No topic divides the crypto industry more than regulation. Crypto’s foundational promise — censorship-resistant, permissionless financial infrastructure — is architecturally at odds with the financial regulatory frameworks built around centralized intermediaries who can be compelled to know their customers, report suspicious activity, and block transactions. The decade-long regulatory standoff has produced a global patchwork: some jurisdictions banning crypto outright (China, 2021), some building comprehensive licensing frameworks (EU, Singapore, Japan), some declaring themselves innovation hubs with light-touch oversight (UAE, El Salvador), and the US oscillating between aggressive enforcement and legislative inaction. Understanding the landscape matters because regulatory arbitrage — projects choosing the friendliest jurisdiction — shapes where protocols are legally based, where exchanges can operate, and increasingly what products can be offered to retail customers globally.
The EU: Markets in Crypto-Assets Regulation (MiCA)
Here’s how the market structure works.
Overview
MiCA is the world’s most comprehensive cryptocurrency regulatory framework, enacted by the European Union in 2023 and reaching full implementation in December 2024. It establishes a harmonized, EU-wide regulatory regime for crypto-asset service providers (CASPs) — replacing the previous patchwork of different rules in Germany, France, Malta, and other member states.
Timeline:
- April 2023: MiCA officially published in the EU Official Journal (after years of drafting)
- June 2023: MiCA entered into force
- June 2024: Stablecoin provisions (Title III and IV) took effect — most immediately impactful change
- December 30, 2024: Full MiCA implementation — CASP licensing requirements fully effective
What MiCA Regulates
Three asset categories under MiCA:
- E-Money Tokens (EMTs): Stablecoins pegged to a single fiat currency (USDC, USDT equivalent); regulated like e-money
- Asset-Referenced Tokens (ARTs): Stablecoins referencing multiple assets, basket currencies, or commodities; more stringent reserve requirements
- Other Crypto-Assets: Everything not an EMT or ART (BTC, ETH, utility tokens); regulated at the CASP service level rather than the asset level
Key requirements for CASPs (exchanges, custodians, brokers) under MiCA:
- Must be licensed in at least one EU member state (passporting rights allow operating across all 27 member states)
- Minimum capital requirements (€50K–€150K depending on services)
- Segregation of client assets from company assets
- Mandatory white paper publication before any public token offering
- Stablecoin issuers must hold 1:1 liquid reserves with daily redemption rights
- Marketing and disclosure standards aligned with EU financial services standards
MiCA’s impact on Tether (USDT): USDT (Tether) faced significant compliance hurdles under MiCA’s stablecoin provisions because: 1) Tether has not published independently audited reserve breakdowns meeting EU standards, and 2) The stablecoin issuers must be authorized as an e-money institution within the EU. Multiple EU exchanges (including Bitstamp, Crypto.com) delisted USDT for EU customers ahead of the June 2024 EMT provisions taking effect to avoid regulatory risk. Tether has not obtained EU licensing.
MiCA passporting: This is MiCA’s most significant feature — a single CASP license in any EU member state allows operations across all 27 EU countries. This replaced the previous regime where Coinbase needed separate licenses/registrations in Germany, France, Italy, etc. Ireland, France, Germany, and Luxembourg have become preferred jurisdictions for initial licensing applications due to regulatory expertise and pro-innovation postures.
Singapore: MAS Payment Services Act
The following sections cover this in detail.
Overview
The Monetary Authority of Singapore (MAS) built one of the world’s most respected crypto regulatory frameworks — sophisticated enough to attract major industry participants while maintaining strong anti-money laundering standards. Singapore’s approach is “regulate the activity, not the technology.”
Key legislation: The Payment Services Act (PSA) — originally enacted 2019, significantly amended 2022 (PSA Amendment Act) to bring all digital token services under licensing.
License types under PSA:
- Major Payment Institution (MPI) license: Required for any company providing digital payment token (DPT) services at scale — exchanges, brokers, custodians
- Standard Payment Institution (SPI) license: Similar but with lower thresholds; less common in crypto context
Key requirements:
- Fit and proper persons test for directors and key personnel
- AML/CFT controls aligned with FATF standards
- Customer asset safeguarding (segregation from company assets)
- Separate license permissions for each type of DPT service (exchange, transfer, custody)
Singapore’s crypto sector pre-2022: Singapore was one of Asia’s premier crypto hubs — Binance Singapore, Bybit (registered Singapore), Crypto.com, OKX all had significant Singapore operations. The collapse of Three Arrows Capital (3AC, a Singapore-based crypto hedge fund), Terraform Labs (Terra-LUNA, Do Kwon’s company was Singapore-incorporated), and Vauld (crypto lender) in 2022 — all Singapore-registered firms — caused MAS to significantly tighten its approach.
Post-2022 tightening:
- MAS issued strong consumer warnings against crypto speculation
- MAS denied or restricted licenses for several prominent applicants
- Binance Singapore shut down; Bybit relocated domicile to Dubai
- MAS Deputy Managing Director called for “sober reflection” on retail crypto participation
Who holds Singapore MPI licenses: Coinbase Singapore, Circle (USDC issuer), Independent Reserve, amongst others. Notably, Binance does not hold a full Singapore MPI license.
UAE: VARA (Virtual Assets Regulatory Authority)
The regulatory landscape breaks down as follows.
Overview
Dubai created the Virtual Assets Regulatory Authority (VARA) in 2022 — the world’s first dedicated government agency for crypto regulation. VARA operates within the Dubai International Financial Centre (DIFC) framework but with authority across all Dubai emirate activity.
Why Dubai/UAE for crypto:
- 0% corporate tax (until 2023; 9% corporate tax thereafter, with free zone exemptions)
- No personal income tax
- Residency programs attractive to crypto entrepreneurs
- Political stability and access to Gulf Cooperation Council (GCC) markets
- UAE never banned crypto (unlike many regional neighbors)
VARA licensing categories:
- Exchange Services (operating a centralized exchange)
- Broker-Dealer Services (buying/selling crypto on behalf of clients)
- Custody Services
- Investment Management/Advisory
- Lending/Borrowing Services
- Token Issuances and Related Services
Key registrants: Bybit (moved HQ from Singapore to Dubai), OKX, Binance MENA region, Crypto.com, Coinbase MENA.
Abu Dhabi: The UAE capital has its own parallel framework through ADGM (Abu Dhabi Global Market) and FSRA (Financial Services Regulatory Authority) — also accommodating crypto businesses with a framework comparable to VARA.
Japan: Financial Services Agency (FSA)
Japan has the world’s longest history of formal cryptocurrency regulation, having implemented exchange licensing requirements in April 2017 following the Mt. Gox collapse — years before most other jurisdictions.
Key legislation: Payment Services Act (amended 2016 effective 2017); Financial Instruments and Exchange Act amendments (2020); further 2022 amendments
Requirements for Crypto Exchange Service Providers (CESPs):
- Mandatory registration with FSA (or delegated to regional Local Finance Bureaus)
- Detailed operational requirements: cybersecurity audits, cold storage requirements (majority of customer assets in cold storage), internal control systems, insurance requirements
- Annual financial audits by qualified accountants
- Strict KYC requirements with Japan-only ID verification
Japan’s Travel Rule compliance: Japan implemented the FATF Travel Rule (information sharing between exchanges on transactions) in 2022 — one of the earliest jurisdictions globally. This requires Japanese exchanges to include sender and recipient information in crypto transfers above ¥100,000 ($700).
Delistings: The Japanese FSA has a conservative posture on privacy coins (Monero, Zcash) — Japan’s registered exchanges cannot list them. The FSA reviews token listings centrally, meaning many tokens available globally are unavailable in Japan.
Stablecoin law (2023): Japan became one of the first countries to formally legalize stablecoin issuance domestically — but only by banks and trust companies, not crypto-native firms. Foreign stablecoins (USDC, USDT) face restrictive conditions for customer distribution.
Hong Kong: Securities and Futures Commission (SFC)
Hong Kong’s approach reversed dramatically in 2023 — pivoting from effectively excluding retail crypto to actively pitching itself as Asia’s crypto hub.
Pre-2023 (opt-in licensing): Hong Kong allowed cryptoasset exchanges to voluntarily apply for SFC licensing; most exchanges declined (licensing was complex, limited them to professional investors only)
June 2023 (mandatory licensing regime): New mandatory Virtual Asset Service Provider (VASP) licensing regime took effect — all exchanges offering crypto to Hong Kong retail customers must be licensed by SFC.
Retail access: Licensed Hong Kong exchanges can serve retail customers (unlike previous professional-investor-only restriction). VASPs must ensure retail customers receive adequate risk warnings and meet suitability criteria.
Significant applicants: HTX (Huobi), OKX, HashKey Exchange (first to receive full retail VASP license), Bybit, Crypto.com.
FATF Travel Rule — Global Standard
The Financial Action Task Force (FATF) — the intergovernmental body setting global anti-money-laundering standards — extended its “Travel Rule” to virtual assets in 2019 (FATF Recommendation 15).
What it requires: When a VASP (exchange, custodian) transfers virtual assets on behalf of a customer, it must transmit the following information to the receiving VASP:
- Originator name
- Originator account number (wallet address)
- Originator physical address OR date/place of birth
- Beneficiary name
- Beneficiary account number
Threshold: Transactions of $1,000 (or equivalent) or above trigger the requirement.
The “Sunrise Problem”: The Travel Rule only works if both sending and receiving VASPs are licensed and compliant. Transfers to self-hosted wallets (non-custodial wallets owned by individuals) are a gray area — some jurisdictions require VASPs to collect and verify beneficial ownership information for transfers to self-hosted wallets above threshold.
Technical implementation challenges: Unlike bank SWIFT messages, crypto networks don’t natively include metadata fields for Travel Rule compliance. Solutions include:
- TRISA (Travel Rule Information Sharing Architecture) — open-source protocol for inter-VASP Travel Rule data exchange
- Sygna Bridge, Notabene, OpenVASP — commercial Travel Rule compliance vendors
Adoption timeline: EU (implemented via Transfer of Funds Regulation 2023), Japan (2022), Singapore (2020), UK (2023), US (FinCEN proposed rule ongoing as of 2024).
Country Comparison Table
| Jurisdiction | Status | Regulatory Body | Retail Allowed | Key Requirements |
|---|---|---|---|---|
| EU | Full framework (MiCA) | National competent authorities (with EBA/ESMA oversight) | Yes | CASP licensing, white paper, asset segregation |
| Singapore | Licensed | MAS | Restricted (discouraged) | MPI license, FATF AML standards |
| UAE (Dubai) | Licensed | VARA | Yes | VASP license, category-specific approvals |
| Japan | Licensed | FSA | Yes (registered exchanges only) | CESP registration, cold storage mandate, no privacy coins |
| Hong Kong | Licensed | SFC | Yes (licensed VASPs only) | VASP license, suitability checks for retail |
| UK | Registered | FCA | Yes (FCA registered firms) | AML registration, marketing rules |
| US | Fragmented | SEC, CFTC, FinCEN, state regulators | Yes (but uncertain) | No comprehensive federal law; enforcement-led |
| El Salvador | Adopted BTC as legal tender | BCR | Yes | Bitcoin Law (2021); Digital Asset Issuance Law (2023) |
| China | Banned | PBOC, CSRC | No | Full ban on trading and mining (2021) |
Regulatory Arbitrage
The fragmented global landscape creates ongoing “regulatory arbitrage” — projects and exchanges domiciling in the friendliest available jurisdiction to minimize compliance burden while accessing global customers via the internet.
Classic examples:
- Binance (2017–2021): Explicitly structured to avoid any regulatory domicile; operated through multiple corporate shells with no formal headquarters; eventually forced to establish regulatory relationships by enforcement pressure
- BitMEX: Operated offshore (Seychelles); attempted to exclude US users via IP filtering; DOJ and CFTC charged founders with AML violations in 2020 for knowingly serving US customers
- Post-2022 pattern: Dubai and Abu Dhabi become preferred homes for exchanges seeking credentialed regulatory status with lighter operational burden than EU/US
Regulatory arbitrage limits: The EU’s MiCA and the FATF Travel Rule create pressure for convergence. If EU customers can only use licensed CASPs (MiCA), and EU CASPs can only send to licensed counterparties satisfying Travel Rule, unlicensed exchanges that operate in other jurisdictions are progressively excluded from EU flows — limiting the benefit of regulatory arbitrage as EU-based users represent the most influential retail market globally.
Related Terms
Sources
Zetzsche, D.A., Buckley, R.P., Arner, D.W., & Föhr, L. (2019). The ICO Gold Rush: It’s a Scam, It’s a Bubble, It’s a Super Challenge for Regulators. Harvard International Law Journal, 60(2), 267-308.
Financial Action Task Force (FATF). (2021). Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. FATF, October 2021.
European Securities and Markets Authority (ESMA). (2023). Markets in Crypto-Assets Regulation (MiCA): Technical Standards and Implementation Framework. ESMA70-1861941480-52, published December 2023.
Monetary Authority of Singapore. (2022). Response to Consultation on the Payment Services (Amendment) Act. MAS Consultation Paper P006-2021, February 2022.
Chainalysis Government Solutions. (2023). The State of Crypto Regulation: Global Regulatory Trends and Compliance Challenges. Chainalysis Annual Crypto Crime Report, Supplementary Regulatory Chapter, 2023.