Global Cryptocurrency Regulations (2024)

As of 2022, there were approximately 18,000 different cryptocurrencies and 460 crypto-exchanges. As of September 2024, the global crypto market cap is $2.24 Trillion. According to the World Economic Forum, $91 billion in crypto is traded every 24 hours, most of which are Bitcoin or Ethereum.

The adoption of cryptocurrencies by both individuals and businesses has jumped in recent years—as has the amount of related illegal activity. Through July 2022, almost $2 billion was stolen in crypto through hacks, compared to just under $1.2 billion at the same point in 2021. Money laundering through crypto is another problem. In 2023, illicit crypto addresses sent $22.2 billion to cryptocurrency-related platforms and entities. Although it’s a decrease from 2022 numbers, this drop may be attributed to an overall decrease in crypto transaction volume for both legitimate and illicit activities.

Since the scale of crypto fraud remains substantial, most countries are either implementing or tightening existing regulations on crypto. Although country-specific regulations are usually built on FATF recommendations, each legislation has its own specifics—and companies providing services involving virtual assets must be aware of these specifics. 

Is cryptocurrency regulated globally?

At the moment, cryptocurrency regulations already exist in many jurisdictions and continue to expand around the world. 

The Financial Action Task Force (FATF), a global watchdog for money laundering and terrorist financing, amended its Interpretive Note on Recommendation 15, requiring Virtual Asset Service Providers (VASPs) to be regulated like traditional financial institutions. This includes registration or licensing, along with compliance with AML regulations, such as KYC, transaction monitoring, and sanctions screening.

According to the FATF, a company is considered a VASP if it provides the following services:

• Exchange between virtual assets and fiat currencies
• Exchange between one or more forms of virtual assets 
• Transfer of virtual assets
• Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets
• Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

The definition of VASP may also differ depending on the jurisdiction, since the FATF’s definitions and recommendations are not mandated. Thus, each jurisdiction introduces their own definition of VASP and related regulatory measures.

The FATF Travel Rule

FATF Recommendations require Virtual Asset Service Providers (VASPs) and financial institutions to follow the Travel Rule, which mandates collecting and sharing personal data of transaction senders and recipients. The FATF’s threshold for cross-border virtual asset transfers is $1,000/€, with less stringent requirements for lower amounts. Countries can set their own thresholds or eliminate them entirely, as outlined in Recommendation 16. As of April 2024, 65 of 94 jurisdictions have passed Travel Rule legislation, and 15 are in progress.

Crypto regulations around the globe

We’ve broken down several popular crypto jurisdictions below:

USA

Main regulator: the Financial Crimes Enforcement Network (FinCEN), the Commodity Futures Trading Commission (CFTC), the United States Securities and Exchange Commission (SEC)

Main regulation: United States Bank Secrecy Act (BSA) and amendments to it, provided by the Patriot Act, AMLA; FinCEN Implementing Act 

Who’s affected: 

AML/CFT obligations in the US apply to entities that the BSA defines as “financial institutions” such as futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses (MSBs) as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. 

In 2019, FinCEN issued Guidance which clarified the application of the BSA to some business models operating in the virtual assets field.

In 2021, AMLA also amended the BSA, expanding some definitions, in particular that “financial institutions” include “value that substitutes for currency”. Financial institutions now include, inter alia:

1. Businesses “engaged in the exchange of currency, funds, or value that substitutes for currency or funds”
2. A person who “engages as a business in the transmission of currency, funds, or value that substitutes for currency, including any person who engages as a business in an informal money transfer system or any network of people who engage as a business in facilitating the transfer of money domestically or internationally outside of the conventional financial institutions system”

Travel Rule: implemented

Read this article to get details on crypto regulations in USA: Crypto Regulations in the US—A Complete Guide

UK

Main regulator: The Financial Conduct Authority (FCA)

Main regulation: The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Who’s affected: “Crypto asset service providers,” which include companies that conduct either of the following: 

1. “Exchanging, or arranging or making arrangements with a view to the exchange of, crypto assets for money or money for crypto assets,
2. Exchanging, or arranging or making arrangements with a view to the exchange of, one crypto asset for another, or
3. Operating a machine which utilizes automated processes to exchange crypto assets for money or money for crypto assets.”

Travel Rule: Implemented

Check this detailed guide to learn how to register with the FCA in the UK, as well as peculiarities of the AML regulations in the country.

The EU and MiCA

Recently, the EU adopted the Markets in Crypto Assets (MiCA) regulation, a comprehensive framework designed to unify the cryptocurrency regulatory landscape across European countries, making the crypto industry safer for investors and consumers. Crypto Asset Service Providers (CASPs) have until December 2024 to ensure they are compliant with MiCA.

The main regulator overseeing MiCA is the European Securities and Markets Authority (ESMA), which will play a significant role in enforcing and ensuring compliance across the European Union. Competent national authorities in EU member states will also work alongside ESMA to regulate CASPs.

Who’s affected: MiCA will affect crypto-asset issuers, exchanges, wallet providers, and service providers within the EU. Companies offering crypto-related services to EU citizens will need to comply with these regulations, including obtaining necessary licenses and following rules on transparency, governance, and consumer protection.

Check out this detailed guide on what MiCA is, and how crypto assets service providers have to comply with it in the EU.

The EU and TFR

The EU Transfer of Funds Regulation (TFR) 2023/1113, adopted on May 31, 2023, aligned the EU’s legal framework with FATF standards by extending the “Travel Rule” to VASPs. It also requires the implementation of EDD measures on third-country counterparty CASPs, verification of control or ownership of unhosted wallets, and compliance with AML/CFT measures, among other obligations.

It also amends Directive (EU) 2015/849 (the 4th Anti-Money Laundering Directive, or 4th AMLD) to subject CASPs, which are authorized in accordance with Regulation (EU) 2023/1114 on MiCA, to the same AML/CFT requirements and supervision as credit and financial institutions. Regulation (EU) 2023/1113 will apply from 30 December 2024.

Check out the regulation for further details.

Estonia

Main regulator: Estonian Financial Intelligence Unit

Main regulation: the Estonian Money Laundering and Terrorist Financing Prevention Act

Who’s affected:

1. virtual currency wallet services
2. virtual currency exchange services (virtual currency against a fiat currency or a fiat currency against a virtual currency or a virtual currency against another virtual currency)
3. virtual currency transfer services
4. organizations, in the name or on behalf of an issuer of virtual currency, of a public or targeted offering or sale related to the issue of such currency, or the provision of any related financial services

Travel Rule: implemented

Read this article to learn why VASPs need to comply with local AML regulations: How the New Estonian AML Act Affects Virtual Currencies

France

Main regulator: Financial Markets Authority (AMF)

Main regulation: Monetary and Financial Code, PACTE law

Who’s affected: “An actor may be considered a Digital Asset Service Provider (DASP) if it provides at least one of the following digital asset services, as mentioned in Article L. 54-10-2 of the Monetary and Financial Code:

1. The custody service on behalf of third parties of digital assets or access to digital assets, where applicable in the form of private cryptographic keys, with a view to holding, storing and transferring digital assets;
2. The service of buying or selling digital assets in legal tender
3. The service of exchanging digital assets for other digital assets
4. The operation of a digital asset trading platform
5. The following services:

a) the reception and transmission of orders for digital assets, meaning the act of receiving and transmitting buy or sell orders for digital assets on behalf of a client

b) the management of digital asset portfolios, meaning the act of managing, on a discretionary, client-by-client basis, portfolios that include one or more digital assets under a mandate given by a client

c) advice to investors in digital assets, which means giving personalized recommendations to a third party, either at their request or on the initiative of the service provider providing the advice, concerning one or more digital assets

d) digital asset underwriting, defined as the act of purchasing digital assets directly from a digital asset issuer, with a view to subsequently selling them

d) the guaranteed placement of digital assets, which consists in searching for buyers on behalf of a digital asset issuer and guaranteeing them a minimum amount of purchases by undertaking to buy the digital assets not placed

e) the non-guaranteed placement of digital assets, meaning the act of searching for buyers on behalf of a digital asset issuer without guaranteeing them an amount of purchases.”

The registration requirement only refers to services listed in 1-4.

Travel Rule: Implemented as part of the TFR.

The Netherlands

Main regulator: De Nederlandsche Bank

Main regulation: The Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme—Wwft)

Who’s affected:

1. natural persons or legal entities providing professional or commercial services for the exchange between virtual currency and fiat currency
2. natural persons or legal entities that offer professional or commercial custodian wallets.

At the moment the entities who offer crypto-to-crypto exchanges are still not regulated.

Travel Rule: Implemented as part of the TFR.

Read this article to understand regulations for VASPs in the Netherlands: Cryptocurrency Regulation in the Netherlands—How Companies Can Stay Compliant

Switzerland

Main regulator: Swiss Financial Market Authority (FINMA)

Main regulations:

1. Anti-Money Laundering Ordinance (AMLO-FINMA)
2. Anti-Money Laundering Act (AMLA)
3. AMLO-FINMA7

Who’s affected: 

Financial intermediaries as specified in Articles 2 AMLA and 4 AMLO. As a rule, these include: 

1. Virtual asset exchanges
2. wallets
3. trading platforms, etc.

Travel Rule: implemented

Read further: Switzerland’s FINMA Pushes New AML Rules to Crypto Transactions

Belgium

Main regulator: Financial Services and Markets Authority—FSMA

Main regulation: Law on the prevention of money laundering and terrorist financing and on the restriction of the use of cash

Who’s affected:

1. exchange services between virtual and fiat currencies (VASPs)
2. custodian wallet providers

Travel Rule: Implemented as part of the TFR

Check out this article to learn how to register a crypto business in Belgium: Guide to Mandatory Registration as a Crypto Business in Belgium

Hong Kong

Main regulator: 

1. The Securities and Futures Commission (SFC)
2. The Hong Kong Monetary Authority (HKMA)

Main regulations: 

1. The Anti-Money Laundering Ordinance
2. Guideline on Anti-Money Laundering and Counter- Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers)
3. Guidelines for Virtual Asset Trading Platform Operators
4. Prevention of Money Laundering and Terrorist Financing Guideline issued by the Securities and Futures Commission for Associated Entities of Licensed Corporations and SFC-licensed Virtual Asset Service Providers

Who’s affected: VASPs

Travel Rule: Implemented

Check out this guide on crypto regulations in Hong Kong to learn about the types of crypto businesses that must comply with AML regulations and how to get licensed. 

Singapore

Main regulator: Monetary Authority of Singapore (MAS)

Main regulation: The Payment Services Act (PSA)

Who’s affected:

1. any service of facilitating the exchange of digital payment tokens, namely establishing or operating a Digital Payment Token (DPT) exchange, where the person that establishes or operates that DPT exchange comes into possession of any money or DPT;
2. any service that deals with digital payment tokens—namely buying or selling DPTs in exchange for money or any other DPT (either the same or a different type).

However, the services defined as “dealing” in DPT do not include:

1. facilitating the exchange of DPTs;
2. accepting DPTs as a means of payment for the provision of goods or services;
3. using DPTs as a means of payment for the provision of goods or services.

Singapore regulators are also planning to implement amendments to regulate crypto wallets.

Travel Rule: implemented

Read this article to get details on crypto regulations in Singapore: Singapore’s Digital Payment Token Regulations: Everything You Need to Know

South Korea

Main regulator: Financial Services Commission (FSC)

Main regulation: Act on the Reporting and Use of Specific Financial Transaction Information

Who’s affected: 

Services involved in the following business activities:

1. “Buying or selling virtual assets”
2. “The act of exchanging virtual assets with other virtual assets”
3. “Acts prescribed by Presidential Decree among acts of transferring virtual assets”
4. “The act of storing or managing virtual assets”
5. “Acts of brokering, arranging, or acting as an agent for the acts of 1) and 2)”
6. “Other acts prescribed by Presidential Decree that are highly likely to be used for money laundering and public intimidation financing in relation to virtual assets.”

Travel Rule: implemented

Read this article to get details on crypto regulations in South Korea: The New Crypto Regulations in South Korea: How to Prepare for the Changes

Malaysia

Main regulator: the Securities Commission Malaysia (SCM)

Main regulations: 

1. CAPITAL MARKETS AND SERVICES (PRESCRIPTION OF SECURITIES) (DIGITAL CURRENCY AND DIGITAL TOKEN) ORDER 2019
2. The Guidelines on Recognized Markets
3. The Guidelines on Digital Assets
4. The Anti-Money Laundering and Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001

Who’s affected: 

1. Recognized Market Operator for Digital Asset Exchanges (RMO-DAX)—an electronic platform that facilitates the trading of digital assets
2. Digital Asset Custodian (DAC)​—provides custody services for digital assets. Plays an important role in the ecosystem to safeguard digital asset of investors 
3. Initial Exchanges Offering (IEO)—offers an alternative channel for fundraising for innovative businesses through digital tokens.

Travel Rule: implemented

Check out this guide on crypto regulations in Malaysia to learn how to register a VASP and comply with AML regulations in the country.

Turkey

Main regulator: The Capital Markets Board

AML regulator: The Financial Crimes Investigation Board (MASAK)

Main regulations:

1. Amendment on Crypto Assets to Law No. 6362 on the Capital Markets
2. Regulation on the Disuse of Crypto Assets in Payments
3. Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism

Who’s affected: 

The AML law does not provide an explanation of the definition. According to the MASAK Guidance, crypto asset service providers mediate the buying and selling of crypto assets through electronic trading platforms.

Travel Rule: under development

Read this article to get details on crypto regulations in Turkey: Turkey Enacts Its First Crypto Regulations: Here’s How Businesses Can Adapt

India

Main regulator: the Reserve Bank of India, the Ministry of Finance of India, the Financial Intelligence Unit of India (FIU-IND).

Main regulation: AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets

Who’s affected: VASPs

Travel Rule: Implemented

Check out this detailed guide on cryptocurrency AML regulations and taxation in India

KYC in crypto

Today KYC checks (as part of CDD) are mandatory for crypto operations in most jurisdictions. 

KYC checks aim to identify and verify clients before establishing business relations, permitting transactions and other activities specified by law. The minimum information required during the client onboarding process depends on a given country’s legislation, but usually includes:

• the client’s full name;
• residential address;
• date of birth.

The above information then gets compared to government-issued documents submitted by the applicant.

During the onboarding process, KYC checks usually consist of the following steps:

• identification—the process of acquiring the client’s personal data;
• liveness check—the process of determining whether the client is a real person;
• verification—the process of cross-comparing personal data to government-issued documents;
• address verification—the process of determining whether the client comes from the claimed region. 

To conduct KYC quickly and properly, crypto services often delegate this to specialized third-party solutions.

We also invite you to listen to Sumsub’s “What The Fraud?” podcast episode on crypto fraud to learn about the latest fraud trends and ways to combat crypto fraud.

Crypto transaction monitoring

Another AML requirement for VASPs is transaction monitoring. More specifically, , VASPs have to monitor customer activities and transactions on an ongoing basis in order to determine and report to authorities the following:

• if transactions are complex or unusually large
• a transactions of an unusual nature
• transactions that have no obvious economic or legal purpose
• if there is any suspicion of money laundering or terrorist financing,

The FATF outlines the following red flags of money laundering when observing transactions:

• Anonymous transactions. Use of private coins, trading on unlicensed exchanges or through proxies, use of the same IP address to operate numerous cryptocurrency wallets anonymously.
• Transactional behavior. Suspicious cryptocurrency transaction patterns, such as high transaction frequency in a short period of time or quick deposits and withdrawals of funds into a newly formed account.
• Geographic risks. Cryptocurrency transactions that are carried out into or out of high-risk nations or jurisdictions, or that send currency to exchanges outside of the customer’s home country. 
• Structured transactions. Multiple cryptocurrency transactions that are deliberately structured in amounts that do not trigger reporting thresholds. 
• Inadequate CDD. Cryptocurrency transactions involving accounts that have refused or avoided inquiries for identifying information.
• Money-mules. Elderly or financially vulnerable clients exploited as mules to carry out transactions for money launderers.

FAQ

• How are cryptocurrencies regulated in countries around the world?

  The FATF, a global anti-money laundering watchdog, issues standards and recommendations on cryptocurrency regulations, which are not legally binding. However, they are often reflected in local crypto legislation, sometimes with modifications. In general, in most jurisdictions, cryptocurrencies and companies providing such services (VASPs) are subject to AML regulation on par with financial institutions. Additionally, registration/licensing requirements are applicable to them.

• Who regulates crypto?

  VASPs are supervised on a national level. International organizations, like the FATF, issue standards and recommendations for VASP regulations, which each jurisdiction uses as the basis for developing their own legislation.

• Is crypto regulated by the government?

  Usually cryptocurrency is regulated by a government institution or agency, for example, a central bank or FIU.

• What regulations will be affecting crypto?

  On the EU level, Markets in Crypto-Assets (MiCA) project adoption is due. In addition, more jurisdictions are implementing the FATF Travel Rule (including Lithuania, the United Kingdom, Switzerland, etc.).