The wait is over. The U.S. Department of Treasury — through FinCEN and OFAC — has published a joint Notice of Proposed Rulemaking implementing the AML/CFT and sanctions compliance requirements of the GENIUS Act for Permitted Payment Stablecoin Issuers (PPSIs). The comment period is 60 days from Federal Register publication.
This is not background regulatory noise. For anyone building at the intersection of stablecoins and the credit union system, this NPRM is the starting gun.
The GENIUS Act requires that a permitted payment stablecoin issuer "be treated as a financial institution for purposes of the Bank Secrecy Act, and as such, shall be subject to all Federal laws applicable to a financial institution located in the United States relating to economic sanctions, prevention of money laundering, customer identification, and due diligence."
What the NPRM Actually Requires
The proposed rule translates that directive into five concrete obligations. These are not aspirational guidelines — they are the floor.
Formal program with risk assessments, a designated compliance officer, and documented policies — maintained and updated as conditions change.
Ability to block, freeze, and reject specific or impermissible transactions — including in secondary markets where the stablecoin is already circulating.
Suspicious Activity Reports for transactions relevant to potential violations. Secondary-market SAR obligations remain an open question — FinCEN is explicitly seeking comment.
Effective OFAC economic sanctions compliance program. This is a separate OFAC-specific requirement, not subsumed by the BSA/AML framework.
Appropriate records retained in a form accessible for examination — the audit trail is a legal artifact, not just a technical log.
Customer Identification Program requirements are expected in a separate rulemaking. The identity architecture needs to be built now to absorb that requirement when it lands.
The NCUA Is Explicitly Named
The GENIUS Act designates four primary federal payment stablecoin regulators: the OCC, the Federal Reserve, the FDIC, and the NCUA. Each is responsible for licensing, regulation, examination, and supervision of PPSIs within their charter domain.
For credit unions, this translates into direct examination exposure:
- NCUA examiners will arrive at credit unions offering any stablecoin-adjacent product with a GENIUS Act compliance checklist
- The 30-day FinCEN notice requirement before significant supervisory action creates a coordinated, predictable enforcement environment — reassuring for cautious compliance officers
- The enforcement standard is systems-based: regulators are evaluating whether a functioning AML program exists and is maintained, not whether every suspicious transaction was caught
- Credit unions that wait for final rules before building infrastructure will be building in a rushed, high-pressure environment after the fact
On-Chain Controls Are Now Law
The most technically significant provision is the mandate for technical controls to block, freeze, and reject transactions — including in secondary markets. This is not a soft policy requirement. It means issuers must design systems that allow intervention in stablecoins after they have left the issuer's direct custody.
This is precisely what smart contract-level compliance infrastructure provides. The ability to enforce compliance rules at the token layer — not just at the point of issuance — is the architecture FinCEN is describing. On-chain identity modules, jurisdiction checks, and collateral-state verification are not just technical differentiators. Under the GENIUS Act, they are compliance requirements.
How Aetherum Maps to Every Requirement
Aetherum was purpose-built to satisfy GENIUS Act compliance requirements for NCUA-regulated institutions. The infrastructure is live today — not on a roadmap.
| NPRM Requirement | Aetherum Component | Status |
|---|---|---|
| AML Program | DACS Risk Assessment Model — 10-pillar member scoring with behavioral, financial, and on-chain signals generating a 0–100 composite score per member | Live |
| Technical Controls | ERC-3643 On-Chain Compliance Modules — jurisdiction, collateral LTV, and member identity checks enforced at the smart contract layer | Live |
| Sanctions Compliance | Real-time KYC/AML screening at onboarding, with compliance status written on-chain as an attestation | Live |
| Customer Identification | Bank connectivity verification at account linking, with identity attestation recorded on-chain via ERC-3643 CUMember identity module | Live |
| Record Retention | Full transaction audit trail in backend, plus DDQ Engine with 14-chunk compliance knowledge base for examiner-ready documentation | Live |
| Dynamic Risk Control | DACS-driven LTV ceilings (Tier 1: 70% / Tier 2: 65% / Tier 3: 55%) written on-chain at loan origination | Live |
| CIP (forthcoming) | On-chain CUMember identity module designed to absorb forthcoming CIP requirements without architectural changes | Ready |
The Audit Trail Is the Product
One of the NPRM's most practical implications is what it does to the definition of "documentation." Compliance documentation is no longer a report you generate before an exam — it is the automatic output of a well-built platform.
Every DACS score at Aetherum is timestamped, logged across all ten pillars, and stored as an underwriting record attached to the loan file. Every on-chain attestation is immutable and independently verifiable. Every KYC screening result is retained and linked to the member identity record. The compliance documentation that NCUA examiners will eventually request is generated as a byproduct of our normal operation — not assembled under pressure after the fact.
That is what a systems-based enforcement standard rewards. Not zero defects. A functioning system, documented and maintained.
Every competitor is building faster pipes.
Aetherum is building the first crypto lending platform
that explains itself to regulators — and that
explanation is the moat.
Purpose-built to satisfy GENIUS Act compliance requirements for NCUA-regulated institutions.
What Credit Unions Should Do Right Now
The GENIUS Act NPRM comment period is open for 60 days from Federal Register publication. This is a rare opportunity to shape how the final rules apply to the credit union system specifically — and NCUA-focused voices are underrepresented in regulatory comment processes dominated by large bank lobbyists.
More practically: credit unions that want to offer crypto-collateralized lending products to their members need to start their compliance infrastructure conversations now. Final rules will arrive faster than build timelines allow.
Aetherum is that infrastructure. The platform is live, the compliance modules are deployed, and the audit trail is already running. Credit unions do not build this from scratch — they adopt Aetherum and inherit it.
Interested in how Aetherum maps to your credit union's GENIUS Act compliance needs?
Schedule a Call →See our stablecoin settlement infrastructure — USDC, Cross-Chain Transfer Protocol, and Programmable Wallets: product page →