For most of crypto’s short history, mergers and acquisitions have been about technology and teams. Companies bought engineering talent, liquidity, or product lines that expanded their footprint in a fast-moving market. But a new wave of deals is being driven by something entirely different: regulatory compliance.

Across the industry, we’re seeing what could be called policy-driven M&A: mergers and acquisitions made not to innovate faster, but to comply sooner. The buyer isn’t purchasing a better product; they’re purchasing a license, charter, technology, or team that grants a regulatory status or legal authority others can’t easily replicate.

It’s a subtle but powerful shift in what is a maturing policy environment. Crypto founders are now confronting a second layer of strategic decision-making, one that earlier generations of builders rarely had to consider: how to navigate compliance as a path to scale. But as compliance and scaling converge, learning what options are available and what they entail is a critical part of the builder’s playbook.

From regulatory chaos to strategic clarity

For years, crypto firms operated in a fog of uncertainty. There was no clear path for compliance, no roadmap to registration, and no easy way to know whether the next enforcement action would redraw the map entirely. Many startups assessing regulatory risk defaulted to defensive strategies like geofencing: blocking access from certain jurisdictions altogether rather than attempting to comply with unclear or impractical rules. 

Now, the fog is beginning to lift. Through a mix of legislation, court rulings, agency actions, and even instances where regulators have chosen not to act, a path forward is starting to reveal itself. With certain regulatory structures becoming more predictable, opportunities are emerging for founders to read those signals and consider policy-driven M&A strategies, turning compliance from a burden into an opportunity (and in some cases a necessity) to scale.

This isn’t new — it’s just crypto’s turn

If this pattern sounds familiar, it’s because other industries have done it before.

After the 2008 financial crisis, Dodd–Frank reshaped how banks could trade, clear, and lend. Many responded not by building new compliance systems from scratch, but by acquiring smaller firms with the right licenses or infrastructure. Big banks bought boutique brokers, clearinghouses, and advisory shops that already met the new standards. Buying compliance was faster than building it.

A clear example came in 2013, when Intercontinental Exchange (ICE) acquired NYSE Euronext. The deal wasn’t just about brand prestige or growth. It gave ICE control over regulated clearinghouses and exchange infrastructure at a moment when Dodd-Frank was pushing more derivatives trading and clearing onto supervised venues. Rather than building compliance capabilities from scratch, ICE effectively positioned itself within the new regulatory order by acquiring existing compliance infrastructure.

Policy-driven M&A is what happens when an industry and its applicable regulations mature. This marks a turning point: when the regulatory environment becomes predictable enough to navigate, capital starts flowing toward compliance infrastructure.

Crypto is now at that point. 

Earlier this year, Polymarket acquired QCX, a dormant designated contract market, to create a compliant pathway for U.S. users to access prediction markets, an impossible task without a regulated venue under the Commodity Exchange Act. Similarly, Kraken acquired The Small Exchange, giving it a CFTC-regulated futures market and clearinghouse at a moment when retail access to crypto derivatives was becoming increasingly scrutinized. Both deals reflect the same pattern: firms responding to maturing regulatory expectations by acquiring the structures they need to operate within them.

How founders should think about M&A for compliance

Crypto companies have three broad options for handling regulatory compliance:

1. Affirmatively satisfy the compliance requirements of a jurisdiction. Once seen as unrealistic, it’s the ideal scenario in a world where the rules finally make room for innovation.
2. Redesign the product so those requirements don’t apply. Nobody wants to re-engineer their product just to fit outdated laws, but that’s what many teams had to do when laws failed to catch up to the technology.
3. Geofence the jurisdiction entirely. A “nothing else works” last-ditch solution when satisfying obligations is impossible and redesign would kill your product.

As regulatory expectations become clearer, the first path is becoming a viable option for projects of all sizes to scale. The question for founders then becomes: do you acquire compliance infrastructure through M&A or build it from scratch? Each approach carries its own advantages and trade-offs, and founders will need to assess which aligns best with their product, timelines, and capabilities.

M&A offers relative speed and certainty. It allows founders to quickly unlock access to new markets and reduce regulatory uncertainty by absorbing a licensed entity with a proven framework and operating history. Acquiring an already-approved structure can also deliver institutional credibility, experienced leadership, and mature internal systems, assets that can take years to build organically. In that sense, M&A turns what was once an unreachable goal into a practical on-ramp for companies that previously couldn’t afford to build from scratch.

But M&A rarely comes without friction. Integrating a licensed entity means inheriting its history, governance, and oversight obligations, making it a double-edged sword. Those inherited systems can be valuable sources of institutional knowledge, but they can also introduce inefficiency by forcing founders to adjust systems that weren’t designed with their business in mind. Acquirers must navigate “change-of-control” restrictions that limit how quickly they can replace management or modify internal processes. Many regimes require continuity in key personnel, operational systems, and even board composition to preserve the license. In short, the framework you acquire for compliance may also define how you operate, at least until regulators approve any reconfiguration.

Building from scratch, by contrast, offers greater control and long-term flexibility. An entity can be designed around the company’s specific product, risk profile, and technical architecture, unburdened by legacy systems or inherited governance. The trade-off is cost and time. Licensing and application fees, legal counsel, and audits could reach into the millions, and that’s before factoring in ongoing costs, like paying the talent required to run a compliance team. The process can take years, and success depends heavily on regulatory relationships and the quality of counsel.

The choice between the two comes down to time, cost, and tolerance for rigidity. M&A trades flexibility for speed; building trades speed for control. Founders should consider both paths carefully. For those who once ruled out affirmative compliance because building from scratch felt impossible, policy-driven M&A now offers a new way to unlock those markets — one that turns compliance itself into a strategic asset rather than a barrier to entry.

All information contained herein is for general information purposes only. It does not constitute investment advice or a recommendation or solicitation to buy or sell any investment and should not be used in the evaluation of the merits of making any investment decision. It should not be relied upon for accounting, legal or tax advice or investment recommendations. You should consult your own advisers as to legal, business, tax, and other related matters concerning any investment. None of the opinions or positions provided herein are intended to be treated as legal advice or to create an attorney-client relationship. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by Variant. While taken from sources believed to be reliable, Variant has not independently verified such information. Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by Variant, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Variant (excluding investments for which the issuer has not provided permission for Variant to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://variant.fund/portfolio. Variant makes no representations about the enduring accuracy of the information or its appropriateness for a given situation. This post reflects the current opinions of the authors and is not made on behalf of Variant or its Clients and does not necessarily reflect the opinions of Variant, its General Partners, its affiliates, advisors or individuals associated with Variant. The opinions reflected herein are subject to change without being updated. All liability with respect to actions taken or not taken based on the contents of the information contained herein are hereby expressly disclaimed. The content of this post is provided “as is;” no representations are made that the content is error-free.