What the AICPA Changed for Stablecoin Reporting

Stablecoins have spent years sitting in an awkward middle ground. Not quite cash, not quite crypto, and often explained with more confidence than clarity. For accountants and auditors, that gray area has been uncomfortable, especially when clients ask a simple question: can anyone really vouch for what is backing these tokens over time? With its latest update to the 2025 Criteria for Stablecoin Reporting, the AICPA is clearly trying to close that gap. The update adds a new section, Part II, focused squarely on controls supporting stablecoin operations. This is less about snapshot disclosures and more about whether the plumbing actually works day in and day out. 

Why the AICPA felt the need to step in 

Part I of the AICPA’s stablecoin criteria, released last year, did an important job. It created a common framework for issuers to disclose outstanding stablecoins and the assets backing them at a specific point in time. That helped clean up inconsistent reporting and gave practitioners something concrete to work with. 

What it did not address was what happens between reporting dates. Stablecoins are issued, redeemed, transferred, and custodied continuously. Reserves move. Vendors get involved. Controls can weaken. That is where most of the real risk lives. According to Di Krupica, CPA, senior manager of digital assets at the AICPA, regulatory momentum around stablecoins made that gap impossible to ignore. Policymakers have been paying closer attention to how stablecoins are issued and how reserves are managed. The profession needed something more practical than high level disclosures. Part II is the response. 

What Part II actually adds to the Framework 

The new criteria focus on controls supporting stablecoin operations over a specified period of time. That includes issuance and redemption processes, custody of reserve assets, governance, risk management, and vendor oversight. In other words, the operational stuff that determines whether yesterday’s disclosure still holds up today. 

From a practitioner standpoint, this matters because it moves stablecoin reporting closer to familiar territory. The criteria establish control objectives and provide implementation guidance to assess whether those controls are designed properly and operating effectively. That language should sound familiar to anyone who has lived through SOC reports, internal control testing, or assurance engagements tied to emerging assets. The AICPA is also signaling that trust in stablecoins is no longer just about what is claimed, but about whether systems and controls consistently support those claims. That is a subtle shift, but an important one. 

How this fits into the Broader Crypto Oversight Push 

This update does not exist in isolation. U.S. regulators have been steadily tightening their grip on crypto activities, especially where traditional finance and digital assets overlap. Tax authorities are getting better at tracking crypto transactions, as explored in Crypto Gains Are No Longer Guesswork for Tax Authorities, which highlights how reporting gaps are shrinking fast. 

Accounting standard setters are also stepping in. The FASB recently addressed crypto transfer accounting, signaling that digital assets are no longer an accounting sideshow. That development is covered in FASB Opens a New Chapter on Crypto Transfer Accounting, another sign that formal frameworks are catching up with market reality. 

At the same time, regulators have given banks clearer permission to engage in crypto intermediation, raising the stakes for controls and assurance. US Regulators Give Banks the Green Light for Crypto Intermediation underscores why stablecoin controls now matter far beyond niche issuers. 

Against that backdrop, the AICPA’s move feels less optional and more inevitable. 

What this means for Accounting and Audit Professionals 

For professionals, Part II changes the conversation with clients. Stablecoin issuers can no longer lean solely on point in time disclosures to build credibility. They will need to think through control design, documentation, and ongoing monitoring. That creates real work, not just nicer white papers. 

Auditors and assurance teams should expect more questions around operational risk, third party service providers, and how reserve assets are safeguarded. Engagements tied to digital assets are likely to look more like traditional control based assurance, just applied to newer technology. There is also a defensive angle. As regulators continue to scrutinize stablecoins, practitioners will want frameworks they can point to when evaluating client representations. The AICPA criteria give firms something to anchor on when saying yes, no, or slow down. 

The bigger takeaway 

Stablecoins have spent years promising stability while operating in a fast moving, lightly structured environment. The AICPA’s updated criteria are a reminder that stability is not just about pegs and reserves. It is about controls that hold up over time. For the profession, this is another step in crypto’s slow march toward normalcy. Less hype, more structure, and more accountability. That may not excite everyone in the market, but for accountants and auditors, it is a welcome shift toward something that finally feels workable.