1. Crypto Regulatory Update: Stablecoin Issuers Just Got Their Federal ID Check

On June 18, 2026, FinCEN — joined by the OCC, the Federal Reserve, the FDIC, and the NCUA — issued a joint proposed rule implementing the Customer Identification Program requirement Congress wrote into the GENIUS Act. The rule, published in the Federal Register today, June 22, opens a 60-day comment period and answers the question every Permitted Payment Stablecoin Issuer (PPSI) has been asking since the statute passed: when, exactly, does someone become your "customer"?

The GENIUS Act already treats PPSIs as financial institutions under the Bank Secrecy Act, which means a CIP isn't optional. What the proposal does is draw the line precisely. CIP obligations attach where a PPSI has a direct relationship with a person — issuing, redeeming, converting, repurchasing, burning, reissuing, or providing custodial services. Mere ownership of the stablecoin, or secondary-market activity that touches the issuer only through a smart contract, does not create an account relationship and does not trigger CIP. That's a meaningful scope limit: it spares issuers from having to identify every wallet that ever touches their token on a secondary exchange, while making clear that anyone with a direct issuance or redemption relationship to the issuer is getting full KYC treatment.

Why it matters for founders: If you're building or advising a payment stablecoin program, this NPRM is the blueprint for your CIP build — and the boundary it draws (direct issuance/redemption relationship vs. secondary-market exposure) is exactly where your compliance budget should concentrate. Comment now, while the agencies are still drawing the line, rather than after it's final.

Launch Legal's Digital Assets & Token Structuring practice helps stablecoin issuers and token projects map exactly which relationships trigger which federal obligations — before a regulator maps it for them.

📌 Source: FinCEN: FinCEN, Agencies Propose Rule to Implement GENIUS Act Customer Identification Program Requirement, June 18, 2026 | Federal Register: Permitted Payment Stablecoin Issuer Customer Identification Program, June 22, 2026

2. Corporate & Securities Law Update: Regulators Ask Market Participants to Help Them Cut Their Own Paperwork

The same day FinCEN tightened the ID rules for stablecoin issuers, the SEC and CFTC went the other direction. On June 18, 2026, the two agencies issued a joint request for public comment (Release No. 2026-56) on harmonizing, modernizing, and streamlining data reporting requirements across the security-based swap market (SEC) and the swap market (CFTC) — building on the Joint Harmonization Initiative the agencies launched under a March 11, 2026 memorandum of understanding.

"Extensive data collection, if not appropriately calibrated, can hinder, rather than enhance, understanding and accountability," said SEC Chairman Paul S. Atkins, adding that he welcomes feedback on how to improve the security-based swap reporting regime "in a manner that protects the integrity of the information and lowers costs." CFTC Chairman Michael S. Selig was just as direct: he's looking to hear from market participants "about the ways we can cut red tape and reduce costs, while still collecting the data we need to conduct our market oversight responsibilities." The request specifically seeks input on harmonization across frameworks, transparency and data quality, operational complexity, standardized identifiers, and implementation. The comment period runs 60 days from Federal Register publication.

Why it matters for founders: If your firm reports under both regimes — a common position for funds and dealers active in both swap and security-based swap markets — you currently run two parallel compliance systems for reporting that, in substance, often describes the same economic activity. This comment period is a direct invitation to tell the agencies which parts of that duplication should go. Showing up with specific, documented pain points carries more weight than a generic comment.

Launch Legal's General Counsel & Regulatory Strategy practice helps scaling companies turn operational compliance friction into a comment the agencies actually have to read.

📌 Source: SEC: SEC, CFTC Seek Public Input on Data Reporting Frameworks for Security-Based Swap and Swap Markets, June 18, 2026

3. From the Launch Legal Bench: Tightening and Loosening Are the Same Strategy

Put this week's two federal rulemakings side by side and the pattern isn't contradiction — it's calibration. On one hand, Washington drew a precise, narrower-than-feared line around who counts as a stablecoin issuer's "customer," then required real KYC exactly there. On the other, the SEC and CFTC are actively asking the industry where reporting requirements collect data that doesn't actually serve oversight. Both moves are the same instinct applied in opposite directions: spend regulatory effort — and force compliance spend — where the risk is real, and cut it where it isn't.

That's not a signal to relax. It's a signal to get specific. The founders and compliance teams who benefit from this kind of recalibration are the ones who can say precisely which of their relationships or data flows falls on which side of the line — not the ones assuming the whole category is either fully exposed or fully exempt. A stablecoin issuer that hasn't mapped its direct-relationship activities against the new CIP proposal, or a dual swap reporter that hasn't catalogued exactly where its SEC and CFTC reporting obligations diverge, is leaving value on the table in both directions: unmanaged risk in one case, an unclaimed cost-cutting opportunity in the other.

This is the core of our Digital Assets & Token Structuring and General Counsel & Regulatory Strategy work — mapping exactly where your obligations sit before a comment deadline, an exam, or a regulator does it for you.

Schedule a consultation if you want help drawing that map.

4. AI & Emerging Tech: Vermont Just Made the AI-Only Therapist a Legal Liability

Vermont spent two consecutive days this month rewriting the rules for AI and consumer data — and the result is one of the most restrictive state packages on the books. On June 16, 2026, Governor Phil Scott signed Act 138 (H.211), a 41-page overhaul of Vermont's data broker law. On June 17, he signed Act 156 (H.816), which bans AI systems from delivering mental health services on their own.

Act 156 creates a new statute, 18 V.S.A. § 7115: no corporation or entity may provide, advertise, or offer mental health services to the public — "including through the use of artificial intelligence" — unless those services are provided by a licensed mental health professional. The law defines "therapeutic communication" broadly enough to capture clinical guidance, emotional support, and collaboration on treatment plans, which means a wellness chatbot that drifts into reassurance-and-coping-strategy territory is squarely in scope, license or no license. There's a real carve-out: clinicians can still use HIPAA-compliant AI tools they review and approve, and FDA-authorized software-based medical products remain usable when a licensed professional prescribes them. But the prohibition itself is categorical, not harm-triggered — it applies from the date of enactment, enforced through Vermont's Consumer Protection Act, which means both the Attorney General and private plaintiffs can sue. Act 138, meanwhile, raises the data broker annual registration fee from $100 to $900, adds a $20,000 surety bond requirement, and — notably — adds new disclosure obligations for whether a data broker shares consumer data with developers of generative AI systems, on top of expanded geolocation and sensitive-data reporting. A materially incorrect filing now carries a $25,000 civil penalty.

Why it matters: Most state AI fights so far have been about labeling AI or attaching liability after harm occurs. Vermont's approach is structurally different — it's an outright operating prohibition on a defined category of activity, triggered the moment you cross the line, not after something goes wrong. Any company running a wellness, coaching, or companion AI product needs to determine right now whether its product's interactions meet Vermont's specific, broad definition of "therapeutic communication." And separately, any company whose data practices touch generative AI training pipelines needs to check Act 138's new GenAI-disclosure requirement before the core data broker provisions take effect January 1, 2027.

Launch Legal's Contracts & Regulatory Compliance practice helps AI and emerging-tech companies determine exactly which side of lines like Vermont's their product sits on — before a state AG or a private plaintiff makes that determination for them.

📌 Source: Office of Governor Phil Scott: Action Taken by Governor Phil Scott on Legislation, June 17, 2026 | PPC Land: Vermont Bans AI-Only Therapy and Tightens Data Broker Rules, June 21, 2026