Stablecoins have moved far beyond exchange liquidity and trading pairs.
They are now used as payment rails, settlement instruments, treasury tools, and cross-border value-transfer infrastructure. That shift is also changing how regulators view the companies that issue them.
The latest signal comes from Treasury, FinCEN, and OFAC’s proposed framework for implementing the GENIUS Act. The proposed rule would treat permitted payment stablecoin issuers as financial institutions for Bank Secrecy Act purposes and would introduce AML/CFT and sanctions compliance program requirements tailored to stablecoin activity.
The rule is still proposed, not final. But the direction is clear: stablecoin issuers are moving toward financial-institution-grade compliance expectations.
For stablecoin issuers, this is not only a regulatory classification issue. It is an operational issue.
Compliance will need to be embedded into customer onboarding, transaction monitoring, sanctions controls, case review, reporting workflows, lawful-order response, and technical controls around freezing, blocking, or rejecting transactions.
In other words, stablecoin compliance is becoming infrastructure.
… PPSIs would be expected to address core financial-crime controls including risk assessments, customer identification, due diligence, suspicious activity monitoring and reporting, recordkeeping, Travel Rule obligations, sanctions compliance, independent testing, training, and governance-level program approval.
What the Proposed Framework Changes
The proposed rule would require permitted payment stablecoin issuers, or PPSIs, to maintain AML/CFT programs and effective sanctions compliance programs.
Under the proposal, PPSIs would be expected to address core financial-crime controls including risk assessments, customer identification, due diligence, suspicious activity monitoring and reporting, recordkeeping, Travel Rule obligations, sanctions compliance, independent testing, training, and governance-level program approval.
That means a stablecoin issuer’s compliance program cannot rely only on basic wallet screening or one-time onboarding checks.
The expectation is moving toward a risk-based, documented, and testable compliance system.
A stablecoin issuer will need to understand who its customers are, how stablecoins move through its ecosystem, where sanctions or illicit-finance exposure appears, when activity should be escalated, and how decisions are documented.
That last part matters.
In regulated financial services, it is rarely enough to say that a transaction was reviewed. Teams need to show what they knew, what they checked, why they reached a decision, and what happened next.
This is where stablecoin compliance becomes closer to bank-like operational discipline.
Why Stablecoins Are Central to AML and Sanctions Discussions
Stablecoins are useful because they are liquid, transferable, and widely supported across crypto infrastructure.
Those same qualities also make them relevant to AML and sanctions risk.
Illicit actors often move value across wallets, chains, services, and asset types before attempting to cash out or reuse funds. Stablecoins can appear in these workflows because they offer liquidity, relative price stability, and broad acceptance across exchanges, OTC desks, DeFi protocols, bridges, and payment platforms.
This does not mean stablecoins are inherently illicit.
It means stablecoins are now important enough that regulators expect stronger controls around them.
For compliance teams, the challenge is not simply identifying a high-risk wallet. The harder task is understanding the full context around a flow of funds:
- where the funds came from,
- whether obfuscation was used,
- whether bridges or cross-chain movement changed visibility,
- whether sanctioned entities or high-risk services appear,
- whether the customer profile matches the activity,
- and whether there is enough evidence to escalate or close the case.
This is why stablecoin AML work is becoming more investigative.
The New Baseline: Risk-based, Documented, and Technically Executable
The proposed framework points toward three practical expectations.
First, risk assessment needs to reflect actual product use.
A stablecoin issuer’s risk profile changes when it supports new chains, enters new markets, expands redemption activity, adds liquidity partners, or becomes more exposed to secondary-market flows. A static policy document is not enough if it does not reflect how the stablecoin is actually moving.
Second, monitoring must produce usable compliance outputs.
Alerts should not only say that something is risky. They should help analysts understand why the alert matters, what transaction path is relevant, what evidence supports the risk, and what additional review may be needed.
Third, compliance decisions need to be executable.
The proposed rule discusses technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions. It also addresses the ability to comply with lawful orders, including orders to seize, freeze, burn, or prevent the transfer of payment stablecoins.
This is a major shift.
Stablecoin issuers will need to connect legal obligations, sanctions logic, blockchain intelligence, transaction monitoring, case management, and technical response capabilities into a single operating model.
The Secondary-Market Question Matters
One of the most important parts of the proposal is how it approaches secondary-market activity.
FinCEN recognizes that stablecoin issuers may have visibility into token movement through smart contracts even when they do not have a direct customer relationship with the parties involved in a transfer.
That creates a difficult compliance problem.
On one hand, secondary-market stablecoin movement can be relevant to illicit-finance risk. On the other hand, issuers may not always have enough off-chain information to make the same kind of suspicious activity assessment that a customer-facing intermediary could make.
The proposal reflects this tension.
It would expect PPSIs to maintain technical capabilities, policies, and procedures to block, freeze, or reject certain impermissible transactions, including in relation to secondary-market activity where legally required. At the same time, the proposal does not impose a blanket secondary-market SAR reporting obligation.
That distinction is important.
It recognizes the operational complexity of global secondary-market stablecoin movement. But it also signals that issuers cannot ignore secondary-market risk.
For compliance leaders, this creates a practical question:
Can the team connect on-chain visibility, sanctions exposure, customer context, investigation records, and operational action in a way that is reviewable later?
If the answer is no, the gap is not only technical. It is a governance and evidence problem.
Travel Rule and Recordkeeping Are Becoming Part of the Stablecoin Operating Model
The proposed rule would also make Travel Rule and recordkeeping obligations explicit for PPSIs.
FinCEN’s proposal discusses the Recordkeeping Rule, which requires financial institutions to collect and retain records for funds transfers and transmittals of funds in amounts of $3,000 or more. It also discusses the Travel Rule, which requires certain information to travel to other financial institutions participating in the transfer or transmittal.
This matters because Travel Rule readiness depends on more than data exchange.
It depends on knowing which transaction is in scope, which parties are involved, what information is available, how that information is stored, and how exceptions or missing data are handled.
For stablecoin issuers and VASPs, this adds pressure to build compliance workflows that are not fragmented across tools, spreadsheets, emails, and manual screenshots.
The more stablecoins become payment infrastructure, the more compliance teams will need reliable links between monitoring, investigation, documentation, and reporting.
What Stablecoin Issuers Should Prepare for Now
Even before final rules are issued, the proposed framework gives stablecoin issuers a useful readiness checklist.
Teams should review whether their current compliance setup can answer several practical questions:
- Can we explain our stablecoin risk exposure across issuance, redemption, customer activity, chain support, bridges, liquidity partners, and secondary-market movement?
- Does our monitoring workflow show why an alert was generated, not only that a wallet or transaction was flagged?
- Can analysts move from alert to investigation to decision without losing context?
- Do we document the reasoning behind a sanctions, SAR, freeze, block, reject, or no-action decision?
- Can we reconstruct what happened months later if a regulator, bank partner, or law enforcement agency asks?
- Can we support Travel Rule, recordkeeping, and information-sharing workflows without relying on disconnected manual processes?
These questions are not legal advice. Each issuer should review the proposal with counsel and relevant regulators.
But operationally, the direction is visible: stablecoin compliance is becoming more structured, more evidence-driven, and more integrated into day-to-day product activity.
Monitoring Is Only the First Layer
The next generation of stablecoin compliance will not be solved by alerting alone.
Stablecoin issuers and VASPs will need to understand what happened on-chain, where the risk came from, how strong the evidence is, what additional context is needed, and how to document the decision.
That is the direction Caudena is focused on: helping investigation and compliance teams move from raw blockchain activity to explainable, defensible decisions.
As expectations around stablecoin AML, sanctions compliance, Travel Rule readiness, and suspicious activity review continue to mature, the strongest teams will be those that connect monitoring, investigation, case documentation, and reporting into one coherent workflow.
Stablecoin issuers are becoming regulated financial institutions.
Their compliance stack now has to behave like it.