The machine money has to show ID now.

Last week the headline was agents paying agents on machine rails that settle in cards, bank transfers, or stablecoins. This week the layer underneath one of those rails got a rulebook. US regulators proposed that the firms issuing stablecoins have to know who is on the other end of the account, to the same standard a bank does. That is a quieter announcement than a new payment protocol, and it matters more for anyone planning to let agents move money in tokens.

The rule that landed

On 18 June, five agencies issued a joint proposal requiring permitted payment stablecoin issuers to run a customer identification programme. FinCEN, the OCC, the Federal Reserve, the FDIC, and the NCUA put it out together, implementing the anti-money-laundering provisions written into the GENIUS Act [1]. The mechanics are familiar to anyone who has onboarded a bank customer. Before opening an account, an issuer would have to collect a legal name, a date of birth or formation, a physical address, and a government-issued identification number [2]. These are the same obligations that banks, broker-dealers, and futures merchants have worked under for more than two decades [3].

The scope line they drew

The interesting part is where they stopped. The agencies limited the know-your-customer duty to direct-to-consumer issuance and declined to impose a wider customer due diligence requirement on the whole chain, saying a global version would not be workable in practice [4]. That is a real choice, not a drafting accident. It puts the identity check at the point where a token is first sold to a person and leaves the downstream hops to other controls. Comments are open until 21 August [5].

Where it sits on the calendar

This is one more brick in a rulebook that is still being built. The GENIUS Act was signed in July 2025, and final regulations under it are due by 18 July 2026 [6]. So a comment window that closes on 21 August sits after that statutory deadline, which tells you the framework is going to keep moving in pieces rather than arriving finished. If you are designing anything that depends on stablecoin settlement, you are building against a target that is still being drawn.

Read from the rails

Put this next to last week's machine-rails news and the shape gets clearer. The networks spent June showing how an agent could pay for an API call or a compute slice in fractions of a cent, settling in stablecoins among other rails. This rule is about who the dollars belong to before that ever starts. Identity sits at the issuance gate, the agent activity happens far downstream, and the proposal deliberately does not try to follow every hop. For an agentic build that means the clean identity is established once, at the human, and everything the agent does has to trace back to that single binding.

That is the part I would design for now. An agent does not have its own legal name or date of birth, so the question is not whether the machine passes KYC, it is whether every payment it makes can be tied back to the person who was verified at the door. Ten years moving regulated payments taught me that the identity record and the transaction record have to reconcile, or the first audit finds the gap. The networks have shown the spending. The proof of who authorised it, surviving from onboarding all the way into a dispute months later, is the harder build, and it is the one the rulemaking is quietly pointing at.

An agent has no legal name to verify. The real control is whether every payment it makes traces back to the person who passed identity at the door, and whether that link still holds when someone asks months later.