A dozen people sat around a conference table in New York. SEC staff, early-stage founders and operators. No press. No speeches. Just one overarching question: how do you regulate a system built to resist regulation?

I was there.

After years of enforcement-by-litigation, the SEC is now engaging. They invited founders too early to afford lobbyists, companies innovating while navigating legal gray zones. If you only talk to players big enough to survive regulatory uncertainty, you miss what’s actually being built.

No policy came out of the meeting. Just questions that kept revealing the same challenge: crypto’s design principles conflict with the assumptions underlying financial regulation. That’s not a problem you solve with clearer definitions. It requires rethinking what regulation looks like.

‍

The Reputation Problem

Someone noted that people working in crypto won’t put it on their dating profiles. They write “fintech” instead.

The room laughed. But it reflected a deeper point. Crypto has a reputation problem, and everyone in the room knew it would affect every discussion that followed.

Here were the questions on the table.

1. SHARED STANDARDS

Stablecoins, tokenized bonds, and crypto assets use the same blockchain rails. Regulators treat them like different species.

Should universal safety standards apply regardless of classification?

Cybersecurity already solved a similar problem. Traditional physical security wasn’t enough, so the industry developed shared frameworks. The NIST framework - Identify, Protect, Detect, Respond, Recover - works across all systems regardless of what you’re securing.

Could that approach work here?

Instead of debating what each token is, agree on baseline protections. Identify risks. Protect through custody standards. Detect threats. Respond to incidents. Recover from failures. Apply them universally, then layer specific rules by asset type.

Views split on who would set these standards and how they’d be enforced. But the point held: classification debates shouldn’t block basic safety measures.

The real question isn’t what to call things. It’s what protections should exist regardless.

2. SECURITIES LAWS AND TOKENS

Are all tokens securities? Should tokens that are sufficiently decentralized still be treated as securities? Can something graduate from being a security to not being a security over time?

If a project starts with founders controlling everything but gradually distributes governance and eliminates information asymmetry, does it stop being a security? Who decides? What’s the test?

Then someone cut through the theoretical debate with a practical question: even if definitions were clarified, would anyone actually want to register as a security?

Right now “utility token” often means regulatory arbitrage, avoiding SEC jurisdiction entirely. Everyone in the room knew this.

One view: clear rules drive compliance. The pushback: securities registration is expensive and restrictive. The costs and ongoing obligations weren’t designed for small teams launching with limited capital.

If the definition of what constitutes a security changed, would that make registration more attractive?

The conversation kept returning to this tension. Issuers want flexibility to build and adapt quickly. Investors need protection from fraud. Regulators need the authority to enforce rules. Those goals don’t naturally align.

You can clarify definitions all day. If compliance means giving up control and speed, people will engineer around it.

3. CENTRALIZED VS. DECENTRALIZED VENUES

Centralized exchanges can enforce rules and prevent manipulation. They also charge listing fees, often hundreds of thousands of dollars or sometimes 5-10% of a token’s total supply.

Decentralized venues spread across dozens of chains. No central authority. No KYC. Nearly impossible to oversee.

The tradeoff is fundamental: enforcement requires chokepoints. Chokepoints enable extraction.

Regulating frontends was raised, the interfaces users access to interact with decentralized venues. Pushback came quickly. Frontends are easily replaced or circumvented, and making user interfaces the enforcement layer sets problematic precedent.

Someone pointed out that liquidity naturally attracts more liquidity. Network effects concentrate activity over time. If you engage with the largest platforms, you reach the majority of activity without having to regulate every possible access point.

The question: in markets designed to resist oversight, where does regulation actually have leverage?

4. RETAIL PROTECTION

When retail access came up, heads nodded around the table.

Current rules bar Americans from most crypto investments unless they’re already wealthy. Accredited investor status requires $200,000 income or $1 million net worth.

Someone framed it bluntly: “We trust people with hundreds of thousands in mortgage debt and six-figure student loans. But won’t let them invest $100 in a token.”

Some of the greatest wealth-building investments of the past 25 years, venture capital, private markets, early-stage companies, are reserved for people already rich. The accredited investor framework doesn’t just assume incompetence; it blocks social mobility.

The practical result? Retail investors turn on a VPN and go offshore to exchanges with less oversight and fewer protections. The rules meant to protect them create greater danger.

America was founded on people taking charge of their own safety, security, and ownership. The regulatory approach has swung toward paternalism. The conversation explored whether returning closer to those roots makes sense, not abandoning protection, but trusting informed consent over blanket prohibition.

We built a system to protect retail investors. Instead, we pushed them to places with no protection at all.

5. INFRASTRUCTURE & TRUST

Two connected problems: can you trust what you see, and who gets to see it?

Data Quality: If blockchain data isn’t accurate and verifiable, nothing built on it can be trusted. Right now participants choose between incomplete datasets, anonymous contributors, or dashboards with no methodology. Trillions trade on DEXs with price divergences of 2-3%, sometimes 50%+.

Traditional markets have verified data feeds. Crypto has competing unverifiable sources. Institutions can’t deploy capital into markets they can’t audit. Regulators can’t oversee what they can’t measure.

Privacy: New technologies like zero-knowledge proofs and fully homomorphic encryption are deployed now. They enable building applications on top of private information on encrypted data without exposing the underlying data.

But when law enforcement needs access, what happens?

Both reveal the same tension: markets need transparency to function, privacy needs opacity to exist. Building systems that satisfy both requires rethinking regulatory oversight.

6. BEARER ASSETS

One stat framed the problem: less than 5% of stolen crypto gets recovered.

Traditional finance assumes reversibility. Chargebacks. Clawbacks. Freezes. Insurance funds that make investors whole.

Crypto’s bearer asset nature breaks all of that. Transactions can’t be reversed or seized. That’s the point. But it creates a protection problem traditional tools weren’t designed for.

Prevention becomes everything. You can’t fix it after the fact.

Traditional insurance models, like SIPC for broker-dealers, FDIC for banks, don’t work for catastrophic losses where everything can be lost at once. The scale of potential crypto losses overwhelms these mechanisms.

This requires fundamentally different thinking. Not “how do we make investors whole after fraud?” but “how do we prevent fraud entirely?”

Traditional finance operates on “we can fix it later.” Crypto doesn’t allow that luxury.

That changes what protection means.

‍

Conclusion

Two hours of questions. No easy answers. But a pattern emerged.

Crypto’s core design choices - decentralization, immutability, privacy - collide head-on with assumptions that underpin modern financial regulation: intermediaries to police, transactions that can be reversed, surveillance to enforce rules. Those assumptions break when the system is borderless and trustless by design.

That’s why this conversation mattered. Not because it produced policy, but because it forced recognition of how deep the mismatch runs. Early-stage builders offered regulators something enforcement actions and public hearings can’t: unfiltered insight into where today’s rules break.

You can’t effectively regulate crypto by tweaking securities laws written for centralized issuers or by stretching 1930s securities law around blockchains. You need different frameworks. The SEC is starting to understand that. This roundtable was evidence.

For years the SEC filed lawsuits. Today they’re asking questions. That difference matters.