deepidv
Back to News
The Deep Brief · Jun 16, 2026 · 4 min read

Federal Agencies Propose Strict Bank-Grade CIP Rules for Stablecoin Issuers

Five US regulators propose mandatory bank-grade Customer Identification Programs for stablecoin issuers under the GENIUS Act, ending anonymous wallet creation.

Rosalie Chirip
Rosalie Chirip
Senior Editor at deepidv
Federal regulators and stablecoin issuers under new bank-grade Customer Identification Program rules

Five federal agencies just proposed the strictest stablecoin identity verification rule the US has put on the table, and it reads like a banking mandate because that is exactly what it is. The Federal Reserve Board, FinCEN, the OCC, the FDIC, and the NCUA issued a joint proposed rule requiring permitted payment stablecoin issuers to run bank-grade Customer Identification Programs (CIP) — the same identity discipline that governs chartered banks.

The proposal implements the GENIUS Act, which codifies permitted payment stablecoin issuers as financial institutions under the Bank Secrecy Act. The practical effect is direct: issuers can no longer clear transactions or authorize wallet creation under anonymous or unverified parameters. Anonymous minting, as a compliant business model, is over.

**What the Proposed Rule Requires**

The joint proposal lays out three obligations that map cleanly onto the CIP framework banks have run for two decades. First, issuers must apply risk-based procedures to establish and verify each customer's identity at account opening. Second, they must keep immutable records of the user data they collect and of every verification log, so an examiner can reconstruct how an identity decision was made. Third, every customer must be checked through automated comparison against federal watchlists, including terrorist and sanctions lists.

Read together, these requirements close the gap between crypto-native onboarding and the Bank Secrecy Act. An issuer can no longer treat a wallet address as a customer. It now has to know who controls that wallet, prove it knew, and screen that person before any value moves. The proposal removes the option of clearing activity under anonymous or unverified parameters entirely.

**The Secondary-Market Question Is Still Open**

The most consequential part of the proposal may be what it has not yet decided. Fed Governor Michael S. Barr noted that the agencies will examine public commentary on whether to extend identification obligations into secondary-market blockchain transactions — the peer-to-peer transfers that happen after a coin is minted.

That is a much larger surface. CIP at issuance covers the front door. Extending verification to secondary transfers would reach deep into how stablecoins actually circulate, and it would force issuers to think about identity assurance for parties they never directly onboarded. Comment letters on this point will shape whether the rule stays at the perimeter or moves into the transaction graph itself.

**Why This Raises the Onboarding Bar**

Bank-grade CIP across five agencies is not a checkbox. It demands document and biometric verification, durable audit trails, and live sanctions screening — all delivered without driving away the users an issuer is trying to convert. That tension between compliance depth and conversion is the same one every fintech faces when it scales. The difference is that stablecoin issuers now have to clear it across multiple regulators at once.

**How deepidv Closes the CIP Gap**

deepidv is built for exactly this kind of multi-agency mandate. The Arc gateway processes decentralized verifiable credentials and runs sub-150ms client-edge device-posture audits, so an issuer can establish and verify identity at wallet creation without the user drop-off that kills crypto onboarding funnels. Identity assurance happens at the edge, in well under a second, before any wallet is authorized.

Underneath Arc, deepidv's verification engine handles the rest of the CIP stack: risk-based identity checks, immutable verification logs, and automated screening against federal watchlists in a single flow. Issuers get the record-keeping an examiner will ask for and the live sanctions comparison the rule requires, without stitching together separate vendors. For teams already scaling fintech onboarding, the same engine that clears bank KYC clears stablecoin CIP — one pipeline, one audit trail, both regulated workloads.

Stablecoin CIP Rule: Common Questions

What does the proposed stablecoin CIP rule require?
The joint proposal from five federal agencies requires permitted payment stablecoin issuers to run bank-grade Customer Identification Programs. That means risk-based procedures to verify each customer's identity at account opening, immutable record-keeping of collected data and verification logs, and automated comparison against federal terrorist and sanctions watchlists. Issuers can no longer authorize wallet creation or clear transactions for anonymous or unverified customers.
Which agencies issued the stablecoin identity verification rule?
Five agencies issued the joint proposed rule: the Federal Reserve Board, FinCEN, the OCC, the FDIC, and the NCUA. Because the rule is a joint proposal, stablecoin issuers must satisfy a single CIP standard that all five regulators recognize.
How does the GENIUS Act relate to this rule?
The GENIUS Act codifies permitted payment stablecoin issuers as financial institutions under the Bank Secrecy Act. This proposed rule implements that statute by applying bank-grade Customer Identification Program obligations to those issuers, treating them like other regulated financial institutions for identity and screening purposes.
Will the rule apply to secondary-market stablecoin transactions?
Not yet. The proposal currently focuses on identity verification at account opening. Fed Governor Michael S. Barr noted that the agencies will examine public commentary on whether to extend identification obligations into secondary-market blockchain transactions, so the scope could widen after the comment period.
How can stablecoin issuers meet bank-grade CIP without losing users?
deepidv's Arc gateway processes decentralized verifiable credentials and runs sub-150ms client-edge device-posture audits, so identity is established at wallet creation without onboarding drop-off. The underlying verification engine handles risk-based identity checks, immutable logs, and automated federal watchlist screening in one flow, giving issuers the audit trail and live sanctions comparison the rule requires.
TagsCryptoIdentity VerificationRegulationUSStablecoinsAdvancedNews

Relevant Articles

What is deepidv?

Not everyone loves compliance — but we do. deepidv is the AI-native verification engine and agentic compliance suite built from scratch. No third-party APIs, no legacy stack. We verify users across 211+ countries in under 150 milliseconds, catch deepfakes that liveness checks miss, and let honest users through while keeping bad actors out.

Learn More