Summary

The GENIUS Act (the “Act”) created a three-part statutory test (Section 2(22)) that determines whether your token is a "payment stablecoin." If it is, only a permitted payment stablecoin issuer (PPSI) can offer it to US users. Violating the prohibition carries up to $1 million per violation and five years imprisonment. The Act’s effective date is January 18, 2027. 

Until the GENIUS Act passed, there was no federal framework for a compliant US stablecoin issuer to follow. Issuers were navigating state money-transmitter licensing rules and SEC staff positions. The Act created a federal licensing pathway, codified reserve standards, and set a compliance deadline. Teams building GENIUS Act stablecoin issuance infrastructure now have a defined process.

A mistake that a protocol team will predictably make is reading "permitted payment stablecoin issuer," deciding it doesn't apply to them, and moving on. For most teams, that conclusion is correct on the licensing question. The step they skip is running the Section 2(22) definition test that determines whether a PPSI license is required, and the separate front-end DASP analysis that applies whether or not you are an issuer.

For teams whose token does meet the statutory definition, the pending FinCEN/OFAC rules would extend the issuer's compliance perimeter into secondary-market transactions through smart-contract-level freeze and blocklist controls. Paradigm and the Hyperliquid Policy Center have already argued in public comments that this would push compliant stablecoins out of open DeFi entirely. For teams whose token doesn't meet the definition, the front-end DASP analysis is a separate question, with its own compliance obligations and a July 2028 effective date.

The Section 2(22) three-part test is the classification that splits those two tracks. January 18, 2027 is the compliance deadline. The OCC application clock alone runs 120 days, and the capital, governance, and AML builds all sit in front of it.

The Section 2(22) test determines which track you're on

Issuing a payment stablecoin without PPSI approval is unlawful under Section 3(a) of the GENIUS Act. Criminal penalties under Section 3(f) run up to $1 million per violation and five years imprisonment for knowing participation. No decentralization carve-out exists for the issuer.

Whether that applies to your protocol depends on whether your token meets the three-part test in Section 2(22). A "payment stablecoin" under the Act is a digital asset that (1) is, or is designed to be, used as a means of payment or settlement, (2) whose issuer is obligated to convert, redeem, or repurchase for a fixed monetary value and represents it will maintain, or creates the reasonable expectation that it will maintain, stable value relative to that amount, and (3) is not a national currency, a deposit, or a security.

Part two is where I see teams miscategorize most often. The test keys off what the issuer commits to and represents, not what the team calls the token. The statue also captures tokens that “create the reasonable expectation” of stability, which means the classification can turn on design and context, not just an explicit promise. A protocol that makes a redemption commitment at $1 in the smart contract or the terms of service and distributes a token used for settlement has likely satisfied parts one and two. The word "stablecoin" does not need to appear anywhere.

The issuer compliance build includes the licensing pathway, reserve architecture, AML program, and OCC application process, each with their own lead time. It also raises an unresolved question about secondary-market sanctions: whether issuers will be required to enforce sanctions compliance on secondary-market transactions they have no visibility into.

The licensing pathway. The statute gives three routes to PPSI status: through an insured depository subsidiary, a nonbank federal qualified issuer approved by the OCC, or a state qualified issuer. Most seed-through-Series-B protocol teams will look at the nonbank OCC pathway.

The OCC's implementation NPRM proposed rule (published March 2, 2026), defines the application process and capital requirements for nonbank issuers. In recent approvals, the OCC has set required capital from $6 million to $25 million, with a $5 million floor during the de novo period, plus a 12-month operational liquidity buffer. The statutory decision clock runs 120 days from a complete application, but application preparation, capital formation, and governance build-out all need to happen before filing.

The reserve architecture. Section 4(a)(1) requires 1:1 reserves held in US currency, demand deposits at insured depository institutions, treasuries with 93 days or less remaining maturity, overnight repos backed by those treasuries, or government money-market funds invested in those underlying assets. Section 4(a)(2) prohibits rehypothecation, with narrow exceptions.

Monthly reserve attestations certified by the CEO and CFO, examined by a registered accounting firm, are required under Section 4(a)(3). That means custodial relationships, accounting systems, and a certification process built before the first attestation is due.

The AML program. The FinCEN/Treasury AML NPRM (published April 10, 2026; comments closed June 9, 2026) would require a written, risk-based AML/CFT program, a US-based compliance officer, SAR filing, and Travel Rule compliance for transfers of $3,000 or more. The FinCEN CIP NPRM (published June 2026; comments closing August 21, 2026) scopes customer identification to the primary market only, not to secondary-market activity. Both are proposed rules.

The secondary-market sanctions perimeter. The pending OFAC rules would require issuers to maintain block, freeze, and reject technical capability reaching secondary-market addresses via smart contract. Paradigm and the Hyperliquid Policy Center argued in joint comments (June 9, 2026) that this conflicts with Van Loon v. Department of the Treasury (5th Cir., Nov. 26, 2024), which held that immutable smart contracts are not property under IEEPA because they are not capable of being owned.

Their argument is that issuers facing secondary-market obligations they cannot meet will deploy only to permissioned environments, pulling US-regulated stablecoins out of open DeFi entirely. That comment process is live. The freeze and blocklist capability needs to be engineered now regardless of where the final rules land.

The gray zone. Hybrid and partially-backed stable-value tokens (the Frax or Ethena-style architecture) present a specific classification problem. A crypto-collateralized token that is redeemable at a fixed value and used for settlement may satisfy parts one and two of Section 2(22), but it cannot meet the 1:1 HQLA reserve requirement in Section 4(a)(1). Whether that makes it an unlawful payment stablecoin or an unregulated non-payment stablecoin is a question the statute does not answer.

Section 14 ordered a Treasury-led study of "endogenously collateralized" stablecoins. If your token sits on this fault line, the classification question needs a definitive answer before January 2027.

The GENIUS Act may apply even if you don't issue a payment stablecoin 

Even if your token does not meet the Section 2(22) definition, that does not mean your protocol falls outside the GENIUS Act entirely. The Act creates a separate set of obligations for "digital asset service providers" (DASPs) that offer or sell payment stablecoins to US persons, and that prohibition takes effect approximately July 2028 (Section 3(b)). If your protocol operates a front end that facilitates stablecoin transactions, you need to determine whether it falls inside or outside the DASP definition. 

The statute excludes five categories from DASP status (distributed ledger protocols; developing or operating distributed ledger protocols or self-custodial software interfaces; immutable and self-custodial software interfaces; transaction validators or distributed ledger operators; and liquidity pool participants), and a non-custodial, immutable interface that does not earn fees from transfers is likely outside the definition. But the exclusions are narrow and fact-specific. A hosted, upgradeable front end that routes stablecoin transactions for compensation, or takes custody of stablecoin balances, requires a closer look at whether the DASP exclusions apply. The statute directs Treasury to study the scope of the DASP framework as applied to DeFi, which means this boundary could move.

If you are not yet a PPSI and your protocol moves stablecoins as a business, you may still need state money-transmitter licenses under existing law. GENIUS preemption only attaches once you are an approved PPSI. 

If you operate a front end that touches stablecoin flows, map it against the five DASP exclusions. The July 2028 deadline matters now because the architectural decisions that determine whether your interface qualifies for an exclusion (custody model, fee structure, upgradeability) are product decisions, not legal ones.

A framework for founders

Knowing which decisions require counsel, which require careful self-review, and which are straightforward is what keeps that gap from opening. Our Tech Founder's DIY Legal Guide offers a general framework for how to approach these decisions, which we've translated to some stablecoin compliance-specific guidance below.

What founders can handle themselves

You don't need a lawyer to run the Section 2(22) classification or map your front-end exposure. The three-part test is public and the statutory text is readable. Pull your token documentation, your smart contract terms, and your terms of service.

Confirm whether anything in those documents creates a redemption obligation at a fixed monetary value and a stable-value representation. If it does, you are likely inside the definition. If it doesn't, document that analysis in writing and move to the front-end question.

The front-end analysis is also manageable without counsel at the first pass. Map your interface against the five DASP exclusions in Section 2 (distributed ledger protocols; developing or operating distributed ledger protocols or self-custodial software interfaces; immutable and self-custodial software interfaces; transaction validators or distributed ledger operators; and liquidity pool participants). An immutable, non-custodial interface with no transfer-fee arrangement is likely excluded. Document that analysis.

Where it gets complicated

Legal support becomes important when the Section 2(22) classification does not produce a clean answer, and for hybrid token designs it frequently doesn't.

As discussed above, hybrid token designs that satisfy the Section 2(22) definition but cannot meet the reserve requirements sit in a classification gap that the statute does not resolve and the Treasury study has not yet addressed. Getting that classification wrong in either direction is expensive. One direction means unlicensed issuance. The other means over-engineering compliance for a token that doesn't require it.

Front-end applications that route stablecoin transactions for compensation and don't fall cleanly inside the DASP exclusions are in the same category. If your interface is hosted, upgradeable, or takes any form of custody, the exclusion analysis requires more than a first-pass read of Section 2.

The OCC nonbank federal-qualified PPSI pathway and the capital requirements that flow from it also require legal guidance. Teams that know they are inside the definition and are evaluating the OCC pathway need to understand the capital math before committing to the application timeline.

Where expert counsel becomes mandatory

Outside counsel earns its place when the classification outcome, the PPSI application, and the OFAC technical build all need to land on a timeline that is already compressed.

If your token meets the Section 2(22) definition and you have US users, the PPSI licensing process, the reserve architecture, the AML program build, and the OFAC secondary-market sanctions capability all need to be coordinated against the January 2027 compliance deadline. The OCC decision clock runs 120 days from a complete application, and everything that makes an application complete sits in front of that clock.

If your token design sits in the algorithmic or hybrid gray zone and the Section 14 study has not resolved whether it falls inside or outside the definition, that classification needs a definitive answer before January 2027.

The pending OFAC secondary-market requirement, which would impose block, freeze, and reject controls reaching secondary-market addresses via smart contract, adds a smart-contract engineering build on top of the compliance program. The outcome of the comment process is contested, but the capability needs to be engineered regardless. Serotonin Legal works through this kind of structural classification, pathway sequencing, and compliance build for protocol teams at this stage.

Final Thoughts

Most protocol teams stopped at the PPSI licensing question and never ran the two analyses that follow from it. If you have a stable-value token with an unclassified redemption commitment, a front end routing stablecoin transactions for compensation, or a token design in the hybrid gray zone, the classification is worth documenting before January 2027. 

If you have any questions, reach out and we will give you a clear read on where you stand.

This post is for informational purposes only and does not constitute legal advice. The GENIUS Act's implementing rules are all in proposed form as of the date of this post; operative compliance details remain subject to change. Consult qualified legal counsel regarding your specific situation.