At 10XTS, we have a vested interest in closely tracking the impact of any policy as it relates to regulated capital markets and the adoption of distributed ledger networks for compliance data.

The recent Federal Reserve Board rejection of Custodia Bank’s application for membership certainly highlights many issues presently being analyzed and debated across legal, banking, and crypto-asset industry circles.

However, one key point is presently missing from the discussion – the direct implications of the U.S. government’s approach to crypto, and regulatory enforcement as it pertains to tokenized real world securities and assets – particularly under U.S. capital markets and securities regulations.

The Custodia Bank discussions have largely focused on other related topics like the correlation of FDIC policy on non-lending banks, and of course, private sector bank-issued stablecoins. But, the Federal Reserve Bank’s response provides a window into the U.S. Government’s ultimate fool-proof, indefensible method of exerting regulatory control over public blockchains.

Buried on page 33, the 86-page report cites concerns that financial institutions may unknowingly engage in illicit financial activities when dealing with crypto-assets, particularly those involving anonymous validators on blockchains like Ethereum.

The Federal Reserve Bank Order document states:

The pseudonymity of crypto-asset transactions may also lead to financial institutions unknowingly but directly engaging in what may result in illicit financial activity. Crypto-asset transactions on some blockchains, including Ethereum, rely on distributed networks of anonymous persons for validation. Validators perform this service in exchange for earning crypto-assets, which may take the form of an award for validations (for bitcoin “miners”) or a tip from transactors as payment for the validation (“transaction processing fees”). These transaction processing fees on some blockchains, including Ethereum, go to unknown validators, which may include illicit actors or sanctioned entities. To the extent a financial institution pays such transaction processing fees, it is risking making payments that support illicit finance or terrorist activity or to a prohibited jurisdiction or entity.

Crypto-asset transactions on blockchains such as Ethereum rely on distributed networks of anonymous persons for validation. These validators receive chain-native cryptocurrency as rewards for their services, which may take the form of awards (e.g., for Bitcoin miners) or transaction processing fees (tips from transactors). Since these fees go to unknown validators, there is a possibility that they may include illicit actors or sanctioned entities. This can only be retroactively identified and reconciled after the transaction has actually completed by examining the respective block information in a block explorer to identify mempool data and related gas fees sent to the specific validator wallet.

By paying transaction processing fees to anonymous validators, financial institutions risk making payments that support illicit finance, terrorist activity, or prohibited jurisdictions or entities. This directly contradicts the OFAC, KYC, and AML regulations, which aim to prevent financial institutions from engaging in such activities.

Game, set, match. It’s over.

The Bank Secrecy Act (BSA)

The Bank Secrecy Act (BSA) is a critical piece of legislation designed to combat money laundering and other illicit financial activities in the United States. Financial institutions, such as banks, credit unions, and broker-dealers, are required to comply with the BSA to ensure the integrity of the financial system. Failure to adhere to BSA requirements can result in severe consequences for institutions.

Financial institutions that fail to comply with BSA requirements may face significant monetary penalties. Fines can range from thousands to millions of dollars, depending on the severity and duration of the violations. In some cases, fines may be levied per violation, which can quickly add up to a substantial financial burden for institutions.

In addition to fines, non-compliant institutions may be subject to enforcement actions by regulatory bodies, such as the Financial Crimes Enforcement Network (FinCEN) and the Office of the Comptroller of the Currency (OCC). Enforcement actions can include cease and desist orders, consent orders, and formal agreements, which may require the institution to take corrective measures or face further penalties.

Violations of the BSA can have a lasting impact on an institution’s reputation. Once an institution becomes associated with non-compliance or illicit financial activities, it may struggle to attract new customers and maintain existing relationships. Rebuilding a damaged reputation can be a time-consuming and costly process.

An institution that has been found in violation of the BSA may be subject to increased scrutiny from regulators. This can result in additional compliance requirements, more frequent examinations, and higher compliance costs.

Severe or repeated violations of the BSA can lead to the revocation of an institution’s licenses or charter, effectively forcing it to cease operations. This can have a devastating effect on the institution’s stakeholders and employees.

In extreme cases, BSA violations may lead to criminal charges against the institution, its employees, or its executives. Criminal penalties can include imprisonment, forfeiture of assets, and additional fines. This can not only damage the institution’s reputation but also have a lasting impact on the individuals involved.

Tokenized Securities and the 3-Step Process

In September of 2020, SEC issued a no action letter requested by FINRA to clarify the issues pertaining to broker-dealers and ATSs who wish to facilitate trading and settlement of digital asset securities tokens.

Following the issuance of the Joint Staff Statement, several broker-dealers sought to operate an ATS that trades digital asset securities. They asserted that the existing four-step process increases operational and settlement risks.

These broker-dealers proposed the following process (the “Three-Step Process”):

the buyer and seller send their respective orders to the ATS, notify their respective custodians of their respective orders submitted to the ATS, and instruct their respective custodians to settle transactions in accordance with the terms of their orders when the ATS notifies the custodians of a match on the ATS;

1.      the ATS matches the orders; and

2.      the ATS notifies the buyer and seller and their respective custodians of the matched trade and the custodians carry out the conditional instructions.

3.      The custodians would then settle the trade on behalf of the buyer and seller based on the instructions received in Step 1.

As with the existing four-step process, the broker-dealer operator does not guarantee or otherwise have responsibility for settling the trades and does not at any time exercise any level of control over the securities being sold or the cash being used to make the purchase (e.g., the ATS does not place a temporary hold on the seller’s wallet or on the buyer’s cash to ensure the transaction is completed) other than by notifying the custodians for the buyer and seller, and the buyer and seller, of the match.

Broker-dealers seeking to operate an ATS asserted that the primary benefit of the three-step settlement process is that it would reduce operational and settlement risk.

What is clear is that in order to effectuate trading of tokenized shares in the U.S., there is no “self-custody” of share tokens, nor is there any ability to conduct a direct settlement between buyer and seller. They must transact through a qualified custodian.

An investor cannot create a trading account with a broker-dealer, and then attach their blockchain token wallet to directly conduct trading and settlement through the broker’s order matching efforts. It requires a 3rd party institutional custodian to meet the 15c3-3 Customer Protection rule via a fully remoted FBO account at a qualified custodian. The execution broker must direct the activity through the qualified custodian.

What this means for Securities Tokens

Without getting into the wider implications of using BSA to pursue what some are calling the current regulatory policy approach to cryptocurrency “Operation Chokepoint 2.0,” the narrower focus of 10XTS is the impact on the use of distributed ledger technology for tokenized securities and real-world assets.

While a specific token on a public layer one blockchain network like Ethereum, Avalanche, or Poly may indeed represent a regulatory-compliant security instrument, the overture of BSA regulatory scrutiny precludes any institution from providing custodial operations in support of the trading and transfer of these securities. Doing so requires the institution to pay the network transaction fees in the native network cryptocurrency to unknown validators. This, of course, opens the institution to the prosecutorial risk of BSA violations.

The Three-Step Process requires qualified custodial institution support for the trading and settlement, and this effectively eliminates the prospects of trading and transferring a security token that has been enumerated on a layer one public blockchain.

It also effectively shutters the present construct of operations for existing marketplaces and custodial institutions engaged in securities token trading activities. This likely affects every Money Transmitter License holder operating in the crypto space. Any U.S. licensed, supervised institution operating to any degree with public blockchain protocols has a direct regulatory risk.

Additional risks to entities and institutions presently issuing and transacting in securities enumerated on a layer one public blockchain include E&O and/or D&O liability for management that has pursued the promotion of a layer one token based on Ethereum, Avalanche, Polygon, or any other public network.

Service providers creating layer one tokens for issuers of securities are also at risk for advising and providing technology solutions running afoul of the present regulatory landscape.

Issuers of securities tokens launching on a layer one public blockchain could be subject to enforcement and liability claims by shareholders that are forced to use a layer one token to represent their ownership interest in the underlying asset.

Potential Solutions

At present, specifically for the United States and US capital markets under existing federal securities regulation, there are only three potential solutions:

1.      Change the law to exclude transaction fees on a public blockchain network from BSA compliance requirements. This is highly unlikely.

2.      KYC all public blockchain block producers & validators: This is also highly unlikely because block producers on public chains like Ethereum, Avalanche, or Poly already operate with an unrestricted level of anonymity on a global basis. Unless the existing chain validator operators collectively agree to modifying the protocol to require the identity verification necessary to meet the BSA requirements, use of these public networks for tokenized securities will not meet institutional acceptance due to the inherent risks of violating the BSA.

3.      Use private, permissioned networks: Institutions who wish to leverage the benefits of blockchain, distributed ledger technology and tokenization can enter into agreements to participate in private networks that facilitate the trading and settlement by executing custodial operations of securities enumerated as tokens via the private network. This requires not only a technology layer, but also a layer of commercial and reliance agreements between the participating institutions.

XDEX, the Extended Index

10XTS continues to build the XDEX governance, risk, and compliance records metadata network as a private ecosystem to ensure institutional compliance and interoperability of information. 10XTS only permits qualified institutional participation in the network, including identification of any operators of block producing nodes.

This ensures the effective use of the technology to realize all the desired benefits, while also maintaining compliance with the various SEC, OCC, CFTC and OFAC regulations.

XDEX provides for book entry control location for issuers and Transfer Agents, as well as the remote custody of tokenized securities under the direct control of any qualified custodian utilizing the XDEX network for custodial operations to meet the current interpretation of agency rules under the law.

Trading, transfer, and settlement of tokenized securities transactions can be processed across XDEX as a settlement network between the related institutions to achieve the benefits promised by the technology, while avoiding the prosecutorial risks under the law.

Additionally, as a cross-chain, multi-chain oracle solution, XDEX provides the benefits of the technology while future proofing against subsequent changes in the law or even advancement of future technology.

XDEX enables the necessary master audit structure to ensure the continuity of the ownership and transactional history of assets further enumerated as layer one token assets without exposing issuers, investors, and institutions to the technical, regulatory, and operational risks of sole reliance upon any layer one blockchain network.


It is very clear – the current regulatory position of the U.S. government will continue to chill the adoption of public layer one networks at the institutional level. Already a significant challenge well-known to those actually operating in the space, it will become harder to find truly compliant qualified custodians that provide the essential “last mile” of qualified custody services for layer one-based tokenized securities and real world assets on a public blockchain network.

Institutions ignoring the signals from the regulators will be subject to the continued enforcement action. With the present apparent risks, it will be even harder to find board-level and executive support for public blockchain-based initiatives in private financial institutions.

Issuers and institutions seeking the benefits provided by the technology, while maintaining a holistically risk-based compliance approach, can leverage XDEX as a starting point for future development as the market evolves.