On April 8, 2026, the U.S. Department of the Treasury dropped what many in the compliance community have been anticipating for months: a joint proposed rule from FinCEN and OFAC that would bring permitted payment stablecoin issuers (PPSIs) squarely under the Bank Secrecy Act and U.S. sanctions framework. This landmark rulemaking, implementing provisions of the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act), represents the most significant regulatory expansion into digital asset compliance since FinCEN’s 2019 guidance on convertible virtual currencies.
For compliance professionals, stablecoin issuers, fintech firms, and the broader financial services ecosystem, this proposal is not merely a regulatory formality—it is a watershed moment that will reshape how digital dollar-pegged instruments are governed, monitored, and held accountable in the fight against financial crime.
What the Proposed Rule Actually Requires
Published in the Federal Register on April 10, 2026, the proposed rule treats PPSIs as “financial institutions” under the BSA—the same designation that applies to banks, money services businesses, and broker-dealers. This is not a light-touch framework. The core obligations include:
AML/CFT Program Requirements: PPSIs must establish and maintain a risk-based AML/CFT program that includes internal controls, independent testing, designated compliance officer(s), and ongoing employee training—mirroring the pillars required of traditional financial institutions.
Customer Due Diligence (CDD): Issuers must implement robust customer identification programs and conduct ongoing due diligence, including the collection and verification of beneficial ownership information for entity customers.
Suspicious Activity Reporting (SAR): PPSIs are required to file SARs with FinCEN when they detect suspicious transactions, just as banks and MSBs do today.
Transaction Monitoring and Blocking: Issuers must have the technical capability to monitor transactions in real time, screen against OFAC sanctions lists, and block or freeze transactions involving sanctioned persons or entities.
Sanctions Compliance Program: In a historic first, OFAC has explicitly proposed requiring a specific category of financial institution to maintain a formal sanctions compliance program. PPSIs must screen all primary and secondary market activity against OFAC’s Specially Designated Nationals (SDN) list and report willful violations.
Why This Matters: The OFAC Precedent
While FinCEN’s AML requirements for digital asset firms are an extension of existing BSA architecture, OFAC’s explicit sanctions compliance mandate for PPSIs breaks new ground. Historically, OFAC has enforced sanctions through guidance, advisories, and enforcement actions—but has never before formally proposed a regulation requiring a defined class of financial institution to maintain a standalone sanctions compliance program. This signals a clear intent by Treasury to close the regulatory gap that has allowed certain crypto firms to operate in a gray zone when it comes to sanctions screening.
The practical implication is significant: stablecoin issuers can no longer treat sanctions compliance as a secondary concern or rely on downstream intermediaries to shoulder the screening burden. They must build, or procure, enterprise-grade sanctions screening and transaction monitoring infrastructure—capabilities that many traditional banks have spent decades and billions of dollars developing.
The Compliance Challenge: Blockchain Meets BSA
Applying BSA-level compliance to on-chain stablecoin activity presents unique technical and operational challenges. Unlike traditional wire transfers where intermediary banks serve as chokepoints, stablecoin transactions can occur peer-to-peer on public blockchains, often in real time and across jurisdictions. Compliance teams at PPSIs will need to address several critical questions:
- How do you conduct effective CDD on wallet holders who interact through decentralized protocols?
- What transaction monitoring typologies are appropriate for on-chain stablecoin flows, where velocity, layering, and mixing services create novel laundering patterns?
- How do you implement freeze-and-block capabilities at the smart contract level while preserving network functionality?
- What role does blockchain analytics play in satisfying the “effectiveness” standard that FinCEN’s broader AML reform proposal emphasizes?
These are not hypothetical concerns. Enforcement actions in 2025 and early 2026 against crypto exchanges and DeFi protocols have demonstrated that regulators expect real-time, risk-proportionate compliance—regardless of the underlying technology.
Timeline and Comment Period
The proposed rule carries a 60-day public comment period, with responses due by June 9, 2026. Under the GENIUS Act’s statutory deadlines, Treasury must issue final implementing regulations by July 18, 2026, with full enforcement beginning no later than January 18, 2027. This is an aggressive timeline by any regulatory standard, and compliance teams should begin their gap assessments now rather than waiting for the final rule.
FinCheck’s Perspective and the Way Forward
At FinCheck LLC, we view this proposed rule as a necessary and overdue step toward leveling the regulatory playing field between traditional financial institutions and digital asset issuers. For too long, stablecoins—which now represent over $200 billion in market capitalization—have operated under a patchwork of state-level money transmitter licenses and voluntary compliance frameworks that were insufficient to address the scale of illicit finance risk they carry.
However, we also recognize the challenge this poses for the industry. Many stablecoin issuers, particularly smaller or newer entrants, lack the compliance infrastructure, personnel, and institutional knowledge to stand up a BSA-grade AML program and a formal OFAC sanctions compliance program within the proposed timeline. This is where experienced compliance advisory firms play a critical role.
Our recommendations for affected institutions:
Conduct a Compliance Gap Assessment Now: Do not wait for the final rule. Map your current AML and sanctions controls against the proposed requirements and identify where you fall short.
Invest in Blockchain-Native Compliance Technology: Off-the-shelf transaction monitoring tools designed for banks will not suffice. You need solutions built for on-chain activity—blockchain analytics, wallet screening, and smart contract-level controls.
Submit Comments to FinCEN and OFAC: The comment period is your opportunity to shape the final rule. Industry voices matter, particularly on implementation feasibility and technological constraints.
Engage Fractional Compliance Leadership: If you lack a full-time BSA Officer or Chief Compliance Officer with digital asset expertise, consider engaging a fractional CCO who can guide your program design, regulatory interactions, and board-level governance.
The GENIUS Act’s AML and sanctions framework for stablecoin issuers is not a distant regulatory prospect—it is happening now, and the compliance clock is ticking. Whether you are a stablecoin issuer, a fintech firm partnering with one, or a financial institution evaluating your exposure to stablecoin-related risk, the time to act is today.
FinCheck LLC specializes in AML/CFT program design, sanctions compliance, and regulatory advisory for financial institutions and digital asset firms. Visit us at www.fincheckllc.com.
