FDIC Proposes BSA/AML and Sanctions Standards for Stablecoin Issuer
Your stablecoin may already have an AML program, a compliance officer, and transaction monitoring in place. That does not mean it meets the standard the FDIC is proposing. The agency's new framework exposes a series of operational gaps that exist across much of the industry; programs that look compliant on paper but fail under examination. From weak governance and untested monitoring systems to sanctions screening deficiencies and overlooked registration obligations, the gap between what exists and what regulators expect is often larger than issuers realize.
A policy PDF is not a compliance program.
The FDIC just made that very clear.
The Federal Deposit Insurance Corporation has proposed a framework that would impose formal Bank Secrecy Act, anti-money laundering, and sanctions compliance obligations on stablecoin issuers operating in the United States.
This is the federal government establishing, for the first time with real specificity, what a compliant stablecoin operation actually looks like from a regulatory standpoint.
If your stablecoin program does not have a named compliance officer, a written and tested AML program, and documented sanctions screening procedures, this proposal is directly about you.
Why This Proposal Exists
Stablecoins occupy a uniquely complicated position in the regulatory landscape. They function like payment instruments. They move value at scale, at speed, across borders, and with a degree of pseudonymity that traditional payment rails do not offer.
That combination is precisely what regulators have been warning about for years. Stablecoins are not a theoretical money laundering vector. They have been used in sanctions evasion, ransomware payments, darknet market settlements, and cross-border layering schemes that are difficult to detect and even harder to unwind.
The FDIC's proposal is the regulatory system responding to what it has observed in practice rather than what it imagined might happen in theory.
The proposal targets issuers of payment stablecoins, which are digital assets designed to maintain a stable value relative to a fiat currency and are used for payments or value transfer. That definition covers the majority of what the market currently recognizes as stablecoins, including dollar-pegged tokens issued by both bank and non-bank entities.
The FDIC's proposed standards are built on the same foundational architecture that governs traditional financial institutions under the BSA. The core components are not novel. What is new is their explicit application to stablecoin issuers as a distinct regulated category.
AML Compliance Program
The proposal requires issuers to maintain a documented anti-money laundering program. The word "documented" carries more weight than it appears to. A program that exists in someone's head, or in a slide deck presented to the board two years ago, does not satisfy this requirement.
The program must be written, current, and reflective of the issuer's actual operations. It must describe how the issuer identifies, monitors, and reports suspicious activity. It must be tested and updated as the issuer's product, customer base, and risk profile evolve.
Named Compliance Officer
The proposal requires designation of a qualified individual responsible for administering the AML program. This is not a committee. It is not a shared responsibility distributed across a team. It is a named person with defined accountability.
That individual must have the authority, the resources, and the expertise to actually run the program. A compliance officer who sits three reporting levels below the CFO and has no direct line to the board does not meet the spirit of this requirement.
Customer Due Diligence and Know Your Customer Procedures
Issuers must implement CDD procedures that allow them to understand who their customers are and what those customers are doing with the stablecoin. This includes collecting and verifying identity information, understanding the nature and purpose of customer relationships, and monitoring accounts for activity that is inconsistent with the established profile.
Enhanced due diligence is expected for higher-risk customers, which the issuer must be capable of identifying. The ability to categorize customer risk is a prerequisite, not an afterthought.
Suspicious Activity Reporting
The proposal requires issuers to file Suspicious Activity Reports with FinCEN when they identify transactions or patterns that meet the applicable reporting thresholds. Filing SARs requires the capacity to detect suspicious activity in the first place, which means transaction monitoring must be operational, calibrated, and produce actionable alerts.
The proposal requires issuers to file Suspicious Activity Reports with FinCEN when they identify transactions or patterns that meet the applicable reporting thresholds. Filing SARs requires the capacity to detect suspicious activity in the first place, which means transaction monitoring must be operational, calibrated, and produce actionable alerts.
An issuer that has no transaction monitoring system cannot file SARs. An issuer that has a transaction monitoring system producing thousands of unreviewed alerts is not materially better positioned.
Sanctions Screening
Every issuer must screen customers and transactions against OFAC's Specially Designated Nationals list and other applicable sanctions lists. This applies at onboarding and on an ongoing basis as lists are updated.
Stablecoins have been used by sanctioned actors with notable regularity. The expectation here is not that issuers will occasionally glance at the OFAC list. The expectation is that screening is systematic, current, and documented.
Recordkeeping
The proposal requires issuers to maintain records sufficient to reconstruct transactions, support regulatory examinations, and respond to law enforcement inquiries. That means transaction records, customer identification records, due diligence files, SAR documentation, and audit trails must be organized, retained, and retrievable.
The Gap Between What Exists and What Is Required
The practical problem is not that stablecoin issuers are ignorant of AML concepts. Most serious issuers have some version of a compliance function in place. The problem is that what exists is often insufficient for what the FDIC is now describing.
There are several gaps that appear consistently across stablecoin operations.
The Policy Shelf Problem
Many issuers have written policies. Those policies were drafted at launch, approved by counsel, and filed away. They have not been updated since. They do not reflect the issuer's current product features, current customer base, or current regulatory environment.
A policy document that describes the program you intended to have two years ago is not the same as a program that governs what you actually do today. Regulators examine what is operationally real, not what is written on paper.
The Compliance Officer in Name Only
Designating a compliance officer is not the same as having a functional compliance function. The FDIC's proposal will put pressure on issuers to demonstrate that their designated officer has meaningful authority, adequate resources, and genuine independence from the business lines they are supposed to oversee.
Compliance officers who are overruled routinely, who lack budget authority, or who are excluded from product development discussions do not satisfy the standard. The function must be real.
Transaction Monitoring That Is Not Calibrated
Many issuers have implemented off-the-shelf transaction monitoring tools without tuning those tools to the specific risk profile of their product, customer segments, or transaction patterns. The result is either a system that generates too many alerts to review meaningfully, or a system that generates too few alerts because the thresholds are set too high.
Regulatory examiners understand transaction monitoring. They know what a well-tuned system looks like. An issuer presenting a monitoring system that has never been calibrated or independently tested will not receive the benefit of the doubt.
No Sanctions Screening Infrastructure
Some issuers rely on their banking partners to screen transactions, under the assumption that the bank is handling the sanctions obligation. That assumption is incorrect. The FDIC's proposal makes clear that the issuer bears the compliance obligation independently. Relying on a third party to screen does not discharge the issuer's own regulatory duty.
Why Stablecoin Issuers Are Also MSBs
This is a point that surprises some operators, but it is well-established under existing law.
Stablecoin issuers that transmit value on behalf of users are money transmitters under the Bank Secrecy Act. Money transmitters are a category of money services business. FinCEN's existing MSB registration requirements apply to money transmitters, and they apply regardless of whether the instrument being transmitted is fiat currency or a digital asset designed to track fiat currency.
That means issuers subject to the FDIC's proposed framework are likely already subject to FinCEN's MSB requirements, including registration, AML program obligations, and SAR filing duties. The FDIC proposal layers additional standards on top of an existing federal obligation, rather than replacing it.
Issuers who have not registered as MSBs with FinCEN are operating with an unaddressed compliance gap that predates the FDIC's proposal. The FDIC framework, if finalized, will make that gap significantly harder to ignore.
What the Proposal Signals About the Direction of Regulation
The FDIC does not propose rules in a vacuum. This proposal reflects a broader regulatory posture that has been building for several years and is now accelerating.
The message embedded in this proposal is straightforward: the federal government is treating stablecoin issuance as a regulated financial activity subject to the same foundational compliance obligations as other payment instruments. The era of stablecoins operating in a compliance grey zone because no single regulator had clearly staked out jurisdiction is ending.
Issuers that built their compliance programs to minimum viable standards, on the assumption that regulatory scrutiny would remain limited, are now facing a reckoning. The question is not whether standards will apply. The question is whether their programs will be ready when examiners show up.
What Stablecoin Issuers Need to Do Now
The FDIC's proposal is still in the comment period, which means the final rule is not yet in effect. It is an opportunity to get ahead of what is coming rather than scrambling to catch up after the effective date.
- Conduct a program gap assessment.
Compare your current AML program documentation against the FDIC's proposed requirements and FinCEN's existing MSB standards. Identify every area where your program falls short and prioritize remediation by risk. - Confirm your FinCEN registration status.
If your stablecoin operation involves transmission of value on behalf of users and you have not registered as an MSB with FinCEN, that is the first problem to solve. Registration must precede everything else. - Formalize your compliance officer role.
If your designated compliance officer lacks clear authority, adequate resources, or a direct line to senior leadership, restructure the function before regulators examine it. The organizational chart matters. - Review your transaction monitoring calibration.
Pull your alert volume data, your review rate, and your SAR filing rate. If those numbers do not tell a coherent story about a functioning monitoring program, retain someone to tune the system properly. - Build your sanctions screening documentation.
Know which lists you screen, at what frequency, with what system, and what your escalation process looks like when a potential match is identified. Document all of it. - Engage counsel on the comment process.
The comment period is the moment when the industry has the ability to influence the final shape of the rule. Operators with practical program experience can contribute meaningfully to how the requirements are ultimately structured.
Get In Touch
Regulators do not propose rules like this without intending to enforce them. The FDIC's proposal establishes a federal compliance baseline for stablecoin issuers that is specific, demanding, and built on the same framework that has governed traditional financial institutions for decades.
A policy document is not a compliance program. A designated title is not a compliance function. An off-the-shelf tool is not a calibrated monitoring system. The standard that is being proposed requires all three to be operational, documented, and demonstrably effective.
Stablecoin issuers that build toward this standard now will be significantly better positioned than those who wait for the final rule to land. Regulatory examiners reward programs that are ahead of the curve. They have limited patience for programs that are catching up.
The gap between where most programs are today and where the FDIC expects them to be is closeable. It requires deliberate effort, the right expertise, and enough time to do the work properly.
That time is now.
Book a Discovery Call to walk through your current stablecoin compliance program, understand where the gaps are, and build a remediation plan before the final rule takes effect.
These AMLI services are most directly relevant to stablecoin operators in this position:
FinCEN MSB Registration: Registration, renewals, and regulatory correspondence management for stablecoin issuers and other digital asset businesses operating as money services businesses.
CAMLO and MLRO Services: Active compliance function ownership for issuers that need a named, qualified compliance officer without hiring one full-time. Covers day-to-day AML program management, regulatory coordination, and SAR filing oversight.
