How the SEC Actually Regulates Crypto: A Walkthrough from Howey to the 2026 Interpretation

Most articles on SEC crypto regulation cover one slice. The Howey test in isolation, or a single enforcement case, or just the March 2026 Interpretation. Here is the connected story, with the mechanism behind each chapter.

The SEC regulates crypto by applying the Howey test, a 1946 Supreme Court framework for identifying investment contracts, and as of March 2026 it does so within a five-category taxonomy that the Commission and the CFTC published jointly to clarify which crypto assets are securities and which are not. Most explainers stop at one piece of that picture. Some define Howey and end there. Others summarize the March 2026 release without the eight years of enforcement history that produced it. A reader who wants to actually understand SEC crypto regulation needs the connected version. That is what this article aims to give you. We have written it from Blockready's perspective: an independent, education-first treatment with no exchange affiliations, no token endorsements, and primary sources cited throughout.

Some context before we go further. Cryptocurrency and digital asset rules are evolving, and what is true today in the United States may differ in the EU, the UK, or the UAE. The article focuses on the US federal framework, treats current rules as current rules rather than predictions, and cites primary sources where the wording matters. The post also assumes you have a working understanding of how a blockchain actually works; if not, that piece is worth reading first. None of this is legal or investment advice.

What "SEC crypto regulation" actually covers

The Securities and Exchange Commission was created by the Securities Exchange Act of 1934 to enforce federal securities law and protect investors. Its authority over crypto rests on a single doctrinal pillar. If a crypto asset, or more precisely a transaction in a crypto asset, qualifies as a "security" under the Securities Act of 1933 or the Exchange Act of 1934, the SEC has jurisdiction. If it does not, the SEC does not.

The wrinkle is that the statutory definition of "security" includes the open-ended term "investment contract." That term has no fixed list of what counts and what doesn't. Courts decide on a case-by-case basis using the Howey test. So SEC crypto regulation is, structurally, the application of a 1946 Supreme Court framework to assets that did not exist when the framework was written.

That definition matters because the answer to "is this a security?" controls almost everything downstream. If yes: registration with the SEC, periodic disclosures, broker-dealer rules for the platform that lists it, fiduciary obligations for advisors who recommend it. If no: the CFTC may regulate fraud and manipulation in the spot market, but most of the federal-securities apparatus does not apply. Two completely different regulatory worlds, hinging on one classification call.

The history of SEC crypto regulation is, to a large extent, the history of how the Commission has answered that question. The answer has changed. Twice.

The Howey test, applied to crypto

SEC v. W.J. Howey Co. was a 1946 case about citrus groves in Florida. The Howey Company sold land to investors and offered, as a separate service, to lease the land back and farm it on the buyer's behalf. Buyers had no farming expertise. They expected returns from the company's work. The Supreme Court ruled the arrangement was an "investment contract" within the meaning of the securities laws, even though the underlying instrument was a real-estate deed, not a stock certificate. Substance over form.

The court distilled the ruling into a four-prong test. An arrangement is an investment contract if, and only if, it involves all four:

That fourth prong is where most of the legal action lives. The Hinman speech in June 2018, named after the SEC's then-Director of Corporation Finance William Hinman, introduced the idea that an asset's status under the securities laws is not static. A token sold pre-launch by a centralized team might be a security at issuance. The same token, traded on secondary markets after the network has decentralized and the team's role has faded, might not be. Hinman used Ether and the Ethereum network as his example. Coverage of the speech treated this as official SEC policy, although the agency repeatedly clarified that it was the speaker's view, not a formal Commission ruling. The "sufficient decentralization" doctrine that emerged from it shaped enforcement decisions for the next seven years, despite never being codified.

So the test on paper is four prongs. The test in practice is mostly an argument over the fourth one, with the first three usually conceded. That is also where the 2026 Interpretation is most consequential.

From DAO to Atkins: the 2017 to 2026 enforcement arc

SEC crypto enforcement was not invented in 2021. It traces back to a single document released in July 2017, when the SEC's Division of Enforcement published an investigative report on a project called "The DAO." The DAO had raised the equivalent of about $150 million in Ether, then suffered a smart contract exploit that drained roughly a third of the funds. The SEC's report did not bring charges. It announced a doctrine: the tokens The DAO sold were investment contracts under Howey, which meant the federal securities laws applied to them. Every ICO that followed had been on notice ever since.

What came after that report was a decade of cases that tried to draw the boundary line. Some defendants settled. Some fought. Some won. The pattern of those wins and losses, plus a 2025 to 2026 administrative reset, produced the regulatory landscape that exists today.

One pattern is worth pausing on. The most aggressive enforcement years were 2022 to 2024, not the 2017 to 2019 ICO era. By the SEC's own published numbers, fiscal year 2025 saw the Commission obtain $17.9 billion in monetary relief, the highest annual figure on record. Most of that figure, however, came from a single 2009 case, the Stanford Ponzi scheme judgment, which contributed roughly $14.9 billion. Adjusted to exclude Stanford, FY2025 monetary relief totaled approximately $2.7 billion. The Commission's own framing of the prior administration's enforcement as a "rush to bring a significant number of cases in advance of the presidential inauguration" tells you how the new SEC reads the period from 2022 through January 2025.

Understanding this sequence is not academic. It is the difference between thinking SEC crypto policy is a stable rulebook and recognizing that what has happened in the last 18 months is the largest re-anchoring of US crypto policy since the DAO Report. That self-assessment is the bridge to what came next.

The March 2026 Interpretation, decoded

On March 17, 2026, the SEC and the Commodity Futures Trading Commission jointly issued a formal interpretive release titled "Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets." The release took effect on its publication in the Federal Register on March 23, 2026. It is the SEC's most comprehensive Commission-level statement on crypto to date. It expressly supersedes the 2019 Framework. It is binding on SEC and CFTC staff. It does not, however, override Howey, which is binding Supreme Court precedent. Courts can still disagree with the Commission's interpretation, although in practice they are likely to give it weight.

The Interpretation's central move is the taxonomy. It divides crypto assets into five categories based on how they function, what they do, and how they derive value. Only the last category is a security by default.

The 16 named digital commodities are worth listing because the Commission rarely names assets in writing. The Interpretation specifically identifies Aptos (APT), Avalanche (AVAX), Bitcoin (BTC), Bitcoin Cash (BCH), Cardano (ADA), Chainlink (LINK), Dogecoin (DOGE), Ether (ETH), Hedera (HBAR), Litecoin (LTC), Polkadot (DOT), Shiba Inu (SHIB), Solana (SOL), Stellar (XLM), Tezos (XTZ), and XRP. The selection is not random. The Interpretation explains that these tokens were chosen because each underlies a futures contract trading on a CFTC-regulated designated contract market, which itself implies the underlying token was treated as a commodity rather than a security. The list is explicitly non-exhaustive, and the Interpretation identifies two additional examples that do not have corresponding futures contracts.

The Interpretation does something the 2019 Framework did not. It explicitly addresses what happens when a non-security crypto asset is offered alongside an investment contract. The asset itself is not the security. The contract is. And contracts can end.

Four common crypto activities are addressed by name. Protocol mining (proof-of-work) is treated as administrative work in exchange for fees, not an investment in someone else's effort, and is not a securities transaction. Protocol staking, including self-staking, delegated staking, and custodial staking, is treated similarly. Wrapping a non-security crypto asset to create a redeemable wrapped token is not a securities transaction, because the wrapped token simply evidences ownership of the deposited asset. Airdrops where the recipient gives nothing of value also fail Howey's first prong and are not securities transactions. Airdrops where the recipient performs services or otherwise gives consideration are a different question.

Stablecoins are partly handled by the GENIUS Act, the federal stablecoin law signed in July 2025. Payment stablecoins issued by permitted issuers under the Act are not securities by statute. Stablecoins outside the Act's scope, or with features that approximate yield, are evaluated on their facts. The GENIUS Act sits beside this taxonomy as the operating rulebook for one slice of the stablecoin market. The Interpretation, in effect, says: for the rest of the stablecoin universe, here is how we will analyze it. Stablecoins are also distinct from central bank digital currencies, which sit in a separate regulatory bucket entirely.

One more thing. Both Chairman Atkins and the SEC's Crypto Task Force have signaled that the Interpretation is "the beginning, not the end." A safe harbor proposal called Regulation Crypto Assets is being developed. A "startup exemption" allowing time-limited registration relief, potentially up to four years and capped at around $5 million per raise, has been outlined publicly. These are previews, not law. But they suggest that the Interpretation is the foundation rather than the ceiling of the new framework.

SEC versus CFTC, and where the line gets drawn

The Interpretation is a joint document for a reason. The agency split has always been the structural fault line in US crypto regulation. The SEC handles securities. The CFTC handles commodities and derivatives. If a crypto asset is a security, the SEC's full disclosure-and-registration regime applies. If it is a commodity, the CFTC has anti-fraud authority over the spot market and full authority over derivatives, but the federal investor-protection apparatus largely does not apply.

The practical effect of the joint document is that the line is drawn more clearly than it has ever been. For 16 named assets, the answer is now in writing. For the rest of the broader crypto universe, which spans tens of thousands of tokens, the Howey analysis still has to be run on facts and circumstances, but the analytic posture has shifted: digital commodities are the default, and securities classification requires affirmative showing of investment-contract features.

Congress is still working in parallel. The CLARITY Act, currently moving through Congress, is the legislative version of what the Interpretation does administratively. If it passes, much of what the SEC and CFTC have written into interpretation could become statute, with explicit jurisdictional grants and a more permanent framework. The picture in the EU, UAE, or Singapore differs meaningfully from the US framework on multiple dimensions, which is worth knowing if you operate across jurisdictions; the crypto-friendly countries comparison covers that ground.

Where ETF approvals fit in the story

The contradiction is hard to miss. From 2021 through 2024, the SEC was suing Binance and Coinbase over the listing of tokens like SOL, ADA, and MATIC. On January 10, 2024, it approved 11 spot Bitcoin ETFs. In May 2024, it approved spot Ether ETFs. By 2025, ETFs for Solana and other assets had cleared as well. How can the same agency simultaneously sue an exchange for selling unregistered securities and approve an ETF holding those same kinds of assets?

The technical answer is that the ETFs hold the underlying commodity, not securities. Bitcoin's commodity status was settled, informally, by the CFTC in a 2015 enforcement order. Ether's status was the subject of the Hinman speech and was never formally challenged by the SEC after Hinman. Solana, XRP, and others lived in an ambiguous middle through 2024. The ETF approvals were not announcements that those assets are "not securities" in every transactional context. They were narrower decisions: a fund structured to hold the spot asset, with appropriate custody and surveillance arrangements, satisfies the listing rules.

The cleaner answer is that the contradiction was real, and the 2026 Interpretation resolved it. By naming 16 specific digital commodities, the Commission effectively endorsed the asset-class status the ETFs implied. The 2024 to 2025 ETF approvals and the 2026 Interpretation read as connected moves, not separate ones.

What this means for retail investors today

If you are a retail crypto holder, the 2026 Interpretation is mostly good news for clarity and mostly neutral on risk. The clarity part: holding BTC, ETH, SOL, XRP, ADA, or any of the other named digital commodities does not put you in a security, and trading them on a registered exchange does not put you in a securities transaction, in the normal case. The risk part: the SEC's narrowed scope does not change the underlying volatility, custody risk, scam risk, or counterparty risk that defines the asset class.

It is worth being explicit about the most common misreading.

That misreading is the most common pattern we see in learners coming in with prior crypto exposure. Someone reads "Bitcoin is not a security" and concludes that BTC is somehow a safer asset than a tokenized stock would be. The mechanism does not support that inference. Securities laws are designed to ensure disclosure, not to guarantee outcomes. A registered security can fail. A non-security crypto asset can succeed. The legal classification answers a different question than the one most newcomers are asking.

This is the kind of foundational distinction that benefits from structured treatment. Blockready's 13-module curriculum dedicates Module 13 to global regulatory approaches, the SEC and Howey, MiCA, and the legal implications of crypto assets across multiple lessons. The point is not to memorize the rules, which will keep changing. The point is to internalize the reasoning structure that lets you parse the next regulatory shift without starting from zero.

For day-to-day retail decisions, the practical filter is narrower than it looks. Three questions cover most situations. Is the platform you are using registered with someone (SEC broker-dealer, FinCEN MSB, state money-transmitter, foreign equivalent)? Does the asset you are holding fall into one of the named categories with a clear regulatory picture, or is it in the long tail where ambiguity remains? And do you control the keys, or does the platform? Each of those questions has a separate answer, and getting them mixed up is where the expensive mistakes happen.

What the 2026 Interpretation didn't settle

The Interpretation is the most consequential SEC crypto document in nearly a decade. It is also not a complete framework. The strength of the available evidence varies sharply by question, and the genuinely open issues do not all rest on the same kind of source.

First: tokens not on the named list. The Interpretation explicitly treats the 16 commodities as a non-exhaustive list. For any of the thousands of tokens outside it, the Howey analysis still applies, and the analysis is fact-specific. If a project pre-launches a token with a centralized founding team and active marketing about future appreciation, the result of that analysis is fairly predictable. The hard cases involve forks, governance tokens with thin economic claims, and assets that started clearly as securities but may have "graduated."

Second: the line between digital commodities and digital securities for new issuances. The Interpretation describes how a token "separates from" an investment contract once the issuer's representations and promises have been fulfilled. It does not draw a bright line for when that separation occurs. A reasonable person reading the document carefully will conclude that the answer is "case by case," which is intellectually honest but operationally awkward.

Third: enforcement against fraud, manipulation, and unregistered intermediaries. The Atkins-era Commission has not retreated from these. The dismissals to date have been concentrated in cases that argued specific tokens were unregistered securities. Cases involving classic securities fraud, market manipulation, or material misstatements have continued. Anyone reading "the SEC backed off crypto" as "anything goes" is reading it wrong.

Fourth: the next administration. Interpretive releases bind staff under the Commission that issued them. They do not bind future Commissions. A future Commission could revise or withdraw the Interpretation. Congressional action through the CLARITY Act or similar legislation is the only mechanism that would make the framework durable beyond an administration cycle.

That last point is worth keeping in mind as the rest of the framework rolls out. The Crypto Task Force has previewed Regulation Crypto Assets as a safe harbor and a startup exemption with a $5 million raise cap and a four-year window. Those are proposals, not rules. They could change. The CLARITY Act may pass. It may not. Whatever shape the framework takes by the end of 2026, the underlying analysis will still be: what are the economic substance and the relationships involved, and which regulator has authority over them?

Frequently Asked Questions