Stablecoins, Mistaken Payments, and Fraud: Is the Lack of Regulation E Protection a Barrier to Adoption?

One of the most common concerns we hear from bankers evaluating stablecoin initiatives is surprisingly straightforward:   "What happens if a customer sends stablecoins to the wrong person, or a fraudster tricks them into sending funds? Doesn't the lack of Regulation E protections make stablecoins unsuitable for broad adoption?"

The concern is understandable. Consumers and businesses have become accustomed to the protections built into traditional payment systems. Regulation E (“Reg E”), which is the Consumer Financial Protection Bureau (“CFPB”) regulation implementing the Electronic Fund Transfer Act, provides a framework for investigating unauthorized electronic fund transfers, while financial institutions maintain fraud monitoring and customer service processes designed to address mistakes and unauthorized activity.

By contrast, blockchain transactions are generally irreversible. Once a stablecoin transaction is recorded on a blockchain, it typically cannot be unwound. If a customer sends funds to the wrong wallet address or is induced to transfer funds to a fraudster, there may be no automatic mechanism comparable to a traditional payment reversal.

For some observers, this appears to be a fundamental flaw that will prevent stablecoins from achieving widespread adoption. However, the reality is more nuanced.

The Risk Is Real

There is no question that stablecoin transactions create risks that differ from those associated with traditional bank and credit union deposits.

A customer who mistakenly wires funds may have limited recourse, but financial institutions can frequently assist by contacting the receiving institution and attempting a recall. Reg E establishes a framework for resolving many disputes over unauthorized electronic fund transfers involving consumer accounts, requiring financial institutions to investigate claims promptly and limiting a consumer’s liability for unauthorized transactions based on how quickly the fraud is reported.

Stablecoin transactions generally do not work this way.  If a customer voluntarily transfers stablecoins to the wrong wallet address, the blockchain generally will not reverse the transaction. Recovery may depend on tracing the assets, locating the recipient, obtaining court orders, or persuading an exchange or stablecoin issuer to freeze the assets before they move through the ecosystem. For example, in November 2023, Tether and OKX (a leading global cryptocurrency exchange) collaborated with the U.S. Department of Justice to freeze $225 million in USDT[1] connected to an international romance scam and human trafficking operation. In June of 2025, the U.S. Secret Service (“USSS”) obtained a court order authorizing the seizure and burning of those funds, the largest seizure in USSS history.

Notwithstanding the success of some large-scale efforts, consumers generally remain responsible for their stablecoin transaction losses, and no financial institution is required to reimburse them. That distinction presents a genuine operational, legal, and reputational challenge for institutions offering stablecoin-related services.  Although crypto assets can be frozen on chain – BlocSec maintains a “USDT Freeze Tracker” on its website that shows how Tether froze over $2.24 billion in USDT over a recent twelve-month period – an owner’s ability to actually recover them presents a significant challenge, and sanctuary within a Reg E framework is not likely to ease those difficulties.

The CFPB under Rohit Chopra proposed an interpretive rule in 2025 that would have extended Reg E protections to digital wallets, payment apps, and stablecoins; however, the Trump Administration did not pursue the rule.

But Finality Is Also a Feature

Current stablecoin users – particularly institutional participants and decentralized finance users – may have strong reasons to preserve the current framework rather than revisit the Chopra proposal. The same characteristic that creates recovery challenges (payment finality) is also one of the principal reasons institutions are interested in blockchain-based payments.   Financial markets have long favored systems that provide final and irrevocable settlement. Fedwire, CHIPS, CLS Bank, securities settlement systems, and central counterparties all reduce uncertainty by ensuring that completed transactions are legally final, even though doing so necessarily limits opportunities to reverse payments.

Stablecoins offer a similar proposition: near real-time settlement, twenty-four hours a day, seven days a week, without the delays associated with correspondent banking and batch processing. Corporate and institutional users may willingly accept greater irreversibility in exchange for speed, certainty, and operational efficiency.

The question, therefore, is not whether stablecoins eliminate the possibility of payment reversal (they largely do) but whether the benefits of settlement finality outweigh the risks for the users choosing to transact on blockchain-based payment networks.

The Better Comparison May Not Be Reg E

Many discussions about stablecoin adoption begin with the assumption that stablecoins must eventually replicate Reg E protections to succeed.  That assumption may not be correct. Reg E was designed for consumer electronic fund transfers involving traditional financial institution accounts, whereas stablecoins exist in a different technological and operational environment.  The more relevant question is whether stablecoin providers can develop alternative safeguards that adequately address customer concerns without sacrificing the speed and efficiency that make blockchain-based payments attractive.  In practice, many institutions are already moving in this direction.

The industry is building new layers of protection.  The choice is not between fully reversible payments and completely unforgiving blockchain transactions. Most stablecoin implementations will likely fall somewhere in between. Financial institutions, custodians, wallet providers, and stablecoin issuers are developing controls to reduce the likelihood and impact of fraudulent or mistaken transfers, including:

• multi-factor authentication and transaction approval workflows;
• wallet “allow lists” (whitelists) and recipient verification procedures;
• transaction limits and risk-based fraud monitoring;
• managed custody arrangements and insurance programs; and
• stablecoin issuer freeze capabilities in appropriate circumstances.

Many of these controls already exist in traditional banking environments and are increasingly being adapted to blockchain-based payment systems. As such, customers are unlikely to interact with the "raw blockchain" environment associated with early cryptocurrency markets. Instead, they will increasingly interact with bank-sponsored or regulated payment platforms that leverage blockchain technology while preserving many of the protections customers already expect.

Why Financial Institutions May Have an Advantage

Concerns about payment errors and fraud may ultimately strengthen the role of regulated financial institutions in the stablecoin ecosystem. Such institutions have decades of experience managing fraud, operational risk, customer authentication, sanctions screening, dispute resolution, and compliance oversight and bank regulators are fully familiar with oversight of these functions. Financial institution capabilities position them to deliver the efficiency of blockchain-based payments that businesses and customer expect.

This is one reason many financial institutions are actively exploring tokenized deposits, stablecoin partnerships, and blockchain-enabled payment networks. The institutions most likely to succeed may not be those offering the fastest blockchain transactions, but those best able to combine blockchain efficiency with trusted risk management and consumer protections.

What Examiners Are Likely to Ask

As stablecoin activity expands, financial institution regulators are likely to focus less on the underlying blockchain technology and more on whether banks and other Permitted Payment Stablecoin Issuers (“PPSIs”) understand and efficiently control the fraud, operational, legal, and customer-protection risks associated with the activity.

Financial institutions that issue or support stablecoins can demonstrate sound risk management by implementing blockchain analytics, applying traditional Know-Your-Customer and Anti-Money Laundering controls to on-chain activity, and maintaining strong cybersecurity safeguards for digital wallets, private keys, and blockchain-connected APIs. As with any emerging financial technology, management should approach stablecoin activities with a continuous and conservative risk-management posture.  

Looking Ahead

The absence of Reg E-style protections is a legitimate consideration for any institution evaluating stablecoin activities. The related risks must be understood, disclosed, and managed. But payment innovation has rarely succeeded in perfectly replacing legacy systems. Stablecoins will ultimately succeed not simply because they are faster, but because they can deliver more efficient payments while maintaining an acceptable level of trust and customer protection. For financial institutions and other PPSIs, that challenge represents not only risk, but an opportunity to help shape the next generation of payment infrastructure.

For Further Information

If you have any questions about stablecoins, mistaken payments and fraud, or any other aspect of digital assets, please feel free to contact Patrick Quinn at (516) 357-3826 or via email at pquinn@cullenllp.com.

This advisory does not constitute legal advice. Nothing herein creates an attorney-client relationship between the sender and recipient.

This Client Advisory was prepared with assistance from Christian Lastihenos, Summer Associate.

Footnote

[1] USDT is a "stablecoin" pegged to the U.S. dollar – i.e., designed to always be worth $1 – and issued by Tether Limited. USDT currently has a net circulation of over $186 billion.