Regulatory Roundup #16

Summary

Japan’s cabinet approved what is, in our view, the most comprehensive restructuring of its crypto regulatory framework since Mt. Gox, moving digital assets from a payments regime into the full securities law architecture of the Financial Instruments and Exchange Act - a shift that touches exchanges, staking providers, bank subsidiaries, technology vendors and overseas solicitors simultaneously. Hong Kong issued its first stablecoin licenses, placing a concrete bet on the bank-led, reserve-backed model. In Washington, the Senate returned from Easter recess to find Treasury Secretary Bessent, SEC Chair Atkins and a newly re-converted Brian Armstrong all endorsing the CLARITY Act - a rare moment of consensus that now has roughly six weeks to survive contact with the legislative calendar. The GENIUS Act continues to become real, with FinCEN and OFAC publishing a joint proposed rule requiring stablecoin issuers to build bank-grade AML programs. South Korea’s Bank of Korea called for crypto circuit breakers after Bithumb accidentally credited customers with $42 billion in Bitcoin, a sentence that does not get easier to write the second time. Meanwhile, transatlantic agencies and private-sector participants involved in Operation Atlantic traced $45 million in stolen crypto and froze $12 million. A quiet week, in other words.

🔦 Spotlight

🇯🇵 Japan’s FIEA bill: momentum building

Japan’s cabinet approved 「金融商品取引法及び資金決済に関する法律の一部を改正する法律案」, the bill making amendments to the Financial Instruments and Exchange Act (FIEA) and Payment Services Act
(PSA) on April 10, moving crypto assets from the PSA framework - which treated them as payment instruments - to the FIEA, which governs financial instruments. The bill now goes to the National Diet for final passage, with implementation targeted for fiscal 2027. The headline provisions - mandatory issuer disclosures and an insider trading ban in the bill itself, alongside linked reform tracks around a flat 20% capital gains tax and a possible spot Bitcoin ETF pathway - have received most of the international attention. They deserve it. However, for institutions, the more consequential story is in the lesser known provisions.

Japan’s digital asset market is larger than its international profile suggests. The country had more than 12 million verified crypto accounts as of early 2025 - roughly one in ten residents - with more than 5 trillion yen in digital assets held under local custody. The FSA was receiving more than 1,300 crypto-related consumer inquiries per quarter, many concerning fraud and malicious solicitation. Capital had been flowing steadily to Singapore, Dubai and Hong Kong, not least because Japanese investors faced a progressive tax rate on crypto gains reaching 55%, applied under the miscellaneous income category - the same bracket used for gambling winnings. The gap between how crypto was regulated and how it was actually being used had become structurally untenable.

The reclassification from PSA to FIEA is not simply a relabeling exercise. The PSA was built around the logic of payment systems: it imposed registration requirements, AML obligations and custody rules, but it was never designed to handle disclosure regimes, market abuse prohibitions or investor suitability frameworks. The FIEA is. Moving crypto under it means exchanges will face a framework arguably equivalent in compliance burden to Type I Financial Instruments Business - Japan’s most demanding category of securities firm registration - with all the governance, internal controls and suitability infrastructure that implies. Exchanges that operate other business lines not incidental to exchange services will face a prior-approval requirement from the FSA before doing so. The compliance lift is substantial and should not be underestimated by firms that have been operating under the relatively lighter PSA framework.

The provision that has received almost no attention outside Japan, but which is directly material for institutional staking providers, concerns the custodial boundary. The FSA’s Financial System Council Working Group has indicated that the act of borrowing crypto assets from users in order to engage in staking or re-lending is considered to require regulation equivalent to investment management business. The bill proposes implementing this through a new regulated category of 'crypto asset trading business' that sits parallel to, rather than identical with, the existing Type I Financial Instruments Business registration. Market participants tracking the JFSA process have indicated that registration obligations will likely apply to entities with custody of client assets, not to technical infrastructure providers operating without it. For institutional staking providers, this is the regulatory perimeter question that matters. Non-custodial infrastructure provision appears likely to remain outside the licensing requirement; custodial staking services appear likely to fall within it. Final FSA guidance is still pending, but the direction is clear enough for firms to begin planning against.

A second under-reported provision concerns the technology supply chain. The bill appears to contemplate a pre-notification regime for critical third-party system providers - vendors supplying infrastructure used by exchanges to safeguard and manage customer assets - requiring them to notify the regulator before deploying or materially changing those systems. The rationale is straightforward: a significant proportion of crypto exchange hacks in Japan and globally have originated in third-party infrastructure rather than the exchange’s own systems. The Coincheck hack in 2018, which cost customers $530 million, is the domestic reference point. If implemented as expected, this would extend regulatory reach upstream to the vendor layer and treat exchange resilience as a supply chain problem, not just an operator problem. Institutional readers who have followed the FCA’s SYSC 15A operational resilience work in the UK will recognize the logic immediately.

Also quietly significant is the treatment of bank and insurance company subsidiaries. Japanese banks and insurers are currently prohibited from operating crypto exchanges. The bill would permit their subsidiaries to issue, trade and intermediate crypto assets, subject to suitability requirements and risk management frameworks. Japan’s banking sector is among the most conservative in the developed world, and its distribution reach into retail and institutional markets is extensive. If major banking groups begin entering the crypto market through subsidiary structures - a move they can now plan for - the effect on institutional credibility and product accessibility would be material. It also creates a new category of regulated counterparty that firms outside Japan will need to understand.

On capital adequacy, the bill appears aimed at closing a gap that has persisted since Mt. Gox. Beyond existing hot wallet reserve requirements - Japan already requires exchanges to hold 95% of assets in cold storage, with hot wallet positions backed one-for-one by cash reserves - the reform discussion points toward exchanges being required to maintain reserve funds covering the value of assets held in cold wallets as well. The logic is that cold storage protects assets from theft but does not protect customers if the exchange fails. If implemented in that form, the result would be one of the most demanding exchange capital adequacy frameworks of any major jurisdiction.

On decentralized exchanges the FSA has been candid about the limits of its current thinking. It acknowledges it does not yet have a regulatory model calibrated to DEX technical characteristics and will develop one. For now, DEX platforms operate in a holding pattern. That candor is preferable to regulatory overreach, but firms building DEX infrastructure for the Japanese market should not mistake the absence of rules for a long-term safe harbor.

The bill still needs to pass the National Diet, and cabinet approval is procedural rather than legislative. However, the political backing is strong - Japan’s Finance Minister Katayama has declared 2026 “the first year of digital” - and the FSA has spent the better part of a year building the analytical foundation for this reform through the Financial System Council Working Group. The momentum is building for a lasting digital asset framework in Japan.

🌎 Global Developments

🇺🇸 United States

🏛️ The CLARITY Act’s narrowing window

The Senate returned from Easter recess on April 13 with the CLARITY Act at what its sponsors are calling a make-or-break inflection point, and for once the hyperbole is roughly accurate. Treasury Secretary Scott Bessent set the tone with a Wall Street Journal op-ed published April 8, framing the bill as a matter of national security and arguing that regulatory uncertainty had driven crypto development to Abu Dhabi and Singapore. SEC Chair Paul Atkins backed the push the following day. Then on April 10, Coinbase CEO Brian Armstrong - who pulled the company’s support for the bill in January, declaring he would rather have no bill than a bad one - reversed course publicly, thanking Bessent for his intervention and declaring it was time to pass the CLARITY Act. The reversal followed Coinbase CLO Paul Grewal expressing confidence on April 1 that a deal on stablecoin yield was imminent, and a White House Council of Economic Advisers report finding that a full passive yield ban would cost consumers $800 million annually for what it described as negligible benefit to deposit stability.

The stablecoin yield compromise brokered by Senators Tillis and Alsobrooks draws a line between passive yield on held balances - prohibited - and activity-based rewards tied to payments, transactions and platform use - permitted. Banks wanted the former closed entirely; crypto firms wanted the latter preserved. The current text attempts to split that difference, though Stripe has also flagged concerns about how workable the activity-reward definitions are in practice. Senate Banking Committee Chair Tim Scott is targeting a markup in the second half of April, with a May Senate floor vote seen as the last viable window before the November 2026 midterms start consuming the legislative calendar. Five sequential steps still stand between a successful markup and the President’s desk, and DeFi provisions and ethics language around officials’ crypto holdings remain open. The window is real but it is not wide.

💵 GENIUS Act grows teeth: FinCEN and OFAC propose AML rules for stablecoin issuers

While the CLARITY Act dominates the headlines, the GENIUS Act has quietly moved from legislation into compliance reality. On April 8, Treasury’s Financial Crimes Enforcement Network and the Office of Foreign Assets Control jointly published a proposed rule implementing the GENIUS Act’s AML and sanctions compliance requirements for permitted payment stablecoin issuers, with the Federal Register version appearing on April 10. The proposal treats stablecoin issuers as financial institutions under the Bank Secrecy Act, requiring them to build full AML and counter-terrorism financing programs, conduct customer due diligence, file suspicious activity reports, and maintain the technical capability - alongside policies and procedures - to block, freeze or reject impermissible transactions, including in some circumstances in secondary markets, where there is a legal obligation to do so. That last element will attract the most industry scrutiny: the carve-out for cases where no legal obligation exists provides some comfort, but the expectation of on-chain transaction controls is a meaningful operational requirement for issuers whose infrastructure was not designed with that capability in mind.

The proposed rule also establishes what state-level stablecoin regimes must look like to be deemed substantially similar to the federal framework, allowing smaller issuers with under $10 billion in supply to operate under state oversight rather than direct federal supervision. FinCEN and OFAC estimate roughly fifty permitted payment stablecoin issuers will be operating on average during the first three years of the regime. The comment period runs sixty days from Federal Register publication. The rule arrived alongside a separate FDIC framework and builds on OCC guidance issued in February, making this a dense week of GENIUS Act implementation activity that deserves more attention than the CLARITY Act drama has left room for.

🔬 SEC’s “Reg Crypto” is one step from the door

On April 6, SEC Chair Atkins confirmed in Nashville that the Commission’s “Regulation Crypto Assets” proposal - known informally as Reg Crypto - has been submitted to the White House Office of Information and Regulatory Affairs, the last step before formal publication for public comment. The proposal has three components: a startup exemption allowing early-stage projects to raise up to approximately $5 million over four years under principles-based disclosure; a broader fundraising exemption permitting raises of up to $75 million per year under stricter requirements; and an investment contract safe harbor that shields certain tokens from securities classification once the issuing team’s active management obligations end. The framework builds on Commissioner Hester Peirce’s earlier Token Safe Harbor concept and the joint SEC-CFTC interpretive release published on March 17. OIRA reviews typically take between thirty and ninety days. When it lands, it will be the first formal SEC rulemaking to create a compliant pathway for token fundraising in the US - which is either long overdue or arrived remarkably quickly, depending on how long you have been waiting.

🖥️ SEC staff carve out space for self-custodial wallet interfaces

On April 13, the SEC's Division of Trading and Markets published a staff statement setting out the circumstances in which operators of certain front-end interfaces used with self-custodial wallets to prepare transactions in crypto asset securities will not face staff objection for operating without broker-dealer registration under Section 15(a) of the Exchange Act. The statement is expressly interim and, absent Commission action, will be withdrawn automatically on April 13, 2031.

The statement is meaningful for DeFi infrastructure providers, but narrow. The staff says it will not object where a covered interface lets users customize transaction parameters, does not solicit specific transactions, clearly discloses affiliated venues, and displays routing options using pre-disclosed, objective and independently verifiable parameters. Interfaces may sort routes by factors such as price or speed, but may not editorialize by describing one route as offering the "best price" or being "most reliable". Compensation must be limited to fixed user charges that are product, route, venue and counterparty agnostic, which would appear to rule out payment-for-order-flow style arrangements. Providers must also maintain policies and procedures covering venue onboarding, conflicts, cybersecurity and protection of user trading information, and make prominent disclosures about their role, fees, conflicts and any limits on available assets or venues.

Just as important is what the statement does not cover. It does not extend to providers that negotiate transaction terms, solicit specific trades, make recommendations, arrange financing, hold or access user funds, execute or settle transactions, or take or route orders. In effect, the staff is drawing a narrow non-objection zone around the interface layer that translates user instructions into blockchain-legible commands, while stopping well short of anything that starts to resemble conventional brokerage. Because this is staff guidance rather than Commission rulemaking, it carries no independent legal force and could be revisited by a future Commission. For now, though, it gives front-end providers dealing with crypto asset securities a clearer, if temporary, map of where the registration line sits.

🇪🇺 European Union

🏛️ ECB formally backs ESMA centralization

The ECB adopted Opinion CON/2026/13 on April 9, formally endorsing the European Commission’s Markets Integration and Supervision package and its proposal to move primary supervisory responsibility for crypto-asset service providers from national regulators to ESMA. The ECB’s opinion supports giving ESMA direct supervision of the most systemically significant cross-border capital market actors, including CASPs, while noting that national competent authorities should continue to play a meaningful and substantial role. The central bank cited its own research showing that 62 of the 94 MiCA-authorized CASPs as of November 2025 intended to operate in seven or more member states, making the current patchwork of national supervision structurally inadequate for the market it is supposed to oversee. It also requested a non-voting seat on ESMA’s board and cautioned that any transfer of powers should be carefully sequenced, with ESMA needing significantly more staff and funding before taking on the expanded remit. Malta has already pushed back, calling the proposal premature. The package now enters multi-month EU legislative negotiations. We covered the MIS package in depth in Issue 10; the ECB’s formal endorsement moves the debate from theory to institutional momentum, but the legislative timeline remains long.

🇬🇧 United Kingdom

🤝 Operation Atlantic wraps up

The results of Operation Atlantic, the joint enforcement sprint first announced last month, were published on April 10. Hosted at the UK’s National Crime Agency headquarters in London and involving agencies from the US, UK and Canada alongside Coinbase, Binance, Kraken, Chainalysis and Tether, the week-long operation focused on approval phishing fraud - schemes in which malicious actors obtain access to victim wallets via fake authorization requests. According to participants in the operation, more than 20,000 victims were identified, $45 million in stolen crypto was traced to fraud schemes, and $12 million was frozen. Over 120 fraudulent web domains were flagged for takedown. Coinbase noted that coordination which would have taken months in traditional finance was compressed into a single week using blockchain analytics. The FBI’s most recent figures put total crypto scam losses at $11.4 billion in 2025, which puts $12 million frozen in context, but the cross-border public-private operational model is the story here rather than the dollar amounts.

🌏 Asia-Pacific

🇭🇰 Hong Kong issues first stablecoin licenses - and picks its banknote printers

The Hong Kong Monetary Authority granted its first stablecoin issuer licenses under the Stablecoins Ordinance on April 10, selecting HSBC and Anchorpoint Financial - a joint venture between Standard Chartered, Hong Kong Telecom and Animoca Brands - from a pool of thirty-six applications. Both are authorized to issue HKD-pegged tokens backed one-for-one by liquid assets in segregated accounts. HKMA Deputy CE Darryl Chan was direct about the selection logic, citing the applicants’ experience in traditional finance and risk management as the decisive factor. Worth noting: HSBC and Standard Chartered are two of the three commercial banks authorized to print Hong Kong dollar banknotes. The HKMA did not make that connection explicitly, but the licensing outcome still points clearly toward a deliberate decision to anchor digital HKD issuance in the same institutional ecosystem that underpins the physical currency.

The two projects are structured differently, but the public details remain limited. HSBC has said it is targeting a retail-facing HKD stablecoin launch in the second half of 2026. Anchorpoint has indicated that preparatory work is under way ahead of launch. The HKMA itself says both licensees intend to complete the necessary preparations before going live. That is sensible for a regime that is only now moving from rulebook to live supervision.

The broader significance is what Hong Kong has done that most other jurisdictions have not: stopped debating and started licensing. South Korea’s National Assembly is advancing its Digital Asset Framework Act this week while the Bank of Korea and FSC remain deadlocked over whether KRW stablecoin issuers must be majority bank-owned. The EU has produced no licensed sovereign-currency stablecoin under MiCA. The UK sandbox is still running. Hong Kong has, in effect, placed a concrete bet on the bank-led, reserve-backed model. Whether it gains any traction against entrenched USD stablecoin dominance is now live rather than theoretical.

🇰🇷 South Korea: Bithumb’s $42 billion typo prompts circuit breaker call

In February, Bithumb attempted to distribute Bitcoin worth 620,000 Korean won - roughly $460 - as prizes for a customer event. An employee input error resulted in 620,000 Bitcoin being credited to customer accounts instead, an internal system error rather than an on-chain transaction, but one with very much on-chain consequences: some recipients sold the erroneously credited Bitcoin immediately, causing prices on Bithumb to crash temporarily, triggering panic selling and forcing automated liquidations of Bitcoin-backed loans. Korean media reported that 99.7% of the mistakenly credited Bitcoin was subsequently recovered. The Bank of Korea’s 2025 Payment and Settlement Report, published April 13, cited the incident as evidence of inadequate internal controls and called for the introduction of KRX-style circuit breakers alongside real-time blockchain reconciliation systems that can verify whether internal ledgers match actual on-chain balances. These are recommendations rather than binding rules for now, but given that the Digital Asset Framework Act (DAFA) is advancing through the National Assembly this week - with the BOK and FSC still deadlocked over whether KRW stablecoin issuers must be majority bank-owned - the central bank is clearly in the mood to add infrastructure requirements to its wish list while the legislative window is open.

🔎 Things to Watch

• 🇺🇸 CLARITY Act: Senate Banking Committee markup targeted for the second half of April. Missing the May Senate floor window likely pushes the bill into midterm territory.
• 🇺🇸 GENIUS Act AML rule: sixty-day public comment period from Federal Register publication. On-chain transaction control requirements will attract significant industry response.
• 🇺🇸 SEC Reg Crypto: OIRA review underway; publication expected within thirty to ninety days.
• 🇯🇵 Japan FIEA bill: Diet passage expected this session; implementation targeted for fiscal 2027. FSA guidance on custodial staking registration and DEX framework to follow.
• 🇰🇷 South Korea Digital Asset Basic Act: National Assembly passage timeline and resolution of BOK-FSC stablecoin ownership dispute.
• 🇺🇸 California DFAL: license applications open via NMLS; compliance deadline July 1, 2026.
• 🇬🇧 FCA authorization gateway opens September 30, 2026, ahead of the October 2027 regime go-live.
• 🇪🇺 Poland: MiCA transition period expires July 1, 2026. No implementing legislation in place. Domestic CASPs face an existential legal vacuum.

Coming into view:

• 🇪🇺 EU Markets Integration and Supervision package: multi-month legislative negotiations now underway following ECB endorsement.
• 🇯🇵 Japan FIEA implementation: FSA guidance on custodial staking registration obligations and DEX regulatory framework.
• 🇯🇵 Japan tax reform: linked reform track targeting a 20% flat rate on crypto gains; Diet debate expected alongside FIEA passage.

‍

^{DISCLAIMER: The views and opinions expressed herein are those of the author(s) and do not necessarily reflect the views of Talos Global, Inc. or its affiliates (collectively, "Talos") and summarizes information and articles with respect to cryptocurrencies or related topics. This material is for informational purposes only and is only intended for sophisticated institutional investors, and is not (i) an offer, or solicitation of an offer, to invest in, or to buy or sell, any interests or shares, or to participate in any investment or trading strategy, (ii) intended to provide accounting, legal, or tax advice, or investment recommendations, or (iii) an official statement of Talos. No representation or warranty is made, expressed or implied, with respect to the accuracy or completeness of the information or to the future performance of any digital asset, financial instrument or other market or economic measure. The information is believed to be current as of the date indicated and may not be updated or otherwise revised to reflect information that subsequently became available or a change in circumstances after the date of publication. Talos and its employees do not make any representation or warranty, expressed or implied, as to accuracy or completeness of the information or any other information transmitted or made available. Investing in cryptocurrency comes with risk. Certain statements in this document provide predictions and there is no guarantee that such predictions are currently accurate or will ultimately be realized. Prior results that are presented here are not guaranteed and prior results do not guarantee future performance. Recipients should consult their advisors before making any investment decision. Talos may have financial interests in, or relationships with, some of the assets, entities and/or publications discussed or otherwise referenced in the materials. Certain links that may be provided in the materials are provided for convenience and do not imply Talos's endorsement, or approval of any third-party websites or their content. Any use, review, retransmission, distribution, or reproduction of these materials, in whole or in part, is strictly prohibited in any form without the express written approval of Talos.}