Blockchain's defining properties: permissionless, borderless transfer, and pseudonymous settlement, are also its most significant compliance liability. As institutions race to migrate trillions of dollars in financial assets on-chain,^[1] a foundational tension comes to focus – Anti-Money Laundering ("AML") and Know-Your-Customer ("KYC") compliance is identity-based, centralized, and mandated by law. Does tokenization require stripping blockchain of its native properties to satisfy regulators?

For years, this tension looked like a binary choice: strip blockchain of its native properties to satisfy regulators, or preserve them at the cost of compliance. Such framing, however, is becoming obsolete. The infrastructure to bridge the gap, including permissioned token standards, blockchain-native transfer agents, on-chain identity attestations, is being built and deployed today. The question is no longer whether compliant tokenization is possible, but rather which architectural choices will define how it scales.

What is a Tokenized Security?

A tokenized security is a digital representation of a traditional financial instrument, like equity, debt, real estate or fund interests, that are recorded on a distributed ledger. Tokenization is the process of converting ownership rights into a programmable token that can be issued, transferred, and settled on-chain with reduced friction. The appeal of tokenization is intuitive because traditional securities settlement involves layers of intermediaries, each adding latency, cost, and counterparty risk. Tokenization, on the other hand, promises near-instant settlement, fractional ownership, and 24/7 global transferability. For private market assets specifically, where secondary liquidity is scarce and the administrative overhead high, the efficiency gains are potentially transformative.

Legal considerations around tokenized securities have primarily centered on the offering stage. Token classification, registration exemptions, and disclosure requirements are important questions that must be addressed. However, they treat tokenization as a one-time event rather than a perpetual legal relationship. More difficult questions arise after issuance, once tokens exist and are transferable on secondary markets.

Continuous Compliance Obligations

Under the Bank Secrecy Act ("BSA"), ^[2] and FinCEN's implementing regulations, financial institutions must maintain AML programs that include customer identification and verification, ongoing transaction monitoring, and Suspicious Activity Report ("SAR") filing obligations. ^[3] These obligations do not expire after the initial holder receives the instrument. They attach to the instrument and to every party involved in its lifecycle, which includes issuers, broker-dealers, transfer agents, and secondary trading venues on a transaction-by-transaction basis. This is precisely where tokenized securities have historically been dismissed as a compliance non-starter. But that dismissal confuses the absence of infrastructure with the impossibility of it. The developments discussed below prove that the distinction matters.

ERC-3643: Embedded Compliance

ERC-3643 is an open-source Ethereum token standard designed specifically for permissioned tokens, also referred to as the "T-REX Protocol" or Token for Regulated Exchanges, covering real-world assets, securities, and regulated instruments.^[4] Unlike ERC-20 tokens, which are Ethereum tokens that execute transfers without permission to any Ethereum address, ERC-3643 tokens evaluate compliance conditions at the point of transfer. If specific conditions are not met, the transfer cannot be completed. Its decentralized identity framework, ONCHAINID,^[5] assigns each participant an on-chain identity contract storing cryptographic claims, attestations from trusted third parties confirming KYC clearance, accredited investor status, or Office of Foreign Assets Control ("OFAC") screening. The underlying identity data never touches the blockchain, only the result of the compliance check is recorded on-chain, preserving a level of privacy while making investor eligibility verifiable at the protocol level.

ERC-3643 enforces the compliance conditions but it cannot guarantee them autonomously without human instruction. It is only as strong as the identity and claims infrastructure behind it. If a KYC provider issues claims without adequate due diligence, a fraudulent credential may satisfy the on-chain compliance check. The smart contract has no mechanism to distinguish a valid claim from a corrupted one. The standard also has no capacity to detect behavioral red flags, such as structuring, layering, or noticing unusual transaction patterns that trigger SAR obligations under the BSA, nor can it self-update sanctions lists or investor eligibility lapses. These gaps are not fatal to the architecture, in fact, they are precisely what the institutional layer is designed to address and fill.

SEC’s DTC No-Action Letter

In December 2025, the United States Securities and Exchange Commission ("SEC") issued a no-action letter to the Depository Trust Company ("DTC"), the central securities depository underpinning virtually all securities settlement in the United States, addressing DTC's proposed accommodation for tokenized securities.^[6] The letter did not create new laws or grant new registration exemptions, but it established something more practically significant, a framework under which existing market infrastructure could participate in tokenized securities workflows without abandoning traditional compliance obligations.^[7] The relief contemplated a structure in which DTC would serve as the registered holder of tokenized securities while an underlying blockchain layer handled beneficial ownership records and transfer mechanics, treating blockchain technology as a sub-ledger beneath DTC's registered record, not a replacement for it. The SEC has ultimately drawn a path forward for tokenized securities that runs through existing institutional infrastructure rather than around it. Tokenized securities can move on-chain, but they do so within a structure that still has a regulated institution at the top of the ownership chain.

Transfer Agents: the Off-Chain Accountability Layer

A transfer agent is a registered entity responsible for maintaining the official record of a company's securities ownership, tracking holders, processing transfers, and managing corporate actions. Under SEC rules and growing FinCEN scrutiny, transfer agents bear significant compliance obligations, such as recordkeeping, reporting, and AML-related duties that smart contracts are structurally incapable of fulfilling alone.

In a tokenized securities ecosystem, the transfer agent occupies the most legally consequential position in the stack. It is the entity that bridges the on-chain record where tokens live and transfer, and the official legal record of ownership that courts and regulators recognize. Transfer agents purpose-built for tokenized securities conduct investor AML and KYC screening at onboarding, maintain ongoing sanctions monitoring, manage the claims lifecycle that feeds into on-chain identity frameworks like ONCHAINID, and fulfill SAR filing obligations that no smart contract can satisfy.

A transfer agent does what the ERC-3643 standard cannot. It can file a SAR, respond to regulatory examination, and bear liability for compliance failures. ERC-3643 enforces the compliance conditions set on-chain, while the transfer agent owns legal accountability off-chain. Neither is sufficient alone, but together, this hybrid architecture closes the compliance gap that has historically made tokenized securities a regulatory non-starter.

Conclusion

The argument that blockchain cannot reconcile with AML and KYC compliance confuses the absence of infrastructure with the impossibility of it. Compliance does not demand that any single technology or institution carry the full burden, it demands that the full set of obligations be covered somewhere in the system. That architecture now exists – tokens with transfer controls baked into the protocol, regulatory confirmation that today's market infrastructure can handle tokenized securities, and a licensed entity accountable for everything code cannot do on its own.

While the path to decentralization is still unclear, the efficiency benefits from the tokenization of assets are clear. The compliance infrastructure for tokenized securities is no longer theoretical. The question now is how quickly the markets build around it.

‍

--

[1] ZachPandl & Will Ogden Moore, Investing in the Tokenization Megatrend,Grayscale Research. (Apr. 29, 2026), https://research.grayscale.com/reports/investing-in-the-tokenization-megatrend.

[2] 31U.S.C. §§ 5311–5336

[3] 31C.F.R. Chapter X (FinCEN's regulations implementing the BSA, including generalprovisions applicable to all financial institutions)

[4] ERC-3643 Permissioned Tokens,ERC3643 Association, https://docs.erc3643.org/erc-3643(last visited May 4, 2026).

[5] https://docs.erc3643.org/erc-3643/overview-of-the-protocol/built-in-compliance-framework/onchain-identities-management

[6] No-ActionLetter from Div. of Trading & Mkts., SEC, to The Depository Tr. Co. (Dec.11, 2025), https://www.sec.gov/files/tm/no-action/dtc-nal-121125.pdf.

[7] CommissionerHester M. Peirce, Tokenization Trending: Statement on the Division ofTrading and Markets' No-Action Letter Related to DTC's Development ofSecurities Tokenization Services, U.S. Sec. & Exch. Comm'n (Dec. 11,2025), https://www.sec.gov/newsroom/speeches-statements/peirce-121125-tokenization-trending-statement-division-trading-markets-no-action-letter-related-dtcs-development.

‍

--

DISCLAIMER: All views expressed are Hivemind’s own views. The information provided herein has been produced and issued by Hivemind Capital Partners UK LLP and/or Hivemind Capital Partners LLC (“Hivemind”) and is being provided for informational purposes only. This document is not to be distributed or reproduced in any way. This document does not constitute or contain an offer to purchase or sell securities. This document is confidential and intended for the person to whom this was delivered. If you have not received this document from Hivemind you are hereby notified that you have received it from a non-authorized source and you are prohibited from reading, using, retaining, disseminating or copying this material without the prior express written consent of Hivemind. Neither Hivemind nor any of its affiliates or representatives makes any representation or warranty, express or implied, as to the accuracy or completeness of the information contained herein or any other written or oral communication transmitted or made to the recipient. The information contained in this document is current as of the date indicated, and Hivemind undertakes no obligation to update, modify or amend this document or to otherwise notify a reader in the event that any matter stated herein changes or subsequently becomes inaccurate.This document has not been compiled, reviewed, or audited by an independent accountant. Past performance should not be construed as an indicator of future results, and there can be no assurance that historical trends will continue. This document does not include information regarding each investment or investment strategy pursued by the Funds. References to investments included herein should not be construed as a recommendation of any particular investment.Certain information contained herein may constitute “forward-looking statements,” which can be identified by the use of forward-looking terminology such as “may,” “will,” “should,” “expect,” “anticipate,” “project,” “estimate,” “intend,” “continue,” or “believe,” or the negatives thereof, other variations thereon or comparable terminology. All such forward-looking statements are solely statements of opinion, and there is no assurance that they will be predictive of actual events.

‍