Federal regulatory agencies are working together to bring digital asset providers into the standard compliance frameworks used by traditional financial companies. A newly proposed joint regulation will implement strict identity verification rules for entities that issue certain digital currencies used for transactions. This legal development stems from recent legislative actions aimed at expanding the reach of the Bank Secrecy Act to cover emerging payment technologies. The financial sector must prepare for enhanced oversight as multiple regulatory bodies collaborate to enforce documentation and tracking requirements. By establishing clear standards, authorities intend to close existing loopholes that allow anonymous digital asset transactions to bypass federal scrutiny.
Stablecoin Regulations Under The Bank Secrecy Act
The financial oversight framework in the United States is undergoing a major expansion to integrate specific digital asset firms into existing anti-money laundering networks. This transformation is driven by a joint proposed rule issued by the Financial Crimes Enforcement Network along with the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the National Credit Union Administration. These regulatory agencies are acting under explicit directives from the Guiding and Establishing National and Innovation for U.S. Stablecoins Act, which is commonly abbreviated as the GENIUS Act. This legislative foundation explicitly categorizes permitted payment stablecoin issuers as financial institutions, making them fully subject to the statutory mandates of the Bank Secrecy Act. The main focus of this regulatory adjustment is to ensure that these digital currency providers implement structured protocols to verify who their customers are before any financial transactions occur. By placing these companies under the same regulatory umbrella as commercial banks and credit unions, the federal government is attempting to build a unified defensive wall against illicit financial flows.
This regulatory change means that permitted payment stablecoin issuers must design, implement, and maintain a written customer identification program that matches the rigorous standards applied to traditional banking firms. The proposal ensures that any institution issuing these specific digital assets must collect specific identifying information from every individual or entity opening an account. This shift is a direct response to the unique risks associated with digital assets, which have historically allowed users a high degree of anonymity. Under the Bank Secrecy Act, financial institutions are required to help government agencies detect and prevent money laundering, terrorist financing, and other financial crimes. By extending these laws to stablecoin issuers, the authorities are formally recognizing that these digital tokens function as money and must therefore be monitored with the same level of diligence as fiat currency. Compliance officers at digital asset firms will need to overhaul their onboarding systems to integrate these mandatory collection and verification processes into their daily operations.
The joint agency rulemaking highlights a coordinated approach across multiple federal sectors to oversee the intersection of cryptocurrency and traditional finance. Each specific regulatory agency will supervise the stablecoin issuers that fall under its respective jurisdiction, ensuring that the rules are applied uniformly, whether the issuer is a national bank, a state member bank, a non-member insured bank, or a credit union. Furthermore, the rule contains provisions to cover entities that choose to operate under state-level supervision, creating a comprehensive framework that leaves few paths for regulatory avoidance. This cooperative effort among the top banking regulators reflects the seriousness with which the federal government views the potential for digital assets to be used in money laundering schemes. The standard set by this proposed rule will serve as a baseline for how digital asset businesses must operate within the regulated financial ecosystem moving forward.
Core Tracking Standards For Covered Digital Asset Firms
The operational core of the proposed regulation focuses on the specific information that stablecoin issuers must collect from their customers at the time of account creation. According to the regulatory guidelines, a compliant program must require the collection of at least four basic pieces of identifying data from every applicant. These four essential data points consist of the customer name, the date of birth for individual persons, a physical or business address, and an official identification number. For citizens of the United States, this identification number will typically be a taxpayer identification number or a Social Security number. For foreign individuals who do not possess these domestic documents, issuers must obtain an alternative government-issued identifier, such as a passport number, an alien identification card number, or a number from another official document that proves nationality and residence. The strict collection of these data points is intended to eliminate the anonymity that has frequently characterized decentralized finance networks.
Once this information is successfully collected, the stablecoin issuer cannot simply store the data; they must actively verify its accuracy within a reasonable timeframe. The proposed framework allows issuers to utilize either documentary or non-documentary verification methods, or a strategic combination of both approaches. Documentary verification involves examining official, government-issued photo identifications, such as valid driver’s licenses, state identification cards, or international passports. Non-documentary methods might include contacting a consumer reporting agency, verifying the information against public databases, checking references with other financial institutions, or analyzing the digital signature and transaction history associated with the account holder. The rule requires that the verification procedures be thorough enough to enable the stablecoin issuer to form a reasonable belief that it knows the true identity of each customer. If an issuer cannot verify a customer’s identity within the established timeframe, the program must include specific procedures for closing the account or restricting further transaction capabilities.
Beyond initial verification, the proposed regulation introduces detailed recordkeeping rules that will force digital asset firms to invest heavily in data storage infrastructure. Permitted payment stablecoin issuers will be legally obligated to retain all customer identification records for a minimum period of five years. This five-year retention clock only begins ticking after the specific account has been formally closed or has become completely inactive. The retained records must include all the primary identifying information collected at onboarding, a detailed description of every document used for verification, a description of the methods and results of any non-documentary measures taken, and a clear explanation of how the issuer resolved any significant discrepancies identified during the verification process. This long-term data storage mandate ensures that law enforcement agencies and financial investigators can access historical ownership records during deep, multi-year investigations into complex international financial crimes.
Institutional Frameworks and Internal Controls
Implementing a valid customer identification program requires stablecoin issuers to embed these compliance mechanisms directly into their corporate governance structures. The proposed rule mandates that the program be a formal, written document that is officially approved by the board of directors of the issuing entity or an authorized committee of that board. This requirement elevates compliance from a low-level operational task to a high-level governance responsibility, ensuring that corporate leadership can be held accountable for any systemic failures in the identity verification process. The written program must be custom-tailored to the specific risk profile of the issuer, taking into full consideration the types of accounts offered, the methods used to open those accounts, the demographic characteristics of the customer base, and the geographic regions where the stablecoin operates. A one-size-fits-all approach will not satisfy federal examiners, who will look for customized risk assessments within each firm’s corporate compliance documentation.
An effective program must also include internal controls designed to handle situations where a prospective customer’s identity cannot be verified with absolute certainty. The regulations require stablecoin issuers to establish clear, step-by-step protocols for handling these unverified accounts to prevent them from being used for illicit transactions. These protocols must specify the exact circumstances under which an individual may use the account while verification is still ongoing, the specific types of transactions that will be restricted during this interim period, and the precise timeline that will trigger automatic account closure if verification attempts fail completely. By forcing companies to pre-determine these operational boundaries, the rule aims to eliminate the corporate hesitation that often allows suspicious actors to move funds rapidly through newly created accounts before compliance teams can react.
In addition to account restrictions, the internal controls must outline how and when a stablecoin issuer will file a suspicious activity report with the Financial Crimes Enforcement Network. If the identity verification process reveals that a customer has provided fraudulent documentation, used a stolen identity, or attempted to conceal their true connections to high-risk jurisdictions, the firm must flag the account for immediate review. The integration of the customer identification program with the wider suspicious activity reporting system is a critical component of the Bank Secrecy Act framework. This connectivity ensures that tactical intelligence gathered during the onboarding phase is rapidly translated into actionable data for federal law enforcement agents tracking broader financial crime networks. Digital asset compliance teams will need to be trained to spot advanced digital forgery, deepfake identity documents, and automated synthetic identity creation methods that are becoming increasingly common in the online financial sector.
Implications For The Digital Asset Market
The introduction of these joint federal standards represents a major shift for the digital asset industry, signaling the end of the regulatory isolation that some crypto projects have managed to maintain. Permitted payment stablecoin issuers will now have to operate under the exact same regulatory scrutiny as the largest commercial banking institutions in the country. This means that compliance costs for digital currency firms will rise significantly, as they must hire experienced Bank Secrecy Act specialists, implement sophisticated identity verification software, and audit their data storage systems regularly. For smaller stablecoin startups or decentralized projects seeking to transition into the permitted payment category, these administrative barriers to entry could reshape their business models or force them to seek partnerships with established, fully regulated financial entities.
This regulatory evolution is also expected to have an impact on user behavior across the digital asset market. Customers who have chosen to use stablecoins specifically for their speed and privacy will now face the exact same documentation hurdles they encounter when opening a traditional checking account. Some industry analysts suggest that these strict rules might push privacy-focused users toward less regulated, offshore stablecoin platforms or completely decentralized, non-compliant tokens. However, federal regulators believe that establishing a clear, legal pathway for permitted payment stablecoins will actually increase institutional adoption of the technology. Large institutional investors, mainstream merchants, and traditional corporations are far more likely to integrate stablecoins into their payment systems if they know the underlying issuers are fully compliant with federal anti-money laundering laws.
Ultimately, this joint proposed rule reflects a growing consensus among global financial authorities that stablecoins are no longer a niche technology, but a foundational component of the evolving financial system. By subjecting these issuers to the Bank Secrecy Act, the federal government is attempting to stabilize the digital marketplace, reduce the risk of systemic financial crime, and protect the integrity of the domestic economy. The public comment period will allow industry stakeholders, legal experts, and financial institutions to provide feedback on the operational feasibility of these rules. Once finalized, this framework will establish a new baseline for transparency in digital commerce, forcing the stablecoin industry to match the compliance standards that have governed traditional finance for decades.
Key Points
- Federal financial regulatory agencies have issued a joint proposed rule establishing mandatory identity verification protocols for permitted payment stablecoin issuers.
- The regulatory framework implements the legislative directives of the GENIUS Act by formally integrating stablecoin entities into the Bank Secrecy Act framework.
- Issuers are strictly required to collect a minimum of four core data points, including name, date of birth, physical address, and a government identification number.
- The regulation mandates a comprehensive five-year record retention policy for all customer verification data, beginning only after an account is officially closed.
- Compliance programs must obtain formal approval from the entity’s board of directors, elevating identity verification to a high-level governance requirement.
Related Links
Other FinCrime Central Articles About Steblecoin US Regulators’ Views
Source: US Federal Register
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.