US Regulators Move to Apply Bank-Style KYC Rules to Stablecoin Issuers

US financial regulators have released a proposal that would require stablecoin issuers to adopt customer identification practices similar to those used by banks under the Bank Secrecy Act (BSA), tightening expectations around onboarding, account access, record retention, and sanctions- and terrorism-related screening. The initiative is framed as part of the implementation of the GENIUS Act, a stablecoin-focused law enacted in July 2025. The proposal will be open for public comment for 60 days after it is formally filed in the Federal Register. Agencies behind the proposal include the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve, the Office of the Comptroller of the Currency (OCC), the National Credit Union Administration (NCUA), and the US Treasury's Financial Crimes Enforcement Network (FinCEN). In the notice, they propose treating stablecoin issuers as regulated financial institutions for purposes of verifying customer identity. The GENIUS Act is expected to take effect 18 months after enactment, or 120 days after federal authorities finalize implementing regulations, depending on the timing of the rulemaking process. Regulators describe the customer identification rule as a way to meet Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) requirements under GENIUS. Under the BSA baseline cited by regulators, covered institutions are generally expected to verify the identity of a person seeking to open an account, retain identity information, and apply risk-based determinations, including whether the person may be linked to terrorism or terrorist organizations. For stablecoin issuers, mapping these standards to token-based distribution models raises practical questions, including how to define "customer" and "account" in different business structures, and how to govern identity-data retention, access controls, and audit trails. The proposal also brings into focus operational accountability: which party performs verification (the issuer versus intermediaries), what constitutes sufficient information to "verify" identity, and how records are documented and preserved to support supervisory exams and investigations. While many stablecoin providers and partners already operate onboarding and monitoring programs, the rule would more explicitly anchor identity verification within the same supervisory logic applied to traditional BSA-covered institutions. The customer identification proposal arrives alongside other GENIUS-related activity. Treasury has previously floated GENIUS proposals aimed at illicit-finance risks involving stablecoins. The FDIC has also signaled views on how deposit insurance could apply in limited cases to certain corporate deposits of stablecoin issuers, while not automatically extending that protection to holders. That distinction underscores regulators' broader effort to define how stablecoin activity fits into consumer protection and prudential frameworks. Beyond GENIUS, broader US crypto legislation remains unsettled. The Digital Asset Market Clarity (CLARITY) Act, which would reshape agency roles and enforcement in digital assets, still lacks a firm timeline. Reports suggest some market participants expect movement by the August recess, though political objections remain, including Democratic concerns about potential conflicts of interest involving lawmakers and elected officials. For regulated firms, the takeaway is that GENIUS-specific requirements for stablecoins are advancing even as wider crypto oversight remains in flux. Stablecoin issuers and their compliance teams may need to plan for incremental updates as agencies finalize rules, issue guidance, and Congress debates broader frameworks.