Last update July 31, 2025

All hyperlinks open new window

Group URLs:  ABOUT >> AI-FINANCIAL MODELING >> LEGAL ENTITIES 

 Crypto Platforms Legal Framework

United States

The U.S. has a Fragmented Approach to crypto regulation, with various agencies overseeing different aspects: 

• Securities and Exchange Commission (SEC): Regulates Digital Assets that are Classified as Securities.

• Commodity Futures Trading Commission (CFTC): Oversees Digital Assets that are Classified as Commodities.

• Financial Crimes Enforcement Network (FinCEN): Focuses on AML/CFT Compliance for Crypto Businesses classified as Money Services Businesses (MSBs).

• Internal Revenue Service (IRS): Views cryptocurrency as property and enforces tax rules.

• Office of the Comptroller of the Currency (OCC), Federal Reserve Bank (FRB), Federal Deposit Insurance Corporation (FDIC): Involved in Stablecoin oversight, especially under recent legislation i.e. GENIUS Act. 

Recent U.S. legislation includes the GENIUS Act (Guaranteeing Essential National Infrastructure in U.S.-Stablecoins) and the Clarity Act 2025. 

• The GENIUS Act focuses on Stablecoin Regulation, establishing;

  • Reserve Requirements and Consumer Safeguards. 

• The Clarity Act (Digital Asset Market Clarity)  aims to provide broader regulatory guidelines for Digital Assets and divide oversight between the SEC and CFTC. 

• Stablecoins: The most significant development is the enactment of the Guiding and Establishing National Innovation for US Stablecoins Act (GENIUS Act) on July 18, 2025.

  • This act provides the first federal regulatory framework for "payment stablecoins," those pegged to a fiat currency like the US dollar.

  • It requires Stablecoin Issuers to maintain 100% Reserve Backing with Liquid Assets, disclose Reserve Compositions monthly, and follow risk management practices.

  • Oversight can be through a federal charter or a qualified state regulator.

• Digital Asset Market Clarity Act (CLARITY Act): Passed by the House of Representatives on July 17, 2025, and now under Senate consideration, the CLARITY Act aims to create a broader framework for the digital asset sector.

  • • It is expected to clarify the jurisdictional boundaries between the SEC and CFTC, with the CFTC potentially having oversight over digital commodities and spot crypto markets.

    • It may also establish new registration requirements for digital commodity exchanges, brokers, and dealers.

• White House Working Group Report: A comprehensive report released on July 25, 2025, offered policy recommendations emphasizing consumer protection, financial stability, and anti-money laundering measures, but notably omitted details on the previously announced Bitcoin Strategic Reserve.

• Focus on AML/CFT: Recommendations from the White House working group include modernizing anti-money laundering (AML) and countering the financing of terrorism (CFT) rules, providing clarity on Bank Secrecy Act (BSA) obligations, and reinforcing the importance of self-custody. 

European Union

• Markets in Crypto-Assets Regulation (MiCA): This regulation became fully applicable in December 2024 and aims to provide a uniform framework for crypto-assets not covered by existing financial services laws.

  • • MiCA governs crypto-assets such as asset-referenced tokens, electronic money tokens, and other crypto-assets.

    • MiCA  imposes requirements on transparency, disclosure, authorization, and supervision of transactions, aiming to enhance consumer protection and market integrity.

    • ESMA is currently working on developing the technical standards (Levels 2 and 3) required for full implementation. 

United Kingdom

• Draft Legislation: The UK government published draft legislation on April 29, 2025, to create a regulatory regime for crypto-assets and stablecoins, similar to its financial services regulations.

  • This draft legislation broadens the scope of crypto regulations beyond money laundering and financial promotions.

  • The Financial Conduct Authority (FCA) is actively engaged in developing the specific rules and a prudential regime for crypto firms. 

International Standards

• • FATF (Financial Action Task Force): The FATF June 2025 Update, assessing global progress on implementing AML/CFT standards for Virtual Assets and Virtual Asset Service Providers (VASPs).

  • While recognizing progress, the FATF highlighted the need for stronger action on licensing, registration, and mitigating the risk of offshore VASPs.

  • The FATF also updated its Travel Rule in June 2025, clarifying responsibilities, standardizing information requirements, and mandating tools to protect against fraud and error in cross-border payments. 

Global landscape of Crypto Platform Regulation is rapidly evolving. 

• The US is making strides with federal legislation for stablecoins and a push for broader market clarity. 

• The EU has implemented MiCA to create a harmonized regulatory environment, and the 

• UK is developing its own comprehensive regime. 

• International bodies like the FATF continue to push for stronger AML/CFT measures and the implementation of standards like the Travel Rule. 

• These developments collectively indicate a growing Global Focus on regulating the Crypto Industry to promote stability, Consumer Protection, and Combat Illicit Finance. 

Money Services Business (MSB)

A Money Services Business (MSB) refers to a business that provides financial services such as Money Transmission, Currency Exchange, Check Cashing, and the Issuance or Redemption of Money Orders or Traveler's Checks. 

• MSB are distinct from traditional banks but offer similar services, particularly related to the transfer, exchange, or management of money. 

• Examples of businesses that may be considered MSBs include Remittance Services, Cryptocurrency Exchanges, Bill Payment Services, and various Fintech Companies. 

Types of Money Services Businesses (MSBs)

According to the Financial Crimes Enforcement Network (FinCEN), a division of the U.S. Department of the Treasury, MSBs has-ve several categories: 

• Currency dealers or exchangers: These businesses exchange one currency for another, facilitating foreign exchange transactions.

• Check cashers: Businesses that provide services for cashing checks.

• Issuers or sellers of traveler's checks, money orders, or stored value (prepaid) cards: Companies that issue or sell these instruments.

• Redeemers of traveler's checks, money orders, or stored value (prepaid) cards: Businesses that redeem these instruments.

• Money transmitters: Companies that transfer funds or currency from one person or location to another.

• U.S. Postal Service: This organization also falls under the MSB category due to its issuance and cashing of money orders. 

Note:

Threshold requirement: a business won't be considered an MSB if it doesn't engage in transactions exceeding $1,000 for any person on any day in one or more transactions. 

• However, for money transmitters, there is no such threshold, meaning any business that engages in the transfer of funds is considered an MSB regardless of the amount of activity. 

Regulation and Compliance

MSBs are subject to federal and state regulations, including the Bank Secrecy Act (BSA) and its related regulations. 

• This involves registering with FinCEN and adhering to Anti-Money Laundering (AML Act 2020) and Know Your Customer (KYC) requirements designed to prevent illicit financial activities like money laundering and terrorist financing. 

• These regulations help to ensure the integrity of the financial system and protect against criminal exploitation.

Money Services Business (MSB)

Classification and Compliance

Crypto Businesses Real-world Case Studies

1. BitMEX Enforcement Action

   1. Case Summary: The Financial Crimes Enforcement Network (FinCEN) assessed a civil money penalty of $100 million against BitMEX, a cryptocurrency derivatives exchange, for willfully violating the BSA by failing to implement and maintain an adequate AML program. BitMEX was found to have operated as an unregistered money transmitter and failed to implement required AML and customer identification programs.

   2. Reasoning: FinCEN deemed BitMEX's activities to fall under the definition of money transmission, requiring registration and compliance with federal AML regulations.

   3. Key Lesson: Operating a platform facilitating cryptocurrency derivatives trading, even if based outside the U.S., can be considered money transmission if it serves U.S. customers, requiring adherence to federal MSB regulations, Source: Wilson Sonsini.

   4. Relevant Link: FinCEN's BitMEX enforcement action.

2. BTC-e Enforcement Action

   1. Case Summary: FinCEN fined the foreign-located virtual currency exchange BTC-e $110 million for facilitating ransomware schemes and other cybercrimes. BTC-e was found to have operated as an unregistered MSB and failed to implement AML and reporting obligations, including SARs.

   2. Reasoning: Despite being located outside the U.S., BTC-e was determined to have conducted business within the U.S. and was therefore required to comply with U.S. AML laws.

   3. Key Lesson: Foreign-located crypto businesses that serve U.S. customers are subject to U.S. AML laws and FinCEN's jurisdiction, and face significant penalties for non-compliance.

   4. Relevant Link: FinCEN's BTC-e enforcement action.

3. Bittrex Enforcement Action

   1. Case Summary: FinCEN and OFAC issued a joint enforcement action against Bittrex, a convertible virtual currency platform, for BSA and sanctions violations, including processing transactions with sanctioned jurisdictions like Iran, Cuba, and Syria. Bittrex failed to maintain an effective AML program to detect and prevent such violations.

   2. Reasoning: As a licensed MSB with operations in the U.S., Bittrex was required to implement a robust AML program to address the risks associated with its products and services, including exposure to sanctioned entities and jurisdictions.

   3. Key Lesson: MSBs in the crypto space must establish strong AML programs that also incorporate sanctions compliance to identify and mitigate risks associated with high-risk customers and jurisdictions.

   4. Relevant Link: FinCEN and OFAC's joint enforcement action against Bittrex.

4. Coinbase's Compliance Efforts

   1. Case Summary: Coinbase, a major U.S.-based cryptocurrency exchange, has actively pursued compliance with federal and state regulations, including registering as an MSB with FinCEN and obtaining various state money transmitter licenses, according to CoinFutures. It implements robust KYC procedures and AML programs.

   2. Reasoning: Coinbase seeks to operate as a fully regulated entity within the U.S. financial system, recognizing the importance of compliance for long-term viability and attracting institutional investors.

   3. Key Lesson: A commitment to regulatory compliance, including federal MSB registration and state money transmitter licensing, can help a crypto business thrive and gain credibility within the financial ecosystem, Source: CoinFutures.

   4. Relevant Link: CoinFutures' comparison of secure crypto futures trading platforms, highlighting Binance US as a registered MSB.

5. BitLicense and Paxos

   1. Case Summary: New York's stringent "BitLicense" requirements for virtual currency businesses have posed a challenge for some, but Paxos, a blockchain infrastructure platform, obtained a BitLicense, enabling it to operate in the state and issue regulated stablecoins. According to Congress.gov, Paxos was granted preliminary conditional approval for a national bank charter, though it later expired.

   2. Reasoning: The BitLicense aims to ensure virtual currency businesses operating in New York meet specific regulatory standards, including cybersecurity, consumer protection, and AML/KYC.

   3. Key Lesson: Successfully navigating state-level regulatory hurdles, like New York's BitLicense, can unlock significant market opportunities and demonstrate a commitment to compliance.

   4. Relevant Link: Congress discussion on banking and cryptocurrency, mentioning Paxos's Conditional Charter.

6. Texas Department of Banking and Stablecoins

   1. Case Summary: The Texas Department of Banking (TDB) has issued guidance, including Supervisory Memorandum 1037 and Industry Notice 2021-03, defining virtual currency and outlining the applicability of the Money Services Act to crypto businesses. Specifically, transactions involving stablecoins may require a money transmission license.

   2. Reasoning: The TDB seeks to clarify the regulatory landscape for virtual currency businesses in Texas, ensuring that activities falling under the definition of money transmission are appropriately licensed and regulated.

   3. Key Lesson: State-level regulators are actively interpreting existing laws and issuing guidance to address new virtual currency products and services, requiring businesses to stay informed and adapt their compliance strategies, Source: Texas Department of Banking.

   4. Relevant Link: Texas Department of Banking's Supervisory Memorandum 1037.

7. Crypto-Asset Safekeeping and Banks

   1. Case Summary: Banks offering crypto-asset safekeeping services to their wealth management clients, for example, are required to adhere to BSA/AML and sanctions obligations, including Customer Identification Programs (CIP), ongoing transaction monitoring, and related SAR filings, Source: Forvis Mazars US.

   2. Reasoning: Regulators emphasize that banks engaging in crypto-asset activities must implement robust risk management practices, including those specific to virtual assets, to ensure customer asset segregation and mitigate elevated fraud and cyber risks, Source: Mondaq.

   3. Key Lesson: The integration of crypto-asset services into traditional banking requires careful consideration of existing regulations and the development of specialized risk management frameworks, Source: Mondaq.

   4. Relevant Link: Forvis Mazars US's discussion on crypto-asset safekeeping.

8. Regulatory Arbitrage and Unlicensed Platforms

   1. Case Summary: The FBI and other authorities have warned against using cryptocurrency money transmitting services that are not registered as MSBs and do not adhere to AML requirements, Source URL: Internet Crime Complaint Center (IC3). 

      • Users of unlicensed services risk financial disruptions during law enforcement actions, especially if their cryptocurrency is commingled with illicit funds.

   2. Reasoning: Unlicensed platforms can be used by criminals to launder money and evade regulations, and authorities are taking action to curb such activities.

   3. Key Lesson: Businesses and individuals should only use regulated and compliant cryptocurrency services to avoid financial and legal risks, and to contribute to a safer cryptocurrency ecosystem.

   4. Relevant Link: FBI Alert on Cryptocurrency Money Services Businesses.

9. AML Bitcoin Fraud

   1. Case Summary: The founder of "AML Bitcoin," Rowland Marcus Andrade, was convicted of wire fraud and money laundering in connection with a scheme that raised millions through false and misleading statements about the cryptocurrency and its technology. He was subsequently sentenced to seven years in prison.

   2. Reasoning: Andrade's actions constituted a sophisticated fraud scheme, leveraging the novelty of cryptocurrency to deceive investors and divert funds for personal gain.

   3. Key Lesson: The cryptocurrency space can be exploited for fraudulent activities, and regulators are actively pursuing enforcement actions against individuals and entities involved in such schemes. According to Bloomberg Law News, the founder was sentenced to seven years in prison.

   4. Relevant Link: Department of Justice press release on Andrade's conviction.

Rights Concerns AND Security Risks

Redemption Rights Concerns AND Technical Security Risks, 

Potential for Loss of Private Keys and Digital Wallet Hacks

The GENIUS Act attempts to solidify Stablecoin functionality as a reliable means of payment by addressing concerns related to redemption rights and technical security. 

• While the Act introduces several protections, it's crucial to acknowledge the ongoing risks and complexities associated with these aspects. 

1. Redemption rights under the GENIUS Act

The Act mandates that permitted payment Stablecoin issuers (PPSIs) are obligated to convert, redeem, or repurchase their stablecoins for a fixed amount of monetary value. 

• This commitment to par redeemability is a cornerstone of the legislation and aims to assure users that their stablecoins can be converted back to fiat currency without delay or loss in value. 

• However, critics voice concerns about potential loopholes in these provisions, specifically the Act's wording on clear and conspicuous procedures for timely redemption. 

• This phrasing could potentially be exploited by issuers to impose limitations, delays, or unexpected fees during periods of market stress or heightened redemption demand. 

• Additionally, while the Act requires public disclosure of redemption policies, it doesn't explicitly guarantee direct redemption from the issuer for all Stablecoin holders, potentially leaving retail users reliant on intermediaries or exchanges, notes JD Supra. 

• Furthermore, the Act's explicit statement that stablecoins are not backed by federal deposit insurance highlights a fundamental difference from traditional bank deposits. In the event of issuer failure or insolvency, while Stablecoin holders are prioritized in bankruptcy claims over reserves, the process can be lengthy and complex with no guarantee of full recovery, according to Americans for Financial Reform. 

• The Act also requires regulators to study and report on how stablecoin issuers might be resolved in insolvency, highlighting a recognition of the need for further clarity and potential mechanisms for an orderly wind-down. 

2. Technical Security Risks: 

Private Keys & Digital Wallet Hacks

• • The GENIUS Act requires PPSIs to provide custodial or safekeeping services for private keys used to issue stablecoins and manage reserve assets, limiting such services to entities subject to regulatory oversight by federal or state banking regulators. 

    • This aims to enhance the security of the underlying infrastructure. However, the Act doesn't directly address the security of user-held private keys or digital wallets, leaving users exposed to a range of technical risks. 

• • Private key loss: The loss or compromise of private keys, the cryptographic keys that grant access to Stablecoin holdings, remains a significant threat to individual users. 

  • Users bear the ultimate responsibility for safeguarding their private keys, whether stored in hardware wallets, software wallets, or through other methods, Source: Georgia Institute of Technology.

  • Phishing and social engineering: Attackers actively target Stablecoin users through sophisticated phishing campaigns designed to steal private keys or trick users into authorizing malicious transactions, reports Chainalysis.

• Digital wallet hacks: While the Act regulates custody services provided by PPSIs, it doesn't extend to the security of user-controlled digital wallets (including software wallets and browser extensions), which are susceptible to hacking if the device is compromised, according to Halborn.

• Decentralized finance (DeFi) vulnerabilities: Many stablecoins operate within the broader DeFi ecosystem, which itself faces inherent security risks related to smart contract vulnerabilities, cross-chain bridge hacks, or custodian breaches, says CertiK. 

  • These weaknesses can compromise stablecoins even if their underlying reserve management is robust, Source: CoinMarketCap.

• User errors and irreversible transactions: Blockchain transactions are irreversible, meaning that user errors, such as sending stablecoins to the wrong address, can result in permanent losses that cannot be recovered, according to Gate.com. 

The GENIUS Act takes a significant step towards regulating stablecoins and enhancing consumer protection. However, users must remain vigilant regarding the security risks associated with digital assets, particularly: 

• • Those related to private key management and digital wallet security, Source: Georgia Institute of Technology. 

  • The Act's focus on issuer-level regulation does not fully mitigate these personal security responsibilities, highlighting the importance of user education and adherence to best practices for safeguarding digital assets.

Group URLs:  ABOUT >> AI-FINANCIAL MODELING >> LEGAL ENTITIES