Introduction

Bitcoin started as a fringe movement born from financial disillusionment after the 2008 crisis. For years, it lived on the edges of the internet, misunderstood, ignored, or mocked. Then, it became too big to ignore.

Today, crypto has a market cap of around $3 trillion, more than Canada’s or Brazil’s GDP. Still, crypto is a rounding error compared to the global GDP, over $115 trillion. It’s not small enough to dismiss, but it’s not large enough to explain away its image problem, which runs deep.

Despite making up just a sliver of the world’s economic activity, crypto continues to be painted as a larger-than-life threat. Ask ten people what they associate with crypto, most will say fraud, crime, and scams. It’s become the default narrative that crypto is the Wild West of finance.

But here’s what the numbers say. For 2024, Chainalysis revealed that the total volume of illicit crypto activity was estimated at $40 billion.

That’s a lot, until you realize it accounts for around 0.14% of all on-chain transactions. And even that figure includes gray areas like sanctioned wallets or mixers, which aren’t necessarily tied to criminal enterprises.

Compare that to the traditional financial system, where global illicit flows are estimated at over $3 trillion annually according to Nasdaq’s Global Financial Crime Report. That aligns with UN estimates that between 2 and 5% of global GDP is laundered annually. Most of it moves through banks, corporate structures, and cash economies. It doesn’t trend on X because it doesn’t leave a blockchain trail.

That’s the irony. Crypto crime looks more visible because it’s recorded in real time. Every hack, every movement of funds is traceable. Not so with traditional money laundering, where even law enforcement hits blind spots.

This isn’t to say crypto is clean—far from it. There are significant risks. Exchanges get hacked. Compliance gets skipped. Bad actors still operate in the shadows. But those problems aren’t unique to crypto; its transparency amplifies them, as does the negative mass media narrative.

The industry’s real challenge isn’t criminality. It’s perception, and that perception is now affecting policy, enforcement, and regulation in places like Europe.

The current report assesses the intersection of risk and innovation that countries and platforms take with crypto, comparing enforcement patterns, regulatory clarity, and security incidents across jurisdictions and platforms. Analyzing the successes and failures of regulatory regimes – from El Salvador’s pioneering approach to Europe’s MiCA challenges – highlights the practical consequences of policy decisions for industry players and investors alike.

Through data-driven insights and expert commentary, the report provides actionable intelligence for regulators, founders, and institutions seeking to navigate the evolving balance between innovation, compliance, and sustainable growth.

We start by looking at it through a regulatory lens. Then, we move to industry-wide risk compared with other industries. Finally, we drill down into a few examples to see how crypto companies balance growing their customer base while limiting regulatory and market risk.

The Balance Between Customer Protection and Fostering Innovation for Regulators

The global crypto asset industry stands at a crossroads. The narrative of risk is often exaggerated, and the true challenge is finding the equilibrium between innovation and user protection. Despite this, the sector faces disproportionate scrutiny, with enforcement actions and compliance costs that often far exceed those imposed on legacy financial institutions.

The world’s approach to crypto asset regulation is uneven. Some countries have figured out how to balance innovation with investor protection, while others are either clamping down too hard or moving too slowly to matter. What’s clear is that regulators everywhere can no longer ignore the sector. They’re watching closely and, in many cases, tightening the grip too much.

“We’re witnessing a global reordering of digital asset leadership —jurisdictions that combine regulatory clarity with open innovation are no longer just compliant; they are competitive. Regulation is no longer a question of if but how. Those who build guardrails, not gates, will lead the next wave of responsible innovation.”

Lory Kehoe, Founder and Chair, Blockchain Ireland

Against this backdrop, El Salvador emerges as a worldwide winner. The country has demonstrated follow-through and clarity. As the first country to adopt Bitcoin as legal tender and to implement a comprehensive digital asset law, El Salvador has created an environment where innovation and user protection are not mutually exclusive. Institutions have integrated crypto at every level, and the regulatory posture is clear, consistent, and actively supportive.

“This milestone is a testament to El Salvador’s commitment to fostering a safe, transparent, and innovative crypto environment. By prioritizing robust frameworks to combat crypto-related crime, the country has demonstrated how effective regulation and international cooperation can position a nation as a global leader in digital finance.”

Nick Furneaux, Expert Crypto Investigator, TRM

El Salvador Leads in Digital Asset Regulation

El Salvador stands at the top of this year’s global rankings for digital asset regulation through regulatory clarity, institutional follow-through, and a willingness to break from legacy constraints. It was the first country to hold Bitcoin as a sovereign asset, the first to adopt it as legal tender, and among the few to implement a comprehensive digital asset law covering licensing, stablecoin frameworks, and market infrastructure.

What truly sets El Salvador apart is its “clean slate” approach. By building its regulatory regime from the ground up, the country has avoided the complexity and inertia that often slow down developed markets. The government’s commitment is evident in integrating crypto into public institutions, launching Bitcoin-backed bonds, and creating the National Commission of Digital Assets (CNAD), an independent body enforcing strict standards while fostering innovation.

Erica Perkin of The Perkin Law Firm, L.C. who has worked closely with CNAD, describes the team as: exceptional […] young, tech-savvy professionals who are not only well-versed in blockchain technology but also deeply engaged with digital assets-every member of the organization has transacted with Bitcoin.” She adds that “most hold postgraduate degrees or specialized certifications in cryptocurrency and blockchain from prestigious institutions like MIT and Harvard.”

This blend of practical experience and academic rigor, she argues, “enables them to craft policies that are both innovative and grounded in a deep understanding of the technology.”

Perkins sees El Salvador’s regulatory framework as “uniquely able to foster innovation while prioritizing robust consumer protection,” making it a global benchmark for responsible growth in the digital asset ecosystem.”

Erica Perkin, Principal, The Perkin Law Firm, L.C.

“El Salvador is leading the way in integrating digital assets into the economy while maintaining a regulatory framework supporting market stability and growth.” Ochoa de Medina points to initiatives like the CNAD’s recent meeting with the SEC to discuss a cross-border regulatory sandbox as evidence that “clear and consistent regulation can empower innovation without compromising market protection.”

Carmen Elena Ochoa de Medina, Head of El Salvador, VLRM Markets

The results speak for themselves. El Salvador’s regulatory maturity has created a predictable environment for operators and investors. Only 16% of project applications are approved, with every asset subject to a bespoke risk matrix and third-party review. The country enforces robust consumer protection measures, mandatory multi-signature wallets, and strict KYC protocols, while offering zero tax on digital assets and capital gains.

“El Salvador is establishing itself as a critical anchor in Central America and beyond for the promulgation of the importance of, and understanding of, digital assets and the future of finance. CNAD plays a leading role in this, ensuring robust compliance and consumer protection within a framework that makes commercial sense achieved in respective dialogue between the public and private sectors”.

Peter Warrack, Chief Compliance Officer, Bitfinex

The economic impact is substantial. El Salvador will manage over $150 billion in digital assets this year, with over $5 billion in conversions approved in CNAD’s first year. The country has attracted global players like Tether and Bitfinex and local startups, making it a magnet for digital asset innovation. Industry leaders see this as validation.

Adrian Hogg describes El Salvador’s emergence as “the global leader in digital asset supervision” as the product of “a bold regulatory framework, a clear vision for innovation, and a uniquely collaborative international effort.”

Adrian Hogg, Head, VLRM Markets

Julio Valdes, CEO of MIO3, adds that the legal framework has allowed market stakeholders “to see digital assets under a new scope,” driving exponential acceptance of tokenization for traditional asset classes.

El Salvador’s approach has also made it a model for asset recovery and international collaboration.

“The initiatives being developed by Juan Carlos and the team at CNAD […] will allow the country to become a world leader in identifying and targeting illicit digital assets that damage the reputation of the industry.”

Aidan Larkin, CEO, Asset Reality

Erin Plante of Asset Reality highlights the “collaborative approach El Salvador has taken with other nations, and the private sector,” inviting innovation and cooperation while building robust regulatory frameworks.

Erin Plante, SVP, Asset Reality

For those seeking legal certainty, Alfonso Martel sums it up: “The country’s pioneering move to integrate digital assets without sacrificing legal certainty proved that decision right. Today, with new projects on the horizon, I’m choosing this jurisdiction again because CNAD continues to show that innovation and predictability can-and should-coexist.”

Alfonso Martel, Chief Compliance and Legal Officer, Roxom

In short, El Salvador has become the blueprint for developed and developing countries looking to strike the right balance between innovation and user protection in digital assets. Its regulatory clarity, institutional commitment, and openness to global collaboration set a new industry standard.

Global Leaders in Regulatory Clarity

Switzerland (ranked 2nd) has stayed consistent. The country’s crypto regulatory framework is built on its financial tradition. Crypto is treated as property. FINMA works directly with the industry. And traditional banks in Switzerland are still onboarding crypto clients, which is more than most of Europe can say. Companies building there don’t face political whiplash or policy surprises. However, licensing is not as transparent, with no clear public registry, and only recently has the regulator given the green light for the first regulated blockchain platform. However, with its history in the Crypto Valley and the support of leading crypto banks, Switzerland has provided stability, making it one of the safest jurisdictions to operate globally.

Japan (4th) took a different path but reached a similar level of clarity. It responded to early failures by locking down custody rules, forcing registration of VASPs, and ring-fencing customer assets. Licensing is tight. Oversight is strong. And the country hasn’t wavered.

Unlike others that pivot with each scandal, Japan uses enforcement to improve, not “punish” the market. That kind of consistency lowers operational risk, especially for institutional players.

The UAE (7th) has embraced a multi-tiered oversight model that blends consumer protection with a clear strategy to become a Web3 hub. Regulation is split between the Securities and Commodities Authority (SCA and local bodies like VARA and ADGM, with mandatory licensing across all jurisdictions. Licensing requires detailed risk assessments, AML/CFT programs, and active compliance officers. The Travel Rule applies across the board, and custodial and trading platforms must submit ongoing reports to regulators. What sets the UAE apart is consistency. While Europe is scaring startups away with vague MiCA demands, the UAE is signing new entrants into specialized zones. Tax exemptions on most crypto services (outside of explicit fees) add another layer of appeal. But make no mistake, penalties are very real.

Non-compliant firms face license suspensions and criminal charges. That’s the balance: low friction if you comply, low tolerance if you don’t.

United States, the New “Crypto Capital”

The United States (6th) continues to confuse the industry and the world, to say the least. However, the United States climbed to the sixth place globally for digital asset regulation due to sweeping reforms in early 2025, driven by the Trump administration’s executive orders. On March 6, 2025, President Trump established the Strategic Bitcoin Reserve and the U.S. Digital Asset Stockpile, centralizing over 207,000 BTC (worth about $17 billion) and other forfeited cryptocurrencies as sovereign reserve assets.

The administration’s “Strengthening American Leadership in Digital Financial Technology” order also created the President’s Working Group on Digital Asset Markets.

It mandates that all federal agencies account for their crypto holdings and recommends budget-neutral strategies for acquiring more digital assets, including proposals to sell U.S. gold for further Bitcoin purchases.

Regulatory clarity advanced rapidly: the SEC and CFTC shifted from enforcement-first to structured compliance, relaunching the Crypto Task Force and establishing the Cyber and Emerging Technologies Unit. New rules clarified token classifications, expanded crypto ETF options, and imposed stricter KYC, AML, and stablecoin reserve requirements.

As a market example, Circle, the issuer of the USDC stablecoin, filed for an IPO in April 2025, moving towards mainstream adoption of stablecoins within traditional finance. Circle joins Coinbase, currently the only publicly listed cryptocurrency exchange in the U.S., trading under the COIN ticker on Nasdaq.

The U.S. market still holds the most capital, liquidity, and deepest institutional base, but that doesn’t eliminate the risk.

The U.S. is taking outsized risks by loosening oversight on speculative crypto assets.

The Trump administration reclassified memecoins as “collectibles,” removing SEC scrutiny and enabling projects like World Liberty Financial (WLFI) to raise over $500 million without robust investor protection. Trump’s memecoin launch and direct ties to WLFI (where 75% of proceeds reportedly benefit insiders) show that a regulatory vacuum might embolden scammers and undermine market integrity.

The country has the tools, talent, and scale to lead. However, regulatory uncertainty keeps risk elevated for any operator exposed to the U.S. In our model, this contributes both to upside and downside.

“During the stock market bloodbath, surprisingly, the US dollar weakened against the safe-haven Swiss franc as concerns about a global recession heightened following US President Donald Trump’s announcement of sweeping tariffs on trading partners. This announcement questioned the US dollar’s unofficial status as the world’s reserve currency, which stems from its relative stability compared to other currencies. Furthermore, the price of gold fell instead of rising as investors did not seek gold, a safe-haven asset to preserve their wealth.

Instead, investors turned to investing in stablecoins, with Tether USDT leading the way with $144 billion. The total market capitalization of the cryptocurrency market fell by 18%, but the stablecoin sector remained relatively resilient. The total market cap for stablecoins surged past $230 billion, a 56% increase compared to the previous year, outpacing Bitcoin’s price trajectory, suggesting increased demand for stablecoins as a haven asset during the stock market downturn, making the SEC’s stablecoin advice very timely” added Selva Ozelli Esq, CPA and Author Sustainably Investing in Digital Assets Globally.

“The U.S. remains the most capital-rich market with memecoins reclassified as collectibles as opposed to securities by the Securities and Exchange Commission (SEC). Suppose the Internal Revenue Service (IRS) also classifies memecoins as collectibles. In that case, the tax rate applicable to long-term gains on selling memecoins will be 28%, higher than the current capital gains rates. To judge whether an NFT/memecoin is a collectible, the IRS will use a “look-through analysis” as defined in the tax code.

Following World Liberty Financial’s announcement of the launch of a non-interest-bearing stablecoin USD1 on April 4, 2025, during a tariff-fueled stock market selloff that erased a record $6.4 trillion in value entering what Wall Street calls a bear market, the SEC issued a notice. This notice paved the way for a more regulated and stable digital asset landscape. It said that “Covered Stablecoins,” or tokens backed by physical fiat or high-liquidity assets and redeemable 1:1 with the US dollar, are “non-securities.” And persons involved in “minting” (or creating) and redeeming Covered Stablecoins are exempted from reporting requirements.”

Selva Ozelli Esq, CPA and Author Sustainably Investing in Digital Assets Globally

Between “Balanced” and “Uncertain”

Singapore, ranked 9th, has managed to strike a balance. Its licensing process is demanding, but transparent. The Monetary Authority of Singapore doesn’t tolerate gray-zone behavior but doesn’t trap the industry in limbo. Stablecoin legislation has moved forward. Payment tokens are being treated with precision. And exchanges that comply are allowed to operate without fear of sudden reversals. Singapore is proof that high standards don’t require chaos. KYC is enforced. AML is audited. Custody has standards. And the city-state has already approved institutional-grade stablecoin issuers under new regulations. It’s not an open door for everyone. But for those who get in, the path is straightforward. Risk is low and expectations are high.

South Korea is finally moving from restriction to structure. The Financial Services Commission (FSC) is leading a phased liberalization effort, starting with institutional access. By the end of 2025, corporate and nonprofit entities will be allowed to hold crypto under real-name verified accounts. On the enforcement side, the Virtual Asset User Protection Act is now in effect, mandating asset segregation, insurance coverage, and strict penalties for false promotions. Taxation has also been clarified, and new rules cover cross-border reporting to the Bank of Korea. A broader Digital Asset Basic Act is on the way, expected to legalize Security Token Offerings and possibly reverse the longstanding ICO ban. These reforms mean South Korea is building an actual policy framework that can scale.

Argentina now requires all DASPs to register, disclose third-party relationships, and meet FATF-grade AML standards. The framework mandates complete segregation of user funds, monthly reporting, and harsh penalties for noncompliance. Argentina is also one of the few countries where crypto can be used for legally binding contracts, and government policy now encourages transactions in any currency, including Bitcoin. That combination of legal certainty and monetary freedom has helped drive adoption. But the optimism comes with a catch. President Milei campaigned on financial reform and free markets, launched a memecoin in early 2025, and “drained” millions from retail participants. While technically outside the regulatory structure, that scandal casts a long shadow over the government’s approach. Argentina’s framework is ambitious, but trust takes more than paperwork.

The Fall of the European Union in Crypto Asset Rankings

Countries like Germany, France, and Lithuania ranked in the top 10 in last year’s regulatory ranking. With their sophisticated regulatory approaches, world-class talent, and leading banks supporting and innovating with crypto services, the old continent was seen as a stable market to invest in or develop a crypto startup. With the introduction of MiCA this year, all EU countries were ranked 22nd globally in 2025. So why the drop?

The disconnect between perception and reality has profound consequences for policy and innovation. The Markets in Crypto-Assets (MiCA) regulation was intended to harmonize rules and foster trust, but its implementation has created a regulatory bottleneck. Licensing and compliance costs have soared sixfold, forcing many startups to relocate or shut down. By the end of the year, more than 75% of Europe’s 3,167 registered VASPs will lose their status, and only a handful of companies have managed to secure MiCA licenses. This alienated talent to greener pastures. 

Financial innovation seems not to be welcomed, despite a wish from the ECB’s Christine Lagarde to decouple from using American or Chinese payment platforms. The ECB’s clear interest is in shunning local financial innovation and making space for its CBDC (Central Bank Digital Currency). This programmable Digital Euro project is presented as “the solution” to stablecoin risk, Trump, liberty, and payments innovation, which will be rolled out this year. Having a CBDC, as expected, is one of the least desired options for Europeans. Still, no one seems to care for now at the ECB, convinced that enough “marketing” can make people, companies, and the European institutions love it. However, there has been an increasing divide between the ECB and the European Commission: the ECB warns that MiCA is already obsolete in the face of aggressive U.S. deregulation under Trump. At the same time, the Commission dismisses these concerns as alarmist and ‘melodramatic’. 

“A healthy financial system depends on more than just capital. It depends on credibility. Deregulation in the U.S. may generate short-term momentum, but without strong AML enforcement, consumer protection and safeguards against market abuse, the risk of attracting bad actors grows significantly. Deliberate de-regulation doesn’t build trust. Good regulation does.

Clear regulation, consistent enforcement, and a genuine commitment to protecting participants are what create the conditions for long-term, sustainable growth. MiCA isn’t perfect, but it gives the EU a structural edge. Its high standards for governance and compliance are likely to accelerate institutional adoption by offering the clarity and protection that serious players require.

Time will tell whether empowering the big and established can outweigh the loss of shutting out the small and emerging. But long-term trust will always favor those who build with integrity.”

Marcus Mølleskov, Chief Risk & Compliance Officer, Januar

Under the ECB’s guidance, the banking sector’s reluctance to serve crypto businesses has further choked the ecosystem. Only a fraction of startups have managed to open and keep a bank account. The result is an exodus of talent and companies in which the EU’s ambitions for digital finance innovation are deeply impacted.

Despite MiCA’s promise of a unified EU crypto asset market, the reality is far messier. The single register was meant to grant companies access across the bloc. Still, leading firms like Bitpanda have felt compelled to secure MiCA licenses in multiple countries—Germany, Malta, and Austria. Companies must apply in one country, wait for central EU approval, and face additional local hurdles. Spain, for example, has its registry and requires local approval for exchanges already cleared at the EU level, creating a never-ending cycle of bureaucracy.

The European Union sold the MiCA as the solution to fragmented rules. It ended up creating new ones. Registration rates have plummeted. Few companies have secured licenses. Talent is leaving. And several large platforms are scaling back their EU presence. MiCA demands full compliance while offering none of the operational clarity companies need to meet those standards. The framework doesn’t match the reality of how crypto operates, and that’s turning the region into a no-go zone for anyone without a million-euro budget for their legal department and unlimited patience. 

High-Risk Environments

China remains fully closed. Cryptocurrency businesses have no regulatory pathway, and trading and mining are banned. The state promotes its own CBDC and makes no distinction between use cases. Crypto activity either goes offshore or underground. Companies with any exposure to China face hard limits and reputational risk.

Russia and Pakistan aren’t locked down as much, but the effect is similar. Both countries maintain a vague stance. Enforcement exists, but the rules are opaque. Licensing is absent or barely functional. Most platforms avoid operating locally, knowing policy changes are sudden, politicized, and rarely consistently enforced. These environments carry high compliance risk. They offer no room to build safely.

Operators cannot access both markets without violating international sanctions or local financial law, which is a non-starter for anyone above board.

Crypto Industry-Level Risk Landscape

The crypto sector has long carried the weight of reputational risk, often painted as the wild frontier of finance. Yet, the current picture reveals a maturing landscape when viewed through the lens of enforcement data and incident records. Enforcement is widespread, but so is growing alignment with global standards, and compared to sectors like banking or pharmaceuticals, crypto’s actual penalties tell a different story.

Crypto and Tradfi

The crypto industry’s enforcement profile appears far less severe when placed alongside traditional finance. Banks like Bank of America and JPMorgan Chase have faced penalties exceeding $97 billion, whereas the fines in the financial services sector are over $300 billion. These fines mostly stem from mortgage abuses, sanctions breaches, and scandals.

Crypto’s aggregate penalties remain a fraction of that, at $13.5 billion. Public discourse often frames crypto as exceptionally high-risk. However, enforcement data exposes this as a misconception. Traditional sectors have incurred far more significant penalties and demonstrated systemic lapses. While notable, crypto enforcement scale is very low when calculated in proportion to its market size and operational maturity.

An interesting dynamic appears when comparing the volume of enforcement records to the dollar value of penalties. Crypto exhibits a higher frequency of records than total penalties, meaning enforcement actions often focus on regulatory compliance failures rather than large-scale fraud or financial crime. In contrast, banking and energy sectors face fewer individual actions but disproportionately higher monetary penalties, typically linked to severe, systemic breaches.

Sanctions & Enforcement Overview