Two major U.S. legislative initiatives — the enacted GENIUS Act and the pending CLARITY Act — together with the SEC/CFTC’s March 17, 2026 interpretive release, are moving digital assets out of a largely unsettled regulatory zone and into more defined compliance categories.
For firms, that means digital assets can no longer sit outside employee personal trading, code of ethics, market conduct, and insider risk frameworks. The core compliance question is becoming less “Do we cover crypto?” and more “Which digital assets, transactions, employees, and information flows must be covered, and under which rules?”
The GENIUS Act (Public Law 119-27) is the first U.S. federal law governing payment stablecoins, enacted July 18, 2025.
The CLARITY Act (pending Senate action) defines the SEC's and the CFTC's jurisdiction over digital assets and introduces formal market-structure rules.
On March 17, 2026, the SEC and CFTC jointly issued Interpretive Release No. 33-11412, establishing a five-category digital asset taxonomy and identifying 16 current examples of “digital commodities” that the agencies view as not themselves securities under the framework.
Digital asset classification directly impacts compliance obligations, including employee trading, MNPI, and insider risk controls.
Firms must extend codes of ethics, surveillance, and insider frameworks to include wallets, blockchains, and token-based activity.
The Guiding and Establishing National Innovation for U.S. Stablecoins Act (“GENIUS Act”) is a federal law (Public Law 11927, enacted July 18, 2025) that creates a full U.S. regulatory framework for payment stablecoins. The Genius Act establishes a licensing regime for permitted payment stablecoin issuers (PPSIs), supervised by banking regulators.
The Act establishes the first comprehensive U.S. regulatory framework for payment stablecoins, defining them as digital assets redeemable at a fixed value and backed 1:1 by high-quality liquid reserves. Only permitted issuers—such as subsidiaries of insured depository institutions, OCC approved nonbank issuers, or state-qualified issuers—may issue stablecoins for U.S. users. The law requires monthly reserve disclosures, clear redemption policies, and full compliance with the Bank Secrecy Act, placing stablecoins firmly inside the federal supervisory perimeter.
U.S. adoption of the GENIUS Act signals rapid stabilization and mainstreaming of digital-asset regulation. The GENIUS Act effectively accelerates the need for trade surveillance and oversight that covers stablecoins and other digital asset activity.
Firms that modernize monitoring now to include stablecoins and other digital assets will be better positioned to manage risk, detect prohibited activity, and meet rising regulatory expectations as the market continues to formalize.
The Digital Asset Market Clarity Act of 2025 (“CLARITY Act”) is designed to resolve one of the most persistent challenges in U.S. crypto policy: determining when a digital asset should be treated as a security versus a digital commodity.
The bill creates a statutory market structure framework that assigns primary oversight of spot market digital commodities to the CFTC, while maintaining the SEC’s authority where securities laws still apply. It also introduces registration, market surveillance, recordkeeping, and BSA/AML expectations for digital asset intermediaries—bringing them closer to the standards long applied in traditional markets.
The Act has passed the House with a broad bipartisan margin and sits with the Senate Banking Committee for further action.
Tokens classified as digital commodities trigger obligations under the Commodity Exchange Act. Existing FCM, CPO, and CTA conduct rules — position limits, trade practice standards, and internal conflicts controls — extend to digital commodity activity.
Digital assets retaining SEC classification remain subject to Rule 204A-1 codes of ethics, pre-clearance, restricted lists, and Section 16 beneficial ownership reporting under the Securities Exchange Act.
Under U.S. securities law, “security” includes traditional instruments such as stocks, bonds, and notes, as well as “investment contracts.” Under the Howey test, an investment contract generally involves an investment of money in a common enterprise with an expectation of profits derived from the efforts of others.
Developed in conjunction with the CFTC and released on March 17, 2026, SEC Interpretive Release No. 33-11412, Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets, provides a framework for the application of federal securities laws to digital assets and related transactions, using the Howey Test as a benchmark.
Digital Commodities — Crypto assets whose value comes from how a functional blockchain network actually works, not from anyone's managerial promises, are not securities. The report cited 16 examples: Aptos (APT); Avalanche (AVAX); Bitcoin (BTC); Bitcoin Cash (BCH); Cardano (ADA); Chainlink (LINK); Dogecoin (DOGE); Ether (ETH); Hedera (HBAR); Litecoin (LTC); Polkadot (DOT); Shiba Inu (SHIB); Solana (SOL); Stellar (XLM); Tezos (XTZ); and XRP (XRP).
Digital Collectibles — NFTs, artwork tokens, meme coins, in-game items, fan tokens, etc. may fall under Digital Collectibles. Their value is cultural, artistic, or social, and driven by supply and demand, not by a developer's management. Meme coins are included here. One exception: fractionalized interests in a single collectible could be a security.
Digital Tools — Tokens with a practical function, such as memberships, credentials, tickets, domain names (like Ethereum Name Service), or event passes, are not securities. Digital tools are purchased for what they do, not as an investment.
Stablecoins — The GENIUS Act already excludes "payment stablecoins" issued by licensed institutions from the definition of a security. For other stablecoins, the SEC release notes that “Covered Stablecoins, fiat-backed and fully-redeemable”, are generally not securities either. Algorithmic or yield-bearing stablecoins may still be, however.
Digital Securities — Traditional securities that happen to be tokenized on a blockchain, including tokenized stocks, bonds and funds are securities. A security is a security regardless of format.
The SEC notes that the interpretation may evolve based on public feedback and does not replace existing legal precedent but instead signals a shift toward a more structured and transparent regulatory approach to digital assets.
The MNPI obligations that apply derive from existing law — Section 10(b) and Rule 10b-5 of the Securities Exchange Act for investment contract assets, and banking conduct standards for payment stablecoins.
What’s different is the type of information that triggers those existing obligations. Stablecoin reserve events, token listing and delisting decisions at Digital Commodity Exchanges, material protocol changes, significant partnership announcements, and platform security incidents are examples of information that could be material and non-public under applicable standards and must be treated accordingly within existing compliance frameworks.
Both Acts bring new employee groups into the scope of the existing frameworks as well: for example, token issuance teams, listing and due diligence committees at Digital Commodity Exchanges, treasury and tokenization staff, platform technology and security personnel, and legal and product teams with knowledge of pending decisions affecting specific tokens. Firms must map these groups against their existing insider identification methodology and extend insider lists, restricted lists, and blackout periods accordingly.
MCO’s integrated platform extends existing employee compliance and insider risk controls to digital assets — on the same system already managing traditional securities obligations:
Digital Asset Personal Trading delivers an automated and comprehensive view of personal cryptocurrency and digital asset trading activity, featuring automated wallet discovery, on-chain activity capture and multi-chain aggregation.
Insider Information and MNPI Management enables firms to track the flow of insider information and monitor access to sensitive data across trading, investment deals, and business opportunities in both traditional and digital asset markets.
Ready to learn more? Request a demo today to see how MCO can help your firm stay ahead of crypto and digital asset compliance obligations.
This post was written by John Kearney, Head of Product for Employee Conflicts of Interest at MCO.
Technology Gives Firms a Better Handle on Managing Digital Asset Risk
Unpacking Hong Kong’s Virtual Asset Licensing Regime in 2026