GENIUS Act Customer ID Rule: Why Stablecoin Issuers Must Know Direct Customers, Not Wallets

Five federal agencies proposed a rule this week requiring payment stablecoin issuers to maintain a customer identification program, the same baseline obligation that already applies to banks.

The Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board, the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA) jointly issued the proposal on June 18, implementing a specific directive inside the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act): stablecoin issuers must verify the identity of the people who open accounts with them directly.

The rule applies to the primary market, where an issuer interacts directly with a customer to mint or redeem stablecoins, and does not apply to the secondary market, where the same stablecoins move between wallets, exchanges, and individuals with no involvement from the issuer at all.

Stablecoins built their growth on letting value move peer to peer without a bank in the middle. The proposed rule sets the issuer's legal responsibility at the edge of its own direct customer relationships, leaving wallet-to-wallet activity outside the customer identification requirement.

What the rule actually requires

A permitted payment stablecoin issuer (PPSI), the GENIUS Act's term for an authorised issuer, must collect a customer's name, date of birth or formation, address, and an identification number before opening what the proposed rule calls an account. The agencies define that account narrowly: a formal relationship established for issuing, redeeming, or providing custody of stablecoins or their reserves. The rule states that owning or transacting in a stablecoin alone does not create an account relationship, and that interacting only with a smart contract does not make someone a customer of the issuer behind it.

FinCEN estimated that an average issuer would have roughly 1,000 direct primary market customers, with the total population of permitted issuers expected to reach around 50 within three years of the GENIUS Act taking effect. Hundreds of millions of people hold or use stablecoins. The customer identification obligation reaches a few hundred thousand institutional and high-volume counterparties.

Why the line sits where it does

The agencies considered and rejected a broader approach in the proposal text. Treating every stablecoin transfer as creating a customer relationship with the issuer, regardless of how many intermediaries sat between the issuer and the end user, would have imposed what the agencies called a nearly impossible global identification obligation, one they assessed could cripple the industry's basic functioning. The proposal anchors customer identification to direct, formal relationships, the same standard banks, broker-dealers, and mutual funds already operate under.

A separate bill moving through Congress would ban a Federal Reserve digital dollar through 2030 while protecting privately issued stablecoins that preserve cash-like privacy. Both measures limit government visibility into a transaction as the variable regulators choose to leave alone, even while tightening the compliance perimeter around issuers themselves.

What stays outside the rule

The proposal states clearly what it does not cover. An individual who buys a stablecoin from an exchange, sends it to a merchant, or swaps it for another digital asset through a smart contract creates no customer relationship with the issuer at any point in that chain. The agencies wrote into the rule that ownership or control of a stablecoin, on its own, does not constitute an account. The secondary market, where most stablecoin volume moves, sits outside this customer identification obligation.

The agencies stated directly that requiring issuers to identify every person who ever touches their stablecoin downstream would be operationally unworkable given how the technology functions. Stablecoins move via blockchain-based smart contracts the issuer does not monitor transaction by transaction once tokens leave the primary market. Millions of users are already shifting toward stablecoins over their own national currencies, almost entirely through this unmonitored secondary layer the rule leaves untouched.

What happens next

The five agencies are accepting public comments for 60 days after the proposal's publication in the Federal Register, with specific questions about whether digital identity tools and verifiable credentials should be written into the rule explicitly. The compliance date, once finalised, would arrive 12 months after the final rule is issued.

The proposal answers a question that has shadowed fintech policy since stablecoins began moving real volume: not whether issuers should know their customers, but which customers count as theirs to know. Regulators drew that line at the issuer's front door and nowhere past it, which means the part of the stablecoin economy that grew fastest is the part this rule does not reach.

Editor's note

Every piece published on The Bright Minded goes through careful verification, but mistakes can happen. If you spot an error, have additional information, or want to flag anything, write to rosalia@thebrightminded.com.