Bank Secrecy Act and Sanctions Compliance Standards for FDIC-Supervised Permitted Payment Stablecoin Issuers

Bank Secrecy Act and Sanctions Compliance Standards for FDIC-Supervised Permitted Payment Stablecoin Issuers

DATES:

Comments must be received by the FDIC no later than August 4, 2026.

SUPPLEMENTARY INFORMATION:

I. Policy Objectives

The FDIC is issuing this notice of proposed rulemaking (proposed rule) to implement appropriate BSA and sanctions compliance standards applicable to FDIC-supervised permitted payment stablecoin issuers (PPSIs) pursuant to the GENIUS Act (or the Act). ⁽¹⁾ The proposed rule aims to establish appropriate principles-based BSA and sanctions compliance requirements and standards that are tailored to the business model and risk profile of PPSIs and consistent with applicable law, which includes requirements promulgated by the United States Department of Treasury's Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC). The FDIC believes the proposed rule would establish supervisory expectations for PPSIs, help combat illicit finance risk, and continue to support the responsible growth and use of digital assets and related technologies in the banking sector. ⁽²⁾

II. Background and Authority

The GENIUS Act requires the FDIC, along with the other primary Federal payment stablecoin regulators  ⁽³⁾ and the Department of Treasury, to implement regulations to carry out the Act's requirements in establishing a Federal payment stablecoin regulatory framework for supervised entities. ⁽⁴⁾ The FDIC is the primary Federal payment stablecoin regulator of PPSIs that are subsidiaries of insured State nonmember banks and State savings associations that have been approved by the FDIC to issue payment stablecoins.

On April 10, 2026, the FDIC issued a notice of proposed rulemaking that would, among other things, establish a prudential framework pursuant to the GENIUS Act for FDIC-supervised PPSIs, including requirements related to reserve assets, redemption, capital, and risk management standards. ⁽⁵⁾ This proposed rule would implement additional GENIUS Act requirements for PPSIs, specifically BSA and sanctions compliance standards, as well as supervision and enforcement provisions for PPSI anti-money laundering/countering the financing of terrorism (AML/CFT) programs.

III. Description of the Proposed Rule

To implement the BSA and sanctions compliance standards required by the GENIUS Act, the proposed rule would amend part 350 of the FDIC Rules and Regulations. ⁽⁶⁾ First, the proposed rule would amend subpart A of part 350 to add a provision to address PPSI BSA and sanctions compliance standards. Second, the proposed rule would establish subpart C of part 350 to add supervision and enforcement provisions for PPSI AML/CFT programs.

A. PPSI BSA and Economic Sanctions Compliance Standards

Section 4(a)(4)(A)(iv) of the GENIUS Act (12 U.S.C. 5903(a)(4)(A)(iv)) provides that the FDIC must issue regulations implementing appropriate operational, compliance, and information technology risk management principles-based requirements and standards, including BSA and sanctions compliance standards, that are tailored to the business model and risk profile of PPSIs and consistent with applicable law.

Proposed § 350.6(d) would address compliance with BSA and sanctions standards, such that each PPSI would be required to comply with applicable regulations at 31 CFR Chapter V and 31 CFR Chapter X, including any AML/CFT program, economic sanctions program, and reporting requirements. On April 10, 2026, FinCEN and OFAC issued a separate proposed rule that would implement the GENIUS Act's directive to treat PPSIs as financial institutions under the BSA, as well as impose several obligations specifically required by the GENIUS Act. ⁽⁷⁾ The FinCEN and OFAC proposed rule would also implement the GENIUS Act's directive to require PPSIs to maintain effective economic sanctions compliance programs. FinCEN and the primary Federal payment stablecoin regulators are also issuing a joint notice of proposed rulemaking that would require PPSIs to maintain an effective customer identification program (CIP) as required by the GENIUS Act. Proposed § 350.6(d) would require a PPSI to comply with such CIP requirements.

The FDIC requests comment on the requirements contained in proposed § 350.6(d).

B. PPSI AML/CFT Supervision and Enforcement

The FDIC proposes to establish subpart C of part 350 to add supervision and enforcement provisions for PPSI AML/CFT programs. The provisions complement the FDIC's enforcement authorities under the GENIUS Act, section 8 of the Federal Deposit Insurance Act (FDI Act) (12 U.S.C. 1818), and other applicable law. The proposed rule defines key terms, describes the FDIC's enforcement and supervision approach with respect to AML/CFT program deficiencies, and establishes a consultation process between FinCEN and the FDIC relating to AML/CFT enforcement actions or significant AML/CFT supervisory actions.

1. Definitions (Proposed § 350.200)

Proposed § 350.200 would define several terms used throughout the section. The term "AML/CFT requirement" would mean a requirement of the Bank Secrecy Act (as that term is defined below) or of the regulations in title 31, chapter X applicable to PPSIs.

The term "AML/CFT enforcement action" would mean any formal or informal action taken by the FDIC under authority of 12 U.S.C. 5905, 12 U.S.C. 1818, or other applicable law that seeks to penalize, remedy, prevent, or respond to noncompliance with past or ongoing violations of, or past or ongoing deficiencies relating to, an AML/CFT requirement. The term includes a cease-and-desist order, written agreement, consent order, or memorandum of understanding, or the assessment of a civil money penalty. It does not include criminal enforcement.

The term "AML/CFT requirement" would mean a requirement provided under (i) the BSA or applicable regulations at 31 CFR chapter X; (ii) 12 U.S.C. 5903(a)(5)(A)(i)-(v), 12 U.S.C. 5903(a)(6)(B), or 12 U.S.C. 5903(f)(1); or (iii) 12 U.S.C. 1818(s) or this section.

The term "Bank Secrecy Act" would mean (i) section 21 of the FDI Act (12 U.S.C. 1829b); (ii) Chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951 et seq. ); and (iii) Subchapter II of chapter 53 of title 31, United States Code and notes thereto (31 U.S.C. 5311 et seq. ). This definition is consistent with the definition provided in section 2(2) of the GENIUS Act (12 U.S.C. 5901(2)).

The term "FinCEN" would mean the Financial Crimes Enforcement Network of the United States Department of the Treasury.

The term "significant AML/CFT supervisory action" would mean any written communication or other formal supervisory determination issued by the FDIC that identifies one or more alleged deficiencies, weaknesses, violations of law, or unsafe or unsound practices or conditions relating to an AML/CFT requirement; communicates supervisory expectations to a PPSI regarding actions or remedial measures required to correct the deficiency, weakness, violation, or practice or condition; and contemplates significant or programmatic actions or remedial measures to be taken by the PPSI. The term does not include examiner observations, suggestions, or other informal comments.

2. Enforcement and Supervision Policy (Proposed § 350.201)

The proposed rule would articulate the FDIC's enforcement and supervision policy as it relates to AML/CFT programs. Except with respect to a significant or systemic failure to implement an effective AML/CFT program in accordance with applicable regulations at 31 CFR Chapter X issued by FinCEN, a PPSI that has established an effective AML/CFT program would not be subject to an AML/CFT enforcement action or to a significant AML/CFT supervisory action based on the program requirements issued by FinCEN. At the same time, the proposed rule would clarify that nothing would restrict an AML/CFT enforcement action or a significant AML/CFT supervisory action with respect to a failure to establish an effective AML/CFT program. The FDIC's proposed enforcement and supervisory approach is not intended to affect criminal enforcement liability under the BSA.

3. FinCEN Consultation (Proposed § 350.202)

The proposed rule would establish a notice and consultation framework applicable when the FDIC intends to initiate an AML/CFT enforcement action or a significant AML/CFT supervisory action, as those terms are defined in the proposed rule. Under such a consultation framework, before initiating such actions, the FDIC would provide the Director of FinCEN with an opportunity to review the proposed action and would consider any input offered by the Director of FinCEN, which may include any view as to the effectiveness of the PPSI's AML/CFT program. To facilitate that review, the FDIC would be required to provide written notice to the FinCEN Director of the FDIC's intent to take the action at least 30 days in advance of the proposed action, unless a shorter period is necessary, at the sole discretion of the FDIC, to remedy, prevent, or respond to an unsafe or unsound practice or condition.

Such a notice would be accompanied by the relevant AML/CFT information underlying the proposed action. Relevant AML/CFT information may include, but is not limited to, relevant portions of a draft report of examination; relevant portions of a draft enforcement action; examination workpapers supporting the proposed action; and the relevant AML/CFT information submitted by the PPSI to the FDIC. The FDIC would not be obligated to provide information over which the PPSI may claim privilege under Federal or State law. The FDIC would also respond, to the extent reasonably practicable, to requests for additional AML/CFT information from the FinCEN Director regarding the proposed action. The FDIC seeks comments on such a proposed consultation framework.

4. Disclosure of Supervisory Information (Proposed § 350.203)

The FDIC has issued regulations that generally prohibit the disclosure of the FDIC's non-public information, except as provided under such regulations. ⁽⁸⁾ This prohibition generally applies to disclosure of any portion of a report of examination, supervisory correspondence, and any representations concerning such reports or supervisory correspondence, or their findings, including conclusions regarding compliance with AML/CFT compliance program requirements.

Consistent with the proposed rule's objective of enhancing FinCEN's role in the AML/CFT enforcement and supervisory process, the proposed rule would clarify that PPSIs may share any information with the FinCEN Director that relates to an existing or potential AML/CFT enforcement action or significant AML/CFT supervisory action. This proposed rule specifically provides that this authorization to share information includes information that would ordinarily be considered non-public information under the FDIC's rules. To qualify for this information sharing, the information at issue must have an appropriate nexus to an existing or potential AML/CFT enforcement action or significant AML/CFT supervisory action. The FDIC is proposing this clarification to ensure that PPSIs can share appropriate information with the FinCEN Director, including in the context of actions subject to the proposed consultation requirement. Otherwise, PPSIs may be unable to provide thorough information to the FinCEN Director, whether proactively or in response to the Director's requests. Given that under the proposed rule the FDIC would provide the relevant AML/CFT information directly to FinCEN, the FDIC proposes to continue to apply its current regulations and information-sharing agreements with FinCEN that govern the disclosure of non-public information as it has done in the past.

While the proposed rule intends to permit such sharing, the FDIC is proposing two alternative methods for permitting such information sharing with the FinCEN Director. Under the first approach, referred to as Option 1 in the proposed § 350.203, the FDIC would authorize the disclosure of covered information on the FDIC's behalf to the FinCEN Director and separately permit the FinCEN Director to use such information. This phrasing is intended to mirror the permissible scope of information sharing by the FDIC under 12 U.S.C. 1821(t), which provides that a "covered agency, in any capacity, shall not be deemed to have waived any privilege applicable to any information by transferring that information to or permitting that information to be used by" another Federal agency.

Under the alternative approach, referred to as Option 2 in proposed § 350.203, the FDIC would similarly authorize the disclosure of covered information on the FDIC's behalf, as well as similarly authorize the use of such information by the FinCEN Director. The FDIC, however, would expressly require that any such information shared on the FDIC's behalf be contemporaneously disclosed by the PPSI to the FDIC. While the FDIC will necessarily already have access to its own non-public information, this additional requirement is potentially more consistent with the retention of privilege contemplated under 12 U.S.C. 1821(t) and, therefore, potentially provides a greater safeguard against the unintended destruction of privilege. The FDIC also recognizes that PPSIs' willingness to share timely, thorough information with the FinCEN Director is essential to the success of the consultation framework; and requiring PPSIs to contemporaneously disclose to the FDIC the same non-public information they provide to FinCEN may discourage proactive reporting and thereby undermine the proposed rule's objective of enhancing FinCEN's role.

Importantly, both options outlined above permit only the FinCEN Director to use the FDIC's non-public information. This authorization to use the information does not include an authorization by the FDIC to further disclose the received non-public information. Any dissemination by a PPSI to a party other than the FinCEN Director or by the FinCEN Director to any party would be subject to the FDIC's rules governing disclosure of non-public information.

Regardless, the proposed rule would include additional clarifying text intended to preserve all applicable privileges. The destruction of privilege over non-public supervisory information could prove harmful both to the FDIC and the PPSI, so the additional language is intended to prevent such consequences.

The FDIC invites comment on these options for permitting greater information sharing with the FinCEN Director regarding existing or potential AML/CFT enforcement actions or significant AML/CFT supervisory actions, including possible alternative methods of accomplishing the proposed rule's objectives without unintentionally impeding applicable privileges.

5. Severability (Proposed § 350.204)

The FDIC is proposing to include a severability clause in proposed § 350.204, which would provide that the provisions of proposed part 350, subpart C are separate and severable from one another. In the event a court stays a particular provision of this rule or determines any provision is invalid, the FDIC intends that the remaining provisions shall continue in effect.

Questions on PPSI AML/CFT Supervision and Enforcement

The FDIC requests comment on the requirements contained in proposed part 350, subpart C, including the following:

Question 1: Should the FDIC further refine or clarify any of the concepts or definitions outlined in the proposed supervision and enforcement provisions?

Question 2: Do any aspects of the GENIUS Act framework with regards to supervision, examination, and enforcement need to be better accounted for with the inclusion of a consultation process when the FDIC intends to take an AML/CFT enforcement action or significant AML/CFT supervisory action? For example, should the definition of AML/CFT enforcement action and this framework account for suspension or revocation under section 6(b) of the GENIUS Act, (12 U.S.C. 5905(b)), based in whole or in part on AML/CFT deficiencies?

Question 3: Should the proposed consultation process include an asset threshold- e.g., consultation is required for any significant AML/CFT supervisory actions involving PPSIs with $10 billion or more in outstanding issuance value? In addition, or as an alternative, should the proposed rule not require but instead provide the option for PPSIs to request that the FDIC consult with FinCEN prior to initiating a significant AML/CFT supervisory action, if the PPSI is aware of a potential enforcement action?

Question 4: Notwithstanding the benefits of the proposed consultation described above, the proposal may result in additional review during an examination. How can the consultation process be streamlined and prevent logistical burdens for PPSIs or delays in exam report issuance?

Question 5: The FDIC invites comment on the two options for permitting greater information sharing with the FinCEN Director regarding AML/CFT enforcement actions or significant AML/CFT supervisory actions. In particular, would the disclosure of confidential supervisory information to FinCEN compromise attorney-client privilege, other applicable privileges, or otherwise undermine the preservation of privilege in 12 U.S.C. 1821(t)?

IV. Expected Effects

The proposed rule would implement BSA and sanctions compliance standards as required by the GENIUS Act, as well as establish supervision and enforcement provisions for PPSI AML/CFT programs. In accordance with OMB Circular A-4, ⁽⁹⁾ the FDIC estimates the economic impact of the proposed rule by comparing expected outcomes under the proposed rule to expected outcomes under a baseline absent the proposed rule. Under the baseline, it is assumed that all other rulemakings implementing the GENIUS Act with respect to FDIC-supervised PPSIs are enacted, ⁽¹⁰⁾ allowing the analysis to focus on the effects that would be specific to the proposed rule. For its analysis, the FDIC utilizes all other relevant laws and regulations in effect, as well as the financial and economic conditions of FDIC-supervised entities, ⁽¹¹⁾ as of September 30, 2025.

Overall, the proposed rule is expected to enhance the effectiveness, consistency, and supervisory clarity of BSA and sanctions compliance for PPSIs supervised by the FDIC, relative to the baseline. Given that all FDIC-supervised PPSIs would be subsidiaries of FDIC-supervised institutions, the proposed rule would not impose significant incremental regulatory burden beyond what parent institutions already incur.

A. Scope of Affected Entities

The entities that fall under the direct scope of the proposed rule are all FDIC-supervised PPSIs. As of the quarter ending September 30, 2025, the FDIC insures 4,388 insured depository institutions (IDIs), supervises 2,778 of these IDIs, ⁽¹²⁾ and supervises zero PPSIs.

The FDIC recognizes the significant uncertainty regarding estimates of the number of FDIC-supervised PPSIs under the proposed rule. Because the regulations governing the application and approval of FDIC-supervised PPSIs are currently under development and have not yet been finalized, ⁽¹³⁾ the FDIC lacks data on the number of entities that would ultimately fall under the scope of the proposed rule. Recognizing this uncertainty, without predicting the exact population of FDIC-supervised PPSIs, the FDIC estimates for the purposes of this analysis that between 5 and 30 FDIC-supervised IDIs would apply for and receive approval to issue payment stablecoins through FDIC-supervised PPSIs in the first few years after the effective date of the Act. The population of FDIC-supervised PPSIs under the proposed rule could be higher or lower depending on market demand, strategic operational choices of FDIC-supervised entities, and future developments in the digital asset landscape, among many other factors. By utilizing this range, the FDIC aims to establish an estimate that serves as the basis for analyzing the economic impact of the proposed rule, while acknowledging the inherent uncertainty resulting from a lack of historical precedent.

B. Expected Benefits

If finalized, the proposed rule is expected to provide several benefits to FDIC-supervised PPSIs, their customers, and the public. In particular, compliance with the GENIUS Act's illicit finance provisions, including those related to the BSA and sanctions compliance programs, would promote maintaining AML/CFT and sanctions compliance principles as the financial system integrates new payment technologies and reduces the frequency and severity of harm caused by sanctioned entities and criminal activity facilitated through a fragmented digital asset regulatory framework. Any reduction in money laundering or terrorist financing is a benefit to society given the nature of the illegal activities that AML/CFT programs are designed to prevent. While it is inherently difficult to estimate the annual reduction in crime generally-or financial crime specifically-that could result from more effective AML/CFT programs, even a very small percentage decrease could result in a meaningful benefit to society.

The proposed rule would generate additional qualitative benefits to FDIC-supervised PPSIs, the industry, and the general public from increased clarity and supervisory coherence, relative to the baseline. Importantly, the proposed rule would reduce regulatory fragmentation by harmonizing the BSA and sanctions requirements for FDIC-supervised PPSIs with the requirements for other FDIC-supervised institutions and other Federally regulated PPSIs. This harmony would facilitate group-wide compliance systems and improve examination efficiency. Additionally, the proposed rule would provide clarity regarding the FDIC's supervisory expectations and enforcement approaches with respect to AML/CFT program implementation deficiencies.

Overall, the proposed rule would reinforce the GENIUS Act's expectation that payment stablecoin issuance occur only under robust Federal oversight, and supports Treasury's parallel regulations establishing BSA, economic sanctions compliance, and CIP obligations for PPSIs.

C. Expected Costs

The FDIC recognizes the likelihood of significant variation in compliance costs across the estimated population of FDIC-supervised PPSIs under the proposed rule, given potential differences in size, structure, and internal processes. This variation also exists across FDIC-supervised IDIs. The FDIC expects that most, if not all, FDIC-supervised PPSIs would leverage their parent institutions' AML/CFT and sanctions compliance programs, including risk assessment methodologies, monitoring architectures, and governance structures. ⁽¹⁴⁾ As such, the expected incremental cost imposed by the proposed rule is expected to be relatively small for FDIC-supervised PPSIs.

Expected operational costs can be incurred during the development and maintenance of PPSI-specific risk assessments, policies, procedures, controls, and technological infrastructures, including capabilities to block, freeze, or reject transactions in accordance with lawful orders and applicable sanctions law. Some PPSIs may incur additional costs to integrate monitoring of distributed-ledger-based activities into existing enterprise systems and to train staff responsible for payment stablecoin-related operations.

For purposes of fulfilling the requirements of the Paperwork Reduction Act (as that term is defined below), the FDIC has estimated the average costs associated with the recordkeeping, reporting, and disclosure requirements in the proposed rule. ⁽¹⁵⁾ While these costs only represent a portion of the total compliance costs imposed by the proposed rule, these expenses can help estimate a minimum level of the expected costs incurred by the affected populations. As discussed in more detail in section VI.B, the FDIC estimates that ten FDIC-supervised PPSIs  ⁽¹⁶⁾ would incur an average of 40 hours of burden in their first year to implement the recordkeeping, reporting, and disclosure systems required to comply with the proposed rule. At an estimated hourly labor compensation rate of $112.31, ⁽¹⁷⁾ the total estimated cost for FDIC-supervised PPSIs to implement these systems would be approximately $45 thousand. As a conservative estimate, if 30 FDIC-supervised PPSIs were approved in a single year, this one-time cost would rise to approximately $135 thousand. For ongoing costs, each FDIC-supervised PPSI is expected to incur, on average, approximately 10 hours of annual burden to comply with the proposed recordkeeping, reporting, and disclosure requirements. At an estimated hourly labor compensation rate of $112.31, as described above, the estimated total annual ongoing cost to FDIC-supervised PPSIs would be approximately $34 thousand per year under the upper-bound assumption that 30 FDIC-supervised PPSIs would be approved under the proposed rule.

The FDIC recognizes that seeking PPSI status and issuing payment stablecoins would be, nonetheless, a voluntary, market driven activity resulting from the strategic decisions to engage in the payment stablecoin market. Therefore, an FDIC-supervised IDI would generally only engage in these activities if the projected revenue generated through, for example, transaction-based fees and/or enhanced customer retention, were expected to outweigh the aggregate operating and compliance costs associated with those activities.

Overall, the FDIC expects that the proposed rule will promote financial integrity, enhance the ability of law enforcement to detect and deter illicit activity involving payment stablecoins, and advance the GENIUS Act's policy objectives, while imposing compliance costs that are modest and consistent with the risk profile and operational characteristics of PPSIs. As such, the expected benefits of the proposed rule justify its expected costs.

The FDIC invites comments on all aspects of the supporting information provided in the Impact Analysis section. The FDIC is particularly interested in comments on any material economic effects that the agency has not identified.

V. Alternatives Considered

The FDIC is proposing to amend its regulations to implement certain provisions of the GENIUS Act. Because the amendments are statutorily mandated, the FDIC has not considered a "no action" alternative. Although the FDIC has not developed any alternative proposals, beyond the options outlined in proposed § 350.203, the FDIC will consider any alternative regulatory approaches raised by commenters, especially any that are directly responsive to the questions for commenters set forth above.

VI. Regulatory Analysis

A. Regulatory Flexibility Act

The Regulatory Flexibility Act (RFA) generally requires an agency, in connection with a proposed rule, to prepare and make available for public comment an initial regulatory flexibility analysis that describes the impact of the proposed rule on small entities. ⁽¹⁸⁾ However, an initial regulatory flexibility analysis is not required if the agency certifies that the proposed rule would not, if promulgated, have a significant economic impact on a substantial number of small entities. The Small Business Administration (SBA) has defined "small entities" to include banking organizations with total assets of less than or equal to $850 million. ¹⁹ As detailed in the following statement of factual basis, the FDIC certifies that the proposed rule would not, if promulgated, have a significant economic impact on a substantial number of small entities.

Generally, the FDIC considers a significant economic impact to be a quantified effect in excess of 5 percent of total annual salaries and benefits or 2.5 percent of total noninterest expenses. To estimate the economic impact of the proposed rule on each small entity, the FDIC compares expected outcomes under the proposed rule to expected outcomes under a baseline absent the proposed rule. As noted in section IV, the FDIC assumes, under the baseline, that all other rulemakings implementing the GENIUS Act with respect to FDIC-supervised PPSIs are enacted. This assumption allows the analysis to focus on the effects specific to the proposed rule.

As previously discussed, the proposed rule would apply to all FDIC-supervised PPSIs. As of the quarter ending September 30, 2025, the FDIC insures 4,388 depository institutions, of which 3,062 are small, and supervises 2,778 IDIs, of which 2,064 are considered small for the purposes of RFA. ⁽²⁰⁾

As discussed in section IV.A, the FDIC estimates that the number of FDIC-supervised PPSIs would likely range between 5 and 30 in the first few years after the enactment of the proposed rule. Because an FDIC-supervised PPSI must be a subsidiary of an IDI, the FDIC expects that the initial adopters of this technology will likely be larger institutions with the compliance infrastructure and capital necessary to support payment stablecoin issuance. As such, the FDIC anticipates that most, if not all, FDIC-supervised PPSIs would not be small entities as defined by the SBA.

As discussed in section IV.C, the FDIC expects most, if not all, FDIC-supervised PPSIs would leverage their parent institutions' AML/CFT and sanctions compliance programs. As such, if there were a small FDIC-supervised PPSI, the direct impact of the proposed rule on this PPSI would unlikely be significant.

Based on the preceding statement of factual basis, the FDIC certifies that the proposed rule will not, if promulgated, have a significant economic impact on a substantial number of small entities. Accordingly, an initial regulatory flexibility analysis is not required. ⁽²¹⁾

The FDIC invites comments on all aspects of the supporting information provided in this RFA section. The FDIC is particularly interested in comments on any significant effects on small entities that the FDIC has not identified.

B. Paperwork Reduction Act

This notice of proposed rulemaking has been reviewed for compliance with the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq. ). In accordance with the PRA, the FDIC may not conduct or sponsor, and an organization is not required to respond to, an information collection unless the information collection displays a currently valid Office of Management and Budget (OMB) control number. The FDIC has reviewed the notice of proposed rulemaking and determined that it would introduce new information collection requirements pursuant to the PRA. The FDIC is seeking a new control number for these information collection requirements and will submit them to OMB for review and approval.

Proposed Information Collection

Title: AML/CFT and Sanctions Requirements for FDIC-Supervised Permitted Payment Stablecoin Issuers.

OMB Control No.: 3064-NEW.

Type of Review: Regular.

Affected Public: Businesses or other for-profit.

Description: Section 350.6(d) would require PPSIs to establish and maintain AML/CFT and sanctions programs.

Comments are invited on:

(a) Whether the collection of information is necessary for the proper performance of the FDIC's functions, including whether the information has practical utility;

(b) The accuracy of the estimate of the burden of the information collection, including the validity of the methodology and assumptions used;

(c) Ways to enhance the quality, utility, and clarity of the information to be collected; and

(d) Ways to minimize the burden of the information collection on respondents, including through the use of automated collection techniques or other forms of information technology.

All comments will become a matter of public record. Comments on aspects of this document that may affect reporting, recordkeeping, or disclosure requirements and burden estimates should be sent to the address listed in the ADDRESSES section of this document. Written comments and recommendations for this information collection also should be sent within 60 days of publication of this document to www.reginfo.gov/public/do/PRAMain . Find this particular information collection by selecting "Currently under 60-day Review-Open for Public Comments" or by using the search function.

C. Riegle Community Development and Regulatory Improvement Act

Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act of 1994 (RCDRIA), ⁽²²⁾ in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on IDIs, each Federal banking agency must consider, consistent with principles of safety and soundness and the public interest, any administrative burdens that such regulations would place on affected depository institutions, including small depository institutions, and customers of depository institutions, as well as the benefits of such regulations. In addition, section 302(b) of the RCDRIA requires new regulations and amendments to regulations that impose additional reporting, disclosures, or other new requirements on IDIs generally to take effect on the first day of a calendar quarter that begins on or after the date on which the regulations are published in final form. The FDIC invites comments that further will inform its consideration of the RCDRIA. ⁽²³⁾

D. Plain Language

Section 722 of the Gramm-Leach-Bliley Act  ⁽²⁴⁾ requires the Federal banking agencies to use plain language in all proposed and final rulemakings published in the Federal Register after January 1, 2000. The FDIC invites your comments on how to make this proposed rule easier to understand. For example:

• Has the FDIC organized the material to suit your needs? If not, how could the proposed rule be more clearly stated?
• Are the requirements in the proposed rule clearly stated? If not, how could the proposed rule be more clearly stated?
• Does the proposed rule contain language or jargon that is not clear? If so, which language requires clarification?
• Would a different format (grouping and order of sections, use of headings, paragraphing) make the proposed rule easier to understand? If so, what changes to the format would make the proposed rule easier to understand?
• What else could the FDIC do to make the proposed rule easier to understand?

E. Executive Orders 12866 and 14192

Executive Order 12866, as amended, directs agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits. This proposed rule was drafted and reviewed in accordance with Executive Order 12866. Within OMB, the Office of Information and Regulatory Affairs (OIRA) has determined that this rulemaking is a "significant regulatory action" under section 3(f) of Executive Order 12866. Accordingly, the draft rule was submitted to OIRA for review. As noted in other sections of the SUPPLEMENTARY INFORMATION of this document, the FDIC has assessed the costs and benefits of this rulemaking and has made a reasoned determination that the benefits of this rulemaking justify its costs.

Executive Order 14192, titled "Unleashing Prosperity Through Deregulation," was issued on January 31, 2025. Section 3(a) of Executive Order 14192 requires an agency, unless prohibited by law, to identify at least ten existing regulations to be repealed when the agency publicly proposes for notice and comment or otherwise promulgates a new regulation. In furtherance of this standard, section 3(c) of Executive Order 14192 requires that the new incremental costs associated with new regulations shall, to the extent permitted by law, be offset by the elimination of existing costs associated with at least ten prior regulations. This proposed rule, if finalized as proposed, is not expected to be a regulatory action under Executive Order 14192.

Authority and Issuance

For the reasons stated in the preamble, the Federal Deposit Insurance Corporation proposes to amend 12 CFR part 350 as follows:

PART 350-PAYMENT STABLECOIN

* * * * *

(d) Bank Secrecy Act and economic sanctions compliance requirements and standards. To ensure compliance with Bank Secrecy Act and economic sanctions requirements, each permitted payment stablecoin issuer shall comply with the Bank Secrecy Act, sections 4(a)(5) and 4(a)(6)(B) of the GENIUS Act (12 U.S.C. 5903(a)(5) and (6)(B)), and applicable regulations at 31 CFR chapter V and 31 CFR chapter X, including any Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) program, economic sanctions compliance program, and reporting requirements.

* * * * *

Subpart C-Permitted Payment Stablecoin Issuer AML/CFT Enforcement and Supervision

Subpart C-Permitted Payment Stablecoin Issuer AML/CFT Enforcement and Supervision

For purposes of this subpart:

(a) AML/CFT enforcement action means any formal or informal action taken under authority of 12 U.S.C. 5905, 12 U.S.C. 1818, or other applicable law, that seeks to penalize, remedy, prevent, or respond to noncompliance with past or ongoing violations of, or past or ongoing deficiencies relating to, an AML/CFT requirement. The term includes-

(1) A cease-and-desist order, written agreement, consent order, or memorandum of understanding; or

(2) The assessment of a civil money penalty.

(b) AML/CFT requirement means a requirement provided under:

(1) the Bank Secrecy Act or applicable regulations at 31 CFR chapter X;

(2) 12 U.S.C. 5903(a)(5)(A)(i)-(v), 12 U.S.C. 5903(a)(6)(B), or 12 U.S.C. 5903(f)(1); or

(3) 12 U.S.C. 1818(s) or this section.

(c) Bank Secrecy Act means:

(1) Section 21 of the Federal Deposit Insurance Act (12 U.S.C. 1829b);

(2) Chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951 et seq. ); and

(3) Subchapter II of chapter 53 of title 31, United States Code and notes thereto (31 U.S.C. 5311 et seq. ).

(d) FinCEN means the Financial Crimes Enforcement Network of the United States Department of the Treasury.

(e) Significant AML/CFT supervisory action means any written communication or other formal supervisory determination:

(1) That

(i) Identifies one or more alleged deficiencies, weaknesses, violations of law, or unsafe or unsound practices or conditions relating to an AML/CFT requirement;

(ii) Communicates supervisory expectations to a permitted payment stablecoin issuer regarding actions or remedial measures required to correct the deficiency, weakness, violation, or practice or condition; and

(iii) Contemplates significant or programmatic actions or remedial measures to be taken by the permitted payment stablecoin issuer.

(2) The term does not include examiner observations, suggestions, or other informal comments.

(a) In General. Except with respect to a significant or systemic failure to implement an effective AML/CFT program in accordance with applicable regulations at 31 CFR Chapter X, an FDIC-supervised permitted payment stablecoin issuer that has established an effective AML/CFT program in accordance with applicable regulations at 31 CFR Chapter X will not be subject to an AML/CFT enforcement action or to a significant AML/CFT supervisory action related to the requirements of 31 U.S.C. 5318(h)(1), this section, or applicable regulations at 31 CFR Chapter X.

(b) Program establishment violations. Nothing in this subpart C may be construed to restrict an AML/CFT enforcement action or a significant AML/CFT supervisory action with respect to any failure to establish an effective AML/CFT program in accordance with applicable regulations at 31 Chapter X.

(c) Criminal Enforcement Unaffected. Nothing in this subpart may be construed to affect criminal enforcement liability under the Bank Secrecy Act.

(a) Consultation and consideration requirement. Before initiating an AML/CFT enforcement action or a significant AML/CFT supervisory action, the FDIC will provide the Director, FinCEN an opportunity to review the action and the FDIC will consider any input offered by the Director, FinCEN on the action, which may include any view as to the effectiveness of the permitted payment stablecoin issuer's AML/CFT program.

(b) Notice requirement. To provide the Director, FinCEN an opportunity to provide a view under § 350.202(a), the FDIC will:

(1) Send written notice to the Director, FinCEN of its intent to take an action at least 30 days before taking the action (unless a shorter period of time is necessary, in the sole discretion of the FDIC, to remedy, prevent, or respond to an unsafe or unsound practice or condition), accompanied by the relevant AML/CFT information underlying the proposed action, including the relevant portions of the draft report or enforcement action, the relevant examination workpapers supporting the proposed action, and the relevant AML/CFT information submitted by permitted payment stablecoin issuer to the FDIC, other than information over which the permitted payment stablecoin issuer may claim privilege under Federal or State law; and

(2) Respond to the extent reasonably practicable to requests for additional information from the Director, FinCEN regarding the proposed action.

[OPTION 1 FOR PARAGRAPH (§ 350.203):]

The FDIC permits a permitted payment stablecoin issuer subject to FDIC jurisdiction, on behalf of FDIC, to disclose to the Director, FinCEN, and permits the Director, FinCEN to use any information of the permitted payment stablecoin issuer relating to an existing or potential AML/CFT enforcement action or significant AML/CFT supervisory action to which the permitted payment stablecoin issuer has access.

[OPTION 2 FOR PARAGRAPH (§ 350.203):]

(a) The FDIC permits a permitted payment stablecoin issuer subject to FDIC jurisdiction, on behalf of the FDIC, to disclose to the Director, FinCEN, and permits the Director, FinCEN to use any information relating to an existing or potential AML/CFT enforcement action or significant AML/CFT supervisory action to which the permitted payment stablecoin issuer has access upon the contemporaneous disclosure of such information to the FDIC.

(b) A permitted payment stablecoin issuer's disclosure of information to the Director, FinCEN under § 350.203 does not waive, invalidate, destroy, or otherwise affect any privilege or protection available under Federal or State law, including the attorney-client privilege, the work-product doctrine, the bank-examination privilege, or any other confidentiality or evidentiary privilege.

(c) Any disclosure made by a permitted payment stablecoin issuer under § 350.203 is made on behalf of the FDIC pursuant to the FDIC's authorization under 12 U.S.C. 1821(t).

The provisions of this subpart are separate and severable from one another. If any provision is stayed or determined to be invalid, it is the FDIC's intention that the remaining provisions shall continue in effect.

[FR Doc. 2026-11342 Filed 6-4-26; 8:45 am]

BILLING CODE 6714-01-P

⁽¹⁾  Public Law 119-27, 139 Stat. 419 (codified at 12 U.S.C. 5901-5916).

⁽²⁾ See Executive Order 14178, Strengthening American Leadership in Digital Financial Technology, 90 FR 8647 (Jan. 31, 2025).

⁽³⁾  The primary Federal payment stablecoin regulators are the FDIC, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (FRB), and the National Credit Union Administration (NCUA). See 12 U.S.C. 5901(25).

⁽⁴⁾ See 12 U.S.C. 5913. In developing this proposed rule, the FDIC, as required by section 13 of the GENIUS Act, 12 U.S.C. 5913, coordinated with fellow regulators, as appropriate. The GENIUS Act will become effective on January 18, 2027, or 120 days after the date on which the primary Federal payment stablecoin regulators issue any final regulations implementing the Act, if earlier. See 12 U.S.C. 5901 note.

⁽⁵⁾  91 FR 18534 (Apr. 10, 2026). In December 2025, the FDIC issued a notice of proposed rulemaking under section 5 of the GENIUS Act that would establish application procedures for insured State nonmember banks and State savings associations to request approval to issue payment stablecoins through a subsidiary. 90 FR 59409 (Dec. 19, 2025).

⁽⁶⁾  This proposed rule would supplement the requirements included in the FDIC's proposed rulemaking to implement requirements for PPSIs under the GENIUS Act. See 91 FR 91 FR 18534 (Apr. 10, 2026) (proposing to amend part 350 of the FDIC's Rules and Regulations).

⁽⁷⁾  91 FR 18582 (Apr. 10, 2026).

⁽⁸⁾  12 CFR 309.6.

⁽⁹⁾ See OMB Circular A-4 at https://www.reginfo.gov/public/jsp/E.O./fedRegReview/CircularA4.pdf .

⁽¹⁰⁾  These include Approval Requirements for Issuance of Payment Stablecoins by Subsidiaries of FDIC-Supervised Insured Depository Institutions, 90 FR 59409 (December 19, 2025), GENIUS Act Requirements and Standards for FDIC-Supervised Permitted Payment Stablecoin Issuers and Insured Depository Institutions, 91 FR 18534 (April 10, 2026), Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions Compliance Program Requirements, 91 FR 18582 (April 10, 2026).), Anti-Money Laundering and Countering the Financing of Terrorism Programs, 91 FR 18704 (April 10, 2026), and Anti-Money Laundering and Countering the Financing of Terrorism Programs 91 FR 18304 (April 10, 2026). While the last two proposed rulemakings would not directly regulate FDIC-supervised PPSIs, the proposed requirements on the parent IDIs would likely change the expected baseline practices of FDIC-supervised PPSIs.

⁽¹¹⁾  Including insured State nonmember banks, insured State-licensed branches of foreign banks, and insured State savings associations.

⁽¹²⁾  Federal Financial Institutions Examination Council Reports of Condition and Income (Call Reports), September 30, 2025.

⁽¹³⁾  The FDIC has issued a notice of proposed rulemaking regarding the application process for FDIC-supervised institutions, Approval Requirements for Issuance of Payment Stablecoins by Subsidiaries of FDIC-Supervised Insured Depository Institutions, 90 FR 59409 (Dec. 19, 2025).

⁽¹⁴⁾  In addition, the analysis assumes that FinCEN's and OFAC's proposed rule would be finalized under the baseline. Since FinCEN's and OFAC's proposed rule would treat PPSIs as financial institutions under the BSA and require PPSIs to maintain effective economic sanctions compliance programs, its finalization would reduce the incremental cost imposed by the proposed rule. See Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions Compliance Program Requirements, 91 FR 18582 (April 10, 2026).

⁽¹⁵⁾  These requirements are described fully in section VI.B.

⁽¹⁶⁾  The FDIC estimates that none of these PPSIs would be small for purposes of the Regulatory Flexibility Act.

⁽¹⁷⁾  Bureau of Labor Statistics: National Industry-Specific Occupational Employment and Wage Estimates: Industry: Credit Intermediation and Related Activities (5221 and 5223 only) (May 2024); Employer Cost of Employee Compensation (March 2024); and Employment Cost Index (March 2024 and September 2025). For the implementation burden associated with the proposed rule, the FDIC estimated the following labor allocation for entities complying with these requirements: Executives and Managers (11-0000): 20 percent; Lawyers (23-0000): 45 percent; Compliance Officers (13-1040): 25 percent; and IT specialists (15-0000): 10 percent. For the ongoing reporting burden associated with the proposed rule, the FDIC estimated the following labor allocation: Executives and Managers: 20 percent; Lawyers: 10 percent; Compliance Officers: 50 percent; IT specialists: 10 percent; Financial Analysts (13-2051) and Clerical workers (43-0000): 5 percent each. For the ongoing recordkeeping burden associated with the proposed rule, the FDIC estimated the following labor allocation: Executives and Managers: 15 percent; Lawyers: 5 percent; Compliance Officers: 50 percent; IT specialists: 10 percent; Financial Analysts: 15 percent; and Clerical workers: 5 percent. For the ongoing disclosure burden associated with the proposed rule, the FDIC estimated the following labor allocation: Executives and Managers: 15 percent; Lawyers: 10 percent; Compliance Officers: 50 percent; IT specialists: 10 percent; Financial Analysts: 10 percent; and Clerical workers: 5 percent.

⁽¹⁸⁾  5 U.S.C. 601 et seq.

⁽¹⁹⁾  The SBA defines a small banking organization as having $850 million or less in assets and determines an organization's assets by averaging the assets reported on its four quarterly financial statements for the preceding year. See 13 CFR 121.201 (as amended by 87 FR 69118, effective December 19, 2022). Following these regulations, the FDIC uses an FDIC-supervised institution's affiliated and acquired assets, averaged over the preceding four quarters, to determine whether the FDIC-supervised institution is "small" for the purposes of the RFA.

⁽²⁰⁾  Call Reports, September 30, 2025.

⁽²¹⁾  5 U.S.C. 605(b).

⁽²²⁾  12 U.S.C. 4802(a).

⁽²³⁾  12 U.S.C. 4802(b).

⁽²⁴⁾  12 U.S.C. 4809.