Security Token (STO) Development
Security token is a token that is a security under applicable jurisdiction legislation. Not by economic essence ("our token gives right to profit"), but by legal classification. This changes everything: issuance, circulation, custody — all regulated by securities law. Ignoring this means working with regulatory risk that materializes sooner or later.
Howey Test (USA) classifies as security: investment of money, in common enterprise, with expectation of profit, from efforts of others. Most tokens positioned as "utility" actually pass this test. Regulator knows this.
Regulatory regimes
USA: Regulation D, S, A+
Reg D 506(b) — most used. Sale only to accredited investors (net worth > $1M or annual income > $200K), without general solicitation, up to 35 non-accredited. No SEC registration needed, only Form D filing. Lock-up period: 12 months before resale (Rule 144).
Reg D 506(c) — allows general solicitation, but only accredited investors, issuer must verify status (via certified letter from CPA/attorney or financial documents).
Reg S — sale outside USA. Common combination: Reg D for US investors + Reg S for others.
Reg A+ — mini-IPO. Up to $75M, public offering, simplified SEC registration. Opens access to non-accredited investors but requires audited reporting.
EU: MiCA and Prospectus Regulation
MiCA (Markets in Crypto-Assets Regulation) — fully in effect 2024. Security tokens under MiCA classified as Asset-Referenced Tokens or fall under existing securities legislation (MiFID II). Requirements: prospectus (or exemption below €8M), licensed issuer or agent.
Liechtenstein Blockchain Act (TVTG) — most progressive legislation in Europe. Direct legal recognition of tokens as instruments. Several STO projects register through Liechtenstein SP (Service Provider).
Alternative jurisdictions
Cayman Islands + BVI — SPV structures for non-US, non-EU issuances. Fewer restrictions, less access to institutional investors from regulated jurisdictions.
Abu Dhabi (ADGM) / Dubai (VARA) — actively developing regulatory sandbox for STO. Real licenses, smaller market.
Technical standard: ERC-3643 (T-REX)
ERC-3643 (Token for Regulated EXchanges) — de-facto standard for STO in Europe. Developed by Tokeny (sponsored by EY and others). Open source, widely audited.
T-REX architecture consists of five on-chain components:
1. Identity Registry — registry of verified investors:
Wallet Address → ONCHAINID Contract Address
2. Identity Registry Storage — separate storage for upgradability
3. Claim Topics Registry — which claims required (KYC_APPROVED = 1, INVESTOR_ACCREDITED = 2, JURISDICTION_ALLOWED = 3...)
4. Trusted Issuers Registry — who can issue claims (KYC provider, broker, issuer itself)
5. ERC-3643 Token — the token itself, checks Identity Registry on each transfer
// Simplified transfer logic in ERC-3643
function transfer(address _to, uint256 _amount) public override returns (bool) {
require(
_tokenIdentityRegistry.isVerified(_to),
"Transfer to unverified identity"
);
require(
!_frozenTokens[msg.sender] && !_frozenTokens[_to],
"Wallet frozen"
);
// Compliance check (limits, jurisdictions, etc.)
require(
_tokenCompliance.canTransfer(msg.sender, _to, _amount),
"Compliance check failed"
);
return super.transfer(_to, _amount);
}
ONCHAINID (ERC-734/735)
Each verified investor has ONCHAINID — smart contract that:
- Stores keys (management, execution, claim)
- Stores claims — signed statements from trusted issuers
- Allows verifying identity without revealing personal data
// Claim structure (ERC-735)
struct Claim {
uint256 topic; // type of statement (KYC = 1, ACCREDITED = 2...)
uint256 scheme; // signature scheme
address issuer; // who issued
bytes signature; // issuer signature
bytes data; // data (document hash)
string uri; // link to off-chain document
}
KYC/AML integration
STO requires mandatory KYC of each investor. Typical flow:
- Investor completes KYC through provider (Sumsub, Veriff, Fractal)
- Provider deploys ONCHAINID for investor (or uses existing)
- Provider as Trusted Issuer adds claim
KYC_APPROVEDto ONCHAINID - Issuer checks claim presence in Identity Registry — investor admitted to token
- On each transfer contract checks both addresses
AML screening — continuous process. Chainalysis/Elliptic integrate for transaction monitoring. High risk score — wallet can be frozen via freezeAddress().
Cap table management
On-chain cap table — one argument for STO vs. traditional securities:
// ERC-3643 provides precise cap table data
function getCapTable() external view returns (
address[] memory shareholders,
uint256[] memory balances,
uint256 totalSupply
) {
// shareholders — all holder addresses from Identity Registry
// balances — via standard balanceOf
// totalSupply — full supply
}
Secondary registry (off-chain database) synced via Transfer, Frozen, Unfrozen events. Needed for regulatory reporting: who holds, how much, since when.
Token lifecycle events
| Event | On-chain action | Off-chain action |
|---|---|---|
| Primary placement | mint → verified addresses |
Form D filing, escrow |
| Secondary transfer | transfer + compliance check |
AML monitoring, CAP table update |
| Dividends/coupon | distributeReturns in stablecoin |
Tax reporting |
| Forced transfer | forcedTransfer (court/regulator) |
Court document on IPFS |
| Recovery | recoveryAddress |
Affidavit from investor |
| Burn/redemption | burn |
Redemption price payment |
Compliance contract: custom logic
Separate Compliance contract contains business rules unrelated to identity:
contract STOCompliance {
uint256 public maxInvestors = 2000; // Reg D limit
uint256 public maxBalancePerHolder; // anti-concentration
mapping(string => bool) public allowedCountries; // ISO 3166-1
function canTransfer(address from, address to, uint256 amount)
external view returns (bool)
{
// 1. Check recipient jurisdiction
string memory country = identityRegistry.getCountry(to);
if (!allowedCountries[country]) return false;
// 2. Maximum number of holders
if (token.balanceOf(to) == 0 && token.holderCount() >= maxInvestors)
return false;
// 3. Concentration limit
if (token.balanceOf(to) + amount > maxBalancePerHolder) return false;
return true;
}
}
Secondary market
For Reg D tokens secondary market opens after 12 months (Rule 144). Platforms: tZERO, INX, MERJ Exchange — ATS (Alternative Trading Systems) with licenses for security token trading.
On-chain secondary market: permissioned orderbook or AMM. Uniswap v4 hooks allow adding KYC check in beforeSwap:
function beforeSwap(address sender, PoolKey calldata key, IPoolManager.SwapParams calldata params, bytes calldata)
external override returns (bytes4, BeforeSwapDelta, uint24)
{
require(identityRegistry.isVerified(sender), "KYC required for trading");
return (this.beforeSwap.selector, toBeforeSwapDelta(0, 0), 0);
}
STO development is months of legal and technical work simultaneously. Technical stack without legal structure doesn't work. But properly built STO is token with real legal status and access to institutional investors.