Points of Focus

• The FDIC board approved a BSA and sanctions compliance rule on May 22 for all GENIUS Act-supervised stablecoin issuers.
• The rule is the FDIC’s third GENIUS Act rulemaking in six months, completing the compliance stack alongside reserve and application rules.
• Every bank-affiliated stablecoin subsidiary, including JPMorgan, BlackRock, and Fidelity, falls under this framework.

The Federal Deposit Insurance Corporation (FDIC) Board of Directors approved a notice of proposed rulemaking on May 22 that would impose Bank Secrecy Act (BSA) and sanctions compliance standards on all FDIC-supervised Permitted Payment Stablecoin Issuers (PPSIs), as required by the GENIUS Act.

🇺🇸 JUST IN: GENIUS Act Stablecoin Rules Advance

The Federal Deposit Insurance Corporation (FDIC) has advanced a proposed rule requiring federally supervised stablecoin issuers to comply with AML and sanctions regulations under the GENIUS Act.

The proposal would apply to FDIC… pic.twitter.com/0BZhX0eF4x

— AmericaFun News (@americadotnews) May 25, 2026

The proposed rule covers three areas: compliance with Anti-Money Laundering (AM) and combating the financing of terrorism (CFT) program requirements set by the Financial Crimes Enforcement Network (FinCEN), adherence to the Office of Foreign Assets Control (OFAC) economic sanctions screening, and alignment with FinCEN reporting requirements. Public comments will be accepted for 60 days following Federal Register publication. This is the FDIC’s third rulemaking under the GENIUS Act since its enactment on July 18, 2025.

Who the rule covers and why it matters

The FDIC is the primary federal payment stablecoin regulator for a specific and commercially significant category of issuer: subsidiaries of insured state nonmember banks and state savings associations that the FDIC has approved to issue payment stablecoins. This structural definition captures the majority of the most commercially significant stablecoin programs in development.

• J.P. Morgan’s JLTXX, filed May 12, operates through Kinexys Digital Assets, a business unit of JPMorgan Chase Bank N.A.
• BlackRock’s dual Ether (ETH) filings from May 8, covering the BSTBL OnChain share class and the Stablecoin Reserve Vehicle, use BNY Mellon and Securitize as infrastructure but operate under BlackRock Fund Advisors, a subsidiary of a bank holding company.
• Fidelity International’s FILQ, launched May 13, uses Sygnum’s Desygnate platform.

In every case, the ultimate issuer’s regulatory home determines which primary federal regulator applies. For bank-affiliated subsidiaries, that is the FDIC.

The rule closes what would otherwise have been a compliance gap. Without it, a PPSI approved to issue payment stablecoins under the GENIUS Act’s prudential framework could theoretically have operated without explicit BSA and OFAC obligations tailored to its stablecoin activities.

The May 22 proposal makes those obligations explicit, requiring PPSI AML/CFT programs to meet the same FinCEN standards that apply to banks: risk-based policies and procedures, independent testing, a US-based compliance officer accessible to regulators, and an employee training program.

The three-part regulatory stack

The three FDIC rulemakings now form a complete compliance architecture for bank-affiliated stablecoin issuers.

• The December 2025 application rule determines who can issue. An FDIC-supervised insured depository institution must submit an application to the FDIC before its subsidiary may issue payment stablecoins, and the FDIC will assess whether the issuer meets safety and soundness standards.
• The April 7 prudential rule determines how issuers must operate. Reserve assets must be high-quality liquid instruments backing stablecoin liabilities at 1:1. Redemption must be guaranteed. Capital must be maintained. Risk management must follow principles-based requirements that the FDIC can examine.
• The May 22 BSA and sanctions rule determines with whom issuers can transact. AML/CFT programs must identify, assess, and mitigate the risk of illicit finance. OFAC sanctions lists must be screened in real time. FinCEN suspicious activity reports must be filed when required.

Together, the three rules replicate, within the stablecoin market, the same compliance infrastructure that traditional banks have operated under for decades. The difference is the timeline: What took the banking system generations to build has been assembled for stablecoins in six months.

The broader regulatory context

The FDIC’s May 22 rule is one of four stablecoin regulatory developments in the same week.

The Bank of England announced on May 19 that it is replacing individual holding limits with aggregate issuance guardrails ahead of the June draft rules, explicitly aligning its timeline with the US.

Bank of England to Publish Draft Rules for Systemic Stablecoins Next Month

The Bank of England plans to publish draft rules for systemic stablecoins next month and finalize them by year-end, while it may set temporary limits on total stablecoin issuance to mitigate early risks.… pic.twitter.com/94Kmbs9ac6

— Wu Blockchain (@WuBlockchain) May 20, 2026

Tether and the Government of Georgia announced GELT on May 25, with Georgia’s framework designed to be compatible with the GENIUS Act. 

The CLARITY Act, covering broader digital asset market structure, awaits a Senate floor vote before August.

pic.twitter.com/xiWNoJVDTq

— Senator Cynthia Lummis (@SenLummis) May 14, 2026

The stablecoin compliance architecture being assembled in May 2026 reflects a regulatory premise that has shifted decisively: Stablecoins are no longer treated as an emerging technology to be observed with patience. They are financial infrastructure requiring the same AML/CFT standards as every other financial instrument. The FDIC’s BSA and sanctions-proposed rule, open for 60 days of public comment, closes the gap between that premise and the regulations that enforce it.