GENIUS Act §104(d) & §104(e)

Regulatory Context

Stablecoin-Specific Transaction Monitoring

The GENIUS Act regime: The GENIUS Act (S.394, signed July 2025) creates the first stablecoin-specific transaction monitoring regime. §104(d) mandates ongoing monitoring. §104(e) mandates SAR filing. Together they define the KYT compliance surface.

Real-time obligation — Every customer transfer must be monitored for sanctions, behavioral patterns, and risk indicators
SAR checkpoint — Post-settlement, PPSIs must identify and file SARs for transactions >$5K with suspicious indicators
Cross-chain mandate — Monitoring must track transfers across bridges and multiple protocols, not just single-chain events
Risk-based KYC linkage — §104(d)(2) requires KYC re-verification when KYT flags trigger a risk threshold
Compliance deadline — Full §104 compliance required by July 2026 (18 months from enactment)

Ongoing Monitoring Mandate

§104(d): Real-Time Transaction Monitoring

d(1)

Real-Time Monitoring

Every customer transfer must be screened in real-time against sanctions lists, risk databases, and behavioral heuristics.

Trigger: Every on-chain transaction from a customer wallet
Screening layers: OFAC sanctions (via Chainalysis oracle or other sources), vendor risk APIs (Chainalysis KYT, Elliptic Lens, TRM Risk API)
Latency requirement: Must complete before settlement (typically <10 seconds on-chain)
Infrastructure: Chainalysis KYT API, Elliptic Lens, TRM Risk API at L4 Middleware; Chainalysis Sanctions Oracle at L3 Execution

d(2)

Risk-Based KYC Update

When a transaction triggers a risk threshold, the PPSI must update the customer's risk profile and may require re-verification of customer identity.

Trigger: KYT system flags "high" or "severe" risk on a transaction
Action: KYT system issues callback to KYC system for risk profile update and optional re-verification
Timing: Should occur post-settlement for investigation but may require pre-release holds
Integration point: KYT→KYC loop (this is where StableKYC and StableKYT systems must integrate)

d(3)

Behavioral Pattern Detection

PPSIs must identify and flag suspicious behavioral patterns that indicate potential money laundering, including structuring, layering, round-tripping, and smurfing.

Patterns to detect: Structuring (multiple txns <$3K in 24h), layering (3+ hops to obscure origin), round-tripping (A→B→C→A), smurfing (coordinated small txns from multiple wallets)
Time window: Detection window depends on pattern (24h for structuring, longer for layering cycles)
Infrastructure: Chainalysis Reactor graph analysis, heuristic rule engines, vendor behavioral APIs
Obligation strength: This is the core §104(d) mandate — behavioral monitoring is mandatory, not optional

d(4)

Cross-Chain Transfer Tracking

Transfers across bridge protocols and chain hops must be tracked and monitored as a single transaction flow, not as separate on-chain events.

Example: USDC transfer via CCTP from Ethereum to Base creates two on-chain events but must be monitored as one transaction flow
Coverage: Must track across EVM chains, Solana, TRON, Bitcoin and other major blockchains
Bridge protocols: CCTP, Stargate, LayerZero, IBC, and proprietary bridge mechanisms
Infrastructure: Elliptic Navigator, TRM cross-chain module, custom bridge adapters

Suspicious Activity Reporting

§104(e): SAR Filing Requirements

e(1)

SAR Identification Threshold

A transaction must be filed as a SAR when it meets two criteria: amount >$5,000 AND presence of one or more suspicious indicators.

Threshold: Transaction amount >$5,000 (or $5K+ aggregated from same customer in 30 days)
Suspicious indicators: Sanctions flag, behavioral pattern match, mixer usage, rapid movement, chain hopping, dormant account activation
Aggregation: Multiple transactions from same customer in 30-day window can aggregate to SAR threshold
Obligation checkpoint: SAR filing is POST-SETTLEMENT obligation (not a gate)

e(2)

Filing with FinCEN

PPSIs must file SARs with FinCEN via the BSA E-Filing system within the required timeframe after transaction settlement.

Filing deadline: Within 30 calendar days of detecting the suspicious transaction (standard FinCEN SAR timeline)
System: FinCEN BSA E-Filing system (requires BSA login and Filing Agent authorization)
Data required: Transaction details, customer identity, suspected violation type, narrative description
Format: FinCEN CTR/SAR XML schema (CTRP2 for crypto transactions)

e(3)

Record Retention

PPSIs must retain SAR records and supporting documentation for 5 years from the date of filing.

Retention period: 5 years from SAR filing date (not transaction date)
Records to retain: SAR filing, transaction data, monitoring system logs, customer KYC data, analyst notes
Accessibility: Must be readily available for FinCEN examinations and regulatory queries
Infrastructure: Compliance data retention system with 5-year archive capability

e(4)

Law Enforcement Notification

For transactions involving known terrorist organizations, sanctions designees, or active law enforcement targets, PPSIs must notify relevant law enforcement agencies.

Trigger: Transaction involves OFAC-designated terrorist entity, SDN designee, or known active law enforcement investigation
Notification: Alert to FBI, Secret Service, or relevant federal agency (typically automatic via FinCEN routing)
Timing: Concurrent with or shortly after SAR filing
Infrastructure: Automated escalation workflow + LEA notification routing system

Technical Implementation

Mapping §104 Requirements to Infrastructure

Each §104 requirement has specific infrastructure dependencies. This table maps requirement → layer → vendors → current coverage.

Requirement	Infrastructure	Vendors	Layer	Type	Coverage
§104(d)(1)	Real-time transaction screening	Chainalysis KYT API, Elliptic Lens, TRM Risk API	L4	Monitor	Full
§104(d)(2)	Risk-trigger KYC re-verification	KYT→KYC callback system, StableKYC integration	L5	Integration	Partial
§104(d)(3)	Behavioral pattern detection	Chainalysis Reactor, heuristic engines, vendor APIs	L4	Monitor	Full
§104(d)(4)	Cross-chain tracking	Elliptic Navigator, TRM cross-chain module	L4	Monitor	Partial
§104(e)(1)	SAR identification ($5K + suspicious)	Threshold monitor + indicator flagging	L4	Monitor	Full
§104(e)(2)	FinCEN SAR e-filing	FinCEN BSA e-filing system integration	L5	Obligation	Full
§104(e)(3)	5-year SAR record retention	Compliance data archive system	L5	Obligation	Partial
§104(e)(4)	Law enforcement notification	Automated escalation workflow	L5	Obligation	Partial

Compliance Calendar

Key Dates & Milestones

July 18, 2025

GENIUS Act Signed

S.394 becomes law. §104(d)/(e) obligations officially enacted.

January 2026

Rulemaking Period Opens

OCC and FinCEN release guidance on §104(d) monitoring and §104(e) SAR filing specifics. Initial NPRM comments due.

May 1, 2026

OCC PPSI NPRM Comments Due

Industry comments due on OCC's proposed PPSI designation framework, which includes §104 compliance requirements.

July 2026

Full §104 Compliance Deadline

All PPSIs must have §104(d) monitoring and §104(e) SAR filing systems fully operational and compliant. 12-month period from signature.

Ongoing

Continuous Monitoring Obligation

§104(d) real-time monitoring requirement has no end date. PPSIs must maintain §104 compliance indefinitely.

Explore the GENIUS Act Framework

StableKYC (§104(a)–(c))

CIP requirements for Permitted Payment Stablecoin Issuers. The KYC foundation that enables KYT monitoring.

Learn more →

Suspicious Transaction Patterns

Detailed pattern typologies that §104(d)(3) requires PPSIs to detect. Structuring, layering, round-tripping, and more.

Explore patterns →

StableKYT Home

Live POC demos, KYT stack architecture, and the complete monitoring landscape overview.

Return home →

PPSI Designation & Regulatory Framework

The OCC PPSI regime and how §104 KYT/SAR obligations fit into the broader stablecoin charter.

Compliance Mapper POC

Interactive tool to map vendor capabilities to §104(d) and §104(e) requirements. See which solutions cover which obligations.

Launch tool →