Our Take: financial services regulatory update – June 27, 2025

• What happened? On June 17^th, the Senate voted 68-30 to pass the GENIUS Act, which establishes a regulatory framework for “payment stablecoins.” The Act defines payment stablecoins as digital assets that (1) are designed to be used for payment or settlement; (2) are convertible to a fixed amount of monetary value; and (3) does not pay yield or interest.
• How are stablecoin issuers regulated under the GENIUS Act? The Act provides a framework for different issuers depending on size and entity type:
  • National banks are regulated by their primary federal regulator (e.g., the Fed, FDIC or OCC).
  • State-regulated banks with a total market capitalization of $10b or below may opt for regulation by their state regulator as long as the state regulatory regime is “substantially similar” to the framework under the GENIUS Act. State-regulated banks with more than $10b are regulated by the Fed.
  • Nonbanks that are not engaged in financial services would need to obtain a unanimous vote from the Stablecoin Certification Review Committee,⁴ established by the Act, finding that the nonbank issuer (1) does not pose a material risk to safety and soundness and (2) will comply with data use requirements. If approved, the nonbank issuer will be regulated by the OCC.
• What are the requirements for stablecoin issuers under the Act? The GENIUS Act contains a broad set of requirements including (1) maintenance of reserves backing outstanding stablecoins on a 1:1 basis and consisting of US currency or certain high quality liquid assets; (2) reserve composition disclosure; (3) capital and liquidity requirements; (4) anti-money laundering and sanctions requirements; and (5) consumer protection standards. For more detailed information, see Our Take on the GENIUS Act.
• How does the GENIUS Act differ from similar legislation in the House? The House Financial Services Committee advanced the STABLE Act to the full House floor in April of this year. The two Acts are similar but contain a few key differences, including:
  • State banks under the GENIUS Act may opt for state regulation only if they have no more than $10b in market capitalization, while the STABLE Act allows all state banks to opt for state regulation.
  • Nonbanks must receive a unanimous approval from the Stablecoin Certification Review Committee under the GENIUS Act, while the STABLE Act does not contain any similar requirements.
  • The GENIUS Act specifies that it does not preempt state consumer protection requirements, while the STABLE Act contains no such language.
• What’s next? The Act will need to be reconciled with the House’s STABLE Act before it moves to the President’s desk to be signed into law. It also contains several requirements for future agency action, including requirements that the banking agencies issue regulations to carry out the Act; FinCEN to issue rules around transaction monitoring and reporting of suspicious activity; and the Stablecoin Certification Review Committee to issue a rule clarifying its approval standards.

Our Take

Summer signing in sight for stablecoin regulatory clarity. With the Senate’s 68–30 vote to pass the GENIUS Act, momentum is firmly behind stablecoin legislation and we could see a bill signed into law as early as this summer. The House’s STABLE Act is next in line, though key differences will need to be reconciled before the bill lands on the President’s desk. As Senate Democrats fought hard to include additional consumer protection requirements and higher standards for nonbank issuers in the GENIUS Act, we expect that these provisions will find their way into the final version to pass with similar bipartisan agreement.

As the doors open for stablecoin issuance, risks abound. For firms planning to issue, hold, or integrate stablecoins into their business models and financial products, the risk profile remains complex and evolving. Key considerations include:

• Liquidity and redemption risk. Even if backed by full 1:1 reserves, stablecoin issuers should ensure they are able to manage daily redemption flows and unexpected outflows during stress.
• Financial crime. With FinCEN guidance potentially three years away, firms should in the meantime ensure they are using blockchain analytics tools to detect suspicious transactions or the use of on-chain obfuscation methods such as mixers.
• Cybersecurity. Firms should assess whether they have the technology and expertise to address risks associated with private key theft, third party cyber vulnerabilities, and phishing attacks.
• Third-party risk. Firms should maintain or build technical expertise to conduct appropriate due diligence on their third-party service providers and assess concentration risk in critical vendors.

What should firms be doing now? A stablecoin regulatory framework is coming into focus – what remains is execution. Firms looking to become stablecoin issuers should prepare to apply for a license, which will include demonstrating effective governance, AML and consumer protection programs. Nonbanks –whether a current or a potential future issuer—will have a steep hill to climb to meet bank-like regulatory expectations and obtain unanimous approval of the Stablecoin Certification Review Committee.

Meanwhile, firms considering providing ancillary services such as custody and clearing will need to begin assessing how to integrate planned services into their enterprise resource planning, treasury, tax and compliance systems, and develop their counterparty diligence, risk scoring and exposure mitigation practices.

What’s the bottom line? The Senate passing the GENIUS Act is an important step toward regulatory clarity for digital assets. We expect it will soon become law, enabling firms to move forward with their stablecoin strategies undeterred by “regulation-by-enforcement.” As they do so, they should ensure that they have the technology and expertise necessary for the unique operational and risk management issues raised by stablecoins.

• What happened? On June 16^th, the Fed, FDIC and OCC requested comment on measures to mitigate payments fraud with a specific focus on check fraud.
• What do the agencies want to know? The request seeks comment on considerations and potential actions across five key areas:
  • External collaboration. The request asks whether more collaboration is needed among federal regulators, state authorities and industry stakeholders. It also seeks comment on what types of collaboration would be most effective.
  • Education. The agencies are requesting information on how education for consumers and industry participants could be improved and increased.
  • Regulation and supervision. The request seeks comment on whether changes to regulations or new supervisory guidance could mitigate fraud risk and help banks, especially small community banks, detect and prevent fraud. It also asks whether current fraud hold practices impact consumers, including how responsive banks are to inquiries from consumers regarding the status of their funds subject to a hold. Further, it asks whether the agencies should consider amendments to existing requirements to shorten funds availability requirements for check deposits.
  • Data collection and information sharing. The agencies seek comment on how payments fraud data collection and information sharing could be improved, including through more standardization and centralization of the data collection and sharing process.
  • Operational tools and services. The request asks whether federal reserve banks could enhance their existing services such as check processing, ACH transfers, instant payments and wire services to better mitigate payments fraud. Examples include requiring fraud reporting for payment rails, developing a payments fraud contact directory for financial services and offering tools that provide notification of atypical payment activity.
• What’s next? Comments are due by September 18th.

Our Take

Industry has opportunity to drive regulatory change. The request for comment may focus on check fraud, but the framing signals a deeper concern of fraud not just as a loss event but as a vulnerability in the payments system itself. In addition, the breadth of topics and tone of inquiry suggest early-stage policy development. The reference to existing requirements and funds availability raises the possibility of rule revisions that would directly affect how banks manage customer communications, fraud holds, and deposit processing timelines.

This inquiry could have an outsized impact on smaller banks, many of which have fewer fraud detection resources but are disproportionately exposed to check and mail theft schemes. With regulators asking whether current supervisory approaches are adequately tailored, banks should anticipate heightened scrutiny of hold policies, fraud response protocols, and data governance. There may also be increased expectations for firms to engage in external collaboration or adopt centralized tools if offered by the Fed.

What’s the bottom line? Banks should treat this request as a signal of regulatory movement and should advocate for changes that would enhance fraud controls, particularly in check processing and availability holds, fraud reporting and interbank coordination.

• What happened? On June 13th, the Basel Committee on Banking Supervision (BCBS) released a framework for the voluntary disclosure of climate-related financial risks.
• What does the framework say? The non-binding framework includes both qualitative and quantitative templates designed to set a global standard for climate governance, transition and physical risk exposures, and financed emissions. Key components include:
  • Qualitative disclosures (Tables CRFRA and CRFRB) that focus on governance, strategy, scenario analysis and risk management processes. The framework calls for banks to detail how climate risk affects their business model, risk profile, and financial position – both today and over time horizons defined by the bank. It encourages banks to conduct scenario analysis and, if relevant, disclose transition plans and emissions reduction targets. Banks are also encouraged to describe how directors engage on material climate risks and whether climate metrics influence decisions on strategy, capital allocation, or compensation.
  • Quantitative templates (CRFR1–4) covering:
    • Sector-level exposure to transition and physical risks, including greenhouse gas (GHG) emissions and residual maturities
    • Real estate exposures categorized by energy efficiency
    • Emission intensity per unit of physical output for sectors where banks have set targets

Our Take

Climate disclosure consistency – outside the U.S. Although the framework is not binding, the BCBS shapes global banking norms and its alignment with European climate goals will pressure national regulators in that region to follow suit. However, in the U.S., broad federal adoption is unlikely in the near term as the SEC has stopped defending its climate disclosure rule. Still, the underlying supervisory and investor interest in climate risk has not disappeared. State-level rules in California and disclosure mandates in the EU remain in effect, and global banks will continue to face pressure from shareholders, counterparties, and rating agencies to report consistently and credibly.

For U.S. banks, Basel’s framework can help guide internal alignment across jurisdictions and respond to expectations from non-federal stakeholders. Even where disclosure is not required, the framework reinforces the need for banks to assess how physical and transition risks could affect their business models, credit exposures, and long-term strategy. Accordingly, firms should:

• Use the BCBS framework to benchmark existing disclosures and identify gaps in governance, strategy, and emissions data
• Coordinate disclosures across regulatory regimes, especially in jurisdictions that are moving forward with climate rules
• Treat the framework as a roadmap to strengthen internal risk management and cross-functional coordination

What’s the bottom line? Climate risk disclosure is likely to remain fragmented across jurisdictions, but the Basel framework provides a foundation to respond with consistency and clarity. Institutions that move early to align will be better positioned to manage regulatory change, market expectations, and emerging risk.

These notable developments hit our radar recently:

CFPB extends 1071 compliance dates. On June 18th, the CFPB issued an interim final rule extending the compliance deadlines for its small business lending data collection rule to comply with Section 1071 of the Dodd-Frank Act. The extension follows ongoing litigation and court-ordered stays. New compliance dates are July 18th, 2025 for Tier 1 lenders, January 16th, 2026 for Tier 2, and October 18th, 2026 for Tier 3, each delayed by approximately 290 days. The CFPB also indicated plans to propose amendments to the 2023 final rule later this year.

Fed drops reputational risk. On June 23rd, the Fed announced it will remove references to reputational risk from exam materials and replaced with more concrete financial risk concepts. The Fed emphasized that this change does not reduce its expectations for robust risk management, nor does it preclude banks from considering reputational risk internally.

SEC extends compliance date for daily reserve computation rule. On June 25, the SEC extended the compliance deadline for amendments to Rule 15c3-3, requiring certain broker-dealers to perform daily reserve computations. The new compliance date is June 30, 2026, providing firms additional time to implement necessary operational changes.

SEC publishes new data on broker-dealers, M&A activity, and BDCs. On June 26th, the SEC published updated datasets covering registered broker-dealers, mergers and acquisitions (M&A), and business development companies (BDCs). The reports provide insights into industry trends from 2010 through 2024, including broker-dealer registrations, M&A transaction volumes, and BDC investment disclosures.

Powell on the Hill. On June 24th and 25th, 2025 Fed Chair Jerome Powell testified before the House Financial Services Committee and the Senate Banking Committee. Powell presented the Fed’s semi-annual Monetary Policy Report and addressed questions on regulatory items like the Community Reinvestment Act and Basel III endgame, largely deferring to the judgement of VCS Michelle Bowman.

FinCEN uses FEND bill authority for first time. On June 25th, Treasury’s Financial Crimes Enforcement Network (FinCEN) sanctioned three financial institutions based in Mexico under the first use of the Fentanyl Sanctions Act and FEND Off Fentanyl Act. The acts provide FinCEN the authority to sanction based on suspicion of money laundering related to opioid trafficking.

Agencies issue customer identification exemption. On June 27th, the OCC, FDIC, and NCUA, with FinCEN's concurrence, issued an order exempting banks under their jurisdiction from the requirement to obtain a customer's Taxpayer Identification Number (TIN) directly prior to account opening, as stipulated in the Customer Identification Program (CIP) Rule implementing Section 326 of the USA PATRIOT Act. This exemption allows banks to use alternative methods, such as obtaining TINs from third-party sources, provided they maintain written procedures that are risk-based and ensure compliance with CIP requirements.

Stress testing results coming soon. The results of the Fed’s 2025 Dodd-Frank Act Stress Tests and Comprehensive Capital Analysis and Review (CCAR) are scheduled to be released June 27^th at 4:30 PM EDT.