Crypto exchanges look to US after rules tighten in EU and APAC

US President Donald Trump hosted the White House’s first crypto summit on March 7, with attendees including top industry executives such as Coinbase chief executive Brian Armstrong and MicroStrategy executive chairman Michael Saylor, as well as unexpected guest FIFA president Gianni Infantino.

Trump, who wants Congress to pass digital asset regulations before the August break, told a press conference at the summit: “I hope lawmakers will send that legislation to my desk.”

Crypto companiesʼ enquiries to US compliance experts have increased recently, and some that had exited the US are looking to become licensed there again, Larry Nakamura, chief compliance leader at Carlton Fields Consulting Group, told Compliance Corylated.

“The fundamental concerns we’ve had involve inquiries from foreign entities that want to begin operations here in the US,” he added. “They feel that the political environment has shifted, signalling a potential entry point for them and others. They primarily understand the evolving nature of this space. The main questions they have are what regulations currently apply, and what it would take to either start an exchange in one case or operate as a virtual asset service business in the US.”

The US has 64 registered centralised crypto exchanges (CEXs) across five main authorities, making it already the most popular jurisdiction worldwide, according to a VASPnet report published on February 20. To operate in the US, CEXs are required to register as money services businesses (MSBs) with the Financial Crimes Enforcement Network (FinCEN), and may be subject to state-level regulations and licensing requirements.

For example, the New York State Department of Financial Services (NYSDFS) supervises the country’s biggest exchange, Coinbase, but to comply with state-level regulations, the exchange is also registered under the Louisiana Office of Financial Institutions (LOFI), which licenses other CEXs such as Crypto.com, OKX and Kraken.

Carlton Fieldsʼ Nakamura explained: “Our [state-level] rules, I think, are fairly similar. Those that have put forth rules or legislation regarding digital assets are mostly fairly prescriptive and straightforward about the activity. It’s a matter of identifying the business activity that will trigger a requirement for the money services business.”

The NYSDFS’s BitLicense is the only state-level crypto regime so far, but it is likely more states will develop specific licensing regimes for crypto businesses and stablecoins.

“Florida has some regulation, and I think Texas, along with several other states, are developing regulations as well. I think there are also proposals in the books, but nothing has been adopted yet. There’s a lot of vetting and consensus-building that needs to take place among policymakers to figure out how to regulate it and what that regulation should look like. Money laundering is probably at the top of the list and will be present in all of them, but beyond that, other requirements aren’t entirely clear yet,” Nakamura added.

SEC dropped lawsuits

The US Securities and Exchange Commission (SEC) has withdrawn and paused lawsuits against 10 crypto and digital asset companies since February 12, including Binance, Coinbase, Robinhood and Kraken. The lawsuits, which accused the exchanges of “unregistered” securities sales, were dropped as the SECʼs recently formed crypto task force was set to “reform and renew” its regulatory approach to the industry.

Centralised CEXs are controlled by a private or public company and act as an intermediary for trading and holding customer funds. They are subject to anti-money laundering (AML) and countering financing of terrorism (CFT) risks, which require Know Your Customer (KYC) checks in many countries, including the US. The nine exchanges registered in the US are also subject to broader market regulations.

According to Nakamura: “What ends up happening is that it’s not just one business line a company wishes to engage in, but multiple lines. And it’s those multiple lines that need to be carefully considered before engaging in those practices. This is where much of the enforcement actions, not litigation, have come from — when folks enter a marketplace and begin operating without fully understanding all the regulatory requirements, and where they might be considered a money services business versus trading securities or commodities.”

Jurisdiction shopping

While CEXs are subject to licensing requirements in most countries, some regulatory frameworks have gaps that can be exploited and so some CEXs shop around for jurisdictions with friendlier licensing or regulatory regimes.

According to data compiled by Compliance Corylated, the Seychelles is a popular base for global CEXs, including KuCoin, BitMEX and OKX, which recently settled a lawsuit with the US Department of Justice (DOJ) for operating without a money transmitter licence since 2017.

OKX pleaded guilty on February 24, agreeing to criminally forfeit $420.3 million and pay a fine of $84.4 million. While it no longer provides crypto services for US customers, OKX continues to operate internationally. The company received its Markets in Crypto-Assets regulation (MiCA) licence on January 27, allowing it to offer services in all 30 European Economic Area (EEA) member states.

Last September the Seychelles introduced the Virtual Asset Service Providers Act 2024, following the overall national risk assessment (ONRA) by the Central Bank of Seychelles. This said: “The ONRA exercise has traced hundreds of entities operating as unlicensed VASPs in the NBFI sector, providing a mix of functional activities in different types of tokens from Seychelles.”

Under new crypto regulations, entities can no longer offer digital asset services in or from the Seychelles without a licence from its Financial Services Authority (FSA), including digital asset exchange, wallet, broking and investment providers. The new act also requires licensees to monitor and comply with AML/CFT standards and, specifically, they must maintain a fully staffed office in the country.

Turning tides around the world

The jurisdiction map also shows tides turning across Asia-Pacific (APAC) countries.

Japan’s Financial Services Agency (FSA) asked Apple and Google to remove five unregistered crypto exchange applications from their app stores on February 6, including LBANK Exchange, Dubai-based Bybit, Singapore-based MEXC Global and Bitget, as well as Seychelles-based KuCoin. This adds to the warning issued to 21 unregistered overseas exchanges to remove their Japanese language websites in 2024, citing the introduction of CEX registration in 2017.

Bybit has also faced regulatory pressure in Canada, France, Malaysia, the Netherlands and South Korea. In January, the Securities Commission Malaysia (SC) cracked down on Bybit for offering digital asset trading services without proper registration as a recognised market operator (RMO). Following the notice, Bybit had to disable its website, apps and digital platforms in Malaysia, and halt all advertising to Malaysian investors.

Meanwhile, the Dutch Central Bank (DNB) fined Bybit 2.25 million euros in September, for offering services in the Netherlands without the legally required registration. The DNB said in a statement: “Among other factors, this meant that Bybit was unable to report unusual transactions to the Financial Intelligence Unit Netherlands (FIU-NL) during the period of non-compliance. As a result, a large number of unusual transactions may have gone unnoticed by the investigative authorities.”

Since May 2020, companies offering crypto services in or from the Netherlands must register with the DNB, and from December 2024, a licence will be required under MiCA.

MiCA grandfathering

Despite Bybit’s lawsuit, MiCA guidelines do not imply that only MiCA-licensed CEXs will be allowed to operate in the EU from December 30. The new European regulations are still in the transitional phase as of March 10.

According to European Securities and Markets Authority (ESMA) guidelines: “Crypto asset service providers that provided their services in accordance with applicable law before 30 December 2024 may continue to do so until July 1, 2026 or until they are granted or refused an authorisation pursuant to Article 63, whichever is sooner.”

EU member states can choose not to apply or shorten the transitional regime (the “grandfathering” period) if they believe their national rules before December 30 are less strict than MiCA. Some national authorities have informed ESMA of their expected grandfathering periods, though these may not yet be part of national law.

The grandfathering period allows CEXs to operate under existing legislation. This raises the question of whether crypto companies are operating under MiCA’s grandfathering provisions while awaiting US regulations.