Building a Web3 / crypto business

US: SEC has continued to treat most tokens as unregistered securities under Howey. Court losses have softened the enforcement edge, but the principle remains. CFTC handles commodities (BTC, ETH treated as commodities). Bitlicense in NY adds state-level friction. The pattern: build in the US, but raise into a Cayman / BVI foundation that issues the token.

EU (MiCA): in force as of 2024-2025. Issuers of "asset-referenced tokens" and "e-money tokens" need authorisation in a member state; "utility tokens" have a whitepaper-publication regime. Stablecoin issuers carry the heaviest burden. The benefit: regulatory clarity across 27 member states once you have a single CASP (Crypto-Asset Service Provider) license.

UK (FCA): cryptoasset financial promotions regime + Money Laundering Regulations registration. FCA registration is slow (12-18 months) and roughly 1 in 7 applications succeed.

Singapore (MAS) and Hong Kong (SFC): licensing regimes that have become destinations for crypto founders post-FTX. Substance requirements (real local employees, real office) are non-trivial.

The structural pattern most Web3 startups use: US development entity (employs engineers, holds equity) + offshore foundation (issues the token, holds the treasury, governs the protocol). The foundation typically sits in Cayman, BVI, or the Marshall Islands. This is not tax evasion; it's the standard for token issuance because most major jurisdictions still don't have a clean issuer regime.

Get specialist crypto counsel in every jurisdiction you'll touch. Generalist startup lawyers will get you in trouble.

Three decision branches:

No token (software business with crypto rails): treat as standard SaaS. The product happens to integrate with blockchain (custody, payments, on-chain analytics) but no token issuance. No regulatory token risk. Examples: Coinbase Custody, Fireblocks, Chainalysis. This is the safe path.

Equity-only (token disclaimed): raise traditional priced rounds + SAFEs. Investors get common/preferred shares. No token until / unless one is issued later (with separate authorisation from the board + investors). Most US-based DeFi tooling startups have followed this.

Token + equity (dual structure): investors receive equity in the DevCo AND a future allocation of tokens (SAFT / token warrant). The equity captures business-model upside; the tokens capture protocol upside. This is the structure most VC-backed Web3 startups use post-2018.

The token allocation typically follows: 15-25% to investors, 15-25% to team (with multi-year vesting + cliffs identical to equity vesting), 30-50% to ecosystem / treasury, balance to liquidity / market makers. Get it modelled with an experienced crypto-economist (yes, that's a job category now).

Mistakes that compound:

• Issuing the token before deciding the regulatory framework
• Vesting tokens differently from equity (creates misaligned incentives)
• Allocating to "advisors" without vesting (massive overhang)
• Ignoring market-maker contracts (the protocols who provide listing liquidity often take 10-20% of token allocation)

Treasury management in crypto is harder than in fiat:

• Volatility: BTC / ETH moved 40-60% in single quarters in 2024-2025. A treasury denominated in your own token can vanish.
• The standard pattern: keep 18-24 months of operating expenses in stablecoins (USDC primarily; some teams diversify into USDT, but counterparty risk varies)
• 10-30% in ETH (for ecosystem alignment and grants)
• 5-15% in your own token (for vesting + ecosystem allocations; do not bank on it for opex)
• 0% in BTC unless you have specific thesis exposure

Hold stablecoins in mix of: hot wallet (operational), multi-sig cold wallet (treasury), and (increasingly) traditional bank with USD denomination. The 2023-24 bank failures (SVB, Signature, SVB Cayman) and stablecoin de-peggings have moved most crypto founders to diversified treasury setups.

When NOT to do Web3 (the most-skipped section of any crypto pitch):

• The product would work just as well as a SaaS — adding a token adds regulatory cost without product benefit.
• You're issuing a token "because we need to raise from crypto VCs" — bad reason. Most crypto VCs now invest in equity-only deals too.
• You can't articulate why blockchain matters in one sentence — if there's no good answer, the answer is "it doesn't".
• Your customer base doesn't custody wallets — onboarding friction kills you.
• You're building consumer apps and don't have multi-million-user distribution already — chicken-and-egg of liquidity is real.

The companies that succeed in Web3 mostly look like: infrastructure (custody, indexing, oracles), DeFi protocols (with a clear monetisation path), or vertical specialised plays (gaming, identity, supply chain). Consumer apps with tokens have been brutal.