● Executive Order on Strengthening American Leadership in Digital Financial Technology (link)

○ On 23 January 2025, President Donald J. Trump signed an Executive Order aiming to enhance the United States’ position as a global leader in digital assets and financial technology. The Executive Order establishes the President’s Working Group on Digital Asset Markets, which is directed to recommend, within 180 days, a federal regulatory framework for digital assets, including stablecoins, and evaluate the creation of a strategic national digital asset stockpile (crypto reserve). Key objectives of the executive order are to ensure individuals’ rights to use public blockchain networks for lawful purposes, such as software development, mining, self-custody of assets, and uncensored transactions. The order also prohibits the establishment and use of Central Bank Digital Currencies (CBDCs) in the US, citing concerns regarding financial stability, privacy, and national sovereignty. It repeals previous executive actions on digital assets that were put in place by the Biden administration, and directs the Treasury to rescind its international engagement framework on digital assets.

● SEC Establishes Task Force “To Do Better” on Crypto, Overhauls Enforcement Team (link) (link)

○ On 21 January 2025, the US Securities and Exchange Commission (SEC) announced the formation of a dedicated crypto task force to establish a clear regulatory framework for digital assets. Commissioner Hester Peirce, known for her supportive stance on cryptocurrency and often referred to as “Crypto Mom,” will lead this initiative.  The SEC’s own press release admits that the commission has to date “relied primarily on enforcement actions to regulate crypto retroactively and reactively,  often adopting novel and untested legal interpretations along the way”. This resulted in market confusion and created “an environment hostile to innovation and conducive to fraud. The SEC can do better.” The purpose of the task force will be “to help the Commission draw clear regulatory lines, provide realistic paths to registration, craft sensible disclosure frameworks, and deploy enforcement resources judiciously”, signaling a 180-degree shift to the Commission’s traditional approach.

○ On 20 February 2025, the SEC announced that the “Crypto Assets and Cyber Unit” responsible for crypto enforcement, will be replaced with a smaller team called “Cyber and Emerging Technologies Unit”. The removal of the term “crypto” indicates the unit will likely focus more on securities violations committed using other emerging technologies, such as artificial intelligence, social media or the dark web. The SEC acting chairman, Mark Uyeda, said that the unit’s task will not only be to protect investors but also “to facilitate capital formation and market efficiency by clearing the way for innovation to grow”.

● After Interim Court Losses, SEC Drops Landmark Case Against Coinbase (link) (link)

○ Crypto exchange Coinbase announced that the SEC staff has agreed to dismiss its enforcement case against the company, subject to the SEC commissioner’s approval. Coinbase has not provided further details about the agreement, but in a later interview, Paul Grewal, Coinbase’s chief legal officer, said that it is “nothing short of a complete win”, and that Coinbase would not have to admit to any wrongdoing or pay a fine.

○ The SEC decision comes amid the agency’s policy realignment regarding crypto and two setbacks in the legal battles against Coinbase. In June 2023, the SEC sued Coinbase, largest crypto exchange in the US, alleging that Coinbase’s business amounts to the operation of an unregistered broker, exchange, and clearing agency in securities. Coinbase claimed that the cryptoassets traded on its platform were “not within the SEC’s authority” because they are not investment contracts per the Howey test and, therefore, not securities. On 27 March 2024, in a victory for the SEC, the District Court of the Southern District of New York declined Coinbase’s request to dismiss the case, holding that Coinbase failed to prove, as a matter of law, that the tokens did not qualify as investment contracts. However, on 7 January 2025, the same court allowed Coinbase to appeal the decision to the US District Court of Appeals for the Second Circuit (“2nd Circuit”). A motion for an interlocutory appeal of the court’s prior ruling is rarely given, marking a significant win for Coinbase that effectively halted the SEC’s lawsuit. (The legal question at the heart of the case, which was supposed to be referred to the 2nd Circuit, is whether the Howey test requires a direct promise or contract between the issuer and the purchaser or does not require such a link. The former proposition was adopted by the SDNY in the Ripple case, and endorsed by Coinbase – while the latter was ruled in the Terraform case, supported by the SEC. With the Coinbase lawsuit now being dropped, this question will be left undetermined in the meantime.)

○ Separately, the US Court of Appeals for the Third Circuit required the SEC to provide a more complete explanation for its refusal to issue rules on the application of securities laws to crypto assets. In July 2022, almost a year before the SEC sued Coinbase in SDNY (as discussed in previous paragraph), Coinbase petitioned the SEC to propose tailored rules to the industry, arguing that the existing framework is incoherent and “fundamentally incompatible with the operation of digital asset securities”. The SEC denied the request, arguing  (in a single paragraph) that it has wide discretion to determine the timing and priorities of its regulatory agenda, including with respect to rulemaking. The 3rd Circuit court found the SEC’s denial of Coinbase’s petition to be  insufficiently reasoned, and thus arbitrary and capricious under the Administrative Procedure Act (APA). In a majority opinion, the judges asserted that while the SEC is not mandated to draft new rules, it  must provide a more detailed and reasoned explanation on why it is appropriate to favor enforcement over rulemaking.

● SEC Drops Uniswap, Robinhood and OpenSea Investigations (link) (link) (link)

○ On 26 February 2025, Uniswap Labs, developer of the decentralized exchange Uniswap, announced that the SEC has closed its investigation against the company. The SEC previously sought to sue Uniswap for allegedly operating as an unregistered broker, exchange, and clearing agency due to its role in the Uniswap Protocol. “Labs” strongly denied these allegations, arguing that Uniswap is a DeFi platform not maintained by any centralized party. The case could have potentially brought DeFi network into the purview of the SEC, an outcome feared by most industry participants. Two days earlier, the SEC reportedly closed another two high profile cases: one against Robinhood, a licensed broker, for allegedly listing tokens considered as securities; and against OpenSea, a marketplace for non-fungible tokens (NFT), potentially signaling that the Commission is backing away from previous stance on classifying NFTs as securities.

● SEC cancels crypto rule SAB 121 (link)

○ In January 2025, the SEC rescinded Staff Accounting Bulletin No. 121 (SAB 121), which was a rule introduced in March 2022 that required financial institutions holding cryptocurrencies on behalf of clients to record these assets as liabilities on their balance sheets. This rule was criticized for making it administratively challenging and costly for banks to offer crypto custody services. Industry leaders and policymakers have welcomed this change, noting that it removes barriers for banks to serve as custodians for digital assets, promoting innovation and broader adoption within the financial sector.

In denying most defendants’ motions to dismiss and allowing the case to proceed, the court delivered several key assertions on the legal status of DAOs:

1. The court determined that Lido DAO is a legal entity, classified as a general partnership. Some defendants tried to make the case that the DAO is a mere “set of executable software programs” not owned or operated by any particular entity. This argument, while popular in the crypto industry, was widely rejected. Under California law which the court applied, a partnership is “the association of two or more persons to carry on as co-owners a business for profit forms a partnership, whether or not the persons intend to form a partnership” (emphasis added). This condition is satisfied by the fact that the DAO was formed to run a staking service for rewards (to be distributed among token holders), even if the DAO was not explicitly designated as a partnership by its founders. As a general partnership, the DAO members could be held personally liable for the DAO’s actions.

2. Since the case is still in pleading stages, the court left open the question of who exactly is considered a “member” in the partnership: only the founders (narrow view) or any token holder who had voted or purchased the tokens (broader view). However, based on preliminary evidence, it found merit in the claim that three of the defendants, Paradigm, Andreessen Horowitz and Dragonfly, were playing an active, “hands-on” role in the Lido DAO making them general partners. The court cites two examples of Lido’s website praising Paradigm’s ability to “lend its expertise to Lido DAO governance”, and of Andreessen Horowitz, when announcing its investment in Lido, saying it will “contribute as both a staker and governance participant”. Such assertions support the plaintiff’s allegations that these investors were influencing the management and control of the DAO as general partners, although they were not involved in its creation but only purchased tokens at a later stage. If this ruling stands, the three investors may face legal responsibility for their alleged sale of tokens to other investors.

3. The court accepted the assertion that Lido DAO and its investors “solicited” the sale of tokens in violation of Section 12(a)(1) of the Securities Act, which allows purchasers to file civil lawsuits against issuers of unregistered securities. The defendants argued that this provision only applies to public sales of securities and in any case, their effort should not be considered as “solicitation”. Court rejected both lines of defence, asserting that Section 12(a)(1) applies even when token holders incurred losses on tokens purchased on secondary markets as a result of the issuer’s (and its managers) promotional efforts. The ruling reflects a broadening of the potential scope of liability by DAOs and their participants to retail investors.

In a separate announcement, OFAC said it has imposed sanctions on two individuals and one entity involved in a money laundering network by North Korea. Lu Huaying and Zhang Jian, both based in the United Arab Emirates (UAE), were sanctioned for facilitating money laundering and cryptocurrency conversion services that funneled illegal proceeds from Pyongyang’s cybercrime operations through a UAE-based front company, Green Alpine Trading, LLC According to OFAC, Huaying, a Chinese citizen, cashed out cryptocurrency derived from North Korean illicit activities into fiat cash on behalf of another sanctioned North Korean agent, representative of DPRK’s Korea Kwangson Banking Corp (KKBC). The laundered funds were then used as payment for purchases of products and services intended for financing North Korea’s WMD and ballistic program.

In reversing an opposite decision by the lower District Court for the Western District of Texas, the Court of Appeals holded that the Tornado Cash smart contracts are not the “property” of a foreign national or entity, and therefore are not subject to OFAC’s sanctioning powers. The appellate court pointed to a lack of clear definition of the term “property” in the International Emergency Economic Powers Act (IEEPA), which governs OFAC’s authority. It contended that immutable smart contracts are not property because they are not capable of being owned. While OFAC’s concerns with the use of Tornado Cash for money laundering are “undeniably legitimate”, the court reasoned, the proper way to handle this is for Congress to update IEEPA to target modern technologies like crypto-mixing software and not by administrative interpretations.

This decision is a significant win for crypto privacy advocates, as it sets a precedent for the treatment of decentralized technologies under US law. The ruling acknowledges the distinction between software and the individuals who may use it for illicit purposes, challenging the previous US administration approach to regulating decentralized finance (DeFi) tools.

Accrding to the allegations, KuCoin did not require customers to provide any identifying information for opening trading accounts at least until August 2023, while KuCoin employees repeatedly stated on public social media sites that KYC was not mandatory on KuCoin, including in response to posts from customers who had identified themselves as being in the US Even after KuCoin adopted a KYC program, it did not impose necessary KYC procedures on customers that use KuCoin’s services only to withdraw or close positions, as required, or failed to report any suspicious transactions. As part of the agreement, KuCoin will be required to enhance its compliance procedures and exit the US market for two years, and the exchange’s founders will also forfeit $2.7 million and will no longer have any role in KuCoin’s management or operations.

Key aspects of the guidelines include:

● A case-by-case approach for determining whether a crypto-asset qualifies as a financial instrument, emphasizing the importance of considering specific rights conferred by each asset;

● Clarification on the cumulative criteria for qualifying as a “transferable security” (a subcategory of a financial instrument): (i) not being an instrument of payment, (ii) being a “class of securities,” and (iii) being negotiable on the capital market;

● Alignment with MiFID II’s approach to financial instruments, particularly regarding the interpretation of “negotiability” and “transferability”;

● Emphasis on a principle-based approach while providing more concrete criteria to enhance clarity and consistency;

● Further elaboration on what constitutes a “class of securities” and differentiation between tokens providing access to services and those conferring security-like rights.

Additionally, ESMA has introduced new requirements for personal transaction monitoring, mandating close scrutiny of transactions by connected persons, including documentation and approval processes. The definition of remuneration has also been expanded to cover all forms of payment, including financial and non-financial benefits. These changes require CASPs to implement stronger internal controls, maintain clearer separation between potentially conflicting activities, and establish comprehensive policies for monitoring personal transactions and remuneration disclosure.

To mitigate risks, the FCA encourages regulated firms to implement robust due diligence processes, enhance monitoring of partner activities, and consider restricting services to unregistered crypto asset firms, especially those subject to FCA consumer warnings. The guidance applies to crypto asset firms registered under MLRs, payment services and e-money firms, and FSMA authorized firms. The FCA stresses the importance of carefully considering commercial relationships with unregistered crypto asset firms to ensure compliance with regulatory obligations and maintain market integrity.

The FCA is seeking input from industry participants on how to enhance risk disclosures, ensuring that investors are well-informed before making decisions. The paper also emphasizes the importance of collaboration, proposing that authorized crypto trading platforms share information to combat fraud and market abuse more effectively. This discussion builds on insights gathered from industry roundtables and prior government consultations.

This investigation is part of a broader scrutiny of Upbit’s operations, following a previous anti-monopoly probe related to its relationship with K-Bank. K-Bank has a high exposure to cryptocurrency exchanges, raising concerns about potential conflicts of interest and market dominance. The outcome of these investigations could have substantial implications for Upbit’s business practices and regulatory compliance in the future. Upbit has reportedly received a suspension notice for alleged KYC violations. The FIU of South Korea’s FSC has notified Upbit of possible punitive measures, according to its latest report.

Under the regulation, PSPs must process euro payments within 10 seconds, 24/7, and ensure transparency in fees. The new rules also include provisions to prevent fraud, such as verifying account details before processing payments. Additionally, PSPs are required to align their charges for instant payments with those of standard credit transfers, making instant payments more affordable for consumers and businesses.

This regulation marks a significant step toward modernizing Europe’s payment infrastructure, improving cash flow management for businesses and fostering greater financial inclusion.

The alert highlights the increasing involvement of organized crime groups in the illegal supply of synthetic opioids in North America. These groups are importing or diverting essential precursor chemicals and laboratory equipment from China and other Asian countries for production purposes. They also utilize darknet marketplaces and virtual currencies to distribute these drugs and facilitate international payments. The alert lays out criteria for Canadian financial entities to determine whether to submit a suspicious transaction report to FINTRAC if linked to illegal synthetic opioids.

These Guidelines are part of a broader EU initiative to reform its anti-money laundering and countering the financing of terrorism (AML/CFT) framework, stemming from the European Commission’s 2021 legislative package. They complement Regulation (EU) 2023/1113, which applies from 30 December 2024, and clarify how restrictive measures policies interact with financial institutions’ wider governance and risk management frameworks. Key aspects include implementing robust screening systems, conducting tailored risk assessments, and allocating clear accountability for sanctions compliance. Financial institutions are expected to review and update their existing policies, procedures, and controls to align with these new standards, ensuring a harmonized approach to sanctions compliance across the EU.

Bunq responded by providing certain personal data but withheld specific details about its transaction monitoring system, arguing that disclosing such information could compromise the effectiveness of its AML measures. The bank also clarified that while its system flags transactions automatically, any subsequent actions involve human decision-making, thereby not constituting solely automated decision-making under the GDPR (Article 22).

The Court upheld Bunq’s position, recognizing that the bank’s obligations under AML laws can take precedence over a customer’s GDPR access rights. It agreed that revealing the inner workings of Bunq’s monitoring system could undermine efforts to prevent financial crimes. Additionally, the Court determined that the process did not involve solely automated decision-making, as human intervention was present in the decision to block the account. This ruling underscores the balance between data protection rights and the necessity of adhering to AML regulations within the financial sector.

For more information about DORA, read our guide (link).

This information will be used to designate critical ICT third-party service providers (CTPPs) for oversight under DORA. The ESAs have published a Decision outlining the framework for annual reporting, including timelines, procedures, and data quality assurance. To support industry preparations, the ESAs conducted a voluntary Dry Run exercise in 2024 with around 1,000 financial entities and have published validation rules for analyzing the registers of information. Financial entities are encouraged to begin preparing their registers early, especially for information that may not be immediately available.