Regulatory and compliance + digital assets:

Building trust in a digital, data-driven world

Digital asset market participants face a complex set of existing and emerging rules—and all roads are leading toward additional and enhanced risk management expectations for firms. Our multidisciplinary community of solvers—comprising industry professionals, former regulators and technical specialists—can help you navigate the complexity with an enterprise risk framework and strategy that can enable you to stay ahead of the regulatory curve.

Strategic considerations

Globally, regulators are refining regulatory compliance expectations and firms transacting in digital assets should expect to receive additional oversight and supervisory expectations.

Questions business leaders are asking

What licenses, registrations, or approvals do new products require?

It really depends on the type of activity and/or product you are considering offering, and where you intend to offer it (i.e., globally? in the US? in which states?). It also depends on your regulatory status and what licenses or charters you hold, or don’t hold.

What are the regulatory requirements to safely keep, buy, sell, trade or lend, a digital asset, including non-fungible tokens (NFTs)?

This depends on the type of service you intend to offer, and whether your target market will require a qualified custodian under the Investment Company Act of 1940 (the “40 Act”). States and the federal regulators offer different types of custody charters and the unique needs of the business offering should drive the custody charter chosen. If you are seeking to service retail customers, you may be able to provide safekeeping services through state money service business licenses, depending on the jurisdictions in which you seek to operate. A full assessment of strategic goals and offerings should be reviewed relative to the chartering options.

What regulatory compliance and risk management diligence has been performed with respect to potential digital asset strategy deployment (i.e., tax, financial reporting, industry specific regulation, securities laws, etc.)?

Financial, commercial and regulatory due diligence should be conducted on digital asset strategies. Senior management and the Board should be acutely involved and be prepared to demonstrate this extensive involvement for the regulators. Generally, new products committee charters exist for this purpose, and their procedures should be followed closely.

Digital asset regulatory and compliance services

  • AML and sanctions advisory and independent testing
  • Capital planning
  • Crisis continuum management
  • Cybersecurity reviews
  • Due diligence
  • Enterprise risk management/controls development and testing
  • Exam preparation, response and remediation
  • KYC for custodial services
  • Line of defense readiness
  • Management and board reporting
  • Operational resiliency
  • Regulatory licensing and approval
  • Regulatory reporting, compliance strategy and framework
  • Technology risk management assessments
  • Third party and vendor risk management

The evolution of the market and its continued maturation require robust regulatory compliance and enterprise risk management programs. We anticipate that this enhanced focus will lead traditional financial institutions to expand their digital asset offerings and are positioned to assist with the proper level of due diligence and industry insights to promote the successful integration of these products and activities. PwC has extensive experience in building out suitable risk management and compliance programs and can bring industry-leading practices to firms that seek sustainable business development and growth.

Digital assets are changing the game

Take your digital assets vision from plan to reality.

Learn more

Contact us

Chad Gerhardstein

Principal, Risk and Regulatory, PwC US

Robert Donovan

Managing Director, PwC US

Mike Scarpa

Managing Director, Cyber, Risk, Regulatory and Financial Crimes, PwC US

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.