By Chanté Eliaszadeh | July 2026
An AI agent holds a wallet, watches a price, and sends a stablecoin payment to settle a trade. No human approved the transfer. Ask the compliance question the Bank Secrecy Act now forces on every stablecoin issuer --- who is the customer? --- and the honest answer is that the rules were not written for this. The customer identification program wants a name and a date of birth. An AI agent has neither. Yet the transaction cleared, the value moved, and someone owes the recordkeeping.
This is not a gap that needs new law. United States law has accommodated non-human legal persons for two hundred years. The corporation is not a person in biology; it is a person by statutory creation, and the entire apparatus of customer identification already knows how to handle one. The answer to “who is the BSA customer behind an autonomous agent” is the same answer corporate law has given since 1819: an identified legal entity, structured by registration, accountable through named humans. Call it the wrapper thesis.
Key Takeaways
- The GENIUS Act turned stablecoin issuers into BSA financial institutions. A permitted payment stablecoin issuer now carries full customer-identification, monitoring, and sanctions obligations, and the implementing rules are taking effect.1
- Those obligations presume a person. Customer identification, customer due diligence, the travel rule, and OFAC screening each require an identifiable originator. An AI agent is not one, and no rule makes it one.2
- Corporate personhood already solves this. For two centuries the law has recognized a non-human legal person --- the corporation --- created by statute and held accountable through identified humans.3
- The wrapper is the customer. An identified legal entity that deploys the agent becomes the customer of record; the agent is the entity’s operational instrument. State and offshore vehicles to hold algorithmic actors already exist.4
- The missing piece is a deployer attestation --- a signed record binding the wrapper entity to the agent’s on-chain credentials and its scope of authority, enforced at the signing layer. It extends, not replaces, the KYA-AUTH pillar.
The GENIUS Act Turned On a Stablecoin AML Regime Built for People
The GENIUS Act, enacted in July 2025, treats a permitted payment stablecoin issuer as a financial institution for Bank Secrecy Act purposes. That designation is not a label. It carries an anti-money-laundering program, recordkeeping, suspicious-activity monitoring and reporting, the ability to block and freeze, a customer identification program, and a sanctions-compliance program.1 In April 2026, FinCEN and the Office of Foreign Assets Control jointly proposed the implementing rules.2 The statute is law; the compliance regime is now taking effect.
Read the implementing proposal for the words “artificial intelligence,” “AI agent,” or “autonomous,” and you will not find them. The rulemaking is written for issuers, custodians, and human or corporate originators.2 That silence is not neutrality. When a rule does not name a fast-growing fact pattern, the default it sets hardens into an examination expectation --- and the fact pattern here is already in production. AI agents hold wallets and move stablecoins today, on payment rails built for exactly that purpose. The regime that governs those transfers assumes a person is on at least one end.
If you issue or custody a stablecoin, the BSA obligations that attach to AI-initiated transfers are yours to design before an examiner designs them for you.
Why BSA Customer Identification Breaks When an AI Agent Is the Originator
Every customer-facing BSA rule presumes an identifiable person. The customer identification program requires a name, a date of birth for an individual, an address, and an identification number before an account opens.3 Customer due diligence requires beneficial ownership --- the natural persons who own twenty-five percent or more, or who exercise substantial control.3 The travel rule requires an identified originator and beneficiary for transmittals at or above the threshold.3 OFAC screening runs against the parties to a transaction, on strict liability, where intent is irrelevant.
An AI agent satisfies none of these on its own terms. It has no birth date, no beneficial owners, no legal capacity to be a customer. The doctrinal premise for this is not new: an AI agent is a tool, not a legal agent and not a person --- the starting point we set out in our analysis of the seven doctrines that already hold AI deployers liable.5 The uniform electronic transactions act binds the deployer for a contract an electronic agent forms, but that provision answers contract formation, not customer identification. The result is a vacuum: the agent transacts, and no customer record attaches to it, because every rule assumes one already exists somewhere else.
If your agent initiates stablecoin transfers, the BSA customer record must attach to some legal person other than the agent --- because the agent cannot be a customer under any rule on the books.
Two Centuries of Non-Human Legal Persons
The law has structured non-human legal persons since Dartmouth College v. Woodward recognized the corporation as a creature of its charter in 1819.6 A corporation is a legal fiction, created by statute and recognized across every body of law --- it holds bank accounts, signs contracts, commits torts, and asserts constitutional rights. The mechanism that makes it work is identification: statutory creation, a registered agent, named officers, and beneficial-ownership disclosure.
The analogy to an AI agent is strong, and it is worth naming where it breaks. Corporations act through humans, so agency doctrine still needs a human somewhere in the chain for authority to run. Criminal intent flows through identified decision-makers, not through the entity as such --- a corporation has no Fifth Amendment privilege, and its records are produced through a custodian who acts for it.6 Beneficial-ownership identification cannot be driven to zero; the law always wants a human at the top of the structure. Those limits are the point, not a flaw. The corporate form does not make accountability disappear. It routes accountability to identified people while letting the non-human entity be the party of record. That is exactly the trick an AI agent needs.
The infrastructure that accommodates a corporation --- statutory creation, structured identification, human accountability at the decision points --- is the template for accommodating an AI agent under the BSA.
Corporate Law Can Already Wrap an AI Agent
The move from corporate personhood to algorithmic actors is not hypothetical; scholars have mapped it for a decade, from Bayern’s zero-member LLC to Reyes’s autonomous corporate personhood.7 And the statutory vehicles already exist. Wyoming created a DAO-specific LLC in 2021 and a decentralized nonprofit vehicle after it; Tennessee, Utah, and New Hampshire have each enacted decentralized-organization statutes, with New Hampshire’s provisions taking effect in July 2025; the Marshall Islands DAO LLC and the Cayman foundation company serve the offshore market.4 Each gives an on-chain actor a legal-entity form that can register, identify beneficial owners, and become a customer.
The alternative is worse than doing nothing. When an on-chain actor operates without a wrapper, courts reach for the default categories, and the defaults are punishing. A DAO has been held to be a “person” subject to enforcement, resulting in a default judgment; token-holders in another matter were held potentially liable as general partners --- personal, joint, and several exposure --- even as that court dismissed some individual defendants at the pleading stage.8 The wrapper is not a tax-optimization nicety. For an agent that transacts, it is the difference between an entity’s limited liability and every participant’s unlimited liability.
If your AI agent operates on-chain without a wrapper entity, the default rules route liability to an unincorporated association or a general partnership. The wrapper is not optional once the agent transacts.
Mapping the Wrapper to CIP, CDD, the Travel Rule, and OFAC
Once the wrapper entity is the customer, each BSA regime resolves cleanly. The agent is the instrument; the entity bears the obligation; the record lives with the entity. The table maps the transaction to the obligation and the record.
| When your AI agent does this | The BSA obligation attaches to | The record lives in |
|---|---|---|
| Initiates a stablecoin transfer | The wrapper entity, as the customer | The entity’s customer-identification file |
| Interacts with a counterparty address | OFAC screening on the counterparty, plus ownership analysis on the entity | The entity’s sanctions-compliance program |
| Routes a transfer at or above the threshold | The travel-rule originator field, populated from entity records | The transmitting institution’s records |
| Holds funds across sessions | Beneficial-ownership and account records | The entity’s customer-due-diligence file |
For customer identification, the wrapper entity supplies the name, tax identification number, address, and formation documents that the program requires.3 For customer due diligence, beneficial ownership flows to the entity’s members or substantial-control persons; the March 2025 revision that narrowed beneficial-ownership reporting for domestic entities did not change the identification logic a financial institution runs on its own customers.9 For the travel rule, the originator is the wrapper, and the current threshold remains three thousand dollars --- a proposed reduction to two hundred fifty dollars for cross-border transfers has not been finalized.3 For OFAC, strict liability attaches to the entity, and Van Loon v. Department of the Treasury reinforces the point from the other direction: immutable smart-contract code is not sanctionable property, which locates the regulated actor in the identified person, not the autonomous code.10
Map every BSA obligation to the wrapper entity, not the agent. The architecture is doctrinally sound. What is missing is the mechanism that makes the binding enforceable on-chain.
The Missing Mechanism: A Deployer Attestation
A wrapper entity solves who the customer is. It does not, by itself, prove that this agent belongs to that entity, or that the agent stayed within the authority the entity granted. That binding is the missing mechanism, and it should be a deployer attestation: a signed, verifiable record that ties the wrapper entity’s identity to the specific on-chain credentials the agent controls, and that specifies the scope --- transaction limits, counterparty allowlists, tool access, and expiration.
The attestation belongs at the signing layer, not in the terms of service. Chain architecture already supports it: session-key permissions and on-chain policy contracts on account-abstraction wallets, program-level authority delegation, and custodial authorization mapped to the entity. The reason to enforce it in code rather than in a contract is doctrinal. What a deployer shows the world about an agent’s authority governs apparent authority, and a counterparty cannot read a terms-of-service page the agent never showed it --- but a counterparty can read an on-chain attestation.5 A scope assertion a counterparty cannot verify is a scope assertion unlikely to survive an apparent-authority analysis. In the vocabulary of our know-your-agent framework, this extends the AUTH pillar: the attestation is how authorization becomes provable rather than asserted.
Build the attestation at the signing layer. A scope assertion buried in terms of service is one a counterparty cannot verify --- and one a court may not credit.
What to Build Now
The wrapper thesis converts a regulatory gap into an engineering program. Four steps make it concrete.
- Inventory the agents that touch your compliance perimeter. Identify every agent that initiates, or could initiate, a stablecoin transfer. Each is a customer-identification question waiting to be answered.
- Form or assign a wrapper entity for each agent pathway. Not every agent needs its own entity; some map to an existing entity customer through a deployer attestation. Choose the vehicle for the jurisdiction and the risk.
- Run identification and due diligence against the entity. Customer identification, beneficial ownership, and formation documents belong to the wrapper, on file before the agent transacts.
- Build the deployer attestation into provisioning. Extend the KYA-AUTH pillar with an on-chain, enforceable scope assertion, and log scope-exceedance attempts and attestation expirations as monitoring events.
The law here is unsettled at its edges, and honesty requires naming what would move it. A first enforcement action against an AI-initiated transfer, a final GENIUS Act rule that does name autonomous transactions, or a finalized cross-border travel-rule threshold would each sharpen the analysis. None of them changes the load-bearing point: the customer is a legal person, and the agent is its instrument.
The Architecture Is the Compliance
The stablecoin AML regime is technology-neutral on its face. In practice, neutrality becomes a default, and defaults become examination expectations. The firms standing up agent payment rails will either help design the architecture that makes GENIUS Act compliance workable for autonomous transactions or inherit one built without them in mind. The wrapper thesis is not reform, and it is not a request for new law. It is applied corporate personhood --- two centuries of doctrine, pointed at a new kind of actor. Build wrapper-first. The entity is the party of record; the agent only acts.
Astraea Counsel advises AI, crypto, and stablecoin companies on BSA/AML architecture for autonomous systems --- entity structuring, deployer-attestation design, and GENIUS Act readiness. Explore our AI & Emerging Tech legal services.
Related Resources
- Not an Agent. Not a Defense: Seven Doctrines That Already Hold AI Deployers Liable --- the doctrinal premise that an AI agent is a tool, not a legal person
- AI Agent Liability in DeFi: Who’s Responsible When the Bot Trades? --- the three-regulator overlay this article builds on
- Agents with Wallets, Agents in Vaults: A KYA Analysis --- the know-your-agent framework and the AUTH pillar
- GENIUS Act Stablecoin Compliance: A 2027 Roadmap for Issuers --- the issuer-side obligations in full
- Does Your Agentic-Payments Startup Need a Money Transmitter License? --- the licensing question that sits alongside this one
Footnotes
-
Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act of 2025, Pub. L. No. 119-27, § 4(a)(5)(A), 139 Stat. 419, 429 (2025) (treating a permitted payment stablecoin issuer as a “financial institution” under the Bank Secrecy Act, subject to anti-money-laundering, customer-identification, and sanctions obligations), available at https://www.govinfo.gov/content/pkg/PLAW-119publ27/html/PLAW-119publ27.htm. ↩ ↩2
-
Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions Compliance Program Requirements, 91 Fed. Reg. 18582 (proposed Apr. 10, 2026) (joint FinCEN/OFAC notice of proposed rulemaking). A full-text review of the proposal identifies no treatment of AI-initiated or autonomous-agent transactions as a distinct category. ↩ ↩2 ↩3
-
31 C.F.R. § 1020.220 (customer identification program requirements, requiring name, date of birth for an individual, address, and identification number); id. § 1010.230 (beneficial-ownership requirements for legal-entity customers --- twenty-five-percent ownership or substantial control); id. § 1010.410(e)-(f) (recordkeeping and travel-rule requirements for transmittals of funds of $3,000 or more); id. § 1022.210 (money-services-business anti-money-laundering program). The proposed reduction of the cross-border travel-rule threshold to $250 (85 Fed. Reg. 68005 (proposed Oct. 27, 2020)) has not been finalized as of mid-2026. ↩ ↩2 ↩3 ↩4 ↩5 ↩6
-
Wyo. Stat. Ann. § 17-31-101 et seq. (Wyoming Decentralized Autonomous Organization Supplement, 2021); Wyo. Stat. Ann. tit. 17, ch. 32 (Wyoming Decentralized Unincorporated Nonprofit Association Act, eff. July 1, 2024); Tenn. Code Ann. § 48-250-101 et seq. (Tennessee Decentralized Organization provisions); Utah Code Ann. tit. 48, ch. 5 (Utah Decentralized Autonomous Organizations Act, eff. Jan. 1, 2024); N.H. Rev. Stat. Ann. ch. 301-B (eff. July 1, 2025); Marshall Islands Decentralized Autonomous Organizations Act (2022); Cayman Islands Foundation Companies Act (2017). ↩ ↩2
-
See Astraea Counsel, Not an Agent. Not a Defense: Seven Doctrines That Already Hold AI Deployers Liable (2026); Mobley v. Workday, Inc., 740 F. Supp. 3d 796 (N.D. Cal. 2024) (an artificial-intelligence screening vendor may be an “agent” under federal anti-discrimination statutes; the deployer’s role “is no less significant because it allegedly happens through artificial intelligence rather than a live human being”). ↩ ↩2
-
Trustees of Dartmouth College v. Woodward, 17 U.S. (4 Wheat.) 518 (1819) (recognizing the corporation as a legal person created by its charter); Braswell v. United States, 487 U.S. 99 (1988) (a corporate custodian may not resist a records subpoena on Fifth Amendment self-incrimination grounds; the corporation acts through its custodian). ↩ ↩2
-
Shawn Bayern, The Implications of Modern Business-Entity Law for the Regulation of Autonomous Systems, 19 Stan. Tech. L. Rev. 93 (2015); Lynn M. LoPucki, Algorithmic Entities, 95 Wash. U. L. Rev. 887 (2018); Carla L. Reyes, Autonomous Corporate Personhood, 96 Wash. L. Rev. 1453 (2021). ↩
-
CFTC v. Ooki DAO, No. 3:22-cv-05416 (N.D. Cal. 2023) (default judgment; holding a decentralized autonomous organization is a “person” subject to the Commodity Exchange Act); Sarcuni v. bZx DAO, 664 F. Supp. 3d 1100 (S.D. Cal. 2023) (governance-token holders can be liable as general partners of a general partnership; the court dismissed certain individual defendants on the pleadings while sustaining the general-partnership theory). ↩
-
Beneficial Ownership Information Reporting Requirement Revision and Deadline Extension, 90 Fed. Reg. 13688 (Mar. 26, 2025) (interim final rule exempting entities formed in the United States, and U.S. persons, from beneficial-ownership reporting under the Corporate Transparency Act; status subject to a forthcoming final rule). ↩
-
Van Loon v. Department of the Treasury, No. 23-50669 (5th Cir. Nov. 26, 2024) (holding that immutable smart-contract code is not “property” of a foreign national or entity that OFAC may block under the International Emergency Economic Powers Act). ↩