Congress seems on its way to passing the first piece of federal crypto-regulation, the Guiding and Establishing National Innovation for U.S. Stablecoins – or GENIUS – Act. The law would create a comprehensive regulatory framework for payment stablecoins, which are crypto tokens designed to maintain a stable peg to the value of a fiat currency like the U.S. dollar.  While such a framework is long overdue, the GENIUS Act has a significant flaw: It lacks a clear rule on its territorial scope.

Extraterritoriality in Crypto Regulation

Extraterritoriality under federal securities law has been a major question in crypto-litigation – and a nightmare to deal with. While the Supreme Court provided a seemingly clear rule for anti-fraud provisions in Morrison v. National Australia Bank^[1], later cases complicated things. For example, federal circuit courts are split on whether U.S. law excludes transactions that are “predominantly foreign,” as the Court of Appeals for the Second Circuit^[3] has ruled but courts in the First, Fourth and Ninth Circuit^[4] have rejected. It also remains unclear how Morrison applies beyond anti-fraud provisions or how it interacts with SEC rules like Regulation S or Rule 15a-6^[5].

In crypto, things are particularly messy. Some courts have given broad effect to U.S. law, finding a range of new contacts that constitute a “domestic transaction” under Morrison or a domestic offer under Section 5 of the Securities Act of 1933.^[6] This approach, however, remains far from coherent. Take for example the recent Court of Appeals decision in Williams v. Binance^[7]. Here, the court referred to both U.S. servers used by Binance for matching orders and to the fact that customers had “entered into the Terms of Use with Binance, placed their purchase orders, and sent payments from the United States.” The court justified departing from prior case law with the fact that Binance claimed not to have a home jurisdiction. In a recent district court decision from New York, however, Williams was applied to businesses that did have a home jurisdiction (just one where they were not regulated).^[8] In Texas, by contrast, a district court applied Williams to send claimants packing and refer them to the courts of Israel (where the defendants in question were, equally, not regulated).^[9] There is also controversy about whether the two points of contact in Williams trigger application of U.S. law individually.^[10] All the while, some courts have dismissed claims against foreign defendants even where U.S. investors have been heavily implicated.^[11]

Clearly, leaving courts to establish rules on the territorial scope of individual provisions is messy at best and fails to provide a solid foundation for regulation. This is not necessarily a criticism of the courts but a reflection of the limits of judge-made territorial doctrine. Things have been much simpler under state money-transmitter regulation or state crypto-regulation, where there is often a clearer rule on the territorial scope. The New York BitLicense, for example, is required for all “activities involving New York or a New York Resident” (23 CRR-NY I 200.2(q)).

The GENIUS Act

The GENIUS Act, however, fails to acknowledge what we have learned. Under Section 3, it prohibits unlicensed businesses to “issue a payment stablecoin in the United States.” The language seems to imply, as others have argued, that a simple flow-back of tokens into the United States is not sufficient. But there is no further guidance on when an issuance takes places “in the United States.” We will have to ask the courts, again.

There is a range of regulatory options Congress could choose from. Possible points of contact could focus on the issuer (headquarters in the U.S., a registered office in the U.S., a branch in the U.S.) or what the issuer  uses to conduct business (infrastructure, such as servers, in the U.S., employees in the U.S., relationships with other U.S. entities, such as banks). Contacts could also focus on how issuers interact with U.S. customers: Are they targeting those customers or at least serving them by, for example, allowing them to buy or redeem tokens? As for domestic exchanges, what are they in crypto; do unlicensed exchanges count, and when are they domestic?

Some of these contacts are more sensible than others. The infrastructure-contact, for example, though popular with U.S. courts, has little to do with what the GENIUS Act is trying to achieve. Yet, as others have argued, regulatory arbitrage, consumer risk, and systemic risk will proliferate where foreign issuers have practical market access without proper supervision. The largest issuer of a U.S, dollar-pegged stablecoin (Tether) is, after all, domiciled in El Salvador, not the United States. The act needs to reach some overseas issuers, but it requires careful balancing to still allow stablecoins to do what they do best: facilitate cross-border payments.

This kind of balance will require multiple territorial anchors. Covering entities headquartered in the United States makes sense, simply because enforcement and oversight work best in a domestic setting. Looking at overseas entities, the crucial question is whether U.S. customers should have any direct access to overseas issuers outside the scope of the GENIUS Act. If not, U.S. law could apply to all issuers either listing their tokens on any kind of exchange that serves U.S. customers or serving U.S. customers themselves by selling tokens to them or redeeming their tokens. In the former, more liberal scenario, U.S. law could apply to all issuers either listing their tokens on any kind of exchange that targets U.S. customers or targeting U.S. customers themselves. There is also a middle ground: Issuers serving but not targeting U.S. customers could be subject to reporting obligations only, until their U.S. activity reached a threshold that justified applying the full extent of U.S. law.

The question of access to overseas issuers intersects with the reciprocal market access under Section 15 of the GENIUS Act. If the United States implements many agreements in a short time, there is little harm in covering all relationships with U.S. customers. Realistically, however, agreements under Section 15 will be burdensome. EU stablecoin-regulation (under the Markets in Crypto-Assets Regulation), for example, does not provide for similar reciprocal access, making an EU-U.S. agreement impossible without legislative amendments. If Section 15 proves too burdensome in practice, overseas access, if there is to be one, can only be facilitated by loosening the territorial scope.

It is also worth noting that EU stablecoin regulation applies to all stablecoins pegged to EU currencies (Art. 48 para. 2 MiCAR). While this is, theoretically, also an option for the United States, it might upend international commerce in stablecoins far beyond the United States, as most stablecoins used internationally are pegged to the U.S. dollar.

In any case, the relevant points of contact should be explicitly listed in the GENIUS Act. Relying on a more traditional provision covering business conducted “directly or indirectly in the United States through any means or instrument of transportation or communication in the United States, or by persons in the United States” (as proposed by others) is not sufficient. Similar language has created the extraterritoriality problems in securities law.

The debate about territorial scope of crypto regulation is complex – but Congress needs to have it. To leave the task up to the courts again is, well, not so GENIUS.

ENDNOTES

[1] 561 U.S. 247 (2010).

[2] See SEC v. Scoville, 913 F.3d 1204 (10th Cir. 2019).

[3] Parkcentral Global HUB Ltd. v. Porsche Auto. Holdings SE, 763 F.3d 198 (2d Cir. 2014).

[4] SEC v. Morrone, 997 F.3d 52 (1st Cir. 2021); Stoyas v. Toshiba Corp., 896 F.3d 933 (9th Cir 2018); In re Volkswagen AG Securities Litigation, 661 F.Supp.3d 494 (E.D. Va. 2023).

[5] See e.g. SEC v. Benger, 934 F.Supp.2d 1008 (N.D. Ill. 2013), exempting broker-dealers executing trades on foreign exchanges from registration.

[6] See e.g. In Re Tezos Securities Lititgation, No. 17-cv-06779-RS, 2018 WL 4293341 (N.D. Cal. Aug. 7, 2018); SEC v. Ripple Labs, Inc., No. 20 Civ. 10832 (AT) (SN), 2022 US Dist. LEXIS 43497 (S.D.N.Y. Mar. 11, 2022); SEC v. Balina, No. 1:22-CV-00950-DAE, 2024 WL 2332965 (W.D. Tex. May 22, 2024); Hardin v. TRON Foundation et al., No. 1:20-cv-02804-VSB, 2024 WL 4555629 (S.D.N.Y. Oct. 23, 2024); Lee v. HDR Global Trading et al., No. 1:20-cv-03232-ALC (S.D.N.Y. April 3, 2024).

[7] 96 F.4th 129 (2d Cir. 2024), cert. denied, Binance v. Anderson, No. 24-336 (Jan 13, 2025).

[8] Lee v. HDR Global Trading et al., Case No. 1:20-cv-03232-ALC (S.D.N.Y. April 3, 2024).

[9] Basic v. BProtocol Foundation et al., No. 1:23-CV-533-RP, 2024 WL 4113024 (W.D. Tex. Sep. 6, 2024).

[10] See SEC v. Schueler et al., No. 1:23-cv-05749-CBA-PK (E.D.N.Y. Feb. 28, 2025).

[11] Holsworth v. BProtocol Foundation et al., No. 20 Civ. 2810 (AKH), 2021 WL 706549 (S.D.N.Y. Feb. 22, 2021); SEC v. Schueler et al., No. 1:23-cv-05749-CBA-PK (E.D.N.Y. Feb. 28, 2025). Note also Barron v. Helbiz, Inc. et al., No. 20 Civ. 04703 (LLS), 2023 WL 5672640 (S.D.N.Y. Aug. 28, 2023), in which the court would also have done so had the defendant been a foreign business.

This post comes to us from Benedikt Bartylla, a research associate and PhD candidate at the Institute for the Law and Regulation of Digitization (IRDi), Philipps-University Marburg, Germany. This post is based on research conducted as a visiting researcher at the University of Pennsylvania’s Carey Law School.