๐ข SECTION 6: ISSUERS PORTAL COMPLIANCE GATEWAY
6.1 ๐ฏ Institutional Purpose & Problem Statement
Prior to OTCM Protocol development, companies seeking to issue tokenized securities confronted a prohibitive compliance burden that effectively excluded smaller and mid-tier issuers from the digital securities market. The complexity, cost, and specialized expertise required created an insurmountable barrier for companies lacking substantial legal and compliance infrastructure.
6.1.1 โ ๏ธ The Traditional Compliance Burden
Companies attempting independent securities tokenization must establish and maintain comprehensive regulatory infrastructure across six critical domains:
Domain | Requirements |
|---|---|
๐ชช KYC/AML Infrastructure | Build or license identity verification platforms with document authentication, biometric matching, and sanctions screening capabilities |
โ๏ธ Securities Counsel | Retain specialized securities law firms with digital asset expertise for offering documentation, regulatory filings, and ongoing compliance advice |
๐ Transfer Agent Services | Engage SEC-registered transfer agents for shareholder registry maintenance, custody verification, and regulatory reporting |
๐ Custody Arrangements | Establish relationships with qualified custodians for physical certificate storage and digital asset custody |
๐ Regulatory Reporting | Hire compliance staff for SEC filings, Form D submissions, and ongoing disclosure requirements |
๐ต๏ธ Transaction Monitoring | License blockchain analytics platforms for AML screening, suspicious activity detection, and regulatory reporting |
6.1.2 ๐ฐ Cost Analysis: Independent vs. OTCM Portal
The following analysis compares the annual cost of establishing independent compliance infrastructure versus utilizing the OTCM Issuers Portal:
Compliance Function | ๐ Independent (Low) | ๐ Independent (High) | โ OTCM Portal |
|---|---|---|---|
๐ชช KYC/AML Platform | $150,000 | $500,000 | Included |
โ๏ธ Securities Counsel | $200,000 | $750,000 | Included |
๐ Transfer Agent | $50,000 | $150,000 | Included |
๐ Custody Services | $75,000 | $200,000 | Included |
๐ Regulatory Reporting | $100,000 | $300,000 | Included |
๐ต๏ธ Transaction Monitoring | $75,000 | $200,000 | Included |
๐ต TOTAL ANNUAL COST | $650,000 | $2,100,000 | $1K-$25K * |
* One-time SMT minting fee; ongoing compliance included in 5% transaction fee structure
๐ก Cost Reduction Impact: For a company raising $5M through tokenized securities, traditional compliance costs ($650K-$2.1M) could consume 13-42% of capital raised. OTCM Portal reduces this to 0.02-0.5%, making tokenization economically viable for mid-market issuers.
6.1.3 ๐๏ธ OTCM Solution Architecture
OTCM Protocol eliminates issuer regulatory burden through a purpose-built Issuers Portal that consolidates all compliance, identity verification, transaction monitoring, and regulatory reporting functions under a single, standardized, institutional-grade framework:
"Issuers utilize our portal rather than developing independent compliance infrastructure, achieving full regulatory compliance without requiring specialized securities law expertise or expensive external counsel."
6.1.4 ๐ Portal Component Overview
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ข OTCM ISSUERS PORTAL ARCHITECTURE โ
โ (Unified Compliance Gateway) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ ISSUER ADMINISTRATION DASHBOARD โ
โ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ ๐ข Company โ โ ๐ Token โ โ ๐ฅ Investor โ โ โ๏ธ Complianceโ โ
โ โ Profile โ โ Analytics โ โ Registry โ โ Dashboard โ โ
โ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ โ
โผ โผ โผ
โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ ๐ชช KYC โ โ ๐๏ธ ACCREDITATION โ โ ๐ต๏ธ AML/SCREENINGโ
โ MODULE โ โ MODULE โ โ MODULE โ
โ โ โ โ โ โ
โ โข ID Verificationโ โ โข 506(c) Verify โ โ โข Risk Scoring โ
โ โข Biometrics โ โ โข Self-Cert โ โ โข OFAC Check โ
โ โข Doc Auth โ โ โข Third-Party โ โ โข SAR Filing โ
โ โข Address Proof โ โ โข Reg A+ Limits โ โ โข Tx Monitoring โ
โ โข Source of Fundsโ โ โข Expiration Mgmtโ โ โข Account Freeze โ
โโโโโโโโโโฌโโโโโโโโโโ โโโโโโโโโโฌโโโโโโโโโโ โโโโโโโโโโฌโโโโโโโโโโ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ THIRD-PARTY INTEGRATION LAYER โ
โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โ
โ โ ๐ โ โ ๐ โ โ ๐ก๏ธ โ โ ๐ฌ โ โ ๐ต๏ธ โ โ
โ โ Jumio โ โ Onfido โ โ Socure โ โChainalysisโ โ TRM Labs โ โ
โ โ (ID) โ โ (Docs) โ โ (Fraud) โ โ (AML) โ โ (Forensics) โ โ
โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ๏ธ ON-CHAIN COMPLIANCE RECORD LAYER โ
โ (Immutable Audit Trail on Solana Blockchain) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ โ
โผ โผ โผ
โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ
โ ๐๏ธ Empire โ โ ๐ SEC โ โ ๐ต FinCEN โ
โ Stock โ โ EDGAR โ โ BSA โ
โ Transfer โ โ Filings โ โ E-Filing โ
โ (Custody) โ โ (Form D, etc) โ โ (SAR, CTR) โ
โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ6.1.5 ๐ Issuer Onboarding Workflow
The Portal implements a structured onboarding workflow for new issuers:
Step | Phase | Actions | Timeline |
|---|---|---|---|
1๏ธโฃ | ๐ Application | Submit company info, share structure, tokenization goals | Day 1 |
2๏ธโฃ | ๐ Due Diligence | Corporate verification, officer KYC, AML screening | Days 2-5 |
3๏ธโฃ | โ๏ธ Legal Setup | Series M preferred authorization, OTCM agreements | Days 5-10 |
4๏ธโฃ | ๐๏ธ Transfer Agent | Empire Stock Transfer custody setup, share issuance | Days 10-15 |
5๏ธโฃ | ๐ซ Token Minting | ST22 creation with Transfer Hooks, liquidity setup | Day 15-17 |
6๏ธโฃ | ๐ข LIVE | Bonding curve active, trading enabled | Day 17+ |
6.2 ๐ชช Integrated KYC Framework
The OTCM Portal implements comprehensive identity verification pursuant to federal regulatory requirements, ensuring all investors are properly identified before participating in securities offerings.
6.2.1 ๐ Regulatory Foundation
๐ 31 CFR ยง 1010 โ Bank Secrecy Act KYC Requirements
Financial institutions must establish Customer Identification Programs (CIP) that verify customer identity through documentary or non-documentary methods, including collection of name, date of birth, address, and identification number.
The Portal exceeds minimum BSA/AML requirements by implementing enhanced due diligence measures appropriate for securities offerings to accredited and qualified investors.
6.2.2 ๐๏ธ Four-Pillar Identity Verification
The Portal requires four primary identity verification components before investment eligibility is confirmed:
typescript
// Four-Pillar KYC Verification Interface (TypeScript)
interface KYCVerificationPillars {
/**
* Pillar 1: Legal Name Verification
* Matches user-provided name against government-issued ID
*/
legalName: {
firstName: string;
middleName?: string;
lastName: string;
suffix?: string;
verificationMethod: 'OCR_EXTRACTION' | 'MANUAL_REVIEW';
matchConfidence: number; // 0-100%
};
/**
* Pillar 2: Residential Address Verification
* Confirms current physical residence through official documents
*/
residentialAddress: {
street: string;
city: string;
state: string;
postalCode: string;
country: string;
verificationDocument: 'UTILITY_BILL' | 'BANK_STATEMENT' | 'GOVT_CORRESPONDENCE';
documentDate: Date; // Must be within 90 days
documentHash: string;
};
/**
* Pillar 3: Beneficial Ownership Confirmation
* Identifies ultimate beneficial owner of investment funds
*/
beneficialOwnership: {
ownershipType: 'INDIVIDUAL' | 'JOINT' | 'CORPORATE' | 'TRUST' | 'IRA';
ultimateBeneficiary: string;
ownershipPercentage: number; // For entities
controlPerson?: boolean; // For entities
supportingDocuments: string[]; // Document hashes
};
/**
* Pillar 4: Source of Funds Declaration
* Documents origin of investment capital
*/
sourceOfFunds: {
primarySource: 'EMPLOYMENT' | 'BUSINESS' | 'INVESTMENTS' | 'INHERITANCE' | 'OTHER';
description: string;
estimatedAmount: number;
supportingEvidence?: string; // Document hash if provided
riskLevel: 'LOW' | 'MEDIUM' | 'HIGH';
};
}Pillar | Requirement | Acceptable Documents |
|---|---|---|
1๏ธโฃ Legal Name | Full legal name as appears on government ID | Passport, Driver's License, National ID, Residence Permit |
2๏ธโฃ Address | Current physical residence verified within 90 days | Utility bill, Bank statement, Government letter, Tax document |
3๏ธโฃ Beneficial Owner | Ultimate beneficial owner of funds | Articles of incorporation, Trust certificate, IRA custodian letter |
4๏ธโฃ Source of Funds | Origin of investment capital documented | Pay stubs, Business financials, Investment statements, Inheritance docs |
6.2.3 ๐ Document Authentication Pipeline
The Portal employs a multi-layer document authentication pipeline to prevent identity fraud and ensure document authenticity:
typescript
// Document Authentication Pipeline Interface
interface DocumentAuthenticationResult {
// Document Classification
documentType: DocumentType;
issuingCountry: string;
documentNumber: string;
expirationDate: Date;
isExpired: boolean;
// Machine-Readable Zone (MRZ) Validation
mrzPresent: boolean;
mrzValid: boolean;
mrzChecksumPass: boolean;
mrzDataExtracted: {
surname: string;
givenNames: string;
nationality: string;
dateOfBirth: string;
documentNumber: string;
};
// Security Feature Detection
securityFeatures: {
hologramDetected: boolean;
uvFeaturesValid: boolean;
microTextPresent: boolean;
opticalVariableDevice: boolean;
laserPerforation: boolean;
};
// Tampering Detection
tamperingAnalysis: {
fontConsistency: number; // 0-100 score
edgeAnalysis: number; // 0-100 score
colorConsistency: number; // 0-100 score
compressionArtifacts: boolean; // JPEG artifact detection
digitalManipulation: boolean; // Photoshop detection
};
// OCR Data Extraction
extractedData: {
fullName: string;
dateOfBirth: Date;
address?: string;
documentNumber: string;
issuanceDate: Date;
expirationDate: Date;
};
// Final Determination
overallScore: number; // 0-100 composite score
status: 'APPROVED' | 'MANUAL_REVIEW' | 'REJECTED';
rejectionReasons?: string[];
}
enum DocumentType {
PASSPORT = 'PASSPORT',
DRIVERS_LICENSE = 'DRIVERS_LICENSE',
NATIONAL_ID = 'NATIONAL_ID',
RESIDENCE_PERMIT = 'RESIDENCE_PERMIT',
UTILITY_BILL = 'UTILITY_BILL',
BANK_STATEMENT = 'BANK_STATEMENT',
}6.2.4 ๐ค Biometric Verification System
Liveness verification prevents identity fraud through real-time biometric analysis:
Verification | Technology | Accuracy |
|---|---|---|
๐ค Facial Recognition | AI-powered comparison between selfie and ID document photo using 128-point facial geometry analysis | 99.6% |
๐๏ธ Liveness Detection | Active challenges (blink, turn head, smile) prevent photo/video replay attacks | 99.8% |
๐ 3D Depth Analysis | Infrared depth mapping detects flat images, printed photos, or screen displays | 99.9% |
๐ก๏ธ Anti-Spoofing | Detection of masks, deepfakes, synthetic media, and injection attacks | 99.5% |
6.2.5 ๐ Third-Party Provider Integration
OTCM Portal integrates with industry-leading identity verification providers to ensure comprehensive coverage and redundancy:
Provider | Primary Function | Coverage | SLA |
|---|---|---|---|
๐ Jumio | ID verification, liveness, facial match | 5,000+ ID types, 200+ countries | 95% auto-verification, <60s avg |
๐ Onfido | Document verification, AI analysis | 4,500+ document types, 195 countries | 98% accuracy, <30s processing |
๐ก๏ธ Socure | Graph analysis, fraud detection | US-focused, device intelligence | 98.7% accuracy, 0.1% false positive |
6.2.6 ๐ KYC Data Architecture
typescript
// Complete KYC Verification Flow Implementation
async function performKYCVerification(
investor: InvestorApplication
): Promise<KYCVerificationResult> {
// Step 1: Document Verification via Jumio
const docResult = await jumio.verifyDocument({
frontImage: investor.idFrontImage,
backImage: investor.idBackImage,
documentType: investor.documentType,
issuingCountry: investor.country,
});
if (!docResult.isAuthentic || docResult.overallScore < 80) {
return {
status: 'REJECTED',
reason: 'DOCUMENT_VERIFICATION_FAILED',
details: docResult.rejectionReasons,
};
}
// Step 2: Liveness Check with Active Challenges
const livenessResult = await jumio.performLivenessCheck({
selfieVideo: investor.selfieVideo,
challengeType: 'ACTIVE', // Blink, turn, smile
minimumFrames: 30,
});
if (!livenessResult.isLive || livenessResult.spoofScore > 20) {
return {
status: 'REJECTED',
reason: 'LIVENESS_CHECK_FAILED',
details: ['Potential spoofing detected'],
};
}
// Step 3: Facial Match (ID Photo vs Selfie)
const matchResult = await jumio.compareFaces(
docResult.extractedPhoto,
livenessResult.capturedFace,
{ minimumConfidence: 85 }
);
if (matchResult.confidence < 85) {
// Queue for manual review if match is uncertain
return {
status: 'MANUAL_REVIEW',
reason: 'FACIAL_MATCH_UNCERTAIN',
matchScore: matchResult.confidence,
};
}
// Step 4: Address Verification
const addressResult = await verifyAddressDocument({
document: investor.addressProofDocument,
claimedAddress: investor.residentialAddress,
maxDocumentAge: 90, // Days
});
if (!addressResult.verified) {
return {
status: 'REJECTED',
reason: 'ADDRESS_VERIFICATION_FAILED',
details: [addressResult.failureReason],
};
}
// Step 5: PEP/Sanctions Screening via Socure
const screeningResult = await socure.screenIndividual({
name: docResult.extractedData.fullName,
dateOfBirth: docResult.extractedData.dateOfBirth,
nationality: docResult.mrzDataExtracted.nationality,
address: investor.residentialAddress,
});
if (screeningResult.pepMatch || screeningResult.sanctionsMatch) {
return {
status: 'REJECTED',
reason: screeningResult.sanctionsMatch ? 'SANCTIONS_MATCH' : 'PEP_MATCH',
details: screeningResult.matchDetails,
};
}
// Step 6: Record KYC Completion On-Chain
const onChainRecord = await recordKYCCompletion(investor.walletAddress, {
verificationDate: Date.now(),
documentHash: hash(docResult.documentData),
facialMatchScore: matchResult.confidence,
screeningHash: hash(screeningResult),
provider: 'JUMIO_SOCURE',
expirationDate: calculateKYCExpiration(docResult),
});
return {
status: 'APPROVED',
kycRecordId: onChainRecord.transactionSignature,
expirationDate: onChainRecord.expirationDate,
verificationDetails: {
documentScore: docResult.overallScore,
livenessScore: 100 - livenessResult.spoofScore,
facialMatchScore: matchResult.confidence,
},
};
}6.2.7 ๐ Verification Status Lifecycle
typescript
// KYC Status Lifecycle
enum KYCStatus {
PENDING = 'PENDING', // Application submitted, not started
IN_PROGRESS = 'IN_PROGRESS', // Verification underway
MANUAL_REVIEW = 'MANUAL_REVIEW', // Requires human review
APPROVED = 'APPROVED', // KYC passed, eligible to invest
REJECTED = 'REJECTED', // KYC failed, not eligible
EXPIRED = 'EXPIRED', // KYC expired, re-verification needed
SUSPENDED = 'SUSPENDED', // Account suspended pending investigation
}
// Status Transition Rules
const validTransitions: Record<KYCStatus, KYCStatus[]> = {
PENDING: ['IN_PROGRESS', 'REJECTED'],
IN_PROGRESS: ['APPROVED', 'REJECTED', 'MANUAL_REVIEW'],
MANUAL_REVIEW: ['APPROVED', 'REJECTED'],
APPROVED: ['EXPIRED', 'SUSPENDED'],
REJECTED: ['PENDING'], // Can reapply
EXPIRED: ['IN_PROGRESS'], // Re-verification
SUSPENDED: ['APPROVED', 'REJECTED'], // After investigation
};6.3 ๐๏ธ Accreditation Status Determination
The OTCM Portal implements dual-pathway accredited investor verification pursuant to SEC Regulation D Rule 506(c) requirements, enabling both third-party professional confirmation and self-certification subject to audit review.
6.3.1 ๐ Regulatory Requirements
๐ 17 CFR 230.506(c) โ Accredited Investor Verification
In offerings conducted under Rule 506(c), issuers must take 'reasonable steps to verify' that purchasers are accredited investors. Verification methods include: (1) income verification through IRS forms, (2) net worth verification through asset statements, (3) written confirmation from registered broker-dealer, investment adviser, licensed attorney, or CPA.
Unlike Rule 506(b) offerings where issuer may rely on investor representations, Rule 506(c) requires affirmative verification through documented methods, justifying general solicitation privileges.
6.3.2 ๐ Accredited Investor Categories
Category | Qualification Criteria | Verification Method |
|---|---|---|
๐ต Income (Individual) | $200,000+ annual income in each of last 2 years with reasonable expectation of same | Tax returns, W-2s, 1099s, or CPA letter |
๐ซ Income (Joint) | $300,000+ joint income with spouse in each of last 2 years with reasonable expectation | Joint tax returns or CPA letter |
๐ฐ Net Worth | $1,000,000+ net worth excluding value of primary residence (individual or joint with spouse) | Bank/brokerage statements, property appraisals |
๐ Professional Certification | Hold in good standing: Series 7 (General Securities), Series 65 (Investment Adviser), or Series 82 (Private Placement) | FINRA BrokerCheck verification |
๐ Knowledgeable Employee | Director, executive officer, or general partner of issuer OR employee participating in investments of issuer with appropriate knowledge | Employment verification letter |
๐ฆ Entity - Bank/Insurance | Bank, insurance company, registered investment company, business development company, or small business investment company | Regulatory registration verification |
๐ข Entity - Assets | Entity with $5,000,000+ in total assets not formed for specific purpose of acquiring securities offered | Audited financial statements |
๐จโ๐ฉโ๐งโ๐ฆ Family Office | Family office with $5,000,000+ in AUM not formed for specific purpose of acquiring securities offered | AUM verification, entity documents |
6.3.3 โ Third-Party Verification Pathway
The preferred verification pathway involves third-party professional confirmation from qualified professionals:
typescript
// Third-Party Verification Interface
interface ThirdPartyAccreditationVerification {
/**
* Verification pathway utilizing third-party professionals
* as permitted under 17 CFR 230.506(c)
*/
pathway: 'THIRD_PARTY';
// Verifier information
verifier: {
type: 'RIA' | 'CPA' | 'ATTORNEY' | 'BROKER_DEALER';
name: string;
licenseNumber: string;
licensingAuthority: string; // e.g., 'SEC', 'State Bar of California'
firmName: string;
firmAddress: string;
contactPhone: string;
contactEmail: string;
};
// Attestation details
attestation: {
date: Date;
accreditationMethod: 'INCOME' | 'NET_WORTH' | 'PROFESSIONAL' | 'ENTITY';
verificationPeriod: { // Time period reviewed
start: Date;
end: Date;
};
documentsReviewed: string[]; // e.g., ['Tax Return 2023', 'Tax Return 2024']
attestationStatement: string;
};
// Document evidence
attestationLetter: {
documentHash: string; // SHA-256 hash
uploadTimestamp: Date;
fileSize: number;
mimeType: 'application/pdf';
};
// Verification status
status: 'PENDING' | 'VERIFIED' | 'REJECTED';
expirationDate: Date; // Typically 90 days from verification
// On-chain record
onChainRecord: {
transactionSignature: string;
blockHeight: number;
recordTimestamp: Date;
};
}Acceptable third-party verifiers include:
Verifier Type | Description |
|---|---|
๐ Registered Investment Advisers (RIAs) | SEC or state-registered investment advisers with fiduciary duty |
๐ Certified Public Accountants (CPAs) | Licensed accounting professionals in good standing |
โ๏ธ Securities Attorneys | Attorneys in good standing specializing in securities law |
๐ฆ FINRA-Registered Broker-Dealers | Broker-dealer firms registered with FINRA |
6.3.4 ๐ Self-Certification Pathway
For investors unable to obtain third-party verification, the Portal enables self-certification subject to enhanced review and audit procedures:
typescript
// Self-Certification Interface
interface SelfCertificationAccreditation {
/**
* Self-certification pathway with enhanced scrutiny
* Subject to audit review confirming consistency
*/
pathway: 'SELF_CERTIFICATION';
// Certification details
certification: {
date: Date;
method: 'INCOME' | 'NET_WORTH' | 'PROFESSIONAL';
selfDeclaredValues: {
// For income method
annualIncome?: {
year1: number;
year2: number;
expectedCurrent: number;
};
// For net worth method
netWorth?: {
totalAssets: number;
totalLiabilities: number;
primaryResidenceValue: number; // Excluded
netWorthExcludingResidence: number;
};
};
};
// Required supporting documents
supportingDocuments: {
required: [
'BANK_STATEMENTS_3_MONTHS',
'BROKERAGE_STATEMENTS_3_MONTHS',
];
optional: [
'TAX_RETURNS_2_YEARS', // Strongly recommended
'PROPERTY_VALUATIONS', // If net worth claim
'BUSINESS_FINANCIALS', // If business income
];
uploadedDocuments: {
documentType: string;
documentHash: string;
uploadTimestamp: Date;
}[];
};
// Consistency validation (ML-powered)
consistencyAnalysis: {
liquidAssetsDetected: number; // From bank/brokerage statements
incomePatternDetected: number; // From deposit patterns
consistentWithClaim: boolean;
confidenceScore: number; // 0-100
flags: string[]; // Any inconsistencies
};
// Audit risk assessment
auditRisk: {
priority: 'LOW' | 'MEDIUM' | 'HIGH';
factors: string[];
nextAuditDate?: Date;
};
// Legal acknowledgments
acknowledgments: {
perjuryWarning: boolean; // 'I understand false statements may result in...'
rescissionRisk: boolean; // 'I understand investment may be rescinded if...'
auditConsent: boolean; // 'I consent to audit of accreditation status...'
signatureTimestamp: Date;
signatureHash: string;
};
}โ ๏ธ Audit Risk: Self-certified investors are subject to random audit review. Inconsistencies between self-certified status and demonstrated liquid assets trigger manual compliance review and potential investment rescission. False certification constitutes securities fraud.
6.3.5 ๐ฅ Non-Accredited Investor Pathways
For investors unable to satisfy accreditation requirements, the Portal enables participation through Regulation A+ Tier 2 offerings:
๐ 15 U.S.C. Section 77b(b) and 17 CFR Section 230.251
Regulation A+ Tier 2 permits offerings up to $75,000,000 annually to both accredited and non-accredited investors, subject to investment limits for non-accredited investors.
Investor Type | Annual Investment Limit | Calculation Basis |
|---|---|---|
๐๏ธ Accredited Investor | UNLIMITED | No limit applies |
๐ค Non-Accredited Individual | 10% of greater of: | Annual income OR net worth |
๐ Example: $80K income, $150K NW | $15,000/year | 10% ร $150K (greater of two) |
6.3.6 โฑ๏ธ Accreditation Expiration & Renewal
Accreditation status is not permanent and requires periodic renewal:
Type | Validity | Notes |
|---|---|---|
โ Standard Expiration | 90 days from date of third-party verification | โ |
๐ Self-Certification | 90 days, subject to earlier audit-triggered review | โ |
๐ Professional Certification | Valid while license remains in good standing | Verified monthly via FINRA BrokerCheck |
๐ Renewal Process | Same verification requirements as initial accreditation | Prior accreditation does not expedite process |
6.4 ๐ต๏ธ Automated AML Screening
The OTCM Portal integrates with blockchain analytics providers to implement comprehensive anti-money laundering screening, analyzing 200+ transaction features to identify suspicious activity patterns and ensure compliance with Bank Secrecy Act requirements.
6.4.1 ๐ 200+ Feature Risk Analysis
The AML screening system analyzes over 200 distinct features across six primary categories:
Category | Features Analyzed | Feature Count |
|---|---|---|
๐ฅ Wallet Clustering | Graph analysis of funding sources, common ownership patterns, coordinated behavior, entity resolution | 45+ |
โฑ๏ธ Temporal Patterns | Transaction timing analysis, velocity patterns, burst detection, scheduling regularity, time-of-day anomalies | 35+ |
๐ฐ Volume Analysis | Transaction amounts, cumulative volumes, structuring detection, round number analysis, threshold avoidance | 30+ |
๐ Mixing Detection | Tornado Cash exposure, CoinJoin detection, cross-chain bridges, privacy protocol usage, peeling chains | 25+ |
๐ฆ Exchange Patterns | CEX/DEX interaction, KYC exchange usage, non-KYC exchange exposure, nested exchange detection | 35+ |
๐จ Criminal Database | Known ransomware addresses, darknet markets, fraud rings, stolen fund tracing, exploit proceeds | 30+ |
๐ TOTAL FEATURES | Comprehensive behavioral and exposure analysis | 200+ |
6.4.2 ๐งฎ Risk Scoring Model
Each investor and transaction receives a composite risk score based on weighted feature analysis:
typescript
// AML Risk Scoring Model
interface AMLRiskAssessment {
// Composite risk score (0-100)
overallRiskScore: number;
// Category-level scores
categoryScores: {
walletClustering: number; // 0-100, weight: 25%
temporalPatterns: number; // 0-100, weight: 15%
volumeAnalysis: number; // 0-100, weight: 15%
mixingExposure: number; // 0-100, weight: 20%
exchangePatterns: number; // 0-100, weight: 10%
criminalDatabase: number; // 0-100, weight: 15%
};
// Risk classification
riskTier: 'LOW' | 'MEDIUM' | 'HIGH' | 'SEVERE';
// Specific flags triggered
triggeredFlags: {
flag: string;
severity: 'INFO' | 'WARNING' | 'CRITICAL';
description: string;
evidence: string[];
}[];
// Recommended action
recommendedAction: 'AUTO_APPROVE' | 'ENHANCED_REVIEW' | 'MANUAL_REVIEW' | 'AUTO_REJECT' | 'SAR_REQUIRED';
}
// Risk Tier Thresholds
const RISK_THRESHOLDS = {
LOW: { min: 0, max: 30, action: 'AUTO_APPROVE' },
MEDIUM: { min: 31, max: 50, action: 'ENHANCED_REVIEW' },
HIGH: { min: 51, max: 70, action: 'MANUAL_REVIEW' },
SEVERE: { min: 71, max: 100, action: 'AUTO_REJECT' },
};Score | Risk Tier | โ๏ธ Automated Action | ๐ Follow-Up Required |
|---|---|---|---|
๐ข 0-30 | LOW | Auto-approve | None |
๐ก 31-50 | MEDIUM | Approve + Enhanced monitoring | Quarterly review |
๐ 51-70 | HIGH | Hold for manual review | Analyst review within 24h |
๐ด 71-100 | SEVERE | Auto-reject + Account freeze | SAR filing evaluation |
6.4.3 ๐๏ธ Real-Time Transaction Monitoring
The Portal implements real-time monitoring of all investor transactions post-issuance:
typescript
// Transaction Monitoring Configuration
interface TransactionMonitoringConfig {
// Real-time triggers (per-transaction)
realTimeRules: {
// Large transaction alert
largeTransactionThreshold: number; // $10,000 USD equivalent
// Rapid succession detection
rapidSuccession: {
transactionCount: number; // 3+ transactions
timeWindowMinutes: number; // within 10 minutes
};
// Structuring detection
structuringDetection: {
targetThreshold: number; // $10,000 (CTR threshold)
toleranceRange: { min: number; max: number }; // $9,000 - $9,999
transactionCount: number; // 2+ transactions in range
timeWindowHours: number; // within 24 hours
};
// Round number detection
roundNumberAlert: {
enabled: boolean;
threshold: number; // e.g., $5,000+
consecutiveCount: number; // 3+ round amounts
};
};
// Batch analysis (daily)
batchRules: {
velocityAnalysis: boolean; // Transaction frequency vs baseline
peerGroupComparison: boolean; // Deviation from similar investors
geographicAnomalies: boolean; // Unusual IP/location patterns
networkAnalysis: boolean; // New connections to flagged wallets
behaviorProfiling: boolean; // Deviation from established pattern
};
}6.4.4 ๐จ Suspicious Activity Detection
The system identifies suspicious activity patterns that may indicate money laundering, fraud, or sanctions evasion:
Pattern | Description |
|---|---|
๐ Structuring | Breaking transactions into smaller amounts to avoid reporting thresholds |
๐ Layering | Rapid movement of funds through multiple addresses to obscure origin |
โก Velocity Anomalies | Sudden increase in transaction frequency or volume |
๐ Geographic Inconsistencies | Transactions from unusual locations or VPN usage |
๐ฅ Coordinated Activity | Multiple accounts acting in concert |
๐จ Criminal Exposure | Transactions with addresses associated with known criminal activity |
6.4.5 ๐ SAR Filing Automation
When suspicious activity is detected, the Portal automates Suspicious Activity Report filing with FinCEN:
๐ 31 CFR ยง 1010.320 โ SAR Filing Requirements
Financial institutions must file SARs for transactions involving $5,000 or more if the institution knows, suspects, or has reason to suspect the transaction involves funds derived from illegal activity, is designed to evade reporting requirements, or has no lawful purpose.
typescript
// SAR Filing Automation
async function evaluateSARRequirement(
investor: Investor,
suspiciousActivity: SuspiciousActivityDetection
): Promise<SARFilingResult> {
// Evaluate SAR filing criteria
const sarCriteria = {
amountThreshold: suspiciousActivity.totalAmount >= 5000,
suspiciousPattern: suspiciousActivity.patternConfidence >= 70,
criminalExposure: suspiciousActivity.criminalExposure > 0,
structuringDetected: suspiciousActivity.structuringScore >= 50,
sanctionsRisk: suspiciousActivity.sanctionsRisk > 0,
};
const requiresSAR = Object.values(sarCriteria).some(c => c === true);
if (requiresSAR) {
// Build SAR report
const sarReport: SARReport = {
filingInstitution: {
name: 'OTCM Protocol, Inc.',
ein: 'XX-XXXXXXX',
address: '...',
},
subjectInformation: {
name: investor.legalName,
address: investor.residentialAddress,
identificationNumber: investor.kycDocumentNumber,
walletAddresses: investor.associatedWallets,
},
suspiciousActivity: {
dateRange: suspiciousActivity.dateRange,
totalAmount: suspiciousActivity.totalAmount,
activityType: suspiciousActivity.activityTypes,
narrative: generateSARNarrative(suspiciousActivity),
},
transactionDetails: suspiciousActivity.transactions,
};
// Submit to FinCEN BSA E-Filing
const filingResult = await fincenAPI.submitSAR(sarReport);
// Record SAR filing on-chain (hash only, not content)
await recordSARFiling(investor.walletAddress, {
filingDate: Date.now(),
bsaId: filingResult.bsaId,
reportHash: hash(sarReport),
// Note: SAR content is confidential and not stored on-chain
});
return {
filed: true,
bsaId: filingResult.bsaId,
filingDate: new Date(),
};
}
return { filed: false, reason: 'SAR criteria not met' };
}6.4.6 โ๏ธ Account Freezing Procedures
When high-risk activity is detected, accounts may be frozen pending investigation:
Freeze Type | Trigger | Resolution |
|---|---|---|
โธ๏ธ Temporary Hold | Risk score 51-70, pending review | 24-hour analyst review; auto-release if cleared |
๐ Investigation Freeze | Risk score 71+, SAR filed | Frozen until investigation complete; compliance team decision |
๐จ Regulatory Freeze | OFAC match, law enforcement request | Frozen indefinitely; regulatory/legal authorization required to release |
6.5 ๐ Global Investor Eligibility
The OTCM Portal accommodates global investor participation while implementing jurisdiction-based restrictions to ensure compliance with US sanctions laws and international AML standards.
6.5.1 ๐ Regulation S Framework
The Portal enables non-US national investor participation through the Regulation S framework:
๐ 17 CFR Section 230.903 โ Regulation S Offshore Transactions
Permits securities offerings to foreign persons in offshore transactions without SEC registration, provided (1) no directed selling efforts in the United States, (2) the issuer reasonably believes all offerees are outside the United States, and (3) appropriate offering restrictions are implemented.
typescript
// Regulation S Compliance Interface
interface RegulationSCompliance {
// Offshore transaction requirements
offeringLocation: 'OFFSHORE'; // Must be outside United States
buyerLocation: string; // Non-US jurisdiction
sellerLocation: string; // Any jurisdiction
// No directed selling efforts
directedSellingEfforts: {
usMediaAdvertising: false; // No US media advertising
usDirectedWebsite: false; // No targeting of US IPs
usRoadshows: false; // No US investor meetings
usBrokerEngagement: false; // No US broker solicitation
};
// Buyer certification requirements
buyerCertification: {
nonUSPersonCertification: boolean; // Required
residencyVerification: {
method: 'DOCUMENT' | 'IP_GEOLOCATION' | 'BOTH';
verificationDate: Date;
documentType?: string;
ipCountry?: string;
};
};
// Distribution compliance (Category 3 - Equity)
distributionCompliance: {
restrictionPeriod: 40; // 40-day distribution compliance period
flowbackRestriction: boolean; // Prevents immediate US resale
legendRequirement: boolean; // Restrictive legend on certificates
distributorAgreement: boolean; // Written agreements with distributors
};
// OFAC compliance (required regardless of Reg S)
ofacCompliance: {
sdnScreeningPassed: boolean;
sanctionedCountryCheck: boolean;
screeningTimestamp: Date;
};
}6.5.2 ๐ซ Prohibited Jurisdictions
The Portal implements absolute restrictions preventing investor participation from jurisdictions subject to comprehensive US sanctions:
Jurisdiction | Sanctions Program | CFR Reference | Status |
|---|---|---|---|
๐ฎ๐ท Iran | Iranian Transactions & Sanctions Regulations | 31 CFR Part 560 | ๐ด PROHIBITED |
๐ฐ๐ต North Korea | North Korea Sanctions Regulations | 31 CFR Part 510 | ๐ด PROHIBITED |
๐ธ๐พ Syria | Syrian Sanctions Regulations | 31 CFR Part 542 | ๐ด PROHIBITED |
๐จ๐บ Cuba | Cuban Assets Control Regulations | 31 CFR Part 515 | ๐ด PROHIBITED |
๐ด Crimea Region | Ukraine-Related Sanctions (SSIDES) | 31 CFR Part 589 | ๐ด PROHIBITED |
6.5.3 โ ๏ธ FATF High-Risk Handling
Jurisdictions designated as high-risk by the Financial Action Task Force (FATF) receive enhanced due diligence:
Measure | Description |
|---|---|
๐ชช Enhanced KYC | Additional documentation and verification requirements beyond standard KYC |
๐ฐ Mandatory Source of Funds | Detailed source of funds documentation with supporting evidence |
๐๏ธ Enhanced Monitoring | Lower thresholds for transaction alerts and more frequent review |
๐ Senior Approval | Manual compliance officer approval required before investment eligibility confirmed |
๐ Regular Review | Quarterly re-verification of investor status and activity |
6.5.4 ๐ Regulation A+ Tier 2 for Non-Accredited
For global non-accredited investors, the Portal implements Regulation A+ Tier 2 investment limits:
Parameter | Specification |
|---|---|
๐ฐ Offering Limit | Up to $75,000,000 annually per issuer |
๐ค Non-Accredited Limit | 10% of greater of annual income or net worth |
๐ SEC Qualification | Requires SEC Form 1-A qualification |
๐ Ongoing Reporting | Semi-annual (Form 1-SA) and annual (Form 1-K) reports required |
6.5.5 ๐ Country-Specific Requirements
The Portal implements country-specific additional requirements as needed:
Jurisdiction | Additional Requirements |
|---|---|
๐ช๐บ European Union | MiCA compliance evaluation; GDPR data handling; EU retail investment limits where applicable |
๐ฌ๐ง United Kingdom | FCA promotional restrictions; certified/sophisticated investor classification |
๐ธ๐ฌ Singapore | MAS accredited investor status verification; SFA compliance |
๐จ๐ฆ Canada | Provincial securities law compliance; accredited investor or private issuer exemption verification |
6.6 ๐ง Portal Technical Architecture
This section details the technical implementation of the OTCM Issuers Portal, including system components, API specifications, security architecture, and performance metrics.
6.6.1 ๐๏ธ System Components
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ฅ๏ธ CLIENT LAYER โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ ๐ข Issuer โ โ ๐ฅ Investorโ โ ๐ง Admin โ โ ๐ฑ Mobile โ โ
โ โ Web โ โ Portal โ โ Console โ โ Apps โ โ
โ โ Dashboard โ โ (React) โ โ (React) โ โ (React Nat) โ โ
โ โ (React) โ โ โ โ โ โ โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ช API GATEWAY โ
โ (AWS API Gateway / Cloudflare) โ
โ Rate Limiting | DDoS Protection | SSL Termination โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ๏ธ APPLICATION LAYER โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Node.js / TypeScript API โ โ
โ โ (Express / Fastify) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโ โ
โ โ ๐ชช KYC โ โ ๐๏ธ Accred โ โ ๐ต๏ธ AML โ โ ๐ Report โ โ
โ โ Service โ โ Service โ โ Service โ โ Service โ โ
โ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ โ
โผ โผ โผ
โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ
โ ๐๏ธ PostgreSQL โ โ โก Redis โ โ โ๏ธ Solana โ
โ (User Data) โ โ (Cache) โ โ RPC โ
โ โ โ โ โ (Blockchain) โ
โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ6.6.2 ๐ API Specifications
typescript
// Core API Endpoints
// ๐ชช KYC Module
POST /api/v1/kyc/initiate // Start KYC process
POST /api/v1/kyc/document/upload // Upload ID document
POST /api/v1/kyc/liveness/start // Start liveness check
GET /api/v1/kyc/status/:investorId // Get KYC status
POST /api/v1/kyc/address/verify // Submit address proof
// ๐๏ธ Accreditation Module
POST /api/v1/accreditation/third-party // Submit third-party verification
POST /api/v1/accreditation/self-cert // Submit self-certification
GET /api/v1/accreditation/status/:id // Get accreditation status
POST /api/v1/accreditation/renewal // Renew expiring accreditation
// ๐ต๏ธ AML Module
GET /api/v1/aml/risk-score/:walletAddress // Get wallet risk score
POST /api/v1/aml/screen // Initiate AML screening
GET /api/v1/aml/monitoring/:investorId // Get monitoring alerts
// ๐ข Issuer Dashboard
GET /api/v1/issuer/investors // List all investors
GET /api/v1/issuer/analytics // Token analytics
GET /api/v1/issuer/compliance-report // Compliance summary
// ๐ฅ Investor Portal
GET /api/v1/investor/profile // Get investor profile
GET /api/v1/investor/investments // List investments
POST /api/v1/investor/invest // Initiate investment6.6.3 ๐ Security Architecture
The Portal implements enterprise-grade security across all layers:
Layer | Security Measure |
|---|---|
๐ Encryption at Rest | AES-256 encryption for all stored data |
๐ Encryption in Transit | TLS 1.3 for all API communications |
๐ Authentication | OAuth 2.0 + JWT with hardware key support (WebAuthn) |
๐ฏ Authorization | Role-based access control (RBAC) with least-privilege principles |
๐ Audit Logging | Immutable audit trail for all actions with cryptographic signatures |
๐ Penetration Testing | Quarterly third-party penetration testing |
6.6.4 ๐ Performance Specifications
Metric | ๐ฏ Target | โ Current |
|---|---|---|
โฑ๏ธ API Response Time (p95) | <200ms | 145ms |
๐ชช KYC Verification Time | <60 seconds | 42 seconds avg |
๐ข System Uptime | 99.9% | 99.97% |
๐ฅ Concurrent Users | 10,000+ | 25,000+ tested |
๐ต๏ธ AML Screening Latency | <500ms | 350ms avg |
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ยฉ 2025 OTCM Protocol, Inc. | All Rights Reserved