Apr 222026

FinCEN, Office of Foreign Assets Control Propose Anti-Money-Laundering Program and Sanctions Requirements for Stablecoin Issuers

Paul M. Tyrrell, Andrew J. Sioson, Kristin S. Teager, Stanley J. Boris, Jess Cheng, Maura Rezendes, Jen Fernandez and Andrew W. Shoyer
, , , , ,

The U.S. Department of the Treasury, through the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) (collectively Treasury) issued a joint notice of proposed rulemaking on April 8, 2026, to implement the anti-money-laundering (AML) and sanctions compliance provisions of the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act), establishing a regulatory framework for permitted payment stablecoin issuers (PPSIs), hereinafter collectively “the proposed rule.”[1] The proposed rule does not address the GENIUS Act’s customer identification program (CIP) requirements, which are expected to be the subject of a separate rulemaking.

FinCEN has taken the position over the years that money transmission includes the transfer of convertible virtual currencies (CVCs), such as stablecoins. Based on those FinCEN interpretations, currently, many stablecoin issuers generally are subject to Bank Secrecy Act (BSA) obligations as financial institutions, specifically money transmitters, which are a type of money services business. As such, many stablecoin issuers have been subject to a range of BSA obligations such as the establishment of a written AML program; the requirement to file currency transaction reports (CTRs) and suspicious activity reports (SARs); and the requirement to maintain certain records, including those relating to the transmittal of funds under the Recordkeeping Rule and the Travel Rule.[2]

However, under the proposed rule, FinCEN would designate PPSIs as a type of financial institution for purposes of the BSA. Accordingly, the proposed requirements for PPSIs would differ in some material respects from the current obligations that apply to money services businesses (MSBs) but would be comparable in many respects to stablecoin issuers’ existing requirements as MSBs.

To avoid confusion with obligations that apply to MSBs, the proposed rule would carve out PPSIs from the definition of “money services business” under BSA implementing regulations. The carveout, however, would apply only to PPSIs and not to other persons engaged in activities involving the issuance of stablecoins that are not payment stablecoins. Indeed, stablecoin issuers that issue tokens that are not payment stablecoins, that is, value that substitutes for currency, would remain subject to the MSB framework.

With respect to sanctions compliance, the proposed rule would implement, through OFAC regulations, the GENIUS Act’s directive that PPSIs be required to maintain effective sanctions compliance programs. This represents the first time that OFAC regulations would mandate the implementation and maintenance of a sanctions compliance program and impose penalties for failure to do so. The impact on a PPSI’s operations is likely to be minimal, however, as OFAC has copied into the proposed rule the five essential elements of a risk-based compliance program that it would already expect U.S. persons and persons conducting business in or with the United States to maintain.

Obligations for Primary and Secondary Market Activity

Importantly, the proposed rule suggests that some PPSI obligations will apply to the secondary market while others will not. In the proposed rule, FinCEN refers to the secondary market to describe payment stablecoin activity that does not directly involve the PPSI as a party to the transaction other than via a smart contract. Specifically, FinCEN states that secondary market activity could include an individual purchasing payment stablecoins from an intermediary, an individual sending payment stablecoins from a self-hosted wallet to a vendor to purchase goods, an individual exchanging payment stablecoins for another digital asset via a digital asset exchange, or a person-to-person transaction in payment stablecoins.

For example, as discussed below, FinCEN is not proposing to require a PPSI as part of an AML/CFT program to monitor secondary market activity. Notwithstanding, a PPSI will be required to understand the risk its customers pose as part of its due diligence, as well as its distribution channels, including blockchains on which its payment stablecoins are deployed. Given that PPSIs will not be required to monitor secondary market activity, FinCEN also is not proposing to require PPSIs to file SARs on secondary market transactions.

Instead, as it relates to secondary market transactions, FinCEN proposes obligations already imposed on PPSIs under the GENIUS Act. Specifically, as part of PPSI obligations to have technical capabilities and policies and procedures to block, freeze, and reject impermissible transactions and technical capabilities to comply, and complying, with the terms of lawful orders, those obligations will apply to the secondary market.

PPSI AML Program Requirements

The proposal follows closely FinCEN’s recent proposed rule addressing AML/Countering the Financing of Terrorism (CFT) program requirements for existing financial institutions, reflecting the Treasury’s broader effort to recalibrate the current regulatory framework as it relates to AML requirements.[3]

  • PPSIs will be required to establish a risk-based set of internal policies, procedures, and controls that are reasonably designed to ensure compliance with the BSA and its implementing regulations. Specifically, the risk-based internal policies, procedures, and controls must be reasonably designed to (1) identify, assess, and document the PPSI’s money laundering and terrorist financing risks through risk assessment processes that evaluate the risks of the PPSI’s business activities, review and, as appropriate, incorporate the AML/CFT Priorities,[4] and are updated promptly upon any change that the PPSI knows or has reason to know significantly changes the PPSI’s money laundering or terrorist financing risks; (2) mitigate the PPSI’s money laundering or terrorist financing risks, consistent with the PPSI’s risk assessment processes; and (3) conduct ongoing due diligence.
  • PPSIs will be required to establish ongoing employee training programming and independent AML/CFT program testing.
  • PPSIs will be required to designate an individual responsible for establishing and implementing the AML/CFT program and coordinating and monitoring day-to-day compliance. That designated individual must be located in the United States and accessible to, and subject to oversight and supervision by, FinCEN and its designee, including the appropriate primary federal payment stablecoin regulator. Notably, that individual cannot be someone convicted of a felony offense involving certain kinds of activity, as required by the GENIUS Act.[5]
  • In addition, a PPSI will be required to separately maintain the AML/CFT program by implementing, in all material respects, the established program.

Risk Assessments — No Second Guessing?

In its proposed rule, FinCEN states that PPSIs are best positioned to identify and evaluate their money laundering and terrorist financing risk to make decisions related to risk identification and resource allocation in accordance with risk identification. As a result, FinCEN provides that the proposed rule does not contemplate regulatory second-guessing of a PPSI’s reasonable determination regarding appropriate resource allocation or conclusions regarding specific risks.

However, FinCEN also states that while an examiner should not substitute her or his own subjective judgment in place of the PPSIs, the examiners will look to assess the reasonableness of the PPSI’s risk assessment. Specifically, the examiners will assess whether (i) a PPSI’s resource allocation decisions are informed by, and consistent with, reasonably designed risk assessment processes and (ii) with respect to implementation, specifically, whether the PPSI knows or should know about resource-related issues involving its internal policies, procedures, and controls and other mandatory elements that may result in the PPSI’s failing to implement its AML/CFT program in all material respects and failing to address such issues.

PPSIs Will Need to Establish Risk-Based AML/CFT Programming — With an Eye Toward Combatting Politicized or Unlawful Banking

  • Under the proposed rule, PPSIs must establish AML/CFT programs that are risk-based, including ensuring that PPSIs direct more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the PPSI, rather than toward lower-risk customers and activities. To achieve this, the PPSI must identify, assess, and document its money laundering and terrorist financing risks through risk assessment processes. As such, the PPSI must evaluate money laundering and terrorist financing risks and review and incorporate the AML/CFT priorities, as appropriate, with updates to risk assessment processes promptly upon any change that the PPSI knows or has reason to know significantly changes the PPSI’s money laundering or terrorist financing risks.
  • Notably, FinCEN states that the proposed rule seeks to provide PPSIs with the flexibility to serve a broad range of customers and avoid one-size-fits-all approaches to customer risk that can lead to PPSIs declining to provide financial services to entire categories of customers. Indeed, according to FinCEN, the proposed rule would help ensure that decisions taken by PPSIs with respect to closing customer accounts are based on legitimate money laundering or terrorist financing risks and informed by relevant facts and circumstances. Indeed, the proposed rule is intended to mitigate risks of PPSIs potentially being inappropriately pressured into “debanking” by closing customer accounts by emphasizing the risk-based nature of AML/CFT programs, aligning with the broader policy objectives regarding access to banking services described in Executive Order 14331, Guaranteeing Fair Banking for All Americans.[6]

Customer Due Diligence — Understanding the Nature and Purpose of the Customer Initiating and Maintaining the Relationship With the PPSI

PPSIs will be required to conduct ongoing Customer Due Diligence (CDD) as part of their AML/CFT program obligations. As a result, PPSIs will need to obtain and maintain sufficient information to develop an understanding of normal and expected customer activity. To accomplish this, the PPSI will need to develop an understanding of the nature and purpose of the customer relationship for purposes of risk profiling and conduct ongoing monitoring to identify and report suspicious activity and, on a risk basis, update customer information. These CDD requirements apply to customer relationships (i.e., primary market counterparties) rather than to individual transactions and do not extend to secondary market activity.

The proposed rule sets forth some considerations that may be unique to PPSIs in assessing the nature and purpose of the customer relationship. For example, the PPSI may need to consider the type of entity seeking to establish a customer relationship, the jurisdiction in which it is domiciled, the AML/CFT obligations it is subject to (and the rigor of that supervisory oversight), the customer’s operating history, the services the customer offers to its users, the markets that the customer serves, and the agents or intermediaries through which the customer may provide its services.

In addition, PPSIs may need to consider information more narrowly tailored to the stablecoin market, including both information available from public blockchains and relevant off-chain considerations. While the proposed rule does not require the PPSI to monitor secondary market transactions, the PPSI may need to consider such activity in assessing its customer risk profile.

Collection of Beneficial Ownership

PPSIs will be required to collect beneficial ownership information about legal entity customers, although FinCEN is not extending the collection of beneficial ownership information to secondary market activity. The proposed rule contemplates requiring procedures relating to verifying the identity of beneficial owners that would contain the same elements as the CIP rule for banks. FinCEN anticipates further modifications to the proposed language based on its expected forthcoming rulemaking implementing the GENIUS Act’s requirements that PPSIs maintain CIPs.

Specifically, FinCEN’s proposed rule clarifies that for PPSIs, an account is a formal relationship between a customer and a permitted payment stablecoin issuer established to provide or engage in services, dealings, or other financial transactions. Notwithstanding, FinCEN anticipates further modifications to its proposed language based on its expected forthcoming rulemaking implementing the GENIUS Act’s requirement that PPSIs maintain customer identification programs.

Technical Capabilities, Policies, and Procedures Required of PPSIs

The proposed rule would implement the statutory requirements for PPSIs to have technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate federal or state laws, rules or regulations. Both obligations will apply to secondary market activity. Therefore, these requirements extend not only to transactions conducted directly by the PPSI but also to third-party transactions that interact with the PPSI’s smart contracts, even where the PPSI is not a direct counterparty.

The proposed rule does not prescribe how PPSIs should implement the technical capability requirement nor the policies and procedures that are specifically required to meet the proposed obligation, leaving it to the PPSI to determine how to effectively and efficiently comply with the obligation.

Some PPSIs are currently able to block, freeze, or reject transactions involving their stablecoin by programming the stablecoin’s smart contracts, which is leveraged on both primary and secondary market activity. Other stablecoin issuers may use the programmability afforded in smart contracts to ban specific wallet addresses from interacting with stablecoin smart contracts, which effectively freeze the stablecoins held at those addresses or burn them (permanently removing stablecoins from circulation).

The proposed rule makes it clear that a PPSI’s technical capabilities, policies, and procedures should account for identifying and blocking or rejecting payment stablecoin-related transactions that would violate U.S. sanctions. This includes PPSIs having the ability to identify and block stablecoins traded by blocked persons on the secondary market when PPSIs exercise possession or control of such stablecoins, including through smart contracts. In addition, federal or state courts or administrative orders may also require a PPSI to act on its block, freeze, or reject capabilities, including transactions occurring on the secondary market.

Other Key Takeaways for PPSI AML Programs[7]

Reporting Obligations

SARs

The proposed rule provides that PPSIs will be required to report suspicious transactions that are conducted or attempted by, at, or through a PPSI, involve or aggregate at least $5,000 in funds or other assets, and meet one of the conditions set forth below. This requirement applies not only to discrete transactions but also to patterns of transactions that in aggregate are suspicious and meet the reporting threshold. Notably, however, the proposed rule states that “a transaction is not conducted or attempted by, at, or through a permitted payment stablecoin issuer only because a transfer by third parties results in an interaction with a permitted payment stablecoin issuer’s smart contract.” This reflects FinCEN’s determination that the burden of requiring PPSIs to file SARs concerning secondary market activity would outweigh the likely benefits.

The $5,000 transaction threshold is different than the $2,000 threshold that applies to MSBs. FinCEN maintains that the proposed $5,000 threshold considers the status of the payment stablecoin ecosystems and is consistent with the threshold for financial institutions with CIP obligations.

PPSIs will be required to file a SAR when the PPSI knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transactions is a part)

  • involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;
  • is designed, whether through structuring or other means, to evade BSA requirements;
  • has no business or apparent lawful purpose, and the PPSI knew of no reasonable explanation for the transaction after examining the available facts; or
  • involves the use of the PPSI to facilitate criminal activity.

Joint filings of one report with other financial institutions that have a SAR reporting requirement are permitted, provided that the joint report contained all relevant facts and that each institution maintained a copy of the report and any supporting documentation.

Of note, if the PPSI is a subsidiary of a parent-insured depository institution and both institutions are required to file a SAR, the parent will be permitted to file SARs on behalf of its PPSI subsidiary (and vice versa).

PPSIs would not be allowed to disclose a SAR or any information that would reveal the existence of a SAR unless (a) requested by various specified authorities provided that no person involved in the reported transaction is notified that the transaction has been reported; (b) in connection with the preparation of a joint SAR or certain employment references or termination notices; (c) within the PPSI’s corporate organizational structure for purposes consistent with the BSA as determined by regulation or guidance. As regards clause (c), FinCEN would expressly permit the sharing of the SAR, as well as the underlying facts, transactions, and documents, between the PPSI and its parent-insured depository institution.

CTRs

Even though stablecoin issuers rarely transact in physical transfers of currency, the proposed rule contemplates PPSIs to file CTRs for each deposit, withdrawal, or exchange of currency or other payment or transfer, by, through, or to such PPSI which involves a transaction in currency of more than $10,000 unless subject to an exemption.

The proposed rule, however, would not require reporting of transactions in payment stablecoins. “Transaction in currency” is defined as a transaction involving the physical transfer of currency, and the term “currency” does not include payment stablecoins. Accordingly, CTR requirements are expected to have limited practical application for PPSIs given the predominantly digital nature of stablecoin activity. FinCEN nevertheless includes this requirement as a forward-looking measure, anticipating that PPSIs may in the future engage in activities involving physical currency, such as through retail-facing operations, including potential expansion into retail environments where cash transactions may occur.

Record Retention Obligations

Under the proposed rule, PPSIs would be required to create and retain certain records for extensions of credit more than $10,000 as well as certain records of cross-border transfers of currency, monetary instruments, funds, checks, investment securities, and credit worth more than $10,000.

The proposed rule would require PSSIs to comply with the Recordkeeping Rule in collecting and retaining records for transmittal of funds in amounts of $3,000 or more as well as complying with the Travel Rule to transmit information on certain transmittals of funds in amounts of $3,000 or more to other financial institutions participating in the payment chain. To do so, the proposed rule seeks to amend the definition of “transmittal order” to expressly include payment stablecoins in addition to “money” as the type of transfers that trigger the requirements. However, FinCEN cautions that its existing guidance regarding CVCs remains in effect, and thus a negative inference should not be drawn from the definition to imply that orders to pay other kinds of value that substitutes for currency are not transmittal orders.

Enterprisewide Programs and PPSIs

PPSIs That Are Subsidiaries of Insured Depository Institutions

Some PPSIs will likely be the subsidiaries of parents that are subject to their own AML/CFT obligations under FinCEN regulations. Under the proposed rule and FinCEN’s existing regulations, FinCEN expects its regulations that are applicable to a parent-insured depository institution and its subsidiary PPSI could be similar to one another. As such, FinCEN states that the PPSI and its parent would be able to coordinate compliance practices and share compliance resources, and the PPSI, as part of the insured depository institution as a whole, can leverage the parent’s program. This approach reflects FinCEN’s expectation that PPSIs affiliated with banks will leverage existing enterprisewide compliance infrastructure, contributing to the agency’s view that incremental compliance costs may be limited.

Indeed, it will be permissible for the parent entity to elect to extend a single AML/CFT program for the PPSI and the insured depository institution so long as a comprehensive AML/CFT program is reasonably designed to identify and mitigate the risks posed by the different aspects of each entity’s business and activities and satisfies each of the AML/CFT program and other BSA requirements that the PPSI and parent are subject.

On the other hand, where a PPSI is subject to obligations that differ from those of its parent, a PPSI must comply with the PPSI-specific provision. An example is the PPSI-specific obligation to have internal policies, procedures, and controls to comply with the obligation to block, freeze, and reject applicable transactions, which could be part of enterprisewide policies and procedures or unique in the corporate structure to PPSIs.

Uninsured National Banks as PPSIs

The GENIUS Act permits certain uninsured national banks to be PPSIs. In those instances, the institution would be subject to BSA obligations as both a bank and PPSI. As with insured depository institutions, some of the obligations in the proposed rule already apply to banks and, whether the institution is both a bank and PPSI, it will need to comply with both sets of obligations.

In the case of both insured depository institutions and uninsured national banks, FinCEN seeks comment on whether the proposed rule is creating obligations that would conflict with existing obligations such that complying with both would be legally or practically impossible.

Examination of PPSI AML/CFT Program Compliance

FinCEN proposes delegating examination authority over PPSIs to federal agencies responsible for examining the same entities for safety and soundness and, where no federal agency exists, to the Internal Revenue Service (IRS). Accordingly, the IRS would have delegated examination authority over a state-qualified payment stablecoin issuer that is not supervised by a primary federal payment stablecoin regulator, either because the state-qualified stablecoin issuer’s outstanding issuance is not more than $10 billion or because the primary federal payment stablecoin regulator has granted the PPSI a waiver to allow the PPSI to remain supervised by a state payment stablecoin regulator.

In addition, the proposed rule requires PPSIs to make available to FinCEN, or its designee, upon request, all certifications submitted to the PPSI’s primary federal payment stablecoin regulator or state payment stablecoin regulator certifying that the PPSI implemented an AML/CFT program.

Enforcement

FinCEN seeks comment on its proposed supervision and framework that subjects PPSIs to the same framework proposed by banks aligned with the AML Act’s emphasis on effectiveness and risk-based supervision.

Specifically, a PPSI that has properly established an AML/CFT program would not be subject to an AML/CFT enforcement action based on a violation of the proposed rule or to a significant AML/CFT supervisory action based on a violation of the proposed rule by FinCEN or by a primary federal payment stablecoin regulator, when acting under supervisory authority delegated by FinCEN, except with respect to a significant or system failure to implement, in all material respects, a properly established AML/CFT program.

Notwithstanding, the proposed rule would not restrict an AML/CFT enforcement action or significant AML/CFT supervisory action with respect to a failure to properly establish an AML/CFT program. Nor would the proposed rule affect the factors that FinCEN applies in the disposition of a violation once FinCEN has determined that such violation involves either a failure to properly establish an AML/CFT program or a significant or system failure to implement an AML/CFT program.

Importantly, under the proposed rule, the primary federal payment stablecoin regulator would be required prior to 30 days before taking enforcement action to provide a written notice to the Director of FinCEN with an opportunity to review any action and consider any input offered by the Director, which may include any view as to the effectiveness of the PPSIs AML/CFT program. The written notice would provide a copy of the primary federal payment stablecoin regulator’s proposed action, the relevant nonprivileged workpapers, and any information submitted by the PPSI to the primary federal payment stablecoin regulator.

The proposed rule sets forth the factors that the Director of FinCEN would consider in determining whether to take an enforcement action or significant supervisory action with respect to the PPSI.

Sanctions Compliance Program

U.S. sanctions administered by OFAC impose strict liability, meaning that persons, including PPSIs, may be held civilly liable for sanctions violations even without having knowledge or reason to know that it was engaging in a violation. Willful violations can also result in criminal penalties, including up to 20 years’ imprisonment.

Consistent with the text of the GENIUS Act, OFAC is now proposing regulations requiring PPSIs to adopt a sanctions compliance program. The proposed rule would require PPSIs’ compliance programs to include the five essential components of a sanctions compliance program set forth in OFAC’s 2019 guidance titled “A Framework for OFAC Compliance Commitments” (the 2019 Compliance Framework).[8] Those elements are (i) senior management and organizational commitment, (ii) risk assessment, (iii) internal controls, (iv) testing and auditing, and (v) training. OFAC’s risk-based approach and the five elements intend to provide flexibility to account for rapidly evolving payment stablecoin technologies in the digital assets ecosystem.

Senior management and organizational commitment require the PPSI’s senior management to review and approve the sanctions compliance program and support its implementation. This would include, at a minimum, ensuring that the program applies to all payment stablecoin-related activity; is sufficiently resourced; is fully integrated into the PPSI’s ongoing stablecoin-related operations; routinely provides risk updates (and test results) to senior management; and provides sufficient authority and autonomy to the compliance function to effectively manage U.S. sanctions risks for the PPSI.

PPSIs would be required to conduct sanctions-related risk assessments by conducting holistic assessments of U.S. sanctions risks at “appropriate” intervals; use the risk assessments to inform the PPSI’s operation of its sanctions compliance program; and revise risk assessments as appropriate.

OFAC also states that the technical components of a PPSI’s internal control system are paramount. The PPSI must be able to block, freeze, and reject specific or impermissible transactions that violate federal or state laws, rules, or regulations, including transactions that violate U.S. sanctions regulations. To best effectuate this requirement, OFAC points PPSIs to its Virtual Currency Industry Guidance that provides best practices of internal controls.[9]

PPSIs will need to establish and maintain an independent testing or audit function, accountable to senior management, with sufficient resources, expertise, and authority to identify U.S. sanctions compliance-related weaknesses and deficiencies. Indeed, OFAC provides that routine, comprehensive, independent, and objective testing or auditing of a sanctions compliance program is essential to the program’s continued effectiveness. The proposed rule would require PPSIs to maintain records of these test results and enhancements to their sanctions compliance programs and to provide such records to OFAC upon request.

The proposed rule would further require a PPSI to establish and maintain a risk-based compliance training program that is performed at least annually and with a frequency appropriate to the PPSI’s risk assessments and risk profile. This would require training for all relevant personnel and stakeholders that is tailored to each trainee’s role and responsibilities, modified to reflect risk assessments findings and deficiencies, and designed to include easily accessible resources and materials to relevant personnel and stakeholders.

The sanctions compliance program requirements in the proposed rule may not have a significant impact on how PPSIs approach their sanctions compliance framework, as these requirements are lifted from the existing 2019 Compliance Framework. However, the rule introduces penalties for “material violations” and “knowing violations” of the requirement to maintain an effective sanctions compliance program of up to $100,000 for each day the violation continues. The rule would therefore raise the stakes of failing to maintain an effective sanctions compliance program for PPSIs, as these penalties could compound quickly.

Request for Comment

Treasury seeks comments on a host of aspects of the proposed rule. Comments to the proposed rule are due by June 9, 2026. Given the breadth of the requirements being imposed, PPSIs and other financial institutions should review the proposed rule fully to assess the impact it may have on PPSIs particularly given the expansion of stablecoins in both primary and secondary markets.

[1] 91 Fed. Reg. 18,582 (Apr. 10, 2026).

[2] See 31 CFR part 1022.

[3] Fed. Reg. 18,704 (Apr. 10, 2026).

[4] The AML/CFT Priorities set out the priorities for the U.S. government’s AML/CFT policy as required by the Anti-Money Laundering Act of 2020 (AML Act).

[5] While the AML/CFT officer must be located in the U.S., personnel located outside of the U.S. will be permitted to perform certain AML/CFT functions (this does not alter existing regulations and guidance, however, that generally prohibits the sharing of SARs with personnel located outside of the U.S. other than limited circumstances such as a bank’s foreign head office or controlling company). In addition, the GENIUS Act prohibits an individual who has been convicted of a felony offense involving insider trading, embezzlement, cybercrime, money laundering, financing of terrorism, or financial fraud from serving as an officer or director of a PPSI. FinCEN seeks to adopt this requirement to the PPSI’s AML/CFT Program requirement.

[6] Executive Order 14331, Guaranteeing Fair Banking for All Americans, 90 FR 38925 (Aug. 12, 2025).

[7] The proposed rule additionally seeks to align the treatment of PPSIs with the treatment of other financial institutions for purposes of information sharing under Sections 314(a) and 314(b) of the USA PATRIOT Act (to be implemented in 31 CFR 1033.520 and 1033.540); enhanced due diligence for correspondent accounts for foreign financial institutions and banks and for private banking accounts (to be implemented under in 31 CFR 1033.610, 1033.620, and 1033.630); and the special measures under Section 311 of the USA PATRIOT Act and other statutory authority (as codified in 31 CFR 1010.658 et seq).

[8] See OFAC, A Framework for OFAC Compliance Commitments (May 2, 2019), available at https://ofac.treasury.gov/media/16331/download?inline.

[9] OFAC, Sanctions Compliance Guidance for the Virtual Currency Industry (Oct. 2021), available at https://ofac.treasury.gov/media/913571/download?inline.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Paul M. Tyrrell

Boston

ptyrrell@sidley.com

Andrew J. Sioson

Washington, D.C.

asioson@sidley.com

Kristin S. Teager

Washington, D.C.

kteager@sidley.com

Stanley J. Boris

Washington, D.C.

sboris@sidley.com

Jess Cheng

New York

jcheng@sidley.com

Maura Rezendes

Washington, D.C.

maura.rezendes@sidley.com

Jen Fernandez

Washington, D.C.

jen.fernandez@sidley.com

Andrew W. Shoyer

Washington, D.C.

ashoyer@sidley.com

You might also like
Evolving AML/CFT Expectations and Enforcement Priorities as FinCEN Releases FY 2025 Year in Review

On April 16, 2026, the Financial Crimes Enforcement Network (“FinCEN”) released its Year in Review for Fiscal Year 2025 (the “FY 2025 Report”). The report provides a concise overview of recent regulatory and enforcement developments in the financial crimes space and offers insight into FinCEN’s evolving priorities.

Five Key Takeaways From 2025 U.S. Sanctions Enforcement

U.S. sanctions enforcement activity in 2025 underscored the U.S. government’s continued commitment to robust enforcement of the various sanctions programs primarily administered and enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). OFAC’s 2025 enforcement actions also signaled the agency’s substantive priorities and, perhaps most important, highlighted its compliance expectations.

FinCEN Postpones Effective Date of Anti-Money-Laundering Rule for Investment Advisers and Exempt Reporting Advisers

On July 21, 2025, the U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN) announced that it intends to postpone the effective date of the final rule requiring anti-money-laundering (AML) programs for certain investment advisers (the IA AML Rule). The rule, previously scheduled to take effect on January 1, 2026, will now be delayed until January 1, 2028.