In 14 months, every major federal financial regulator has moved to enable institutional crypto. The Office of the Comptroller of the Currency’s (OCC) GENIUS Act rulemaking is the most detailed signal yet of what compliance looks like on the other side.

Here we breakdown how we got here, what the proposed rules actually require, and where the operational pressure points sit for compliance teams, custodians, and infrastructure operators. If you are operating stablecoins in the US, or considering it, this is the landscape you need to understand.

TL;DR

• In 14 months, every major US federal financial regulator has moved to enable institutional crypto. The OCC's 376-page GENIUS Act rulemaking is the most operationally detailed framework yet
• Reserves must be backed one-to-one at fair value, not amortized cost, creating continuous monitoring obligations tied to interest rate exposure
• Redemption must occur at par within two business days; breaching 10% of outstanding issuance in 24 hours triggers an automatic extension and OCC notification
• Smart contract upgrades are treated as changes to regulated payment infrastructure, requiring formalized governance, audit trails, and approval chains
• Missing capital or operational backstop requirements for two consecutive quarters triggers mandatory redemption of all outstanding stablecoins
• The yield prohibition includes a rebuttable presumption against indirect payments through affiliates, and is expected to be heavily contested during comment
• Eight crypto national trust charters have been conditionally approved, with Coinbase, World Liberty Financial, and Morgan Stanley in the pipeline
• Stablecoin rules are converging fast, but broader digital asset market structure legislation remains unresolved, creating a bifurcated compliance landscape
• OCC comment period closes May 1, 2026. Final rules due July 18, 2026. Effective date: January 18, 2027 at the latest

The 14-Month Shift

Between January 2025 and March 2026, the US regulatory posture toward institutional crypto shifted faster than most expected. It was not a single policy change, but a convergence of executive, legislative, and agency action that cleared the path for institutional participation in the same direction, within the same window.

On January 23, 2025, the White House issued an executive order establishing a policy to "support the responsible growth and use of digital assets," creating a President's Working Group chaired by David Sacks and explicitly prohibiting CBDC development. That same day, the Securities and Exchange Commission (SEC) published Staff Accounting Bulletin No. 122, rescinding SAB 121, the accounting rule that had made bank crypto custody economically unviable by requiring custodied digital assets to sit on the balance sheet as liabilities.

Within weeks, the pace picked up. On March 6, the White House signed an executive order directing the creation of a Strategic Bitcoin Reserve from 207,000 BTC in government forfeitures, though the reserve has seen little public operationalization since. The next day, the OCC issued Interpretive Letter 1183, rescinding the Biden-era requirement that banks get supervisory non-objection before engaging in crypto activities and reaffirming custody, stablecoin reserves, and DLT participation as permissible. On March 28, the FDIC issued FIL-7-2025, dismantling what the industry had called "Operation Chokepoint 2.0" by letting FDIC-supervised institutions engage in crypto without prior approval. The Federal Reserve followed in April, withdrawing its own supervisory letters. By spring 2025, the agency-level barriers that had defined the previous administration's approach were effectively gone.

Next it was the turn of the legislature, with the GENIUS Act passed on July 18, 2025, becoming the first federal legislation governing digital assets. The OCC continued expanding the operational scope through the rest of the year: in November 2025, banks were permitted to hold crypto for network fees; in December 2025, riskless principal crypto-asset transactions were permitted.

What followed was the implementation phase, where the regulatory frameworks started to take tangible shape. The FDIC published its GENIUS Act application procedures in December 2025. The NCUA followed in February 2026. And on February 25, 2026, the OCC announced its 376-page proposed rulemaking (NPRM), the most operationally detailed regulatory document the institutional crypto industry has seen in the US.

The GENIUS Act and the OCC's Mandate

The GENIUS Act created a federal regulatory framework for payment stablecoins. It splits supervisory authority by issuer type. The OCC covers national banks, their subsidiaries, federal savings associations, and federally chartered nonbank issuers. The FDIC covers insured depository institutions. The NCUA covers credit unions operating through subsidiaries. The Federal Reserve oversees state member banks and holding companies.

The OCC's NPRM translates that statutory authority into an entirely new section of federal banking law: 12 CFR Part 15. At 376 pages, it covers the full lifecycle of a payment stablecoin, from issuance eligibility and reserve management through to redemption mechanics, operational standards, and custodial requirements for both issuers and their institutional counterparties. It applies to national banks, federally chartered nonbank issuers, federal savings associations, and foreign payment stablecoin issuers operating in the United States.

The GENIUS Act creates a federal-state dual framework. State-qualified payment stablecoin issuers fall under OCC oversight, meaning state-level regimes like New York's BitLicense and Wyoming's SPDI charter interact with this federal framework rather than being replaced by it. It has not been made particularly clear how multi-state operators will need to plan for how federal requirements layer onto their existing state obligations. That is a question the final rule will need to address.

The rules do not cover Bank Secrecy Act, anti-money laundering, or OFAC sanctions compliance. Those are reserved for a separate, coordinated rulemaking with the Treasury Department.

Reserves: Mark-to-Market, Always Backed, Always Provable

The reserve requirements are the structural foundation of the proposal. Every permitted issuer must maintain identifiable, segregated reserves backing outstanding stablecoins at a minimum of one-to-one, at fair value.

Fair value means reserve assets reflect current market prices, not what you paid for them. If Treasuries held as reserves decline in value because rates move, the issuer must hold additional assets to maintain the one-to-one ratio. For many treasury operations, this creates a continuous monitoring obligation that ties reserve management directly to interest rate exposure in a way they are not yet set up to handle.

The rules limit what can be used as reserve assets to the most liquid instruments available. U.S. currency and Federal Reserve balances, demand deposits at insured depository institutions, short-dated Treasuries (93 days or less), qualifying overnight repos and reverse repos, government money market funds, and OCC-approved equivalents. Tokenized versions of qualifying reserves are also permitted where applicable law allows it.

The OCC also requires issuers to demonstrate the operational capability to actually monetize those reserves, quickly, under stress, and without fire-sale pricing. For larger issuers, that means maintaining multiple monetization channels (diversified repo counterparties across banks and dealers, pre-negotiated outright sale lines), conducting periodic actual monetization transactions, and building redundancy. The OCC explicitly warns that untested repo lines may trigger market concerns if suddenly activated during stress. If you have not tested it, the OCC does not consider it a real capability.

The proposal offers two approaches to diversification and concentration limits, and the choice between them is likely to be one of the more actively debated elements of the comment period.

Option A is principles-based with quantitative safe harbors: at least 5% in cash or Federal Reserve balances, at least 30% in highly liquid assets, and no more than 10% at a single custodian. It gives issuers flexibility to manage their reserve composition within defined boundaries, and the OCC would evaluate compliance through examination. The logic is that issuers with different scale and risk profiles need room to optimize their reserve structure.

Option B imposes mandatory quantitative limits. It removes the ambiguity of principles-based assessment and replaces it with hard numbers. The trade-off is less flexibility but more predictability for both issuers and supervisors.

There is  tension between the approaches. Option A gives sophisticated issuers room to operate but creates judgment calls during examination. Option B is cleaner for compliance but may force reserve structures that do not reflect the issuer's actual risk profile. Industry participants with strong compliance programs may push for Option A; those who want a clearer standard to build against may prefer Option B. Either way, surplus reserves may only be withdrawn after the monthly examination, certification, and public disclosure cycle, not on an issuer's own internal calculations.

Redemption: Two Days, or the Clock Starts

The redemption framework locks in the key promise of stablecoins: par redemption on demand.

Under the proposal, issuers must redeem at par value within two business days of a request. If redemption demands exceed 10% of outstanding issuance in any 24-hour period, a non-discretionary extension to seven calendar days kicks in, and the issuer must notify the OCC within 24 hours. Only the OCC can impose discretionary redemption limitations. Issuers cannot unilaterally restrict redemptions.

The two-day window combined with the 10% stress trigger extends well beyond treasury management. It requires real-time infrastructure monitoring, escalation protocols, and the ability to execute reserve monetization at scale on short notice. An issuer that cannot convert qualifying reserves into redeemable funds within two business days under normal conditions faces a structural compliance failure.

Meeting those timelines under stressed conditions is a different challenge entirely, and requires sophisticated risk management and tested operational resilience.

Risk Management and Operational Resilience

The OCC adapts its existing safety-and-soundness standards (12 CFR Part 30) to the stablecoin context, creating a principles-based risk management framework that scales with issuer size and complexity. Five pillars.

Internal controls and governance. Clear lines of authority, segregation of duties, effective risk assessment, board-level oversight. The OCC expects governance structures that can make time-sensitive decisions. For an industry that has historically operated with startup-speed governance, this represents graduation into the disciplined world of regulated finance.

Cybersecurity and information security. Incident response, vulnerability management, regular testing. Standard expectations for any OCC-supervised entity, now codified specifically for stablecoin operations where the attack surface spans both traditional IT infrastructure and blockchain-native vectors.

Operational resilience. Business continuity planning, disaster recovery, operational stress testing. The OCC states that resilience is "particularly important for stablecoin" operations, given the 24/7 nature of blockchain networks and the potential for cross-chain migration scenarios. Stablecoin-specific resilience planning needs to cover scenarios like chain congestion, bridge failures, validator set disruptions, and the ability to recover or migrate assets when primary infrastructure is compromised. That has direct implications for monitoring coverage, incident response team structure, and on-call models that traditional banking supervision has never demanded.

Smart contract and DLT risk management. The OCC explicitly requires risk management programs covering code audit, testing, upgrade governance, and cross-chain operability. Stablecoin infrastructure is not just software under this framework. It is regulated infrastructure that demands formalized change management. A smart contract upgrade is, in effect, a change to regulated payment infrastructure.

What this means practically: code audit processes need to be documented and repeatable. Upgrade governance needs defined approval chains. Cross-chain operability needs tested fallback mechanisms. The OCC is treating DLT infrastructure with the same supervisory expectations it applies to core banking systems.

Third-party risk management. Consistent with existing interagency guidance, issuers must conduct due diligence on and continuously monitor service providers. For stablecoin operations, the vendor landscape includes node infrastructure providers, oracle services, cross-chain bridge operators, and wallet and custody infrastructure providers. Each of these introduces operational dependencies that need formal risk assessment, contractual protections, and tested contingency plans for provider failure.

Custody, Capital, and the Operational Backstop

The custody framework (Subpart C) implements Section 10 of the GENIUS Act. It extends beyond issuers to any OCC-supervised entity providing custodial services for "covered assets," a term that includes reserve assets and stablecoins used as collateral.

At its core, covered assets are customer property. They must be segregated, separately accounted for, and protected from the custodian's creditors. Omnibus accounts are permitted, but only with robust per-customer recordkeeping.

For digital assets, the question of what custodial protection means in practice turns on control. The OCC defines it specifically: a custodian maintains control if it can reasonably demonstrate that no other party, including the customer, can transfer the asset on a distributed ledger without the custodian's consent.

In practice, most existing custodial arrangements satisfy this standard. Where the custodian holds the keys and the customer holds a contractual claim, the requirement is met. MPC models where key shares are distributed across multiple parties, including the customer, also satisfy it, provided the customer cannot unilaterally transact with their share alone. But operators should not assume compliance by default. The "without the custodian's consent" standard is now a regulatory test, not just a contractual one, and any custody model, particularly those involving distributed key shares, multi-sig configurations, or client-facing signing capabilities, should be evaluated against it. The OCC is not mandating new wallet architectures. It is requiring that existing ones can demonstrate control under a defined, and examinable, standard.

On capital, the OCC takes an individualized approach rather than standardized ratios. Capital requirements are set during chartering or licensing and monitored through examination. Stablecoin issuers face fundamentally different risk profiles than traditional banks, and a one-size-fits-all ratio would be premature. Capital elements are limited to Common Equity Tier 1 and Additional Tier 1. No Tier 2 (subordinated debt). The OCC does not want to create incentives for issuers to take on leverage. The de novo period is a minimum of three years, with a $5 million capital floor. Recent approvals for national trust bank charters engaging in stablecoin issuance required between $6 million and $25 million.

The operational backstop is a familiar concept in regulated finance but carries specific weight here. Issuers must maintain a separate pool of highly liquid assets sufficient to cover 12 months of total operating expenses, independent of both capital and reserves. It is designed to ensure solvency through sustained operational stress.

The consequences for failure are automatic. Miss the capital or backstop requirement for a single quarter, and the issuer is restricted from issuing new stablecoins. Miss it for two consecutive quarters, and mandatory redemption of all outstanding stablecoins is triggered.

Mandatory redemption is not a simple switch to flip. It means every outstanding stablecoin must be redeemed at par. For an issuer whose stablecoins are held as trading collateral on exchanges, locked in DeFi protocols, used in settlement flows, or sitting in wallets across multiple chains, the operational challenge of forcing redemption is enormous. The issuer must liquidate reserves, coordinate with counterparties who may be relying on those stablecoins for margin or settlement, and manage the unwinding across every platform and chain where the token circulates. The knock-on effects for counterparties, and for any market that uses that stablecoin as infrastructure, are significant. We would be curious to see if this gets addressed following comments, however, for now business continuity plans need to account for this scenario.

The Yield Question

The proposal prohibits issuers from paying any interest or yield to stablecoin holders solely in connection with holding the token. The OCC goes further, establishing a rebuttable presumption that yield payments routed through affiliated or related third parties constitute prohibited indirect payments.

The industry reaction has been sharp, and the reasoning is straightforward. Yield is one of the primary mechanisms stablecoin issuers and their distribution partners use to attract and retain users. Stablecoin reward programs, referral incentives, and yield-sharing arrangements are competitive tools, particularly against USDT's dominance. Removing the ability to offer yield, directly or through partners, limits the desirability and functionality of the stablecoin itself. It also creates an asymmetry: banks can offer yield on deposits through traditional product structures, while stablecoin issuers operating under the same regulatory umbrella cannot offer an equivalent on their tokens. Whether that asymmetry is intentional policy or an unintended consequence of the proposed language is one of the questions the comment process will need to resolve.

The Interagency Picture and the SEC's Parallel Shift

The OCC's NPRM sits within a broader interagency movement. The FDIC published its GENIUS Act application rules in December 2025. What stands out is the posture: a 120-day approval window where applications are automatically approved if the FDIC fails to act. Denial is only permitted if activities would be "unsafe or unsound." The NCUA followed in February 2026, extending the stablecoin issuance pathway to credit unions operating through subsidiaries.

The SEC's shift has been equally consequential. Under Chairman Paul Atkins, who replaced Gary Gensler in April 2025, the SEC launched a Crypto Task Force, dropped or settled enforcement actions against Binance, Ripple, Coinbase, Kraken, and Robinhood, and unveiled "Project Crypto," an initiative to replace regulation-by-enforcement with formal rulemaking.

The most operationally significant SEC action came on February 19, 2026. The Division of Trading and Markets issued guidance stating it would not object to broker-dealers applying a 2% net capital haircut to qualifying payment stablecoins, replacing the punitive 100% charge that had made it uneconomical for broker-dealers to hold stablecoin positions. For Bitcoin and Ether, the SEC indicated it would not object to treatment as readily marketable assets under the commodity haircut provisions of Rule 15c3-1.

Combined with the SAB 121 rescission, which removed the balance sheet barrier to bank crypto custody, the SEC has moved from making institutional crypto participation legally ambiguous to making it economically viable. The shift is not just in what is permitted but in what makes financial sense.

The market has responded accordingly. JPMorgan announced it will allow crypto trading for institutional clients. BlackRock's BUIDL tokenized Treasury fund is currently holding $2.2 billion in assets under management. Additionally, the OCC has issued conditional crypto trust charters to eight firms between December 2025 and February 2026, including Circle, Ripple, BitGo, Fidelity, Paxos, Stripe (Bridge), Crypto.com, and Protego, with Coinbase, World Liberty Financial, and Morgan Stanley in the pipeline. 

The Federal Reserve has not published its GENIUS Act implementing proposal. Every other major federal financial regulator has moved. The absence is notable not because it blocks progress, but because a divergent Fed position would be a significant disruption to the convergence that the rest of the regulatory landscape has built. For now, the direction of travel appears set, but it is not yet locked in.

Here is where each agency stands:

The CLARITY Act Gap: What's Still Missing

The convergence around stablecoins is real. But stablecoins were the easy question, and they do not exist in isolation. They serve as collateral, settlement infrastructure, and on-ramps for broader digital asset activity. Operators building compliance programs around the GENIUS Act framework will inevitably encounter the boundaries of what it covers, and what it does not.

The hard question is everything else. Which digital assets are securities? Which are commodities? How should exchanges and intermediaries be regulated?

The House passed the CLARITY Act on July 17, 2025, by a vote of 219-210, near party-line. Compare that with the GENIUS Act's 308-122 House vote. The difference tells you everything about where consensus exists and where it does not. The Senate has not taken up the House version. Instead, two Senate committees are pursuing separate, competing approaches.

The Senate Banking Committee released a 278-page discussion draft of the Responsible Financial Innovation Act (RFIA) on January 12, 2026. The Senate Agriculture Committee published a draft Digital Commodity Intermediaries Act, which advanced out of committee on January 29, 2026. These address overlapping but different jurisdictional frameworks. They need to be reconciled with each other first, then reconciled with the House CLARITY Act before a full Senate vote.

There is no timeline for resolution.

This creates a bifurcated compliance landscape. On the stablecoin side, operators now have (or will soon have) detailed federal rules from the OCC, FDIC, and NCUA. Clear application processes. Defined examination expectations. On the broader digital asset side, the regulatory environment rests on SEC staff statements, enforcement discretion, and the Crypto Task Force's "Project Crypto" initiative. None of these carry the force of statute. A change in administration could shift the posture.

For compliance teams, the split demands different approaches. Stablecoin compliance planning can start now against concrete proposed rules. Broader digital asset compliance requires monitoring the Senate's legislative process, the SEC's rulemaking calendar, and the real possibility that market structure legislation does not pass in this Congress.

What Operators Should Do Now

This is a proposed rule, not a final rule. The comment period is an opportunity to shape the outcome. But operators should not wait for final rules to begin preparation.

The operational requirements in this proposal are substantial. Reserve monetization capability must be demonstrated, not just claimed. Redemption monitoring must operate in real time against the two-day window and 10% stress trigger. Multi-custodian coordination must meet the concentration limits. Smart contract governance must be formalized as change management for regulated payment infrastructure. Continuous reporting and examination readiness must be built into operational workflows.

During the comment period, several provisions are likely to draw significant industry input. The yield prohibition and its rebuttable presumption against indirect payments will be heavily contested. The choice between Option A (principles-based) and Option B (mandatory limits) for reserve diversification will split opinion along issuer size and sophistication lines. The smart contract governance requirements are new regulatory territory and the appropriate level of prescriptiveness is genuinely unresolved.

Beyond the comment process, several things are worth watching. The Federal Reserve's timeline for its own GENIUS Act proposal. The Treasury Department's BSA/AML/OFAC rulemaking and how it interacts with the operational requirements already proposed. And whether the CLARITY Act's Senate path resolves before the effective date, or whether operators face a permanently bifurcated compliance landscape where stablecoin rules are codified and everything else remains in flux.

The compliance surface area is expanding for every institution in the digital asset value chain. Not just issuers. Custodians, service providers, counterparties, and infrastructure operators all face requirements that cascade through the frameworks being built.

What those requirements demand, in practice, is operational capability that can be demonstrated, not just documented. Reserve monetization channels that have been tested under realistic conditions, not just contracted. Redemption monitoring that operates continuously against hard regulatory timelines, not just during business hours. Smart contract change management that meets the same governance standards as changes to core banking infrastructure. Incident response and business continuity planning that accounts for blockchain-specific failure modes: chain congestion, bridge failures, validator disruptions, and the forced redemption scenarios that follow from missing capital or backstop requirements.

The regulatory architecture is being written now. The institutions that engage earliest, through the comment process, through gap analysis against the proposed requirements, and through building the operational infrastructure these rules assume, will be best positioned when the final rules take effect. The ones that wait will be building under deadline pressure against standards that were knowable months earlier.

‍

This article reflects the proposed regulatory framework as of March 4, 2026. The OCC's GENIUS Act NPRM is open for public comment until May 1, 2026. Final rules may differ materially from the proposal discussed here.

‍