Section 01 — Regulatory Overview
GENIUS Act Framework + NPRs at a Glance
Four instruments govern the federal stablecoin regime. The GENIUS Act is enacted law; the three NPRs are proposed rules implementing its requirements and remain subject to finalization.
GENIUS Act
The foundational statute establishing the federal framework for payment stablecoin issuance. Creates the PPSI licensing structure, mandates 1:1 reserve backing, prohibits rehypothecation, and designates primary Federal payment stablecoin regulators (OCC, FDIC, and Federal Reserve).
EnactedJuly 18, 2025
CitationPublic Law 119-27 · 12 U.S.C. §§ 5901–5916
$10B ThresholdState issuers must transition at $10B outstanding
OCC — 12 CFR Part 15
Implements GENIUS Act requirements for OCC-chartered PPSIs — national banks and federal savings associations acting as stablecoin issuers. Establishes charter pathway, prudential standards for issuers (PPSI subpart), reserve asset requirements, and custodian obligations under 12 CFR Part 15 subpart C.
Proposed2025
Comment DeadlineMay 1, 2026
ScopeOCC-chartered PPSIs · National bank custodians
FDIC — 12 CFR Part 350
Establishes prudential standards for FDIC-supervised PPSIs — insured state nonmember banks and state savings associations that issue payment stablecoins. Covers capital (CET1 + AT1), liquidity, risk management, reserve requirements, redemption standards, and disclosure obligations under the new Part 350.
Proposed Part12 CFR Part 350 (new)
Min Capital (de novo)$5 million
AML CertificationInitial (180 days) + annual by April 1
Treasury / FinCEN + OFAC
Joint FinCEN and OFAC proposed rule implementing the GENIUS Act's BSA treatment of PPSIs as financial institutions. Requires risk-based AML/CFT programs, SAR filing, Travel Rule compliance, recordkeeping, and a standalone sanctions compliance program with all five OFAC program elements. Applies to all PPSIs regardless of charter type.
Issuing AgenciesFinCEN + OFAC (joint)
BSA TreatmentPPSIs treated as financial institutions
ScopeAll PPSIs regardless of primary regulator
Framework Applicability Matrix
Which rules apply to which issuer type
Applicability depends on the issuer's charter type and primary Federal regulator. Treasury / FinCEN obligations apply universally to all PPSIs.
| Issuer Type | GENIUS Act | OCC 12 CFR Part 15 | FDIC 12 CFR Part 350 | Treasury / FinCEN | Federal Reserve |
|---|---|---|---|---|---|
| National Bank / Federal Savings Association | ✔ Applies | ✔ Primary | Not primary | ✔ Applies | Not primary |
| Insured State Nonmember Bank (FDIC-supervised) | ✔ Applies | Not primary | ✔ Primary | ✔ Applies | Not primary |
| Insured Depository Institution (Fed-supervised) | ✔ Applies | Not primary | Not primary | ✔ Applies | ✔ Primary |
| State-Qualified Issuer (under $10B) | ✔ Applies | Not applicable | Not applicable | ✔ Applies | Not applicable |
| State-Qualified Issuer (exceeds $10B) | ✔ Must transition | ✔ Coord. with State | Case-specific | ✔ Applies | Case-specific |
Section 02 — OCC Requirements
OCC 12 CFR Part 15 — Charter Pathway & PPSI Standards
The OCC proposed rule implements GENIUS Act requirements for OCC-chartered permitted payment stablecoin issuers. It establishes the application process, ongoing prudential standards, reserve asset rules, and custodian obligations. Docket OCC-2025-0372 · Comment deadline May 1, 2026.
Proposed Rule — Not Yet Final
12 CFR Part 15 is an NPR. Requirements cited here reflect the proposed rule as published. Final rule may differ materially. OCC issued conditional charter approvals in December 2025 (publicly available on OCC.gov) identifying AML/BSA program adequacy as a condition of activation.
Charter Pathway
Application Requirements — § 15.30
- Detailed business plan with 3-year financial projections and technology description
- Capital adequacy framework with 12-month operating expense reserve
- Board-approved issuance policy, risk appetite statement, and written WISP before operations commence
- Independent background screening (OFAC/PEP/sanctions) for all board members and senior executives
- Executive officer definitions: president, chairman, CEO, COO, CFO, CIO, CRO, CTO, BSA Officer
- Outside legal review of application completed before submission
Ongoing Charter Conditions
- Board Risk Committee constituted with charter, membership, and quarterly cadence; technology risk on agenda
- CEO/CFO certification workflow — monthly certification of reserve accuracy under 18 U.S.C. 1001
- Board education on criminal liability under 18 U.S.C. 1001 documented at onboarding and annually
- Automated reporting pipeline — reserve valuation, supply, reconciliation; weekly OCC report
- OCC supervisory access to systems, records, and management
- Tiered wallet architecture with per-tier transaction limits; reserve keys segregated from operational keys
Prudential Standards for Issuers (PPSI) — Subpart B
Five Critical Risk Areas
Under the OCC's proposed prudential standards, PPSIs are assessed across five principal risk categories. These map directly to examination priorities and conditional approval conditions.
| Risk | Risk Category | OCC Requirement Summary | Citation | Priority |
|---|---|---|---|---|
| R-1 | Governance & Risk Management | Board-approved governance framework, 3 Lines of Defense model, risk appetite statement, independent risk function. Board Risk Committee with tech risk on agenda.
Annual CEO/CFO reserve certification required; criminal liability under 18 U.S.C. 1001 attaches to false certifications.
|
§§ 15.3, 15.14 GENIUS Act § 4 |
Critical |
| R-2 | Reserve & Financial Integrity | 1:1 reserve backing at all times; fair value of reserves must equal or exceed outstanding issuance. Daily reconciliation required.
Two reserve diversification options (A: principles-based with quantitative safe harbor; B: mandatory quantitative limits). WAM and concentration limits apply.
|
§ 15.11 GENIUS Act § 4(a)(1) |
Critical |
| R-3 | Custody & Operational Controls | Reserves must be held at eligible financial institutions complying with GENIUS Act § 10. Custodian must be subject to supervision and comply with § 10(b)(c)(d).
Tiered hot/warm/cold wallet architecture required. Board-approved signing authority matrix with transaction limits by wallet tier; quarterly recertification.
|
§§ 15.11(c), 15.14 GENIUS Act § 10 |
Critical |
| R-4 | AML / BSA Compliance | Full BSA/AML program required as condition of charter activation. BSA Officer designated; transaction monitoring system configured with documented rules; blockchain analytics deployed.
OCC conditional approval letters (Dec 2025) identified AML/BSA program adequacy as explicit activation condition. Travel Rule compliance for transfers ≥ $3,000.
|
§ 15.14 GENIUS Act § 4(d) FFIEC BSA/AML |
Critical |
| R-5 | Technology & Cybersecurity | Written information security program (WISP) before operations commence. Incident response plan documented and tested. Vendor oversight program required for material third parties.
Smart contract pre-deployment audit required. Multi-sig approvals for mint/burn operations. Real-time supply monitoring with automated alerting.
|
§ 15.14 FFIEC IT Handbook NIST CSF |
High |
Reserve Asset Requirements — § 15.11
Two Options Under Proposed Rule
Option A: Principles-based requirement (sufficient diversification to manage credit, liquidity, interest rate, and price risk) with an optional quantitative safe harbor. Option B: Mandatory quantitative diversification and concentration limits applicable to all issuers. OCC is soliciting comment on which approach is more appropriate.
Permissible Reserve Assets (GENIUS Act § 4(a)(1)(A))
- U.S. coins and currency, including Federal Reserve notes
- Federal Reserve Bank account balances
- Demand deposits at insured depository institutions (including foreign branches / correspondent banks)
- Treasury bills, notes, or bonds with remaining maturity ≤ 93 days OR issued with maturity ≤ 93 days
- Overnight repos backed by Treasury bills with maturity ≤ 93 days (tri-party, centrally cleared, or bilateral)
- Overnight reverse repos collateralized by Treasuries; subject to overcollateralization
- Government money market funds (registered investment company, invested in (i)–(v) above)
- Tokenized versions of any of the above (compliant with applicable law)
- Other liquid Federal Government-issued assets as approved by primary regulator
Diversification & Concentration Rules
- Reserves must be sufficiently diverse to manage credit, liquidity, interest rate, and price risks
- Concentration risk at any single eligible financial institution must be managed and documented
- Sub-custodial "look-through" required — must trace ultimate custodian, not just direct custodian
- Fair value of reserves must equal or exceed outstanding issuance at all times (intraday standard under consideration)
- Rehypothecation prohibited except: margin on repos/reverse repos, custodial service obligations, and liquidity management via T-bill repos ≤ 93 days (cleared or bilateral)
- Monthly public disclosure of reserve composition including average tenor and geographic location by category
Section 03 — FDIC Requirements
FDIC 12 CFR Part 350 — Deposit Insurance & Prudential Standards
The FDIC proposed rule establishes prudential standards for FDIC-supervised PPSIs under a new 12 CFR Part 350. Key distinctions from OCC: FDIC introduces explicit capital requirements (CET1 + AT1), strict separation of PPSI from insured deposits, and pass-through deposit insurance treatment for reserves held at IDIs.
Structural Separation Requirement
The proposed rule requires legal and operational separation between payment stablecoin issuance and insured deposit activities. This protects the Deposit Insurance Fund from exposure to stablecoin-specific liquidity or market risk. FDIC monitors balance sheet management between FDIC-supervised IDI parent entities and their PPSI subsidiaries to prevent artificial capital ratio inflation.
Capital Requirements — §§ 350.8, 350.9, 350.10
Capital Elements
- Common Equity Tier 1 (CET1): Common stock (par value + surplus), retained earnings, and AOCI (AOCI neutralization not permitted — unlike 12 CFR Part 324 for IDIs)
- Additional Tier 1 (AT1): Noncumulative perpetual preferred stock instruments qualifying as equity under GAAP; callable after 5 years with FDIC prior approval
- No Tier 2 capital: Subordinated debt not permitted — would incentivize PPSI leverage beyond stablecoin liabilities
- No credit loss allowance: PPSIs generally do not make loans; no allowance for credit losses expected
- No mandatory deductions: Proposed rule does not require capital deductions for goodwill or intangibles at this stage
Capital Minimums & Calibration
- De novo minimum: $5 million minimum capital for new PPSIs
- Tailored to risk profile: Capital requirements calibrated to PPSI's business model and risk profile; not to exceed what is sufficient for ongoing operations
- Narrow-scope issuers: If PPSI limited to issuance/redemption only, FDIC expects relatively low capital requirement
- Additional activities: Capital requirement increases as PPSI engages in additional permitted activities beyond core issuance
- FDIC override authority: FDIC retains authority under 12 CFR 324(d)(1) to require additional capital if risk not captured by standard requirements
- Alternative approaches under consultation: FDIC soliciting comment on standardized risk-based capital and leverage requirements
Reserve Requirements — § 350.4
Reserve Asset Standards
- 1:1 backing required at all times — identifiable reserves equal outstanding issuance
- Permissible assets mirror GENIUS Act § 4(a)(1)(A): U.S. cash equivalents, short-term Treasuries (≤ 93-day maturity), repos/reverse repos, and government MMFs
- FDIC requires PPSI demonstrate capability to access and monetize reserve assets — redemption capability test
- CEO and CFO must submit monthly certification of reserve accuracy to FDIC
- PPSI must notify FDIC in writing when identifiable reserves fall below required amount
Deposit Insurance Treatment
- Pass-through deposit insurance available for reserve assets held as demand deposits at FDIC-insured institutions — subject to FDIC and NCUA limitations addressing safety and soundness risks
- DIF not exposed to stablecoin-specific liquidity/market risk due to structural separation requirement
- Foreign branch / correspondent bank deposits permissible as reserve assets under same limitations
- PPSI subsidiary's balance sheet actively monitored to prevent IDI parent from using PPSI to inflate regulatory capital ratios
Risk Management, Disclosure & Reporting — §§ 350.5–350.7
| Provision | Requirement | Citation | Cadence |
|---|---|---|---|
| Redemption Policy | Publicly disclose clear, conspicuous procedures for timely redemption. Discretionary redemption limitations only by primary Federal regulator. Fee changes require ≥ 7 days' prior notice to consumers. | § 350.5(a)(b) GENIUS Act § 4(a)(1)(B) |
Standing disclosure |
| Reserve Composition Report | Publish monthly report of reserve composition: total outstanding stablecoins, amount and composition of reserves, average tenor, and geographic location of custody by category. | § 350.4(g) GENIUS Act § 4(a)(1)(C) |
Monthly |
| Accounting Firm Report | Publish registered public accounting firm's examination report to PPSI website. For non-public entities: may be performed under GAAS or PCAOB standards. | § 350.4(h)(1) § 350.7(j) |
Monthly posting; annual audit |
| CEO / CFO Certification | CEO and CFO submit to FDIC a certification of accuracy of reserve reports and compliance. Criminal liability under 18 U.S.C. 1001 attaches to false certifications. | § 350.4(h)(2) 18 U.S.C. 1001 |
Monthly |
| AML/CFT Certification | File certification with FDIC that AML/CFT and sanctions programs are reasonably designed and implemented. Initial certification within 180 days of approval; annual by April 1 thereafter. | § 350.6(c) GENIUS Act § 5(i) |
Annual (April 1) |
| Unauthorized Access Notification | Program to notify customers of unauthorized access incidents. Service providers must be required by contract to implement appropriate security measures. | § 350.6(b)(6) § 350.6(a)(6) |
On occurrence |
| Significant Redemption Notice | Notify FDIC when experiencing a significant redemption request that could affect operations or financial condition. | § 350.5(c)(1) | On occurrence |
| Business Continuity | BCP and disaster recovery plans required. Measures to protect customer access during market stress or cyber-attack. Vendor contracts must include appropriate BCP requirements. | § 350.6 | Ongoing / annual test |
Section 04 — Treasury / FinCEN Requirements
FinCEN + OFAC Joint Rule — AML/CFT & Sanctions Compliance
The FinCEN / OFAC joint proposed rule treats PPSIs as financial institutions under the Bank Secrecy Act. Requirements apply to all PPSIs regardless of charter type or primary Federal regulator. Two distinct program requirements: (1) AML/CFT program and (2) Sanctions compliance program.
Universal Application
Treasury / FinCEN obligations apply to all permitted payment stablecoin issuers — OCC-chartered, FDIC-supervised, and Federal Reserve-supervised — regardless of which primary Federal regulator oversees the issuer. FinCEN plays a central enforcement role including through a notice-and-consultation framework with primary regulators before major supervisory actions.
AML / CFT Program — 31 CFR Part 1010
Five Required Program Elements
Programs must be risk-based, with PPSIs directing more resources toward higher-risk customers and activities. FinCEN enforcement standard: significant or systemic program failure required to trigger major supervisory action against a PPSI with an established program.
| Element | Program Element | Specific Requirements | Priority |
|---|---|---|---|
| 1 | Internal Policies, Procedures & Controls |
Risk assessment processes: identify, assess, and document ML/TF/illicit finance risks; incorporate FinCEN AML/CFT Priorities; update promptly on material risk changes. Ongoing customer due diligence (CDD): understand nature and purpose of customer relationships; develop risk profiles; conduct ongoing monitoring to identify suspicious activity; maintain and update beneficial ownership information.
|
Critical |
| 2 | Independent Testing | Independent AML/CFT program testing based on objective criteria designed to assess program effectiveness and resource allocation consistency with risk assessment. | High |
| 3 | AML/CFT Officer | Designated individual responsible for establishing and implementing the AML/CFT program; coordinates and monitors day-to-day compliance.
Location requirement: Must be located in the United States. Disqualification: Cannot be convicted of a felony involving insider trading, embezzlement, cybercrime, money laundering, terrorist financing, or financial fraud.
|
Critical |
| 4 | Ongoing Training Program | Ongoing employee training program covering AML/CFT obligations, red flags, and escalation procedures. Training must be kept current with regulatory changes. | High |
| 5 | Written Program + Board Approval | AML/CFT program must be in writing. Program must be approved by the PPSI's board of directors or equivalent governing body, or appropriate senior management. Upon request, PPSI must make available a copy of written program to FinCEN or its designee. | Critical |
Reporting, Recordkeeping & Technical Obligations
Suspicious Activity Reports (SARs)
- File SARs for any suspicious transaction relevant to possible violation of law or regulation
- No secondary market SAR reporting obligation imposed under proposed rule
- SAR filing timeline and procedures follow existing BSA framework
- Blockchain analytics must cover all tokens in circulation, not only direct customer transactions
Recordkeeping & Travel Rule
- Recordkeeping Rule: Collect and retain records for funds transfers and transmittals ≥ $3,000
- Travel Rule (31 CFR § 1010.410): Transmit originator and beneficiary information on in-scope transfers to other financial institutions
- 314(a) obligation: Upon FinCEN request, search records for named individuals/entities
- 314(b) voluntary: May participate in FinCEN's information sharing program
Technical Capabilities Required
- Block, freeze, and reject specific or impermissible transactions violating Federal or State law
- Comply with terms of any lawful order (primary and secondary market)
- Correspondent and private banking due diligence program including enhanced due diligence where necessary
- Special measures compliance when FinCEN designates foreign entities of primary money laundering concern
OFAC Sanctions Compliance Program
Five Elements Required for Effective Sanctions Program
| Element | Program Component | Specific Requirements |
|---|---|---|
| SC-1 | Senior Management & Org Commitment | Senior management review and approve sanctions program. Program must: (i) apply to all stablecoin activity; (ii) have sufficient resources (human capital, IT); (iii) be integrated into ongoing operations; (iv) routinely provide risk updates to senior management; (v) provide sufficient autonomy to compliance function. |
| SC-2 | Risk Assessments | Holistic sanctions risk assessments at appropriate intervals. Use assessments to inform internal controls and training. Revise assessments for: sanctions violations, new products/services, mergers/acquisitions, and other risk-profile changes. |
| SC-3 | Internal Controls | System of risk-based internal controls — including technical capabilities and written P&Ps — applicable to all stablecoin activity (primary and secondary market). Must identify, block, and/or reject transactions that may violate U.S. sanctions. Retain relevant records per OFAC regulations. |
| SC-4 | Testing & Auditing | Independent testing or audit function, accountable to senior management, with sufficient resources, expertise, and authority to identify sanctions compliance weaknesses and deficiencies. |
| SC-5 | Training | Risk-based sanctions compliance training program integrated into overall sanctions program. Training must cover PPSI personnel with stablecoin-related responsibilities. |
Section 05 — Reserve Management
Consolidated Reserve Requirements Across All Three Regulators
The GENIUS Act establishes the permissible asset universe. OCC and FDIC NPRs layer diversification, concentration, and custodian requirements on top of the statutory baseline. All three regimes share the 1:1 backing requirement and the prohibition on rehypothecation.
GENIUS Act Baseline
Statute
Backing Requirement
1:1 minimum; reserves must be identifiable and equal outstanding issuance
Permissible Assets (§ 4(a)(1)(A))
U.S. cash/Fed deposits; Treasury bills/notes/bonds ≤ 93-day remaining maturity; overnight repos; overnight reverse repos (overcollateralized); registered government MMFs; tokenized equivalents; other OCC/FDIC-approved liquid gov't assets
Rehypothecation Prohibition
Prohibited except: margin on repo/reverse repo; custodial service obligations; T-bill repos ≤ 93 days for liquidity (cleared or bilateral)
Monthly Disclosure
Total outstanding stablecoins; amount, composition, average tenor, and geographic custody location of each reserve category
Redemption Policy
Clear procedures publicly disclosed; fee changes require ≥ 7 days' prior notice
OCC — 12 CFR Part 15
Proposed
Valuation Standard
Fair value of reserves must equal or exceed outstanding issuance value at all times (intraday standard under comment)
Diversification — Option A (Principles)
Maintain reserves sufficiently diverse to manage credit, liquidity, interest rate, and price risk. Measure and manage concentration risk at any single eligible financial institution.
Diversification — Option B (Quantitative)
Mandatory quantitative diversification and concentration limits applicable to all issuers. OCC soliciting comment on specific percentages and thresholds.
Sub-Custodian Look-Through
Must look through sub-custodial arrangements to ensure reserves are custodied at a sufficiently diverse number of eligible financial institutions at the ultimate custodian level
Eligible Financial Institution
Must be subject to supervision by a Federal banking agency or state bank/credit union supervisor; must comply with GENIUS Act § 10(b)(c)(d); custodial agreement must document compliance
WAM Limit
93-day maximum remaining maturity for Treasury securities; interest rate risk on reserve portfolio minimal given short duration
FDIC — 12 CFR Part 350
Proposed
Reserve Composition
Mirrors GENIUS Act permissible asset list. Demand deposits at IDIs (incl. foreign branches/correspondents) subject to FDIC/NCUA limitations for safety and soundness.
Redemption Capability Demonstration
PPSI must demonstrate capability to access and monetize identifiable reserve assets (proposed § 350.4(d)) — not just hold them
CEO/CFO Certification
Monthly certification of reserve accuracy submitted to FDIC. Criminal liability under 18 U.S.C. 1001 for false certification.
Shortfall Notification
Notify FDIC in writing when reserves fall below required amount (§ 350.4(i)(1))
Orderly Wind-Down Notice
Notify FDIC if PPSI determines to take action resulting in orderly redemption of all outstanding stablecoins (§ 350.4(k))
AOCI Inclusion in Capital
No AOCI neutralization permitted in CET1 — unlike Part 324 banks. Impact minimal given ≤ 93-day maturity of permissible reserve assets.
Reserve Requirement Side-by-Side
| Topic | GENIUS Act Statute | OCC 12 CFR Part 15 | FDIC 12 CFR Part 350 |
|---|---|---|---|
| Backing Requirement | 1:1 at minimum; identifiable reserves equal outstanding issuance | Fair value ≥ outstanding issuance value at all times | Identifiable reserves ≥ outstanding; capability to access and monetize required |
| Permissible Assets | U.S. cash, Fed deposits, Treasuries ≤ 93 days, repos, MMFs, tokenized equivalents | Mirrors statute; custodied only at eligible financial institutions compliant with § 10 | Mirrors statute; IDI deposits subject to FDIC/NCUA safety and soundness limitations |
| Maturity Limit | 93-day remaining maturity for Treasuries; overnight for repos | Same; WAM monitoring required; AOCI impact minimal | Same; AOCI neutralization not permitted due to short maturity profile |
| Diversification | Implicitly required; interpretive basis in § 4(a)(4)(A)(iii) | Option A (principles) or Option B (quantitative mandatory) under comment | Not separately quantified; risk management standards in § 350.6 apply |
| Rehypothecation | Prohibited; three narrow exceptions (margin, custody, T-bill liquidity repos) | Same; applies to OCC-regulated custodians as well | Same; structural separation from insured deposits provides additional safeguard |
| Public Disclosure | Monthly: outstanding issuance, reserve composition, average tenor, geographic location | Monthly on PPSI website; includes all required GENIUS Act fields | Monthly report (§ 350.4(g)); accounting firm examination report also posted monthly |
| Certification / Reporting | CEO/CFO certification required; criminal liability under 18 U.S.C. 1001 | Weekly OCC automated reports; monthly CEO/CFO certification | Monthly CEO/CFO certification to FDIC; shortfall notification on occurrence |
| Custodian Requirements | Reserves held only at eligible financial institutions complying with § 10(b)(c)(d) | Eligible FI definition; sub-custodian look-through; custodial agreement required | IDIs subject to FDIC/NCUA safety and soundness limitations on deposit reserves |
Section 06 — Reporting Calendar
Regulatory Reporting Cadences — OCC, FDIC & Treasury Side by Side
Reporting obligations span three regulator streams and four time horizons. The monthly CEO/CFO certification and reserve composition report are the highest-frequency mandatory obligations. Annual AML/CFT certifications have a fixed April 1 deadline across FDIC and FinCEN requirements.
NPR Cadences Subject to Change
Reporting frequencies and deadlines cited here reflect proposed rules. Final rules may alter cadences, consolidate reports, or introduce new requirements. Verify against final rule text before implementing reporting infrastructure.