Frequently Asked Questions

Pre-filtered results by topic

Do I need to register with the CFTC, the SEC, or both?

It depends on the nature of your products and activities. If you’re dealing in derivatives, futures, swaps, or commodity interests, CFTC jurisdiction likely applies. If you’re offering securities, the SEC is the primary regulator. Many firms—especially those in digital assets—operate in a gray zone where both agencies have a plausible claim. A regulatory classification analysis is usually the critical first step before building your compliance infrastructure. The CFTC’s FBOT registration framework applies to both traditional and digital asset markets, providing regulatory clarity for non-U.S. trading platforms seeking to offer direct market access to U.S. participants.

For CFTC registration advisory purposes, it’s important to note the limitation on participation in different market types. Designated contract markets (DCMs) are generally open to a broad range of participants, while swap execution facilities (SEFs) are limited to members and other participants who meet specific eligibility criteria, such as eligible contract participants. This limitation means that only those who satisfy the regulatory requirements—whether as members or other participants—can access SEFs, whereas DCMs may have fewer restrictions on participant eligibility.

What is the difference between a DCM and a SEF, and which registration do I need?

A Designated Contract Market (DCM) is a fully regulated exchange that can list futures and options contracts for both retail and institutional participants. A Swap Execution Facility (SEF) is a trading platform specifically for swaps and is generally restricted to eligible contract participants (ECPs). If your platform will offer futures products to retail customers, you likely need DCM registration. If you're facilitating institutional swap execution, SEF is the relevant pathway.

How long does CFTC registration typically take, and what are the biggest bottlenecks?

Registration timelines vary significantly by entity type. A CTA or CPO registration can move in weeks; a DCM or SEF application is a multi-month — often multi-year — process involving prefiling meetings, formal application review, and CFTC staff comment periods. The biggest bottlenecks are typically incomplete rulebook submissions, inadequate systems and controls documentation, and underestimating the depth of the CFTC's technical review.

What triggers CPO or CTA registration requirements?

CPO registration is generally required when operating a pooled vehicle that trades commodity interests, including crypto derivatives. CTA registration applies when providing compensated advice on trading commodity interests. Certain exemptions may be available, such as the de minimis exemption for CPOs, but these require ongoing monitoring and adherence to specific conditions.

What is an Introducing Broker, and when do I need IB registration?

An Introducing Broker (IB) solicits or accepts orders for futures or commodity interest transactions but does not hold customer funds. If your business model involves referring customers to an FCM or facilitating order flow without carrying accounts yourself, IB registration is likely required. IBs can be either independent or guaranteed by a carrying FCM, each with different compliance obligations.

What's the difference between hiring a CFTC registration advisor versus just using a law firm for this?

A law firm handles the legal analysis and documentation—drafting rulebooks, reviewing disclosures, and providing legal opinions on registration obligations. A CFTC registration advisor brings operational and regulatory expertise: helping you build the compliance infrastructure, policies, and procedures that registration actually requires; translating legal requirements into practical controls your team can run; and preparing you for CFTC staff review. For straightforward registrations, a law firm may be sufficient. For DCM or SEF applications—or for firms that need a functioning compliance program, not just a submitted application—an advisor adds significant practical value that legal counsel alone typically does not provide.

We're a startup and can't yet fund full registration infrastructure. What's the minimum viable compliance posture while we assess our registration obligations?

The minimum viable posture is a defensible one. At Tölt Strategies, we help you to document your analysis of why you are or are not required to register, put basic AML/KYC procedures in place if you’re handling customer funds, and establish a process for monitoring regulatory developments that could change your status. You don’t need a full compliance program on day one, but you do need to be able to show that you’ve thought carefully about your obligations and are acting in good faith. An early-stage advisory engagement—even a focused initial session—can help you prioritize what actually needs to be in place now versus what can be phased in as you grow.

I'm launching a crypto trading platform—how do I know if I need CFTC registration, SEC registration, or both?

The answer depends on what your platform allows users to trade. If users can trade futures, swaps, or other derivatives on crypto assets, CFTC jurisdiction is almost certainly in play. If users can buy and sell tokens that function as investment contracts, the SEC may have a claim as well. Many crypto trading platforms sit squarely in the overlap. The right starting point is a regulatory classification analysis—a structured review of your products, user base, and business model against the jurisdictional tests both agencies apply. That analysis tells you which registrations are required, which are optional, and which you can defer.

My firm was told we might need to register as a CPO, but we're not sure. How do we assess whether CPO registration is actually required?

CPO registration is required when you operate or solicit for a pooled investment vehicle that trades commodity interests—which includes crypto derivatives. The key variables are whether your fund trades commodity interests at all, whether any applicable exemption (like the CFTC's 4.13(a)(3) de minimis exemption) applies, and whether you have the investor profile to qualify. An advisory engagement to assess CPO status typically involves a review of your fund documents, trading activity, investor base, and fee structure to reach a defensible determination—not just a best guess. If registration is required and you haven't done it, remediation sooner is always better than later.

We already have SEC registration. Does that cover us for derivatives activities, or do we need separate CFTC registration?

SEC and CFTC registrations are entirely separate regulatory regimes with no overlap. SEC registration as an investment adviser, broker-dealer, or registered fund does not provide any coverage for futures, swaps, or other derivatives activities under CFTC jurisdiction. If your firm trades commodity interests—even as a small part of a broader strategy—you need to assess your CFTC registration obligations independently. Many SEC-registered firms are surprised to discover that adding crypto derivatives to their strategy creates a standalone CFTC registration obligation they weren't previously aware of.

Is my cryptocurrency or token a commodity or a security?

This is one of the most consequential—and contested—questions in financial regulation today. The SEC applies the Howey test to determine whether a digital asset constitutes an investment contract (security). The CFTC asserts broad jurisdiction over crypto assets as commodities, particularly Bitcoin and Ether. Many tokens fall into a genuinely ambiguous middle ground. A formal classification analysis should examine the token's structure, distribution mechanics, secondary market activity, and the reasonable expectations of purchasers.

What compliance infrastructure do I need to operate a stablecoin or tokenized asset platform?

At a minimum, expect to need: an AML/KYC program compliant with FinCEN requirements, a clear legal analysis of whether your stablecoin constitutes a security or commodity, policies governing reserve management and attestation, customer disclosure frameworks, and—depending on your activities—potential state money transmission licenses. If your stablecoin is used in derivatives markets, CFTC considerations layer on top.

How does the regulatory framework apply to tokenized real-world assets (RWAs)?

Tokenized securities remain securities regardless of the technology used to represent them—meaning SEC registration and broker-dealer or investment adviser requirements may apply. Tokenized commodities may fall under CFTC oversight. The tokenization wrapper does not change the underlying regulatory classification. The analysis starts with what the underlying asset is and how the token functions economically.

What policies and procedures does a crypto-native firm actually need?

A well-designed compliance program should include an AML/BSA policy with transaction monitoring and SAR procedures, a token listing or asset classification policy, conflicts of interest and ethics policies, market surveillance procedures, cybersecurity and custody policies, trade reporting procedures, and a regulatory change management process. The specific requirements vary based on registration status, but building the framework proactively is far less costly than remediating gaps under regulatory scrutiny.

Our firm is expanding into stablecoins. How do we know whether we need a digital asset compliance advisor or a traditional financial regulatory attorney?

You likely need both—but for different things. A financial regulatory attorney handles the legal structure: whether your stablecoin is a security, what money transmission licenses you need, and how to document your reserve obligations. A digital asset compliance advisor helps you design the operational framework: the policies, procedures, controls, and monitoring systems that make the legal structure actually work day-to-day. Many stablecoin issuers engage legal counsel for legal opinions and an advisor for compliance infrastructure. The two roles are complementary—not interchangeable—firms that treat them as the same thing often end up with well-drafted documents and a compliance program that doesn't function in practice.

What are the warning signs that a crypto firm's existing compliance program is inadequate for its current activities?

The most common warning signs are: policies written for an earlier, simpler version of the business that haven't been updated as products or markets expanded; AML transaction monitoring that was never properly calibrated to the firm's actual activity; KYC procedures that aren't being followed consistently in practice; no documented process for handling regulatory inquiries; a compliance team that's reactive rather than proactive; and surveillance logic copied from a template rather than designed for the firm's specific markets. If any of these sound familiar, a targeted compliance review—not necessarily a full overhaul—is usually the right first step to identify the actual gaps and their relative urgency.

We're a Web3 startup with no compliance infrastructure at all. Where do we even start?

Start with a regulatory mapping exercise, which is a clear-eyed analysis of what your product does, who uses it, and which regulatory frameworks plausibly apply. That gives you a prioritized list of obligations rather than an overwhelming inventory of everything that might matter someday. From there, the typical build sequence is: establish a basic AML/KYC program if you're handling customer funds; document your token classification analysis; put a written compliance policy in place; and assign clear internal ownership of compliance responsibilities. You don't need to build everything at once—but you do need a sequenced plan, and you need someone who can tell you what is genuinely urgent versus what can wait.

We've been operating under an assumption that our token is not a security. What should we do to validate or challenge that assumption?

If you're operating under an assumption rather than a documented analysis, fixing that is the first priority. A proper token classification review examines the specific facts of your token—its structure, how it was sold, what buyers were told, how secondary markets have developed, and what ongoing obligations your team has to holders. The analysis should be documented, ideally with input from both legal counsel and a regulatory advisor who can assess the operational dimensions of the conclusion. If the review confirms the assumption, you have a defensible record. If it challenges it, you're far better positioned to remediate proactively than to wait for a regulatory inquiry.

We issue a token that functions as both a utility token and a potential investment. How do we know which compliance framework applies?

Tokens that blend utility and investment characteristics are among the most complex classification problems in crypto regulation today. The SEC's Howey test doesn't care what you call the token—it looks at whether purchasers are investing money in a common enterprise with an expectation of profits derived from the efforts of others. If your token is purchased primarily because buyers expect it to appreciate, and if that appreciation depends on your team's ongoing efforts, there's a reasonable argument it's a security regardless of any utility features. A proper classification analysis examines the token's economic reality—not its label—and factors in how it was marketed, who is buying it, and what they expect from it. That analysis should happen before you issue, not after.

Are prediction markets legal in the United States?

Prediction markets that involve commodity interests—including certain political or economic event contracts—fall under CFTC jurisdiction. The CFTC has historically taken the position that political event contracts may be contrary to the public interest under CEA Section 5c(c)(5)(C)(i). However, the regulatory landscape is actively evolving, and several platforms have pursued DCM registration or no-action relief. Whether a specific prediction market is permissible depends heavily on contract design and the events being traded.

What is an event contract under CFTC rules, and how does it affect my product design?

An event contract is a futures contract settled based on the outcome of a specific event—an election result, economic data release, or sports outcome. The CFTC has authority to prohibit or limit event contracts that involve gaming, unlawful activity, or are contrary to the public interest. Product design—including contract terms, settlement methodology, and eligible participants—directly affects whether a contract is likely to survive regulatory review.

What surveillance obligations apply to prediction market operators?

Registered exchanges operating prediction markets are subject to CFTC Core Principles requiring monitoring for manipulation, wash trading, and other market abuses. For novel markets where traditional surveillance benchmarks don't apply, firms need to design bespoke surveillance logic and document the rationale for their alert thresholds and methodologies. This is an area where regulatory expectations are still developing, and proactive engagement with CFTC staff is advisable.

I want to build a prediction market platform. How do I know whether I need a full DCM registration or whether a simpler path exists?

The registration path depends heavily on what you're allowing users to trade, who can participate, and how the contracts are structured. DCM registration is required for a fully public exchange offering futures-style contracts. If you're restricting participation to eligible contract participants (ECPs) and structuring products carefully, a SEF registration or another approach may be available. Some platforms have also pursued no-action relief or exemptions. The right path requires a product-level analysis—what you're building determines what you need. Engaging a prediction market compliance advisor before finalizing your product design is significantly less expensive than redesigning after you've already built.

What's the fastest way to assess whether my prediction market concept is legally viable before I invest in building it?

A regulatory pre-screening—a focused advisory engagement that stress-tests your concept against the CFTC's jurisdictional framework and its historical treatment of event contracts—is the fastest path to a clear answer. The key questions are: Does the CFTC have jurisdiction? Is the underlying event one the CFTC might consider contrary to the public interest? How would contracts need to be structured to survive regulatory review? Can the platform be built in a way that's actually registrable? A good advisor can turn those questions around in days to weeks rather than the months a full legal opinion might require. The goal is a go/no-go signal with a clear path forward, not a comprehensive legal brief.

How do we know if our existing prediction market compliance advisor has the right CFTC-specific expertise?

Prediction market compliance is a specialized area that sits at the intersection of derivatives regulation, event contract rules, and market surveillance obligations—none of which are standard territory for a general compliance consultant or most financial regulatory attorneys. The right advisor should have direct familiarity with CFTC Core Principles, the statutory framework for event contracts under CEA Section 5c, and the CFTC's actual enforcement and guidance history in this area. Ask specifically: Have they worked on DCM or SEF applications? Have they designed surveillance programs for novel contract types? Have they navigated the CFTC's no-action process? If the answers are vague, a second opinion is worth getting.

We're a sports data company considering adding wagering-style event contracts. What's the right first step to assess feasibility?

The right first step is a regulatory pre-screening that maps your proposed product against the CFTC's jurisdiction and its specific treatment of sports-related event contracts. Sports and gaming-related event contracts are an area the CFTC has historically viewed with caution under its public interest authority. However, the structure of the product—who can participate, how it settles, and what the underlying data looks like—can significantly affect the analysis. A pre-screening will tell you whether the concept is viable as designed, what structural changes would improve its chances of regulatory acceptance, and what the registration pathway looks like if you decide to proceed.

Our platform allows users to trade on political events. Is that automatically off-limits, or does it depend on how we structure it?

It's not automatically off-limits, but it requires careful analysis. The CFTC has authority to prohibit contracts it considers contrary to the public interest, and it has historically applied that authority to political event contracts. However, the regulatory landscape is actively evolving, and the legal question is more nuanced than a blanket prohibition. Contract design matters significantly—what the event is, how the outcome is defined, who can participate, and how the contract settles all affect the analysis. A platform that engaged a prediction market compliance advisor early in its product design, rather than after building, is in a far better position to navigate this question.

What are my obligations to monitor for market manipulation as a registered exchange or trading platform?

CFTC-registered DCMs and SEFs are required under the Core Principles to maintain robust real-time and post-trade surveillance programs. This includes monitoring for manipulation, corners, squeezes, wash trading, pre-arranged trading, and spoofing. The program must include written policies and procedures, qualified surveillance staff, and a process for escalating potential violations to the CFTC and, where applicable, to law enforcement.

How do I build a surveillance program for a market with no historical manipulation benchmarks?

We run a small exchange. How do we know if our current surveillance program meets CFTC expectations?

The CFTC doesn't publish a precise checklist, but its Core Principles and examination priorities give a clear signal of what's expected: real-time and post-trade monitoring for the manipulation patterns relevant to your specific markets, documented alert logic with defensible thresholds, qualified staff reviewing flags, and a clear escalation process for potential violations. The fastest way to assess your current program is an independent surveillance review—a structured evaluation of whether your program is reasonably designed for your markets and whether it's actually functioning as written. Many small exchanges have programs that look complete on paper but have calibration gaps or staffing limitations that would surface quickly under CFTC scrutiny.

What's the difference between a market surveillance vendor and a market surveillance advisor, and which do I need?

A surveillance vendor provides the technology—alert engines, data feeds, and pattern recognition systems. A surveillance advisor helps you determine what that technology needs to catch, how to configure it for your specific markets, how to document your methodology for regulators, and how to act on the alerts it generates. Most exchanges need both, but in a specific sequence: the advisor should help you define what your surveillance program needs to accomplish before you implement a vendor solution. Firms that buy vendor tools first and figure out the methodology later often end up with expensive systems generating alerts nobody knows how to evaluate—which creates its own regulatory exposure.

Our platform recently had suspicious trading activity flagged internally. How do we assess whether we have a regulatory exposure problem?

Suspicious activity that's been flagged internally but not yet escalated or reported is a time-sensitive situation. The first step is an honest assessment of whether the activity rises to the level of a suspicious activity report (SAR) or a CFTC referral obligation. That assessment requires someone with expertise in both the specific manipulation typology and the firm's reporting obligations. If the activity was real and reportable and wasn't escalated, that's a controls failure that needs to be documented and remediated—ideally before a regulator finds it. Engaging a market integrity advisor to walk through the facts and the obligations quickly is the right call.

How do we know if our current surveillance program is a compliance checkbox or actually functioning as designed?

The most reliable indicator is whether your program has ever actually caught anything—and if not, whether that's because there's nothing to catch or because the program isn't configured to find it. Other signals of a checkbox program: alert thresholds that have never been tuned since initial setup; a review queue that's always empty; surveillance reports that go to management without any findings, ever; and no documented record of how alerts were reviewed and closed. A surveillance program review—which tests the alert logic against historical data and evaluates the review process end to end—is the most direct way to answer this question with confidence.

We're building a new trading venue. At what point in the build process should we bring in a market integrity advisor?

Earlier than you think—ideally at the product design stage, before your contract specifications are finalized. Surveillance requirements aren't separate from product design; they're a function of it. The manipulation risks inherent in a contract, the alert logic needed to detect them, and the data infrastructure required to support surveillance all depend on how the product is structured. Firms that bring in a market integrity advisor after they've already built often face expensive retrofits. The earlier you start the surveillance design conversation, the less it costs to get right.

What AML obligations apply to crypto exchanges and digital asset firms?

Crypto exchanges and firms offering convertible virtual currency (CVC) services are generally treated as Money Services Businesses (MSBs) under FinCEN regulations, requiring registration, an AML program, customer identification (KYC), transaction monitoring, and suspicious activity reporting (SAR filing). CFTC-registered entities have additional AML obligations under NFA rules. State-level money transmission licenses may layer on further requirements depending on jurisdiction and business model.

How do I structure a KYC program that satisfies both FinCEN and CFTC/NFA requirements?

A compliant KYC program needs to include customer identification procedures (CIP), beneficial ownership verification for legal entities, risk-based enhanced due diligence for higher-risk customers, and periodic review processes. NFA-registered firms must also comply with NFA Compliance Rule 2-9, which requires a specifically tailored AML program approved in writing by senior management and subject to independent testing. Harmonizing these requirements into a single, operationally efficient program is the most cost-effective approach.

How do I know whether my crypto firm needs a full AML program overhaul versus targeted improvements?

This requires testing both components independently. KYC vendor performance can be assessed by reviewing a sample of customer files against your standards—are the right documents being collected, are beneficial ownership structures being identified, are high-risk customers being flagged for enhanced due diligence? Internal program effectiveness is assessed by evaluating whether your team is acting on vendor outputs—are enhanced due diligence reviews being completed, are high-risk customers being reviewed periodically, are decisions being documented? A compliance review covering both the vendor output and the internal process usually reveals quickly which side is the weak link.

What's the difference between an AML compliance review and an AML audit, and which does my firm actually need?

An AML audit is typically a formal, structured assessment conducted against a fixed standard—often required by regulators or NFA rules—that produces a determination against specific compliance requirements. An AML compliance review is a more flexible, advisory-oriented engagement that focuses on identifying gaps, assessing program effectiveness, and recommending improvements. If you're trying to satisfy a regulatory requirement or prepare for an examination, an audit is what you need. If you're trying to understand where your program is weak and how to improve it before an examination, a compliance review is more appropriate—and usually more useful as a practical matter.

How do I know if my KYC vendor is doing enough, or whether our internal program is the weak link?

This is a question that requires testing both components independently. KYC vendor performance can be assessed by reviewing a sample of customer files against your standards — are the right documents being collected, are beneficial ownership structures being identified, are high-risk customers being flagged for enhanced due diligence? Internal program effectiveness is assessed by evaluating whether your team is actually acting on vendor outputs — are enhanced due diligence reviews being completed, are high-risk customers being reviewed periodically, are decisions being documented? A compliance review that covers both the vendor output and the internal process usually reveals quickly which side is the weak link.

We passed our last NFA audit, but we're expanding into new products. Does our existing AML program still cover us?

Not necessarily. An AML program is designed to address the specific risks posed by a firm's current products, customers, and geographies. When you expand into new products—particularly new digital asset products—you introduce new risk typologies that your existing program may not be designed to detect. Passing a prior audit means your program was adequate for what you were doing at the time, not for what you're doing now. Before you launch a new product, a focused review of your AML program against the risk profile of that product is the right step—both to ensure you're actually covered and to demonstrate to regulators that you took a risk-based approach to the expansion.

We've never had an AML examination. How do we know how prepared we actually are?

The most honest answer is you don't know until you test it. Firms that have never been examined tend to either overestimate or underestimate their readiness, and both are dangerous in different ways. An independent AML readiness assessment—structured to replicate the scope and depth of a regulatory examination—is the most reliable way to find out where you actually stand. It typically covers your written program, your KYC procedures, your transaction monitoring configuration and alert review process, your SAR filing history, your independent testing record, and your training program. The findings give you a concrete remediation list before a regulator generates one for you.

My firm is under CFTC investigation or has received a subpoena. What should I do first?

Preserve all potentially relevant documents and communications immediately—a litigation hold should be issued before any other steps. Engage legal counsel with CFTC enforcement experience. If you don't already have a compliance advisor engaged, now is the time, as regulators often look more favorably on firms that demonstrate proactive remediation. Avoid making voluntary representations to staff without counsel present.

What is a corporate monitor, and when does the CFTC or DOJ require one?

A corporate monitor is an independent third party appointed—either by agreement or court order—to oversee a firm's compliance with a settlement, consent order, or deferred prosecution agreement. Monitors are typically required when a firm's compliance failures were serious or systemic, and regulators need ongoing assurance that remediation is genuine. The monitor reports to the regulator, not to the firm, and has broad authority to review policies, test controls, interview staff, and flag deficiencies.

What does a third-party compliance review involve, and how is it different from an audit?

A third-party compliance review is a targeted, expert assessment of whether a firm's policies, procedures, and controls are reasonably designed and actually functioning. Unlike a financial audit, it focuses on regulatory risk—are your AML controls adequate? Is your trade surveillance calibrated correctly? Are your disclosures accurate? The output is typically a written report with findings and recommendations, which can be used internally for remediation or shared with regulators as evidence of good-faith compliance efforts.

We received a CFTC request for information. How do we know if this is a routine inquiry or the beginning of a formal investigation?

The distinction isn't always clear from the request itself, which is why the first call after receiving any CFTC communication should be to experienced regulatory counsel. That said, there are signals: informal requests for information are often broader and less structured than formal subpoenas or Civil Investigative Demands; the specific documents or data requested can signal whether the CFTC is looking at a general industry practice or at your firm specifically; and the division or office the request comes from can indicate the nature of the inquiry. Regardless of the category, the response strategy matters—how you respond to an informal inquiry can affect whether and how it escalates.

We hired a law firm to manage our regulatory response, but they recommended bringing in a compliance advisor. What does that advisor actually add?

Your law firm manages the legal exposure—the litigation strategy, the negotiating position, and the attorney-client privileged communications. A compliance advisor addresses the operational dimension: assessing the root cause of the underlying compliance failures, designing and implementing the remediation, and building the documentation that demonstrates your compliance program has genuinely improved. Regulators are experienced at distinguishing between firms that have fixed their compliance programs and firms that have improved their legal paperwork. A compliance advisor is often the difference between those two outcomes—and law firms experienced in CFTC matters typically recommend one precisely because they understand that distinction.

How do we evaluate whether a proposed independent monitor is truly independent and has the right credentials?

Independence requires that the monitor has no financial relationship with the firm, no prior advisory work that would create a conflict, and a governance structure that reports to the regulator rather than to firm management. Credentials require subject matter expertise specific to the violations at issue—a monitor for AML failures should have deep AML expertise; a monitor for market manipulation failures should have a market surveillance background. Ask about prior monitoring engagements, ask for references from the regulators who approved those monitors, and understand exactly how the monitor's reporting is structured. A monitor who is independent in name but practically captured by the firm is a liability, not an asset.

Our firm is negotiating a settlement with the CFTC. How do we know if we need an independent compliance monitor or if we can self-remediate?

Whether a monitor is required is largely a function of what the CFTC will accept as part of the settlement, which depends on the severity of the violations, the strength of your remediation plan, and the CFTC's level of confidence in your firm's ability and willingness to fix the underlying problems. Firms with serious or systemic violations, a history of non-compliance, or weak compliance infrastructure are far more likely to have a monitor required. Firms that can demonstrate a credible, detailed remediation plan with independent verification mechanisms have more negotiating room. A compliance advisor can help you build the kind of remediation plan that makes self-remediation a plausible outcome.

We're under a consent order. How do we know if our remediation plan is substantive enough to satisfy the regulator's expectations?

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast

How do I engage effectively in the CFTC or SEC rulemaking process?

Formal comment letters are the primary mechanism for influencing proposed rules. Effective comments are specific, grounded in market structure or operational realities, and offer concrete alternative approaches rather than simply opposing a proposal. Pre-proposal engagement — through meetings with Commission staff or participation in advisory committee proceedings — is often more influential than comment letters alone. If your firm has a significant stake in a regulatory outcome, building a relationship with staff before a proposal is published is far more effective than reacting after the fact.

What should crypto firms know about current legislative developments affecting CFTC jurisdiction?

Congressional efforts to establish a comprehensive digital asset regulatory framework have been ongoing, with key debates centering on the CFTC/SEC jurisdictional divide, the treatment of decentralized finance (DeFi), stablecoin issuance standards, and exchange registration requirements. Legislative outcomes will significantly affect which registration pathway applies to your business model. Monitoring and participating in the legislative process is a strategic business activity, not just a compliance exercise.

We want to influence crypto legislation. How do we know if we need a policy advisor, a lobbying firm, or both?

A lobbying firm manages relationships with elected officials and their staff—the access and advocacy side of the equation. A policy advisor helps you develop the substantive positions: understanding what a proposed framework would actually mean for your business, identifying the specific provisions that help or hurt you, and crafting technically credible arguments that can withstand legislative and regulatory scrutiny. Both are often needed, but for different reasons. A lobbying firm without strong policy substance is less effective; a policy advisor without legislative relationships has no delivery mechanism. Firms with significant stakes in crypto legislation typically engage both, with the policy advisor feeding the substantive arguments that the lobbying firm delivers.

Our industry association is submitting a comment letter on a proposed CFTC rule. How do we know if we need outside advisory support versus handling it internally?

If your team has direct expertise in the regulatory area being addressed—and can analyze the proposal's technical implications for your business, draft a comment that engages substantively with the rule text, and propose specific alternative approaches rather than just expressing general opposition—you may be able to handle it internally. If any of those elements are missing, outside support is worth the investment. Comment letters that lack technical depth or fail to engage with the specific regulatory language rarely move the needle. A policy advisor who knows how CFTC staff reads and weights comment letters can make a significant difference in both the quality and the impact of your submission.

We're a smaller firm — is policy engagement actually worth it for us, or is it only meaningful for large institutions?

The threshold for immediate action is lower than most firms expect. Regulatory developments that warrant prompt attention include: proposed rules with approaching comment deadlines; enforcement actions against competitors that signal a shift in regulatory priorities; legislative proposals that would directly affect your registration status or product viability; and guidance or no-action letters that affect the legal basis for your current operations. A wait-and-see approach is appropriate for early-stage legislative discussions with uncertain outcomes, international regulatory developments without direct US applicability, and enforcement actions against firms whose fact patterns are clearly distinguishable from yours. When in doubt, a brief advisory session to assess the significance of a development is far less expensive than missing a window to act.

How do we know when a regulatory development requires immediate strategic action versus a wait-and-see approach?

The threshold for immediate action is lower than most firms expect. Regulatory developments that require prompt attention include: proposed rules with comment deadlines that are approaching; enforcement actions against competitors that signal a shift in regulatory priorities; legislative proposals that would directly affect your registration status or product viability; and guidance or no-action letters that affect the legal basis for your current operations. Wait-and-see is appropriate for early-stage legislative discussions with uncertain outcomes, international regulatory developments without direct US applicability, and enforcement actions against firms whose fact patterns are clearly distinguishable from yours. When in doubt, a brief advisory session to assess the significance of a development is far cheaper than missing a window to act.

How do we assess whether a proposed piece of digital asset legislation would help or hurt our business model?

This requires a two-step analysis. First, a technical reading of the legislation: what does it actually require, prohibit, or enable? Second, a mapping of those requirements against your current business model: which provisions create new compliance burdens, which open up new opportunities, which change the competitive landscape in ways that favor or disadvantage your model? Many firms rely on summary descriptions of legislation rather than reading the actual text—and summary descriptions frequently miss the provisions that matter most. A policy advisor with regulatory expertise can do both steps accurately and quickly, and can flag provisions that look neutral but carry significant operational implications.