Regulatory Compliance in Security Token Offerings: Anti-Money Laundering and Know Your Customer (2024)

Regulatory Compliance in Security Token Offerings: Anti-Money Laundering and Know Your Customer (2024)

Security Token Offerings (STOs) have become a popular method for companies to raise capital by issuing digital tokens. These offerings, however, are subject to rigorous Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements, as well as securities regulations, which vary by jurisdiction.

Common KYC/AML Requirements Across Jurisdictions

At the heart of STO compliance is investor identity verification. Platforms often use third-party vendors like Sumsub, Sardine, or Parallel Markets to verify identities, perform background checks, and whitelist eligible wallets to meet KYC/AML standards.

Risk-Based Customer Due Diligence (CDD) is another essential element. Entities assess investor risk profiles based on sources of funds, transaction patterns, and exposure to politically exposed persons or high-risk jurisdictions, escalating to Enhanced Due Diligence (EDD) where necessary. Ongoing monitoring of investor transactions and behaviors is also crucial to detect suspicious activity and maintain updated risk profiles.

Jurisdiction-Specific Notes

In the United States, compliance with the Customer Identification Program (CIP), risk-based CDD and Enhanced Due Diligence (EDD), and registration as Virtual Asset Service Providers (VASPs) if applicable is essential. STOs treated as securities must comply with the Securities and Exchange Commission (SEC) registration or exemptions, with heavy penalties for unregistered offerings.

Global jurisdictions require compliance with local securities law, AML/KYC checks, the use of licensed custodians/intermediaries, registration or exemption filings, investor onboarding with identity verification, and transfer restrictions embedded in smart contracts to enforce compliance.

Technical Implementation in STO Platforms

STOs rely on smart contracts to enforce transfer restrictions, preventing unverified or non-compliant wallets from holding or transferring tokens. Investor and admin interfaces provide dashboards for onboarding, documentation disclosure, compliance monitoring, and reports required for audits and regulatory review. Integration with external systems such as cap table management, broker-dealers, and custodians ensures compliance across the lifecycle of the token.

Summary

STOs worldwide must integrate robust KYC/AML procedures, including investor identity verification, risk-based due diligence, ongoing monitoring, and full adherence to local securities regulations. In the US, compliance with FinCEN AML rules and SEC securities laws is essential. Other jurisdictions similarly require a combination of investor vetting and regulatory approvals to ensure compliant issuance and trading of security tokens.

This comprehensive regulatory and technical framework ensures STOs can be offered globally while minimizing risks of money laundering and illegal securities distribution.

Additional Jurisdiction-Specific Information

• In Singapore, offers of digital tokens made to no more than 50 persons within any 12-month period may be exempt from certain requirements if they meet certain conditions.
• In the EU, there are no specific regulations for STOs, but a number of EU-level regulations may apply, such as the EU Prospectus Regulation and MiFID II.
• In Singapore, offers of digital tokens made to accredited investors may be exempt from certain requirements if they meet certain conditions.
• Regulation CF exempts the sale of up to $5 million of securities in a 12-month period, setting no investment limits for accredited investors but subjecting non-accredited investors to investment limits based on their annual income and net worth.
• Regulation A exempts public offer or sale of eligible securities if the aggregate offering price and aggregate sales do not exceed $20 million (Tier I) or $75 million (Tier II).
• In many jurisdictions, tokens issued under STOs are considered a security if they represent the right to any financial gain or claim on the issuer.
• The SFC views tokenized securities as traditional securities with a tokenization wrapper, hence the existing legal and regulatory requirements governing the traditional securities markets continue to apply to tokenized securities.
• In Singapore, offers of digital tokens made to institutional investors only may be exempt from certain requirements.
• Prospectus and investment public offering regimes will be applied to tokenized securities in Hong Kong.
• In Singapore, digital tokens may be regulated by MAS if they are a capital markets product under the Securities and Futures Act (SFA). The Guide to Digital Token Offerings establishes that if a digital token constitutes a product regulated under the securities law administered by MAS, the offer or issue of digital tokens must comply with the relevant laws.
• In Hong Kong, a guideline for AML/CFT requirements and standards for VASPs was issued.
• The main difference between ICOs and STOs is that in ICOs, capital is raised by selling utility tokens, which give owners the right to use the company's product or service once it is developed. In STOs, companies sell tokenized traditional financial instruments, such as equity where token holders receive rights to future profits.
• In Hong Kong, a handbook and guideline were issued for VATP operators to apply for licenses and comply with ongoing notifications.
• Security Token Offerings (STOs) are a form of fundraising involving the issuance of digital tokens to investors.
• Regulation D has three rules: Rule 504, Rule 506(b), and Rule 506(c), each with different exemption criteria and investor verification requirements.
• In Hong Kong, VATPs (for non-security tokens) are now regulated by a new licensing regime overseen by the Securities and Futures Commission (SFC).
• In Singapore, offers of digital tokens up to S$5 million within any 12-month period may be exempt from certain requirements if they meet certain conditions.
• In Hong Kong, STOs do not fall under national AML laws, but dealers and brokers involved by the STO issuer to market the token sale must implement AML measures, such as KYC.

1. Investors in the technology industry interested in financing security token offerings (STOs) must be aware that these offerings are subject to rigorous Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements, as well as securities regulations, which vary by jurisdiction.
2. In the general-news environment, it is crucial for STO platforms to integrate robust KYC/AML procedures, such as Investor identity verification and Risk-Based Customer Due Diligence (CDD), to ensure compliance worldwide and minimize risks of money laundering and illegal securities distribution.

Read also: