The Many Factors You Need to Consider When Issuing Digital Securities

The Many Factors You Need to Consider When Issuing Digital Securities

An Overview for Teams Planning to Tokenize Assets

Digital assets, digital securities, security tokens, tokenized securities – no matter what you call them, one thing is certain: the day-to-day back office of broker dealers, investment banks, fund administrators, and corporate services firms is on the verge of a massive shift towards digitization.

Over the past three years, our team at iComply has seen hundreds of use cases touching businesses and investors in over 100 jurisdictions. It may come as a surprise, but most of the companies operating in digital assets are flying by the seat of their pants. Recently, after a project kick-off meeting, one of our client’s advisors said, “I learned more in this hour than I have in the past year.”

This article aims to cut through the hype and give management teams a simple outline of things to consider before creating and managing a securities instrument using blockchain based tokens.

But first a bit of housekeeping – it is important to understand that iComply is a compliance technology company, we do not offer advisory, legal, brokerage, or other services. However, we have seen a lot of deals and know who many of the good (and bad) service providers are. That being said, none of the information in this article should be considered advice, legal or otherwise.

Build a Quality Team

As the saying goes: fail to plan, plan to fail. Building a quality team, like anything else of quality, requires work and a commitment to due diligence. Watch out for experts, there is a strong correlation between how loud someone beats their chest and why nobody else will do it for them. Instead, ask for references and then…call them.

Finally, don’t – I cannot stress this enough – do not rely on their professional designation as a badge of credibility. Some of the worst legal advice I have ever heard came from a “Trust me, I wrote the JOBS ACT!” US attorney. Three months later, that client was in litigation and their entire project in jeopardy.

Know Your Token

In the application of digital securities – a token is simply a ledger that represents ownership in a security. If you think that sounds like a cap table, you are pretty much up to speed. Creating a token is similar to creating a new spreadsheet, you can use it to track equity, debt, fund units, options, futures contracts – pretty much any financial instrument. Therefore, before you can put together an offering, you need to know what rights the token will entitle the owner to.

To accomplish this, it is important to keep it simple – many projects go awry by trying to give all sorts of unrelated benefits to token holders, such as product discounts, loyalty rewards, etc. This additional complexity increases both your technical and regulatory risk. Sure, you may use Excel for your cap table and for your marketing list – but you don’t use the same spreadsheet for both. The same goes for tokens. Once you have defined the rights of your token you can start planning your strategies for marketing, distribution, trading, and of course which jurisdictions you will serve.

Jurisdiction Shopping

One of the most common mistakes we see in the digital securities markets is what our team calls “the RegD/RegS fallacy” – a misunderstanding which plagues many US based projects. Put simply, RegD/S are exempt offering tools based on regulation in the United States – most project teams think “I will use Reg D for US investors, Reg S for everyone else.” Unfortunately, no other securities regulator in the world observes Reg S. Instead, a US issuer may use Reg S to sell to an investor outside the country, but they must do so using an exempt offering framework from that investor’s jurisdiction.

Deciding which jurisdictions you will accept investors from should be a business decision taken seriously. The last thing you want to do is be submitting reports of exempt distributions, annual business filings, and suspicious activity reports to FinTRAC because you took on one $500 investment from one Canadian two years ago. Do you have interest from Maltese investors? Enough interest to warrant the paperwork and fees in Malta?

If you have enough investor interest coming from a single jurisdiction, add it to your target list – if not, ensure you are not marketing into, or onboarding investors from, that jurisdiction.


For most digital securities, the creating the token structure itself should not take more than a week. If you have your offering documents or term sheet ready – most issuance platforms can do this in minutes. Some even do it for free. Whatever the price or vendor, the process of tokenization should include smart contract development, audit certificates from qualified third parties, and verified deployment certificates.

If you plan to, or have already, created your own smart contracts (the tech behind the tokens) it is ludicrous to not have them independently audited. Once completed, ensure the proper audits and on-chain verification procedures are documented and placed in your due diligence folder. Investors will want to see this because these certificates are very important if you require banking, custody, or insurance in the future. Not to mention having them handy in the event of an audit.

AML Compliance

One of the biggest regulatory gaps among issuers of digital securities today is in their AML program. To be compliant with AML regulation, you need written policies and procedures, as well as the training, team, and tools to execute them. If you are relying on brokers, crowdfunding platforms, or digital securities platforms to handle the KYC for you – get a copy of their policies and procedures and keep it on file. More likely than not you will need this written documentation at some point in the future.

Your obligations under AML regulation will change by country. In the US, identity verification regulations are comparatively weak and most KYC solutions can perform a compliant verification. In Germany, you can’t use the same process – and that is only verifying the identity of a human investor.

What if the money comes from a corporation such as a VC or private equity firm? Again, the requirements change by country. Other rules govern which watchlists you need to check and how often, what documents you can accept, and which methods you can use. In most cases, you will need to comply with the rules specific to the jurisdiction of where your investor is from – not where your offering is.

AML risk management is not a place to cut corners and it is not something you do only once. Instead, a proper risk management tool should be able to notify you when an owner of your token ends up on a watchlist, is subject to a cease trade order, or other regulatory actions.

In the traditional private markets, back office admin firms spend an average of 10-12 hours per investor per year to keep AML up to date. Luckily, ongoing monitoring technology for token issuers can automate this for you, cutting 99% of the cost and manual work. No matter what, your KYC/AML software must be robust and dynamic enough to support the requirements of each jurisdiction you plan to serve.

Securities Compliance

Once an investor is onboarded and accepted through AML compliance there are additional considerations for securities regulations. Again, these change by jurisdiction (in the US this can go down to the state level). Work with your legal and advisory teams to ensure the proper legal agreements and required disclosures appear to the right investor, and in the right step of the entire transaction. To date, our largest distribution included legal and disclosure documents covering 103 countries.

Depending on who you are selling the token to, an issuer may need relationships with payment processors, banks, broker dealers, custodians, trust services, issuance or crowdfunding platforms, etc. to legitimately complete their sale. In some countries, like the US, the issuer has limitations on how many investors they can onboard. However, in many countries, the rules are much more strict – issuers are limited to how many investors they can even show their offering documents to. It’s important that you document and can demonstrate compliance with these complex variations in securities regulations. While it is possible to do this manually, it is much easier to use technology to automate this for you.

Issuance Management

Once the investors have made the purchase, and the funds are received, you will need to transfer the token to the investor. This is called a primary or initial distribution because the token is coming from the issuer to the investor. Token transfers from investor to investor and secondary transfers – more on that later.

Depending on the type of security the token represents, and which market the issuer and investor is from, transferring the token to the investor may require other service providers such as custodial or trustee services, transfer agents, lawyers, or broker dealers. For example, a subscription agreement for an equity token transaction in Switzerland requires a “wet-ink” signature witnessed by an authorized representative (i.e. lawyer) in that market.

However, it is important to note that for most markets (such as the US), issuers of private market securities are not required to spend money on any of these services. Instead, using these services is a business decision for the compliance and management teams. Do you know what you are doing? Do you know what forms you have to file if you accept this investor? Do you know how to document the update of the registry? In some cases, your investors may want you to use these third parties. For example, in the venture capital market, corporate and fund admin services are not usually required by regulations but most funds use these services to give their LPs greater confidence in the governance of their investment capital.

Audit & Reporting

Once the token offering is closed, your compliance work has just begun. Issuers need to be able to report on everything: who they sold to, who they rejected, who they returned funds to, who bought or sold the token in a secondary market. Depending on the jurisdiction, an issuer may need to maintain these records and file reports for anywhere from 5 to 11 years after the investor no longer holds the security. Again, technology exists to automate this and not only simplifies securities reporting, but also data governance and user privacy settings to ensure you are not holding data for someone longer than you have to – this is a big part of GDPR, PIPA, and other privacy regulations that most token issuers simply do not consider in their planning phase.

Ongoing Transfer Management

Now, back to those secondary transfers and liquidity for your token holders, this can occur peer-to-peer, over certain DEX technologies, or by listing on a licensed securities exchange such as an ATS, MTF, OTC or trading pool. Which blockchain you use for your token can create additional complications – under the new FATF guidance many private blockchains and DLTs can make you subject to additional regulations.

New regulatory requirements such as the “travel rule” could actually make things easier by unlocking interoperability and data standardization across various trading venues. Using the principle of “compliance by design” some token compliance platforms are able to automate this end to end. Others can do this for you as a managed service or registered transfer agency.

No matter how it is done each transfer has to consider both the buy and the sell side regulation. If the token is transferring between investors in different jurisdictions, there are two regulatory rule books to consider. Either your team, your token compliance software, or your service provider, will need to calculate compliance on both sides of each transaction.

Finally, most issuers have so much to think about when they are putting their offering together that they forget to consider ongoing operational costs such as gas on the Ethereum blockchain. Depending on which token compliance service you use these costs can be as high as $100 USD per trade. This is usually due to poor technical design as other solutions will accomplish the same thing with more scalable and cost effective design – resulting in trade fees below $0.20.

In Closing

Some proponents of digital securities will make bold claims of liquidity but the reality is that there is virtually no liquidity or trading venues for digital securities. Others suggest that using this new database technology (the token) will get you a higher price for your offering – perhaps, but only to the most uneducated or ill-informed investor.

That being said, the costs of using tokens to manage securities has come down by a factor of 50 in the last three years. By using the right tools, issuers today are able to automate the workflows for issuance, onboarding, transfer, trade processing, and reporting. Done correctly, using a token can significantly reduce the cost, time, and headaches of managing traditional securities. At the current pace of innovation, it’s only a matter of time before investors will demand the transparency, security, and ease of administration that a digital security can provide.

Image courtesy of YouTube.