Our Take: financial services regulatory update

Change remains a constant in financial services regulation

Read "our take" on the latest developments and what they mean.

Regulatory clarity for digital assets: GENIUS and CLARITY Acts set the path forward

What happened? On July 17^th, the House of Representatives voted to pass two digital asset bills:

It voted 308-122 to pass the GENIUS Act, which establishes a regulatory framework for “payment stablecoins,” digital assets that (1) are designed to be used for payment or settlement; (2) are convertible to a fixed amount of monetary value; and (3) do not pay yield or interest; and
It also voted 294-134 to pass the CLARITY Act, which defines digital asset regulatory jurisdiction for the SEC and CFTC and requires the agencies to pass rules and issue guidance around consumer protection and safety and soundness.

On July 18^th, President Trump signed the GENIUS Act into law.

What does the GENIUS ACT contain? The Act provides a regulatory framework for stablecoin issuers and outlines requirements for financial stability and consumer protection.

Stablecoin issuers are subject to the following regulatory agency oversight:
- Insured depository institutions are regulated by their primary federal regulator (e.g., the Fed, FDIC or OCC).
- State-regulated banks with a total market capitalization of $10b or below may opt for regulation by their state regulator as long as the state regulatory regime is “substantially similar” to the framework under the GENIUS Act. State-regulated banks with more than $10b are regulated by the Fed.
- Nonbanks that are not engaged in financial services would need to obtain a unanimous vote from the Stablecoin Certification Review Committee, which will consist of the Treasury Secretary as Chair, the Fed Chair (or Vice Chair for Supervision if designated by the Fed Chair), and the FDIC Chair. To approve the application, the Committee must find that the nonbank issuer (1) does not pose a material risk to safety and soundness and (2) will comply with data use requirements. If approved, the nonbank issuer will be regulated by the OCC.
The GENIUS Act also contains a broad set of requirements around areas such as consumer protection and safety and soundness, including:
- Maintenance of reserves backing outstanding stablecoins on a 1:1 basis and consisting of US currency or certain high quality liquid assets. Reserves must not be pledged or reused by the stablecoin issuer (with some very limited exceptions such as overnight repos).
- Disclosure of reserve composition on a monthly basis, monthly examinations of the reserves performed by an independent accounting firm, and an annual attestation by an independent accounting firm that internal controls are suitably designed.
- Capital and liquidity requirements to be set by the issuer’s regulator and tailored to the issuer’s business model and risk profile. The Act specifies that these requirements should include reserve asset diversification, deposit concentration and interest rate risk management standards.
- Anti-money laundering and sanctions requirements equivalent to those that apply to banks. FinCEN will need to publish regulations governing the scope of the AML requirements applied to stablecoin issuers. OFAC will likely rely on previously issued guidance on sanctions compliance best practices.
- Consumer protection standards that include prohibitions on (1) tying use of the stablecoin to other products or services and (2) misrepresenting that stablecoins are covered by federal deposit insurance or otherwise backed by the US government. The Act also specifies that federal consumer protection laws apply to stablecoins and that state consumer protection laws would not be preempted.
- Operational and IT risk management standards tailored to the business model and risk profile of the stablecoin issuer.

What does the CLARITY Act contain? The Act outlines regulatory jurisdiction for digital assets and contains other requirements including those around disclosures and consumer protection.

Digital assets are subject to oversight by the following agencies:
- The CFTC will oversee “digital commodities,” which the CLARITY Act defines as “a digital asset intrinsically linked to a blockchain system, and its value is derived from…the use of the blockchain system.” Most non-stablecoin crypto assets such as Bitcoin and Ethereum would fall under this definition;
- The SEC will oversee tokens that constitute investment contracts such as capital raising activities that offer investors an ownership stake in a digital asset project; and
- Banking regulators will oversee payment stablecoins consistent with the GENIUS Act outlined above.
Other notable provisions of the CLARITY Act include:
- Disclosure requirements. Developers would be required to disclose information related to the digital asset project’s operation, ownership, and structure, including source code availability, governance mechanisms, token functionality and use of proceeds. Exchanges and broker-dealers would be subject to registration requirements and would then be required to provide ongoing disclosures.
- Consumer protection. The Act specifies that digital asset firms would be subject to consumer protection laws and would be required to segregate customer funds.

What’s next? The GENIUS Act will take effect on the earlier of 1) 18 months after it is enacted or 2) 120 days after final regulations are issued – which must be done within a year of enactment.

The CLARITY Act will need to be passed by the Senate before moving to the President’s desk for signature.

Our Take

Stablecoin clarity is here, and crypto clarity is near

With the passage of the GENIUS and CLARITY Acts, long-sought regulatory clarity has arrived for digital assets. The Acts will have immediate impacts across a range of market participants, including:

Current stablecoin issuers must now assess whether they qualify under the GENIUS Act as well as their abilities to meet new requirements such as 1:1 reserve backing, independent attestation, operational resilience, and consumer protection.
Digital asset platforms and intermediaries must prepare for enhanced disclosure and registration as defined by the CLARITY Act. The ability to maintain and grow market share as a business will be more directly informed by success (or failure) to adhere to these new requirements, which will grow to include subsequent rules promulgated by the agencies to facilitate implementation of both Acts.
Non-banks looking to become stablecoin issuers have already seen the writing on the wall and are at varying stages of execution against their regulatory strategies. Issuers have several options available, each with its own set of benefits and drawbacks. Examples include:
- National bank charters offer a broader range of abilities and access to payment infrastructure (e.g. Fedwire, Master Accounts, and FedNow). However, obtaining a de novo national bank charter comes with high capital requirements, significant compliance burdens and long approval timelines.
- State bank charters may provide a more streamlined process for a new entrant, with several state regulators signaling their openness to chartering stablecoin issuers. However, as state-chartered banks are also supervised by the Fed or FDIC, they will similarly have capital requirements and oversight from both federal and state regulators as well as potential for conflicting state-by-state compliance requirements.
- Limited Purpose Trust charters (state or federal) may also be a quicker option with a lighter regulatory burden as they are bank entities that have agreed to limit their activities to fiduciary activities. By doing so, they generally avoid FDIC insurance and Community Reinvestment Act requirements. However, firms that are seeking access to Fed Master Accounts should remain aware that they will be considered a “tier 3” applicant, and we have only seen one tier 3 applicant get approved.¹
- Acquisition of an existing bank or trust entity can provide a faster route to market entry than a de novo charter. However, bank acquisitions will still entail capital costs, integration risk, and the potential for significant regulatory scrutiny and diligence around the deal.
- Applying as a non-bank issuer under the GENIUS Act requires unanimous approval from the Stablecoin Certification Review Committee. Obtaining approval will require that firms meet high risk and compliance expectations and will likely only be viable for large, well-established non-bank financial institutions.
Banks looking to become stablecoin issuers will need a clearly defined strategy to guide them, taking into account expected transformation and costs associated with introducing new or enhanced capabilities to support risk management, compliance, operations and technology.
Even those organizations with no current plans to engage with digital assets may be impacted. All firms should assess their exposure to digital assets through vendors, customers, payment rails, and tokenized financial products as stablecoins are poised to impact treasury operations, liquidity, and settlement infrastructure across the broader financial system.

The CLARITY ACT paves the way for longer-term digital asset strategies

By establishing clear lines between securities and commodities oversight, the CLARITY Act reduces legal uncertainty for developers, issuers, exchanges, and institutional investors engaging with crypto markets. As a result, traditional financial institutions are now positioned to operationalize digital asset and blockchain strategies that have, to date, remained largely in exploratory stages. This includes:

Tokenizing real-world assets, including money market funds, treasuries, commercial paper, structured products, and other traditionally illiquid instruments;
Launching pilots and proofs-of-concept across capital markets, custody, payments and collateralization workflows; and
Accelerating partnerships between incumbents and digital asset firms, especially those with experience building on public blockchain networks, must prepare for enhanced disclosure and registration as defined by the CLARITY Act. The ability to maintain and grow market share as a business will be more directly informed by success (or failure) to adhere to these new requirements, which will grow to include subsequent rules promulgated by the agencies to facilitate implementation of both Acts.

New payment capabilities and new technologies may require a risk management refresh

While the GENIUS and CLARITY Acts will bring overdue regulatory clarity, their passage does not eliminate the risks inherent to stablecoin issuance and digital asset integration. Key areas of focus include:

Financial crime. Digital assets are fast, borderless, and pseudonymous, raising risks around money laundering, terrorist finance and sanctions evasion. With FinCEN guidance potentially years away, firms should in the meantime ensure they are using blockchain analytics tools to detect suspicious transactions or the use of on-chain obfuscation methods such as mixers, as well as putting into place and administering core elements of an AML program.
Cybersecurity. Digital assets remain a significant target for nation-state and criminal organizations, including through private key theft, phishing and social engineering attacks, and exploiting vulnerabilities of third parties. Firms should ensure their cyber programs are tailored to the risks associated with digital assets and have staff with expertise in private keys and cryptography.
Third-party risk. Digital asset firms often rely on custodians, blockchain infrastructure providers, and other tech providers that pose risks that may be new to banks entering this field. Firms should maintain or build sufficient technical expertise to conduct appropriate due diligence on new types of third-party service providers, know whether third parties are using subcontractors, and assess their concentration risk in critical vendors.
Liquidity risk. Bank liquidity risk management frameworks will need to adapt to the risks that digital asset products create. Robust capabilities for real-time intraday liquidity monitoring and new scenarios for liquidity stress tests to account for digital asset shocks will become table stakes. Liquidity managers must also consider near-term impacts to deposit stability as stablecoins and other digital assets create an attractive alternative for their existing deposit base. Market players including banks, financial market utilities and large merchants (to name a few) will experiment with digital asset products that will surely disrupt the movement of liquidity across the financial system. "Future proofing" liquidity management with a focus on real-time access to high-quality data, automated payment operations, and contingency planning will enable business innovation while also protecting firms from future stress events.

New products and use cases on the horizon

The passage of these bills accelerates the maturation of a multi-token financial system under which deposit tokens issued by regulated banks will be used in interbank settlement and wholesale contexts, while stablecoins will serve retail and commercial applications such as embedded payments, cross-border commerce and programmable settlement. Going forward, we expect to see:

New product categories: Tokenized money market funds, tokenized deposits, programmable treasury services, and collateralized stablecoins;
Institutional DeFi: Platforms with embedded KYC and real-world assets will benefit from increased clarity; and
Embedded finance: Consumer apps, merchant networks, and enterprise resource planning systems can integrate stablecoin rails with greater compliance assurance.

¹ The Fed has a three-tiered framework for reviewing applications for master account access. Tier 1 institutions are those with FDIC insurance and receive a streamlined level of review. Tier 2 institutions are not federally insured but are subject to review by one of the federal banking agencies and, if chartered under federal law, have a holding company subject to Fed oversight. Tier 3 includes all other eligible institutions, which receive the strictest level of review.