On June 18, 2026, FinCEN, together with the OCC, the Federal Reserve Board, the FDIC, and the NCUA, issued a joint Notice of Proposed Rulemaking implementing Customer Identification Program (CIP) requirements for Permitted Payment Stablecoin Issuers (PPSIs) under the GENIUS Act. Published in the Federal Register on June 22, the proposal opens a 60-day public comment period ending August 21, 2026 and builds upon the agencies' broader AML/CFT program proposal released in April.

Stablecoin Issuers Would Adopt Bank-Style Customer Identification Programs

The proposal largely mirrors the CIP framework that has applied to banks for years.

Before opening an account, a PPSI would be required to implement and maintain a written, risk-based Customer Identification Program that collects and verifies basic identifying information, including:

• Legal name

• Date of birth (or formation date for legal entities)

• Physical address

• Government-issued identification number

Issuers would also be required to verify customer identities within a reasonable period of time, screen customers against applicable government lists, maintain CIP records, and provide notice that identity verification is required. Similar to existing banking rules, the proposal would allow limited reliance on other federally regulated financial institutions to perform certain verification functions.

For many stablecoin issuers, these requirements will look familiar. The more consequential question is which users actually trigger them.

The Proposal Draws a Critical Primary-Market vs. Secondary-Market Distinction

The most significant aspect of the proposal is not what information issuers must collect—it's when those obligations arise.

Under the proposed rule, Customer Identification Program requirements attach only when a PPSI establishes a direct account relationship with a customer through activities such as:

• Direct issuance of stablecoins

• Redemption

• Custodial services

• Repurchases, reissuances, burns, or similar primary-market transactions

By contrast, simply holding a stablecoin does not make someone a customer of the issuer.

Secondary-market transactions—including peer-to-peer transfers or transfers executed solely through smart contracts—generally do not create the type of direct relationship that would trigger CIP obligations.

That distinction is particularly important because many stablecoins circulate far beyond the issuer after initial issuance. The proposal recognizes that ownership alone does not establish an account relationship under the Bank Secrecy Act.

However, regulators expressly leave one important question open for comment: whether certain forms of secondary-market activity should also trigger CIP obligations. That issue remains unsettled and will likely become one of the most closely watched aspects of the rulemaking process.

Why This Matters

The proposal transforms the word "customer" from a business concept into a defined regulatory threshold.

For stablecoin issuers, the distinction between primary-market and secondary-market activity will determine where Customer Identification Program obligations begin—and where they do not.

That determination affects:

• Customer onboarding workflows

• Issuance and redemption processes

• Custody structures

• Compliance architecture

• Recordkeeping obligations

• Operational risk

Companies building stablecoin infrastructure today should be designing their onboarding and custody models around the proposed primary-market framework now rather than attempting to retrofit compliance after the final rule is adopted.

The open question surrounding secondary-market activity also presents an opportunity. Because regulators are actively seeking public input, issuers, custodians, exchanges, and other market participants have a meaningful opportunity to influence where that regulatory boundary is ultimately drawn before the rule becomes final.

📌 Sources:
FinCEN: FinCEN, Agencies Propose Rule to Implement GENIUS Act Customer Identification Program Requirement, June 18, 2026 | Federal Register: Permitted Payment Stablecoin Issuer Customer Identification Program, June 22, 2026 | U.S. Department of the Treasury: Treasury Proposes Rule to Implement the GENIUS Act's Requirements to Counter Illicit Finance | FinCEN Fact Sheet: Proposed Rule to Implement GENIUS Act Customer Identification Program Requirement (PDF) | CoinDesk: U.S. Agencies Seek Stablecoin Customer-ID Rules Akin to Banks in New GENIUS Act Rule, June 18, 2026