Executive Briefing
Federal securities law receives most of the analytical attention in tokenization discussions, but state law creates equally consequential compliance obligations that practitioners routinely underestimate. The 50-state patchwork of money transmission licensing, Blue Sky securities regulation, and blockchain-specific statutes creates a compliance surface that varies dramatically by state. Issuers who manage federal compliance skillfully but ignore state requirements face enforcement exposure, injunctions on token sales, and investor rescission rights. This analysis maps the most consequential state-level regulatory considerations for US tokenized securities and digital asset businesses.
Money Transmission Licensing: The Hidden Compliance Layer
The most commonly overlooked state compliance requirement for digital asset businesses is the money transmission license (MTL). Every US state except Montana has enacted money transmission laws that require businesses transmitting money or monetary value on behalf of customers to obtain a state license.
The central question for blockchain businesses is whether token transfers constitute “money transmission” under state law. The answer varies by state:
States that clearly include virtual currency in MTL requirements: New York (explicitly via BitLicense), Washington, Connecticut, Georgia, and many others have either updated their MTL statutes to expressly include virtual currency or issued regulatory guidance confirming that virtual currency transmission requires an MTL.
States with statutory ambiguity: Many state MTL statutes define money transmission using terms like “monetary value” or “funds” that were written before virtual currency existed. Whether tokens constitute “monetary value” requiring MTL in these states depends on regulatory interpretation, and several states have issued conflicting or unclear guidance.
States with explicit exemptions: Wyoming has explicitly excluded virtual currency from its MTL requirements under certain conditions. Tennessee and a handful of others have created safe harbors for certain blockchain activities.
For security token issuers using Regulation D 506(c), the money transmission question is often avoidable: securities are excluded from money transmission regulation in most states. But token projects with any utility or currency component — even hybrid products — face MTL analysis in every state where they operate.
The practical solution for most digital asset businesses is the Money Services Business (MSB) registration with FinCEN at the federal level (a federal requirement for money services businesses) combined with a multi-state MTL portfolio. Building an MTL portfolio takes 12-24 months and costs $500,000-$2M+ in application fees, legal costs, surety bonds, and compliance infrastructure — a substantial barrier that explains why many digital asset companies avoid states with stringent MTL requirements.
Blue Sky Laws: Securities Registration at the State Level
“Blue Sky” laws — state securities registration requirements — predate the federal securities laws by a decade. The Investment Company Act of 1933 and 1934 Exchange Act were modeled in part on state Blue Sky laws, but state and federal regimes have coexisted ever since. For tokenized securities, Blue Sky compliance is the second major state regulatory burden.
The key federal preemption provisions that simplify Blue Sky compliance for most token offerings:
Regulation D 506(b) and 506(c) preempt state Blue Sky registration requirements for sales of securities that qualify as “covered securities” under the National Securities Markets Improvement Act (NSMIA). However, states retain the right to require notice filings (typically Form D or a state-specific form) and collect filing fees within specific deadlines. Failure to file required state notices can result in state enforcement exposure even though the federal exemption applies.
Regulation A+ Tier 2 preempts state Blue Sky for non-issuer dealer transactions — meaning the offering can be sold nationally without state registration. However, states retain anti-fraud jurisdiction and can investigate and prosecute fraudulent Reg A+ offerings.
Fully registered SEC offerings are covered securities and preempt most state regulation.
The danger zone for state Blue Sky compliance is Rule 504, Regulation A+ Tier 1, and Regulation CF — all of which do not fully preempt state registration requirements, making multi-state registration necessary for national distribution.
New York: America’s Most Complex State Regime
New York warrants separate analysis because it operates the most demanding and distinctive state regulatory framework for digital assets and securities in the United States.
The BitLicense. New York’s Virtual Currency Business Activity License (commonly “BitLicense”) requires any entity engaged in virtual currency business activity “involving New York or a New York resident” to obtain a NYDFS-issued license. The BitLicense covers buying, selling, exchanging, transmitting, storing, or issuing virtual currency for customers. With approximately 20 million residents, New York is a market that most digital asset businesses cannot easily ignore — but the BitLicense application process is so demanding (18-24 months, $500,000+ in compliance build-out) that many companies explicitly exclude New York residents from their products.
The Martin Act. New York’s Martin Act is the most expansive state securities fraud statute in the United States. The NYAG can bring civil and criminal actions for “fraudulent practices” in the offer and sale of securities to New York residents without proving scienter (intent to defraud) — a lower burden than federal securities fraud. The Martin Act has been used by successive NYAGs to investigate and prosecute cryptocurrency exchanges, NFT platforms, and token issuers. Federal securities law exemptions do not insulate issuers from Martin Act exposure.
Limited Purpose Trust Company Charter. As an alternative to the BitLicense, certain digital asset companies have pursued the New York Limited Purpose Trust Company charter — a bank-equivalent charter for trust and custody activities. Paxos, Coinbase (through a custody entity), and a few others hold LPTC charters. The LPTC provides broader authority than the BitLicense but requires meeting bank-level capital, examination, and compliance standards.
Blockchain-Friendly States: The Leaders
Wyoming remains the gold standard for blockchain-specific legal infrastructure, as analyzed in depth in a separate Vanderbilt Portfolio briefing. Its SPDI charter, DAO LLC statute, and comprehensive digital asset property law framework are the most complete state-level blockchain legal architecture in the United States.
Texas has developed one of the more favorable regulatory environments through a combination of explicit UCC recognition of digital assets, legislative clarification of virtual currency property rights, and a regulatory posture at the Texas Department of Banking that has been relatively receptive to digital asset businesses. Texas’s large population and financial services sector make it a significant state for digital asset companies that want to serve Texas residents.
Colorado enacted the Colorado Digital Token Act in 2019, creating a limited exemption from Colorado securities registration for certain utility tokens. The exemption requires the token to be fully functional (not a development-stage project), prevents promoter profit from the offering, and limits the offering to Colorado residents. While narrow, it provides useful clarity for utility token projects serving Colorado.
Tennessee passed the Tennessee Blockchain Basics Act in 2022, establishing explicit rights to run blockchain nodes and prohibiting state interference with digital asset mining or validation activities. Tennessee has also streamlined its MTL application process for digital asset businesses.
Nevada has enacted blockchain record-keeping legislation allowing companies to maintain corporate records and shares on distributed ledgers, creating legal clarity for Nevada-incorporated blockchain entities.
Utah created a regulatory sandbox under its Utah Digital Assets Act that allows digital asset businesses to test products in Utah without full regulatory compliance for an initial period — useful for product development but not a substitute for full compliance when scaling.
High-Difficulty States for Token Issuers
New York (detailed above): BitLicense requirement, Martin Act exposure, aggressive NYDFS examination.
Hawaii: Hawaii has historically required digital asset exchanges to maintain cash reserves equal to 100% of customer digital asset holdings — an economic model that is unworkable for most exchanges. Several major exchanges have chosen not to serve Hawaii residents. Hawaii has undertaken regulatory reform discussions but has been slow to change.
Connecticut: Connecticut’s MTL statute has been interpreted broadly to include virtual currency, and the state has brought enforcement actions against digital asset companies that failed to obtain MTLs before operating in the state. The state’s Department of Banking has been active in digital asset enforcement.
New Mexico: New Mexico’s MTL statute applies to virtual currency transmission, and the state has taken enforcement action against unlicensed digital asset businesses operating in the state.
California: California’s digital financial assets law (Digital Financial Assets Law, effective 2025) created a comprehensive licensing framework for digital asset businesses operating in California — similar in structure to the BitLicense but with California-specific requirements. California’s 40 million residents make it a market that cannot be excluded without significant revenue impact.
Exhibit: State Digital Asset Regulatory Framework Summary
| State | MTL Req. for Crypto | Blockchain-Specific Law | Regulatory Posture | Key Features |
|---|---|---|---|---|
| New York | BitLicense (specific) | Yes (BitLicense, LPTC) | Demanding | Martin Act exposure, ~50 licensees |
| Wyoming | Limited exemptions | Yes (comprehensive) | Favorable | SPDI, DAO LLC, digital asset property law |
| Texas | Yes (UCC updated) | Limited | Moderate-Favorable | UCC clarity, large market |
| California | Yes (DFAL 2025) | Yes (DFAL) | Moderate | 40M residents, new comprehensive framework |
| Colorado | Yes | Limited (Token Act) | Moderate | Utility token exemption |
| Hawaii | Yes + reserve req. | No | Restrictive | 100% reserve requirement (reform pending) |
| Tennessee | Limited | Yes (Blockchain Basics) | Favorable | Node operation rights protected |
| Nevada | Yes | Limited | Moderate | Blockchain record-keeping clarity |
| Connecticut | Yes (broad) | No | Moderate-Restrictive | Enforcement active |
| Florida | Yes | Limited | Moderate | Large market, no specific digital asset law |
Practical Compliance Strategy for Multi-State Token Offerings
For issuers using Regulation D 506(c) — the most common structure for US security token offerings — the practical state compliance strategy involves:
1. Federal preemption analysis. Confirm that the offering qualifies as a “covered security” under NSMIA, activating Blue Sky preemption for investor solicitation and sales. This eliminates state securities registration requirements but not notice filing or anti-fraud obligations.
2. State Form D notice filings. File state Form D equivalents (or state-specific forms) in each state where sales are made, within 15 days of first sale. Filing fees range from $100-$500 per state. Failure to file is a technical violation with enforcement exposure.
3. MTL analysis. If the token has any payment, stablecoin, or utility component — any feature beyond pure investment return — conduct MTL analysis in each target state. If MTL exposure exists, either obtain licenses (multi-year process) or restrict sales to states where MTL is not required.
4. New York decision. Decide early whether to include New York residents. If yes, begin BitLicense process immediately (18-24 month timeline). If no, implement geographic restriction and clearly document the restriction in offering documents.
5. Anti-fraud compliance in all states. Federal exemptions do not preempt state anti-fraud provisions. Every state retains the authority to investigate and prosecute fraudulent securities offerings, regardless of federal exemption status. Full disclosure, accurate representations, and compliance with anti-fraud standards are non-negotiable.
6. Ongoing notice filings. Many states require annual renewals or updates to Form D filings as the offering continues. Calendar management of ongoing state compliance obligations is essential to avoid technical violations during multi-year capital raise periods.
The 50-state compliance picture is manageable with appropriate legal counsel and compliance infrastructure. It is not manageable without them. Token issuers who treat state compliance as an afterthought discover the error when state regulators issue cease-and-desist orders — at which point the legal and reputational damage can be severe and the offering may be effectively terminated.