FDIC Proposes Rigorous BSA and Sanctions Standards for Permitted Payment Stablecoin Issuers

Reference: FIL-24-2026

Official publication: Read the full FIL-24-2026 on the agency website

The intersection of traditional depository oversight and the burgeoning digital asset market has reached a critical juncture with the latest regulatory action from the Federal Deposit Insurance Corporation (FDIC). As stablecoins—digital assets designed to maintain a stable value relative to a reference asset—become increasingly integrated into the payment ecosystem, the FDIC has identified a need for standardized, rigorous compliance frameworks. The issuance of this Notice of Proposed Rulemaking (NPRM) signals a shift from discretionary supervisory guidance toward a formal, codified set of expectations for Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC) compliance specifically tailored to stablecoin activities. This move reflects a broader federal effort to mitigate the risks of illicit finance, money laundering, and sanctions evasion that are inherent in distributed ledger technology (DLT) environments.

Executive Summary

• Mandatory Compliance Framework: The proposal establishes formal BSA/AML and sanctions compliance standards for FDIC-supervised institutions that issue “permitted payment stablecoins,” moving beyond ad hoc supervisory expectations.
• Risk-Based Internal Controls: Institutions must implement internal controls that are specifically calibrated to the unique risks of stablecoins, including the speed of transfers and the potential for relative anonymity in blockchain transactions.
• Customer Identification Standards: The NPRM emphasizes the necessity of robust Customer Identification Programs (CIP) and Customer Due Diligence (CDD) that extend to the specific mechanics of stablecoin minting, redemption, and transfer.
• Sanctions Screening Integration: Real-time or near-real-time OFAC screening is highlighted as a core requirement for stablecoin issuers to prevent the facilitation of transactions involving sanctioned jurisdictions or personas.
• Board Oversight and Accountability: The rule proposes heightened requirements for Board-level awareness and approval of stablecoin-related compliance programs and risk appetite statements.
• Interagency Alignment: This proposal appears designed to align FDIC-supervised institutions with broader Treasury Department and Financial Crimes Enforcement Network (FinCEN) priorities regarding digital assets.

What the Regulator Issued

On May 22, 2026, the Federal Deposit Insurance Corporation (FDIC) released a Notice of Proposed Rulemaking (NPRM) to Establish Bank Secrecy Act and Sanctions Compliance Standards for FDIC-Supervised Permitted Payment Stablecoin Issuers. This NPRM serves as a formal invitation for public comment on a proposed regulatory structure that would explicitly define the compliance obligations of state non-member banks and other FDIC-supervised entities engaged in the issuance of stablecoins intended for use as a medium of exchange. The issuance follows a series of interpretive letters and interagency statements that previously provided a more fragmented view of regulatory expectations. By moving to a formal rulemaking process, the FDIC is seeking to provide greater legal certainty while simultaneously raising the bar for institutions entering the digital asset space.

Who Is Impacted

The primary impact of this proposed rule falls upon FDIC-supervised financial institutions, including state-chartered banks that are not members of the Federal Reserve System. Specifically, any such institution that currently issues—or intends to issue—what the FDIC classifies as a “permitted payment stablecoin” will be subject to these standards. The term “permitted payment stablecoin” is a critical designation within the NPRM, likely referring to stablecoins that meet specific safety and soundness criteria previously outlined by the agency. Beyond the issuers themselves, the rule will have significant downstream effects on third-party technology providers, wallet service providers, and institutional users who rely on bank-issued stablecoins for settlement and liquidity. Compliance officers, internal auditors, and risk management professionals within these institutions will need to significantly recalibrate their frameworks to meet the granular requirements proposed by the FDIC.

Key Dates and Deadlines

As this is a Notice of Proposed Rulemaking, the standards are not yet effective. The FDIC typically allows for a public comment period of 60 days following the publication of the NPRM in the Federal Register. While the specific close date for comments is dependent on the official Federal Register filing, participants should anticipate a late summer deadline for submitting feedback. Following the comment period, the FDIC will review the input and may issue a Final Rule, which would likely include an implementation grace period. For institutions currently engaged in stablecoin activities, the FDIC has indicated that current supervisory expectations remain in place, but that the proposed standards should be viewed as the eventual benchmark for compliance.

Practical Action Checklist

1. Conduct a Gap Analysis: Compare existing BSA/AML programs against the specific stablecoin standards outlined in the NPRM to identify deficiencies in monitoring and reporting.
2. Update Risk Assessments: Formalize a digital asset-specific risk assessment that evaluates the idiosyncratic risks of the specific distributed ledger technology (DLT) utilized by the institution.
3. Enhance Transaction Monitoring: Implement or upgrade blockchain analytics tools to monitor for suspicious patterns, such as rapid layering or interaction with high-risk mixers and tumblers.
4. Review CIP/CDD Procedures: Ensure that customer identification procedures are robust enough to handle the onboarding of users within a digital asset context, including verification of wallet ownership.
5. Integrate OFAC Screening: Embed automated sanctions screening into the smart contracts or administrative layers of the stablecoin to prevent prohibited minting or redemption.
6. Evaluate Third-Party Risks: Perform enhanced due diligence on any third-party providers involved in the stablecoin lifecycle, including custodians and software developers.
7. Update Training Programs: Develop specialized training for compliance staff and front-line personnel regarding the technical mechanics of stablecoins and associated illicit finance typologies.
8. Formalize Board Reporting: Establish a regular cadence for reporting stablecoin compliance metrics and risk exposures to the Board of Directors or a designated committee.
9. Review Data Privacy Constraints: Analyze the tension between AML reporting requirements and data privacy laws, particularly in the context of public or semi-public blockchain data.
10. Document Compliance Decisions: Maintain a detailed administrative record of the rationale behind the design and implementation of the stablecoin compliance program.
11. Assess Capital and Liquidity Impacts: While focused on compliance, institutions should also evaluate how the new standards might affect the operational cost and liquidity profile of their stablecoin offerings.
12. Prepare Public Comments: Identify areas of the proposal that are technically infeasible or commercially burdensome and prepare data-driven comments for submission to the FDIC.

Open Questions / Watch Items

The NPRM leaves several critical areas open for further interpretation or subsequent guidance. One of the most significant open questions involves the treatment of “unhosted wallets” and the extent to which an issuing bank must monitor transactions that occur on a secondary market between non-customers. The FDIC’s position on the “travel rule” as it applies to stablecoin transfers remains a point of high interest, particularly regarding how institutions will communicate required originator and beneficiary information across disparate blockchain protocols. Additionally, the interaction between this FDIC proposal and potential legislative developments in Congress regarding a comprehensive stablecoin framework could lead to significant revisions. Market participants should also monitor for any divergent standards issued by the Federal Reserve or the OCC, as interagency consistency is vital for a level playing field in the digital asset market.

My Law Tampa publishes this memorandum as part of its ongoing commitment to providing detailed regulatory analysis for the legal and compliance community. We monitor federal and state regulatory developments to assist in the interpretation of complex administrative actions that impact the financial services industry.

This memorandum is provided for informational purposes only and does not constitute legal advice. No attorney-client relationship is formed by the publication or receipt of this document. Readers should consult with qualified legal counsel to discuss the specific application of these proposed rules to their unique circumstances and operations.

Source Materials

• Official publication: FIL-24-2026
• Regulator archive: FDIC memo archive
• Memo library: browse the full regulatory memo archive
• Related memo: Modernizing the CAMELS Framework: Analyzing the FDIC’s Proposed Revisions to the Uniform Financial Institutions Rating System
• Related memo: FDIC Compliance: Analysis of the 2026 Updated Q&A on Official Signs and Advertising Requirements
• Related memo: FDIC Announces Supervisory Relief for Northern Mariana Islands Following Typhoon Sinlaku