FDIC Proposes AML and Sanctions Rules for Stablecoin Issuers

The FDIC is tightening the screws on stablecoin issuers, proposing anti-money laundering and sanctions rules that would pull regulated issuers squarely into the banking compliance machine. For more context, the push is laid out in Stablecoin Regulation: FDIC Announces New Proposed AML Rules For Issuers.

• FDIC proposes AML and sanctions rules for supervised stablecoin issuers
• PPSIs would be treated as financial institutions under the Bank Secrecy Act
• Customer ID, suspicious activity reporting, and on-chain screening would be required
• FinCEN and OFAC oversight would be more tightly linked
• Only 5 to 30 issuers may seek approval early on

The Federal Deposit Insurance Corporation has issued a notice of proposed rulemaking that would extend Bank Secrecy Act and economic sanctions compliance standards to FDIC-supervised Permitted Payment Stablecoin Issuers, or PPSIs. In plain English: if a stablecoin issuer wants to operate under the GENIUS Act framework and sit in the regulated payments lane, it will have to look and act like a real financial institution, not a crypto cowboy with a glossy whitepaper and a prayer.

The proposal would formally classify PPSIs as financial institutions under the Bank Secrecy Act (BSA), the main U.S. anti-money laundering law. That means stablecoin issuers would need formal AML/CFT programs, where AML/CFT stands for anti-money laundering and countering the financing of terrorism. They’d also need internal controls, a designated compliance officer, staff training, independent testing, customer identification, suspicious activity reporting, and on-chain transaction screening capabilities.

That last bit matters more than it may sound. On-chain transaction screening means checking blockchain transfers for links to sanctioned wallets, mixers, ransomware proceeds, or other red flags. In other words, regulators don’t just want to know who issued the stablecoin — they want to know where it moves, who touches it, and whether it’s being used to dodge sanctions or wash dirty money through digital rails.

The FDIC’s move also pulls stablecoin oversight closer to the Treasury Department’s enforcement machinery. The proposal aligns issuers with FinCEN, the Financial Crimes Enforcement Network, which implements and enforces BSA rules, and OFAC, the Office of Foreign Assets Control, which handles sanctions compliance. If that sounds familiar, it should: this is the same basic framework banks already live under. Stablecoins may be faster than bank wires and more programmable than debit cards, but regulators clearly don’t want them to enjoy some magical exemption from financial crime laws.

“extend Bank Secrecy Act (BSA) and economic sanctions compliance standards to FDIC-supervised Permitted Payment Stablecoin Issuers (PPSIs)”

“formally be classified as financial institutions under the BSA”

“including internal controls, a designated compliance officer, staff training, independent testing, customer identification, suspicious activity reporting, and on-chain transaction screening capabilities”

This proposal follows the FDIC’s earlier April 2026 push on prudential standards for PPSIs, which focused on reserve assets, redemption, capital, and risk management. Prudential standards are the boring but essential guardrails that decide whether an issuer can actually stay solvent and redeem stablecoins at par. Reserve assets are the assets backing the token, redemption is the ability to cash out 1:1, capital is the issuer’s own financial buffer, and risk management is the part where everyone hopes the people in charge aren’t just winging it.

Together, the two proposals form a pretty complete regulatory shell around federally supervised stablecoin issuance. One side is about whether the issuer can safely back the token. The other is about whether it can stop becoming a sanctions workaround, an AML nightmare, or a compliance black hole with a blockchain logo.

There is at least a carrot tucked inside the stick. The FDIC says strong AML/CFT programs should generally shield PPSIs from enforcement exposure unless there is a “significant or systemic failure.” That’s an important signal. Regulators are not demanding perfection, but they are making it clear that serious breakdowns, weak controls, or lazy sanctions checks won’t be waved away as “growing pains.” If a firm builds a proper compliance framework and actually uses it, it should not be living under constant threat of getting its kneecaps broken by enforcement. If it doesn’t, all bets are off.

The proposal would also require the FDIC to notify the FinCEN director at least 30 days before formal enforcement or a major supervisory action involving a PPSI AML/CFT program. That detail suggests stablecoin compliance is being folded more tightly into the broader federal anti-financial-crime system, not treated as a one-off crypto issue. The message is blunt: stablecoin issuers are being brought into the same oversight grid as traditional financial institutions, and the old “we’re just code” defense is not going to buy much sympathy.

The comment period is expected to run until June 9, 2026, with a final rule likely later in the year. That gives banks, stablecoin issuers, compliance firms, and crypto lobbyists a window to push back, suggest edits, or simply prepare for the reality that the sandbox is getting fenced in. For some projects, that’s a good thing. For others, it’s the end of the free-for-all.

The FDIC estimates that only 5 to 30 supervised PPSIs may seek approval in the first few years. That is not exactly a stampede. It suggests the initial group of issuers will be small, selective, and likely dominated by firms that already have the plumbing to survive bank-grade compliance. The agency also expects many issuers to use existing AML systems from parent institutions, keeping incremental compliance costs modest. As the proposal puts it, “most would leverage existing AML infrastructure from their parent institutions, keeping incremental compliance costs modest.”

That’s sensible on paper. If a stablecoin issuer already sits inside a bank or savings association, there’s no reason to reinvent the wheel. Reusing existing compliance systems can reduce duplication and make oversight cleaner. But there’s a catch, and it’s the same catch that shows up whenever crypto gets absorbed by traditional finance: the players most likely to get approved are the ones that already look a lot like the legacy system. The rebel tech starts out promising to replace the gatekeepers, then ends up asking them for a license.

For users, the upside is obvious. Better AML and sanctions controls could reduce the odds that stablecoins become a favored tool for laundering, sanctions evasion, or illicit finance. That matters because stablecoins are no longer a niche trading toy. They’re used for payments, treasury management, remittances, exchange settlement, and on-chain liquidity. When a token starts functioning like money, regulators tend to treat it like money. Shocking, really.

The downside is just as obvious. More compliance usually means more surveillance, more friction, more paperwork, and a higher bar for smaller firms trying to compete. On-chain transaction screening can create false positives. Customer identification can add delays. Independent testing and reporting obligations cost money. And the bigger the compliance burden, the more likely it is that large incumbents, especially banks and major fintechs, will dominate while scrappier issuers get choked out. That may make the sector safer, but it also risks turning stablecoins into just another heavily monitored payment product with a blockchain skin graft.

There’s also the privacy question, which regulators rarely seem eager to discuss unless they’re using the word “transparency” as a threat. A stablecoin system built around customer identification and transaction screening is not permissionless in the way many crypto users imagined. It may still be fast, global, and programmable, but it will also be watched. For people who care about financial privacy, that’s a real tradeoff, not a footnote.

Stablecoin regulation in the U.S. is clearly moving away from vague posturing and toward concrete rulemaking. That’s not necessarily bad. Clear rules can reduce uncertainty, invite institutional adoption, and make it easier for legitimate businesses to build on stablecoin rails. But clarity is not the same thing as freedom. If the end result is a system where only highly supervised issuers can operate, and every transfer gets filtered through layers of compliance tooling, then the “decentralized future of money” starts looking a lot like the old financial system wearing a digital mask.

• What is the FDIC proposing?
  The FDIC is proposing AML and sanctions-compliance rules for FDIC-supervised stablecoin issuers under the GENIUS Act framework.
• Who would the rules apply to?
  They would apply to Permitted Payment Stablecoin Issuers, or PPSIs, that are supervised by the FDIC.
• What compliance measures would be required?
  Issuers would need AML/CFT programs, sanctions controls, customer identification, suspicious activity reporting, and on-chain transaction screening.
• Why does on-chain screening matter?
  It helps issuers flag transfers tied to sanctioned wallets, mixers, ransomware, and other suspicious activity on blockchain networks.
• Will this make stablecoins safer?
  Probably safer from an illicit-finance and sanctions perspective, yes. It does not automatically make them more private or more decentralized.
• Could this hurt innovation?
  Yes. Heavy compliance can protect users and improve legitimacy, but it can also squeeze out smaller issuers and strengthen incumbents.
• How many issuers might actually use this framework?
  The FDIC estimates about 5 to 30 supervised PPSIs in the first few years.
• What is the bigger trend here?
  Stablecoin issuers are being pulled into the existing U.S. financial surveillance and compliance system rather than left outside it.

That’s the real story here: stablecoins are no longer being treated like a crypto experiment on the sidelines. They’re being folded into banking supervision, AML enforcement, and sanctions compliance, one rule at a time. Whether that ends up strengthening the sector or sanding off its rebellious edge will depend on how much room regulators leave for competition, privacy, and actual decentralization — the parts that matter if crypto is supposed to be more than dollar tokens with a blockchain sticker slapped on top.