This Quick view provides an outline of the regulation and enforcement of cryptocurrency in the United States. As a dynamic and evolving area of law, expert legal advice may be required to ensure compliance with local regulations and to mitigate against the risk and cost of enforcement action.
This Quick view covers:
- Payments in cryptocurrency
- Cryptocurrency exchanges
- Cryptocurrency and US securities regulation
- Recent examples of legal enforcement actions
This Quick view can be used in conjunction with the following Quick views: Introduction to cryptocurrency and how it works, Understanding data privacy compliance challenges in blockchain and cryptocurrency and Cryptocurrency and US tax laws.
1. Payments in cryptocurrency
Payments in cryptocurrency are becoming more mainstream. A growing number of merchants and financial institutions either accept certain crypto payments (Bitcoin, Ether, and Tether have been quite widely embraced) or are considering doing so.
Retailers accepting Bitcoin include Microsoft and AT&T, and a third-party service makes it possible to use Bitcoin to pay for products bought on Amazon.
With the value of individual units often fluctuating wildly, some regret using their currency for everyday purchases. In 2010, in what is thought to be the first consumer transaction involving cryptocurrency, a computer programmer paid 10,000 Bitcoins, at that time the equivalent of $41, for two pizzas. As of April 2025, those 10,000 Bitcoins would have been worth $847,544,360.50. The man who delivered the pizzas now regrets spending, rather than saving, the Bitcoins. Nevertheless, the use of cryptocurrency in a broad range of transactions is clearly on the rise and so too are the associated risks and legal and compliance obligations.
2. Cryptocurrency exchanges
Whilst the regulatory status of cryptocurrency exchanges varies across jurisdictions (eg, China has banned cryptocurrency exchanges), they are legal in the United States. Regulations requiring exchanges to report suspicious activity have been proposed but not finalized. The director of the Financial Crimes Enforcement Network (FinCEN) has stated that ‘individuals and entities engaged in the business of accepting and transmitting physical currency or convertible virtual currency from one person to another or to another location, are money transmitters subject to the [anti-money laundering and countering the financing of terrorism] requirements of the Bank Secrecy Act (BSA) and its implementing regulations.’
Virtual currency money transmitters are required to register with FinCEN as money services businesses. These businesses must develop, implement, and maintain an anti-money laundering program designed to prevent an exchange from being used to facilitate money laundering and terrorist financing. They must also establish recordkeeping and reporting measures including filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs). See How-to guide: How to identify suspicious activity and make a Suspicious Activity Report (SAR) and Checklist: Currency transaction reporting requirements.
2.1 New accounting requirements
A company holding cryptocurrency needs to know how to value it for accounting purposes. Until the cryptocurrency is sold, financial statements in line with generally accepted accounting principles currently reflect only the decreases but not the increases in the value of cryptocurrency.
On December 14, 2022, the Financial Accounting Standards Board (FASB) issued a proposed revision to the existing standards that would require present cryptocurrency assets to be measured at fair value separately from other intangible assets in a balance sheet. Changes in the fair value measurement of cryptocurrency assets would be presented separately from changes in the carrying amounts of other intangible assets in the income statement. While the FASB standards do not have the force of law, they are recognized by the US government as setting out uniform standards for financial statements.
In December 2023, FASB issued ASU 2023-08, requiring companies to measure specific cryptocurrency assets at fair value, with changes impacting net income each reporting period. These cryptocurrency assets must be presented separately on the balance sheet and their fair value changes reported distinctly in the income statement. FASB deemed the old guidance inadequate as it only recognized decreases in value until disposal, failing to reflect the true economics of cryptocurrency assets. This article discusses arguments for classifying cryptocurrency assets and explains FASB's new guidance and its implications compared to the prior rules.
US Generally Accepted Accounting Principles (GAAP) define cryptocurrencies as secured digital records on a decentralized ledger. Previously, lacking specific guidance, ASC 350 treated them as ‘crypto assets.’
Arguments exist for classifying cryptocurrencies as commodities (due to mining similarities), a form of money (facilitating transactions), or a potential universal payment method. While resembling commodities, they lack independent commercial value like gold. The ‘greater fool theory’ suggests their value is based on speculation. However, economic theories define money by its exchange function, which cryptocurrencies can fulfill, though their current value seems speculative and they don't earn interest like traditional money. Despite this, their use in international payments to bypass systems like SWIFT is increasing due to the possibility of sanctions that could be imposed as a result of a transaction in traditional currency.
GAAP allows some securities to be classified as available-for-sale and reported at fair value in equity, with gains/losses recognized in earnings upon sale. However, cryptocurrencies aren't legal tender or a contractual right to cash.
FASB classifies cryptocurrency assets that meet specific criteria (intangible, no claim on underlying assets, blockchain-based, secured, fungible, not issued by the reporting entity) as intangible assets. ASU 2023-08 replaces the prior impairment model with periodic fair value measurement, acknowledging their fungibility, an atypical trait for intangibles.
Previously, AICPA guidance classified cryptocurrency assets as indefinite-lived intangibles subject to impairment testing. This model was criticized for not accurately reflecting crypto asset economics and for complex impairment rules. FASB's new guidance retains the intangible asset classification but mandates fair value measurement with changes impacting net income each period.
3. Cryptocurrency and US securities regulation
3.1 Initial coin offerings (ICOs)
Like initial public offerings (IPOs) of previously private companies, initial coin offerings (ICOs) (also called ‘token sales’) are a process by which cryptocurrency companies raise funds from investors. Instead of shares, investors obtain currency units or tokens. The Securities and Exchange Commission (SEC) views most ICOs as offerings of securities and pursuant to the Securities Act of 1933 (Securities Act), offerings of securities that do not qualify for an exemption must be registered with the SEC. It follows that ICOs must comply with the registration and disclosure obligations.
A public offering must be registered on Form S-1. Offerings of up to $75 million in a 12-month period may proceed under SEC Regulation A and use an offering circular instead of a full registration statement. Those who operate systems and platforms that facilitate trade in these products may be operating as unregistered exchanges or broker-dealers.
3.2 Investment contracts
As the SEC explained in its 2017 DAO Report, securities include ‘investment contracts.’ These contracts exist when there is an investment in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others (the ‘Howey Test’). The SEC is clear on its position and has concluded that the ICO token will be deemed a ‘securities transaction’ to be regulated under the Securities Act if it meets the requirements of the Howey Test. This conclusion means that various legal and regulatory requirements apply. See section 4.2 for recent enforcement action discussing the distinction.
Specifically, the company must file a registration statement, usually Form S-1. Part I of that form consists of the prospectus, which must be delivered to all purchasers. The prospectus must disclose specific information, both non-financial and financial. It covers the company’s business operations, financial condition, results of operations, risk factors, and management. Audited financial statements must be included. Part II requires additional information and certain documents, such as material contracts, to be filed with the SEC. In addition to conveying the information specifically addressed in the form, companies must disclose ‘any other information’ necessary to avoid misleading disclosures.
SEC regulations do provide for less onerous requirements in very specific circumstances, such as for offerings that do not surpass a certain size or only involve certain kinds of investors. For example, Rule 504 (formally 17 CFR 230.504) exempts from registration the offer and sale of up to $10 million of securities in a 12-month period. Rule 506(c) (formally 17 CFR 230.506) permits issuers to broadly solicit and advertise an offering if all purchasers are accredited investors. Companies that qualify for these exemptions still need to notify the SEC of an offering via Form D.
3.3 Regulatory framework
The regulation and oversight of cryptocurrency in the United States is not clear since cryptocurrency can fall under the jurisdiction of several different regulatory agencies – for example, the Commodities Futures Trading Commission (CFTC), an independent federal agency that regulates US derivatives markets, classifies cryptocurrencies as a commodity that allows them to trade on public derivatives markets. The position is complex and there is no comprehensive framework. Different legal and regulatory restrictions apply depending on how cryptocurrency is used, and additional compliance obligations may arise at state level. For example, some states require registration of cryptocurrency exchanges which could lead to regulatory requirements for those exchanges.
4. Recent examples of legal enforcement actions
In recent years, cryptocurrencies have regularly featured in headlines highlighting sanctions (including substantial penalties) imposed by various regulatory agencies across a wide range of legal enforcement actions.
4.1 Anti-money laundering (AML)
US government and regulatory agencies have pursued crypto companies for violations of AML requirements. The Department of the Treasury has been active in holding firms accountable. In October 2022, two of the Department’s subdivisions, the Office of Foreign Assets Control (OFAC) and the FinCEN, announced settlements for over $24 million and $29 million respectively, with Bittrex, a US-based crypto exchange. The action alleges various violations including of the Bank Secrecy Act’s AML reporting requirements.
The CFTC has also pursued AML violations. For example, in May 2022, the founders of crypto exchange BitMEX agreed to pay $30 million to resolve an action alleging that the exchange was designed to evade AML rules.
AML enforcement actions can also be triggered at the state level. For example, in August 2022, New York’s Department of Financial Services imposed a $30 million penalty on the crypto-trading divisions of Robinhood for certifying compliance with the state’s AML requirements despite failing to meet its basic requirements.
4.2 Sale or trading of crypto-tokens
In the United States, it is unlawful for any person to directly or indirectly offer to sell or purchase securities without registration with the SEC and a recent spate of enforcement action is analyzing cryptocurrency decisions against pre-existing financial regulation.
Recently, the SEC has been active, focusing largely on unregistered sales of securities and more and more, the SEC appears to be policing the ‘crypto’ industry to bring the regulation of cryptocurrency within its regulatory remit.
For example, a February 2022 settlement against BlockFi Lending LLC (BlockFi) required the company to pay $100 million. This included a sanction for failing to register the offers and sales of its retail crypto-lending product which involved investors lending crypto assets to BlockFi in exchange for the company’s promise to provide a variable monthly interest payment. BlockFi also agreed to cease its unregistered offers and sales of the lending product and said it would attempt to bring its business within the provisions of the Investment Company Act of 1940. BlockFi’s parent company also announced that it intends to register under the Securities Act the offer and sale of a new lending product. In parallel actions, BlockFi agreed to pay an additional $50 million in fines to 32 states to settle similar charges brought under state securities laws.
In June 2023, the SEC charged Coinbase, Inc and Binance for the unregistered offer and sale of securities (as required under section 5 of the Securities Act), including operating their crypto-asset trading platform as an unregistered exchange and unlawfully buying and selling crypto-asset securities without the required registration. See Securities and Exchange Commission v Coinbase, Inc and Coinbase Global, Inc, No 1:23-cv-04738 (SDNY filed June 6, 2023), SEC Litigation Release No 25751, June 21, 2023. On February 27, 2025, the SEC dismissed this action, based on its stated judgment that the dismissal will facilitate the SEC’s ‘ongoing efforts to reform and renew its regulatory approach to the crypto industry, not on any assessment of the merits of the claims alleged in the action.’ See SEC Press Release 2025-47, February 27, 2025.
In July 2023, however, the US District Court for the Southern District of New York granted summary judgment for Ripple Labs, Inc, and held that sales of crypto tokens by Ripple did not classify as securities for secondary offerings.
The court made a distinction between direct ‘primary sales’ of crypto tokens from an issuer to institutional or sophisticated investors which were held to be the offer and sale of investment contracts and therefore securities. In contrast, secondary sales to the general public via digital exchange or trading algorithm may not be. See SEC v Ripple Labs, Inc, No 1:20-cv-10832-AT-SN (SDNY July 13, 2023).
This ruling is based on a specific set of unique circumstances and is not binding on any court. It is likely the SEC will appeal, and the decision is faced with greater uncertainty given that only two weeks later in the case of Terraform, one of the judges noted that it is insignificant whether securities are sold directly to institutional investors or on the secondary market. See Securities and Exchange Commission v Terraform Labs Pte Ltd, No. 23-cv-1346 (SDNY July 31, 2023). There is a continued lack of clarity and the debate regarding the regulation and categorization of cryptocurrency in the United States continues apace.
4.3 Criminal sanctions
The Justice Department has also stepped up criminal enforcement actions around cryptocurrency. Its prosecution of Samuel Bankman-Fried, the founder of collapsed crypto exchange FTX, focused on various charges of fraud, conspiracy, and money laundering. The prosecution of Bankman-Fried resulted in him being convicted on seven counts of fraud and conspiracy. He was sentenced to 25 years in prison and three years of supervised release, and he was ordered to pay $11 billion in forfeiture. Organizational efforts to strengthen the prosecution of crypto-related crime include establishing the National Cryptocurrency Enforcement Team which focuses on complex prosecutions, and the Digital Asset Coordinator (DAC) Network – a national network of over 150 federal prosecutors focused on crypto-related crime.
4.4 Civil litigation
The proliferation of cryptocurrencies and the number of people investing in them has also sparked considerable civil litigation. Such litigation involves a wide group of defendants including cryptocurrency exchanges, coin issuers, crypto miners and securitizers of cryptocurrencies. Many of these actions have been class actions. Violations of securities regulations have been the dominant legal issue in these actions, along with tort actions alleging negligent misrepresentation and fraud. Consumer protection laws are also increasingly implicated and analysts expect contract law to feature more prominently in crypto-related civil litigation in coming years.
On November 26, 2024, the United States Court of Appeals for the Fifth Circuit issued a significant decision that stated that the Treasury Department’s Office of Foreign Assets Control (OFAC) exceeded its statutory authority by sanctioning immutable smart contracts created by Tornado Cash. The case, Van Loon et al. v. Department of the Treasury, centered on whether Tornado Cash’s immutable smart contracts could be considered 'property' under the International Emergency Economic Powers Act (IEEPA). The court determined that these contracts could not be considered ‘property’ under IEEPA because they lack the characteristic of being owned, controlled, or altered by any individual or entity. This ruling limits the government's ability to regulate certain decentralized finance (DeFi) technologies through existing sanctions laws.
However, this decision has important limitations. It does not extend to mutable smart contracts, which are still under the control of humans or organizations. Furthermore, it does not eliminate the potential for sanctions or criminal liability for individuals who use cryptocurrency, mixers, or other innovations to evade sanctions or launder money, as evidenced by the existing sanctions against the founders of Tornado Cash. The broader sanctions framework prohibiting transactions and dealings involving sanctioned targets remains in place. The Treasury Department may appeal this decision, and a parallel challenge in the Eleventh Circuit with a different outcome suggests the possibility of Supreme Court review.
For companies operating in the cryptocurrency and DeFi sectors, this ruling offers a degree of legal clarity and protection against the broad application of sanctions laws to autonomous, immutable, and decentralized protocols. Nevertheless, it is crucial for market participants to remain vigilant and monitor developments in both the regulatory and legislative arenas. The decision may prompt OFAC to seek legislative action to explicitly address its authority in this space and consider updates to IEEPA or other relevant laws. Overall, the Fifth Circuit’s ruling underscores the ongoing need to balance enforcement interests with the legitimate interests in privacy and innovation within the rapidly evolving landscape of decentralized technologies.
Additional resources
Related Lexology Pro content
How-to Guides:
How to identify suspicious activity and make a Suspicious Activity Report (SAR)
Checklists:
Currency transaction reporting requirements
Key steps to mitigate risks associated with using cryptocurrency
Quick Views:
Introduction to cryptocurrency and how it works
Cryptocurrency and US tax laws
Understanding data privacy compliance challenges in blockchain and cryptocurrency
Q&A:
Cryptoassets & Blockchain
Fintech
Reliance on information posted:
While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments, but you should not use them for transactions or legal advice, and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.