The Proposal would establish principles-based AML/CFT and sanctions compliance standards for stablecoin issuers aligned with FinCEN and OFAC, as well as supervision and enforcement provisions.

By Arthur S. Long, Parag PatelPia Naib, and Deric Behar

Key Points:

  • The FDIC has proposed new anti-money laundering, counter-terrorist financing, and sanctions compliance standards for stablecoin issuers aligned with Treasury rules, including requirements administered by FinCEN and OFAC.
  • Under the Proposal, the FDIC would not take enforcement action against an issuer if it maintains an effective AML/CFT program under applicable FinCEN requirements.
  • The Proposal also anticipates that stablecoin issuers would need to comply with customer-identification requirements once those rules are finalized through related joint rulemaking.

On May 22, 2026, the Federal Deposit Insurance Corporation (FDIC) approved a third Notice of Proposed Rulemaking (the Proposal) to implement the Guiding and Establishing National Innovation for US Stablecoins Act (GENIUS Act) for permitted payment stablecoin issuers (PPSIs) that are subsidiaries of insured depository institutions (for more information on the GENIUS Act, see this Latham Client Alert).

Specifically, the Proposal would implement anti-money laundering/countering the financing of terrorism (AML/CFT) and economic sanctions compliance standards for FDIC-supervised PPSIs — including requirements promulgated by the Department of Treasury’s (Treasury) Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) — that are principles-based, tailored to the business model and risk profile of PPSIs, and consistent with applicable law. It would also establish supervision and enforcement provisions for PPSI AML/CFT programs, in alignment with FinCEN requirements.

According to the FDIC, the Proposal “would establish supervisory expectations for PPSIs, help combat illicit finance risk, and continue to support the responsible growth and use of digital assets and related technologies in the banking sector.”

Bank Secrecy Act (BSA) and Sanctions Compliance Standards

The Proposal would amend the FDIC Rules and Regulations by adding § 350.6(d), a provision that imposes BSA and sanctions compliance and reporting standards on PPSIs consistent with applicable FinCEN regulations at 31 CFR Chapter X and OFAC regulations at 31 CFR Chapter V.

The requirements would also be consistent with FinCEN and OFAC’s April 10, 2026, joint Notice of Proposed Rulemaking on the GENIUS Act, which would treat PPSIs as financial institutions under the BSA and impose all related financial institution obligations (see below).

According to the Proposal, “FinCEN and the primary Federal payment stablecoin regulators are also issuing a joint notice of proposed rulemaking that would require PPSIs to maintain an effective customer identification program (CIP) as required by the GENIUS Act. Proposed § 350.6(d) would require a PPSI to comply with such CIP requirements.”

Supervision and Enforcement Provisions

The Proposal would amend FDIC Rules and Regulations part 350 subpart C to add supervision and enforcement provisions for PPSI AML/CFT programs. A PPSI that establishes an effective AML/CFT program in accordance with applicable FinCEN regulations would not be subject to an enforcement or supervisory action based on the program requirements issued by FinCEN. Enforcement or supervisory action may be warranted if the FDIC observes a significant or systemic failure to implement an effective AML/CFT program.

The Proposal would also establish a notice and consultation framework applicable when the FDIC intends to initiate an AML/CFT enforcement or supervisory action:

  • The FDIC would be required to provide written notice to the FinCEN Director of the FDIC’s intent to take action at least 30 days in advance of the proposed action (unless the FDIC determines, at its discretion, that a shorter period is necessary to “remedy, prevent, or respond to an unsafe or unsound practice or condition.”)
  • Notice would be accompanied by the relevant AML/CFT information underlying the proposed action, including “relevant portions of a draft report of examination; relevant portions of a draft enforcement action; examination workpapers supporting the proposed action; and the relevant AML/CFT information submitted by the PPSI to the FDIC.”
  • The FDIC would also respond to requests for additional AML/CFT information from the FinCEN Director regarding the proposed action, but would not be obligated to provide information over which the PPSI may claim privilege under federal or state law.
  • The Director of FinCEN would be afforded the opportunity to review and comment on the proposed action, including any view as to the effectiveness of the PPSI’s AML/CFT program.

The FDIC is proposing two alternative approaches for permitting PPSIs to share non-public supervisory information with the FinCEN Director in connection with existing or potential AML/CFT enforcement or supervisory actions:

  1. The first option allows the FDIC to authorize the PPSI to disclose covered information on the FDIC’s behalf to the FinCEN Director and to separately permit the FinCEN Director to use such information.
  2. The second option would add the requirement that any such information shared on the FDIC’s behalf be contemporaneously disclosed by the PPSI to the FDIC.

Both options include language intended to preserve all applicable privileges (including attorney-client privilege and the bank-examination privilege), and to restrict the FDIC and FinCEN Director from further disseminating the received non-public information.

Comments on the Proposal are due 60 days after publication in the Federal Register.

Recap of FDIC GENIUS Act Proposals

The first proposal, issued December 19, 2025, seeks to implement Section 5 of the GENIUS Act by establishing procedures for a tailored application process under which the FDIC can evaluate the safety and soundness of an applicant’s stablecoin activities and support the responsible growth and use of digital asset technologies. It would align stablecoin issuer reviews to five statutory factors, including the ability to meet reserve and disclosure requirements, management fitness and competence, and a clear, timely redemption policy (see this Latham blog post).

The second proposal, issued April 10, 2026, seeks to establish a prudential framework for FDIC-supervised permitted payment stablecoin issuers (PPSIs), as well as requirements for insured depository institutions (IDIs) that provide certain payment stablecoin-related custodial and safekeeping services. The FDIC proposed a simpler reserve diversification framework than the OCC (see this Latham Client Alert), requiring only a 40% single-institution concentration cap (without daily or weekly liquidity floors, a weighted average maturity limit, or a minimum insured deposit requirement for large issuers). Where the OCC would impose automatic, rules-based consequences for reserve or capital shortfalls and automatic redemption extensions during stress, the FDIC would retain supervisory discretion across all three areas, with no automatic issuance suspension, mandatory liquidation triggers, or self-executing extensions. The FDIC also proposed that reserve deposits at IDIs are insured as corporate deposits of the issuer (not on a pass-through basis to stablecoin holders) and that the FDI Act’s definition of “deposit” is technology-neutral, meaning tokenization does not affect deposit insurance eligibility.

Treasury’s GENIUS Act Proposal

On April 3, 2026, the Treasury issued a Notice of Proposed Rulemaking (NPRM) seeking public comment related to its implementation of the GENIUS Act, following a general Advance Notice of Proposed Rulemaking in September 2025 (see this Latham blog post). Specifically, under Section 4(c) of the GENIUS Act (“Option for State-Level Regulatory Regimes”), “a State qualified payment stablecoin issuer with a consolidated total outstanding issuance of not more than US$10,000,000,000 may opt for regulation under a State-level regulatory regime, provided that the State-level regulatory regime is substantially similar to the Federal regulatory framework under this Act.” It also requires Treasury to “establish broad-based principles for determining whether a State-level regulatory regime is substantially similar to the Federal regulatory framework under [the GENIUS] Act.” Once such principles are established, the GENIUS Act also requires that state payment stablecoin regulators review state-level regulatory regimes in accordance with the principles.

Treasury’s proposed rule would establish a two-tier classification of GENIUS Act requirements: “uniform requirements” that states must follow without material deviation (such as for stablecoin-reserve backing and anti-money laundering and sanctions compliance), and “state-calibrated requirements” where states retain discretion but must produce outcomes “substantially similar” to the federal framework. 

Treasury interprets “substantial similarity” as requiring state regimes to “meet or exceed” the standards in Section 4(a) of the GENIUS Act, treating the federal framework as a floor.

The NPRM anchors the federal benchmark primarily to OCC regulations and interpretations, reflecting the OCC’s role as the default federal supervisor for most nonbank stablecoin issuers under the GENIUS Act.

FinCEN and OFAC’s GENIUS Act Proposal

On April 10, 2026, FinCEN and OFAC issued a joint Notice of Proposed Rulemaking seeking public comment related to its implementation of the GENIUS Act. Specifically, the proposal would treat PPSIs as financial institutions subject to all federal laws applicable to financial institutions located in the US relating to prevention of money laundering, economic sanctions, customer identification, and due diligence. The Proposal would require that PPSIs:

  • establish and maintain an anti-money laundering and countering the financing of terrorism (AML/CFT) program;
  • report suspicious activity;
  • have the technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate federal or state laws, rules, or regulations, including “stablecoins traded by blocked persons on the secondary market when PPSIs exercise possession or control of such stablecoins, including through smart contracts”;
  • have the technical capabilities to comply, and do comply, with the terms of any lawful order; and
  • maintain an effective sanctions-compliance program, with civil monetary penalties of up to $100,000 per day for PPSIs that materially violate the requirement to maintain an effective program and with an additional $100,000 per day for knowing violations.

Follow this and other critical developments on Latham’s US Crypto Policy Tracker.