PPSI Readiness Map

Section 314(a): FinCEN requests — financial institutions must search records for named subjects at law-enforcement request. Section 314(b): voluntary information sharing among financial institutions for AML purposes, with safe harbor from liability.

• C3
• C7

• 2nd 2nd Line

Covered financial institutions, including money services businesses that qualify as money transmitters for virtual currency activity, must establish and maintain a written AML program reasonably designed to prevent money laundering and the financing of terrorism. Program elements: policies/procedures, designated compliance officer, training, independent testing, and (for certain institutions) customer due diligence.

• C1
• C3

• 2nd 2nd Line
• 3rd 3rd Line

Customer Identification Program requirements — verify identity of each customer, maintain records of identifying information, and check customer names against government lists. For virtual currency MSBs, CIP applies to exchanger/administrator customer relationships.

• C1

• 2nd 2nd Line

Currency Transaction Report filed for each transaction in currency of more than $10,000. Multiple same-day transactions by or on behalf of the same person aggregating to more than $10,000 are treated as a single transaction.

• C3
• C11

• 1st 1st Line
• 2nd 2nd Line

Enhanced due diligence for correspondent accounts maintained for foreign financial institutions. Includes reasonable steps to identify owners, conduct enhanced scrutiny to detect suspicious activity, and review PEP connections. The $50,000 threshold reflected here is used as a general EDD trigger for higher-value transactions in the Atlas; the statutory EDD obligations are ongoing for qualifying correspondent accounts.

• C1
• C3

• 2nd 2nd Line

Administrator or exchanger of convertible virtual currency is a money transmitter under FinCEN regulations and therefore an MSB subject to BSA registration, AML program, SAR, CTR, Travel Rule, and recordkeeping obligations. Users of CVC solely for personal purchases are not money transmitters. Extended and clarified by FinCEN 2019 Guidance FIN-2019-G001.

• C8

• GB Governing Body

Money services businesses — including money transmitters, which under FinCEN's 2013 guidance encompasses administrators and exchangers of convertible virtual currency — must register with FinCEN and renew every two years. Registration forms (FinCEN Form 107) and maintained customer/agent lists.

• C8

• GB Governing Body

SAR filing required for transactions the institution knows, suspects, or has reason to suspect involve funds from illegal activity, are designed to evade BSA, or have no apparent lawful purpose. MSB threshold: $2,000. Bank threshold: $5,000. Filing deadline: 30 days from detection (extendable to 60 days).

• C3
• C11

• 2nd 2nd Line

Funds-transfer recordkeeping rule. For transmittals of funds of $3,000 or more, transmitters must include and transmit prescribed originator and beneficiary information (name, address, account number, amount, execution date, beneficiary institution). FinCEN's 2019 guidance extended the rule to convertible virtual currency transmittals by MSBs. The 2020 joint NPRM proposing a $250 cross-border threshold has not been finalized; the $3,000 threshold remains in force.

• C7

• 1st 1st Line
• 2nd 2nd Line

Entities performing clearing functions for futures, options, and swaps must register with the CFTC as Derivatives Clearing Organizations, satisfy core principles (financial resources, risk management, participant/product eligibility, default rules), and comply with ongoing supervisory requirements. Relevant to any venue clearing digital-asset derivatives or accepting tokenized collateral under the 2025 Pilot.

• C8
• C9

Pilot program permitting specified digital assets — BTC, ETH, and USDC — to serve as collateral in CFTC-regulated derivatives markets. First formal CFTC pathway for digital-asset margining in U.S. futures and swaps markets. Participants must satisfy pilot-specific risk-management, custody, and valuation conditions.

• C9
• C16

Bitcoin, Ether, and other digital assets that function as commodities fall within the CFTC's jurisdiction as 'commodities' under CEA §1a(9). CFTC has asserted anti-fraud and anti-manipulation authority over spot markets in such digital commodities via CEA §6(c)(1). Payment stablecoins are excluded from 'commodity' status by GENIUS Act §17.

• C13

Futures Commission Merchants — entities that solicit or accept orders for futures, options, or swaps and accept customer money or property — must register with the CFTC, maintain minimum financial requirements, segregate customer funds, and comply with risk-management and reporting obligations.

• C8
• C9

Leveraged, margined, or financed retail transactions in commodities (including digital commodities) with retail customers are treated as futures transactions and subject to full CFTC jurisdiction unless actual delivery occurs within 28 days. Restricts how unregistered platforms may offer margined crypto trading to retail users.

• C8
• C13

Prohibits fraud and manipulation in connection with any swap, or a contract of sale of any commodity in interstate commerce, or for future delivery on or subject to the rules of any registered entity. Applied by the CFTC to spot digital-commodity markets even where CFTC lacks affirmative registration authority over the venue.

• C6
• C13

Entities that hold themselves out as dealers in swaps, make a market in swaps, or engage in more than a de minimis amount of swap-dealing activity must register with the CFTC as swap dealers. Registration triggers external business conduct standards, risk management, reporting, and Dodd-Frank clearing and margin requirements.

• C8

Full AML/CFT program obligations (Recommendations 10–21) apply to VASPs: customer due diligence, enhanced due diligence for higher-risk customers, reliance on third parties, correspondent relationships, politically exposed persons, wire transfer rules, new technologies, recordkeeping, suspicious transaction reporting, tipping-off prohibition, and internal controls. Implementation is via the member-jurisdiction AML statute.

• C3

• 2nd 2nd Line
• 3rd 3rd Line

VASPs must conduct CDD on customers before establishing business relationships or conducting occasional transactions. The occasional-transaction threshold for VAs is USD/EUR 1,000 (aligned with R.16 IN ¶7(b)). CDD includes identification and verification of customer identity, beneficial ownership, understanding the purpose and nature of the relationship, and ongoing due diligence. Enhanced due diligence is required for higher-risk customers, including cross-border correspondent VASP relationships (2021 Updated Guidance ¶¶97–102).

• C1
• C3

Member jurisdictions should provide the widest possible range of international cooperation in relation to money laundering, associated predicate offenses, terrorist financing, and proliferation financing involving virtual assets. This includes mutual legal assistance, extradition, information sharing between FIUs, and supervisory cooperation between VASP supervisors. The 2025 Targeted Update identified cross-border cooperation gaps as a primary implementation risk, particularly where a VASP operates in or serves customers in a jurisdiction that has not effectively implemented R.15.

• C3

• 2nd 2nd Line

Creators, owners, and operators of DeFi arrangements may qualify as VASPs where they maintain control or sufficient influence over the assets or protocol, regardless of how decentralized the arrangement is presented. FATF rejects categorical DeFi exclusions. The test focuses on the economic functions performed and the parties who exercise control, not on the labels used by the arrangement. Software developers who merely write and publish immutable protocol code without ongoing operational control generally do not meet the VASP definition. Implementation varies widely across member jurisdictions and remains a primary gap identified in the 2025 Targeted Update.

• C8

Member jurisdictions must require VASPs to be licensed or registered at minimum in the jurisdiction of creation (for legal persons) or place of business (for natural persons), and subject to AML/CFT supervision. Jurisdictions should take action against unlicensed or unregistered VASP activity. The specific licensing mechanism (BitLicense in NY, MSB registration in the US, MiCA CASP in the EU, PSA DPT services licensing in Singapore, HKMA stablecoin-issuer licensing, JFSA crypto-asset exchange registration) is a member-jurisdiction choice.

• C8

• GB Governing Body

Targeted financial sanctions relating to the financing of proliferation of weapons of mass destruction (UN Security Council resolutions on DPRK and Iran) apply to VA activity. VASPs must implement without delay freezing measures against designated persons and entities, and must not deal in property or provide services to designated persons. The 2025 Targeted Update elevated proliferation-financing risk in VA as a priority FATF focus, citing DPRK-linked VA theft by state-aligned threat actors. Implementation in the US: OFAC (see ofac.ts); in the EU: EU restrictive measures (CFSP Decisions); globally: UN Security Council sanctions committees.

• C2
• C4

VASPs must retain records of transactions, CDD information, account files, and business correspondence for at least 5 years following the termination of the business relationship or the date of the occasional transaction. Records must be sufficient to permit reconstruction of individual VA transactions (including amount, type of VA, counterparty information, and time). Records must be made available to competent domestic authorities on request.

• C11

Stablecoins are virtual assets and therefore within R.15 scope. Central developers, governance bodies, reserve managers, and other parties who maintain control or influence over a stablecoin arrangement may qualify as VASPs. Cross-border reach stablecoins raise heightened concerns and warrant supervisory attention; the FATF recommendations apply prior to launch and continue throughout the lifecycle. Stablecoin arrangements are also subject to parallel oversight under FSB Global Stablecoin Recommendations and, for systemic arrangements, CPMI-IOSCO PFMI standards — R.15 provides the AML/CFT layer of that stack.

• C3
• C8

VASPs must report suspicious transactions to the jurisdiction's Financial Intelligence Unit. A suspicious transaction is one where the VASP suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, related to terrorist financing, or related to proliferation financing. The reporting obligation is operationalized in the US via BSA §5318(g) SAR; in the EU via AMLD6 / national FIU rules; in Singapore via PSA §48 STR; etc.

• C3

Transfers between VASPs and unhosted (self-hosted) wallets are expressly within R.15 scope. The 2021 Updated Guidance directs VASPs to apply a risk-based approach when sending to or receiving from unhosted wallets: identify and verify counterparty information where practicable, monitor for elevated risk indicators, and report suspicious activity. Member jurisdictions may require enhanced measures (additional verification, transaction limits, outright restriction) based on risk assessment. Note: the US has not adopted enhanced unhosted-wallet rules beyond the existing BSA framework; the EU TFR (effective 2024-12-30) imposes verification obligations for unhosted-wallet transfers above EUR 1,000.

• C3
• C7

A virtual asset service provider (VASP) is any natural or legal person who conducts, as a business, one or more of the following activities on behalf of another: (i) exchange between virtual assets and fiat currencies; (ii) exchange between one or more forms of virtual assets; (iii) transfer of virtual assets; (iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; (v) participation in and provision of financial services related to an issuer's offer or sale of a virtual asset. A virtual asset is a digital representation of value that can be digitally traded or transferred and used for payment or investment purposes; excludes digital representations of fiat currencies, securities, and other financial assets already within FATF scope.

• C8

The beneficiary financial institution must take reasonable measures to identify wire transfers that lack required originator or beneficiary information. Such transfers should be subject to risk-based procedures for determining when to execute, reject, or suspend the transfer, and for appropriate follow-up action. The beneficiary institution must also have policies and procedures — including real-time and/or post-event monitoring where feasible — to identify suspect transfers for STR filing.

• C3
• C7

• 2nd 2nd Line

The 2025 revisions impose stronger beneficiary-FI obligations. Prior R.16 required beneficiary FIs only to take reasonable measures to identify missing-information transfers; the revised standard requires beneficiary FIs to actively verify incoming originator information against reliable independent data, reject transfers with demonstrably false information, and file STRs on patterns of missing-information inflows. This shifts monitoring burden to the receiving side in recognition of how cross-border ML/TF/fraud typologies have evolved. Effective in adopting jurisdictions by end of 2030.

• C3
• C7

Cross-border wire and VA transfers must include a Confirmation of Payee (CoP) verification step: the originator institution must confirm with the beneficiary institution that the named beneficiary matches the account or wallet identifier before the transfer is executed. A mismatch must be communicated to the originator, who must decide whether to proceed. CoP is intended to reduce authorized-push-payment fraud and mis-addressed transfers, and is the primary operational burden added by the 2025 revisions. Generally effective in adopting jurisdictions by end of 2030.

• C6
• C7

For cross-border wire transfers at or above USD/EUR 1,000 (the R.16 de minimis threshold), full originator and beneficiary information is required. Below that threshold, at least name and account number or unique reference is required, with verification on suspicion of ML/TF. Domestic wire transfers may carry a lighter information set where the jurisdiction provides for fast access to the remainder. The USD/EUR 1,000 threshold was retained in the June 2025 revisions.

• C7

R.16 objectives are expanded beyond AML/CFT to include fraud prevention, particularly authorized push payment (APP) fraud. Financial institutions and VASPs must integrate fraud detection with existing AML/CFT monitoring, share fraud-typology indicators with counterparties and supervisors, and participate in cross-border fraud intelligence exchanges where domestic law permits. This is the first time FATF has explicitly brought fraud within its scope. Effective in adopting jurisdictions by end of 2030.

• C6
• C7

R.16 information requirements must be carried on ISO 20022 messaging standards for cross-border transfers, aligned with the CPMI G20 cross-border payments roadmap and the global ISO 20022 migration for correspondent banking (SWIFT MT to MX transition, coexistence period ended 2025-11-22). Structured data fields replace free-text, enabling automated sanctions/AML screening and reducing false positives. Member-jurisdiction implementation deadlines are staggered through 2030.

• C7
• C16

The ordering financial institution must ensure wire transfers contain required and accurate originator information and the required beneficiary information. The ordering institution must maintain records for at least five years, and must not execute wire transfers that do not meet R.16 information requirements. This obligation is transmitted down the correspondent chain: intermediary institutions must retain information received and, where unable to transmit all required information, must respond to requests from the next institution in the chain.

• C7
• C11

• 2nd 2nd Line

R.16 objectives are explicitly extended to proliferation financing of weapons of mass destruction (aligning R.16 with R.7). Originator and beneficiary FIs and VASPs must screen all in-scope transfers against UN Security Council proliferation-financing designations, and must freeze and report without delay. The 2025 revisions elevated proliferation-financing screening from an implicit AML-program component to an explicit R.16 obligation, responding to observed exploitation of cross-border transfers by state-aligned threat actors (notably DPRK). Effective in adopting jurisdictions by end of 2030.

• C2
• C4
• C7

For VA transfers between a VASP and an unhosted (self-hosted) wallet, the VASP must still obtain required originator or beneficiary information but need not transmit it to an unhosted-wallet counterparty. Risk-based procedures apply: VASPs should apply additional CDD measures, verify ownership of the unhosted wallet where practicable, and consider imposing transaction limits or enhanced monitoring on higher-risk unhosted-wallet flows. The 2023 EU Transfer of Funds Regulation and Singapore PSN02 impose specific verification obligations for unhosted-wallet transfers above jurisdictional thresholds; the US BSA framework does not require unhosted-wallet verification as of this review.

• C3
• C7

Originator and beneficiary VASPs must obtain, hold, and transmit required originator and beneficiary information for virtual-asset transfers at or above USD/EUR 1,000, and make it available to appropriate authorities on request. Required fields parallel the wire-transfer baseline: originator name, originator account (or VA wallet) reference, originator physical address (or national ID, or CIN, or date and place of birth), beneficiary name, and beneficiary account (or wallet) reference. Operationalized in the US via FinCEN 2019 Guidance FIN-2019-G001 and 31 C.F.R. § 1010.410(f); in the EU via the 2023 Transfer of Funds Regulation (EU) 2023/1113.

• C7

Originator and beneficiary financial institutions must include required originator information (name, account number or unique transaction reference, address or national ID or customer identification number or date and place of birth) and beneficiary information (name and account number or unique transaction reference) in all cross-border wire transfers at or above the applicable de minimis threshold. Member countries implement via domestic wire-transfer recordkeeping and travel rules.

• C7

Section 4(a)(4)(A)(iv) of the GENIUS Act requires the FDIC to issue regulations implementing appropriate operational, compliance, and information technology risk management principles-based requirements and standards, including Bank Secrecy Act and sanctions compliance standards. Proposed § 350.6 addresses these requirements; the Bank Secrecy Act and sanctions compliance requirements will be addressed in detail by the joint Treasury/FinCEN/OFAC rulemaking (FR 2026-06963).

• C2
• C3

• 2nd 2nd Line

The FDIC has endeavored, in many areas, to align this proposed rule with the OCC's proposed rule, to the extent relevant. In addition to seeking comment on each of the particular provisions described below, the FDIC seeks comment on the extent to which the primary Federal payment stablecoin regulators should further align in their final rules to promote consistency of regulations applicable to all PPSIs subject to the GENIUS Act. Cross-references to the OCC NPRM (FR 2026-04089), the Federal Reserve's coordinated rulemaking, and the joint Treasury FinCEN/OFAC rulemaking (FR 2026-06963) are tracked via the watchlist.

• C8

• 2nd 2nd Line
• EA External Assurance

The FDIC would define 'eligible financial institution' to mean either: (i) a Federal Reserve Bank; or (ii) a person that is eligible to hold reserve assets in custody under section 10(a) of the GENIUS Act (12 U.S.C. 5909(a)) and that (A) complies with the applicable requirements in section 10(b), (c), and (d) of the GENIUS Act, including with applicable implementing regulations issued by the relevant primary Federal payment stablecoin regulator, primary financial regulatory agency, State bank supervisor, or State credit union supervisor; and (B) if applicable, enters into a custody agreement with a PPSI documenting the person's compliance with applicable requirements in section 10(b), (c), and (d) of the GENIUS Act, and has implemented policies and procedures to ensure compliance.

• C8
• C9

The FDIC would define 'outstanding issuance value' to mean the total consolidated par value of all of a PPSI's payment stablecoins issued. The definition would include the combined total par value of different brands of payment stablecoin issued by the PPSI. Outstanding issuance value anchors reserve requirements, redemption thresholds, and reporting obligations.

• C9
• C11

• 1st 1st Line
• 2nd 2nd Line

The FDIC would define 'significant redemption request' to mean a circumstance in which aggregate redemption requests exceed 10 percent of a PPSI's outstanding issuance value within a single 24-hour period. The threshold triggers § 350.5(c) immediate FDIC notification and an opportunity to request extension of the two-business-day redemption window.

• C14
• C16

• 2nd 2nd Line

The FDIC would define 'deposit' to have the meaning as given that term in section 3(l) of the FDI Act (12 U.S.C. 1813(l)). Consistent with section 4(a)(1)(A)(viii) of the GENIUS Act (12 U.S.C. 5903(a)(1)(A)(viii)), the proposed rule would clarify that the term includes deposits in tokenized form. The term 'tokenized deposit' generally refers to a tokenized form of an IDI's deposit liability recorded in an on-chain or off-chain account enabled with distributed ledger technology. 'Deposit token' is more digitally native without a credit in a corresponding account. The terms 'tokenized deposit' and 'deposit token' are sometimes used interchangeably when discussing deposit tokenization; for purposes of this proposal, 'tokenized deposit' is intended to also include 'deposit token.'

• C8

• GB Governing Body

Proposed § 350.4(c) would require that reserves maintained by a PPSI are readily identified as backing outstanding payment stablecoins issued and differentiated from assets not backing payment stablecoins, particularly when the PPSI issues more than one distinguishable brand of payment stablecoin. A PPSI may issue multiple brands of distinct payment stablecoin but would be required to maintain required reserves with assets that can be separately identified as backing a particular brand of distinct payment stablecoin and each brand of payment stablecoin must independently comply with proposed § 350.4(a). If a PPSI issues more than one brand of distinct payment stablecoin, each payment stablecoin must have a segregated pool of reserves, kept, maintained, and recorded separately, unless the FDIC approves in writing that the PPSI may comingle reserves.

• C9

• 1st 1st Line
• 2nd 2nd Line

Proposed § 350.4(h)(1) would require PPSIs to have the information disclosed in the previous month-end report as required in proposed § 350.4(g) examined by a registered public accounting firm which will issue a written report of findings to the PPSI's audit committee, or board of directors if there is no audit committee. In addition, the PPSI shall publish the report on its website at the same time as the report under proposed § 350.4(g). Consistent with section 4(a)(3) of the GENIUS Act, proposed § 350.4(h)(2) would require the chief executive officer and chief financial officer of a PPSI, or persons performing the equivalent functions, to submit a certification of the accuracy of the monthly report to the FDIC, including a copy of the written report prepared in proposed § 350.4(h)(1). Consistent with section 4(a)(3)(C) of the GENIUS Act, any person who submits this required certification knowing that such certification is false shall be subject to the same criminal penalties as those set forth under 18 U.S.C. 1350(c).

• C11

• GB Governing Body
• EA External Assurance

Proposed § 350.4(g) would require PPSIs to publish, for each brand of payment stablecoin issued by the PPSI, by close of business on the last day of each month, the composition of the PPSI's reserves held pursuant to proposed § 350.4(a) as of close of business of the last day of the prior month, using a format substantially similar to the template provided in table 1 to proposed § 350.4(g). The report should contain the total number of outstanding payment stablecoins issued by the PPSI, including the average tenor and geographic location of custody of each category of reserve asset. The report should contain information as of the previous month. Public disclosures are not required to include specific information on the institutions, branches, or counterparties involved in the holding of reserve assets.

• C11

• 2nd 2nd Line

The proposed rule would also amend the deposit insurance coverage rules in part 330 that apply to all FDIC-insured depository institutions by clarifying that deposits held as reserves backing a payment stablecoin would be insured to the PPSI under the FDIC's coverage rules for corporate deposits, but would not be insured to payment stablecoin holders on a pass-through basis. The FDIC has previously used this authority under section 11 of the FDI Act to issue rules providing specificity on insurance coverage; this clarification governs how reserve deposits held at IDIs interact with the standard $250,000 per-depositor account-category framework.

• C9
• C14

• 1st 1st Line
• 2nd 2nd Line

The proposed rule would clarify the treatment of tokenized deposits under the FDI Act. The application of deposit insurance to deposits does not depend upon the technology or recordkeeping used to record an IDI's deposit liabilities — meaning that deposit insurance treatment depends on substantive deposit characteristics (depositor identification, account category, eligible-institution status), not on whether the institution maintains records through traditional ledgers, distributed-ledger technology, or other blockchain-based representations. The proposed rule would include the addition of 'tokenized' to 'deposit recorded using distributed ledger technology' to clarify deposits in tokenized form would not be a payment stablecoin.

• C8
• C9

• GB Governing Body
• 2nd 2nd Line

Reserve assets shall only be comprised of: (1) United States coins and currency (including Federal Reserve notes); (2) money standing to the credit of an account with a Federal Reserve Bank; (3) funds held as demand deposits or other deposits that may be withdrawn upon request at any time at an IDI or insured shares held by an insured credit union (including any foreign branches or agents, including correspondent banks, of an IDI); (4) Treasury bills, notes, or bonds with a remaining maturity of 93 days or less, or issued with a maturity of 93 days or less; (5) money received under repurchase agreements with the PPSI acting as a seller of securities and with an overnight maturity backed by Treasury bills with a maturity of 93 days or less; (6) reverse repurchase agreements with the PPSI acting as a purchaser of securities with an overnight maturity collateralized by Treasury notes, bills, or bonds on an overnight basis subject to overcollateralization in line with standard market terms, that are: (i) tri-party; (ii) centrally cleared through a clearing house registered with the SEC; or (iii) bilateral with a counterparty that the issuer has determined to be adequately creditworthy even in the event of severe market stress; and (7) securities issued by an investment company registered under section 8(a) of the Investment Company Act of 1940 (15 U.S.C. 80a–8(a)) or other registered Government money market fund and that are invested solely in underlying assets described in (1) through (6).

• C9

• 1st 1st Line
• 2nd 2nd Line

A PPSI may engage in a narrow set of core activities: (1) issue payment stablecoins; (2) redeem payment stablecoins; (3) manage reserves related to payment stablecoins, consistent with applicable Federal and State law (the management of payment stablecoin reserves includes purchasing, selling, and holding or holding under custody reserve assets); and (4) provide custodial or safekeeping services limited to certain assets — limited to the holding of payment stablecoins, required payment stablecoin reserves, or private keys of payment stablecoins. It does not include custody of non-payment stablecoin digital assets.

• C8

• GB Governing Body
• 2nd 2nd Line

A PPSI may undertake supporting activities that 'directly support' core activities: (5) assessing fees associated with purchasing or redeeming payment stablecoins; (6) hosting digital wallet infrastructure using cloud platforms or on-premises air-gapped hardware security modules providing secure safekeeping of payment stablecoin private keys or other essential services; (7) acting as principal or agent with respect to any payment stablecoin and the payment of fees to facilitate customer transactions; and (8) other activities the FDIC approves as directly supporting core activities.

• C8

• GB Governing Body
• 2nd 2nd Line

Prohibits a PPSI from providing credit to its customers to purchase payment stablecoins. The FDIC interprets the GENIUS Act's requirements that a PPSI maintain reserve assets comprised of a narrow set of highly liquid assets and that a PPSI engage in a narrow set of activities to be the key guardrails to ensure a PPSI is able to satisfy redemption requests. If a PPSI lends funds to customers to enable customers to purchase payment stablecoins, or were to otherwise issue payment stablecoins to customers on credit extended by the PPSI, the PPSI would then, in effect, need to access separate funding to acquire and maintain identifiable reserve assets to back the payment stablecoins issued on credit. This could result in a highly leveraged balance sheet in which the reserve assets do not provide the intended resiliency.

• C9
• C14

• GB Governing Body
• 1st 1st Line

A PPSI may not use any combination of terms related to the United States Government, including but not limited to 'United States,' 'United States Government,' and 'USG,' in the name of a payment stablecoin, consistent with section 4(a)(9) of the GENIUS Act. The prohibition does not apply to abbreviations of currency that the PPSI is obligated to convert, redeem, or repurchase for a fixed amount of monetary value, as described in proposed § 350.3(c).

• C14

• GB Governing Body
• 2nd 2nd Line

Prohibits a PPSI from engaging in any activity that the FDIC determines is an evasion of the requirements, standards, or prohibitions found in section 4 of the GENIUS Act or proposed Part 350.

• C8

• GB Governing Body
• 2nd 2nd Line

A PPSI is prohibited from paying the holder of any payment stablecoin any form of interest or yield (whether in cash, tokens, or other consideration) solely in connection with the holding, use, or retention of such payment stablecoin. The FDIC presumes a PPSI violates the prohibition if: (A) the PPSI has a contract, agreement, or other arrangement with an affiliate of the PPSI or related third party to pay interest or yield to the affiliate or related third party; or (B) the affiliate, related third party, or an affiliate of a related third party has a contract, agreement, or other arrangement to pay interest or yield (whether in cash, tokens, or other consideration) to a holder of any payment stablecoin issued by the PPSI solely in connection with the holding, use, or retention of such payment stablecoin; and (C) to the extent the person, or an affiliate of the person with whom the PPSI has a contract or other arrangement, is a related third party of the PPSI because the PPSI issues payment stablecoins on the related third party's behalf or under the related third party's branding. A PPSI may rebut the presumption by submitting written materials demonstrating to the FDIC's judgment that the arrangement is not prohibited and not an attempt to evade the prohibition.

• C14

• GB Governing Body
• 2nd 2nd Line

A PPSI may not directly or through implication represent that payment stablecoins are backed by the full faith and credit of the United States, guaranteed by the United States Government, or subject to Federal deposit insurance or Federal share insurance. Although disclaimers may be components of complying with this requirement, the FDIC also expects PPSIs to appropriately ensure that representations, marketing materials, and disclosures are clear and consistent with this requirement to avoid direct representations or implications that are likely to cause confusion. Misrepresentation also implicates 12 CFR part 328 prohibitions on misuse of FDIC name or logo.

• C14

• 1st 1st Line
• 2nd 2nd Line

A PPSI is prohibited from marketing a payment stablecoin in a manner that a reasonable person would perceive the payment stablecoin to be legal tender, issued by the United States, or guaranteed or approved by the United States Government.

• C14

• 1st 1st Line
• 2nd 2nd Line

A PPSI is prohibited from pledging, rehypothecating, or reusing any reserve assets required under § 350.4(a) and (e), including directly or through a third party custodian of the reserve assets, except for the exceptions described in proposed § 350.3(b)(5)(i) through (iii) consistent with section 4(a)(2) of the GENIUS Act. A PPSI may only pledge, rehypothecate, or re-use any reserve assets for the purpose of: (i) satisfying margin obligations in connection with investments in required reserves under proposed § 350.4(e)(5) or (6); (ii) satisfying obligations associated with the use, receipt, or provision of standard custodial services; or (iii) creating liquidity to meet reasonable expectations of requests to redeem payment stablecoins, such that reserves in the form of Treasury bills with a maturity of 93 days or less may be sold as purchased securities in repurchase agreements that either: (A) the repurchase agreements are cleared by a clearing agency registered with the SEC; or (B) the PPSI receives prior written approval from the FDIC.

• C9

• GB Governing Body
• 1st 1st Line

Prohibits a PPSI from marketing a product in the United States as a payment stablecoin, or from issuing a payment stablecoin, unless the product or payment stablecoin is issued in compliance with the GENIUS Act and Part 350. The FDIC will monitor FDIC-supervised PPSIs' marketing, as appropriate, to ensure they do not violate the GENIUS Act or Part 350 of the proposed rule, and for referral to the Department of Treasury for possible violation of section 4(e)(3)(A) of the GENIUS Act.

• C14

• 1st 1st Line
• 2nd 2nd Line

Reserve assets will be recorded on the PPSI's balance sheet under GAAP and included in the quarterly reports required under proposed § 350.7 and on Consolidated Reports of Condition and Income (Call Reports) for the parent IDI. Standardizing these reporting requirements will enhance the FDIC's ability to supervise PPSIs and provide clarity as to the information a PPSI must report.

• C11

• 1st 1st Line
• 2nd 2nd Line

Proposed § 350.5(d)(1) would provide that a PPSI must also publicly, clearly, and conspicuously disclose in plain language and in a format that is readily noticeable, readily understandable, and segregated from other information: (i) the name of the PPSI that issues the brand of payment stablecoin; (ii) that the PPSI is the entity that is obligated to convert, redeem, or repurchase the payment stablecoin for a fixed amount of monetary value; (iii) the link to the monthly composition report of the relevant PPSI's reserves required under § 350.4(g); and (iv) all fees associated with purchasing or redeeming payment stablecoins. Updates to the disclosures require at least seven calendar days' prior notice.

• C14

• 2nd 2nd Line

A PPSI must publicly disclose its redemption policy. Proposed § 350.5(a)(1) requires the PPSI to disclose the timeframe in which the PPSI will redeem payment stablecoins issued by the PPSI for a fixed amount of monetary value and the timeframe under proposed § 350.5(b)(1). Proposed § 350.5(a)(2) would require the PPSI to include the statement that any discretionary limitations on timely redemptions can only be imposed by the FDIC. Proposed § 350.5(a)(3) requires the PPSI to explain when the redemption period may be extended. Proposed § 350.5(a)(4) requires the PPSI to provide a statement with clear instructions on how a payment stablecoin holder can redeem a payment stablecoin. Under proposed § 350.5(a)(5), the PPSI must disclose the minimum number of payment stablecoins that it will redeem; this minimum may not be greater than one payment stablecoin.

• C14

• 1st 1st Line
• 2nd 2nd Line

A PPSI must have a payment stablecoin redemption policy with clear and conspicuous procedures for timely redemption of outstanding payment stablecoins. The FDIC is proposing to define 'timely' to mean that a PPSI shall redeem a payment stablecoin no later than two business days following the date of the requested redemption in proposed § 350.5(b)(1). Under the proposal, two business days would be the maximum amount of time a PPSI could choose to redeem payment stablecoins, but a PPSI could choose a shorter time period. Consistent with the Act, the FDIC is proposing that discretionary limitations on timely redemptions can only be imposed by the FDIC.

• C14
• C16

• 1st 1st Line
• 2nd 2nd Line

Proposed § 350.4(a)(1) would require the PPSI to maintain identifiable reserves fully backing the outstanding payment stablecoins of the PPSI, the reserve asset value of which must at all times meet or exceed the total outstanding issuance value of payment stablecoins issued by the PPSI. To maintain 'identifiable reserves,' the PPSI shall maintain appropriate records to identify required reserve assets underlying a particular payment stablecoin. Reserve assets will be recorded on the PPSI's balance sheet under GAAP and included in the quarterly reports required under proposed § 350.7 and on Call Report for the parent IDI. Proposed § 350.4(a)(2) requires the PPSI to monitor the issuance and redemption of payment stablecoins to ensure compliance. Proposed § 350.4(a)(3) requires the PPSI to maintain reserves directly or maintain them in the custody of an eligible financial institution.

• C9

• 1st 1st Line
• 2nd 2nd Line

For purposes of calculating the reserve asset value of the reserve assets backing each outstanding payment stablecoin issued by the PPSI, reserve assets shall be valued at fair value, with the exceptions of United States coins and currency which shall be valued at face value. Valuing reserve assets at fair value would result in reserve assets reflecting market prices at that time and ensure that the PPSI has sufficient reserves to meet redemption requests at par value. U.S. coins include those minted of precious metals such as gold and silver; valuing coins at fair rather than par value could lead to gold or silver, in coin form, backing payment stablecoins, which the FDIC believes is not consistent with Congressional intent.

• C9

• 1st 1st Line
• 2nd 2nd Line

Requires a PPSI to demonstrate the operational capability to access and monetize reserve assets, commensurate with the PPSI's risk profile and business model. The PPSI must be able to monetize the reserve assets, potentially quickly and at short notice, to meet redemption requests. Smaller, less complex PPSIs may demonstrate monetization capability by establishing arrangements with counterparties through which it can quickly sell reserve assets at fair value. A PPSI could also demonstrate an arrangement with its parent IDI that would provide funding through purchases of the PPSI's reserves. PPSIs would likely regularly monetize reserve assets in the ordinary course of business and should be able to demonstrate on a regular basis that the PPSI has adequate monetization channels.

• C9
• C16

• 1st 1st Line
• 2nd 2nd Line

Proposed § 350.4(f) would require that a PPSI limit its total counterparty exposure to any one eligible financial institution, regardless of type of reserve asset, to no more than 40 percent of its reserve assets across all brands of payment stablecoins issued by the PPSI. The PPSI should take into account exposure across all of an eligible financial institution's parents, subsidiaries, or affiliates. The FDIC selected 40 percent so no single eligible financial institution custodies a majority of the PPSI's reserve assets.

• C9

• 1st 1st Line
• 2nd 2nd Line

Proposed § 350.4(i)(1) provides that a PPSI shall notify the FDIC in writing when the PPSI determines or has reasonable grounds to suspect that the aggregate fair value of identified reserves backing any of the PPSI's outstanding payment stablecoins is less than the amount required under proposed § 350.4(a). Proposed § 350.4(i)(1) would also provide that, upon notification by a PPSI that identified reserves have fallen below the amount required under proposed § 350.4(a), the FDIC in its sole discretion may take any of the steps described in: (i) direct the PPSI to suspend or reduce issuance of a payment stablecoin until the aggregate fair value of identifiable reserves backing the brand of payment stablecoins exceeds the outstanding issuance value of the particular payment stablecoin; (ii) direct the PPSI to take measures to increase the aggregate value of identifiable reserves until the aggregate value of identifiable reserves backing outstanding payment stablecoins exceeds the value of outstanding payment stablecoins; or (iii) direct the PPSI to begin orderly redemption of the payment stablecoin in light of exigent circumstances.

• C9
• C16

• 1st 1st Line
• 2nd 2nd Line

Proposed § 350.4(j) would require PPSIs to maintain a written contingency plan describing the measures that it will take to restore compliance with the requirements in proposed §§ 350.4(a)(1) or (e) or § 350.9 if the PPSI is not meeting those requirements. The plan would include reserve monitoring systems that would trigger alerts to the PPSI when falling below specific thresholds, actions the PPSI will take as fair-value reserves fall below specific thresholds, and delineate immediate steps the PPSI shall take. Pre-arranged funding sources and responsible staff with authority to decide what steps the PPSI shall take to comply with proposed §§ 350.4(a) and 350.9 should be designated.

• C9

• GB Governing Body
• 2nd 2nd Line

Requires a PPSI's asset growth to be commensurate with risk management and operational capabilities. The proposal does not establish limits on asset growth rates or the overall size of a PPSI but is intended to ensure that the growth of assets is managed prudently and that management maintains risk management and operational capabilities.

• C3

• GB Governing Body
• 2nd 2nd Line

Proposed § 350.6(a)(5) addresses insider and affiliate transactions and is intended to add to the protection of the assets and resources of a PPSI from misuse for the benefit of insiders, affiliates, or related entities. Under proposed § 350.6(a)(5)(i), a PPSI would be required to ensure that transactions between or among the PPSI and insiders or affiliates (other than the parent IDI of which it is a subsidiary): (A) do not pose significant risks of material financial loss to the PPSI; and (B) are conducted on terms that are the same as or at least as favorable to the PPSI as those prevailing at the time for comparable transactions with or involving non-insiders or non-affiliates.

• C3

• GB Governing Body
• 2nd 2nd Line

A PPSI must manage interest rate risk in a manner that is appropriate to the size and complexity of the PPSI and the complexity of its assets and liabilities. Although the reserve composition requirements proposed under proposed § 350.4(e) limit reserve assets to those that generally have limited duration or no duration (e.g., funds held as demand deposits), PPSIs should understand the impact that changes in interest rates, particularly increases in interest rates over short-time periods, may have on the fair value and monetization of interest-sensitive reserve assets.

• C3

• 2nd 2nd Line

PPSIs must have an internal audit system that is appropriate to the size and complexity of the PPSI and the nature, scope, and risk of its activities and that provides for: (i) adequate monitoring of the system of internal controls through an internal audit function (or, for a PPSI whose size, complexity or scope of operations does not warrant a full scale internal audit function, a system of independent reviews of key internal controls); (ii) independence and objectivity; (iii) qualified persons; (iv) adequate independent testing and review of internal controls and information systems; (v) adequate documentation of tests and findings and any corrective actions; and (vi) verification and review of management actions to address deficiencies.

• C11

• 2nd 2nd Line
• 3rd 3rd Line

Proposed § 350.6(a)(1) would require a PPSI to have internal controls and information systems that are appropriate for the size and complexity of the PPSI and the nature, scope, and risk of its activities and that provide for: (i) an organizational structure that establishes clear lines of authority and responsibility for monitoring adherence to established policies; (ii) effective risk assessment; (iii) timely and accurate financial, operational, and regulatory reporting; (iv) adequate procedures to monitor, safeguard, manage, and control assets, including reserve assets; and (v) compliance with applicable laws and regulations. The standards are adapted from 12 CFR part 364, Appendix A.

• C3
• C11

• 2nd 2nd Line

Section 4(a)(4)(A)(iv) of the GENIUS Act directs the FDIC to establish appropriate information technology risk management principles-based requirements and standards that are tailored to a PPSI's business model and risk profile, and consistent with applicable law. Proposed § 350.6(b) sets forth such principles-based information technology risk management standards, including a comprehensive written information security risk and control framework, an inventory and classification of assets and processes, controls supporting and safeguarding sensitive information, evaluation/validation/reporting processes including for smart contracts, periodic independent testing, comprehensive incident-identification and response, administrative/technical/physical safeguards over nonpublic personal customer information, and measures to ensure secure handling of digital assets including private-key management, backup, and recovery.

• C3
• C16

• 1st 1st Line
• 2nd 2nd Line

A PPSI must: (i) appropriately monitor and validate compliance with the requirements of proposed § 350.4; and (ii) manage liquidity risk in a manner that is appropriate to the business model and risk profile of the PPSI. Appropriate monitoring and management of liquidity is integral to the operations of a PPSI and its ability to facilitate the timely redemption of payment stablecoins and adhere to the requirements under proposed § 350.4.

• C9

• 2nd 2nd Line

A PPSI must: (i) exercise appropriate due diligence in selecting its service providers; (ii) require its service providers by contract to implement appropriate measures designed to meet the requirements of proposed Part 350; and (iii) as appropriate, monitor its service providers to confirm they have satisfied their obligations under proposed Part 350. Appropriate due diligence provides PPSIs with the information needed to evaluate whether third-party service providers can perform as expected and whether risks associated with the relationship can be adequately identified, monitored, and controlled.

• C3

• 2nd 2nd Line

Proposed § 350.0(a) describes the purpose of subpart A: to implement the GENIUS Act, 12 U.S.C. 5901 et seq., with respect to entities for which the FDIC is authorized to issue regulations under the Act. Proposed § 350.0(b) provides that proposed Part 350 subpart A applies to all PPSIs for which the FDIC is the primary Federal payment stablecoin regulator — namely subsidiaries of insured State nonmember banks and State savings associations approved to issue payment stablecoins (collectively, 'FDIC-supervised PPSIs'). Subpart B applies to FDIC-supervised custodians.

• C8

Provisions of proposed Part 350 are separate and severable from one another. In the event a court stays a particular provision or determines any provision is invalid, the FDIC intends that the remaining provisions shall continue in effect.

• C8

Proposed § 350.5(c) would provide that the PPSI must notify the FDIC immediately if it receives redemption requests that exceed 10 percent of its outstanding issuance value within a 24-hour period, which the FDIC defines as a 'significant redemption request.' Upon the 10 percent threshold being crossed, rather than waiting until the end of the 24-hour period, the PPSI may request that the FDIC grant the PPSI approval to extend the redemption time period beyond the required two business days. The FDIC may also request the PPSI to provide a specific time period by which it expects to be able to satisfy all of the redemption requests and, if appropriate, whether it is at risk of potentially not satisfying requirements in proposed § 350.4(i) or plans to implement the measures in proposed § 350.4(j). The FDIC in its sole discretion may choose to grant or deny the request for extension or grant a different amount of time than one requested by the PPSI.

• C14
• C16

• 1st 1st Line
• 2nd 2nd Line

Subpart B applies to FDIC-supervised custodians — national banks, FSAs, Federal branches, or PPSIs that provide custody or safekeeping services for covered assets (payment stablecoin reserves, payment stablecoins used as collateral, or private keys used to issue payment stablecoins). The FDIC-supervised custodian must separately account for the covered assets of each covered customer, treat and deal with those covered assets as belonging to the covered customer and not as the property of the custodian, and take appropriate steps to protect covered assets from claims of creditors of the custodian and any sub-custodian, including through written policies, procedures, and internal controls.

• C9

• 1st 1st Line
• 2nd 2nd Line

Authorities should have and utilise the necessary powers and tools, and adequate resources, to comprehensively regulate, supervise, and oversee a GSC arrangement and its multi-functional activities and risks, and to enforce relevant laws and regulations effectively. Where necessary, authorities should close gaps in their legal and regulatory frameworks.

• C8

• EA External Assurance

Authorities should ensure that a GSC arrangement meets all applicable regulatory, supervisory, and oversight requirements of a particular jurisdiction before commencing any operations in that jurisdiction, and adapts to new regulatory requirements as necessary. Launch should be conditional on regulatory readiness, not retrospective. Where a GSC would be used as a means of payment at scale, the authority should additionally consider conditions specific to payment systems (finality, access, operational reliability, competition).

• C8
• C14

Authorities should apply comprehensive and effective regulation, supervision, and oversight to a GSC arrangement proportionate to the financial stability risk it poses, following the principle of 'same activity, same risk, same regulation.' Regulatory treatment should be functional and activity-based, covering all functions performed by the GSC arrangement, including issuance, transfer, custody, reserve management, validation, and governance.

• C8

Authorities should cooperate and coordinate with each other, both domestically and internationally, and share information with each other as necessary, to foster efficient and effective communication and consultation in order to support each other in fulfilling their respective mandates, and to encourage consistency of regulatory and supervisory outcomes. Supervisory colleges should be established for GSCs of global systemic significance.

• C8

Authorities should require that GSC arrangements have in place a comprehensive governance framework with a clear allocation of accountability for the functions and activities within the GSC arrangement. The framework should be proportionate to the risks posed. It should cover decentralised operations and any governance body or persons that may exercise control, and should address conflicts of interest where a single entity or closely related entities control multiple functions.

• C8

• GB Governing Body

Authorities should require that GSC arrangements have effective risk management frameworks in place, especially with regard to reserve management (including safeguarding of assets), operational resilience (including cybersecurity safeguards), AML/CFT measures, and 'fit and proper' requirements on officers and owners. Risk management should be embedded in policies, procedures, systems, controls, and the governance structure.

• C3
• C9
• C10

• 2nd 2nd Line

Authorities should require that GSC arrangements have in place robust systems for collecting, storing, and safeguarding data. Authorities should have timely access to data necessary to fulfil their regulatory, supervisory, and oversight mandates, including across borders. GSCs must accommodate cross-border data access requirements without compromising data protection or privacy obligations in host jurisdictions.

• C11
• C15

Authorities should require that GSC arrangements have appropriate recovery and resolution plans in place. Recovery planning should enable the arrangement to continue to operate through stress. Resolution planning should enable critical functions to continue, or to wind down in an orderly manner, without severe systemic disruption and without exposing taxpayers to loss. Plans must be tested and reviewed regularly.

• C9
• C10

• GB Governing Body
• 2nd 2nd Line

Authorities should require that GSC arrangements provide to users and relevant stakeholders comprehensive and transparent information, including on the governance framework, redemption rights, reserve composition and management, operation of the stabilisation mechanism, third-party service providers, and risks. Information must be clear, accurate, and readily accessible.

• C11
• C14

Authorities should require that GSC arrangements provide a robust legal claim and redemption rights against the issuer or reserve assets, with redemption honored at par in the referenced fiat currency under all market conditions. Authorities should require prudential requirements (capital, liquidity, reserve composition) commensurate with the stability and redemption guarantees the arrangement provides. Algorithmic stablecoins without a reserve backing and without a legal claim are not consistent with this recommendation.

• C9
• C14

PPSIs with more than $50 billion in outstanding stablecoins must submit audited annual financial statements.

• C11

• EA External Assurance

Amends Title 11 of the U.S. Code so that reserve assets maintained by a PPSI to back payment stablecoins are not property of the bankruptcy estate, preserving reserves for stablecoin holders rather than general unsecured creditors.

• C9

• 1st 1st Line
• 2nd 2nd Line

Custodial and safekeeping services for payment stablecoin reserves, payment stablecoins used as collateral, or private keys used to issue permitted payment stablecoins may only be performed by entities subject to federal or state banking-regulator oversight.

• C8
• C9

• 2nd 2nd Line
• EA External Assurance

Three years after enactment (from 2028-07-18), digital asset service providers may not offer, sell, or make available in the United States any payment stablecoin that is not issued by a PPSI or an authorized foreign issuer. Definition of DAPS excludes distributed-ledger protocols, development, immutable or self-custodial wallet interfaces, and liquidity-pool participation.

• C8
• C16

• GB Governing Body
• 2nd 2nd Line

Prohibits any person other than a permitted payment stablecoin issuer (PPSI) or an authorized foreign issuer from issuing a payment stablecoin in the United States.

• C8

• GB Governing Body

Monthly public disclosure of the composition of reserves, certified by issuer executives and examined by a registered public accounting firm.

• C11

• 2nd 2nd Line

Establishes three permitted issuer classes: (1) subsidiaries of insured depository institutions supervised by a federal banking agency (OCC/FDIC/Fed), (2) nonbank federal qualified payment stablecoin issuers supervised by the OCC, and (3) state-qualified PPSIs under a substantially similar state regime.

• C8

• GB Governing Body

Issuers must establish and publicly disclose redemption procedures.

• C14

• 1st 1st Line
• 2nd 2nd Line

Requires PPSIs to maintain reserves backing outstanding payment stablecoins on at least a one-to-one basis.

• C9

• 1st 1st Line
• 2nd 2nd Line

Reserves may consist only of: (i) U.S. coins and Federal Reserve notes; (ii) demand deposits at insured depository institutions (including regulated foreign banks); (iii) Treasury bills, notes, or bonds with remaining maturity ≤ 93 days; (iv) repurchase/reverse-repurchase agreements backed by such Treasuries; (v) money market funds invested solely in the foregoing; (vi) central bank reserve deposits.

• C9

• 1st 1st Line
• 2nd 2nd Line

Prohibits rehypothecation of reserve assets except to create liquidity to meet reasonable redemption expectations. Treasury-bill short-term repo permitted via approved CCP or with prior regulator approval.

• C9

• 1st 1st Line

A payment stablecoin issued by a permitted payment stablecoin issuer (PPSI) is NOT a 'security' under the Securities Act of 1933 §2(a)(1), the Securities Exchange Act of 1934 §3(a)(10), the Investment Company Act of 1940 §2(a)(36), or the Investment Advisers Act of 1940 §202(a)(18); is NOT a 'commodity' under the Commodity Exchange Act §1a(9); and is NOT a 'security' or 'commodity' for any other purpose under the federal securities or commodities laws. The carve-out applies only to payment stablecoins as defined in the Act AND only when issued by a PPSI — algorithmic stablecoins, multi-asset-referenced stablecoins, and unauthorized issuers remain subject to whatever classification the SEC, CFTC, or the courts otherwise determine. The exclusion does not extend to Title 26 (Internal Revenue Code) treatment; tax classification is governed separately and is captured in `irs-1099-da.ts`.

• C8

• GB Governing Body

Directs Treasury to promulgate BSA, AML, and OFAC-related rules for PPSIs in coordination with the primary federal payment stablecoin regulators. Separate rulemaking track from OCC's prudential rules (12 CFR Part 15).

• C2
• C3
• C7

• 2nd 2nd Line

Prohibits PPSIs and authorized foreign payment stablecoin issuers from paying any form of interest or yield to holders solely in connection with the holding, use, or retention of a payment stablecoin.

• C14

• GB Governing Body

For digital-asset 'covered securities' acquired after 2025-12-31 in a custodial account, brokers must additionally report adjusted cost basis and holding-period classification (long-term / short-term) on Form 1099-DA. Basis reporting is required beginning for transactions effected on or after 2026-01-01. Digital assets acquired before 2026 or transferred in from external sources remain noncovered (no basis reporting required).

• C11
• C12

A 'broker' includes any person that effects sales of digital assets for customers in the ordinary course of a trade or business, including: operators of custodial digital-asset trading platforms (centralized exchanges), certain hosted wallet providers, digital-asset kiosk operators, and certain processors of digital-asset payments (PDAPs). Non-custodial DeFi front-end operators were addressed in a separate December 2024 final rule currently under legal challenge; not modeled here.

• C8
• C11

Brokers must furnish payee statements (generally the customer-facing copy of Form 1099-DA) to each customer by January 31 of the year following the reportable transactions. Statement includes gross proceeds and, for 2026-and-later transactions on covered securities, basis and holding-period information.

• C11
• C14

The IRS will not impose penalties for failure to file correct Forms 1099-DA or furnish correct payee statements for the 2025 tax year if the broker makes a good-faith effort to comply. Relief applies only to 2025 digital-asset transactions reported in early 2026. Does not extend to 2026 transactions (basis-reporting-effective year).

• C11

Brokers must report gross proceeds from sales and exchanges of digital assets effected on or after 2025-01-01. Reporting is on Form 1099-DA, filed with the IRS and furnished to the customer as a payee statement. Covers sales for cash, exchanges for property or services, and certain stablecoin-for-digital-asset exchanges.

• C11
• C12

Brokers transferring a customer's digital-asset covered securities to another broker must provide a transfer statement containing acquisition date, cost basis, and other information required to facilitate subsequent basis reporting. Applies post-basis-effective-date (2026-01-01).

• C11

Section 4(a)(10) of the GENIUS Act requires that a PPSI with more than $50 billion in consolidated total outstanding issuance value that is not subject to certain reporting requirements under Federal securities laws prepare an annual financial statement audited by a PCAOB-registered public accounting firm in accordance with auditing standards adopted by the Public Company Accounting Oversight Board. Section 4(a)(10) further provides that the audited annual financial statement must be made publicly available on the PPSI's website and be submitted annually to the primary Federal payment stablecoin regulator. Under proposed § 15.14(l)(2), the audited financial statement is due within 120 days of fiscal year-end.

• C11

• EA External Assurance

A person seeking to acquire control of a PPSI must follow the requirements of 12 CFR 5.50 as if the PPSI were a national bank. Under 12 CFR 5.50, a person seeking to acquire control must provide 60 days' prior notice to the OCC. If the OCC has not disapproved the acquisition within 60 days, the acquirer may proceed. Acquisition without following 12 CFR 5.50 requires the new controlling person to submit all information required under 12 CFR 5.50 within 15 calendar days and exposes the PPSI to supervisory or enforcement actions.

• C8

• GB Governing Body

A covered custodian (a national bank, Federal savings association, Federal branch, or PPSI providing custody for covered assets — payment stablecoin reserves, payment stablecoins used as collateral, or private keys used to issue payment stablecoins) must (a) separately account for the covered assets of each covered customer and treat and deal with those covered assets as belonging to the covered customer and not as the property of the covered custodian; and (b) take appropriate steps to protect the covered assets of covered customers from the claims of creditors of the covered custodian and any sub-custodian, including through adopting, implementing, and maintaining written policies, procedures, and internal controls.

• C9

• 1st 1st Line
• 2nd 2nd Line

The OCC is proposing a floor of $5 million on the minimum capital requirement during the 'de novo period' — generally the three-year period following chartering or licensing by the OCC of the PPSI to issue stablecoins under proposed Part 15 (or, for SQPPSIs transitioning to the OCC's regulatory framework, three years from transition). The floor is primarily intended to ensure that every PPSI has sufficient resources to support initial operations, particularly to cover the losses that are expected to occur early in the startup phase of a new stablecoin. OCC experience with chartering de novo national trust banks providing stablecoin programs has shown minimum capital amounts ranging from $6.05 million to $25 million.

• C8

• GB Governing Body
• 2nd 2nd Line

Defines 'eligible financial institution' to mean (1) a person that (a) is eligible to hold reserve assets in custody under section 10(a) of the GENIUS Act (12 U.S.C. 5909(a)); (b) complies with the applicable requirements in section 10(b), (c), and (d) of the Act (12 U.S.C. 5909(b), (c), and (d)) and any applicable implementing regulations issued by a relevant Federal payment stablecoin regulator, primary financial regulatory agency, State bank supervisor, or State credit union supervisor; and (c) if applicable, enters into a custody agreement with a PPSI documenting compliance and policies and procedures; or (2) a Federal Reserve Bank. The definition anchors the reserve-asset diversification and concentration requirements at proposed § 15.11(c).

• C8
• C9

Defines 'Federal qualified payment stablecoin issuer' (FQPPSI) — consistent with GENIUS Act 12 U.S.C. 5901(11) — to mean the following entities that are approved by the OCC, pursuant to proposed § 15.30, to issue payment stablecoins: (1) a nonbank entity, other than a State qualified payment stablecoin issuer; (2) an uninsured national bank that is chartered by the OCC pursuant to title LXII of the Revised Statutes; or (3) a Federal branch.

• C8

Defines 'outstanding issuance value' to mean the total consolidated par value of all of a PPSI's payment stablecoins, including the combined total par value of different brands of payment stablecoin issued by the PPSI (e.g., under a white-label arrangement). The definition is limited to stablecoins issued by the PPSI and consolidated subsidiaries and excludes those of non-consolidated affiliates. Outstanding issuance value anchors reserve-asset 1:1 backing (§ 15.11), examination cadence (§ 15.14), and minimum capital calculation (§ 15.41).

• C9
• C11

Defines 'State qualified payment stablecoin issuer' (SQPPSI) — consistent with GENIUS Act 12 U.S.C. 5901(31) and the OCC's proposed clarification — to mean an entity that is (1) legally established under the laws of a State and approved to issue payment stablecoins by a State payment stablecoin regulator; and (2) not an uninsured national bank chartered by the OCC pursuant to title LXII of the Revised Statutes, a Federal branch, an insured depository institution, or a subsidiary of such an uninsured national bank, Federal branch, or insured depository institution.

• C8

A PPSI must not engage in any activity that the OCC determines is an evasion of the requirements of section 4 of the GENIUS Act or Part 15. Section 4(h)(1) authorizes the OCC to issue regulations to 'carry out the requirements of this section . . . and to prevent evasion thereof.'

• C8

• GB Governing Body
• 2nd 2nd Line

The OCC will conduct a full-scope examination of every PPSI subject to its supervision at least once during each 12-month period, unless otherwise specified in proposed § 15.14(d). A full-scope examination refers to the comprehensive review of the PPSI's financial condition, risk management practices, compliance with laws and regulations, and overall safety and soundness. Section 15.14(d) provides the OCC with the option to examine some PPSIs on an 18- to 36-month cycle if (1) the PPSI is not currently subject to a formal enforcement proceeding or order; (2) no person acquired control during the preceding 12-month period in which a full-scope examination would have been required; (3) the PPSI has an outstanding issuance value of less than $1 billion or less than $25 billion in total monthly trading volume; and (4) the PPSI is in compliance with all reserve requirements (§ 15.11) and reporting requirements (§ 15.14).

• C8
• C11

• 2nd 2nd Line
• EA External Assurance

A PPSI with an outstanding issuance value of $25 billion or more must, on each business day, maintain at least 0.5 percent of its reserve assets in the form of insured deposits or insured shares at an insured depository institution, up to a cap of $500 million. The floor is intended to spread reserves across the depository system and reassure stablecoin holders by ensuring some portion of reserves is in FDIC/NCUA-insured form (recognizing the $250,000 per-depositor coverage limit constrains the aggregate insured percentage).

• C9

• 1st 1st Line
• 2nd 2nd Line

Proposed § 15.11(f)(1) requires the examination of the previous month-end report to occur by noon on the last day of each month and the report to be published on the PPSI's website at the same time as the monthly report required under § 15.11(e). Proposed § 15.11(f)(2) requires the Chief Executive Officer and Chief Financial Officer (or persons performing the equivalent functions) of the PPSI to submit a certification as to the accuracy of the monthly report to the OCC; any person who submits this required certification knowing that such certification is false shall be subject to the same criminal penalties as those set forth under 18 U.S.C. 1350(c).

• C11

• GB Governing Body
• EA External Assurance

A PPSI must publish on its website by noon on the last day of each month the composition of the issuer's reserves held pursuant to the GENIUS Act as of noon of the last day of the prior month, using a format substantially similar to the template provided in table 1 to proposed § 15.11(e). The report must contain: the total number of outstanding payment stablecoins issued by the issuer; the amount (fair value) and composition of the reserves, including the average tenor and geographic location of custody of each category of reserve instruments.

• C11

• 2nd 2nd Line

A covered custodian must segregate all covered assets of covered customers and not commingle them with the assets of the covered custodian. The OCC proposes to allow any covered custodian to commingle the covered assets of multiple covered customers in one or more omnibus accounts, to the extent that the steps it has taken pursuant to § 15.21(b) are adequate to maintain safe and sound practices for the use of omnibus accounts, and to the extent that the use of omnibus accounts is consistent with applicable law.

• C9

• 1st 1st Line
• 2nd 2nd Line

A PPSI must calculate a minimum capital requirement based on an evaluation of the risks associated with its business model and risk profile. Capital must be sufficient to support operations and maintain the capital levels that would be required under subpart E of proposed Part 15. The required capital amount must incorporate the operating history and operational risk of the issuer, consistent with the standards described above that the OCC uses to determine the capital requirement for de novo stablecoin issuers. Regulatory capital consists of two elements: common equity tier 1 capital and additional tier 1 capital (the OCC is not proposing tier 2 capital, additional capital deductions, or specific minimum ratios, electing a tailored, individualized-evaluation approach during the de novo period and beyond).

• C8
• C11

• GB Governing Body
• 2nd 2nd Line

Reserve assets must comprise: (1) United States coins and currency (including Federal Reserve notes) or money standing to the credit of an account with a Federal Reserve Bank; (2) funds held as deposits or insured shares payable upon demand at an insured depository institution (including any foreign branches or agents, including correspondent banks), subject to FDIC/NCUA limitations; (3) Treasury bills, Treasury notes, or Treasury bonds with a remaining maturity of 93 days or less; (4) money received under repurchase agreements with the PPSI acting as seller (overnight only, fully collateralized by ≤93-day Treasury bills); (5) reverse repurchase agreements with the PPSI as purchaser, overnight maturity, tri-party / centrally cleared / or bilateral with an OCC-vetted counterparty; (6) securities issued by an investment company registered under section 8(a) of the Investment Company Act of 1940 (a registered Government money-market fund) invested solely in the assets described in (1)–(5); (7) any other similarly liquid Federal Government-issued asset approved by the OCC, in consultation with the State payment stablecoin regulator if applicable; or (8) any reserve described in (1), (3), (6), or (7) in tokenized form, provided that such reserves comply with all applicable laws and regulations.

• C9

• 1st 1st Line
• 2nd 2nd Line

A permitted payment stablecoin issuer may engage in: (1) issuing payment stablecoins; (2) redeeming payment stablecoins; (3) managing reserves related to the issuance or redemption of payment stablecoins, including purchasing, selling, and holding reserve assets or providing custodial services for reserve assets, consistent with applicable State and Federal law; (4) providing custodial or safekeeping services for payment stablecoins, required reserves, or private keys of payment stablecoins consistent with the GENIUS Act; (5) assessing fees associated with the purchasing or redeeming of payment stablecoins; (6) holding and transacting in payment stablecoins as principal or agent; (7) paying fees to facilitate customer transactions (network or 'gas' fees); and (8) other activities that directly support (1)–(4).

• C8

• GB Governing Body
• 2nd 2nd Line

An insured national bank, Federal savings association, or insured Federal branch that seeks to issue payment stablecoins through a subsidiary, and any nonbank entity, uninsured national bank, or uninsured Federal branch that seeks to issue payment stablecoins as an FQPPSI, must file an application under proposed § 15.30 and obtain OCC prior approval before issuing payment stablecoins. The 120-day approval clock under GENIUS Act § 5(d)(1)(A) is measured from the date the OCC determines the application is substantially complete. Section 5(c) of the GENIUS Act prescribes factors for evaluating a substantially complete application: financial condition and resources; whether officers or directors have been convicted of a felony involving insider trading, embezzlement, cybercrime, money laundering, financing of terrorism, or financial fraud; competence, experience, and integrity of officers, directors, and principal shareholders; the applicant's redemption policy; and any other factors the OCC establishes that are necessary to ensure safety and soundness.

• C8

• GB Governing Body
• 2nd 2nd Line

A permitted payment stablecoin issuer shall not use any combination of terms relating to the United States Government, including 'United States,' 'United States Government,' and 'USG,' in the name of the payment stablecoin. The prohibition does not apply to abbreviations referring directly to the currency to which the stablecoin is pegged (e.g., 'USD').

• C14

• GB Governing Body
• 2nd 2nd Line

A PPSI must not pay the holder of any payment stablecoin any form of interest or yield (whether in cash, tokens, or other consideration) solely in connection with the holding, use, or retention of such payment stablecoin. Proposed § 15.10(c)(4)(i) creates a rebuttable presumption that a PPSI is paying yield through a related third party where (A) the PPSI has a contract, agreement, or other arrangement with an affiliate or related third party; and (B) the affiliate or related third party pays interest or yield to a holder. The presumption may be rebutted by submitting written materials demonstrating the arrangement is not prohibited and is not an attempt to evade the prohibition.

• C14

• GB Governing Body
• 2nd 2nd Line

A PPSI may not directly or through implication represent that payment stablecoins are backed by the full faith and credit of the United States, guaranteed by the United States Government, or subject to Federal deposit insurance or Federal share insurance.

• C14

• 1st 1st Line
• 2nd 2nd Line

A PPSI shall not market a payment stablecoin in such a way that a reasonable person would perceive the payment stablecoin to be legal tender as described in 31 U.S.C. 5103, issued by the United States, or guaranteed or approved by the Government of the United States. Misrepresentations cannot be cured by general disclaimer.

• C14

• 1st 1st Line
• 2nd 2nd Line

Prohibits a PPSI from pledging, rehypothecating, or reusing any reserve assets required under 12 U.S.C. 5903(a)(1), except for the purposes listed in section 4(a)(2) of the GENIUS Act: (i) satisfying margin obligations in connection with investments in permitted reserves under proposed § 15.11(b)(4) or (5); (ii) satisfying obligations associated with the use, receipt, or provision of standard custodial services; or (iii) creating liquidity to meet reasonable expectations of requests to redeem payment stablecoins, such that reserves in the form of Treasury bills with a maturity of 93 days or less may be sold as purchased securities in repurchase agreements that are cleared by an SEC-registered clearing agency, centrally cleared, or bilateral with an OCC-approved creditworthy counterparty. The 'directly or indirectly' language clarifies that a custodian holding reserves on behalf of a PPSI also may not rehypothecate.

• C9

• GB Governing Body
• 1st 1st Line

A PPSI must submit quarterly reports of financial condition to the OCC, including but not limited to income statement, expenses, balance sheet, reserves, changes in equity, investments, capital, outstanding issuance value, and assets under custody, in a standardized format as prescribed by the OCC within 30 days of the end of the prior quarter. The provision mirrors the quarterly Call Report regime applicable to national banks and Federal savings associations under 12 U.S.C. 161(a) and 12 U.S.C. 1464(v).

• C11

• 1st 1st Line
• 2nd 2nd Line

A PPSI must publicly, clearly, and conspicuously disclose in plain language and in a format that is readily noticeable to customers, readily understandable by customers, and segregated from other information: (i) the name of the PPSI that issues the payment stablecoin; (ii) that the PPSI is the entity that is obligated to convert, redeem, or repurchase the payment stablecoin for a fixed amount of monetary value; (iii) the link to the monthly composition report of the relevant PPSI's reserves required under § 15.11(e); and (iv) all fees associated with purchasing or redeeming payment stablecoins. Updates to disclosures require at least seven calendar days' prior notice to customers under § 15.12(d)(2).

• C14

• 2nd 2nd Line

A PPSI must publicly disclose its redemption policy. The policy must include a timeframe in which the issuer will redeem payment stablecoins which, under proposed § 15.12(b)(1)(i), may not exceed two business days following the date of the requested redemption. Discretionary limitations on timely redemptions may only be imposed by the OCC or, in the case of a State qualified PPSI, by the OCC, the Federal Reserve, or the State payment stablecoin regulator. Under proposed § 15.12(c)(1), the period for timely redemption is extended to seven calendar days if a PPSI faces redemption demands in excess of 10 percent of its outstanding issuance value in a single 24-hour period; § 15.12(c)(4) requires the PPSI exceeding the 10% threshold to notify the OCC within 24 hours.

• C14
• C16

• 1st 1st Line
• 2nd 2nd Line

A PPSI must demonstrate the operational capability to access and monetize the identifiable reserve assets, commensurate with the PPSI's risk profile and business model. The PPSI must be able to monetize the reserve assets, potentially quickly and at short notice, in order to meet redemption requests. Operational evidence may include actual outright sales, repurchase transactions, multiple repurchase agreement lines, or other arrangements proportionate to size and complexity.

• C9
• C16

• 1st 1st Line
• 2nd 2nd Line

A PPSI must maintain reserve assets that: (i) are identifiable; (ii) are segregated from and not commingled with other assets owned or held by the PPSI; (iii) at all times have a total fair value that equals or exceeds the outstanding issuance value of the PPSI; and (iv) are either held directly by the PPSI or within the custody of an eligible financial institution. Fair value (not amortized cost) anchors the ≥1:1 backing requirement so that reserve assets reflect current market prices and are monetizable at a value sufficient to meet any redemption request.

• C9

• 1st 1st Line
• 2nd 2nd Line

A PPSI may withdraw surplus reserve assets in excess of outstanding issuance value, calculated and reported as of the last day of the previous month, only upon the publication of that month's public disclosure under § 15.11(e) and (f). Withdrawal of excess reserves outside this attest-then-withdraw cadence is impermissible; a PPSI cannot make withdrawals on its own bad faith determination that an excess exists.

• C9

• 1st 1st Line
• 2nd 2nd Line

Reserve assets must be sufficiently diverse to manage credit, liquidity, interest-rate, and price risks. The proposed rule advances two alternative options — Option A: principles-based general requirement with an optional safe harbor containing quantitative requirements; Option B: mandatory quantitative requirements for all PPSIs. Option A safe harbor would deem a PPSI compliant if on each business day: (i) ≥10% of required reserves are deposits or insured shares payable upon demand or money standing to the credit of a Federal Reserve Bank account; (ii) ≥30% of reserves are payable upon demand, in a Federal Reserve Bank account, or unconditionally receivable within five business days; (iii) no more than 40% of reserves are at any one eligible financial institution; (iv) no more than 50% of the § 15.11(c)(2)(i) daily-liquidity amount is at any one eligible financial institution; and (v) reserve assets have a weighted average maturity of no more than 20 days.

• C9

• 1st 1st Line
• 2nd 2nd Line

Proposed § 15.11(g)(1) provides that a PPSI must notify the OCC through its appropriate supervisory office on any day in which its reserve asset amount has fallen below the required minimum in § 15.11(a). Proposed § 15.11(g)(2) provides that a PPSI falling below the required minimum would be barred from issuing new payment stablecoins until it had remediated the shortfall, except as necessary to facilitate a transfer of payment stablecoins from one distributed ledger to another and provided that the net outstanding issuance value does not increase. Proposed § 15.11(g)(3) provides that, if a PPSI fails to meet its reserve asset requirement for 15 consecutive business days, it must begin liquidation of reserve assets and redemption of outstanding payment stablecoins consistent with § 15.12 and may not charge customers a fee to redeem their payment stablecoins at any time during the liquidation.

• C9
• C16

• 1st 1st Line
• 2nd 2nd Line

The OCC may revoke the approval of a PPSI's application under § 15.30 if the PPSI does not submit the certification required by § 15.14(k). The OCC may issue an order to revoke approval of the application after providing notice and opportunity for a hearing pursuant to the OCC's Rules of Practice and Procedure in 12 CFR part 19. The OCC may act without providing an opportunity for a hearing if expeditious action is necessary to protect the public interest. The OCC may rescind approval of the registration of an FPSI under § 15.32, in consultation with the Secretary of the Treasury, if the OCC determines the FPSI is not in compliance with the GENIUS Act.

• C8

• EA External Assurance

A PPSI must develop, implement, and maintain a comprehensive written information security risk and control framework, including a program that assesses and manages information technology and information security risks. The program must (i) be approved by the board or a board committee; (ii) provide for the appointment of a qualified Information Technology and Security Officer; (iii) include an inventory and classification of assets, processes, and sensitivity of data; controls supporting and safeguarding sensitive information and processes; evaluation, validation, and reporting processes ensuring key IT systems and controls, including smart contracts, are operating as intended; periodic independent testing; and a comprehensive incident-identification, assessment, and response program; (iv) include administrative, technical, and physical safeguards over nonpublic personal customer information; and (v) develop, implement, and maintain measures to ensure secure handling of digital assets, including private key management, backup, and recovery.

• C3
• C16

• GB Governing Body
• 1st 1st Line
• 2nd 2nd Line

A PPSI must manage interest rate risk in a manner appropriate to the size and complexity of the issuer and the complexity of its assets and liabilities, and must provide for periodic reporting to management and the board of directors regarding interest rate risk with adequate information for management and the board to assess the level of risk.

• C3

• GB Governing Body
• 2nd 2nd Line

A PPSI must have internal controls and information systems that are appropriate for the size and complexity of the PPSI and the nature, scope, and risk of its activities and that provide for (i) an organizational structure with appropriate segregation of duties and an internal control structure that establishes clear lines of authority and responsibility for monitoring adherence to established policies; (ii) effective risk assessment; (iii) timely and accurate financial, operational, and regulatory reporting; (iv) adequate procedures to safeguard, manage, control, and monetize assets, including reserve assets; and (v) compliance with applicable laws and regulations. The standards are modeled on 12 CFR Part 30, Appendix A.

• C3
• C11

• 2nd 2nd Line

Proposed Part 15 applies to activities related to payment stablecoins and certain custody activities of: (1) national banks and their subsidiaries; (2) Federal savings associations and their subsidiaries; (3) Federal branches and their subsidiaries; (4) foreign payment stablecoin issuers; (5) nonbank entities that seek to be or are approved as Federal qualified payment stablecoin issuers; and (6) State qualified payment stablecoin issuers for whom the OCC has regulatory or enforcement authority pursuant to proposed § 15.15 or § 15.16.

• C8

• GB Governing Body

The requirements of subpart C do not apply to any national bank, Federal savings association, Federal branch, or PPSI solely on the basis that such entity engages in the business of providing hardware or software to facilitate a person's or entity's self-custody of their payment stablecoins or private keys. The requirements could nonetheless apply if, for example, an entity controls or holds itself out as controlling such payment stablecoins or private keys.

• C9

• 1st 1st Line
• 2nd 2nd Line

The provisions of proposed Part 15 are separate and severable. If any provision is stayed or determined to be invalid, the remaining provisions shall continue in effect.

• C8

A PPSI must (i) exercise appropriate due diligence in selecting its service providers; (ii) require its service providers by contract to implement appropriate measures designed to meet the requirements of Part 15; and (iii) as appropriate, monitor its service providers to confirm they have satisfied their obligations under Part 15. Monitoring may include reviewing audits, summaries of test results, or other equivalent evaluations of service providers.

• C3

• 2nd 2nd Line

A PPSI must submit on a weekly basis, in the manner and form specified by the OCC, a confidential report containing the information requested in the form that will be available at www.occ.gov, including for each payment stablecoin it issues: the blockchains the stablecoin is listed on, outstanding issuance value, secondary market activity and price movement, redemption volume and times, detailed information regarding reserve assets, and other relevant information.

• C11

• 1st 1st Line
• 2nd 2nd Line

An entity owned 50 percent or more, individually or in the aggregate, directly or indirectly, by one or more blocked persons is itself blocked by operation of law — regardless of whether the entity is separately listed on the SDN list. Screening must consider ownership-chain analysis.

• C2

• 1st 1st Line
• 2nd 2nd Line

Initial report of blocked property required within 10 business days of blocking. Annual report of blocked property by September 30. Rejected-transaction reports within 10 business days. Filed via OFAC Reporting System (TD F 90-22.50 or electronic equivalent).

• C2
• C11

Civil penalties for IEEPA violations up to the greater of approximately $368,136 (2025 CMP-adjusted) or twice the amount of the underlying transaction, per violation. Criminal penalties for willful violations: up to $1,000,000 and 20 years imprisonment.

• C2

• 1st 1st Line
• 2nd 2nd Line

Comprehensive prohibition on most transactions with Iran, Iranian government, and Iranian financial institutions. Secondary sanctions exposure for non-U.S. persons facilitating significant transactions. Stablecoin flows to Iran-connected counterparties are blocked absent general/specific license.

• C2

Comprehensive prohibition on transactions with the Government of North Korea, DPRK-linked persons, and property within the DPRK. Particularly relevant for stablecoin flows given Lazarus Group theft activity and Tornado Cash-era patterns.

• C2

Broad sanctions on the Russian Federation in response to its invasion of Ukraine. Includes blocking of major Russian financial institutions, prohibitions on services to Russian persons, and secondary-sanctions risk for non-U.S. financial institutions facilitating sanctions evasion (including via CVC).

• C2

U.S. persons are prohibited from dealing with Specially Designated Nationals and Blocked Persons. Property and interests in property of SDNs within U.S. jurisdiction are blocked. Applies strictly — a single sanctioned counterparty renders the transaction prohibited.

• C2

• 1st 1st Line
• 2nd 2nd Line

Sectoral Sanctions Identifications List — restrictions on specific activities (e.g., new debt/equity issuance with tenor > 14 or 60 days) with named entities in targeted sectors of the Russian economy. Less restrictive than SDN blocking but still transaction-gating.

• C2

OFAC compliance expectations for the virtual-currency industry: management commitment, risk assessment, internal controls, testing/auditing, training. Industry-specific controls: geolocation restrictions, cryptocurrency-address screening, transaction-monitoring with on-chain analytics, and SDN-list ingestion into screening pipelines.

• C2

• 2nd 2nd Line
• 3rd 3rd Line

Reg E covers electronic fund transfers authorized by a consumer to or from a consumer asset account. 'Account' means a demand-deposit, savings, or other consumer asset account (other than occasional/incidental credit). Applies to banks, credit unions, and certain nonbank payment providers. Stablecoin wallet-to-wallet transfers are NOT covered under the CFPB's current posture (2025-05-15 withdrawal of the Jan 2025 proposed interpretive rule).

• C14

Consumer has 60 days from the periodic statement to assert an error. Institution must investigate and determine within 10 business days (or 45 days with provisional credit). Investigation extended to 20 / 90 business days for new accounts and certain transfer types. Written explanation required on denial; provisional credit reversal rules apply.

• C14

Initial disclosure of EFT terms required at account opening or before first EFT: liability for unauthorized transfers, telephone number and address for error/unauthorized-transfer reports, business days for transaction processing, types of EFTs and dollar limits, charges, right to receive documentation, right to stop payment, institution's liability for failure to make/stop transfers, disclosure of account information to third parties.

• C14

Institution must send periodic statement for each monthly cycle in which an EFT occurred, and at least quarterly otherwise. Statement must include EFT transaction details, account number, fees, balances, and address/telephone for error notice.

• C11
• C14

Pre-authorized transfers from consumer accounts must be authorized in writing by the consumer, with a copy provided. Consumer may stop payment by notifying the institution at least three business days before the scheduled transfer. Notice of transfers that vary must be provided at least 10 days in advance.

• C14

Tiered consumer liability for unauthorized EFTs based on timeliness of reporting: $50 cap if reported within 2 business days of learning of loss/theft; $500 cap if reported within 60 days of the periodic statement; unlimited liability for transfers after the 60-day window. Different rules for transfers initiated without loss/theft of access device.

• C14

Registered investment advisers with custody of client funds or securities must maintain those assets with a qualified custodian, provide account statements to clients, and obtain an annual surprise examination by an independent public accountant. Expanded safeguarding rule proposals have been pending; current rule remains operative.

• C9

Any person effecting transactions in securities for the account of others, or engaged in the business of buying and selling securities for their own account through a broker or otherwise, must register with the SEC as a broker-dealer (or qualify for an exemption). Registration triggers financial-responsibility, bookkeeping, and supervisory obligations. Applies to platforms facilitating tokenized-security trading.

• C8

• GB Governing Body
• 2nd 2nd Line

An 'investment contract' and therefore a security exists where there is (1) an investment of money, (2) in a common enterprise, (3) with a reasonable expectation of profits, (4) derived from the efforts of others. Payment stablecoins are excluded from 'security' by GENIUS Act §17 when issued by a PPSI. Tokenized equities, tokenized money market funds, tokenized Treasuries, and security tokens generally remain securities under Howey.

• C13

Alternative Trading Systems trading securities must register as broker-dealers under Section 15(a) and file Form ATS. Applies to venues that provide a market-place or facility for bringing together purchasers and sellers of securities — including potential tokenized-security venues.

• C8
• C13

• GB Governing Body
• 2nd 2nd Line

Broker-dealers must maintain physical possession or control of fully-paid and excess-margin customer securities, and segregate customer cash. The December 2025 Division of Trading & Markets staff statement confirms that tokenized stocks, bonds, and similar tokenized securities remain subject to the same possession-or-control requirements that have governed securities custody since 1972. The DTC tokenization pilot (H2 2026) operates within this framework.

• C9

• 1st 1st Line
• 2nd 2nd Line

Rescinds SAB 121. Crypto asset custody arrangements are evaluated under existing GAAP (ASC 450, ASC 460) on whether a liability should be recognized based on probable-outflow analysis — rather than SAB 121's categorical requirement that custodied crypto be booked as both an asset and a liability on the custodian's balance sheet. Materially reduces the accounting cost of offering crypto custody at publicly-traded banks.

• C11

Standard settlement cycle for most broker-dealer transactions reduced from T+2 to T+1, effective 2024-05-28. Applies to transactions in equities, corporate bonds, municipal securities, ETFs, and similar instruments. Tokenized securities currently clear and settle on T+1 via NSCC/DTC rails, with tokenization occurring as a post-settlement step.

• C10

• 1st 1st Line

Staff statement clarifies that tokenized securities are securities subject to the same federal securities-law requirements as their non-tokenized counterparts. Distinguishes custodial tokenized securities (crypto asset represents an underlying security held in custody) from synthetic tokenized securities. Confirms that Rule 15c3-3, broker-dealer registration, and transfer-agent rules apply. Paves path for the DTC tokenization pilot (H2 2026) and Nasdaq tokenized-trading approval (January 2026).

• C8
• C9

Applies USA PATRIOT Act § 314(a) mandatory information-sharing procedures to PPSIs: must respond to FinCEN information requests on behalf of law enforcement within prescribed timelines.

• C3
• C11

• 2nd 2nd Line

Extends USA PATRIOT Act § 314(b) voluntary information-sharing safe harbor to PPSIs: PPSIs may share information among themselves and with other 314(b)-registered financial institutions to identify money laundering and terrorist financing.

• C3

• 2nd 2nd Line

A PPSI must maintain an effective customer-identification and customer-due-diligence program, including identifying and verifying the PPSI's account holders, identifying high-value transactions, and conducting appropriate enhanced due diligence; the program functions as the CIP-equivalent for PPSIs.

• C1

• 2nd 2nd Line

A PPSI must conduct independent testing of the AML/CFT program for compliance and effectiveness.

• C11

• 3rd 3rd Line

A PPSI must maintain the AML/CFT program through ongoing implementation — periodic risk-assessment updates, ongoing CDD, and prompt program updates upon any change that significantly affects the PPSI's ML/TF risk profile.

• C3

• 2nd 2nd Line

A PPSI must designate an AML/CFT compliance officer with day-to-day responsibility for the program; the officer must have sufficient authority and resources to administer an effective program.

• C3

• 2nd 2nd Line

A PPSI has an effective AML/CFT program and complies with 31 U.S.C. § 5318(h)(1) by establishing the program under § 1033.210(b) and maintaining the program under § 1033.210(c). The program must be risk-based and ongoing customer due diligence is required.

• C3
• C4

• GB Governing Body
• 2nd 2nd Line
• 3rd 3rd Line

A PPSI must establish risk-based internal policies, procedures, and controls reasonably designed to assure compliance with the BSA and to direct attention and resources toward higher-risk customers and activities; must identify, assess, and document ML/TF risks through risk-assessment processes that incorporate the AML/CFT Priorities and update promptly upon material change.

• C3
• C4

• 2nd 2nd Line

A PPSI must provide ongoing employee training on AML/CFT requirements.

• C3

• 2nd 2nd Line

A PPSI must maintain the technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State law, rules, or regulations. The obligation extends beyond the PPSI's direct customers and accounts to secondary-market activity, and to digital-asset-service-provider activities when authorized by the primary regulator.

• C2
• C16

• 1st 1st Line
• 2nd 2nd Line

Authorizes OFAC to impose civil money penalties of up to $111,308 per violation (IEEPA-inflation-adjusted as of the NPRM) for materially or knowingly violating the effective sanctions compliance program requirement at proposed part 502, consistent with the GENIUS Act and pursuant to IEEPA and other statutory authorities.

• C11

Applies enhanced-due-diligence requirements for correspondent accounts for foreign financial institutions to PPSIs.

• C1
• C3

• 2nd 2nd Line

Applies the existing currency transaction report (CTR) regime to PPSIs. Because 'currency' under § 1010.100(m) does not include a payment stablecoin and 'transaction in currency' under § 1010.100(bbb)(2) requires physical transfer of currency, the CTR obligation only fires if the PPSI accepts physical currency (e.g., a kiosk or retail location). FinCEN nevertheless extends the regime to PPSIs prospectively.

• C11

• 2nd 2nd Line

Adds 'digital asset' (ppp) and 'distributed ledger' (qqq) to the BSA general-definitions section, providing the technological vocabulary other provisions reference.

• C8

Provides for referral to the U.S. Department of Justice and administrative collection measures for civil money penalties assessed under § 502.401.

• C11

Prohibits PPSIs from maintaining correspondent accounts for foreign shell banks and requires records concerning owners of foreign banks and agents for service of legal process.

• C1
• C3

• 2nd 2nd Line

A PPSI must maintain the technological capability to comply, and must comply, with the terms of any lawful order — defined in § 1010.100(rrr) as any final and valid writ, process, order, rule, decree, command, or other requirement issued by a court of competent jurisdiction or authorized Federal agency to seize, freeze, burn, or prevent the transfer of payment stablecoins it issued.

• C2
• C16

• 1st 1st Line
• 2nd 2nd Line

Defines 'lawful order' as any final and valid writ, process, order, rule, decree, command, or other requirement issued under Federal law by a court of competent jurisdiction or authorized Federal agency that requires a PPSI to seize, freeze, burn, or prevent the transfer of payment stablecoins it issued.

• C2
• C16

Applies OFAC's existing blocked- and rejected-transaction reporting obligations to PPSIs: an initial report of any blocked property within 10 business days of the blocking (31 CFR § 501.603(b)(1)), and a report of any rejected transaction within 10 business days of the rejection (31 CFR § 501.604).

• C2
• C11

• 2nd 2nd Line

Establishes Part 1033 definitions; cross-refers to § 1010.100 for general BSA definitions and reserves part-specific definitional space.

• C8

Adds permitted payment stablecoin issuer to the BSA definition of 'financial institution' at 31 CFR § 1010.100(t)(11), bringing PPSIs within the BSA program, reporting, recordkeeping, and information-sharing regime.

• C8
• C11

• GB Governing Body
• 2nd 2nd Line

Applies enhanced-due-diligence requirements for private banking accounts (including senior foreign political figures) to PPSIs.

• C1
• C3

• 2nd 2nd Line

A PPSI must comply with the recordkeeping obligations of § 1010.410(a)-(c): retain records of extensions of credit over $10,000 and cross-border transfers of currency, monetary instruments, funds, checks, investment securities, and credit over $10,000. Under § 1010.410(d), records related to any order issued under § 1010.370(a) must be retained for five years.

• C11

• 2nd 2nd Line

Adds PPSI to the list of financial institutions subject to the Recordkeeping Rule. Requires collection and retention of records for funds transfers and transmittals of funds of $3,000 or more.

• C7
• C11

• 2nd 2nd Line

A PPSI must file a suspicious activity report (SAR) for any suspicious transaction relevant to a possible violation of law or regulation. The obligation extends to secondary-market activity — including transfers between parties to which the PPSI is not a direct counterparty but which the PPSI observes through its smart-contract operation.

• C3
• C11

• 2nd 2nd Line

A PPSI must provide to OFAC, upon request, any and all certifications submitted to its primary Federal payment-stablecoin regulator or State payment-stablecoin regulator certifying, pursuant to the GENIUS Act, that the PPSI has implemented an effective sanctions compliance program.

• C2
• C11

• GB Governing Body
• EA External Assurance

Each PPSI is required to maintain an effective sanctions compliance program (SCP) that is risk-based and reasonably designed to ensure compliance with all applicable U.S. sanctions. The SCP must contain, at a minimum, the five elements specified at § 502.201(b)(1)-(5).

• C2

• 2nd 2nd Line

A PPSI must establish and maintain a system of risk-based internal controls — including technical capabilities and written policies and procedures — applicable to all payment-stablecoin-related activity (primary or secondary market) that: (A) identifies activity prohibited by U.S. sanctions; (B) blocks or rejects activity that violates or would violate U.S. sanctions; (C) reports to OFAC as required (including under § 502.102(b) and part 501); and (D) retains relevant records per part 501.

• C2
• C16

• 1st 1st Line
• 2nd 2nd Line

Imposes on PPSIs the standard OFAC recordkeeping and reporting requirements at part 501, subpart C. PPSIs are U.S. persons for these purposes; recordkeeping and reporting obligations under part 501 arise pursuant to part 502.

• C11

• 2nd 2nd Line

A PPSI must conduct holistic U.S.-sanctions risk assessments at appropriate intervals analysing all payment-stablecoin-related activity, customer base, size and complexity, foreign-person contact points, and product set; must use the assessments to inform SCP operation; and must revise assessments to account for identified violations or deficiencies, new products, mergers, or other risk-profile changes.

• C2

• 2nd 2nd Line

Senior management must review and approve the SCP and support its effective implementation, including by ensuring the SCP applies to all payment-stablecoin-related activity, has sufficient resources, is fully integrated into ongoing operations, routinely provides risk updates including testing results, and confers sufficient authority and autonomy on the compliance function.

• C2

• GB Governing Body

A PPSI must establish and maintain an independent testing or audit function, accountable to senior management, with sufficient resources, expertise, and authority to identify sanctions-compliance weaknesses and deficiencies; qualified personnel must perform comprehensive, independent, objective testing or auditing routinely; results must be used to remediate gaps and update controls.

• C11

• 2nd 2nd Line
• 3rd 3rd Line

A PPSI must provide periodic sanctions-compliance training to all appropriate personnel.

• C2

• 2nd 2nd Line

AML/CFT program supervision and enforcement is conducted by the primary Federal payment-stablecoin regulator (OCC for federal-qualified PPSIs; Federal Reserve for IDI-subsidiary PPSIs) or the State payment-stablecoin regulator for state-qualified PPSIs, with FinCEN retaining its statutory authority.

• C8

Revises the BSA definitions of 'transaction' (bbb)(1) and 'transmittal order' (eee) to include the issuance or redemption of a payment stablecoin and to permit transmittal orders to denominate amounts in payment stablecoin, anchoring all subsequent BSA reporting and recordkeeping triggers to on-chain activity.

• C11

Applies the Travel Rule to PPSIs. For payment-stablecoin transmittals of funds of $3,000 or more, the originating PPSI must transmit specified originator and beneficiary information to the next financial institution in the payment chain; the information must 'travel' with the transmittal.

• C7

• 1st 1st Line
• 2nd 2nd Line

Licensees must provide pre-transaction disclosures of the amount transmitted, any fees, the exchange rate (where applicable), and the total amount to be received by the beneficiary. Receipt provided post-transaction. Refund and error-resolution rights per state law.

• C14

State regulators conduct on-site and off-site examinations on a risk-based cycle. Multi-State MSB Examination Program coordinates exams across state regulators for large transmitters via the Multi-State Money Services Business (MSB) Examination Program. Records must be maintained for at least 5 years.

• C11

Engaging in the business of money transmission involving state residents generally requires a state money-transmitter license. 'Money transmission' is defined broadly under MTMA to include selling or issuing payment instruments, selling or issuing stored value, and receiving money or monetary value for transmission — including, under MTMA §102, certain virtual-currency activity. Precise scope and exemptions vary by state.

• C8

Net-worth (tangible capital) requirement calibrated to transmission volume and locations of operation. MTMA standardizes a tiered net-worth schedule; non-MTMA states retain their own figures. Typical floor: the greater of a fixed minimum (e.g., $100,000 in MTMA) and a multiple of volume / transaction count.

• C9

Licensees generally submit applications, amendments, and periodic reports through NMLS — the shared registry operated by CSBS on behalf of participating state regulators. MTMA §204 codifies NMLS use for member states. Facilitates multi-state licensure and examination coordination.

• C8
• C11

Licensee must hold permissible investments at least equal to the aggregate amount of all outstanding payment instruments and stored-value obligations. Permissible investments are restricted to specified low-risk assets: cash and equivalents, U.S. Treasury securities, state and municipal debt of high grade, money-market mutual funds, and limited deposits at insured depository institutions. Virtual-currency obligations must generally be held in like-kind virtual currency under MTMA §103(d).

• C9

Surety bond (or equivalent security) required as a condition of licensure, amount calibrated to transmission volume. Bond runs to the state for the benefit of claimants harmed by violation of the MTL statute. MTMA standardizes a volume-scaled schedule; non-MTMA states set their own amounts.

• C9