FinCEN’s new GENIUS Act CIP proposal is scheduled for official publication on 22 June 2026, and it would force stablecoin issuers to adopt bank-style onboarding controls.
A new joint proposal from FinCEN and four federal banking agencies would require permitted payment stablecoin issuers to verify customers, maintain written identification programs, and document when onboarding should be blocked or accounts closed.
Stablecoins Just Got Treated Like Banks. Here's What That Means.
FinCEN, the OCC, the Federal Reserve, the FDIC, and the NCUA have jointly proposed a rule to implement the GENIUS Act’s customer identification program requirement for permitted payment stablecoin issuers, or PPSIs.
The proposal would treat those issuers as financial institutions under the Bank Secrecy Act for customer identification purposes, moving stablecoin onboarding closer to the standards already applied to banks and other regulated financial firms.
That shift matters because the proposal does not stop at a broad policy statement. Instead, it would require every PPSI to establish and maintain a written CIP tailored to its size and business, and to embed that program inside its broader anti-money laundering and countering the financing of terrorism framework.
In practical terms, the rule would push stablecoin issuers toward formalized identity controls at the account-opening stage rather than relying on lighter money-transmitter style practices alone.
It's Not Just "Know Your Customer." It's How, When, and What Happens If You Don't.
For compliance teams, the most important detail is not that customer identification is coming, but how specifically the agencies propose to operationalize it. Before opening an account, a PPSI would need to collect a customer’s name, date of birth for individuals or date of formation for entities, address, and identification number. Then, within a reasonable period after account opening, the issuer would need procedures to verify that identity using documents, non-documentary methods, or a combination of both.
The proposal also goes further for entity customers. Where risk warrants it, a PPSI would need procedures to obtain information about individuals with authority or control over a non-individual account in order to verify the customer’s identity. Moreover, the rule would require documented responses for failed verification, including when not to open an account, when limited use may be allowed during verification, when an account should be closed, and when a Suspicious Activity Report should be considered.
This is where the compliance burden becomes tangible. The full notice explains that the proposed CIP must be risk-based and calibrated to factors such as account type, onboarding method, the information available, and the PPSI’s size, location, and customer base. That structure mirrors established CIP logic in traditional finance, yet it must now be translated into digital-asset onboarding flows where customers may interact through apps, third-party platforms, or digital asset service providers rather than face-to-face channels.
What to Do Before the Rule Becomes Mandatory
Compliance leaders should begin with a gap assessment against the proposal’s likely core obligations.
That review should cover required customer data fields, documentary and non-documentary verification methods, escalation paths for failed verification, record retention, government-list screening, customer notice language, and any reliance model involving third parties or affiliated entities.
Operational teams should also test whether current onboarding flows can support a defensible account-opening record from day one. If the answer is no, the fix is not cosmetic. It likely requires workflow redesign, stronger identity evidence capture, and closer integration between compliance operations and digital forensic capabilities.