top of page

Regulatory Roundup - March 2026: Crypto Coordination, AI Governance, and Rising Enforcement Risks

  • Writer: Steve Marshall
    Steve Marshall
  • 7 hours ago
  • 4 min read

Regulatory momentum has accelerated as policymakers moved quickly across digital assets, AI governance, sanctions enforcement, and compliance oversight. This month’s Regulatory Roundup highlights regulators focusing on clarifying crypto market structure, increasing scrutiny of AI systems, and strengthening accountability in compliance programs. Below, we break down the key developments and the impact on compliance teams and regulated organizations. 




US Digital Asset and Market Structure


SEC and CFTC Announce Joint “Project Crypto” 

The SEC and CFTC have announced a joint effort to better coordinate oversight of digital asset markets. The initiative aims to clarify regulatory roles, align definitions for digital assets, and support innovation while strengthening market oversight—potentially bringing greater certainty to the evolving crypto ecosystem. 


Senate Agriculture Committee Advances Market Structure Bill Out of Committee 

The Senate Agriculture Committee voted 12-11 to advance a digital asset market structure bill out of committee, marking a key step toward establishing clearer federal oversight of crypto markets. The proposal now must be reconciled with a separate framework being developed by the Senate Banking Committee before it can move to the full Senate for consideration. Lawmakers on both sides signaled continued negotiations to build broader bipartisan support for comprehensive digital asset regulation 


SEC Issues Tokenization Guidance   

The SEC released new guidance addressing the growing use of tokenized securities, clarifying that securities represented on blockchain networks remain subject to existing federal securities laws. The guidance is intended to help market participants understand compliance expectations as firms explore tokenizing traditional financial instruments and digital assets. 


States are Intensify Enforcement Against Unlicensed Cryptocurrency Businesses 

As federal regulators shift their focus away from licensing violations toward fraud and national security risks, state regulators are stepping up enforcement against unlicensed cryptocurrency businesses. Recent actions in states such as New York and California show a growing willingness to pursue civil penalties, retroactive enforcement, and even criminal charges for companies operating without required licenses—signaling rising compliance risks for digital asset firms operating across multiple jurisdictions. 


IMPACT: Consolidation and coordination at the federal level will lead to greater clarity, but mutli-state operations will need to closely monitor state licensing requirements to avoid enforcement actions at the state level. 


International Crypto Regulation


FCA Publishes Further Consultation on Applying FCA Handbook to Cryptoasset Activities 

The UK Financial Conduct Authority (FCA) has launched a consultation on how its existing Handbook rules will apply to regulated cryptoasset activities. The proposals would extend key frameworks—such as conduct standards, complaints handling, safeguarding rules, and the Senior Managers regime—to crypto firms, while also considering how the Consumer Duty should apply in the sector. The consultation is part of the FCA’s broader roadmap to establish a comprehensive UK crypto regulatory regime. 


IMPACT: On February 4, 2026, the Financial Services and Markets Act 2000 (crypto assets) Regulation 2026 brought crypto asset sunder the remit of the FCA. This results in crypto asset firms needing to comply with the FCA handbook, including those portions pertaining to financial crimes compliance. 


AI Governance & Financial Services Risk


AI Developers and Providers Increasingly Subject to Transparency Requirements 

Jurisdictions such as the EU, South Korea, and China have introduced AI transparency requirements moving the issue from one of ethics to one of compliance. As new AI regulatory frameworks take effect, legal and academic leaders say organizations should shift from experimentation to formal AI governance and accountability structures. Recommended steps include appointing executive-level oversight for AI, strengthening data governance, and coordinating across legal, security, and technology teams. 


FINRA Highlights Supervisory Risks and Use Cases for Agentic AI 

FINRA has is concerned about emerging supervisory risks tied to “agentic AI” systems. While firms are exploring these technologies for tasks like compliance monitoring and operational automation, regulators warn that autonomy, explainability, and data governance present significant oversight challenges. 


IMPACT: Organizations using AI must enhance documentation, model governance, testing, and auditability. Financial institutions, in particular, will need stronger supervisory controls to avoid compliance failures, enforcement actions, and customer‑harm risks. 


Compliance Program Governance & Monitoring


Deloitte: 68% of Companies Either Have No Direct Controls or Only Selective Controls 

Compliance monitoring bridges the gap between practical and sustainable by translating regulatory requirements into measurable actions, ensuring execution is consistent, traceable, and auditable. It is foundational to identify and mitigate risks and avoid enforcement or other penalty actions.  


Growth Can Hide Risk Until It’s Too Big to Contain: Advice from a CLO 

Fast-scaling organizations often mistake momentum for safety, and why small but persistent anomalies are usually the first signal that a crisis is already forming, according to Enrique Gonzalez, CLO at Rappi. 


IMPACT: It is evident that compliance programs and the governance of those programs must be embedded with the business, whether it is a new start-up or a mature company. Compliance controls are a necessary component of business growth and business strategy. 

 

Sanctions Enforcement & Disclosures


OFAC Launches Voluntary Self-Disclosure Portal 

OFAC’s new online Voluntary Self-Disclosure (VSD) Portal is designed to streamline how organizations report potential sanctions violations by allowing companies to submit disclosures more efficiently while improving transparency and communication throughout the review process. By moving submissions online, OFAC aims to provide faster acknowledgments and a more user-friendly reporting experience for institutions navigating sanctions compliance obligations. 


OFAC Settlement Agreement with IMG Academy 

OFAC announced a $1.72 million settlement with IMG Academy for apparent violations of counternarcotics sanctions. Over several years, the institution entered into contracts and processed payments linked to individuals on OFAC’s sanctions list tied to a Mexican drug trafficking organization.  

IMPACT: Organizations of all types must be aware of their OFAC obligations, and where necessary, start using the new self-disclosure portal sooner rather than later. 


Strengthening Compliance in a Changing Risk Landscape

As regulatory demands grow more complex and risk exposure continues to shift, FinScan’s Advisory Services deliver the strategic insight and hands-on support organizations need to stay ahead. From strengthening model governance and improving data integrity to managing sanctions and AI-related risks, our specialists help design more resilient, future-ready compliance programs — so you can operate with clarity and confidence 


bottom of page