By Preserve Gold Research
Stablecoins were once sold as a cleaner, faster, more programmable form of money. They now look increasingly like a digital payments layer being pulled deeper into the logic of state compliance. That shift has been building for years, but the Treasury’s April 8 proposal has made it much clearer. What used to exist as a patchwork of issuer choices and money-services-business obligations is being pushed toward something more formal, more explicit, and harder to separate from the mechanics of the instrument itself.
It’s not that Washington has only just recently discovered illicit-finance risk in digital assets. It did that long ago. The U.S. government is now trying to translate those concerns into a stablecoin architecture that can be supervised, audited, and, when necessary, interrupted. In practice, that means moving compliance away from the edges, where it’s subject to interpretation and voluntary cooperation, and into the core design of stablecoins.
From Patchwork Oversight to Formal Mandate
The joint Notice of Proposed Rulemaking (NRPM) released by FinCEN and OFAC on April 8 and published in the Federal Register is the clearest expression yet of that direction. The proposal would carry out provisions of the GENIUS Act by classifying permitted payment stablecoin issuers, or PPSIs, as financial institutions under the Bank Secrecy Act. It would also require them to maintain sanctions compliance programs that are not optional, not informal, and not the kind of measure discussed only after the fact in an enforcement review, but a binding obligation.
Comments are due June 9, and the Treasury has asked whether the final rule should take effect 12 months after it’s issued. Those dates matter, but the deeper significance lies in the structure taking shape behind them. Washington is pulling stablecoin issuers into a far more explicit regulatory framework, and it’s doing so in a way that reflects the state’s core priorities: financial surveillance, sanctions enforcement, and control.
FinCEN’s side would create a new Part 1033 and pull PPSIs into the BSA framework as their own category, rather than leave them operating through the older money-transmitter baseline. OFAC’s side would create a new Part 502 and require every PPSI to maintain a sanctions compliance program with defined minimum elements.
In traditional financial regulation, sanctions compliance has often lived between hard legal prohibition and strong regulatory expectation. Firms knew the exposure was real. They knew OFAC operated on a strict-liability basis in civil enforcement. They also knew a weak compliance program could make a bad situation worse. But the proposal would convert that practical reality into a formal condition of operating as a permitted stablecoin issuer in the United States.
Large stablecoin issuers with U.S. exposure have already spent years building anti-money-laundering programs, screening counterparties, freezing addresses, and managing interactions with banks, custodians, and law enforcement. The sector isn’t moving from zero compliance to full compliance. It’s moving from a regime defined by guidance, classification, and issuer discretion to one defined by statute-anchored obligations, supervisory hooks, and explicit technical expectations.
The difference is important because the law changes how discretion works. A practice can be varied, softened, or selectively emphasized. A formal program requirement backed by examination and enforcement is something else. It reshapes staffing, governance, software architecture, product design, and ultimately market structure.
A Hybrid Asset With Fewer Neutral Zones
The core of the proposal reflects the hybrid nature of stablecoins themselves. A permitted payment stablecoin isn’t just a bank deposit or a fully decentralized bearer instrument. It sits in the middle of those worlds: centrally issued, redeemable against reserves, and capable of moving across open blockchains through smart contracts and secondary markets the issuer doesn’t fully control. The Treasury’s answer to that hybrid structure is to split the compliance burden by domain and then reserve the deepest intervention rights for the places that matter most to state power.
That’s why the distinction between primary and secondary markets sits at the center of the rule. FinCEN largely proposes to keep the heavier AML duties tied to primary-market relationships. Issuance, redemption, conversion, burning, and reissuance, and custodial services are where the issuer directly interacts with customers, conducts due diligence, monitors suspicious activity, and files SARs.
On that front, the framework looks familiar, if more formalized. The AML/CFT program must be risk-based. It must include documented risk assessment processes, ongoing customer due diligence, training, independent testing, and a designated AML/CFT officer located in the United States. The program must be written, approved by the board or senior management, and available to FinCEN on request.
Beyond the Issuer-Customer Relationship
The more consequential move comes elsewhere. Even while FinCEN stops short of imposing a broad duty to monitor all secondary-market transactions for SAR purposes, the proposal still requires issuers to maintain technical capabilities to block, freeze, and reject impermissible transactions, including third-party transactions that interact with the issuer’s smart contract.
It also requires them to comply with lawful orders, including orders affecting stablecoins held by third parties and transactions involving those third parties when the smart-contract interaction touches the issuer’s control plane. That asymmetry matters. The issuer may not be expected to surveil the entire secondary market in the full AML sense, but it is expected to retain enough technical authority to intervene in it.
That’s the hinge on which the broader meaning of the proposal turns. It suggests that the compliance perimeter is migrating into the instrument itself. A regulated stablecoin becomes not just a digital-dollar proxy but a policy-responsive payment object. It must be capable of existing in open circulation while remaining legible to sanctions enforcement and responsive to legal compulsion. The token can travel, but only on the assumption that its issuer remains able, under defined circumstances, to reach back into that movement and stop it.
From the perspective of federal authorities, that’s an attractive solution. It promises a form of enforcement that doesn’t rely entirely on exchanges, banks, or after-the-fact investigations. Sanctions, freezes, rejections, and lawful-order compliance can occur within the payments rail rather than only around it. The state doesn’t need to control every node in an open network if it can exert control through the institutions that issue the network’s most important assets. Stablecoins, in effect, become enforcement-adjacent infrastructure.
When Direct Sanctions Hit Legal Limits
There’s a legal reason this is emerging now. The Treasury’s efforts to address illicit finance in decentralized systems have run into significant legal hurdles. The Fifth Circuit’s 2024 decision in Van Loon held that OFAC exceeded its IEEPA authority by sanctioning immutable smart contracts as property. The Treasury later removed Tornado Cash-related sanctions in 2025 after reviewing the legal and policy complications.
While that didn’t weaken the government’s interest in policing digital-asset flows, it changed the landscape. If direct sanctions against protocol code are legally fraught, pressure shifts toward regulated intermediaries whose systems are designed to be controllable. A permitted payment stablecoin issuer is far easier to supervise, compel, and examine than a decentralized protocol with no obvious administrative center. The proposal reads in part like an adaptation to that reality.
This helps explain why the sanctions side of the rule feels especially forceful. OFAC would require each PPSI to maintain an effective sanctions compliance program with five minimum elements: senior management commitment, risk assessment, internal controls, testing or auditing, and training.
That alone sounds familiar to anyone who has spent time around compliance programs. But the internal-controls requirement is doing more than it would in a conventional setting. It explicitly includes technical capabilities. It’s not enough for an issuer to have policies on paper and screening software somewhere in the back office. The issuer must be able to identify potentially prohibited activity and block or reject transactions that violate or would violate U.S. sanctions across both primary and secondary markets.
The Cost Curve Starts to Narrow the Field
That language carries real market consequences because technical capability is never merely technical. It shapes product design from the start. It favors upgradeable contracts and systems that remain administratively controllable over truly immutable structures. It rewards issuers that can fold sanctions list ingestion, blockchain analytics, case management tools, lawful order workflows, and auditable freeze mechanisms into one coherent operating model. It also raises the fixed cost of serious participation.
Treasury’s own estimates for recordkeeping, reporting, and technology may not fully capture the burden, especially for larger issuers operating at scale. Compliance is expensive in ways that compound over time, and those costs are far easier for large firms or bank-affiliated entrants to absorb than for smaller operators with leaner infrastructure.
That doesn’t only mean more regulation. It points to a narrower definition of what a mainstream U.S. stablecoin may become. The proposal’s own impact analysis reduces the broader stablecoin universe to a much smaller set of plausible payment stablecoins by excluding structures with reserve or yield features that fall outside the GENIUS Act framework. The most likely beneficiaries are the largest incumbents and the issuers most willing to embrace a heavily managed model. The most likely losers are not only smaller competitors, but also any design philosophy built around limiting issuer control after launch.
The stablecoin market has expanded sharply over the past several years, but that growth has increasingly flowed through a small number of dominant issuers. As compliance costs rise, scale may matter even more. Source: DefiLlama stablecoin market capitalization data; Visa Onchain Analytics for secondary validation.
The downstream effects may spread quickly. Custodians and reserve banks would need tighter operational coordination around freezes, redemptions, audit trails, and lawful orders. Payment processors would need greater confidence that the stablecoin rails they rely on will not introduce sanctions exposure or failures in the middle of a transaction. Exchanges could face greater pressure to improve Travel Rule messaging, screening, and information-sharing practices. DeFi protocols, meanwhile, may have to confront a less comfortable reality: stablecoin composability increasingly depends on the issuer’s ongoing willingness and ability to allow the token to function as open liquidity.
Privacy Loses Ground as Compliance Expands
Much of crypto’s utility has rested on the assumption that a stablecoin, once issued, can move through pools, lending markets, exchanges, and peer-to-peer channels with reasonably consistent behavior. A token subject to issuer-administered intervention may still be liquid, but not in the same way. Its liquidity becomes conditional. A transfer could be frozen. A smart contract interaction could fail.
Assets held within pooled or automated structures may become entangled in sanctions-related interventions in ways that private law hasn’t clearly resolved. Who ultimately absorbs the loss when a token is blocked inside a liquidity pool or collateral structure hasn’t been answered either. If anything, the NPRM pushes the uncertainty outward, into market contracts, user disclosures, and, eventually, litigation.
The privacy implications are just as significant, though harder to quantify. The Treasury’s broader digital-asset reporting has acknowledged the legitimate uses of privacy tools and the reality that consumers may want transaction confidentiality for reasons unrelated to crime. At the same time, the government has spent years emphasizing the role of mixers, obfuscation tools, and related infrastructure in sanctions evasion and illicit finance.
The proposal reflects a clear policy preference. Privacy may be tolerated, but only to the extent it remains compatible with screened compliance at regulated points of control. That’s a narrower vision than the one many crypto advocates once imagined. It leaves room for privacy-preserving technologies in theory, especially selective disclosure systems or zero-knowledge approaches, but only if they can be made legible enough to meet compliance expectations.
Stablecoin development may therefore shift toward privacy that is compliant with regulations rather than open-ended anonymity. Issuers, custodians, and processors will be pushed to treat exposure to privacy-enhancing tools as a high-risk signal, even when those tools are being used for lawful reasons. When sanctions programs and secondary market interdiction capabilities become mandatory, firms have every reason to lean toward caution. The cost of underblocking is highly visible and concentrated. The cost of overblocking is usually diffuse and borne by users.
Not State Money, but State-Compatible Money
This is where the concept of a compliance state becomes more than rhetoric. The state doesn’t need to nationalize the network or prohibit all open systems. It can instead shape the incentives so that the private operators of critical digital payment instruments internalize enforcement priorities as a normal part of product design. What emerges is a state-compatible infrastructure. Rules, legal exposure, and supervisory expectations do the work that direct command doesn’t need to do.
There is, to be fair, a case for this approach. Stablecoins are increasingly discussed not as niche crypto instruments but as serious candidates for cross-border payments, settlement flows, and broader digital-dollar distribution. If policymakers are going to tolerate or encourage that role, they’re unlikely to do so while leaving sanctions enforcement and financial crime controls to informal issuer preferences.
The Treasury is effectively saying that if stablecoins want to be part of mainstream payments, they must be built like infrastructure that can bear state obligations. In that sense, the proposal is less a deviation from financial history than an extension of it. Payment systems that become systemically useful don’t remain outside the reach of supervision for long.
Still, something important changes when open-network assets begin carrying hardwired expectations of issuer intervention. The rhetoric of programmability once centered on efficiency, automation, and composability. The next phase may center more on conditionality. Tokens will still be programmable, but the most politically acceptable forms of programmability may be those that allow control and legal responsiveness.
The Market Splits as the Rules Tighten
The shift is also likely to produce a more segmented market. One segment will consist of highly regulated, issuer-controlled stablecoins designed to serve banks, payment firms, and mainstream financial use cases. Another may continue to exist in looser, offshore, or structurally different forms that preserve more distance from U.S. compliance demands but also carry higher legal, access, and liquidity risk. The industry could see a split between assets optimized for legitimacy and assets optimized for resistance, with fewer tokens able to claim both.
The NRPM is a signal about the political future of digital money in the United States. The Treasury is not simply trying to make stablecoins safer. It’s trying to define the terms on which they can become normal. And those terms assume that any financial tools circulating on digital rails must remain governable enough to satisfy the state’s demands.
Some issuers may find that acceptable, even welcome. But for others, it looks like the abandonment of the idea that stablecoins could become a neutral layer between state money and decentralized networks.
As the rules tighten, digital money may become more efficient, but it may also become more conditional and more legible to the state than many early advocates imagined. That shift could leave Americans asking a harder question about what kind of asset still offers real independence. In that environment, diversification may start to look less like a portfolio preference and more like prudence. For some, that may mean revisiting assets such as gold, which do not rely on issuer discretion or permissions for their universal value.
