June 24, 2025 – After several false starts, Congress is now on the cusp of enacting a comprehensive regulatory framework for stablecoins — digital assets designed to maintain a stable value, typically by being “pegged” to a fiat currency, such as the U.S. dollar. Arguably, the primary functions of stablecoins to date have been to serve as a store of value, a currency for digital asset lenders and traders, and an on- and off-ramp into the crypto ecosystem. But many proponents envision a broader role for stablecoins in the payments system, including as a means to effectuate traditional payments and cross-border transactions.
As the potential use cases for stablecoins continue to emerge, many financial institutions are considering how best to approach anti-money laundering (AML) and combating the financing of terrorism (CFT) compliance for stablecoin products in line with regulatory expectations.
Jumpstart your morning with the latest legal news delivered straight to your inbox from The Daily Docket newsletter.
While early adopters have proposed a range of approaches, Congress is now considering two pieces of stablecoin legislation — the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act and Stablecoin Transparency and Accountability for a Better Ledger Economy (STABLE) Act. Each bill would establish a federal regulatory scheme for payment stablecoins that would incorporate a tried-and-true approach to AML/CFT compliance for stablecoins by folding them into the existing U.S. regulatory framework established under the Bank Secrecy Act (BSA).
With both the GENIUS and STABLE Acts on the legislative fast track, firms engaged in stablecoin activities, including issuers, administrators and exchanges, should consider whether their existing AML/CFT programs satisfy the BSA’s extensive requirements and are sufficiently tailored to their business and risk profiles.
Although stablecoins undoubtedly present illicit finance risks, those risks are simply the latest iterations of the same illicit finance risks presented by other financial products and payment rails, albeit with the technological attributes associated with digital assets. The risks can be effectively mitigated through risk-based policies, procedures and controls. This article explores certain key illicit finance risks that stablecoins and stablecoin transactions pose and how firms can seek to manage those risksThe jury at Sean ‘Diddy’ Combs’ sex trafficking trial has reached a verdict on all but one count – and will resume deliberations Wednesday.
AML/CFT program requirements for stablecoin transactions
Stablecoins present similar AML/CFT risks as other digital assets, including anonymity and pseudonymity, risks associated with decentralized finance and treatment of gas fees in permissionless blockchains, and potential for theft and other protocol manipulations.
Unlike other digital asset classes, if a stablecoin issuer does not provide sufficient transparency regarding the reserves backing the stablecoin, it can be difficult to verify the nature and provenance of those assets or even whether the stablecoin is backed at all. An unscrupulous stablecoin issuer could use this lack of transparency to facilitate the laundering of illicitly obtained digital assets or engage in fraud by issuing stablecoins that are not fully backed by the assets the issuer claims to be holding as reserves.
The growing popularity and versatility of stablecoins — and the increased governmental focus as evidenced by the GENIUS and STABLE Acts — mean firms that deal in stablecoins need to closely evaluate their compliance obligations.
U.S. financial institutions that are subject to the BSA must satisfy a host of AML/CFT requirements, ranging from the adoption of an AML/CFT program containing certain regulatorily mandated elements (e.g., internal controls, independent testing, designation of a BSA officer, appropriate training and customer due diligence) to various recordkeeping and reporting requirements.
We highlight below several of the more important components of an effective AML/CFT program and discuss how they may be most relevant in the stablecoin context:
Customer identification program / customer due diligence: Under the BSA’s customer identification program (CIP) rule, most financial institutions are required to have measures in place to verify the true identities of their customers. Even financial institutions that are not expressly subject to the CIP rule, such as money services businesses, tend to implement customer identification processes as a best practice and to help facilitate other compliance functions, such as transaction monitoring and sanctions screening.
Beyond customer identification, certain financial institutions are subject to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network’s (FinCEN) customer due diligence (CDD) rule, which requires covered institutions to implement procedures to understand the nature and purpose of customer relationships, monitor for and report suspicious transactions on an ongoing basis, and identify the beneficial owners of certain legal entity customers.
Financial institutions handling stablecoin transactions should consider ways they can adapt their current CIP frameworks or adopt new processes, as the case may be, to ensure they understand the true identity of their customers and counterparties. Traditional financial institutions adding stablecoin-related services, such as stablecoin custody or cross-border settlement with other financial institutions, may be able to leverage their existing CIP processes.
Stablecoin issuers not presently subject to the CIP rule will need to consider how to create effective procedures for collecting and verifying know-your-customer (KYC) information, particularly if they become subject to affirmative CIP requirements.
Critically, CIP requirements do not extend to third parties, such as the issuer of a stablecoin that an institution custodies for its customers. However, financial institutions should consider conducting risk-based diligence on third parties to align with regulators’ expectations.
Transaction monitoring: All U.S. financial institutions have an obligation to report suspicious activity to FinCEN, including cash transactions exceeding $10,000 and suspicious transactions exceeding $2,000. To comply with their reporting requirements, financial institutions generally implement transaction monitoring systems to flag potentially suspicious transactions or patterns of activity. This often includes monitoring for unusual or unexpected transaction volumes, transaction types and counterparties.
Given the risks associated with stablecoin transactions, it may be difficult to verify whether a particular transaction meets the requirements for “suspicious” activity reporting (involvement of proceeds from criminal activity; evasion of BSA requirements; lack of apparent business purpose; and facilitation of criminal activity). To the extent they are not already doing so, financial institutions should consider incorporating blockchain analytics into their suspicious activity identification and investigation processes to capitalize on the public transparency of blockchain transactions by analyzing the context of transactions in which they are involved.
A host of vendors offer sophisticated transaction monitoring software that financial institutions like banks have used for years. Specialist vendors in the digital asset space now offer advanced blockchain analytics tools designed to automatically detect patterns of suspicious activity, send real-time alerts, enable in-depth investigations and integrate into compliance team workflows.
These tools leverage the public transaction ledgers on which digital asset transactions are recorded and other information gathered by the vendors. Traditional and nontraditional financial institutions offering stablecoin-related services should consider whether blockchain analytics could enhance their transaction monitoring program in line with a risk-based approach to AML/CFT compliance.
Travel rule: The so-called Travel Rule generally requires that, for transmittals of funds of $3,000 or more, the sender’s financial institution ensure that certain information regarding the transmittal, the sender and the beneficiary be included in the transmittal order at the time it is sent to the receiving institution. If the receiving institution is acting as an intermediary in the flow of funds, the receiving institution must include the same information in the transmittal order that it sends to the next receiving institution in the chain.
The Travel Rule presents novel challenges for digital asset transactions, including those involving stablecoins, as blockchains are not designed to transmit the type of information the Travel Rule requires to accompany the transmittal.
Where a financial institution engages in stablecoin transactions that are subject to the Travel Rule, it should consider whether certain of the messaging protocols that have been developed by the digital asset industry to facilitate Travel Rule compliance might be appropriate to ensure the financial institution can send and receive the required information securely. Key considerations will include the technical requirements of such platforms, the practicality of implementing and using them, and the regulatory expectations to which the institution may be subject.
Conclusion
Stablecoins offer a variety of potential benefits, such as a means to store value securely and weather periods of increased market volatility, process faster (if not real-time) transactions, and decrease costs. Like any financial product or service, stablecoins present potential risks. But those risks are becoming more manageable as compliance technology catches up to the pace of innovation. Vendors are continuously developing and improving technologies that will pave the way for more cost-effective AML/CFT compliance solutions for transactions facilitated through stablecoins.
As regulators review and become comfortable with these solutions — and enact laws and regulations designed to regulate them — firms engaging in stablecoin activities or exploring the viability of such activities have better access to compliance tools specifically designed to manage the risks associated with digital assets. The onus remains with each financial institution to ensure its AML/CFT compliance program is appropriately tailored to control those risks.
