Navigating crypto compliance: A guide for onchain organizations

Crypto is no longer a niche element within modern finance — it's redefining how organizations store, manage, and send currencies across the globe. However, as the space continues to gain momentum, seeing adoption from even the most risk-averse institutions, the most pressing question for organizations remains: how do we ensure compliance?

Like the space itself, crypto regulation is still relatively new, having established its footing in 2013. Fast forward to today, among tremendous user growth and transaction volume, regulators have been on a tear, introducing several regulatory keystones (including MiCA and the GENIUS Act) within the past 5 years alone. Whether you're a new entrant to the space or a seasoned onchain organization, ensuring compliance is no longer a luxury; it's a necessity.

To make your compliance journey that much easier, we sat down with Jake Chervinsky, Chief Legal Officer at leading crypto venture firm Variant, to discuss how organizations can successfully navigate the world of web3 regulation. In this guide, Jake shares where crypto compliance stands today, what frameworks founders need to be aware of, and the steps your organization can take to prepare for future policy enforcement.

A veteran in crypto compliance, Jake began his legal career with Baker McKenzie LLP, where he focused on anti-corruption and anti-money laundering compliance and investigations. Outside of his role at Variant, Jake serves as a board member and the former Chief Policy Officer of the Blockchain Association, the leading advocacy group for the crypto industry in Washington, D.C.

‍The current state of crypto compliance

In the US, the 2025 regulatory landscape has become significantly more dovish than it was just a year ago. From executive orders supporting crypto growth to the repeal of stringent DeFi reporting rules, the current administration has embraced the space with open arms. Despite these wins, Jake emphasizes that organizations stay proactive on compliance, as there could be hurdles ahead once a new administration takes charge.

‍“Folks can be reasonably sure that, provided they’re exercising best efforts to comply with laws and regulations, they’re unlikely to be targeted for enforcement. But there’s always a long-term risk that a new administration takes a different perspective and then comes after you retroactively.” — Jake Chervinsky, Chief Legal Officer at Variant

On the topic of stablecoins, which are a key focal point within the crypto space, Jake shares that current regulation is lax, but there's rapidly moving legislation passing through Congress. Most notably, the GENIUS Act promises to provide a unified legal framework for dollar-backed stablecoins, while introducing more stringent backing and audit requirements.

Jake expects the promised clarity from the GENIUS Act to drive increased adoption in stablecoin payments, with even traditional institutions eager to bring these experiences to consumers.

"The GENIUS Act is poised to unlock a huge amount of activity in stablecoins and also in payments. Traditional financial institutions are very risk-averse, and clear compliance frameworks will help them feel more comfortable getting involved."

The core pillars of crypto compliance

When asked about the core pillars of crypto compliance, Jake explained there are three regulatory frameworks every organization needs to account for: securities laws, Anti-Money Laundering (AML) regulations, and consumer protection standards.

“Securities laws are most likely to apply to what many organizations in the industry are doing, but you also have to be thinking about AML, which carries criminal penalties, and consumer protection, where users or a state attorney general can come after you if your product isn’t crystal clear.”

Securities laws

Securities laws determine whether a crypto asset can be regulated as a security using the longstanding Howey Test. This test examines whether there is an investment of money, an expectation of profit, a common enterprise, and reliance on the efforts of others. If a crypto asset meets these criteria — particularly if buyers expect profits based on the work of a centralized team or promoter — it is likely to be classified as a security.

"The Securities and Exchange Commission (SEC) historically has been the most active regulator in this space," Jake shared. "Ensuring your assets cannot be treated as securities and transactions in those assets can't be considered securities transactions is very important."

To navigate this framework, Jake recommends that organizations proactively design their tokens and distribution models to avoid being classified as securities. This often means ensuring tokens provide functional utility, are not marketed with promises of profit, and that the project is sufficiently decentralized to avoid the appearance of centralized managerial control.

He notes that the SEC’s 2025 guidance further emphasizes that tokens with ongoing centralized influence, profit-sharing mechanisms, or limited utility at launch are particularly likely to be deemed securities, underscoring the importance of careful legal and structural planning for any project.

Anti-money laundering laws

Anti-Money Laundering (AML) laws are a set of measures designed to prevent and detect money laundering and terrorist financing. They apply to all cryptocurrency exchanges and institutions handling digital assets.

Jake explains that organizations offering custodial services will need to register with the Financial Crimes Enforcement Network (FinCEN) and implement comprehensive AML and Countering the Financing of Terrorism (CFT) programs to stay compliant. It's essential to do this pre-emptively, as AML noncompliance can lead to criminal penalties, not just fines.

"If you're unsure whether you could be considered a custodian, ask yourself: Can I move user funds without their permission? If the answer is yes, you’re likely custodial and must comply fully with AML laws."

For new entrants into the crypto space, Jake recommends they take the following steps:

• Avoid custodial designs where possible.
• Conduct thorough customer verification (KYC)
• Monitor and report suspicious transactions
• Hire legal counsel early to clarify your custodial status

Consumer protection laws

Consumer protection laws are designed to shield users from fraud, scams, and market manipulation in the digital asset space. Jake emphasizes that consumer protection laws are mostly handled at the state level and encompass unfair and deceptive trade practices.

"When it comes to consumer protection laws, you have to be totally honest and accurate about what you're doing. This is something a lot of organizations trip over, because crypto is very confusing. They aren't complete in explaining what product and service they're offering, so that people know what risk they're taking."

Jake explains that noncompliance with these laws often leads to litigation from a state attorney general or from users seeking compensation after losing money. Because money trades hands every second in the crypto space, the likelihood of litigation is always present.

To help your organization navigate consumer protection laws, Jake recommends:

• Providing clear, honest disclosures about your platform
• Using straightforward, accurate language in user interfaces
• Fostering an internal culture of transparency

Best practices for ensuring crypto compliance

Compliance isn’t just about avoiding penalties; it means building internal systems that spot risks before they become liabilities. “Every company should be training employees to spot red flags and have an internal process to elevate those issues to the right person,” Jake advises.

While compliance requirements will vary depending on your organization and its services, there are several best practices Jake recommends to all onchain companies:

• Demonstrate commitment: Dedicate time and resources to staying informed on local and international crypto laws. Document your compliance efforts to show regulators and partners that you take these obligations seriously.
• Engage legal expertise: Bring experienced legal counsel on board early in your product development. Legal experts can help navigate complex federal, state, and international requirements, ensuring your business structure and operations align with current regulations.
• Implement internal policies: Develop comprehensive internal procedures for due diligence, employee training, and escalation of compliance issues. This includes robust AML/KYC programs, transaction monitoring, and clear escalation paths for suspicious activity.‍
• Utilize forensic tools: Partner with a blockchain analytics firm to monitor transactions and detect illicit activities in real-time. Leveraging advanced forensics tools helps identify suspicious behavior, meet ongoing reporting obligations, and demonstrate a commitment to preventing financial crime.

“It's always easier to address compliance sooner rather than later. Many companies want to launch products quickly into the market, and I fully support that approach. However, you must balance the amount of compliance work you do upfront versus the risk you're willing to take on to solve problems down the road."

How Turnkey can support you on your compliance journey

The partners you choose, especially for crucial elements like custody, security, and key management, can either reinforce your compliance strategy or quietly undermine it.

“You want to work with people who are building technology that’s clearly secure, who are engaged in policy, and who take these risks seriously,” says Jake. “Of all the risks a business can take on, this is an existential one.”

That means looking beyond upfront features and asking harder questions: ‘Does this partner understand the regulatory landscape? Are they helping you stay non-custodial? Have they thought through edge cases that could trigger compliance issues down the line? That’s where Turnkey comes in. 

Built by the team behind Coinbase Custody — the world’s largest crypto custodian — Turnkey offers secure, non-custodial wallet infrastructure designed to keep you out of regulatory gray zones. With low-latency transaction signing, automated key management, and infrastructure that scales without adding custodial risk, Turnkey helps you build faster without cutting corners. 

Get started with Turnkey today

‍
^{The information provided in this article, including insights and commentary from Jake Chervinsky, Chief Legal Officer at Variant, is for general informational purposes only and does not constitute legal advice. Nothing in this article should be relied upon as a substitute for consultation with qualified legal counsel regarding your individual circumstances. The inclusion of Mr. Chervinsky’s perspectives does not create an attorney-client relationship between readers and Mr. Chervinsky, Variant, or the article’s publishers. Neither Mr. Chervinsky nor the publishers assume any liability for actions taken or not taken based on the content of this article}