Stablecoin ID Rule Stops at the Bank Door, Sparing Peer-to-Peer

Federal regulators have laid out the first concrete answer to one of the most-watched questions in crypto policy. A joint proposal released June 18, 2026 by FinCEN and four other federal agencies would require stablecoin issuers to verify the identity of their direct customers, in the same way banks do, while leaving the millions of peer-to-peer stablecoin transfers that move between ordinary users on public blockchains entirely outside the ID perimeter. The 60-day public comment period that opened with the rule is where the fight over what got left out will be decided.

Federal Reserve Governor Michael S. Barr, the only sitting governor to file a separate statement on the proposal, said the rule “does not do enough so far to address the risks of illicit finance conducted through secondary market transactions in payment stablecoins.” Banks including JPMorgan Chase, per a POLITICO write-up of a recent Fox Business interview, are expected to argue during that comment window that the perimeter is too narrow. The agencies, for their part, are explicitly asking for feedback on whether the ID obligation should be extended to secondary market activity.

The Proposal and the Five Agencies Behind It

The rule is a joint notice of proposed rulemaking under the GENIUS Act, the law that directs federal regulators to treat permitted payment stablecoin issuers as financial institutions under the Bank Secrecy Act. The five agencies on the filing are FinCEN, the Office of the Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the National Credit Union Administration. The proposal, detailed in the joint GENIUS Act customer identification program rulemaking released June 18 and scheduled for publication in the Federal Register on June 22, 2026, would force stablecoin issuers to run a customer identification program on anyone who opens an account, holds stablecoins, or redeems them for dollars. The rule represents the first major implementation step under the GENIUS Act for customer identification, building on a separate anti-money laundering rulemaking FinCEN proposed on April 10, 2026.

The required CIP elements resemble those banks use. The rule says issuers must maintain reasonable procedures for verifying the identity of any person seeking to open an account, keep records of the information used to verify identity (including name, address, and other identifying information), and check whether the customer appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. Comments on the notice will be accepted for 60 days after publication in the Federal Register. Treasury’s FinCEN is also running a separate rulemaking on broader anti-money laundering obligations for stablecoin issuers, on a parallel track.

And the contestable scope of the rule is where it stops. The proposal explicitly preserves peer-to-peer stablecoin transfers on the secondary market, drawing a line the agencies admit could be drawn elsewhere.

FinCEN and the agencies are also running a separate but related anti-money laundering rulemaking, released on April 10, 2026, that would extend broader AML obligations to stablecoin issuers. The two rulemakings together would, if finalized, give regulators a more complete enforcement perimeter than the CIP rule alone. They are also running a parallel track on stablecoin issuer reporting forms.

By the numbers: 5 federal agencies on the rulemaking. 60-day public comment window. Stablecoins account for 84% of all illicit crypto transaction volume in 2025. Illicit crypto addresses received at least $154 billion in 2025.

The Primary-Secondary Split That Holds the Rule Together

The single most consequential decision in the notice is the line it draws between primary market and secondary market activity. Without that line, the rule would be unworkable, and the agencies say as much in the rule’s text. The choice has practical consequences for every stablecoin user in the country.

The primary market covers any direct relationship with the issuer. That includes issuing tokens, redeeming them, converting, repurchasing, burning, and reissuing, plus any associated custodial services. That is where the customer identification program obligations apply. By contrast, mere ownership of a stablecoin, or transfer between non-issuer parties through a smart contract, does not create an “account” under the rule, and so does not trigger the ID requirement.

The proposed definitions of “account” and “customer” are built around this distinction, and the agencies are also explicitly seeking comment on whether the approach is correct. The choice has practical bite: without the carve-out, a permitted payment stablecoin issuer could face CIP obligations for users that acquire or transfer stablecoins entirely through third parties or self-hosted wallets. The agencies recognized that such a requirement would be hard to implement and could impair stablecoin use in secondary markets, so they wrote the rule to leave that activity out, for now.

Why the Agencies Stopped Short on Wider ID Checks

The agencies’ reasoning is laid out in the rule’s text. Treating every payment stablecoin transfer as creating a customer relationship with the issuer would effectively impose a global obligation to collect and verify user information, an outcome they describe as “nearly impossible to implement and potentially crippling to the industry.” The agencies are asking for comment on whether to extend the rule further. The honest reading is that the agencies have left open the option of stricter secondary-market rules, while declining to take that route in this rulemaking.

The alternative is not theoretical. It would look like address whitelisting, with issuers only allowing tokens to move to blockchain addresses that have completed money laundering and customer identity checks. That possibility has hung over the stablecoin market for years, and the agencies chose not to take it now. The decision is a signal, not a constraint, and the comment period is the moment to test whether the line will hold.

The reason the call is plausible is that stablecoin issuers already have powerful enforcement tools. The Tether freeze of $344 million in USDT in April 2026 showed what issuers can do at the smart-contract level.

Tether collaborated with the Department of Justice and U.S. law enforcement to freeze the funds across two Tron wallets on April 23, 2026, and OFAC updated its designation of the Central Bank of Iran the next day to add the addresses. The freeze happened with no court order and no legal proceeding, just an issuer acting on flagged information. The same blacklist capability could, in principle, be applied to any address the issuer chose, which is why the regulator’s restraint on secondary-market rules reflects a deliberate policy choice, grounded in feasibility concerns about implementation.

The Privacy Argument That Was Already on Borrowed Time

Stablecoins on public blockchains do not look anything like the digital cash cypherpunks once imagined. Every transfer sits on a permanent public ledger, visible to anyone with a block explorer. The cypherpunk ideal of private digital cash is, in practice, mostly absent from the stablecoin market.

The data is in the same direction. Stablecoins now account for 84% of all illicit crypto transaction volume, per the 2026 crypto crime report introduction on illicit stablecoin volume. Illicit addresses received at least $154 billion in 2025, a 162% jump year over year. The bulk of that increase came from a 694% spike in value received by sanctioned entities, a category that now drives most of the illicit volume.

Blockchain analytics firms cluster wallets to real entities as a business, and stablecoin activity is heavily concentrated around centralized exchanges and custodians that already run their own KYC programs. The transaction graph is, in practical terms, mostly doxxed. That is part of why none of the agencies treated the privacy question as the central one, even with the carve-out for peer-to-peer transfers.

Banks and a Fed Governor Aren’t Done Fighting

Federal Reserve Governor Michael S. Barr released a separate statement on the proposal on June 18. He is the only sitting governor to file one, and the document is on the Federal Reserve’s website.

Barr supports the rule’s issuance but flagged the secondary market gap as the unresolved question. Per Governor Barr’s June 18 statement on the proposal, he said he will “carefully review comments” on whether the CIP obligation should be extended to secondary market activity. He is also assessing whether the broader GENIUS Act framework is adequate to address illicit finance risk.

Banks are expected to weigh in. JPMorgan Chase CEO Jamie Dimon, per a POLITICO write-up of a recent Fox Business interview, called Coinbase CEO Brian Armstrong “full of shit” on crypto regulation and argued that stablecoins still lack proper anti-money laundering requirements. The traditional banking industry has long preferred a tighter compliance perimeter around stablecoins, and the comment period is the venue to push for it. The proposal explicitly asks for comment on the secondary market question, and Barr’s statement makes clear he wants that feedback.

The agencies’ restraint stops short of a final answer. The rule’s text and Barr’s statement both leave the door open to extending the ID obligation to secondary market activity if the comment period produces a case for it.

I remain concerned, however, that the GENIUS Act regulatory framework does not do enough so far to address the risks of illicit finance conducted through secondary market transactions in payment stablecoins.

That was Federal Reserve Governor Michael S. Barr. The statement was released on June 18, 2026, the same day the agencies issued the proposed rule.

The Iran Test of Tether’s $344M Freeze

Tether froze $344 million in USDT in two Tron wallets on April 23, 2026, working with the Department of Justice and U.S. law enforcement. The addresses were linked to the Central Bank of Iran, and OFAC updated its CBI designation the next day to add the wallets to its SDN list. The episode is the strongest empirical answer to anyone arguing that stablecoin issuers lack the tools to police their own tokens, and it was carried out without any court order.

Tether CEO Paolo Ardoino, in a public statement quoted in an April 2026 on-chain analysis of the Iran Tether freeze, framed the action as proof of issuer-side enforcement, saying the company “acts immediately and decisively” when credible links to sanctioned entities are identified. Treasury Secretary Scott Bessent, in a statement quoted by CNN, said the Treasury “will follow the money that Tehran is desperately attempting to move outside the country and target all financial lifelines tied to the regime.” Tether said it has frozen more than $4.4 billion in assets overall, including over $2.1 billion connected to U.S. authorities, working with more than 340 law enforcement agencies in 65 countries. The capacity already exists; the regulatory question is whether the rule should force it on every address.

The Iran freeze, the US sanctions on Iran’s largest crypto exchange, and the broader enforcement campaign show that issuers and the government already have the tools they need to act on flagged wallets. The proposed rule leaves the next decision, whether to extend those tools to every secondary market transfer, to the comment period.

• $344 million in USDT frozen on April 23, 2026 across two Tron addresses linked to the Central Bank of Iran.
• Tether CEO Paolo Ardoino said the freeze was triggered by credible links to sanctioned entities, with no court order required.
• Tether reports more than $4.4 billion in total frozen assets, including over $2.1 billion connected to U.S. authorities.
• The blacklist sits at the smart-contract level, so the same capability could, in principle, be applied to any address the issuer chose.

Frequently Asked Questions

What does the new stablecoin ID rule require?

The rule requires stablecoin issuers to run a customer identification program similar to what banks use. Issuers must verify their customers’ identities, keep records, and screen against government watchlists of known or suspected terrorists. The obligation applies only to the issuer’s direct customers, not to peer-to-peer users on the secondary market.

Will my peer-to-peer stablecoin transfers be affected?

No. Peer-to-peer stablecoin transfers remain outside the rule. Sending stablecoins between wallets does not create a customer relationship with the issuer, so no ID check is triggered by the issuer.

Why are some people pushing for the rule to go further?

Federal Reserve Governor Michael S. Barr and traditional banks including JPMorgan Chase have argued that the secondary market carve-out leaves too large a gap for illicit finance. The 60-day comment period is the venue for that argument.

When could the new rules take effect?

The comment window runs 60 days from Federal Register publication on June 22, 2026. Once comments are reviewed, the five agencies must issue a final joint rule before it can be enforced, a process that usually takes several months.

Disclaimer: This article is for informational purposes only and is not legal, financial, or compliance advice. Stablecoin regulation is evolving rapidly; anyone with exposure to digital asset platforms should consult a qualified legal or compliance professional. Figures are accurate as of publication.