Crypto & Blockchain Company Setup & Structuring in USA

Setting up a crypto and blockchain company in the USA requires navigating a fragmented regulatory landscape that spans federal agencies, state-level licensing regimes and evolving case law. The core challenge is not incorporation itself - it is structuring the business so that its activities, token model and customer relationships do not trigger unregistered securities or money transmission violations. This article covers entity selection, federal and state regulatory frameworks, licensing obligations, compliance architecture and the most common structural mistakes made by international founders entering the US market.

The United States offers the world';s deepest capital markets, the largest retail and institutional investor base for digital assets, and a legal system that, despite its complexity, provides enforceable contract rights and predictable court outcomes. For a crypto or blockchain company, access to US investors, banking partners and institutional clients often depends on having a US legal presence with a credible compliance posture.

At the same time, the USA is one of the most legally demanding jurisdictions for digital asset businesses. The Securities and Exchange Commission (SEC) asserts jurisdiction over tokens that qualify as investment contracts under the Howey test, a four-part analysis derived from federal securities law. The Commodity Futures Trading Commission (CFTC) claims authority over digital commodities, including Bitcoin and Ether in their spot and derivatives forms. The Financial Crimes Enforcement Network (FinCEN), a bureau of the US Treasury, regulates money services businesses (MSBs) under the Bank Secrecy Act (BSA), 31 U.S.C. § 5311 et seq. Each of these agencies operates independently, and their jurisdictional boundaries overlap in ways that create genuine legal uncertainty.

For international founders, a common mistake is assuming that a non-US parent company can serve US customers without triggering US regulatory obligations. In practice, if a platform accepts US persons as users or investors, US law applies regardless of where the company is incorporated. Establishing a proper US entity and compliance program is not optional - it is the foundation of a defensible business.

The choice of entity is the first structural decision and has lasting consequences for taxation, investor relations, regulatory treatment and operational flexibility.

A Delaware C-Corporation (C-Corp) is the standard vehicle for venture-backed crypto and blockchain startups. Delaware corporate law is the most developed in the country, offering well-established precedents on fiduciary duties, shareholder rights and governance. Institutional investors, including venture capital funds and crypto-native funds, almost universally require a Delaware C-Corp as the investment target. The C-Corp structure also facilitates equity compensation plans, which are essential for attracting technical talent.

A Wyoming Limited Liability Company (LLC) has become a popular alternative, particularly for decentralized autonomous organization (DAO) structures. Wyoming enacted the DAO LLC statute (Wyoming Statutes § 17-31-101 et seq.), which allows a DAO to register as a legal entity, giving it the ability to enter contracts, hold assets and limit member liability. This is a significant development for blockchain-native projects that operate through on-chain governance.

A Delaware LLC is suitable for joint ventures, special purpose vehicles and projects where pass-through taxation is preferred. However, it is less attractive for institutional fundraising because most US venture funds cannot hold LLC interests without adverse tax consequences.

For international founders structuring a US entry, a common approach is a Delaware C-Corp as the US operating entity, with the parent company incorporated in a jurisdiction such as the Cayman Islands or Singapore. This structure separates the US regulatory perimeter from the global token or protocol operations. The US entity handles US-facing activities, employment and banking, while the offshore parent holds intellectual property and manages non-US token distribution.

A non-obvious risk in this structure is the application of the Internal Revenue Code (IRC) § 7874, the so-called "anti-inversion" rules. If a US company is formed and then reorganized under a foreign parent, and the former US shareholders own 60% or more of the new foreign parent, adverse US tax consequences follow. Founders should model the ownership structure before incorporating to avoid triggering these rules.

To receive a checklist for entity selection and structuring a crypto and blockchain company in the USA, send a request to info@vlolawfirm.com

Understanding which federal regulator has authority over a specific activity is the central legal question for any crypto and blockchain company in the USA. The answer depends on the nature of the token, the activity performed and the counterparties involved.

SEC jurisdiction and the securities analysis

The SEC applies the Howey test to determine whether a digital asset is a security. Under this test, derived from the Securities Act of 1933, 15 U.S.C. § 77a et seq., an instrument is a security if it involves an investment of money in a common enterprise with an expectation of profits derived from the efforts of others. Tokens sold in initial coin offerings (ICOs) or token generation events (TGEs) have frequently been found to satisfy this test, particularly where the issuer retains significant control over the protocol and buyers expect appreciation based on the issuer';s development work.

If a token is a security, the issuer must either register the offering under the Securities Act or qualify for an exemption. The most commonly used exemptions for crypto companies are Regulation D (private placements to accredited investors), Regulation S (offshore offerings to non-US persons) and Regulation A+ (mini-IPO for offerings up to USD 75 million). Each exemption carries specific conditions, including restrictions on resale, disclosure obligations and investor eligibility requirements.

Platforms that facilitate trading in security tokens must register as broker-dealers under the Securities Exchange Act of 1934, 15 U.S.C. § 78a et seq., or qualify for an exemption. Operating an unregistered securities exchange or acting as an unregistered broker-dealer exposes the company and its principals to civil enforcement and criminal liability.

CFTC jurisdiction over digital commodities

The CFTC has jurisdiction over commodity derivatives under the Commodity Exchange Act (CEA), 7 U.S.C. § 1 et seq. Bitcoin and Ether have been treated as commodities in CFTC enforcement actions and court decisions. Any platform offering futures, options, swaps or leveraged trading in these assets to US persons must register with the CFTC as a designated contract market (DCM), swap execution facility (SEF) or introducing broker, depending on the activity.

The CFTC also has anti-fraud and anti-manipulation authority over spot commodity markets, even without a derivatives component. This means that a spot Bitcoin exchange serving US customers is subject to CFTC enforcement for fraud, even if it does not offer derivatives.

FinCEN and the money services business registration

Any company that transmits value on behalf of customers - including crypto exchanges, wallet providers and payment processors - is a money services business (MSB) under the BSA. MSBs must register with FinCEN, implement an anti-money laundering (AML) program, file suspicious activity reports (SARs) and comply with the Travel Rule under 31 C.F.R. § 1010.410, which requires transmission of originator and beneficiary information for transfers above USD 3,000.

Failure to register as an MSB or to implement a compliant AML program is a federal criminal offense under 18 U.S.C. § 1960. In practice, FinCEN enforcement has resulted in substantial civil money penalties against crypto businesses that operated without registration or with inadequate AML controls.

A common mistake by international founders is treating FinCEN registration as a low-priority administrative step. In practice, it is a prerequisite for opening US bank accounts and establishing correspondent banking relationships. Without it, the business cannot function in the US financial system.

Federal registration with FinCEN does not preempt state money transmission licensing. Each US state has its own money transmission law, and a crypto company that transmits value to or from customers in a given state generally needs a money transmitter license (MTL) in that state.

As of the current regulatory landscape, 49 states plus the District of Columbia require money transmitter licenses for crypto businesses that qualify as money transmitters under state law. The requirements vary significantly by state. Some states, such as Wyoming, have enacted crypto-friendly frameworks that streamline licensing for digital asset businesses. Others, such as New York, impose the most demanding requirements in the country.

New York';s BitLicense, established under 23 NYCRR Part 200, is the most well-known state-specific crypto license. It applies to any company engaged in virtual currency business activity involving New York residents, including receiving, transmitting, exchanging or storing virtual currency. The application process is extensive, requiring detailed disclosure of the company';s business model, technology, AML program, cybersecurity policies, financial statements and key personnel. The New York Department of Financial Services (NYDFS) reviews applications carefully and has historically taken one to three years to process them, though processing times have improved in recent years.

The cost of obtaining a BitLicense is substantial. Application fees, legal preparation costs and the ongoing compliance infrastructure required to maintain the license mean that the total investment typically runs into the mid-to-high six figures in USD. For early-stage companies, this is a significant barrier. A practical alternative is to initially exclude New York residents from the platform and apply for the BitLicense once the business reaches a scale that justifies the cost.

For companies seeking a more streamlined path to multi-state operation, the Money Transmitter Regulators Association (MTRA) has developed a coordinated examination process that allows a company licensed in one state to seek expedited review in others. However, this process does not eliminate the need for individual state licenses - it only reduces duplication in the examination process.

A non-obvious risk is that the definition of "money transmission" varies by state. Some states define it broadly to include the issuance of stored value or the operation of a payment system, while others focus narrowly on the transmission of fiat currency. A blockchain company that issues a stablecoin or operates a payment channel may be a money transmitter in some states but not others, depending on the specific statutory language and regulatory guidance.

To receive a checklist for state-level licensing and BitLicense compliance for a crypto and blockchain company in the USA, send a request to info@vlolawfirm.com

The token model is the most legally consequential design decision for a blockchain company. Getting it wrong exposes the company to SEC enforcement, investor rescission claims and reputational damage that can be fatal to fundraising.

Utility tokens vs. security tokens

A utility token is designed to provide access to a product or service on a blockchain network. A security token represents an investment interest - equity, debt, revenue share or profit participation. In practice, the distinction is not always clear, and the SEC has taken the position that many tokens marketed as utility tokens are in fact securities because buyers purchase them with an expectation of profit based on the issuer';s efforts.

The SEC';s framework for analyzing digital assets, published in guidance under the Securities Act, identifies factors that indicate whether a token is more or less likely to be a security. These include the degree of decentralization of the network, the extent to which the token';s value depends on the issuer';s ongoing efforts, and whether buyers are motivated primarily by consumptive use or investment return.

For a token to have a credible argument as a non-security, the network should be functional at the time of sale, the token should have genuine utility that drives demand independent of speculative value, and the issuer should not be the primary driver of the token';s value. Achieving this level of decentralization at the time of a token sale is difficult for early-stage projects, which is why most US counsel advise against public token sales to US persons until the network is sufficiently decentralized.

Practical structuring approaches

Three approaches are commonly used by crypto companies to manage securities law risk in the USA.

The first is a Simple Agreement for Future Tokens (SAFT), a contractual instrument modeled on the Simple Agreement for Future Equity (SAFE) used in startup financing. A SAFT is sold to accredited investors under Regulation D as a security, with the understanding that it will convert into tokens once the network is functional. The tokens themselves, once delivered, are argued to be non-securities because the network is operational. This approach has been challenged by the SEC, which has argued that the tokens delivered under a SAFT can themselves be securities, but it remains in use with appropriate legal structuring.

The second approach is a Regulation D private placement of security tokens, with a Regulation S component for non-US investors. This approach accepts that the tokens are securities and structures the offering accordingly. It limits the US investor base to accredited investors and imposes resale restrictions, but it provides a clear regulatory framework and reduces enforcement risk.

The third approach is to delay any US token distribution until the network is sufficiently decentralized and the tokens have genuine utility, relying on Regulation S for the initial offshore distribution. This is the most conservative approach and is increasingly favored by projects that have the runway to build before monetizing in the US market.

A common mistake is structuring a token sale primarily around tax optimization without adequate attention to securities law. Founders sometimes incorporate in a low-tax jurisdiction and conduct a token sale offshore, assuming that US securities law does not apply. If US persons participate in the sale - even informally, through secondary market purchases - the SEC may assert jurisdiction, and the offshore structure provides no protection.

A crypto and blockchain company in the USA must build a compliance infrastructure that addresses AML, Know Your Customer (KYC), cybersecurity and data protection obligations from day one. Retrofitting compliance onto an existing platform is significantly more expensive and disruptive than building it in from the start.

AML and KYC program requirements

An MSB registered with FinCEN must implement a written AML program that includes internal policies and procedures, a designated compliance officer, ongoing employee training and independent testing. The program must be risk-based, meaning that the level of due diligence applied to a customer should reflect the risk that customer poses for money laundering or terrorist financing.

KYC procedures must verify the identity of customers at onboarding, using government-issued identification and, for higher-risk customers, enhanced due diligence measures. The BSA and its implementing regulations under 31 C.F.R. Part 1022 set out the minimum requirements. State money transmission laws add additional requirements in some jurisdictions.

The Travel Rule, as applied to crypto businesses under FinCEN guidance, requires that when a crypto company transmits virtual currency on behalf of a customer, it must transmit identifying information about the originator and beneficiary to the receiving institution if the transfer equals or exceeds USD 3,000. Implementing Travel Rule compliance requires technical integration with counterparty institutions, which is a significant operational challenge for smaller platforms.

Cybersecurity obligations

The NYDFS Cybersecurity Regulation (23 NYCRR Part 500) applies to entities holding a BitLicense and to other financial services companies regulated by NYDFS. It requires a written cybersecurity program, annual penetration testing, multi-factor authentication, encryption of nonpublic information and prompt notification of cybersecurity events. Even companies not subject to NYDFS regulation should treat this framework as a baseline, because it represents the standard of care that regulators and courts will apply in the event of a breach.

Ongoing reporting and governance

A Delaware C-Corp must maintain proper corporate governance, including a board of directors, annual meetings, proper documentation of major decisions and accurate financial records. For a crypto company with a token, the governance structure should also address how protocol upgrades are decided, how treasury assets are managed and how conflicts of interest between the company and token holders are handled.

The SEC';s reporting requirements apply to companies with registered securities. For companies that have conducted a Regulation D offering, Form D must be filed with the SEC within 15 days of the first sale. State blue sky filings may also be required, depending on the states in which investors are located.

We can help build a compliance architecture tailored to your crypto and blockchain business model in the USA. Contact info@vlolawfirm.com to discuss your specific situation.

What is the biggest regulatory risk for a crypto company entering the US market?

The most significant risk is conducting a token sale or operating a platform that the SEC classifies as an unregistered securities offering or unregistered securities exchange. This risk is not theoretical - the SEC has brought enforcement actions against numerous crypto companies, resulting in disgorgement of proceeds, civil penalties and, in some cases, criminal referrals. The key is to conduct a thorough securities law analysis of the token model before any US-facing activity begins, and to structure the offering and platform in a way that either avoids securities classification or complies with applicable registration or exemption requirements. Engaging US securities counsel before launch, not after, is the single most important risk-mitigation step.

How long does it take and what does it cost to get fully licensed for crypto operations in the USA?

The timeline and cost depend heavily on the scope of activities and the states targeted. FinCEN MSB registration can be completed within a few weeks and involves no application fee, but it requires a compliant AML program to be in place first. State money transmitter licenses take between three months and two years per state, depending on the state and the completeness of the application. Legal fees for a multi-state licensing program typically start from the low tens of thousands of USD per state and can reach significantly higher for complex applications. The New York BitLicense is the most expensive and time-consuming, with total costs often reaching the mid-to-high six figures when legal, compliance and application costs are combined. Companies should budget for ongoing compliance costs - compliance officer salaries, AML software, audit fees - which can run from the low hundreds of thousands of USD annually for a mid-sized platform.

Should a crypto startup incorporate in the USA or use an offshore structure with a US subsidiary?

The answer depends on the business model, the token structure and the investor base. A purely US-focused business with no token component is generally best served by a Delaware C-Corp from the outset. A business with a global token distribution, non-US investors and a decentralized protocol often benefits from an offshore parent - typically Cayman Islands or Singapore - with a US subsidiary handling US-facing activities. The offshore parent can hold the intellectual property, manage the token treasury and conduct non-US token sales under Regulation S, while the US subsidiary operates the US platform, employs US staff and holds US licenses. The critical point is that the structure must be designed before any fundraising or token sales begin, because restructuring after the fact is expensive, tax-inefficient and may trigger adverse regulatory consequences.

Crypto and blockchain company setup in the USA is a multi-layered legal exercise that requires simultaneous attention to entity structure, federal securities and commodities law, state money transmission licensing, AML compliance and token design. Each layer interacts with the others, and a decision made at the entity formation stage can constrain options at the licensing or token sale stage. International founders who treat US market entry as a straightforward incorporation exercise consistently underestimate the regulatory burden and the cost of correcting structural mistakes after the fact.

The US regulatory environment for digital assets continues to evolve, with new legislation, agency guidance and court decisions regularly reshaping the landscape. Building a defensible compliance posture from the outset - rather than reacting to enforcement - is both the legally sound and commercially rational approach.

Our law firm VLO Law Firms has experience supporting clients in the USA on crypto and blockchain structuring, licensing and compliance matters. We can assist with entity selection, token analysis, FinCEN registration, state licensing strategy and AML program development. To receive a consultation, contact: info@vlolawfirm.com

To receive a checklist for the full setup and licensing process for a crypto and blockchain company in the USA, send a request to info@vlolawfirm.com