Stablecoin Customer ID Rules Create a Redemption Puzzle for Crypto Issuers
The Financial Crimes Enforcement Network (FinCEN) and five federal banking agencies have proposed new customer identification requirements for permitted payment stablecoin issuers (PPSIs), but the rules create a potential operational conflict that could force crypto firms to choose between compliance and redemption promises. The proposal, released in early July 2026, requires stablecoin issuers to collect and verify customer identification information before opening accounts, yet also demands that issuers redeem stablecoins on demand from any holder within two business days, even if they have no prior relationship with that customer.
What Are the New Stablecoin Customer Identification Requirements?
The proposed rule implements requirements from the GENIUS Act, a 2024 law that created the first federal framework for stablecoin regulation. Under the new proposal, PPSIs must establish written, risk-based customer identification programs (CIPs) that collect specific information before an account opens. The rule also requires identity verification within a reasonable timeframe and procedures for handling verification failures, including when to decline account opening or file suspicious activity reports (SARs).
Comments on the proposal are due August 21, 2026, giving the crypto industry roughly six weeks to weigh in on the framework. The agencies involved include the Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Office of the Comptroller of the Currency (OCC).
Why Does the Redemption Requirement Create a Compliance Challenge?
The core tension lies in how the proposal defines "customer." The agencies propose that CIP obligations apply only to customers with "formal" account-holding relationships with the issuer, primarily in primary market activities like direct issuance and redemption. However, the proposal explicitly states that PPSIs must establish a formal account relationship and complete all CIP procedures before processing a redemption request.
This creates a practical problem: if a stablecoin holder obtained their coins on a secondary market (like a crypto exchange) and wants to redeem them directly with the issuer, the issuer would need to complete full customer identification procedures on the spot, even though they have no prior relationship with that person. The GENIUS Act requires redemption within a reasonable period, currently proposed as two business days. Meeting both the redemption timeline and the CIP requirements simultaneously could prove difficult or impossible for some issuers.
The proposal notes that this approach contrasts sharply with how regulators treat analogous financial services. Check-cashing, money order sales, and nonreloadable prepaid cards are all exempt from establishing formal account relationships and triggering CIP obligations, even though they involve one-off transactions with unknown parties.
How Are Stablecoin Issuers Expected to Navigate This?
The proposal offers one potential workaround: issuers can use an "intermediated model" that routes secondary market liquidity through institutional partners rather than offering direct redemption to every retail holder. Under this approach, an issuer would only need to complete CIP procedures with a small number of institutional intermediaries, not with hundreds of thousands of downstream retail customers.
The agencies acknowledge that this intermediated approach aligns with how regulators have long treated clearing and deposit infrastructure providers, which are not required to "look through" independent intermediaries to perform customer identification on downstream retail participants. However, this strategy requires issuers to explicitly limit their direct redemption policies, which may conflict with marketing claims or customer expectations.
Steps Stablecoin Issuers Should Take to Prepare for the New Rules
- Design Redemption Policies Carefully: Issuers should decide whether to offer direct redemption to all holders or use an intermediated model with institutional partners, as this choice directly determines which customers require CIP procedures.
- Evaluate Digital Identity Solutions: The proposal requests comment on whether digital IDs and verifiable credentials should be permitted for customer verification, but significant uncertainty remains about data extraction, decryption, and record retention requirements for these technologies.
- Plan for Reliance Framework Limitations: The proposal limits PPSIs' ability to rely on third-party CIP procedures exclusively to financial institutions supervised by a federal functional regulator, potentially freezing out reliance on non-federally supervised entities.
- Prepare Comment Submissions: With the August 21 deadline approaching, issuers should submit detailed feedback on implementation challenges, particularly regarding the tension between redemption timelines and customer identification procedures.
What Do Regulators Say About Secondary Market Concerns?
The proposal has drawn scrutiny from within the Federal Reserve itself. Michael Barr, a member of the Board of Governors of the Federal Reserve, issued a statement expressing concern that the GENIUS Act's regulatory framework "does not do enough so far to address the risks of illicit finance conducted through secondary market transactions in payments stablecoins." Barr indicated he would "carefully review comments" on whether CIP obligations should extend to secondary market activity.
"The GENIUS Act's regulatory framework does not do enough so far to address the risks of illicit finance conducted through secondary market transactions in payments stablecoins," stated Michael Barr, member of the Board of Governors of the Federal Reserve.
Michael Barr, Member of the Board of Governors of the Federal Reserve
However, the agencies counter that extending CIP obligations to secondary market activity may be unnecessary given the robust on-chain tracking capabilities of blockchain analytics and the fact that downstream intermediaries like exchanges and wallet providers already bear independent CIP obligations. Additionally, PPSIs are required to maintain capabilities to block and freeze tokens and wallets to enforce legal or sanctions orders.
What Remains Uncertain About Digital Identity Verification?
While the proposal does not mandate the use of digital IDs or verifiable credentials, the request for comment solicits input on whether and how the regulatory text should specify such use. The agencies have previously acknowledged that financial institutions may use electronic credentials like digital certificates as acceptable nondocumentary methods to verify customer identity over purely electronic channels.
However, significant uncertainty persists. It remains unclear whether a PPSI must extract and decrypt the underlying raw attributes of a decentralized ID to satisfy baseline customer identification data fields, or if a cryptographic attestation alone would be compliant. Additionally, traditional record retention rules require firms to maintain the exact information used to verify an identity for five years after account closure, but it is unclear how issuers can legally satisfy this mandate when relying on ephemeral digital credentials, zero-knowledge proofs, or privacy-preserving decentralized ledgers that do not permanently store customer data.
The proposed rule represents the latest step in implementing the GENIUS Act, which was passed in 2024 as the first comprehensive federal framework for stablecoin regulation. The April 2026 proposed rule on anti-money laundering and countering the financing of terrorism (AML/CFT) compliance explicitly deferred customer identification requirements to this later rulemaking, arriving just one month before the July 18 GENIUS Act rulemaking deadline.