The Federal Reserve proposed a rule requiring stablecoin issuers to maintain customer identification programs (CIPs) — the same class of obligation banks carry under the Bank Secrecy Act. Issuers would need procedures to verify customer identity, keep records, and integrate with broader anti-money laundering (AML) frameworks.
This sits alongside — not instead of — the reserve and licensing requirements already moving through the GENIUS Act debate. The signal for builders is compliance surface area: stablecoin infrastructure is converging on bank-shaped obligations, not just token-shaped ones.
What a CIP actually requires
A customer identification program is not a single KYC form. It is a documented system: who you onboard, what identity evidence you collect, how you verify it, when you refresh it, and how you handle failures. Banks have run CIPs for decades. Extending them to stablecoin issuers means issuers — or their banking partners — must operationalize the same workflow.
Typical components:
- Identity verification — government ID, entity documentation for corporate customers, beneficial ownership for shells.
- Record retention — auditable storage of verification artifacts for exam periods measured in years.
- Risk-based tiers — higher limits or product access trigger deeper due diligence.
- Suspicious activity escalation — CIPs feed into SAR (Suspicious Activity Report) pipelines when patterns look wrong.
For a stablecoin issuer, "customer" might mean the end user holding USDC in a self-custody wallet, the exchange listing the token, or the corporate treasury desk minting at scale — depending how the final rule draws boundaries. That definitional work matters more than the headline.
Why stablecoins trigger this now
Regulators treat anonymous digital dollar movement as a AML gap. Stablecoins settle on public chains with pseudonymous addresses. Issuers can enforce compliance at mint and redeem gates, but secondary transfers between wallets bypass issuer visibility unless augmented by travel-rule messaging or on-chain analytics.
The Fed's proposal is an attempt to push identification upstream — to the entity that creates and destroys the token — rather than relying solely on exchanges to police downstream flow. It mirrors how banks are gatekeepers for account-based dollars.
Stablecoin regulation is converging on two questions: are the reserves real, and are the dollars moving between identifiable parties?
The GENIUS Act conversation has focused heavily on reserves. CIP requirements address the second question.
Impact on issuer architecture
Compliance is infrastructure, not policy PDFs. An issuer facing CIP obligations needs:
| Layer | What changes |
|---|---|
| Onboarding API | Identity verification hooks before mint authorization |
| Wallet allowlisting | Link on-chain addresses to verified entities |
| Audit logging | Immutable records of who was verified when |
| Partner integration | Banking-as-a-service and KYC vendors in the critical path |
| Product design | Self-custody without issuer relationship may be restricted or impossible for certain flows |
Issuers already partnering with banks for reserve custody may route CIP through those partners. New entrants without banking relationships face a heavier build-or-buy decision.
Consumer UX shifts too. "Connect wallet and mint" frictionless flows conflict with identification requirements unless verification happens elsewhere in the stack — at the exchange, the wallet provider, or through signed attestations the issuer trusts.
Relationship to GENIUS Act and state rules
Multiple rulemaking tracks run in parallel: federal stablecoin legislation, Fed proposals on identification, state money-transmitter licenses, and Markets in Crypto-Assets (MiCA)-style frameworks abroad. Issuers operating globally patch together the strictest common denominator.
The Fed proposal does not wait for GENIUS Act passage. Rulemaking can proceed on existing authority. Builders should treat proposed rules as directional even during comment periods — product roadmaps that assume anonymous minting at scale are increasingly misaligned with regulatory trajectory.
What this means for builders
Map your compliance boundary. If you touch mint, redeem, or custodial balances, identify where CIP would attach in your flow — and whether partners already cover it.
Treat KYC as latency-critical infrastructure. Verification in the mint path adds seconds to minutes. Design async onboarding or pre-verified tiers before launch, not after regulators ask.
Do not assume self-custody exempts the issuer. Rules may still require issuers to know counterparties at creation and destruction points even if users hold keys afterward.
Watch comment-period definitions of "customer." The technical architecture you build depends on whether customers are end users, intermediaries, or both.
Conclusion
The Fed's stablecoin CIP proposal extends a familiar banking obligation to a new rail. Reserves and redemption credibility remain central, but identification programs add operational depth issuers cannot bolt on late. For anyone building stablecoin infrastructure, the direction is clear: digital dollars are acquiring bank-shaped compliance, and the engineering work to support that starts at onboarding architecture — not at the legal review stage.
