What the GENIUS Act Could Mean for Model Risk Teams

For model validation teams, the GENIUS Act is not just a stablecoin policy story. In Kevin Oden’s telling, it is also adds to the terrain model risk management may need to cover. 

In a recent ProSight Q&A, Oden, principal of Kevin Oden & Associates, argues that the law and the OCC’s follow-on proposed rulemaking put model risk squarely in the middle of how payment stablecoins would be evaluated and supervised. His point is not simply that stablecoins create one new validation task. It is that they pull model risk into a broad set of interconnected domains, several of which operate on a 24/7 basis and depend heavily on technology. 

Here are a few takeaways: 

The model risk perimeter is wider than it may first appear. Oden says there are eight model risk-related domains that matter under the GENIUS Act, with seven “front and center” and one more peripheral. The seven core areas are reserve valuation, liquidity stress testing, interest rate risk, capital adequacy, concentration risk, monetization capability assessment, and smart contract validation. The eighth is operational risk, which he describes as “more peripheral from a pure model perspective” but still relevant. Taken together, those domains suggest this is not just about checking whether reserves match liabilities. It is about validating whether the whole stablecoin structure can function reliably under stress. 

24/7 expectations change the challenge. Several of the areas Oden highlights are made more difficult by the act’s round-the-clock expectations. Reserve valuation, for example, is not a periodic exercise in this framework. “In practice, that means 24/7 valuation,” he says. The same pressure shows up in monetization, where issuers need the operational mechanisms, technology, and market access to exchange stablecoins for dollars “on demand and on a 24/7 basis.” 

Smart contracts are not just another valuation problem. Oden draws a sharp distinction between traditional financial model issues and technology-embedded model risk. He points to a 2025 Paxos incident in which a coding error in an automated smart contract process led the system to mint roughly $300 trillion worth of PYUSD, PayPal’s stablecoin, which is also available on Venmo and compatible external platforms, before the excess tokens were burned. “This wasn’t a bad economic assumption or a flawed valuation input,” he says. “It was an implementation failure in a smart contract.” That is why, in his view, smart contract validation reaches beyond conventional model validation into code design, testing, governance, and safeguards before deployment. 

Scarce history makes familiar analogies less comforting. Oden says there are parallels to FX markets, especially pegged currencies, but stablecoins still present real modeling challenges because the historical data is thin. He compares the situation to the launch of the euro, when institutions had to rely on proxies because no historical euro data existed. 

The broader takeaway is that stablecoins may widen the remit of model risk teams beyond reserve logic to include smart contract behavior, operational readiness, and contagion scenarios. Under the GENIUS Act, that work looks both more continuous and more technical than many banks may be used to.