- Key insight: Treasury and the regulatory agencies unveiled the first stablecoin issuer know-your-customer requirements pursuant to the GENIUS Act, focusing on giving firms risk-based flexibility in their direct customer relationships.
- Expert quote: "Rather than prescribe a one-size-fits-all approach … a [stablecoin issuer's customer identification program] should address the types of accounts it intends to maintain, how it allows those accounts to be opened, and the types of identifying information available," the proposal states.
- Forward look: The proposal will be open for 60 days following its planned publication in the Federal Register on June 22.
The Treasury Department's Financial Crimes Enforcement Network along with the federal banking agencies on Thursday proposed customer identification standards for stablecoin issuers, marking the first know-your-customer guidelines issued pursuant to the GENIUS Act.
Under the proposal, permitted payment stablecoin issuers, or PPSIs, would be required to follow know-your-customer practices similar to those banks, broker-dealers and mutual funds already face.
"This proposal implements the GENIUS Act's directives to treat permitted payment stablecoin issuers as financial institutions for purposes of the Bank Secrecy Act and to require such issuers to maintain an 'effective customer identification program, including identification and verification of account holders,'" the proposal states. "Rather than prescribe a one-size-fits-all approach … a PPSI's [customer identification program] should address the types of accounts it intends to maintain, how it allows those accounts to be opened, and the types of identifying information available."
The proposal comes as regulators are rolling out a series of GENIUS Act regulations. Earlier this year, the FDIC
Under the proposed rule, which will be open for comment for 60 days following its scheduled publication in the Federal Register on June 22, PPSIs, whether regulated by prudential banking agencies, credit union regulators or a state regulator, will be subject to the due diligence standards. Issuers will only be required to identify customers in the primary market, with whom they have a direct relationship through opening an account or offering direct to customer digital asset services such as issuing, redeeming or custodying stablecoins. Issuers will not be required to identify those who later transact in tokens on the secondary market, as these participants would not be considered the PPSI's customer. The agencies argue that to require identifying all secondary market participants — what they call a "global" know-your-customer requirement — would be unfeasible for institutions.
"Imposing an obligation where any payment stablecoin transfer could, for purposes of a CIP obligation, result in a customer and account relationship with a PPSI would essentially impose on PPSIs a global obligation to collect and verify identifying information of individual users," the proposed
As with banks, issuers' identification requirements would kick in when customers open an account with an issuer. Issuers would need to collect standard identification data like name, birthday, addresses and government identification numbers. P.O. boxes or virtual office addresses would not be valid as primary physical addresses. Issuers could gather physical I.D. documents and data from public databases or other financial institutions to identify customers, but the agency gives firms flexibility.
"Technological variation and innovation are best accounted for by maintaining the flexibility in the proposal relating to how a PPSI verifies a customer's identity," the proposal states. "This flexibility will enable individual PPSIs to assess their comfort level with the trustworthiness of various tools and take into consideration variation in tools and differences in risk."
Issuers would need to maintain customer I.D. information and documents for five years after an account is closed. Issuers would need to cross-reference identities against government terrorism lists that will be specified at a later date.
"Because Treasury and the Federal functional regulators have not yet designated any such lists, the proposed rule cannot be more specific with respect to the lists PPSIs must check in order to comply with this provision," the proposal notes. "Accordingly, PPSIs would not have an affirmative duty under this proposed regulation to seek out all lists of known or suspected terrorists or terrorist organizations compiled by the Federal government [and will instead] receive separate notification regarding the lists that must be consulted."
While the rule contemplated scaling requirements in proportion to an issuer's size at various thresholds, the agencies decided to propose giving institutions more discretion over what an appropriate risk-based program would look like.
"Other policy options to tailor for size and complexity were considered including, for example, a CIP obligation that would fluctuate solely based on the size of an issuer," the proposal states. "Fincen and the Agencies have preliminarily assessed, however, that such an approach, however, could harm national security by providing weaker points of entry to the financial system, but request comment on its approach."
