The CODE Act of 2025

This bill pushes for safer, more compliant crypto tools. It tells the Treasury to team up with DeFi services and risk experts to build and test anti–money laundering, identity checks, sanctions, and cybersecurity controls right into smart contracts and app interfaces. The program must start within 6 months and ends 18 months after the law takes effect, and it cannot include services owned or controlled by certain restricted people. Agencies keep their current powers, and Treasury must share its recommendations with other agencies. It also asks FinCEN to publish guidance for “responsible” DeFi design within 18 months, and it requires Treasury to write rules within 30 months that define what counts as a DeFi service or smart contract and that require risk‑based anti–money laundering and sanctions programs for DeFi services. The bill notes today’s gaps and risks—like hacks and North Korean exploitation—and says DeFi could benefit from standard, built‑in safeguards. It describes DeFi services as protocols or apps on public blockchains that help people exchange digital assets using “smart contracts” that run automatically when set conditions are met.

Key points

• Who is affected: DeFi protocols and apps, crypto developers, Treasury, FinCEN, law enforcement, and cybersecurity agencies.
• What changes: A short‑term public‑private testing program; new guidance from FinCEN; and new rules requiring DeFi services to have risk‑based anti–money laundering and sanctions controls .
• When: Program launched within 6 months and ends after 18 months; FinCEN advisory due within 18 months; rulemaking due within 30 months of enactment .