Federal regulators in the United States have finally shown their hand on one of the biggest unanswered questions around stablecoin policy, and the answer is less draconian than many in crypto likely expected. The newly released proposal from the Federal Reserve and others would require stablecoin issuers to run bank-style identity checks on their direct customers, but it also makes clear that ordinary users can keep sending stablecoins around on secondary markets in a peer-to-peer manner without the issuer having to collect any personal information about them.
The proposal is currently at the “request for comment” stage and not a final rule. It comes from a joint group of federal regulators, including the Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board, the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration. The agencies say the proposal is meant to implement the GENIUS Act’s requirement that permitted payment stablecoin issuers be treated as financial institutions for Bank Secrecy Act purposes and maintain an effective customer identification program.
In plain English, the U.S. federal government is moving toward formal anti-money laundering (AML) and identity-checking rules for stablecoin issuers. But it is not, at least in the proposal’s current form, trying to force issuers to identify every person who ever touches a stablecoin token. That is a meaningful clarification of how the GENIUS Act may be implemented, and it suggests the agencies are trying to fit stablecoins into a bank regulatory framework without breaking the basic way these assets already circulate and function.
Would Identifying Users Be “Nearly Impossible?”
Early coverage of the notice from some crypto media outlets has focused on the bank-style ID checks the proposal imposes on stablecoin issuers’ direct customers, with less attention going to the arguably more consequential decision of allowing stablecoins to keep circulating on the secondary market without requiring the issuer to identify individual users. With the proposal indicating federal regulators are mostly fine with the way things already work in practice, it is likely incorrect to view this as some sort of clampdown on the level of privacy found with stablecoins. The proposal draws a sharp distinction between the primary market, where an issuer directly issues or redeems stablecoins for a customer and should implement customer identity verification measures, and the secondary market, where tokens move between other parties and the issuer is not really involved except through the associated smart contract.
In terms of the regulatory agencies’ thoughts on the specific point of tracking every last one of stablecoin issuers’ end users, the proposal states, “Imposing an obligation where any payment stablecoin transfer could, for purposes of a [Customer Identification Program] obligation, result in a customer and account relationship with a [Permitted Payment Stablecoin Issuer] would essentially impose on PPSIs a global obligation to collect and verify identifying information of individual users. FinCEN and the Agencies assess that such a CIP obligation would be nearly impossible for PPSIs to implement and could potentially cripple the industry.”
While it is definitely true that requiring ID verification for every secondary-market stablecoin user would likely upend the industry, it is not hard to imagine how such restrictions could be imposed if regulators ever decided to go there. The most obvious path would be address whitelisting, where issuers only allow tokens to move to blockchain addresses that have completed AML and Know Your Customer (KYC) checks. Indeed, that possibility has hung over the stablecoin market for years. So, while the agencies are right that universal secondary-market verification would be disruptive, the real significance here is that they are signaling they are simply not choosing that route right now, not that such a regulatory environment would be impossible to implement.
One reason regulators may be comfortable with how things currently work is that stablecoins on public blockchains do not operate with the properties originally envisioned for digital cash by the cypherpunks some decades ago. In fact, they’re much more akin to complete financial panopticons. Sure, stablecoin transfers can be pseudonymous in the narrow sense that not every blockchain address or wallet is labeled with a legal identity by the issuer. But the crypto networks upon which these tokens are issued are completely public and transparent. Blockchain analytics firms specialize in linking wallet clusters to real people and institutions, and stablecoin activity is heavily concentrated around centralized exchanges and other regulated custodians that already collect plenty of information about their users. For example, one firm, Chainalysis, released a report earlier this year that covered the rise in the use of stablecoins for illicit purposes to record levels in 2025. In other words, much of the transaction graph is already effectively doxxed.
As former Commodity Futures Trading Commission (CFTC) Chairman Chris Giancarlo once bluntly stated, “Let’s get one thing clear as custard here, okay. There’s no privacy in stablecoins. None. Zero.”
It’s possible that some traditional banks will offer their perspectives on this proposed regulatory framework for stablecoins during the 60-day comment period window. JPMorgan Chase CEO Jamie Dimon made headlines when he blasted Coinbase CEO Brian Armstrong as “full of shit” on crypto regulation in a recent interview, and during that same interview, he also argued that stablecoins do not currently have proper AML requirements. Those comments could be a preview of the kind of pushback regulators will hear from incumbent financial institutions that would prefer a system with fewer gaps between traditional banks and stablecoins when it comes to compliance expectations.
It also appears that these sorts of comments from the traditional banking industry, if they indeed end up providing them, would be listened to closely by regulators. “I remain concerned[…] that the GENIUS Act regulatory framework does not do enough so far to address the risks of illicit finance conducted through secondary market transactions in payment stablecoins,” said Federal Reserve Governor Michael S. Barr in a statement. “While some digital asset service providers are subject to anti-money laundering and anti-terrorist financing requirements in their home jurisdiction, it is far too easy for bad actors to evade these restrictions and operate without detection when transacting in digital assets. I will carefully review comments in response to the proposal’s questions regarding whether any portions of the CIP rule should be extended to secondary market activity.”
This is not the first time Barr has publicly commented on the potential risks of stablecoins being used for illicit activity, as he previously noted in 2022, “As banks explore different options to tap into the potential of the technology, it is important to identify and assess the novel risks inherent in those models and whether those risks are surmountable. For instance, with some models that are being explored, the bank may not be able to track who is holding its tokenized liability or whether its token is being used in risky or illegal activities.”
For now, the proposal suggests regulators are willing to tolerate the regulatory arbitrage available to firms that put dollar liabilities onto public blockchains rather than internal database systems. Of course, that does not mean stablecoins are uncontrollable or permissionless in any technical sense. Issuers still retain extraordinary power over their dollar-pegged tokens, including the ability to freeze or blacklist funds. This is something the Iranian regime recently found out the hard way when Tether froze $344 million of assets tied to Iran on behalf of the U.S. government.
