What Did Coinbax File With FinCEN and OFAC?
On April 21, 2026, Coinbax submitted a public comment in response to the joint Notice of Proposed Rulemaking (NPRM) issued by the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) on Permitted Payment Stablecoin Issuer (PPSI) Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions Compliance Program Requirements, implementing provisions of the GENIUS Act. The filing is entered under Docket No. FINCEN-2026-0100 (FR Doc 2026-06963) and is signed by Coinbax founder and Chief Executive Officer Peter Glyman.
The comment supports the proposed framework and offers three recommendations aimed at ensuring the final rule works for both traditional financial institutions exploring stablecoin distribution and the broader digital asset ecosystem that relies on public blockchain infrastructure.
The guiding principle across all three recommendations:
Compliance obligations should attach to the regulated entity in a transaction, not to the transaction itself. Applied consistently, this principle stops bad actors where they enter regulated financial infrastructure while preserving the openness and accessibility of public blockchain networks for the individuals, developers, and communities who rely on them.
What Does Coinbax Support in the Proposed Framework?
The comment endorses the proposal’s treatment of PPSIs as financial institutions subject to Bank Secrecy Act obligations, describing the framework as “proportionate” and “risk-based.” Specifically, Coinbax supports:
- The five core obligations — AML program maintenance, recordkeeping, suspicious activity monitoring and reporting, technical transaction controls, and customer identification
- The technical capability requirement — the obligation that PPSIs maintain the ability to block, freeze, and reject impermissible transactions and to comply with lawful orders to seize, freeze, burn, or prevent transfers
- The primary/secondary market distinction — the NPRM’s analytical framework separating PPSI activity as a direct party (issuance, redemption, custodial services) from secondary market activity that does not involve the PPSI as a direct party beyond its smart contract
On the technical capability requirement, the comment underscores a point that has not always been recognized in financial regulation:
In a blockchain-based payment system, compliance is not only a policy function. It is an engineering function. A requirement that exists only in a policy document but cannot be enforced at the transaction layer offers limited protection.
What Did Coinbax Recommend?
Scope Compliance to the Point of Regulated Contact, Not Every Point on the Chain
PPSI obligations should govern the issuer’s direct interactions with holders and the technical controls embedded at issuance. When a payment stablecoin moves peer-to-peer between two individuals on a public blockchain, no PPSI is a party to that transaction beyond the existence of its underlying smart contract — and the PPSI’s compliance obligations at the issuance layer (KYC, AML program, sanctions screening) have already been satisfied.
Coinbax recommends the final rule make explicit that secondary market activity between individuals, not involving a regulated entity as a party, does not independently trigger PPSI compliance obligations for those individual transactions. This tracks how the existing BSA framework treats cash and other payment instruments — the obligation attaches to the financial institution in the transaction, not to every downstream use of the currency once it is in circulation.
Adopt Technology-Neutral Standards for Block, Freeze, and Reject Capabilities
The block, freeze, and reject obligation should be articulated in technology-neutral terms that work across both centralized and decentralized architectures. In a centralized architecture, these capabilities may be implemented through account-level controls administered by the PPSI or a qualified infrastructure provider. In a decentralized architecture, equivalent controls may be implemented through on-chain smart contract logic — programmable transaction conditions, time-delayed execution windows, multi-party authorization requirements, or automated return-of-funds mechanisms — that achieve the same compliance outcome without requiring the PPSI to hold or intermediate funds.
The comment recommends that FinCEN and OFAC develop supplemental technical guidance — in consultation with practitioners across both communities — establishing minimum functional standards for block, freeze, and reject capabilities, so PPSIs, their infrastructure providers, and their examiners share a consistent basis for evaluating whether technical controls meet the rule.
Clarify the Regulatory Status of Qualified Third-Party Infrastructure Providers
The NPRM places compliance obligations on PPSIs but does not address the role of third-party technology providers whose infrastructure PPSIs and their banking partners will rely on to meet the rule’s technical requirements. The comment recommends two clarifications:
- PPSIs may satisfy their technical compliance obligations through qualified third-party infrastructure providers, subject to appropriate vendor oversight, due diligence, and contractual accountability — mirroring established BSA guidance for depository institutions that rely on compliance vendors.
- FinCEN and OFAC should issue guidance clarifying the regulatory treatment of technology providers that supply control infrastructure to PPSIs and other regulated entities. Providers whose business is building and operating compliance technology — and whose role does not involve issuing, holding, transmitting, redeeming, or taking custody of payment stablecoins — should operate within a defined, stable regulatory category that reflects their actual function.
The comment frames this as necessary to support a healthy ecosystem of specialized providers serving both traditional financial institutions and digital-native participants, “rather than a consolidation of compliance capability in the largest incumbents.”
Why Does This Matter for Financial Institutions?
The FinCEN/OFAC rule will shape how banks, credit unions, trust companies, and fintechs approach stablecoin adoption. A well-calibrated framework allows institutions to offer stablecoin-enabled products within their existing risk and compliance programs; an overbroad one risks pushing activity outside the regulated perimeter or stalling institutional participation altogether.
Coinbax’s recommendations are designed to keep the framework workable in practice:
- Clarity on where obligations sit helps institutions design compliance programs and vendor relationships with confidence.
- Technology-neutral, functionally-defined standards avoid locking the rule to any single chain or architecture, reducing the need for frequent rewrites.
- Defined treatment of qualified third-party infrastructure lets institutions adopt programmable payments without building deep blockchain compliance engineering in-house.
The Coinbax Perspective
Coinbax builds programmable controls infrastructure for the payment stablecoin ecosystem and writes from direct experience building the technical controls layer that regulated entities need to meet these obligations. Stablecoins only become durable banking infrastructure when the compliance model is as predictable as the settlement model — which is why Coinbax’s platform centers on programmable escrow, built-in reversibility, and real-time compliance applied at the points where regulated institutions operate.
As the comment concludes:
Stablecoin payments can be fast, accessible, and compliant. Those goals are not in tension. The framework this NPRM proposes moves the ecosystem meaningfully in that direction, and Coinbax supports it.
The recommendations Coinbax offers are grounded in a simple conviction — one that underpins the filing from top to bottom:
Effective compliance attaches to regulated entities at the points where they participate in transactions, enforced through technical controls that actually work — not through surveillance of every interaction that occurs on a public network.
Coinbax will continue to work with regulators, issuers, and financial institutions to help make the final rule workable for everyone inside the regulated perimeter.
Frequently Asked Questions
What docket did Coinbax comment on?
Coinbax submitted comment FINCEN-2026-0100-0008 on the joint FinCEN and OFAC NPRM implementing the payment stablecoin provisions of the GENIUS Act. The submission covers Docket No. FINCEN-2026-0100 (FR Doc 2026-06963).
Does Coinbax support the proposed rule?
Yes. Coinbax endorses the overall framework — including the five core BSA obligations for PPSIs and the requirement that issuers maintain block, freeze, and reject capabilities — and offers three recommendations focused on implementation: scoping compliance to the point of regulated contact, adopting technology-neutral functional standards, and clarifying the status of qualified third-party infrastructure providers.
What does “compliance at the point of regulated contact” mean?
PPSI compliance obligations should attach to the issuer’s direct interactions with holders — issuance, redemption, and custodial services — and to the technical controls embedded at issuance, not to secondary market peer-to-peer activity where no regulated entity is a party. This mirrors how the BSA treats cash: obligations sit with the financial institution in the transaction, not with every downstream use once currency is in circulation.
Why does technology neutrality matter for block, freeze, and reject capabilities?
Both centralized and decentralized architectures can achieve the outcomes the GENIUS Act requires — centralized systems through account-level controls, decentralized systems through on-chain smart contract logic. A functional, technology-neutral standard enables compliant innovation across both environments and avoids inadvertently privileging one market structure over another.
Who signed the comment on behalf of Coinbax?
The comment was submitted by Peter Glyman, founder and CEO of Coinbax, Inc.