The GENIUS Act Becomes Law: What Internal Auditors Need to Know

The GENIUS Act has officially been signed into law, marking a significant shift in the regulatory landscape for stablecoins. For companies operating in fintech, digital assets, custody services, and financial infrastructure, the implications are immediate and far-reaching.

This legislation creates a federal framework governing the issuance, backing, audit, and oversight of stablecoins, which are digital tokens designed to maintain a fixed value relative to the U.S. dollar. The law moves stablecoins from a loosely regulated innovation space into a regime that closely resembles traditional financial regulation.

Internal audit functions must now prepare to play a central role in ensuring compliance with these new federal standards.

Summary of Key Requirements

The GENIUS Act introduces clear and enforceable obligations for stablecoin issuers operating within the United States:

• Each stablecoin must be backed on a one-to-one basis by cash or highly liquid assets
• Monthly public disclosures of reserve holdings are mandatory
• Reserve assets must be audited annually in accordance with PCAOB standards
• Issuers are subject to Anti-Money Laundering (AML) and Know Your Customer (KYC) laws
• Any issuer holding more than $10 billion in assets will be subject to direct federal supervision
• In the event of insolvency, customer claims on reserves take priority over other creditors

These requirements effectively align stablecoin treatment with bank deposits and money market funds, setting a new bar for internal control and financial oversight.

Key Areas of Focus for Internal Audit

Internal auditors will need to quickly adapt their frameworks and activities to address the following four areas of regulatory focus:

1. Reserve Verification and Audit Preparedness

The requirement for PCAOB-standard reserve audits introduces a new level of scrutiny and accountability. Internal audit teams should:

• Validate the completeness and accuracy of monthly reserve reconciliations
• Test controls related to data accuracy and public disclosure processes
• Review and verify management assertions supporting reserve adequacy

Teams unfamiliar with PCAOB requirements should seek appropriate training or external expertise.

2. Governance and Policy Compliance

The legislation mandates the implementation and enforcement of written policies regarding eligible reserve assets, customer redemption procedures, and public transparency.

Internal audit should:

• Ensure all required policies are documented, current, and approved
• Confirm operational adherence to these policies
• Assess the clarity and accuracy of public disclosures tied to reserve holdings

Auditors must be prepared to provide concrete evidence that governance frameworks are functioning effectively.

3. AML and Sanctions Program Oversight

Stablecoin issuers are now held to the same AML and sanctions compliance standards as traditional financial institutions.

Audit responsibilities include:

• Reviewing the design and effectiveness of transaction monitoring systems
• Testing the escalation and resolution processes for suspicious activity
• Verifying that sanctions screening tools are in place and actively used

Regulators will expect programs that are not only documented but also fully operational.

4. Protection of Customer Assets

The law grants customers first priority to reserve assets if an issuer enters bankruptcy. Internal auditors must assess the issuer’s ability to meet this obligation.

Key actions include:

• Reviewing legal and operational safeguards that ensure customer asset segregation
• Evaluating custodial agreements and balance sheet treatment
• Simulating insolvency events to confirm that reserve assets are protected and readily distributable

Preparedness in this area is essential to avoid legal exposure and reputational harm.

Immediate Actions for Internal Audit Teams

Audit functions supporting stablecoin-related operations should act without delay. Recommended actions include:

• Conducting PCAOB-readiness assessments and trial audits
• Including stablecoin operations in the internal audit plan for AML, risk, and compliance
• Reviewing and documenting all relevant custody and trust arrangements
• Confirming that governance policies are both complete and consistently applied
• Performing stress tests that simulate insolvency or a sudden surge in redemption requests

These proactive steps will help organizations identify and close compliance gaps before external review begins.

Regulatory Principles Applied to Digital Assets

The GENIUS Act applies well-established financial regulatory principles to a modern asset class. Its intent is not to stifle innovation but to ensure that digital financial services meet the same standards of transparency, liquidity, and consumer protection required of more traditional sectors.

Internal audit teams do not need to be experts in blockchain technology. However, they must be ready to assess, document, and provide assurance on the control frameworks that support stablecoin issuance, redemption, and reserve management.

The law is now in force, and regulators will be evaluating compliance across the industry. Internal audit functions must take a leadership role in preparing their organizations to meet these new expectations.

The GENIUS Act has redefined the compliance landscape. Internal audit must act promptly to ensure alignment with the law and to safeguard the trust of regulators, customers, and the public.