Beyond the Hype: 5 Critical Regulatory Risks the GENIUS Act Has Not Solved
The stablecoin industry has waited years for clear regulatory guidance. When the GENIUS Act arrived as America’s first comprehensive stablecoin legislation, the crypto industry greeted it with considerable enthusiasm. Supporters argued it would bring legitimacy, consumer protection, and a clear framework for digital dollar innovation.
The celebration, however, deserves scrutiny. The GENIUS Act does establish important foundational rules, including mandatory 1:1 reserve backing, monthly transparency disclosures, and annual audits for larger issuers. Yet significant gaps remain in the legislation. Critics, including members of the Senate Banking Committee, have identified specific areas where the bill falls short of its stated goals on financial crime, national security, and systemic risk.
This post examines five critical regulatory risks that the GENIUS Act has not adequately resolved. Each risk is grounded in analysis from the Senate Banking Committee, the US Treasury, legal experts atSteptoe, and alternative dispute resolution specialists at JAMS. Whether you work in compliance, fintech, policy, or investment, understanding these unresolved risks is essential.
What Is the GENIUS Act and What Does It Actually Do?
The GENIUS Act stands for Guiding and Establishing National Innovation for US Stablecoins. It is the first piece of federal legislation to directly regulate payment stablecoins, which are digital assets designed to maintain a stable value relative to the US dollar or another reference asset. The bill creates a licensing framework for what it calls Permitted Payment Stablecoin Issuers (PPSIs) and sets out rules for their reserves, disclosures, and oversight.
According to the Senate Banking Committee’s Myth vs Fact document, the bill requires stablecoins to be backed 1:1 at all times with no exceptions. It prohibits riskier reserve assets such as corporate debt or equities. Furthermore, it mandates monthly disclosures examined by registered accounting firms, annual audits for larger issuers, and stablecoin holder priority in insolvency proceedings. These are genuine improvements over the regulatory vacuum that previously existed.
The bill also carries forward existing Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) obligations for stablecoin issuers. PPSIs will be required to retain the ability to freeze tokens involved in illicit activity, including tokens held in non-custodial wallets by parties with no direct relationship to the issuer. These features represent a meaningful step forward. However, as the following five sections demonstrate, each new rule creates new questions that the legislation leaves unanswered.
GENIUS Act: What It Establishes vs. What Remains Unresolved
| Regulatory Area | What the GENIUS Act Establishes | What Remains Unresolved |
| Reserve Backing | Mandatory 1:1 backing; no risky assets | Secondary market monitoring scope unclear |
| Financial Crime | AML/CFT obligations carried forward for issuers | Exchanges and DeFi platforms largely excluded |
| Crypto Mixers | No fix was provided despite the court ruling gap | Tornado Cash-type loophole remains open |
| Foreign Issuers | Some guardrails on foreign stablecoin issuers | Jurisdictional arbitrage risk unaddressed |
| DeFi Platforms | Narrow prohibition on noncompliant issuer dealings | Trump-affiliated DeFi platforms may still operate |
| Reporting Standards | Public feedback process for best practices | No mandatory blockchain monitoring or SAR filing |
| AI Compliance Tools | Technology-agnostic framework maintained | Small institution AI compliance costs unaddressed |
Risk 1: The Anti-Money Laundering Gap for Exchanges and Service Providers
The most fundamental flaw identified in the GENIUS Act is its failure to extend AML and counter-terrorism financing controls to the full range of entities that handle stablecoins. The bill imposes obligations on stablecoin issuers. However, it does very little about the exchanges, custodians, and other Digital Asset Service Providers (DASPs) through which those stablecoins are actually traded and moved.
According to a critical analysis published by the Senate Banking Committee, ‘controls on stablecoin issuers alone do nothing to address the national security vulnerabilities that arise as the stablecoins are traded widely through digital asset service providers, like exchanges, that move or custody cryptocurrencies.’ Put simply, regulating who prints the dollar does not prevent drug trafficking if every exchange that handles the dollar operates without oversight.
The Treasury Department has specifically asked Congress to clarify that these service providers are ‘financial institutions’ subject to the Bank Secrecy Act (BSA). The GENIUS Act does not make that clarification comprehensively. Consequently, a large portion of the stablecoin ecosystem continues to operate in a compliance grey zone. For compliance professionals and financial crime investigators, this gap is not a theoretical concern. It is an active vulnerability that bad actors are already exploiting.
The March 2026 Treasury report on the GENIUS Act reinforces this concern. It documents how ‘DASPs located in foreign jurisdictions that lack robust AML/CFT obligations’ enable illicit actors to ‘launder illicit proceeds’ through jurisdictional arbitrage. Addressing only the issuer layer while leaving the DASP layer unregulated is, as one Senate critic put it, like securing the front door while leaving the back door open.
Risk 2: The Crypto Mixer Loophole That Congress Chose Not to Close
Cryptocurrency mixers are services that blend digital assets from multiple users to obscure the transaction trail. They are primarily used to launder money by making it impossible to trace the origin of funds. Tornado Cash, the most prominent crypto mixer, was sanctioned by the US Treasury in 2022 for facilitating the laundering of hundreds of millions of dollars, including funds stolen by North Korean state-sponsored hackers.
A subsequent court ruling, however, created a serious problem. The court found that Treasury could not sanction the Tornado Cash smart contracts because they were immutable code rather than traditional property. This ruling effectively removed the Treasury’s ability to block mixer activity through sanctions alone. According to the Senate Banking Committee analysis, ‘the court found that only Congress could address the issue through legislation.’
Congress had the opportunity to fix this through the GENIUS Act. It did not. The bill ‘fails to include the fix, which was supported by every Democrat on the Committee,’ according to the Senate Banking Committee document. This omission is not a minor technical detail. North Korean hackers have used mixers to launder hundreds of millions of dollars that directly fund the country’s nuclear and ballistic missile programmes. Leaving this loophole open is a decision with direct national security consequences.
The Steptoe legal analysis confirms that the GENIUS Act’s approach to mixers remains unresolved. The Biden administration had proposed a rule to address mixers and tumblers specifically, but that rule was never finalised. According to Steptoe, ‘it is unclear if the Trump administration will seek to borrow from that proposed rule or to start from scratch.’ Until that question is answered, the mixer loophole remains one of the most serious unresolved risks in the GENIUS Act framework.
Risk 3: Decentralised Finance Platforms and the Noncompliance Carve-Out
Decentralised finance, commonly known as DeFi, refers to blockchain-based financial services that operate without traditional intermediaries such as banks or brokerages. DeFi platforms use smart contracts to enable lending, trading, and other financial activities. They are, by design, difficult to regulate because they have no central operator to hold accountable.
The GENIUS Act addresses DeFi in a notably limited way. It prohibits a narrow set of ‘digital asset service providers’ from engaging with stablecoin issuers that are not compliant with the law. However, the Senate Banking Committee analysis points out that this prohibition is too narrow. It notes that the bill ‘allows decentralised finance exchanges and platforms like the Trump family’s World Liberty Financial to continue doing business with issuers that violate the law.’
The mention of World Liberty Financial, a DeFi platform associated with the Trump family, adds a politically charged dimension to this gap. Critics argue that the carve-out for certain DeFi platforms was not accidental. Regardless of political motivation, the practical effect is the same: DeFi platforms that interact with noncompliant issuers face limited consequences under the current legislation. This creates a structural incentive for noncompliant stablecoin issuers to route their activity through DeFi channels.
The JAMS analysis adds a further dimension to this risk. It notes that the GENIUS Act’s framework ‘calls for tailored risk management standards for financial institutions interacting with decentralised finance protocols.’ However, these standards are not specific to PPSIs. They apply to all financial institutions subject to the BSA. According to Steptoe, this ‘could result in new rules for all digital asset companies that are subject to the BSA,’ creating a broad but poorly defined compliance obligation.
The 5 Critical Regulatory Risks: Summary Analysis
| Risk | Core Problem | Severity | Likelihood of Near-Term Fix |
| 1. AML Gap for DASPs | Exchanges and service providers lack mandatory BSA obligations | High | Medium (FinCEN rulemaking expected) |
| 2. Crypto Mixer Loophole | Congress failed to legislate the post-Tornado Cash court ruling gap | Very High (national security) | Low (political will unclear) |
| 3. DeFi Noncompliance Carve-Out | Narrow prohibition leaves DeFi platforms outside the compliance scope | High | Low (DeFi regulation politically contested) |
| 4. Jurisdictional Arbitrage | Foreign DASPs exploit regulatory differences to launder funds | High | Medium (FATF pressure ongoing) |
| 5. Secondary Market Monitoring Ambiguity | Scope of issuer’s obligation to monitor post-issuance activity unclear | Medium-High | High (FinCEN guidance expected) |
Risk 4: Jurisdictional Arbitrage and the Foreign DASP Problem
One of the most structurally difficult problems in digital asset regulation is jurisdictional arbitrage. Digital assets move across borders instantly and at negligible cost. A stablecoin issued under the GENIUS Act’s strict US framework can be transferred within seconds to an exchange operating in a country with minimal AML requirements. At that point, the careful compliance work done by the US issuer becomes largely irrelevant.
The Treasury’s March 2026 GENIUS Act report explicitly identifies this as a systemic vulnerability. It describes how ‘uneven and often inadequate regulation and supervision across jurisdictions allow certain DASPs and illicit actors to engage in regulatory arbitrage, where companies or individuals exploit differences between laws and regulations in different jurisdictions and systems to avoid stricter rules without changing their underlying economic activity.’ This is not a hypothetical risk. It is an actively exploited vulnerability.
The report also notes that ‘the US financial system may be exposed to risks related to DASPs operating from jurisdictions with weak or nonexistent AML/CFT obligations.’ Six years ago, the Financial Action Task Force (FATF) identified this problem and established the Travel Rule to require DASPs to share sender and recipient information across borders. However, implementation remains uneven globally. Several jurisdictions that attract crypto businesses have adopted the Travel Rule in name only, with enforcement that falls well short of FATF standards.
The GENIUS Act addresses foreign stablecoin issuers to some degree. The Senate Banking Committee’s Myth vs. Fact document states that the bill ‘imposes guardrails on affiliate transactions to prevent large issuers from abusing market power.’ Nevertheless, the core arbitrage vulnerability, whereby illicit funds flow through foreign DASPs to evade US oversight, remains structurally unaddressed. Solving this problem ultimately requires international regulatory coordination that the GENIUS Act alone cannot deliver.
Risk 5: Secondary Market Monitoring Ambiguity
The fifth unresolved risk concerns the scope of a stablecoin issuer’s obligations after a token has been issued and is trading in the secondary market. The GENIUS Act requires PPSIs to retain the ability to freeze tokens involved in illicit activity. What it does not clearly define is how proactively issuers must monitor the secondary market to identify illicit activity in the first place.
According to Steptoe, ‘one critical question left unanswered in the GENIUS Act is to what degree stablecoin issuers will be expected to proactively monitor and intervene in the secondary market, as opposed to merely responding to law enforcement and regulator requests.’ This distinction matters enormously for compliance programme design and cost.
A reactive model, where issuers only act when contacted by law enforcement, requires minimal infrastructure. A proactive monitoring model, where issuers continuously analyse blockchain transactions to detect suspicious patterns and file Suspicious Activity Reports, requires sophisticated technology, data science capability, and ongoing investment. For large issuers like Tether or Circle, this is manageable. For smaller and emerging issuers, the compliance cost could be prohibitive.
The Senate Banking Committee analysis identifies a related failure. The bill ‘fails to require issuers to monitor blockchains and report criminal activity,’ instead ‘simply requiring Treasury to solicit public feedback and to issue rules or guidance in the future on best practices.’ Steptoe notes that it ‘appears likely that FinCEN will impose at least some secondary market monitoring requirements on issuers, but the scope of those obligations is unclear and will need to be delineated by FinCEN in guidance or regulations.’ Until that guidance arrives, issuers face genuine uncertainty about what standard they are being held to.
The Blockchain Reporting Gap: No Mandatory Suspicious Activity Reports
Closely linked to the secondary market monitoring ambiguity is the absence of a mandatory requirement for stablecoin issuers to file Suspicious Activity Reports (SARs) based on blockchain data they observe. Traditional financial institutions, including banks and money service businesses, are required to file SARs whenever they detect suspicious transaction patterns. This reporting system is the backbone of financial intelligence in the United States.
The Senate Banking Committee document is direct: the bill ‘fails to require issuers to monitor blockchains on which their stablecoins are traded and report suspicious activity they see.’ The logic for requiring such reporting is straightforward. Public blockchains are transparent by design. An issuer whose token is being used to facilitate a criminal transaction can often see that transaction in real time. Requiring them to report it ‘would level the playing field and avoid rewarding issuers that would do less to detect crime,’ according to the committee’s analysis.
Instead, the GENIUS Act takes a much softer approach. It tasks Treasury with soliciting public feedback and issuing future guidance on ‘best practices.’ This voluntary, guidance-based approach to a core financial crime reporting obligation is a significant departure from the mandatory SAR regime that applies to every other regulated financial institution. Furthermore, it creates an uneven competitive landscape. Issuers who invest in robust monitoring are effectively subsidising law enforcement, while competitors who do the minimum face no corresponding penalty.
National Security Implications: What the Critics Are Really Worried About
Reading between the lines of the legislative criticism, the core concern is not technical compliance details. It is national security. The Senate Banking Committee’s analysis is titled ‘The GENIUS Act Risks US National Security,’ which signals the urgency with which critics view these gaps.
The specific threats identified include North Korean state-sponsored hackers using crypto mixers to fund weapons programmes, Iranian sanctions evasion through crypto channels, and Russian oligarchs using stablecoins to circumvent financial sanctions imposed after the invasion of Ukraine. Each of these threat scenarios is real and documented. The U.S. Office of Foreign Assets Control (OFAC) has repeatedly identified cryptocurrency as a significant tool for sanctions evasion.
The GENIUS Act does give the Treasury some tools to respond to these threats. However, the committee analysis notes that the bill ‘fails to give Treasury new enforcement tools’ beyond requiring consultation ‘with issuers before taking action to block transactions.’ This consultation requirement could, critics argue, give bad actors a warning of imminent asset freezes. For law enforcement agencies accustomed to acting swiftly on financial intelligence, this procedural constraint represents a genuine operational impediment.
The AI Compliance Cost Problem: Small Institutions Left Behind
One less-discussed but practically significant risk concerns the cost of compliance technology. The Treasury’s March 2026 report acknowledges that while AI-powered compliance tools can reduce ongoing costs over time, ‘adopting and implementing these tools requires large upfront costs for financial institutions.’ These costs may prove prohibitive to smaller financial institutions, particularly those that are unable to dedicate resources to train their own AI systems.’
This creates a structural problem for the GENIUS Act’s stated goal of promoting innovation and competition in the stablecoin market. If compliance with the Act’s requirements, particularly if FinCEN imposes meaningful secondary market monitoring obligations, requires sophisticated AI infrastructure, then the practical barrier to entry for new and smaller issuers rises significantly. The result could be a market where only well-capitalised incumbent issuers can operate, which is the opposite of the competitive, innovative ecosystem that the legislation’s proponents envision.
The Treasury report also highlights challenges around digital identity and interoperability. It notes that ‘fragmentation between federal, state, and other digital identity initiatives and standards highlights the need for national alignment. Interoperability between different digital identities also remains a challenge.’ Furthermore, ‘many financial institutions are running legacy systems that may require significant, costly upgrades to integrate digital identity tools.’ These operational realities are not addressed in the GENIUS Act’s text.
GENIUS Act Compliance Obligations: Certain vs. Uncertain
| Obligation | Status Under GENIUS Act | Regulatory Body | Timeline |
| 1:1 Reserve Backing | Mandatory, clearly defined | Federal / State regulators | Immediately upon licensing |
| Monthly Reserve Disclosures | Mandatory, accounting firm examined | Federal / State regulators | Immediately upon licensing |
| Annual Audit (large issuers) | Mandatory for issuers above the threshold | Federal regulators | Annually |
| Token Freezing Capability | Mandatory for PPSIs | FinCEN / regulators | Immediately upon licensing |
| KYC / Sanctions Compliance | Carried forward, some enhancements | FinCEN | Immediate |
| Secondary Market Monitoring | Unclear; FinCEN guidance pending | FinCEN | To be determined |
| Blockchain-Based SAR Filing | Not required; best practices TBD | FinCEN / Treasury | Future rulemaking |
| Mixer / Tumbler AML Rules | Not addressed; prior rule not finalised | FinCEN | Uncertain |
| DeFi Platform Obligations | Narrow and disputed | Federal regulators | Ongoing litigation likely |
What Supporters Say: The Case for the GENIUS Act as Written
Fairness requires acknowledging that the GENIUS Act does represent meaningful progress. Its supporters make legitimate points that deserve examination alongside the criticisms. Understanding both sides allows readers to form an informed view of where the legislation actually stands on the spectrum between inadequate and excellent.
The Senate Banking Committee’s Myth vs Fact document argues that the bill directly addresses the failures seen in past stablecoin collapses. Collapsed stablecoins previously held risky assets or fractional reserves. Both practices are now banned. Failed issuers hid their reserve composition. Mandatory monthly disclosures now address that directly. Past collapses lacked federal audit requirements. The GENIUS Act mandates annual audits for larger issuers.
Supporters also point to the insolvency protection provisions. Stablecoin holders are now explicitly prioritised ahead of other creditors in the event of an issuer failure. This protection was absent in previous collapses, leaving retail holders with little recourse. Additionally, the bill’s anti-tying restrictions prevent large issuers from using their market power to force customers into purchasing additional products or services. These consumer protection measures are genuine improvements over the pre-GENIUS status quo.
What the Legal and Compliance Community Is Doing in Response
Compliance professionals, legal advisers, and financial crime specialists are not waiting for perfect legislation. They are building frameworks now based on the obligations the GENIUS Act establishes, while preparing for the FinCEN guidance that will fill the gaps. Understanding how the compliance community is responding provides practical insight for any organisation that interacts with stablecoins.
According to Steptoe’s detailed guide, PPSIs should be building KYC programmes, sanctions screening systems, and token freezing infrastructure now, even before FinCEN finalises the scope of their obligations. Proactive compliance investment is strategically wise. Institutions that build robust systems early will face fewer disruptions when new guidance arrives, and they may benefit from regulatory goodwill that institutions playing catch-up will not enjoy.
The JAMS analysis adds a dispute resolution perspective. It notes that ‘questions about reserve custody, interest allocation and the meaning of permitted use may quickly become sources of contention.’ Furthermore, ‘a delayed redemption, a misinterpreted audit result or inconsistent reserve disclosures could spark mass claims or class actions, echoing prior disputes in the digital asset space.’ The GENIUS Act does not eliminate such risks; it merely formalises the rules of engagement.’ For legal teams, this means preparing dispute resolution strategies alongside compliance programmes.
International Perspectives: How Other Jurisdictions Compare
The GENIUS Act does not exist in an international vacuum. Other major jurisdictions are simultaneously developing their own stablecoin and digital asset regulatory frameworks. Comparing these approaches illuminates both the strengths and gaps in the US legislation.
The European Union’s Markets in Crypto-Assets Regulation (MiCA) came into force in 2024 and provides a comprehensive framework that covers stablecoins, crypto exchanges, and wallet providers within a single regulatory structure. Unlike the GENIUS Act, MiCA explicitly includes crypto asset service providers in its scope, addressing a significant portion of the DASP gap that US critics have identified in American legislation.
The United Kingdom has taken a phased approach through the Financial Services and Markets Act 2023, which extended the Bank of England’s and FCA’s regulatory perimeter to include stablecoins used as payment instruments. Singapore, meanwhile, has implemented the Monetary Authority of Singapore‘s stablecoin framework, requiring issuers to maintain adequate reserves and comply with AML/CFT standards. Each of these frameworks has different strengths and gaps compared to the GENIUS Act, but all three countries have moved more decisively on DASP oversight than the US legislation currently does.
What Needs to Happen Next: Recommendations for Closing the Gaps
Identifying problems without discussing solutions provides limited value. Based on the analysis in this post, several concrete regulatory actions would materially reduce the five risks identified. Some of these actions require new legislation. Others can be achieved through agency rulemaking under existing authority.
FinCEN should issue clear guidance on secondary market monitoring obligations promptly. The longer issuers operate without knowing their monitoring responsibilities, the greater the risk of inconsistent compliance practices across the market. A clear, tiered framework, with lighter requirements for smaller issuers and more demanding standards for systemic players, would resolve the ambiguity that currently exists.
Congress should address the crypto mixer loophole through a targeted amendment. The court ruling that stripped the Treasury’s ability to sanction Tornado Cash-type smart contracts has a specific and narrow fix that enjoys bipartisan support at the technical level. Political will is the barrier, not technical complexity. Additionally, Treasury and FinCEN should work through FATF to push for consistent Travel Rule implementation internationally, reducing the jurisdictional arbitrage that currently undermines even well-designed domestic regulation. These steps will not solve every problem. However, they would meaningfully reduce the national security risks that critics rightly continue to raise.
Conclusion: Regulation as a Starting Point, Not an Endpoint
The GENIUS Act is a genuine milestone in US stablecoin regulation. It establishes foundational rules that were genuinely absent before its passage. Reserve requirements, transparency obligations, audit mandates, and consumer insolvency protections are all meaningful improvements. Nobody who understands the pre-GENIUS regulatory vacuum should dismiss these achievements.
At the same time, the five critical risks examined in this post are real, documented, and consequential. The AML gap for exchanges and service providers, the crypto mixer loophole, the DeFi noncompliance carve-out, jurisdictional arbitrage, and secondary market monitoring ambiguity are not minor technical wrinkles. They are structural vulnerabilities that sophisticated bad actors will continue to exploit until they are addressed.
The Senate Banking Committee, the US Treasury, legal experts at Steptoe, and dispute resolution specialists at JAMS have all independently identified variations of the same concern: the GENIUS Act is a better foundation than nothing, but it is not a completed building. The compliance community, the financial crime enforcement community, and the digital asset industry all have a role in pressing for the additional rules, guidance, and international coordination that will turn a promising start into a genuinely effective regulatory framework. The hype around the GENIUS Act deserves a clear-eyed counterweight. This post aims to provide exactly that.
Spend some time on your future.
To deepen your understanding of today’s evolving financial landscape, we recommend exploring the following articles:
How 1‑Bit LLMs Bring Real AI to Your Phone
The Rise of the Machines: What Algorithmic Trading Really Does
The 11 Money Ratios That Reveal Your True Financial Health
Bounced Check Consequences: What Happens and How to Fix It Fast
Explore these articles to get a grasp on the new changes in the financial world.
Disclaimer
This article is for informational and educational purposes only. It does not constitute legal, regulatory, compliance, or financial advice. The analysis reflects publicly available sources at the time of writing and may not reflect subsequent legislative or regulatory developments. Readers should consult qualified legal and compliance counsel before making decisions based on this content. The author and publisher accept no liability for actions taken in reliance on the information provided.
References
[1] US Senate Banking Committee. (2025). The GENIUS Act Risks US National Security. Senate.gov.
[2] US Senate Banking Committee. (2025). Myth vs. Fact: The GENIUS Act. Senate.gov.
[3] Steptoe LLP. (2025). The GENIUS Act and Financial Crimes Compliance: A Detailed Guide. Steptoe.com.
[4] JAMS. (2025). How the GENIUS Act Is Reshaping Stablecoin Regulation and Emerging Disputes. JAMSadr.com.
[5] US Department of the Treasury. (2026). GENIUS Act Illicit Finance Innovation Congressional Report. Treasury.gov.
[6] CoinDesk. (2022). US Treasury Sanctions Tornado Cash. CoinDesk.com.
[7] Investopedia. (2024). Bank Secrecy Act. Investopedia.com.
[8] Investopedia. (2024). Decentralised Finance (DeFi). Investopedia.com.
[9] Investopedia. (2024). Suspicious Activity Report (SAR). Investopedia.com.
[10] US Treasury OFAC. (2024). Sanctions Programs and Information. Treasury.gov.
[11] Financial Action Task Force. (2024). FATF Standards and Guidance. FATF-GAFI.org.
[12] European Securities and Markets Authority. (2024). Markets in Crypto-Assets Regulation (MiCA). ESMA.europa.eu.
[13] UK Parliament. (2023). Financial Services and Markets Act 2023. Legislation.gov.uk.
[14] Monetary Authority of Singapore. (2024). Digital Payment Tokens. MAS.gov.sg.
[15] Investopedia. (2024). Anti-Money Laundering (AML). Investopedia.com.
