FDIC Proposes BSA and Sanctions Compliance Rules for Stablecoin Issuers

7 mins mins

The U.S. Federal Deposit Insurance Corporation on May 22, 2026, unanimously approved a proposed rule that would require stablecoin issuers under its supervision to comply with Bank Secrecy Act anti-money laundering obligations and sanctions screening requirements, marking a decisive step toward imposing bank-grade financial crime controls on the growing stablecoin sector.

The FDIC Board of Directors voted 3-0 to approve the Notice of Proposed Rulemaking (NPRM), which targets Permitted Payment Stablecoin Issuers (PPSIs) supervised by the agency under the GENIUS Act. The proposal establishes AML/CFT program requirements, mandates reporting to FinCEN and OFAC, and opens a 60-day public comment period following publication in the Federal Register.

Today, our Board of Directors approved a proposed rule that would establish requirements under the GENIUS Act for FDIC-supervised stablecoin issuers.https://t.co/VAnMhwyGo5 pic.twitter.com/1A8sqGRlvk

— FDIC (@FDICgov) April 7, 2026

Source: @FDICgov on X

What the FDIC Is Proposing

The proposed rule applies specifically to PPSIs that are subsidiaries of FDIC-supervised insured state nonmember banks and state savings associations. These entities would be required to maintain full AML/CFT compliance programs, including know-your-customer procedures, transaction monitoring, and suspicious activity report (SAR) filing.

The SAR filing threshold for PPSIs is set at $5,000, matching the standard applied to banks rather than the lower $2,000 threshold used for money services businesses. Notably, FinCEN has explicitly excluded secondary market transactions from SAR reporting obligations, meaning peer-to-peer transfers and exchange activity do not trigger issuer-level filing requirements.

The rule also requires PPSIs to maintain OFAC sanctions screening programs. This represents a historic regulatory milestone: it marks the first time federal law has explicitly mandated sanctions compliance programs for a specific category of U.S. persons. Previously, OFAC compliance was expected but never statutorily required.

One of the most structurally novel elements is the requirement that issuers maintain technical capability to block, freeze, seize, or burn stablecoins when legally required, including in secondary market flows via smart contracts. Unlike traditional banking, where funds leave the issuer’s control after transfer, stablecoin issuers must retain on-chain enforcement tools even after coins are in circulation.

This is the FDIC’s third proposed rulemaking implementing provisions of the GENIUS Act, following earlier NPRMs on issuance procedures in December 2025 and prudential standards in April 2026.

Why This Matters for the Stablecoin Market

The stablecoin market now exceeds $323 billion in total capitalization, with USDT holding 58.65% dominance. The FDIC’s proposed BSA requirements would apply to any bank-affiliated issuer entering this market under the GENIUS Act framework.

DeFiLlama stablecoin market cap dashboard showing total stablecoin market cap of $323 billion with USDT dominance at 58.65% — Total stablecoin market cap stands at $323B with USDT holding 58.65% dominance. Source: DeFiLlama

The FDIC estimates between 5 and 30 banks will apply to issue stablecoins in the first few years after the GENIUS Act takes full effect, which is expected around mid-January 2027. Bank-grade AML compliance requires dedicated compliance staff, transaction monitoring infrastructure, and SAR filing systems, representing significant operational costs for new entrants.

This creates a competitive dynamic that favors large incumbents. Banks with existing BSA compliance infrastructure can extend those programs to stablecoin issuance relatively easily. Smaller institutions or new applicants face a steeper on-ramp, potentially consolidating stablecoin issuance among a handful of well-resourced banks.

Non-bank stablecoin issuers like Tether and Circle are not directly subject to FDIC supervision. However, the GENIUS Act establishes that state-qualified issuers exceeding $10 billion in outstanding issuance must transition to federal oversight or obtain a waiver, creating an indirect pathway toward similar compliance standards for the largest players, similar to how regulatory approvals for Bitcoin index options have expanded federal oversight across digital asset markets.

DeFi protocols that integrate stablecoins face a different kind of pressure. While the FDIC rule does not directly regulate decentralized protocols, the smart contract freeze requirement means bank-issued stablecoins will carry built-in enforcement mechanisms that could affect any protocol holding or transferring those tokens.

Regulatory Context: A Coordinated Federal Push

The FDIC’s proposal does not exist in isolation. On April 8, 2026, FinCEN and OFAC jointly issued their own NPRM treating PPSIs as financial institutions under the Bank Secrecy Act, with public comments due by June 9, 2026. Together, these parallel rulemakings form a coordinated regulatory architecture for stablecoin compliance.

The GENIUS Act, signed into law in July 2025, created the first comprehensive federal framework for payment stablecoins. It directed Treasury, the FDIC, OCC, Federal Reserve, and NCUA to issue implementing regulations. Treasury received approximately 450 timely comments during an advance notice of proposed rulemaking in September 2025, signaling strong industry engagement.

Privacy advocates have raised concerns about the BSA framework’s application to stablecoins. Coin Center, a crypto policy advocacy group, warned that “mandating issuer collection, storage, and retention of identifying information risks the creation of a total financial panopticon.” The tension between compliance and privacy is likely to feature prominently in the public comment period.

The IRS is designated as BSA examiner for state-qualified PPSIs under $10 billion in outstanding issuance, a practical arrangement that raises questions given the agency’s recent workforce and funding changes. This compliance oversight gap has received little attention in industry coverage, even as debates over prediction market regulatory enforcement highlight the challenges agencies face in policing fast-moving digital finance sectors.

Internationally, the European Union’s Markets in Crypto-Assets (MiCA) regulation already imposes AML and sanctions requirements on stablecoin issuers operating in the EU. The U.S. framework under the GENIUS Act brings American standards closer to the EU model, though with distinct structural features like the smart contract enforcement mandate.

What Stablecoin Issuers and Crypto Firms Should Watch Next

The FDIC’s 60-day public comment period begins upon Federal Register publication. The parallel FinCEN/OFAC comment deadline of June 9, 2026, arrives sooner and covers related but distinct requirements. Industry participants planning to respond should address both proposals.

The GENIUS Act’s prohibitions on unapproved stablecoin issuance take effect approximately 18 months after enactment, targeting around November 2026. Full implementation of the regulatory framework, including the BSA and sanctions requirements, is expected by mid-January 2027.

Non-bank stablecoin issuers face a separate regulatory path. State-qualified PPSIs operate under state-level supervision unless they cross the $10 billion threshold, at which point federal oversight becomes mandatory. How state regulators align their own AML frameworks with the federal standards remains an open question, particularly as state-level enforcement actions in digital asset markets continue to test jurisdictional boundaries.

Industry groups may mount legal challenges to specific provisions, particularly the smart contract freeze requirement, which imposes a technical obligation with no direct parallel in traditional banking regulation. The comment period will be the first formal venue for those objections.

FAQ: FDIC BSA Compliance for Stablecoin Issuers

What is the Bank Secrecy Act and why does it apply to stablecoins?

The Bank Secrecy Act is the primary U.S. anti-money laundering law, requiring financial institutions to maintain AML programs, file suspicious activity reports, and cooperate with law enforcement. Under the GENIUS Act, stablecoin issuers supervised by the FDIC are now treated as financial institutions subject to these same obligations.

Does this proposal affect Tether (USDT) or Circle (USDC)?

Not directly. The FDIC rule covers PPSIs that are subsidiaries of FDIC-supervised banks. Tether and Circle operate as non-bank issuers. However, the GENIUS Act requires state-qualified issuers exceeding $10 billion in outstanding stablecoins to transition to federal supervision or obtain a waiver, which could eventually bring large non-bank issuers under comparable requirements.

What happens to stablecoin issuers that don’t comply?

PPSIs that fail to maintain BSA/AML programs or OFAC sanctions screening face the same enforcement consequences as banks: civil monetary penalties, cease-and-desist orders, and potential revocation of their authority to issue stablecoins under the GENIUS Act.

Does this affect DeFi protocols that use stablecoins?

The FDIC rule does not directly regulate DeFi protocols. However, the requirement that issuers maintain smart contract capabilities to freeze or burn tokens means bank-issued stablecoins will carry built-in enforcement mechanisms that could affect liquidity pools, lending protocols, and other DeFi applications integrating those assets.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.