Crypto Asset Industry: The Mapping and Overlapping of Government Regulators

By Anthony Sebastiani, CPA, CFE; Kevin Keane Jr., CPA; Rachel DiDio, CPA and Marc Rinaldi, CPA

Businesses engaging in activities involving crypto assets may be subject to rules and regulations by the relevant U.S. federal authorities, including the U.S. Department of the Treasury (DOT), the U.S. Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). These rules and regulations include registration with the relevant U.S. federal authorities as a regulated entity, recordkeeping, reporting and anti-money laundering (AML) regulations set out by the Bank Secrecy Act (BSA).

Who Regulates Crypto in the United States?

When approaching any regulatory landscape, it is important to know which regulatory bodies make the rules. The regulatory bodies include:

  • Department of Treasury:

    • Financial Crimes Enforcement Network (FinCEN) – FinCEN regulates all crypto assets for purposes of AML and combating the financing of terrorism.

    • Office of the Comptroller of the Currency (OCC) – Banks and other federal savings associations are regulated by the OCC; this would include banks that engage in cryptocurrency activities.

  • U.S. Securities and Exchange Commission – The SEC regulates those crypto assets that may be deemed securities pursuant to the Howey Test.

  • Commodity Futures Trading Commission – The CFTC regulates those virtual currencies that may be deemed commodities pursuant to the Commodity Exchange Act.


FinCEN defines “virtual currency” as a “Medium of exchange that can operate like currency but does not have all the attributes of ‘real currency’… including legal tender status.” Furthermore, FinCEN uses the term “convertible virtual currency” (CVC) to describe a kind of virtual currency that either: (a) has an equivalent value as fiat currency; or, (b) acts as a substitute for fiat currency.

Based on the above description, CVCs include the majority of cryptocurrencies, like Ethereum and Bitcoin, as these virtual currencies can be exchanged for fiat currency, such as the U.S. dollar. This would also include stablecoins, such as Tether or Dai, which is a type of cryptocurrency designed to have a relatively stable price typically through being pegged to an external reference, such as fiat currency. This definition would not include central bank digital currency or digital assets with legal tender status, such as China’s digital yuan.

FinCEN has issued guidance, including advisory publications, to clarify the application of the BSA to virtual and convertible virtual currencies which are becoming more prominent. FinCEN declared in 2013 that “administrators or exchangers” of virtual currency qualify as money services businesses under the BSA and FinCEN regulations. FinCEN has also made clear that AML obligations extend to decentralized finance, commonly referred to as DeFi, a blockchain-based form of finance that does not rely on central financial intermediaries such as brokerages, exchanges, or banks. According to FinCEN, DeFi exchanges that use peer-to-peer technology are required to comply with the BSA obligations that apply to money transmitters, including registering with FinCEN as a money service business and complying with AML requirements, including filing suspicious activity reports (SARs). In the Anti-Money Laundering Act of 2020, Congress explicitly stated that businesses that exchange or transmit virtual currencies qualify as regulated entities.


To date, the SEC has focused primarily on whether crypto assets are a security and, therefore, companies engaged in activities involving crypto assets should be registered with the SEC and subject to compliance with the U.S. Securities Exchange Act and related laws.

To determine whether crypto assets are a security, the SEC applies the Howey Test, which refers to the U.S. Supreme Court case for determining whether a transaction qualifies as an “investment contract.” If a transaction is found to be an investment contract, it’s considered a security. Under the Howey Test, a transaction qualifies as a security if it involves the following four elements:

  • An investment of money
  • In a common enterprise
  • A reasonable expectation of profit
  • Derived from the efforts of others

To be considered a security, a transaction must meet all four prongs of the Howey Test.

The SEC’s focus toward the crypto industry has increased dramatically during the past year and more recently given the collapse of FTX. Among the many statements made by the regulators concerning the crypto industry, SEC Chairman Gary Gensler warned in April 2022 that regulatory loopholes in the crypto markets could undermine 90 years of securities law. He has also likened the crypto industry to the “Wild West” and cautioned that stablecoins may facilitate those seeking to evade AML policy. Similarly, the SEC’s Division of Examinations recently made clear that upcoming reviews of companies engaging in cryptocurrency sales will include a focus on AML compliance.


The CFTC has adopted the view that cryptocurrency represents a commodity and, therefore, companies that trade cryptocurrency-related swaps fall within its jurisdiction.

The CFTC has also pursued significant enforcement actions against the cryptocurrency industry, including the August 2021 consent order requiring BitMEX entities to pay $100 million. The order found that BitMEX, the cryptocurrency derivatives trading platform, violated the Commodities Exchange Act by operating a facility to trade or process swaps without approval and that the platform had failed to implement AML procedures.


As businesses are expanding operations into the digital asset industry, it is important to understand the current regulatory framework and how different agencies view your operations with digital assets. Given the complexity and rapid innovation taking place in the digital asset industry, the regulatory framework is subject to change, thus proper due diligence is imperative to ensure your business maintains compliance with the relevant rules and regulation.

Contact Us

If you would like to discuss how PKF O’Connor Davies can assist you with regulatory compliance, contact a member of your client service team or any of the following:

Anthony Sebastiani, CPA, CFE
646.449.6354 | [email protected]

Marc Rinaldi, CPA
646.449.6309 | [email protected]

Rachel DiDio, CPA
646.965.7780 | [email protected]

Kevin Keane Jr., CPA
646.699.2881 | [email protected]