Banking Agencies Propose Customer Identification Rules for Stablecoin Issuers Under GENIUS Act

Key Takeaways

• AML Framework Takes Shape: Federal regulators have proposed customer identification requirements for stablecoin issuers as implementation of the GENIUS Act moves forward.
• Identity Verification Required: Stablecoin issuers would need to collect and verify customer names, addresses, identification numbers, and other core information before opening accounts.
• Follow-On to OCC Proposal: The rule builds on the OCC's earlier GENIUS Act rulemaking, which deferred anti-money laundering and Bank Secrecy Act requirements to a separate Treasury-led process.
• Risk-Based Compliance Model: Issuers would be required to adopt procedures for customer verification, recordkeeping, terrorist list screening, and handling customers whose identities cannot be verified.
• Stablecoins Move Closer to Traditional Banking Standards: The proposal signals regulators' intent to apply familiar financial crime compliance controls to federally recognized stablecoin issuers.

Deep Dive

The federal government moved Thursday to extend core anti-money laundering controls to the stablecoin sector, proposing rules that would require permitted payment stablecoin issuers to verify the identities of their customers and maintain formal customer identification programs.

The proposal, issued jointly by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the National Credit Union Administration, would implement a key provision of the Guiding and Establishing National Innovation for U.S. Stablecoins Act, known as the GENIUS Act.

The rule would require permitted payment stablecoin issuers (PPSIs) to establish and maintain written Customer Identification Programs (CIPs) designed to ensure they know the identities of customers opening accounts. Regulators said the framework is intended to mitigate illicit finance risks while protecting U.S. financial system and national security interests.

The proposal represents the latest step in the government's effort to translate the GENIUS Act into an operational regulatory framework. Earlier this month, the Office of the Comptroller of the Currency issued a separate proposed rule governing permitted payment stablecoin issuers and certain custody activities, while noting that Bank Secrecy Act, anti-money laundering, and sanctions-related requirements would be addressed through a separate rulemaking coordinated with the Treasury Department. Thursday's proposal delivers the first of those requirements.

Under the proposal, stablecoin issuers would be required to collect four pieces of information from customers before opening an account: a name, date of birth for individuals or date of formation for entities, a physical address, and an identification number.

Issuers would also be required to implement risk-based procedures for verifying customer identities and maintaining a reasonable belief that they know the true identity of each customer. Verification could be conducted through documentary methods, non-documentary methods, or a combination of both.

For non-individual customers, the proposal would require issuers, when warranted by their risk assessments, to obtain information about individuals who exercise authority or control over an account as part of the identity verification process.

The agencies also outlined requirements for situations in which customer identities cannot be adequately verified. Each issuer's customer identification program would need procedures addressing when accounts should not be opened, when limited account access may be permitted while verification is ongoing, when accounts should be closed following unsuccessful verification attempts, and when suspicious activity reports should be filed.

Beyond identity verification, the proposal would require stablecoin issuers to maintain records of information collected through their customer identification programs, screen customers against government-issued lists of known or suspected terrorists and terrorist organizations, and provide customers with notice that identifying information is being collected for verification purposes.

The rule would also permit stablecoin issuers, under certain circumstances, to rely on another federally regulated financial institution to perform customer identification procedures on their behalf, provided such reliance is reasonable under the circumstances.

The proposal includes authority for exemptions. Federal functional regulators, with Treasury's concurrence, could exempt specific issuers or account types from customer identification requirements. Treasury would have similar authority, subject to the concurrence of the appropriate federal regulator.

The customer identification requirement would become part of a stablecoin issuer's broader anti-money laundering and countering-the-financing-of-terrorism program. FinCEN noted that the proposal complements a separate rulemaking that would impose additional anti-money laundering obligations on permitted payment stablecoin issuers under the GENIUS Act.

The proposals illustrate how federal regulators intend to treat stablecoin issuers more like traditional financial institutions. While the GENIUS Act established a legal framework for federally recognized stablecoin issuers, regulators are now defining the compliance obligations that will accompany that status.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.