Since 2017, I’ve worked with hundreds of teams launching regulated, compliant tokens on the blockchain. Through Tokensoft, we helped raise over $1B and automate securities compliance processes across more than 50 countries. Today, tokenized securities have reached tens of billions in market capitalization, with institutions such as BlackRock, Franklin Templeton, and Apollo experimenting with blockchain-based assets.

If you’ve been wondering: how is this legal? Under what regulations did these projects launch? This is the framework I’ve developed for assessing what is legitimate and what isn’t.

Start With the Motivation Behind the Laws

When trying to understand regulations deeply, start with motivations. Securities regulations are fundamentally designed to enforce ethical boundaries around securities offerings: “Don’t lie, don’t cheat, don’t steal.” Viewing all requirements through this lens helps develop a mental model for understanding applicable regulations.

The Securities Act of 1933 was passed to ensure adequate disclosure around investment offerings — the when, what, and how of securities entering circulation. Under the ‘33 Act, we have Regulation D, Regulation A, Regulation S, S-1 IPOs, and others. These govern the treatment of investors, the financial instrument itself, and the process by which the security may enter the market.

There are two categories: exempt offerings (enter the market without explicit SEC approval by following prescribed rules) and registered offerings (require SEC review and explicit approval before proceeding).

The Securities Act of 1934 covers what happens after securities enter investors’ hands — ongoing disclosure, transfer rules, and monitoring requirements.

The Due Diligence Framework

EDGAR is your friend. I regularly use the SEC’s EDGAR database to verify whether registration statements have been filed or whether a company has an associated registered transfer agent. Legitimate token standards should appear in effective registration statements.

Assets on well-known, decentralized blockchains. If assets exist only on a private chain, their legitimacy is questionable. Assets on well-known public chains enable true DeFi compatibility.

Read the terms of service. The fundamental question: how is the asset entering circulation? Is there a Private Placement Memorandum? Is there a registration statement? These are the only two legal paths for securities to enter the US market.

The easiest check: if you’re a US person trying to access the platform, are you blocked or granted access? If US persons are blocked, it often indicates the issuance hasn’t followed proper registration or exemption processes.

Check for a transfer agent. If a security is SEC-registered, a transfer agent must be designated. Transfer agents ensure investors always have access to their securities and facilitate investigations of wrongdoing. The key indicator: did you need to create an account before purchasing and moving the asset on the blockchain?

I developed ERC-1404 to meet these regulatory obligations while maintaining blockchain functionality. This illustrates the technical considerations necessary for compliance.

The Checklist

Why Structure From Day One Matters

When assets aren’t structured within proper regulatory frameworks from day one, the SEC may not look favorably on bringing them into compliance later. It may be impractical to pause operations to retrofit regulatory compliance. Operating within established frameworks from the start ensures longevity and reduces risks of service interruptions, enforcement actions, or total shutdowns.

Investors deserve to understand whether projects are built for the long term or operating in regulatory gray areas that could collapse at any moment.