There is no single definition of “cryptoasset” in the United States. Instead, how a digital asset is defined and regulated will depend on its use. Thus, an asset can be (without limitation) a security, a commodity, a derivative, money, property, or something else, and can in some cases fit within multiple categories under both federal and state law. One of the greatest challenges in the United States is fitting the cryptoasset into the right legal bucket in order to determine how it will be treated from a regulatory standpoint.

The relevant laws and regulatory bodies include: 

• Federal securities laws: the Securities Act of 1933, the Securities Exchange Act of 1934, the Investment Companies Act of 1940, and the Investment Advisors Act of 1940. Securities laws on the federal level are generally enforced by the U.S. Securities and Exchange Commission (SEC) and self-regulatory organizations such as the Financial Industry Regulatory Authority (FINRA) and securities exchanges themselves.
• Federal derivatives laws: the Commodities Exchange Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”). These laws are enforced by the Commodity Futures Trading Commission (CFTC) and the National Futures Association (NFA), a self-regulatory organization with authority delegated by the CFTC.
• Federal money transmitter laws: the Bank Secrecy Act, which is enforced by the Financial Crimes Enforcement Network (FinCEN), a federal bureau.
• Sanctions: federal sanctions are typically issued by the President of the United States acting through executive orders or legislation passed by the U.S. Congress in accordance with U.S. foreign policy. Federal sanctions are primarily enforced by the Office of Foreign Assets Control (OFAC) within the U.S. Department of the Treasury. Other agencies, such as the Department of Commerce and the Department of State, may also get involved in enforcing specific sanctions depending on the nature of the relevant restrictions.
• Tax: the U.S. tax code, which is enforced by the Internal Revenue Service, a government agency under the Department of the Treasury.
• Consumer protection: the law in this area is enforced by the Federal Trade Commission (the FTC) and the Consumer Financial Protection Bureau (CFPB) (see Federal Trade Commission Act, 15 U.S.C. §§ 45, et seq.; Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6821 et seq.; Commodity Exchange Act, 17 C.F.R. Part 32.2. et seq.; Fed. Trade Comm’n v. Celsius Network Inc. et. al., No. 23CV6009 (DLC), 2023 WL 8603064 (S.D.N.Y. Dec. 12, 2023); Fed. Trade Comm’n v. Voyager Digital LLC, et al., No. 23CV08960 (S.D.N.Y. Oct. 12, 2023)). 
• Banking: the National Bank Act, which is enforced by the Federal Reserve Board and the Federal Deposit Insurance Corporation (FDIC). There are also state level banking laws.

Note that all the federal laws and regulations above have overlapping state law equivalents.

The United States, as a general rule, does not distinguish or recognize differences between so called utility tokens or exchange tokens. No particular type of token is outlawed. The laws that apply to an asset depend on its use. 

For example, if a company is offering, selling, or distributing a digital asset to be used as a means of raising capital, the company should consider whether federal securities laws apply. The term “security” includes, among other things, “investment contracts” (see Securities Act of 1933, 15 U.S.C. § 77b(a)(1)). Under the so-called Howey test, an investment contract exists when there is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others (see S.E.C. v. W.J. Howey Co., 328 U.S. 293, 298 (U.S. 1946) and “Framework for an ‘Investment Contract’ Analysis of Digital Assets” (representing the views of Strategic Hub of Innovation and Financial Technology (FinHub) of the Securities and Exchange Commission, but not any official rule, regulation, or statement of the Securities and Exchange Commission), www.sec.gov/corpfin/framework-investment-contract-analysis-digital-assets (last visited as of Feb. 26, 2024)). If a cryptoasset qualifies as a security, then said offering must be registered with the SEC unless an exemption applies.

Registering securities with the SEC involves submitting a registration statement, which consists of two parts: the prospectus and additional information. The prospectus contains a description of the security to be issued, the issuer’s business, financial information, management, material risks associated with the investment, and intended use of the proceeds. As additional information, the issuer may file what it deems necessary for a complete and accurate description of the offering such as legal opinions, material contracts, and consents from experts like its auditors. Once the issuer submits the registration statement electronically to the SEC through its EDGAR (Electronic Data Gathering, Analysis, and Retrieval) system, it is reviewed by SEC staff to ensure compliance with disclosure requirements and accuracy and completeness of the information provided. As part of the review process the SEC may request additional information from the issuer. Once the SEC resolves any outstanding issues, it declares the registration statement effective, and the issuer can proceed with the public offering. Issuers are subject to post-registration compliance, which includes filing annual reports, quarterly filings, and other disclosures required to maintain transparency for investors so they can make informed decisions. The duration of the SEC registration process may take a few months to over a year as it depends on the complexity of the securities being registered, the issuer’s business, the time it takes the issuer to prepare the registration statement, market conditions, the SEC’s workload, how long the issuer takes to respond to the SEC’s comments, and the type of filing (whether it’s an initial public offering (IPO) or another type of offering, such as a follow-on offering, or Regulation A offering). 

Relatedly, it is also important to consider whether a cryptoasset qualifies as a “commodity” under the Commodity Exchange Act, for example In the Matter of Coinflip, Inc., d/b/a Derivabit, and Francisco Riordan determined, in relevant part, that bitcoin is a “commodity” subject to Dodd Frank swap rules (CFTC Docket No. 15-29 (Sept. 17, 2019), www.cftc.gov/sites/default/files/idc/groups/public/@lrenforcementactions/documents/legalpleading/enfcoinfliprorder09172015.pdf).

A “commodity” includes all services, rights, and interests in which contracts "for future delivery are presently or in the future dealt in” (see 7 USC §1a(9)). The CFTC generally, has jurisdiction over derivative instruments that are based on underlying commodities defined by and within the Commodities Exchange Act (CEA), where actual delivery of the instrument would not take place within 28 days from the date of the transaction. In other words, spot transactions are generally not covered; although the CFTC has taken the position that it does have jurisdiction over spot market fraud and market manipulation of commodities within the scope of the CEA. This is not statutory, but some courts have agreed that CFTC has this authority (for example, U.S. Commodity Futures Trading Comm’n v. Monex Credit Co., 931 F.3d 966, 976 (9th Cir. 2019)).

It depends on the nature of the asset. For example, if the asset is a security the issuer must either register with the SEC or fall within one or more applicable exemptions. There is substantial dispute amongst industry participants and the SEC as to which assets are or are not securities. Most crypto securities issued in a compliant fashion have been issued subject to exemptions for accredited investors (i.e., Reg D) or non-US investors (i.e., Reg S). Both Reg D and Reg S allow the offer and sale of securities without registering with the SEC under the Securities Act. 

Purely intra-state issuances can be registered with state securities regulators under state blue sky laws, which also govern the offer and sale of securities and are designed to protect investors against fraudulent sales practices and activities. Blue sky laws vary from state to state and typically contemplate registration requirements, disclosure requirements, anti-fraud provisions and licensing requirements for broker-dealers and agents.

Securities exchanges must register as such with the SEC or FINRA, which primarily oversee brokerage firms and their registered representatives. The registration process for securities exchanges with the SEC involves:

1. the submission of Form 1 (which covers various aspects of the exchange’s structure, operations, and compliance with SEC regulations);
2. SEC review and request additional information, as needed;
3. amending Form 1 to address any concerns raised by the SEC;
4. a public comment period, which allows stakeholders, market participants, and the public to provide input on the exchange’s application;
5. the SEC then determines whether to approve the application, and if approved, the exchange receives formal registration.

Once registered, the exchange must comply with ongoing reporting requirements (by, for example, submitting material updates and financial statements). The registration process may take several months to over a year, depending on the complexity of the application, completeness of the documentation submitted to the SEC, any necessary amendments, and the SEC’s workload.

Very few issuers and exchanges have successfully gone through the full registration process with the SEC or the NFA, a self-regulatory organization that oversees the derivatives industry, particularly futures and foreign exchange markets, and works in conjunction with the CFTC. Generally, commodity pool operators (CPOs), commodity trading advisors (CTAs), futures commission merchants (FCMs), introducing brokers (IBs), and other entities involved in commodity futures and options activities are required to register with the NFA. The registration process consists of:

1. creating an online account with the NFA through their Online Registration System (ORS);
2. completing and submitting the required registration forms based on the relevant category (CPO, CTA, FCM, IB, etc.) which cover the applicant’s business structure, principals, financial condition, and compliance procedures;
3. paying application fees, which vary depending on the type of registration and proposed level of activity; and
4. conducting background checks on principals and associated persons.

The NFA’s Membership Committee reviews the completed application and may at that point grant approval. Once registered, firms and individuals must adhere to ongoing compliance requirements, which include submitting annual reports, financial statements, and other material information.

Generally, the registration process can take between 18 and 24 months, although the exact time frame may vary. Derivatives exchanges must comply with CFTC registration requirements and register with/via the NFA. As an example, the CFTC allows Designated contract markets (DCMs) or exchanges to list products for trading without prior CFTC approval by filing a written self-certification with the CFTC (see “Listing Products for Trading by Certification”, 17 CFR Part 40.2). To the extent that DCMs self-certify, the CFTC has engaged in a “heightened review” and worked collaboratively with DCMs to address any open issues (see “CFTC Backgrounder on Oversight of and Approach to Virtual Currency Futures Markets” (Jan. 4, 2018) at www.cftc.gov/sites/default/files/idc/groups/public/@newsroom/documents/file/backgrounder_virtualcurrency01.pdf).

Yes. Tokens that are securities are subject to SEC regulation (and state level equivalents) regarding disclosure of information. For example, the SEC has warned that any individual promoting a virtual token or coin that is a security “must disclose the nature, scope, and amount of compensation received in exchange for the promotion” (see “SEC Statement Urging Caution Around Celebrity backed ICOs” (Nov. 1, 2017), www.sec.gov/news/public-statement/statement-potentially-unlawful-promotion-icos). In addition, the FTC has issued guidance on influencer marketing, including, the FTC’s “Guides Concerning the Use of Endorsements and Testimonials in Advertising” (16 C.F.R. §§ 255.0 to 255.5). Promoters of cryptoassets are also subject to anti-fraud laws (which prohibit making false statements or engaging in deceptive practices), consumer protection regulations (which require clear and accurate disclosure of information regarding the assets, their features, and associated risks), anti-money laundering (AML) and Know Your Customer (KYC) regulations (to prevent illicit activities and ensure the legitimacy of participants), as well as general advertising standards (which seek to ensure that advertisements are not misleading or deceptive).

To illustrate this, in 2018, the SEC announced that it had settled charges against professional boxer Floyd Mayweather Jr. and music producer DJ Khaled, each for failing to disclose payments received for promoting investments in Initial Coin Offerings (ICO). Specifically, the SEC’s orders found that Mayweather and Khaled, among other things, failed to disclose promotional payments from Centra Tech, Inc., their respective promotions were as follows: 

• “Mayweather’s promotions included a message to his Twitter followers that Centra’s ICO ‘starts in a few hours. Get yours before they sell out, I got mine…’”; and 
• DJ Khaled “touted [Centra] on his social media accounts as a ‘Game changer.’” 

(See “Two Celebrities Charged with Unlawfully Touting Coin Offerings” (Nov. 29, 2018), www.sec.gov/news/press-release/2018-268).

Similarly, in 2020, the SEC announced that it settled charges against actor Steven Seagal for failing to disclose payments received for promoting an investment in an ICO conducted by Bitcoiin2Gen (B2G). Seagal’s promotions included “posts on his public social media accounts encouraging the public not to ‘miss out’ on [B2G’s] ICO and a press release titled ‘Zen Master Steven Seagal Has Become the Brand Ambassador of Bitcoiin2Gen.’ A Bitcoiin2Gen press release also included a quotation … stating that he endorsed the ICO ‘wholeheartedly.’” (See “Actor Steven Seagal Charged with Unlawfully Touting Digital Asset Offering” (Feb. 27, 2020), www.sec.gov/news/press-release/2020-42).

Administrators and issuers of cryptoassets are subject to registration and reporting requirements under federal and state money transmitter licensing laws. Specifically, the Bank Secrecy Act contains federal registration requirements that are enforced by FinCEN. In 2013, FinCen initially issued guidance establishing the applicability of the Bank Secrecy Act to persons creating, obtaining, distributing, exchanging, accepting, or transmitting virtual currencies (see “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or using Virtual Currencies” (March 18, 2013), www.fincen.gov/sites/default/files/shared/FIN-2013-G001.pdf (the “Guidance”)). It has since issued additional guidance (“Application of FinCen’s Regulations to Certain Business Models Involving Convertible Virtual Currencies” (May 9, 2019), www.fincen.gov/sites/default/files/2019-05/FinCEN%20Guidance%20CVC%20FINAL%20508.pdf). The Guidance specifies the regulatory treatment of administrators and exchangers under certain scenarios and differentiates each from users. For example, money transmitters must register with FinCEN as a money service business (or MSB) and comply with the Anti-Money Laundering Act of 2020, (see 31 U.S.C. § 5318, as well as recordkeeping, monitoring, and reporting requirements). In addition, many states have proposed or adopted money transmitted licensing laws, including a version of UCC Article 12, which is designed to allow the creation of security interests in “controllable electronic records” to provide for the creation of security interests in certain digital assets (see Alabama’s Monetary Transmission Act, Ala. Code §§ 8-7A-1 to 8-7A-27; Connecticut’s Money Transmission Act, Conn. Gen. Stat. Ann. §§ 36a-595 to 36a-612; Florida’s Money Laundering Act, Fla. Stat. Ann. § 896.101; and New York’s law regarding Virtual Currencies, N.Y. Comp. Codes R. & Regs. tit. 23, § 200.1). The U.S. is a member of the Financial Action Task Force (FATF), which mandates the sharing of customer information among cryptocurrency service providers in an effort to promote global standards for anti-money laundering and counter-terrorist financing.

Financial institutions, including crypto exchanges, are required to implement a Customer Identification Program to verify the identities of their customers. If a crypto business is involved in financial transactions and detects suspicious activities that may be related to money laundering or other illicit financial behavior, it is required to file a Suspicious Activity Report (SAR) with FinCEN. Also, crypto exchanges and wallet providers are required to comply with the “travel rule” which mandates that certain information involving the sender and receiver must be included in transfer instructions over certain minimum thresholds, which may vary depending on the jurisdictions involved, while maintaining the privacy and security of the parties. Compliance with OFAC regulations requires all financial institutions, including crypto exchanges, platforms and businesses, to refrain from doing business with sanctioned individuals and entities. Lastly, in addition to federal requirements, all issuers and entities dealing with cryptoassets must ensure compliance with state-specific regulations.

This is an emerging area of the law. As a general rule, cryptoassets are property in the United States and can be owned, transferred, and securitised. There is no unique distinction between the legal and beneficial ownership of a cryptoasset; this will depend on the structure of the asset and the relationship of the parties. For example, evidence that a person holds a private key, a wallet, blockchain records or cryptocurrencies on an exchange is illustrative (albeit not determinative) of ownership.

If a wallet key is jointly owned by two or more entities or individuals, the tax treatment will be dictated by the legal and financial arrangement implemented by the parties. Accordingly, any income or capital gains generated from assets within the wallet may need to be allocated and reported according to the relevant ownership structure (see, for example, 26 U.S.C. 7701(a)(2)). It is important to have clear documentation in place describing the agreed upon terms by the joint owners, including income distribution and the purpose of sharing the wallet key. Each owner is required to fulfill its own tax reporting obligations regardless of the ownership structure that defines the shared ownership arrangement.

See Question 4 above for licensing requirements and Question 8 below for determinations of ownership in, by, and through bankruptcy actions.

There is no specific registration regime for DAOs on the federal level. Certain states (Wyoming, for example) allow corporate entities to elect DAO status (see Wyo. Stat. Ann. § 17-31-104). As a general rule, members of unincorporated DAOs risk being treated as general partners of an unincorporated entity and face joint and several liability on a personal level for their association with a DAO. It is important to keep in mind that if the cryptoassets within a DAO are deemed securities, they will be subject to securities regulations. Similarly, tax regulations apply to the activities of DAOs and their participants. Depending on the nature of activities carried out by a DAO, consumer protection laws may come into play. They are also subject to general contract laws and intellectual property laws, depending on their activities. Lastly, DAOs and users of DAO protocols may be subject to a variety of federal laws and enforcement actions (see, for example, Commodity Futures Trading Comm’n v. Ooki DAO, 2023 WL 5321527 (N.D. Cal. June 8, 2023)). 

While there are state level insolvency rules for certain types of organizations (insurance companies and state regulated money transmitters) most bankruptcies in the United States (including major crypto bankruptcies such as FTX, Celsius, BlockFi, and PrimeTrust) have been in federal bankruptcy court. As a general rule, account holders are unsecured creditors, and their interests are typically represented by an unsecured creditors committee. There are no crypto-specific legal or regulatory regimes for cryptoassets, however. Ownership of customer funds for a consumer exchange can depend on how they are described or treated in terms of service. Relatedly, the Court in In re Celsius Network LLC, et al. , closely examined the language in the terms of use for the crypto platform to determine the rights of the parties, including any terms applying to ownership and ownership interests in the cryptoassets (Case No. 22-10964 (MG) (Bankr. S.D.N.Y.)). As a general rule, while cryptoassets present some novelty, the bankruptcy process applies the US Bankruptcy Code and applicable case law to their treatment and disposition in the bankruptcy process. Considerations specific to cryptoassets include the fact that courts may need to determine upfront whether the cryptoassets at stake are deemed to be commodities or securities, as their classification may impact how they are treated in a bankruptcy proceeding. Depending on the regulatory nature of the cryptoassets, government agencies such as the CFTC and SEC may need to get involved. Lastly, valuation methods for cryptocurrencies can be complex, and courts may face challenges as they try to assess market value.

“Smart contracts” are, as a general rule, neither smart nor contracts. The term is a misnomer. They are software scripts. That said, it is of course possible to include a contract within a so-called “smart contract”. For instance, a “token” is a technical software artifact that exists on a distributed database; to turn this code into a legally binding contract, the parties should sign a paper and ink contract outside of an offering on the blockchain. But it is important to note that, standing alone, a smart contract is not a contract and is therefore not enforceable under contract law. Therefore, legal treatment of “smart contracts” at the federal level falls under general contract law principles. Some states, including Tennessee, Wyoming, Nevada, have passed laws to make the treatment of smart contracts clearer (see, for examples, Ariz. Rev. Stat. Ann. § 44-7061; Ark. Code Ann. § 25-32-122; Idaho Code § 28-5303; 205 Ill. Comp. Stat. 730/5, 730/10; Iowa Code Ann. § 554E.3; N.D. Cent. Code § 9-16-19; Ky. Rev. Stat. Ann. § 42.747; Nev. Rev. Stat. §§ 719.045, 719.090, 719.145 (2021); Tenn. Code. Ann. § 47-10-201, 47-10-202; and Wyo. Stat. § 17-31-101, et seq). 

Victims of “crypto fraud” have all the legal and equitable remedies available to victims of any other type of fraud. Complaints may be filed with the relevant consumer protection agencies. It is possible to receive pre-judgment injunctive relief, freezing assets prior to a final judgment. Courts may require that a bond be posted and will, as a general rule, not agree to transfer funds before a final judgment has been entered. Subpoenas can be used to acquire information from third parties, including exchanges. Federal and state courts have overlapping rules for service of process; some of these rules have been loosened in the past decade, and service has been allowed by social media and to a blockchain address associated with, for example, a stolen NFT. In addition to available legal recourse, the victim of a crypto fraud can take practical steps such as reporting the incident to the security team of the exchange or platform where the fraud took place. Blockchain/DLT experts may be able to track and identify relevant transactions involved in the fraud. Also, changing passwords and enabling two-factor authentication may prevent further unauthorized access to the account at stake.

There are a variety of legislative proposals at the federal level, none of which seem likely to become law in the near future. For now, a combination of existing federal and state statutes apply to cryptocurrency/digital assets. On the regulatory front, a potentially significant change has been proposed by the Department of Treasury and the IRS, which would impose onerous reporting requirements on “digital asset brokers” with respect to the purchase and sale of digital assets. More information on this proposal can be found at www.irs.gov/pub/irs-drop/a-23-02.pdf.

In addition, on January 16, 2024, the IRS released Announcement 2024-2, where it provided that "digital assets are not required to be included in determining a taxpayer’s reporting obligations under Section 6050I of the Internal Revenue Code of 1986, as amended (the code) until the promulgation of implementing regulations.” It, in turn, confirmed that the Treasury Department and the IRS will issue public new rules, forms, and instructions for reporting digital assets under Code Section 6050I(a). (See Stephen Palley, et al., “Uncle Sam to Taxpayers: Show Me the Receipts (For Certain Digital Assets)” (Jan. 21, 2024) at www.briefings.brownrudnick.com/post/102ixbi/uncle-sam-to-taxpayers-show-me-the-receipts-for-certain-digital-assets; and Internal Revenue Service, “Transitional Guidance under Section 6050I with Respect to the Reporting of Information on the Receipt of Digital Assets” at www.irs.gov/pub/irs-drop/a-24-04.pdf.)