Treasury proposes pulling stablecoin issuers inside the Bank Secrecy Act

What happened

The US Financial Crimes Enforcement Network (FinCEN) and the US Office of Foreign Assets Control (OFAC) jointly issued a proposed rule to implement the GENIUS Act (Guiding and Establishing National Innovation for U.S. Stablecoins Act). Treasury released the proposal on 10 April 2026. The comment window closed on 9 June 2026.

The rule would treat permitted payment stablecoin issuers (PPSIs) as financial institutions under the Bank Secrecy Act (BSA). That classification carries obligations for anti-money laundering (AML), countering the financing of terrorism (CFT), and sanctions compliance, written specifically for PPSIs rather than borrowed wholesale from bank rules.

This is a proposal, not a final rule. If finalized as written, it takes effect 12 months after publication in the Federal Register. That timing aligns with the broader GENIUS Act regime becoming operational in January 2027.

Why it matters

Treating an issuer as a BSA financial institution is the moment a crypto business stops sitting beside the regulated perimeter and starts sitting inside it. The proposal signals that stablecoins will be supervised through the same illicit-finance machinery as banks and money services businesses, adapted for on-chain activity.

The tailoring is the part to read closely. A PPSI does not onboard customers the way a retail bank does, and its product moves on public ledgers. So the analysis to watch is how FinCEN and OFAC expect issuers to apply customer due diligence and sanctions screening to flows that settle on-chain, often through intermediaries the issuer never contracts with. The submitted comments will shape that answer.

A second-order effect lands on banks. Once PPSIs carry their own program obligations, an institution banking a PPSI can no longer treat the issuer as an unregulated counterparty, nor assume the issuer’s controls are adequate without testing them.

Practitioner angle

Treat the 12-month clock from final publication as a build timeline you start now, not after finalization. The rule is proposed, but the program it describes takes months to stand up.

• If you issue or custody stablecoins, scope the PPSI AML program now: customer due diligence (CDD), transaction monitoring tuned to on-chain flows, suspicious activity report (SAR) filing, and sanctions screening of wallet addresses and counterparties.
• Map your on-chain monitoring gaps. Screening a customer at onboarding is not the same as monitoring where tokens travel after issuance. Identify which chain-analytics coverage and screening windows you lack.
• If you bank or service a PPSI, reassess third-party reliance. Document what you actually verify about the issuer’s controls rather than relying on its own attestations.

The single most important action: start scoping the PPSI program against the proposed text this quarter, so a 12-month implementation clock does not become a six-month scramble.