GENIUS Act AML Rules: FinCEN and OFAC Propose Bank-Level Stablecoin Compliance — April 2026

On April 10, 2026, the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) jointly published a Notice of Proposed Rulemaking (NPRM) that will place permitted payment stablecoin issuers (PPSIs) under the same anti-money laundering and sanctions compliance obligations that currently apply to banks.

According to the Federal Register notice, the proposed rules implement Section 9 of the GENIUS Act and are designed to prevent stablecoins from becoming vehicles for illicit finance once the GENIUS Act regime goes live in January 2027. Comments are due by June 9, 2026.

What the Proposed Rules Require

The rulemaking covers two parallel compliance tracks — one from FinCEN on AML/CFT program requirements, and one from OFAC on sanctions compliance programs.

FinCEN's AML requirements treat PPSIs as "financial institutions" under the Bank Secrecy Act. Stablecoin issuers must:

• Establish a written AML/CFT program with designated compliance officers
• Implement risk-based customer due diligence (CDD), including Know Your Customer procedures
• File Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs)
• Maintain transaction records and make them available to regulators on request
• Screen customers and transactions against applicable watchlists

OFAC's sanctions program requirements mirror the five-pillar compliance framework OFAC already recommends for banks. According to Sullivan & Cromwell's analysis, PPSIs must demonstrate:

1. Senior management commitment — documented tone-from-the-top on sanctions compliance
2. Risk assessment — periodic, geography- and product-specific risk evaluation
3. Internal controls — technical and procedural safeguards to identify and reject prohibited transactions
4. Testing and auditing — independent validation of the program's effectiveness
5. Training — mandatory annual training for all relevant personnel

Critically, OFAC is requiring stablecoin issuers to build in real-time safeguards to identify and block transactions that would violate U.S. sanctions — not just retroactive flagging.

Why This Is a Watershed Moment for Crypto Compliance

According to AML Intelligence, this is the first time the U.S. government has proposed applying the full suite of BSA obligations directly to stablecoin issuers rather than routing compliance through banks that hold reserves. The practical implication: any company issuing a dollar-pegged stablecoin in the United States after January 2027 must operate like a bank compliance department.

For context, the four largest stablecoins — USDT, USDC, BUSD, and PYUSD — collectively process trillions of dollars in transactions annually. The proposed rules would extend OFAC's sanctions screening obligation to secondary market transactions as well, meaning that exchanges and wallet providers facilitating transfers of PPSIs may also need to implement real-time sanctions checks.

The Compliance Window Is Shorter Than It Looks

January 2027 is only eight months away. Building a compliant AML/CFT and sanctions program from scratch takes three to six months even for well-resourced teams. Organizations that have not yet invested in automated sanctions screening infrastructure face a tightening timeline.

The five-element OFAC program requirement is particularly demanding for technology companies accustomed to moving fast. Real-time transaction screening across OFAC's SDN list, the EU Consolidated List, and UN Security Council designations requires either building an in-house screening engine or integrating an API that maintains live watchlist data.

How SanctionShield AI Helps

SanctionShield AI provides a REST API purpose-built for real-time sanctions screening that aligns directly with OFAC's proposed compliance requirements.

Watchlist coverage: SanctionShield AI screens against OFAC SDN, OFAC Consolidated, EU, UN, OFSI, and 40+ additional global lists — updated within minutes of new designations.

Transaction-level screening: Beyond name screening, the API supports wallet address and entity screening designed for blockchain transaction workflows.

Audit trail: Every API call returns a timestamped, structured result that can be logged as evidence of an OFAC-compliant screening event — directly supporting the documentation requirements in the proposed rule.

Risk scoring: Fuzzy matching with configurable similarity thresholds reduces false positives without sacrificing recall, which is critical for high-volume stablecoin payment flows.

A basic Python integration takes under 30 minutes:

import requests
 
def screen_stablecoin_transaction(wallet_address: str, counterparty_name: str) -> dict:
    response = requests.post(
        "https://apivult.com/api/sanctionshield/screen",
        headers={"X-RapidAPI-Key": "YOUR_API_KEY"},
        json={
            "query": counterparty_name,
            "wallet": wallet_address,
            "lists": ["OFAC_SDN", "OFAC_CONS", "EU", "UN"],
            "threshold": 0.85
        }
    )
    return response.json()
 
# Example: screen a stablecoin recipient before settlement
result = screen_stablecoin_transaction(
    wallet_address="0x1234...abcd",
    counterparty_name="Acme Trading Ltd"
)
 
if result["match_found"]:
    raise ValueError(f"Sanctions hit: {result['matched_entity']} — transaction blocked")

What Happens Next

The comment period closes June 9, 2026. Industry groups including the Blockchain Association and Chamber of Digital Commerce are expected to submit technical comments on the secondary-market screening requirements, which some argue extend OFAC's enforcement reach further than the statute requires.

Treasury has indicated it intends to finalize the rules before the end of 2026 to give PPSIs adequate implementation time. Organizations operating in the stablecoin space should use the comment period to assess their current screening capabilities and identify gaps before the final rule is published.

Regardless of the final form the rules take, the directional signal is clear: crypto compliance is converging with traditional financial services compliance, and real-time sanctions screening is no longer optional for stablecoin operators.

Sources

• Permitted Payment Stablecoin Issuer AML/CFT Program and Sanctions Compliance Program Requirements — Federal Register, April 10, 2026
• GENIUS Act Implementation – FinCEN, OFAC Propose Rule on AML and Sanctions-Compliance Requirements — Sullivan & Cromwell LLP, April 2026
• BREAKING: AML rules will apply to US stablecoin firms under new proposal — AML Intelligence, April 2026