1010.651-664).

Back to Citation 259.

                         
                        See [31 U.S.C. 5318(j)(1)](https://www.govinfo.gov/link/uscode/31/5318) (specifying prohibition on correspondent accounts for shell banks is limited to financial institutions defined in [31 U.S.C. 5312(A)](https://www.govinfo.gov/link/uscode/31/5312) though (G)); [31 U.S.C. 5318(k)(1)(B)](https://www.govinfo.gov/link/uscode/31/5318) (specifying application of subsection only to covered financial institutions as specified in [31 U.S.C. 5318(j)(1)](https://www.govinfo.gov/link/uscode/31/5318)).

Back to Citation 260.

                         Currently, cross references in § 1010.605(c)(2)(ii) through (iv) to corresponding paragraphs in (e)(1) are misaligned. For example, § 1010.605(c)(2)(ii), which deals with broker dealers, should cross the corresponding paragraph in (e)(1) that deals with broker dealers, paragraph (e)(1)(ii), but instead references paragraph (e)(1)(viii). FinCEN's proposed changes to paragraphs 1010.605(c)(2)(ii) through (iv) clean up the cross references and do not result in any substantive change to the rule.

Back to Citation 261.

                         FinCEN, *Anti-Money Laundering Programs; Special Due Diligence Programs for Certain Foreign Accounts,* [71 FR 496](https://www.federalregister.gov/citation/71-FR-496), [497-98](https://www.federalregister.gov/citation/71-FR-497) (Jan. 4, 2006).

Back to Citation 262. Id. at 499.

Back to Citation 263.

                         
                        See [31 CFR 1010.610-620](https://www.ecfr.gov/current/title-31/section-1010.610-620).

Back to Citation 264.

                         
                        See [31 CFR 1010.610-620](https://www.ecfr.gov/current/title-31/section-1010.610-620).

Back to Citation 265.

                         
                        See [31 CFR 1010.610(b)](https://www.ecfr.gov/current/title-31/section-1010.610#p-1010.610(b)).

Back to Citation 266.

                         
                        See [31 CFR 1010.620(c)](https://www.ecfr.gov/current/title-31/section-1010.620#p-1010.620(c)).

Back to Citation 267.

                         Section 311 is codified at [31 U.S.C. 5318A](https://www.govinfo.gov/link/uscode/31/5318A).

Back to Citation 268.

                         Section 9714(a) of the Combating Russian Money Laundering Act, as amended by section 6106(b) of the National Defense Authorization Act for Fiscal Year 2022. Section 9714 (as amended) can be found in a note to [31 U.S.C. 5318A](https://www.govinfo.gov/link/uscode/31/5318A).

Back to Citation 269.

                         Additionally, FinCEN has proposed special measures that, if finalized, could also require PPSIs to take special measures. 
                        See 
                         FinCEN, *Proposal of Special Measure Regarding MBaer Merchant Bank AG as a Financial Institution Operating Outside of the United States of Primary Money Laundering Concern,* [91 FR 10034](https://www.federalregister.gov/citation/91-FR-10034) (Mar. 2, 2026); FinCEN, *Proposal of Special Measure Regarding Transactions Involving Ten Mexican Gambling Establishments as a Class of Transactions of Primary Money Laundering Concern,* [90 FR 51234](https://www.federalregister.gov/citation/90-FR-51234) (Nov. 17, 2025).

Back to Citation 270.

                         In October 2016, FinCEN issued conditional exceptive relief permitting covered financial institutions to maintain correspondent accounts for Burmese banks under certain conditions. 
                        See 
                         FinCEN, *Conditional Exception to Bank Secrecy Act Regulations Relating to the Burma Section 311 Final Rule,* [81 FR 71986](https://www.federalregister.gov/citation/81-FR-71986) (Oct. 19, 2016).

Back to Citation 271.

                         In May 2025, FinCEN issued conditional exceptive relief permitting covered financial institutions to open and maintain correspondent accounts for the Commercial Bank of Syria under certain conditions. FinCEN, *Exception to Prohibition Imposed by Section 311 of the USA PATRIOT Act Against the Commercial Bank of Syria* (May 23, 2025), available at *[https://www.fincen.gov/​system/​files/​2025-08/​Commercial-Bank-of-Syria-Exceptive-Relief.pdf](https://www.fincen.gov/system/files/2025-08/Commercial-Bank-of-Syria-Exceptive-Relief.pdf).*

Back to Citation 272. 12 U.S.C. 5903(a)(5)(A)(vi).

Back to Citation 273. 12 U.S.C. 5901(23) (defining, in part, “permitted payment stablecoin issuer” as “a person formed in the United States”).

Back to Citation 274.

                         
                        See [50 U.S.C. 1702](https://www.govinfo.gov/link/uscode/50/1702).

Back to Citation 275. 12 U.S.C. 5903(a)(5)(A)(vi).

Back to Citation 276. See, e.g., 50 U.S.C. 1702.

Back to Citation 277. See, e.g., 31 CFR 525.102, 583.102, 587.601.

Back to Citation 278.

                         
                        See [12 U.S.C. 5904(i)(1)](https://www.govinfo.gov/link/uscode/12/5904).

Back to Citation 279. 12 U.S.C. 5905(b)(5)(B)-(C).

Back to Citation 280. See, e.g., 50 U.S.C. 1705(b), 4315(b).

Back to Citation 281.

                         
                        See [12 U.S.C. 5904(i)(1)](https://www.govinfo.gov/link/uscode/12/5904).

Back to Citation 282.

                         
                        See [12 U.S.C. 5901(25)](https://www.govinfo.gov/link/uscode/12/5901), [5901(30)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 283. 12 U.S.C. 5903(a)(5)(A)(vi).

Back to Citation 284. 12 U.S.C. 5903(a)(5)(B).

Back to Citation 285.

                         
                        See 
                         OFAC, *A Framework for OFAC Compliance Commitments* (May 2, 2019) [hereinafter *2019 Compliance Framework* ], available at *[https://ofac.treasury.gov/​media/​16331/​download?​inline](https://ofac.treasury.gov/media/16331/download?inline).*

Back to Citation 286.

                         
                        See 
                         OFAC, *Sanctions Compliance Guidance for the Virtual Currency Industry* (Oct. 2021) [hereinafter *Virtual Currency Industry Guidance* ], available at *<a href="https://ofac.treasury.gov/media/913571/download?inline;">https://ofac.treasury.gov/​media/​913571/​download?​inline;</a> see also* OFAC, *Questions on Virtual Currency,* available at *[https://ofac.treasury.gov/​faqs/​topic/​1626](https://ofac.treasury.gov/faqs/topic/1626).*

Back to Citation 287. See Virtual Currency Industry Guidance, supra note 286, at pp. 14, 16.

Back to Citation 288.

                         OFAC, *Economic Sanctions Enforcement Guidelines,* [74 FR 57593](https://www.federalregister.gov/citation/74-FR-57593) (Nov. 9, 2009).

Back to Citation 289. Id. at 57594.

Back to Citation 290. 12 U.S.C. 5903(a)(5)(B).

Back to Citation 291. See, e.g., OFAC, OFAC Settles with Murad, LLC for $3,334,286 and with a Former Senior Executive of Murad, LLC for $175,000 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (May 17, 2023), available at https://ofac.treasury.gov/​media/​931761/​download?​inline=.

Back to Citation 292.

                         
                        See [12 U.S.C. 5903(a)(5)(B)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 293. Id.

Back to Citation 294. Id.

Back to Citation 295. See, e.g., OFAC, Key Holding, LLC Settles with OFAC for $608,825 Related to Apparent Violations of Cuban Assets Control Regulations (July 2, 2025) [hereinafter Key Holding ], available at https://ofac.treasury.gov/​media/​934456/​download?​inline.

Back to Citation 296. See Virtual Currency Industry Guidance, supra note 286, at p. 11.

Back to Citation 297.

                         The PPSI as an entity would be required to establish and maintain the internal controls as part of the compliance program, which senior management would be required to review and approve as part of reviewing and approving the compliance program writ large. *See supra* section VII.B.1 for discussion of the role of senior management.

Back to Citation 298. 12 U.S.C. 5903(a)(5)(A)(iv).

Back to Citation 299. See Virtual Currency Industry Guidance, supra note 286, at pp. 13-17.

Back to Citation 300. See id. at p. 15.

Back to Citation 301. See, e.g., OFAC, OFAC Imposes $7,139,305 Penalty on Gracetown, Inc. for Violating Ukraine-/Russia-Related Sanctions and Reporting Obligations (Dec. 4, 2025), available at https://ofac.treasury.gov/​media/​934796/​download?​inline.

Back to Citation 302. See, e.g., OFAC, OFAC Settles with Toll Holdings Limited for $6,131,855 Related to Apparent Violations of Multiple Sanctions Programs (Apr. 25, 2022), available at https://ofac.treasury.gov/​media/​922441/​download?​inline=.

Back to Citation 303. See, e.g., Key Holding, supra note 295.

Back to Citation 304. 12 U.S.C. 5903(a)(5)(B).

Back to Citation 305. See generally Virtual Currency Industry Guidance, supra note 286.

Back to Citation 306. See, e.g., OFAC, OFAC Enters Into $1,385,901.40 Settlement with Payoneer Inc. for Apparent Violations of Multiple Sanctions Programs (Jul. 23, 2021), available at https://ofac.treasury.gov/​media/​911571/​download?​inline.

Back to Citation 307. 12 U.S.C. 5903(a)(5)(B).

Back to Citation 308. See, e.g., OFAC, OFAC Settles with 3M Company for $9,618,477 Related to Apparent Violations of the Iranian Transactions and Sanctions Regulations (Sept. 21, 2023), available at https://ofac.treasury.gov/​media/​932161/​download?​inline.

Back to Citation 309. 12 U.S.C. 5903(a)(5)(B).

Back to Citation 310.

                         Relevant stakeholders can include clients, suppliers, business partners, and counterparties. *2019 Compliance Framework, supra* note 285, at p. 7.

Back to Citation 311. 12 U.S.C. 5905(b)(5)(B).

Back to Citation 312. See, e.g., 31 CFR 561.314, 566.312, 589.322, 594.321.

Back to Citation 313.

                         
                        See [12 U.S.C. 5901(22)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 314.

                         
                        See [12 U.S.C. 5901(23)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 315.

                         
                        See [12 U.S.C. 5901(24)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 316.

                         
                        See [12 U.S.C. 5905(b)(5)(B)-(C)](https://www.govinfo.gov/link/uscode/12/5905).

Back to Citation 317.

                         
                        See [50 U.S.C. 1705(b)](https://www.govinfo.gov/link/uscode/50/1705), as adjusted pursuant to the Federal Civil Penalties Inflation Adjustment Act of 1990 ([28 U.S.C. 2461 note](https://www.govinfo.gov/link/uscode/28/2461)).

Back to Citation 318.

                         
                        See [50 U.S.C. 4315(b)(1)](https://www.govinfo.gov/link/uscode/50/4315), as adjusted pursuant to the Federal Civil Penalties Inflation Adjustment Act of 1990 ([28 U.S.C. 2461 note](https://www.govinfo.gov/link/uscode/28/2461)).

Back to Citation 319.

                         FinCEN, FIN-2012-R005, *Compliance Obligations of Certain Loan or Finance Company Subsidiaries of Federally Regulated Banks and Other Financial Institutions* (Aug. 13, 2012), available at *[https://www.fincen.gov/​system/​files/​administrative_​ruling/​FIN-2012-R005.pdf](https://www.fincen.gov/system/files/administrative_ruling/FIN-2012-R005.pdf).*

Back to Citation 320. E.O. 14292, Fighting Overcriminalization in Federal Regulations, 90 FR 20363, 20364 (May 14, 2025).

Back to Citation 321. Id.

Back to Citation 322. Id.

Back to Citation 323. E.O. 12866, Regulatory Planning and Review, 58 FR 51735 (Oct. 4, 1993).

Back to Citation 324. E.O. 13563, Improving Regulation and Regulatory Review, 76 FR 3821 (Jan. 21, 2011).

Back to Citation 325.

                         
                        See [E.O. 14192](https://www.federalregister.gov/executive-order/14192), *Unleashing Prosperity Through Deregulation,* [90 FR 9065](https://www.federalregister.gov/citation/90-FR-9065) (Feb. 6, 2025); Office of Management and Budget (OMB), M-25-20, *Guidance Implementing Section 3 of [Executive Order 14192](https://www.federalregister.gov/executive-order/14192), Titled “Unleashing Prosperity Through Deregulation”* (Mar. 26, 2025), available at *[https://www.whitehouse.gov/​wp-content/​uploads/​2025/​02/​M-25-20-Guidance-Implementing-Section-](https://www.whitehouse.gov/wp-content/uploads/2025/02/M-25-20-Guidance-Implementing-Section-) 3-of-Executive-Order-14192-Titled-Unleashing-Prosperity-Through-Deregulation.pdf.*

Back to Citation 326. 5 U.S.C. 601 et seq.

Back to Citation 327. 2 U.S.C. 1532.

Back to Citation 328. 44 U.S.C. 3501 et seq.

Back to Citation 329.

                         This economic expectation is sensitive to key assumptions about how potentially affected financial institutions would respond to the proposed requirements. FinCEN and OFAC request comment on whether it would instead be more reasonable to certify that the proposed rule would not have a significant economic impact on a substantial number of small entities.

Back to Citation 330.

                         The UMRA requires an assessment of any Federal mandates that may result in annual expenditures of $100 million or more, adjusted for inflation, before issuing a general notice of proposed rulemaking. [2 U.S.C. 1532(a)](https://www.govinfo.gov/link/uscode/2/1532). FinCEN and OFAC have not anticipated material changes in expenditures for State, local, and Tribal governments, insofar as they would not participate in the primary activities of monitoring or enforcing compliance of the newly proposed requirements in a way that differs from current involvement, thereby incurring novel incremental costs. But because the proposed rule would affect entities in the private sector that are covered financial institutions, FinCEN and OFAC have considered expenditures these private entities may incur, pursuant to UMRA, as part of the regulatory impact in its assessment below.

Back to Citation 331. See supra section VI.A.1.

Back to Citation 332. 12 U.S.C. 5903(a)(5)(A).

Back to Citation 333. 12 U.S.C. 5903(a)(5)(A)(i)-(iv).

Back to Citation 334. 12 U.S.C. 5903(a)(5)(A)(vi).

Back to Citation 335. 12 U.S.C. 5903(a)(6)(B).

Back to Citation 336. See infra section XII.A.

Back to Citation 337. See infra section XII.B.

Back to Citation 338. See infra section XII.C.

Back to Citation 339. See infra section XII.D.

Back to Citation 340. See infra section XII.E.

Back to Citation 341. See infra section XII.F.

Back to Citation 342. See infra section XII.A.1.

Back to Citation 343. See infra section XII.A.2.

Back to Citation 344. See infra section XII.A.3.

Back to Citation 345. See infra section XII.A.4.

Back to Citation 346. See infra section XII.A.5.

Back to Citation 347. See generally supra section II.

Back to Citation 348.

                         
                        See [E.O. 12866](https://www.federalregister.gov/executive-order/12866), section 1(b)(1) (“Each agency shall identify the problem that it intends to address (including, where applicable, the failures of private markets or public institutions that warrant new agency action) as well as assess the significance of that problem.”).

Back to Citation 349.

                         With respect to AML/CFT programs in particular, Congress instructed FinCEN to consider the potential economic inefficiencies engendered by the presence of market externalities when promulgating implementing regulations. 
                        See [31 U.S.C. 5318(h)(2)(B)(i)](https://www.govinfo.gov/link/uscode/31/5318) (stating financial institutions are spending private compliance funds for a public and private benefit, including protecting U.S. 

                        financial system from illicit finance risks); *see also* [31 U.S.C. 5318(h)(2)(B)(iii)](https://www.govinfo.gov/link/uscode/31/5318) (stating that AML/CFT programs safeguard national security and generate significant public benefits by prevent illicit flows of funds and assisting law enforcement and national security agencies with information).

Back to Citation 350. See, e.g., FinCEN, Anti-Money Laundering and Countering the Financing of Terrorism Programs, 89 FR 55428, 55451 (July 3, 2024).

Back to Citation 351. See infra section XII.A.4.i.

Back to Citation 352.

                         In this context, FinCEN and OFAC employ the term “market” in its broadest economic sense, referring to any set of exchanges, transactions, or actions that involve counterparties with unique objectives. The baseline here set forth also forms the counterfactual against which the quantifiable effects of the rule are measured; therefore, substantive errors in or omissions of relevant data, facts, or other information may affect the conclusions formed regarding the general and economically significant impacts of the rule. FinCEN and OFAC invite comment on the accuracy of the baseline population estimates as well as any supporting studies, data, or anecdotes.

Back to Citation 353.

                         
                        See [E.O. 12866](https://www.federalregister.gov/executive-order/12866), section 1(a) (“In deciding whether and how to regulate, agencies should assess all costs and benefits of available regulatory alternatives, including the alternative of not regulating”).

Back to Citation 354. See infra section XII.A.4; see also infra sections XII.C. and XII.E.

Back to Citation 355.

                         Analyzing the anticipated effects of a rule requires first establishing what the proposed changes will be measured against, and establishing such a counterfactual often requires making numerous assumptions. The extent to which the proposed rule would impose incremental economic effects relies on a number of assumptions about the strategic decisions current and future stablecoin issuers would make, responsive to various factors, that include but are not limited to: (1) the decision to remain/become a stablecoin issuer; (2) the decision to pursue registration as a PPSI, and if so; (3) the decision about which type of PPSI status to seek. These assumptions, in turn, inform the selection of the most informative counterfactual(s), including the appropriate regulatory baseline.

Back to Citation 356. See supra note 11.

Back to Citation 357.

                         For example, if one assumes a current stablecoin issuer decides to both remain an issuer and pursue registration as a PPSI, the most relevant regulatory baseline comparison might be relative to the current AML/CFT requirements for MSBs that are money transmitters. Alternatively, if a decision is made to newly become a stablecoin issuer, and to do so as a bank subsidiary, then the current BSA requirements of the parent bank might be a more appropriate regulatory baseline to assess the incremental burden of that PPSI.

Back to Citation 358. 31 CFR 1020.220; see generally Supporting Statement for OMB Control No. 1506-0026: FinCEN, Customer Identification Program Regulatory Requirements for Banks (Aug. 29, 2024), available at https://www.reginfo.gov/​public/​do/​PRAViewDocument?​ref_​nbr=​202408-1506-003.

Back to Citation 359. 31 CFR 1020.210(a)(2)(v) and (b)(2)(v), 1010.230(b)(c); see generally Supporting Statement OMB Control No. 1506-0070: FinCEN, Beneficial Ownership Requirements for Legal Entity Customers (Apr. 30, 2024), available at https://www.reginfo.gov/​public/​do/​PRAViewDocument?​ref_​nbr=​202404-1506-004.

Back to Citation 360. 31 CFR 1020.315; see generally Supporting Statement OMB Control No. 1506-0012: FinCEN, Transactions of Exempt Persons Regulations, and FinCEN Form 110, Designation of Exempt Persons Report (Oct. 28, 2024), available at https://www.reginfo.gov/​public/​do/​PRAViewDocument?​ref_​nbr=​202410-1506-001.

Back to Citation 361. 31 CFR 1020.410; see generally Supporting Statement OMB Control No. 1506-0059: FinCEN, Additional Records to be Made and Retained by Banks (Oct. 29, 2024), available at https://www.reginfo.gov/​public/​do/​PRAViewDocument?​ref_​nbr=​202410-1506-006.

Back to Citation 362. 31 CFR 1020.610, 1020.620, 1010.610, 1010.620; see generally Supporting Statement OMB Control No. 1506-0046: FinCEN, Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions and for Private Banking Accounts (Aug. 27, 2024), available at https://www.reginfo.gov/​public/​do/​PRAViewDocument?​ref_​nbr=​202408-1506-001.

Back to Citation 363. 31 CFR 1020.630, 1010.630; see generally Supporting Statement OMB Control No. 1506-0043: FinCEN, Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process (July 31, 2025), available at https://www.reginfo.gov/​public/​do/​PRAViewDocument?​ref_​nbr=​202501-1506-001.

Back to Citation 364. 31 CFR 1060.300; see generally Supporting Statement OMB Control No. 1506-0066: FinCEN, Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions Designated under IEEPA and IRGC-Linked Persons Designated under IEEPA (July 8, 2025), available at https://www.reginfo.gov/​public/​do/​PRAViewDocument?​ref_​nbr=​202507-1506-001.

Back to Citation 365.

                         If, under an effective GENIUS framework, the issuer of an existing stablecoin product applies and is granted registration as a PPSI, then its obligations under the BSA as an MSB would be superseded by its new obligations as a PPSI.

Back to Citation 366.

                         In [12 U.S.C. 5901(23)](https://www.govinfo.gov/link/uscode/12/5901), the GENIUS Act defines PPSIs as persons incorporated in the United States. As such, in order to issue stablecoins, an issuer would need to register as a U.S. person and would therefore become subject to U.S. sanctions laws and all resulting obligations.

Back to Citation 367.

                         OFAC's Enforcement Guidelines, [31 CFR part 501, Appendix A](https://www.ecfr.gov/current/title-31/part-501/appendix-Appendix%2520A%2520to%2520Part%2520501), include the existence, nature, and adequacy of a subject person as a factor in determining what administrative action to take in response to an apparent violation of U.S. sanctions.

Back to Citation 368.

                         This understanding aligns with OFAC's guidance in the 2019 Compliance Framework, which notes that “OFAC strongly encourages organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services, to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program (SCP).” *2019 Compliance Framework, supra* note 285, at p. 1.

Back to Citation 369.

                         23 NYCRR Part 200; NYDFS, *Guidance on the Issuance of U.S. Dollar-Backed Stablecoins* (June 8, 2022), available at *[https://www.dfs.ny.gov/​industry_​guidance/​industry_​letters/​il20220608_​issuance_​stablecoins](https://www.dfs.ny.gov/industry_guidance/industry_letters/il20220608_issuance_stablecoins).*

370.

                         23 NYCRR 200.4; *see also* NYDFS, *Guidance on the Issuance of U.S. Dollar-Backed Stablecoins* (June 8, 2022), available at *[https://www.dfs.ny.gov/​industry_​guidance/​industry_​letters/​il20220608_​issuance_​stablecoins](https://www.dfs.ny.gov/industry_guidance/industry_letters/il20220608_issuance_stablecoins).*

371.

                         23 NYCRR 200.10; *see also* NYDFS, *Guidance on the Issuance of U.S. Dollar-Backed Stablecoins* (June 8, 2022).

372.

                         NYDFS, *Guidance on the Issuance of U.S. Dollar-Backed Stablecoins* (June 8, 2022).

Back to Citation 373. See, e.g., Texas Dep't of Banking, GENIUS Act—Non Depository (last accessed Apr. 6, 2026) (noting that Texas “currently licenses and regulates issuers of fiat-currency backed stablecoin as money transmitters), available at https://www.dob.texas.gov/​money-services-business/​genius-act-non-depository.

Back to Citation 374. 12 U.S.C. 5904(i)(1).

Back to Citation 375. 12 U.S.C. 5905(a)(2)(D).

Back to Citation 376. See supra note11; see also infra section XII.E.

Back to Citation 377. See infra section XII.A.2.ii.d. 1.

Back to Citation 378. See infra section XII.A.2.ii.d. 2.

Back to Citation 379.

                         OFAC does not anticipate the proposed sanction compliance program requirements would have an incremental direct economic effect on a future PPSI's primary market customers because OFAC's proposed rule applies only to the PPSIs themselves. Further, as noted previously, future PPSIs would already be U.S. persons and therefore subject to U.S. sanctions laws irrespective of any regulations issued under the Act. As a result, they would have already been prohibited from engaging in prohibited transactions with or involving prospective primary market customers, and OFAC's proposed additional requirement that the PPSI would need to maintain an effective sanctions compliance program should not impose any additional burden or economic impact on that PPSI's direct customers. To the extent a non-U.S. person stablecoin issuer would become U.S. persons to qualify as a PPSI, as discussed above in section XII.A.2.i.b, OFAC's experience administering U.S. sanctions has demonstrated that sophisticated multi-jurisdictional financial actors, of the type that would seek to qualify as a PPSI, often maintain sanctions compliance programs aligned with U.S. sanctions requirements regardless of their status as U.S. persons. Furthermore, where a future PPSI's direct customers are U.S. persons, those direct customers would already also be subject to existing U.S. sanctions requirements themselves. OFAC invites comment on whether the reasoning that its proposed rule would not have an economic impact on direct customers of PPSIs is reasonable.

Back to Citation 380.

                         
                        See [12 U.S.C. 5901(22)](https://www.govinfo.gov/link/uscode/12/5901); *see also supra* section VI.C.1.viii.

Back to Citation 381.

                         
                        See [12 U.S.C. 5903(a)(11)](https://www.govinfo.gov/link/uscode/12/5903), PPSIs are not permitted to pay the holder of any payment stablecoin any form of interest or yield solely in connection with the holding, use, or retention of payment stablecoins. *See also* [12 U.S.C. 5903(a)(1)(A)](https://www.govinfo.gov/link/uscode/12/5903). PPSIs are required to maintain identifiable reserves backing its payment stablecoin, on at least a one-to-one basis, with reserves composed of certain specific, high-quality and liquid assets, including United States coins and currency; demand deposits; and Treasury bills, notes, or bonds. Accordingly, the GENIUS Act does not allow payment stablecoins to be backed by, for example, other kinds of digital assets, nor does the GENIUS Act allow payment stablecoins to be algorithmic backed.

Back to Citation 382. 12 U.S.C. 5901(22).

Back to Citation 383. 12 U.S.C. 5903(a)(1).

Back to Citation 384.

                         The degree to which the current stablecoin market would migrate to PPSI status under the proposal remains uncertain. The issuers of several large products have made varying statements about their interest in seeking PPSI status.

Back to Citation 385.

                         FinCEN and OFAC invite comments on the methodology and assumptions used to derive this estimate.

Back to Citation 386.

                         FinCEN and OFAC invite comment on the driving factors that would incentivize an issuer to apply for PPSI status.

Back to Citation 387.

                         FinCEN and OFAC expect that issuers of payment stablecoin products may have several incentives to apply for status as a PPSI instead of existing under another designation. First, because PPSIs would be required by law to maintain certain standards (for example, holding certain assets in their reserve portfolio), the designation may be attractive to more risk-averse investors or payment stablecoin customers. In addition, because potential PPSIs would be required to apply for that status and be approved by the appropriate regulatory agency to be entitled to the designation, the designation may serve as a stronger signal of regulatory compliance in contrast to a self-adopted designation. Other issuers may have alternative incentives to avoid the PPSI designation, despite being technically able to comply with its requirements.

Back to Citation 388.

                         In addition to activities permitted for PPSIs, the GENIUS Act allows for the offering and selling in the United States of payment stablecoins issued by FPSIs subject to certain requirements. 
                        See [12 U.S.C. 5902(b)(2)](https://www.govinfo.gov/link/uscode/12/5902).

Back to Citation 389.

                         To the extent that the evolution of the stablecoin market is comparable to other technology sector models. *See e.g.,* Steven Klepper, “Entry, Exit, Growth, and Innovation over the Product Life Cycle,” *The American Economic Review,* vol. 86, no. 3 (June 1996), at pp. 562-83, available at *[https://www.jstor.org/​stable/​pdf/​2118212.pdf](https://www.jstor.org/stable/pdf/2118212.pdf).*

Back to Citation 390. See supra note 11.

Back to Citation 391. See id.

Back to Citation 392.

                         Because no currently operating stablecoin issuers have been identified that can, with more certainty than not, be expected to become a SQPSI within the PPSI regulatory framework (as defined in proposed [31 CFR 1010.100(ttt)(3)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(ttt)(3)) and [31 CFR 1010.100(xxx)](https://www.ecfr.gov/current/title-31/section-1010.100#p-1010.100(xxx))), the population used in this analysis does not include an estimate for these types of potential future PPSIs.

Back to Citation 393. See supra sections VI.C.1.xi and xiii (discussing potential definitions for FQPSIs and SQPSIs at 31 CFR 1010.100(vvv) and (xxx), respectively); s ee also 12 U.S.C. 5901(11), (31).

Back to Citation 394. See supra section VI.A.2.i.

Back to Citation 395.

                         Certain state regulators may be affected in a way that is comparable to the effects on Federal regulators. However, given that the GENIUS Act sets out a federal regulatory framework with certain tasks for Federal regulators, it is difficult at this time to do more than speculate about what actions states may take, and therefore FinCEN and OFAC did not attempt to estimate the effect of this rule on state regulatory agencies. However, FinCEN and OFAC are interested in receiving comments offering assessments on this subject.

Back to Citation 396.

                         FinCEN is not proposing to amend § 1010.810(b)(8) to effectuate this because the existing delegation covers it. *See supra* section VI.C.2.i.

Back to Citation 397.

                         This figure is based on the estimated number of compliance examiners at the Board, FDIC, NCUA, and OCC.

Back to Citation 398.

                         These figures represent an approximate number of Federal examiners provided by Federal functional regulators with AML/CFT supervisory responsibilities.

Back to Citation 399. See supra section VII.A.

Back to Citation 400.

                         On the listed figure, see *supra* note 398. *See generally* OFAC, *Examination Guidelines,* (Jun. 30, 2005) available at *[https://ofac.treasury.gov/​recent-actions/​20050630a](https://ofac.treasury.gov/recent-actions/20050630a).*

Back to Citation 401.

                         
                        See 
                         FinCEN, *Financial Crimes Enforcement Network (FinCEN) Year in Review for Fiscal Year 2024,* p. 5. Note that not all users are from external agencies. FinCEN employees are also among the users with access to the BSA Portal.

Back to Citation 402. See infra section XII.A.2.ii.d. 2.

Back to Citation 403. 12 U.S.C. 5903(a)(5)(A).

Back to Citation 404.

                         The Federal Bureau of Investigation estimated that in 2025 direct losses to U.S. citizens resultant of crypto-related scammers and fraudsters exceeded $7.2 billion. 
                        See 
                         Federal Bureau of Investigation, *2025 internet Crime Report* (2026), available at *[https://www.ic3.gov/​AnnualReport/​Reports/​2024_​IC3Report.pdf](https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf); see also supra* section IV.D.2.

Back to Citation 405. See supra section IV.D.

Back to Citation 406.

                         To address the impact of extreme outliers, the truncated average was estimated by removing six percent of the sample from the left and right tails of the distribution (the single smallest and largest values). The largest value was more than three standard deviations away from nearest value, making it a significant outlier.

Back to Citation 407.

                         A substantial portion of these customers may be affiliates of a single counterparty or associated with non-U.S. entities. In cases where these entities are not U.S. persons, the incremental economic burdens of the proposed rule, while considered as part of the broader economic analysis, are not included in the IRFA (see *infra* section XII.C) because RFA considerations apply to U.S. small entities only.

Back to Citation 408.

                         In cases where these entities are not U.S. persons, the incremental economic burdens of the proposed rule, while considered as part of the broader economic analysis, are not included in the IRFA because RFA considerations apply to U.S. small entities only.

Back to Citation 409.

                         Such firms would be classified under North American Industry Classification System (NAICS) industry code 523 (“Securities, Commodity Contracts, and Other Financial Investments and Related Activities”).

Back to Citation 410.

                         The term “potential payment stablecoin” is meant in this analysis to refer to those products which, based on FinCEN's analysis, possess the attributes that could qualify them as “payment stablecoins” as defined in the GENIUS Act.

Back to Citation 411. See infra section XII.A.2.iii.b.

Back to Citation 412. See infra section XII.A.2.iii.c.

Back to Citation 413.

                         The FATF identifies central governance bodies (issuers) as “obliged entities” responsible for customer due diligence and transaction monitoring; they typically collect some customer information from primary market customers. 
                        See 
                         FATF, *Report to the G20 on So-called Stablecoins,* pp. 9-11 (Jun. 2020), available at *[https://www.fatf-gafi.org/​en/​publications/​Virtualassets/​Report-g20-so-called-stablecoins-june-2020.html](https://www.fatf-gafi.org/en/publications/Virtualassets/Report-g20-so-called-stablecoins-june-2020.html).*

Back to Citation 414.

                         The truncated average was calculated by removing the single largest outlier, which had over 4,000 filings, significantly more than the next highest value. This entity also offered other retail products in addition to their stablecoin offering, resulting in a number of SARs being filed unrelated to their stablecoin product.

Back to Citation 415.

                         William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, [Public Law 116-283](https://www.govinfo.gov/link/plaw/116/public/283), 134 Stat. 3388 (Jan. 1, 2021), sec. 6201 (Annual reporting requirements).

Back to Citation 416.

                         FinCEN, *Agency Information Collection Activities: Proposed Renewal; Comment Request; Renewal Without Change of the Generic Clearance for the Collection of Qualitative Feedback on Agency Service Delivery,* [88 FR 30383](https://www.federalregister.gov/citation/88-FR-30383) (May 11, 2023).

Back to Citation 417.

                         
                        See 
                         GAO, *Anti-Money Laundering: Opportunities Exist to Increase Law Enforcement Use of Bank Secrecy Act Reports, and Banks' Costs to Comply with the Act Varied,* GAO-20-574 (Sept. 2020), available at *[https://www.gao.gov/​assets/​gao-20-574.pdf](https://www.gao.gov/assets/gao-20-574.pdf).* GAO conducted the survey from November 9, 2019, through March 16, 2020.

Back to Citation 418.

                         Based on a response rate of approximately 57 percent.

Back to Citation 419.

                         
                        See 
                         OFAC, *2019 Compliance Framework, supra* note 285.

Back to Citation 420.

                         
                        See 
                         OFAC, *Virtual Currency Industry Guidance, supra* note 286.

Back to Citation 421.

                         
                        See 
                         OFAC, *Questions on Virtual Currency,* available at *[https://ofac.treasury.gov/​faqs/​topic/​1626](https://ofac.treasury.gov/faqs/topic/1626).*

Back to Citation 422.

                         
                        See 
                         FinCEN, *Information on Complying with the Customer Due Diligence (CDD) Final Rule,* available at *[https://www.fincen.gov/​resources/​statutes-and-regulations/​cdd-final-rule](https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule); see also* FinCEN, *Fact Sheet: Proposed Rule to Strengthen and Modernize Financial Institution AML/CFT Programs,* FIN-2024-FCT1 (Jun. 28, 2024), available at *[https://www.fincen.gov/​system/​files/​shared/​Program-NPRM-FactSheet-508.pdf](https://www.fincen.gov/system/files/shared/Program-NPRM-FactSheet-508.pdf);* FinCEN, the Board, FDIC, NCUA, and OCC, *Interagency Statement on the Issuance of the AML/CFT Program Notices of Proposed Rulemaking* (Jul. 19, 2024), available at *[https://www.fincen.gov/​system/​files/​shared/​Interagency-Statement-on-the-Issuance-of-the-AML-CFT-Program-Notices-of-Proposed-Rulemaking-FINAL.pdf](https://www.fincen.gov/system/files/shared/Interagency-Statement-on-the-Issuance-of-the-AML-CFT-Program-Notices-of-Proposed-Rulemaking-FINAL.pdf); see also* FinCEN, *Anti-Money Laundering and Countering the Financing of Terrorism Programs,* [89 FR 55428](https://www.federalregister.gov/citation/89-FR-55428) (July 3, 2024).

Back to Citation 423.

                         
                        See 
                         OFAC, *Entities Owned by Blocked Persons (50% Rule)* (Aug. 13, 2024), available at *[https://ofac.treasury.gov/​faqs/​topic/​1521](https://ofac.treasury.gov/faqs/topic/1521).*

Back to Citation 424. See supra section IV.A, note 37.

Back to Citation 425. See infra section XII.A.4.

Back to Citation 426.

                         As noted in section V.B, U.S. persons, including U.S. person stablecoin issuers, are and have always been subject to U.S. sanctions laws, including with respect to transactions occurring on the primary or secondary markets.

Back to Citation 427. See supra section VI.C.3.ii.a. 3.

Back to Citation 428. 12 U.S.C. 5903(a)(5), 5903(a)(5)(A)(v).

Back to Citation 429.

                         
                        See [31 U.S.C. 5318(h)(1)(D)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 430. See supra section VI.C.3.ii.b.

Back to Citation 431. See supra section VI.C.3.ii.c.

Back to Citation 432.

                         This individual is also commonly referred to as a “BSA officer.” However, as discussed below, the particular labels that FinCEN or a PPSI may use to refer to this individual are immaterial.

Back to Citation 433.

                         
                        See [31 U.S.C. 5318(h)(1)(C)](https://www.govinfo.gov/link/uscode/31/5318).

Back to Citation 434. See supra section VI.C.3.ii.d.

Back to Citation 435. See supra sections VI.C.3.iii-iv.

Back to Citation 436. See supra section VI.C.5.

Back to Citation 437. 12 U.S.C. 5903(a)(5)(A)(iv).

Back to Citation 438.

                         As noted in section V.B, however, U.S. persons, including U.S. financial institutions, are required to comply with U.S. sanctions laws, including obligations to block, reject, and report certain prohibited transactions.

Back to Citation 439. 12 U.S.C. 5903(a)(6)(B).

Back to Citation 440.

                         
                        See [12 U.S.C. 5901(16)](https://www.govinfo.gov/link/uscode/12/5901).

Back to Citation 441. See supra sections VI.C.6.ii.

Back to Citation 442. See supra section VI.C.7.

Back to Citation 443. See supra section VI.C.8.

Back to Citation 444.

                         
                        See [12 U.S.C. 5903(a)(5)(A)(ii)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 445.

                         
                        See [12 U.S.C. 1953](https://www.govinfo.gov/link/uscode/12/1953); [31 U.S.C. 5318(a)(2)](https://www.govinfo.gov/link/uscode/31/5318); *see also* [12 U.S.C. 5901(2)](https://www.govinfo.gov/link/uscode/12/5901) (defining “Bank Secrecy Act” to include [12 U.S.C. 1951](https://www.govinfo.gov/link/uscode/12/1951) *et seq.*); [31 U.S.C. 5311(1)](https://www.govinfo.gov/link/uscode/31/5311) (stating purpose of the BSA includes requiring records that are highly useful for law enforcement and regulatory investigations and intelligence and counterintelligence activities).

Back to Citation 446. See supra section VI.C.9.

Back to Citation 447. See supra section VI.C.11.

Back to Citation 448. See supra section VI.C.11.iii.

Back to Citation 449. 12 U.S.C. 5903(a)(5)(A)(vi).

Back to Citation 450. 12 U.S.C. 5903(a)(5)(B).

Back to Citation 451. See supra section VII.B; OFAC, 2019 Compliance Framework, supra note 285.

Back to Citation 452. See supra section VII.B.1.

Back to Citation 453. See supra section VII.B.2.

Back to Citation 454. See supra section VII.B.3.

Back to Citation 455. See supra section VII.B.4.

Back to Citation 456. See supra section VII.B.5.

Back to Citation 457.

                         
                        See 
                         OFAC, *2019 Compliance Framework, supra* note 285.

Back to Citation 458.

                         A PPSI, by virtue of their status as a U.S. person would be required to comply with U.S. sanctions obligations applicable to U.S. persons under OFAC's existing regulations. *See, e.g.,* [31 CFR 510.326](https://www.ecfr.gov/current/title-31/section-510.326), [555.313](https://www.ecfr.gov/current/title-31/section-555.313), [583.314](https://www.ecfr.gov/current/title-31/section-583.314).

Back to Citation 459.

                         
                        See 
                         OFAC, *2019 Compliance Framework, supra* note 285; OFAC, *Virtual Currency Industry Guidance, supra* note 286.

Back to Citation 460.

                         
                        See [31 CFR part 501](https://www.ecfr.gov/current/title-31/part-501).

Back to Citation 461. See supra section VII.B.4.

Back to Citation 462. See supra section VII.A.

Back to Citation 463.

                         A BIS study found that a one-standard-deviation increase in digital asset regulatory comprehensiveness, as measured by the authors, was associated with a 30-percent increase in capital raised by crypto-related firms located in those jurisdictions. 
                        See 
                         Matteo Aquilina, Giulio Cornelli, and Marina Sanchez del Villar, “Regulation, Information Asymmetries and the Funding of New Ventures,” *BIS Working Papers,* no. 1162, pp. 5-21 (Jan. 2024), available at *[https://www.bis.org/​publ/​work1162.pdf](https://www.bis.org/publ/work1162.pdf).*

Back to Citation 464.

                         Note, the incremental costs presented in this subsection differ in several ways from the PRA recordkeeping and reporting costs presented in section XII.E below. The cost totals presented here reflect the estimated incremental costs that would result from this proposed rule, while the costs presented in section XII.E analysis include pro forma accounting of all costs associated with the PRA recordkeeping and reporting activities required by the proposed rule, even if such activities are already being conducted by the respondents.

Back to Citation 465.

                         FinCEN estimates that the net present value of costs associated with a three-year time horizon is $3.44 million ($3.68 million) using a 7 precent (3 percent) discount rate, respectively. This equates to annualized costs of $1.31 million ($1.30 million) using the same discount rates.

Back to Citation 466. See infra section XII.A.4.ii.a for a discussion of the basis for differential cost estimates by size. See specifically sections XII.A.4.ii.a. 1, 4, and 7.

Back to Citation 467.

                         This estimate was obtained by applying the equivalent annual revenue threshold for small entities described and utilized in the IRFA below. *See infra* section XII.C.2.i.b.

Back to Citation 468.

                         This includes both producing the program and any program certifications upon request. *See supra* sections VI.C.3.iii and iv.

Back to Citation 469.

                         Throughout this analysis, FinCEN and OFAC apply an hourly wage rate that is a general composite hourly wage rate ($87.61) scaled by a private sector benefits factor of 1.42 ($124.58 = $87.61 × 1.42). This incorporates Bureau of Labor Statistics (BLS) mean wage data associated with six occupational codes (11-1010: Chief Executives; 11-3021: Computer and Information Systems Managers; 11-3031: Financial Managers; 13-1041: Compliance Officers; 23-1010: Lawyers and Judicial Law Clerks; 43-3099: Financial Clerks, All Other) for each of the nine groupings of NAICS industry codes that FinCEN and OFAC determined are most directly comparable to its 11 categories of potentially affected financial institutions as delineated in [31 CFR parts 1020 to 1030](https://www.ecfr.gov/current/title-31/part-1020). 
                        See 
                         BLS, *May 2024—National industry-specific and by ownership,* available at *[https://www.bls.gov/​oes/​tables.htm](https://www.bls.gov/oes/tables.htm).* Given that many occupations provide benefits beyond wages (*e.g.,* insurance and paid leave), FinCEN and OFAC apply the private sector benefit factor to the unloaded wage rate to reflect the total cost to the employer. The benefit factor is the ratio of total compensation (which includes wages and benefits) to wages. Total compensation = 43.94 and Wages and salaries = 30.90 (1.42 = 43.94 ÷ 30.90) as of June 2024, based on the private industry workers series data downloaded from BLS. BLS, *Employer Costs for Employee Compensation* data, available at *[https://www.bls.gov/​news.release/​archives/​ecec_​09102024.pdf](https://www.bls.gov/news.release/archives/ecec_09102024.pdf).*

Back to Citation 470. See supra sections VI.C.3.ii.b and VII.B.4.

Back to Citation 471.

                         In 2024, FinCEN's analysis of AML/CFT software implementation and testing, based on a 2020 study by the GAO, estimated independent AML/CFT testing for financial institutions to cost approximately $17,000, which was 1.37 times more costly than AML/CFT software implementation. 
                        See 
                         FinCEN, *Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers,* [89 FR 72230](https://www.federalregister.gov/citation/89-FR-72230) (Sept. 4, 2024), at table 5.3.

Back to Citation 472. See supra section VI.C.3.ii.d.

Back to Citation 473. See supra section VII.B.5.

Back to Citation 474.

                         FinCEN and OFAC invite comment on whether these are accurate assumptions.

Back to Citation 475.

                         
                        See 
                         the 2026 NPRM, FinCEN, *Anti-Money Laundering and Countering the Financing of Terrorism Programs,* at section X.E.2 of that NPRM.

Back to Citation 476. See supra VI.C.5.

Back to Citation 477. See supra section XII.A.2.ii.a.

Back to Citation 478. See supra section XII.A.2.ii.d. 2.

Back to Citation 479.

                         With respect to OFAC requirements, as described in section VII.B.3, under the proposed rule, OFAC would require a PPSI to establish and maintain risk-based controls, including technical capabilities and written policies and procedures, to identify any activity prohibited by U.S. sanctions and take appropriate action, including blocking, rejecting, and reporting certain transactions in compliance with existing OFAC regulations. While the technological ability to block, freeze, and reject specific transactions would be a new requirement, OFAC expects that most or all PPSIs would already have this capability as a part of standard business practices.

Back to Citation 480.

                         There are no OFAC associated costs considered here because this section does not apply to OFAC related requirements.

Back to Citation 481.

                         Among the products and issuers FinCEN examined, as discussed in section XII.A.2.iii.b, the top five largest potential PPSI issuers (each with reserve assets of over $300 million) filed approximately 88 percent of the total SARs observed by FinCEN.

Back to Citation 482.

                         FinCEN and OFAC request public comment on the accuracy and completeness of this estimate.

Back to Citation 483.

                         
                        See 
                         Bank Policy Institute, *Getting to Effectiveness—Report on U.S. Financial Institution Resources Devoted to BSA/AML & Sanctions Compliance* (Oct. 29, 2018), table 1, p. 6, available at *[https://bpi.com/​wp-content/​uploads/​2018/​10/​BPI_​AML_​Sanctions_​Study_​vF.pdf](https://bpi.com/wp-content/uploads/2018/10/BPI_AML_Sanctions_Study_vF.pdf).*

Back to Citation 484.

                         This section does not apply to OFAC related requirements and so OFAC associated costs are not considered here.

Back to Citation 485. See supra section VII.B.4.

Back to Citation 486. See supra section XII.A.2.ii.d. 2.

Back to Citation 487.

                         FinCEN and OFAC request public comment on the accuracy and completeness of this estimate.

Back to Citation 488.

                         
                        See 
                         FinCEN, *Agency Information Collection Activities; Proposed Renewal; Comment Request; Renewal Without Change on Information Sharing Between Government Agencies and Financial Institutions,* [90 FR 47125](https://www.federalregister.gov/citation/90-FR-47125) (Sept. 30, 2025).

Back to Citation 489.

                         This section does not apply to OFAC related requirements and as such there were no OFAC associated costs to consider here.

Back to Citation 490.

                         FinCEN requests public comment on the accuracy and completeness of this estimate.

Back to Citation 491.

                         As this section does not apply to OFAC related requirements, no additional OFAC associated costs were considered here.

Back to Citation 492. See supra section VI.C.11.iii.

Back to Citation 493.

                         FinCEN, *Agency Information Collection Activities; Proposed Renewal; Comment Request: Renewal Without Change of Information Collection Requirements in Connection With the Imposition of Special Measures,* [90 FR 57279](https://www.federalregister.gov/citation/90-FR-57279) (Dec. 10, 2025).

Back to Citation 494.

                         OFAC is not making a proposal under this section and as such, there are no OFAC associated costs to be considered here.

Back to Citation 495. See, FinCEN, Congressional Budget Justification FY 2026, available at https://home.treasury.gov/​system/​files/​266/​11.-FinCEN-FY-2026-CJ.pdf.

Back to Citation 496. 31 CFR part 501, Appendix A.

Back to Citation 497. See supra section XII.A.2.ii.d. 2.

Back to Citation 498. See id.

Back to Citation 499.

                         Because FinCEN and OFAC expect most primary market customers to be legal entities in the financial sector, it applies the standard wage rage, which is broadly reflective of expected wage costs for a wide range of financial institutions. This 

                        hourly wage rate is a general composite hourly wage rate ($87.61) scaled by a private sector benefits factor of 1.42 ($124.58 = $87.61 × 1.42). This incorporates BLS mean wage data associated with six occupational codes (11-1010: Chief Executives; 11-3021: Computer and Information Systems Managers; 11-3031: Financial Managers; 13-1041: Compliance Officers; 23-1010: Lawyers and Judicial Law Clerks; 43-3099: Financial Clerks, All Other) for each of the nine groupings of NAICS industry codes that FinCEN determined are most directly comparable to its 11 categories of potentially affected financial institutions as delineated in [31 CFR parts 1020 to 1030](https://www.ecfr.gov/current/title-31/part-1020). 
                        See 
                         BLS, *May 2024—National industry-specific and by ownership,* available at *[https://www.bls.gov/​oes/​tables.htm](https://www.bls.gov/oes/tables.htm).* Given that many occupations provide benefits beyond wages (*e.g.,* insurance and paid leave), FinCEN applies the private sector benefit factor to the unloaded wage rate to reflect the total cost to the employer. The benefit factor is the ratio of total compensation (which includes wages and benefits) to wages. Total compensation = 43.94 and Wages and salaries = 30.90 (1.42 = 43.94 ÷ 30.90) as of June 2024, based on the private industry workers series data downloaded from BLS. BLS, *Employer Costs for Employee Compensation* data, available at *[https://www.bls.gov/​news.release/​archives/​ecec_​09102024.pdf](https://www.bls.gov/news.release/archives/ecec_09102024.pdf).*

Back to Citation 500.

                         
                        See [12 U.S.C. 5903(a)(5)(B)](https://www.govinfo.gov/link/uscode/12/5903).

Back to Citation 501.

                         
                        See 
                         GENIUS Act, [Pub. L. 119-27](https://www.govinfo.gov/link/plaw/119/public/27).

Back to Citation 502. See id.

Back to Citation 503. See supra section II.A.

Back to Citation 504. 12 U.S.C. 5903(a)(5)(A).

Back to Citation 505.

                         
                        See [12 U.S.C. 5903(a)(5)(B)](https://www.govinfo.gov/link/uscode/12/5903); *see also supra* note 15 (discussing GENIUS Act delegation to Directors of FinCEN and OFAC).

Back to Citation 506. 12 U.S.C. 5901(11). FinCEN proposes to define this category in its regulations using essentially the same language as the statute. See supra section VI.C.1.xi.

Back to Citation 507. 12 U.S.C. 5901(31). FinCEN proposes to define this category in its regulations using essentially the same language as the statute. See supra section VI.C.1.xiii.

Back to Citation 508. See supra note 11. See also infra section XII.C.3.

Back to Citation 509. See supra section XII.A.2.ii.d. 2.

Back to Citation 510. Id.

Back to Citation 511. See supra table 17 endnote a.

Back to Citation 512. See supra section XII.C.2.i.b.

Back to Citation 513. Id.

Back to Citation 514. Id.

Back to Citation 515. Id.

Back to Citation 516.

                         This cost is estimated to be less than $200 per firm. 
                        See 
                         section XII.A.4.ii.c.

Back to Citation 517.

                         The U.S. Bureau of Economic Analysis reports the annual value of the gross domestic product implicit price deflator for calendar year 1995 (the year UMRA was enacted) as 66.939, and as 128.974 for calendar year 2025 (the most recent available). Thus, the inflation-adjusted estimate for $100 million is 128.974 ÷ 66.939 × $100 million, or $192.7 million. U.S. Bureau of Economic Analysis, *Table 1.1.9. Implicit Price Deflators for Gross Domestic Product,* available at *<a href="https://apps.bea.gov/iTable/?reqid=19&step=3&isuri=1&1921=survey&1903=13#eyJhcHBpZCI6MTksInN0ZXBzIjpbMSwyLDMsM10sImRhdGEiOltbIk5JUEFfVGFibGVfTGlzdCIsIjEzIl0sWyJDYXRlZ29yaWVzIiwiU3VydmV5Il0sWyJGaXJzdF9ZZWFyIiwiMTk5NSJdLFsiTGFzdF9ZZWFyIiwiMjAyNSJdLFsiU2NhbGUiLCIwIl0sWyJTZXJpZXMiLCJBIl1dfQ==">https://apps.bea.gov/​iTable/​?reqid=​19&​step=​3&​isuri=​1&​1921=​survey&​1903=​13#eyJhcHBpZCI6MTksInN0ZXBzIjpbMSwyLDMsM10sImRhdGEiOltbIk5JUEFfVGFibGVfTGlzdCIsIjEzIl0sWyJDYXRlZ29yaWVzIiwiU3VydmV5Il0sWyJGaXJzdF9ZZWFyIiwiMTk5NSJdLFsiTGFzdF9ZZWFyIiwiMjAyNSJdLFsiU2NhbGUiLCIwIl0sWyJTZXJpZXMiLCJBIl1dfQ=​=</a>.*

Back to Citation 518. See supra section XII.C.2.i.c.

Back to Citation 519. See supra sections XII.A through C.

Back to Citation 520. See infra section XII.E.

Back to Citation 521.

                         
                        See [44 U.S.C. 3506(c)(2)(A)](https://www.govinfo.gov/link/uscode/44/3506).

Back to Citation 522.

                         
                        See [44 U.S.C. 3507(a)(3)](https://www.govinfo.gov/link/uscode/44/3507).

Back to Citation 523. See infra section XII.E.3.

Back to Citation 524. See supra section XII.A.2.ii.a.

Back to Citation 525. See supra section XII.A.2.ii.d. 2.

Back to Citation 526.

                         
                        See 
                         Bank Policy Institute, *Getting to Effectiveness—Report on U.S. Financial Institution Resources Devoted to BSA/AML & Sanctions Compliance, supra note* 483.

Back to Citation 527.

                         FinCEN, *Agency Information Collection Activities; Proposed Renewal; Comment Request: Renewal Without Change of Information Collection Requirements in Connection With the Imposition of Special Measures,* [90 FR 57279](https://www.federalregister.gov/citation/90-FR-57279) (Dec. 10, 2025).

Back to Citation 528.

                         Hourly burden figures presented in tables 22 and 23 are rounded to the nearest hundredth of an hour for presentation purposes. Total burden figures are produced using unrounded figures for accuracy.

Back to Citation 529.

                         FinCEN notes that because, in its approach to calculating expected time burdens, different burden estimates apply to PPSIs of various (1) types (*e.g.,* whether a PPSI is a subsidiary of an IDI or not) and (2) sizes, average values may not meaningfully represent the economic burden that any single, particular PPSI may expect to incur.

Back to Citation 530. See infra section XII.E.3.

Back to Citation [FR Doc. 2026-06963 Filed 4-9-26; 8:45 am]

BILLING CODE 4810-02-P

Published Document: 2026-06963 (91 FR 18582)

CFR references

31 CFR 502 31 CFR 1010 31 CFR 1033

Named provisions

AML/CFT Program Requirements Sanctions Compliance Program Requirements Customer Due Diligence

Related changes

Favicon for www.fincen.gov Permitted Payment Stablecoin Issuer AML/CFT Program Requirements
Priority review Apr 09, 2026 FinCEN Advisories and Alerts Banking & Finance
Favicon for www.fincen.gov Anti-Money Laundering and Countering the Financing of Terrorism Programs NPRM
Priority review Apr 07, 2026 FinCEN Advisories and Alerts Banking & Finance
Favicon for www.federalregister.gov Anti-Money Laundering and Countering the Financing of Terrorism Programs
Priority review Apr 10, 2026 FR: Federal Deposit Insurance Corporation Banking & Finance

Get daily alerts for FR: Foreign Assets Control Office

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.federalregister.gov
FR: Foreign Assets Control Office federalregister.gov/documents/search?conditions%5Bagencies%5D%5B%5D=foreign-assets-control-office&order=newest
Trade & Sanctions

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from Treasury Department.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
Treasury Department
Published
April 10th, 2026
Comment period closes
June 9th, 2026 (59 days)
Compliance deadline
June 9th, 2026 (59 days)
Instrument
Consultation
Legal weight
Non-binding
Stage
Consultation
Change scope
Substantive
Document ID
91 FR 18582 / Docket No. FINCEN-2026-0100
Docket
Docket No. FINCEN-2026-0100

Who this affects

Applies to
Technology companies Financial advisers
Industry sector
5239.1 Cryptocurrency & Digital Assets
Activity scope
Anti-Money Laundering Compliance Sanctions Compliance Stablecoin Issuance
Geographic scope
United States US

Taxonomy

Primary area
Anti-Money Laundering
Operational domain
Compliance
Compliance frameworks
BSA/AML OFAC Sanctions
Topics
Sanctions Payments Administrative practice and procedure Authority delegations (Government agencies) Banks, banking

Browse Categories

Agriculture & Food Safety 64 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 362 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 19 Energy 101 Environment 86 Environmental Regulation 8 Financial Regulation 2 Government & Legislation 280 Healthcare 136 Housing 16 Immigration 8 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 136 Transportation 57

Get alerts for this source

We'll email you when FR: Foreign Assets Control Office publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!