5 Key Regulatory Challenges Facing Web3 and Metaverse P2P Transactions (And How to Overcome Them)

June 13, 2022  |   By: Max Dilendorf, Esq.

You can also download this article in PDF format here.

The cryptocurrency industry is both nascent and ever-evolving. A broad spectrum of developments such as the DeFi boom, the NFT craze, and the more recent Play-to-Earn (P2E) revolution have contributed to market capitalization of digital assets swelling to nearly $1.9 trillion in April 2022.

As cryptocurrencies are gaining increased adoption among the global population, a growing number of institutional investors and businesses are joining the industry to reap its benefits. As a result, regulators all over the world are struggling to keep up with challenges facing the industry.

Specifically, Web3 and the Metaverse have triggered escalating regulatory concerns about crypto, DeFi, NFTs, and the rest of Web3. This creates a significant gap between how regulators and the public view Peer-to-Peer (P2P) transactions.

The gap then raises the question of what regulators will do about these issues and how they will create rules that allow businesses and users to engage in P2P transactions without violating federal and state laws.

In President Joe Biden’s March 9 Executive Order on digital assets, he identified areas of concern and instructed federal agencies to look more deeply into the cryptocurrency industry.

The crypto community praised the order as a critical step forward for digital assets and all of Web3; however, it remains uncertain whether authorities such as the SEC, DOJ, DHS, CTFC, and FinCEN even know what they are looking for.

In response to heightened uncertainties raised by financial institutions, law enforcement, and regulators concerning the treatment of crypto dealings, FinCEN issued the 2013 Guidance on the compliance obligations of virtual currencies under the federal Bank Secrecy Act (BSA).

The Guidance affirmed the existing regulatory framework governing virtual currencies in 2019 and advised of the threats associated with the misuse of cryptocurrency. Further, FinCEN divides participants engaged in virtual currency arrangements into three categories: users, exchangers, and administrators.

According to FinCEN, exchangers and administrators are subject to regulation and required to obtain a Money Service Businesses (MSB) license. However if classified as a user, the transactions are exempt from regulation.

Without any day trading limits on crypto transactions, it is extremely easy for anyone to inadvertently switch from an unregulated user, to an exchanger who falls within the federal purview.

This article summarizes five (5) key issues intertwined with the existing regulatory framework surrounding P2P cryptocurrency transactions. It discusses the possibility of creating a new payment system for Web3 where individuals may openly engage and transact with one another.

1. The Existing Regulatory Framework in the U.S. Applies Inconsistent Legal Treatments of P2P Crypto Transactions Between the Federal and State Levels.

Federal Regulation

Working under an existing regulatory structure that was not designed to account for products like cryptocurrencies, United States financial regulators have yielded inconsistent policies, resulting in a piecemeal regulation system.

Such a fragmented system leaves industry participants guessing how and to whom they report when transacting in cryptocurrencies. Even more alarming is that the regulators themselves have been left guessing how far their authority may extend.

The Financial Crimes Enforcement Network (FinCEN) has perhaps the strongest legal Guidance over cryptocurrency assets today.


 In the spring of 2013, FinCEN issued Guidance on the compliance obligations of virtual currencies under the federal Bank Secrecy Act (BSA).

The Guidance interprets FinCEN’s previously amended regulations governing money services businesses (MSBs) and attempts to clarify if and when a participant in a virtual currency scheme might be engaged in “money transmission.”

If classified as a money transmitter, Person to Person (P2P) exchanges are required to comply with the BSA obligations, including registering with FinCEN as an MSB, implementing a risk-based anti-money laundering (AML) compliance program, filing suspicious activity reports (SARs) and maintaining certain records.

2. Despite Fincen Guidance, it is Unclear at What Point an Entity Participating in A Virtual Currency Scheme Would Be Deemed to be Acting as A Business Subject to Regulation

The existing legal framework surrounding the industry fails to provide clear guidelines as to how individuals and businesses should engage in P2P transactions, especially where the cryptocurrency traders facilitating those transactions are unknown.

A. FinCEN Guidance Defining Participants Engaged in Virtual Currency Exchange

FinCEN’s Guidance addresses the requirement of certain participants in the virtual currency arena to register as MSBs. The Guidance defines three categories of participants: users, administrators, and exchangers.

i. Users

FinCEN characterizes a user as “a person that obtains virtual currency to purchase goods or services on the user’s own behalf.” Such activity, according to FinCEN, does not fit within the definition of the MSB.

FinCEN Guidance further clarifies that exchangers and administrators generally qualify as money transmitters under the BSA, while users do not.

ii. Administrators and Exchangers

FinCEN defines an administrator as “a person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency.”

Businesses that fall under FinCEN’s definition of an administrator or exchanger must register and meet BSA obligations, unless a limitation or exemption from the definition of money transmitter applies.

FinCEN defines an exchanger as a person or entity “engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency,” and states that an exchanger who (1) accepts and transmits a convertible virtual currency; or (2) buys or sells convertible virtual currency for any reason is a money transmitter under FinCEN’s regulations, unless a limitation or exemption applies.

A significant issue raised by FinCEN’s definitions of participants is that it does not seem to address any trading limitations.

For example, if someone is conducting thousands of crypto transactions per day, at what point do they switch from being a user to an exchanger subject to FinCEN regulation requirements?

Similarly, an individual that is day trading crypto would have a difficult time claiming to be conducting P2P transactions as a user and will more likely be considered an exchanger. Supposedly, this time of day trading activity is conducted as a business making money from the internet.

Another issue then arises when that individual would need to sell their crypto in order to make payments.

For example, at the point in time when the individual would need to sell their crypto to make payments, they would have to go to the bank to make a deposit. Then, a banker or compliance officer at the bank would ask what the source of my funds are. A day trader in P2P crypto transactions would have a difficult time identifying the source of funds because they do not know what/who that source could be.

This presents an additional layer of complications for P2P crypto traders who may be considered exchangers under FinCEN Guidance because if considered an exchanger, how do they cash out in a bank without an explanation as to the source of their funds?

This is an issue because while transacting as users they would not have completed any kind of KYC or AML checks; and, if they are considered exchangers, then technically they become a regulated MSB required to conduct those checks.

Given the gaps in FinCEN’s Guidance, new questions are constantly raised regarding at what point an entity participating in a virtual currency scheme would be deemed to be acting as a MSB. Until clarity is provided, it is challenging to advise P2P transactors as to when the obligation to register begins.

3. The Existing Framework Fails to Provide Clear Guidelines For Transacting Individuals, Which Puts Them at Heightened Risk of Inadvertent Criminal Activity

There are several instances where individuals – believing they are conducting P2P transactions in good faith – fail to meet the burdensome registration requirements set out by federal agencies.

For example, in 2019, Eric Powers operated as a P2P exchanger of convertible virtual currency when he conducted over 200 transactions involving the physical transfer of more than $10,000 in currency, yet failed to file a single CTR.[1]

Under FinCEN, Powers was considered a “money transmitter,” and required to comply with the BSA obligations that apply to MSBs, including registering with FinCEN; developing, implementing, and maintaining an effective AML program; filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs); and maintaining certain records.

FinCEN director, Kenneth A. Blanco stated that “obligations under the BSA apply to money transmitters regardless of their size” and that FinCEN “will take enforcement action based on what we have publicly stated since our March 2013 Guidance—that exchangers of convertible virtual currency, such as Mr. Powers, are money transmitters and must register as MSBs.”

While the purpose of such enforcement is aimed to protect the U.S. financial system and avoid national security risks, the current Guidance does not allow for an adequate cryptocurrency payment system.

i. Lack of Regulatory Framework Results in First Ever Digital Asset Insider Trading Case

On June 1, federal prosecutors announced the first-ever digital asset insider trading case, accusing a former NFT marketplace employee of using confidential information to purchase NFTs before they would be featured on the homepage and quickly increase in value.[2]

Nathanial Chastain, a former product engineer for the largest NFT marketplace, OpenSea, was arrested and charged with wire fraud and money laundering. The charges arose out of Chastain’s anonymous purchasing of about 45 NFTs shortly before they were featured on OpenSea’s homepage and selling them between two and five times their initial purchase value.[3]

The U.S. Attorney for the Southern District of New York stated “NFTs might be new, but this type of criminal scheme is not… today’s charges demonstrate the commitment of this Office to stamping out insider trading – whether it occurs on the stock market or the blockchain.”

At just 31 years old, Chastain is facing one count of wire fraud and one count of money laundering, amounting to a maximum sentence of 40 years. Such sentencing seems extreme when there is no concrete regulatory framework for crypto traders to adhere to.

Without clear definitions, rules, and policies surrounding crypto transactions, individuals who may inadvertently fall short of what little regulation exists will be charged to the same degree as those who intentionally use crypto for criminal activity.

Perhaps a first step for regulators to provide adequate definitions is to say that NFTs are securities and that securities regulations do apply to these products, including prohibitions on any kind of insider trading activities.

B. Other Federal Regulation Agencies’ Perspectives on P2P Transactions

US Department of Justice (DOJ)

 The Department of Justice published a cryptocurrency enforcement framework, which stated that:

[person] seeking to buy or sell cryptocurrency other than through registered or licensed exchanges and financial institutions frequently turn to networks of individuals commonly referred to as peer-to-peer (“P2P”) exchangers or traders.

As individuals who facilitate transfers of value for the public, including the buying and selling of cryptocurrency, P2P exchangers are considered MSBs [Money Service Businesses] and are subject to FinCEN record keeping and reporting requirements.”[4]

 US Department of Homeland Security

 Homeland Securities Investigations stated:

“Peer to Peer (P2P) exchangers of currency, including virtual currencies, are considered money transmitters under federal law and are required to register and comply with federal anti-money laundering regulations if they do substantial business in the U.S. Currency exchangers must also register with the government as a money services business.

HSI targets illicit P2P exchangers for money laundering and money services business violations…P2P investigations identify exchangers (both registered and unregistered) who have violated 18 U.S.C. § 1960.”[5]

In addition to these federal agencies claiming jurisdiction, a handful of state regulators and legislatures have begun efforts to institute their own regulation on the crypto markets. The various legal treatments of cryptocurrency have sparked much debate as to how to properly define crypto assets.

For the purposes of regulation, federal agencies have cast their net over a portion of the crypto market by defining cryptocurrencies as something within their purview: crypto is a security per the SEC, a commodity per the CFTC, currency per FinCEN, or property per the IRS.

State Regulation

In addition to federal regulators, P2P transactions in cryptocurrency face entirely different legal treatment under state regulation.

The disparities between the federal and state legal treatment of P2P transactions in cryptocurrency create a significant gap between how individuals and regulators view this type of transaction.

For instance, states like New Hampshire, Montana, and Wyoming have introduced laws to effectively exclude cryptocurrency transactions from state MTL laws, affording individuals more freedom to transact freely.

Conversely, Alabama, Connecticut, Georgia, North Carolina, Vermont, and Washington have all implemented burdensome compliance laws that explicitly require individuals to obtain a MTL in order to engage in P2P exchanges.[6]

A. Licensing Regimes – Introduction of the “BitLicense”

Notably, in 2014, New York became the first state to adopt a cryptocurrency licensing regime, referred to as the “BitLicense”, that applies to any “Virtual Currency Business Activity.”[7]

The extensive application procedure and broad inclusion of businesses subject to this regulation has, effectively, made it a regulatory failure – NYDFS has only approved 16 BitLicenses as of January 2019, despite the vast number of firms and exchanges to which the law applies to.[8]

In a recent Florida lawsuit, State v. Espinoza, state regulators have litigated with an individual who is charged with selling bitcoin for cash in transactions the state claims should be considered money transmissions.[9]

The facts demonstrate that Mr. Espinoza exchanged or attempted to exchange cash for Bitcoin on the street on four separate occasions. This conduct fell outside of the FinCEN definition of a user.

The Third District Court of Appeals in Florida held that these two-party transactions were sufficient to consider Mr. Espinoza a money transmitter.[10] The court denied that the definition of “money transmitter” covers only third-party transactions, based on the plain language of §560.103(23) of the Florida Code.[11]

On May 12, 2022, Florida’s MSB laws were amended to address “virtual currency” transactions.[12] The Bill sets forth that a MTL is only required for persons acting as intermediaries between two parties if the intermediary has the unilateral ability to execute or prevent a transaction. Persons involved in a P2P, bilateral transaction are not subject to licensing requirements.

Under the amended laws, FL no longer requires MSB licensing for persons acting as financial intermediaries in connection with virtual currency transactions.

B. No Licensing Requirements

While states such as New York  require MTLs for certain P2P transmissions of virtual currencies, other states do not have such requirements. Texas, for example, does not require MTLs for virtual currency transmissions because its Money Services Act does not view virtual currencies as being “money” or having “money value.”[13]

In Texas’s view, virtual currencies do not “entitle its owner to anything and creates no duties or obligations in a person who gives, sells, or transfers it. There is no entity that must honor the value of a cryptocurrency or exchange any given unit of a cryptocurrency for sovereign currency.”[14]

The bottom line is this: as a money transmitter, you must analyze the law of every state in which you do business to determine whether you need an MTL. Even if you are not required to obtain an MTL on a state-level, you will likely be required to obtain one at a federal level by establishing adequate AML/CFT controls.

These are but a few of the examples of the chaos currently pervading the state-level regulation of cryptocurrency. As of now, states have yet to succeed in enforcing their own rules upon crypto markets, despite their best efforts to do so.

4. Regulatory Authorities Attempt to Apply Traditional Legal Principals That Fail to Keep Up With Rapid Technological Developments Such As Web3 And The Metaverse

With the rise of Web3 comes Metaverses composed of technologies and business models including: virtual worlds, Blockchains and NFTs, games, virtual currencies, and user-generated content (UGC).

Many multi-billion dollar companies have announced their metaverse strategies. For example, Microsoft made acquisitions that “will provide building blocks for the metaverse.”

Major clothing brands launched NFTs as part of their digital wearables play in the metaverse. McDonald’s, Epic Games, and many others have all made significant strides towards metaverse integration or development.

Large multinational companies such as YouTube are actively hiring metaverse engineers. There are and will be many uses for the metaverse including for business, governments, social interaction, and entertainment.

A. Regulatory Concerns Brought by Web3

The operation of Web3 and the Metaverse raises a host of legal issues regarding governance, privacy, and virtual transactions.

The Metaverse uses cryptocurrencies and tokens, which may be subject to regulatory regimes such as the SEC – which is struggling to appropriately apply securities laws to cryptocurrencies and tokens.

One SEC commissioner recently stated that securities laws might apply to certain NFT projects, particularly “NFT projects that offer fractionalization or entitle the holder to a revenue stream.”

In addition to securities laws, P2P transactions that include the issuance, trading, exchange, lending and other activities concerning in-world currencies may trigger certain regulatory action – such as those concerning banking, money transmission and other financial activities.

To be viable as a place to live and conduct business transactions, the metaverse will need real-world controls to protect users from abuse, fraud and loss. Regulation of such a new technological development takes time to evolve; hence the lack of supervision over Web3 and the Metaverse.

The existing regulatory framework surrounding P2P cryptocurrency transactions has not convinced people that regulation of Web3 is inevitable or even feasible.[15] There are already more than 160 companies operating in the Metaverse, with many more certain to follow. In theory, any of these individual operators could exist indefinitely outside of a regulatory framework.

Despite the attempt to secure networks and protect users against financial fraud, the current regulatory framework contradicts the whole ethos of the Metaverse. If you can be anyone you want to be in a virtual world, you might not have to reveal your true identity, which is not necessarily compatible with regulation.

The longer society goes on without clear guidance and rules, the government’s ability to regulate blockchain and cryptocurrency markets responsibly will continue to grow weaker. The use of digital assets on Web3 or over the Metaverse poses a significant danger to both users and the greater national security, and regulators must determine methods to increase oversight of P2P transactions involving these apps.

5. President Biden’s Executive Order on Digital Assets Calls Upon Federal Agencies That Are Not Equipped to Navigate the Thorny Prosecution and Enforcement Issues Presented by Digital Asset Transactions

On March 9, President Joe Biden signed an executive order on government oversight of digital assets and cryptocurrency that urges the Federal Reserve to explore whether the central bank should jump in and create its own digital currency.

“While many activities involving digital assets are within the scope of existing domestic laws and regulations, an area where the United States has been a global leader, the growing development and adoption of digital assets and related innovations, as well as inconsistent controls to defend against certain key risks, necessitate an evolution and alignment of the United States Government approach to digital assets,”[16] according to the executive order.

The detailed, 13-page executive order lays out a national policy for digital assets across six key priorities: (1) consumer and investor protection; (2) financial stability; (3) illicit finance; (4) U.S. leadership in the global financial system and economic competitiveness; (5) financial inclusion; and (6) responsible innovation.

The order compels regulators to ensure sufficient oversight and safeguard against any financial risks posed by digital assets. Finally, it explores the idea of a U.S. Central Bank Digital Currency (CBDC) by placing urgency on research and development.

The order also attempts to strike a balance between encouraging innovation while addressing the need to regulate potential risks to consumers and the broader financial system; however, the President calls upon individuals who are not equipped to navigate the thorny prosecution and enforcement issues presented by digital asset transactions.

I. Where Do We Go from Here?

The modern legal treatment of cryptocurrency is in gridlock in identifying ways to resolve challenges pertaining to P2P transactions. As a result, little action has been taken to grapple with these complex regulatory issues.

Perhaps, a massive regulatory overhaul of the current piecemeal system is needed in the United States to adequately regulate cryptocurrencies. This might look something like federal agencies establishing consistent definitions of cryptocurrencies for a better payment system without leading individuals down a path of burdensome fines or criminal prosecution.

Or, on a smaller scale, the best possible “right now” solution may be rooted in the fundamental understanding of crypto-assets and P2P transactions. In which case, authorities are faced with a simple task: to educate themselves.

Next Steps

Today, regulatory agencies have begun drafting a plan to provide greater clarity on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible.

The plan begins on the staff level where agencies have identified a number of areas where additional public clarity is necessary:

  • Crypto-asset safekeeping and traditional custody services.
  • Ancillary custody services.
  • Facilitation of customer purchases and sales of crypto-assets.
  • Loans collateralized by crypto-assets.
  • Issuance and distribution of Stablecoins.
  • Activities involving the holding of crypto-assets on balance sheet.

The framework takes the same approach as proposed throughout this article: that is, for regulators to stay informed and adequately regulate P2P transactions.

The ongoing monitoring of crypto developments (Web3) will inevitably raise other issues as the market continues to evolve; and so, these regulatory agencies will need to stay vigilant in educating themselves and taking initiatives to collaborate with other relevant authorities who wish to address issues arising from P2P crypto transactions.

Special thanks to Laina Dowd (Suffolk University JD Candidate ’23) for her contribution to this article.


[1] https://www.fincen.gov/news/news-releases/fincen-penalizes-peer-peer-virtual-currency-exchanger-violations-anti-money

[2] https://www.justice.gov/usao-sdny/pr/former-employee-nft-marketplace-charged-first-ever-digital-asset-insider-trading-scheme

[3] See Nathanial Chastain Sealed Indictment, https://www.justice.gov/usao-sdny/press-release/file/1509701/download.

[4] See Cryptocurrency: An Enforcement Framework, Attorney General’s Cyber-Digital Task Force, (Oct. 8, 2020) (hereinafter “Enforcement Framework”)

[5] See The Cornerstone Report: “Safeguarding America Through Financial Investigations”, ICE Homeland Security Investigations, Volume XIII No. 2, (2017).

[6] Jennifer L. Moffitt, The Fifty U.S. States and Cryptocurrency Regulations, Coin ATM Radar (July 27, 2018), https://coinatmradar.com/blog/the-fifty-u-s-states-and-cryptocurrency-regulations.

[7] See N.Y. Comp. Codes R. & Regs. tit. 23. § 200.3(a) (2015). This system, administered by the New York Department of Financial Services (NYDFS), requires a non-refundable application fee of $5,000; consent to state examination; posting of a surety bond in an amount determined on a case-by-case basis; providing various disclosures and financial information; and establishing AML practices, cybersecurity policies, and business continuity and disaster recovery programs.

[8] BitLicenses are required of anyone engaging in the following: virtual currency transmission; storing, holding, or maintaining custody or control of virtual currency on behalf of others; buying and selling virtual currency as a customer business; performing exchange services as a customer business; or controlling, administering, or issuing a virtual currency. N.Y. Comp. Codes R. & Regs. tit. 23. § 200.2(q) (2015).

[9] See State v. Espinoza, 264 So. 3d 1055 (Fla. Dist. Ct. App. 2019).

[10] See Id.

[11] Fla. Stat. §560.103(23)

[12] Carl Fornaris et. al., Florida Gov. Signs Bill that Defines ‘Virtual Currency’ and Eases Licensing Restrictions on Certain Virtual Currency Transactions in the State, 12 Nat’l L. Rev. 157 (2022), https://www.natlawreview.com/article/florida-gov-signs-bill-defines-virtual-currency-and-eases-licensing-restrictions.

[13] See Tex. Fin. Code Ann. §151.301(b)(3).

[14] Memorandum from the Tex. Dep’t. of Banking to All Virtual Currency Cos. Operating or Desiring to Operate in Tex. (April 1, 2019).

[15] https://www.forbes.com/sites/martinboyd/2022/05/16/regulating-the-metaverse-can-we-govern-the-ungovernable/?sh=6e7ea6d81961

[16] “Executive Order on Ensuring Responsible Development of Digital Assets”, White House Briefing Room (March 9, 2022), whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets.

This article is provided for your convenience and does not constitute legal advice. The information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

Other Resources


Our Founding Partner


Max (Maksim) Dilendorf, Esq.

Max (Maksim) Dilendorf’s legal practice is laser-focused on digital assets and cyber-crime cases, a domain he has passionately pursued since 2017. Over the past 7 years, Max built a distinct digital asset law practice, dedicating tens of thousands of hours to managing diverse client cases, research and engaging ...

Learn More about Max (Maksim) Dilendorf, Esq.
Max (Maksim) Dilendorf, Esq.

Adam Pollock

Adam is one of the nation’s leading young whistleblower lawyers.  He brings with him a special ability not just to litigate, but to investigate – and understand – complex organizations and transactions.  His extensive familiarity with tech issues is built on a computer science degree and work as a ...

Learn More about Adam Pollock
Adam Pollock

Bari Zahn, Esq.

Bari Zahn has nearly 20 years of experience practicing at global law firms in New York. Bari has represented a broad array of multinational clients on U.S. and cross-border transactions. She has supervised legal teams worldwide and has extensive management experience as the Founder, former CEO and General ...

Learn More about Bari Zahn, Esq.
Bari Zahn, Esq.

Steve Cohen

Steve contributes extensive business and problem-solving experience to challenges that may require litigation – or may help avoid it.  Indeed, his perspective on litigation is influenced by his experience as a three-time internet start-up CEO.

Steve served on Ronald Reagan’s 1980 presidential campaign ...

Learn More about Steve Cohen
Steve Cohen

Robin Gerofsky Kaptzan, Esq.

A New York licensed attorney with three decades of legal and business experience in the U.S. and Asia, Robin recently joined the law firm as a partner and leads the Asia-Pacific practice.

While acting as an international business lawyer and global corporate general counsel, Robin is sought out by clients ...

Learn More about Robin Gerofsky Kaptzan, Esq.
Robin Gerofsky Kaptzan, Esq.

Craig S. Redler

Craig S. Redler has held positions with Amicorp in its offices in Auckland New Zealand and Miami Florida, and Southpac Trust International, Inc. with offices in the Cook Islands and Tauranga New Zealand. His responsibilities included serving as Trustee for off-shore trusts settled by high net-worth clients ...

Learn More about Craig S. Redler
Craig S. Redler