Stablecoin Compliance Under the GENIUS Act: Consumer Protection Requirements Explained

TL;DR

• The GENIUS Act was signed July 18, 2025—compliance required by January 18, 2027 (or 120 days after final rules, whichever is sooner)
• Consumer protection requirements: 1:1 reserve backing, monthly public disclosures, plain-language fee transparency, explicit redemption policy, and bankruptcy protection for holders
• OCC and FDIC NPRMs are out now (comments due Spring 2026)—the implementation clock is running
• State consumer protection laws are fully preserved—federal framework doesn’t eliminate state AG enforcement risk

For years, stablecoin issuers operated in a regulatory gap. No federal framework. No licensing regime. No uniform disclosure requirements. Consumers holding stablecoins had essentially no federal recourse if an issuer failed, changed its redemption policy, or quietly altered the reserves backing their coins.

That gap closed on July 18, 2025.

The GENIUS Act—Guiding and Establishing National Innovation for U.S. Stablecoins—established the first federal regulatory framework for payment stablecoins in the United States. It created a licensing regime, imposed reserve requirements, and, critically, gave stablecoin holders a defined set of consumer protections with teeth.

This post focuses specifically on the consumer protection side of the GENIUS Act. The AML and sanctions obligations under the Act are covered separately. Here, we’re looking at what you owe your customers—in terms of disclosures, reserves, redemption rights, and protections if things go wrong.

What the GENIUS Act Is and Who It Covers

The GENIUS Act creates a class of regulated entity called a Permitted Payment Stablecoin Issuer (PPSI). Three types of entities can qualify:

1. Federally licensed PPSIs: Non-bank entities licensed directly by the OCC or the Federal Reserve
2. Insured depository institution subsidiaries: Bank subsidiaries approved by their primary federal regulator (OCC, FDIC, or Federal Reserve)
3. State-licensed PPSIs: State-licensed entities whose state framework has been certified as meeting federal GENIUS Act standards

Non-licensed entities that continue issuing stablecoins after the Act’s effective date are operating illegally and subject to criminal prosecution. The consumer protection requirements below apply to licensed PPSIs operating inside the framework.

Consumer Protection Requirements: The Full List

The GENIUS Act imposes a defined set of consumer-facing obligations. These aren’t vague principles—they’re specific requirements that translate directly into compliance program components.

1. Reserve Backing: One-for-One, No Exceptions

Every PPSI must maintain reserves on at least a one-to-one basis for every outstanding payment stablecoin. Each coin in circulation must be backed by an equivalent qualifying asset in reserve.

What counts as a qualifying reserve asset is tightly restricted:

• U.S. coins and currency
• Demand deposits at U.S. insured depository institutions
• Treasury bills, notes, or bonds
• Overnight repo agreements backed by Treasuries
• Central bank reserve balances

What is explicitly prohibited as reserve use:

• Rehypothecation: Pledging reserves as collateral or lending them out
• Proprietary trading: Using reserves to take market positions
• High-risk investments: Leveraged strategies, speculative assets, anything with meaningful principal risk

This is the regulatory answer to the TerraUSD collapse and the broader concern about undercollateralized stablecoins. A PPSI’s reserves must be genuinely liquid, genuinely segregated, and genuinely available to pay holders at any time.

2. Monthly Public Reserve Disclosures

PPSIs must publish monthly disclosures of their reserve composition on their public website. This isn’t an internal report to regulators—it’s a public disclosure obligation designed to give holders visibility into what backs their coins.

The disclosure must show:

• The total value of stablecoins outstanding
• The total value of reserves held
• The composition of reserves by asset type
• Confirmation that reserves meet the statutory requirements

The practical implication: reserve management is now a public-facing compliance function. A PPSI whose reserves drift into non-qualifying assets between monthly disclosures isn’t just in regulatory violation—it’s publicly disclosing a compliance problem.

3. Redemption Policy: Public, Clear, and Binding

Every PPSI must publicly disclose its redemption policy in clear terms. This means telling holders exactly how they can redeem their stablecoins for fiat currency—not a general statement of intent, but a documented procedure.

The redemption framework includes:

• Fixed monetary value redemption: Holders can redeem at the stablecoin’s stated value (typically $1.00 per coin)
• Timing and mechanics: How to submit a redemption request, processing timelines, and any minimum/maximum amounts
• Restrictions, if any: Any conditions under which redemption might be delayed or limited

The redemption policy cannot be changed silently. If a PPSI updates its redemption terms, that’s a material change to a publicly disclosed consumer protection—it requires advance notice.

4. Fee Disclosures: Plain Language with Seven Days’ Notice

All fees associated with purchasing or redeeming stablecoins must be:

• Disclosed publicly and conspicuously
• Written in plain language (not buried in a terms-of-service document)
• Changed only with at least seven days’ prior notice to consumers

The seven-day notice requirement isn’t a suggestion. It’s a mandatory cooling period before any fee increase takes effect. This is a direct consumer protection obligation, modeled on the disclosure requirements that apply to bank fee schedules.

In practice, this means:

• Fee schedules need to be front-page accessible, not buried in disclosures
• Any planned fee change requires a consumer notification process
• Your compliance team needs to own the fee disclosure lifecycle

5. The Yield Prohibition

PPSIs are prohibited from paying yield or interest on payment stablecoins.

This is one of the most consumer-protection-significant provisions in the Act, even though it’s framed as a product restriction. The yield prohibition is designed to prevent stablecoins from being marketed as investment products—which would trigger a completely different regulatory regime—while also protecting consumers from the risk profile of yield-bearing stablecoin structures.

The practical implication: if your platform has been offering any form of yield, reward, or return on stablecoin balances, that product feature is illegal under the GENIUS Act.

Related marketing compliance implication: any consumer communication that implies stablecoin holdings will generate returns needs to be reviewed and updated before the compliance deadline.

6. Bankruptcy Protection: Your Reserves Aren’t the Issuer’s Assets

The GENIUS Act amends Section 541 of the Bankruptcy Code in a way that directly benefits stablecoin holders: stablecoin reserves are excluded from the bankruptcy estate.

Under traditional bankruptcy law, assets held by a company—including customer deposits—can be subject to bankruptcy proceedings and may not be immediately accessible to customers. The GENIUS Act changes this for stablecoin reserves: they are treated as property of the customer, not property of the issuer.

Consequences of this protection:

• Reserves cannot be used to pay the PPSI’s creditors
• Distributions to stablecoin holders must begin within 14 days of the bankruptcy court lifting any applicable stays
• This provides a materially stronger consumer protection than exists for many traditional financial products

The flip side is a compliance obligation: PPSI reserves must be maintained in genuinely segregated accounts that clearly establish their status as customer property. Commingling reserves with operational funds doesn’t just violate the reserve requirements—it potentially undermines the bankruptcy protection.

Where the Regulators Are: OCC and FDIC Rulemaking

The GENIUS Act required implementing regulations to be issued by July 18, 2026. Both the OCC and FDIC have proposed rules actively in public comment.

OCC Proposed Rules (February 25, 2026)

The OCC’s Notice of Proposed Rulemaking, issued February 25, 2026, addressed requirements for OCC-licensed PPSIs, covering:

• Application requirements and chartering procedures
• Permissible activities and activity limits
• Reserve maintenance standards and eligible asset definitions
• Redemption policy requirements and timing
• Capital adequacy and liquidity standards
• Prohibition on yield and interest payments

Comments on the OCC NPRM were due May 1, 2026.

FDIC Proposed Rules (April 7, 2026)

The FDIC Board approved its second GENIUS Act NPRM on April 7, 2026 (Federal Register publication: April 10, 2026), addressing prudential requirements and standards for FDIC-supervised PPSIs and the insured depository institutions that interact with them.

The April 2026 FDIC proposal builds on the FDIC’s December 2025 NPRM, which addressed application procedures for IDI subsidiaries seeking stablecoin issuance approval.

Comments on the April 2026 FDIC NPRM are due June 9, 2026.

What this means for the timeline:

The implementation timeline is tight. Rules must be finalized within months, leaving PPSIs a relatively short window between final rulemaking and the effective date.

What Federal Preemption Doesn’t Cover

One of the most compliance-critical provisions in the GENIUS Act is what it explicitly doesn’t preempt.

The Act preempts state laws related to chartering, licensure, or authorization to operate as a PPSI. A state cannot impose its own licensing requirement on a federally licensed stablecoin issuer.

But the Act is explicit: it does not preempt state consumer protection laws, including common laws, or the remedies available thereunder.

This means state attorneys general retain full enforcement authority over consumer protection claims against GENIUS Act-licensed PPSIs. If a PPSI’s redemption practices are confusing, its fee disclosures are misleading, or its marketing implies deposit insurance that doesn’t exist—state AGs can and will act.

We’ve already covered state AG enforcement risk in the crypto context—the GENIUS Act doesn’t change that dynamic. If anything, it raises the stakes, because now there’s a federal framework to measure consumer protection failures against.

The compliance implication: GENIUS Act compliance and state consumer protection compliance are two separate programs. Meeting the federal disclosure requirements doesn’t insulate you from a state AG who thinks your redemption notices are confusing.

What PPSIs and Custodians Need to Build Now

Given the January 2027 compliance deadline—and the reality that some final rules could arrive months before that—here’s a practical 90-day build framework for organizations operating in or entering the stablecoin space.

Days 1–30: Assess Your Current Gap

Product audit. Review every stablecoin product feature against the GENIUS Act’s prohibited activities list: yield payments, rehypothecation, proprietary trading of reserves. Any prohibited feature needs a product sunset or redesign plan.

Reserve review. Map your current reserve composition against the eligible asset list. Identify any assets that don’t qualify and model the transition timeline. For most issuers, this means converting any money market funds, commercial paper, or foreign government securities to Treasuries and bank deposits.

Disclosure audit. Pull every consumer-facing document that describes your stablecoin: onboarding agreements, fee schedules, FAQs, website pages. Flag anything that: implies yield, doesn’t disclose fees conspicuously, or fails to describe the redemption process clearly.

Days 31–60: Build the Consumer Protection Infrastructure

Redemption policy. Draft and publish a clear, specific redemption policy. Include: how to submit a request, processing time, minimum/maximum amounts, any conditions for delay, and who to contact if there’s a problem. Get legal review. Publish it prominently.

Fee schedule infrastructure. Build a fee disclosure process that: publishes current fees prominently, requires seven days’ advance notice before any change, and has a communication workflow to notify affected customers. This needs to be a compliance-owned process, not an ad hoc marketing decision.

Reserve segregation. Ensure reserves are held in accounts that are clearly, documentably segregated from operating funds. This is both a reserve requirement and a bankruptcy protection prerequisite. Your custodian agreements need to reflect the customer-property status of reserves.

Monthly disclosure process. Build the operations and compliance workflow for monthly reserve composition disclosures: data sources, calculation methodology, review and approval, and publication timeline.

Days 61–90: Test and Document

Disclosure testing. Before go-live with any new disclosure, test it with a sample of consumers or use a readability analysis to verify “plain language” compliance. Complexity in a disclosure is a UDAAP risk even when the underlying product is sound.

Bankruptcy scenario planning. Work through the bankruptcy implications of your reserve structure with legal counsel. Ensure the segregation documentation would withstand a court proceeding. Document the analysis.

State AG exposure mapping. Identify the top three states where your customer base is concentrated and review the applicable state consumer protection laws for any requirements that go beyond federal minimums. State-specific disclosure requirements, right-of-action standards, and attorney general enforcement priorities vary meaningfully.

So What?

The GENIUS Act doesn’t just create compliance obligations for stablecoin issuers—it creates enforceable consumer rights. Holders now have federal backing for their reserve claims, bankruptcy protections, and disclosure rights.

That changes the risk profile for issuers materially. Before the GENIUS Act, consumer protection exposure was diffuse—theoretical UDAAP claims, state law variations, no clear federal standard. After the GENIUS Act, there’s a defined federal standard that an examiner can test against, and a state enforcement apparatus that doesn’t need to invent a theory of liability when the federal standard is already in writing.

For teams preparing for GENIUS Act compliance, the New Product Risk Assessment template includes a fully worked stablecoin example—covering the risk assessment, control framework, and pre-launch checklist for stablecoin products under current regulatory requirements.

See also: Reg E and EFTA coming to crypto and building a crypto complaint handling program for the consumer protection infrastructure you need around any digital asset product.