Crypto Regulations in the US—A Complete Guide (2025)

The US cryptocurrency regulatory landscape has changed quite a bit lately. With President Donald Trump returning to the White House in 2025, his administration is adopting a pro-crypto stance and pushing for aggressive deregulation at the federal level, which is shaking things up in the crypto world. One of the most headline-grabbing moves so far is the Strategic Bitcoin Reserve and United States Digital Asset Stockpile, showing the intent to treat digital assets as a national strategic priority.

Key regulatory bodies—such as the Department of Justice’s National Cryptocurrency Enforcement Team—have been disbanded, and the Securities and Exchange Commission (SEC) appears to be loosening its grip, even dropping major lawsuits against well-known crypto companies such as Gemini and Coinbase. 

This shift brings a mix of opportunities and challenges. On the one hand, this deregulatory approach could spark innovation and growth in the crypto sector. On the flip side, it raises some serious concerns about consumer protection, financial stability, and the risk of more criminal activity as a result of the weakened regulatory oversight.

In this guide, we’ll take a closer look at the federal licensing requirements, review the current state of US crypto regulations, and explore how recent legal changes and the administration’s policies are affecting the industry and what it all means for the future.

General overview of US Federal Crypto Regulation (2025)

At the federal level, the regulation of cryptocurrency-related activities in the United States is grounded in the application of existing financial laws to digital assets, leading to inconsistencies due to the unique nature of digital assets. Entities engaged in the exchange, transfer, or custody of cryptocurrencies are typically classified as Money Services Businesses (MSBs) and must register with the Financial Crimes Enforcement Network (FinCEN). Such entities must implement comprehensive Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) programs, conduct customer identification procedures (KYC), submit Suspicious Activity Reports (SARs), and comply with the Travel Rule, which mandates the transmission of specific information during virtual asset transactions.

Beyond FinCEN, several federal agencies exert regulatory authority over different aspects of the cryptocurrency sector. The Securities and Exchange Commission (SEC) treats certain digital assets as securities and enforces compliance with applicable securities laws. The Commodity Futures Trading Commission (CFTC) classifies certain cryptocurrencies, such as Bitcoin, as commodities and oversees derivative markets based on these assets. Additionally, the Office of Foreign Assets Control (OFAC) mandates compliance with US sanctions programs, requiring companies to screen clients and counterparties against designated lists.

Overall, US federal policy seeks to integrate cryptocurrencies into the existing financial regulatory framework while prioritizing financial security, investor protection, and the prevention of illicit activities. You can find below aspects of federal regulation in more detail.

Note that local regulations may vary from state to state. Therefore, state-level legal requirements should be subject to separate review.

Who’s the regulator? Key federal agencies regulating crypto in the US

The US has a variety of federal institutions regulating digital assets. The exact institution in charge will depend on whether an asset is a money transmitter, security, or commodity/derivative. The main ones include:

• Financial Crimes Enforcement Network (FinCEN) regulates digital assets for purposes of Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT)
• The Securities and Exchange Commission (SEC) oversees the issuance and resale of digital assets, which are considered to be securities
• The Commodity Futures Trading Commission (CFTC) regulates digital assets if they mainly qualify as commodities or are used as derivatives

Several government agencies, while not directly regulating digital assets, contribute through related guidelines and initiatives:

• Department of Justice (DOJ) now concentrates on major criminal activities involving cryptocurrencies, such as terrorism and drug trafficking, rather than regulatory infractions
• The President’s Working Group (PWG) on Digital Asset Markets is responsible for developing a federal regulatory framework for digital assets, including stablecoins, and evaluating the creation of a strategic national digital assets stockpile.​ It was established in January 2025 and includes heads of key federal agencies like the SEC and CFTC. The PWG on Digital Asset Markets does not have a dedicated public website. However, information about its activities and related reports can be found through various official channels, including the ​US Department of the Treasury, the White House, and the Securities and Exchange Commission (SEC).

Note: Other Federal authorities can also regulate specific issues related to digital assets. The Internal Revenue Service (IRS) regulates taxation of digital assets, and the Office of the Comptroller of the Currency (OCC) issues guidance allowing banks to custody digital assets and use stablecoins for payments under certain conditions, etc.

State-by-state crypto regulation in the US

From New York’s BitLicense to Wyoming’s crypto-friendly laws, state-level regulation in the US is anything but uniform, making location a key factor for crypto platforms and their customers alike.

* This list of crypto-friendly and strict states has been created by Sumsub based on our own research, analysis, and subjective judgment. It is intended for informational and general reference purposes only.

Crypto-friendly states 

The following states are considered to be more crypto-friendly than others in the US:

• Wyoming
• Texas
• Florida ​
• Colorado ​
• Ohio ​
• Nevada ​
• Arizona ​
• Illinois ​
• Tennessee ​
• North Carolina

Strict states: Licensing and operational barriers

While some states foster crypto innovation, others have implemented rigorous regulatory frameworks that pose challenges for digital asset businesses.​

• New York. The New York State Department of Financial Services (NYDFS) requires crypto businesses to obtain a BitLicense. It mandates comprehensive compliance measures, including Know Your Customer (KYC) protocols, capital requirements, and regular reporting. Due to its complexity and cost, the BitLicense has been criticized for stifling innovation. ​

• California. Effective July 1, 2026, California’s Digital Financial Assets Law (DFAL) will require crypto companies to get a license from the Department of Financial Protection and Innovation (DFPI). The law imposes strict requirements on digital asset businesses, including stablecoin issuers, and introduces big penalties for non-compliance, such as $100,000 per day for unlicensed activity (e.g., operating a crypto exchange without a DFPI license). ​

• New Jersey. The Digital Asset and Blockchain Technology Act mandates that crypto businesses obtain licenses from the New Jersey Department of Banking and Insurance. The act encompasses various activities, including digital asset trading, custody, and storage, and imposes capital and compliance obligations. ​

• Connecticut. Connecticut treats virtual currency similarly to fiat currency under its money transmitter licensing laws. Businesses that engage in virtual currency activities must obtain a money transmitter license and adhere to the same regulatory standards as traditional financial institutions.

Who is affected?

At the federal level, several US agencies oversee different aspects of cryptocurrency activities. Each agency’s jurisdiction depends on the nature of the business and the classification of the digital assets. Below is a breakdown by regulatory authority, indicating which businesses are affected, under what circumstances, and what type of registration, license, or compliance is required.

1. Financial Crimes Enforcement Network (FinCEN)

Regulates businesses involved in the transmission of money, including cryptocurrencies, under the Bank Secrecy Act (BSA).

Affected businesses:

• Centralized cryptocurrency exchanges (e.g., platforms facilitating crypto-fiat or crypto-crypto trades)
• Crypto custodians holding user funds
• Crypto payment processors
• Custodial wallet providers

When? When a business accepts and transmits value that substitutes for currency or provides money transmission services.

Required authorization: Registration as a Money Services Business (MSB).

No formal license issued; instead, registration and adherence to ongoing AML/CFT compliance obligations are mandatory.

2. Securities and Exchange Commission (SEC)

Regulates businesses dealing with financial instruments classified as securities under US law, including certain digital assets.

Affected businesses:

• Platforms trading digital assets deemed securities
• Issuers of tokens that qualify as securities (e.g., security token offerings, some ICOs)
• Crypto investment advisors and custodians handling security tokens

When? When digital assets meet the Howey Test criteria and are considered “investment contracts” or otherwise qualify as securities.

Required authorization: 

• Registration of securities offerings (unless qualifying for an exemption such as Regulation D, Regulation S, or Regulation A+).
• Alternative Trading System (ATS) license for platforms facilitating secondary trading of securities
• National Securities Exchange license for larger trading venues
• Investment Adviser registration for firms managing security tokens on behalf of clients
• Qualified Custodian status for custodians holding securities.

3. Commodity Futures Trading Commission (CFTC)

It regulates businesses involved with commodities and derivatives related to digital assets under the Commodity Exchange Act (CEA).

Affected businesses:

• Platforms offering futures, swaps, or options contracts on cryptocurrencies
• Entities providing leveraged or margined crypto trading to retail clients

When? 

• When offering derivatives based on cryptocurrencies (e.g., Bitcoin futures)
• When retail commodity transactions involve leverage or margin

Required authorization:

• Registration as a Futures Commission Merchant (FCM) (for platforms facilitating customer futures trading)
• Registration as a Commodity Pool Operator (CPO) or Commodity Trading Advisor (CTA) if managing pooled crypto investment products
• Registration as a Swap Dealer if facilitating crypto swaps

US federal crypto licensing and compliance requirements in 2025 

Navigating the US crypto regulatory landscape in 2025 remains complex, with a mix of federal rules and diverse state-level laws. While federal regulations have been rolled back, individual states continue to enforce their own distinct requirements, which impacts how crypto businesses approach licensing and compliance. This means that what’s true in one state may not be true in another, making it essential for crypto companies to stay informed about the different rules.

Financial Crimes Enforcement Network (FinCEN): Steps to register

1. Determine MSB status. Confirm that your business qualifies as an MSB under the BSA. If your business transmits funds (e.g., crypto exchanges, custodial wallets, or payment processors), it is likely considered an MSB.
2. Register with FinCEN:
   1. Complete and file FinCEN Form 107 through the BSA E-Filing System.
   2. Registration must be completed within 180 days of starting MSB activities.
3. Develop and implement an AML program:
   1. Include written policies, customer due diligence procedures, and independent review protocols.
   2. Appoint a compliance officer.

Securities and Exchange Commission (SEC): Steps to register

1. For token issuers (securities offerings):
   1. Assess token classification. Apply the Howey Test to determine if your digital asset is a security.
   2. Choose a path. Register with the SEC via Form S-1 (public offering), or use an exemption.
2. For trading platforms (ATS or exchange):
   1. Apply to register as an ATS:
      1. File Form ATS with the SEC.
      2. Register as a broker-dealer with FINRA (via Form BD).
   2. For a full national securities exchange license. Submit a Form 1 application and follow the SEC rulemaking and approval process.
3. For investment advisers:
   1. Register via the SEC’s Investment Adviser Registration Depository (IARD).
   2. File Form ADV and establish a compliant business structure.
   3. Maintain ongoing disclosure, recordkeeping, and fiduciary duties.
4. For custodians:
   1. Apply for Qualified Custodian status if holding digital securities.
   2. Must meet certain standards (e.g., bank or trust company, broker-dealer, or futures commission merchant).

Commodity Futures Trading Commission (CFTC): Steps to register

1. For FCMs (e.g., futures platforms):
   1. Register with the National Futures Association (NFA):
      1. Submit Form 7-R via the NFA’s ORS portal.
      2. Designate a compliance officer.
      3. Provide proof of capital and operational readiness.
   2. Undergo background checks.
   3. Implement risk controls, AML policies, and financial reporting mechanisms.
2. For CPOs and CTAs:
   1. Register through the NFA, using Form 7-R (CPO) or Form 8-R (CTA).
   2. Submit a Disclosure Document for approval.
   3. Provide regular financial and investor reports.
3. For swap dealers:
   1. Determine if swap dealing activity exceeds CFTC thresholds.
   2. Register with the CFTC and NFA.
   3. Establish robust compliance, documentation, and margin procedures.

While federal crypto regulation in the US is complex and evolving, a methodical approach to identifying applicable business activities and following the right registration path will ensure a strong legal foundation. In many cases, registration involves not just filing forms, but also building internal compliance infrastructure that satisfies ongoing regulatory obligations.

Please note that in each case, you should check your state regulations and requirements. 

AML/KYC requirements for US crypto companies in 2025

In 2025, anti-money laundering (AML) and countering the financing of terrorism (CFT) requirements will continue to be a core element of the regulatory framework for cryptocurrency businesses operating in the United States. Crypto companies are classified as financial institutions under BSA and are primarily overseen by the Financial Crimes Enforcement Network (FinCEN).

Importantly, AML/CFT obligations are not limited to companies registered as MSBs with FinCEN. Cryptocurrency businesses regulated by the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC)—such as crypto trading platforms handling security tokens, alternative trading systems (ATS), futures commission merchants (FCMs), and swap dealers—must also establish and maintain AML programs in accordance with applicable laws and regulations. These entities are subject to parallel or additional AML compliance obligations under the Securities Exchange Act of 1934, the Commodity Exchange Act (CEA), and associated regulations.

What’s next for US crypto regulation?

As of April 2025, the US crypto regulations are significantly changing. The Trump administration is taking a hands-off approach, trying to encourage innovation in the crypto space, though this has sparked some worries about how things will be monitored and enforced. At the same time, Congress is looking into new laws to bring some clarity and organization to the world of digital assets.

Upcoming federal guidelines and proposals

Several key federal initiatives and proposals are shaping the future of crypto regulation:

• Stablecoin legislation. Congress is considering two major bills—the revised STABLE Act and the GENIUS Act—aimed at creating a regulatory framework for stablecoins. These bills address reserve requirements, transparency, and oversight mechanisms.
• SEC and CFTC roundtables. Regulatory bodies like the SEC and CFTC are hosting roundtables to discuss critical issues such as digital asset custody, tokenization, and decentralized finance (DeFi), showing a more collaborative approach to regulation.

Trends shaping the future of crypto compliance in the US

Several emerging trends are influencing the trajectory of crypto compliance:​

• Stablecoin regulation. With the increasing adoption of stablecoins for payments and remittances, regulations are more intensely focused on ensuring their stability, transparency, and compliance with financial laws.
• Privacy coins scrutiny. Privacy-focused cryptocurrencies are under more scrutiny due to concerns about their potential use in illicit activities, which prompts discussions on implementing stricter AML/KYC measures.
• Centralized oversight vs. decentralization. The balance between innovation in decentralized platforms and ensuring adequate oversight remains a central debate, which affects policy decisions and regulatory frameworks. ​
• Regulatory sandboxes. There is growing interest in setting up regulatory sandboxes that allow for controlled experimentation with new technologies and business models, all the while managing risks.
• Global regulatory coordination. As digital assets transcend borders, international cooperation among regulators is becoming crucial to address cross-border transactions and enforcement challenges.

Suggested read: Regulatory Sandboxes—a Bridge Between Regulators and Business Innovation

Why identity verification still matters in 2025

Identity verification continues to be a cornerstone of AML/KYC compliance for crypto businesses.

• Risk mitigation. Robust identity verification helps prevent fraud, money laundering, and terrorist financing by ensuring that users are who they claim to be. ​
• Onboarding integrity. Effective KYC procedures ensure that only legitimate users access crypto platforms, maintaining the integrity of the user base. ​
• Regulatory compliance. Adherence to identity verification protocols is essential to meet legal obligations and avoid penalties.

Suggested read: KYC and AML—Key Differences and Best Practices

How to stay compliant

To maintain compliance with AML/KYC regulations, crypto companies should follow this checklist, which includes the most important requirements:​

1. Customer Due Diligence (CDD). Implement procedures to identify and verify the customers, using a risk-based approach. 
2. Beneficial ownership identification. Determine and document the natural persons who own or control legal entity customers, as required under the Corporate Transparency Act. ​
3. Ongoing monitoring. Continuously monitor customer transactions and update risk profiles; detect unusual or suspicious activity. ​
4. Reporting obligations. File Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) as mandated by FinCEN and other required filings in a timely and accurate manner. ​
5. Transaction monitoring. Establish automated systems to monitor and analyze customer transactions in real time, flagging suspicious behavior or patterns that may indicate money laundering or terrorist financing activities.
6. Development of internal AML/CFT rules and policies. Create and regularly update a comprehensive set of internal policies, procedures, and controls tailored to your company’s risk exposure, ensuring alignment with AML/CFT legal requirements.
7. Employee training. Conduct ongoing AML/CFT training programs for all relevant staff to ensure they understand regulatory obligations, recognize suspicious activity, and know how to escalate issues appropriately.
8. Independent audits. Schedule regular independent reviews of your AML/CFT program to evaluate its effectiveness, identify gaps, and implement recommended improvements, ensuring your compliance framework remains robust and up to date.
9. Sanctions compliance. Companies must screen customers and transactions against lists maintained by the Office of Foreign Assets Control (OFAC) and block prohibited transactions involving sanctioned individuals or jurisdictions.
10. Appointment of key officers. Designate a qualified compliance officer (e.g., BSA/AML Officer) responsible for implementing and overseeing the AML/CFT program, maintaining communication with regulators, and ensuring accountability at the management level.
11. Travel Rule compliance. Ensure that the required information about the originator and beneficiary of digital asset transfers is collected, transmitted, and recorded.
12. Recordkeeping. Detailed transaction and customer records must be maintained for at least five years and made available to regulators upon request.

By adhering to these practices, crypto companies can navigate the regulatory environment effectively, safeguarding their operations.​

Suggested read: Customer Due Diligence (CDD): The Process and Its Types

US Crypto Travel Rule compliance

In the US, Travel Rule compliance for cryptocurrency transactions falls under the Bank Secrecy Act and is enforced by FinCEN. In 2025, it remains a requirement for all Virtual Asset Service Providers (VASPs)—including crypto exchanges, custodians, and wallet providers—to collect, store, and transmit personally identifiable information (PII) for transactions of $3,000 or more.

This includes:

• The name and address of the originator and beneficiary,
• The originator’s financial institution,
• The amount and date of the transaction,
• And other relevant identifiers (like wallet addresses or transaction hashes).

These requirements apply to both domestic and international transfers and are intended to align with the Financial Action Task Force (FATF) standards. Non-compliance can lead to enforcement actions or penalties, especially as regulators ramp up scrutiny in 2025.

Suggested read: Explore Travel Rule Implementation

Practical solutions for crypto businesses in the US

As regulatory scrutiny increases both at the federal and state levels, crypto companies need to step up their game when it comes to spotting suspicious activities and preventing illegal operations. Key focus areas include transaction monitoring and compliance with the Travel Rule requirements. Both are crucial for meeting anti-money laundering (AML) obligations and maintaining the integrity of the operations.

Transaction monitoring enables crypto businesses to track user activity in real time and flag unusual or high-risk transactions based on behavioral patterns, geolocation, asset types, and more. This is especially important in 2025, as regulators now expect platforms to go beyond simple identity verification and adopt risk-based approaches aligned with the Bank Secrecy Act and FinCEN guidance.

Sumsub’s Transaction Monitoring solution leverages customizable rules and dynamic risk scoring to help platforms detect and respond to suspicious activity effectively. It streamlines compliance and reduces manual review workload.

Additionally, the Travel Rule solution is a complete compliance platform built to support virtual asset transfers both within the US and internationally. It is a proprietary protocol that enables secure, real-time exchange of required originator and beneficiary information, fully aligned with the FATF guidelines and FinCEN expectations.

Sumsub’s platform is more than just for domestic use. It works with four of the top global Travel Rule systems, allowing for seamless connections with partners around the world. As a result, you can make compliant transfers even if the recipient’s VASP is located outside the US.

Many US-based firms rely on closed domestic networks that do not connect to international VASPs, which creates compliance blind spots for outbound transfers. The Travel Rule solution eliminates that limitation by bridging the gap between US operations and the global crypto ecosystem. It enables businesses to scale across borders without compromising on regulatory compliance. 

FAQ

• Is cryptocurrency legal in the United States?

  Yes, cryptocurrency is legal in the US, but it is subject to both federal and state regulations that vary by activity and jurisdiction.

• Which agencies regulate cryptocurrency in the US?

  Multiple agencies share oversight, including the SEC, CFTC, FinCEN, and IRS. Each focuses on different aspects, such as securities, commodities, AML compliance, and taxation.

• Do crypto exchanges need a license in the US?

  Yes, if crypto exchanges operate as money transmitters or engage in certain activities, they must register with FinCEN and often obtain state-specific licenses.

• How do state crypto laws differ?

  States vary widely—some, like Wyoming, are crypto-friendly with tailored frameworks, while others, like New York, impose strict licensing through regulations like the BitLicense.

• What are the KYC/AML requirements for crypto businesses?

  Crypto businesses must implement identity verification, customer due diligence, transaction monitoring, and reporting systems in line with FinCEN and BSA guidelines.

• Is a license required to operate a cryptocurrency business?

  A license may be required if a business offers fiat transactions, custodial services, stablecoin issuance, or money transmission. However, a license may not be necessary if a business only handles crypto-to-crypto trades or personal transactions, and the state does not mandate one. Given the variation in regulations, it’s crucial to review both federal and state guidelines to ensure compliance.

• What’s the impact of the IRS rule rollback on crypto businesses?

  In 2025, the Internal Revenue Service (IRS) dropped its expanded “broker” definition, easing reporting rules for DeFi platforms. However, crypto businesses still must comply with federal and state licensing, AML, and KYC requirements.