Today, HPC and Paradigm filed a joint comment in response to FinCEN and OFAC’s proposed rule implementing the GENIUS Act’s AML and sanctions compliance requirements for permitted payment stablecoin issuers (“PPSIs”). We broadly support the proposed rule, and in particular FinCEN’s decision to tailor most issuer obligations to the primary market, but write to recommend that certain secondary market obligations be clarified or narrowed to avoid unintended consequences for permissionless blockchain infrastructure and the DeFi ecosystem.

The proposed rule is organized around a distinction between two categories of issuer activity, which determines the scope of compliance obligations an issuer faces: 

• Primary market activities are those where the issuer has a direct customer relationship, such as token issuance, redemptions, and custody. 

• Secondary market activities are downstream transactions where the issuer is not a party, but its smart contract is used for peer-to-peer transfers and trading on decentralized exchange protocols.

FinCEN generally calibrates issuer obligations to the primary market, where the issuer has the information and customer relationships necessary to comply, and takes a more limited approach to the secondary market, where the issuer typically knows nothing beyond wallet addresses and transaction amounts. 

Our comment endorses that approach. The BSA imposes compliance obligations on entities that maintain direct relationships with their customers, not on every downstream use of those customers’ assets. A bank, for example, conducts due diligence on the customer who opens an account, not on how that customer spends cash after withdrawing it from an ATM. The same principle should guide the agencies’ implementation of AML and sanctions requirements for stablecoins deployed to permissionless environments.

OFAC’s proposed framework, however, does not follow this principle. OFAC sweeps secondary market activity into the issuer’s compliance perimeter, treating smart contract interactions as an ongoing “provision of services” that carries sanctions liability regardless of whether the issuer has any relationship with, or visibility into, the transacting parties. As proposed, issuers are subject to strict liability for transactions they cannot meaningfully police. 

An issuer facing obligations it cannot meet on the secondary market has a strong incentive to deploy only to permissioned environments, pulling U.S.-regulated stablecoins out of DeFi and creating a void filled by unregulated, offshore, non-dollar alternatives. It would undo the current regulatory spring and restore the brutal winter of the past administration. 

Read broadly, certain provisions of the proposed rule could also extend obligations to developers, validators, and other infrastructure participants that Congress deliberately excluded from the GENIUS Act’s regulatory purview.

With those concerns in mind, our comment encourages the agencies to:

• Maintain FinCEN’s secondary market SAR approach and maintain the decision not to require SARs on secondary market activity.

• Confirm that § 1033.320(g)’s “conducted through” safe harbor extends to downstream protocol participants, including developers of decentralized exchange protocols and lending protocols, and that the Travel Rule does not apply to pseudonymous secondary market wallet-to-wallet transfers where the issuer has no relationship with the transacting parties.

• Extend the SAR safe harbor to developers of decentralized protocols, self-custody interfaces, and similar platforms to incentivize voluntary cooperation with the government on illicit finance.

• Recognize programmable compliance controls such as smart-contract-level transfer restrictions and blacklist enforcement as satisfying the GENIUS Act’s technical capabilities requirements.

• Clarify that “lawful order” obligations apply only to PPSIs, not to validators, protocol developers, or other participants Congress excluded from the GENIUS Act’s scope.

• Define “customer relationship” for CDD purposes to exclude secondary market wallet holders who have no direct relationship with the issuer.

• Narrow the definition of “payment stablecoin-related activity” and reconsider OFAC’s treatment of smart contract interactions, which is in tension with both FinCEN’s approach elsewhere in the proposed rule and the Fifth Circuit's holding in Van Loon v. Department of the Treasury, by excluding secondary market transactions where issuers have no direct relationship with users and allowing issuers to satisfy the “reject” obligation through a blocklist of OFAC-designated addresses.

• Give compliant issuers meaningful credit under the sanctions enforcement framework, including a rebuttable presumption that issuers implementing all five required sanctions compliance program elements maintain an “effective” program, specified penalty reductions, and clarity on the “knowing” violation standard.

HPC is focused on ensuring that U.S. market participants can access decentralized markets built on public blockchains like Hyperliquid, and that U.S.-regulated stablecoins remain available and competitive in the market. We look forward to continuing our engagement with Treasury, FinCEN, and OFAC to that end.

Read our full comment letter here.