Section 01 — Implementation Timeline
GENIUS Act — Jul 2025 to Jan 2027 & Beyond
All published regulatory actions, open comment periods, projected milestones, and hard statutory deadlines. Status reflects position as of May 8, 2026.
Acceleration Trigger
If all primary federal regulators issue final rules simultaneously (projected Aug–Sep 2026), the 120-day clock would place the effective date in Dec 2026 — before the Jan 18, 2027 hard deadline. Issuers should plan for the earlier scenario. The Federal Reserve is the only primary regulator without a published NPRM as of May 2026.
2025 — Enactment & Initial Proposals
GENIUS Act Signed into Law
U.S. Congress · President Biden
Public Law 119-27 · 12 U.S.C. §§ 5901–5916
Establishes the first comprehensive federal framework for payment stablecoins. Defines "payment stablecoin," creates three PPSI licensing pathways, mandates 1:1 reserve backing, and directs six federal regulators to issue implementing rules by Jul 18, 2026. Effective date: earlier of Jan 18, 2027 or 120 days post final rules.
Treasury ANPRM — Implementation Approaches, Safe Harbors & AML Innovation
U.S. Department of the Treasury
Advanced Notice of Proposed Rulemaking seeking public input on: safe harbor design for existing issuers, foreign comparability determinations, AML innovation methods (AI, blockchain analytics, API-based monitoring), tax policy implications, and clarity on statutory terms including "digital asset service provider."
FDIC NPRM #1 — IDI Subsidiary Application Procedures
Federal Deposit Insurance Corporation
12 CFR Part 337 · RIN 3064-AG20 · FR Vol. 90
First GENIUS Act rulemaking published by any agency. Establishes application process for state non-member banks and state savings associations seeking to issue payment stablecoins through a subsidiary. Implements 30-day completeness review, 120-day decision deadline, and deemed-approval-on-inaction framework. Closely tracks GENIUS Act § 5 statutory factors.
2026 Q1 — Core Prudential Proposals
NCUA NPRM — Credit Union PPSI Application Framework
National Credit Union Administration
12 CFR Part 706 · Federal Register Feb 12, 2026
Sets out licensing procedures for federally insured credit unions (FICUs) seeking to issue stablecoins via CUSO subsidiaries. FICUs cannot issue directly. Joint FICU–CUSO application required. FICUs limited to investing only in NCUA-licensed PPSIs. NCUA confirmed on track to meet Jul 18, 2026 statutory deadline. Prudential standards (reserves, capital, risk management) to follow in a separate rulemaking.
OCC NPRM — Comprehensive PPSI Framework (12 CFR Part 15)
Office of the Comptroller of the Currency
OCC-2025-0372 · RIN 1557-AF41 · 91 Fed. Reg. 10202
The most far-reaching GENIUS Act rulemaking. 376-page NPRM covering all aspects of OCC-supervised PPSI operations: licensing & application (Subpart D), permissible activities, yield/interest prohibition with rebuttable presumption, reserve asset requirements including two diversification options (principles-based vs. quantitative), 1:1 backing at all times, redemption standards (2-business-day standard; 7-calendar-day extension trigger at 10% threshold), risk management, IT/cybersecurity, capital (preferred: self-assessed; alternative: variable components), operational backstop, custody rules for all OCC-regulated entities, weekly confidential reporting, monthly CEO/CFO certifications, and examination framework. Covers national banks, federal savings associations, national trust banks, nonbank Federal Qualified PPSIs, federal branches, and foreign payment stablecoin issuers. Over 200 questions for public comment.
OCC Final Rule — National Trust Banks: Stablecoin Custody & Issuance Authority
Office of the Comptroller of the Currency
Clarifies OCC chartering authority for national trust banks (NTBs) engaging in non-fiduciary activities including stablecoin custody and issuance services. Provides the legal foundation for uninsured national trust banks to become Federal Qualified PPSIs under the GENIUS Act framework. First final rule touching stablecoin operations from any primary federal payment stablecoin regulator.
2026 Q2 — AML, State Framework & FDIC Prudential
Treasury NPRM — "Substantially Similar" State Regime Principles
U.S. Department of the Treasury
91 Fed. Reg. 16,844 · Apr 3, 2026
Establishes broad-based principles determining whether a state-level regulatory regime is "substantially similar" to the federal GENIUS Act framework — the gateway condition for State Qualified PPSIs (≤$10B outstanding) to remain under state supervision. Two-tier structure: (1) Uniform Requirements (reserves, BSA/AML, OFAC) that states must mirror the federal baseline; (2) State-Calibrated Requirements (capital, liquidity, operational backstop) where states may tailor but not be less protective than federal standards. OCC's NPRM serves as the primary reference baseline. States must provide comparable application, examination, supervision, and enforcement authorities.
FDIC NPRM #2 — Prudential Standards for FDIC-Supervised PPSIs & Custodians
Federal Deposit Insurance Corporation
RIN 3064-AG19 · 91 Fed. Reg. 18,534 · Apr 10, 2026
Comprehensive prudential framework for PPSIs that are subsidiaries of FDIC-supervised IDIs (state non-member banks, state savings associations). Mirrors OCC NPRM in many areas. Key distinctions: explicit CET1 + AT1 capital framework (no Tier 2, no AOCI neutralization); FDIC explicitly requires issuers to demonstrate capability to access and monetize reserve assets (redemption capability test); shortfall notification requirement; orderly wind-down notice requirement. Also establishes custodial requirements for FDIC-supervised IDIs holding stablecoin reserves. Clarifies: deposits held as PPSI reserves are NOT eligible for pass-through FDIC insurance to stablecoin holders. Addresses tokenized deposits as standard deposits regardless of technology used.
FinCEN + OFAC Joint NPRM — AML/CFT Program & Sanctions Compliance
Financial Crimes Enforcement Network + Office of Foreign Assets Control
Docket FINCEN-2026-0100 · 91 Fed. Reg. · Apr 10, 2026
Treats all PPSIs as financial institutions under the Bank Secrecy Act regardless of charter type or primary federal regulator — universally applicable. Requires five-element AML/CFT program (policies/procedures, independent testing, AML officer located in the US, ongoing training, written board-approved program). OFAC requires five-element sanctions compliance program including real-time SDN screening and technical capability to freeze/burn/block tokens on lawful order. FinCEN requires dynamic risk assessment obligation: PPSIs must UPDATE their risk assessments when smart contract functionality changes OR when stablecoin is deployed on a new blockchain. No secondary market SAR reporting obligation under proposed rule. Blockchain analytics must cover all tokens in circulation, not only direct customer transactions. Travel Rule applies (31 CFR § 1010.410) for transmittals ≥$3,000.
2026 Q2–Q3 — Pending & Projected
Federal Reserve NPRM — State Member Bank PPSI Framework
Board of Governors of the Federal Reserve System
Not yet published · Expected Q2–Q3 2026
The Federal Reserve is the only primary federal payment stablecoin regulator that has not yet published an NPRM as of May 2026. The Fed supervises PPSIs that are subsidiaries of state member banks and bank holding companies. Expected to cover: application procedures for state member bank IDI subsidiaries, prudential standards (likely aligned with OCC/FDIC proposals), anti-tying provisions under GENIUS Act § 4(a)(8), and the Board's role in unusual and exigent circumstances enforcement over State Qualified PPSIs. Critical to monitor — the Fed's delay is the primary bottleneck to coordinated final rule publication.
OCC Separate AML/BSA Rulemaking for PPSIs
OCC + Treasury (coordinated)
Separate from OCC-2025-0372 · Not yet published
The OCC's comprehensive NPRM (12 CFR Part 15) explicitly excludes BSA, AML, and OFAC sanctions requirements, which will be addressed in a separate coordinated rulemaking with Treasury. Expected to complement the FinCEN/OFAC Joint NPRM and apply to OCC-supervised entities specifically. No publication timeline announced.
NCUA Prudential Standards NPRM — Reserves, Capital & Risk Management for Credit Union PPSIs
National Credit Union Administration
NCUA's February 2026 NPRM covered only application procedures. A second NPRM covering substantive prudential requirements — reserve assets, capital standards, liquidity, and risk management — for NCUA-supervised PPSIs is forthcoming. Expected to be aligned with OCC and FDIC proposals where applicable to credit union structure.
Key Hard Deadlines
🎯 Statutory Deadline — All Primary Federal Regulators Must Issue Final Implementing Rules
OCC · FDIC · FRB · NCUA · Treasury · FinCEN/OFAC
One year from enactment. All primary federal payment stablecoin regulators must have final implementing regulations published. Agencies face no formal penalty for missing this deadline, but missing it pushes the effective date to the 120-day-post-final-rules trigger or Jan 18, 2027, whichever is earlier. Application window is expected to open between final rule publication and the effective date.
Projected: Final Rules Published + Application Window Opens
OCC · FDIC · FRB · NCUA
Following the comment period close dates (latest: Jun 9, 2026), agencies need time to review comments and finalize rules. Projected publication window: August–October 2026. Upon publication of final rules, the 120-day countdown to effective date begins simultaneously. PPSIs should have applications substantially prepared for immediate submission once the window opens.
🎯 GENIUS Act Takes Full Effect — All Obligations Enforceable
All Participants
Full enforcement of all GENIUS Act obligations. Only PPSIs (federally or state licensed) may issue payment stablecoins in the US. Unlicensed issuance: up to $1M fine + 5 years imprisonment per violation. PPSI applications from entities without approved status by this date must halt issuance. Foreign issuers without OCC registration must cease US market activity. Note: If final rules are issued by late September 2026, the 120-day trigger would land in late January 2027, closely aligning with this hard deadline.
DASP Prohibition — Non-PPSI Payment Stablecoin Sales Unlawful
Digital Asset Service Providers · Exchanges
Three-year grace period expires. Under GENIUS Act § 3(b)(1), it becomes unlawful for any digital asset service provider to offer or sell a payment stablecoin to any US person unless the stablecoin is issued by a PPSI or a qualifying foreign payment stablecoin issuer. Exchanges, custodial platforms, and other DASPs must delist or restrict all non-compliant stablecoins by this date. Note: The prohibition on offering stablecoins from non-compliant foreign issuers takes effect on the GENIUS Act effective date (Jan 2027) — not this later date.
Section 02 — Agency Rulemakings
Per-Regulator Scope, Status & Key Requirements
Six federal regulatory bodies are implementing the GENIUS Act. Each is responsible for a specific category of PPSI. The OCC has the broadest jurisdiction; the Federal Reserve is the only primary regulator without a published NPRM as of May 2026.
Universal Overlay: FinCEN / OFAC
AML/CFT and sanctions obligations apply to ALL PPSIs regardless of which primary federal regulator supervises issuance. The FinCEN/OFAC Joint NPRM (Apr 2026) is universally applicable — OCC-chartered, FDIC-supervised, FRB-supervised, and NCUA-supervised entities are all equally subject to BSA treatment as financial institutions.
Office of the Comptroller of the Currency (OCC)
12 CFR Part 15 · Docket OCC-2025-0372 · RIN 1557-AF41
Primary regulator for: national bank and federal savings association IDI subsidiaries, Federal Qualified PPSIs (national trust banks, nonbank entities, federal branches), and all foreign payment stablecoin issuers registered in the US.
Licensing & Application
30-day completeness review; 120-day decision window; deemed approved on OCC inaction
De novo minimum capital: $5 million floor for first 3 years of operation
Issuance on open/public/decentralized networks is not grounds for denial
OCC has exclusive visitorial authority over Federal Qualified PPSIs — blocks duplicative state oversight
Reserves & Redemption
1:1 backing at all times (fair value); permissible assets per GENIUS Act § 4(a)(1)(A) including tokenized equivalents
Diversification — Option A: Principles-based "sufficiently diverse" standard (OCC preferred); optional 40% single-EFI cap safe harbor
Diversification — Option B: Mandatory quantitative concentration limits (comment solicited)
Large PPSIs ≥$25B outstanding: hold 0.5% of reserves in insured deposits (capped at $500M)
Redemption standard: 2 business days; proposed 7-calendar-day extension if ≥10% of issuance redeemed in 24 hours
Capital, Reporting & Examination
Preferred capital approach: self-assessed ICAAP; operational backstop = 12 months projected operating expenses in liquid assets
Weekly confidential automated reports to OCC; monthly CEO/CFO certification; quarterly financial condition report
PPSIs >$50B outstanding: annual GAAP-audited financial statements (PCAOB auditor)
Annual full-scope OCC examination of every PPSI (§ 15.14)
Custody Rules (All OCC Entities)
Custody obligations apply to ALL OCC-supervised entities holding PPSI reserves, collateral, or private keys — regardless of which regulator supervises the issuer
Strict segregation; sub-custodian look-through; no balance sheet treatment of custodied digital assets
NPRM PublishedMar 2, 2026 (91 Fed. Reg. 10202)
Comment ClosedMay 1, 2026
Separate AML RulePending (coordinated with Treasury)
Final Rule ExpectedAug–Sep 2026 (projected)
Federal Deposit Insurance Corporation (FDIC)
12 CFR Part 350 · RIN 3064-AG19 + Part 337 · RIN 3064-AG20
Primary regulator for: subsidiaries of state non-member banks and state savings associations (FDIC-supervised IDIs) seeking to become PPSIs. Also supervises IDI custodians holding stablecoin reserves.
Reserves & Capital (12 CFR Part 350)
1:1 reserve backing; PPSI must demonstrate ability to access and monetize reserve assets (redemption capability test)
CET1 + AT1 only: No Tier 2 capital; AOCI neutralization not permitted
Capital tailored to risk profile; narrow-scope issuers expected to have relatively low requirements
Shortfall notification: Written notice to FDIC upon reserve shortfall; orderly wind-down notice required if PPSI intends to redeem all outstanding stablecoins
Deposit Insurance Clarifications
Deposits held as PPSI reserves at FDIC-insured IDIs: NOT eligible for pass-through insurance to stablecoin holders
Tokenized deposits treated identically to traditional deposits — technology of recordkeeping does not affect insurance treatment
Structural separation required between PPSI issuance and IDI parent's insured deposit activities
Reporting (§ 350.4–350.7)
Monthly CEO/CFO certification of reserve accuracy to FDIC; criminal liability under 18 U.S.C. § 1001 for false certification
Monthly reserve composition report published on PPSI website; accounting firm examination report posted monthly
AML/CFT certification filed annually with FDIC (initial: within 180 days of approval; annual by April 1 thereafter)
NPRM #1 PublishedDec 19, 2025 (application procedures)
NPRM #1 Comment ClosedFeb 17, 2026
NPRM #2 PublishedApr 10, 2026 (prudential standards)
NPRM #2 Comment DeadlineJune 9, 2026
Board of Governors of the Federal Reserve System (FRB)
CFR Part TBD · No docket assigned yet
Primary regulator for: subsidiaries of state member banks and bank holding companies seeking to issue payment stablecoins. Also responsible for anti-tying rule under GENIUS Act § 4(a)(8) and unusual and exigent circumstances enforcement over State Qualified PPSIs.
NPRM not yet published as of May 8, 2026
The Federal Reserve is the only primary federal payment stablecoin regulator that has not issued a proposed rule. Congressional testimony confirmed the Fed is developing its framework. The statutory deadline is July 18, 2026. Expected scope based on GENIUS Act mandates and alignment with OCC/FDIC proposals:
Expected Scope (Based on GENIUS Act Mandates)
Application procedures for state member bank IDI subsidiaries seeking PPSI approval — parallel structure to FDIC NPRM #1
Prudential standards — reserves, capital, liquidity, risk management aligned with OCC/FDIC frameworks
Anti-tying rule (§ 4(a)(8)) — the Board is explicitly assigned anti-tying rulemaking authority by the GENIUS Act
Unusual and exigent circumstances enforcement framework for State Qualified PPSIs (§ 7(e)(1)) — Board must define the circumstances in which it may act
Enhanced Prudential Standards (Reg YY) interaction for BHC parents of large PPSIs
FRB proposal is the key bottleneck — delay prevents coordinated final rule publication across all primary regulators
NPRM StatusNot published
Statutory DeadlineJuly 18, 2026
Entities CoveredState member bank IDI subsidiaries
National Credit Union Administration (NCUA)
12 CFR Part 706 · Federal Register Feb 12, 2026
Primary regulator for: Credit Union Service Organizations (CUSOs) that are subsidiaries of federally insured credit unions (FICUs). FICUs may not issue payment stablecoins directly; issuance must occur through NCUA-licensed subsidiaries. FICUs are restricted to investing only in NCUA-licensed PPSIs.
Application Structure
Joint application: FICU and its CUSO subsidiary must apply together; FICU must own ≥10% of voting shares of the CUSO issuer
Federal credit unions: stablecoin issuance must occur through CUSOs that primarily serve credit union members
120-day decision deadline after substantially complete application; deemed approved on inaction
NCUA will publish a Payment Stablecoin Issuer Manual with templates and "model business plan" guidance
FICUs limited to investing only in NCUA-licensed PPSIs (no investment in OCC/FDIC/FRB-supervised PPSIs without NCUA license)
Prudential Standards (Pending Second NPRM)
Reserve, capital, liquidity, and risk management standards for NCUA-supervised PPSIs are subject to a forthcoming separate NPRM — not yet published
NCUA Chairman confirmed on track to meet Jul 18, 2026 statutory deadline for all required rules
NPRM #1 PublishedFeb 12, 2026 (application procedures)
NPRM #1 Comment ClosedApril 13, 2026
Prudential NPRMPending — second rulemaking
Treasury / FinCEN + OFAC — AML/CFT & Sanctions
31 CFR Part 1010 · Docket FINCEN-2026-0100 · Apr 10, 2026
Universally applicable to all PPSIs regardless of charter type, primary federal regulator, or size. BSA treatment as financial institutions. AML/CFT program and OFAC sanctions compliance are non-delegable obligations that run parallel to and in addition to primary regulator prudential requirements.
AML/CFT Program (Five Elements)
1. Policies, Procedures & Controls: Risk-based AML program; FinCEN AML/CFT Priorities integrated; ongoing CDD; risk assessments updated on material changes and on smart contract changes / new blockchain deployments
2. Independent Testing: Annual AML/CFT program test; objective criteria; results reported to board
3. AML/CFT Officer: Designated individual located in the United States; cannot have felony conviction involving insider trading, cybercrime, money laundering, terrorism financing
4. Ongoing Training: Current, recurring employee training covering red flags and escalation procedures
5. Written Board-Approved Program: Written AML/CFT program; board or senior management approval; available to FinCEN on request
OFAC Sanctions Compliance (Five Elements)
Management commitment; risk assessment; internal controls (including SDN list screening); testing & audit; training
Real-time OFAC SDN screening required; technical capability to freeze/burn/block tokens on lawful order is a prerequisite to PPSI licensing
Reporting & Technical Obligations
SAR filing for suspicious activity (primary market only under proposed rule); blockchain analytics must cover all circulating tokens
Travel Rule (31 CFR § 1010.410): collect and transmit originator/beneficiary info on transmittals ≥$3,000
314(a) obligation: search records on FinCEN request; 314(b) voluntary: participate in FinCEN information sharing
Joint NPRM PublishedApr 10, 2026
Comment DeadlineJune 9, 2026
ApplicabilityAll PPSIs — universal
U.S. Treasury — State Regime "Substantially Similar" Principles
91 Fed. Reg. 16,844 · April 3, 2026
Governs the gateway condition for State Qualified Payment Stablecoin Issuers (State QPSIs) with ≤$10B outstanding issuance to remain under state supervision rather than transitioning to federal oversight. Chaired by the Secretary of the Treasury; Stablecoin Certification Review Committee (Treasury + FRB Chair + FDIC Chair) adjudicates certifications.
Two-Tier Framework
Uniform Requirements (must mirror federal baseline): Reserve assets (same permissible list; states may not be more permissive than OCC); BSA/AML and OFAC sanctions compliance; technical capabilities for freeze/burn/block; anti-tying provisions (FRB rules serve as baseline)
State-Calibrated Requirements (may tailor, but not below federal floor): Capital (CET1 + AT1 anchored; operational backstop ≥ federal minimum); liquidity; risk management; application and licensing process; supervision and examination tools; custody requirements
Certification Process
State payment stablecoin regulators submit initial certification to Stablecoin Certification Review Committee within 1 year of GENIUS Act effective date
Committee has 30 days to approve or deny; 180-day cure period on denial; annual recertification required
States with pre-existing prudential regimes (in place before Apr 19, 2025) qualify for expedited certification review
$10B transition: State QPSIs exceeding $10B must transition to federal oversight within 360 days (or cease new issuance)
NPRM PublishedApr 3, 2026 (91 Fed. Reg. 16,844)
Comment DeadlineJune 2, 2026
State Certification BeginsWithin 1 year of effective date
Section 03 — Regulatory Obligations Matrix
What Each Regulator Requires — By Functional Area
All requirements reflect proposed rules. FRB column is based on GENIUS Act statutory mandates only — no NPRM published as of May 2026. FinCEN/OFAC column applies universally to all PPSIs regardless of primary regulator.
Proposed Rules Only
All agency columns except GENIUS Act reflect proposed — not final — requirements. Final rules may diverge materially from proposals. The FRB column is derived from GENIUS Act statutory text only; no proposed rule has been published.
| Functional Area | OCC · 12 CFR Part 15 | FDIC · 12 CFR Part 350 | FRB · Pending NPRM | NCUA · 12 CFR Part 706 | FinCEN / OFAC · Universal |
|---|---|---|---|---|---|
| Licensing Pathway | Letter application to OCC; nonbank entities and NTBs can apply directly as Federal Qualified PPSIs; bank subsidiaries apply via parent IDI§ 15.50–15.60 | Letter application filed by IDI parent (not subsidiary) at regional FDIC office; consortium structures accommodated12 CFR Part 337 NPRM | Pending FRB NPRM — expected to mirror FDIC structure for state member bank subsidiary applications | Joint application by FICU + CUSO subsidiary; FICU must hold ≥10% voting shares12 CFR Part 706 | Not applicable — AML/CFT certification filed separately with primary regulator within 180 days of PPSI approvalGENIUS Act § 5(i) |
| Application Timeline | 30 days: completeness determination; 120 days: approval decision; deemed approved on inaction§ 15.53–15.54 | 30-day completeness review; 120-day decision deadline; deemed approved on inaction; 10-day final denial notice if no hearing requestedRIN 3064-AG20 | Expected to mirror GENIUS Act § 5 statutory framework | 30-day completeness; 120-day decision; deemed approved on inaction; PPSI Issuer Manual to be published separately12 CFR Part 706 | N/A |
| Reserve Backing | 1:1 at all times (fair value ≥ outstanding issuance); reserves custodied only at eligible financial institutions§ 15.11 | Identifiable reserves ≥ outstanding issuance; issuer must demonstrate capability to access and monetize reserves; shortfall notification required§ 350.4 | Expected: 1:1 statutory requirement; implementing standards pending NPRM | Reserve standards pending second NCUA NPRM; GENIUS Act 1:1 statutory requirement applies12 CFR Part 706 | N/A (reserve requirements are primary regulator domain) |
| Permissible Reserve Assets | Uniform across all regulators per GENIUS Act § 4(a)(1)(A): US cash/Fed deposits · T-bills/notes/bonds ≤93-day maturity · Overnight repos/reverse repos backed by Treasuries · Government MMFs · Tokenized equivalents (compliant with law) · Other liquid US Gov assets approved by primary regulator | N/A | |||
| Reserve Diversification | Option A (principles-based, preferred): "sufficiently diverse" general requirement + optional 40% single-EFI safe harbor; Option B: mandatory quantitative limits (under comment)§ 15.11(d) | Risk management standards apply; not separately quantified in FDIC proposal; concentration risk managed per § 350.6§ 350.4, 350.6 | Pending NPRM | Pending second NCUA NPRM | N/A |
| Capital Requirements | Self-assessed ICAAP (preferred); $5M de novo floor; operational backstop = 12 months operating expenses; CET1 + AT1 qualify§ 15.41 | CET1 + AT1 only; no Tier 2; no AOCI neutralization; $5M de novo floor; FDIC override authority to require additional capital§§ 350.8–350.10 | Pending; expected CET1 + AT1 framework consistent with FDIC/OCC | Pending second NCUA NPRM | N/A |
| Redemption | 2-business-day standard; 7-calendar-day extension trigger if ≥10% of issuance redeemed in 24 hours; fees disclosed; ≥7 days notice for fee changes§ 15.12 | 2-business-day standard (§ 350.5); discretionary redemption limitations only by primary regulator; fee change notice ≥7 days§ 350.5 | Expected: GENIUS Act § 4(a)(1)(B) standards; implementing detail pending | Pending second NCUA NPRM; GENIUS Act timely redemption standard applies | N/A |
| Monthly Reserve Reporting | Monthly reserve composition published on PPSI website; CEO/CFO certification submitted to OCC; examined by PCAOB-registered CPA; weekly confidential OCC report§ 15.14(h); § 4(a)(3) | Monthly reserve composition on PPSI website; accounting firm examination report also posted monthly; CEO/CFO certification to FDIC; shortfall notice on occurrence§§ 350.4(g)(h), 350.4(i) | Expected to mirror GENIUS Act § 4(a)(1)(C) monthly report requirement | Pending second NCUA NPRM; GENIUS Act monthly report requirement applies | Annual AML/CFT certification to primary regulator; SAR filings on occurrence; 314(a) records on FinCEN request31 CFR Part 1010 |
| CEO/CFO Certification | Monthly certification of reserve accuracy submitted to OCC; criminal penalty under 18 U.S.C. § 1350(c) for false certification§ 15.14; GENIUS Act § 4(a)(3)(B) | Monthly certification submitted to FDIC; criminal liability under 18 U.S.C. § 1001§ 350.4(h)(2) | Expected: monthly certification to FRB consistent with statute | GENIUS Act § 4(a)(3)(B) applies; procedural details pending NPRM | Annual AML/CFT program certification; criminal liability under 18 U.S.C. § 1001 for false certificationGENIUS Act § 5(i) |
| AML/CFT Program | Subject to FinCEN/OFAC Joint NPRM universally; separate OCC AML/BSA rulemaking forthcoming (coordinated with Treasury)OCC-2025-0372 (excluded); separate rule TBD | Five-element AML/CFT program; independent testing; AML officer; training; board-approved written program; annual April 1 certification§ 350.6; 31 CFR Part 1010 | Expected: GENIUS Act § 4(a)(5) requirements; FinCEN/OFAC Joint NPRM universally applicable | GENIUS Act § 4(a)(5) applies; FinCEN/OFAC Joint NPRM universally applicable | Five-element AML/CFT program; five-element OFAC sanctions program; risk-based approach; dynamic risk assessment on smart contract changes; SAR; Travel Rule; 314(a)/(b)31 CFR Part 1010 · FINCEN-2026-0100 |
| Sanctions Compliance | Technical capability to block/freeze/burn tokens on lawful order is prerequisite to licensing; OFAC SDN screening; sanctions compliance programGENIUS Act § 4(a)(5)(A)(vi) | Same technical capability prerequisite; OFAC sanctions program required§ 350.6(a)(5) | Same statutory prerequisites apply; FRB NPRM pending | Same statutory prerequisites; second NCUA NPRM pending | Five-element OFAC sanctions compliance program; real-time SDN screening; freeze/burn/block technical capability; special measures complianceFINCEN-2026-0100 · OFAC |
| IT / Cybersecurity | Principles-based WISP; incident response plan; TPRM program (OCC Bulletin 2023-17 standards); smart contract audit recommended; key management program; BCP/DR with defined RTO/RPO; NIST CSF 2.0 / OCC CSW alignment§ 15.13; OCC CSW | Written IT security program; unauthorized access notification program; vendor contracts must include security requirements; BCP/DR annually tested§§ 350.6(a)(6), 350.6(b)(6) | Expected: bank-equivalent IT and cybersecurity standards per FFIEC IT Handbook; NIST CSF alignment | Cybersecurity safeguards required per GENIUS Act; standards pending second NPRM | Technical capability to freeze/burn/block; blockchain analytics covering all circulating tokens; systems for detecting mixer/tumbler transactionsFINCEN-2026-0100 |
| Custody (OCC Entities) | Applies to ALL OCC-supervised institutions holding reserves, collateral, or private keys — regardless of which regulator supervises issuer; strict segregation; sub-custodian look-through; no balance sheet liability treatment§§ 15.20–15.24 | FDIC-supervised custodians holding stablecoin reserves; segregation; customer property treatment; no commingling with custodian's assets§ 350.11–350.14 | Custody at FRB-supervised entities subject to GENIUS Act § 10; implementing standards pending NPRM | Credit union custodians subject to GENIUS Act § 10; NCUA implementing standards pending | N/A (custody is primary regulator domain) |
| Yield / Interest Prohibition | Universal prohibition per GENIUS Act § 4(a)(11): No PPSI or FPSI may pay any form of interest, yield, or consideration (cash, tokens, or other) to holders of a payment stablecoin solely in connection with holding, use, or retention. OCC adds a rebuttable presumption mechanism for third-party arrangements. Revenue sharing with distribution partners (non-affiliate) is generally permissible. | ||||
Section 04 — Market Participant Obligations
What Each Stablecoin Market Participant Must Do — and By When
Obligations by participant type across the full stablecoin lifecycle: issuance, distribution, custody, infrastructure, and end-use. Company names are omitted; participants are described by role and regulatory pathway.
Federal Qualified PPSI OCC
Nonbank entities · National trust banks · Federal branches · Key Pathway: 12 CFR Part 15
Pre-Application (Now → Final Rules ~Aug 2026)
Engage OCC early; participate in pre-filing meetings to develop compliant business planNow
Draft comprehensive application: financial projections, governance docs, AML/CFT program framework, redemption policy, IT security program, capital plan
Build 1:1 reserve management infrastructure; engage eligible financial institutions for custodial arrangements
Engage PCAOB-registered CPA firm for monthly attestation engagement
Implement CEO/CFO certification process with internal controls against false certification
Build technical capability to freeze/burn/block tokens on lawful order — prerequisite to licenseRequired Day 1
Post-Final Rules → Effective Date (Aug 2026 – Jan 2027)
Submit application immediately upon final rules; 120-day clock beginsUrgent
Within 180 days of approval: file AML/CFT program certification with OCC
Implement weekly automated OCC reporting; monthly CEO/CFO certification; monthly public reserve disclosure
Insured National Bank Subsidiary PPSI OCC
Subsidiaries of OCC-supervised national banks & federal savings associations
Key Obligations
IDI parent must apply on behalf of subsidiary to the OCC; OCC evaluates financial condition of both parent and subsidiary
Subsidiary is a legally separate entity from the IDI parent; IDI capital rules do not require additional capital for PPSI operations beyond PPSI-specific requirements (GENIUS Act § 4(a)(4)(C))
OCC has exclusive visitorial authority — state regulators blocked from duplicative supervision
All 12 CFR Part 15 prudential, reporting, and custody obligations apply to the subsidiary
Parent IDI's consolidated capital ratios adjusted to exclude PPSI subsidiary capital from Basel III calculations
White-Label Arrangements (If Applicable)
OCC's proposed "one-issuer, one-brand" model is under comment — outcome uncertain; plan for brand-level reserve segregation regardless
Revenue sharing with non-affiliate distribution partners is permissible; must not constitute indirect yield payment to holders
State Non-Member Bank / Savings Association Subsidiary PPSI FDIC
Subsidiaries of FDIC-supervised IDIs · 12 CFR Part 350
Key Obligations vs. OCC Pathway
CET1 + AT1 capital only: No Tier 2 capital permitted; AOCI must be included in CET1 (no neutralization)
Redemption capability test: Must demonstrate active capability to access and monetize reserve assets — not just hold them
Deposit insurance clarity: Deposits backing stablecoin reserves at FDIC-insured banks do NOT provide pass-through insurance to stablecoin holders
Shortfall notification: Immediate written notice to FDIC upon reserve shortfall discovery
Wind-down notice: Notify FDIC if PPSI intends to take action resulting in orderly redemption of all outstanding stablecoins
Structural separation between PPSI stablecoin activities and IDI parent's insured deposit business
Annual AML/CFT Certification
Annual certification filed with FDIC by April 1 each year; first certification within 180 days of PPSI approval
State Qualified Payment Stablecoin Issuer (QPSI) State
Nonbank state-chartered entities · ≤$10B outstanding issuance · Treasury certification required
Eligibility Conditions
Must be approved by a state payment stablecoin regulator whose regime has been certified as "substantially similar" to the federal framework by the Stablecoin Certification Review Committee
Outstanding issuance must remain ≤$10B; exceeding threshold triggers mandatory transition to federal oversight within 360 days (or cease new issuance)
Cannot be an uninsured national bank, federal branch, insured depository institution, or subsidiary of one
Federal Overlay Obligations (Regardless of State Supervision)
FinCEN/OFAC AML/CFT and sanctions program obligations apply universallyAll State QPSIs
GENIUS Act § 4(a) statutory requirements apply directly (reserves, redemption, yield prohibition, sanctions capability)
FRB has "unusual and exigent circumstances" enforcement authority over State QPSIs with 48-hour prior notice to state regulator
OCC has "unusual and exigent circumstances" enforcement authority over State QPSI nonbank entities with 48-hour prior notice
States with Leading Regimes (Pre-existing as of Apr 2025)
NY (NYDFS BitLicense/Trust), CA (DFPI DFAL), WY (SPDI), TX (DOB) — qualify for expedited "substantially similar" certification review
Credit Union Service Organization (CUSO) PPSI NCUA
Subsidiaries of Federally Insured Credit Unions (FICUs) · 12 CFR Part 706
Structural Requirements
FICUs cannot issue stablecoins directly — issuance only through NCUA-licensed CUSO subsidiaries
Federal credit unions: CUSO must primarily serve credit union members
FICU must own ≥10% voting shares of the CUSO issuer; joint application required
FICUs restricted to investing only in NCUA-licensed PPSIs (not OCC/FDIC/FRB PPSIs)
Pending Obligations (Second NCUA NPRM)
Prudential standards (reserves, capital, liquidity, risk management) to be defined in forthcoming NCUA NPRMWatch
FinCEN/OFAC AML/CFT and sanctions obligations apply universally once licensed
GENIUS Act statutory reserve and redemption requirements apply directly upon effective date
Payment Stablecoin Custodians OCC FDIC
National banks · Trust companies · State-chartered banks providing stablecoin custody
Scope — Who Is Covered
Any OCC-supervised entity holding: (a) PPSI reserve assets, (b) payment stablecoins as collateral, or (c) private keys used to issue PPSIs — regardless of which regulator supervises the issuer
FDIC-supervised IDI custodians holding stablecoin reserves are covered under FDIC Part 350 custodial rules
Exempted: Hardware/software wallet providers facilitating users' own self-custody are exempt from custodian obligations
Custodian Obligations
Treat all covered assets as belonging to the customer — not the custodian's own property
Strict segregation from custodian's proprietary assets; omnibus accounts for multiple customers permitted if separately accounted for
Sub-custodian delegation permitted with adequate oversight and documented look-through
Customer claims on custodied assets have priority over all other creditors of the custodian (GENIUS Act § 10(c)(3))
Balance sheet treatment: Custodied stablecoins NOT required to appear as liabilities on custodian balance sheet; no capital requirement against custodied digital assets except for operational risk
Submit business operations information to primary federal regulator
Digital Asset Service Providers (DASPs) / Exchanges
Custodial exchanges · Stablecoin trading platforms · Money services businesses
DASP Definition — Covered Activities
Exchanging digital assets for monetary value; exchanging digital assets for other digital assets; transferring digital assets to third parties; acting as digital asset custodian; participating in financial services relating to digital asset issuance
Excluded from DASP definition: Distributed ledger protocols; non-custodial software/hardware wallets; validators and node operators; liquidity pool providers for P2P transactions
Compliance Obligations
From GENIUS Act effective date (Jan 2027): May not offer or sell payment stablecoins from non-compliant foreign issuersJan 2027
By Jul 18, 2028: May not offer or sell any payment stablecoin not issued by a PPSI or registered FPSIJul 2028
Begin stablecoin compliance status tracking now — identify which stablecoins on platform will qualify as PPSI-issued
Foreign issuer OCC registration verification workflow required for any foreign stablecoin continued after effective date
AML/BSA/OFAC obligations continue under existing FinCEN MSB registration; GENIUS Act AML rules overlay on PPSI-related activity
Large Payment Networks & Non-Bank Payment Processors
Card networks · Remittance providers · Payment service providers acting as stablecoin distributors
Settlement Asset Restrictions
GENIUS Act § 3(g)(3): Only PPSI-issued stablecoins may be used as settlement assets to facilitate wholesale payments between banking organizationsJan 2027
Only PPSI stablecoins eligible as cash or cash equivalents for margin/collateral with FCMs, broker-dealers, clearing agencies, and swap dealers
Distribution Partner Obligations (Where Acting as DASP)
If offering/selling stablecoins: DASP obligations apply; only PPSI-issued stablecoins permissible by Jan 2027 / Jul 2028
White-label arrangements with PPSIs: subject to PPSI's TPRM program — expect bank-equivalent due diligence requests, contractual audit rights, and security requirements
Revenue sharing with PPSI partners is permissible; must not be structured as indirect yield payment to holders — careful review of OCC rebuttable presumption mechanism required
Non-financial public companies (e.g., large tech conglomerates): unanimous Stablecoin Certification Review Committee approval required before issuing any stablecoin; data use limitations on consumer transaction data
Monitoring & Reporting
CFPB Large Nonbank Payments Rule may apply to large payment processors handling stablecoin transactions; separate CFPB supervision not waived by GENIUS Act
State money transmitter examinations continue for stablecoin transfer activity
Blockchain Infrastructure & Technology Providers
Protocol developers · Node operators · Oracle services · Cross-chain bridge operators · Key management vendors
What Is Excluded from DASP Regulation
Distributed ledger protocol developers; validators; node operators; oracle service providers; non-custodial wallet software/hardware — explicitly excluded from DASP definition
Listing a stablecoin on an automated market maker, displaying a token on a platform, or enabling swap functionality through non-custodial infrastructure does NOT constitute an "offer" under GENIUS Act
No requirement to embed technical compliance logic in blockchain protocols
Third-Party Risk Management Obligations (As PPSI Vendors)
PPSIs must apply OCC Bulletin 2023-17-equivalent TPRM — technology providers working with PPSIs should expect bank-grade vendor due diligence, contractual security requirements, and OCC examination access rightsJan 2027
Cross-chain bridge operators with custodial functions (holding/transferring assets as intermediary): BSA/AML obligations apply; non-custodial decentralized bridges are not regulated
Key management vendors (HSM providers, MPC key management): will be classified as critical third parties requiring enhanced PPSI due diligence
Smart contract audit firms: expected to be integral to PPSI pre-deployment compliance; OCC encourages industry-led audit standards
Corporate & Institutional End-Users (Treasury, Payments, B2B)
Corporate treasury teams · Institutional investors · B2B payment users · Agentic commerce platforms using stablecoins for settlement
Accounting & Balance Sheet Treatment
GENIUS Act § 3(g)(1): Only PPSI-issued stablecoins may be treated as cash or cash equivalents for accounting purposesJan 2027
Non-PPSI stablecoins may not qualify as cash equivalents — evaluate accounting treatment of all held stablecoin positions against PPSI status
Verify stablecoin issuers on corporate balance sheet will hold PPSI approval status prior to effective date
Payments & Settlement
Only PPSI stablecoins eligible as margin and collateral for FCMs, broker-dealers, swap dealers, and registered clearing agencies
Stablecoin settlement arrangements in B2B contracts should specify PPSI compliance as a contractual condition before effective date
Agentic commerce platforms using stablecoins for autonomous payments: assess whether platform's stablecoin transfer activity constitutes DASP activity subject to AML/BSA obligations
Vendor & Counterparty Risk
Conduct stablecoin counterparty due diligence: confirm PPSI licensing status, reserve composition, and redemption policy of all issuers used as settlement assets
Financial institutions settling in stablecoins should obtain confirmation that the issuer is a permitted PPSI and has required freeze/burn capabilities
Non-financial public companies planning stablecoin issuance (e.g., as part of loyalty, payments, or commerce infrastructure): unanimous Stablecoin Certification Review Committee approval required — begin early engagement if applicable
Section 05 — Open Items & Watch List
Unresolved Issues, Pending Actions & Key Monitoring Points
As of May 8, 2026. These are the highest-priority items to monitor between now and the January 2027 effective date. Issues marked with ⚠ are potential bottlenecks to timely final rule publication.
Primary Bottleneck: Federal Reserve NPRM
The FRB's failure to publish an NPRM is the single greatest threat to coordinated final rule publication by the Jul 18, 2026 statutory deadline. Coordinated simultaneous finalization by all primary regulators is required to start the 120-day clock uniformly. If the FRB publishes in June 2026, it will need to finalize within weeks — compressing its APA notice-and-comment process significantly.
Federal Reserve NPRM — Not Yet Published
⏳ PendingOnly primary federal payment stablecoin regulator without any published NPRM as of May 2026
Statutory deadline: July 18, 2026 — rapidly approaching
Expected scope: state member bank subsidiary application procedures; prudential standards; anti-tying rule (§ 4(a)(8)); unusual and exigent circumstances framework for State QPSIs
FRB delay affects: (a) OCC/FDIC/NCUA ability to coordinate simultaneous finalization; (b) state QPSI certification baseline (Treasury NPRM references FRB anti-tying rules)
Monitor: FRB Board meeting agendas; Federal Register notices; Congressional testimony from FRB officials on GENIUS Act implementation status
OCC White-Label "One-Issuer, One-Brand" Model
UnresolvedOCC proposed requiring separate legal entities for each branded stablecoin under white-label arrangements — this is the most commercially significant unresolved issue in the entire NPRM
Industry comments (including from a16z, CCI, and others) strongly oppose: adds significant compliance burden, potentially creates OCC/state regulatory arbitrage, may not be legally required under GENIUS Act
Alternative proposed by industry: brand-level reserve segregation + monthly attestation per brand + clear account titling — addresses OCC's contagion risk concerns without legal separation requirement
Resolution will significantly affect white-label stablecoin business models; state-licensed PPSIs may not face same restriction, creating unlevel playing field
Monitor: OCC final rule text — look for whether one-issuer-one-brand is retained, modified, or dropped in favor of operational alternatives
OCC Rebuttable Presumption — Yield/Interest Prohibition Scope
UnresolvedGENIUS Act § 4(a)(11) prohibits issuers from paying yield/interest to holders; OCC added a "rebuttable presumption" extending scrutiny to third-party yield arrangements
Industry concern: presumption sweeps in standard issuer-distributor revenue sharing arrangements that are not yield payments to holders
OCC acknowledges presumption does not cover all arrangements; "other arrangements" assessed case-by-case — vague standard creates compliance uncertainty
Congressional intent: prohibition only applies to issuers, not third parties; OCC's rebuttable presumption goes beyond statutory authority, per multiple comment letters
Monitor: Final rule treatment of rebuttable presumption; whether white-label profit-sharing carve-out is codified in rule text (not just preamble)
OCC AML/BSA Separate Rule — Not Yet Published
⏳ PendingOCC's 12 CFR Part 15 NPRM explicitly excludes BSA, AML, and OFAC requirements — to be addressed in a separate rulemaking coordinated with Treasury
FinCEN/OFAC Joint NPRM (Apr 2026) addresses universal AML/CFT and sanctions obligations; OCC's separate rule will supplement for OCC-supervised entities specifically
Timing: OCC separate AML rule expected before or concurrent with final Part 15 rule; no publication timeline confirmed
Key question: Will OCC AML rule impose additional requirements on OCC PPSIs beyond the FinCEN/OFAC Joint NPRM baseline?
State Regime Certification Process
Process StartingTreasury "Substantially Similar" NPRM comment period closes Jun 2, 2026; final principles expected before GENIUS Act effective date
States with pre-existing regimes (as of Apr 19, 2025) qualify for expedited review: NYDFS, CA DFPI, WY (SPDI), TX DOB among likely first certifiers
State certifications must be submitted to Stablecoin Certification Review Committee within 1 year of GENIUS Act effective date (Jan 18, 2028)
Without a certified state regime, state QPSIs cannot lawfully issue after the effective date — creates urgency for states with active stablecoin issuers
Key question: Will OCC's final rule be used as the sole reference baseline by Treasury, or will FDIC and FRB rules also be incorporated? Affects state flexibility on capital and liquidity
CLARITY Act (Digital Asset Market Clarity Act) Interaction
Legislative WatchSenate Banking Committee released Amendment in the Nature of a Substitute on Jan 12, 2026; legislation still pending as of May 2026
If enacted, CLARITY Act could supersede certain OCC GENIUS Act rules — particularly on the yield/interest question (rewards and staking yield treatment)
CLARITY Act defines DASP-excluded activities more explicitly — would provide regulatory clarity for DeFi protocol operators, validators, and non-custodial wallet providers currently in a gray zone
Industry tension: crypto industry and bank trade groups have disagreements on CLARITY Act provisions — bank groups sought extension of comment periods pending OCC final rule; may delay legislative action
Monitor: Senate Banking Committee markup schedule; House Financial Services Committee parallel action; White House position on CLARITY Act provisions that interact with GENIUS Act
Key Open NPRM Questions — OCC & FDIC
Under Comment ReviewReserve diversification (Q61, Q71): Option A (principles) vs. Option B (mandatory quantitative) — outcome determines operational burden for issuers with concentrated reserves
Redemption timeline (Q102): Mandatory 7-calendar-day extension on 10% threshold — industry argues this is a "run trigger"; flexible PPSI-directed alternative proposed
Weekly/daily/real-time reporting (Q131): OCC proposed weekly data including CUSIPs, yields, WAM — industry argues this exceeds GENIUS Act mandates and imposes GSIB-level burden on nonbank issuers
Capital — variable components (Q180): OCC's five alternative variable capital components vs. self-assessed ICAAP; final approach affects ongoing capital planning
Multi-jurisdictional issuance (Section VIII, a16z letter): Not addressed in OCC NPRM; reserve ring-fencing across jurisdictions is an operational risk for globally active issuers
Decentralized stablecoins scope (Q14): Whether decentralized stablecoins without an identifiable "person" as issuer are outside GENIUS Act scope — needs explicit OCC clarification in final rule
Foreign Payment Stablecoin Issuer (FPSI) Registration & Comparability
Process StartingForeign issuers wanting US market access must register with OCC; registration deemed approved 30 days after receipt unless OCC notifies otherwise
Treasury must determine whether foreign regulatory regime is "comparable" to GENIUS Act — process defined in statute; individual country determinations not yet published
EU MiCA regime under active discussion as comparability candidate; ECB's Lagarde has called for MiCA 2 to close loopholes — equivalence determination not yet made
Foreign issuers must hold reserves at US financial institutions sufficient to meet liquidity demands of US customers (unless waived under reciprocal arrangement)
Secretary of Treasury may create bilateral reciprocal arrangements with comparable jurisdictions — no arrangements announced yet; statutory 2-year target (by Jul 18, 2027)
Without FPSI registration + comparable jurisdiction determination: foreign stablecoin offering to US persons is unlawful from effective date
Technology Auditing & Consulting Perspective
The regulatory framework creates substantial technology risk and control gaps for all market participants. Key audit and advisory opportunities span: PPSI application readiness assessments; reserve management technology architecture and segregation controls; AML/CFT program gap analysis (with FinCEN's dynamic risk assessment obligation as a new continuous obligation); IT security program build-outs aligned to OCC CSW and NIST CSF 2.0; TPRM framework development for blockchain infrastructure vendors; operational resilience testing programs; and monthly attestation process design. Each participant type — issuer, custodian, DASP, payment network — requires a distinct risk and control response mapped to its specific regulatory pathway.