EXECUTIVE SUMMARY

• Despite varying levels of stability and market interest over the past decade-plus, crypto appears to be garnering intensified attention from both investors and regulators alike. What once may have been viewed in the past as a fad or flash-in-the-pan, the place of crypto as both a currency and investment seems here to stay.

• Although much has been written by regulators and industry participants alike over the past decade about the particular risks associated with investing in crypto, this body of literature predominantly consists of investor alerts and bulletins; seldom has such literature provided meaningful guidance to investment managers themselves on what aspects of their Compliance and risk programs could potentially be implicated and which may warrant adjustment. Additionally, Compliance and risk professionals appear to lack a consistent, baseline understanding of what crypto fundamentally is and its use as an investment instrument.

• Moreover, notwithstanding recent initiatives by the SEC and other regulators to develop more formal regulatory frameworks and standards for the entire crypto ecosystem (from transactions to investing), the risks associated with investing in crypto still require ongoing evaluation and mitigation to ensure the investing public is not harmed.

• Fortunately, although crypto may present certain nuances as it relates to customary Compliance risk topics, the key categories and corresponding considerations largely remain the same. As investment managers await regulatory clarity, Compliance and risk professionals should be evaluating the impact of their firms’ use of crypto across the following key and well-established categories: exchange selection, suitability, AML/KYC, privacy, cybersecurity, business continuity, liquidity, volatility, derivatives & futures, valuation, best execution, and disclosures, among others.

• Even as the regulatory landscape surrounding crypto – and the crypto ecosystem itself – evolves, attention to crypto’s impact on these categories can allow investment managers to design and implement measures to mitigate the types of nuanced risks crypto can present.

INTRODUCTION

At the end of last year, I wrote a Headspace piece that focused on broad Compliance and regulatory topics for investment managers to be mindful of for 2025. Crypto was a sub-part of that piece. For those who need a refresher or those who simply haven’t read the December issue, I noted that one study early in 2024 indicated that of 1,000 retail investors surveyed, 64% already were invested in digital assets or related products, with another 69% planning to increase such investments in the next two to three years. Then, in early December, the price of Bitcoin hit $100,000 for the first time, and President-Elect Trump vowed to ease the regulatory burden on crypto, with his initial steps toward this being his choice of Paul Atkins as the next SEC chair – a crypto company adviser and “consigliere.”

Since the December edition of Headspace, industry and regulatory attention to crypto has further intensified. In January this year, Acting SEC Chairman Mark Uyeda launched an SEC crypto task force dedicated to developing a comprehensive and clear regulatory framework for crypto assets. In February, the task force’s head, SEC Commissioner Hester Peirce, laid out the task force’s top priorities. Earlier this month, the task force held its first public meeting, and just last week, the task force announced it will be holding for more open roundtables from April through June (with topics selected for each).

Notwithstanding a demonstrable investor interest in crypto, as well as a Trump administration that is moving with (or at least attempting to move with) alacrity on all parts of its overall agenda, there seems to be varying levels of understanding amongst Compliance and risk professionals regarding the key issues cryptocurrencies present for investment managers. The most impactful personal example of this is when recently talking about our industry and crypto with a dear friend of mine, who is an accomplished attorney (whose name and whose federal agency he works for shall remain nameless), my friend at one point half-jokingly yet half-seriously asked, “What the hell is crypto anyway?”

Fortunately, well over a decade’s worth of material has been written on crypto by regulators, law firms, and industry participants alike. In many respects, Compliance and risk practitioners are well-positioned to help their investment management firms navigate the risks and complexities associated with crypto products in a way that can provide meaningful protection to clients and prospective investors, even amid what is still evolving and yet-to-be-issued regulatory guidance or frameworks from the SEC and other key regulators. Drawing upon these insights and adding to them, this month’s issue of Headspace is intended to highlight key categorical points regarding crypto so that investment management Compliance and risk professionals can better advise their own firms and become more meaningfully and actively engaged in any discussions pertaining to an investment manager’s use or recommendations of such products. To that end, this essay will cover the following:

• A primer on the primary forms cryptocurrencies takes and investing modalities;

• The primary Compliance risk considerations associated with crypto investing; and

• Potential strategies that investment managers may consider employing to mitigate these risks.

As I think you will see, notwithstanding some of the still-new linguistic and operational nuances (and even opacity) associated with crypto, it is an ocean that can be navigated using many of the same principles and modes of thinking that have guided Compliance and risk practitioners through other forms of industry evolution in the past.

“WHAT IS CRYPTO?”

In answer to my good friend’s question, cryptocurrency, fundamentally, is just that – a currency. As a result, many of the ways we think about fiat currencies and their use by investment managers are relevant to our understanding of crypto as well. However, there are certain operational and infrastructural nuances attendant to this technological currency that are different from fiat currencies. These nuances form the basis of corresponding Compliance and risk considerations.

Origins & Uses

Just like all currencies dating back to their first use in 7th century BC in what is now central Turkey, crypto is a human-devised construct. According to the American Numismatic Association, gold and silver began to be traded in the form of metal bars or bits of wire around 4500 years ago in Mesopotamia and Egypt. The next significant step occurred when small, round lumps of electrum (a naturally occurring alloy of gold and silver) began to be issued to a standard set of weights and marked by the issuer. These became the first coins. Paper currency was the next major step in the evolution of currency, appearing during the 8th century in China. In many respects, crypto can be viewed as simply the next transformational step in the arc of currency’s journey over mankind’s history.

Bitcoin, as most if not everyone is aware, is the first cryptocurrency. Established in 2009, it was purportedly created as a way to allow parties to conduct transactions outside of traditional banking systems (otherwise known as “decentralized finance” or “DeFi”). In a Bitcoin transaction (and other cryptocurrency transactions), parties can pay one another out of what are known as “digital wallets.” Digital wallets serve as electronic, individualized custody mechanisms for Bitcoin and other forms of crypto. At a basic level, a digital wallet can be viewed as one’s very own crypto bank account, but which is simply held by you, not a bank or other financial services firm. One of the main stated and intended benefits of these types of transactions, (according to the paper accompanying Bitcoin’s launch, written by its pseudonymous founder, Satoshi Nakatomo) is that, as opposed to paying for goods and services via ways such as credit card, ACH, wire transfers, or what have you, there is no intermediary such as a bank shepherding the currency between the parties to the transaction. This removal of an interpositioned third-party is designed to result in the elimination/reduction of the often-hidden transaction costs that are embedded within the types of transactions we’ve all grown accustomed to over the course of our lives. Additionally, all cryptocurrency transactions are captured on a public ledger. While the identities of and other sensitive information attached to the parties to such transactions are shielded (or intended to be), the amounts desired to be transacted can be verified pre and post-transaction. As a result, parties are able to verify before engaging in a transaction that the other parties do, in fact, have the funds (i.e. crypto) to pay.

Perhaps most notably, the public nature of the ledger allows for computers – substantial computers and systems – to audit the ledger to ensure that all transactions are happening as intended/directed. This process is known as “mining.” Mining is complex, given the levels of encryption tied to the transactions that facilitate their public nature but also preserve requisite levels of privacy. For those who may have heard that crypto such as Bitcoin is created when people solve complicated math problems, this ultimately refers to the concept of mining. Mining, however, requires highly powered computers to conduct the mathematically-based transaction validation (mining requires so much energy there are corresponding environmental impacts associated with crypto, which is another topic you may have heard discussed at various points. To incentivize parties to mine crypto, “miners” receive crypto as payment for when they successfully “solve” one of these “math problems” (i.e. complete a validation/audit of a crypto transaction). And this is how new crypto is created for circulation (i.e. how crypto is “minted”). From there, crypto miners may hold onto their crypto; sell it to other parties in exchange for other goods, services; or, most relevant for this essay, exchange it for fiat currencies. These fiat currencies’ value relative to the value of the cryptocurrency may fluctuate – the way, for example, the value of the US dollar may fluctuate relative to the Swiss franc.

Varieties

Although Bitcoin is perhaps the most well-known and market-dominant cryptocurrency (along with others like Ethereum and Dogecoin), it is estimated that over 25,000 different forms of crypto exist at present. Although these cryptocurrencies largely follow the same fundamental structure in terms of use of digital wallets, mining, and minting, each one may have subtle yet important differences relative to the other. For instance, while the total number of Bitcoins (each individual “coin” called a “satoshi”) that may ever be created/minted is capped at 21 million under the terms of Bitcoin’s foundational algorithm/code, units of Ethereum are uncapped, though they still can only be generated via mining. Dogecoin units, by comparison, also do not have a minting cap, and while they are also minted via mining, Dogecoin unit minting is limited to 5 billion units per year. These caps can drive trading activity and pricing. These caps can also change (just as, again, a traditional fiat currency’s can). For example, recent debate has been sparked about Ethereum when its founder initiated dialogue around whether, like Bitcoin, Ethereum should have cap, limit, or pacing protocols. And of course, the market capitalization of each form of crypto (i.e. what the fiat currency value for all outstanding units of a given cryptocurrency is) can vary widely (with Bitcoin’s market cap being valued at approximately $1.63 trillion, Ethereum at $218.76 billion, and Dogecoin at $24.79 billion).

Market Infrastructure & Investing Modalities

Similar to what you might find with the NYSE, NASDAQ, CBOE, or any number of other more traditional exchanges, crypto has its exchanges as well. These exchanges allow individuals and organizations to buy crypto (via an exchange of fiat currency) rather than having to come into possession of it by the arduous and costly process of “mining.” These crypto exchanges – Coinbase, Kraken, Gemini (and FTX, prior to its demise), to name a few – have their own listing requirements that a particular cryptocurrency must satisfy before it may be traded on the exchange. Thus, if an investor wishes to purchase a particular cryptocurrency, they must have their own digital wallet, find the exchange(s) where the crypto they want to purchase is traded, and exchange their fiat currency for the corresponding number of units of crypto. Because a single unit of crypto can be expensive/the exchange rate can be high (the value of one Bitcoin “satoshi” is approximately $84,000), purchasers of cryptocurrencies most often buy fractional units. Investors may also use a broker to purchase or sell crypto. Additionally, any given cryptocurrency has the potential to be traded on multiple crypto exchanges, meaning different pricing and execution costs can arise depending on which venue is used to conduct a trade/exchange.

Directly holding crypto in a digital wallet is one way an investor – be it a retail or institutional investor – can invest in crypto. In such instances, the investor serves as their own custodian for the asset, rather than a third-party bank or other custody institution. The other way to invest in crypto is indirectly through the form of other investment products that in turn invest directly in/directly hold crypto. For instance, holding shares of an exchange-traded product (ETP) or private fund whose portfolio consists of, to one degree or another, holdings in crypto. In this latter construct, it is the investment manager for the product that would engage in buying and selling of cryptocurrencies on one more crypto exchanges – the investor in the investment product does not have to go through the trouble of establishing and maintaining a digital wallet or establishing accounts on crypto exchanges, etc.

PRIMARY RISK CONSIDERATIONS & POTENTIAL MITIGATION STRATEGIES

As one might imagine, although crypto and fiat currencies share many characteristics in terms of their history, purpose, and use, crypto’s distinct operational and market structures present a new twist on an old plot, as it were. This swirl includes, among others, considerations such as AML/KYC, suitability, privacy, counterparty risk, valuation, liquidity, principal trading, best execution, volatility, cybersecurity, among others

At a categorical level, the types of risks crypto presents are not new. However, the specific complexion of those risks in the context of crypto warrants attention. Over the past decade plus, the SEC, FINRA, CFTC, and CFPB have all weighed in on the types of risks crypto presents. Even these various investor bulletins and risk alerts, however, are more aimed at the investing public, rather than issued as guidance to investment managers for their own Compliance programs. In the absence of clear and consistent regulatory frameworks and standards governing the myriad dimensions of the crypto ecosystem, Compliance and risk professionals’ understanding the “crypto version” of the more tried-and-true risk can help offset what continues to be regulatory uncertainty.

The first table addresses what the “crypto version” of each classic Compliance risk category for investment managers is. The second table addresses potential mitigation strategies.

TABLE 1: KEY CRYPTO RISK CONSIDERATIONS FOR INVESTMENT MANAGERS

TABLE 2: POTENTIAL CRYPTO RISK MITIGATION STRATEGIES FOR INVESTMENT MANAGERS

PARTING THOUGHTS

As noted in this essay’ title, the intent of this month’s Headspace has been foundational and basic in nature. Without question, the way crypto is traded and its uses can involve other wrinkles and deeper pockets of inquiry than this essay has addressed. Additionally, topics such as the jurisdictional scope different regulators have relating to crypto regulation (e.g. the SEC’s purview compared to that of the CFTC, CFPD, NFA, or FINRA) could be full essays in their own right, and additional clarity and guidance may well emerge from these regulatory bodies given the Trump administration’s focus on cultivating a strong and thriving crypto ecosystem in the U.S. In the interim, risks continue to exist, and for those of us who have somewhat lightly kept tabs on crypto’s impact to our industry, this essay hopefully provides a general framework of the key issues and topics Compliance and risk professionals should be contemplating. As so often is the case, when equipped with basic information about a new product or anything new relative to our industry, Compliance and risk professionals can make considerable inroads when making corresponding adjustments and augmentations to Compliance and risk programs to account for these types of evolutions. The place crypto has in our world and industry will undoubtedly continue to evolve; in the meantime, Compliance and risk professionals can be positioned to let that future emerge however it will and offer reasonable risk mitigation strategies along the way.

Thanks for reading . . .

BIBLIOGRAPHY

“Bitcoin Basics.” https://www.finra.org/investors/insights/bitcoin-basics. June 26, 2023.

“CFTC Announces Crypto CEO Forum to Launch Digital Asset Markets Pilot.” https://www.cftc.gov/PressRoom/PressReleases/9049-25. February 7, 2025.

“Consumer Advisory: Risks to Consumers Posed by Virtual Currencies.” https://files.consumerfinance.gov/f/201408_cfpb_consumer-advisory_virtual-currencies.pdf. August 2014.

“Crypto Assets.” https://www.finra.org/investors/investing/investment-products/crypto-assets

“Customer Advisory: Understand the Risks of Virtual Currency Trading.” https://www.cftc.gov/sites/default/files/idc/groups/public/@customerprotection/documents/file/customeradvisory_urvct121517.pdf

Crenshaw, Caroline A. “Crypto 2.0: Regulatory Whiplash.” https://www.sec.gov/newsroom/speeches-statements/crenshaw-remarks-crypto-2-0-regulatory-whiplash-022725. February 27, 2025.

“The Division of Examinations Continued Focus on Digital Asset Securities.” https://www.sec.gov/files/digital-assets-risk-alert.pdf. February 26, 2021.

Fischler, Jacob. “Trump, Who Has His Own Meme Coin, Promotes Crypto at Industry Conference.” https://alabamareflector.com/2025/03/20/repub/trump-who-has-his-own-meme-coin-promotes-crypto-at-industry-conference/. March 20, 2025.

https://bitcoin.org/en/vocabulary.

https://www.kraken.com/listings.

“The History of Money.” https://www.money.org/money-museum/history-of-money/.

“How Many Cryptocurrencies Are There in 2025?” https://tangem.com/en/blog/post/how-many-cryptocurrencies-exist/. March 4, 2025.

“Investor Alert: Bitcoin and Other Virtual Currency-Related Investments.” https://www.investor.gov/introduction-investing/general-resources/news-alerts/alerts-bulletins/investor-alerts/investor-39. May 7, 2014.

Lang, Hannah. “US SEC Holds Crypto Task Force Roundtable as Trump Plans Regulatory Revamp” https://www.reuters.com/world/us/us-sec-holds-crypto-task-force-roundtable-trump-plans-regulatory-revamp-2025-03-21/. March 24, 2025.

Morris, Joe. “SEC’s Crypto Road Map: ‘First In the Door May Not Mean First Out.’” Ignites. February 5, 2025.

Munk, Cheryl Winokur. “Six Ways to Lose All Your Crypto.” The Wall Street Journal. March 19, 2025.

Nakatomo, Satoshi. “Bitcoin: A Peer-to-Peer Electronic Cash System.” https://bitcoin.org/bitcoin.pdf.

Nijkerk, Margaux. “Ethereum Foundation Researchers’ Proposal to Slow ETH Issuance Draws Pushback.” https://www.coindesk.com/tech/2024/04/05/ethereum-foundation-researchers-proposal-to-slow-eth-issuance-draws-pushback. April 7, 2024.

Royal, James. “Bitcoin vs. Ethereum vs. Dogecoin: Top Cryptocurrencies Compared.” https://www.bankrate.com/investing/bitcoin-vs-dogecoin-vs-ethereum-crypto-comparison/. April 18, 2024.

“SEC Crypto Task Force to Host Four More Roundtables.” https://www.sec.gov/newsroom/press-releases/2025-57. March 25, 2025.

Zhang, Xingjian. “The Valuation and Investment Risk of Cryptocurrency: Evidence form Bitcoin and Ethereum.” BCP Business & Management. https://www.researchgate.net/publication/370579860_The_Valuation_and_Investment_Risk_of_Cryptocurrency_Evidence_from_Bitcoin_and_Ethereum. 2023.