Compliance Framework and Industry Impact of the Proposed Joint Rules by FinCEN-OFAC

Article: FinTax

From the content of the published text, this proposed rule jointly issued by FinCEN and OFAC does not attempt to solve all issues of stablecoin regulation at once but instead specifies regulatory requirements such as AML/CFT, sanctions compliance, and suspicious activity reporting.

In April 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) jointly announced a proposed rule on anti-money laundering and combating the financing of terrorism (AML/CFT). The proposal was published in the Federal Register on April 10, 2026, with a public comment deadline of June 9, 2026. If the proposed rule is finalized, permitted payment stablecoin issuers (Permitted Payment Stablecoin Issuer, PPSI) will need to adhere to AML/CFT compliance standards similar to traditional financial institutions and establish OFAC sanctions compliance programs. This is a stark contrast to the previous regulatory requirements that allowed permitted payment stablecoin issuers to operate as money services businesses, which has implications for the compliance costs faced by issuers and further redistributes compliance obligations among stablecoin issuers, exchanges, custodians, and on-chain risk control service providers in the U.S. market.

This article systematically analyzes the proposed rule from the perspectives of legislative background, core obligations, and market impact.

1 Background of the Joint Proposed Rule

The emergence of this proposed rule is closely related to the rapid growth of the stablecoin market in the U.S. and globally, along with associated illegal financial risks. As of the first quarter of 2026, the global stablecoin market size has exceeded $316 billion, with illegal financial infiltration intensifying simultaneously. The Financial Action Task Force (FATF) explicitly warned in its March 2026 special report that stablecoins “have become the most widely used virtual assets in illegal transactions,” with sanctioned entities like Iran and North Korea using stablecoins for weapons proliferation financing and cross-border payments. Chainalysis’s 2026 Cryptocurrency Crime Report shows that in 2025, at least $154 billion flowed into illegal crypto addresses, a 162% increase year-over-year, with stablecoins accounting for 84% of this. Data from TRM Labs indicates that in 2025 alone, illegal entities obtained $141 billion worth of stablecoins, a five-year high; OFAC imposed over $3.4 billion in penalties from 2016 to 2025, with continuous fines on crypto firms like Exodus and ShapeShift at the end of 2025 and early 2026.

In stark contrast to federal enforcement actions, industry compliance preparations lag behind. A survey report by S&P Global Market Intelligence in April 2026 noted that among 100 banks surveyed in the first quarter, only 7% were developing relevant strategic frameworks, and no institutions had launched pilot projects. How to regulate stablecoin trading without impairing its payment efficiency and innovative features has become a pressing regulatory challenge.

In 2025, the U.S. Congress accelerated the legislative process for the GENIUS Act. The bill was passed by the Senate on June 17, 2025, with 68 votes to 30, and by the House of Representatives on July 17, 2025, with 308 votes to 122. It was signed into law by President Trump on July 18, 2025. This is the first federal legislation in the U.S. specifically targeting payment stablecoins. The White House emphasized in a subsequent briefing that the bill explicitly brings stablecoin issuers under the jurisdiction of the Bank Secrecy Act (BSA) and requires them to establish effective AML and sanctions compliance programs, with the technical capability to seize, freeze, or destroy stablecoins under lawful orders. The proposed rule jointly issued by FinCEN and OFAC focuses on the specific implementation of AML and sanctions compliance, forming a multi-layered enforcement system alongside other regulatory frameworks under the GENIUS Act.

2 Overview of the Proposed Rule

The formal name of the proposed rule jointly issued by FinCEN and OFAC in the Federal Register is “Permitted Payment Stablecoin Issuer Anti-Money Laundering / Countering the Financing of Terrorism Program and Sanctions Compliance Program Requirements” (hereinafter referred to as “the proposed rule” or “the rule”).

2.1 Main Framework of the Proposed Rule

In summary, the proposed rule revolves around five key aspects:

(1) Officially classifying permitted payment stablecoin issuers as “financial institutions” under the Bank Secrecy Act, clearly delineating their distinction from money services businesses (MSBs);

(2) Setting AML/CFT program requirements aligned with banking standards for permitted payment stablecoin issuers, centered on customer due diligence procedures;

(3) Clarifying the boundaries of suspicious activity reporting (SAR) obligations for permitted payment stablecoin issuers in primary and secondary markets;

(4) Mandating, under the authority of the GENIUS Act, that permitted payment stablecoin issuers establish OFAC sanctions compliance programs with five key elements through regulation;

(5) Requiring permitted payment stablecoin issuers to have the technical capacity to freeze, reject, and block illegal transactions, including considerations of secondary market activities.

2.2 Legal Status of Permitted Payment Stablecoin Issuers

2.2.1 Proposed Classification of Permitted Payment Stablecoin Issuers as “Financial Institutions”

The most significant difference from existing regulatory frameworks is that the proposed rule would classify permitted payment stablecoin issuers as “financial institutions” under the Bank Secrecy Act. If finalized, the regulatory approach for these issuers will align more closely with traditional financial institutions.

Prior to the enactment of the GENIUS Act, stablecoin issuers at the federal level were mainly regulated as Money Service Businesses (MSBs). MSBs are required to register with FinCEN and undergo periodic inspections by the IRS. Under the proposed rule, FinCEN would delegate AML/CFT supervision of permitted payment stablecoin issuers to relevant federal agencies: Federal Qualified Payment Stablecoins Issuers (FQPSI) would be regulated by the Office of the Comptroller of the Currency (OCC), and deposit-taking subsidiaries (IDI) would be overseen by their respective federal banking regulators. For “State Qualified Payment Stablecoin Issuers” (SQPSI) regulated only at the state level, the IRS would still handle BSA compliance checks.

2.2.2 Separation from MSB Regulation

The rule also amends the definition of MSB to explicitly exclude permitted payment stablecoin issuers. This design aims to avoid regulatory confusion caused by dual oversight and to establish an independent compliance standard system for stablecoin issuers that is not constrained by the traditional MSB framework. FinCEN cites relevant authorizations in the rule, recognizing that the activities of permitted payment stablecoin issuers are “similar or related” to those of traditional financial institutions, providing a legal basis for rulemaking.

2.2.3 Technical Capacity Requirements for Issuers

The GENIUS Act requires permitted payment stablecoin issuers to have the technical capacity to freeze, reject, and prevent illegal transactions. The proposed rule further clarifies that this requirement applies not only to primary market issuance and redemption activities but also explicitly covers secondary market transactions—i.e., peer-to-peer transfers between third parties. The rule states that the “technical capabilities, policies, and procedures must cover transactions involving permitted payment stablecoins and interactions with third-party smart contracts.”

In practice, this means issuers must demonstrate their ability to block, freeze, or reject specific or prohibited transactions and to execute lawful commands. If finalized, issuers unable to technically implement these measures will need to upgrade or redeploy their existing smart contracts to meet compliance standards.

3 Dual Compliance Obligations under the Proposed Rule

For permitted payment stablecoin issuers, after their legal status is clarified, the proposed rule establishes two parallel and complementary compliance obligations from FinCEN and OFAC: one is the AML/CFT framework led by FinCEN, and the other is the economic sanctions compliance framework led by OFAC. The former focuses on preventing money laundering, fraud, and terrorist financing, while the latter concentrates on blocking transactions with sanctioned entities or individuals.

3.1 FinCEN’s AML/CFT Requirements

The proposed rule requires permitted payment stablecoin issuers to establish and maintain an effective AML/CFT program. The program should include specific customer due diligence requirements and clarify the boundaries of suspicious activity reporting obligations in both primary and secondary markets.

3.1.1 Customer Due Diligence Requirements

Under current regulations, “Customer Due Diligence” (CDD) is a statutory element of bank AML/CFT programs, but MSBs have never been required to implement comprehensive CDD procedures; their obligations are generally limited to customer identity verification. Once permitted payment stablecoin issuers are no longer regulated as MSBs, FinCEN will require them to implement ongoing CDD. The specific CDD requirements in the proposed rule include three levels:

(1) Understanding the nature and purpose of customer relationships to establish customer risk profiles;

(2) Ongoing monitoring of transactions to identify and report suspicious activities;

(3) Maintaining and updating customer information based on risk principles, including beneficial ownership information for legal entities.

Beneficial owners are defined as natural persons holding directly or indirectly more than 25% of the equity, and a natural person with control. This elevates the AML obligations of stablecoin issuers to a standard comparable to banks.

3.1.2 Suspicious Activity Reporting (SAR) Obligations

The proposed rule requires permitted payment stablecoin issuers to file Suspicious Activity Reports (SARs) for suspicious transactions in the primary market, with a threshold of $5,000. This is a significant increase from the current MSB threshold of $2,000 and aligns with traditional financial institutions like banks and brokerages. FinCEN explains that this adjustment considers that issuers will be required to implement customer identification procedures, that low-value transactions are rare in the primary market, and that the stablecoin ecosystem lacks the proxy relationships typical of MSBs. In the secondary market, the rule makes clear exemptions: transactions triggered solely by third-party transfers via smart contracts do not immediately require SAR reporting.

Regarding exemptions, FinCEN states that monitoring all on-chain transfers and reporting suspicious transactions would pose two problems: first, issuers cannot identify the transacting parties in the secondary market, making reports meaningless; second, it could lead to “defensive reporting,” where over-reporting by institutions drowns out valuable clues. Therefore, the rule sets clear boundaries for SAR obligations but retains the issuer’s ability to take technical actions such as freezing or rejecting illegal transactions, provided they can execute lawful court or federal agency orders. The technical capacity requirement is critical to supporting this authority.

3.2 OFAC’s Sanctions Compliance Program

Unlike FinCEN’s requirements, OFAC’s sanctions compliance program emphasizes proactive blocking and strict liability. The proposed rule codifies five key elements of the sanctions compliance program as a legal obligation for permitted payment stablecoin issuers. Previously, OFAC issued guidance such as the 2019 “Compliance Commitment Framework,” but did not make sanctions compliance a legal requirement. The proposed rule explicitly states that permitted payment stablecoin issuers must establish and maintain an “effective sanctions compliance program” containing the following elements:

(1) Commitment from senior management and organizational levels;

(2) Risk assessment;

(3) Internal controls;

(4) Testing and audits;

(5) Training.

The rule defines “payment stablecoin-related activities” as any activities involving issuance, trading, holding, processing, transfer, redemption, or other activities involving payment stablecoins from issuance until they exit circulation, whether in the primary or secondary markets. This broad definition means that issuers are responsible for sanctions screening of their tokens throughout the entire lifecycle, even if transactions occur between wallets unrelated to the issuer, as long as the stablecoins involved are issued by the issuer and transferred via smart contracts. Violations carry strict penalties: up to $100k per day for major violations, with an additional $100k per day for knowing violations. Given OFAC’s strict liability approach, violations can be pursued civilly regardless of knowledge, making the deterrent effect clear.

4 Challenges for Stablecoin Issuers: Quantifying Compliance Costs

For stablecoin issuers, the proposed rule’s explicit system design effectively quantifies what was previously a vague compliance cost, objectively raising the market entry threshold. Part XII of the proposal provides a detailed analysis of regulatory impacts. According to FinCEN and OFAC’s estimates, the incremental compliance cost in the first year for each non-bank permitted payment stablecoin issuer is approximately $52,453, while for bank-affiliated issuers (as subsidiaries of existing banks), it is about $24,983. The significant difference relates to existing compliance infrastructure: bank issuers can leverage their parent companies’ BSA/AML teams, OFAC screening systems, and beneficial ownership processes, resulting in lower marginal costs; non-bank issuers must build compliance infrastructure from scratch. Additionally, each issuer must spend $10k to $20k in the first year on blockchain analysis tools, sanctions screening software, and transaction monitoring systems.

For small entities, the rule adopts an asset-based threshold—issuers with total assets below $200 million are classified as small entities. Among the estimated 50 potential permitted payment stablecoin issuers, about 19 fall into this category. For these small issuers, first-year compliance costs could account for 1% to 3% of annual revenue. While this ratio may not necessarily block market entry, small issuers must incorporate compliance costs into their business models, potentially altering issuance strategies or revenue approaches.

5 Conclusion

From the content of the published text, this proposed rule jointly issued by FinCEN and OFAC does not attempt to solve all issues of stablecoin regulation at once but instead specifies regulatory requirements such as AML/CFT, sanctions compliance, and suspicious activity reporting. For the U.S. stablecoin market, the technical architecture, customer management, and compliance systems of issuers will become key entry conditions, playing a more significant role in market competition. However, the proposed rule is still open for public comments, and whether the final rule will retain the current technical capacity requirements for secondary markets, the boundaries of customer due diligence, and sanctions arrangements remains uncertain. The establishment of the dual compliance obligation system under the published text will require ongoing observation. From a medium- to long-term perspective, the implementation measures under the GENIUS Act suggest that a clear, well-defined regulatory environment may be the only way for stablecoins to truly integrate into the global financial infrastructure.