The Crypto Rulebook Just Got Clearer 

What It Means for Compliance Now 

On March 17, 2026, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) released long-awaited guidance that brings greater clarity to how digital assets are treated under U.S. regulation. For an industry that has long operated in a gray area, this marks a meaningful shift, providing a clearer framework for how different types of digital assets are classified and how existing rules apply. 

This is not about easing compliance. It is about applying it more precisely. 

For financial services firms, the message is clear. Existing compliance obligations such as personal trading controls, MNPI management, restricted lists, and employee disclosures must now be applied more thoughtfully based on how each digital asset is classified. Digital assets are no longer an exception. They are part of the broader compliance landscape. 

And getting it right matters. Misclassification creates real risk. Applying the wrong rules adds unnecessary complexity, while failing to apply them where required can expose firms to regulatory action. 

Before diving into specific regulatory frameworks, it is important to understand how this new classification system shapes compliance obligations. The guidance groups all digital assets into five categories, and the rules that apply depend entirely on which category an asset falls into. 

• Digital Commodities (e.g., BTC, ETH) 
  Treated as commodities under CFTC oversight, not securities. Securities laws generally do not apply, though anti-manipulation rules under the CEA remain in force. Firms may still apply internal controls beyond regulatory requirements. 

• Digital Collectibles (e.g., NFTs) 
  Not securities when held as whole assets. However, fractional or pooled structures may trigger securities rules depending on how they are structured and marketed. 

• Utility Tokens 
  Not securities when used purely for functional purposes with no expectation of profit. Standard securities compliance obligations do not apply. 

• Stablecoins 
  Qualifying payment stablecoins are not considered securities and are regulated as payment instruments. Non-qualifying structures may still require further analysis. 

• Digital Securities 
  Tokenized versions of stocks, bonds, or similar instruments are fully subject to securities laws, including trading restrictions, disclosures, and supervisory requirements. 

• Investment Contracts (Time-Limited) 
  Some crypto assets may be treated as securities for a period of time when sold under an investment contract. Once that contract ends, securities obligations may no longer apply, requiring firms to monitor classification changes. 

Guidance Highlights 

The SEC and CFTC’s joint guidance marks a fundamental shift in how firms approach digital asset compliance. At its core is a clear separation between different types of digital assets, requiring firms to apply more precise, tailored controls across their compliance programs. 

Key implications include: 

• A move away from one-size-fits-all crypto policies toward asset-specific oversight 

• Distinct compliance approaches for digital securities versus digital commodities 

• Continued application of insider trading and MNPI controls for digital securities, with added complexity around correlated assets 

• Updates required across core areas including personal trading, pre-clearance, outside business activities, private investments, and gifts and entertainment 

• Increased expectations for surveillance, supervision, and timely investigation of potential issues 

• The need to monitor asset classification changes over time and adjust controls accordingly 

Together, these changes require more dynamic, technology-enabled compliance programs that can adapt as digital assets and regulatory expectations continue to evolve. 

What This Means for Investors and Compliance Teams 

For investors, the implications are significant. The guidance provides greater clarity on how different types of digital assets are treated, helping investors better understand the risks, protections, and regulatory frameworks that apply to their holdings. It also reinforces that not all digital assets are securities, while acknowledging that certain activities, such as investment contracts, staking, or token offerings, may still trigger securities laws depending on how they are structured. As a result, investors must look beyond the asset itself and consider how it is used, marketed, and traded. 

For compliance teams, the impact is more operational. The guidance makes clear that existing compliance frameworks must now be applied with greater precision. Firms need to correctly classify digital assets, determine which regulatory obligations apply, and adjust controls accordingly. This includes aligning personal trading policies, MNPI controls, restricted lists, and supervisory processes to reflect the different treatment of digital commodities, securities, and other asset types. 

The concept that an asset’s regulatory status can change over time adds another layer of complexity. Compliance programs must be dynamic, capable of tracking when an asset may move into or out of a securities classification and updating controls in real time. 

The guidance also reinforces a coordinated approach between the SEC and CFTC, reducing ambiguity around jurisdiction. For firms, this means less guesswork but higher expectations. Regulators are signaling that clarity is now in place, and with it comes the expectation that firms can demonstrate consistent, well-documented oversight. 

The message is clear: digital assets are no longer operating in a regulatory gray area. For investors, this brings more transparency. For compliance teams, it raises the bar for how digital asset activity is monitored, controlled, and governed moving forward. 

How StarCompliance Can Help Navigate This New Reality 

This new guidance does not reduce compliance obligations. It requires firms to apply them with greater precision. As digital assets are classified differently and may change status over time, compliance programs must be flexible, dynamic, and able to apply the right controls to the right activity. 

StarCompliance (Star) is built to support this shift. 

The Star platform enables firms to apply a dual-track approach across core compliance functions, ensuring that digital securities are treated with full securities oversight, while digital commodities and other asset types are managed in line with firm policy and regulatory expectations. 

Key capabilities include: 

• Crypto Pre-Clearance – Gives firms the ability to apply differentiated workflows based on asset classification, with securities-based pre-clearance for digital securities and configurable policies for other digital assets. Workflows can adapt as assets are reclassified over time. 

• Restricted List Management – Organizations can monitor employee holdings against both traditional and digital securities using a unified data model. Lists update dynamically to reflect changes in asset status, helping firms maintain accurate and timely oversight. 

• Outside Business Activities and Gifts & Hospitality Disclosure – Firms can capture and assess outside business activities and gifts involving digital assets, including airdrops, NFTs, and staking rewards. Configurable workflows ensure the appropriate level of review based on the nature of the activity. 

• Surveillance and Supervision – Alerts and monitoring can be based on asset type, aligning digital securities with securities compliance frameworks while applying appropriate controls to other digital asset activity. This supports more targeted, risk-based supervision and aligns with evolving regulatory expectations. 

By integrating digital asset oversight into existing compliance infrastructure, Star helps firms move beyond fragmented or manual processes. The result is a more connected, scalable approach that supports consistent governance, stronger auditability, and clearer evidence of compliance as regulatory expectations continue to evolve. 

To learn more about Star’s Crypto Dealing & Tokenized Asset Compliance Solutions, click HERE to book a demo.