Key Takeaways from Thompson Hines Investment Management Coffee Chat Featuring Nathan Lamb, Brian Lanciault, and Marc Minor.

Digital asset markets are evolving faster than the rules designed to govern them. In our latest Coffee Chat webinar, our team explored the enforcement trends, compliance pitfalls, and operational risks firms need to understand right now. Here are the highlights.

  • Cooperation still pays. Regulators have credited firms with meaningful penalty reductions for taking remedial action during an investigation — even without prior self-disclosure. The SEC also recently rescinded its 50-year “neither admit nor deny” settlement policy, creating new negotiating leverage for firms in enforcement proceedings.
  • AML and KYC are top exam priorities. The pseudonymous nature of crypto is fundamentally at odds with Bank Secrecy Act requirements. Regulators are flagging failures in transaction monitoring, sanctions screening, and failure to register as money transmitters. Firms are responding by attaching unique identifiers at onboarding, leveraging blockchain’s immutable audit trail, and using geolocation and IP data to flag high-risk activity.
  • The Travel Rule is a cross-border compliance maze. The U.S. threshold is $3,000, but the EU and UK require compliance on every transaction, and other jurisdictions vary widely. Firms transacting internationally need jurisdiction-specific compliance logic — not a one-size-fits-all approach — or they risk becoming a regulatory target.
  • Cyber preparedness is non-negotiable. Crypto attacks are different: when a wallet is compromised, losses are immediate and often irreversible. Firms need a written incident response plan, pre-retained legal and forensic counsel, and regular tabletop exercises — before something happens. In the first 24 hours: don’t pay ransoms, contact the FBI’s IC3, preserve evidence, and isolate affected systems.
  • Smart contract developers have real liability exposure. Courts are drawing a clear line around control. If you can pause a protocol, push upgrades, or vote governance tokens, you may bear legal responsibility for how that protocol is misused. Immutable contracts with no post-deployment control carry far less exposure.

What to Watch

  • The Clarity Act — proposed legislation to classify crypto assets into distinct regulatory buckets; its future is uncertain after recent pushback over stablecoin provisions
  • Prediction markets — increasingly in regulators’ sights for potential insider trading
  • Evolving asset classification — the SEC/CFTC’s joint taxonomy raises the possibility that a security today could become a commodity tomorrow, introducing new uncertainty even as regulators seek clarity

For a deeper dive into any of these topics, watch the full webinar recording here or reach out to your Thompson Hine counsel.