FinCEN proposes CIP rule for stablecoin issuers under the GENIUS Act

What happened

On 18 June 2026, FinCEN (the US Financial Crimes Enforcement Network) issued a joint proposed rule on customer identification for stablecoin issuers. It acted with four banking regulators: the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the National Credit Union Administration. The notice of proposed rulemaking (NPRM) implements customer identification program (CIP) requirements under the GENIUS Act.

The rule would set minimum CIP requirements for permitted payment stablecoin issuers (PPSIs). It would also clarify when a PPSI has a customer and an account relationship that triggers identification and verification. Federal Register publication is scheduled for 22 June 2026, with comments due 60 days after publication.

This is a second, separate rule. It supplements the broader anti-money laundering and countering the financing of terrorism (AML/CFT) program rule for stablecoin issuers that the agencies published on 10 April 2026, the rule whose comment window closed on 9 June 2026 and which Issue 3 covered.

The proposed CIP would require risk-based procedures to verify each customer’s identity, recordkeeping of the information obtained, and procedures to check customers against government lists of known or suspected terrorists. It would also require customer notice that the issuer is requesting information to verify identity, and it sets conditions for relying on another federally regulated institution’s CIP.

Why it matters

The April rule told issuers to build an AML/CFT program. This rule tells them what know your customer (KYC) actually looks like at the front door. Read together, the two define the compliance perimeter for a regulated US stablecoin business.

The hard problem sits in one phrase: when does a PPSI have a customer and an account. Stablecoins move on-chain to wallets that an issuer may never onboard directly. The proposal’s attempt to draw that line is the provision practitioners should read first, because it determines who must be identified and verified, and who falls outside the program.

The reliance provision matters for banks too. A federally regulated institution that wants to lean on an issuer’s CIP will only be able to do so under stated conditions. That is analysis, not settled law. The rule is proposed, not final, and the 60-day window is the moment to test it against how token issuance actually works.

Practitioner angle

For stablecoin issuers, scope the CIP build now rather than after the rule is final:

• Map identity verification, government-list screening, recordkeeping, and customer notice to the minimum standards in the proposal.
• Resolve the customer and account question for on-chain holders. Decide which wallet relationships create an onboarding obligation under your reading, and document the rationale.
• Align this CIP work with the AML/CFT program built for the April rule so the two operate as one control set, not two.

For banks, confirm the conditions for relying on an issuer’s CIP before you treat that reliance as a given in any current or planned arrangement.

For both, draft a comment in the 60-day window on any provision that does not fit how stablecoin issuance works in practice, especially the customer and account trigger.

The single most important action: assign an owner this quarter to read the customer and account definition and file a comment before the 60-day window closes.