On April 8, 2026, FinCEN and OFAC issued a joint NPRM implementing the GENIUS Act’s directive to treat Permitted Payment Stablecoin Issuers (PPSIs) as financial institutions under the Bank Secrecy Act. The GENIUS Act (Pub. L. 119-27, enacted July 18, 2025) is explicit: PPSIs “shall be treated as a financial institution for purposes of the Bank Secrecy Act” and are subject to all federal laws applicable to a financial institution, including economic sanctions, anti-money laundering, customer identification, and due diligence requirements.
“This proposal will protect the U.S. financial system from national security threats without hindering American companies’ ability to forge ahead in the payment stablecoin ecosystem.”
— Secretary of the Treasury Scott Bessent · Treasury Press Release sb0435, April 8, 2026
What are the Five Core PPSI Obligations
NPRM Docket FINCEN-2026-0100
1. Written AML/CFT program
Board-approved, risk-based, tailored to size and complexity. Must include: risk assessment process identifying ML/TF/sanctions risks; internal controls; annual independent testing; ongoing employee training; US-based compliance officer. A compliance officer is explicitly barred if they have prior felony convictions for financial crimes, including insider trading, cybercrime, or fraud. FinCEN will not pursue enforcement absent “significant or systemic” programme failures.
2. Suspicious Activity Reporting (SARs) — $5,000 threshold
PPSIs must file SARs for transactions indicating possible law violations at or above the $5,000 threshold, mirroring current banking standards. Represents a significant operational build-out for issuers that have not previously maintained systematic SAR filing infrastructure.
3. Technical “freeze and seize” capability
PPSIs must maintain technical capabilities, policies, and procedures to block, freeze, and reject transactions violating federal or state law or any lawful order from regulators or law enforcement. Extends to secondary market activity on decentralised networks, including smart contract transfers not directly involving the issuer.
4. Customer Identification Program (CIP) + EDD + Travel Rule
PPSIs must maintain an effective CIP covering account holders and high-value transactions, with enhanced due diligence for higher-risk relationships. Travel Rule applies to fund transfers of $3,000 or more. Note: the NPRM specifies the CIP obligation is subject of a separate forthcoming rulemaking.
5. OFAC sanctions compliance program — five elements
OFAC requires: (1) senior management commitment; (2) risk assessment; (3) internal controls; (4) testing and auditing; (5) training. Strict liability applies, civil penalties possible even without knowledge of sanctions nexus. Adequacy of compliance programme is one of OFAC’s 11 penalty calibration factors.
Compliance Timeline
GENIUS Act enacted. First comprehensive US stablecoin framework.
FinCEN/OFAC joint NPRM issued. 60-day comment period opens.
Final implementing regulations required by statute.
Full enforcement begins.
Secondary Market Accountability
~5,700 Wallets frozen (Tether + Circle, end of 2025)
~$2.5B Assets frozen in those wallets
The proposed rule holds PPSIs accountable for activity on decentralised networks, including transfers via smart contracts not directly involving the issuer. Treasury specifically addresses secondary market accountability and expects PPSIs to monitor and disrupt state-sponsored sanctions evasion even after tokens leave the primary issuance point. This voluntary practice now becomes a legal requirement.
How Sentinel Compliance Platform Addresses Every PPSI Obligation
GENIUS ACT / NPRM OBLIGATION | SENTINEL COMPLIANCE PLATFORM CAPABILITY |
|---|---|
AML/CFT program — risk assessment, compliance officer, independent testing | Configurable risk assessment framework — exportable for board approval; documents ML/TF risk across transaction types and customer segments |
SAR filing — $5,000 threshold, red flag detection | Automated red flag detection generates alert signals feeding SAR workflows; un-editable audit logs document every detection decision |
Technical freeze/seize capability — OFAC sanctions screening | Real-time OFAC SDN and global consolidated sanctions screening — daily updates; flags sanctioned entities before transactions execute |
CIP — identity verification, PEP screening, enhanced due diligence | Automated KYC by name, DOB, address, citizenship; PEP screening; lowest false positive rate in the industry |
OFAC five-element sanctions compliance program | OFAC SDN + global consolidated lists + adverse media; risk-based controls in un-editable audit logs; up to 75% workload reduction |
Travel Rule — counterparty info for transfers ≥ $3,000 | Automated counterparty screening supports Travel Rule identification and transmission requirements |
Ongoing monitoring — secondary market activity | CCM automatically re-screens full portfolio; New Data Alert flags genuine changes; up to 75% workload reduction |
Recordkeeping — audit-ready evidence for enforcement | Un-editable audit logs — every decision timestamped and exportable as PDF or Excel on demand |
The Cost of Waiting
The reclassification of PPSIs as financial institutions under the Bank Secrecy Act is not a distant regulatory possibility. It is an unfolding legal reality with a firm enforcement date of January 18, 2027. For stablecoin issuers, the window to build compliant AML/CFT infrastructure is narrowing quickly. Meeting all five NPRM obligations simultaneously, from SAR filing and CIP to real-time sanctions screening and secondary market monitoring, demands a purpose-built compliance platform, not a patchwork of manual processes.
Sentinel Compliance Platform was designed precisely for this moment, delivering automated KYC, continuous portfolio monitoring, un-editable audit logs, and OFAC screening in a single integrated system with same-day go-live capability. In an environment of strict liability, where civil penalties can attach even without knowledge of a sanctions nexus, the cost of delayed or inadequate compliance infrastructure far outweighs the cost of getting it right from the start. For PPSIs navigating this new regulatory landscape, Sentinel is not simply a convenience. It is a cornerstone of a defensible, audit-ready compliance program.
▶ Request a Free Demo of the Sentinel Compliance Platform™
References
Financial Crimes Enforcement Network. (2026, April 8). Treasury proposes rule to implement GENIUS Act’s requirements to counter illicit finance [News release]. https://fincen.gov/news/news-releases/treasury-proposes-rule-implement-genius-acts-requirements-counter-illicit
Financial Crimes Enforcement Network & Office of Foreign Assets Control. (2026, April 8). Anti-money laundering and countering the financing of terrorism program requirements for permitted payment stablecoin issuers (Docket No. FINCEN-2026-0100, RIN 1506-AB73) [Notice of proposed rulemaking]. U.S. Department of the Treasury. https://fincen.gov/system/files/2026-04/PPSI-AMLCFT-NPRM.pdf
Generating Exceptional National Innovation for U.S. Stablecoins (GENIUS) Act, Pub. L. No. 119-27, 139 Stat. 419, 12 U.S.C. §§ 5901–5916 (2025).
U.S. Department of the Treasury. (2026, April 8). Treasury proposes rule to implement GENIUS Act’s requirements to counter illicit finance (Press Release sb0435). https://home.treasury.gov/news/press-releases/sb0435
U.S. General Services Administration. (n.d.). Federal docket FINCEN-2026-0100 [Public comment portal]. Regulations.gov. https://www.regulations.gov
