Crypto Compliance in Focus: Regulatory Views Across the US, UK, EU and APAC 18 min read Download By Carol Beaumier and Bernadine ReeseThe bases for the appeal of crypto assets vary across interested parties: potential for high returns, diversification, user control, anonymity, customer demand, low-cost global payment capability, and the oft-expressed FOMO (fear of missing out), among them. With a market cap as of mid-September 2025 of $4.22 trillion,[1] crypto assets have experienced explosive growth over the last five to 10 years, both in terms of market size and user adoption.[2]With the focus on crypto comes a frequently asked question: Will crypto replace fiat currency anytime soon? The current consensus is that it is unlikely given the dominance of fiat currency in global trade, finance and monetary policy. However, crypto is expected to have an impact on the financial system. And that means its evolution is important to the financial services industry, governments and regulators.During the last five-to-10-year period, national cryptocurrency frameworks also have continued to develop and evolve, with the U.S.—one of the latecomers—making noteworthy progress toward establishing a framework in recent months. International standard-setting bodies including the Financial Stability Board, the Basel Committee on Banking Supervision and the Financial Action Task Force also are actively reviewing, researching and developing guidance for global frameworks. Download Topics Risk Management and Regulatory Compliance Industries Banking and Capital Markets Payments Mortgage and Consumer Lending Asset and Wealth Management The changing landscape presents both new opportunities and complex operating challenges. Compliance and risk teams are facing a fluid landscape where market dynamics and regulatory expectations are rapidly changing, requiring them to have a deep understanding of crypto assets and how they work, the attendant risks, and the regulatory requirements.This article provides a primer on the current state of regulatory play for crypto assets across four major regions: the U.S., UK, EU and APAC.The U.S.: From chaos to cohesionRegulators in the U.S. traditionally have taken a measured approach toward innovation—opting to watch and understand the developments before stepping in to regulate. In the case of crypto, the initial lack of regulation significantly contributed to the early and rapid growth of the crypto industry. There is a strong consensus, however, that the U.S. waited too long to regulate cryptocurrency, and this delay, along with early attempts by competing regulators to shape the crypto landscape, had significant consequences, including exposing investors to fraud, market manipulation and systemic risk. These circumstances, which were marked by high-profile failures and enforcement actions, ultimately prompted bilateral calls for reform even before the last U.S. election.However, it wasn’t until July 2025 that Congress, with the support of the pro-crypto Trump administration, passed the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act and Digital Asset Market Clarity Act of 2025 (CLARITY), establishing the first cohesive federal framework for digital assets. The GENIUS Act establishes a federal regulatory framework for payment stablecoins—digital assets pegged to a fixed monetary value and intended for use in payments—which may only be issued by permitted payment stablecoin issuers (PPSIs), i.e., subsidiaries of insured depository institutions, federally chartered nonbank entities approved by the Office of the Comptroller of the Currency, and for issuers with less than $10 billion in issuance state-chartered entities approved by certified state regimes. The GENIUS Act prohibits algorithmic stablecoins from being classified as “payments stablecoins,” even if backed by 1:1 reserves.The GENIUS Act also establishes reserve requirements, reporting requirements and consumer protections, and subjects PPSIs to the Bank Secrecy Act.Meanwhile, the CLARITY Act ends the turf war between the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) by clearly defining regulatory authority and dividing digital assets into three categories:Digital commodities: Assets intrinsically linked to blockchain functionality (Bitcoin, Ethereum), which are regulated by the CFTC.Investment contract assets: Digital commodities sold via investment contracts (initial coin offering) that are initially regulated by the SEC but lose security status once they are traded in secondary markets.Permitted payment stablecoins: Fiat-backed digital assets used for payments, which if “covered” are not considered securities and are not subject to SEC registration, but are subject to CFTC jurisdiction when used in trading or as collateral on registered platforms.The GENIUS and CLARITY Acts have ushered in a new era of regulatory clarity and market maturity and, along with it, a broadly optimistic outlook for crypto in the United States.For several countries, central bank digital currency (CBDC) factors into their crypto agenda. Although the Federal Reserve reportedly has been researching the risks and benefits of a CBDC, President Trump, who has described CBDCs as a “dangerous threat to freedom,”[3] issued Executive Order 14178 in January prohibiting federal agencies from establishing, issuing or promoting a CBDC and directs federal agencies to terminate any related plans or initiatives. Select Risks of Crypto AssetsRegulatoryInformation/data shortcomingsPrice volatilityLiquidityCyberSmart contract bugsNetwork congestionLoss of private keysCustodial failureInoperabilityEnergy consumptionDisintermediationCollateral qualityRun riskSystemic riskContagion riskConsumer misperceptionsMoney launderingOther fraud and manipulationThird-party risks (Compiled from various regulatory and other publications) GENIUS ActCLARITY ActFocusStablecoinsAll digital assetsRegulationStablecoin issuance/reservesAsset classification/market structureRegulatorsOCC, FDIC, Federal Reserve, statesSEC and CFTCConsumer protectionsInsolvency priority, reserve auditsInvestment protections, custody rulesInterest paymentsProhibitedDependent on assetsIndustry impactIncreased adoption in payments and cross-border transactionsInstitutional investments and innovation in blockchain technology While our focus is on the U.S. federal framework for crypto, it is important to note there are also state-level crypto frameworks, the most notable being the one established by the New York Department of Financial Services, which dates back to 2015. UK: Extending the frontier of financial services regulationRegulators in the UK have historically adopted a principle-based, “same risk, same regulatory outcome” approach to financial innovation. However, in the early years of crypto, the UK’s regulatory framework was fragmented, and crypto assets largely were unregulated unless they fell within existing categories of regulated investments or e-money. This approach left consumers vulnerable to fraud, market manipulation and systemic risk. Recognizing the need for change, in 2018, the Financial Conduct Authority (FCA), Bank of England and HM Treasury established the Cryptoassets Taskforce to address risks and regulation of this sector. Specific risks were addressed by introducing supervision of anti-money laundering (AML) and counter-terrorist financing (CTF) risks for crypto businesses registered in the UK (2020), banning the sale of crypto derivatives to retail consumers (2021), extending the financial promotions regime to qualifying crypto assets (2023), and implementing the Travel Rule for crypto asset transfers (2023).In 2023, HM Treasury also announced plans to legislate a financial services regime for crypto assets by expanding the existing scope to include crypto assets rather than creating a stand-alone regime. The UK government is adopting a phased approach focusing initially on fiat-backed stablecoins followed by the wider crypto asset regime. The issuance and custody of fiat-backed stablecoins (FBS) will be regulated under the Financial Services and Markets Act 2000 and the use of FBS as a means of payment will be regulated under the Payment Services Regulations 2017. The gateway to access the UK payment chain would be through FCA authorization of a UK FBS, and the government is considering allowing overseas FBS (approved by payments arrangers) also to be used as a means of payment in the UK. Following a lengthy consultation, in April, the UK government published draft legislation to regulate crypto assets, signaling a commitment to both investor protection and market growth. Under the new rules, crypto exchanges, dealers and agents will be subject to clear standards on transparency, consumer protection and operational resilience, mirroring requirements in traditional finance. The FCA now also has proposed a comprehensive regime for crypto assets, including requirements relating to trading, custody, lending and staking. There will also be market abuse and admissions and disclosures regimes for crypto assets. The intention is for final legal and regulatory requirements to be issued during 2026.The proposed requirements for qualifying stablecoin issuers include backing qualifying stablecoins with secure, liquid assets in a statutory trust for qualifying stablecoin holders (held with a third-party custodian), offering redemption of qualifying stablecoins in exchange for money to all holders, and clearly disclosing their policy for redemption and the composition of backing assets to consumers.Custodians of qualifying crypto assets would be required to segregate client crypto assets from their own, hold them on behalf of clients in a trust, keep accurate books and records of clients’ crypto assets holdings, and have adequate controls and governance to protect clients’ crypto assets holdings.In addition to a crypto asset regulatory regime, the Bank of England actively is exploring the case for issuing a digital pound—a form of CBDC that would act as a digital complement to cash. Following consultations in 2023, the UK is in the “design phase” of the digital pound project. This phase focuses on developing the policy and technology framework and testing how a digital pound could work in practice with the launch of the “Digital Pound Lab,” a technology sandbox for testing potential designs and use cases. A full replacement of flat is unlikely in the near term. Instead, we are witnessing a hybrid future. Ali Faizan Rizvi EU: Adopting a harmonized approachCrypto adoption in the EU has seen a mixed bag: None of the EU member states makes it onto the Global Crypto Adoption Index, and the combined EU $8.5 to $14.3 billion[4] in market value of crypto assets is overshadowed by both APAC and the Americas, although this is expected to change with the harmonized approach to regulation in the market. Germany, France and Slovenia have seen the highest levels of growth in crypto assets. Much like the UK, the EU position on crypto regulation has evolved from warnings of the risks of virtual currencies by the European Banking Authority (EBA) to consideration of how to regulate them. In 2020, the European Commission adopted a new Digital Finance Package, including Digital Finance and Retail Payments Strategies and legislative proposals on crypto assets and digital resilience. The Digital Finance Package culminated in the Markets in CryptoAssets Regulation (MiCA), which took effect in 2023 and is the EU’s first comprehensive regulatory framework for crypto assets, covering the issuance, trading and provision of services related to crypto assets that are not already regulated as financial instruments. Its aim is to harmonize rules across the EU, enhance consumer protection, and ensure market integrity.MiCA applies to issuers of crypto assets, stablecoin issuers and crypto asset service providers (CASPs), which provide services such as custody, trading platforms, exchange, execution of orders, placement, portfolio management and advice on crypto assets.The stablecoin regime, which came into effect in June 2024, covers both Asset-referenced Tokens (ARTs), stablecoins backed by a basket of assets, and E-Money Tokens (EMTs), stablecoins backed by a single fiat currency.In order to obtain MiCA authorization, ART and EMT issuers are under an obligation to demonstrate compliance with prudential requirements, governance arrangements, disclosure requirements, conflict-of-interest and complaints-handling mechanisms, as well as an obligation to hold reserves of assets. In addition, issuers need to have policies and procedures in place governing the custody of the reserve assets, as well as investment of the reserve assets and planning in place for orderly wind-down. More stringent provisions apply to issuers of ARTs that are designated as “significant.” MiCA requires the issuer of EMTs to be an authorized credit institution or an electronic money institution and comply with the applicable sectoral legislation and sets out rules for the categorization of certain EMTs as “significant”—with additional requirements and supervision.The rules relating to CASPs came into effect in December 2024 and require a CASP to be authorized by a member state regulator and meet strict requirements on governance, capital, consumer protection and anti-market abuse measures. Authorized CASPs will be able to provide their services cross-border in all EU jurisdictions (similar to “passport” rights in other European financial services legislation). CASPs will be subject to a range of requirements, both general as well as specific, depending on the type of service provided. The general requirements will cover prescriptive organizational and disclosure rules, rules regarding safekeeping of client funds and outsourcing, conduct rules, and an obligation to act honestly, fairly and professionally in the best interest of clients, as well as prudential requirements such as an obligation to maintain own funds and an insurance policy. Meanwhile, the European Central Bank is working toward the design and implementation of euro CBDC. The European Parliament will consider the matter further this month, and additional legislation will need to be brought forward to enable a euro CBDC, meaning that launch of the coin would be no earlier than 2029.[5]APAC: Leading the way with diverse approaches and regional collaborationAs with so many other areas of regulation, the crypto landscape in APAC presents a diverse picture of countries’ approaches that operate under a broad framework of regional cooperation when it comes to matters of fraud prevention and investor protection. Several APAC countries were early movers, establishing initial frameworks much earlier than other countries. Nine of the top 20 countries in the Global Crypto Adoption Index are in APAC.[6]Examples of more mature and long-standing crypto frameworks in APAC include the following:Japan established its framework in 2017, and it is administered by the Financial Services Authority under the Payment Services Act. The framework recognizes crypto as legal property and a payment method; requires licensing for exchanges and custodians; enforces anti-money laundering/counter-terrorist financing (AML/CFT) compliance, including the Travel Rule; and allows only licensed banks and trust companies to issue stablecoins. Japan also has a CBDC pilot underway.Singapore established its framework in 2019, and it is administered by the Monetary Authority of Singapore under the Payment Services Act. The framework imposes licensing requirements for digital payment token (DPT) service providers; requires strict adherence to AML/CFT standards; prohibits retail crypto advertising and crypto ATMs; and provides, subject to licensing and other requirements, for the issuance of single currency-backed stablecoins pegged to the Singapore dollar or other G10 currencies. Singapore is actively piloting the live issuance of wholesale CBDCs to support instantaneous payments across commercial banks. These are used for interbank settlements, not for direct consumer use.Australia established its framework in 2013; it is subject to oversight by the Australian Securities and Investment Commission (ASIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC). The framework incorporates crypto custody into Australian financial services (AFS) licensing, regulates stablecoins like fiat-based payment facilities and provides for aggressively combating cyber-related crime.Building on its strong momentum, APAC is well-positioned to be a global hub for crypto innovation, with strong infrastructure, a large and growing user base, and widespread government support.ASSET TYPE*RELATIVE RISK LEVEL**KEY RISKSAlgorithmic Stablecoins(cryptocurrencies pegged to, but not backed by, fiat currency that use algorithms and smart contracts to manage the supply automatically)HighPeg failure, no collateral, systemic collapseMeme Coins(cryptocurrency inspired by internet memes, jokes and viral online trends)HighVolatility, manipulation, lack of utility, emotional investingAltcoins(alternative crypto currencies, i.e., any cryptocurrency other than Bitcoin)MediumLower adoption, technical flaws, regulatory risk, market abuseCrypto-Collateralized Stablecoins(stablecoins that maintain their price stability by being backed by cryptocurrency reserves rather than fiat currency)MediumCollateral volatility, smart contract risk, redemption risk, market abuseFiat-Backed Stablecoins(crypto currencies that maintain a stable value by being backed 1:1 (or close to it) by traditional fiat currency reserves, e.g., U.S. dollars, euros or yen)Low Counterparty risk, regulatory scrutinyTokenized Deposits (digital representations of traditional bank deposits issued by regulated financial institutions on blockchain or distributed ledger technology)LowRegulatory, infrastructure, operational, contagionMajor Cryptocurrencies(most widely recognized and traded digital assets in the crypto market)LowVolatility, but high liquidity and adoptionCentral Bank Digital Currencies(digital form of a country’s sovereign currency)LowDirect liabilities of the issuing country * The extent to which financial institutions can offer each of these crypto assets is a matter of local law and regulation. ** Relative risk level relates to the risk level as compared to other crypto assets. The risks identified are illustrative and not intended to be all inclusive.Five questions financial institutions should ask about cryptoThe appeal of crypto is strong, but financial institutions considering entering the crypto space should be sure they can first answer the following questions. Financial services regulators will expect senior management to have assessed these questions rigorously:Do we understand the regulatory landscape? Regulatory crypto asset regimes are emerging but are not aligned. Firms entering the global crypto space will need to keep updated with multiple, developing sets of requirements at the same time that regulators are getting to grips with the operation of the regulatory regime and the market itself.Do we understand all the risks? For those not fully immersed in the crypto world, the market and how it operates is confusing. In addition, the risks are largely untested, and it is possible that other “black swan” risks may emerge in certain circumstances that are not yet envisioned, particularly the impacts on other asset classes including traditional finance. Risk assessment and risk management are, therefore, likely to be scrutinized intensely by regulators and require regular updating and scenario analysis.Do we have the talent, controls and tools we need to manage these risks? To run a successful crypto asset business in a controlled manner requires a team with proven skills and experience. Similarly, analyzing the risks, exposures and emerging challenges in the crypto book will need new technologies and tools. Many of these resources will be newly acquired and possibly challenging to source in the market when others are searching for the same talent.Have we identified and properly vetted all partners that would be involved with our crypto activities? New partners, whether technology or service providers, require careful vetting and assessment, as well as consideration of their regulated status, if appropriate, and their reputation and their ability to service the level of business expected. An in-depth, third-party risk management process should be adopted.Do our crypto plans align with our strategy? While financial institutions will be keen to innovate and offer new services to clients, this should be put in the context of a longer-term business strategy and product/service assessment as well as consideration of the needs of customers. Many financial institutions will consider the timing of their entry into the crypto market (for example, early adoption or not?) and the impact on their market strategy, such as whether to position crypto access as a differentiator.Being able to answer these questions is essential because entering the crypto space is not just a technological or financial decision; it requires a strategic transformation that touches every part of a financial institution’s operations. Thoughtful and comprehensive planning is the difference between responsible innovation and FOMO experimentation. The EU position on crypto regulation has evolved from warnings of the risks of virtual currencies by the European Banking Authority to consideration of how to regulate them. About the authors Carol Beaumier is a senior managing director in Protiviti’s Risk and Compliance practice. Based in Washington, D.C., she has more than 30 years of experience in a wide range of regulatory issues across multiple industries. Before joining Protiviti, Beaumier was a partner in Arthur Andersen’s Regulatory Risk Services practice and a managing director and founding partner of The Secura Group, where she headed the Risk Management practice. Before consulting, Beaumier spent 11 years with the U.S. Office of the Comptroller of the Currency (OCC), where she was an examiner with a focus on multinational and international banks. She also served as executive assistant to the comptroller, as a member of the OCC’s senior management team and as liaison for the comptroller inside and outside of the agency. Beaumier is a frequent author and speaker on regulatory and other risk issues.Bernadine Reese is a managing director in Protiviti’s Risk and Compliance practice. Based in London, Reese joined Protiviti in 2007 from KPMG’s Regulatory Services practice. Reese has more than 30 years’ experience working with a variety of financial services clients to enhance their business performance by successfully implementing risk, compliance and governance change and optimizing their risk and compliance arrangements. She is a Certified Climate Risk Professional. About Protiviti’s Compliance Risk Management Practice There's a better way to manage the burden of regulatory compliance. Imagine if functions were aligned to business objectives, processes were optimized, and procedures were automated and enabled by data and technology. Regulatory requirements would be met with efficiency. Controls become predictive instead of reactive. Employees derive more value from their roles. The business can take comfort that their reputation is protected, allowing for greater focus on growth and innovation.Protiviti helps organizations integrate compliance into agile risk management teams, leverage analytics for forward-looking and predictive controls, apply regulatory compliance expertise and utilize automated workflow tools for more efficient remediation of compliance enforcement actions or issues, translate customer and compliance needs into design requirements for new products or services, and establish routines for monitoring regulatory compliance performance. See our latest Compliance Insights Newsletter Learn More Total Crypto Market Cap Chart, Coingecko: www.coingecko.com/en/charts.Cryptocurrency Market Size & Share 2025, Daniel Ruby, Demandsage, August 21, 2025: www.demandsage.com/cryptocurrency-market-size/.“Trump pledges to block potential US central bank digital currency,” Ian Hall, Global Government Fintech, January 22, 2024: www.globalgovernmentfintech.com/trump-pledges-to-block-potential-us-central-bank-digital-currency/.Europe Cryptocurrency Market Outlook to 2030, Ken Research, December 2024: www.kenresearch.com/industry-reports/europe-cryptocurrency-market#Scope.“Digital Euro Launch Likely by Mid-2029, Says ECB Official,” Jalpa Bhavsar, The Crypto Times, September 25, 2025: www.cryptotimes.io/2025/09/24/digital-euro-launch-likely-by-mid-2029-says-ecb-official/.“APAC Leads Global Crypto Adoption, Driven by South and Southeast Asia,” Fintech News Singapore, September 15, 2025: https://fintechnews.sg/118319/digitalassets/apac-leads-global-crypto-adoption-driven-by-south-and-southeast-asia/.