Feature Regulatory Compliance
15 Days Until the GENIUS Act Regulatory Deadline: What Stablecoin Issuers Need Before July 18
Six federal agencies must finalize GENIUS Act implementing regulations by July 18, 2026. Here's what the OCC capital floor, FinCEN CIP rules, and the compliance timeline mean for stablecoin issuers right now.
Table of Contents
TL;DR
- July 18, 2026 is the statutory deadline for six federal agencies to finalize GENIUS Act implementing regulations — 15 days from today
- OCC’s proposed rule includes a $5M minimum capital floor and 10% immediately available liquidity requirement for federally chartered stablecoin issuers
- Once final rules publish, compliance is required within 120 days or by January 18, 2027 — whichever comes first
- Stablecoin programs without documented capital analysis, reserve management, and attestation infrastructure are running out of runway
The GENIUS Act was signed on July 18, 2025. One year later — July 18, 2026, 15 days from today — the statutory deadline hits for six federal agencies to finalize implementing regulations governing the U.S. stablecoin market.
This isn’t a soft target. The Guiding and Establishing National Innovation for US Stablecoins Act includes an explicit mandate: the OCC, FDIC, NCUA, Treasury, FinCEN, and OFAC must publish final implementing rules by the one-year anniversary of enactment. All agency comment periods closed June 9, 2026. Agencies are in final rule drafting now.
If you’re a stablecoin issuer, a bank that custodies stablecoin reserves, or a fintech building on stablecoin payment rails — the compliance clock starts running when those rules hit the Federal Register. You may have less runway than you think.
Here’s what’s in the regulatory package, what the compliance timeline looks like, and what stablecoin programs need in place before July 18.
Six Agencies, Six Rule Packages — What Each One Does
The GENIUS Act assigned different regulatory responsibilities to six agencies. Understanding which piece belongs to whom is step one for any compliance team mapping their obligations.
OCC: Capital, Liquidity, and Reserve Requirements
The OCC’s proposed rule — published for comment under 12 CFR Part 15 — is the most operationally consequential piece of the implementing regulatory package for stablecoin issuers seeking or holding a federal charter.
The key requirements from the proposal:
$5 million minimum capital floor. Any federally chartered Payment Stablecoin Issuer (PPSI) must maintain minimum capital of $5 million. This is a floor — OCC examiners can impose higher requirements based on program size, business model, and risk profile.
10% immediately available liquidity. PPSIs must hold immediately available liquid assets equal to at least 10% of outstanding stablecoin liabilities at all times. “Immediately available” means cash, Federal Reserve master account balances, or U.S. Treasury securities with 93 days or less to maturity. Not money market funds. Not commercial paper.
1:1 reserve backing with HQLA. Outstanding stablecoins must be 100% backed by high-quality liquid assets. Eligible reserve assets under the proposal: U.S. Treasury securities maturing within 93 days, demand deposits at insured depository institutions, and Federal Reserve balances.
One-business-day redemption. PPSIs must honor par value redemptions within one business day of request.
Monthly independent attestation. Independent third-party attestation of reserve composition and adequacy is required monthly, with annual audited financials.
If your program is built on commercial paper, money market funds, or longer-duration instruments — essentially anything outside the OCC’s proposed HQLA list — you’ll need to restructure before your compliance deadline hits.
FinCEN: CIP, SAR, and BSA Obligations
FinCEN’s implementing rule addresses the most immediate compliance pain point for stablecoin programs: what BSA obligations apply, who counts as a “customer” in the stablecoin context, and how existing MSB registration requirements interface with the new PPSI framework.
The core issues FinCEN is resolving: whether identity verification requirements apply at the wallet level or only at the exchange/custodian level, how stablecoin-specific transaction monitoring thresholds should be set, and what the SAR filing trigger looks like for on-chain transactions.
For a detailed look at the FinCEN CIP rule and its implications for compliance programs, see GENIUS Act and FinCEN’s CIP Rule for Stablecoin Issuers.
FDIC: Custodial Deposit Rules for Reserve Banks
Following the Synapse collapse and the custodial deposit rulemaking that followed, the FDIC’s implementing rules address how stablecoin reserve deposits held at FDIC-insured institutions are treated for insurance purposes.
The core issue: stablecoin reserves held at banks may or may not be FDIC-insured depending on how the custodial accounts are structured and whether individual stablecoin holders can be identified as beneficiaries in the event of a bank failure. The FDIC’s proposed approach builds on its November 2024 custodial deposit rulemaking and extends it specifically to the PPSI reserve deposit context.
Banks holding stablecoin reserves will need to meet specific recordkeeping requirements — maintaining an accurate record of individual stablecoin holders and their corresponding reserve balances — to establish pass-through insurance eligibility for those reserves.
Treasury/OFAC: Sanctions Compliance for PPSIs
OFAC’s implementing regulation formally designates PPSIs as “financial institutions” for sanctions purposes and requires transaction monitoring, blocked property procedures, and OFAC reporting aligned with existing bank requirements.
The technical challenge: blockchain finality. OFAC’s rule is expected to address how PPSIs using smart contract-based freezing mechanisms satisfy blocked property requirements when on-chain transactions can’t be reversed post-execution. This is a gap in existing guidance that the implementing regulation is specifically intended to close.
NCUA: Credit Union Stablecoin Activity
The NCUA’s narrower rule governs whether and how federally chartered credit unions can issue or interact with payment stablecoins. Relevant primarily for credit unions exploring stablecoin payment rails rather than open-market PPSI programs.
The Compliance Timeline — What “120 Days” Actually Means
The GENIUS Act created a compliance trigger tied to final rule publication:
Compliance is required by the earlier of: 120 days after final implementing rules are published in the Federal Register, or January 18, 2027 (18 months from enactment).
Here’s what that calendar looks like:
| If Final Rules Publish On | Your Compliance Deadline |
|---|---|
| July 18, 2026 | November 15, 2026 |
| August 1, 2026 | November 29, 2026 |
| September 20, 2026 | January 18, 2027 |
| October 1, 2026 or later | January 18, 2027 (18-month cap) |
The 18-month backstop is your absolute outer limit. If agencies miss July 18 and rules slip to mid-September or beyond, your compliance deadline doesn’t move past January 18, 2027 — regardless of when the final rules eventually publish.
Note that final rules may not be published all at once. The OCC and FinCEN rules are furthest along in the rulemaking process; FDIC and Treasury rules may follow on a slightly different schedule. The earliest-published final rule starts the 120-day clock for the requirements within it.
The Gaps Most Stablecoin Programs Haven’t Closed
Based on new product risk assessments for stablecoin programs, here are the compliance gaps that show up most consistently:
Capital adequacy characterization. Non-bank PPSIs often haven’t formally characterized capital against the OCC’s proposed floor. If you’re operating as a non-bank entity with capital allocated primarily to reserve backing, the $5M floor may require entity-level restructuring or a capital raise.
Reserve composition vs. the HQLA list. Commercial paper, money market funds, and longer-duration Treasuries aren’t on the OCC’s proposed eligible reserve asset list. If your reserve management policy includes these instruments, you need a reallocation plan and a timeline before your compliance deadline.
Attestation infrastructure. Monthly independent attestation requires a defined audit engagement, standardized reserve reporting, and a monthly close process — not just an annual audit relationship. Most programs haven’t built this. Starting the attestation relationship after final rules publish means you’re building it under deadline pressure.
Redemption operations. The one-business-day redemption requirement is an operational commitment, not a disclosure. Walk through the actual operational flow for a same-business-day redemption request: what banking relationships, payment rails, and treasury operations does it depend on, and can those support the SLA?
Documentation refresh. Examiners will want to see that your stablecoin program’s risk assessment has been updated to reflect the GENIUS Act implementing rules — not just the assessment that existed at launch. Major regulatory changes trigger a new product risk review refresh. For context on this requirement, see GENIUS Act Stablecoin Compliance: What Fintechs Need in Place for the July 2026 Deadline.
What to Do in the Next 15 Days
Whether final rules drop on July 18 or slip to August, here’s what stablecoin programs should complete before the deadline:
1. Classify your entity under the PPSI framework. Federally chartered PPSI, state-supervised PPSI, or bank-issued stablecoin — your category determines your primary regulator, compliance obligations, and specific timeline. If you don’t know with certainty which category you’re in, that’s a counsel call this week.
2. Run the capital and liquidity gap analysis. Measure your current capital position against the $5M floor and your liquid asset holdings against the 10% immediately available liquidity requirement. This is a two-hour exercise with a clear deliverable: a list of gaps and their magnitude.
3. Audit your reserve composition. Map every asset in your reserve portfolio against the OCC’s proposed HQLA list. Everything that doesn’t qualify needs a migration plan with a timeline that fits inside 120 days.
4. Assess redemption operations. Trace the actual operational workflow for a par value, same-business-day redemption. Identify every step where you depend on a third party’s timeline — reserve bank, payment rails, custodian — and document whether their SLAs support the requirement.
5. Start the attestation conversation. Monthly independent attestation needs a pre-defined audit engagement, agreed reporting standards, and a monthly close process before it can happen. If you don’t have these in place, building them after final rules publish puts you behind from day one.
For custody and third-party due diligence requirements that intersect with attestation and reserve management, see GENIUS Act Stablecoin Custody: The Due Diligence Framework Your TPRM Program Doesn’t Cover Yet.
If Agencies Miss the July 18 Deadline
The GENIUS Act included a statutory mandate for agencies, not a self-executing penalty for missing it. If agencies miss July 18, final rules still need to be published — they’ll just be late. The issuer compliance deadline (120 days or January 18, 2027) still applies once rules are published.
The more practical risk of delay is uncertainty. Stablecoin programs that have been building toward a July compliance posture may need to revise timelines and manage investor expectations around regulatory certainty. The programs that have done their gap analysis, audited reserve composition, and started attestation relationships will be in the same position regardless of whether rules finalize on July 18 or August 1.
For a broader view of the 2026 crypto regulatory environment, see 2026 Crypto Compliance Roadmap: Preparing for GENIUS Act and Clarity Act Clarity.
Key Sources
- GENIUS Act — S.394, 119th Congress (Congress.gov)
- OCC News & Issuances — Payment Stablecoin Rulemaking (occ.gov)
- FinCEN: BSA Resources for Digital Assets (fincen.gov)
- FDIC: Custodial Deposits Rulemaking (fdic.gov)
Fifteen days.
If you’re a stablecoin issuer and you haven’t run the capital and liquidity gap analysis against the OCC’s proposed requirements, that’s your first deliverable this week — not because the final rules are published, but because 120 days goes fast when you’re restructuring reserve management, building attestation infrastructure, and updating documentation at the same time.
The programs that get ahead of this now will have a defensible compliance posture before the clock starts. The ones waiting to read the final rules before doing anything will be doing triage.
◆ Related template
New Product Risk Assessment
Structured risk review process for new products, services, and business initiatives.
◆ Immaterial Findings · Weekly
Sharp risk & compliance insights. No fluff.
◆ FAQ
Frequently asked questions.
What is the July 18, 2026 GENIUS Act deadline?
What capital and liquidity requirements is OCC proposing for stablecoin issuers?
What is a Payment Stablecoin Issuer (PPSI) under the GENIUS Act?
When do stablecoin issuers need to comply after final rules publish?
Does the GENIUS Act preempt state stablecoin laws?
Author
Rebecca Leung
Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.
◆ Related framework
New Product Risk Assessment
Structured risk review process for new products, services, and business initiatives.
◆ Keep reading
Related posts.
Regulatory Compliance
The Fed's Payment Account Proposal: What Fintechs and Digital Asset Firms Need to Know Before the July 27 Comment Deadline
The Federal Reserve proposed a special-purpose Payment Account in May 2026, offering eligible fintechs direct access to Fedwire Funds and FedNow without a bank charter. The comment period closes July 27. Here's who qualifies, what compliance the Fed requires, and why your institution should care even if you're not applying yet.
Jul 7, 2026
Regulatory Compliance
SEC Cyber Disclosure Rule: What 2.5 Years of Form 8-K Filings Reveal About Your Response Program Gaps
The SEC's 4-business-day cyber incident disclosure rule has 2.5 years of enforcement history. Here's what the filings and enforcement actions reveal about common materiality determination failures — and how to build a decision protocol that survives SEC scrutiny in 2026.
Jul 5, 2026
Regulatory Compliance
GENIUS Act AML/CFT Compliance: Breaking Down the FinCEN and OFAC Rule That Drops July 18
The FinCEN/OFAC joint proposed rule for stablecoin issuers establishes a full BSA/AML compliance program requirement — SAR filing, CTR filing, CIP, CDD, and OFAC sanctions screening — with a technical wallet-blocking mandate that has no precedent in traditional financial services. Here's what Permitted Payment Stablecoin Issuers and their bank partners need to build.
Jul 4, 2026