Legal & Legislative

A four-part legal test derived from the U.S. Supreme Court's 1946 ruling in SEC v. W.J. Howey Co. (328 U.S. 293) used to determine whether a transaction qualifies as an "investment contract" and therefore a security subject to federal securities law. Under the Howey Test, a transaction is deemed a security if it involves: (1) an investment of money; (2) in a common enterprise; (3) with an expectation of profits; (4) derived solely from the efforts of others.

In the context of digital assets, the SEC has applied the Howey Test to determine whether tokens, initial coin offerings (ICOs), and other crypto instruments constitute securities. The test has been central to enforcement actions against numerous blockchain projects, including Ripple (XRP), Telegram (TON), and LBRY.

See also: Securities Law · Initial Coin Offering (ICO) · The Vault: SEC Enforcement Actions

The body of U.S. federal law — principally the Securities Act of 1933 and the Securities Exchange Act of 1934 — governing the issuance, trading, and regulation of investment instruments classified as securities. When applied to digital assets, securities law requires that any token or instrument meeting the definition of a security must be registered with the SEC or qualify for an exemption, and that platforms facilitating their trading must register as broker-dealers or national securities exchanges.

The SEC's position, articulated by former Chair Gary Gensler, holds that the "vast majority" of crypto tokens are securities. This position has been contested by industry participants and challenged in multiple federal court proceedings, producing a fragmented and evolving legal landscape.

See also: Howey Test · Commodity Classification · ICO

A comprehensive set of laws, regulations, and procedures designed to prevent the concealment of illegally obtained funds as legitimate income. In the digital asset context, AML obligations under the Bank Secrecy Act (BSA) apply to entities classified as Money Services Businesses (MSBs), including cryptocurrency exchanges, wallet providers, and certain DeFi protocols. Covered entities must implement AML programs, file Suspicious Activity Reports (SARs), and maintain transaction records.

FinCEN's 2013 guidance established that virtual currency exchangers and administrators are MSBs subject to BSA requirements. Subsequent guidance (2019) extended these obligations to certain peer-to-peer exchangers and wallet providers, regardless of whether they take custody of funds.

See also: Know Your Customer (KYC) · FATF Travel Rule · Security & Forensics

A mandatory due diligence process requiring financial institutions and regulated entities to verify the identity of their clients and assess the risk of illegal activity. In the digital asset industry, KYC procedures typically involve collection and verification of government-issued identification, proof of address, and — for higher-risk customers — source-of-funds documentation. KYC is a foundational component of AML compliance programs and is required by FinCEN, the EU's AMLD framework, and equivalent regulators globally.

The tension between KYC requirements and the pseudonymous nature of blockchain transactions has been a persistent regulatory flashpoint. Decentralized exchanges (DEXs) and non-custodial wallet providers have generally resisted KYC obligations, arguing they do not take custody of user funds and therefore fall outside MSB definitions — a position increasingly challenged by regulators.

See also: AML / BSA · FATF Travel Rule · Technical: Zero-Knowledge Proofs

The European Union's comprehensive regulatory framework for crypto-assets, entered into force June 29, 2023, with phased implementation through December 2024. MiCA establishes a unified licensing regime for Crypto-Asset Service Providers (CASPs) across all 27 EU member states, eliminating the need for separate national licenses. It creates three asset classifications: Asset-Referenced Tokens (ARTs), Electronic Money Tokens (EMTs), and a residual "other crypto-assets" category covering utility tokens and most cryptocurrencies.

MiCA imposes strict requirements on stablecoin issuers — particularly those deemed "significant" based on user base and transaction volume — including reserve requirements, redemption rights, and operational resilience standards. Bitcoin and Ether are explicitly excluded from MiCA's scope as sufficiently decentralized assets.

See also: Securities Law · Vault: Terra/LUNA Collapse · Vault: FTX Collapse

The unresolved question of how Decentralized Autonomous Organizations (DAOs) are classified under existing legal frameworks and what liability exposure their participants bear. In the absence of formal legal recognition, DAOs may be treated as general partnerships under common law — exposing all token holders to unlimited joint and several liability for the organization's obligations and torts. This interpretation was applied in CFTC v. Ooki DAO (N.D. Cal. 2022), where the court held that DAO token holders who voted on governance proposals were liable as general partners.

Several U.S. states have enacted DAO-specific legislation: Wyoming (DAO LLC Act, 2021), Tennessee (2022), and Utah (2023) permit DAOs to register as limited liability companies, providing members with liability protection. The Marshall Islands recognized DAOs as legal entities in 2022. The EU has not yet addressed DAO legal status under MiCA.

See also: Governance & Social · DAO (Definition) · Vault: DAO Exploits

An international AML standard issued by the Financial Action Task Force (FATF) requiring Virtual Asset Service Providers (VASPs) to collect, verify, and transmit originator and beneficiary information for virtual asset transfers above a threshold of $1,000 / €1,000. Extended to crypto in FATF's 2019 updated Guidance on Virtual Assets, the Travel Rule mirrors obligations long applied to wire transfers under the U.S. Bank Secrecy Act's "funds transfer rule" (31 C.F.R. § 1010.410).

Implementation of the Travel Rule in crypto presents significant technical challenges due to the absence of a universal messaging standard and the difficulty of identifying counterparty VASPs in peer-to-peer transactions. Industry solutions include the IVMS 101 data standard and protocols such as TRP, OpenVASP, and Sygna Bridge.

See also: AML / BSA · KYC · Infrastructure: VASP Compliance

The classification of a digital asset as a commodity under the Commodity Exchange Act (CEA), placing it under the regulatory jurisdiction of the Commodity Futures Trading Commission (CFTC) rather than the SEC. Bitcoin has been consistently classified as a commodity by U.S. courts and the CFTC since at least 2015 (In re Coinflip, Inc.). Ether was similarly classified as a commodity by the CFTC in multiple enforcement actions, though the SEC has at times asserted concurrent jurisdiction.

The SEC-CFTC jurisdictional boundary — often described as the "securities vs. commodity" divide — is determined primarily by whether a digital asset is sufficiently decentralized. Assets with active development teams, pre-sales, and investor expectations of profit from managerial efforts tend toward securities classification; assets with no central issuer and established utility tend toward commodity classification.

See also: Securities Law · Howey Test · Tokenomics: Asset Classification