Stablecoins stopped being a crypto story and became a payments story. If you are building settlement infrastructure in 2026, you are building it under two regimes at once: the GENIUS Act in the US and MiCA in the EU. They disagree on structure. They agree on one thing — compliance has to live in the rail, not in a PDF.
The volume is real, and it is B2B
Strip out trading and bot transfers and the numbers still hold up. Real stablecoin payment volume reached roughly $390 billion in 2025 — more than double 2024 — with B2B payments accounting for about $226 billion of it, per BCG's January 2026 white paper. B2B flows grew from under $100 million a month in early 2023 to over $6 billion a month by mid-2025.
The buyers are treasurers and payment ops teams, not traders. They want T+0 settlement on cross-border invoices without a correspondent banking chain taking three days and 40 basis points. That demand does not care which side of the Atlantic it originates on. Your architecture has to satisfy both regulators anyway.
GENIUS Act: what builders actually need to know
The GENIUS Act was signed in July 2025. As of spring 2026, the OCC, FDIC, NCUA, Treasury, FinCEN, and OFAC have all published proposed implementing rules, with the OCC's notice of proposed rulemaking and the FDIC's parallel proposal setting the tone. The Act takes effect at the earlier of 18 months after enactment or 120 days after final rules land — meaning the window to build compliant GENIUS Act stablecoin infrastructure is now, not after finalization.
For engineering teams, the essentials reduce to five constraints:
- Permitted issuers only. Payment stablecoins may only be issued by federally or state-qualified issuers. If your rail moves a stablecoin, you need to know its issuer's status programmatically, not contractually.
- 1:1 reserves, monthly attestation. Reserve composition is restricted to cash, T-bills, and equivalents. Attestation reports become a data feed your platform should ingest, not a document someone files.
- BSA obligations. Issuers are treated as financial institutions. Sanctions screening and suspicious-activity detection are table stakes on every transfer.
- Freeze and seize capability. Issuers must be technically able to comply with lawful orders. Your smart-contract and custody design has to support this without breaking settlement finality for everyone else.
- No yield to holders. Interest-bearing stablecoins are out of scope. Treasury products that wrapped yield into the coin itself need re-architecting.
MiCA: CASP, EMT, and the passport
MiCA has been fully applicable since the end of 2024, so the EU is already in enforcement mode while the US is still in rulemaking. Three concepts matter for builders:
- EMT classification. Fiat-referenced stablecoins are e-money tokens. Only credit institutions and licensed e-money institutions can issue them, with redemption at par as a legal right. A MiCA compliant stablecoin is, structurally, regulated e-money on a ledger.
- CASP authorization. If you custody, exchange, or transfer crypto-assets for clients, you are a crypto-asset service provider and need authorization from a national competent authority.
- Passporting. One CASP license grants access to all 27 member states. This is MiCA's genuine advantage over the US state-by-state patchwork — but it comes with GDPR, DORA operational-resilience requirements, and in many cases data-residency expectations layered on top.
The honest trade-off: MiCA gives you regulatory certainty today at the cost of heavier upfront licensing. GENIUS gives you a larger single market with rules still settling. If your clients are on both sides — ours are — you do not get to choose.
One architecture that satisfies both
We have found the dual-regime problem collapses if you stop treating compliance as a bolt-on and make it a construction constraint. The pattern:
- A policy engine in the transfer path. Every transfer passes attribution, sanctions, and issuer-status checks before settlement, not in a batch job after. Jurisdiction-specific rules are configuration, not forks of the codebase.
- Attestation as infrastructure. Reserve attestations, issuer licenses, and CASP registrations are ingested as signed data and checked at runtime. A counterparty whose status lapses gets gated automatically.
- Auditable decision traces. Every allow, block, and freeze decision carries a trace a regulator can replay. This satisfies GENIUS lawful-order requirements and MiCA/DORA audit expectations from the same log.
- Permissioned trust boundaries. Banks, fintechs, and licensed VASPs operate inside one boundary with known identities, which makes the Travel Rule and attribution tractable instead of aspirational.
This is the pattern behind Bridge Intelligence, a payment rail for tokenized assets on a permissioned DLT that we built jointly and that is live in production today — compliance-by-construction, with attribution and sanctions hooks on every transfer, serving an emerging-markets corridor. It is also the design philosophy behind our tokenization rails service.
The unglamorous bottleneck: treasury and ERP integration
Most stablecoin projects do not die on the chain. They die at the ERP boundary. Finance teams need stablecoin payment rails that reconcile into NetSuite or SAP, produce clean FX and mark-to-market entries, and survive an audit. That means idempotent payment APIs, deterministic reconciliation keys, and treating on-chain settlement events as first-class ledger entries rather than screenshots someone re-keys. Budget as much engineering for this layer as for the rail itself. Teams that skip it ship a demo, not a payment system.
Node infrastructure and sovereignty
A payment rail is only as reliable as its view of the chain. Public RPC endpoints rate-limit you at exactly the wrong moment, and for EU-regulated clients, routing transaction data through third-country infrastructure creates a GDPR and DORA problem before it creates a latency one. We run Binari Nodes — managed Ethereum and Bitcoin RPC, both live — engineered p99-first with health-aware failover and 24/7 managed ops. For regulated clients we offer EU data-sovereignty and on-prem production options, because "the data never left the boundary" is an answer regulators accept and "our vendor's vendor is probably fine" is not.
Where this lands
Build once, comply twice. Put the policy engine in the transfer path, treat attestations as data, log every decision as evidence, and spend real engineering on the ERP seam. The regimes will keep diverging on detail; an architecture built on those four principles absorbs the divergence as configuration.
If you are scoping a stablecoin rail for the US, the EU, or both, talk to us — we reply within one business day.