Crypto Compliance in Focus: Regulatory Views Across the US, UK, EU and APAC

The changing landscape presents both new opportunities and complex operating challenges. Compliance and risk teams are facing a fluid landscape where market dynamics and regulatory expectations are rapidly changing, requiring them to have a deep understanding of crypto assets and how they work, the attendant risks, and the regulatory requirements.

This article provides a primer on the current state of regulatory play for crypto assets across four major regions: the U.S., UK, EU and APAC.

The U.S.: From chaos to cohesion

Regulators in the U.S. traditionally have taken a measured approach toward innovation—opting to watch and understand the developments before stepping in to regulate. In the case of crypto, the initial lack of regulation significantly contributed to the early and rapid growth of the crypto industry. There is a strong consensus, however, that the U.S. waited too long to regulate cryptocurrency, and this delay, along with early attempts by competing regulators to shape the crypto landscape, had significant consequences, including exposing investors to fraud, market manipulation and systemic risk. These circumstances, which were marked by high-profile failures and enforcement actions, ultimately prompted bilateral calls for reform even before the last U.S. election.

However, it wasn’t until July 2025 that Congress, with the support of the pro-crypto Trump administration, passed the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act and Digital Asset Market Clarity Act of 2025 (CLARITY), establishing the first cohesive federal framework for digital assets. The GENIUS Act establishes a federal regulatory framework for payment stablecoins—digital assets pegged to a fixed monetary value and intended for use in payments—which may only be issued by permitted payment stablecoin issuers (PPSIs), i.e., subsidiaries of insured depository institutions, federally chartered nonbank entities approved by the Office of the Comptroller of the Currency, and for issuers with less than $10 billion in issuance state-chartered entities approved by certified state regimes. The GENIUS Act prohibits algorithmic stablecoins from being classified as “payments stablecoins,” even if backed by 1:1 reserves.

The GENIUS Act also establishes reserve requirements, reporting requirements and consumer protections, and subjects PPSIs to the Bank Secrecy Act.

Meanwhile, the CLARITY Act ends the turf war between the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) by clearly defining regulatory authority and dividing digital assets into three categories:

1. Digital commodities: Assets intrinsically linked to blockchain functionality (Bitcoin, Ethereum), which are regulated by the CFTC.
2. Investment contract assets: Digital commodities sold via investment contracts (initial coin offering) that are initially regulated by the SEC but lose security status once they are traded in secondary markets.
3. Permitted payment stablecoins: Fiat-backed digital assets used for payments, which if “covered” are not considered securities and are not subject to SEC registration, but are subject to CFTC jurisdiction when used in trading or as collateral on registered platforms.

The GENIUS and CLARITY Acts have ushered in a new era of regulatory clarity and market maturity and, along with it, a broadly optimistic outlook for crypto in the United States.

For several countries, central bank digital currency (CBDC) factors into their crypto agenda. Although the Federal Reserve reportedly has been researching the risks and benefits of a CBDC, President Trump, who has described CBDCs as a “dangerous threat to freedom,”^[3] issued Executive Order 14178 in January prohibiting federal agencies from establishing, issuing or promoting a CBDC and directs federal agencies to terminate any related plans or initiatives.

While our focus is on the U.S. federal framework for crypto, it is important to note there are also state-level crypto frameworks, the most notable being the one established by the New York Department of Financial Services, which dates back to 2015. 

UK: Extending the frontier of financial services regulation

Regulators in the UK have historically adopted a principle-based, “same risk, same regulatory outcome” approach to financial innovation. However, in the early years of crypto, the UK’s regulatory framework was fragmented, and crypto assets largely were unregulated unless they fell within existing categories of regulated investments or e-money. This approach left consumers vulnerable to fraud, market manipulation and systemic risk. 

Recognizing the need for change, in 2018, the Financial Conduct Authority (FCA), Bank of England and HM Treasury established the Cryptoassets Taskforce to address risks and regulation of this sector. Specific risks were addressed by introducing supervision of anti-money laundering (AML) and counter-terrorist financing (CTF) risks for crypto businesses registered in the UK (2020), banning the sale of crypto derivatives to retail consumers (2021), extending the financial promotions regime to qualifying crypto assets (2023), and implementing the Travel Rule for crypto asset transfers (2023).

In 2023, HM Treasury also announced plans to legislate a financial services regime for crypto assets by expanding the existing scope to include crypto assets rather than creating a stand-alone regime. The UK government is adopting a phased approach focusing initially on fiat-backed stablecoins followed by the wider crypto asset regime. The issuance and custody of fiat-backed stablecoins (FBS) will be regulated under the Financial Services and Markets Act 2000 and the use of FBS as a means of payment will be regulated under the Payment Services Regulations 2017. The gateway to access the UK payment chain would be through FCA authorization of a UK FBS, and the government is considering allowing overseas FBS (approved by payments arrangers) also to be used as a means of payment in the UK. 

Following a lengthy consultation, in April, the UK government published draft legislation to regulate crypto assets, signaling a commitment to both investor protection and market growth. Under the new rules, crypto exchanges, dealers and agents will be subject to clear standards on transparency, consumer protection and operational resilience, mirroring requirements in traditional finance. The FCA now also has proposed a comprehensive regime for crypto assets, including requirements relating to trading, custody, lending and staking. There will also be market abuse and admissions and disclosures regimes for crypto assets. The intention is for final legal and regulatory requirements to be issued during 2026.

The proposed requirements for qualifying stablecoin issuers include backing qualifying stablecoins with secure, liquid assets in a statutory trust for qualifying stablecoin holders (held with a third-party custodian), offering redemption of qualifying stablecoins in exchange for money to all holders, and clearly disclosing their policy for redemption and the composition of backing assets to consumers.

Custodians of qualifying crypto assets would be required to segregate client crypto assets from their own, hold them on behalf of clients in a trust, keep accurate books and records of clients’ crypto assets holdings, and have adequate controls and governance to protect clients’ crypto assets holdings.

In addition to a crypto asset regulatory regime, the Bank of England actively is exploring the case for issuing a digital pound—a form of CBDC that would act as a digital complement to cash. Following consultations in 2023, the UK is in the “design phase” of the digital pound project. This phase focuses on developing the policy and technology framework and testing how a digital pound could work in practice with the launch of the “Digital Pound Lab,” a technology sandbox for testing potential designs and use cases.

EU: Adopting a harmonized approach

Crypto adoption in the EU has seen a mixed bag: None of the EU member states makes it onto the Global Crypto Adoption Index, and the combined EU $8.5 to $14.3 billion^[4] in market value of crypto assets is overshadowed by both APAC and the Americas, although this is expected to change with the harmonized approach to regulation in the market. Germany, France and Slovenia have seen the highest levels of growth in crypto assets. 

Much like the UK, the EU position on crypto regulation has evolved from warnings of the risks of virtual currencies by the European Banking Authority (EBA) to consideration of how to regulate them. In 2020, the European Commission adopted a new Digital Finance Package, including Digital Finance and Retail Payments Strategies and legislative proposals on crypto assets and digital resilience. The Digital Finance Package culminated in the Markets in CryptoAssets Regulation (MiCA), which took effect in 2023 and is the EU’s first comprehensive regulatory framework for crypto assets, covering the issuance, trading and provision of services related to crypto assets that are not already regulated as financial instruments. Its aim is to harmonize rules across the EU, enhance consumer protection, and ensure market integrity.

MiCA applies to issuers of crypto assets, stablecoin issuers and crypto asset service providers (CASPs), which provide services such as custody, trading platforms, exchange, execution of orders, placement, portfolio management and advice on crypto assets.

The stablecoin regime, which came into effect in June 2024, covers both Asset-referenced Tokens (ARTs), stablecoins backed by a basket of assets, and E-Money Tokens (EMTs), stablecoins backed by a single fiat currency.

In order to obtain MiCA authorization, ART and EMT issuers are under an obligation to demonstrate compliance with prudential requirements, governance arrangements, disclosure requirements, conflict-of-interest and complaints-handling mechanisms, as well as an obligation to hold reserves of assets. In addition, issuers need to have policies and procedures in place governing the custody of the reserve assets, as well as investment of the reserve assets and planning in place for orderly wind-down. More stringent provisions apply to issuers of ARTs that are designated as “significant.” 

MiCA requires the issuer of EMTs to be an authorized credit institution or an electronic money institution and comply with the applicable sectoral legislation and sets out rules for the categorization of certain EMTs as “significant”—with additional requirements and supervision.

The rules relating to CASPs came into effect in December 2024 and require a CASP to be authorized by a member state regulator and meet strict requirements on governance, capital, consumer protection and anti-market abuse measures. Authorized CASPs will be able to provide their services cross-border in all EU jurisdictions (similar to “passport” rights in other European financial services legislation). 

CASPs will be subject to a range of requirements, both general as well as specific, depending on the type of service provided. The general requirements will cover prescriptive organizational and disclosure rules, rules regarding safekeeping of client funds and outsourcing, conduct rules, and an obligation to act honestly, fairly and professionally in the best interest of clients, as well as prudential requirements such as an obligation to maintain own funds and an insurance policy. 

Meanwhile, the European Central Bank is working toward the design and implementation of euro CBDC. The European Parliament will consider the matter further this month, and additional legislation will need to be brought forward to enable a euro CBDC, meaning that launch of the coin would be no earlier than 2029.^[5]

APAC: Leading the way with diverse approaches and regional collaboration

As with so many other areas of regulation, the crypto landscape in APAC presents a diverse picture of countries’ approaches that operate under a broad framework of regional cooperation when it comes to matters of fraud prevention and investor protection. Several APAC countries were early movers, establishing initial frameworks much earlier than other countries. Nine of the top 20 countries in the Global Crypto Adoption Index are in APAC.^[6]

Examples of more mature and long-standing crypto frameworks in APAC include the following:

• Japan established its framework in 2017, and it is administered by the Financial Services Authority under the Payment Services Act. The framework recognizes crypto as legal property and a payment method; requires licensing for exchanges and custodians; enforces anti-money laundering/counter-terrorist financing (AML/CFT) compliance, including the Travel Rule; and allows only licensed banks and trust companies to issue stablecoins. Japan also has a CBDC pilot underway.
• Singapore established its framework in 2019, and it is administered by the Monetary Authority of Singapore under the Payment Services Act. The framework imposes licensing requirements for digital payment token (DPT) service providers; requires strict adherence to AML/CFT standards; prohibits retail crypto advertising and crypto ATMs; and provides, subject to licensing and other requirements, for the issuance of single currency-backed stablecoins pegged to the Singapore dollar or other G10 currencies. Singapore is actively piloting the live issuance of wholesale CBDCs to support instantaneous payments across commercial banks. These are used for interbank settlements, not for direct consumer use.
• Australia established its framework in 2013; it is subject to oversight by the Australian Securities and Investment Commission (ASIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC). The framework incorporates crypto custody into Australian financial services (AFS) licensing, regulates stablecoins like fiat-based payment facilities and provides for aggressively combating cyber-related crime.

Building on its strong momentum, APAC is well-positioned to be a global hub for crypto innovation, with strong infrastructure, a large and growing user base, and widespread government support.

* The extent to which financial institutions can offer each of these crypto assets is a matter of local law and regulation. 

** Relative risk level relates to the risk level as compared to other crypto assets. The risks identified are illustrative and not intended to be all inclusive.

Five questions financial institutions should ask about crypto

The appeal of crypto is strong, but financial institutions considering entering the crypto space should be sure they can first answer the following questions. Financial services regulators will expect senior management to have assessed these questions rigorously:

1. Do we understand the regulatory landscape? Regulatory crypto asset regimes are emerging but are not aligned. Firms entering the global crypto space will need to keep updated with multiple, developing sets of requirements at the same time that regulators are getting to grips with the operation of the regulatory regime and the market itself.
2. Do we understand all the risks? For those not fully immersed in the crypto world, the market and how it operates is confusing. In addition, the risks are largely untested, and it is possible that other “black swan” risks may emerge in certain circumstances that are not yet envisioned, particularly the impacts on other asset classes including traditional finance. Risk assessment and risk management are, therefore, likely to be scrutinized intensely by regulators and require regular updating and scenario analysis.
3. Do we have the talent, controls and tools we need to manage these risks? To run a successful crypto asset business in a controlled manner requires a team with proven skills and experience. Similarly, analyzing the risks, exposures and emerging challenges in the crypto book will need new technologies and tools. Many of these resources will be newly acquired and possibly challenging to source in the market when others are searching for the same talent.
4. Have we identified and properly vetted all partners that would be involved with our crypto activities? New partners, whether technology or service providers, require careful vetting and assessment, as well as consideration of their regulated status, if appropriate, and their reputation and their ability to service the level of business expected. An in-depth, third-party risk management process should be adopted.
5. Do our crypto plans align with our strategy? While financial institutions will be keen to innovate and offer new services to clients, this should be put in the context of a longer-term business strategy and product/service assessment as well as consideration of the needs of customers. Many financial institutions will consider the timing of their entry into the crypto market (for example, early adoption or not?) and the impact on their market strategy, such as whether to position crypto access as a differentiator.

Being able to answer these questions is essential because entering the crypto space is not just a technological or financial decision; it requires a strategic transformation that touches every part of a financial institution’s operations. Thoughtful and comprehensive planning is the difference between responsible innovation and FOMO experimentation.