Regulatory Roundup #15

Summary

The SEC and CFTC have finally answered the question that has haunted US crypto regulation for a decade, publishing a joint five-category token taxonomy on March 17 that names 16 assets as digital commodities and removes the cloud from mining, staking, airdrops and token wrapping in one document. The CLARITY Act’s Senate path got marginally less treacherous with a tentative stablecoin yield deal between Senators Tillis and Alsobrooks, though the $TRUMP meme coin dinner has helpfully reactivated the ethics subplot. In the UK, Companies House has moved to dissolve an OFAC-sanctioned exchange whose director of record was a stock photograph - a detail that says something uncomfortable about UK corporate infrastructure. Australia is one Senate vote from enacting its digital assets licensing regime; India’s crypto founders are discovering that the absence of a regulatory framework does not mean the absence of personal criminal risk.

🔦 Spotlight

🏛️ The token taxonomy arrives - and most crypto is not a security

For the best part of a decade, the single most consequential unanswered question in US digital asset regulation has been deceptively simple: when is a crypto asset a security? On March 17, the SEC and CFTC answered it - jointly, at Commission level, and in binding form.

The interpretive release the two agencies published that Tuesday is 68 pages long and covers a considerable amount of ground, but its core architecture can be summarized in one sentence: most crypto assets are not securities, and the five-category taxonomy set out in the document explains what they are instead. Digital commodities - the bucket that captures Bitcoin, Ether, Solana, XRP, and twelve other named tokens - are under CFTC jurisdiction. Digital collectibles, covering trading cards, event memorabilia, and similar items with non-fungible characteristics, are not securities. Digital tools, meaning tokens that function as software access keys or protocol utilities without any promise of return, are not securities. Payment stablecoins meeting the GENIUS Act definition are not securities. Only digital securities - tokenized versions of traditional financial instruments, or assets that meet the Howey investment contract test through issuer conduct - remain within the SEC's remit.

The practical implications of that last point are worth dwelling on, because the investment contract analysis in the release is more nuanced than the headline classification might suggest. The guidance is explicit that a crypto asset which is not itself a security can still become subject to the securities laws if an issuer offers it as part of an investment contract - that is, by inducing an investment of money in a common enterprise with promises of profit derived from the issuer's essential managerial efforts. The Howey test, in other words, attaches to the transaction and the representations surrounding it, not to the token itself. And critically, that status can end: once an issuer has fulfilled or abandoned its representations, the investment contract terminates and the asset reverts to its underlying category. For issuers trying to navigate the path from launch to functional network, this is the most operationally significant sentence in the entire document.

The release also clarifies several long-contested activities. Protocol mining is not an investment contract. Protocol staking is not an investment contract. Airdrops are not securities transactions where recipients provide no consideration. Wrapping a non-security token into another format does not transform it into a security. Each of these clarifications directly removes a cloud that has sat over large categories of activity for years.

The taxonomy did not arrive alone. On March 11, the SEC and CFTC signed a Memorandum of Understanding establishing a Joint Harmonization Initiative, committing both agencies to coordinated policy, examinations, and enforcement. The March 17 release was issued jointly under that framework - which matters, because previous staff-level guidance carried no binding force and could be reversed by a subsequent Commission. This interpretation is issued at Commission level and carries immediate persuasive authority, making it substantially harder to unwind than anything that came before it.

Chair Atkins framed the moment at the DC Blockchain Summit with characteristic directness: “We’re not the securities and everything commission anymore.” He also signaled that the interpretation is a prelude, not a conclusion - a formal rulemaking, including an innovation exemption that would allow certain crypto offerings to proceed without prior SEC registration, is expected imminently. The CFTC’s Selig added that the agencies are committed to fostering “clear and rational rules of the road.”

There are caveats that practitioners are already flagging. The release is an interpretation, not legislation - it carries persuasive authority and binds current Commission conduct, but a future Commission could revisit it, and it cannot by itself resolve jurisdictional questions that ultimately require an Act of Congress. Open questions persist around fully permissionless DeFi protocols with no identifiable issuer, and the precise decentralization threshold at which an investment contract terminates. These are not trivial edge cases. CLARITY Act sponsors have been quick to note that the taxonomy is a bridge measure, and the joint statement makes the same point: "Only Congress can rewrite the law," as Atkins put it in a CoinDesk op-ed co-authored with Commissioners Peirce and Uyeda, "and we stand ready to work with CFTC Chairman Selig to implement the CLARITY Act."

The distinction between interpretation and statute matters not just as a legal technicality but as a forward-planning question for firms. The taxonomy provides the best available guidance on how the current SEC and CFTC view the regulatory landscape, and for issuers, intermediaries, and trading platforms, that guidance is substantial. But until the CLARITY Act or something like it clears the Senate, the certainty it provides is conditional.

After years of the Howey test being deployed less like a legal standard and more like a surprise inspection, the SEC has finally put the checklist on the noticeboard. Whether it stays on the wall if CLARITY doesn’t get done is a question for the next administration.

🌎 Global Developments

🇺🇸 United States

🏛️ CLARITY Act: stablecoin yield deal - almost

The CLARITY Act’s stablecoin yield fight appeared to be approaching resolution when Senators Thom Tillis and Angela Alsobrooks struck a tentative deal on March 20 - Senator Lummis posted a “yield” sign on X the same day, which passes for a bullish regulatory signal in Washington. By Tuesday March 24, draft text had circulated to industry participants on Capitol Hill, and markets gave their verdict: Circle fell 20% in its worst single-day drop on record, and Coinbase dropped around 10%.

The draft’s mechanics explain the reaction. The core prohibition bars any Digital Asset Service Provider - together with its affiliates, but excluding payment stablecoin issuers themselves and foreign issuers - from paying interest or yield to customers solely in connection with holding a payment stablecoin, or in any manner economically or functionally equivalent to an interest-bearing bank deposit. Crucially, the draft targets the pass-through model that the GENIUS Act left untouched. Under the existing structure, Circle earns interest on the Treasuries backing USDC and shares a portion with Coinbase, which funds customer rewards - a design that has driven meaningful USDC adoption. By banning anything “economically equivalent to interest,” the draft would close that channel. The carve-outs for activity-based rewards and loyalty programs remain, with a joint SEC/CFTC/Treasury rulemaking due within one year of enactment to define permissible categories and include anti-evasion provisions. Negotiations are ongoing.

The headwinds beyond stablecoins have not gone away. The SAVE Act is consuming Senate floor time the CLARITY Act needs. President Trump’s dinner for the top 220 holders of his $TRUMP meme coin has reactivated the ethics provisions that derailed the January markup, with Senator Gillibrand explicitly conditioning her support on anti-profiteering language that failed along party lines in the Agriculture Committee and remains unresolved. A Banking Committee hearing is pencilled for the latter half of April, after which the committee draft must be reconciled with the Agriculture Committee version before reaching the floor - a significant amount of track to cover before the midterm gravitational field sets in around May or June.

The optimistic read is that Tuesday’s market reaction accelerates a workable compromise on yield. The less optimistic read is that the same “almost there” narrative running since January has now acquired a live market overhang, and every week of delay tightens the vice of the November 2026 midterms. Bank of America puts the odds of passage before the elections at around 50%; Polymarket was pricing it at 72% as of mid-March.

🇺🇸 Iran, OFAC, and the stablecoin that cuts both ways

The US-Israeli strikes on Iran from February 28 onwards have generated a fast-moving financial crime environment for crypto firms. OFAC's January 30 designation of two UK-registered exchanges - Zedcex and Zedxion - for operating in Iran's financial sector and facilitating transactions for the IRGC was the first time the agency had targeted exchange infrastructure specifically rather than individual wallets or addresses. Zedcex alone had processed over $94 billion in transactions; Zedxion and its sister entity moved roughly $1 billion linked to the IRGC, with that share reaching 87% of total volume in 2024. The designations signal a deliberate shift in enforcement strategy - from picking off individual addresses to targeting the plumbing.

With kinetic operations ongoing and Iran’s energy infrastructure under sustained pressure, OFAC has indicated that further designations are expected.

There is also a structural irony here. The GENIUS Act is framed as a tool for extending US dollar dominance through regulated stablecoins - and that framing is not wrong. But Elliptic has established with high confidence that the Central Bank of Iran acquired at least $507 million in USDT to support the rial and settle international trade. Dollar-denominated stablecoins are therefore simultaneously the instrument of US monetary projection and the instrument of sanctions evasion. The GENIUS Act's OCC rulemaking - with its comment deadline of May 1 - is where the reserve requirements, disclosure standards, and foreign issuer rules that determine whether this tension is manageable will be set. The dollar is simultaneously Washington’s most powerful foreign policy tool and its least obedient one.

🇪🇺 European Union

⚠️ ESMA: your perpetual futures are probably CFDs

A public statement published by ESMA on February 24 - somewhat under the radar given the volume of MiCA activity around the same period - deserves attention from any firm offering leveraged crypto derivatives to EU retail clients. The statement addresses derivatives marketed as "perpetual futures" or "perpetual contracts" and makes the regulatory position unambiguous: the commercial label is irrelevant. What matters is the substance, and a derivative that provides leveraged exposure to an underlying value and is not exclusively settled physically almost certainly falls within the scope of national product intervention measures on CFDs.

The practical consequences are significant. If a crypto perp is a CFD, the national measures mirror the original 2018 ESMA temporary decision: leverage limits apply (2:1 for crypto under standard rules), mandatory risk warnings must be displayed, margin close-out and negative balance protection are required, and PRIIPs Key Information Documents are mandatory for retail distribution. Product governance under MiFID II also requires a narrow target market assessment - ruling out mass marketing campaigns or blanket “get started now” communications. Participating in circumvention is prohibited; what matters is product characteristics, not product names. A perpetual future by any other name is still a CFD. ESMA has the red pen out.

🇬🇧 United Kingdom

🔍 Companies House moves to dissolve IRGC-linked exchange

Britain's Companies House has initiated dissolution proceedings against Zedxion Exchange Ltd, the crypto platform sanctioned by OFAC in January for processing funds on behalf of Iran's Islamic Revolutionary Guard Corps. The action, published on March 19, was taken on grounds that the company's filings contained information that was "misleading, false or deceptive" - a formulation that politely understates what the investigation found.

Zedxion's director of record, listed as one Elizabeth Newman, a Dominican national, was in all likelihood a fictitious identity. Investigators found that the photograph used to represent Newman in promotional materials was a stock image. The individual originally listed as both director and person with significant control at the company's incorporation in 2021 - listed under the name "Babak Morteza" - matches in identifying details Babak Zanjani, an Iranian businessman designated by the US and EU in 2013 for laundering billions of dollars in oil revenue on behalf of the Iranian state. Zanjani was subsequently convicted in Iran for embezzling state oil funds, sentenced to death, had that sentence commuted in 2024, and re-emerged publicly linked to regime-aligned economic projects. His conglomerate, DotOne Holding Group, spans cryptocurrency, foreign exchange, logistics, aviation and telecommunications.

TRM Labs found that Zedxion and its sister entity Zedcex processed roughly $1 billion in funds linked to the IRGC, with the IRGC-linked share reaching approximately 87% of Zedxion's total transaction volume in 2024. OFAC's January 30 designation of both entities - the first time the agency had specifically targeted digital asset exchanges for operating in Iran's financial sector - has now been followed by the UK corporate registrar exercising its expanded powers under the Economic Crime and Corporate Transparency Act 2023.

Those powers are relevant to the story in their own right. From November 2025, mandatory identity verification applies to all directors and persons with significant control at UK-registered companies - the very mechanism that enabled Zedxion to operate for years through a fictitious director is now legally prohibited at the point of registration. Whether that verification regime would have caught this specific operation earlier is unknowable, but the Companies House dissolution notice is a visible test of whether the new enforcement toolkit has teeth. On this occasion, it appears it does.

🌏 Asia-Pacific

🇦🇺 Australia

🏛️ Senate committee clears digital assets bill

Australia's Senate Economics Legislation Committee recommended on March 16 that the Corporations Amendment (Digital Assets Framework) Bill 2025 pass without amendment. The bill, which has already cleared the House of Representatives, now awaits a Senate vote.

The legislation amends the Corporations Act 2001 and the ASIC Act 2001 to bring "Digital Asset Platforms" and "Tokenized Custody Platforms" within the Australian Financial Services License framework. In practice, this means centralized exchanges and tokenized custody operators holding client digital assets will need an AFSL - the same license required of brokers and investment platforms in traditional finance - with a six-month transition period from commencement. Firms failing to comply face civil penalties of up to 10% of annual turnover, and from March 31, 2026, all crypto firms are also required to register with AUSTRAC and operate anti-money laundering programs regardless of the bill's passage.

The committee's report described the bill as making "a substantial improvement to the regulation of digital assets, including more robust safeguards for Australian consumers." Industry reception has been cautiously positive, with the primary concern being the scope of custody definitions and whether wallet technology providers fall inadvertently within the licensing perimeter. The government has been encouraged to provide additional implementation guidance before commencement.

The bill's passage would give Australia one of the more operationally coherent digital asset licensing regimes in the Asia-Pacific region. For international platforms serving Australian retail clients, the six-month transition clock starts on Royal Assent - and firms that have been treating licensing as a future problem now have a practical planning horizon.

🇮🇳 India

CoinDCX founders arrested - and the limits of impersonation as a defence

The co-founders of CoinDCX, India's largest cryptocurrency exchange, were arrested by Thane Police on March 21 and remanded to police custody until March 23. Sumit Gupta and Neeraj Khandelwal were detained in Bengaluru following a First Information Report filed by a 42-year-old insurance consultant who alleges he was defrauded of approximately 71.6 lakh rupees (roughly $85,000) after being promised high returns and franchise rights linked to CoinDCX between August 2025 and February 2026.

CoinDCX has rejected the allegations in full. The company's position is that the fraud was conducted entirely through a fake website operating under the domain coindcx.pro - a site with no connection to the exchange - by impersonators who collected money via cash and bank transfers into third-party accounts. CoinDCX says it has reported more than 1,212 fake websites impersonating its domain since April 2024, and that the victims' funds never passed through any system it controls. That defence is plausible: brand impersonation is a documented and growing problem in India's crypto market, and investment scams accounted for 76% of all financial losses in 2025 according to the Ministry of Home Affairs.

Whether it is ultimately persuasive in court is a different question, and one that India’s legal system is not yet well-equipped to answer cleanly. Charges have been filed under the Bharatiya Nyaya Sanhita (BNS) for criminal breach of trust and cheating - provisions that impose personal liability on individuals even where the fraudulent activity was conducted by third parties exploiting a brand. The WazirX precedent is instructive: following the $230 million hack in July 2024, 54 affected users filed a criminal writ petition in the Supreme Court seeking action against co-founder Nischal Shetty and the exchange management, which the court dismissed in April 2025 on the basis that the matter falls under policy rather than judicial jurisdiction.

That last point is the structural problem. India has the world's third-largest crypto user base by adoption and one of its highest-volume retail markets, yet has no comprehensive regulatory framework that draws clear lines between platform liability, third-party fraud, and executive criminal exposure. In that vacuum, ordinary criminal law provisions designed for traditional financial fraud are being applied to a market that operates on fundamentally different infrastructure - and crypto exchange founders are discovering that the absence of a bespoke regime does not mean the absence of personal risk. CoinDCX itself made this point in the WazirX era; it is now on the receiving end of the same dynamic.

🔎 Things to Watch

• 🇺🇸 CLARITY Act: Senate Banking Committee hearing pencilled for late April. Watch whether the Tillis/Alsobrooks stablecoin yield deal holds and whether the ethics provisions remain unresolved.
• 🇺🇸 GENIUS Act OCC NPRM: public comment period closes May 1, 2026. The affiliate/third-party yield prohibition is the provision most directly entangled with the CLARITY Act negotiations.
• 🇺🇸 California DFAL: license applications open 9 March via NMLS; compliance deadline 1 July 2026.
• 🇪🇺MiCA grandfathering deadline: July 1, 2026. Under 100 days away for operators in the remaining transitional member states. Poland remains without implementing legislation.

Coming into view:

• 🇬🇧 Further FCA policy statements making final rules for the UK crypto regime.
• 🇪🇺 EU Markets Integration & Supervision (MIS) package negotiations: the future of centralized ESMA supervision for all CASPs.

‍

‍

^{DISCLAIMER: The views and opinions expressed herein are those of the author(s) and do not necessarily reflect the views of Talos Global, Inc. or its affiliates (collectively, "Talos") and summarizes information and articles with respect to cryptocurrencies or related topics. This material is for informational purposes only and is only intended for sophisticated institutional investors, and is not (i) an offer, or solicitation of an offer, to invest in, or to buy or sell, any interests or shares, or to participate in any investment or trading strategy, (ii) intended to provide accounting, legal, or tax advice, or investment recommendations, or (iii) an official statement of Talos. No representation or warranty is made, expressed or implied, with respect to the accuracy or completeness of the information or to the future performance of any digital asset, financial instrument or other market or economic measure. The information is believed to be current as of the date indicated and may not be updated or otherwise revised to reflect information that subsequently became available or a change in circumstances after the date of publication. Talos and its employees do not make any representation or warranty, expressed or implied, as to accuracy or completeness of the information or any other information transmitted or made available. Investing in cryptocurrency comes with risk. Certain statements in this document provide predictions and there is no guarantee that such predictions are currently accurate or will ultimately be realized. Prior results that are presented here are not guaranteed and prior results do not guarantee future performance. Recipients should consult their advisors before making any investment decision. Talos may have financial interests in, or relationships with, some of the assets, entities and/or publications discussed or otherwise referenced in the materials. Certain links that may be provided in the materials are provided for convenience and do not imply Talos's endorsement, or approval of any third-party websites or their content. Any use, review, retransmission, distribution, or reproduction of these materials, in whole or in part, is strictly prohibited in any form without the express written approval of Talos.}