Compliance with regulatory obligations

Compliance with regulatory obligations

A patchwork of regulations has emerged and continues to evolve. How does crypto adoption impact regulatory compliance? Authored by Coinbase and KPMG.

Compliance with regulatory obligations

Financial services institutions are intimately familiar with the challenges the industry faces in order to efficiently and effectively maintain compliance with laws, rules, and regulations, including those related to investor protection, market surveillance, anti-money laundering (AML), financial crime prevention, and fraud. But how does crypto adoption impact regulatory compliance?

A U.S. regulatory perspective

The explosion of consumer interest and investment in cryptoassets, in addition to increased participation of traditional financial institutions in this asset class, has U.S.federal and state regulators keenly focusing on the regulatory obligations of the crypto businesses. When cryptoassets become institutionalized, they will likely also be traded in other markets similar to assets like commodities. In many cases, cryptoassets may have different regulators (e.g., SEC,FINRA, CFTC, etc.) depending on what type of specific asset they are considered.

Cost of noncompliance

Regulatory authorities have not been shyabout enforcing regulations related to cryptoassets. A crypto exchange was fined $110 million for failure to detect suspicious transactions and file suspicious activity reports (SARs).

The current patchwork of U.S. federal and state regulations governing the crypto industry  has  created  a challenging regulatory climate for crypto businesses. Here, we review some current regulations that apply to crypto businesses:

  • The Financial Crimes Enforcement Network (FinCEN) considers crypto exchanges money service businesses (MSB), which means they are subject to existing banking regulations like the AML, Know Your Customer (KYC), and various financial reporting requirements. KYC and cryptoasset provenance below covers this in more detail.
  • The Securities and Exchange Commission (SEC) has concluded that certain cryptoassets, issued as part of ICOs, as securities under the Securities Act of 1933 and the Securities Exchange Act of 1934, which means they must be registered with the SEC. Such cryptoassets will have additional requirements detailed in the Security tokens section below.
  • The Commodities Futures Trading Commission (CFTC) has designated certain cryptoassets as commodities. Crypto futures, swaps, options, and other derivative contracts are subject to the same regulatory protocols as physical assets in this class. These regulations are focused on ensuring orderly markets and protecting against market manipulation. Exchanges will need to continue to enhance their surveillance for manipulation and fraud and act accordingly if malfeasance is detected.
  • Organizations that trade crypto futures will be required to conduct business through a registered futures commission merchants (FCM) or introducing brokers (IB), which are regulated by the CFTC and National Futures Association (NFA). Further, organizations wanting to offer futures trading will themselves be required to register with the CFTC and NFA as an FCM or IB.
  • The New York State Department of Financial Services (NYDFS) has required any entity operating in the crypto business in the state of New York and/or with New York residents to apply for a BitLicense. Other states have required crypto businesses to operate under money transmitter laws.
  • Organizations that provide crypto custody services, perform exchange services, or issue crypto (virtual currency, money transmitter, and exchange services) are subject to state money transmitter obligations, many of which require compliance with FinCEN's KYC and AML expectations. The NYDFS BitLicense builds significantly on top of those requirements and includes, for example, significant cybersecurity requirements. Additionally, exchanges will need to enhance their surveillance practices to detect possible fraud and market manipulation as regulators have increased their surveillance of such activities.
  • The Internal Revenue Service (IRS) has issued guidance that some cryptoassets are to be treated as property and are subject to tax upon sale or exchange. Crypto business has many tax implications to consider.

Security tokens bring regulatory challenges of their own

Cryptoassets deemed securities (also referred to by many as "security tokens" or "crypto securities") are becoming an important part of the emerging tokenized economy. Before listing and offering trading of a cryptoasset, an exchange should evaluate whether the asset is a security. Those deemed as securities may require trading to be conducted through a registered broker-dealer and elicit an array of securities laws, rules, and regulatory requirements. If crypto businesses want to offer these products, they will need to address requirements of this new asset class and will likely need to establish a broker-dealer business. Below are some of the key requirements and challenges that the industry is facing related to security tokens:

  • Regulatory uncertainty: The lack of clear regulatory guidance in certain areas is impacting the ability of the industry to implement the applicable set of controls and processes.
  • Electronic trading of digital securities: Security tokens are natively digital and will likely continue to be traded in an electronic environment. As a result, broker-dealers will need to establish electronic trading platforms, or alternative trading systems (ATSs), for digital securities. ATSs have additional regulatory requirements and are subject to rules requiring strong controls and market surveillance over the clients and securities trading on their platforms. Currently, there is no central repository identifying whether a certain cryptoasset is a security or not. As a result, organizations will need to build robust processes to determine if an asset is a security or not (e.g., utilizing the Howey Test).
  • Information barriers: Organizations operating a broker-dealer business will need to implement proper information barriers between their broker-dealer business and other businesses to ensure nonpublic material information is not misused. Additionally, they should develop surveillance systems to make sure information is not being used to disadvantage clients or the markets.
  • Clearing/Settlement/Custody:The lack of a trusted end-to-end clearing, settlement, and custody solution for both crypto and crypto securities is another hurdle with regulatory implications that needs to be overcome. The role of a central clearing depository and a transfer agent in providing services such as account transfers with assets, delivery obligations (fail control) for fully paid for securities, and limit monitoring will need to be addressed for the security tokens.
  • Other regulatory requirements:Additional requirements will need to be addressed, including client confirmations and statements, best execution, regulatory reporting, transaction and trade reporting, and audit trail requirements, among others.

Regulators are working to keep pace with crypto innovation while seeking to protect the investing public. Crypto businesses will need to clearly define their product offerings in order to navigate the evolving state and federal regulatory landscape. It is in a crypto organization’s best interest to get ahead of the evolving regulatory landscape, and we are already seeing organizations take this proactive approach.

© 2022 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit

Connect with us