A Short History of Tokens
It’s been over 10 years since Bitcoin first introduced blockchain technology to the world. In that time, the list of potential use cases for distributed ledgers has expanded rapidly, from digital currencies, to supply chains, to identity management. At their core, however, many of these uses cases take a similar structure: they enable users to hold and transfer digital assets on a peer-to-peer basis. Put simply, we can now trade and track digital assets without needing a central trusted authority to manage the process.
This evolution of the space naturally led to the invention of “tokens” – digital assets on a blockchain that are ownable and transferable between individuals. Tokens are split into two main categories: those that represent a natively digital asset, and those that represent an underlying real-world asset. Leveraging this new paradigm, hundreds of thousands of different tokens have already been created on Ethereum alone, with a combined market cap of over $15 billion at the time of writing.
One of the most promising applications of tokens is the representation of real-world securities on-chain, which allows traditionally illiquid assets like commercial real estate to be fractionalized and transferred peer-to-peer. This process, known as “tokenization”, has gained significant mindshare from both legacy institutions and new start-ups, due to its potential to alleviate many existing pain points within the capital markets.
While blockchain can make it easier to transfer ownership in a technical sense, security tokens are still subject to the same laws and regulations as traditional securities. Ensuring security tokens are compliant with regulation is therefore critical to any potential tokenization, and has been a barrier to adoption to date. As seen in the chart below, regulatory uncertainty is widely considered the largest barrier to blockchain adoption.
Numerous projects have emerged in the blockchain space, each designing a protocol that attempts to simplify and standardize how security tokens are regulated, traded, and managed. Looking at Ethereum alone, projects that have published standards tackling this problem include Securitize, Harbor, Polymath, and more. However ultimately, without modifications to how these protocols are currently designed, investors and exchanges will continue to experience significant friction when buying and selling tokenized securities. Why is this? Interoperability.
Interoperability is Crucial
Interoperability is one of the most significant benefits of tokenization. It allows an entire ecosystem of capital markets applications and products to integrate with one another because they share common software standards. However to enable interoperability at the application and product level, it needs to begin at the lowest level with the tokens themselves. In the security token space, interoperability is essential for two key parties: exchanges and investors.
As an exchange, you want to be able to authorize investors for the purchase of any security token that they are eligible to buy – no matter the company that created the token. This means not having a bespoke integration with each security token, but a simple and generic integration that is uniform across all security tokens.
As an investor, you want the onboarding process to be as simple and frictionless as possible. Currently when an investor wants to purchase shares from multiple places, they have to provide their personal information time and time again in a process called Know Your Customer “KYC”. Blockchain has the potential to transform this process by storing this information immutably on-chain, where it can then be referenced by all security tokens. This would mean not having to repetitively provide the same personal information every time you wish to purchase a new token, instead only supplementary or updated information would be required after the initial registration. However, this process will only be possible if interoperability between security tokens is designed into the standards that govern the system.
Three of Ethereum’s leading security token protocols were published by Securitize, Harbor, and Polymath. All three of these protocols are built upon Ethereum’s ERC-20 token standard, which they then extend to enforce compliance into the trading of the security token. This is achieved by querying a second contract on the legality of each trade at the time that it happens.
Whilst named differently in the protocols, the use of a second contract is consistent throughout all three, achieving the same result: preventing non-compliant trades. This second ‘Regulator’ contract is kept up to date with users’ KYC and accreditation information by off-chain services that are authorized to do so – for example an exchange, or the token’s issuer.
Although these three components may seem like everything you need to regulate a security token (and in the simplest form, they are), it is how the components are programmed that really determines interoperability. Sadly, the protocols lack interoperability in two key areas, which will continue to cause friction and slow adoption of this technology:
- How do authorized parties update on-chain information about users?
Harbor declares in their whitepaper that they will be the only party authorized to update user information on-chain for the time being. The centralization of this role means that exchanges would not update any data referenced by the Regulator. They therefore will not be able to approve new recipients of the token, preventing tokens from being easily traded outside of the Harbor platform.
Securitize have already implemented a system whereby multiple parties can be authorized, meaning investors can register their compliance information in multiple places and are not required to go through Securitize themselves. The on-chain data is then updated directly by the authorized party, and can be viewed by all of Securitize’s tokens. Furthermore, to prevent investors from having to provide information multiple times, Securitize have designed an API to allow authorized parties to access the private information about investors that is stored off-chain, enabling them to easily determine whether an individual is compliant or if more information is needed.
Polymath has a native digital utility token called POLY that is required throughout their platform to perform various tasks, including to get an authorized party to update your on-chain data. In order for an individual to KYC themselves, they first must purchase POLY tokens, which does not have a liquid fiat to POLY market. Instead the individual must purchase another cryptocurrency such as Ethereum’s “ether” (ETH) using fiat, and then exchange this for POLY. The tokens can then be used on Polymath’s KYC marketplace to make a bid to a KYC provider. If the KYC provider approves the offer, they are paid in POLY tokens to perform the KYC check for the individual. This process is clearly a significant onboarding friction to the Polymath platform, and makes the process more complex than necessary.
- How this information about users is then stored and accessed on-chain?
From looking at the whitepaper and smart contracts on GitHub, it is technically possible for many of Harbor’s tokens to all share one common Regulator contract, and share one common source of user data, however this is unlikely due to the differences in regulation between different tokens. The lack of live Harbor’s tokens on Ethereum has not clarified whether it is their intention for this to be the case, or whether each token will be deployed with its own Regulator.
Securitize’s protocol is designed such that their Regulator contract queries a third smart contract which stores user information. This enables each token to have unique regulations encoded in their own individual Regulator, whilst still sharing a common source of user data in the third contract, meaning when a user KYCs for one Securitize token their information is stored ready for them to buy future tokens
It’s not explicitly stated in their whitepaper whether Polymath has a central source of compliance data stored on-chain that each Regulator then interacts with, or if tokens have their own local source of information. However, based on Polymath’s sample contracts, it appears that each token uses a local source of information, which is not shared between different tokens. While this may have advantages, this setup risks data redundancy and inconsistencies.
Take the following example: Bob has expressed interest in two Polymath security tokens, ABC and DEF, and has been approved as an investor for each of them. This information is sent to the Regulator contract for each of the tokens. A month later, Bob tries to purchase further DEF tokens but it is found that he is no longer accredited. This information is sent to DEF’s Regulator to update Bob’s investor status to be non-accredited. Now, on-chain, there is conflicting information: ABC thinks that Bob is a verified investor, however DEF disagrees. It is easy to see that having a central source of information would prevent such discrepancies from occurring.
Interoperability of the Protocols
As discussed previously, there are two main parties involved in the issuance and exchange of security tokens to whom interoperability will matter greatly: exchanges and investors. Both of these parties desire a smooth experience when interacting with different security tokens. So, if using the protocols as-is, let’s take a look at how exchanges and users will be affected.
As an exchange, integrating these protocols for purposes of transfer is easy: all of the tokens utilize the ERC-20 token standard, providing a uniform interface to invoke transfers, approvals and balance checks. However further integration with the compliance aspect of every protocol becomes far more complex. You’ll remember it’s not currently possible for a trusted party to become authorized on Harbor’s protocol – they will instead have to direct users to Harbor to KYC themselves. To then integrate with Securitize’s protocol, the trusted party must be authorized by Securitize, which will then allow them to access investor KYC data through the off-chain API, and to update on-chain information stored in the on-chain data store.
To integrate with Polymath’s protocol is likely the most complex. The trusted party must register themselves as a KYC provider on Polymath’s KYC marketplace and set themselves up to receive bids in POLY tokens in return for providing KYC services. In providing KYC services to investors the trusted party must then organize a way to ensure that the duplicative on-chain data stored about a user in each security’s Regulator④ does not become inconsistent.
Not only do the protocols have different interfaces that the trusted party must integrate with, each protocol also has a different way to provide error reporting to the exchange. When building an interface it is important to be able to translate any errors that occur into something that is understandable by users. For example, if a user cannot purchase a token this could be for a wide variety of reasons: the security may have a holding period that has not yet been satisfied, or may restrict the maximum number of permissible holders. To be able to communicate these messages to users, the exchange would have to integrate with a different method of error reporting for each protocol.
The different methods by which onboarding of investors is currently designed in the protocols means that investors will likely have to provide personal information many times to different platforms and in different ways. This is caused by the fact that Harbor have not authorized any other parties, and Polymath require investors to bid for KYC processes using POLY tokens. The friction caused by the enforcement of these compliance methods may render investors unwilling or unable to purchase securities they would otherwise purchase.
The scale of this protocol-induced friction on investors may be somewhat alleviated by the manner in which exchanges go about integrating each of the protocols. For example, if an investor chooses to KYC on an exchange to purchase a Polymath token, that exchange, if authorized, could choose to update Securitize’s data storage at the same time. This would mean the investor’s information is on-chain in case it is needed in the future. However, if no changes are made to the current protocol designs, then the process of registering and purchasing securities will remain daunting.
The solution to this problem need not be complex. In fact, it is possible to introduce certain solutions without changing any tokens that are already live on Ethereum. An ideal solution that results in minimal friction for both exchanges and investors, and that prevents data inconsistencies caused by having many different sources of compliance data would closely resemble Securitize’s centralized on-chain data store; however, any such a set-up must then be adopted on an industry-wide scale.
By having a central source of information on-chain, the risks of data inconsistencies is removed, and investors are able to purchase different securities through just one compliance verification. This central contract would carry out the verification that the transfer was compliant for all security tokens, and the transfer would continue or revert. The off-chain API that is accessible to all authorized exchanges means that investor compliance information can be communicated to exchanges and reduces the number of times investors must be asked to provide data. These aspects together also massively reduce the amount of integration work required by exchanges.
The introduction of a new system like this clearly causes some complications, and a number of issues would still have to be ironed out. For example in the design of how each exchange becomes authorized: who makes the decision that an exchange should be trusted? Time has to be taken to design a system that allows a consensus to be reached.
The tokenization of securities is still an area that is early in development and adoption, which is in-part due to the complexities of regulatory compliance. While the publication of protocols simplifies the compliance with many of these regulations by enabling them to be enforced in the execution of every transfer, there is still a long way to go before this is a seamless process. Until we have an agreement between protocols on how investor information is stored and updated both on-chain and off-chain, there will remain significant friction throughout the registration and investment processes for all parties involved.
Solving the Liquidity Puzzle for Security Tokens – Thought Leaders
There is a wide consensus in the financial industry that blockchain technology is going to disrupt the securities market. However, despite the claims, there is no double-digit annual growth of securities on blockchain, which would be expected from a disruptive technology. The reason for that are regulatory roadblocks that don’t allow delivering the biggest promise of digital securities – liquidity for previously illiquid securities. In this article we break down this problem and present a solution.
What are security tokens/digital securities?
From a legal perspective, security tokens are common securities and are subject to the same regulations. The difference is that records about securities ownership are stored on blockchain instead of paper-based or other forms of records. That’s why they are often called digital securities.
Innovative technology significantly improves operations with securities, making them digital and automated. In particular, transfer of digital securities is much easier and may happen in minutes or seconds instead of weeks, spent on signing physical contracts, doing compliance checks and updating government registers.
Why liquidity is so important for security tokens
Liquidity of an asset defines how easy it can be sold. For example, publicly listed securities are highly liquid, while real estate and startup equity are highly illiquid. Although security tokens have multiple advantages, greater liquidity is a principal one. For this reason, they often represent ownership in traditionally illiquid assets.
Mass adoption of security tokens first and foremost requires interest from investors, which will create incentives for businesses to issue digital securities instead of traditional ones. For investors, lack of liquidity is the biggest problem of securities that are not listed on exchanges as it makes investments in them riskier and makes investors wait for decades until they pay off. Therefore, unlocking liquidity of security tokens is crucial for their mass adoption.
Why is liquidity in the conventional meaning of the word is out of reach for security tokens
In the narrow sense of the world, securities are considered liquid if they are traded on a stock exchange. For this reason, lack of regulated secondary markets is considered the main limitation. However, this ignores the fact that there are already operating exchanges for security tokens: tZERO, Open Finance, MERJ, GSX – but very few tokens are listed there. Furthermore, Open Finance is on the edge of delisting all security tokens because their trading does not generate enough fees to support operations.
Therefore, the problem is not in the lack of marketplaces. It is in fact that listing on an exchange is overly complicated. It requires registering the offering at competent authorities, having minimum trading volume, minimum market cap, being under increased reporting requirements, which often include annual audit. Basically, it requires becoming a public company. These requirements will arise not only in the case of listing on a classical exchange but any kind of regulated market. This means that listing on a regulated trading venue is not feasible for most security token issuers.
Such a flawed understanding of the problem stems from crypto origins of security tokens. They were seen as a regulated continuation of utility tokens and cryptocurrencies, for which listing on exchange is much easier, so it became a synonym for liquidity. This myth should be debunked in order for the market to move to more realistic sources of liquidity.
How is liquidity for security tokens possible?
To answer this question, we need to go back to an original definition of liquidity, which is the ability to quickly sell assets at any moment. It has two main components: complexity of conducting the transaction and how easy it is to find a counterparty.
The former problem is solved by blockchain technology. Its main benefit for private securities is that it vastly simplifies conducting the securities transaction, making it possible to do everything online in a few minutes. Conventionally, transfer of securities would require signing physical agreements, reporting changes to the government register, settling a transaction via a wire transfer, and doing manual compliance checks on individuals engaged into the transaction.
Complexity of the transfer also impacts the number of potential counterparties. When the transfer is complicated and expensive, it becomes not feasible to transact small amounts. This cuts off smaller traders and investors from the market, making it even harder to find a counterparty.
The problem of finding a counterparty is traditionally solved by an order matching mechanism of exchanges, which for security tokens is not feasible. Therefore, the key to unlocking liquidity is in creating an efficient way to find counterparties for transactions that would not be considered a regulated market.
This way is already known. It is a bulletin board for P2P transactions. As these transactions are private and do not involve an intermediary, they don’t require regulation. However, there are a number of nuances and requirements for such a venue not to be regulated, which will be covered in a separate article.
To the author’s knowledge, at the time of writing there is no venue that enables legally compliant and efficient P2P liquidity for security tokens.
What impact unlocking the liquidity of security tokens will have on capital markets?
Currently, venture investors may sell their shares only if businesses they invest into go public or are acquired. This has two implications, which both lead to money being used inefficiently and slow down the economic growth.
Firstly, it means that only businesses with the potential for IPO are worth investing. Businesses that can offer a solid yield but don’t offer “disruption” and outsized returns are deprived of funding. These are often businesses with a need for high capital investments – manufacturing, agriculture, physical infrastructure etc. The problem with a lack of capital investment is covered in a widely discussed article in Andreessen Horowitz blog “It’s time to build”.
Secondly, illiquidity makes VCs prioritize growth over profitability because when most investments don’t pay off even a 10x exit from successful ones may be not enough. It creates incentives to scale even when the business model is not tested enough, leading to extremely large companies, such as WeWork or Uber, struggling to deliver a profit.
The plague of private markets has impacts on public markets as well. It leads to the emergence of the IPO bubble, when more than 80% of newly public companies are not profitable. It is problematic because public securities are considered less risky, and thus fit into portfolios of retail funds and pension schemes, harming them by being overpriced.
Thus, solving the liquidity problem will have a drastic impact not only on the VC industry but on the entire economy.
HODL Your Hoopla Over SEC Changes For Exempt Offerings – Thought Leaders
Last week the The U.S. Securities and Exchange Commission released a proposal – that has yet to become regulation – to simplify how exempt offerings are done. Shortly thereafter, a flurry of articles and newsletters made their way through the digital asset industry – many of which suggested their platforms were already being modified to fit the new rules. While the SEC has proposed changes, time will tell whether the proposal is adopted – and if so, whether there will be changes to the final draft that will be published to the Federal Register.
The US exempt offering framework includes tools such as Reg D, Reg A, crowdfunding (a.k.a. Reg CF) – essentially everything that is not a public or retail offering. This framework has seen little in the way of changes or modernization since the Securities Exchange Act of 1934. There has been significant public criticism of the current rules for exempt offerings, largely because they reserve access for only the wealthiest Americans to invest in private funds, companies, and other offerings.
If passed, the proposed changes could allow for the average person to invest in earlier stage deals – such as Uber or WeWork – before they reach their lofty valuations and dumped into the public markets. Enabling SPV (special purpose vehicles) and harmonized reporting (ie combing Reg D and Reg CF into one, not two reports), and increasing the total amount that can be raised would help streamline compliance for issuing firms. Additionally, the changes could also enable crowdfunding to become a viable capital formation tool for investing in such asset classes as real estate.
Currently, US offering exemptions such as Regulation CF (crowdfunding) are quite restrictive, limiting the total amount you can raise to $1.07M USD per 12 month period and includes significant restrictions per investor. The US SEC appears to be following the lead of other jurisdictions such as Canada where regulators proposed similar changes, or Europe where regulations were updated last year, increasing the limits for the EGP (European Growth Prospectus) to €8M EUR, a little over $9M USD. According to the new proposal, companies would be able to raise up to $5M USD. While $5M is still a relatively small amount of capital, it does allow early stage companies to build their tribe with a broader investor base.
The SEC proposed similar changes to Reg A, increasing the upper limit to $75M USD. This could make Reg A viable for many later stage companies where larger Series B, C, or even D rounds demand more capital than what is currently available in Reg A.. This also opens up these investment opportunities to the retail investor, previously these deals were only available to the wealthiest corporate venture firms, private equity shops, and high net worth individuals.
Further changes include allowing accredited investors to participate in crowdfunding. Previously, if you used a crowdfunding exemption, you could not accept funds from accredited investors and would actually have to use another exemption, such as Reg D, simultaneously. This typically forces companies into more paperwork, legal fees, and an increased risk of getting something wrong – which could result in regulatory or civil actions. The proposed changes would enable companies to combine accredited and retail investors into one offering.
Aside from accredited investors, the changes also open the doors to institutional and corporate investors, including the SPV (Special Purpose Vehicle).
An SPV is a corporate entity created for a specific purpose – usually for reasons such as limiting liability, tax efficiency, investment, or capital formation. For example: In order to tokenize a piece of real estate, you might form an SPV, and transfer the deed to the real estate into this company. The purpose of that company/vehicle is to hold the deed of this real estate and maintain a accurate record of who the owners are, SPVs are commonly used for investment funds as well.
Combined, SPVs, corporate investors, accredited investors, and major institutional investors can move large amounts of capital. However, they weren’t able to invest in crowdfunding offerings in the US. This created an interesting paradox for companies raising capital, if you could get the big fish interested, you would avoid the crowd – but, if your offering didn’t look good enough for professional investors, your last resort may be crowdfunding. The crowdfunding industry as a whole has faced a lot of criticism from professional investors for low returns and low deal quality, this is likely to change when retail investors have access to the same deals as larger institutions.
Finally, the new crowdfunding regulations propose several major changes to how much each investor can put into any one offering. Currently, investors who do not meet the accreditation thresholds were limited on how much they could invest based on the lower of their income or net worth. The new regulations would change this to the greater of those two. These changes are expected to not only fuel innovation, they are likely to bring in a lot of smart money as well.
For example, an investor with a net worth of $750,000 and an income of $150,000 couldn’t qualify as an accredited investor. This person has a Phd in bioscience and finds a startup with a revolutionary innovation in the field of bioscience – they are not qualified as an accredited investor and barred from investing. Ironically, they can be an advisor to any institutional investor on why this particular startup is so hot – but under the current rules, they are not qualified to risk their own money.
While these changes are welcomed by most market participants, they are not a sure thing. This proposal for a new exempt offering framework is not yet regulation, it still has to make it’s way through the government and be entered into the Federal Register. Looking back at the proposals for crowdfunding in the US we can see how different a proposal can be from the regulation – and there are still a lot of lobbying dollars that want to see the status quo maintained. It is important to not make important business decisions based on this proposal – rather, look at these changes as a larger trend among securities regulators globally.
We’re seeing securities regulators trying to make easier for distributed capital formation. Crowdsales and crowdfunding are actually becoming something that the regulators across around the world are working together to harmonize their frameworks. By combining the crowdfunding regulations from jurisdictions around the world, early stage companies would be able to access global capital and build a global investor base, without being forced to break the rules like most of the ICO and STO issuers are doing today.
Perhaps the most exciting thing about the SEC’s proposed changes is how they demonstrate a very coordinated effort among securities commissions globally. As this new era of capital formation emerges, businesses will be able to combine and leverage the regulatory frameworks of multiple countries. That being said, for US based offerings, we still have to wait for the new regulations before knowing what they will look like, or their impact on the digital securities industry.
Why EU blacklisting the Cayman Islands matters for the STO industry – Thought Leaders
On February 18th the European Union added the Cayman Islands to its tax haven blacklist. While this has not made the news in the security token industry, it has had major implications. Due to the strict demands of AML & KYC in many jurisdictions, regulators are focusing more resources on beneficial ownership, tax transparency, and enforcement.
For companies raising capital, the blacklisting means you should not take money from a Cayman fund if you’re a European issuer. In the EU, a lot of the investment in security tokens, real estate, and private equity comes from or through Cayman fund structures. Cayman is also where a large portion of American VC funds are domiciled.
The current tax haven blacklist also includes American Samoa, Fiji, Guam, Oman, Palau, Panama, Samoa, Trinidad and Tobago, US Virgin Islands, Vanuatu, and Seychelles.
Any company taking funds from a Cayman domiciled fund, or working with a platform/issuer/bank in that market should be aware that being associated with a blacklisted country could create significant new risk exposure for your project, and possibly yourself. These changes are effective immediately. Until recently, most firms could fly under the radar but the EU is also rolling out a public registry of corporate ownership. This will not only make non-compliance much easier to spot but also increases the ability for regulators in the EU to investigate and enforce.
The regulation could impact people working at (including directors, officers, or significant shareholders) a company that received funding from a Cayman source after the blacklist date. Enforcement severity changes by country but can include criminal charges, company seizure, and known associates may end up on a variety of sanctions and watch lists. Not to mention the reputational damage.
This is a good example of why a good AML program does not only consist of face matching a document and pinging an API to name match a sanctions list – you are opening up your venture, and most likely yourself, to massive liability. Your legal and regulatory obligation is to take a risk based approach. What that looks like can change by country, transaction value, activity history, etc., so AML program needs to be dynamic, robust, and comprehensive enough to catch things like narrative sanctions.
For example: The most popular security token platforms today only use KYC for digital onboarding of natural persons – not corporate entities. However, when you look at the investors in their previous token issuances you can see that most of the funds are coming from corporate accounts, corporation owned wallets, but the on-chain transaction and KYC is done by an individual. These platforms are missing the technical capabilities to spot transactions coming through blacklisted jurisdictions such as Grand Cayman.
iComply recently helped a virtual asset exchange pass the audits needed to offer their users the ability to spend virtual assets, such as Bitcoin and Ethereum, with a Visa card. This process involved independent audits from Visa, their banks, and regulators – each wanted to see the client demonstrate how they would be able to identify these risks and fulfill the requirements of a whole web of regulations.
Now that they have passed the audit, they are first to market with a very compelling offer compared to their competition who still have months of development on their AML systems before their applications will go through. Using iComply to get ahead of the regulations has also put them ahead of their competition.
We can expect the same for the security token market. Token issuers need to pay close attention to their AML compliance – Telegram had to refund over $1B USD over AML, has spent millions in court with the SEC, and the OCC has not even started with them yet…after that, how many of their “not investors” will be ready to jump onto an investor class action lawsuit? We have already seen this with the recent OCC case against MYSB in New York, or with the SEC and AirFox in Boston.
- Forex Market Majors Stabilize on Mixed US Retail Data
- What is Tether? A Look at the World’s Most Popular Stablecoin
- Big Money Finds Bitcoin in 2020 – Hedge Funds, Service Providers, Intelligence Firms, and High Profile Investors
- FinTech ‘Unicorn’ Revolut Shows Positive Growth in 2019 Annual Fiscal Report
- Dollar Weakness Continues in Forex Market Despite Positives