Regulatory and compliance + digital assets:

Building trust in a digital, data-driven world

Digital asset market participants face a complex set of existing and emerging rules—and all roads are leading toward additional and enhanced risk management expectations for firms. Our multidisciplinary community of solvers—comprising industry professionals, former regulators and technical specialists—can help you navigate the complexity with an enterprise risk framework and strategy that can enable you to stay ahead of the regulatory curve.

Strategic considerations

Globally, regulators are refining regulatory compliance expectations and firms transacting in digital assets should expect to receive additional oversight and supervisory expectations.

Questions business leaders are asking

What licenses, registrations, or approvals do new products require?
What are the regulatory requirements to safely keep, buy, sell, trade or lend, a digital asset, including non-fungible tokens (NFTs)?
What regulatory compliance and risk management diligence has been performed with respect to potential digital asset strategy deployment (i.e., tax, financial reporting, industry specific regulation, securities laws, etc.)?

What licenses, registrations, or approvals do new products require?

It really depends on the type of activity and/or product you are considering offering, and where you intend to offer it (i.e., globally? in the US? in which states?). It also depends on your regulatory status and what licenses or charters you hold, or don’t hold.

What are the regulatory requirements to safely keep, buy, sell, trade or lend, a digital asset, including non-fungible tokens (NFTs)?

This depends on the type of service you intend to offer, and whether your target market will require a qualified custodian under the Investment Company Act of 1940 (the “40 Act”). States and the federal regulators offer different types of custody charters and the unique needs of the business offering should drive the custody charter chosen. If you are seeking to service retail customers, you may be able to provide safekeeping services through state money service business licenses, depending on the jurisdictions in which you seek to operate. A full assessment of strategic goals and offerings should be reviewed relative to the chartering options.

What regulatory compliance and risk management diligence has been performed with respect to potential digital asset strategy deployment (i.e., tax, financial reporting, industry specific regulation, securities laws, etc.)?

Financial, commercial and regulatory due diligence should be conducted on digital asset strategies. Senior management and the Board should be acutely involved and be prepared to demonstrate this extensive involvement for the regulators. Generally, new products committee charters exist for this purpose, and their procedures should be followed closely.

Digital asset regulatory and compliance services

AML and sanctions advisory and independent testing
Capital planning
Crisis continuum management
Cybersecurity reviews
Due diligence
Enterprise risk management/controls development and testing
Exam preparation, response and remediation
KYC for custodial services
Line of defense readiness
Management and board reporting
Operational resiliency
Regulatory licensing and approval
Regulatory reporting, compliance strategy and framework
Technology risk management assessments
Third party and vendor risk management

The evolution of the market and its continued maturation require robust regulatory compliance and enterprise risk management programs. We anticipate that this enhanced focus will lead traditional financial institutions to expand their digital asset offerings and are positioned to assist with the proper level of due diligence and industry insights to promote the successful integration of these products and activities. PwC has extensive experience in building out suitable risk management and compliance programs and can bring industry-leading practices to firms that seek sustainable business development and growth.

Digital assets are changing the game

Take your digital assets vision from plan to reality.

Learn more

Contact us

Chad Gerhardstein

Principal, Risk and Regulatory, PwC US

Robert Donovan

Managing Director, PwC US

Mike Scarpa

Managing Director, Cyber, Risk, Regulatory and Financial Crimes, PwC US

Required fields are marked with an asterisk(*)

First Name*

Last Name*

Company Name*

Job Title*

Job Function*

Email address*

Location*

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide

Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.