How Governments Regulate Crypto: Laws and Enforcement

Why Regulation Followed Adoption

The first decade of Bitcoin's existence attracted relatively limited regulatory attention. The asset was obscure, markets were thin, and the population of participants was small enough that systemic risk seemed implausible. That calculus changed dramatically between 2017 and 2021. The ICO boom of 2017 raised over $5 billion globally, much of it from retail investors who had no meaningful disclosure of the projects they were funding. The DeFi explosion of 2020 and 2021 pushed total value locked in decentralized protocols past $250 billion at its peak. Stablecoins — particularly Tether and USDC — grew to aggregate supplies exceeding $150 billion, creating dollar-denominated liabilities that circulated outside any traditional banking framework.

At that scale, regulators faced a genuine policy problem. The failure of a major stablecoin issuer, the collapse of a large centralized exchange, or the widespread distribution of unregistered securities could inflict meaningful harm on retail investors and, potentially, on broader financial markets. The collapse of FTX in November 2022 — which wiped out an estimated $8 billion in customer funds — validated those concerns in the most brutal possible way. Regulation accelerated sharply in its aftermath, not only in the United States but across the European Union, the United Kingdom, Singapore, and Hong Kong.

The Four Legal Frameworks That Govern Digital Assets

Governments have not, for the most part, invented new law to regulate crypto. Instead, they have adapted existing legal categories to fit digital assets, with varying degrees of elegance. Four frameworks dominate: securities law, commodity law, payment and banking regulation, and anti-money laundering compliance. Tax law constitutes a fifth, more universally applicable layer that sits beneath all of them.

Securities Law and the Howey Test

In the United States, the Securities and Exchange Commission has pursued an aggressive theory that most tokens issued in the 2017–2022 era qualify as securities under the Howey test — the 1946 Supreme Court standard that defines a security as an investment of money in a common enterprise with an expectation of profits derived from the efforts of others. The SEC's application of Howey to crypto has produced landmark enforcement actions: its 2023 suit against Coinbase alleged that at least thirteen tokens listed on the exchange, including Solana, Cardano, and Polygon's MATIC, were unregistered securities. Its parallel suit against Binance alleged similar violations at far greater scale.

For token issuers and the platforms that list them, securities classification carries significant consequences. A security must be registered with the SEC before it can be offered to the public, or qualify for an exemption. Exchanges that list securities must register as broker-dealers or national securities exchanges — a regulatory burden that no major crypto exchange has yet satisfied. The practical effect has been to create legal uncertainty that constrains institutional participation, particularly for U.S.-regulated entities that cannot afford the reputational and legal exposure of trading assets that may later be deemed unregistered securities.

Outside the United States, the securities question is handled differently but is no less consequential. The European Union's Markets in Crypto-Assets Regulation (MiCA), which came into full effect in December 2024, carves out a distinct regulatory category for crypto assets that are not securities — providing a clearer path to compliance for token issuers willing to work within its framework. Switzerland's FINMA has developed a token taxonomy that distinguishes payment tokens, utility tokens, and asset tokens, each with different regulatory treatment. These more structured approaches have attracted issuers seeking regulatory clarity, at the cost of operating within defined legal boundaries.

Commodity Regulation and Derivatives Markets

Bitcoin has largely escaped securities classification in the United States, primarily because its decentralized nature makes it difficult to identify a central team whose efforts drive investor returns. The Commodity Futures Trading Commission has long maintained that Bitcoin is a commodity, a position that gave the CFTC jurisdiction over Bitcoin derivatives markets while leaving spot markets in a regulatory grey zone. The approval of spot Bitcoin exchange-traded funds by the SEC in January 2024 — following years of rejections — effectively resolved that ambiguity for the institutional investment community, allowing regulated entities to gain exposure through a familiar wrapper without direct custody obligations.

Ethereum occupies a more contested position. Following the Merge in September 2022 — which transitioned the network from proof-of-work to proof-of-stake — some regulators and legal scholars argued that staked ETH more closely resembles a security, since holders delegate their assets to validators and receive returns partly dependent on the Ethereum Foundation's ongoing development work. The SEC's 2024 approval of spot Ethereum ETFs without staking functionality reflected, in part, a deliberate avoidance of that question. How regulators ultimately resolve Ethereum's classification will have substantial implications for DeFi protocols built on its infrastructure.

AML Compliance and the Travel Rule

Anti-money laundering regulation represents the most universally applied layer of crypto oversight, and the one with the most direct operational impact on market infrastructure. The Financial Action Task Force, the intergovernmental standard-setting body for AML policy, extended its recommendations to virtual asset service providers in 2019. Its so-called Travel Rule requires that exchanges and custodians transmit identifying information about the originator and beneficiary of transactions above a threshold — typically $1,000 — effectively bringing crypto transfers into the same compliance framework as wire transfers.

Implementation has been uneven. Major centralized exchanges including Coinbase, Kraken, and Binance have built substantial compliance infrastructure to meet Travel Rule obligations across the jurisdictions in which they operate. The challenge is that the Travel Rule was designed for correspondent banking relationships between institutions, not for pseudonymous blockchain transactions. When a customer withdraws assets from an exchange to a self-hosted wallet, there is no counterpart institution to receive the Travel Rule data. Regulators in various jurisdictions have taken different positions on how to handle unhosted wallet withdrawals — from enhanced due diligence requirements in the EU to more permissive approaches elsewhere — creating compliance complexity for globally operating platforms.

Stablecoins: The Regulatory Frontier

No segment of the crypto market has attracted more concentrated regulatory attention than stablecoins, and for defensible reasons. Tether's USDT, with a circulating supply that has exceeded $110 billion, functions as the primary settlement currency of global crypto markets. USDC, issued by Circle, is embedded in DeFi protocols, corporate treasury operations, and cross-border payment flows. These instruments are, in practical terms, privately issued dollar claims — a category of financial instrument that has historically been subject to stringent oversight precisely because the failure of a large issuer can trigger systemic runs.

The EU's MiCA framework requires stablecoin issuers to maintain liquid reserves, submit to regular audits, and — for issuers whose coins are used for payments at scale — comply with enhanced requirements that include limits on transaction volumes. Circle obtained a MiCA-compliant structure in 2024, positioning itself for the European market. Tether, whose reserve disclosures have historically been less rigorous, faces a more difficult path to European compliance. In the United States, stablecoin legislation has moved slowly, but the broad outlines of emerging frameworks — reserve requirements, redemption rights, federal or state licensing — are visible in multiple legislative proposals that have advanced through committee in 2024 and 2025.

Enforcement Patterns and Market Implications

Regulatory enforcement in crypto has followed a recognizable pattern: periods of relative inaction, punctuated by high-profile cases that reshape market structure. The SEC's 2023 enforcement surge — which included actions against Coinbase, Binance, Kraken, and Genesis — signaled an end to the regulatory tolerance that had allowed the industry to grow rapidly during the 2020–2021 bull market. The Binance settlement in November 2023, in which the exchange agreed to pay $4.3 billion in fines to the Department of Justice, FinCEN, and the CFTC, represented the largest corporate penalty in the history of crypto regulation.

For institutional investors, enforcement risk is not merely a legal curiosity — it is a counterparty risk factor. An exchange facing regulatory action may freeze withdrawals, restrict trading, or collapse entirely, as FTX demonstrated. The practical response among institutional participants has been a flight toward regulated, well-capitalized venues: CME Group for derivatives, registered trust companies like Coinbase Custody and Fidelity Digital Assets for custody, and ETF structures for passive exposure. These are not simply conservative preferences; they are rational responses to an enforcement environment in which regulatory risk can materialize rapidly and with severe economic consequences.

Tax Enforcement as a Regulatory Lever

Tax compliance has emerged as one of the most effective — and least discussed — tools of crypto regulation. The U.S. Infrastructure Investment and Jobs Act of 2021 included provisions requiring crypto brokers to issue 1099 forms to customers and report transaction data to the IRS, extending to digital assets the same tax reporting infrastructure that governs equity trading. The IRS has also pursued John Doe summonses against exchanges including Coinbase, Kraken, and Circle to obtain customer data for enforcement purposes. Internationally, the OECD's Crypto-Asset Reporting Framework establishes a multilateral data-sharing standard modeled on the Foreign Account Tax Compliance Act, with over fifty countries committed to implementation.

Tax enforcement matters to institutional investors not because the rules are ambiguous — gains are generally taxable in every major jurisdiction — but because the reporting infrastructure is still being built out. The transition from a self-reporting environment, where compliance depended largely on voluntary disclosure, to an automated reporting environment, where brokers transmit data directly to tax authorities, will have meaningful effects on retail market behavior and, indirectly, on the liquidity dynamics that institutional participants depend on.

The Bottom Line

The regulatory architecture around digital assets is not finished, but its foundational structure is now clear enough to act on. Securities law, commodity regulation, AML compliance, payment oversight, and tax enforcement form overlapping layers that govern every major category of crypto market participant. The jurisdictions that have moved most decisively toward comprehensive frameworks — the European Union with MiCA, Singapore with its Payment Services Act, the United Kingdom with its phased implementation of crypto regulation — have created operating environments where institutional capital can deploy with greater confidence, even at the cost of reduced operational freedom.

For sophisticated investors, the key insight is that regulatory risk is not uniform. It is concentrated in specific instruments, specific venues, and specific activities — unregistered token offerings, non-compliant exchanges, opaque stablecoin issuers — that a disciplined due diligence process can identify and avoid. The assets and infrastructure that have navigated regulatory scrutiny — spot Bitcoin and Ethereum ETFs, CFTC-regulated derivatives, MiCA-compliant issuers, regulated custody providers — represent a narrower but more durable investable universe. As the regulatory perimeter solidifies, the premium on operating within it will only increase.