In this issue:

US Financial Services and Crypto Companies Continue New Product Launches

By Robert A. Musiala Jr.

A major global derivatives exchange recently “announced plans to expand its leading suite of regulated Cryptocurrency derivatives with the launch of Avalanche (AVAX) and Sui (SUI) futures on May 4, pending regulatory review.” According to a press release, “Avalanche and Sui futures will join the company’s rapidly expanding Cryptocurrency derivatives offerings, including recently launched Cardano, Chainlink and Stellar futures contracts.”

In other news, a major U.S. financial services company recently announced “a new offering that gives enterprise partners the ability to manage both fiat and crypto banking from a single, nationally chartered bank.” According to a press release, the new offering will provide access to business deposit accounts; “24/7/365” money movement and settlement in USD, SoFiUSD or selected cryptocurrencies; support for the “mint and burn” of SoFiUSD, allowing for the instant conversion between fiat and digital assets while maintaining reserves within the company’s regulated environment; and a single, integrated interface for managing both traditional banking and digital asset activity.

In a final notable item, the issuer of the USDC stablecoin recently announced plans to launch a wrapped bitcoin digital asset, cirBTC. According to a press release, cirBTC is “designed to provide institutions with a highly secure and neutral version of wrapped BTC,” and every cirBTC will be 1-to-1 backed by native BTC with reserves verifiable onchain.

For more information, please refer to the following links:

New Stablecoin Market Data Published

By Robert A. Musiala Jr.

A major blockchain analytics company, Chainalysis, recently published a report with new data on the stablecoin market. Key highlights include the following:

  • In 2025, stablecoins processed $28 trillion in real economic volume.
  • Adjusted stablecoin volume is projected to reach $719 trillion by 2035.
  • Stablecoin payment volumes are on pace to match the transaction volumes of the two largest payment card networks somewhere between 2031 and 2039.

For more information, please refer to the following link:

Institutional Investor Digital Assets Survey Published

By Robert A. Musiala Jr.

A “Big Four” accounting and consulting firm and a major U.S. cryptocurrency exchange recently published the 2026 Institutional Investor Digital Assets Survey. Key takeaways from the survey include the following:

  • Nearly half of surveyed investors (49 percent) noted recent market volatility has strengthened their emphasis on risk management, liquidity and position sizing.
  • Two-thirds (66 percent) of digital asset investors get exposure via spot crypto exchange-traded funds/products (ETFs/ETPs); 81 percent prefer spot exposure via a registered vehicle.
  • Nearly three-quarters (73 percent) of respondents plan to increase their allocations to digital assets in 2026; 74 percent expect crypto prices to rise over the next 12 months.
  • Among those planning to increase holdings in 2026, 65 percent identify greater regulatory clarity as a key driver; simultaneously, 66 percent of respondents consider regulatory uncertainty a primary concern when investing.
  • 78 percent of investors see market structure as the area most in need of increased regulatory clarity; in addition, 61 percent of respondents expect tokenization to have a significant impact on market structure.
  • 66 percent of investors cited regulatory compliance as a key factor in choosing a custodian in 2026 versus 25 percent in 2025.
  • 86 percent of investors either already use or are interested in using stablecoins; key use cases include T+0 settlement (88 percent) and internal cash management and money movement (85 percent).
  • 61 percent of investors expect tokenization to have a significant impact on trading, clearing and settlement over the next three to five years.

For more information, please refer to the following link:

Treasury Issues Proposed AML/CFT Rule for GENIUS Stablecoin Issuers

By Om M. Kakani

On April 8, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) issued a joint notice of proposed rulemaking (NPRM) addressing anti-money laundering (AML), countering the financing of terrorism (CFT), and sanctions compliance requirements for permitted payment stablecoin issuers (PPSIs) under the GENIUS Act. The proposal would amend FinCEN regulations at 31 C.F.R. Parts 1010 and 1033, as well as OFAC regulations at 31 C.F.R. Part 502.

The proposed rule would treat PPSIs as “financial institutions” for purposes of the Bank Secrecy Act (BSA). The proposed rule would require PPSIs to establish and maintain written, risk-based AML and CFT programs that are reasonably designed to prevent the misuse of payment stablecoins for illicit finance, including requirements for PPSIs to have:

  • Internal policies, procedures and controls designed to address BSA obligations including Risk Assessment Processes, direct attention toward mitigating money laundering and terrorist financing risks, and ongoing customer due diligence
  • Independent testing of the compliance programs
  • Designation of a U.S.-based individual responsible for administering and overseeing the program
  • Ongoing employee training
  • Written AML/CFT programs approved by the PPSI’s board of directors or appropriate governing body or senior management

The proposed rule also would require PPSIs to establish and maintain effective sanctions compliance programs. Those programs would include components such as technical capabilities, internal controls, risk assessment, training and auditing. The proposal would require PPSIs to have technical capabilities, policies and procedures to block, freeze and reject impermissible transactions that violate federal or state laws, rules or regulations, or to comply with lawful orders, in both the primary and secondary markets.

The proposal distinguishes between primary- and secondary-market activity in describing certain compliance expectations. The proposal would apply suspicious activity reporting obligations in the primary market while also requiring issuers to maintain the ability to block or reject impermissible transactions in both markets.

Under the proposal, PPSIs would be required to file suspicious activity reports (SARs) as applicable in the primary market. The proposal also would require issuers to retain records for money transfers of $3,000 or more. PPSIs would be subject to the recordkeeping and information‑sharing requirements applicable to financial institutions, including obligations to respond to lawful requests for information from FinCEN and other authorities. Comments on the proposed rule are due 60 days after publication in the Federal Register.

For more information, please refer to the following links:

Proposed Rule Addresses Prudential Framework for GENIUS Stablecoin Issuers

By Robert A. Musiala Jr.

On April 7, the U.S. federal agency responsible for providing bank deposit insurance published a notice of proposed rulemaking (NPRM) that would implement requirements under the GENIUS Act to establish a prudential framework for permitted payment stablecoin issuers. Among other things, the proposed rule addresses requirements related to reserve assets, redemption, capital and risk management standards. The proposed rule would also establish requirements for insured depository institutions (IDIs) that provide certain payment stablecoin-related custodial and safekeeping services. Additionally, the proposed rule would address the applicability of pass-through insurance to deposits held as reserves backing payment stablecoins and would clarify that tokenized deposits that satisfy the statutory definition of “deposit” would be treated no differently under the Federal Deposit Insurance Act than any other types of deposits. The proposed rule includes 144 specific questions on which the issuing agency is seeking public input. Comments on the proposed rule must be received no later than June 9.

For more information, please refer to the following links:

DOL Proposes Safe Harbor Rule for 401(k) Investment Selection

By Amos Kim

The U.S. Department of Labor (DOL) recently published a notice of proposed rulemaking (NPRM) both clarifying the procedural considerations fiduciaries may rely on when incorporating alternative assets into their investment lineups and establishing process-based safe harbors for fiduciaries to use when making these selections. The NPRM follows the August 2025 executive order titled “Democratizing Access to Alternative Assets for 401(k) Investors” and is intended to reduce regulatory burdens and lower litigation risks. The release also notes that the proposal is “decidedly neutral and refrains from saying that any asset class is any better or worse than other investment types, as the law requires.”

The proposed rule emphasizes that prudence under the Employee Retirement Income Security Act of 1974 (ERISA) is grounded in process. Under the NPRM, plan fiduciaries are deemed to have satisfied ERISA’s duty of prudence and benefit from a process-based safe harbor in any subsequent review in selecting alternative assets, including digital assets, if they “objectively, thoroughly, and analytically consider” the following six factors:

  1. Performance: Fiduciaries must determine that risk-adjusted expected returns, over an appropriate time horizon and net of anticipated fees and expenses, enable participants to maximize risk-adjusted returns.
  2. Fees: The fiduciary must consider a reasonable number of similar alternatives and determine that the fees and expenses of the designated investment alternative are appropriate.
  3. Liquidity: Fiduciaries must appropriately consider and determine that the designated investment alternative will have sufficient liquidity to meet the anticipated needs of the plan.
  4. Valuation: The fiduciary must determine that the designated investment alternative has adopted adequate measures to ensure it is capable of being timely and accurately valued.
  5. Performance Benchmarks: Fiduciaries must ensure that each designated investment alternative has a “meaningful benchmark” and evaluate the investment’s risk-adjusted expected returns by comparison to that benchmark.
  6. Complexity: Fiduciaries must consider whether they possess the necessary skill, knowledge and experience to adequately understand an investment’s complexity.

For more information, please refer to the following link:

DeFi Exploitation and Software Supply Chain Attacks Continue

By Amos Kim

A recent report from TRM Labs, a blockchain intelligence platform, details the April 1, 2026 exploitation of Drift Protocol, a Solana-based decentralized exchange, which resulted in the theft of approximately $285 million in user assets. According to the report, TRM Labs’ initial investigation suggests the hack was likely perpetrated by North Korean hackers, making it the largest DeFi hack of 2026 and the second-largest in the history of the Solana network. The report notes that the exploitation did not rely on a smart contract vulnerability but rather was a coordinated attack involving social engineering and market manipulation. Attackers reportedly induced Drift Security Council signers to pre-sign hidden authorizations using Solana’s “durable nonce” feature, and subsequently exploited a zero-timelock migration to bypass detection. The report also explains that the attackers manufactured a fictitious asset, CarbonVote Token (CVT), artificially inflated its value through wash trading, and utilized the pre-signed transactions to list it as valid collateral, draining legitimate assets in minutes.

Separately, a recent report advises of a supply chain attack involving the widely used npm package, which temporarily exposed software developers to credential theft. According to the report, on March 31, 2026, attackers inserted a malicious dependency, identified as “plain-crypto-js,” into specific versions of the npm package. The report notes that this dependency was designed to install a cross-platform remote access trojan on Windows, macOS and Linux systems. The analysis emphasizes that the attack poses a severe threat to cryptocurrency companies, as compromised developer environments can expose sensitive data, including API keys, cloud secrets, wallet configurations and seed phrase backups.

For more information, please refer to the following links: