Skip to main content

⚖️ Section 11: Regulatory Compliance Framework

⚖️ OTCM Protocol's comprehensive legal framework — Securities Act compliance, Exchange Act obligations, Transfer Agent regulations, AML/BSA requirements, and immutable audit trail architecture.

🏛️ 11.0 SEC Digital Securities Classification (March 17, 2026)

On March 17, 2026, the U.S. Securities and Exchange Commission and the Commodity Futures Trading Commission jointly issued an interpretation (Release No. 33-11412) establishing a formal taxonomy for crypto assets under federal securities law. The interpretation defines "Digital Securities (or tokenized securities)" as:

"Financial instruments enumerated in the definition of 'security' that is formatted as or represented by a crypto asset, where the record of ownership is maintained in whole or in part on or through one or more crypto networks."

ST22 Security Tokens satisfy every element of this definition:

Definition Element

ST22 Token Implementation

Financial instrument enumerated as a "security"

Series M Preferred Shares — registered equity securities of OTC microcap issuers, constituting securities under Section 2(a)(1) of the Securities Act of 1933

Formatted as or represented by a crypto asset

Each Series M share is represented 1:1 by one ST22 token minted on Solana using the SPL Token-2022 standard

Record of ownership maintained on a crypto network

Ownership recorded on Solana blockchain (notification layer) with Empire Stock Transfer maintaining the authoritative master securityholder file per SEC Category 1 Model B

This classification is the primary regulatory authority governing all ST22 Digital Securities offerings and trading on CEDEX. All exemptions and compliance frameworks in this Section 11 operate within — and are validated by — this formal Digital Securities taxonomy.

✅ 11.1 Securities Act of 1933 Compliance

🔹 11.1.1 Regulatory Foundation

Pursuant to 15 U.S.C. Section 77a et seq. (Securities Act of 1933), any offer or sale of securities within the United States requires either SEC registration or an applicable exemption. OTCM Protocol explicitlyoperates structuresin the "Digital Securities (tokenized securities)" category established by the SEC's March 17, 2026 interpretation (Release No. 33-11412). ST22 tokens asare securitiesDigital offerings,Securities relyingby upondesign, utilizing established exemptions ratherto thandeliver attemptinginstitutional-grade regulatorytokenized arbitrageequity orto circumvention.verified accredited investors.

📋 15 U.S.C. § 77e — Prohibitions Relating to Interstate Commerce and the Mails

It shall be unlawful for any person, directly or indirectly, to make use of any means or instruments of transportation or communication in interstate commerce or of the mails to sell a security unless a registration statement is in effect as to such security, or the security or transaction is exempt from registration.

"OTCM Protocol embraces securities regulation rather than attempting to circumvent it. ST22 tokens are securities by design, utilizing established exemptions that have enabled capital formation for decades."

This compliance-first approach provides several strategic advantages:

🔹 11.1.2 Regulation D Rule 506(c) Implementation

The primary exemption utilized for ST22 Digital Securities offerings is Regulation D Rule 506(c), which permits unlimited-dollar offerings to verified accredited investors with general solicitation:

📋 17 CFR Section 230.506(c) — Conditions to be Met in Offerings Subject to Limitation on Manner of Offering

An issuer may offer and sell securities pursuant to section 4(a)(2) of the Securities Act if: (1) The issuer is not a disqualified issuer under § 230.506(d); (2) All purchasers of securities are accredited investors; (3) The issuer takes reasonable steps to verify that purchasers are accredited investors.

Requirement

OTCM Implementation

Accredited Investors Only

Portal verifies accreditation through third-party verification (RIA,RIA CPA,· attorney,CPA · attorney · broker-dealer) or self-certification with enhanced scrutiny

Reasonable Verification Steps

Tax returns,returns · bank statements,statements · third-party letters,letters · FINRA BrokerCheck;BrokerCheck · method documented on-chain

General Solicitation Permitted

Marketing through websites,websites · social media,media · digital advertising,advertising · public events; no restriction on investor outreach channelsevents

Bad Actor Disqualification

Pre-issuance screening of issuer,issuer officers,· directors,officers · directors · 20%+ shareholders against SEC disqualification events

Form D Filing

Filed with SEC within 15 days of first sale;sale · annual amendments required;required · state blue sky filings coordinated

Offering Amount

Unlimited — no cap on total offering size or individual investment amounts

Resale Restrictions

Securities are "restricted securities" under Rule 144;144 · resale requires exemption or registration

// Rule 506(c) Offering Structure (TypeScript)

interface Rule506cOffering {

// Offering identification

offeringId: string;

issuerId: string;

formDFileNumber: string;

// Regulatory classification

exemption: {

type: 'RULE_506C';

cfrReference: '17 CFR 230.506(c)';

generalSolicitationPermitted: true;

accreditedInvestorsOnly: true;

verificationRequired: true;

};

// Bad actor check

badActorCheck: {

completed: boolean;

checkDate: Date;

coveredPersons: CoveredPerson[];

disqualifyingEvents: DisqualifyingEvent[]; // Empty if clear

status: 'CLEAR' | 'DISQUALIFIED' | 'WAIVER_GRANTED';

};

// Verification method tracking

verificationMethods: {

income: {

documentsRequired: ['TAX_RETURN_Y1', 'TAX_RETURN_Y2'];

thirdPartyVerifier?: string;

};

netWorth: {

documentsRequired: ['ASSET_STATEMENT', 'LIABILITY_STATEMENT'];

excludePrimaryResidence: true;

};

professional: {

licenses: ['SERIES_7', 'SERIES_65', 'SERIES_82'];

finraVerification: boolean;

};

};

// Form D filing

formD: {

initialFilingDate: Date;

firstSaleDate: Date;

amendmentDates: Date[];

totalAmountSold: number;

totalNumberInvestors: number;

};

}

🔹 11.1.3 Rule 506(c) vsvs. 506(b) Comparison

OTCM Protocol exclusively utilizes Rule 506(c) rather than Rule 506(b) to enable general solicitation while maintaining full regulatory compliance:

Feature

Rule 506(b)

Rule 506(c)

General Solicitation

PROHIBITED

PERMITTED

Non-Accredited Investors

Up to 35 permitted

NOT PERMITTED

Verification Required

Self-certification OK

Reasonable steps required

Offering Amount

Unlimited

Unlimited

Form D Required

Yes

Yes

💡 Strategic Choice: 506(c)

OTCM Protocol uses 506(c) exclusively because general solicitation is essential for digital marketing, social media outreach, and public awareness campaigns. The verification burden is offset by automated third-party verification through the Issuers Portal.

🔹 11.1.4 Section 4(a)(1) Exemption

📋 15 U.S.C. Section 77d(a)(1) — Exempted Transactions

The provisions of section 77e of this title shall not apply to transactions by any person other than an issuer, underwriter, or dealer.

ST22 primary offerings utilize Section 4(a)(1) structure enabling issuing companies to distribute Digital Securities tokens directly to investors through portal infrastructure without intermediary broker-dealer involvement:

  • Direct Distribution: Issuers distribute tokens directly to investors via Portal
  • No Broker-Dealer: Eliminates BD commission structure (typically 5-10%)
  • Portal as Technology: OTCM Portal provides technology infrastructure, not broker services
  • Issuer Control: Companies maintain control over their capital raise

// Section 4(a)(1) Distribution Structure

interface Section4a1Distribution {

/**

  • Section 4(a)(1) permits transactions by persons other than
  • issuers, underwriters, or dealers without registration

*/

distributionType: 'DIRECT_ISSUER_TO_INVESTOR';

// No broker-dealer involvement

brokerDealer: null;

// Issuer distributes directly

distributor: {

type: 'ISSUER';

companyName: string;

cik: string;

};

// Portal provides technology only

portalRole: {

type: 'TECHNOLOGY_PLATFORM';

services: [

'KYC_VERIFICATION',

'ACCREDITATION_VERIFICATION',

'TRANSACTION_PROCESSING',

'COMPLIANCE_RECORDKEEPING',

];

isBrokerDealer: false;

earnsCommission: false;

};

// Fee structure (flat, not commission-based)

fees: {

mintingFee: '$1,000 - 000–$25,000'; // One-time

transactionFee: '5% of volume'; // Protocol fee, not broker commission

};

}

🔹 11.1.5 Regulation A+ Tier 2 Framework

For offerings targeting non-accredited investors, OTCM Protocol implements Regulation A+ Tier 2 compliance:

📋 17 CFR Section 230.251 — Scope of Exemption

Regulation A provides an exemption from registration for certain securities offerings. Tier 2 permits offerings up to $75,000,000 in any 12-month period to both accredited and non-accredited investors.

Requirement

OTCM Implementation

Annual Offering Limit

$75,000,000 maximum per 12-month period per issuer

Non-Accredited Limit

10% of greater of annual income or net worth (Portal enforces)

SEC Qualification

Form 1-A filing with SEC qualification required before sales

Ongoing Reporting

Semi-annual (Form 1-SA), · Annual (Form 1-K), · Current (Form 1-U)

Financial Statements

Audited financial statements required (GAAP or IFRS)

State Preemption

State blue sky registration preempted (except notice filings)

🔹 11.1.6 Regulation S Offshore Transactions

For non-USU.S. investor participation, OTCM Protocol implements Regulation S compliance:

📋 17 CFR Section 230.903 — Conditions to be Met

Securities offered or sold in an offshore transaction are not subject to the registration requirements of section 5 of the Act if (1) the offer or sale is made in an offshore transaction; (2) no directed selling efforts are made in the United States; and (3) applicable conditions are satisfied.

// Regulation S Structure

interface RegulationSOffering {

// Offshore transaction requirements

offshoreTransaction: {

buyerLocation: string; // Non-US jurisdiction

noUSPersonPurchasers: boolean;

transactionExecutedOffshore: boolean;

};

// No directed selling efforts

directedSellingEfforts: {

usMediaAdvertising: boolean; // Must be false

usTargetedWebsite: boolean; // Must be false

usInvestorMeetings: boolean; // Must be false

};

// Category determination

category: 'CATEGORY_1' | 'CATEGORY_2' | 'CATEGORY_3';

// Distribution compliance period (Category 3 - Equity)

distributionCompliance: {

period: 40; // 40 days for equity

flowbackRestriction: boolean;

legendRequired: boolean;

distributorCertification: boolean;

};

// Buyer certification

buyerCertification: {

nonUSPersonCertified: boolean;

residencyVerified: boolean;

verificationMethod: 'DOCUMENT' | 'IP_GEOLOCATION' | 'BOTH';

};

}

🔹 11.1.7 Form D Filing Requirements

SEC Form D filings are required for all Rule 506(c) offerings:

Filing Type

Requirement

Deadline

Initial Form D

File with SEC EDGAR system disclosing offering details

15 days after first sale

Amendment

Update total amount sold,sold · investor count,count · material changes

Annual

State Notice Filing

File in states where investors reside (varies by state)

15-15–30 days

🔹 11.1.8 Information Provision Requirements

OTCM Protocol implements comprehensive disclosure through on-chain information provision:

  • Quarterly Reports:Reports — 10-Q equivalent reports published on-chain within 45 days of quarter end
  • Annual Reports:Reports — 10-K equivalent reports published on-chain within 90 days of fiscal year end
  • Current Reports:Reports — 8-K equivalent reports for material events within 4 business days
  • Financial Statements:Statements — Audited annual financials (GAAP or IFRS)
  • Risk Factors:Factors — Comprehensive risk disclosure updated quarterly

// Issuer Disclosure Requirements

interface IssuerDisclosure {

// Quarterly disclosure (10-Q equivalent)

quarterlyReports: {

frequency: 'QUARTERLY';

deadline: '45_DAYS_AFTER_QUARTER_END';

contents: [

'FINANCIAL_STATEMENTS',

'MD&A',

'RISK_FACTORS_UPDATE',

'CAPITALIZATION_TABLE',

];

format: 'PDF_AND_STRUCTURED_DATA';

storageLocation: 'IPFS_WITH_ONCHAIN_HASH';

};

// Annual disclosure (10-K equivalent)

annualReports: {

frequency: 'ANNUAL';

deadline: '90_DAYS_AFTER_FISCAL_YEAR_END';

auditRequired: true;

auditStandard: 'PCAOB' | 'AICPA';

};

// Current reports (8-K equivalent)

currentReports: {

triggeringEvents: [

'MATERIAL_ACQUISITION_DISPOSITION',

'BANKRUPTCY_RECEIVERSHIP',

'CHANGE_IN_CONTROL',

'EXECUTIVE_OFFICER_CHANGE',

'MATERIAL_IMPAIRMENT',

];

deadline: '4_BUSINESS_DAYS';

};

}

✅ 11.2 Securities Exchange Act of 1934 Compliance

🔹 11.2.1 Exchange Act Overview

Pursuant to 15 U.S.C. Section 78a et seq., the Securities Exchange Act of 1934 regulates secondary trading of securities, including antifraud provisions, disclosure requirements, and market manipulation prohibitions. CEDEX achieves Exchange Act compliance through a portal-integrated regulatory framework.

📋 15 U.S.C. § 78j — Manipulative and Deceptive Devices

It shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce or of the mails, or of any facility of any national securities exchange, to use or employ, in connection with the purchase or sale of any security, any manipulative or deceptive device or contrivance.

🔹 11.2.2 Rule 10b-5 Antifraud Provisions

OTCM Protocol implements Rule 10b-5 compliance through unprecedented on-chain transparency:

📋 17 CFR 240.10b-5 — Employment of Manipulative and Deceptive Devices

It shall be unlawful for any person: (a) To employ any device, scheme, or artifice to defraud; (b) To make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading;fact; or (c) To engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person.

10b-5 Element

OTCM Protocol Implementation

(a) No Fraudulent Schemes

All transactions recorded immutably on Solana blockchain;blockchain · no hidden order books;books · complete price discovery transparency

(b) No Material Misstatements

Issuer disclosures hashed and stored on-chain;chain · cannot be altered after publication;publication · timestamp proves publication date

(c) No Fraudulent Acts

Transfer Hooks enforce compliance rules automatically;automatically · smart contract constraints prevent manipulative trading patterns

// Rule 10b-5 Compliance Implementation

interface Rule10b5Compliance {

/**

  • 10b-5 compliance through on-chain transparency

*/

// (a) No fraudulent schemes

transparencyMeasures: {

allTransactionsOnChain: true;

publicOrderBook: true; // No hidden orders

realTimePriceDiscovery: true;

noFrontRunning: true; // Transfer Hooks prevent

};

// (b) No material misstatements

disclosureIntegrity: {

disclosuresHashedOnChain: true;

immutableAfterPublication: true;

timestampProof: true;

contentAddressableStorage: 'IPFS';

};

// (c) No fraudulent acts

tradingConstraints: {

priceImpactCircuitBreaker: {

enabled: true;

maxImpact: 200;200 }; // 2% max price impact

};

volumeConstraints: {

enabled: true;

dailyLimit: true;

true

};

washTradingDetection: {

enabled: true;

selfTradeBlocked: true;

true

};

};

}

🔹 11.2.3 Rule 10b-5(b) Manipulative Trading Prevention

CEDEX implements multiple layers of manipulative trading prevention through smart contract constraints:

  • Price Impact Circuit Breaker:Breaker — 2% maximum price impact per transaction prevents sudden price manipulation
  • Volume Detection:Detection — Unusual volume patterns trigger enhanced monitoring and potential circuit breaker
  • Wash Trading Prevention:Prevention — Self-trades blocked;blocked · coordinated trading detected through wallet clustering
  • Front-Running Protection:Protection — Transfer Hooks execute before trade completion;completion · no advance knowledge available
  • Spoofing Detection:Detection — Order cancellation patterns analyzed;analyzed · suspicious patterns flagged

🔹 11.2.4 Rule 13d-3 Beneficial Ownership Disclosure

OTCM Protocol implements beneficial ownership disclosure through public on-chain registries:

📋 17 CFR 240.13d-3 — Determination of Beneficial Owner

A beneficial owner of a security includes any person who, directly or indirectly, has or shares: (1) Voting power, including the power to vote or direct the voting of such security;power; and/or (2) Investmentinvestment power, including the power to dispose or direct the disposition of such security.

// Beneficial Ownership Disclosure

interface BeneficialOwnershipDisclosure {

// 5% threshold monitoring

thresholdMonitoring: {

threshold: 500; // 5% in basis points

monitoringFrequency: 'REAL_TIME';

automaticAlert: true;

};

// Disclosure triggers

disclosureTriggers: [

'CROSS_5_PERCENT', // Initial 5% crossing

'CROSS_10_PERCENT', // Major holder status

'MATERIAL_CHANGE', // 1%+ change

'CHANGE_IN_INTENT', // Passive vs active intent

];

// On-chain registry

publicRegistry: {

data: {

walletAddress: Pubkey;

percentOwnership: number;

lastUpdateTimestamp: i64;

disclosureType: 'SCHEDULE_13D' | 'SCHEDULE_13G';

filingStatus: 'CURRENT' | 'AMENDMENT_REQUIRED';

}[];

accessLevel: 'PUBLIC';

updateFrequency: 'EACH_BLOCK';

};

//filingAssistance: Automatic{
    filingschedule13DTemplate:     assistanceboolean;
    schedule13GTemplate:     boolean;
    edgarFilingIntegration:  boolean;
    deadlineReminders:       boolean;
  };
}

filingAssistance: {

schedule13DTemplate: boolean;

schedule13GTemplate: boolean;

edgarFilingIntegration: boolean;

deadlineReminders: boolean;

};

}

🔹 11.2.5 CEDEX Exchange Act Positioning

CEDEX operates as a protocol-level matching engine rather than a registered securities exchange, achieving this positioning through the following architectural decisions:exchange:

Characteristic

Registered Exchange

CEDEX Protocol

Order Book Custody

Exchange holds orders

Users maintain custody

Membership

Membership required

Permissionless access

Matching Engine

Centralized server

Smart contract AMM

Operation

Human discretion

Autonomous execution

Trading Hours

Limited hours

24/7/365

🔹 11.2.6 Section 12(g) Registration Considerations

Section 12(g) of the Exchange Act requires registration for issuers with total assets exceeding $10 million and a class of equity securities held by 2,000 or more persons (or 500 non-accredited investors). OTCM Protocol addresses this through:

  • Accredited Investor Focus:Focus — Rule 506(c) offerings limited to accredited investors
  • Investor Count Monitoring:Monitoring — Portal tracks holder count against 12(g) thresholds
  • Voluntary Registration Support:Support — Portal assists issuers who choose or are required to register
  • Rule 12g-4 Exit Procedures:Procedures — Guidance for deregistration when thresholds no longer met

🏦 11.3 Transfer Agent Regulation

🔹 11.3.1 Transfer Agent Requirements

Pursuant to 17 CFR Section 240.17a-1 et seq., transfer agents must be registered with the SEC and maintain comprehensive recordkeeping, reporting, and custody standards. OTCM Protocol integrates with Empire Stock Transfer to satisfy all transfer agent requirements.

📋 17 CFR 240.17Ad-2 — Turnaround, Processing, and Forwarding of Items

Every registered transfer agent shall (1) turnaround at least 90% of items within three business days and (2) process or reject items received in proper form within 30 days.

🔹 11.3.2 Empire Stock Transfer Partnership

Empire Stock Transfer provides SEC-registered transfer agent services for all ST22 issuers:

Service

Description & Implementation

SEC Registration

Registered transfer agent under Section 17A of the Securities Exchange Act;Act · subject to SEC examination

Physical Custody

All Series M preferred share certificates stored in bank-grade vault facilities with dual-control access,access · 24/7 monitoring,monitoring and· $50M insurance coverage

Shareholder Registry

Official registry recording beneficial owners,owners · wallet addresses,addresses · share quantities;quantities · real-time updates synchronizedsync with blockchain

Attestation Oracle

Real-time cryptographic attestations of custody balance published on-chain every Solana slot (~400ms) for Transfer Hook verification

Audit & Reporting

Monthly independent audits with results published on-chain;chain · monthly TA-1 filings submitted to SEC;SEC · annual Form TA-2 filing

🔹 11.3.3 Series M Preferred Share Custody

The custody architecture for Series M preferred shares follows institutional standards:

// Series M Custody Architecture

interface SeriesMCustody {

/**

  • Empire Stock Transfer custody of Series M preferred shares
  • backing all ST22 tokens

*/

// Physical custody

physicalStorage: {

location: 'BANK_GRADE_VAULT';

accessControl: 'DUAL_CONTROL'; // Two authorized persons required

monitoring: '24_7_SURVEILLANCE';

insurance: {

coverageAmount: 50_000_000; // $50M

carrier: string;

policyNumber: string;

};

};

// Certificate details

certificateDetails: {

issuer: string;

shareClass: 'SERIES_M_PREFERRED';

cusip: string;

totalSharesIssued: number;

parValue: number;

certificateNumbers: string[];

};

// 1:1 backing verification

backingVerification: {

totalSharesCustodied: number;

totalST22Circulating: number;

discrepancy: number; // Should be 0

maxAllowedDiscrepancy: 0.0001; // 0.01% tolerance

lastVerification: Date;

verificationFrequency: 'EVERY_400MS'; // Each Solana slot

};

// Redemption capability

redemptionProcess: {

enabled: boolean;

minimumRedemption: number;

processingTime: '3_5_BUSINESS_DAYS';

deliveryMethod: 'DRS' | 'PHYSICAL_CERTIFICATE';

};

}

🔹 11.3.4 Shareholder Registry Architecture

The shareholder registry maintains authoritative records synchronized with on-chain token balances:

// Shareholder Registry Structure

interface ShareholderRegistry {

// Registry entry for each beneficial owner

entries: {

// Shareholder identification

shareholderId: string;

legalName: string;

taxId: string; // SSN/EIN (encrypted)

address: string;

// Ownership details

shareQuantity: number;

shareClass: 'SERIES_M_PREFERRED';

acquisitionDate: Date;

certificateNumbers?: string[];

// Blockchain linkage

walletAddress: Pubkey;

tokenBalance: number; // ST22 Digital Securities tokens

lastSyncTimestamp: Date;

syncStatus: 'SYNCED' | 'PENDING' | 'DISCREPANCY';

// Compliance status

kycStatus: 'VERIFIED' | 'PENDING' | 'EXPIRED';

accreditationStatus: 'ACCREDITED' | 'NON_ACCREDITED' | 'PENDING';

accreditationExpiration?: Date;

}[];

// Registry reconciliation

reconciliation: {

lastReconciliation: Date;

frequency: 'REAL_TIME';

totalShareholderCount: number;

totalSharesOutstanding: number;

discrepancies: Discrepancy[];

};

}

🔹 11.3.5 Monthly Audit and Reporting

Independent audits occur monthly with results published on-chain for public verification:

// Monthly Audit Report Structure

interface MonthlyAuditReport {

// Audit period

auditPeriod: {

startDate: Date;

endDate: Date;

};

// Independent auditor

auditor: {

firmName: string;

auditorName: string;

license: string;

signature: Ed25519Signature;

};

// Share reconciliation

shareReconciliation: {

physicalCertificatesHeld: number;

registrySharesRecorded: number;

tokensCirculating: number;

discrepancy: number;

discrepancyExplanation?: string;

status: 'RECONCILED' | 'DISCREPANCY_NOTED';

};

// Registry accuracy

registryAudit: {

totalBeneficialOwners: number;

recordsSampled: number;

recordsReconciled: number;

discrepanciesFound: number;

accuracyRate: number; // Target: 100%

};

// Custody verification

custodyVerification: {

physicalInspectionCompleted: boolean;

certificatesAccountedFor: boolean;

vaultSecurityConfirmed: boolean;

insuranceVerified: boolean;

};

// On-chain publication

onChainRecord: {

transactionSignature: string;

blockHeight: number;

ipfsHash: string; // Full report stored on IPFS

reportHash: string; // SHA-256 of report content

};

}

🔹 11.3.6 SEC Filing Requirements

Empire Stock Transfer maintains all required SEC filings:

Filing

Description

Frequency

Form TA-1

Transfer agent registration;registration · updates for material changes

As needed

Form TA-2

Annual report of transfer agent activities

Annual

Monthly Report

Transfer activity,activity · registered holders,holders · shares outstanding

Monthly

🔍 11.4 Anti-Money Laundering Framework

OTCM Protocol implements comprehensive AML and KYC mechanisms exceeding statutory minimums,minimums, ensuring institutional-grade compliance with the Bank Secrecy Act, OFAC regulations, and FinCEN requirements.

🔹 11.4.1 Bank Secrecy Act Compliance

📋 31 U.S.C. § 5311 — Declaration of Purpose

It is the purpose of this subchapter to require certain reports or records where they have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities to protect against international terrorism.proceedings.

Requirement

Threshold

Action

CFR Reference

Beneficial Ownership

$10,000+

KYC verification required

31 CFR 1010.230

Currency Transaction

$10,000+

CTR filing with FinCEN

31 CFR 1010.311

Suspicious Activity

$5,000+

SAR filing with FinCEN

31 CFR 1010.320

Foreign Account

$10,000+

FBAR annual reporting

31 CFR 1010.350

🔹 11.4.2 OFAC Sanctions Implementation

Every CEDEX transaction checks both sender and recipient against the current OFAC Specially Designated Nationals (SDN) list:

// OFAC Screening Implementation

interface OFACScreening {

/**

  • OFAC SDN list screening implementation
  • Updated hourly from official OFAC publication

*/

// SDN list integration

sdnList: {

source: 'OFAC_OFFICIAL';

updateFrequency: 'HOURLY';

lastUpdate: Date;

entryCount: number;

cryptoAddressCount: number;

};

// Screening scope

screeningScope: {

directAddressMatch: boolean; // Direct SDN address

clusterAnalysis: boolean; // Related wallets

fundingSourceAnalysis: boolean; // Upstream exposure

transactionCounterparty: boolean; // Downstream exposure

};

// Screening execution

screeningExecution: {

timing: 'PRE_TRANSACTION';

blockingBehavior: 'AUTOMATIC_BLOCK';

appealProcess: 'NONE'; // Must resolve with OFAC directly

};

// Comprehensive sanctions programs

sanctionsPrograms: [

'IRAN', // 31 CFR Part 560

'NORTH_KOREA', // 31 CFR Part 510

'SYRIA', // 31 CFR Part 542

'CUBA', // 31 CFR Part 515

'CRIMEA', // 31 CFR Part 589

'RUSSIA', // 31 CFR Part 589

'VENEZUELA', // 31 CFR Part 591

];

}

🔹 11.4.3 FinCEN Integration

The Portal integrates directly with FinCEN's BSA E-Filing System for automated regulatory submissions:

  • BSA E-Filing:Filing — Direct API integration for SAR and CTR submission
  • FinCEN Form 114 (FBAR): — Annual filing for foreign financial accounts exceeding $10,000
  • Beneficial Ownership Information:Information — BOI reporting for corporate entities
  • Response to Law Enforcement:Enforcement — 314(a) and 314(b) information sharing

🔹 11.4.4 SAR Filing Automation

📋 31 CFR § 1010.320 — Reports by Financial Institutions of Suspicious Transactions

A financial institution shall file a SAR with FinCEN for any suspicious transaction relevant to a possible violation of law or regulation if the transaction involves funds or other assets of at least $5,000.

// SAR Filing Automation

interface SARFilingAutomation {

// SAR filing triggers

filingTriggers: {

minimumAmount: 5000; // $5,000 threshold

suspiciousIndicators: [

'STRUCTURING_DETECTED',

'HIGH_RISK_SCORE', // AML score > 70

'SANCTIONS_ADJACENT', // Near-SDN exposure

'CRIMINAL_EXPOSURE', // Darknet,Darknet ransomware,· ransomware · etc.

'UNUSUAL_PATTERN', // Deviation from baseline

];

};

// SAR content

sarContent: {

subjectInformation: SubjectInfo;

suspiciousActivityDescription: string;

transactionDetails: Transaction[];

narrativeExplanation: string;

supportingDocumentation: string[];

};

// Filing process

filingProcess: {

reviewPeriod: '30_DAYS_FROM_DETECTION';

filingDeadline: '30_DAYS_FROM_DETERMINATION';

extensionAvailable: '30_DAY_EXTENSION';

filingMethod: 'FINCEN_BSA_EFILING';

};

// Confidentiality

confidentiality: {

tippingOffProhibited: true;

safeHarborProtection: true;

recordRetention: '5_YEARS';

};

}

🔹 11.4.5 Currency Transaction Reporting

Currency Transaction Reports (CTRs) are filed automatically for qualifying transactions:

// CTR Filing Structure

interface CTRFiling {

// Filing threshold

threshold: {

amount: 10000; // $10,000

currency: 'USD_EQUIVALENT';

aggregation: 'SAME_DAY_MULTIPLE_TRANSACTIONS';

};

// CTR content (FinCEN Form 104)

reportContent: {

transactorIdentification: {

name: string;

address: string;

ssn: string;

dob: Date;

idType: string;

idNumber: string;

};

transactionDetails: {

date: Date;

amount: number;

transactionType: 'DEPOSIT' | 'WITHDRAWAL' | 'EXCHANGE';

};

filingInstitution: InstitutionInfo;

};

// Filing timeline

timeline: {

filingDeadline: '15_CALENDAR_DAYS';

filingMethod: 'FINCEN_BSA_EFILING';

};

}

🔹 11.4.6 Enhanced Due Diligence Procedures

Enhanced due diligence (EDD) applies to high-risk customers and transactions:

EDD Trigger

Additional Requirements

Politically Exposed Person (PEP)

Senior management approval,approval · enhanced source of funds,funds · ongoing monitoring

High-Risk Jurisdiction

Additional documentation,documentation · purpose of account verification,verification · transaction limits

Complex Structure

Beneficial ownership traced to ultimate individual,individual · structure justification

High-Volume Trading

Wealth verification,verification · source of funds documentation,documentation · trading rationale

8.5 Immutable Compliance Records

The OTCM Portal records all compliance determinations immutably on the Solana blockchain with cryptographic signatures, enabling a permanent audit trail that regulatory inspectors can verify independently without relying on company-maintained records.

🔹 1.5.1 CEDEX — Layer 5 (See Section 5)

"SEC inspectors can directly verify compliance procedures through blockchain inspection without relying on company-maintained records subject to alteration risk."

// Immutable Compliance Record Architecture
┌---┐
│                  IMMUTABLE COMPLIANCE RECORD ARCHITECTURE               │
└---┘
┌---┐
│                    COMPLIANCE EVENT OCCURS                          │
│   (KYC Verification, Accreditation, AML Screening, Transaction)     │
└---┬---┘
│
▼
┌---┐
│                     RECORD GENERATION                               │
│  • Hash sensitive data (documents, PII)                             │
│  • Create compliance record with metadata                           │
│  • Sign with compliance officer Ed25519 key                         │
└---┬---┘
│
┌---┼---┐
│                       │                       │
▼                       ▼                       ▼
┌---┐      ┌---┐      ┌---┐
│   SOLANA      │      │     IPFS      │      │   ENCRYPTED   │
│  BLOCKCHAIN   │      │   STORAGE     │      │   DATABASE    │
│               │      │               │      │               │
│ • Record hash │      │ • Full docs   │      │ • PII data    │
│ • Timestamp   │      │ • Reports     │      │ • KYC docs    │
│ • Signature   │      │ • Audit logs  │      │ • Tax forms   │
│ • IPFS hash   │      │               │      │               │
└---┘      └---┘      └---┘
│                       │                       │
└---┼---┘
│
▼
┌---┐
│                    VERIFICATION CAPABILITIES                        │
│  • Timestamp proof via Solana slot                                  │
│  • Content integrity via SHA-256 hash                               │
│  • Officer authorization via Ed25519 signature                      │
│  • Document retrieval via IPFS hash                                 │
└---┘

🔹 11.5.2 Compliance Record Data Structures

// Compliance Record Data Structures

interface ComplianceRecord {

/**

  • On-chain compliance record structure
  • Provides immutable audit trail for regulatory verification

*/

// Record identification

recordId: string; // Unique identifier

recordType: ComplianceRecordType;

timestamp: i64; // Unix timestamp

solanaSlot: u64; // Blockchain slot (timestamp anchor)

// Subject identification

subject: {

walletAddress: Pubkey;

investorId: string; // Internal reference

issuerId?: string; // If issuer-related

};

// Compliance determination

determination: {

status: 'APPROVED' | 'REJECTED' | 'PENDING_REVIEW' | 'EXPIRED';

reasonCode: string;

reasonDescription: string;

reviewerType: 'AUTOMATED' | 'MANUAL';

reviewerId?: string;

};

// Evidence references (hashes only on-chain)

evidenceHashes: {

documentHash?: string; // SHA-256 of KYC documents

screeningHash?: string; // SHA-256 of AML screening result

verificationHash?: string; // SHA-256 of accreditation letter

transactionHash?: string; // SHA-256 of transaction details

};

// IPFS storage references

ipfsReferences: {

fullRecordCid?: string; // Complete record on IPFS

supportingDocsCid?: string; // Supporting documentation

};

// Cryptographic signature

signature: {

algorithm: 'Ed25519';

signerPublicKey: Pubkey; // Compliance officer key

signatureBytes: [u8; 64];

signatureTimestamp: i64;

};

}

enum ComplianceRecordType {

KYC_VERIFICATION = 'KYC_VERIFICATION',

KYC_EXPIRATION = 'KYC_EXPIRATION',

ACCREDITATION_VERIFICATION = 'ACCREDITATION_VERIFICATION',

ACCREDITATION_EXPIRATION = 'ACCREDITATION_EXPIRATION',

AML_SCREENING = 'AML_SCREENING',

AML_ALERT = 'AML_ALERT',

TRANSACTION_AUTHORIZATION = 'TRANSACTION_AUTHORIZATION',

TRANSACTION_BLOCK = 'TRANSACTION_BLOCK',

SAR_FILING_REFERENCE = 'SAR_FILING_REFERENCE',

SANCTIONS_CHECK = 'SANCTIONS_CHECK',

SANCTIONS_BLOCK = 'SANCTIONS_BLOCK',

BENEFICIAL_OWNERSHIP = 'BENEFICIAL_OWNERSHIP',

ACCOUNT_FREEZE = 'ACCOUNT_FREEZE',

ACCOUNT_UNFREEZE = 'ACCOUNT_UNFREEZE',

}

🔹 11.5.3 Regulatory Inspector Access

SEC and other regulatory inspectors can directly verify compliance procedures through multiple access methods:

Access Method

Description

Public Blockchain Explorer

Compliance records viewable through standard Solana explorers (Solscan, Explorer.Solana.com); no special credentials required

Regulatory API

Dedicated API with enhanced query capabilities for bulk compliance verification; authenticated access for authorized regulators

Evidence Retrieval

Document hashes enable verification against off-chain records; IPFS retrieval for full documents; hash comparison proves integrity

Timeline Reconstruction

Complete chronological history of any investor's compliance journey; all state transitions recorded with timestamps

Compliance Dashboard

Web-based dashboard for regulators with export capabilities; aggregated compliance metrics; alert monitoring

🔹 11.5.4 Cryptographic Proof Standards

Each compliance record includes cryptographic proof enabling independent verification:

// Cryptographic Proof Standards

interface CryptographicProofStandards {

/**

  • Cryptographic standards for compliance verification

*/

// Timestamp proof

timestampProof: {

method: 'SOLANA_SLOT_ANCHOR';

precision: '~400ms'; // Slot time

verifiability: 'BLOCKCHAIN_CONSENSUS';

tamperResistance: 'CRYPTOGRAPHICALLY_GUARANTEED';

};

// Document integrity proof

documentIntegrity: {

hashAlgorithm: 'SHA-256';

collisionResistance: '2^128'; // Security level

verification: 'RECOMPUTE_AND_COMPARE';

};

// Authorization proof

authorizationProof: {

signatureAlgorithm: 'Ed25519';

keySize: 256; // bits

publicKeyOnChain: true;

verification: 'SIGNATURE_VERIFICATION';

};

// Chain of custody proof

chainOfCustody: {

linkage: 'PREVIOUS_RECORD_HASH';

sequencing: 'SOLANA_SLOT_ORDER';

gapDetection: 'SEQUENCE_ANALYSIS';

};

}

Proof Element

Standard

Verification Method

Timestamp

Solana slot number

Slot anchored to network consensus; ~400ms precision

Document Hash

SHA-256

Recompute hash of original document; compare to on-chain

Signature

Ed25519

Verify signature against known compliance officer public key

Chain of Custody

Linked records

Verify complete history with no gaps via sequence analysis

🔹 11.5.5 Record Retention Requirements

OTCM Protocol maintains compliance records in accordance with regulatory retention requirements:

  • KYC Records: 5 years after account closure (31 CFR 1010.430)
  • Transaction Records: 5 years from transaction date
  • SAR Records: 5 years from filing date (confidential)
  • CTR Records: 5 years from filing date
  • Accreditation Records: Duration of investment plus 5 years
  • Blockchain Permanence: On-chain records retained indefinitely by network design ✓ Regulatory Advantage

Unlike traditional compliance records maintained in company databases (subject to alteration, loss, or destruction), OTCM's on-chain records are immutable by design. Regulators need not trust the company—they can independently verify compliance through blockchain inspection with cryptographic certainty.

📋 11.5 Immutable Audit Trail

🔹 1.5.1 CEDEX — Layer 5 (See Section 5)

Every ST22 tokenDigital Securities transfer, compliance verification event, and Transfer Hook execution generates an immutable on-chain record.record. These records cannot be altered, deleted, or selectively disclosed — they exist permanently on the Solana blockchain and are accessible to any regulatory inspector with the appropriate wallet address or block explorer access.

OTCM's audit trail exceeds SEC Rule 17a-4 requirements for electronic records retention by providing cryptographic proof of every compliance decision at transaction level.

"SEC inspectors can directly verify compliance procedures through blockchain inspection without relying on company-maintained records subject to alteration risk."

🔹 11.5.21 On-Chain Compliance RecordRecords Databy StructuresType

Record Type

On-Chain Data

Retention

Transfer Hook execution

Hook ID,ID result,· timestamp,result · timestamp · wallet addresses

Permanent (Solana ledger)

KYC verification event

Hash of verification result,result timestamp,· timestamp · provider

Permanent (Solana ledger)

OFAC screening result

Screening timestamp,timestamp · result code,code · SDN list version

Permanent (Solana ledger)

AML risk score

Risk score bucket,bucket timestamp,· timestamp · transaction hash

Permanent (Solana ledger)

Circuit breaker activation

Trigger condition,condition · TWAP at trigger,trigger · recovery time

Permanent (Solana ledger)

🔹 11.5.2 Compliance Record Data Structure

interface ComplianceRecord {
  recordId:    string;
  recordType:  ComplianceRecordType;
  timestamp:   i64;   // Unix timestamp
  solanaSlot:  u64;   // Blockchain slot anchor (~400ms precision)

  subject: {
    walletAddress: Pubkey;
    investorId:    string;
    issuerId?:     string;
  };

  determination: {
    status:             'APPROVED' | 'REJECTED' | 'PENDING_REVIEW' | 'EXPIRED';
    reasonCode:         string;
    reasonDescription:  string;
    reviewerType:       'AUTOMATED' | 'MANUAL';
  };

  evidenceHashes: {
    documentHash?:    string;   // SHA-256 of KYC documents
    screeningHash?:   string;   // SHA-256 of AML screening result
    verificationHash?: string;  // SHA-256 of accreditation letter
    transactionHash?: string;   // SHA-256 of transaction details
  };

  ipfsReferences: {
    fullRecordCid?:      string;  // Complete record on IPFS
    supportingDocsCid?:  string;
  };

  signature: {
    algorithm:         'Ed25519';
    signerPublicKey:   Pubkey;
    signatureBytes:    [u8; 64];
    signatureTimestamp: i64;
  };
}

enum ComplianceRecordType {
  KYC_VERIFICATION         = 'KYC_VERIFICATION',
  KYC_EXPIRATION           = 'KYC_EXPIRATION',
  ACCREDITATION_VERIFICATION = 'ACCREDITATION_VERIFICATION',
  ACCREDITATION_EXPIRATION = 'ACCREDITATION_EXPIRATION',
  AML_SCREENING            = 'AML_SCREENING',
  AML_ALERT                = 'AML_ALERT',
  TRANSACTION_AUTHORIZATION = 'TRANSACTION_AUTHORIZATION',
  TRANSACTION_BLOCK        = 'TRANSACTION_BLOCK',
  SAR_FILING_REFERENCE     = 'SAR_FILING_REFERENCE',
  SANCTIONS_CHECK          = 'SANCTIONS_CHECK',
  SANCTIONS_BLOCK          = 'SANCTIONS_BLOCK',
  BENEFICIAL_OWNERSHIP     = 'BENEFICIAL_OWNERSHIP',
  ACCOUNT_FREEZE           = 'ACCOUNT_FREEZE',
  ACCOUNT_UNFREEZE         = 'ACCOUNT_UNFREEZE',
}

🔹 11.5.3 Regulatory Inspector Access

OTCM Protocol provides SEC, FINRA, and FinCEN inspectors with dedicated read-only wallet addresses enabling direct on-chain audit access without requiring OTCM Protocol cooperation for data production.

This

Access designMethod

Description

Public isBlockchain intentional:Explorer

Compliance regulatoryrecords inspectionviewable capabilitythrough isSolscan structural,· notExplorer.Solana.com subject· tono companyspecial cooperation.credentials Inspectorrequired

Regulatory API

Dedicated API with enhanced query capabilities for bulk compliance verification · authenticated access documentationfor isauthorized maintainedregulators

Evidence currentRetrieval

Document andhashes providedenable proactivelyverification uponagainst regulatoryoff-chain engagement.records · IPFS retrieval for full documents · hash comparison proves integrity

Timeline Reconstruction

Complete chronological history of any investor's compliance journey · all state transitions recorded with timestamps

Compliance Dashboard

Web-based dashboard with export capabilities · aggregated compliance metrics · alert monitoring

🔹 11.5.4 Cryptographic Proof Standards

EachProof Element

Standard

Verification Method

Timestamp

Solana slot number

Slot anchored to network consensus · ~400ms precision

Document Hash

SHA-256

Recompute hash of original document · compare to on-chain

Signature

Ed25519

Verify signature against known compliance officer public key

Chain of Custody

Linked records

Verify complete history with no gaps via sequence analysis

🔹 11.5.5 Record Retention Requirements

Record Type

Retention Period

Regulatory Basis

KYC Records

5 years after account closure

31 CFR 1010.430

Transaction Records

5 years from transaction date

BSA

SAR Records

5 years from filing date (confidential)

31 CFR 1010.430

CTR Records

5 years from filing date

31 CFR 1010.430

Accreditation Records

Duration of investment + 5 years

Reg D

Blockchain Records

Permanent — by network design

Solana ledger

Regulatory Advantage: Unlike traditional compliance records maintained in company databases (subject to alteration, loss, or destruction), OTCM's on-chain records are immutable by design. Regulators need not trust the company — they can independently verify compliance recordthrough isblockchain signedinspection with OTCM Protocol's program keypair, providing cryptographic non-repudiation.certainty.

Records cannot be backdated, altered post-execution, or selectively omitted. Third-party verification of any compliance record requires only the Solana block hash and the transaction signature — no OTCM cooperation required.

⚠️ 11.6 Regulatory Risk Matrix

This section provides a comprehensive regulatory risk assessment for OTCM Protocol operations:

Regulatory Area

Risk Level

Mitigation

Status

Digital Securities Classification

🟢 LOW

Formally classified under SEC Release No. 33-11412

Confirmed March 17, 2026

Securities Classification

🟢 LOW

Explicit securities structure

Designed as securitiesDigital Securities from inception

Accreditation Verification

🟢 LOW

Third-party verification

Automated verification workflow

Transfer Agent Compliance

🟢 LOW

Empire Stock Transfer

SEC-registered partner

AML/KYC Compliance

🟢 LOW

Exceeds BSA minimums

Chainalysis,Chainalysis TRM,· TRM · FinCEN integration

OFAC Sanctions

🟢 LOW

Real-time SDN screening

Transfer Hook enforcement

Exchange Act Compliance

🟡 MEDIUM

Protocol positioning

Decentralized AMM structure

State Blue Sky

🟢 LOW

506(c) preemption

Federal preemption of state reg

International Compliance

🟡 MEDIUM

Reg S + jurisdiction restrictions

Country-specific compliance

💡 Overall Regulatory Risk Assessment

Assessment:

OTCM Protocol's compliance-first designdesign, combined with formal Digital Securities classification under SEC Release No. 33-11412 (March 17, 2026), results in LOW overall regulatory risk.risk. The explicit securities structure, established exemptions, SEC-registered transfer agent partnership, and comprehensive AML framework provide strongthe strongest regulatory foundation.foundation available for a tokenized securities platform. Medium risks in Exchange Act positioning and international compliance are actively managed through ongoing legal counsel engagement.

Groovy Company, Inc. dba OTCM Protocol · Wyoming Corporation · invest@otcm.io · otcm.io

Back to top