Token securities no longer need to struggle with KYC and whitelists.

Written by: Daniel Barabander, Sabina Beleuz, both employed at Variant Fund

Translated by: Chopper, Foresight News

The current on-chain securities market is diversifying into two extreme development paths, both of which have distinct practical drawbacks.

On one end is compliance securities with access control, represented by tokenized funds issued by leading institutions such as BlackRock BUIDL and Apollo ACRED. These large asset management companies have established comprehensive compliance teams and hold substantial existing business, adhering to a compliance-first principle for product implementation, typically using a whitelist access model. Users must complete KYC (submitting a large number of documents and personal information), and can only trade after approval from intermediaries such as brokers and transfer agents, with securities transferable only among qualified investors who have completed the full access approval. This model provides a poor user experience, generating considerable friction costs, while the original intention of blockchain was to eliminate such transaction barriers. Due to this experiential shortcoming, such compliant securities have always struggled to attract the general crypto user base.

The other end features access-free securities, whose compliance is questionable and can be further divided into two types.

The first type consists of unregistered fund share products, using profit distribution as the core selling point, resembling "yield-generating stablecoins." Leveraging the characteristic of having no access requirements, any user can hold shares without needing whitelist approval, achieving good product market fit in the crypto space. However, this model conceals legal risks and leads to adverse selection: high-quality issuers and asset management institutions do not need to bear the high compliance risks for fundraising and can fully finance through traditional financial channels; ultimately, the issuers who enter the market are often smaller entities with weak risk management capabilities, corresponding to higher product risks. Numerous past explosions in the crypto industry validate this flaw, with the eventual losses often borne by ordinary investors.

The second type is packaged securities, represented by xStocks and Ondo. Third-party institutions purchase underlying assets in the secondary market, establish offshore special purpose entities (SPVs) as the issuing entity, and issue access-free tokens based on the underlying assets as collateral, representing the issuer's debt. Consistent with the previous type of products, the no-access attribute offers excellent user experience, but traditional legitimate issuers are reluctant to participate: non-compliant securities sales carry extremely high legal accountability risks. This results in the packaged model only being applicable to publicly listed companies' stocks that do not require issuer authorization and have ample liquidity in the secondary market; however, these underlying assets possess sufficient trading depth in traditional markets, significantly weakening the value of on-chain packaging. Meanwhile, investors also have to bear additional counterparty risks related to the packaging platform.

Bridging the gap between these two extreme paths harbors a tremendous industry opportunity, which is to design a compliance framework that allows large legitimate issuers to launch on-chain securities products that closely resemble the access-free format while providing an excellent user experience under strict regulatory adherence. This article attempts to propose a breakthrough solution: On-chain geographical fencing, a previously underexplored compliance approach in the industry.

Why U.S. Securities Regulations Generally Require Access Control

To understand the breakthrough logic of on-chain geographical fencing, one must first clarify the regulatory roots of the whitelist system established by leading institutions: the essence of access rules is driven by U.S. securities-related statutes, which can be divided into three main levels.

1) Legal access requirements for registered securities

Securities that have been registered and filed with the SEC (listed on U.S. securities exchanges) are bound by regulations to implement access mechanisms. The core reason is that registered products must be maintained by licensed transfer agents on their shareholder registers. Regulatory details require files that include the names and addresses of security holders. The whitelist and KYC are specifically to meet documentation registration needs, where users must submit KYC information to the transfer agent during account opening and be entered into the whitelist; without being on the whitelist, they cannot initiate transfers.

All native on-chain registered securities (excluding derivatives like xStocks) comply with this structure. For instance, Superstate Services LLC is a transfer agent responsible for managing the whitelist of tokenized GLXY; Franklin Templeton Investor Services, LLC manages the whitelist of BENJI.

2) Access constraints relying on registration exemptions

U.S. securities law offers issuers a number of issuance registration exemptions, but most high-practicality exemption rules require security holders to continuously meet asset thresholds or a cap on the number of holders, with each secondary market transfer necessitating qualification re-verification, which can only be achieved through whitelist KYC. There are three asset threshold exemptions: ① According to Securities Act Regulation D, Rule 506(c): non-public offerings of unregistered securities can only be directed to accredited investors (individuals/institutions that meet minimum income or net worth thresholds), and issuers must verify investor qualifications through KYC to enjoy this exemption; ② Investment Company Act Section 3(c)(7): all holders of a fund must be accredited purchasers with higher thresholds to exempt the investment company from registration; ③ Investment Advisers Act Rule 205-3: investment advisers can only charge performance fees to qualified clients, which also requires qualification verification.

The operation method for holder quantity limits is similar. Investment Company Act Section 3(c)(1) is another exemption clause besides the aforementioned 3(c)(7), setting the limit on beneficial owners of a fund to 100 individuals. Securities Exchange Act Section 12(g) stipulates that when the number of shareholders surpasses 2000 (with non-accredited investors exceeding 500), the issuer must compulsively fulfill disclosure obligations as a listed company.

These conditions are ongoing; issuers must (generally dependent on exemption clauses) ensure they continually meet wealth thresholds or holder number requirements, even when making secondary market transfers. To ensure this, issuers establish whitelists. For instance, BUIDL only has a whitelist open to accredited investors, maintaining qualification under Investment Company Act Section 3(c)(7); ACRED is only accessible to accredited investors, meeting Regulation 506(c) requirements.

3) Access obligations arising from anti-money laundering and anti-terrorism financing compliance

Under the Bank Secrecy Act (BSA) and related regulations, entities classified as "financial institutions" must establish Customer Identification Programs (CIP) and Anti-Money Laundering (AML) systems, where all customer transactions must complete KYC beforehand. The act extends the definition of brokers within American securities regulation, thus encompassing securities-related brokerage services under financial institutions’ regulations.

Issuers themselves often do not belong to statutory financial institutions, but scalable distributions largely rely on licensed brokers. For example, BlackRock BUIDL’s product is distributed by the broker entity Securitize Markets LLC under Securitize, creating significant bottlenecks for KYC and authorization processes, as once a broker enters the distribution chain, KYC becomes a mandatory requirement. Users must upload official identification, proof of residence, and live identity verification, all of which must pass to trade the product, making the whitelist system a hard requirement.

Other Secondary Factors That Give Rise to Access Rules

The above does not exhaust all access conditions. For example, equity issuers, for purposes such as corporate governance and profit distribution, may also require holders to complete KYC voluntarily, but this article will not elaborate: issuers can avoid such constraints through optimizing security structures and entity registration.

Sanction compliance is an additional sub-scenario worth mentioning. Whitelists can screen OFAC specially designated lists during the account opening phase to support sanction compliance; however, the laws concerning sanctions are strict liability rules, and the provisions themselves do not mandate all users to complete KYC beforehand, only prohibiting transactions with sanctioned entities. The stablecoin sector has achieved alternative solutions: through TRM, Chainalysis, and other service providers for full-chain transaction screening + asset freeze permissions at the contract level, which do not require a whitelist for all, and the GENIUS Act further solidified this model into legislation: KYC is only done during the interaction between users and issuers, allowing transfers without access, relying on contract freezing to control illegal transactions. This framework could also be replicated in the on-chain securities space.

Jurisdictional Basis for Geographical Fencing: Morrison v. National Australia Bank Case and Subsequent Precedents

Geographical fencing is an established compliance method: entities erect virtual digital boundaries to block specific jurisdiction users from accessing products, legally distancing themselves from local regulatory jurisdiction, essentially replicating physical geopolitical sovereignty boundaries in the digital world. Combined with the mandatory access logic of U.S. securities regulations described earlier, compliant on-chain geographical fencing allows issuers to step outside the applicability of U.S. securities law, issuing securities in compliance without setting up whitelists.

The judicial basis for U.S. cross-border regulatory applicability comes from the Morrison case decided by the Supreme Court. In that case, the Supreme Court ruled that unless explicitly stated by Congress, federal regulations do not have extraterritorial effect. If a regulation does not expressly stipulate extraterritorial effect, the court views it as only applicable to "domestic activities." According to the court, this requires defining the regulated activities and assessing their place of occurrence; if the location is domestic, the law applies; if it is foreign, it does not.

The majority of U.S. securities statutes do not specify extraterritorial applicability details, leading us to a thorny problem: what constitutes "domestic" activity under U.S. securities law? Analyzing this question first requires addressing: what activities is the law attempting to regulate—this necessitates a factual analysis, exceeding the scope of this article. However, for the sake of discussion, we can state that U.S. securities law generally regulates the buying and selling of securities that have a connection with the U.S.

This raises the question: where do the buying and selling of securities take place? On this point, there are many precedents, and court decisions are not always uniform. But most importantly, it is the place where both parties to the transaction are irrevocably bound by the transaction.

To illustrate this, we can examine the judgment made by the Second Circuit Court in the "Absolute Activist" case. Even if the issuer is a domestically registered entity, the asset is registered with the SEC, and the broker's registered location is in California, it cannot be directly determined that the transaction is governed by U.S. securities law. The court made clear: the location of asset registration, the nationality of the entity, and the broker’s location are not bases for assessment; the plaintiff must prove that key actions such as order initiation, contract signing, ownership transfer, and funds transfer took place within the U.S. to establish that the transaction is governed by U.S. law.

When assessing the establishment of contracts, issuing purchase orders, ownership transfers, or fund exchanges, the most important factor for us is the location of the buyer at the time of the transaction. This is because other factors are usually more controlled by the issuer. For instance, issuers may take measures to avoid having their trading counterparty located within the U.S. The purpose of geographical fencing is to attempt to exert some control over the harder-to-control party (the buyer). Therefore, we will focus our analysis here.

Clarifying the Distinction Between Reg S Rules and the Morrison Case

Before proceeding, we should clarify the relationship between Reg S and Morrison.

Reg S is a rule typically used by issuers to sell securities to buyers outside the U.S. It considers offers or sales made abroad as not subject to the registration requirements specified in Section 5 of the Securities Act, allowing issuers to avoid registering with the U.S. Securities and Exchange Commission (SEC). Reg S has very specific requirements.

You might wonder what role Reg S plays in our analysis. The answer is that if, based on the Morrison decision, U.S. securities law does not apply, then Reg S also loses its significance—Reg S is an exemption clause within U.S. securities law, while the Morrison ruling aims to fully extricate us from the constraints of U.S. securities law. Therefore, this article will not conduct an in-depth analysis of Reg S.

Path for Implementing On-Chain Geographical Fencing: A Novel Solution for Legitimate Issuers

Bringing all this together:

• If we have a way to ensure that securities buyers are not within the U.S. during transactions, we can strongly argue that the transaction is not within the territorial jurisdiction of U.S. securities law.
• If U.S. securities law does not apply, issuers will have sufficient legal grounds to abandon the flawed KYC/whitelist model. This would provide a compliant path for mature issuers to issue securities while maintaining good user experience.

Geographical fencing technology has become prevalent in the cryptocurrency space; why can't issuers directly imitate the approaches of mainstream projects? The issue is that existing methods fail to simultaneously meet both aspects: ensuring accurate location information during transactions while guaranteeing transaction accuracy. We can review three commonly used methods to explain the reasons.

The first and most commonly used method involves enforcing geographical fencing solely based on IP addresses at the front end. This method fails to guarantee security on both fronts.

First, users can bypass the front end and interact directly with smart contracts, or engage through another front end that does not implement geographical fencing.

Second, IP addresses are unreliable. Users can spoof their IP address through VPNs.

The second method involves establishing geographical fencing solely at the point of initial issuance, typically using Reg S (both Ondo and xStocks employ this model). This method does not meet the requirement for "transaction time" because it only applies to the initial transaction. The result is a backflow issue: the initial issuance complies with regulations, but the securities may flow to U.S. individuals in subsequent secondary market trades, thus triggering U.S. securities law.

The third method depends on the KYC/whitelist model to obtain the residential status of both transaction parties and implement geographical fencing. This method fails to satisfy the "transaction time" requirement because it misinterprets the question posed in the Morrison case, which inquired not about the residential status of both parties but about the location where the transaction occurs.

The industry lacks a cryptographic proof infrastructure to chain location validation during transactions; Octet is currently developing this foundational tool: the project offers a universal SDK that any protocol can access, using mobile devices to generate real-time cryptographic proof of user location, producing verifiable territorial results that can be chained.

Issuers strategically define prohibited regions; before users initiate on-chain securities transfers, they must submit real-time location credentials via Octet. Smart contracts check the validity of these credentials prior to the transfer, blocking transactions from users in prohibited areas at the contract level, completely eliminating the issue of secondary market asset backflow to the U.S.

Some may question that on-chain geographical fencing inherently still constitutes access control. Objectively, it can indeed be seen as boundary control, but compared to traditional whitelists, it has a disruptive experiential advantage: it dispenses with cumbersome KYC processes across platforms at the account opening stage, allowing one-click integration of the SDK into wallets/apps for silent location verification, thus shifting the access cost from user upfront burdens to automated processing at the backend infrastructure.

Leveraging on-chain geographical fencing + Morrison’s judicial logic, leading firms can free themselves from whitelist constraints, compliantly issue native on-chain securities, particularly suitable for issuing high-yield alternative securities to global non-U.S. retail users. For example, Apollo can issue tokenized credit funds modeled on USDAI, raising funds for AI startup GPU hardware financing while paying high returns to global retail investors; non-U.S. users directly participate in products using their own wallets, with the fencing verification process operating silently at the backend without user awareness. Such high-quality offerings previously lacked compliant distribution channels targeting global retail investors, presenting a clear growth market.

In reality, this structure could look like the following:

• Entity structure: Utilize a Cayman exempt company to issue debt-type securities, as local Cayman regulations only require KYC during the initial issuance and redemption phases, with no compulsory identity verification for secondary market transfers, thus avoiding territorial compliance access obligations outside U.S. securities law.
• Token contract layer: Embed transfer pre-verification hooks allowing any transaction initiator to upload valid Octet territorial credentials; transfer can only proceed if the contract verifies these credentials are valid; primary fundraising occurs entirely offshore, where subscribers complete token minting based on their foreign territorial credentials.
• Adaptation to DeFi secondary markets: Establish official liquidity pools relying on DEXs like Uniswap V4, embedding geographical verification rules within the liquidity pool, automatically reading users’ location credentials to control exchange permissions. This design cannot completely eliminate OTC unregulated derivatives, but the core goal targets official issuance and market-making links, preventing distributor channels dominated by issuers from indirectly flowing into the U.S. market.
• Risk management fallback: Overlay full-cycle on-chain address sanction screening, with token contracts reserving asset freeze permissions (a standard risk control design similar to Circle’s issuance of USDC).

Ultimately, these securities exist entirely on-chain, allowing investors outside the U.S. access via any wallet without needing a broker/transfer agent style registration process, and mature issuers can confidently offer it as a legitimate compliant product.

Conclusion

Over the years, tokenized securities compliance has been trapped at both ends: the whitelist model sacrifices user experience, while the unlicensed model poses high risk management, preventing large institutions from participating. On-chain geographical fencing opens a third implementation route. By overcoming the technical difficulty of “instant verifiable location proof during transactions” and building solid legal logic based on the Morrison case, leading issuers can compliantly sell high-yield on-chain securities to global retail investors, completely shaking off the transactional frictions brought by traditional KYC and whitelists.