As cryptocurrencies continue to redefine how we transfer value, regulators at the federal and state levels have been working hard to keep up. From traditional money transmitters to crypto exchanges, businesses in the space are facing a growing set of rules designed to ensure transparency, prevent money laundering, and protect consumers.
The Federal Picture
At the heart of the U.S. regulatory framework lies FinCEN (the Financial Crimes Enforcement Network). Since as far back as 2013, FinCEN has classified most crypto exchanges and payment providers as “money services businesses” (MSBs). This designation means they must follow many of the same rules that apply to traditional money transmitters, like setting up anti-money laundering (AML) programs, performing know-your-customer (KYC) checks, and filing Suspicious Activity Reports (SARs) when something doesn’t look right.
But the landscape isn’t static. FinCEN’s ongoing efforts to bring greater transparency to crypto transactions include proposed rules that could require businesses to report certain transactions involving unhosted wallets—those personal, independent wallets that users keep off exchange platforms. If these rules go into effect, businesses will need to capture even more information, like names, addresses, and transaction details, and they’ll need to stay vigilant for signs of unusual activity.
At the same time, the Securities and Exchange Commission (SEC) has stepped in, asserting its authority over aspects of the crypto world. Some of the largest crypto platforms have come under fire for offering tokens that the SEC says qualify as unregistered securities. As the legal status of certain cryptocurrencies is debated in courtrooms, many crypto companies are playing it safe by tightening their disclosures and being more selective about which tokens they trade.
Even banking regulators, like the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC), have issued warnings about the potential risks associated with stablecoins and crypto deposits. These institutions are urging banks and payment providers to maintain robust risk controls before jumping into digital assets.
The State-by-State Landscape
On the state level, crypto businesses face a patchwork of licensing requirements. Except for Montana, every U.S. state has some sort of licensing framework for digital asset firms. To make life a little simpler, the Conference of State Bank Supervisors introduced the Money Transmission Modernization Act (MTMA), a model law that gives states a blueprint for regulating money transmitters, including those that handle crypto. So far, more than two dozen states have adopted it.
States adopting the MTMA have clarified rules on everything from cybersecurity requirements to how much money a business must keep in reserve. But not every state follows the script exactly. For example, Texas now requires crypto firms to back stablecoins with reserves and prohibits mixing customer funds with company assets. Vermont has taken things a step further, demanding that crypto holdings be backed 1:1 and banning unlicensed third-party custodians. Meanwhile, states like New York continue to enforce their own unique frameworks, like the strict BitLicense, which requires detailed approvals for listing coins and robust capital requirements.
California recently joined the fray with its Digital Financial Assets Law (DFAL). This new law will require firms doing business in California to get a license, maintain financial audits, and comply with a host of consumer protection measures. Though it’s not set to go into effect until 2026, it’s a clear sign that the nation’s most populous state is committed to setting guardrails around digital assets.
What This Means for the Industry
Facing this expanding maze of regulations, many crypto companies are taking steps to adapt. Major players are investing in sophisticated compliance systems, hiring former regulators to bolster their expertise, and using advanced tools to monitor for suspicious transactions. Some firms have even scaled back their offerings in heavily regulated states, while others are engaging directly with regulators to stay ahead of the curve.
The message is clear: whether it’s registering with FinCEN, obtaining state licenses, or following consumer protection laws, compliance isn’t optional. It’s the new norm. Businesses that embrace these requirements now—implementing strong governance, transparency, and consumer safeguards—can not only avoid penalties, but also build trust with their customers and financial partners.
In a world where innovation is accelerating, having a proactive approach to regulation isn’t just about staying out of trouble—it’s about earning credibility, protecting users, and shaping the future of a rapidly evolving industry.
