Why US crypto has no single regulator
If you have ever tried to figure out whether a token you bought is legal, taxable, or reportable, you have probably run into the same wall: there is no single answer, because no single agency is in charge. The United States regulates crypto through a patchwork of pre-digital statutes applied to a technology that did not exist when they were written. The Securities and Exchange Commission, the Commodity Futures Trading Commission, the Financial Crimes Enforcement Network, the Office of the Comptroller of the Currency, and a long list of state regulators all have a piece of the action, and none of them have a complete map.
This is not an accident. Congress has tried, and failed, to pass comprehensive crypto legislation multiple times. Until a bill actually becomes law, agencies fill the gap by stretching old rules onto new technology. The result is a system that is jurisdictionally confused by design, and that confusion is itself the regulatory product. Enforcement-driven oversight, not framework-driven oversight, is what shapes the market today.
Understanding which agency does what matters for builders, traders, and even passive holders. The agency that claims you determines which rules you are accused of breaking, what penalties you face, and what defenses you can raise. It also determines which platforms can legally serve you, which disclosures you get, and which disclosures you do not.
The SEC and the Howey test
The SEC, or Securities and Exchange Commission, is the agency most people associate with crypto enforcement. Its authority comes from the Securities Act of 1933 and the Securities Exchange Act of 1934, both written long before blockchain existed. Because Congress has not defined a "crypto token" in statute, the SEC applies a decades-old Supreme Court case called SEC v. W.J. Howey Co. to decide whether something is a security.
The Howey test asks whether a transaction involves an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others. If all four prongs are met, the asset is a security and falls under SEC jurisdiction. That means registration requirements, disclosure obligations, broker-dealer rules, and exchange registration. Most initial coin offerings from 2017 onward were treated as securities under this framework, and the SEC has brought enforcement actions against issuers, exchanges, and influencers ever since.
The practical impact is huge. A token the SEC considers a security cannot legally trade on an unregistered platform in the US, and the issuer can be liable for selling an unregistered security. Critics argue the SEC has stretched Howey past its original purpose; defenders say Congress left the agency no choice. Either way, the SEC's view is that anything other than a small set of clearly commodity-like tokens is presumptively a security until proven otherwise.
What the SEC does not do
The SEC does not regulate spot commodities, does not supervise banks, and does not enforce anti-money-laundering rules directly. It also does not register tokens themselves; it regulates the people and platforms that offer or trade them. This is a subtle but important distinction, and it explains why an exchange listing an alleged security can be charged even if the token's developers are overseas.
The CFTC and commodity jurisdiction
The CFTC, or Commodity Futures Trading Commission, has narrower but older authority over crypto. It regulates derivatives markets under the Commodity Exchange Act, and it has consistently taken the position that BTC and ETH are commodities, not securities. That position matters because commodity status puts spot trading outside the SEC's reach, while derivatives (futures, perpetual swaps, options) trading falls squarely under CFTC oversight.
CFTC jurisdiction is not theoretical. The agency has brought enforcement actions against unregistered offshore exchanges serving US customers, and it oversees US-licensed futures products tied to BTC and ETH. It has also formally asserted that other tokens, including SOL, ADA, and XRP, are commodities in various filings, although those assertions are contested and have not been tested in court as cleanly as the Bitcoin and Ethereum claims.
For a trader, the practical rule is simple. If you are trading a derivatives contract on a US-regulated venue, the CFTC is your regulator. If you are trading spot crypto on an unregistered offshore platform, you are in a gray zone where both the SEC and the CFTC have argued, at various times, that they have authority. That gray zone is where most retail activity actually lives.
Why the SEC-CFTC turf war matters
The two agencies have publicly disagreed about which tokens are which, and about who gets to police spot markets. Former SEC officials have called ETH a security; former CFTC officials have called it a commodity. Both cannot be right in the long run, but the courts have not forced a clean answer. Until they do, the market operates on the assumption that the next enforcement action could come from either direction.
FinCEN, the OCC, and the banking side of crypto
Two other federal agencies matter even though they rarely grab headlines. FinCEN, the Financial Crimes Enforcement Network, sits inside the Treasury Department and administers the Bank Secrecy Act. Its job is anti-money-laundering (AML) and counter-terrorist-financing (CTF) reporting. Crypto businesses that qualify as money services businesses must register with FinCEN, maintain AML programs, file suspicious activity reports, and comply with recordkeeping rules.
FinCEN does not care whether your token is a security or a commodity. It cares whether you are moving money on behalf of others. That is why exchanges, custodians, and some DeFi front-ends have been targeted under FinCEN rules even when the SEC has stayed quiet. The penalties are typically civil, but criminal referrals are possible when the activity is willful.
The OCC, the Office of the Comptroller of the Currency, charters and supervises national banks. It does not regulate crypto directly, but it sets the rules for how banks can custody crypto, hold stablecoin reserves, and offer crypto-related services. OCC interpretive letters over the past several years have progressively widened what national banks can do, including crypto custody and stablecoin activity on bank balance sheets, while keeping risk-management expectations high.
Add in the IRS (which treats crypto as property for tax purposes), state money-transmitter regulators (who license many non-bank crypto businesses at the state level), and the prudential regulators (Fed, FDIC) who oversee bank exposure, and you start to see the real picture: at least eight federal and fifty state regulators touch the industry in some way.
State money-transmitter licenses
Most US-based crypto businesses need state-by-state money-transmitter licenses or trust-charter equivalents, on top of any federal registration. New York's BitLicense is the most famous example. This state layer is often more burdensome than federal rules, and it is the reason some platforms simply geo-block US customers rather than seek licensing in all fifty states.
How tokens actually get classified in practice
There is no official registry of which tokens are securities and which are commodities. Classification happens through enforcement actions, public statements, and, occasionally, court rulings. That sounds arbitrary, and in many cases it is. But a rough consensus has emerged over the past decade.
BTC is widely treated as a commodity. The SEC has never alleged Bitcoin itself is a security, and the CFTC has formally listed it as a commodity in multiple filings. ETH's status is more contested: former SEC leadership called it a security, current leadership has softened that view, and the CFTC has called it a commodity. Most major US exchanges list ETH spot products, which would be hard if the SEC's securities view were active. XRP was the subject of a long SEC lawsuit against Ripple that ended in a mixed ruling, with the token itself not declared a security in secondary-market sales. SOL remains contested; the SEC has named SOL in past enforcement filings, while the CFTC has called it a commodity.
The honest version is that the classification depends on who you ask, when you ask, and what the token's issuer did at launch. A token sold in a public ICO with promises of profit is far more likely to be treated as a security than one distributed by mining or burned-and-minted mechanics. This is exactly the kind of line-drawing Congress has refused to do.
Stablecoins in their own lane
Stablecoins like USDT and USDC sit in a separate bucket. They are not typically treated as securities by the SEC, but they are treated as money-transmission instruments by FinCEN and, increasingly, as a banking and payments issue by the OCC and state regulators. Federal stablecoin legislation has been proposed multiple times; none has passed, so oversight continues to come from a mix of state licensing and federal banking guidance.
What FIT21 was supposed to change
The Financial Innovation and Technology for the 21st Century Act, usually shortened to FIT21, was the most serious attempt to clarify US crypto jurisdiction. It passed the House in 2024 with bipartisan support but stalled in the Senate. The bill would have done something the current system does not: draw explicit lines.
Under FIT21, the CFTC would have gained primary spot-market authority over digital assets that are not securities, while the SEC would have kept jurisdiction over tokens that meet a clear digital-asset-securities definition. Token issuers would have had a path to a regulatory safe harbor if they decentralized over time, allowing projects to mature out of securities status. The bill also would have clarified that non-custodial software developers and validators are not money transmitters, which would have been a major relief for the DeFi ecosystem.
Critics from both sides disliked parts of it. Consumer advocates worried the CFTC's disclosure regime is lighter than the SEC's. Crypto-native critics worried the digital-asset-securities definition was still too broad. The Senate declined to take it up, and the bill effectively died at the end of the congressional session. Newer versions have been reintroduced, but none have become law.
If a FIT21-style bill ever passes, three things change. First, token issuers get a clearer path to compliance. Second, US-based crypto businesses get a clearer licensing regime. Third, the SEC loses some of its enforcement-by-ambiguity power, which is exactly why some in Washington opposed the bill. The honest summary is that until something like FIT21 becomes law, the US will continue regulating crypto the way it has been: by lawsuit.
What this means if you hold, trade, or build
For users, the practical takeaway is that the regulatory label of your token does not determine whether you can buy it. It determines which rules apply to the platform you buy it on, and which disclosures you should expect. US-registered exchanges that list tokens the SEC considers securities face the highest compliance bar. Offshore exchanges that list the same tokens face less, but they also do not offer you the same legal protections if something goes wrong.
For builders, the message is harsher. If you raise money from US investors in exchange for a token that promises returns, you are at real risk of an SEC action regardless of how the token is technically structured. Decentralization can help over time, but it is not a magic shield. Issuers who want to engage US users should plan for either SEC registration or a deliberate move offshore, and they should expect both paths to be expensive.
For traders, the rule of thumb is that derivatives on US-regulated venues are the cleanest part of the market. Spot trading on any platform, domestic or foreign, lives in the enforcement gray zone. Holding tokens in a self-custody wallet is generally treated as legal, but using a US exchange triggers a stack of KYC and reporting obligations that you should not pretend do not exist.
None of this is investment advice, and the situation is changing fast. The right response is not to assume the current patchwork will last, and not to assume a clean bill is just around the corner. It is to track the regulatory news the same way you track the market, because the rules shape which trades are even possible.
Follow US crypto regulation the smart way
US crypto regulation moves on three tracks at once: agency enforcement actions, congressional bills, and court rulings. Tracking all three manually is a losing game, because the same token can be called a security, a commodity, or a non-security by different officials in the same week. Zippfeed surfaces crypto regulation headlines with sentiment scoring (bullish, neutral, or bearish) and an importance rating, so you can see which agency moves actually matter and which are political theater.
