Veronica McGregor, CLO at Exodus and former CLO at ShapeShift, has spent two decades on the legal frontlines of crypto so with Cryptonomist we decided to interview her to talk about how stablecoin regulation could limit how users hold and move their own crypto, the behind-the-scenes changes public crypto firms are making to prepare for more TradFi-style rules and why Wall Street’s push into crypto custody may create legal conflicts with decentralized wallet models.
You’ve warned that stablecoin regulation could limit how users hold and move their crypto. Can you explain how these policies could directly impact non-custodial wallet users?
Stablecoin regulations that are too overbroad and target the transmission of value rather than just issuance, risk pulling non-custodial wallet users into a compliance framework that was never designed for them. For instance, classifying wallet providers as “money transmitters” or “financial institutions” would open the floodgates to effectively limiting self-custody. We have worked to make sure this is not the case with both the GENIUS Act and STABLE Act. It continues to be an ongoing priority with market structure as well.
Some proposals suggest requiring KYC on stablecoin transfers — even peer-to-peer. Do you see this as feasible from a legal standpoint, and what precedent might it set for broader crypto use?
Requiring KYC on peer-to-peer stablecoin transfers isn’t just infeasible, it would redefine what it means to “hold” your own assets. Legally, we don’t ask someone to check ID before handing a friend $20. Pushing that burden onto individuals sets a dangerous (and impractical) precedent where individuals using their own digital assets are regulated as financial institutions.
Having worked with both Exodus and ShapeShift, how have you seen compliance strategies evolve as public scrutiny of crypto firms has intensified?
At both Exodus and ShapeShift, I’ve seen firsthand how compliance has matured and not just in meeting regulations but in anticipating them. As scrutiny increased, so did the need to formalize legal functions, add structured governance, and build infrastructure to protect user rights and company integrity, without ceding to centralization. At Exodus, we actively engage with legislators and regulators to ensure protection of self custody, a core principle of crypto, which serves as a crucial element for consumer protection. We’ve seen bad actors in the crypto space before, and these incidents only highlight the importance of retaining control over your own digital assets.
Are there internal shifts happening at public crypto companies — like governance, audits, or disclosures — that the public doesn’t see, but that are driven by looming TradFi-style rules?
Definitely. There are internal shifts happening that most users never see. From board-level governance to financial audits and proactive disclosure practices, public crypto companies are preparing for a world where crypto may be regulated more like traditional finance, even if we don’t fully agree with that direction.
How do you advise companies to balance innovation with the increasing pressure to “act like banks” in their legal structures and reporting?
I advise companies to stay true to crypto’s core of transparency, user empowerment, and decentralization, while also recognizing that responsible innovation often means building in public. You don’t have to “act like a bank,” but you do have to show regulators that you aren’t hiding behind the tech. Given the public nature of the blockchain, our industry is inherently more transparent than traditional finance and our regulations should be appropriately tailored to address the different types of risks that may exist within crypto as compared to banking.
Wall Street institutions are entering the crypto custody space aggressively. What kinds of legal conflicts do you foresee between these custodial models and decentralized wallets like Exodus?
As TradFi enters crypto custody, the legal divide between custodial and self-custodial models – the latter referring to personal self-custody – is going to sharpen. The conflicts will arise around liability, disclosure, and control. Self-custody doesn’t come with third-party risk, and that’s a legal distinction that policymakers and regulators will need to account for. I was fortunate to participate in the SEC’s crypto roundtable to discuss custody, and I emphasized the need to 1) distinguish internal institutional custody from self-custody, and 2) preserve optionality so that individuals are not forced to rely on institutions who internally custody assets. This will continue to be an important message moving forward.
Do you think regulators truly understand the difference between self-custody and third-party custody — or are they writing rules that effectively ignore that distinction?
We’re seeing positive momentum. While some legacy frameworks don’t yet reflect the nuances of self-custody, there’s been a shift in awareness over the past few months. Regulators are starting to engage more directly with the technology and understand the importance of distinguishing between platforms that hold, or control, user funds and tools that empower users to hold their own keys. There’s still work to do, but the conversations are happening, and that’s a big step forward from where we were even a year ago. The recent draft of the CLARITY Act also explicitly preserves the right to self-custody, which we believe would prevent regulators from impeding individuals’ ability to have self-hosted wallets now and in the future.
Could we see a future where retail users are legally pushed away from self-custody in favor of institutionally controlled environments? What would that mean for crypto’s founding ethos?
We were encouraged to see President Trump’s executive order express the need to protect self-custody, and we are also seeing the proposed CLARITY Act codify that executive order. Nevertheless, that concern has been part of the conversation, but we’re also seeing increased recognition, even from traditional financial players, of the value that self-custody brings. The goal isn’t to shut down innovation; it’s to make sure it operates in a way that protects user options. The challenge is making sure rules don’t unintentionally exclude individuals from managing their own assets. But I’m optimistic that with continued education and dialogue, we can strike a balance that upholds crypto’s foundational values and addresses regulatory goals.
From your perspective on the legal frontlines, what’s the biggest regulatory blind spot when it comes to crypto that lawmakers still aren’t addressing?
Aside from the SEC-CFTC jurisdictional line on defining what constitutes a ‘security,’ one area that still needs more attention is how we define control. There’s a tendency to treat all crypto services as custodial by default, when in fact, the models vary widely. That said, we’re seeing growing curiosity from policymakers who want to understand the differences between wallets and exchanges, between protocols and platforms. It’s a complex landscape, but the genuine interest in getting it right is there. I think we’re moving toward a more thoughtful, collaborative regulatory approach, and that’s an encouraging sign for the space. The difficult part is helping write legislation that anticipates the next stage of development in blockchain. We need laws that stand the test of time and we are proud to be helping as an active voice in DC to ensure that’s the case.
What advice would you give to legal teams at startups entering the crypto space now, especially in light of the rapidly tightening global regulatory environment?
My advice would be to build your legal strategy early, and bake it into the product roadmap. The entire company needs to work as a team and not develop products in a vacuum. That is, legal and compliance need to be involved early on to avoid delays down the road. Regulation is coming, but that doesn’t mean you have to compromise your mission. Focus on user protections, be transparent about your operations, and engage in education and discussion with policymakers before they write rules that are not fit for purpose.
