A
n. — regulatory framework; financial compliance; international
Anti-Money Laundering (AML) refers to the body of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. In the context of cryptocurrency, AML obligations require Virtual Asset Service Providers (VASPs) — including exchanges, custodians, and certain DeFi protocols — to implement controls that detect, report, and prevent the use of digital assets for money laundering. Core AML obligations include customer due diligence (CDD), transaction monitoring, suspicious activity reporting (SAR), and record-keeping requirements.
REGULATORY NOTE: In the United States, AML obligations for cryptocurrency businesses are primarily governed by the Bank Secrecy Act (BSA) and enforced by FinCEN. Internationally, the Financial Action Task Force (FATF) sets the global AML standard through its Recommendations, including Recommendation 15, which explicitly addresses virtual assets and VASPs. Non-compliance can result in civil penalties, criminal prosecution, and loss of operating licenses.
B
n. — U.S. federal statute; financial intelligence; 1970
The Bank Secrecy Act (BSA), formally the Currency and Foreign Transactions Reporting Act (31 U.S.C. §§ 5311–5336), is the primary U.S. federal anti-money laundering statute. Enacted in 1970, it requires financial institutions — including cryptocurrency exchanges and money services businesses — to assist government agencies in detecting and preventing money laundering. Key BSA obligations include filing Currency Transaction Reports (CTRs) for cash transactions exceeding $10,000, filing Suspicious Activity Reports (SARs), maintaining customer identification programs (CIP), and retaining records for five years.
REGULATORY NOTE: FinCEN issued guidance in 2013 clarifying that administrators and exchangers of convertible virtual currency are money transmitters subject to BSA obligations. The Anti-Money Laundering Act of 2020 (AMLA 2020) significantly expanded BSA coverage, explicitly including digital asset businesses and introducing new beneficial ownership reporting requirements under the Corporate Transparency Act (CTA).
C
n. — U.S. federal regulatory agency; derivatives; commodities
The Commodity Futures Trading Commission (CFTC) is an independent U.S. federal agency established in 1974 under the Commodity Exchange Act (CEA) to regulate U.S. derivatives markets, including futures, options, and swaps. The CFTC has asserted jurisdiction over digital assets it classifies as commodities — most notably Bitcoin and Ether — and over derivatives markets built upon them. The agency has brought numerous enforcement actions against cryptocurrency exchanges, DeFi protocols, and fraudulent token schemes operating without proper registration.
JURISDICTIONAL NOTE: The CFTC and SEC have engaged in ongoing jurisdictional disputes over digital assets. The CFTC generally claims authority over spot commodity markets only in cases of fraud or manipulation; its primary jurisdiction is over derivatives. The Digital Commodity Consumer Protection Act (DCCPA) and the Financial Innovation and Technology for the 21st Century Act (FIT21) have proposed expanding CFTC authority over digital commodity spot markets. In 2022, the CFTC brought its first enforcement action against a DAO (Ooki DAO), establishing that DAOs may be held liable as unincorporated associations.
n. — legal classification; U.S. regulatory framework
Under U.S. law, a commodity is broadly defined by the Commodity Exchange Act (CEA) as any good, article, service, right, or interest in which contracts for future delivery are dealt in. The CFTC has determined that Bitcoin and Ether qualify as commodities, placing them within its regulatory purview for derivatives markets. The commodity classification is significant because it subjects digital assets to a different — and generally less restrictive — regulatory regime than the securities framework administered by the SEC. Whether a given digital asset is a commodity or a security is one of the most contested questions in U.S. cryptocurrency law.
LEGAL NOTE: The commodity vs. security distinction is not binary or permanent. A digital asset may begin as a security (during its initial offering phase, when investor reliance on the efforts of others is high) and later transition to a commodity classification as its network becomes sufficiently decentralized. Former SEC Director William Hinman articulated this "sufficient decentralization" theory in a 2018 speech, though the SEC has since distanced itself from that framework.
F
n. — international AML standard; FATF Recommendation 16
The FATF Travel Rule (FATF Recommendation 16) requires Virtual Asset Service Providers (VASPs) to collect, verify, and transmit originator and beneficiary information alongside virtual asset transfers above a threshold of USD/EUR 1,000. The rule — originally applied to wire transfers in traditional finance — was extended to virtual assets by the Financial Action Task Force (FATF) in its 2019 updated Guidance on Virtual Assets. The information required to "travel" with the transaction includes the originator's name, account number (wallet address), and physical address or national identity number, as well as the beneficiary's name and account number.
COMPLIANCE NOTE: Implementation of the Travel Rule for virtual assets presents significant technical challenges due to the pseudonymous nature of blockchain transactions and the absence of a centralized messaging infrastructure equivalent to SWIFT. Industry solutions include the TRUST framework (U.S.), Sygna Bridge, Notabene, and the OpenVASP protocol. As of 2024, over 50 jurisdictions have enacted Travel Rule regulations for VASPs, though cross-border interoperability remains inconsistent.
H
n. — legal standard; securities law; U.S. federal
The Howey Test is a four-part legal standard established by the U.S. Supreme Court in SEC v. W.J. Howey Co., 328 U.S. 293 (1946), used to determine whether a transaction qualifies as an "investment contract" and therefore a security subject to federal regulation under the Securities Act of 1933 and the Securities Exchange Act of 1934. Under the test, a transaction is a security if it involves: (1) an investment of money; (2) in a common enterprise; (3) with a reasonable expectation of profits; (4) derived from the efforts of others. The test has become the primary analytical framework applied by the SEC and federal courts to evaluate whether digital assets and token offerings constitute securities.
LEGAL NOTE: The SEC has applied the Howey Test to numerous enforcement actions involving cryptocurrency, including SEC v. Ripple Labs (2020) and the Telegram TON offering (2020). In July 2023, a federal court found that XRP sales to retail investors on exchanges did not satisfy the Howey Test, while institutional sales did — a landmark bifurcated ruling with significant implications for the digital asset industry. The SEC's application of Howey to secondary market trading of digital assets remains one of the most contested issues in crypto regulation.
I
n. — securities law classification; U.S. federal
An investment contract is a type of security under U.S. federal law, as defined and interpreted through the Howey Test. It encompasses any scheme whereby a person invests money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party. The investment contract concept is intentionally broad and flexible, designed to capture novel financial instruments that do not fit neatly into traditional categories such as stocks or bonds. The SEC has consistently argued that many digital token offerings — particularly those sold through Initial Coin Offerings (ICOs) — constitute investment contracts and are therefore unregistered securities.
LEGAL NOTE: The investment contract analysis focuses on the economic reality of the transaction, not its form or label. A token marketed as a "utility token" may nonetheless be an investment contract if purchasers are primarily motivated by profit expectations derived from the issuer's efforts. The SEC's Framework for "Investment Contract" Analysis of Digital Assets (April 2019) provides detailed guidance on applying Howey to digital assets, examining factors such as reliance on a third party's managerial efforts, information asymmetry, and the presence of secondary trading markets.
K
n. — compliance process; customer due diligence; AML
Know Your Customer (KYC) refers to the mandatory process by which financial institutions and regulated entities verify the identity of their clients before and during the course of a business relationship. In the cryptocurrency context, KYC obligations require exchanges, custodians, and other VASPs to collect and verify identifying information — typically government-issued identification, proof of address, and in some cases source-of-funds documentation — before allowing customers to transact. KYC is a foundational component of AML compliance programs and is required under the Bank Secrecy Act's Customer Identification Program (CIP) rules in the United States.
COMPLIANCE NOTE: KYC requirements vary by jurisdiction and by the risk profile of the customer and transaction. Enhanced Due Diligence (EDD) is required for higher-risk customers, including politically exposed persons (PEPs), customers from high-risk jurisdictions, and those conducting large or unusual transactions. Decentralized exchanges (DEXs) and non-custodial wallets present significant KYC compliance challenges, as they operate without a central intermediary capable of collecting customer information. Regulators in multiple jurisdictions are actively examining how KYC obligations should apply to DeFi protocols.
M
n. — EU regulatory framework; crypto-asset regulation; 2023
The Markets in Crypto-Assets Regulation (MiCA) is a comprehensive European Union regulatory framework for crypto-assets, published in the Official Journal of the EU on June 9, 2023 (Regulation (EU) 2023/1114). MiCA establishes a harmonized legal framework across all 27 EU member states for the issuance, offering, and trading of crypto-assets not already covered by existing EU financial services legislation. It introduces authorization requirements for Crypto-Asset Service Providers (CASPs), disclosure obligations for issuers of crypto-assets, and specific regimes for asset-referenced tokens (ARTs) and e-money tokens (EMTs) — the two categories of stablecoins.
REGULATORY NOTE: MiCA entered into force on June 29, 2023. Provisions relating to stablecoins (ARTs and EMTs) became applicable on June 30, 2024. Full application of MiCA — including CASP authorization requirements — took effect on December 30, 2024. MiCA is widely regarded as the most comprehensive crypto-asset regulatory framework enacted by any major jurisdiction and is expected to serve as a model for regulatory frameworks in other regions. It does not cover NFTs (with limited exceptions), DeFi protocols, or crypto-assets that qualify as financial instruments under MiFID II.
n. — U.S. regulatory classification; FinCEN; BSA
A Money Services Business (MSB) is a category of financial institution defined under U.S. federal law (31 C.F.R. § 1010.100(ff)) that is subject to Bank Secrecy Act registration, reporting, and recordkeeping requirements. MSB categories include money transmitters, currency dealers or exchangers, check cashers, issuers of traveler's checks or money orders, and providers of prepaid access. FinCEN has determined that administrators and exchangers of convertible virtual currency — including cryptocurrency exchanges and certain wallet providers — qualify as money transmitters and are therefore MSBs subject to full BSA compliance obligations.
REGULATORY NOTE: MSBs must register with FinCEN, implement a written AML program, designate a compliance officer, conduct employee training, and undergo independent audits. State-level money transmitter licenses (MTLs) are separately required in most U.S. states and are administered by state banking regulators. The patchwork of state MTL requirements has been a significant compliance burden for cryptocurrency businesses operating nationally. The New York BitLicense, administered by the NYDFS, is the most stringent state-level cryptocurrency license in the United States.
R
n. — SEC exemption; private placement; U.S. securities law
Regulation D (Reg D) is a set of SEC rules (17 C.F.R. §§ 230.500–230.508) that provide exemptions from the registration requirements of the Securities Act of 1933, allowing companies to raise capital through private placements without filing a full registration statement with the SEC. In the cryptocurrency context, Reg D — particularly Rule 506(b) and Rule 506(c) — has been widely used by token issuers to conduct private token sales to accredited investors while avoiding the full SEC registration process. A Form D must be filed with the SEC within 15 days of the first sale of securities under a Reg D exemption.
LEGAL NOTE: Rule 506(b) permits sales to up to 35 non-accredited but sophisticated investors and prohibits general solicitation. Rule 506(c) permits general solicitation and advertising but requires that all purchasers be verified accredited investors. The use of Reg D does not exempt token issuers from anti-fraud provisions of federal securities laws, nor does it provide a path to secondary market trading without additional registration or exemption. Many token issuers have faced SEC enforcement despite Reg D filings, particularly where tokens were subsequently traded on public exchanges.
S
n. — SEC staff accounting bulletin; custodial crypto assets; 2022
Staff Accounting Bulletin No. 121 (SAB 121) is guidance issued by the SEC's Office of the Chief Accountant and Division of Corporation Finance in March 2022, addressing the accounting treatment for obligations to safeguard crypto-assets held for platform users. SAB 121 requires entities that hold crypto-assets in custody on behalf of others to record a liability on their balance sheet equal to the fair value of those assets, with a corresponding asset. This treatment — which differs from traditional custodial arrangements — significantly increases the capital requirements for banks and financial institutions seeking to offer cryptocurrency custody services.
REGULATORY NOTE: SAB 121 was highly controversial, with critics arguing it effectively prevented regulated banks from offering crypto custody by making it economically prohibitive. The U.S. House and Senate passed a Congressional Review Act (CRA) resolution to overturn SAB 121 in May 2024, but President Biden vetoed it. The SEC subsequently issued SAB 122 in January 2025, rescinding SAB 121 and removing the on-balance-sheet requirement, marking a significant shift in the regulatory approach to crypto custody under the new administration.
n. — U.S. federal regulatory agency; securities markets
The Securities and Exchange Commission (SEC) is the primary U.S. federal agency responsible for enforcing federal securities laws and regulating the securities industry. In the digital asset context, the SEC has taken the position that most cryptocurrencies — other than Bitcoin and, more recently, Ether — are securities subject to its jurisdiction under the Securities Act of 1933 and the Securities Exchange Act of 1934. The SEC has pursued an aggressive enforcement-first approach to cryptocurrency regulation, bringing actions against exchanges (Coinbase, Binance), token issuers (Ripple, Telegram), and lending platforms (BlockFi, Celsius).
ENFORCEMENT NOTE: Under Chair Gary Gensler (2021–2025), the SEC brought over 100 enforcement actions against cryptocurrency entities, asserting broad jurisdiction over digital asset markets. The SEC's approach was significantly challenged by the SEC v. Ripple ruling (2023) and by the D.C. Circuit's decision in Grayscale v. SEC (2023), which ordered the SEC to approve spot Bitcoin ETFs. Under Chair Paul Atkins (2025–), the SEC has signaled a more accommodative approach, establishing a dedicated crypto task force and withdrawing several pending enforcement actions.
n. — digital asset classification; securities law
A security token is a digital asset that represents an investment contract or other security as defined under applicable securities laws — most commonly analyzed under the U.S. Howey Test. Security tokens may represent ownership interests in real-world assets (equity, debt, real estate), profit-sharing rights, or other investment interests. Because they qualify as securities, security tokens are subject to full securities law compliance, including registration with the SEC (or an applicable exemption), disclosure requirements, and broker-dealer regulations for secondary market trading. Security Token Offerings (STOs) emerged as a regulatory-compliant alternative to ICOs following the SEC's 2017–2018 enforcement actions.
LEGAL NOTE: The distinction between a security token and a utility token is not always clear and depends on the economic reality of the instrument at the time of sale. The SEC has consistently rejected the argument that labeling a token a "utility token" is sufficient to avoid securities classification. Key factors include whether the token is sold before the underlying platform is functional, whether purchasers expect profits from the issuer's efforts, and whether the token is marketed as an investment opportunity.
U
n. — digital asset classification; access rights; non-security
A utility token is a digital asset designed to provide holders with access to a specific product, service, or platform — rather than representing an investment interest or ownership stake. In theory, a utility token functions analogously to a software license or a prepaid service voucher: its value derives from its use within a specific ecosystem, not from the expectation of profit generated by the efforts of others. Utility tokens are frequently cited by token issuers as a basis for arguing that their tokens are not securities and therefore not subject to SEC registration requirements.
LEGAL NOTE: The utility token designation is not a legal safe harbor under U.S. law. The SEC has repeatedly stated that the label "utility token" does not determine whether an instrument is a security — the economic reality of the transaction controls. The "Howey Test" is applied regardless of how the token is characterized by its issuer. Tokens sold before a functional platform exists are particularly vulnerable to securities classification, as purchasers necessarily rely on the issuer's future efforts to create the utility. The Swiss FINMA framework and the EU's MiCA regulation provide more structured utility token classifications than U.S. law.
W
n. — U.S. state legal entity; DAO incorporation; 2021
The Wyoming DAO LLC is a legal entity structure created by Wyoming's Decentralized Autonomous Organization Supplement (W.S. §§ 17-31-101 through 17-31-116), which became effective July 1, 2021, making Wyoming the first U.S. state to recognize DAOs as a distinct legal entity. Under the Wyoming framework, a DAO may be organized as a limited liability company, providing members with limited liability protection while allowing governance to be conducted through smart contracts and on-chain voting. The DAO's operating agreement may be written in code (a "smart contract"), in a traditional written document, or a combination of both.
LEGAL NOTE: The Wyoming DAO LLC framework addresses several critical legal uncertainties facing DAOs, including member liability, legal standing to enter contracts, and the ability to hold property. However, it does not resolve all legal questions — particularly regarding securities law compliance, tax treatment, and cross-border recognition. Other U.S. states, including Tennessee and Vermont, have enacted similar legislation. The Marshall Islands became the first sovereign nation to recognize DAOs as legal entities in 2022. Legal practitioners advise that DAO LLC status does not automatically exempt a DAO's governance token from securities classification.
