Digital Asset Regulation
How U.S. law divides authority over digital assets among the securities, commodities, tax, banking, and anti-money-laundering regulators and the states, and why a digital asset’s classification determines which regime applies.
Overview
The United States has no single regulator for digital assets. Authority is divided among several federal agencies and the fifty states, and the regime that governs a particular token, transaction, or business depends primarily on how the asset and the activity are characterized. The Securities and Exchange Commission regulates digital assets offered or sold as securities. The Commodity Futures Trading Commission regulates digital asset commodities and the derivatives written on them. The Internal Revenue Service treats digital assets as property for tax purposes. The Financial Crimes Enforcement Network applies anti-money-laundering rules to digital asset businesses. The federal banking regulators govern the digital asset activities of banks. And state regulators license digital asset money transmission and apply state securities law.
This structure was not designed for digital assets. It is the product of statutes written decades before blockchain networks existed, applied to a new asset class by analogy. The central consequence is that a single digital asset business commonly answers to several regulators at once, and that the boundary between the two principal federal agencies — the SEC and the CFTC — is, for many assets, genuinely unsettled.
Since 2025 the framework has changed considerably. Congress enacted the first federal statute governing a category of digital asset; the securities and commodities regulators shifted markedly in posture, moving away from case-by-case enforcement toward published rules and guidance; and a broader market-structure bill that would redraw the SEC–CFTC line advanced through Congress. This page describes the regulatory architecture as it stands as of May 2026 and identifies where it remains in flux.
The Classification Question
The first question in any digital asset matter is classification: whether the asset is a security, a commodity, or something else. The answer determines which agency has authority, which registration and disclosure requirements apply, and what remedies — public and private — are available.
The securities side of the question turns on the definition of “security” in Section 2(a)(1) of the Securities Act of 1933 (15 U.S.C. § 77b(a)(1)), which includes the term “investment contract.” The Supreme Court supplied the test for an investment contract in SEC v. W.J. Howey Co., 328 U.S. 293 (1946): an investment contract exists where there is an investment of money, in a common enterprise, with a reasonable expectation of profits to be derived from the efforts of others. A digital asset is not a security merely because it is a digital asset. What Howey asks is whether the asset is offered and sold in a transaction or scheme that satisfies those elements.
The distinction between the asset and the transaction was central to SEC v. Ripple Labs, Inc., 682 F. Supp. 3d 308 (S.D.N.Y. 2023). The court held that the XRP token was not, in and of itself, a security, and analyzed Ripple’s sales of the token separately by category: institutional sales made under written contracts to sophisticated buyers were unregistered offers and sales of investment contracts, while “programmatic” sales of the same token to anonymous buyers on public exchanges were not. The Ripple decision is a federal district court ruling rather than binding appellate precedent, the SEC disagreed with parts of it, and the litigation was ultimately resolved by settlement in 2025 without an appellate decision. It nonetheless illustrates the prevailing approach: classification is judged by the economic reality of the transaction.
A digital asset that is not a security is generally treated as a commodity. The Commodity Exchange Act defines “commodity” expansively (7 U.S.C. § 1a(9)), and federal courts have confirmed that virtual currencies fall within that definition — see CFTC v. McDonnell, 287 F. Supp. 3d 213 (E.D.N.Y. 2018), and CFTC v. My Big Coin Pay, Inc., 334 F. Supp. 3d 492 (D. Mass. 2018). Bitcoin and Ether are widely treated as commodities by regulators and market participants. Many other tokens do not resolve cleanly into one category, and a single asset may be treated differently depending on how it is sold. This is the source of much of the litigation and policy debate in this field.
Federal Regulators
Securities and Exchange Commission
The Securities and Exchange Commission administers the federal securities laws, principally the Securities Act of 1933 (15 U.S.C. §§ 77a–77aa), which governs the offer and sale of securities, and the Securities Exchange Act of 1934 (15 U.S.C. §§ 78a–78qq), which governs secondary trading, exchanges, and intermediaries. Where a digital asset is offered or sold as a security, the SEC’s registration, disclosure, and anti-fraud provisions apply, and the firms that trade or intermediate it may be required to register as broker-dealers, exchanges, or clearing agencies.
The SEC’s approach to digital assets changed substantially beginning in 2025. In January 2025 the Commission established a Crypto Task Force, led by Commissioner Hester Peirce, to develop a published regulatory framework for crypto assets. Chairman Paul Atkins, who took office in April 2025, announced an initiative, referred to as “Project Crypto“, to move the agency from case-by-case enforcement toward rules and guidance. Over 2025 and into 2026, the SEC’s staff issued statements addressing the status of particular categories of crypto asset, the Commission dismissed or settled a number of pending enforcement actions against crypto firms, and it indicated that it would propose rules — including a “token taxonomy” — to clarify when a crypto asset is, or has ceased to be, a security. As of May 2026 that rulemaking is in progress. The governing law remains the Securities Act and the Exchange Act as interpreted under Howey; what has changed is the agency’s enforcement and rulemaking posture, not the underlying statutes.
Commodity Futures Trading Commission
The Commodity Futures Trading Commission administers the Commodity Exchange Act (7 U.S.C. § 1 et seq.). Its authority over digital assets has two components. First, the CFTC comprehensively regulates derivatives, such as futures, options, and swaps, on digital asset commodities; regulated Bitcoin and Ether futures trade on CFTC-registered exchanges. Second, although the CFTC does not comprehensively regulate the spot market in which digital assets are bought and sold for immediate delivery, it holds anti-fraud and anti-manipulation enforcement authority over that market, because digital asset commodities are commodities traded in interstate commerce. The CFTC has used that authority extensively against fraudulent virtual currency schemes and against platforms that offer derivatives to U.S. customers without registration.
Internal Revenue Service
For federal tax purposes, the Internal Revenue Service treats digital assets as property, not as currency — a position first stated in Notice 2014-21 and applied consistently since. The consequences follow from ordinary property-tax principles. A disposition of a digital asset — selling it, exchanging one token for another, or using it to pay for goods or services — is a taxable event on which gain or loss is recognized. Digital assets received as compensation, or as mining or staking rewards, are income when received; the IRS addressed the treatment of staking rewards in Revenue Ruling 2023-14. Since the Infrastructure Investment and Jobs Act of 2021 amended Section 6045 of the Internal Revenue Code, custodial digital asset brokers — including centralized exchanges — are required to report customer dispositions to the IRS. Treasury and the IRS finalized the implementing regulations in 2024, and reporting on Form 1099-DA is being phased in beginning with 2025 transactions.
Financial Crimes Enforcement Network
The Financial Crimes Enforcement Network, a bureau of the Treasury Department, administers the Bank Secrecy Act (31 U.S.C. § 5311 et seq.), the principal federal anti-money-laundering regime. Guidance issued by FinCEN in 2013 (FIN-2013-G001), and consolidated and expanded in 2019 (FIN-2019-G001), established that a business that accepts and transmits “convertible virtual currency” — a category that includes most cryptocurrencies — is a money transmitter, a type of money services business. A money transmitter is subject to the Bank Secrecy Act: it must register with FinCEN, maintain a written anti-money-laundering program, keep records, and file currency-transaction and suspicious-activity reports. A person who merely uses virtual currency to buy goods or services, or who acquires it as an investment for their own account, is not a money transmitter.
Federal Banking Regulators
The Office of the Comptroller of the Currency, the Federal Reserve, and the FDIC supervise the digital asset activities of the banks within their respective jurisdictions. The OCC has confirmed, in a series of interpretive letters, that national banks may provide digital asset custody services, hold deposits that back stablecoins, and engage in related activities, provided they do so in a safe and sound manner. The banking agencies’ posture toward bank participation in digital asset activity moved toward accommodation over the course of 2025. As described below, the GENIUS Act also gives the OCC a central supervisory role over a new category of federally qualified stablecoin issuer.
Federal Legislation
The GENIUS Act: a federal framework for stablecoins
The first comprehensive federal statute addressing a category of digital asset is the GENIUS Act, formally the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025, signed into law on July 18, 2025. The Act creates a federal regulatory framework for “payment stablecoins”: digital assets designed to be used as a means of payment and redeemable by the issuer at a fixed monetary value.
Under the Act, a payment stablecoin may be issued in the United States only by a “permitted payment stablecoin issuer”, such as a subsidiary of an insured depository institution, a nonbank issuer federally qualified and supervised by the OCC, or an issuer qualified under a state regime that federal regulators have determined to be substantially similar to the federal one. A permitted issuer must hold reserves backing the stablecoin on a one-to-one basis in high-quality liquid assets, disclose the composition of those reserves monthly, and comply with the Bank Secrecy Act. The Act provides that a payment stablecoin issued in compliance with it is not a security, and it grants stablecoin holders priority over other creditors in the issuer’s insolvency. The Act’s substantive requirements phase in over an implementation period set by the statute, during which the federal and state regulators are to issue implementing rules. See George T. Dowd III, The GENIUS Act: Key Highlights and Anticipated Impacts, Nat’l L. Rev. (July 22, 2025).
Market-structure legislation
A second, broader measure, the Digital Asset Market Clarity Act, generally called the CLARITY Act (H.R. 3633), would establish a market-structure framework for the digital assets the GENIUS Act does not cover. The bill passed the House of Representatives in July 2025; as of May 2026 it is under consideration in the Senate and has not been enacted. As passed by the House, the bill would draw a clearer statutory line between the SEC and the CFTC — generally assigning spot markets in “digital commodities” to the CFTC while the SEC retains authority over digital assets sold as investment contracts — and would create registration, disclosure, custody, and consumer-protection requirements for digital asset exchanges, brokers, and dealers. Because the bill is not law, the division of authority described in this page continues to govern; the legislation is noted here because it is the most consequential change to that division currently under consideration.
State Regulation
Digital asset regulation in the United States is not exclusively federal. Most states require a business that transmits digital assets on behalf of others, an exchange for example, to obtain a state money transmitter license, generally applied for through the Nationwide Multistate Licensing System, in addition to the business’s federal registration with FinCEN. Two states operate dedicated digital-asset regimes rather than regulating the activity under a general money-transmission statute: New York, whose “BitLicense” (codified at 23 NYCRR Part 200) has governed virtual currency business activity since 2015, and California, whose Digital Financial Assets Law establishes a licensing regime administered by the Department of Financial Protection and Innovation. State securities regulators independently apply state securities, or “blue sky”, laws to digital assets offered as securities, and retain anti-fraud authority over transactions in or from their states. The GENIUS Act partially preempts state money-transmitter licensing for federally qualified stablecoin issuers, but for digital asset businesses generally, state licensing remains a substantial part of the compliance picture.
How the Framework Fits Together
Because these regimes are defined by activity and by asset characterization rather than by a single statutory scheme, a digital asset business of any size commonly falls under several of them at once. A cryptocurrency exchange may be a money transmitter subject to the Bank Secrecy Act and to licensing in every state where it has customers; it may list some tokens treated as commodities and others that could be treated as securities; its customers have reporting obligations to the IRS, and the exchange itself may have broker-reporting obligations; and if it offers margined products or derivatives, it answers to the CFTC. The same conduct can draw concurrent attention from more than one regulator, and an act permissible under one regime can violate another.
The unresolved question at the center of the framework is the boundary between the SEC and the CFTC, including which digital assets, and which trading activity, belong to each. That question is the subject both of the agencies’ own coordinated rulemaking and of the pending market-structure legislation. Until it is settled by statute, the organizing principle remains the one described here: classification under the existing securities and commodities laws, applied to each asset and each transaction on its own facts. The practical consequence is that regulatory analysis in this area begins not with a single rulebook but with two prior questions (1) what the asset is, and (2) what the business does with it.
Frequently Asked Questions
Is cryptocurrency legal in the United States?
Yes. Buying, selling, holding, and transacting in digital assets is lawful in the United States. Digital assets are not, however, unregulated: depending on the asset and the activity, they fall within the federal securities, commodities, tax, and anti-money-laundering regimes and within state licensing and securities law. Legality and regulation are separate questions — a digital asset business operates lawfully by identifying and complying with the regimes that apply to it.
Who regulates cryptocurrency in the United States?
No single agency does. At the federal level, the SEC regulates digital assets offered or sold as securities; the CFTC regulates digital asset commodities and the derivatives written on them; the IRS administers their tax treatment; FinCEN applies anti-money-laundering rules; and the OCC, Federal Reserve, and FDIC supervise the digital asset activities of banks. The states add money-transmitter licensing and their own securities laws. Which regulators apply to a given business depends on what it does and what assets it handles.
Is a cryptocurrency a security or a commodity?
It depends on the asset and on how it is offered and sold. A digital asset is a security if it is sold in a transaction that meets the investment-contract test of SEC v. W.J. Howey Co. — an investment of money in a common enterprise with a reasonable expectation of profit from the efforts of others. Assets that are not securities are generally treated as commodities under the broad definition in the Commodity Exchange Act; Bitcoin and Ether are widely treated as commodities. The same token can be treated differently depending on the manner of its sale, which is why classification is decided asset by asset and transaction by transaction.
Are stablecoins regulated in the United States?
Yes. The GENIUS Act, signed into law in July 2025, created the first federal framework for payment stablecoins. It permits payment stablecoins to be issued only by qualified issuers, such as bank subsidiaries, federally qualified nonbank issuers supervised by the OCC, or issuers qualified under an approved state regime. It requires one-to-one reserve backing, monthly reserve disclosures, and Bank Secrecy Act compliance. The Act’s requirements phase in over an implementation period set by the statute.
How are digital assets taxed?
The IRS treats digital assets as property, not currency, a position stated in Notice 2014-21. Selling a digital asset, exchanging one token for another, or spending it is a taxable disposition on which gain or loss is recognized; digital assets received as compensation or as mining or staking rewards are income when received. Since 2025, custodial digital asset brokers report customer dispositions to the IRS on Form 1099-DA. This is general information, not tax advice; tax treatment depends on individual circumstances.
Do cryptocurrency exchanges need a license?
Generally yes. A business that exchanges or transmits digital assets for customers is typically a money transmitter, which must register with FinCEN as a money services business and, in most states, obtain a state money transmitter license. New York requires a “BitLicense,” and California licenses digital asset businesses under its Digital Financial Assets Law. An exchange may also have obligations to the SEC or the CFTC depending on the assets and products it offers.
Related Resources
- Crypto Fraud & Asset Recovery — the fraud typologies seen in digital asset markets and the avenues for recovering losses, including forfeiture, asset tracing, and civil litigation.
- Whistleblower Programs — the federal whistleblower programs through which digital asset misconduct is reported to the SEC and the CFTC.
- Crypto Pump-and-Dump Schemes — how market-manipulation law applies to coordinated price manipulation in digital asset markets.