Latest Crypto Regulations by Country Updated Guide

This introduction sets the scope: a concise, country-level overview of key changes for 2024–2025 and practical steps firms can take to meet new compliance expectations.

Global markets have grown rapidly—market cap sits near $2.24 trillion with roughly $91 billion traded daily, led by Bitcoin and Ethereum. Illicit addresses sent about $22.2 billion to platforms in 2023, which is driving tighter rules and stronger enforcement.

Read on to see how FATF standards like KYC, transaction monitoring, sanctions screening, and Travel Rule obligations are shaping national frameworks. This section previews how asset classification, licensing, AML/CTF, and data sharing differ across jurisdictions.

Who should read this: compliance leads, product managers, founders, and legal teams working with cryptocurrency and digital assets across borders. Practical takeaways include scope, documentation needs, and which regulators enforce each regime.

Why crypto regulations matter now: market size, risks, and 2025 momentum

The surge in market value and daily turnover has pushed regulators into a faster policy cycle. The sector reached about $2.24 trillion in market cap in September 2024, with roughly $91 billion traded each day. That scale raises systemic risk questions for governments and supervisors.

High-profile hacks and illicit flows add urgency. Nearly $2 billion was stolen through exploits through July 2022, and illicit addresses sent $22.2 billion to platforms in 2023. Those losses push stronger anti‑laundering and consumer protections.

1. Liquidity risk: Tens of billions in daily trading require clearer disclosures and operational resilience.
2. Financial integrity: Exchanges and custodians face elevated expectations for KYC and sanctions screening.
3. Policy momentum: 2025 is pivotal in the United States as Congress advances laws on stablecoins and agency roles.

For further context on market trends and demand shifts, see market projections and analysis. Companies must embed controls early to operate across borders and meet evolving standards.

The global baseline: FATF standards, VASPs, and the Travel Rule

International guidance from the FATF now anchors national approaches to licensing and anti‑money laundering for virtual asset activity.

FATF amended Recommendation 15 to require that virtual asset service providers face registration or licensing similar to banks. This change pushes countries to adopt a common minimum of oversight while leaving room for local variation in scope and enforcement.

Who counts as a Virtual Asset Service Provider

VASPs include firms that exchange fiat and virtual tokens, swap one token for another, transfer value, custody or administer keys, and offer financial services tied to an issuer’s token sale.

• Exchange between fiat and virtual assets
• Transfer of virtual assets
• Safekeeping, custody, and token administration

Travel Rule thresholds and adoption status

The FATF Travel Rule sets a $1,000/€1,000 cross‑border threshold for full originator and beneficiary data. Below that level, lighter data requirements apply, and some jurisdictions set different domestic thresholds.

Core AML pillars: KYC, sanctions screening, transaction monitoring

Key controls include identity verification, sanctions and watchlist checks, continuous transaction monitoring, and timely suspicious activity reporting. Firms must map business lines to VASP definitions and test counterparty risk when partners are unregulated.

Practical takeaway: adopt interoperable, privacy‑preserving messaging for Travel Rule compliance and keep governance documentation ready for regulator exams.

How countries classify digital assets: securities, commodities, property, and legal tender

How a government labels a token—security, commodity, property, or legal tender—drives who regulates it and how taxes apply. These labels affect licensing, disclosure duties, and market oversight across borders.

Securities treatment brings prospectus requirements, investor protections, and ongoing reporting under securities agencies. Firms offering tokens that meet a securities test must follow offering rules and stay audit-ready.

Commodities designations shift focus to market integrity, anti-manipulation rules, and derivatives oversight. Exchanges and trading platforms face tighter market conduct standards when a token is treated as a commodity.

Property classification, as with the IRS rule in the United States, creates capital gains events on spending, trading, or exchanging a digital asset. That tax stance affects accounting and product flows for U.S. firms.

Legal tender status, seen in El Salvador’s Bitcoin move, changes merchant acceptance duties and can affect tax payment options and investor signals, though enforcement and uptake vary.

• Stablecoins often get bespoke treatment, with reserve and audit expectations where payment use is intended.
• One token can be a security in one place and property in another, complicating cross-border product strategies.

Practical step: maintain a jurisdictional matrix mapping each token’s classification to applicable rules and operational controls. This reduces legal surprises and helps align product design with local demands.

United States overview: fragmented past, clearer federal direction in 2025

2025 marked a turning point as Congress and regulators moved from ad hoc enforcement to codified roles for digital markets.

Agency roles tightened. The securities exchange commission (SEC) keeps oversight of tokens deemed securities. The CFTC gains clearer authority over commodity-style tokens under the CLARITY Act framework, which passed the House and awaits Senate action.

FinCEN continues to enforce Bank Secrecy Act obligations for firms offering virtual value transfer services. The IRS still treats cryptocurrencies as property for tax reporting on trades, payments, and disposals.

Major 2024–2025 milestones

• 2024 approval of spot Bitcoin and Ethereum ETFs signaled stronger market access for institutional investors and exchanges.
• July 2025 GENIUS Act set full-reserve rules, monthly audits, and AML controls for stablecoin issuers.
• Other House measures, like the Anti-CBDC Surveillance State Act, reflect policy debates on central bank digital money.

State licensing still matters. Money transmitter and virtual currency laws impose capital, surety, and program standards for services that operate across states.

Practical advice: maintain robust AML/CFT controls, document token classification, and prepare for multi‑agency exams as implementation timelines for the GENIUS and CLARITY measures unfold.

EU alignment: MiCA and the Transfer of Funds Regulation (TFR)

The European Union created a single framework that brings issuers, CASPs, trading platforms, and wallet providers under shared rules. MiCA (Regulation (EU) 2023/1114) sets authorization, governance, and disclosure duties across the single market. ESMA and national authorities oversee implementation.

Who is in scope: CASPs include exchanges, custody services, and market operators that offer asset services to EU clients. Issuers must publish transparent disclosures and meet investor protection standards ahead of listing.

Key milestones and operational impacts

December 2024 was a pivotal compliance date. Firms needed authorization pathways, updated governance, and investor-facing disclosures. ESMA technical standards guide phased steps.

TFR aligns with FATF travel rules, requiring originator and beneficiary data for cross‑border transfers. Verification of ownership or control for unhosted wallets raises onboarding friction but strengthens traceability.

Practical steps: upgrade Travel Rule tooling, enhance EDD for third‑country counterparties, and map whether overseas operations trigger authorization or require local partnerships. These measures aim to protect consumers and stabilize markets while enabling legal certainty for exchanges and issuers.

United Kingdom: FCA registration, AML/CTF, and consumer protection focus

The United Kingdom has tightened oversight of digital asset services while aiming to keep London attractive for innovation.

The Financial Conduct Authority oversees AML/CTF for in‑scope activities under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.

In scope are exchanging crypto for money, token‑to‑token swaps, and running ATMs. Firms must register with the conduct authority and pass fit‑and‑proper checks.

• Registration expectations: governance, SMCR duties where relevant, documented risk assessments, and ongoing reporting.
• Controls: robust KYC, sanctions screening, and transaction monitoring with clear audit trails.
• Consumer rules: tighter promotions rules (Oct 2023) require risk warnings and cooling‑off protections for retail.

The UK implemented the Travel Rule, so originator and beneficiary data must travel with transfers between eligible service providers. Stablecoin oversight has also expanded under the Financial Services and Markets Act 2023, aligning payment tokens with prudential and conduct standards.

Operational readiness — Travel Rule tooling, complaint handling, and incident reporting — plus active board oversight, help firms demonstrate strong compliance and secure a competitive position in London’s market.

Switzerland: permissive but structured DLT and AML framework

Switzerland combines clear token law with firm supervisory expectations. The 2020 DLT law enables tokenization of rights and claims and supports issuance and trading of DLT securities under recognized legal forms.

Financial intermediaries such as exchanges, wallet providers, and trading platforms fall under the Anti‑Money Laundering Act (AMLA) and AMLO‑FINMA. FINMA enforces customer due diligence, transaction monitoring, and Travel Rule alignment for obliged entities.

Key benefits include legal certainty for institutional custody and token projects, while Swiss supervision keeps strict anti‑money laundering checks in place. Cross‑border services must heed client‑targeting rules and licensing triggers.

• Onboarding expectations: PEP screening, source‑of‑fund checks, and robust KYC.
• Operational readiness: Travel Rule data exchange and documented governance.
• Market impact: a permissive yet structured environment that attracts tokenization efforts.

France and the DASP regime: AMF registration and services in scope

Under the Monetary and Financial Code and PACTE law, France requires registration for many digital asset activities. The Autorité des Marchés Financiers (AMF) oversees DASPs that offer custody, fiat-asset exchange, token-to-token trading, and platform operations.

• Custody and key management with segregation and incident response plans.
• Exchange services (crypto-fiat and crypto-crypto) and trading platform operations.
• Reception/transmission of orders, portfolio management, advice, underwriting, and placement.

Custody mandates focus on secure key controls, asset segregation, and clear recovery procedures to protect client holdings. Platform operators must run AML/CTF systems, market integrity controls, and transparent fee disclosures.

Advisory and portfolio services carry suitability duties, conflicts management, and strict recordkeeping. The EU Transfer of Funds Regulation enforces Travel Rule data flows and requires due diligence on third-country counterparties for cross-border transfers.

Practical takeaway: map French registration to MiCA authorization plans, tighten consumer protection disclosures, and ready IT controls for AMF review. These steps help service providers scale into EU markets while keeping client safeguards front and center.

The Netherlands and Estonia: implementing TFR and tightening VASP oversight

C regulators in the Netherlands and Estonia have stepped up supervision, demanding stronger governance, custody controls, and Travel Rule readiness for cross‑border transfers.

Netherlands (Wwft): De Nederlandsche Bank requires Wwft registration for firms that exchange fiat and virtual value and for custodian wallet providers. Registered firms must run AML programs, maintain governance records, and submit to ongoing supervision.

Key Estonian changes

Estonia expanded its AML Act to cover wallet, exchange, and transfer services, plus offerings on behalf of issuers. The FIU enforces Travel Rule data flows, strong KYC, monitoring, and timely reporting.

• Custody services must show secure key management and client‑asset segregation.
• Travel Rule tooling and counterpart due diligence are essential for cross‑border transfers.
• Sanctions screening, PEP policies, and documented audits support lasting compliance.

Practical takeaway: firms and service providers operating across the EU should align Travel Rule systems and governance to meet regional rules and reduce audit risk in each country.

Belgium: FSMA registration for exchanges and custodian wallet providers

Belgium requires firms that offer exchange services between fiat and digital assets, and custodian wallet providers, to register with the FSMA. The Law on the prevention of money laundering and terrorist financing sets AML/CTF duties for obliged entities.

Key obligations include customer due diligence, ongoing monitoring, and prompt suspicious transaction reporting. Firms must document AML programs and keep clear audit trails.

• Governance and operational resilience are core FSMA supervisory priorities.
• Exchange providers must publish transparent pricing, complaint procedures, and consumer information.
• EU TFR enforces Travel Rule data transfer and unhosted wallet verification for cross‑border flows.

Cross‑border activities aimed at Belgian clients can trigger local registration under marketing or activity thresholds. Strong sanctions screening and geographic risk assessments aligned to EU high‑risk lists are essential.

Practical steps: maintain regular internal audits, staff training, incident response plans, and business continuity measures to show an effective compliance culture to the FSMA.

Singapore: Monetary Authority Singapore and the Payment Services Act

Singapore combines openness to innovation with strict licensing and consumer rules for digital payment token services. Firms must map activities to the Payment Services Act and decide if they take possession of money or tokens—this decision determines licensing needs.

Digital Payment Token licensing — dealing vs facilitating

Under the Payment Services Act, MAS licenses Digital Payment Token (DPT) service providers that deal in or take possession of money or DPTs. Activities that only facilitate exchanges without custody are generally excluded from the “dealing” threshold.

Planned wallet rules expand the perimeter. Expect custody standards, segregation of client assets, and higher operational resilience requirements when wallets hold client keys or funds.

Retail safeguards, Travel Rule, and compliance expectations

MAS requires AML/CTF controls, technology risk management, and clear disclosures in marketing to protect retail users. The Travel Rule is implemented; obliged entities must collect, store, and securely transmit originator and beneficiary data.

Enforcement has been active, so firms should maintain robust governance, audit trails, liquidity and segregation controls, and timely incident reporting aligned with MAS notices.

• Map activities to PSA licensing triggers and update onboarding flows.
• Implement Travel Rule tooling and strong KYC/transaction monitoring.
• Prepare disclosures, custody procedures, and resilience tests for upcoming wallet rules.

Singapore’s regime aims to foster innovation while keeping consumer protection and financial stability central.

Hong Kong: SFC/HKMA framework for virtual asset trading platforms

Hong Kong has built a clear licensing route and supervisory playbook for virtual asset trading platforms. The Securities and Futures Commission (SFC) licenses platform operators and sets fit‑and‑proper tests, custody standards, and investor protections for retail access.

Licensing and custody: applicants must show governance, segregation of client assets, cold storage thresholds, and robust cybersecurity. The SFC expects transparent listing and delisting policies and product due diligence before retail admission.

AML/CFT and Travel Rule: licensed firms follow detailed anti‑money laundering guidance that requires customer due diligence, ongoing monitoring, suspicious transaction reporting, and Travel Rule data sharing with counterparties.

• Banks working with platforms follow HKMA guidance on risk‑based onboarding and transaction oversight.
• Cross‑border listings trigger enhanced due diligence for low‑transparency tokens and foreign counterparties.
• Ongoing supervisory engagement includes inspections, compliance attestations, and tracked remediation plans.

Practical takeaway: firms and service providers should prepare for rigorous reporting, governance attestations, and IT audits. Meeting SFC and HKMA expectations creates a foundation for trusted exchanges and safe market access in Hong Kong.

South Korea and Japan: transparency, real‑name banking, and Payment Services Act

Regulatory focus in Seoul and Tokyo centers on clear account links, platform transparency, and strong consumer protections. Both markets require formal registration and active supervision to keep flows traceable and users safe.

South Korea enforces the Act on the Reporting and Use of Specific Financial Transaction Information. VASPs must register with the FSC, run comprehensive AML controls, and partner with banks for real‑name accounts. Platforms publish proof‑of‑reserves and maintain fast incident reporting to limit losses.

Japan recognizes cryptocurrencies as a payment form under the Payment Services Act. Exchanges must register with the FSA, segregate client assets, and apply strict KYC and consumer safeguards. Both markets demand continuous monitoring and timely suspicious activity reports to deter money laundering.

• Localize onboarding: name matching, ID checks, and sanctions screening.
• Operational controls: cold storage, multi‑sig, and live monitoring.
• Supervision: audits, inspections, and enforcement from the government.

Practical takeaway: firms should align onboarding, custody, and monitoring to local expectations so payment recognition and consumer protection work together to preserve market integrity in each country.

Americas snapshot: Canada’s FINTRAC rules and Latin America’s divergence

The Americas show a mix of strict oversight and pragmatic response to market demand. Some markets provide clear licensing and investor access, while others balance grassroots use with regulatory caution.

Canada: exchange registration, AML/KYC, and ETFs

Canada requires trading platforms to register with provincial securities regulators and FINTRAC. Firms that hold or move assets often qualify as money service businesses and must meet MSB rules.

FINTRAC duties include reporting, monitoring, and recordkeeping. Canadian markets also allow spot cryptocurrency ETFs on the TSX, which broaden investor access under securities oversight.

Brazil: exchange oversight and central bank initiatives

Brazil’s 2022 law tightened exchange registration with the CVM and raised AML controls for providers. The framework aims to improve market integrity and protect retail users.

The Central Bank of Brazil is developing a digital real to modernize payments and support financial stability. That project shapes how exchanges and wallet services connect to national rails.

Argentina: high adoption amid evolving oversight and taxation

Argentina shows strong grassroots adoption driven by remittances and inflation hedging. At the same time, tax rules and reporting obligations are still evolving, which creates operational uncertainty.

In 2023 the central bank restricted banks from offering crypto services, raising onboarding and custody challenges for firms. Market entrants should tailor strategies to licensing triggers, data localization, and consumer protections across the region.

• Takeaway: the Americas combine clear compliance pathways in places like Canada with divergent approaches in Latin markets, creating both risk and opportunity for compliant growth.

Middle East dynamics: UAE’s VARA leadership and Saudi Arabia’s cautious stance

The Gulf is emerging as a testbed for clear licensing and fast innovation. Dubai’s VARA, plus ADGM and DIFC free zones, give defined pathways for exchanges, custodians, and token issuers. These frameworks help service providers plan market entry and meet governance expectations.

ADGM/DIFC regimes and AML/KYC expectations

Free zones require robust KYC, transaction monitoring, and Travel Rule readiness. Firms must show strong IT controls, substance, and sanctions compliance to win licenses and bank relationships.

• VARA and free zones: structured licensing for exchanges and custody.
• Practical needs: governance, audits, and clear customer disclosures.
• Saudi stance: the central bank warns of risks and pursues CBDC experiments such as Aber with regional partners.

Firms eyeing the Gulf should map VARA, ADGM, and DIFC paths and plan for varied bank risk appetites. For a regional risk analysis, see regional risk analysis.

Crypto regulations by country updated guide: compliance checklists and red flags

A focused compliance checklist helps firms map KYC, monitoring, and Travel Rule duties to operations.

KYC essentials: identity, liveness, verification, and address checks

Minimum data: collect full name, residential address, and date of birth. Verify these against government‑issued ID and an independent address source.

Steps: identification, liveness proof, document verification, then address validation. Keep evidence and timestamps for audit trails.

For practical onboarding standards, review our KYC requirements and adapt to U.S. thresholds and risk profiles.

Transaction monitoring: complex, unusual, and no-purpose activity alerts

Design scenarios to spot anonymity, rapid in/out flows, and structuring around thresholds.

• Flag use of privacy coins, unlicensed venues, or proxy chains.
• Alert on high-frequency trades, sudden large moves, or purposeless loop transfers.
• Include geography checks for high‑risk jurisdictions and patterns that match laundering or money‑mule activity.

Travel Rule readiness: data collection, sharing, and counterpart risk

Collect and store originator and beneficiary data for transfers at or above the FATF $1,000/€1,000 threshold. Note that 65 of 94 jurisdictions had passed Travel Rule laws as of April 2024, with 15 in progress.

Establish secure transmission, validate the counterparty VASP status, and apply enhanced due diligence where third‑country rules are weak or incomplete.

• Operational musts: sanctions & PEP screening, refresh cycles, and clear escalation runbooks.
• Control evidence: audit trails, QA checks, and management reporting for regulator exams.
• People: train staff on typologies and test systems to reduce false positives.

Conclusion

The policy landscape is converging toward clearer standards, even as local nuances remain significant. Global moves—from U.S. legislation and EU MiCA/TFR to FATF Travel Rule adoption—are creating predictable expectations for service providers and platforms dealing in crypto and cryptocurrency.

Compliance by design now unlocks market access. Firms should invest in KYC, monitoring, sanctions screening, and data‑security for assets and operations. Keep a dynamic jurisdictional matrix to track licensing triggers and Travel Rule duties.

Practical next steps: prioritize controls, document testing, and coordinate with banks and regulators. Governments and supervisors will refine rules across countries, so stay proactive to scale responsibly and reduce friction in cross‑border activity.