Latest Posts
Search for:

US Treasury Department Proposes Rule to Implement GENIUS Act’s Anti-Money Laundering and Sanctions Compliance Program Requirements for Stablecoin Issuers

by , and 7 Mins Read

On April 8, 2026, the US Department of the Treasury’s (“Treasury“) Financial Crimes Enforcement Network (“FinCEN“) and the Office of Foreign Assets Control (“OFAC“) issued a joint proposed rule (“Proposed Rule“) to implement provisions of the Guiding and Establishing National Innovation for US Stablecoins Act (“GENIUS Act“). The Proposed Rule implements the GENIUS Act’s anti-money laundering (“AML“) and sanctions compliance program requirements and encourages innovation in payment stablecoins while providing a regulatory regime to mitigate potential illicit finance risks.

Notably, through OFAC’s proposed creation of a new 31 CFR Part 502, the Proposed Rule would for the first time impose a binding regulatory obligation—rather than mere guidance—requiring a specific category of US Persons (permitted payment stablecoin issuers (“PPSIs“)) to adopt and maintain an effective sanctions compliance program. While OFAC’s 2019 Framework for OFAC Compliance Commitments (“OFAC Framework“) “strongly encourages organizations to develop, implement and routinely update a Sanctions Compliance Program,” the OFAC Framework is guidance, not regulation. No existing part of OFAC’s regulations currently mandates that any other category of persons maintain a sanctions compliance program. Non-PPSIs can nonetheless gain insights about OFAC’s expectations for a sanctions compliance program from the agency’s detailed comments about the implementation of the OFAC Framework.

The Proposed Rule represents less of a change for PPSIs that have been complying with FinCEN regulations that apply to Money Services Businesses (“MSBs”), including the need to implement an AML program. FinCEN expects that most PPSIs that have been complying with those regulations should be able to adapt to the Proposed Rule.

The Proposed Rule represents a significant step in Treasury’s ongoing implementation of the GENIUS Act, which was enacted on July 18, 2025 and provides a comprehensive framework for the federal regulation of payment stablecoins. The Treasury press release, FinCEN press releasefact sheet, and notice of proposed rulemaking (“NPRM“) are linked. Comments on the Proposed Rule will be accepted until June 9, 2026.

Background: The GENIUS Act

The GENIUS Act requires that a PPSI “be treated as a financial institution for purposes of the Bank Secrecy Act (“BSA“), and as such, shall be subject to all Federal laws applicable to a financial institution located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and due diligence.” The GENIUS Act directs the Secretary of the Treasury to issue regulations implementing this provision tailored to the size and complexity of the PPSI’s operations and business.

The GENIUS Act specifies that a PPSI’s obligations include, among other things, maintenance of an effective AML program, suspicious transaction reporting, technical capabilities to block or freeze impermissible transactions, an effective customer identification program, and an effective economic sanctions compliance program.

On September 19, 2025, Treasury issued an advance notice of proposed rulemaking concerning the GENIUS Act, and since then a number of federal agencies—including the FDICNCUA, and OCC—have proposed their own implementing regulations. The OCC’s NPRM noted that BSA, AML, and OFAC sanctions-related requirements would be addressed in a separate rulemaking in coordination with Treasury; this Proposed Rule is that rulemaking.

Proposed Anti-Money Laundering Obligations

AML/CFT Program Requirement

The Proposed Rule would require PPSIs to establish and maintain AML and countering the financing of terrorism (“CFT“) programs. The proposed AML/CFT program for PPSIs largely mirrors the AML/CFT program obligation FinCEN recently proposed for the 11 types of existing financial institutions. FinCEN expects that most PPSIs that have been complying with existing regulations applicable to MSBs should be able to adapt their current AML/CFT programs to meet the Proposed Rule’s requirements. Under the proposal, AML/CFT programs should be appropriately risk-based, with PPSIs directing more resources toward higher-risk customers and activities, rather than toward lower-risk customers and activities.

The Proposed Rule would require a PPSI’s internal policies, procedures, and controls to be reasonably designed to ensure compliance with the BSA and FinCEN regulations. Key elements include:

  • Risk assessment of the PPSI’s money laundering, terrorism financing, and other illicit finance risks, incorporating the AML/CFT Priorities (which identify the most significant AML/CFT threats, including corruption, cybercrime, terrorist financing, fraud, and proliferation financing, among others) and updated as risks materially change;
  • Ongoing customer due diligence, including developing customer risk profiles, monitoring for suspicious transactions, and maintaining and updating customer and beneficial ownership information on a risk basis;
  • Independent testing of the AML/CFT program against objective criteria;
  • Designation of an AML/CFT Officer located in the United States responsible for day-to-day program implementation and compliance; and
  • An ongoing employee training program and a written AML/CFT program approved by the PPSI’s board of directors or equivalent governing body, or appropriate senior management.
Technical Capabilities and Lawful Orders

The Proposed Rule would require PPSIs to have the technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations as provided in the GENIUS Act. It would also require PPSIs to have the technical capabilities to comply, and to in fact comply, with the terms of any lawful order.

Suspicious Activity Reports, Recordkeeping, and Information Sharing

Under the Proposed Rule, PPSIs would be required to file suspicious activity reports (“SARs“) for any suspicious transaction relevant to a possible violation of law or regulation. Notably, while the Proposed Rule’s technical capabilities and lawful order requirements would apply to both primary and secondary market activity (as discussed above), the SAR obligation would only apply to a PPSI’s primary market activity (i.e., the issuance and redemption of payment stablecoins) and would not extend to secondary market transactions (i.e., subsequent transfers of payment stablecoins between holders).

The Proposed Rule would also require PPSIs to comply with the Recordkeeping Rule (for funds transfers and transmittals of $3,000 or more) and the Travel Rule (requiring transmission of information to other financial institutions participating in a transfer or transmittal). PPSIs would additionally be subject to certain information sharing provisions, including mandatory record searches upon FinCEN request and the ability to participate in FinCEN’s voluntary information sharing program.

Proposed Sanctions Compliance Program Requirements

In addition, PPSIs would need to fulfill an obligation under the Proposed Rule to implement a sanctions compliance program, drawing on the same five-element structure set forth in the OFAC Framework (and also aligned in many ways with AML/CFT program requirements discussed above). PPSIs would be required to adopt a sanctions compliance program including five key elements:

  1. Senior Management and Organizational Commitment: Senior management must review, approve, and actively support the sanctions compliance program, including by ensuring it applies to all payment stablecoin-related activity, is adequately resourced, is integrated into ongoing operations, and routinely provides risk updates to appropriate personnel.
  2. Risk Assessment: PPSIs must conduct holistic risk assessments of their payment stablecoin-related activities — spanning products, customer segments, geographies, transaction channels, and counterparties — to inform the design and updating of the sanctions compliance program.
  3. Internal Controls: PPSIs must maintain policies and procedures to identify, interdict, escalate, and report potential sanctions issues and maintain related records, functioning across both primary and secondary market activities.
  4. Testing and Auditing: PPSIs must conduct independent testing and auditing of their sanctions compliance programs, separate from the team responsible for day-to-day compliance.
  5. Training: PPSIs must maintain a risk-based sanctions compliance training program, with OFAC expecting sanctions-specific training periodically for all appropriate personnel, and at a minimum annually.

PPSIs implementing a sanctions compliance program will need to consider how to take into account the 10-year statute of limitations that applies under certain US sanctions programs authorized by the International Emergency Economic Powers Act and the Trading with the Enemy Act, which we wrote about here and here.

Categories:
Author

Terry Gilroy is a partner in the New York office of Baker McKenzie and a member of the Investigations Compliance and Ethics Practice Group. Prior to joining the Firm in 2018, Terry served as Americas Head of the Financial Crime Legal function at Barclays. Terry advises financial institutions, corporates, and individuals on white collar and financial crime and sanctions compliance issues and has significant experience conducting investigations relating to compliance with the US Foreign Corrupt Practices Act (FCPA) and related bribery and corruption statutes, economic sanctions regulations as administered by the US Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Bank Secrecy Act and related anti-money laundering (AML) regulations and statutes. Terry spent six years on active duty in the United States Army as a Field Artillery officer.

Author

Alexandre (Alex) Lamy joined Baker McKenzie in 2009 and currently works in the Firm's International Trade Practice Group. He assists clients with sanctions and export controls (Export Administration Regulations (EAR); International Traffic in Arms Regulations (ITAR)) and he advises clients on corporate compliance matters. Alex contributes regularly to Baker McKenzie's Global Sanctions & Export Controls Update blog and edited the “Navigating the Impending Global Sanctions Enforcement Storm” blog series.

Author

Rob is an international trade associate in Baker McKenzie's San Francisco office. He assists multinational companies on various aspects of US trade law, particularly export controls, sanctions, and customs. Rob graduated from UCLA School of Law, where he was the editor-in-chief of the UCLA Journal of Islamic and Near Eastern Law for three volumes. Before joining the Firm, Rob interned with the US Commerce Department, advising middle- and low-income countries on laws impacting commercial development, and worked as an open-source intelligence contractor with the Department of Defense.

Related Posts