OFAC and FinCEN Issue Proposal to Implement AML/CFT in the GENIUS Act

The Financial Crimes Enforcement Network ("FinCEN") and the Office of Foreign Assets Control ("OFAC") issued a joint rule proposal to implement the GENIUS Act’s directive to treat permitted payment stablecoin issuers ("PPSIs") as financial institutions for purposes of AML/CFT compliance under the Bank Secrecy Act ("BSA"). 

The proposed rule would prevent overlapping regulatory confusion, by carving PPSIs out of the current definition of a Money Services Business ("MSB"), ensuring they are regulated specifically under the new framework rather than the existing MSB framework.

The rule would require PPSIs to establish, implement, and maintain a written, risk-based AML/CFT program approved by their board of directors or senior management. The program must include: policies to identify and mitigate illicit finance risks, directing resources toward higher-risk customers and activities; ongoing monitoring to develop customer risk profiles and the collection of beneficial ownership information ("BOI") for legal entity customers; the appointment of a U.S.-based AML/CFT officer who has no felony convictions related to financial fraud, money laundering, or cybercrime; independent program testing and an ongoing employee training program. 

OFAC would require PPSIs to maintain an effective, risk-based sanctions compliance program ("SCP") that applies to all payment stablecoin-related activity. The SCP must feature five minimum elements: senior management and organizational commitment; holistic, routine risk assessments; internal controls to identify, block, and reject prohibited transactions; independent testing and auditing; risk-based compliance training for all relevant personnel.

Further, PPSIs would have to possess the technical capabilities, policies, and procedures to block, freeze, and reject impermissible transactions that violate Federal or State laws, including U.S. sanctions. PPSIs would have to have the technological capability to comply with "lawful orders" issued by courts or agencies, which may require them to seize, freeze, or "burn" (permanently remove from circulation) specific stablecoins. These technical capabilities must apply to both primary market activities and secondary market transactions (e.g., transfers between third parties interacting with the issuer's smart contracts).

PPSIs would have to file Suspicious Activity Reports ("SARs") for suspicious transactions of $5,000 or more. However, FinCEN explicitly excluded secondary market transfers from this mandatory SARs reporting obligation. Voluntary reporting was protected by a safe harbor. PPSIs would have to file Currency Transaction Reports ("CTRs") for physical currency transactions exceeding $10,000. PPSIs would have to retain records for funds transfers of $3,000 or more and transmit specific information to other financial institutions participating in the transfer.