Corporate Transparency Act Update – March 21, 2025 Filing Deadline
The Corporate Transparency Act (together with its implementing regulations, “CTA”) is a federal law that became effective at the beginning of 2024. The CTA imposes new reporting duties on most companies and their owners. You can learn more about the CTA here: FinCEN BOI Webpage. You can find our prior briefings on the CTA here: HWH CTA Client Briefing December 2023, here: HWH CTA Client Briefing November 2024, here: HWH CTA Client Briefing December 18, 2024, and here: HWH CTA Client Briefing December 27, 2024.
As a result of a February 18, 2025 decision by the U.S. District Court for the Eastern District of Texas in Smith, et al. v. U.S. Department of the Treasury, et al., beneficial ownership information (BOI) reporting requirements under the CTA are once again back in effect. However, FinCEN has generally extended the reporting deadline until March 21, 2025 for the vast majority of companies.
FinCEN also announced that, in keeping with the Treasury Department’s commitment to reducing regulatory burden on businesses, FinCEN expects to provide an update before such date of any further modification of this deadline, while prioritizing reporting for those entities that pose the most significant national security risks. Finally, FinCEN announced that it intends to initiate a process this year to revise the BOI reporting rule to reduce burden for lower-risk entities, including many U.S. small businesses.
FinCEN indicated that reporting companies that are able to rely on a hurricane-related extension to file their initial BOI report (as discussed in our HWH CTA Client Briefing November 2024) should follow the deadline permitted by such extension rather than the March deadline.
President Trump Signs New Executive Order: “Implementing the President’s ‘Department of Government Efficiency’ Cost Efficiency Initiative”—What Federal Contractors Need to Know
On February 26, 2025, President Trump signed an Executive Order (“EO”) that states that it “commences a transformation in Federal spending on contracts, grants, and loans to ensure Government spending is transparent and Government employees are accountable to the American public.” Here’s what government contractors need to know.
Who Does the EO Apply To?
The EO is primarily directed at Agency Heads and contemplates that each Agency Head will work closely with its Department of Government Efficiency (“DOGE”) Team Lead on a number of activities intended to reduce federal spending and root out fraud, waste, and abuse. (On January 20, 2025, President Trump signed EO 14158 establishing DOGE and requiring each agency to have a DOGE Team Lead to “advise their respective Agency Heads on implementing the President’s DOGE Agenda.”).
Are All Federal Contracts and Grants Covered by This New EO?
No. The EO only applies to “covered contracts and grants,” which is defined as “discretionary spending through Federal contracts, grants, loans, and related instruments, but excludes direct assistance to individuals; expenditures related to immigration enforcement, law enforcement, the military, public safety, and the intelligence community; and other critical, acute, or emergency spending, as determined by the relevant Agency Head. Notification shall be made to the agency’s DOGE Team Lead.”
The EO specifically excludes contracts and grants directly related to the enforcement of Federal criminal or immigration law; U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement; the Uniformed Services, as defined in 20 C.F.R. 404.1330; classified information or classified systems; and “any other covered grant or contract, agency component, or real property that the relevant Agency Head exempts in writing from all or part of this order, in consultation with the agency’s DOGE Team Lead and the Director of OMB.”
What Does the EO Require Agency Heads to Do?
Build agency-specific centralized systems to record payments to all contractors and grantees. The EO does not direct how this must be done or set a deadline for completion. Presumably building these systems will require the issuance of new contracts, and the EO notes that “implementation is subject to the availability of appropriations.” The EO contemplates that these systems will “seamlessly record every payment issued by the agency” and include brief, written justifications for each payment, submitted by the agency employee who approved the payment. The EO also contemplates that “[t]o the maximum extent permitted by law, and to the maximum extent deemed practicable by the Agency Head,” these payment justifications “shall be posted publicly.” The planned systems will seemingly differ from existing databases such as the Federal Procurement Data System (“FPDS”), which tracks contract actions (e.g., modifications and awards), in that the new systems will track individual payments. Making this directive a reality, even assuming the availability of appropriations, will be a complex undertaking to connect and achieve interoperability among existing government software systems. The EO states that DOGE Team Leads will submit monthly reports to the DOGE Administrator about contracting activities, including “all payment justifications” reported in each agency’s centralized payment system.
Review, with the DOGE Team Lead, all existing “covered contracts and grants” within 30 days to identify opportunities to terminate or modify covered contracts and grants “to reduce overall Federal spending or reallocate spending to promote efficiency and advance the policies of [the Trump] Administration.”
Review, with the DOGE Team Lead, contracting policies, procedures, and personnel within 30 days. The EO does not specify criteria to guide these reviews. Once these reviews are completed, but prior to entering into new contracts, Agency Heads and their DOGE Team Leads must issue guidance on signing new contracts or modifying existing contracts—topics already covered in existing acquisition regulations—“to promote Government efficiency and the policies of [the Trump] Administration.” Prior to issuing such guidance, agency heads may approve new contracts on a case-by-case basis.
Build a new technological system—seemingly distinct from the system mentioned above that will track payments—within each agency to centrally record approval for federally funded travel for conferences and other non-essential purposes. Once each agency’s new system is in place, agency employees will be prohibited from federally funded travel for conferences or other non-essential purposes unless the system contains a brief, written justification from the travel approving official. DOGE Team Leads will submit monthly reports to the DOGE Administrator detailing each agency’s justifications for non-essential travel, and these justifications “shall be posted publicly unless prohibited by law or unless the Agency Head grants an exemption from this requirement.”
What Can Contractors Do?
Assess whether your contract arguably falls within any of the stated exclusions, which could be interpreted broadly. For instance, the exclusion for “the military” could arguably cover all Department of Defense contracts. Agency Heads appear to have some degree of discretion to decide whether a contract falls within the stated exclusions. They could leverage the fact that key terms in the exclusion such as “critical” and “acute” are undefined. Moreover, Agency Heads can exempt particular contracts from this EO’s coverage. Confer with counsel regarding planning to request or confirm that relevant Agency Heads will exclude your contract(s) from coverage of this EO.
Carefully monitor prompt payment obligations under existing contracts. Under the Prompt Payment Act, the government is required to pay contractors within 30 days of a properly submitted invoice. For prime contractors that subcontract with small businesses and small business primes, the government should pay within 15 days to “the fullest extent permitted by law.” This is implemented into federal contracts via FAR 52.232-25, FAR 52.232-40, and FAR 52.212-4(i). While interest should accrue and be paid automatically, working with the contracting officer (“CO”) and contracting officer representative (“COR”) can facilitate timely payment without the Prompt Payment Act. This coordination may be even more important to facilitate written payment justifications under the new EO once the new payment system is implemented.
Blockchain+ Bi-Weekly; Highlights of the Last Two Weeks in Web3 Law: February 27, 2025
Three of the SEC’s key enforcement actions—all extensively covered in BitBlog and widely seen as emblematic of the agency’s adversarial stance toward the industry—are reportedly being halted or dismissed. The SEC has agreed in principle to drop its case against Coinbase without any penalties or required changes in business. The SEC also agreed in principle to drop its case against Uniswap for operating an unlicensed securities exchange. Both parties in SEC v. Binance have jointly requested a 60-day litigation stay. Meanwhile, highlighting that the challenges facing this emerging industry are not confined to the United States and its regulation, an international digital asset exchange suffered the largest known hack of its ETH wallets, reigniting concerns over the security of digital asset platforms. Additionally, there are ongoing and potential personnel changes within the U.S. government, particularly in the CFTC and Department of Commerce, with new leadership thus far demonstrating and advocating for positions that are supportive of the industry.
These developments and a few other brief notes are discussed below.
SEC v. Coinbase Dismissal Pending Commission Approval: February 21, 2025
Background: The SEC staff have agreed in principle to dismiss its action against Coinbase where the SEC had alleged that it was operating as an unregistered securities exchange, broker and clearing agency, along with unregistered offering charges against its staking-as-a-service program. Given that two of the three current commissioners have publicly opposed the agency’s actions against digital asset companies, the commission is likely to approve the dismissal recommendation, effectively bringing the matter to an end. This decision would also eliminate the pending interlocutory appeal before the Second Circuit, which was set to review certain rulings from the Motion to Dismiss stage.
Analysis: It is unusual to see a dismissal such as this one announced before final approval, but the timing may be strategic. With only three commissioners currently in place, the likely dissenting vote, Commissioner Crenshaw, could effectively block commission action to formally dismiss the case. One has to imagine that the portions of the cases against Binance and Kraken that have similar causes of action with similar legal theories are also likely to be dismissed. Another key question is whether other exchanges that delisted tokens alleged to be securities in response to these lawsuits, will reconsider and reintroduce them to their trading platforms. The outcome of these cases could significantly impact how digital asset exchanges approach compliance and token offerings moving forward.
Bybit Exchange Suffers Largest Known Exchange Hack in History: February 21, 2025
Background: Bybit (a digital asset exchange based in Dubai that is not available to U.S. users) announced it suffered unauthorized access to various ETH wallets, resulting in roughly $1.4 billion being stolen from the platform. To put into perspective, in 2024 $2.2 billion is estimated to be the combined amount stolen from all platforms for the year, meaning 2025 will likely dwarf that number. The hack is currently believed to be the work of the North Korean hacking organization the Lazarus Group, which was also behind the similar Phemex hack earlier this year. Bybit announced it still has the funds to cover customer withdrawals, and operations remain active.
Analysis: While the roughly 850,000 Bitcoin stolen in the infamous Mt. Gox hack is worth more in today’s dollars, this is likely the largest cryptocurrency hack in dollars at the time of the hack and one of the largest, if not the largest, heists of all time. It also makes the hackers one of the largest owners of ETH, as the over 400,000 ETH stolen is more than double the amount held by the Ethereum Foundation itself.
Brian Quintenz Tapped to Lead CFTC: February 11, 2025
Background: It is being fairly widely reported that President Trump plans to nominate a16z’s Brian Quintenz to lead the CFTC. Quintenz previously served as a commissioner at the CFTC from 2017 to 2021. He is currently the Global Head of Policy at venture firm a16z’s crypto investment arm, and if he is confirmed, he will replace the current acting Chair, Pham. He is the first potential CFTC chair to announce his nomination on Farcaster, the digital asset native social network.
Analysis: If you read his prior statements on digital assets and DeFi, it is clear why the digital asset legal community is largely supportive of this pick. He is also no stranger to prediction markets, which are likely to be a hot topic for regulation in the upcoming years. He recently wrote about being excited about governments putting bonds onChain.
SEC v. Binance Joint Stay of Litigation Requested: February 11, 2025
Background: The parties in SEC v. Binance are requesting a 60-day pause in the litigation, citing the reason as “new SEC Acting Chairman Mark T. Uyeda launched a crypto task force dedicated to helping the SEC develop a regulatory framework for crypto assets. The work of this task force may impact and facilitate the potential resolution of this case.” Since the Court in Binance agreed to the stay request and with SEC v. Coinbase currently stayed pending an interlocutory appeal decision from the Second Circuit (and likely soon to be dismissed, as discussed below), that just leaves SEC v. Payward (i.e., Kraken) in the exchange cases ongoing post-election.
Analysis: The stay request is document 296 in the case’s court file if that is any indication of how fiercely litigated the SEC v. Binance case has been over the past roughly 1.5 years. Considering on the same day, the SEC asked the Court to ignore certain allegations from their Amended Complaint in reaching a determination on the pending Motion to Dismiss indicates there was possibly an order from on-high to enter a holding pattern in all digital asset litigation with approaching deadlines. But no way to know until the dust settles if that was the case.
Briefly Noted:
Uniswap Labs Says SEC Probe Has Been Closed: Consistent with the Coinbase dismissal but different due to Uniswap’s decentralized nature, Uniswap Labs, the tech company behind the decentralized Uniswap protocol, announced that the SEC has also dropped its investigation for purportedly running an unregistered securities exchange, among other things. There is still the open question of whether decentralization really matters for bringing this type of claim and, if so, how much it matters.
SEC Dismisses Dealer Rule Appeal: The SEC has decided to not go forward with their appeal of two challenges to the proposed expansion of the term “dealer” under applicable securities laws. Well done by the Blockchain Association and the Crypto Freedom Alliance of Texas, among others. The expanded definition had the potential to capture all kinds of traditional finance activities that historically had never been regulated, such as proprietary high frequency trading.
SEC Launches Cyber Fraud Unit: The SEC has formed a Cyber and Emerging Technologies Unit, which will go after, in part, “fraud involving blockchain technology and crypto assets.” This makes sense to focus on fraud and consumer harm vs. trying to fight digital asset businesses that are trying to be good actors in an unclear regulatory environment.
SEC Crypto Task Force Meeting Logs: The SEC is posting meeting logs of its crypto task force meetings, which is really cool. So much of crypto has been built on open source and community development that making these task force submissions and meetings transparent just fits. There is also a list of questions that the SEC is seeking public input on answering. Please reach out to any of the listed authors if you are a company that wishes assistance in submitting such responses.
Nasdaq Proposes Rule for Trading Digital Assets: The Nasdaq exchange is proposing a rule change to permit the listing and trading of digital asset-based investment interests.
Secretary of Commerce Confirmed: Howard Lutnick, formerly of Cantor Fitzgerald, has been confirmed as the new Secretary of Commerce. He has said a ton of positive things about crypto in the past, so another ally in a high-ranking position is always good.
Nation-State Rug: The President of Argentina tweeted out about a memecoin, $LIBRA, which reached a market cap of almost $4 billion before insiders cashed out, making over a hundred million in the process and tanking the price of the token. Great thread explaining it all here. The fallout from the Argentina memecoin rug $LIBRA is ongoing, and it can be expected this will have significant repercussions down the line depending on the role of seemingly trusted service providers in the schemes.
SEC Commissioner Says Memecoins Not the SEC’s Concern: The very term “memecoin” implies that investors are not relying on the efforts of others to generate profits—a key factor in determining whether an asset qualifies as a security under U.S. law. If that weren’t already clear, SEC Commissioner Hester Peirce, who also heads the Crypto Task Force, recently reinforced this point, stating that the SEC’s jurisdiction is limited to securities. She emphasized that the regulation of many memecoins likely falls under other federal agencies, such as the CFTC, FTC, and others that oversee financial instruments that are not stock-like securities. This statement, while not actionable precedent, reflects an ongoing debate over the appropriate regulatory framework for digital assets and highlights the need for greater clarity in interagency enforcement efforts.
House Financial Services Subcommittee Holds Digital Asset Hearing: The House Financial Services Subcommittee recently held a hearing titled A Golden Age of Digital Assets: Charting a Path Forward. With legislators pushing an aggressive schedule to advance various digital asset bills, a rapid succession of hearings on these issues is expected. This hearing signals continued momentum in shaping the regulatory framework for digital assets and highlights the urgency among lawmakers to address key policy questions surrounding the industry. With the aggressive schedule put forward by many legislators to get various digital asset bills done, there is going to be an equally fast paced group of hearings on these issues.
Conclusion:
As personnel changes continue within the U.S. government and crypto-related industries, we can expect ongoing developments on the litigation front, further shaping the regulatory landscape for digital assets. The SEC’s decision to dismiss its case against Coinbase, along with other high-profile enforcement actions, signals a potential shift in regulatory strategy. Meanwhile, the recent Bybit Exchange hack, though not directly affecting U.S. users, underscores the urgent need for safe exchanges to ensure the secure access and custody of digital assets, as well as the need for more clarity involving self-custodial solutions. Alongside anti-money laundering and fraud detection and prevention, these issues will remain central to regulatory efforts in the evolving crypto ecosystem.
Corporate Transparency Act Filing Requirement Is Back
The new deadline to comply with the Beneficial Ownership Information (BOI) reporting requirements under the Corporate Transparency Act is March 21, 2025, as the nationwide injunctions preventing enforcement by the Financial Crimes Enforcement Network (FinCEN) have been lifted1. Most entities (corporations, limited liability companies, and limited partnerships) have until March 21, 2025, to file initial, corrected, and updated BOI reports. Newly formed entities will have 30 days from the date of formation to file their initial BOI reports. Reporting companies that previously submitted BOI reports do not need to take any further action unless there has been a change to the initially reported information.
A “reporting company” is a domestic entity created by filing with the Secretary of State of any state or a foreign entity registered to do business with the Secretary of State of any state, subject to 23 exemptions. Reporting companies must report the full legal name, birthdate, residential address, and a unique identifying number from a passport or driver’s license (along with a copy of the passport or driver’s license) for any person who directly or indirectly has at least a 25% ownership interest in the reporting company or exercises substantial control over the reporting company. Reporting companies can complete the BOI reports directly through FinCEN’s website.
FinCEN has also announced its intention to revise the BOI reporting rule to reduce the burden on “lower-risk entities.2” However, FinCEN has not provided details on the nature of the proposed revisions.
The Corporate Transparency Act is still being challenged in several cases across the country. On February 10, 2025, the U.S. House of Representatives unanimously passed a bill that would extend the filing deadline for reporting companies formed before January 1, 2024, by one year, to January 1, 20263. The bill has been referred to the Senate Committee on Banking, Housing, and Urban Affairs, but no action has been taken.
We continue to monitor ongoing legal challenges and proposed legislation related to the Corporate Transparency Act.
1 Smith, et al. v. U.S. Department of the Treasury
2 https://www.fincen.gov/sites/default/files/shared/FinCEN-BOI-Notice-Deadline-Extension-508FINAL.pdf
3 H.R.736 – Protect Small Businesses from Excessive Paperwork Act of 2025
SEC Cracks Down on Unregistered Broker-Dealers
StraightPath Venture Partners, LLC and PMAC Consulting have recently reached settlements with the US Securities and Exchange Commission (SEC) following SEC enforcement actions against them.
More specifically, the SEC alleged that StraightPath and PMAC engaged in unregistered “broker” activity under the Securities Exchange Act of 1934 (34 Act), i.e., brokered transactions without first satisfying the corresponding registration requirements thereunder. The settlements will cost these firms hundreds of thousands in civil penalties and millions in settlement fees.
These actions highlight the SEC’s continued focus on holding unregistered broker-dealers accountable, and serves as a crucial reminder that those involved in the buying and selling of securities should carefully consider their broker-dealer status before engaging in what could be viewed as broker activity, as well as the status of third parties with whom they do business.
Broker Dealer Registration Requirements
Who Needs to Register?
Under the 34 Act, those engaging in the regular business of buying and selling securities, whether for their own account or others, is considered a “Broker” or “Dealer” and must abide by the regulations imposed under the 34 Act. Among those requirements, broker-dealers must register by filing and regularly updating Form BD, join a self-regulating organization, and file a Form U-4 for any “associated person.” The 34 Act defines an “associated person” broadly, to include anyone who is a manager, director, part owner, or employee of a broker-dealer whose work is not purely clerical. It also includes anyone with whom a broker dealer has common control. The Investment Advisers Act of 1940 contains similar regulations for investment advisors, including criteria for determining who qualifies as an “associated person.”
Broker-Dealer or Finder?
Some third-party arrangements may trigger broker-dealer status under the 34 Act. For example, private equity funds may wish to pay a fee to “finders” or “business brokers” who connect an investor, but if the fee recipient is not registered as a broker-dealer, the SEC may regard this as unregistered broker-dealer activity. The SEC considers several factors when making this assessment, including (1) whether the fee is contingent on investment, (2) whether the fee increases relative to the size of the investment, and (3) the timing of when the finder is engaged in broker dealer activity. The SEC also will evaluate whether the individual participated in solicitation, negotiation, or execution of the transaction.
StraightPath Settlements
In a January 14 order describing the terms of the settlement, the SEC stated that three principals of VCP Financial LLC acted as unregistered brokers when they sold membership interests in limited liability companies claiming to invest in pre-initial public offerings (IPO). Specifically, the order stated that the principals solicited investors in StraightPath, a company offering membership interests in private companies which could later become public.
The SEC alleged that due to the transaction-based compensation received by each principal, they provided brokerage services in violation of Section 15(a) of the 34 Act. Further, the SEC alleged that VCP failed to appropriately manage a conflict of interest when it required clients to disclaim VCP’s role as an investment advisor, which was inconsistent with the firm’s marketing materials and in violation of Section 206(2) of the Advisers Act.
The SEC previously charged StraightPath with fraud in 2022 in an unrelated case where the SEC alleged that StraightPath deceived investors about the fees it collected and sold shares in pre-IPO companies that StraightPath did not own. The SEC alleged in its complaint that two of the founders of the brokerage firm engaged in brokerage activities despite being barred from the brokerage industry.
The three principals accused of unregistered broker-dealer activity paid disgorgement of transaction-based compensation received from of the alleged activity totaling over $345,000 and civil penalties totaling $100,000. VCP also paid a civil penalty of $100,000.
PMAC Consulting Settlement
In a similar settlement, the SEC charged PMAC Consulting and its owner with engaging in unregistered broker activity despite an agreement barring the PMAC’s broker dealer activity after an unrelated 2016 investigation. The SEC stated that despite this ban, the owner transferred clients from a previous organization and told them that “nothing would change as far as business goes.”Without admitting or denying the findings of the order, the owner and firm agreed on a settlement that included industry and penny stock bars, and a civil penalty of $3 million.
Takeaways
Despite the recent appointment of SEC Chair Mark T. Uyeda and changes in the White House, the SEC has maintained laser focus on fraud prevention and enforcement of unregistered broker-dealer regulations. Accordingly, unregistered broker-dealers are well advised to remain hypervigilant with respect to engaging in activities that could necessitate registration as a broker-dealer under the 34 Act.
In addition, individuals and entities involved in the buying and selling of securities, including those seeking to raise capital, will need to be cautious about engaging with third parties that buy and sell securities.
M&A in the EU Market: Essential Factors for Investors to Consider
Investing in Europe: Is it a good time to do so? Opinions differ. The EU financial sector has experienced significant growth in recent years, driven by technological advancements and evolving consumer preferences, but there is also heavy regulation. Despite the downsides of a high degree of regulation, such as increased costs, inflexibility, many internal guidelines, and a higher number of employees, it also has a positive effect on the overall market and economic opportunities.
Financial regulation ensures stability, transparency, and consumer protection. Especially in the financial industry, these are key aspects customers look at, considering the major failures we have seen in the fintech market in recent years. Against this background, the EU financial market presents a unique landscape for mergers and acquisitions (M&A), characterized by stringent regulations, evolving market dynamics, and emerging trends.
Understanding the key considerations for transactions in the financial industry is crucial for investors looking to navigate this complex environment. This article outlines essential factors to review when investing in entities regulated in the European Union. It also highlights the differences from investments in other jurisdictions and industries, discusses the expected timing, and explores current trends in EU FinTech investments.
Investing in the EU financial industry differs from investments in other jurisdictions and industries in several ways, including:
Regulatory Scrutiny: The financial industry is subject to higher regulatory scrutiny compared to other sectors. This means investors must navigate complex regulatory frameworks and ensure compliance with stringent requirements.
Systemic Risk: Financial institutions are interconnected and play a critical role in the economy. As such, they are exposed to systemic risks that can have widespread implications. Investors must assess the target entity’s risk exposure and mitigation strategies.
Capital Requirements: Financial institutions are required to maintain certain capital levels to ensure solvency and stability. Investors must evaluate the target entity’s capital adequacy and its ability to meet regulatory requirements.
Key pre-deal considerations
Conducting thorough due diligence is paramount. It is crucial to ensure that the target entity is appropriately regulated. Investing in an entity that is not regulated but should be can lead to significant legal and financial risks. Supervisory authorities may take enforcement actions against both the entity and the acquirer, including fines, sanctions, and even the revocation of licenses.
Due Diligence
When preparing for and evaluating an acquisition in the financial sector, particularly in the EU, it is important to carefully determine, as part of the due diligence, whether the target complies with the applicable financial supervisory law. In particular, does the target have the license required for its type of business or does it need a license at all?
If a license is required, it is also essential to determine whether the target consistently fulfills the requirements necessary for the license, in particular with regard to risk management, money laundering, reporting, and liquidity and equity. However, on 17 January 2025, it also became necessary to determine whether the requirements for cybersecurity and operational resilience under the Digital Operational Resilience Act are being met, especially with regards to outsourcing.
The legal consequences of noncompliance with the requirements are far-reaching and can not only affect profitability but also lead to a complete ban on business activities, the exclusion of management, severe fines, and a restriction of new business, especially if anti-money laundering (AML) and risk management are not sufficiently set up. Measures taken against a licensed company are always published by the financial supervisory authority, along with the respective deficiencies. This ‘naming and shaming’ leads to a loss of trust in the market, which in turn can lead to a loss of customers.
Does this mean that when it comes to investments, it is better to steer clear of the EU financial sector? With so many regulations, it is challenging to always comply with the numerous requirements, let alone check compliance as part of a due diligence process.
As always, a risk assessment must be convened on the basis of appropriate information. It is neither possible nor necessary to check every single violation and every facet of regulatory compliance in each individual case. This would also exceed any reasonable level of financial investment prior to the transaction. But experienced advice that provides an overview of compliance and potential red flags with regards to the most important parameters and showstoppers is essential.
For example, for many regulations, rectification is possible and sufficient following a notice of noncompliance from the financial supervisory authority. However, a distinction must be made: what are the showstoppers and where can we go along without seeing a major risk.
On that basis, key points to consider in the due diligence process are:
The target’s business model and the necessary licenses in each jurisdiction.
Ongoing proceedings, orders, or enforcements of the competent supervisory authority.
The target’s compliance with key regulatory requirements and whether the necessary structures are in place, particularly with regard to capital requirements, AML compliance, reporting obligations, and risk management.
Deal phase: Owner control proceeding
An owner control proceeding is triggered when an investor intends to acquire a significant stake in a licensed EU entity (i.e., more than 10% of the equity or voting rights in the target entity, alone or together with other parties). This threshold is set to ensure that any significant influence over the management and operations of the entity is subject to regulatory scrutiny. The goal is to maintain the stability and integrity of the financial system by ensuring that only fit and proper persons can exert control over regulated entities.
What happens in an owner control proceeding?
The owner control proceeding involves a comprehensive assessment by the relevant supervisory authorities, such as the European Central Bank, or national competent authorities such as BaFin in Germany. The key requirements include:
Notification: The proposed acquirer must notify the relevant authority of their intention to acquire a qualifying holding. Intention means the obligation to notify may arise already pre-signing (e.g., when the necessary shareholder resolutions to the acquisition are passed). This notification needs to include detailed information about the acquirer, the acquirer’s shareholding structure, the transaction, and the target entity.
Documentation: The acquirer must provide extensive documentation, including financial statements, business plans, and information about the acquirer’s background and reputation. Additionally, financing and origin of the funds used to finance the transaction need to be filed with the competent authority. This will help the authorities assess the financial soundness and integrity of the acquirer.
Fit and proper test: The authorities will conduct a fit and proper test to evaluate the suitability of the acquirer and its managing directors. Documentation to be provided also includes extensive information on the managing directors and board members of the acquirer and its shareholders (e.g., cover letters, certificates of good conduct, and letters of recommendation).
Impact assessment: The acquirer must demonstrate how the acquisition will impact the target entity and its group structure. This includes assessing the potential effects on the entity’s governance, risk management, and overall stability. It is, therefore, necessary to file a three-year business plan for the target company to prove the ongoing financial and economic stability.
Important to navigate smoothly through the process
Navigating the owner control proceeding smoothly requires careful preparation and attention to detail. Here are some key tips:
Early engagement: Engage with the supervisory authorities early in the process. This helps in understanding their expectations and addressing any concerns proactively.
Comprehensive documentation: Ensure all required documents are complete, accurate, up to date, and translated, if necessary. Not all authorities accept English-language documentation. Also, incomplete or inaccurate documentation can lead to massive delays. Some of the necessary documents take time to be obtained, especially if further national authorities are required for such documents.
Clear communication: Maintain clear and transparent communication with the authorities.
Professional advice: Seek early-stage professional advice from legal and financial professionals who focus on regulatory compliance. The process is complex and the risk that authorities will delay or reject the transaction is high. Experienced advice helps to navigate smoothly through the process and understand the key parameters in regulatory proceedings.
What kicks you out?
Several factors can lead to the rejection of an owner control application, especially if the acquirer is unable to demonstrate financial stability and soundness or if the acquirer fails the fit and proper test due to issues related to integrity, competence, or reputation. If the acquisition is deemed to have a negative impact on the target entity’s stability, the application will be denied as well.
Special SPA provisions
The Share Purchase Agreement (SPA) must also take into account the regulatory particularities. Any findings or uncertainties arising from the due diligence can be covered by corresponding representations and warranties, provided that they are not absolute showstoppers.
Successful completion of the ownership control procedure should be included as a closing condition. If the parties agree to a long stop date, it is important to take into account the usual processing times based on experience with the competent supervisory authority.
To the extent necessary, arrangements regarding equity and liquidity must be made with the seller side to ensure that all requirements are met upon closing. This applies, in particular, if equity has previously been secured through financing measures by the parent company.
Depending on the regulation and jurisdiction, managing directors and board members in the target company may also only be able to take up office after the individuals have been approved by the supervisory authority.
Expected timeline
The timeline for completing an M&A transaction in the EU financial market can vary depending on several factors. The main timing issue, which is different from non-regulated deals, is the duration of the owner control proceeding. Even though EU regulators have deadlines within which they need to respond and decide, they usually find ways to stretch these deadlines if necessary, especially by requiring further information.
We typically advise to plan an additional three to nine months for an owner control proceeding, depending on the jurisdiction and individual license, business model, and whether the investor is already active in the financial market or already has other licensed shareholdings in the EU. Other timing aspects are comparable to other deals. Due diligence and decision-making might take longer because of regulatory and equity factors, which might be more extensive, but this depends on the particular deal.
Outlook
Investing in the EU financial market through M&A offers significant opportunities but requires careful consideration of regulatory, financial, and operational factors. By understanding the unique aspects of the financial industry, conducting thorough due diligence, and staying informed of market trends, investors can navigate this complex landscape and achieve successful outcomes.
Exploring DORA: Potential Implications for EU and UK Businesses
On Jan. 17, 2025, EU Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) became applicable in the EU.
DORA focusses on risk management and resilience testing, with a strong focus on vendor risk management, incident management and reporting, and resilience testing of key systems.
DORA applies to financial institutions that are authorized to provide financial services in the EU and is designed to strengthen their IT security and operational resiliency.
It is worth noting, particularly for UK financial institutions, that DORA does not apply directly to organizations, including UK organizations, that are providing non-regulated services in the EU financial services industry. However, if a UK organization is providing any IT related services to an EU financial institution, it may be classified as an information and communication technology (ICT) third-party service provider under DORA. Depending on the nature of the organization and its services, it could be designated as a critical ICT third-party service provider, in which case it would have direct compliance obligations under DORA (which would include implementing a comprehensive governance and control framework to manage IT and operational resiliency risk).
As a high-level summary, financial institutions subject to DORA must:
Create and maintain a register of vendors (ICT third-party service providers) and report relevant information from the register to financial authorities annually.
Implement comprehensive security incident reporting obligations, requiring initial notification four hours after the incident is classified as major and a maximum of 24 hours after becoming aware. Follow-up obligations will also be required.
Implement post ICT-related incident reviews after a major ICT-related incident disrupts core activities.
Implement and maintain a sound, comprehensive, and well-documented ICT risk management framework, which must include appropriate audits.
Establish and maintain a sound and comprehensive digital operational resilience testing program, which for critical functions must involve penetration testing.
Clearly allocate, in writing, the financial entity’s rights and obligations when engaging with ICT third-party service providers, including mandatory DORA contractual provisions.
Adopt and maintain a strategy on ICT third-party risk.
As discussed above, ICT third-party service providers delivering services to financial entities will also be subject to DORA obligations. The nature of these obligations, and whether the ICT third-party service provider falls directly under DORA, will depend on various factors, including how critical the ICT service provider is to the EU financial services eco system, the nature of functions being supported, and services being provided. With that said, all ICT third-party service providers will be subject to contractual obligations resulting from the requirement for in-scope financial entities to flow down certain obligations to their service providers under DORA.
In light of the above, UK organizations providing services in the EU should carefully consider whether they fall directly under DORA in their capacity as a financial institution, and/or whether their services may cause them to be considered an ICT third-party service provider.
Trump Administration Directs CFIUS to Tighten Restrictions on Investment From Certain Countries While Easing National Security Reviews of Investments From Allies and Partners
On 12 February 2025, President Donald J. Trump signaled his administration’s approach to foreign investment policy with a presidential memorandum, “America First Investment Policy” (The Policy) Among the most significant priorities, The Policy directs the Committee on Foreign Investment in the United States (CFIUS or the Committee) to ease foreign investments by allied and friendly countries and to further restrict Chinese investment in critical sectors. This policy will substantially revise CFIUS’s approach under the Biden Administration by, among other things, instructing the Committee to rationalize the process for mitigation of national security threats. The Policy in general signals a shift to a more flexible atmosphere for investors from countries that the United States considers to be allies and partners, while requiring more in-depth reviews of investments from adversarial countries.
Key Changes to CFIUS and Investment Policies:
1. Facilitating Investments From Allies
Streamlined Processes
To encourage investments from allied nations, The Policy proposes a “fast-track” process for investors from key partner countries (to be identified). This initiative aims to ensure that such investments directly bolster US economic growth and innovation. Previous attempts to streamline friendly country investments through the “Excepted Investor” provision in the CFIUS regulations have been narrowly tailored and challenging to navigate.
A more expansive process could significantly impact CFIUS reviews, especially since most transactions over the past five years have involved investors from countries such as the United Kingdom, European Union member states, Canada, Japan, and the United Arab Emirates. The policy seemingly aims to create clearer guidelines, which might better distinguish between genuine national security threats and investment opportunities that pose limited risk.
The policy stipulates that the “fast-track” process will include conditions to prevent foreign investors from friendly countries partnering with investors from China.
For instance, companies engaged in significant joint ventures or joint research operations in China, particularly those that may benefit Chinese military development, may face exclusion from fast-track treatment.
Crucially, the policy directs “more administrative resources” toward facilitating investments from key partner countries to avoid the “overlay bureaucratic, complex, and open-ended ‘mitigation’ agreements for US investments from foreign adversaries.”
Additionally, the policy directs the federal government to expedite environmental reviews for any investment over US$1 billion.
2. Encouraging Passive Investment From All Sources
The policy appears to direct CFIUS to reverse a trend we have observed in the past four years toward increasingly difficult reviews of strictly passive investments, with no control or access to material nonpublic technical information, especially investments from China with no apparent connection to or control by the Chinese government. The policy notes that “the United States will continue to encourage passive investments from all foreign persons.” To the extent this includes investments from China or other countries of concern this could be a significant development in encouraging more access to capital for many US companies.
3. Enhanced Scrutiny of Chinese Investments
At the same time, the policy does signal additional restrictions on Chinese investments in key areas:
Targeted Sectors
CFIUS is instructed to intensify its review of foreign investments, particularly those originating from countries the US government considers to be adversaries or potential adversaries, such as China, in sectors such as sensitive technology, critical infrastructure, healthcare, agriculture, energy, and raw materials.
Real Estate
The policy emphasizes protecting US farmland and properties near sensitive facilities, and aims to expand CFIUS’s authority over “greenfield” investments to prevent foreign adversaries from gaining control over essential US assets. As a result of the Foreign Investment Risk Review Modernization Act of 2018, CFIUS jurisdiction was already expanded to real estate acquisitions and greenfield developments within proximity of certain military bases and other sensitive facilities such as maritime ports and airports.
4. Restrictions on Outbound Investments
Sensitive Technologies
According to the policy, the Administration is considering new or expanded restrictions on US outbound investments involving China, especially those related to sensitive technologies like semiconductors, artificial intelligence, quantum computing, biotechnology, hypersonics, and aerospace. These outbound investment restrictions will likely build on the Outbound Investment Program regulations under Executive Order 14032, which came into effect on 2 January 2025, and already restrict or requirements notification of investments in Chinese entities engaged in certain semiconductor, quantum, and AI development and production activities.
5. Increased Securities Oversight
The policy further expressed a policy emphasis on “auditing of foreign companies on US exchanges” including “reviewing their ownership structures and any alleged fraud.” Presumably, this would entail greater scrutiny to ensure that foreign issues listed on US exchanges accurately and full identify their direct and indirect shareholders. Although not mentioned, presumably the focus will be on Chinese companies, which will build on enhanced scrutiny of auditing and reporting methodology of Chinese issuers on US exchanges.
Implications for Investors
Opportunities for Allied Investors
Overall, the policy signals a shift in US policy to favor investments from allied and other nonadversarial nations, especially the “NATO plus” countries. Such investments could benefit from fast track review process as well as increased scrutiny of China and other countries considered by CFIUS to be of concern. However, such investors may still attract scrutiny if they maintain significant commercial operations in China, especially those in the critical technologies space. Rulemaking to implement the policy may be crafted in such a way to discourage friendly country investors from continuing significant operations in China.
Increased Compliance Requirements
Deals that involve any connections to Chinese investors should anticipate more rigorous CFIUS reviews. The scope of industries that may be considered to have a national security impact will also be broader, to the point that almost any China-connected investment should be carefully assessed for CFIUS considerations. The need to drill down into any potential connection to investors from China will be crucial for transactions aiming to benefit from the more open environment for allied and partner countries.
Strategic Investment Planning
US entities considering outbound investments in sectors like technology and infrastructure should stay informed about potential restrictions to avoid unintentional violations.
Next Steps
While some of the policy changes in the policy can be accomplished through a shift in enforcement priorities at CFIUS and other relevant agencies, other changes will require regulatory rule writing and even legislative changes. Proposed regulations should be issued shortly via an advance notice of rulemaking, which may give interested parties the opportunity to submit comments on final rules.
EUROPE: National Regulators Announce Digital Operational Resilience Act Reporting Windows
EU national supervisory authorities will collect the Register of Information (ROI) pursuant to the EU’s Digital Operational Resilience Act (DORA) from in scope financial entities in April 2025, with the reference date set as 31 March 2025. ROIs are reports by in-scope EU financial entities on all contractual arrangements on the use of information and communication technology (ICT) services provided by ICT third-party service providers. The financial entity must differentiate between providers who are not critical and providers who are considered critical/important.
The Irish Central Bank has announced that it will collect the ROIs between 1-4 April 2025. The German BaFin has set 11 April as the deadline. In-scope financial entities across the EU should expect that there will be a similar process locally.
Under the Implementing Technical Standards on the Register of Information, information to be collected includes:
• Identification of ICT third-party service providers (will need to have either a valid LEI code or EU-ID for the files to pass validation);• Detail on the nature of the ICT services provided;• Detail on contractual arrangements;• Risk classification;• Monitoring and oversight mechanisms;• Sub-outsourcing arrangements; and• ICT-related incidents.
The European Supervisory Authorities have provided useful information on how to prepare to report the ROI which is available online. In Ireland, the Central Bank will publish a system guide to submitting the ROI in March 2025. The German BaFin has provided information here (in German).
United States: Potential Increase to Debenture Limit for Levered Small Business Investment Companies (SBICs)?
Small Business Investment Companies (SBICs), which invest in qualifying small businesses in the United States, are eligible to receive Small Business Administration (SBA)-guaranteed debentures at favorable rates to finance their investment activities. Standard SBIC debentures typically have 10-year terms with interest payments due semi-annually, and a lump-sum payment of the principal at maturity.
Under the current SBIC regime, the amount of standard debentures outstanding from a single SBIC cannot exceed the lesser of: (a) US$175 million and (b) two times (2x) the SBIC’s limited partners’ commitments to the SBIC (the Debenture Cap). As a result, levered SBICs often seek to raise a minimum of US$87.5 million in limited partner capital commitments, which allows the SBIC to seek approval for up to US$175 million in debentures from the SBA.
In recent months, however, certain SBICs have begun targeting fundraises of US$125 million and including disclosures in their offering documents related to a potential increase to the Debenture Cap, signaling an expectation that such an increase may occur. This change would allow SBICs that raise US$125 million in private capital to seek approval for up to US$250 million in SBA debentures, for a total fund size of US$375 million. We expect that such update would be welcomed by SBIC sponsors and investors alike, as it would allow for increased capacity for SBICs and result in more capital flowing into US-based small businesses.
Current Limit
Potential New Limit
Debenture toPrivate Capital Ratio
2:1
2:1
Private Capital Target
US$87.5 million
US$125 million
Maximum Aggregate Standard Debenturesper SBIC
US$175 million
US$250 million
SBIC Size at 2:1 Ratio
US$262.5 million
US$375 million
We are closely monitoring these developments and will publish any official updates as they are released.
Waffles, Passports and Trustee Directors – Part One
What will you be doing during the third week of March? According to a US website, there will be various celebrations underway. Perhaps you will be making the most of national cocktail-making day, or maybe national cleaning week will grab your attention. (Although, on a personal note, I am happy to say that it is not national cleaning week in the UK.) While reading through the possible celebrations (and the list is endless), international waffle day rather caught my eye.
If you are a director of a corporate trustee, however, you might be creating, or logging into, your GOV.UK One Login account. From 25 March, a Companies House timeline indicates that directors of UK registered companies should be able to undertake voluntary verification of their identity. This will become a mandatory requirement during the autumn of 2025. Directors of existing companies, including directors of corporate trustees, will be required to undergo this new identity checking measure as part of their company’s annual confirmation statement. You can find out the date by which your company must submit its annual confirmation statement by heading to the Companies House website and searching against your company’s name.
Given that there is a 14-day window in which to submit an annual confirmation statement, before penalties might be incurred, it makes sense to tackle the verification process well in advance of the deadline. Pensions managers and company secretaries, take note – you never know which trustee directors are going to decide to take a last-minute holiday and head off to the sun (or snow) or worse still, a round the world cruise with no Wi-Fi connection, oblivious to the need to verify their identity before falling foul of the Economic Crime and Corporate Transparency Act 2023 (ECCTA).
The rules for verification should, in theory, be simple to follow but as you will know that is not always the case when trying to log onto a government website, especially when you have a deadline to meet. You might already have a GOV.UK One Login account, for example if you have recently applied for a basic DBS check (perhaps because you were renewing a professional trustee accreditation).
There are three ways that trustee directors (or any director for that matter) will be able to prove their identity with GOV.UK One Login:
First, by using the GOV.UK ID Check app
Second, by answering security questions on the GOV.UK One Login website
Third, at a Post Office
For me, the simplest way would be to use the first option, which involves downloading the app to my phone and then using my phone to scan my passport and take a selfie with my phone camera. The biometric chip in my passport should do the rest. It will also be possible to use your driving licence and for those without a UK passport or driving licence, it will be possible to use a non-UK passport with a biometric chip, a UK biometric residence card, or permit, or a UK frontier worker permit.
The second option is to have a photo identity document to hand and answer some security questions on the GOV.UK One Login website. In theory, this should be simple, I mean how many times did your mother change her maiden name, or how many times did the spelling of your first primary school change? But, for me, trying to remember the exact spelling of security responses that I have used in the past tends to prove futile.
And then there is the “turn up at your local post office” option. That doesn’t get you out of having to negotiate the GOV.UK One Login service, it just means that you have to create an account on the service first and then when you do arrive at the post office, they will scan your passport for you and take your photo. That feels a bit like adding another degree of potential human error into the equation – just stick to option 1 and use a smart phone and passport, is all I can say.
But why will you have to do all of this?
It flows from measures introduced by ECCTA to tackle and thwart the use of UK registered companies for criminal purposes. The government has discovered that it is actually incredibly easy to create a legitimate looking UK registered company around a totally fraudulent business. A shelf company using a person’s (any person’s, it turns out) residential address works quite well as a registered office address for a company.
Until recently, Companies House did not have the resources, or the statutory objectives, to check the legitimacy of company documents being filed with it. Companies House served merely as a filing repository rather than as a regulator.
ECCTA gives Companies House more teeth to act as a regulator, with objectives that include ensuring that information filed at Companies House is accurate, ensuring that records kept by Companies House do not create a false or misleading impression to members of the public, and preventing companies and others from carrying out unlawful activities.
Since 2 May 2024, Companies House has had the power to issue new financial penalties, although sadly the limit is currently set at a maximum of £2,000 per offence, which seems small change compared to TPR’s powers to issue financial penalties of up to £1 million in certain circumstances. Companies House still has some catching up to do, but it’s a step in the right direction.
You might be thinking that this is taking a sledgehammer to crack a nut and that there can’t be that many companies registered for fraudulent purposes. Part two of this blog considers whether that is the case.
In the meantime, what will you be doing on 25 March? I, for one, might be scanning my passport, but I shall make sure that I have a waffle to hand.
Crypto Regulatory Roundup – Q1 2025
Introduction
Since President Trump’s inauguration, the crypto industry has been on a tear. And no, this time, we’re not just talking about the price of Bitcoin. In the past two months, Washington D.C. has taken a deliberate interest in the crypto industry. In this article, we’ll explore legislative and regulatory efforts with the potential to elevate the “digital asset” industry to a broader U.S. market.
Bigger Picture
The Trump administration wants crypto to blossom, and for that to happen in the United States. This is a reversal from President Biden’s approach, made evident by President Trump’s executive order on crypto in his third day in office.
Further, the Trump administration is bringing together key stakeholders within the federal government:
A majority of Congress is now supportive of (or less against) crypto.
The crypto lobby landed over 90% of its desired candidates in the last election.
The acting chair of the SEC (Mark Uyeda), another key commissioner (Hester Peirce) and the nominated SEC chair (Paul Atkins) are supportive of crypto and are experts in the industry.
The nominated CFTC commissioner (Brian Quintenz) publicly supports crypto and has spent time at venture capital firm Andreesen Horowitz, a firm with a reputation for backing the digital asset industry.
President Trump’s appointees for Commerce (Howard Lutnick) and Treasury (Scott Bessent) each have a long history of support for the crypto industry.
The United States Supreme Court’s conservative majority could provide crypto proponents with the high-level air cover needed to ensure these legislative and regulatory changes are implemented.
If the digital asset industry can get some workable rules in place, we could see a step-function increase in investment in this sector. On the other hand, if Congress is unable to pass needed crypto legislation, the digital asset industry would likely continue to shift offshore to crypto-friendly jurisdictions like the Cayman Islands and Abu Dhabi.
What does this mean for business?
Here are some things to watch in investment management, for general corporates, for banks and for startups.
Investment Management: Rules classifying digital assets as securities or commodities (or neither!) could ease investment decision-making. A clearer regulatory framework could: (i) help venture funds adjust and streamline their legal forms of investment; (ii) provide a legally safer trading universe for hedge funds; (iii) provide compliance departments with reliable policies and procedures and (iv) increase broker-dealer participation for crypto market making. Back- and mid-office issues like custodying unsupported tokens could be resolved. Rules for stablecoin issuers could reduce counterparty and reputational risk related to use of those products. Larger asset managers may explore bringing new exchange-traded products to market, expanding access for institutional investors like pensions, endowments, foundations and larger RIAs.
Large Corporates: We saw household-name companies dabble in blockchain and “Web-3” a few years ago, including major retail brands, gaming companies, celebrities and sports teams using NFTs to build brand loyalty and facilitate direct company to consumer interaction. Crypto can help gamify experiences, providing instant, ownable blockchain-powered rewards and collectibles that can be traded instantly and globally. If lawmakers can provide clarity for the celebrities and the C-suite, we could see renewed interest in these initiatives.
Banks: As custodians of U.S. dollars and other “real” currencies, banks are a natural fit to custody crypto assets, and we saw major interest in this a few years ago from most global custodians and exchanges. As discussed below, interest from institutional banks waned as the SEC and FDIC purportedly pressured the banking industry to avoid crypto. However, with the recent shift in regulatory attitude, and the repeal of “SAB 121,” we could see a resurgence of custody interest from traditional banks, and an expanded customer base for them if they choose to service companies with crypto exposure.
Startups: A collaborative SEC paired with legislative clarity changes the calculus for young companies with crypto products or business lines. These companies could consider launching from the United States (vs. offshore) and could potentially distribute their products to U.S. customers with lower risk. Also, the SEC is actively exploring ways to ease public offerings for tokens, acknowledging that Reg. D or full-on securities registration are impractical fits for tokens of a decentralized or functional blockchain network.
Key legal and regulatory developments
I. Winding Down of SEC Crypto Enforcement
Over the last few years, the SEC has brought headline cases against crypto industry participants, including exchanges like Coinbase, Kraken and Binance, and issuers like Ripple. These cases kept many companies on the crypto sidelines, lest they draw the ire of the SEC. However, some of these cases have now been paused or completely dropped. On February 21, 2025, Coinbase announced that it reached an agreement in principle with the SEC to dismiss their ongoing lawsuit. It is rare for the SEC to dismiss (again, drop completely – not settle) flagship litigation. The SEC’s case against Binance has also been paused, and we could see similar action in the Kraken and Ripple cases.
While critics of the digital asset industry will argue that dropping these cases is a mistake, industry advocates have long argued that these actions were off base from the start. It is likely that the SEC dropped or paused these cases because crypto market structure legislation is coming, leading to practical, mutually agreed solutions for the parties to move forward.
II. SEC Priorities Shifting
The SEC has effectively disbanded its dedicated crypto enforcement unit. In its place, it has installed a broader cybercrimes unit, which includes a crypto focus but also focuses on potential wrongdoing from other emerging technologies like artificial intelligence and even traditional technologies like social media.
Further demonstrating the SEC’s focus on developing new solutions vs. enforcing the status quo, the SEC has created a “crypto task force.” Led by SEC Commissioner Hester Peirce, the task force will develop and recommend rules for crypto, addressing specific priorities such as:
Security Status: Defining whether a crypto asset is a security or something else.
Jurisdictional Scoping: Identifying which areas fall inside the SECs’ purview and which don’t.
Temporary Relief: Developing pathways to compliance for coin or token offerings when an issuer is willing to take responsibility for providing appropriate disclosures.
Viable Path for Token Offerings: Easing existing paths to registration, including Regulation A and crowdfunding.
Special Purpose Broker Dealer: Exploring updates to the special-purpose broker dealer no-action statement.
Custody Solutions for Investment Advisers: Developing a framework in which advisers can appropriately custody client assets themselves or with third parties.
Crypto-Lending and Staking: Clarifying whether crypto lending and staking programs are covered by the securities laws.
ETPs: Enabling new crypto exchange-traded products and allowing for additional features (e.g. staking and in-kind creations and redemptions).
Clearing Agencies and Transfer Agents: Exploring the intersection of crypto, clearing agency and transfer agent rules.
Cross-Border Sandbox: Developing a global, cross-border regulatory engagement framework to encourage industry and regulator collaboration.
III. Enabling Banks to Engage with Crypto
The SEC issued guidance in 2022 that restrained banks from custodying crypto. Staff Accounting Bulleting (“SAB”) 121 required the industry to reflect digital assets as both an asset and a liability, effectively forcing banks to maintain additional, and usually impractical, capital reserves. Updated guidance from the SEC this past January – SAB 122 – rescinds this prior guidance. We expect this repeal to allow banks to reengage with digital assets, including custodying them, a major initiative by global custodians and other banks a few years ago.
Additionally, we also could see banks begin again to take crypto companies as customers. In one of the first hearings of the newly formed Senate Banking Committee’s Subcommittee on Digital Assets, lawmakers examined the concept of “debanking” – the term for when a bank denies or closes specific customer accounts for often unexplained risks. In past years, many banks have refused to do business with crypto companies. The debanking period has ended, according to FDIC Acting Chairman Travis Hill, who noted that the prior FDIC approach “contributed to a general perception that the agency was closed for business if institutions are interested in anything related to blockchain or distributed ledger technology.”
IV. Need-to-Know Legislation: Stablecoins
An early favorite for legislation is stablecoins. Generally, stablecoins are digital tokens that are pegged to the U.S. dollar or another fixed currency. If I have one stablecoin, I have (the equivalent to) one U.S. dollar. Stablecoins are increasingly being viewed as in the U.S. national interest because they can effectively expand access to the U.S. dollar. For example, many people globally can’t readily access U.S. dollars – they may not have U.S. bank accounts, or their local bank may not hold sufficient U.S. dollars. With stablecoins, anyone with a phone can hold a digital asset that functions as, and is exchangeable for, a U.S. dollar.
In an area reminiscent of the banking industry, legislation is moving through Congress and could be on President Trump’s desk by mid-2025. The various proposed bills (e.g. Senator Hagerty’s “GENIUS Act”) define key terms like “payment stablecoin,” establish procedures for licensing and issuing stablecoins, implement reserve requirements and standards for stablecoin issuers, and apply different disclosure and registration requirements to issuers based on specific financial thresholds.
V. Need-to-Know Legislation: Market Structure
Fundamental legal and regulatory questions exist with crypto, including the question of if and when a digital asset is a security and which regulator (e.g. the SEC or the CFTC) is in charge. Crypto market structure legislation passed the House of Representatives in 2024, and the current Congress seeks to build upon that prior progress.
The Financial Innovation and Technology for the 21st Century Act (“FIT21”), passed by the House of Representatives in 2024, categorized digital assets into three categories: digital commodities regulated by the CFTC, restricted digital assets regulated by the SEC and payment stablecoins (neither digital commodities nor restricted digital assets). FIT21 would have supplanted the Howey test in determining whether a digital asset is a security by requiring issuers to certify that a digital asset runs on a blockchain that is sufficiently decentralized. Whether its FIT21 or something else, crypto market structure legislation will likely replace Howey providing rules for clearer determinations.
VI. Trump’s Executive Order on Crypto
The first sign that President Trump has prioritized crypto came on January 23, 2025, when he signed an Executive Order titled “Strengthening American Leadership in Digital Financial Technology.” The crypto executive order establishes a working group tasked with recommending a comprehensive regulatory framework for digital assets, including the potential for a national digital asset stockpile. The executive order requires the working group to achieve its objectives in 2025, reflecting the Trump administration’s intent to adopt decisive solutions quickly.
Conclusion
2025 is proving to be a banner year for crypto legislative and regulatory efforts. Stay tuned for more developments, as soon as the next few months. For those interested in engaging more directly, the SEC Commissioner Peirce’s task force is welcoming comments from the industry.