- Key insight: Treasury is directing stablecoin issuers to combat money laundering and other illicit activities with bank-like rules and additional requirements to ensure AML monitoring is being maintained across distributed networks.
- Supporting data: The proposal notes that the majority of illicit activity on blockchains is conducted using stablecoins.
- Forward look: The proposed rules will be open for comment for 60 days.
The Treasury Department’s Financial Crimes Enforcement Network Wednesday issued a proposal to establish anti-money-laundering and countering the financing of terrorism standards for stablecoin issuers.
The proposed rule largely mirrors the bank-focused
Processing Content
“Under the proposal, AML/CFT programs should be appropriately risk-based, with PPSIs directing more resources toward higher-risk customers and activities, rather than toward lower-risk customers and activities,” the proposal said. “The proposal reflects Fincen’s view that compliance obligations and expectations should be focused on effectiveness and that financial institutions are best positioned to identify and evaluate their money laundering, terrorist financing, and illicit finance risks.”
Stablecoin risks differ from those of traditional banking channels, as many stablecoin holders transact on the secondary market without intermediaries, or via foreign digital asset exchanges with weak or nonexistent AML rules of their own.
The agency said Bank Secrecy Act data “indicates that financial services providers in jurisdictions with lax AML/CFT standards use accounts with stablecoin issuers to convert funds on behalf of their customers from local currencies into stablecoins, which can then be laundered and ultimately exchanged for U.S. dollars.”
To combat illicit activity, the proposed rule directs issuers to meet both traditional bank obligations — such as identifying customers, filing suspicious activity reports and maintaining an AML program — as well as standards that ask the issuer to monitor risks beyond the institution itself.
Unlike bank deposits, which exist in centralized ledgers controlled by the bank, many major stablecoins operate on
“The U.S. government has linked stablecoins to a range of illicit activities and bad actors, including scammers and fraudsters; Democratic People’s Republic of Korea information technology workers, cybercriminal groups and related money laundering networks; drug traffickers; terrorist groups; and sanctions evasion and money laundering networks, among others,” the proposal states. The proposal also cites a 2025 Financial Action Task Force estimate that “a majority of all on-chain illicit activity is now transacted in stablecoins.”
Under the proposal, issuers would need to monitor transactions in secondary markets, including keeping records of transfers between individuals and interactions involving smart contracts, which are self-executing lines of code that track and validate balances and ownership across the blockchain. Because these transactions occur automatically on decentralized networks, Treasury says issuers must have the technical ability to monitor and, when necessary, intervene to stop transactions.
“As the GENIUS Act directs and this proposed rule would require, a PPSI must have the ‘technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations,'” the proposal states. “That statutory requirement will necessarily mean a PPSI must have internal policies, procedures, and controls to comply with the obligation to block, freeze, and reject applicable transactions, which could be part of enterprise-wide policies and procedures or unique in the corporate structure to PPSIs.”
Issuers would also be required to be able to “burn” stablecoins — that is, remove them from circulation and reissue equivalent tokens to different wallets — when required to restore funds to victims of fraud or scams.
The technical ability to monitor and suspend tokens at will would be an ongoing obligation for the issuer, not one that goes away after the token is issued. The rule gives PPSIs flexibility in technical implementation, but requires that all lawful orders be executed fully, mirroring practices already used by law enforcement to seize illicit stablecoins.
The proposal also adapts traditional AML frameworks to the stablecoin ecosystem. PPSIs must assess the types of entities, the jurisdiction they operate from, operating history, services offered, markets served and an entity’s associated intermediaries. They may also consider stablecoin-specific risks, including blockchain activity and off-chain factors — particularly on the secondary market, where most illicit activity occurs.
“PPSIs may also need to consider information more narrowly tailored to the stablecoin market, including both information available from public blockchains and relevant off-chain considerations,” the proposal states. “Though the proposed rule would not impose a standalone, independent obligation on a PPSI to monitor secondary market transactions, consideration of such activity may be appropriate in the PPSI’s development and maintenance of a customer risk profile (e.g., public blockchains may indicate that a digital assets exchange that is a PPSI customer is engaged in deposits or withdrawal activity of the PPSI’s stablecoin with addresses attributed to illicit actors).”
PPSIs must implement a full AML program, monitor activity, designate compliance officers, keep records and file SARs at the $5,000 threshold that already applies to banks.
The proposal requires PPSIs to establish standalone sanctions and AML/CFT compliance programs that mirror banking standards while adapting to stablecoins’ decentralized nature, including information sharing across institutions.
PPSIs would also be required to conduct independent testing of their AML/CFT programs to assess compliance relative to their risk profile. Testing must be performed by staff or “independent” outside auditors. Issuers could use internal staff not involved in the function being tested if no external auditors exist, but auditors would need to avoid conflicts of interest. Regulators would not be able to conduct internal testing and smaller issuers could share resources as long as the auditors remain independent.
Issuers would need qualified U.S.-based AML officers responsible for running the program. The proposed rule requires that the AML officer have no convictions of financial-related felonies and must “not [be] overburdened with other responsibilities at the institution.”