On March 11, Senior Fellow Carole House testified to the House Committee on Financial Services at a hearing titled, “Examining a Federal Framework for Payment Stablecoins and Consequences of a US Central Bank Digital Currency.“ Below are her prepared remarks.

Thank you Chairman Hill, Ranking Member Waters, and distinguished members of the committee, for holding this hearing and the honor of the invitation to testify on the digital payments ecosystem. I applaud your leadership in convening the committee on this important issue and continuing the years-long efforts of this committee across several Congresses to evaluate and build legislation for a stablecoin regulatory framework. I hope my testimony will be helpful in considering some of the most important aspects of frameworks needed to drive innovation in a secure, competitive, safe, and sound digital payments ecosystem that reinforces national security interests, defends consumers, and preserves personal liberty.

I have spent my career working at the intersection of national, economic, and technological security. I have had the honor of serving three tours in the White House, including recently departing from my second stint at the National Security Council leading various policy efforts on cybersecurity, emerging technology, and digital assets, to include the US Counter-Ransomware Strategy and the previous administration’s Executive Order on Ensuring Responsible Development of Digital Assets. I previously led digital asset policy initiatives at the US anti-money laundering and countering financing of terrorism (AML/CFT) regulator, the Financial Crimes Enforcement Network (FinCEN) and have served on advisory boards for the US Commodity Futures Trading Commission, the Idaho Department of Finance, and the New York Department of Financial Services (NYDFS). Through my ongoing work as a senior fellow at the Atlantic Council GeoEconomics Center and previous work as a consultant and executive at a venture capital firm, I have advised companies, academia, and policymakers in support of strategy, policy, standards, and product development ranging across areas like cybersecurity, AML/CFT, digital assets, and artificial intelligence and machine learning. The views I share are my own and do not reflect the views of the Atlantic Council.

The most important message I can underscore to this committee is the criticality of ensuring our regulatory frameworks create a foundation for providing trustworthy and affordable access to financial services for consumers while also reinforcing the centrality of the United States in the financial system and as the home for responsible, cutting-edge innovation in emerging technologies and payments. That includes the critical need for timely progress on a comprehensive stablecoin framework that supports these objectives, as well as driving broader experimentation and competitiveness in digital payments. Just as important, any framework demands more than just policy that is clear, strong, and comprehensive, but also that is implemented and enforced timely and scoped to shape the sector.

While timely progress is critical, these frameworks must be deliberate, thoughtful, and comprehensive of the real and present risks, as well as opportunities, that we have observed in the digital asset ecosystem and broader financial system. In the wake of serious national security threats like billion-dollar hacks by rogue nations, growing integration of cryptocurrency as a tool for transnational organized crime, market manipulation and fraud that can threaten system integrity and stability, as well as pressure from adversarial nations seeking to develop and leverage alternative payment systems to weaken and circumvent the dollar, it is clear that strong safeguards, including for US competitiveness, are needed. This framework also demands we ensure policy and enforcement approaches both domestically and internationally create a level playing field for US firms—often the most compliant firms in the world—to be able to compete fairly. Otherwise, the foundation we build these systems on risks faltering, with the potential to not only reap significant harms but also prevent us from harnessing the greatest positive potential that is possible from a secure and innovative digital payments ecosystem.

Background: Exigency for competition, security, and liberty

Stablecoin features, uses, benefits, and risks

Stablecoins, a class of cryptoassets that maintain a stable value in relation to another asset, most predominantly fiat currencies, hold potential to help drive needed innovations in our digital payments ecosystem. Stablecoins with proper protections can help improve efficiency in delivery of financial products and services, promoting greater transparency for monitoring of various risks in financial services, enhancing resiliency within the financial system, dismantling barriers to financial access and inclusion, and promoting innovation and competition that can strengthen US markets and leadership. With the current stablecoin market cap sitting at over $227 billion, use cases are growing across areas like dollar settlement for financial services firms, cross-border remittances, relief efforts like to Ukrainian refugees, and even for inflation hedges in places like Venezuela. However, stablecoins are largely still used as settlement in trading activity on cryptocurrency platforms—wide adoption in exchange for goods and services is not yet a reality, though it’s possible that a clear regulatory framework to enable greater trust and accountability may facilitate higher adoption.

Most of the core features for any cryptocurrencies apply to stablecoins—including their ability to transfer significant value peer-to-peer (i.e., from user to user without the need for a typical custodial role of a third-party financial intermediary), pseudonymously, immutably (or irreversibly), with global reach, with increased speed and cost efficiencies—though we must note that these are all features that are attractive to both licit and illicit actors. Challenges in mitigating risks in cryptocurrency are especially driven by by lagging AML/CFT compliance as well as broader prudential standards across the sector internationally, reinforced by the absence or reduction of financial institution intermediaries and central points of control in more highly decentralized cryptocurrency systems that can obscure clear lines of responsibility and accountability within cryptocurrency ecosystems. While stablecoins are used across more decentralized networks, in most cases stablecoins generally at least central administrators and issuers that can ease establishing lines of responsibility.

Where there is an absence of clear responsible parties, compounded by the immutability or unchangeability of cryptocurrency ledgers, it can be extremely challenging to provide mechanisms for victim recourse as well as timely adaptation to take measures to stop movement of illicit funds or patch security vulnerabilities in networks and smart contracts. However, in contrast to SWIFT, FedWIRE, and cash movements that do not publish transactions to public ledgers, on-chain stablecoin transactions include a lot of public transparency that can be beneficial to market surveillance and crypto investigations. Though ultimately the benefits presented by this transparency can be difficult to leverage with earlier-mentioned challenges with compliance, acceptance of accountability, and expertise across both public and private stakeholders.

Risks that can be presented by stablecoins without proper controls in place generally reflect the same kinds of risks that can exist in traditional finance (or “tradfi”). For example, fraud, market manipulations, and conflicts of interest across stablecoin leaders or public officials can present risks to investors and consumers. Pump-and-dump schemes and front-running capabilities enabled through maximal extractable value (MEV) schemes can endanger market integrity, and complex interconnections, concentration risks, and hardwired procyclicality in stablecoin or any other decentralized finance (“defi”) systems can present risks to financial system stability. Failures like that of Synapse Financial Technologies and of stablecoin Terra underscored the consequences of insufficient oversight of regtech and stablecoin platforms, and the devastating consequences to consumers without access or ability to recover some or all of their funds.

The risks to national security on getting the stablecoin framework wrong—either by being too lax on controls or by overly restricting companies and driving innovation offshore—are also important to evaluate. If stablecoins present the greatest potential for at-scale adoption for cross-border payments in cryptocurrency, then national security concerns of losing sanctions and AML/CFT tool efficacy can present in several ways: either from failing to drive US stablecoin competitiveness compared to other national currency denominated stablecoins or payment systems; or risks that could present from stablecoins and other defi diminishing reliance or need for US correspondent banking relationships in foreign exchange (FX) transactions or other cross-border funds flows.

The need for a framework

The United States does not yet have a comprehensive framework for regulation of stablecoins. Instead, existing authorities are fragmented at the federal level largely only via AML/CFT regulation and then across certain states like New York that cover stablecoins. In the absence of leveraging existing bank and trust charter authorities; using Dodd-Frank payment, clearing, and settlement activity designation authorities; setting up a Federal payments charter; or taking any other action to create a framework, the United States lags behind many other jurisdictions like the European Union, Singapore, Japan, and the United Arab Emirates that have established requirements and most importantly clear pathways to registration and supervision for stablecoins operating within their jurisdictions.

The United States must prioritize establishing a stablecoin framework during this Congress. Similar in many functions and operations to more traditional financial assets, stablecoins and associated deposit and payments activities are things that we understand how to regulate and protect. This framework is achievable, able to build on years of bipartisan efforts working across the aisle to construct a truly comprehensive approach. With Congress and the administration positioned to prioritize this legislation, we are at a critical juncture to get a law passed in 2025.

We need strong prudential and consumer protection regulations to ensure that stablecoins are truly “stable,” allowing any user to trust in its value and avoid losses from the issuer’s default or illiquidity. In this way, a clear regulatory framework that fosters trust can actually help set conditions that could help drive broader adoption and competition. We also need to have strong AML/CFT protections in place for stablecoin ecosystems. These different regimes do not operate in silos, but instead mutually reinforce each other and address vulnerabilities that are being exploited by illicit actors targeting the cryptocurrency sector. For example, in the case of Democratic People’s Republic of Korea (DPRK) hacks of cryptocurrency platforms, like the recent $1.5 billion Bybit hack, are exploiting both cybersecurity weaknesses and vulnerabilities as well as AML/CFT deficiencies in their crypto heists and subsequent laundering activities. In crypto heists, stablecoins have been targets as well as laundering tools exploited by hackers. Only through a comprehensive framework can we ensure that measures across the spectrum of areas like cybersecurity and AML/CFT are holistically addressed in these important ecosystems.

Though also important to note, especially in light of recent changes in enforcement posture—beyond just creating the policy framework, the government and industry must work to apply and enforce the framework. A policy that is not enforced or implemented does nothing to benefit consumers nor US firms with stronger compliance programs that have been operating at higher costs and less competitive advantages than many foreign operating firms.

Proposed stablecoin legislation:Ensuring sufficient protections

There has been a great amount of attention paid to stablecoin legislation in recent years with various stablecoin bills introduced, including the McHenry-Waters bill and Lummis-Gillibrand Payment Stablecoin Act developed last Congress, as well as the STABLE Act and GENIUS Act introduced so far this Congress.

I am very glad to see the level of support within Congress for elevating stablecoin legislation to a priority this year, something I spoke to as essential in my testimony to the Subcommittee on Digital Assets, Financial Technology, and Inclusion last year. I am also pleased to see many elements included in the STABLE Act referenced for this hearing that I support, such as high-quality reserves on at least a 1:1 basis, envisioned roles for both state and Federal regulators, and restrictions on rehypothecating reserve assets as well as stablecoin issuer activities. However, the STABLE Act appears to walk back a lot of the hard work done for years across the aisle to develop the negotiated text between then Chair McHenry and Ranking Member Waters in 2024. It is unclear why some of those critical protections, especially the prudential framework and clear AML/CFT and sanctions applicability to US dollar-denominated stablecoin activity, are absent in the STABLE Act and the GENIUS Act or if the associated risks are otherwise being addressed.

Here I outline some areas for the Committee’s consideration in hopes that the legislation for stablecoins issued this year can be truly comprehensive:

• Ensuring federal line-of-sight for supervision on issues of systemic importance: The STABLE Act, in some ways similar to the existing banking regime, provides for both federal and state authorities to charter stablecoin issuers. However, the STABLE Act does not include any coordination between the federal and state regulators. Rather, the current draft permits a system where a trillion-dollar nonbank stablecoin issuer, engaging in globally reaching payments activity that would typically place an institution under the oversight of federal authorities, without any sufficient line of sight by the Federal Reserve of activities and risks that rise to systemic importance. Unclearly defined “exigent” circumstances, especially in the way of Loper-Bright, as the only context for certain additional regulatory authorities severely restrict a regulator’s ability to monitor for and intervene to mitigate risks for assets that operate 24/7 around the world and with no concerns for borders.

I agree with many others who have testified before you all that state authorities provide an important chartering and oversight capability, including agility and expertise that can help scale appropriate supervision. State regulators with strong prudential, AML/CFT, and consumer protection frameworks are critical partners on the front lines of regulating the cryptocurrency industry, and I am sympathetic to the desire to preserve the states’ regulatory authorities. Though, it stands to reason that when these issuers are operating systems, especially large platforms, that are administering a substitute for the US dollar in international payments, some federal regulator—like the Federal Reserve Board, with its responsibility for monetary policy and financial stability, or the Office of the Comptroller of the Currency (OCC) with its chartering and supervision authority—should have the ability to monitor for their critical risks and have a say in the standards that stablecoin issuers need to meet, at a minimum when they are of a large enough size. The STABLE Act, as it currently stands, raises serious questions around the ability of federal authorities to have visibility of and ability to respond timely to moments of financial crisis and address systemic risks that may arise.

• Scope of risk coverage and enforcement regime: The STABLE Act references risks to mitigate around operational and cybersecurity risks, but otherwise is severely lacking in reference to credit risk, market risk, concentration risk, and even limitations on additional management of capital and liquidity risk beyond the 1:1 reserve collateralization requirement. There is no clear articulation of responsibility for rules or implementation of requirements under privacy regimes like Gramm-Leach-Bliley Act or the AML/CFT framework of the Bank Secrecy Act (e.g., if Treasury/FinCEN would have sole AML/CFT rulemaking authority for payment stablecoin issuers or if they would be issued jointly). Additionally, the enforcement framework is unclear, with no references to specific penalties or enforcement provisions, including no clarity on extraterritorial operations of US dollar-denominated stablecoins.
  
• Affiliate controls and application of the Bank Holding Company Act and Bank Services Company Act: The STABLE Act does not address affiliate relationships and restrictions for nonbank payment stablecoin issuers to preserve separation of activities like banking and commerce. In this new bill, it is unclear to what extent controls like from the Bank Holding Company Act as well as authorities for oversight and delegation of functions as delineated under the Bank Services Company Act apply to payment stablecoin issuers.
  
• AML/CFT and sanctions: While the STABLE Act and GENIUS Act delineate that payment stablecoin issuers are financial institutions under the Bank Secrecy Act, it is not clear (especially to the degree needed in the wake of Loper-Bright) to what degree rulemaking can cover different parts of stablecoin ecosystems and which agency would be responsible for the rulemaking and oversight. Stablecoins have been exploited by illicit actors ranging from cartels to sanctions evaders to terrorism financiers, especially leveraging the absence of sufficient compliance across international operations and defi platforms. The United States Treasury has underscored the benefit for Congress to clarify that any US-dollar denominated stablecoin must comply with US sanctions policy, including extraterritorial applicability, and also make clear the expectation to maintain and assert freeze and recovery capability for illicit proceeds across the stablecoin. We should not find it acceptable for a US dollar stablecoin to be leveraged in transactions to designated actors and jurisdictions that present threats to US national security.

While unlikely in this round of legislation, Congress should start solidifying its views and drafting legislation to expand the regulatory perimeter to help mitigate risks across more decentralized applications of the assets. Expanding such a perimeter would generally involve considering what other entities would be of greatest utility to cover due to visibility and control of the assets, and ensuring that a risk-based approach properly scopes the obligations and does so in full understanding of what is technologically and operationally possible. While there are many differing views on how to approach defi controls, it is encouraging to see that within the defi community there are actors who are trying to implement responsible innovative fixes, even if they are not yet successful, as we saw recently in the unsuccessful attempt by several THORChain developers to try to stop DPRK money laundering on their platform.

• Bankruptcy and resolution measures: Bankruptcy protections are one of the last lines of defense for fostering consumer trust in a product—building comfort for the customer that they will be able to get access to or redeem their assets held by the platform or issuer at any time on demand. The US Bankruptcy code, if applied to stablecoins in the wake of a failure, could be disastrous for token holders who would be treated equivalently to all other unsecured creditors. The McHenry-Waters bill outlined a potential alternative resolution process to help expedite recovery of assets for token holders that could work across federal and state levels and provide critical recourse for consumers.
  
• Fed master accounts and broader payments framework: There is no reference in the STABLE Act or GENIUS Act to the authority of the Federal Reserve to grant access for stablecoin issuers to a master account, something that likely will continue to be sought especially as stablecoins get more regulated and attain higher assurance of their safety and soundness. With this legislation aiming to serve as the comprehensive construct of guardrails and authorities to enable innovation and protect payments, it should include provisions like this to ensure the capability exists with the Federal Reserve for any issuer it deems to be appropriate to grant access.
  

More broadly, stablecoin legislation would optimally be pursued as part of a holistic approach to regulation and supervision of all payments platforms, which are growing enough in complexity and adoption. Many of the risks for stablecoins are similar to those for broader payments, and given the desire to ensure critical protections for consumers regardless of the denomination of their asset or which app they happen to be using, Congress should keep an eye toward how to evolve regulatory frameworks to capture any of these activities regardless on if it is blockchain-based or not.

Again, I applaud the committee’s work on this issue and the continued leadership on these issues by key leaders like Chair Hill and Ranking Member Waster. I encourage the Committee to consider working from the previously negotiated McHenry-Waters bill, which includes bipartisan-vetted provisions that address many of the outstanding issues for the desired comprehensive stablecoin framework. I hope that my views on key missing elements will be helpful to the Committee in its thoughtful efforts to build out and implement a competitive, comprehensive stablecoin framework that addresses risks while promoting responsible innovation.

Proposed CBDC legislation: Privacy as paramount in retail CBDC

The new proposed CBDC Anti-Surveillance State Act bans CBDC experimentation. Innovations in digital payments and across digital forms of both public and private money can also take many forms—whether wholesale or retail CBDCs, stablecoins, tokenized deposits, digital payment applications, etc.—each of which carry a spectrum of diverse implementations and associated risks. Ultimately, it is likely that a mix of modernizations of public and privately-administered rails, such as with the current financial system, will be needed to achieve a future of vision like global instantaneous reach and accessibility of the dollar.

This legislation is pointed specifically at addressing concerns around privacy specific to CBDCs, which is a greater point of concern around retail CBDC implementations rather than wholesale payments that are not associated with specific consumers and related sensitive personal data. The bill proposes to address the privacy concerns by banning even experimentation to even assess if there are technological and governance implementations that could achieve desired privacy outcomes, whether in the US or even just for templates that partner nations could implement. The bill also does not address privacy issues presented by private cryptocurrencies, such as privacy concerns exacerbated by public unobscured records of financial transactions and challenged cybersecurity practices across the sector.

An apparent improvement on this bill from earlier versions appears to be amending the prohibition to only retail CBDCs. Concerns around privacy for a retail CBDC are understandable and very important, especially in the United States given sentiments of Americans around making information available to the government and even challenges that have existed in trying to adopt digital identity infrastructure. Many feel that given such concerns in the United States, focus on wholesale CBDCs as an initial area for innovation in cross-border settlement could be ripe for nearer-term exploration.

The kinds of building blocks that could enable privacy preservation and security in technologies like CBDCs—innovative technologies like digital identity infrastructure and privacy enhancing technologies like homomorphic encryption, multiparty computation, and zero-knowledge proofs—are also building blocks that can enable privacy and security in private cryptocurrency implementations as well. Even if specific development of a US retail CBDC is not likely, broader research and development and experimentation across the more nascent and underlying technologies and components can be helpful to identify mechanisms to achieve desired objectives across a variety of future forms of public and private money innovations.

This bill could further exacerbate a growing gap for the United States in digital payments innovation, as over one hundred countries representing 98 percent of global GDP continue to explore CBDCs and conduct cross-border pilots. The United States remains the only member of the G20 to not be in advanced stages of CBDC exploration. CBDC experimentation is at the heart of significant research and development across the international community trying to shape what the future of the financial system looks like, experimentation that without a major US leadership presence is in some ways both a symptom and a driver towards interest of potential rails less reliant on the dollar, and something in which we cannot idly forsake leadership.

In the interests of safeguarding capabilities for experimentation and ensuring that the United States remains at the forefront of digital payments innovation, I outline here some areas for consideration for this proposed anti-CBDC legislation:

• Narrowing the prohibition to retail CBDCs: Recent updates to the proposed CBDC Anti-Surveillance State Act appears to narrow the prohibition of research and development, testing, or issuance to retail CBDCs only with the addition of the feature “widely available to the general public” into the definition of CBDC. If that is the intent, this avoids several significant challenges presented by the previous House-passed version of the bill, as well as that referenced in the recent executive order prohibition, that even the Congressional Budget Office (CBO) noted included such broad definitions that it was unclear if they could be interpreted to ban existing digital forms of central bank reserves and impact the ability to conduct monetary policy. However, if this bill is aimed at prohibiting wholesale digital payments innovation, or other forms of digital payments innovations like tiered or intermediated innovations like in certain implementations of stablecoins or tokenized deposits, additional concerns would remain related to stifling the ability to modernize the US financial system.
  
• Legal necessity unclear: The necessity of this legislation to prohibit any experimentation and research and development in CBDCs appears unnecessary if the ultimate concern is to ensure against the issuance of a retail CBDC without Congressional approval. The Federal Reserve already published its own analysis highlighting that the Federal Reserve Act does not authorize direct Federal Reserve accounts for individuals. Both the Fed and Treasury have also voiced that they would only move forward with issuance of a CBDC with clear support from both Congress and the executive branch. With Congressional approval already assessed as a precondition to issuance of at least retail CBDCs, and supported as necessary by the lead executive authorities, this prohibition appears unnecessary to achieve the policy outcome when Congress could just withhold authorization. If the refocus of this updated proposed legislation is only prohibiting retail CBDCs, research and development as well as operations to optimize and conduct of digital wholesale payments and settlement activities by central banks would hopefully not affected by this legislation as the Congressional Budget Office assessed could have been impacted by previously proposed versions.
  
• Adjusting framing: The US government fully supports privacy in any democratic CBDC: This bill’s title and corresponding messaging unfortunately present an inaccurate picture that CBDCs must inherently intimate an authoritarian “surveillance state.” CBDCs do not have to mean “Big Brother” just as cryptocurrencies do not have to mean anarchy. The implications for privacy are vastly different for wholesale versus retail CBDCs. Just as with privately administered cryptocurrencies, inherent features like privacy and discoverability are completely dependent upon the specific design of the systems. The Federal Reserve, the US Treasury and prior Administrations have been extremely consistent in messaging, including alongside the G7, that “rigorous standards of privacy” and accountability for that privacy are critical for any retail CBDC implementation. The CBDC discussion warrants nuance, just as the cryptocurrency discussion does.
  
• Refocusing on impactful privacy measures: Rather than this legislation barring pilots and experimentation of implementations and building blocks to preserve privacy for some future possible CBDCs likely at least a decade away (research that could also help provide building blocks for other digital assets like stablecoins), Congressional action could instead pivot to focus on long-existing challenges presented by the absence of comprehensive consumer data privacy legislation. Especially given the low likelihood and far-off reality of cross-US government and public interest in a US retail CBDC (which the Federal Reserve, US Treasury, and potentially Congress have all agreed would require Congressional approval to issue if there ever were such an interest), Congressional focus on privacy legislation would be a more impactful area for focus.
  
• Needed clarity on the protections meant for private stablecoins: It is unclear exactly what protections are being offered under section 4, which defends from prohibition only “any dollar-denominated currency that is open, permissionless, and private, and fully preserves the privacy protections of United States coins and physical currency.” This is oddly framed and could place significant prohibitions on industry cryptocurrency implementations, if this intimates that there are intended to be restrictions here placed on certain industry cryptocurrency implementation, such as private stablecoins that aim to get a master account with the Federal Reserve. It is unclear if this intimates that permissioned stablecoin implementations may be barred from direct or indirect relationship with the Fed. It is also unclear what fully preserved privacy protections means in this context, given that the privacy features of cash (e.g., can move value without a third party, is not posted to any ledgers) do not exactly equate to the privacy features of any existent cryptocurrency (e.g., value movements generally require certain types of third parties—even if unregulated intermediaries—such as miners and validators, and transactions post on public ledgers). It would be important to clarify which privacy features of cash they desire, or what the specific balance of discoverability versus obfuscation is desired in the cryptocurrency system, as part of broader clarity on what this section is intended to achieve.

In closing, I would like to again underscore my gratitude for the honor of the opportunity to speak with you all today. It is critical that the United States make timely progress on establishing and implementing a comprehensive stablecoin regulatory framework that leverages years of effort on defining critical holistic protections that also reinforce the central role in the financial system and as a leader in technological innovation.

Thank you.

Fellow

Carole House

Nonresident Senior Fellow

GeoEconomics Center

Cybersecurity Digital Currencies

At the intersection of economics, finance, and foreign policy, the GeoEconomics Center is a translation hub with the goal of helping shape a better global economic future.

Learn more

Further reading

Wed, Feb 12, 2025

Central bank digital currencies versus stablecoins: Divergent EU and US perspectives

Econographics By Barbara C. Matthews, Hung Tran

All policymakers agree on one point: both CBDCs and stablecoins will significantly impact the global role of the US dollar.

Digital Currencies Digital Policy

Thu, Jan 23, 2025

What is next for crypto regulation in the US?

Econographics By Ananya Kumar

What does success on the regulatory front actually look like? What does it mean for the rest of the world? We dive into the dozen bills under consideration in Congress and zoom in on the three big themes for crypto regulation in 2025.

Digital Currencies Digital Policy

Tue, May 21, 2024

Don’t let the US become the only country to ban CBDCs

New Atlanticist By Josh Lipsky, Ananya Kumar

The Federal Reserve should be allowed to continue its exploration and work with US commercial banks and countries around the world to build safe global standards and faster payments.

Digital Currencies Economy & Business

Image: A view of the west facade of the United States Capitol in Washington DC. The cherry blossoms are in full bloom under a blue sky with swirling white clouds.