⚖️ Section 11: Regulatory Compliance Framework
⚖️ OTCM Protocol's comprehensive legal framework — Securities Act compliance, Exchange Act obligations, Transfer Agent regulations, AML/BSA requirements, and immutable audit trail architecture.
🏛️ 11.0 SEC Digital Securities Classification (March 17, 2026)
On March 17, 2026, the U.S. Securities and Exchange Commission and the Commodity Futures Trading Commission jointly issued an interpretation (Release No. 33-11412) establishing a formal taxonomy for crypto assets under federal securities law. The interpretation defines "Digital Securities (or tokenized securities)" as:
"Financial instruments enumerated in the definition of 'security' that is formatted as or represented by a crypto asset, where the record of ownership is maintained in whole or in part on or through one or more crypto networks."
ST22 Security Tokens satisfy every element of this definition:
Definition Element | ST22 Token Implementation |
|---|---|
Financial instrument enumerated as a "security" | Series M Preferred Shares — registered equity securities of OTC microcap issuers, constituting securities under Section 2(a)(1) of the Securities Act of 1933 |
Formatted as or represented by a crypto asset | Each Series M share is represented 1:1 by one ST22 token minted on Solana using the SPL Token-2022 standard |
Record of ownership maintained on a crypto network | Ownership recorded on Solana blockchain (notification layer) with Empire Stock Transfer maintaining the authoritative master securityholder file per SEC Category 1 Model B |
This classification is the primary regulatory authority governing all ST22 Digital Securities offerings and trading on CEDEX. All exemptions and compliance frameworks in this Section 11 operate within — and are validated by — this formal Digital Securities taxonomy.
✅ 11.1 Securities Act of 1933 Compliance
🔹 11.1.1 Regulatory Foundation
Pursuant to 15 U.S.C. Section 77a et seq. (Securities Act of 1933), any offer or sale of securities within the United States requires either SEC registration or an applicable exemption. OTCM Protocol operates in the "Digital Securities (tokenized securities)" category established by the SEC's March 17, 2026 interpretation (Release No. 33-11412). ST22 tokens are Digital Securities by design, utilizing established exemptions to deliver institutional-grade tokenized equity to verified accredited investors.
📋 15 U.S.C. § 77e — Prohibitions Relating to Interstate Commerce and the Mails It shall be unlawful for any person, directly or indirectly, to make use of any means or instruments of transportation or communication in interstate commerce or of the mails to sell a security unless a registration statement is in effect as to such security, or the security or transaction is exempt from registration.
This compliance-first approach provides several strategic advantages:
- Legal Certainty — Digital Securities classification under Release No. 33-11412 eliminates regulatory ambiguity
- Investor Protection — Full disclosure requirements protect investors
- Institutional Acceptance — Traditional financial institutions can engage without regulatory risk
- Enforcement Cooperation — Proactive compliance reduces enforcement risk
🔹 11.1.2 Regulation D Rule 506(c) Implementation
The primary exemption utilized for ST22 Digital Securities offerings is Regulation D Rule 506(c), which permits unlimited-dollar offerings to verified accredited investors with general solicitation:
📋 17 CFR Section 230.506(c) — Conditions to be Met in Offerings Subject to Limitation on Manner of Offering An issuer may offer and sell securities pursuant to section 4(a)(2) of the Securities Act if: (1) The issuer is not a disqualified issuer under § 230.506(d); (2) All purchasers of securities are accredited investors; (3) The issuer takes reasonable steps to verify that purchasers are accredited investors.
Requirement | OTCM Implementation |
|---|---|
Accredited Investors Only | Portal verifies accreditation through third-party verification (RIA · CPA · attorney · broker-dealer) or self-certification with enhanced scrutiny |
Reasonable Verification Steps | Tax returns · bank statements · third-party letters · FINRA BrokerCheck · method documented on-chain |
General Solicitation Permitted | Marketing through websites · social media · digital advertising · public events |
Bad Actor Disqualification | Pre-issuance screening of issuer · officers · directors · 20%+ shareholders |
Form D Filing | Filed with SEC within 15 days of first sale · annual amendments required · state blue sky filings coordinated |
Offering Amount | Unlimited — no cap on total offering size or individual investment amounts |
Resale Restrictions | Securities are "restricted securities" under Rule 144 · resale requires exemption or registration |
interface Rule506cOffering {
offeringId: string;
issuerId: string;
formDFileNumber: string;
exemption: {
type: 'RULE_506C';
cfrReference: '17 CFR 230.506(c)';
generalSolicitationPermitted: true;
accreditedInvestorsOnly: true;
verificationRequired: true;
};
badActorCheck: {
completed: boolean;
checkDate: Date;
coveredPersons: CoveredPerson[];
disqualifyingEvents: DisqualifyingEvent[]; // Empty if clear
status: 'CLEAR' | 'DISQUALIFIED' | 'WAIVER_GRANTED';
};
formD: {
initialFilingDate: Date;
firstSaleDate: Date;
amendmentDates: Date[];
totalAmountSold: number;
totalNumberInvestors: number;
};
}🔹 11.1.3 Rule 506(c) vs. 506(b) Comparison
Feature | Rule 506(b) | Rule 506(c) ✅ |
|---|---|---|
General Solicitation | PROHIBITED | PERMITTED |
Non-Accredited Investors | Up to 35 permitted | NOT PERMITTED |
Verification Required | Self-certification OK | Reasonable steps required |
Offering Amount | Unlimited | Unlimited |
Form D Required | Yes | Yes |
💡 Strategic Choice: 506(c) — OTCM Protocol uses 506(c) exclusively because general solicitation is essential for digital marketing, social media outreach, and public awareness campaigns. The verification burden is offset by automated third-party verification through the Issuers Portal.
🔹 11.1.4 Section 4(a)(1) Exemption
📋 15 U.S.C. Section 77d(a)(1) — Exempted Transactions The provisions of section 77e of this title shall not apply to transactions by any person other than an issuer, underwriter, or dealer.
ST22 primary offerings utilize Section 4(a)(1) structure enabling issuing companies to distribute Digital Securities tokens directly to investors without intermediary broker-dealer involvement:
interface Section4a1Distribution {
distributionType: 'DIRECT_ISSUER_TO_INVESTOR';
brokerDealer: null;
distributor: {
type: 'ISSUER';
companyName: string;
cik: string;
};
portalRole: {
type: 'TECHNOLOGY_PLATFORM';
services: [
'KYC_VERIFICATION',
'ACCREDITATION_VERIFICATION',
'TRANSACTION_PROCESSING',
'COMPLIANCE_RECORDKEEPING',
];
isBrokerDealer: false;
earnsCommission: false;
};
fees: {
mintingFee: '$1,000–$25,000'; // One-time
transactionFee: '5% of volume'; // Protocol fee, not broker commission
};
}🔹 11.1.5 Regulation A+ Tier 2 Framework
For offerings targeting non-accredited investors, OTCM Protocol implements Regulation A+ Tier 2 compliance:
📋 17 CFR Section 230.251 — Scope of Exemption Tier 2 permits offerings up to $75,000,000 in any 12-month period to both accredited and non-accredited investors.
Requirement | OTCM Implementation |
|---|---|
Annual Offering Limit | $75,000,000 maximum per 12-month period per issuer |
Non-Accredited Limit | 10% of greater of annual income or net worth (Portal enforces) |
SEC Qualification | Form 1-A filing with SEC qualification required before sales |
Ongoing Reporting | Semi-annual (Form 1-SA) · Annual (Form 1-K) · Current (Form 1-U) |
Financial Statements | Audited financial statements required (GAAP or IFRS) |
State Preemption | State blue sky registration preempted (except notice filings) |
🔹 11.1.6 Regulation S Offshore Transactions
For non-U.S. investor participation, OTCM Protocol implements Regulation S compliance:
📋 17 CFR Section 230.903 — Conditions to be Met Securities offered or sold in an offshore transaction are not subject to the registration requirements of section 5 of the Act if (1) the offer or sale is made in an offshore transaction; (2) no directed selling efforts are made in the United States; and (3) applicable conditions are satisfied.
interface RegulationSOffering {
offshoreTransaction: {
buyerLocation: string; // Non-US jurisdiction
noUSPersonPurchasers: boolean;
transactionExecutedOffshore: boolean;
};
directedSellingEfforts: {
usMediaAdvertising: boolean; // Must be false
usTargetedWebsite: boolean; // Must be false
usInvestorMeetings: boolean; // Must be false
};
category: 'CATEGORY_1' | 'CATEGORY_2' | 'CATEGORY_3';
distributionCompliance: {
period: 40; // 40 days for equity
flowbackRestriction: boolean;
legendRequired: boolean;
distributorCertification: boolean;
};
buyerCertification: {
nonUSPersonCertified: boolean;
residencyVerified: boolean;
verificationMethod: 'DOCUMENT' | 'IP_GEOLOCATION' | 'BOTH';
};
}🔹 11.1.7 Form D Filing Requirements
Filing Type | Requirement | Deadline |
|---|---|---|
Initial Form D | File with SEC EDGAR disclosing offering details | 15 days after first sale |
Amendment | Update total amount sold · investor count · material changes | Annual |
State Notice Filing | File in states where investors reside | 15–30 days |
🔹 11.1.8 Information Provision Requirements
OTCM Protocol implements comprehensive disclosure through on-chain information provision:
- Quarterly Reports — 10-Q equivalent reports published on-chain within 45 days of quarter end
- Annual Reports — 10-K equivalent reports published on-chain within 90 days of fiscal year end
- Current Reports — 8-K equivalent reports for material events within 4 business days
- Financial Statements — Audited annual financials (GAAP or IFRS)
- Risk Factors — Comprehensive risk disclosure updated quarterly
interface IssuerDisclosure {
quarterlyReports: {
frequency: 'QUARTERLY';
deadline: '45_DAYS_AFTER_QUARTER_END';
contents: ['FINANCIAL_STATEMENTS', 'MD&A', 'RISK_FACTORS_UPDATE', 'CAPITALIZATION_TABLE'];
format: 'PDF_AND_STRUCTURED_DATA';
storageLocation: 'IPFS_WITH_ONCHAIN_HASH';
};
annualReports: {
frequency: 'ANNUAL';
deadline: '90_DAYS_AFTER_FISCAL_YEAR_END';
auditRequired: true;
auditStandard: 'PCAOB' | 'AICPA';
};
currentReports: {
triggeringEvents: [
'MATERIAL_ACQUISITION_DISPOSITION',
'BANKRUPTCY_RECEIVERSHIP',
'CHANGE_IN_CONTROL',
'EXECUTIVE_OFFICER_CHANGE',
'MATERIAL_IMPAIRMENT',
];
deadline: '4_BUSINESS_DAYS';
};
}✅ 11.2 Securities Exchange Act of 1934 Compliance
🔹 11.2.1 Exchange Act Overview
Pursuant to 15 U.S.C. Section 78a et seq., the Securities Exchange Act of 1934 regulates secondary trading of securities, including antifraud provisions, disclosure requirements, and market manipulation prohibitions. CEDEX achieves Exchange Act compliance through a portal-integrated regulatory framework.
📋 15 U.S.C. § 78j — Manipulative and Deceptive Devices It shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce or of the mails, or of any facility of any national securities exchange, to use or employ, in connection with the purchase or sale of any security, any manipulative or deceptive device or contrivance.
🔹 11.2.2 Rule 10b-5 Antifraud Provisions
📋 17 CFR 240.10b-5 — Employment of Manipulative and Deceptive Devices It shall be unlawful for any person: (a) To employ any device, scheme, or artifice to defraud; (b) To make any untrue statement of a material fact; or (c) To engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person.
10b-5 Element | OTCM Protocol Implementation |
|---|---|
(a) No Fraudulent Schemes | All transactions recorded immutably on Solana blockchain · no hidden order books · complete price discovery transparency |
(b) No Material Misstatements | Issuer disclosures hashed and stored on-chain · cannot be altered after publication · timestamp proves publication date |
(c) No Fraudulent Acts | Transfer Hooks enforce compliance rules automatically · smart contract constraints prevent manipulative trading patterns |
interface Rule10b5Compliance {
transparencyMeasures: {
allTransactionsOnChain: true;
publicOrderBook: true;
realTimePriceDiscovery: true;
noFrontRunning: true; // Transfer Hooks prevent
};
disclosureIntegrity: {
disclosuresHashedOnChain: true;
immutableAfterPublication: true;
timestampProof: true;
contentAddressableStorage: 'IPFS';
};
tradingConstraints: {
priceImpactCircuitBreaker: { enabled: true; maxImpact: 200 }; // 2%
volumeConstraints: { enabled: true; dailyLimit: true };
washTradingDetection: { enabled: true; selfTradeBlocked: true };
};
}🔹 11.2.3 Rule 10b-5(b) Manipulative Trading Prevention
CEDEX implements multiple layers of manipulative trading prevention through smart contract constraints:
- Price Impact Circuit Breaker — 2% maximum price impact per transaction prevents sudden price manipulation
- Volume Detection — Unusual volume patterns trigger enhanced monitoring and potential circuit breaker
- Wash Trading Prevention — Self-trades blocked · coordinated trading detected through wallet clustering
- Front-Running Protection — Transfer Hooks execute before trade completion · no advance knowledge available
- Spoofing Detection — Order cancellation patterns analyzed · suspicious patterns flagged
🔹 11.2.4 Rule 13d-3 Beneficial Ownership Disclosure
📋 17 CFR 240.13d-3 — Determination of Beneficial Owner A beneficial owner includes any person who, directly or indirectly, has or shares: (1) voting power; and/or (2) investment power, including the power to dispose or direct the disposition of such security.
interface BeneficialOwnershipDisclosure {
thresholdMonitoring: {
threshold: 500; // 5% in basis points
monitoringFrequency: 'REAL_TIME';
automaticAlert: true;
};
disclosureTriggers: [
'CROSS_5_PERCENT',
'CROSS_10_PERCENT',
'MATERIAL_CHANGE', // 1%+ change
'CHANGE_IN_INTENT', // Passive vs active
];
publicRegistry: {
accessLevel: 'PUBLIC';
updateFrequency: 'EACH_BLOCK';
};
filingAssistance: {
schedule13DTemplate: boolean;
schedule13GTemplate: boolean;
edgarFilingIntegration: boolean;
deadlineReminders: boolean;
};
}🔹 11.2.5 CEDEX Exchange Act Positioning
CEDEX operates as a protocol-level matching engine rather than a registered securities exchange:
Characteristic | Registered Exchange | CEDEX Protocol |
|---|---|---|
Order Book Custody | Exchange holds orders | Users maintain custody |
Membership | Membership required | Permissionless access |
Matching Engine | Centralized server | Smart contract AMM |
Operation | Human discretion | Autonomous execution |
Trading Hours | Limited hours | 24/7/365 |
🔹 11.2.6 Section 12(g) Registration Considerations
Section 12(g) of the Exchange Act requires registration for issuers with total assets exceeding $10 million and a class of equity securities held by 2,000 or more persons (or 500 non-accredited investors). OTCM Protocol addresses this through:
- Accredited Investor Focus — Rule 506(c) offerings limited to accredited investors
- Investor Count Monitoring — Portal tracks holder count against 12(g) thresholds
- Voluntary Registration Support — Portal assists issuers who choose or are required to register
- Rule 12g-4 Exit Procedures — Guidance for deregistration when thresholds no longer met
🏦 11.3 Transfer Agent Regulation
🔹 11.3.1 Transfer Agent Requirements
Pursuant to 17 CFR Section 240.17a-1 et seq., transfer agents must be registered with the SEC and maintain comprehensive recordkeeping, reporting, and custody standards. OTCM Protocol integrates with Empire Stock Transfer to satisfy all transfer agent requirements.
📋 17 CFR 240.17Ad-2 — Turnaround, Processing, and Forwarding of Items Every registered transfer agent shall (1) turnaround at least 90% of items within three business days and (2) process or reject items received in proper form within 30 days.
🔹 11.3.2 Empire Stock Transfer Partnership
Service | Description & Implementation |
|---|---|
SEC Registration | Registered transfer agent under Section 17A of the Securities Exchange Act · subject to SEC examination |
Physical Custody | All Series M preferred share certificates stored in bank-grade vault facilities with dual-control access · 24/7 monitoring · $50M insurance coverage |
Shareholder Registry | Official registry recording beneficial owners · wallet addresses · share quantities · real-time sync with blockchain |
Attestation Oracle | Real-time cryptographic attestations of custody balance published on-chain every Solana slot (~400ms) for Transfer Hook verification |
Audit & Reporting | Monthly independent audits published on-chain · monthly TA-1 filings to SEC · annual Form TA-2 filing |
🔹 11.3.3 Series M Preferred Share Custody
interface SeriesMCustody {
physicalStorage: {
location: 'BANK_GRADE_VAULT';
accessControl: 'DUAL_CONTROL'; // Two authorized persons required
monitoring: '24_7_SURVEILLANCE';
insurance: {
coverageAmount: 50_000_000; // $50M
carrier: string;
policyNumber: string;
};
};
certificateDetails: {
issuer: string;
shareClass: 'SERIES_M_PREFERRED';
cusip: string;
totalSharesIssued: number;
parValue: number;
certificateNumbers: string[];
};
backingVerification: {
totalSharesCustodied: number;
totalST22Circulating: number;
discrepancy: number; // Should be 0
maxAllowedDiscrepancy: 0.0001; // 0.01% tolerance
lastVerification: Date;
verificationFrequency: 'EVERY_400MS'; // Each Solana slot
};
redemptionProcess: {
enabled: boolean;
minimumRedemption: number;
processingTime: '3_5_BUSINESS_DAYS';
deliveryMethod: 'DRS' | 'PHYSICAL_CERTIFICATE';
};
}🔹 11.3.4 Shareholder Registry Architecture
interface ShareholderRegistry {
entries: {
// Shareholder identification
shareholderId: string;
legalName: string;
taxId: string; // SSN/EIN (encrypted)
address: string;
// Ownership details
shareQuantity: number;
shareClass: 'SERIES_M_PREFERRED';
acquisitionDate: Date;
certificateNumbers?: string[];
// Blockchain linkage
walletAddress: Pubkey;
tokenBalance: number; // ST22 Digital Securities tokens
lastSyncTimestamp: Date;
syncStatus: 'SYNCED' | 'PENDING' | 'DISCREPANCY';
// Compliance status
kycStatus: 'VERIFIED' | 'PENDING' | 'EXPIRED';
accreditationStatus: 'ACCREDITED' | 'NON_ACCREDITED' | 'PENDING';
accreditationExpiration?: Date;
}[];
reconciliation: {
lastReconciliation: Date;
frequency: 'REAL_TIME';
totalShareholderCount: number;
totalSharesOutstanding: number;
discrepancies: Discrepancy[];
};
}🔹 11.3.5 Monthly Audit and Reporting
interface MonthlyAuditReport {
auditPeriod: { startDate: Date; endDate: Date; };
auditor: {
firmName: string;
auditorName: string;
license: string;
signature: Ed25519Signature;
};
shareReconciliation: {
physicalCertificatesHeld: number;
registrySharesRecorded: number;
tokensCirculating: number;
discrepancy: number;
status: 'RECONCILED' | 'DISCREPANCY_NOTED';
};
registryAudit: {
totalBeneficialOwners: number;
recordsSampled: number;
discrepanciesFound: number;
accuracyRate: number; // Target: 100%
};
custodyVerification: {
physicalInspectionCompleted: boolean;
certificatesAccountedFor: boolean;
vaultSecurityConfirmed: boolean;
insuranceVerified: boolean;
};
onChainRecord: {
transactionSignature: string;
blockHeight: number;
ipfsHash: string; // Full report stored on IPFS
reportHash: string; // SHA-256 of report content
};
}🔹 11.3.6 SEC Filing Requirements
Filing | Description | Frequency |
|---|---|---|
Form TA-1 | Transfer agent registration · updates for material changes | As needed |
Form TA-2 | Annual report of transfer agent activities | Annual |
Monthly Report | Transfer activity · registered holders · shares outstanding | Monthly |
🔍 11.4 Anti-Money Laundering Framework
OTCM Protocol implements comprehensive AML and KYC mechanisms exceeding statutory minimums, ensuring institutional-grade compliance with the Bank Secrecy Act, OFAC regulations, and FinCEN requirements.
🔹 11.4.1 Bank Secrecy Act Compliance
📋 31 U.S.C. § 5311 — Declaration of Purpose It is the purpose of this subchapter to require certain reports or records where they have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings.
Requirement | Threshold | Action | CFR Reference |
|---|---|---|---|
Beneficial Ownership | $10,000+ | KYC verification required | 31 CFR 1010.230 |
Currency Transaction | $10,000+ | CTR filing with FinCEN | 31 CFR 1010.311 |
Suspicious Activity | $5,000+ | SAR filing with FinCEN | 31 CFR 1010.320 |
Foreign Account | $10,000+ | FBAR annual reporting | 31 CFR 1010.350 |
🔹 11.4.2 OFAC Sanctions Implementation
Every CEDEX transaction checks both sender and recipient against the current OFAC Specially Designated Nationals (SDN) list:
interface OFACScreening {
sdnList: {
source: 'OFAC_OFFICIAL';
updateFrequency: 'HOURLY';
lastUpdate: Date;
entryCount: number;
cryptoAddressCount: number;
};
screeningScope: {
directAddressMatch: boolean;
clusterAnalysis: boolean;
fundingSourceAnalysis: boolean;
transactionCounterparty: boolean;
};
screeningExecution: {
timing: 'PRE_TRANSACTION';
blockingBehavior: 'AUTOMATIC_BLOCK';
appealProcess: 'NONE'; // Must resolve with OFAC directly
};
sanctionsPrograms: [
'IRAN', // 31 CFR Part 560
'NORTH_KOREA', // 31 CFR Part 510
'SYRIA', // 31 CFR Part 542
'CUBA', // 31 CFR Part 515
'CRIMEA', // 31 CFR Part 589
'RUSSIA', // 31 CFR Part 589
'VENEZUELA', // 31 CFR Part 591
];
}🔹 11.4.3 FinCEN Integration
The Portal integrates directly with FinCEN's BSA E-Filing System for automated regulatory submissions:
- BSA E-Filing — Direct API integration for SAR and CTR submission
- FinCEN Form 114 (FBAR) — Annual filing for foreign financial accounts exceeding $10,000
- Beneficial Ownership Information — BOI reporting for corporate entities
- Response to Law Enforcement — 314(a) and 314(b) information sharing
🔹 11.4.4 SAR Filing Automation
📋 31 CFR § 1010.320 — Reports by Financial Institutions of Suspicious Transactions A financial institution shall file a SAR with FinCEN for any suspicious transaction relevant to a possible violation of law or regulation if the transaction involves funds or other assets of at least $5,000.
interface SARFilingAutomation {
filingTriggers: {
minimumAmount: 5000; // $5,000 threshold
suspiciousIndicators: [
'STRUCTURING_DETECTED',
'HIGH_RISK_SCORE', // AML score > 70
'SANCTIONS_ADJACENT', // Near-SDN exposure
'CRIMINAL_EXPOSURE', // Darknet · ransomware · etc.
'UNUSUAL_PATTERN', // Deviation from baseline
];
};
filingProcess: {
reviewPeriod: '30_DAYS_FROM_DETECTION';
filingDeadline: '30_DAYS_FROM_DETERMINATION';
extensionAvailable: '30_DAY_EXTENSION';
filingMethod: 'FINCEN_BSA_EFILING';
};
confidentiality: {
tippingOffProhibited: true;
safeHarborProtection: true;
recordRetention: '5_YEARS';
};
}🔹 11.4.5 Currency Transaction Reporting
interface CTRFiling {
threshold: {
amount: 10000; // $10,000
currency: 'USD_EQUIVALENT';
aggregation: 'SAME_DAY_MULTIPLE_TRANSACTIONS';
};
timeline: {
filingDeadline: '15_CALENDAR_DAYS';
filingMethod: 'FINCEN_BSA_EFILING';
};
}🔹 11.4.6 Enhanced Due Diligence Procedures
EDD Trigger | Additional Requirements |
|---|---|
Politically Exposed Person (PEP) | Senior management approval · enhanced source of funds · ongoing monitoring |
High-Risk Jurisdiction | Additional documentation · purpose of account verification · transaction limits |
Complex Structure | Beneficial ownership traced to ultimate individual · structure justification |
High-Volume Trading | Wealth verification · source of funds documentation · trading rationale |
📋 11.5 Immutable Audit Trail
Every ST22 Digital Securities transfer, compliance verification event, and Transfer Hook execution generates an immutable on-chain record. These records cannot be altered, deleted, or selectively disclosed — they exist permanently on the Solana blockchain and are accessible to any regulatory inspector with the appropriate wallet address or block explorer access.
OTCM's audit trail exceeds SEC Rule 17a-4 requirements for electronic records retention by providing cryptographic proof of every compliance decision at transaction level.
"SEC inspectors can directly verify compliance procedures through blockchain inspection without relying on company-maintained records subject to alteration risk."
🔹 11.5.1 On-Chain Compliance Records by Type
Record Type | On-Chain Data | Retention |
|---|---|---|
Transfer Hook execution | Hook ID · result · timestamp · wallet addresses | Permanent (Solana ledger) |
KYC verification event | Hash of verification result · timestamp · provider | Permanent (Solana ledger) |
OFAC screening result | Screening timestamp · result code · SDN list version | Permanent (Solana ledger) |
AML risk score | Risk score bucket · timestamp · transaction hash | Permanent (Solana ledger) |
Circuit breaker activation | Trigger condition · TWAP at trigger · recovery time | Permanent (Solana ledger) |
🔹 11.5.2 Compliance Record Data Structure
interface ComplianceRecord {
recordId: string;
recordType: ComplianceRecordType;
timestamp: i64; // Unix timestamp
solanaSlot: u64; // Blockchain slot anchor (~400ms precision)
subject: {
walletAddress: Pubkey;
investorId: string;
issuerId?: string;
};
determination: {
status: 'APPROVED' | 'REJECTED' | 'PENDING_REVIEW' | 'EXPIRED';
reasonCode: string;
reasonDescription: string;
reviewerType: 'AUTOMATED' | 'MANUAL';
};
evidenceHashes: {
documentHash?: string; // SHA-256 of KYC documents
screeningHash?: string; // SHA-256 of AML screening result
verificationHash?: string; // SHA-256 of accreditation letter
transactionHash?: string; // SHA-256 of transaction details
};
ipfsReferences: {
fullRecordCid?: string; // Complete record on IPFS
supportingDocsCid?: string;
};
signature: {
algorithm: 'Ed25519';
signerPublicKey: Pubkey;
signatureBytes: [u8; 64];
signatureTimestamp: i64;
};
}
enum ComplianceRecordType {
KYC_VERIFICATION = 'KYC_VERIFICATION',
KYC_EXPIRATION = 'KYC_EXPIRATION',
ACCREDITATION_VERIFICATION = 'ACCREDITATION_VERIFICATION',
ACCREDITATION_EXPIRATION = 'ACCREDITATION_EXPIRATION',
AML_SCREENING = 'AML_SCREENING',
AML_ALERT = 'AML_ALERT',
TRANSACTION_AUTHORIZATION = 'TRANSACTION_AUTHORIZATION',
TRANSACTION_BLOCK = 'TRANSACTION_BLOCK',
SAR_FILING_REFERENCE = 'SAR_FILING_REFERENCE',
SANCTIONS_CHECK = 'SANCTIONS_CHECK',
SANCTIONS_BLOCK = 'SANCTIONS_BLOCK',
BENEFICIAL_OWNERSHIP = 'BENEFICIAL_OWNERSHIP',
ACCOUNT_FREEZE = 'ACCOUNT_FREEZE',
ACCOUNT_UNFREEZE = 'ACCOUNT_UNFREEZE',
}🔹 11.5.3 Regulatory Inspector Access
OTCM Protocol provides SEC, FINRA, and FinCEN inspectors with dedicated read-only wallet addresses enabling direct on-chain audit access without requiring OTCM Protocol cooperation for data production.
Access Method | Description |
|---|---|
Public Blockchain Explorer | Compliance records viewable through Solscan · Explorer.Solana.com · no special credentials required |
Regulatory API | Dedicated API with enhanced query capabilities for bulk compliance verification · authenticated access for authorized regulators |
Evidence Retrieval | Document hashes enable verification against off-chain records · IPFS retrieval for full documents · hash comparison proves integrity |
Timeline Reconstruction | Complete chronological history of any investor's compliance journey · all state transitions recorded with timestamps |
Compliance Dashboard | Web-based dashboard with export capabilities · aggregated compliance metrics · alert monitoring |
🔹 11.5.4 Cryptographic Proof Standards
Proof Element | Standard | Verification Method |
|---|---|---|
Timestamp | Solana slot number | Slot anchored to network consensus · ~400ms precision |
Document Hash | SHA-256 | Recompute hash of original document · compare to on-chain |
Signature | Ed25519 | Verify signature against known compliance officer public key |
Chain of Custody | Linked records | Verify complete history with no gaps via sequence analysis |
🔹 11.5.5 Record Retention Requirements
Record Type | Retention Period | Regulatory Basis |
|---|---|---|
KYC Records | 5 years after account closure | 31 CFR 1010.430 |
Transaction Records | 5 years from transaction date | BSA |
SAR Records | 5 years from filing date (confidential) | 31 CFR 1010.430 |
CTR Records | 5 years from filing date | 31 CFR 1010.430 |
Accreditation Records | Duration of investment + 5 years | Reg D |
Blockchain Records | Permanent — by network design | Solana ledger |
✓ Regulatory Advantage: Unlike traditional compliance records maintained in company databases (subject to alteration, loss, or destruction), OTCM's on-chain records are immutable by design. Regulators need not trust the company — they can independently verify compliance through blockchain inspection with cryptographic certainty.
⚠️ 11.6 Regulatory Risk Matrix
Regulatory Area | Risk Level | Mitigation | Status |
|---|---|---|---|
Digital Securities Classification | 🟢 LOW | Formally classified under SEC Release No. 33-11412 | Confirmed March 17, 2026 |
Securities Classification | 🟢 LOW | Explicit securities structure | Designed as Digital Securities from inception |
Accreditation Verification | 🟢 LOW | Third-party verification | Automated verification workflow |
Transfer Agent Compliance | 🟢 LOW | Empire Stock Transfer | SEC-registered partner |
AML/KYC Compliance | 🟢 LOW | Exceeds BSA minimums | Chainalysis · TRM · FinCEN integration |
OFAC Sanctions | 🟢 LOW | Real-time SDN screening | Transfer Hook enforcement |
Exchange Act Compliance | 🟡 MEDIUM | Protocol positioning | Decentralized AMM structure |
State Blue Sky | 🟢 LOW | 506(c) preemption | Federal preemption of state reg |
International Compliance | 🟡 MEDIUM | Reg S + jurisdiction restrictions | Country-specific compliance |
💡 Overall Regulatory Risk Assessment: OTCM Protocol's compliance-first design, combined with formal Digital Securities classification under SEC Release No. 33-11412 (March 17, 2026), results in LOW overall regulatory risk. The explicit securities structure, established exemptions, SEC-registered transfer agent partnership, and comprehensive AML framework provide the strongest regulatory foundation available for a tokenized securities platform. Medium risks in Exchange Act positioning and international compliance are actively managed through ongoing legal counsel engagement.
Groovy Company, Inc. dba OTCM Protocol · Wyoming Corporation · invest@otcm.io · otcm.io