From the journal

FinCEN and Banking Agencies Propose CIP Rules for Stablecoin Issuers, June 2026

On 22 June 2026, FinCEN, the OCC, the Federal Reserve, the FDIC, and the NCUA issued a joint notice of proposed rulemaking requiring permitted payment stablecoin issuers to establish customer identification programs under the GENIUS Act. Covered issuers must collect name, date of birth, address, and taxpayer identification number for each account holder, retaining records for five years. Comments are due 21 August 2026.

2 min read

On 22 June 2026, the Financial Crimes Enforcement Network (FinCEN), together with the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA), published a joint notice of proposed rulemaking in the Federal Register. The proposed rule would require permitted payment stablecoin issuers (PPSIs) to establish written, risk-based customer identification programs (CIPs) as a component of their anti-money laundering and countering the financing of terrorism programs, implementing Section 14 of the Genius and Infrastructure Needed for Innovation in U.S. Stablecoins Act (GENIUS Act).

The proposed rule at 31 C.F.R. Part 1021 would require a PPSI that holds a direct account relationship with a customer through issuing, redeeming, converting, repurchasing, burning, reissuing, or providing custodial services for stablecoins to collect each account holder's legal name, date of birth, current address, and taxpayer identification number before or within a reasonable time of account opening. CIP records and account-closure records must be retained for five years. PPSIs must also screen customers against government lists designated for CIP purposes and provide customers with written notice of the CIP programme.

PPSIs operating direct account relationships face new compliance obligations: written CIP policy documentation, identity verification technology, customer-screening database integration, and recordkeeping systems meeting the five-year retention requirement. Wallet providers, custodians, and issuers whose only customer interactions occur through secondary market trades or peer-to-peer smart contract transfers, where no account relationship exists with the PPSI, fall outside the proposed rule's scope.

The proposed rule implements the GENIUS Act's requirement that PPSIs comply with federal AML/CFT obligations and does not cover the full scope of Bank Secrecy Act requirements for PPSIs; additional rulemakings on other BSA requirements may follow. The comment period closes 21 August 2026. If finalized, PPSIs will have 12 months from the final rule's effective date to implement compliant CIP programmes.

Licentium advises stablecoin issuers, custodians, and digital asset service providers on U.S. regulatory compliance obligations. Clients assessing their status under the GENIUS Act are invited to contact us. Work we undertake includes AML/CFT programme design, CIP implementation planning, PPSI regulatory classification, FinCEN registration strategy, and multi-jurisdictional digital asset compliance structuring.

Source: Federal Register, Permitted Payment Stablecoin Issuer Customer Identification Program, 22 June 2026

Crypto Regulatory

More from the journal

See all

China Regulates AI Companion Services, Banning Minor Access, Effective 15 July 2026

On 10 April 2026, five Chinese government authorities jointly issued the Interim Measures for the Administration of Artificial Intelligence Anthropomorphic Interaction Services, effective 15 July 2026. The Measures prohibit AI virtual companion and virtual relative services for minors, require algorithm filing and security assessment for covered providers, and mandate addiction-detection mechanisms. Providers serving children under 14 must obtain explicit guardian consent and implement supervised usage controls including spending restrictions and usage duration limits.

UK Applies Russia Sanctions to Crypto Exchanges Under Regulation 17A, 26 May 2026

On 26 May 2026, the UK Office of Financial Sanctions Implementation applied Regulation 17A(2) of the Russia (Sanctions) (EU Exit) Regulations 2019 to designated crypto-asset exchanges for the first time, sanctioning 18 entities including HTX (formerly Huobi). UK financial institutions and virtual asset service providers are prohibited from processing transfers with designated exchanges. HTX is alleged to have channeled over USD 1.5 billion to Russian counterparties.

EU Council Adopts Digital Omnibus Amendments to AI Act, Deferring High-Risk Compliance to 2027

The Council of the EU formally adopted Digital Omnibus amendments to the EU AI Act on 29 June 2026, following the European Parliament's approval on 16 June. The package defers compliance deadlines for Annex III high-risk AI systems to 2 December 2027 and for Annex I embedded systems to 2 August 2028. Two new prohibitions covering non-consensual intimate imagery and child sexual abuse material apply from 2 December 2026.