A Quick and Dirty Fix for US Cryptocurrency Regulation

The United States is entering a new and dynamic environment for cryptocurrency activities. The incoming Trump Administration intends to address the regulatory vacuum and "legalize" activities in the space. It is unfortunate that the SEC, headed by outgoing SEC Chair Gensler, will leave US regulators (not just the SEC) unprepared at the SEC. His regime treated virtually all cryptocurrency issuance and market intermediary activities as effectively illegal, without consideration of a regulatory alternative to the bringing of enforcement actions.

If cryptocurrency market activities are no longer to be treated as inherently illegal, what then? Going forward, what statutes should apply to cryptocurrencies? What activities should require registration or regulation? What rules should be imposed? Which financial regulators should have authority? What obligations are to be imposed on market participants? Looking backwards, how should past legitimate business conduct be regarded and how should past fraud be addressed?

These are difficult questions requiring legislators and regulators to consult broadly. It is not possible to predict how the market may develop, but putting in place new rules will be a time-consuming and iterative process. That said, there are questions that must be answered—and answered quickly—as to how best to regulate cryptocurrencies. Our circumstances require both short-term action and long-term careful consideration.

The purpose of this article is to propose a reasonably simple though quick and dirty path to address the immediate challenges created by the regulatory void. To that end, four goals should be prioritized: (i) avoid needless jurisdictional questions as to whether cryptocurrencies are "securities" or "commodities" or neither; (ii) use existing regulatory agencies and statutory frameworks, where practical, to regulated going forward; (iii) provide a "pardon," if necessary, for past registration violations without excusing instances of fraud; and (iv) establish a legislative basis for regulatory authority, primarily focused on disclosure, while leaving it to the regulators (particularly to the SEC) to define who must disclose and what must be disclosed. 

Part I covers some of the ways in which the current SEC's approach has failed and how that failure has created problems that will not simply disappear just because of the change in Administration. Part II sets out a bare-bones de minimis regulatory scheme to allow the agencies the necessary time to address the specifics. Part III considers how to deal with past conduct. Appendix A discusses the need for legislation to enable the kind of quick temporary fixes that will be needed to produce a reasonable framework for the regulation of cryptocurrencies.

I. The Failures of the SEC

The current SEC is guilty of two very significant failures with respect to cryptocurrency regulations. The first is the failure to define when a cryptocurrency is a "security" over which the SEC has jurisdiction. The second—assuming that cryptocurrencies are securities—is the failure to even attempt to develop a scheme of regulation that can address the many differences between traditional securities and cryptocurrencies.

A. What Laws are Applicable?

Early on, the SEC declared that it had authority over cryptocurrencies in the same way that it does over stocks and bonds. Of course, cryptocurrencies do not look like stocks and bonds. Most obvious is that there is no "issuer." So, to establish jurisdiction, the SEC reasoned that cryptocurrencies may be "investment contracts," and invoked the magic name "Howey" to prove that it was so. The glaring problem is that cryptocurrencies not only do not look like stocks and bonds, they don't even look like the oranges that were the subject of Howey.[1]

While the SEC eventually conceded that Bitcoin is not a security, the SEC held to the position that every other cryptocurrency—including Ether, the second most popular such currency by market value—was still likely a security. There was almost no explanation of that position. It relied on the assumption that Bitcoin was a freak asset that had been in the market so long and was so widely owned that nothing could be done about it. And then, one day, the SEC conceded the point on Ether, too, by allowing the listing of ETFs on Ether—that is, ETFs that were not required to be regulated as investment companies because (implicitly) ETFs holding Ether did not hold "securities." In other words, without explanation, the SEC took an action that created an outcome that could only be possible if Ether was not a security. The change in the SEC position was profound. In short, it was an acknowledgment that Bitcoin was not a freak. Ether was like Bitcoin. And, of course, this raised very fundamental legal questions: Why weren't other cryptocurrencies like Bitcoin and Ether? Why were other cryptocurrencies in violation of the SEC Rules if Bitcoin and Ether are not subject to those Rules?

The SEC provided no guidance on these questions. None. Simply put, if a policing agency such as the SEC cannot define what conduct is legal and what is not, then it is not operating under the rule of law.

This failure has serious implications in the context of both ordinary business activities and enforcement. The fact that market participants have no way of knowing whether a particular instrument is a security, subject to the requirements applicable for securities transactions, is a problem for them. As to potential fraudulent conduct, in order for the SEC to have jurisdiction over a cryptocurrency, the agency first must demonstrate that the relevant instrument is a security. That is not easy when there are no clear or articulable standards upon which to make that decision.

B. What the SEC Did Wrong on Rules

If one assumes that most cryptocurrencies are securities (and that Mr. Gensler is mostly right), then the SEC had authority to make the rules governing cryptocurrencies. Under these assumptions, what should those rules have been?

Mr. Gensler's answer was that "like must be treated as like"; (i.e. cryptocurrencies should be regulated just like all other securities.) That formulation does not withstand any scrutiny. It is nothing more than a throwaway response. As discussed, cryptocurrencies are not just like stocks or bonds, nor are they like options; and, again, they are not even like the oranges in Howey. They are in their own unique class that requires a workable regulatory framework.

According to the SEC, there are more than 16,000 cryptocurrencies, not one of which has been registered under the Securities Act of 1933. When called out on why no cryptocurrency had registered under the Securities Act, Mr. Gensler complained that everyone in the market was simply unwilling to comply with the law. By that reasoning, there are two possible explanations: (i) every single one of the thousands of businesses are run by people who choose to operate outside the law; or (ii) it simply is not realistic to comply.

This does not mean that it would be impossible to develop a form of "regulation that is appropriate to cryptocurrencies." US securities laws are flexible, and there are variations of regulation under the law that apply to many different types of securities, market intermediaries and issuers. Had the SEC under Chair Gensler endeavored to consider how current differences among types of securities are handled, it might have led to the development of appropriate regulation for crypto.

To recap, the incoming Administration is facing two major problems created by its predecessor: (i) there is no set of conditions that defines when a cryptocurrency is subject to the US securities laws or the jurisdiction of the SEC; and (ii) if cryptocurrencies were to fall within the authority of the SEC, the SEC has neither adopted, nor even proposed, rules that might be a fit for cryptocurrencies.

II. Facing the Problem

A. Lessons Learned, Moving Forward

That much of the last four years has been consumed by a jurisdictional debate as to whether cryptocurrencies are "securities," "commodities" or neither of the two is a shame. This utterly useless debate is akin to arguing whether tomatoes are fruits or vegetables. What does typology matter to a cook? What matters is what can be done with the ingredients.

Any honest appraisal of the current market, of course, must recognize there has been significant fraud in the crypto space. Cryptocurrencies are a retail financial product. Just saying "buyer beware" is not a tenable solution. Further, even those who may favor a wholly unregulated market must recognize that it would not be a politically acceptable outcome.

Also clear is that a regulatory solution cannot be delegated to the states. Given the intangible nature of these products, it is challenging enough to regulate crypto on a national basis. Creating and enforcing state regulations as to a wholly intangible asset class that knows no boundaries is an assured failure. There will be a need for some federal system of financial regulation of cryptocurrencies. 

B. So, What Are the Priorities?

Starting fresh, it is necessary to reject the mind-box that says the relevant regulator depends on whether cryptocurrencies are "securities" (in which case the SEC is the regulator) or "commodities" (in which case the CFTC has—at least—antifraud authority). Cryptocurrencies do not have to be squeezed into an existing category; they can be their own thing. This does not mean it is necessary to create a new agency; rather, it means that existing regulatory experience can be applied without jurisdictional squabbling or contorting statutory definitions to achieve bureaucratic ends.

Eventually, crypto regulation will likely evolve into something at least moderately complicated. There will almost certainly be promulgated rules on disclosure, on custody, on market operators, on brokers and dealers, on creators and distributors; on governing advisors; on governing funds that invest in crypto; and so on. And even when rules are proposed, it is not a snap of the fingers for the regulations to be actually adopted and for those subject to the regulations to be able to come into compliance.

Given that we are years behind in fully considering all these factors, we need a temporary solution that (i) covers certain basic requirements, including disclosure, custody, standard of care and fair trading; and (ii) assigns responsibility for enforcing that regulatory framework.

1. Disclosure

The need for deterring those who would misinform and ensuring that material information is provided is a basic and critical imperative. On cryptocurrency, consideration as to who is obligated to disclose is the question. Is it the "creator?" The "distributor?" The owners of a significant percentage or of a significant value? The markets on which the products are traded? All of the above? Without an issuer that one can point to, identification of the disclosing entity is not only difficult, but it will also be a moving target as our understanding of the cryptocurrency market and products develop. We will need a regulator to develop disclosure rules, both as to who must disclose and what must be disclosed. In most cases, the logical regulatory agency to develop rules on disclosure, in particular, is the SEC, which was historically a disclosure-focused agency, and which may return to its roots under the new Administration.

2. Custody

When holding assets on behalf of someone else, a custodian must safekeep those assets and not use them for its own purposes without disclosure and agreement.

It is unfortunate that the SEC and the banking regulators discouraged banks from custody as to crypto assets. As to banking entities that are permitted to provide custodial services, the relevant regulations become the responsibility of the relevant bank regulator. Such regulations might very well include limitations on liability of the bank for failures. 

Non-banks holding cryptocurrencies as custodians should provide appropriate disclosure and be subject to regular audits.

3. Investment Advisory

Entities providing advice to investors with respect to cryptocurrencies may be reasonably regulated as investment advisers subject to the Investment Advisers Act of 1940. Consequently, investment advisers who are giving advice to a third party that relies on that advice must be required to consider that person's interests ahead of those of the adviser. Investment funds that invest only in cryptocurrencies should be subject to Securities Act disclosures or private placement requirements, but nothing more. If the funds were otherwise subject to the Investment Company Act of 1940, by reason of the other (non-crypto) assets they hold, they should have to comply with that statute. If the funds employed derivatives strategies, then the Commodity Exchange Act would also be relevant.

4. Trading Markets

A market for cryptocurrencies must publish price and volume disclosure as to transactions in the market. Market participants may not enter into transactions for the purpose of manipulating price and volume in the assets traded.

Any entity that holds itself out to the public as a market for cryptocurrencies must promptly provide information as to all trades, as well as information, aggregated by cryptocurrency, on a daily, weekly, monthly, annual and year-to-date basis.

III. Enforcement Considerations – Past Misconduct 

If the SEC or the US government changed course and decided that cryptocurrencies are not automatically "securities," the SEC would have no enforcement authority—even where there had been fraud. That may mean that the CFTC should take action regarding fraud in the cryptocurrency market on the basis that the assets are "commodities" over which the CFTC has enforcement authority. No matter how this is resolved, for the purposes of enforcement, here are some necessary conditions:

1. Until there is a long-term solution, any past fraud in connection with transactions in cryptocurrencies would continue to violate either the US securities laws or the Commodity Exchange Act to the extent that these instruments were either securities or commodities under existing law.[2] In short, the SEC and/or the CFTC should continue to have legal authority to act against fraud that has been committed.

2. Crime cannot be created retrospectively. That is, if a cryptocurrency is not a security, prior misconduct with respect to that cryptocurrency cannot be deemed a violation of the US securities laws, regardless of the severity of the misconduct.

3. While past fraudulent conduct should not be given a pass, "forgiveness" should be provided for businesses that violated, say, the registration requirements of the US securities laws, but did not act dishonestly.

Appendix A

To put in place a practical transition from the current regulatory framework to a bare-bones but necessary temporary fix (as a set up to a more long-term and sophisticated regulatory scheme for cryptocurrencies[3]) requires legislation. The recommendations below would provide clarity and direction along the lines of the analysis above. Here is an outline of what might serve that purpose:

The Quick and Dirty Cryptocurrency Act of 2025

1. Definitions

"Cryptocurrency" means (i) a natively electronic asset that (A) confers economic, proprietary, or access rights or powers; (B) is recorded using cryptographically secured distributed ledger technology, or any similar analogue; and (C) does not represent, derive value from, or maintain backing by, a financial asset (except other crypto assets); and (ii) does not include (A) a payment stablecoin; and (B) other interests in financial assets (except other crypto assets) represented on a distributed ledger or any similar analogue.[4]

"Crypto Market Participant" means an entity that acts in any of the following capacities with respect to a cryptocurrency: broker, dealer, investment adviser, investment company, exchange, promoter, distributor, custodian or endorser.

[Note: Some of the above definitions may be lifted, more or less in whole, from the Securities Laws. Because cryptocurrencies do not have an "issuer" in the same sense as stocks and bonds, other definitions will be complex; e.g.; "promoter" and "distributor." Settling on how to define these terms will require input from a broad group of market participants and interested parties.]

2. Enforcement and Jurisdiction[5]

The SEC shall have authority to enforce any violation of the Commodity Exchange Act that involves a cryptocurrency. The CFTC shall have authority to enforce any violation of the Securities Laws that involves a cryptocurrency.[6]

Neither the SEC nor the CFTC shall bring an enforcement action against a Crypto Market Participant for having failed to register under the Securities Laws or the CEA unless the SEC or the CFTC can affirmatively demonstrate that the Crypto Market Participants committed fraud in connection with its CMP actions; provided, however, that either the SEC or the CFTC may bring actions against a Crypto Market Participant for any violations of this Act or the Rules adopted thereunder.

Options on cryptocurrencies and swaps on cryptocurrencies that are not traded on a CFTC-regulated futures exchange are, from the date of the adoption of this Act, "swaps" for purposes of the CEA. 

3. Affirmative Obligations

Each Crypto Market Participants shall provide to (i) each of the SEC and the CFTC and (ii) each of its customers a disclosure document in such form as the [SEC] shall require, appropriately tailored to the type of Crypto Market Participant. Such disclosure document shall not contain any material misstatements or omissions.

Any Crypto Market Participant that acts as a custodian (other than a bank) must (i) make no use of the cryptocurrencies entrusted to it except with the express permission of the customer and (ii) publish annual audited financial statements.

Any Crypto Market Participant that acts as an exchange shall make available on its website a real-time record of all transactions in each cryptocurrency traded on that exchange as well as such other aggregated trade information as the SEC shall require.

No person shall purchase, sell or quote for cryptocurrencies for the purpose of creating a misleading appearance of the value, market price or liquidity of such cryptocurrency.

4. Advisers and Funds

A Crypto Market Participant that provides investment advice with respect to cryptocurrencies shall be subject to the requirements of the Investment Advisers Act to the same extent it would be required as if the cryptocurrencies were securities.

An investment fund that invests solely in cryptocurrencies shall not be required to register under the Investment Company Act, but that adviser to such a fund shall be required to register under the Investment Advisers Act.

5. Credit Issues

Margin loans on cryptocurrencies shall be treated as "securities contracts" for purposes of the US Bankruptcy Code.

Loans against cryptocurrencies by registered broker-dealers shall not diminish their customer reserve obligations under SEC Rule 15c3-3. Persons holding cryptocurrencies through broker-dealers shall not be entitled to SIPA insurance.