Crypto and digital assets: Regulatory challenges

Regulatory focus is increasing as usage by investors, companies, and some central banks grows.

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100

Michael Scarpa

Michael Scarpa

Managing Director, Advisory FS Regulatory & Compliance Risk, KPMG US

+1 212 872 3528

Regulatory activity around crypto and digital assets is intensifying as usage by investors, companies, and even some central banks, shows widespread interest and adoption at retail and institutional levels. The regulatory landscape in the U.S. is evolving alongside the market expansion with state and federal regulators and legislators all considering approaches to add clarity. Key issues include a focus on chartering, licensing, fraud and financial crimes risks, and consumer and investor protections.

The existing stablecoin market is worth nearly $130 billion, having grown 20-fold in the last 20 months.
Gary Gensler, SEC Chairman, public statement, November 2021

Explore here insights from the KPMG report Ten key regulatory challenges of 2022.



Rapid changes: Crypto and digital assets

Develop a corporate/product capability assessment and risk and compliance strategies for the appropriate licensing, issuance and/or use of digital assets.

The current regulatory landscape for crypto and digital assets is fragmented and evolving quickly. Depending on the structure of the assets and the underlying facts and circumstances, multiple regulators at the federal and/or state level may have jurisdictional authority over a transaction. Gaps and overlaps are being created as the market develops; crypto technology firms are connecting to traditional financial systems and regulated banking entities are building out crypto infrastructure (e.g., custody services). Efforts to better define an appropriate regulatory regime, including licensing and chartering authorities, may require legislative change and could also change the relevant markets.   

  • An interagency report recommends Congress consider new legislation to ensure stablecoins and stablecoin arrangements are subject to a federal prudential framework on a consistent and comprehensive basis; additional features would limit issuers to insured depository institutions; subject entities performing stablecoin activities (e.g. digital wallets) to federal oversight; and limit affiliations between issuers and commercial entities.
  • SEC and CFTC have each expressed interest in obtaining expanded authorities over stablecoins to the extent they are deemed securities, commodities, or derivatives. 
  • International standards setters, such as FSB, BCBS, and FATF, are looking to apply existing standards and principles to stablecoin arrangements and other crypto assets. 

Risk and compliance strategies may be influenced by: 

  • Varying definitions of “virtual currency” at the state or federal level.  (A federal definition of “digital asset” has been introduced through the Infrastructure Investment and Jobs Act.)
  • Uncertainty regarding whether a digital asset or related product or service constitutes a security, commodity, or derivative under relevant federal/state laws.
  • Meeting individual state requirements, such as licensing under the Nationwide Multistate Licensing System & Registry (NMLS) for MSB/MTLs, and compliance requirements with the Money Transmitter Model Law, as appropriate. 
  • Integrating the digital asset strategy into existing compliance programs.
  • IRS reporting requirements for cryptocurrency and other digital asset transactions beginning 2023.


Establish/enhance internal risk policies, procedures, and controls with respect to digital assets and payments.

Regulators are focused on consumer and investor protections across a broad array of risks such as fraud, cyber security, data privacy, misconduct, settlement, liquidity, market integrity, market volatility, transparency, and money laundering/terrorist financing.  The enforcement environment is similarly complex, owing, in part, to the Administration’s heightened focus on cybersecurity mitigation. Notably, DOJ has launched a National Cryptocurrency Enforcement Team to carry out investigations and enforcement of criminal misuse of cryptocurrencies; SEC and CFTC each continue to actively initiate enforcement actions within their respective jurisdictions.  

  • MSB/MTLs will need to assess consumer and investor standards within a digital payments framework as new know-your-customer (KYC), anti-money laundering (AML), and tax regulations evolve at the international, federal, and state levels for stablecoins.
  • Cryptocurrency exchanges, brokers, and other market participants should establish a framework for assessing whether a current or proposed offering constitutes a security under state and federal securities laws and take steps to avoid transacting in unregistered securities.
  • Internal compliance policies and procedures, specifically around the custody function, will need to be established or enhanced.
  • Firms should establish an ongoing dialogue with regulators, including the SEC’s FinHub and the OCC’s Office of Innovation, to discuss evolving digital asset services/offerings prior to launch.
  • Firms should evaluate their product and service offerings to determine whether they need to pursue additional licensing and registration, including with FINRA/SEC, NFA/CFTC, and NY DFS.
  • Compliance should be continuously integrated within the digital payments strategy to facilitate upfront assessment of regulatory requirements and testing of associated controls.
  • Risk appetite and existing risk management frameworks for new technologies and products (e.g. crypto assets) will need to be continuously reassessed.


Produce actionable and relevant digital asset information for board reporting.

Regulators expect boards to set clear, aligned, and consistent direction regarding a firm’s strategy and risk appetite based on information that is sufficient in scope, detail, and analysis to enable sound decision-making and consider potential risks.

Given complexity in the pace of crypto and digital asset product and market development, it is important to:

  • Shape a digital asset strategy that includes clear, digestible action items, including board reporting
  • Provide the board with timely, articulate information on product and market developments including identification and assessment of current and emerging risks (developments may range from cyber threats to products/services to talent management)
  • Maintain current, relevant training opportunities for board members and staff.


Ten Key Regulatory Challenges of 2022

The year 2022 brings high levels of risk and regulatory supervision and enforcement. Regulatory “perimeters” continue to expand, and regulatory expectations are rapidly increasing. All financial services companies should expect high levels of supervision and enforcement activity across ten key challenge areas. Read the full report to learn more.

Subscribe to our mailing list to receive our Regulatory Alerts and Points of View.