Lowenstein Crypto advises leading digital asset and cryptocurrency projects, exchanges, and trading firms. Our practice covers regulatory advice, transactions and structuring advice, investigations, and adversarial matters including commercial disputes, bankruptcy, and related litigation. As these markets continue their rapid growth and market participants continue to evolve and mature their businesses, we are providing this weekly digest as a resource that highlights and summarizes a selection of key recent legal regulatory developments.
Please note that the Lowenstein Crypto Brief will not be distributed on Dec. 25 or Jan. 1, 2026, in observance of the holiday season. Distribution of the Crypto Brief will resume on Jan. 8, 2026.
SEC Releases Statement on the Custody of Crypto Asset Securities by Broker-Dealers
On Dec. 17, the Securities and Exchange Commission’s (SEC) Division of Trading and Markets released a statement (the Statement) providing clarity on whether a broker-dealer has “physical possession” of a crypto asset security under Rule 15c3-3 under the Securities Exchange Act of 1934, as amended (Rule 15c3-3). Under Rule 15c3-3, a broker-dealer is required to obtain physical possession or control of all fully paid and excess margin securities it carries for the account of customers. Under the Statement, a broker-dealer will have “physical possession” of crypto asset securities if the broker-dealer (i) has access to and can transfer the crypto asset security on the applicable network and (ii) establishes, maintains, and enforces reasonably designed written policies and procedures with respect to (a) details of the applicable network, including but not limited to, network governance and updates; (b) safekeeping of private keys necessary to access and transfer the crypto asset security; and (c) continued safekeeping and accessibility of crypto asset securities in the event of a network disruption or other materially disruptive event. In addition, the broker-dealer will not be deemed to have possession of a crypto asset security if it is aware of any material security or operational weakness or problem with the underlying network. See the full statement here.
FDIC Proposes Approval Framework for Bank-Issued Stablecoins
On Dec. 16, the Federal Deposit Insurance Corporation (FDIC) released a notice of proposed rulemaking outlining a formal process for FDIC-supervised banks and their subsidiaries to apply for approval to issue payment stablecoins. This marks the first concrete regulatory action under the newly enacted GENIUS Act. Under the proposal, FDIC-supervised banks would seek authorization to issue payment stablecoins through a dedicated subsidiary, with the FDIC evaluating both the subsidiary and its parent institution against statutory criteria set forth in the GENIUS Act. These criteria include compliance with stablecoin issuance standards, financial condition, management quality, redemption mechanisms, and broader safety and soundness considerations. Upon approval, the FDIC would act as the primary federal regulator for the subsidiaries’ stablecoin activities, providing ongoing supervisory oversight as stablecoins are integrated into the regulated banking system. The press release can be found here, and the notice can be found here.
CFTC Withdraws Digital Asset Guidance
On Dec. 11, the Commodity Futures Trading Commission (CFTC) Acting Chair Caroline D. Pham announced that the CFTC is withdrawing guidance issued in 2020 related to the actual delivery of “virtual currencies.” Among other things, the 2020 guidance dictated that actual delivery of a virtual currency (VC) occurs when the customer takes both possession and control of the VC and that “actual delivery” in VC does not occur if an offeror is the counterparty to a transaction and the VC remains within the offeror’s blockchain address. The stated objective of the withdrawal of the 2020 guidance is to enable the CFTC to continue its ongoing work to implement the recommendations of the President’s Working Group on Digital Asset Markets. The press release is available here.
SEC No-Action Letter Enables DTC Tokenized Entitlements
On Dec. 11, SEC staff issued a no-action letter to the Depository Trust Company (DTC) providing relief in relation to the DTC’s pilot securities tokenization program (the Pilot Program). Under the Pilot Program, DTC participants may elect to have their security entitlements to DTC-held securities recorded using distributed ledger technology rather than exclusively through DTC’s current centralized ledger. The DTC has not yet made available the list of public and private blockchain distributed ledgers on which participants may register a blockchain address under the Pilot Program. However, the DTC has explicitly limited eligible securities to U.S. Treasury securities, securities in the Russell 1000 Index, and ETFs that track major indices. The Pilot Program is expected to launch in the second half of 2026. The no-action letter is available here.
SEC Issues New Custody Guidance for Retail Investors
On Dec.12, the SEC’s Office of Investor Education and Assistance issued an investor bulletin outlining basic crypto asset custody considerations for retail investors as cryptocurrency adoption continues to expand. The bulletin highlights key custody issues, including the distinction between hot and cold wallets. Hot wallets, which are connected to the internet, provide convenient access to crypto assets and facilitate transactions but expose users to heightened cybersecurity risks. Cold wallets, by contrast, are offline physical devices that are generally less susceptible to cyberattacks; however, the SEC cautions that they present other risks, such as loss or theft, which may result in the permanent loss of crypto assets. Beyond the selection of a wallet type, the SEC emphasizes that investors must also decide whether to maintain custody of their crypto assets themselves or rely on a third-party custodian. When evaluating custody options, the SEC advises investors to consider factors such as their ability to securely establish and maintain a crypto wallet, how a custodian stores and safeguards crypto assets, the privacy protections offered, and the costs associated with wallet or custody services. In light of the SEC’s guidance, investors and market participants should carefully research their custody arrangements and evaluate risk management practices to ensure they protect their assets and reduce exposure to cybersecurity threats. See full investor bulletin here.
Bipartisan Legislation in the Senate Seeks To Create New Cryptocurrency Task Force
On Dec. 15, U.S. Sens. Elissa Slotkin, D-Mich., and Jerry Moran, R-Kan., announced a bill to crack down on cryptocurrency scams. The bipartisan Strengthening Agency Frameworks for Enforcement of Cryptocurrency (SAFE Crypto) Act seeks to create stronger protections as cryptocurrency becomes more common. The SAFE Crypto Act would establish a federal task force which would unite law enforcement, the Treasury, regulators, and private-sector experts to monitor, identify, track, and stop fraudulent activity involving cryptocurrency. The bill’s sponsors said that the federal task force will support local law enforcement with better tools, improve public awareness of such threats, and provide Congress with regular updates on emerging threats and enforcement progress. The bill has been read twice and referred to the Committee on Banking, Housing, and Urban Affairs. The full text of the SAFE Crypto Act can be read here.
President Trump Issues AI-Regulation-Focused Executive Order
On Dec. 11, President Donald Trump issued the executive order “Ensuring a National Policy Framework for Artificial Intelligence” (the EO). The goal of the EO is to sustain and improve the United States’ global AI standing through a “minimally burdensome national policy framework for AI.” The EO outlines a federal-first approach to AI regulation through the implementation of a comprehensive national standard. The EO establishes timelines that will impact compliance for crypto and fintech firms throughout the country. Under the guidelines, within 30 days of the EO’s issuance, the Attorney General will form an AI Litigation Task Force, which will be responsible for challenging state laws that are inconsistent with the EO’s policy. Within 90 days of the issuance date, the Secretary of Commerce is required to publish an evaluation identifying state-level AI regulations that conflict with the national framework for referral to the task force. Also within this 90-day framework, the Secretary of Commerce through the Assistant Secretary of Commerce for Communications and Information will issue a policy notice that provides conditions for states’ eligibility for remainder funds under the Broadband Equity Access and Deployment Program; however, states that are identified as having noncompliant AI laws will be ineligible. Additional actions under the EO include (i) the Special Advisor for AI and Crypto and the Assistant to the President for Science and Technology’s legislative recommendation establishing the uniform federal policy framework for AI and preempting any state AI laws that conflict with the EO, (ii) the potential for the FTC’s issuance of a policy statement explaining the circumstances where state laws will be preempted by the FTC Act’s prohibition on engaging in deceptive acts or practices affecting commerce when the state law requires altering truthful model outputs, and (iii) the potential establishment of federal reporting and disclosure standards through the FCC. The full text of the EO can be found here.
UK to Expand Financial Regulation to Crypto Assets and Stablecoins
On Dec. 15, the UK government announced plans to extend existing financial regulation to cover crypto companies, including crypto asset trading exchanges and stablecoin issuance. Under the legislation, digital assets, including bitcoin, other cryptocurrencies, exchanges, digital wallets, and potentially stablecoins, would fall within the regulatory remit of the Financial Conduct Authority, similar to other regulated financial products. The implementation of this policy is expected to begin in 2027. See official announcement here.
Spain Issues MiCA Compliance Guidance
On Dec. 15, the Comisión Nacional del Mercado de Valores (CNMV), Spain’s securities regulator, issued guidance detailing how crypto companies operating in Spain must comply with the EU’s Markets in Crypto-Asset Regulation (MiCA). The CNMV clarifies that all crypto asset service providers intending to operate after Dec. 30, 2025, must obtain MiCA authorization by that date. Firms currently operating under Spain’s transitional registration regime will lose status unless they complete MiCA registration before the deadline. The guidance outlines the documentation, procedural steps, and day-to-day conduct requirements for MiCA compliance and clarifies that the rules will apply broadly, beyond traditional exchanges and custodians. The CNMV also reminded firms that MiCA establishes new obligations related to governance, disclosures, and conflict of interest controls. This move aligns with broader EU implementation trends as regulators across member states begin enforcing the framework ahead of full application in 2026. The guidance can be found here.
