U.S. Stablecoin Regulation · March 2026

The regulatory framework for U.S.-compliant stablecoin issuance

The GENIUS Act establishes the first federal framework for payment stablecoins. The OCC's 2026 proposed rule operationalizes it. This library translates both into structured operational guidance for issuers, banks, custodians, and counsel.

GENIUS Act enacted July 18, 2025 OCC NPR comment deadline May 1, 2026 CLARITY Act H.R. 3633 · Pending Senate

OCC NPR comment period open. The proposed rule (Docket ID OCC-2025-0372) accepts public comments through May 1, 2026. Key open questions: buffer requirements, alternative capital frameworks, and the precise scope of the yield/interest prohibition.

Agency jurisdiction map

GENIUS Act

Enacted · 12 U.S.C. 5901

The foundational statute. Defines "payment stablecoin" and establishes the compliance framework. A payment stablecoin must: (1) be used for payment or settlement, (2) convert at a fixed monetary value, (3) pay no yield or interest to holders.

1:1 HQLA reserve backing required at all times
T+2 standard redemption; T+7 calendar day stress extension (>10% outstanding supply in 24 hrs)
Monthly public attestation with CEO/CFO criminal liability (18 U.S.C. 1001)
Yield/interest prohibition includes "other consideration" via third-party arrangements
OCC receivership authority for systematic T+2 failures (§ 10)

Key sections: § 4 (reserves), § 4(a)(11) (yield prohibition), § 4(g) (disclosures), § 10 (insolvency)

OCC 12 CFR Part 15

Proposed · NPR 2026

Implements the GENIUS Act for entities under OCC jurisdiction. Sets specific operational mechanics including reserve composition rules, diversification limits, capital requirements, redemption policy requirements, and reporting cadence.

8 eligible reserve asset categories (see Reserve Management page)
10%/30% daily/weekly liquidity buckets; WAM ≤ 20 days
≤40% at any single EFI; ≤50% of daily liquidity at any single EFI
No rehypothecation of reserve assets — absolute prohibition
$5M capital floor during 3-year de novo period; tailored thereafter
Secure cryptographic key management per FFIEC cybersecurity standards (§ 15.14)

Key sections: § 15.3 (applications), § 15.10 (activities), § 15.11 (reserves), § 15.12 (redemption), § 15.14 (operational risk), § 15.20–22 (reporting)

Federal Reserve & FinCEN

Operational Compliance

The Fed holds reserve deposits (the 10% daily liquidity bucket). FinCEN enforces Bank Secrecy Act obligations for all stablecoin issuers operating as money services businesses.

BSA/AML program at bank-equivalent standards — board certification within 180 days
Travel Rule: transmittal records required for transfers ≥$3,000 (31 CFR § 1010.410)
CTR filing for transactions ≥$10,000; SAR within 30 days of identifying suspicious activity
Blockchain analytics and geolocation screening required for digital asset-specific AML risks
OFAC SDN list screening at wallet onboarding and per-transaction level

Key rules: 31 CFR § 1010.410 (Travel Rule), 31 CFR § 1020.320 (SARs), FFIEC BSA/AML Examination Manual

SEC / CLARITY Act (H.R. 3633)

Pending · 119th Congress

The Digital Asset Market Clarity Act of 2025 (CLARITY Act) proposes to divide digital asset jurisdiction between the CFTC (digital commodities) and the SEC (investment-contract digital assets). Payment stablecoins are carved out into a separate category governed by the enacted GENIUS Act — not the CLARITY Act. Passed the House July 17, 2025 (294–134). Senate Banking Committee markup postponed January 14, 2026; not yet rescheduled.

Payment stablecoins: explicitly excluded from CLARITY Act scope — governed by GENIUS Act regardless of CLARITY Act outcome
Senate Banking Committee stalled on stablecoin yield amendment; Agriculture Committee completed its markup January 29, 2026
DeFi protocols and secondary market products: regulatory uncertainty remains until Senate passes and reconciles bill
Distributor registration: state MSB or SEC broker-dealer frameworks apply until CLARITY Act creates dedicated digital asset broker registration

H.R. 3633, 119th Congress — House passed July 17, 2025. Senate Banking Committee markup postponed January 14, 2026. Status as of March 2026: pending Senate floor vote.

The $10 billion threshold — dual-track structure

Federal vs. state: a regulatory bifurcation

The GENIUS Act mirrors the dual-banking system. Issuer size determines the primary regulator. The $10B mark is a hard operational trigger, not a soft threshold.

Feature	State issuer (<$10B)	Transition zone (crossing $10B)	Federal issuer (>$10B)
Primary regulator	State authority (e.g., NYDFS)	OCC oversight begins	OCC — mandatory federal supervision
OCC notification	Not required	Within 5 calendar days of crossing	Ongoing weekly reporting
Transition deadline	N/A	360 days from threshold crossing	N/A — already federal
Waiver option	N/A	Apply within 240 days (OCC evaluates state regime)	No waiver possible
Reporting	To state authority + SCRC summary	Begin federal reporting during transition	Weekly/monthly/quarterly to OCC
Examination	State examiners; indirect via SCRC	OCC transition review	OCC on-site examiners; PCAOB if >$50B
Design implication	Design for OCC standards from Day 1	Technology + governance must be ready before 360 days	Full OCC compliance mandatory

360-day clock starts at crossing, not at the decision to act. OCC notification is required within 5 calendar days of crossing $10B. The waiver application window closes at 240 days. Issuers must design for federal standards before reaching the threshold — not after.

Key prohibitions — what issuers cannot do

Absolute prohibition

No yield or interest

GENIUS Act § 4(a)(11) and OCC § 15.10(c)(4) prohibit paying interest, yield, or "other consideration" to stablecoin holders. The prohibition extends to payments through intermediaries and third-party arrangements. A presumption exists that any such payment violates the Act — rebuttable only with sufficient evidence. Staking rewards and indirect yield arrangements carry the same presumption.

GENIUS Act § 4(a)(11) · OCC § 15.10(c)(4)

Absolute prohibition

No rehypothecation of reserves

Reserve assets cannot be pledged, loaned, used as collateral, or otherwise reused — directly or through a third-party custodian. The prohibition applies even to excess reserves above the 1:1 requirement. Custody agreements must mirror this prohibition contractually. Surplus reserves may only be withdrawn once per month after the RPAF examination.

OCC NPR § 15.11(b)(6) · GENIUS Act § 4(a)(2)

Operational constraint

Reserve asset restrictions

Only 8 enumerated asset categories qualify as reserve assets. No corporate bonds, equities, crypto-assets (including other stablecoins), or non-enumerated instruments. Tokenized versions of eligible assets are permitted. Non-payment crypto-assets may be held only for testing distributed ledger infrastructure — not as reserves.

GENIUS Act § 4(a)(1)(A) · OCC NPR § 15.11(a)

  Regulatory reference only — not legal or compliance advice. The OCC 12 CFR Part 15 rule is a proposed rule open for comment until May 1, 2026 — not yet final and subject to material change. The CLARITY Act (H.R. 3633) has not passed the Senate. All citations should be independently verified against current official regulatory text before making compliance decisions. Consult qualified legal counsel.

Page 2 of 6

Lifecycle Playbook

The complete end-to-end operational flow for a U.S.-compliant payment stablecoin, organized in five lifecycle phases across six swimlane actors. Each phase includes regulatory requirements, controls, and the on-chain / off-chain boundary.

GENIUS Act · OCC 12 CFR Part 15 · FinCEN BSA · FFIEC Cybersecurity

5 phases6 actorsmint / burn logicon-chain boundary

Phase selector

Key regulatory handoffs across all phases

Off-chain gates before on-chain execution

Two protocol-level rules govern the on-chain boundary:

Mint gate: Off-chain reserve verification (bank confirms 1:1 HQLA coverage) must complete before smart contract executes mint(). This is the direct lesson from the PayPal $300T technical error cited in OCC NPR.
Burn gate: USD wire confirmation must precede burn(). Burning tokens before fiat settlement creates a reserve deficit — a direct OCC violation.

Regulator notification triggers

Issuance start: OCC charter approval before any minting
$10B crossed: Notify OCC within 5 calendar days; waiver application within 240 days; full transition within 360 days
Stress redemption: Notify OCC supervisory office within 24 hours when >10% of outstanding supply requested in a single 24-hour period
BSA/AML: Board certification within 180 days of operation; SAR within 30 days of identifying suspicious activity

Page 3 of 6

Reserve Management Framework

The mechanics of 1:1 reserve backing: eight eligible asset categories, liquidity tier requirements, diversification constraints, the no-rehypothecation rule, and the monthly RPAF examination cycle.

OCC NPR § 15.11 · GENIUS Act § 4(a)(1)(A) · GENIUS Act § 4(a)(3)

8 asset categoriesWAM ≤ 20 daysno rehypothecationmonthly RPAF exam

Quantitative reserve constraints

1:1

Fair market value of reserves ≥ outstanding token par value at all times

§ 15.11(a)(1)

≥10%

Daily liquidity minimum: demand deposits or Fed balances receivable on demand

§ 15.11 quantitative approach

≥30%

Weekly liquidity minimum: assets receivable within 5 business days

§ 15.11 quantitative approach

≤20

Weighted average maturity in days — hard ceiling across the reserve portfolio

§ 15.11 · OCC NPR § 15.11(a)(1)(iv)

Concentration limits

Max at any single eligible financial institution

≤40%

Max daily liquidity at any single EFI

≤50%

Required insured deposits (≥$25B issuers)

≥0.5%

For issuers with ≥$25B outstanding: at least 0.5% of reserves must be held as insured deposits, capped at $500M. This effectively mandates distributed deposit arrangements.

OCC NPR § 15.11(a)(1)(iii) · Issuers ≥$25B: § 15.11(a)(1)(v)

Rehypothecation: absolute prohibition

Reserve assets may not be pledged, loaned, used as collateral, or otherwise reused — directly or through a third-party custodian. This is unconditional. Permitted exceptions are extremely narrow:

Satisfying obligations arising from the use of required reserve assets (e.g., repo settlement)
Satisfying obligations associated with the management and maintenance of reserve portfolios

Custody agreements must contractually mirror this prohibition. Surplus reserves (above 1:1) may only be withdrawn once per month, after RPAF monthly examination and GENIUS Act § 4(a)(3) certification.

OCC NPR § 15.11(b)(6) · GENIUS Act § 4(a)(2)(D)

The 8 eligible reserve asset categories

What qualifies as a reserve asset

Only assets in these eight categories may satisfy the 1:1 reserve requirement. All other assets — including corporate bonds, equities, crypto-assets, and other stablecoins — are prohibited. Valuation is at fair market value, not amortized cost.

01

U.S. currency (cash)

Physical U.S. dollar notes and coins. Counts toward daily liquidity (demand). Rarely held at scale due to operational impracticality; vault custody constraints apply.

Daily liquidity

02

Balances at a Federal Reserve Bank

Master account balances at the Fed. The highest-quality reserve asset; counts toward the 10% daily liquidity bucket. Access requires a Fed master account or pass-through arrangement.

Daily liquidity

03

Demand deposits at insured depository institutions

Checking accounts at FDIC-insured banks. Counts toward daily liquidity. Subject to the ≤40% per-EFI concentration cap and ≤50% of daily bucket per EFI. Required component for issuers ≥$25B.

Daily liquidity

04

U.S. Treasury bills (maturity ≤ 93 days)

The primary yield-bearing reserve asset. Maturity ceiling of 93 days strictly enforced. Counts toward WAM calculation. Longer-dated Treasuries do not qualify. Issuers must demonstrate ability to monetize T-bills through periodic live testing.

Weekly liquidity (secondary market)

05

Overnight and short-term repurchase agreements

Repos collateralized by U.S. Treasury securities or other GENIUS Act-eligible assets. Used for short-term liquidity and yield. Proceeds may not be re-lent or used outside of permitted stablecoin activities. Overnight repos provide daily liquidity; term repos qualify as weekly.

Daily (overnight) / Weekly (term)

06

Money market funds (eligible-asset-only)

MMFs that hold only GENIUS Act-eligible assets. Not all MMFs qualify — the fund's underlying holdings must consist exclusively of permitted reserve assets. Government MMFs generally qualify; prime MMFs may not.

Weekly liquidity

07

Liquid federal government-issued assets (regulator-approved)

Assets approved by the issuer's primary federal regulator on a case-by-case basis. Provides flexibility for future instruments. Regulatory pre-approval required — cannot be added unilaterally by the issuer.

Regulator-approved

08

Tokenized versions of eligible assets

On-chain representations of categories 1–7, subject to the same eligibility rules as the underlying asset. The tokenized version must be redeemable at par into the underlying asset. Blockchain-based T-bills and tokenized money market funds fall here.

Inherits underlying liquidity tier

Monthly reserve certification cycle

Continuous — daily

Fair value monitoring

Reserve portfolio valued at fair market value daily. Automated alert if coverage falls below 1:1 at any point. No amortized cost shortcut permitted — market value must meet or exceed par value of outstanding tokens.

OCC NPR § 15.11(a)(1)(ii)

Monthly

RPAF examination + CEO/CFO certification

Registered Public Accounting Firm examines reserve composition report. CEO and CFO certify accuracy. False certification triggers criminal liability under 18 U.S.C. 1001. Report published publicly on issuer's website.

GENIUS Act § 4(a)(3) · OCC NPR § 15.21

Criminal penalty: knowing false certification is a federal crime (18 U.S.C. 1001). Same standard as Sarbanes-Oxley.

Monthly — post-certification only

Surplus reserve withdrawal window

Excess reserves above the 1:1 requirement may be withdrawn only once per month, and only after the RPAF examination and § 4(a)(3) certification are complete. No ad hoc withdrawal of surplus at any other time.

OCC NPR § 15.11 · GENIUS Act § 4(a)(3)

Periodic — regulator-determined

Live monetization testing

Issuers must periodically conduct actual monetization transactions (e.g., sell T-bills, unwind repos) to confirm operational T+2 redemption capability. Frequency determined by size and complexity. Documented in a monetization playbook.

OCC NPR § 15.11 — operational readiness requirement

Reserve management operational checklist

Based on OCC NPR "what should issuers do" guidance and PwC analysis of key compliance gaps.

Area	Action required
Asset eligibility	Map current portfolio to 8 categories; plan exit from ineligible assets
Fair value system	Implement real-time market data feeds; daily valuation vs. totalSupply()
Liquidity tiers	Model 10%/30% buckets; monitor daily against automated alerts
WAM	Calculate WAM framework; ensure portfolio WAM stays ≤ 20 days continuously
Concentration	Monitor ≤40% per EFI and ≤50% of daily liquidity per EFI in real time
Monetization	Build and document playbook; schedule live tests before OCC examination
Monthly cycle	CEO/CFO sign-off workflow with evidence package; RPAF engagement before certification deadline
Custody agreements	Include no-rehypothecation clause, right-to-audit, and incident notification

// These controls in practice

The Stablecoin Reserve Integrity Monitor

The framework above — 1:1 HQLA coverage ratio, three-ledger reconciliation, daily fair value monitoring, and the 25-control audit work program across five GENIUS Act domains — is built and running. The Reserve Integrity Monitor is a working example of exactly the infrastructure this page describes.

See the Reserve Integrity Dashboard View the OCC-Standard Audit Report

Page 4 of 6

Compliance Reporting Calendar

Every reporting obligation an OCC-supervised stablecoin issuer faces — weekly, monthly, quarterly, and annual — with the specific regulatory citation, the certifying officer, and the consequence of failure.

OCC NPR § 15.20–22 · GENIUS Act § 4(g) · PCAOB Standards

weekly OCCmonthly RPAFquarterly call reportannual PCAOB ≥$50B

Criminal liability is embedded throughout this calendar. Monthly CEO/CFO certifications carry potential criminal penalties (18 U.S.C. 1001). Quarterly board attestations carry the same. Board members typically receive formal criminal liability notices at onboarding and at each certification cycle.

Reporting cadence

Weekly · Confidential

OCC supervisory report

Filed directly and confidentially with OCC supervisory office. Must include: (1) outstanding issuance value, (2) secondary market activity and price movement, (3) redemption volume and average settlement times, (4) detailed reserve asset composition including tenors and custodians, (5) total trading volume.

OCC NPR § 15.21 — weekly report

Failure to file is a reportable supervisory deficiency. Repeated gaps may trigger enforcement.

Monthly · Public

Reserve attestation report

Published on the issuer's public website. Must include: (1) total outstanding stablecoins issued, (2) fair market value of reserves, (3) reserve composition by category, (4) weighted average maturity, (5) geographic location of custody. Must be examined by a Registered Public Accounting Firm (RPAF) prior to publication.

OCC NPR § 15.21 · GENIUS Act § 4(a)(3)

CEO and CFO must certify accuracy. False certification = criminal penalty under 18 U.S.C. 1001.

Quarterly · Regulatory filing

Financial condition report

Analogous to bank call reports. Includes: income, expenses, balance sheet information, reserves, changes in equity, investments, capital, outstanding issuance value, and assets under custody. CFO (or equivalent) declares accuracy; full board of directors and senior management attest.

OCC NPR § 15.21 — quarterly financial condition report

Board and senior management attestation. False or misleading statements carry potential criminal exposure.

Annual · For issuers ≥ $50B

PCAOB-standard financial audit

Registered Public Accounting Firm conducts a full independent financial statement audit in accordance with Public Company Accounting Oversight Board (PCAOB) auditing standards. Applies to issuers with more than $50B in consolidated total outstanding issuance that are not already subject to such an audit through other regulatory obligations.

OCC NPR § 15.22 · PCAOB auditing standards (proposed threshold)

Within 180 days of operation

Board BSA/AML certification

Board of directors must formally certify that the entity's BSA/AML and sanctions compliance program is reasonably designed to prevent money laundering and terrorist financing. Renewed annually. The program must address digital asset-specific risks (blockchain analytics, geolocation screening) beyond traditional banking AML controls.

OCC § 15.20 — BSA/AML program certification

Knowingly submitting a false certification is subject to criminal penalties. Board should engage AML counsel before initial certification.

Within 24 hours — event-triggered

Stress redemption OCC notification

If redemption requests exceed 10% of outstanding issuance value in a single 24-hour period, the issuer must notify the OCC supervisory office within 24 hours. The T+7 calendar day redemption extension triggers automatically at this threshold. OCC notification is separate from — and in addition to — the extension itself.

OCC NPR § 15.12(c) — stress event notification

Certification matrix — who signs what

Report	Frequency	Certifier	Liability
OCC supervisory report	Weekly	Designated officer	Supervisory
Reserve attestation	Monthly	CEO + CFO	Criminal (18 U.S.C. 1001)
RPAF examination	Monthly	Independent RPAF	Professional standards
Financial condition report	Quarterly	CFO + Board + Senior management	Criminal (potential)
PCAOB financial audit	Annual (≥$50B)	Independent RPAF	PCAOB standards
BSA/AML certification	Annual	Board of directors	Criminal (if knowingly false)
Stress event notification	Event-triggered	Compliance officer	Supervisory if missed

State issuer reporting (<$10B)

SCRC coordination requirements

State issuers below $10B report primarily to their state regulator. The Stablecoin Certification Review Committee (SCRC) — chaired by Treasury, including Fed and FDIC — coordinates federal oversight at the state level.

State-level attestation reports forwarded to SCRC as summary reports
Federal reporting cadence not required until $10B threshold is crossed
Upon $10B crossing: OCC notification within 5 calendar days; begin parallel reporting
Waiver applicants: OCC evaluates state regime equivalence, examination history, and issuer compliance track record

GENIUS Act — SCRC structure · OCC NPR § 15.15

Implementing a sustainable reporting program

Based on PwC OCC Genius Act Proposal analysis (2026):

Weekly and monthly processes benefit from a shared data layer — overlap between weekly and monthly reserve data is intentional and avoids duplication of effort
Automated reserve valuation, WAM calculation, and concentration monitoring reduces manual intervention in weekly report preparation
CEO/CFO certification workflows are most robust when the evidence package is generated continuously rather than assembled under deadline pressure
RPAF and outside AML counsel are most effective when engaged during the pre-launch period rather than post-launch
Board education on criminal liability is typically established before the first certification cycle

Page 5 of 6

Technical Architecture Guide

Blockchain selection rationale, smart contract mint/burn design patterns, key custody architecture, and the operational boundary between on-chain and off-chain infrastructure — grounded in OCC and FFIEC requirements.

OCC § 15.3 (tech disclosure) · OCC § 15.14 (operational risk) · FFIEC Cybersecurity Standards

blockchain choicemint / burn designHSM key custodyon-chain boundary

OCC requires blockchain choice to be disclosed in the business plan application (12 CFR § 15.3). The selection must be justified in the 3-year financial projection and tech stack description. This is an examined decision — document the rationale before filing.

Blockchain architecture decision

Public chain vs. permissioned chain

Both approaches are permissible under the OCC framework. The choice affects AML control architecture, DeFi composability, secondary market depth, and governance risk. Neither option eliminates the compliance obligations — they shift where controls are implemented.

Approach A

Public EVM chain

Deploy on Ethereum mainnet, Solana, or a public L2. Smart contracts are publicly verifiable. Secondary market depth is highest. DeFi composability enables programmable treasury and cross-protocol use.

Examples in market: Circle USDC (Ethereum/Solana), PayPal PYUSD (Ethereum)
AML controls: Implemented via smart contract access controls (whitelist/blacklist), on-chain OFAC screening integration, wallet-level KYC binding
Key risk: Public mempool visibility; immutability of deployed contracts; MEV exposure
OCC implication: Requires strong smart contract audit program; FFIEC cybersecurity controls at key custody layer rather than chain level

Approach B

Permissioned / private chain

Deploy on Corda, Hyperledger Fabric, or a private consortium chain. Participants are known and credentialed. AML controls are structural (only whitelisted nodes transact). Governance is centralized.

Examples: JPM Coin (JPMorgan Onyx), Fnality (consortium banks)
AML controls: Built into the network layer — only KYC'd participants can transact; no public mempool
Key risk: Limited secondary market; no DeFi composability; consortium governance complexity
OCC implication: Lower smart contract risk profile; easier to demonstrate FFIEC controls to examiners; less secondary market utility

System architecture — layer by layer

On-chain / off-chain infrastructure boundary

Off-chain: regulatory & compliance layer

Off-chain

KYC/AML engine

Identity verification, sanctions screening (OFAC SDN), blockchain analytics (Chainalysis/TRM), Travel Rule counterparty verification. All user onboarding passes here before wallet address is whitelisted on-chain.

FinCEN BSA · GENIUS Act § 4(h)

Reserve management system

Real-time reserve portfolio valuation at fair market value. WAM calculation engine. Concentration monitoring (40%/50% caps). Automated OCC weekly report generation. Monetization playbook execution trigger.

OCC NPR § 15.11

Regulatory reporting portal

Weekly OCC confidential filings. Monthly reserve attestation workflow (CEO/CFO sign-off, RPAF upload). Quarterly call-report-analog. SAR/CTR filing to FinCEN. Stress event 24-hr OCC notification pipeline.

OCC NPR § 15.20–22

Off-chain: financial settlement layer

Off-chain

Reserve custodian

Eligible financial institution holding reserve assets. Segregated trust accounts. Formal custody agreement with no-rehypothecation clause, right-to-audit, and daily balance reporting to issuer. HSM-based key management for any reserve assets held digitally.

OCC NPR § 15.11(a)(1)(iv)

Reserve bank (EFI)

Holds demand deposits (daily liquidity bucket ≥10%) and Fed balance access. Executes T-bill purchases and repo transactions. Confirms 1:1 coverage before each mint authorization. Executes wire transfers within T+2 for redemptions.

OCC NPR § 15.11 · GENIUS Act § 4(a)(1)

Fiat settlement rails

Fedwire (large-value) and ACH (retail) for fiat in/out. T+2 settlement SLA. Stress redemption: bank must demonstrate ability to monetize T-bills and settle within T+2 under normal conditions, T+7 calendar under stress. CHIPS for cross-border.

OCC NPR § 15.12(b)(1)

On-chain: smart contract layer

On-chain boundary

Token contract (ERC-20 / SPL)

Core stablecoin token. Functions: mint(), burn(), transfer(), pause(), blacklist(). Access-controlled: only multi-sig authorized addresses may call mint() or burn(). All events logged immutably for OCC audit trail.

OCC NPR § 15.14 — operational risk

Mint authorization contract

Multi-party authorization gate before mint(). Requires signatures from: (1) Issuer authorized officer, (2) Custodian, and (3) Compliance officer. Quorum threshold issuer-defined per OCC § 15.14 (FFIEC recommends multi-party controls; specific quorum is issuer's design choice).

OCC § 15.14 · FFIEC Authentication Guidance

Burn escrow contract

Tokens locked in burn escrow upon redemption request. burn() executes only after off-chain wire confirmation signal received. Prevents premature supply decrement. Burns are permanent and immutably logged — OCC audit evidence.

Operational design — prevents reserve deficit

Key custody architecture

Off-chain

Hardware Security Modules (HSM)

Private keys stored exclusively in tamper-evident HSMs. FFIEC Cybersecurity Standards (incorporated via OCC § 15.14) require "secure cryptographic key management practices." Industry standard for bank-equivalent key custody: FIPS 140-2 Level 3 or equivalent. No software-only key management.

OCC § 15.14 · FFIEC Cybersecurity

Key tier architecture

Cold storage: Offline HSM for master keys and disaster recovery; geographically redundant.
Warm: HSM-connected signing infrastructure for standard operations.
Hot: Operational wallet for gas fees only; minimal balance. Quarterly key rotation required per FFIEC guidance.

FFIEC Authentication Guidance · OCC § 15.14

Access controls & audit

Principle of Least Privilege (PoLP) for all administrative access. Mandatory dual control (two-person rule) for all key operations. All key usage logged with timestamps, operator identity, and transaction hash. Logs are OCC-discoverable audit evidence. Independent penetration testing and security review required.

OCC § 15.14 operational risk — FFIEC standards

Mint and burn protocol — step by step

mint() protocol — sequential requirements

User passes KYC/AML — Identity verified; wallet address registered and whitelisted off-chain
Fiat received and confirmed — Bank confirms wire receipt; amount validated against request
1:1 reserve coverage verified — Bank confirms reserve fair value ≥ (outstanding issuance + new mint amount) — this confirmation is the critical off-chain gate
Multi-party authorization — Required co-signers approve mint request (issuer officer + custodian + compliance). On-chain authorization contract validates quorum
mint() executes on-chain — Smart contract mints tokens to whitelisted address; totalSupply incremented; event logged immutably
OCC audit log updated — Mint event recorded in OCC-reportable audit trail system

burn() protocol — sequential requirements

Redemption request received — Submitted via portal or API with wallet address and amount
KYC/AML re-verification — Re-screen against updated OFAC SDN list and AML risk flags
Tokens locked in burn escrow — Smart contract locks tokens; user cannot transfer until redemption resolves or is rejected
Reserve liquidation — Bank monetizes sufficient HQLA (T-bills, repo) to fund the wire; T+2 clock starts
USD wire confirmed — Fiat settlement confirmed before burn() can be authorized — this is the critical gate
burn() executes on-chain — Tokens permanently destroyed; totalSupply decremented; immutable burn event logged; escrow released

Page 6 of 6

Charter Pathway & Design Decisions

Four charter options, a structured decision framework, and the key design decisions every stablecoin issuer must make before filing — custody model, reserve composition, blockchain architecture, yield strategy, and redemption SLA.

GENIUS Act §§ 2–6 · OCC NPR §§ 15.1–15.5 · 12 CFR Part 15

4 charter types$10B transition mechanics360-day clock6 design decisions

Charter comparison — all four pathways

National bank subsidiary

Issuing subsidiary of a national bank or federal savings association; OCC-supervised

Primary regulatorOCC

Capital floorParent bank requirements

Fed backstopYes — discount window access

Capital treatmentDeconsolidated from parent for capital calc.

Strongest regulatory standing. Parent bank's Fed account facilitates daily liquidity bucket. Most credible with institutional counterparties. Complex legal entity structuring required.

Nonbank federal QPSI

Nonbank entity approved by OCC to issue stablecoins; standalone federal qualification

Primary regulatorOCC (direct)

Capital floor$5M (3-yr de novo); tailored thereafter

Fed backstopNo discount window

ApplicationOCC QPSI application; full review

Route for fintech-native issuers without a bank parent. No Fed backstop means monetization capability must be demonstrated through reserve portfolio quality alone. Must meet all OCC operational requirements directly.

State license (<$10B)

State-chartered stablecoin issuer regulated by state authority (e.g., NYDFS, NYSDFS)

Primary regulatorState authority

Federal oversightIndirect via SCRC

Threshold trigger$10B outstanding — mandatory transition

OCC noticeWithin 5 calendar days of crossing

Valid for early-stage issuers. Design for federal standards from Day 1 — the 360-day transition window does not provide enough time to rebuild compliance infrastructure after crossing the threshold.

Foreign issuer registration

Foreign entity issuing stablecoins tied to U.S. markets; OCC registration required

Primary regulatorOCC (registration oversight)

Exemption pathTreasury equivalence determination

RequirementsReserve, redemption, audit, reporting

Consumer protectionU.S. laws apply where applicable

Registration required for U.S. market access. Treasury equivalence exemption available if Secretary determines foreign regime is "substantially similar" to GENIUS Act. Applies to Tether (USDT) model if pursuing U.S. distribution.

The $10B transition — exact timing and mechanics

Day 0 — threshold crossed

Outstanding issuance exceeds $10B

The 360-day transition clock starts automatically at this moment. The clock is not tolled by good-faith efforts or application filings. Additional issuance may continue during the transition period.

Day 1–5 (within 5 calendar days)

Written OCC notification required

Issuer must submit written notification to OCC identifying: the date the threshold was reached, current outstanding issuance value, and a preliminary transition plan. Missing this notification is independently a supervisory deficiency.

OCC NPR § 15.15 — 5-day notification window

Day 1–240 (within 240 days)

Waiver application window

If seeking to remain under state supervision, the waiver application to OCC must be filed within 240 days. OCC evaluates: (1) issuer's capital and operations, (2) examination history, (3) state regulator's experience and supervisory framework. Waiver is not guaranteed.

OCC NPR § 15.15 — waiver application deadline

Day 360 (or earlier if elected)

Federal framework transition complete

Full OCC compliance required by this date. If the issuer is not compliant and has not received a waiver, it must cease issuing additional stablecoins until outstanding issuance falls back below $10B. There is no extension — this is a hard deadline.

GENIUS Act · OCC NPR § 15.15 — 360-day deadline

Failure to transition = mandatory issuance halt. Not a grace period — a compliance cliff.

Key design decisions — the six critical choices

Design decision framework

Six decisions that define your stablecoin's regulatory posture, risk profile, and operational architecture

Decision 1 — Charter

Which regulatory home?

National bank subsidiary (strongest backstop, deconsolidated capital), nonbank federal QPSI ($5M floor, no Fed backstop), state license (<$10B, design for federal from Day 1), or foreign registration (Treasury equivalence).

Decision 2 — Reserve Composition

How to optimize yield within the 8-category constraint?

Balance: Fed balances (0% yield, 10% required) + demand deposits (30% daily/weekly) + T-bills ≤93 days (yield-bearing, WAM impact) + repos (overnight for yield + liquidity). No corporate bonds. No crypto. Weighted average maturity ceiling: 20 days.

Decision 3 — Blockchain Architecture

Public chain vs. permissioned chain?

Public EVM: DeFi composability, secondary market depth, public verifiability — AML controls at smart contract and key custody layer. Permissioned: AML baked into network, no DeFi, cleaner OCC examination story. Must disclose choice in OCC application (§ 15.3).

Decision 4 — Custody Model

Who holds the reserves? (Common approach: third-party EFI)

Third-party eligible financial institution: strongest bankruptcy remoteness, clearest segregation. Bank subsidiary custodian: parent bank operational advantages. Key requirements: formal custody agreement, no-rehypothecation clause, right-to-audit, daily balance reporting.

Decision 5 — Yield Strategy

Fee-based only (the only permissible model)

Yield to holders is prohibited — including via third-party arrangements. Revenue model must be fee-based: transaction fees, custody fees, float income retained by the issuer. Rewards programs require legal analysis under the OCC's "other consideration" presumption before launch.

Decision 6 — Redemption SLA Design

T+2 standard; T+7 calendar day stress protocol

Public redemption policy must be published (all fees and timelines disclosed). T+7 calendar day extension is auto-triggered at >10% stress threshold — design liquidity stress testing to model this scenario. OCC receivership authority activates if T+2 is systematically failed (GENIUS Act § 10).