The proposal is currently in the “request for comment” stage and is not a final rule. It comes from a joint group of federal regulators, including the Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board, the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration. The agencies say the proposal is intended to implement the Genius Act requirement that payment stablecoin issuers be treated as financial institutions for purposes of the Bank Secrecy Act and maintain an effective customer identification program.
In plain English, the US federal government is moving toward formal anti-money laundering (AML) and identity-checking regulations for stablecoin issuers. But, at least in the current form of the proposal, it is not trying to force issuers to identify every person who ever touches a stablecoin token. This is a meaningful clarification of how the GENIUS Act could be implemented, and suggests that agencies are trying to fit stablecoins into bank regulatory frameworks without breaking the core way these assets already circulate and function.
Will it be “almost impossible” to identify users?
Initial coverage of the notice from some crypto media outlets has focused on bank-style ID checks imposed on direct customers of stablecoin issuers, with less attention paid to the arguably more consequential decision to allow stablecoins to circulate on the secondary market without requiring issuers to identify individual users. While the proposal indicates that federal regulators are largely fine with the way they already work in practice, it may be a mistake to view this as some kind of cap on the level of privacy found with stable coins. The proposal draws a sharp distinction between the primary market, where an issuer issues or redeems stablecoins directly to a customer and must implement customer identity verification measures, and the secondary market, where tokens move between other parties and the issuer is not actually involved except in the associated smart contract.
In reference to regulatory agencies’ views on the specific point of tracking each of the end users of stablecoin issuers, the proposal states, “Imposing an obligation where any payment may be for the purposes of stablecoin transfers [Customer Identification Program] Obligations, consequences in an account relationship with a customer and a [Permitted Payment Stablecoin Issuer] This would essentially impose a global obligation on PPSIs to collect and verify identity information of individual users. FinCEN and the agencies assess that it would be nearly impossible for PPSIs to impose such a CIP obligation and could potentially cripple the industry.
While it is certainly true that requiring ID verification for every secondary-market stablecoin user would likely lead to growth in the industry, it is not difficult to imagine how such restrictions might be imposed if regulators ever decided to go there. The most obvious path would be address whitelisting, where issuers only allow tokens to be moved to blockchain addresses that have completed AML and Know Your Customer (KYC) checks. In fact, this possibility has been hanging over the stablecoin market for years. So, while the agencies are right that universal secondary-market verification would be disruptive, the real significance here is that they are signaling that they are not choosing that route right now, not that such a regulatory environment would be impossible to implement.
What regulators may be comfortable with about how things currently work is that stable coins on public blockchains do not work with the assets originally envisioned for digital cash by cyberpunks a few decades ago. In fact, they are more akin to a complete financial panopticon. Of course, stablecoin transfers can be pseudonymous in the narrow sense, as not every blockchain address or wallet is labeled with a legal identity by the issuer. But the crypto networks on which these tokens are issued are completely public and transparent. Blockchain analytics firms specialize in connecting wallet clusters to real people and institutions, and stablecoin activity is centered around centralized exchanges and other regulated custodians that already collect lots of information about their users. For example, Chainalysis, a firm, released a report earlier this year that projected the use of stable coins for illicit purposes increasing to record levels in 2025. In other words, most of the transaction graph is already effectively docked.
As former Commodity Futures Trading Commission (CFTC) Chairman Chris Giancarlo once put it bluntly, “Let’s get one thing as clear as custard here, okay. There is no privacy in stablecoins. None. Zero.”
It is possible that some traditional banks will offer their viewpoints on this proposed regulatory framework for stablecoins during the 60-day comment period window. JPMorgan Chase CEO Jamie Dimon made headlines when he called Coinbase CEO Brian Armstrong “full of crap” on crypto regulation in a recent interview, and during the same interview, he also argued that stablecoins currently do not have proper AML requirements. Those comments could be a preview of what kind of pushback regulators will hear from existing financial institutions that would prefer a system with less of a gap between traditional banks and stablecoins in terms of compliance expectations.
It also appears that these types of comments from the traditional banking industry, if they indeed provide them, will be listened to closely by regulators. “I remain worried[…] Federal Reserve Governor Michael S. “The GENIUS Act regulatory framework does not yet do enough to address the risks of illicit finance conducted through secondary market transactions in payment stablecoins,” Barr said in a statement. “Although some digital asset service providers are subject to anti-money laundering and anti-terrorism financing requirements in their home jurisdiction, it is far too easy for bad actors to evade these restrictions and operate without detection when transacting in digital assets. I will carefully review comments in response to the proposal’s questions about whether any part of the CIP rule should be extended to secondary market activity.
This is not the first time Barr has publicly commented on the potential risks of stablecoins being used for illicit activity, as he previously noted in 2022, “As banks explore different options to harness the potential of the technology, it is important to identify and assess the new risks inherent in those models and whether those risks are worth addressing. For example, for some of the models being explored, banks may not be able to track Who owns its tokens or whether its tokens are being used in risky or illegal activities.”
For now, the proposal suggests that regulators are willing to tolerate the regulatory arbitrage available to companies that place dollar liabilities on a public blockchain rather than on an internal database system. Of course, this does not mean that stablecoins are uncontrolled or permissionless in any technical sense. Issuers still retain extraordinary power over their dollar-pegged tokens, including the ability to freeze or blacklist funds. This is something the Iranian regime recently discovered the hard way when Tether froze $344 million of Iran-linked assets on behalf of the US government.
<a href