Crypto: the great "regulatory uncertainty"-lie

Stay up to date

Get notified when I publish something new, and unsubscribe at any time.

For years, the crypto industry has been crying out for "regulatory certainty" to the point where a large proportion of people have been gaslit into thinking there is actually regulatory uncertainty.

This is not, and has never been, the case. The reality is that the crypto industry just didn't much like the existing rules, so blatantly flaunted them. Some might even have fooled themselves into believing there was uncertainty because there clearly were some rules, but they didn't seem to get enforced.

So where was the certainty?

Let's first start off with some definitions, and let's, for simplicity's sake, keep it US centric. Most countries and regions will have similar rules & definitions, simply because a certain level of harmonization is required to be allowed to participate in the global market for financial services. This is especially true for any business active in the US or EU, or hoping to serve clients in these markets.

Firstly, what businesses fall under regulation? Usually Financial Institutions ("FI's"), which US FinCen defines as:

A "financial institution" includes any person doing business in one or more of the following capacities:

  • bank (except bank credit card systems);
  • broker or dealer in securities;
  • money services business;
  • telegraph company;
  • casino;
  • card club;
  • a person subject to supervision by any state or federal bank supervisory authority.

This is a very broad definition, but pretty much includes by default any type of crypto intermediary by virtue of being a securities broker/dealer or money service business. This means they are subject to both securities law and Anti Money Laundering law ("AML"). AML law is a subject crypto intermediaries have historically been especially weak at, doing somewhere between zero- and little due diligence on their clients.

Exchanges have also vehemently denied that they are broker dealers, because they claim tokens are not securities. This, as we'll soon explore, is false.

Token offerings are OK though, right?

Who does't remember the many "wink-wink" "utility-token" offerings of a few years ago? What if you're not an intermediary, but just offered some tokens to the public, that should be fine, as long as you called them utility tokens, right?


Practically, all tokens, except BitCoin, and maybe Ethereum (but debatable) are securities for the purposes of securities law. Let's again look at the so-called "Howey-test", which is a legal precedent based on a US Supreme Court judgement determining whether something is a security or not. The definition of an investment contract under this ruling is:

  1. An investment of money
  2. In a common enterprise
  3. With the expectation of profit
  4. To be derived from the efforts of others

It would take a lot of creativity to somehow conjure an explanation where most tokens do, not in fact, fulfil all four conditions of the Howey-test. This bears the consequence that most token-offerings that have taken place are, in fact, unauthorized, illegal offerings of securities to the public.

I would also personally argue that many tokens purporting to tokenize underlying assets, such as real-estate and debt are also very much securities: they easily fulfil criteria 1,3 & 4. And 2, the common enterprise arises the moment two or more investors invest in the tokenized underlying asset. That is their common enterprise, whether incorporated or not.

If there was certainty, why weren't the rules enforced?

The last line of defence against breaches of AML- and securities law that I've heard tends to be that there was little enforcement action against fly-by-night crypto exchanges, intermediaries and token offerings.

There are a couple of things that need to be raised against this defence:

Firstly, just because the police doesn't catch a criminal, does not make the crime legal.

Secondly, the regulatory enforcement system of financial regulation is not built for the world of crypto. Financial regulators in the world are built for a world where they have a handful to a few hundred institutions to regulate. All who will ask to be regulated, and report directly to regulators on most matters.

Given this, regulators were simply ill-prepared to enforce law at an internet-scale. Anyone could pop up an exchange anywhere in the world and offer trading- and tokens to anyone anywhere else in the world, only to disappear into the ether the second they smelled the heat. Regulators used to working in yearly audits simply could not keep up, when an actor in breach would already be long gone by the time they even became aware of them.

I can already hear some excuses/objections coming in, but it bears repeating:

  • Not being caught, doesn't make an act legal.
  • Unfit/unprepared regulators do not make the regulations unfit or inappropriate. A fat, slow mall-cop doesn't make shoplifting more moral or legally justifiable, the same applies for crypto.

Why do people keep saying there is legal uncertainty?

Simple: they don't like the rules. It doesn't serve their purposes. Many insiders have made small fortunes from pumping up pre-mined tokens, only to dump them on hopeful retail investors. They don't want their punchbowl taken away from the party, and they certainly don't want accountability for past actions.

As we've seen with scandals of late, once you have the money, it can be used for regulatory capture through political donations—eventually key politicians started parroting the same “regulatory uncertainty” lines as industry insiders.

That's just, like, your opinion, man!

OK, I profess, I am not a lawyer. I was however involved in AML specific product development for financial institutions between 2014-2020, and my company tried to get a foothold in the AML/RegTech software market during 2018-2019 (with some traction, but limited success, I'm afraid to report). This means I spent a lot of time deep-diving into various EU regulations, figuring out how to implement them into workable software systems. I also have some university courses in commercial law from sometime nearer the dawn of humanity.

So no, I am clearly not a lawyer, but I am a fairly informed layman, on account of prior studies and work in the area that spanned more than half a decade.


If it looks like a duck, quacks like a duck and walks like a duck, it's probably a duck. The same goes for securities, even if you call them something else, and they take unusual form.

Crypto may be new, but many of the existing definitions have stood the test of time for almost 90 years, as the financial industry has gone through massive change.

The rules are clear, have proven themselves robust over time, and my bet is they will outlast most of the crypto industry, as the industry faces its own mass-extinction event.

Stay up to date

Get notified when I publish something new, and unsubscribe at any time.