On May 28, 2026, Consensys submitted a formal comment to the Financial Crimes Enforcement Network (FinCEN) regarding proposed updates to anti-money laundering and countering the financing of terrorism (AML/CFT) program rules for US financial institutions. This submission highlights the importance of these changes for the blockchain and cryptocurrency industry, including stablecoin issuers, regulated on-ramps, crypto broker-dealers, and banks supporting digital asset businesses.
The core Customer Identification Program (CIP) rule, which governs how banks and regulated entities verify customer identities when opening accounts, has remained largely unchanged since 2003.
This outdated framework directly affects crypto services. Rigid requirements create unnecessary friction for users and institutions in the digital asset space.
Updating the rule could reduce burdens while better addressing contemporary risks, benefiting both established and emerging crypto operations.
Consensys outlined six key observations in its letter in response to the AML/CFT Program Reform Notice of Proposed Rulemaking (NPRM).First, reform is long overdue.
Traditional personally identifiable information—such as Social Security numbers, birth dates, and residential addresses—has been compromised through countless data breaches, making it readily available on underground markets.
Relying on customers to provide this static data offers little real assurance today. Compounding the issue, generative AI tools can now generate highly realistic forged identity documents and biometric data at minimal cost.
Current US remote onboarding systems often check against information that bad actors already possess, rendering document scans vulnerable to sophisticated manipulation.
Second, superior technological solutions are readily available.
Cryptographically secure digital credentials, such as mobile driver’s licenses compliant with ISO/IEC 18013-5 standards, Verifiable Credentials based on W3C specifications, and zero-knowledge proofs, empower individuals to control and selectively share only the necessary attributes.
These methods avoid dumping raw personal data into vulnerable central databases prone to future breaches.
Relevant standards have matured significantly, with NIST advancing reference implementations.
The primary obstacle remains achieving full regulatory acceptance and integration.
Third, the U.S. Treasury Department possesses sufficient existing authority to drive meaningful progress without requiring an exhaustive legislative overhaul.
Tools include the Secretary’s exemptive powers under relevant statutes, FinCEN’s ability to issue interpretive guidance, and collaborative oversight with federal banking regulators.
FinCEN has demonstrated agility by issuing a CIP Taxpayer Identification Number (TIN) exemption order in June 2025.
Fourth, the push for modernization has (for the most part) fairly broad support and is far from radical. Stakeholders including FDIC Acting Chairman Travis Hill, the American Fintech Council, The Clearing House, the Bank Secrecy Act Advisory Group, Treasury’s 2023 De-Risking Strategy, and the Financial Action Task Force (FATF) have reached similar conclusions. Banking, fintech, regulators, and global standard-setters recognize that the existing system fails to align with today’s threat landscape and available innovations.
Fifth, any new framework must prioritize protections against overreach and surveillance.
Lessons from debates over a potential US central bank digital currency should inform digital identity systems: emphasize user-controlled credentials, selective disclosure, verification without unnecessary data sharing or “phone-home” tracking, avoidance of centralized identity repositories, and safeguards preventing the misuse of public data to exclude lawful activities based on political views.
According to insights shared by ConsenSys, these principles are essential for maintaining public trust.
Finally, the United States trails many of its global peers. Major jurisdictions like the UK, EU member states, Singapore, Canada, as well as Australia have implemented more flexible third-party reliance models.
US based consumers, including crypto participants, bear the resulting costs through higher friction, redundant data collection, and reduced market competition. The dialogue now appears to be headed in a seemingly positive direction. Consensys is also urging FinCEN to pursue a more phased approach leveraging current authorities for timely, balanced modernization that strengthens security while fostering responsible innovation in the blockchain and crypto sector.