Map your jurisdictional obligations

Compliance begins by identifying which regulatory frameworks govern your operational footprint. In 2026, the landscape is defined by two primary regimes: the European Union’s Markets in Crypto-Assets (MiCA) regulation and the United States’ Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act. Operators must determine their legal domicile and the location of their users to apply the correct rules.

The GENIUS Act, enacted on July 18, 2025, establishes a federal framework for payment stablecoin activities. It generally prohibits any person other than a permitted payment stablecoin issuer (PPSI) from issuing a payment stablecoin in the United States. The law directs the Treasury to treat PPSIs as financial institutions for Bank Secrecy Act (BSA) purposes, imposing anti-money laundering obligations.

In the EU, MiCA requires stablecoin issuers to obtain authorization from national competent authorities. It mandates strict reserve management, ensuring stablecoins are fully backed by a reserve of assets on a 1:1 basis as of the end of each business day. If your operations span both jurisdictions, you must satisfy the stricter of the two regimes for each specific activity, particularly regarding reserve asset eligibility and disclosure requirements.

Structure reserves for daily 1:1 backing

Maintaining strict 1:1 backing is the foundational compliance requirement for any PPSI under the GENIUS Act. The law mandates that reserves must fully cover outstanding stablecoins on at least a one-to-one basis at the end of every business day. This requirement eliminates fractional reserve practices and ensures that every unit of stablecoin in circulation is backed by a corresponding high-quality liquid asset.

Compliance is not a static state but a daily operational cycle. Issuers must calculate their total outstanding supply, verify the availability of reserve assets, execute any necessary rebalancing, and generate an attestation report to prove solvency. The allowable asset classes are strictly limited to ensure liquidity and safety. Permissible assets generally include US dollars, Federal Reserve notes, and funds held at regulated banks or money market funds that invest exclusively in direct US Treasury obligations.

1
Calculate outstanding stablecoin supply

At the close of each business day, the issuer must generate a precise ledger of all outstanding stablecoin tokens. This figure represents the total liability that must be covered by the reserve. The calculation must account for all active tokens across all supported blockchains and wallets, ensuring no discrepancies exist between on-chain supply and the reported liability.

2
Verify reserve asset availability

Once the liability is determined, the issuer must confirm that the reserve account holds sufficient permissible assets. These assets must be segregated from the issuer's corporate operating funds to prevent commingling. The verification process involves checking bank balances and money market fund holdings to ensure they are immediately accessible for redemption by holders.

3
Execute rebalancing if needed

If the reserve balance falls short of the outstanding supply, the issuer must immediately inject additional capital or liquidate other assets to restore the 1:1 ratio. This step must be completed before the business day ends. The rebalancing must use only assets that meet the regulatory definition of permissible reserve assets, such as cash or short-term Treasuries.

4
Generate attestation report

Finally, the issuer must produce a daily attestation report, often verified by an independent third-party auditor. This report documents the exact reserve balance and confirms compliance with the 1:1 backing requirement. The report serves as the primary evidence for regulators and must be retained for audit purposes.

Failure to maintain this daily balance results in immediate regulatory violations. The strict separation of reserve assets from operational funds ensures that even if the issuer faces bankruptcy, the stablecoin holders' funds remain intact and redeemable.

Implement BSA and AML controls

The GENIUS Act, enacted on July 18, 2025, establishes a federal regulatory framework for payment stablecoins that explicitly treats PPSIs as financial institutions under the Bank Secrecy Act (BSA). This designation is not merely symbolic; it imposes the same anti-money laundering (AML) and know-your-customer (KYC) obligations that traditional banks and money services businesses must follow.

Compliance begins with establishing a risk-based AML program that includes internal policies, procedures, and controls designed to prevent the stablecoin network from being used for illicit finance. Under proposed Treasury rules, PPSIs must implement customer identification programs that verify the identity of users engaging in transactions above specific thresholds. This requires collecting and retaining specific data points, such as name, date of birth, and government-issued identification numbers, for each user interacting with the stablecoin infrastructure.

Transaction monitoring is the next critical layer. Issuers must deploy systems capable of detecting suspicious activity patterns, such as structuring, rapid movement of funds across borders, or interactions with sanctioned entities. The Office of the Comptroller of the Currency (OCC) has emphasized that these controls must be integrated into the core operational workflow rather than treated as an afterthought. Failure to maintain effective monitoring systems can result in significant civil money penalties and enforcement actions.

Finally, PPSIs are required to file Suspicious Activity Reports (SARs) with FinCEN when they detect transactions that lack a business or lawful purpose. The reporting timeline is strict, typically requiring submission within 30 days of detection. Maintaining accurate records of these reports and the underlying transactions for at least five years is mandatory. This documentation serves as the primary evidence of compliance during regulatory examinations, ensuring that the issuer can demonstrate a clear audit trail of their AML efforts.

Secure licensing and registration

Obtaining the correct license is the foundational step for any stablecoin issuer. In the United States, the GENIUS Act (Guiding and Establishing National Innovation for US Stablecoins Act) establishes a federal framework for PPSIs. Under this law, only entities that meet strict capital and reserve requirements may issue stablecoins. The Treasury Department has directed regulators to treat these issuers as financial institutions under the Bank Secrecy Act, imposing rigorous anti-money laundering obligations.

In the European Union, compliance follows the Markets in Crypto-Assets (MiCA) regulation. MiCA requires stablecoin issuers to obtain authorization from their national competent authority before launching operations. This process demands detailed whitepapers, proof of reserve assets, and robust governance structures. Failure to secure this authorization results in immediate prohibition from operating within the EU market.

The administrative burden is significant. Issuers must prepare comprehensive documentation proving capital adequacy, reserve custodian agreements, and draft anti-money laundering policies. A legal opinion on the token structure is also typically required to demonstrate compliance with securities and payments law. These documents must be submitted to the relevant regulatory body, whether it is the US Treasury or a national EU authority, before any technical deployment occurs.

Unknown component: ul

Capital Adequacy Proof:
Verified financial statements showing sufficient reserves to back outstanding tokens.
Reserve Custodian Agreement:
Contracts with regulated banks or custodians holding the reserve assets.
AML Policy Draft:
A complete anti-money laundering and counter-terrorist financing framework.
Legal Opinion:
Expert analysis confirming the token structure complies with local financial laws.

For detailed regulatory text, refer to the Federal Register: GENIUS Act Proposed Rule.

Frequently asked: what to check next