As the digital asset market continues to mature, U.S. regulators have begun taking meaningful steps to establish more consistent, uniform and supportive regulatory frameworks specifically tailored for the crypto industry. Notable developments in this context include formation of the SEC Crypto Task Force, advancement of the Digital Asset Market Clarity Act (Clarity Act), and introduction of the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act).
Alongside these headline initiatives, a significant, albeit equally important, but less discussed, regulatory shift has emerged through recent updates to money transmitter laws, particularly changes to the definition of “control” when used in the context of custodial services. As this article will explain, the extent to which these changes broaden the definition of the term “control” in the realm of digital assets, could essentially result in wallet providers, including those utilizing Multi-Party Computation (MPC) technology, falling within the purview of prevailing money transmission laws. This article accordingly purports to examine the evolving U.S. legal regulatory landscape surrounding MPC wallets, with focus being placed on how new definitions and interpretations of the term “control” may severely impact their deemed regulatory classification and associated compliance obligations.
Multi-Party Computation is essentially a cryptographic technique that allows multiple parties to jointly compute a function over their private inputs, without revealing those inputs to one another. In the context of cryptocurrency wallets, MPC wallets leverage this technology to create a secure and collaborative key management system while avoiding a single point of failure.
Thus, instead of relying on a single private key, MPC wallets distribute key shares among multiple parties, who collectively perform cryptographic operations (such as key generation, transaction signing, and verification), without ever reconstructing the full key. This therefore eliminates the traditional single point of failure, enhancing both security and resilience. Since no individual holds the full private key (only shares), the risk of theft or loss is significantly lower. Each party can thus safely back up their key share without compromising the entire system.
Importantly, MPC wallets are mostly considered non-custodial, as even the wallet provider never possesses full control over the private key to execute a transaction. Only the user can initiate a transaction, after which the involved parties – the user and the wallet provider – can then run an MPC protocol to jointly sign it, without the risk of their individual key shares ever being exposed or compromised.
Money transmission in the United States is governed by a dual system of federal law and state-level licensing regimes.
Broadly speaking, any entity engaged in the business of transmitting currency, funds or “other value that substitutes for currency”, may be classified as a money transmitter. Such entities are typically required to register as Money Services Businesses (MSB) with the Financial Crimes Enforcement Network (FinCEN) – a bureau within the U.S. Department of the Treasury – and obtain state licenses, where applicable.
In a nutshell, FinCEN is responsible for, among other things, enforcing anti-money laundering (AML) regulations under the Bank Secrecy Act (BSA) of 1970. The BSA essentially requires financial institutions to maintain records and report certain transactions, all aimed at preventing financial crimes. The term “financial institution” includes MSBs, such as money transmitters. FinCEN also issues interpretive guidance and coordinates with law enforcement and regulatory bodies in order to enhance financial transparency.
At the state level, money transmission laws vary considerably. Each state independently defines what constitutes a “money transmission business” and sets its own licensing standards and supervisory mechanisms. Thus, even if a business complies with federal MSB registration policy, it must independently assess and meet the licensing requirements of every state in which it operates. Noncompliance may result in significant legal and financial ramifications, including enforcement action, fines or operational suspensions.
For MPC wallet providers, understanding and navigating this regulatory complexity is crucial. Given that the terms “money”, “money transmission”, “control” and “custody” are construed differently in the various jurisdictions, a MPC wallet provider may be deemed a money transmitter in one state but not in another. Ensuring compliance thus mitigates legal risk, safeguards operational continuity and reinforces credibility with regulators and users in an increasingly scrutinized digital asset ecosystem.
Under federal law, the term “money transmitter” is defined broadly by FinCEN as meaning any person who, as a business and as noted above, accepts and transmits currency, funds or “other value that substitutes for currency.” This definition, as clarified in FinCEN’s 2013 guidance, extends to virtual currencies. In 2019, FinCEN issued further interpretive guidance (the 2019 Guidance) outlining the criteria for determining whether an entity qualifies as a money transmitter and, concomitantly, would thus be deemed a MSB. The analysis is fact-specific and based on four core factors: (1) who owns the value; (2) where the value is stored; (3) whether the owner interacts directly with the payment system; and (4) whether the intermediary has total independent control over the value.
FinCEN also addressed wallet architectures, distinguishing between hosted (custodial) and unhosted (non-custodial) wallets, as well as between single-signature (“single-sig”) and multi-signature (“multi-sig”) setups.
Thus, according to FinCEN, Hosted wallet providers, who retain control of users’ private keys and initiate transactions on their behalf, are deemed to transmit value and therefore qualify as money transmitters. In contrast, unhosted wallets – where users retain sole control over their keys- are not regarded as falling within this category.
With regard to multi-sig wallets, FinCEN explained that while hosted multi-sig wallets would generally qualify as money transmitters due to their ability to unilaterally access or transmit value, unhosted multi-sig wallets may not, provided the wallet provider lacks total independent control over the value. According to the 2019 Guidance, an unhosted multi-sig wallet does not trigger money transmitter status if: (1) the value is owned and stored by the user; (2) the user initiates transactions using partial credentials; and (3) the co-signing party cannot unilaterally access or move the funds or value, as applicable.
Based on FinCEN’s said guidance, the decisive regulatory factor is whether the wallet provider has “total independent control” over the digital assets. i.e., the ability to access, move or manage the value without the user’s authorization. For MPC wallet providers, this interpretation is of particular relevance because their architecture blurs the traditional lines between custodial and non-custodial services.
Custodial wallets manage and store users’ private keys, meaning all transactions are executed solely by the wallet provider on the user’s behalf. Conversely, non-custodial wallets give users full control over their private keys, allowing them to execute transactions independently, without any involvement on the part of the wallet provider.
MPC wallets, on the other hand, operate differently: due to the nature of the technology, neither the user nor wallet provider holds the complete private key. As a consequence, only the user can initiate a transaction, but its execution and completion requires cooperation from the wallet provider as well. This symbiotic-control structure places MPC wallets in a grey area – somewhere between not being fully custodial or fully non-custodial – due to the wallet provider lacking unilateral access to user assets, but nonetheless still playing a crucial role in every transaction.
As noted above, in the United States, almost every state has its own money transmission licensing regime, each with distinct definitions (and their construal), compliance obligations and supervisory processes. This fragmented regulatory landscape thus creates a complex, costly and often unruly duplicative burden for businesses – fintech companies, crypto firms and wallet providers – seeking to operate across multiple states.
Recognizing the inadequacy of this fragmented system, the Conference of State Bank Supervisors (CSBS), a national organization of state financial regulators, spearheaded development and enactment of the Money Transmission Modernization Act (MTMA) between 2020 and 2021. The MTMA is designed as a uniform legal framework that states can voluntarily adopt, with flexibility to tailor certain provisions to accord with local priorities. Its purpose is to reduce regulatory fragmentation and compliance costs, while allowing state regulators to shift their focus from duplicative oversight towards risk analysis and consumer protection.
A key feature of the MTMA is Article XIII, which formally brings virtual currency activities within the purview of money transmission regulation. It addresses essential elements including the incorporation of uniform definitions, applicability, licensing conditions, disclosures, property rights and additional compliance requirements specifically directed to virtual asset businesses.
One of the most consequential changes introduced by the MTMA is its broadened construal of the expression “control of virtual currency,” which is defined there as “the power to execute unilaterally, or prevent indefinitely, a virtual currency transaction”. Unlike earlier FinCEN guidance, the MTMA adopts a broader interpretation of the term “control”. By applying this standard, simply having the ability to unilaterally block or authorize transactions may be sufficient to classify a wallet provider as a money transmitter.
This broader interpretation of the term “control” is already influencing how states regulate virtual currency activities. Several states have thus either adopted MTMA’s language directly or incorporated core principles into their own regulatory frameworks. California, for example, has integrated the MTMA’s definition of “control” into its Digital Financial Assets Law (DFAL), thereby establishing one of the most comprehensive crypto-regulatory regimes at the state level. Minnesota has formally enacted Article XIII of the MTMA, including its provisions on virtual currency control, while North Dakota has similarly embraced the MTMA’s approach in defining regulatory oversight.
Even states that have not formally adopted the MTMA appear to be moving in the same direction. Florida, for instance, defines the term “money transmitter” as including any intermediary with the ability to unilaterally initiate or indefinitely block a transaction. Rhode Island has also sought to bring virtual currency in line with its money transmission laws by explicitly applying the MTMA-style control test, treating wallet providers as regulated entities if they possess the power to execute or prevent transactions.
All these examples embody a meaningful regulatory shift. States are increasingly focusing on functional control – and not formal custody – when determining whether digital asset service providers are or could be construed as subject to money transmission laws. This perception and trend could significantly impact MPC wallet providers and other virtual currency businesses using similar technology.
Traditionally, MPC wallets have often fallen outside the scope of state money transmission regulations and licensing requirements, since control over private keys and transaction approval is ordinarily distributed among multiple parties with no single entity holding the full key. However, under the MTMA’s broader construal of the term “control” as outlined above, it seems that if an MPC wallet provider can unilaterally approve or block a virtual currency transaction without the user’s consent, it may now be deemed as having “control,” thus potentially subjecting it to the prevailing money transmission regulatory framework. This could undoubtedly increase compliance obligations and operational complexity for MPC providers, as they might be additionally burdened with the onus of having to obtain the required licensing, adhere to reporting requirements and comply with general consumer protection rules.
It therefore remains to be seen how many other states will adopt the MTMA and its broadened construal of the term “control” in so far as pertaining to virtual currency transactions, and also how states that have already adopted it into local law will interpret this standard in so far as pertaining to MPC wallets and similar technologies. As the regulatory framework continues to evolve and develop, it is essential that MPC wallet providers stay informed and display flexibility, to the extent necessary, to ensure due compliance with both the federal and state requirements so as to effectively navigate and overcome the shifting legal and complex regulatory landscape surrounding digital assets.
