The U.S. financial system has entered a new era. With the passage of the GENIUS and CLARITY Acts, stablecoins are now fully recognized under federal law. These digital tokens, which are backed one-to-one by U.S. dollars, have moved from the sidelines to the mainstream of regulated banking.
This is more than a policy update. The new legislation signals a shift in how financial institutions must manage risk and compliance. Financial services leaders now face a critical question: Is our regulatory and compliance infrastructure prepared to absorb and operationalize this change?
What’s Changing for Banking Risk & Regulation
Stablecoins are already in wide use as pricing tools, trading instruments, and payment rails. Today, around 99% of stablecoin market cap is denominated in U.S. dollars.
What’s new is the regulatory context. The GENIUS Act establishes a framework for how banks and credit unions can issue and manage stablecoins. The CLARITY Act defines how these digital assets fit into the broader financial system. Together, the two laws will have a major impact on how digital currencies are governed in the U.S.
Qualified financial institutions now have the legal foundation to issue payment stablecoins, offer custody and clearing services through a wholly owned subsidiary, and integrate blockchain-based assets into their operations. While this opens the door to new services and opportunities (e.g., spot clearing on the distributed ledger), it also introduces layers of operational complexity. Institutions will need to revise internal controls, processes, and governance documents to include payment stablecoins. They should expect increased supervision and examination scrutiny of payment stablecoins, particularly around anti–money laundering and sanctions compliance.
Financial institutions will also need to react to macro shifts, like changes to the U.S. Bankruptcy Code, that provide greater customer protection. They’ll also likely need to change how they interact with financial market intermediaries, like the Depository Trust and Clearing Corporation (DTCC) and International Swaps and Derivatives Association (ISDA).
The New Oversight Landscape
Together, the GENIUS and CLARITY Acts create a distributed regulatory environment with multiple agencies—each with distinct oversight, enforcement, and documentation standards.
Who are the regulators? The Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Federal Reserve Board (FRB), National Credit Union Administration (NCUA), U.S. Department of the Treasury (including FinCEN), state payment stablecoin regulators, and Stablecoin Certification Review Committee.
What are the responsibilities? The OCC supervises federally qualified stablecoin issuers, shares joint authority over larger issuers, and handles licensing and examinations. The FDIC oversees bank subsidiaries issuing stablecoins and supervises insured depository institutions and certain state-chartered banks under defined thresholds. The Federal Reserve Board regulates permit-holding bank subsidiaries, particularly those with issuance above $10 billion, and advises on system-wide risk, reserves, and liquidity.
The NCUA monitors credit union subsidiaries that issue stablecoins, ensuring compliance with the Act and related rules. The U.S. Department of the Treasury, including FinCEN, leads coordination on AML, sanctions, and BSA compliance across all issuers. Treasury may issue additional rules, including for foreign issuers, and sets principles for evaluating state-level regulatory equivalency.
State payment stablecoin regulators oversee issuers with less than $10 billion in outstanding issuance and must align with federal standards in certified “substantially similar” regimes. The Stablecoin Certification Review Committee certifies state regime equivalency and authorizes oversight transitions for qualifying state-chartered issuers.
Who are the regulators? Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), U.S. Department of the Treasury (including FinCEN), and state securities and banking regulators.
What are the responsibilities? The SEC oversees digital assets classified as securities, including permitted payment stablecoins. It also regulates trading platforms that support these assets and enforces rules around investor protection and fraud.
The CFTC regulates digital commodities, such as crypto assets that do not meet the definition of a security. It is the primary regulator of spot market activity in this space.
The Department of the Treasury, through FinCEN, is responsible for anti–money laundering and BSA enforcement across all digital asset intermediaries. State securities and banking regulators continue to enforce local licensing requirements and consumer protections
The implications of this new regulatory model will require financial leaders to change how risk, compliance, and governance are managed across the organization.
How to Succeed in the New Digital Asset Era
The volume and complexity of change is high. Banks must now track the impact of evolving federal and state guidance, assess legal risk, update internal controls, and document those changes across multiple systems and business units. Many institutions maintain thousands of governance documents—from internal policies and procedures to customer communications, third-party contracts, and regulatory filings—depending on their structure and footprint. All of these will need to be modified and updated to manage risk and avoid noncompliance.
This is not a one-time activity. Compliance teams will have to track how emerging laws reshape existing documentation and controls. They will also need a way to detect gaps, identify outdated requirements, and coordinate updates across distributed teams. The ability to do this quickly and accurately will be a competitive differentiator.
To succeed, governance must become an integrated, technology-enabled capability that supports operational resilience, audit readiness, and sustained regulatory alignment. An AI-powered governance approach delivers benefits beyond updating documents:
- Regulatory change impact mapping: Identifying which documents and controls are affected when a regulation changes and notifying the right owner via Workday mapping.
- Control gap detection: Flagging procedures that lack sufficient control coverage and proposing control change recommendations to close the gap.
- Control rationalization engine: Grouping semantically similar controls and recommending macro-controls to reduce complexity and support enterprise-wide automation.
- Workflow integration: Plugging results into ServiceNow or tasking routing environments to trigger remediation or review workflows.
- Workforce planning: Understanding the people-power needed to address the impact of anticipated changes, allowing users to simulate a change, and determining the full set of resources needed to respond.
With effective dates approaching and regulators actively shaping the landscape, the time to act is now. Financial services leaders that modernize their risk, compliance, and governance functions now will position themselves to lead in a digital-first financial system.
Ready to realize the benefits of AI-driven regulatory compliance? North Highland helps financial institutions strengthen regulatory infrastructure, streamline governance, and respond confidently to change. We help leaders identify areas where AI-powered policy and regulatory intelligence can drive significant compliance improvements and operational efficiencies.
REGRISK.IA
North Highland's AI-enabled governance platform—RegRiskIA—offers a seamless solution that receives real-time updates of changes in regulation and law from all around the world. It analyzes ERM bank policy and determines which clauses in the documents need to be changed, then cascades those top-of-the-house changes down to business unit documents.
The volume and intricacy of information change brought on by the introduction of US payment stablecoin can be overwhelming, but RiskRegIA enables banks to cascade changes through to all applicable policies, procedures, controls, standards, job aids and even training materials.
RiskRegIA is built behind the bank’s firewall, is compatible with the existing tech stack, and produces auditable results without black box calculations. This platform provides financial institutions with an innovative solution for transforming dense regulatory information into easily accessible, actionable intelligence.
